Close

0131 510 1234

Author Archive for: Neil Douglas

Data Privacy Day 2019
by

Data Privacy Day 2019

Data privacy. Take a second to think about these two important words and what they mean. More than merely a buzzword for the new millennium, data privacy impacts all our lives in a connected world, especially in the workplace.

Since the implementation of GDPR, the stakes are much higher for organisations that don’t take data protection as seriously as they should. A recent example of a company falling foul of GDPR is Google, recently fined £44m by French data regulators CNIL for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”. Although Google hasn’t experienced a data breach – the charge is related to consent.

Why data protection matters

The workplace has been transformed in the past decade. We are all more connected digitally on social media apps such as LinkedIn, Facebook and Twitter. Online services such as banking apps, Netflix and Amazon store our financial details on cloud servers. Add a massive increase in computer savvy criminals to the mix and you have the ingredients for a perfect data privacy storm. Data privacy isn’t “someone else’s problem”, it’s everyone within the company’s responsibility to protect personal and company information.

Data breaches and loss of company information has far-reaching consequences for a business. Reputational and profit damage resulting from negative press, fines and increased IT costs after the event are examples of additional expenses incurred by most businesses after an information security incident. Research also indicates that a data breach can be fatal for many smaller organisations.

data privacy day 2019 - mid section image

Simple steps to improve data privacy

Information security is a complex beast, with a myriad of products and services on the market. As with most things, you get what you pay for and most vendors specialise in specific sectors or verticals. Let’s remove ourselves from product-specific advice for a moment and focus on strategic methods to improve organisational data privacy.

Increase user awareness

Providing user awareness training is one of the first steps organisations must take to improve information security. Although employees are the greatest strength of an organisation, they are also a target for hackers.

Make users aware of their responsibilities and teach basics such as the importance of choosing strong passwords to protect app and account logins. It is important to keep your team up to speed on the many dangers that abound in email phishing attacks. Phishing is the number one method used by criminals to extract user credentials, business-critical information and finance details from unsuspecting employees.

Use encryption

Encryption protects data at rest and in transit from being intercepted by scrambling the information, presenting a string of nonsensical characters when reading without a unique decryption key. Encryption is particularly useful when protecting mobile devices such as laptops, tablets and smartphones as well as external hard drives and USB drives – all of which are easily lost or stolen.

It is also worth noting that protecting mobile devices with a password or passcode should also be a priority, adding a further security step.

Use a VPN

When employees need to send data between branch sites or access information stored on the corporate network from outside the office, investing in a VPN solution is essential.

A VPN extends a private network across a public network such as the Internet, enabling users to send and receive data securely as if their devices were connected directly to the private network. Data travels through secure tunnels, and authentication methods such as security tokens are required by users to gain access to the VPN server.

Use a reputable password manager

We log in to more online services than ever before, increasing the need to maintain high levels of security. Official advice from the Government’s cybersecurity arm, NCSC advises using a different password for each unique online service you log into. The reason for this is to stop criminals compromising all your online accounts should they successfully crack the password to your Facebook account, for example.

So, how are you supposed to remember all these strong and unique passwords keeping your information secure? The simple answer is to look into a reputable password manager. There are many options on the market and by doing some research, you will find the best one to suit your specific needs. Most password managers can generate complex passwords as well as prompting you to change passwords it thinks are duplicated elsewhere or are considered weak. Most products also work on all devices and will offer a prompt to help when filling out a form on a mobile device – very useful!

Enable Multi-factor authentication

Multi-factor authentication (MFA) adds an additional security step to the login process. MFA consists of a combination of two of three things – something you know, something you have and something you are. For instance, when you withdraw cash from an ATM, you use your bank card (something you have) and you enter a PIN (something you know).

Adding an extra step at the login stage such as an authenticator app or asking the app to send a unique code via SMS, increases the protection of that particular account. MFA is easy to set up and administer and will, in most cases, protect the information held within the network or account.

Develop a robust data privacy strategy

Obviously, there are many more ways to increase information security within the organisation and the list above is by no means exhaustive. Applying a strict set of security policies and ensuring your employees are familiar with processes is a key information security strategy. If you haven’t already done so, achieving GDPR compliance and Cyber Essentials accreditation provide additional data protection credentials, which can benefit your organisation in many ways.

Thanks for taking the time to read this article on data privacy day, at Network ROI we are passionate about IT security, and the safe, secure operation of our clients’ networks is our top priority. We are Cyber Essentials Plus and IASME Gold accredited which means we help businesses improve their information security stance.

Please call us on 0131 510 3456 or email easierit@networkroi.co.uk  to discuss your data privacy and information security strategy, we’d be delighted to help.

Facebook, Cambridge Analytica & Data Protection
by

Facebook, Cambridge Analytica & Data Protection

A massive data privacy row erupted in the press this week as Facebook was found to have sold personal data belonging to more than 50 million people to Cambridge Analytica.

Why does Facebook harvest your data?

Facebook is by far the largest social media platform, with 2.2 billion monthly active users. Reaching such a massive amount of people requires an enormous amount of resource including technology, power, buildings and an army of people to deliver the uninterrupted Facebook experience many of us enjoy.

Facebook uses the information we enter into the platform to help advertisers deliver carefully targeted ads to users. These ads create the income to maintain the Facebook infrastructure and to keep shareholders happy.

Here’s a crude example: you are mad about dogs and own a pug. You like the Cute Pugs Facebook page, are a member of your local Hugs for Pugs Facebook group and have visited the website of an online pet supply store. The store owner knows (from their Facebook pixel) you are a pug fanatic and can now schedule pug accessory ads to appear on your timeline.

Facebook also has your name, date of birth, address, email address and most probably a lot of similar information that belongs to your friends and family. Every time you check into a store, restaurant or tourist attraction, Facebook stores that data. Whether you realise it or not, you are leaving a trail of data wherever you go – and that extends to shopping with loyalty cards and filling up your car at the pumps with your bank card.

What have Facebook and Cambridge Analytica done wrong?

Facebook invited users to fill out the ‘This is your Digital Life” personality quiz, developed by Cambridge University researcher, Dr Aleksander Kogan.

The app collected information from 270,000 people that completed the quiz as well as harvesting data belonging to their family and friends, affecting an estimated 50 million people. Cambridge Analytica bought the data and used it to profile American voters, enabling them to send targeted campaign material on behalf of Donald Trump’s election campaign.

Two things will happen as a result of this scandal.

1 – We will all have a clearer understanding of the value of data
2 – An increased awareness of the need to protect personal data

Facebook shares fell 2.6% when news of the scandal broke, wiping an estimated $60 billion off the stock value of the company. Governments around the world are concerned that similar events could impact their political process are demanding apologies and reassurance from Facebook CEO, Mark Zuckerberg – who’s failure to respond swiftly has drawn criticism. Facebook users are also taking action with the hashtag #DeleteFacebook gathering momentum. Ironically, many are decamping to WhatsApp and Instagram – also owned by Facebook, D’oh.

The need to protect personal data is something we talk about often, albeit from a business owners perspective. We’ve spent much of the last twelve months discussing the new data protection legislation, the GDPR which comes into effect in a few weeks.

The difference with this case is the scale. Talk Talk and other high profile companies have suffered significant data breaches that only affect their customers. More than a quarter of the world’s population use Facebook every month, a massive amount.

How to protect personal data on Facebook or any other social media platform

If you want to restrict the number of ads that appear on your timeline, install adblocking software. There are many adblocking apps on the Internet, but as always, you should tread carefully. We would recommend against installing potentially invasive browser extensions as many of these have security vulnerabilities. We definitely wouldn’t recommend installing such apps on a business PC.

Another tip is to limit the number of pages, topics and other general stuff you like on Facebook. Much of the data mined in the Cambridge Analytica case was personality based, and this type of data is like gold dust to online advertisers. You can also limit the amount of information your browser is gathering and sending to social media sites by browsing the web in private or incognito mode.

Don’t post things that you want to keep private on social media. If you enter personal information on social media, protect your account with a secure password and adjust the privacy settings to ensure no-one outside of your immediate network of friends, family and colleagues can see your posts.

Social media sites have lengthy terms and conditions – which many of us don’t read. Facebook has updated theirs to prevent this type of data disaster happening in future, but when a platform has access to so much personal information, it is only a matter of time before another situation occurs.

Network ROI is a Managed Service Provider specialising in network security and data protection. We are always ready to talk about information security, visit www.networkroi.co.uk if you want to know more.

Meltdown & Spectre – Everything you need to know
by

Meltdown & Spectre – Everything you need to know

Meltdown and Spectre are the names given to vulnerabilities recently discovered to exist in almost every central processing unit (CPU) manufactured in the last 20 years. These vulnerabilities could compromise sensitive data on nearly every server, PC, laptop, tablet and smartphone – including Apple devices – worldwide.

Researchers have known about Meltdown and Spectre for some months, and the risk is considered to be relatively small as no known exploit exists, so we urge you not to panic.

We are monitoring the situation closely and will update all clients and take appropriate action when necessary. But first, let’s take a more in-depth look at exactly what a vulnerability is and what you should do if you are concerned in the future.

What is a vulnerability?

A vulnerability can be defined as a security weakness resulting from a defect that the product developer or manufacturer did not intend to introduce. The flaws, in this case, were built into the chips to help them run faster.

We can split vulnerabilities into four main categories: low, medium, high and critical. Currently, Meltdown and Spectre are classed as Medium Level vulnerabilities.

For a hacker to capitalise on a vulnerability – an exploit must exist. An exploit is a piece of software code that takes advantage of the security weakness for the benefit of the attacker.

How to protect against vulnerabilities

Protecting your business, information and people against these vulnerabilities takes three forms:

  1. A hardware firmware upgrade must be applied which usually takes the form of a computer BIOS update.
  2. The Operating System (Windows, IOS, Android etc.) must be updated – typically known as a software update.
  3. The Antivirus product must be compatible with the Operating System Update.

Hardware and software updates only go so far. You also need to make your employees aware of potential threats. We highly recommend cyber awareness training for all staff. Network ROI will be happy to discuss your cyber training requirements.

LOOKING FOR CYBER SECURITY TRAINING?

The security team at Network ROI are ready to help achieve your cyber security objectives.

Patches and updates

As it currently stands, every hardware manufacturer is working on updates to their systems – big players such as Microsoft and Apple have already released updates. Software and hardware manufacturers worked tirelessly to release updates – known as emergency patches.  As a result, many patches weren’t tested fully with several causing serious operational issues.

Given the “medium” categorisation of the Meltdown and Spectre vulnerabilities, the fact that no known exploit exists, the issues the emergency patches are causing AND the fact that to exploit these vulnerabilities is a highly technical job, Network ROI have carried out the following actions:

  • Antivirus products have been updated to be compatible with the operating system update.
  • Our security team is monitoring the situation closely for developments
  • We are delaying the release of January’s Microsoft patches until they have been properly tested and we are satisfied they stable

In order to protect your data and company in the meantime, we highly recommend that basic cybersecurity hygiene is observed – this includes educating users not to click on suspicious links or opening email attachments from unknown sources.

The security team at Network ROI recommend you consider following the Cyber Essentials or IASME Governance scheme as a minimum standard of cyber and information security.

Sign up to the Network ROI blog

  • We'd love to keep in touch with you by email with offers, news and new product information. We treat all personal data with respect, and we promise NEVER to sell your details to third parties for marketing purposes.
BAnk Holiday Disaster
by

BAnk Holiday Disaster

British Airways experienced a massive bout of business turbulence over the busy bank holiday weekend when a power shutdown caused their entire IT estate to go offline. Global online systems including company websites, booking systems and call centres were crippled – leaving thousands of customers stranded in different airports across the world. It took the company almost three days to clear the backlog of travellers, many of whom have yet to be reunited with their luggage.

The fallout has been dramatic, with some reports stating the company share price shed almost £500m over a few short days. Then, of course, there’s the compensation bill that’s expected to exceed £100m and the millions of tweets and column inches of negative press that have accompanied such a high-profile situation.

Make Disaster Recovery part of your  ongoing strategy

Regardless of what went wrong and who is responsible, the key takeaway is; disasters are never planned.

The BA crisis illustrates the need for you, as a business owner or decision maker, to have a look at this unfortunate incident in greater detail:

  • Read the papers to get an idea of the scale of the impact
  • Listen to the testimonies of the angry customers
  • Think about the brand and reputational damage
  • Check the share price in the press
  • Think about how much BA relies on the internet and computing infrastructure to make money

These examples aren’t exclusive to BA; they apply to every kind of avoidable business disaster and impact every type of organisation.

Get in touch with Network ROI

If your business relies on secure, reliable and well-maintained IT to achieve growth and prosperity and you would like to have a conversation about your Disaster Recovery strategy, please fill out the form below.

Thanks for reading,

Neil.

  • We'd love to keep in touch with you by email with offers, news and new product information. We treat all personal data with respect, and we promise NEVER to sell your details to third parties for marketing purposes.
7 Essential tips to avoid WannaCrypt
by

7 Essential tips to avoid WannaCrypt

WannaCrypt, WannaCry or WannaCrypt0r 2.0 is a type of malicious software program called ransomware that targeted a known vulnerability to infect and encrypt the contents of Windows PCs around the globe. This attack affected over 100,000 machines in over 100 countries in under 24 hours, affecting individuals and high-profile organisations including the NHS. The attack could have had much more serious consequences if it wasn’t for the quick-thinking of a researcher who stopped the threat spreading by just registering a domain name!

Ransomware is a piece of malicious software or malware that blocks access to a computer, or it’s files and demands payment for release. criminals don’t always play by the rules, access to data is not guaranteed, even after paying the ransom Ransomware is typically triggered when a user opens an email containing a malicious attachment such as a PDF or Microsoft Office document.

WannaCrypt is a game-changer!

WannaCrypt is different from traditional forms of ransomware as it can replicate itself and spread to other machines on the computer network, making WannaCrypt a hybrid ransomware/worm program. The infection spreads via SMB (Server Message Block) protocol used by Windows machines to communicate with other file servers over a network. An infected machine will then spread the malicious program to other at-risk devices.

Once infected, the WannaCrypt installer will extract a resource in a password protected zip file (wary.zip) which contains the executable ransomware files. WannaCrypt will also download a TOR client that it uses to communicate with the WannaCrypt servers.

What does WannaCrypt do?

The malicious program encrypts most of the files on a machine, and then a payment demand appears on the screen.  The criminal gang behind WannaCrypt request $300 in Bitcoin. Upon payment, you will receive a decryption key. The figure doubles to $600 if they haven’t received payment within three days. Access to files may be lost forever if payment still hasn’t been made within a week.

How to avoid the threat of WannaCrypt and other Ransomware threats

As mentioned earlier in the article, WannaCrypt targets a particular vulnerability within the Windows Operating System. There is, however, a high probability that other vulnerabilities will become exposed and exploited within the coming days, weeks, months and even years. Here are some tips to help you, your family and colleagues avoid falling victim to cyber crime.

  1. Delete any suspicious emails immediately, or if it’s from a known source, call the person to confirm they sent it
  2. Never forward such emails to colleagues
  3. Never click on an attachment in a suspicious email
  4. Alert your IT department if you receive a suspicious email
  5. Keep Anti-Virus and anti-Spam software up-to-date
  6. Keep Windows Operating System software up-to-date
  7. Ensure that you have email and web security that can block malicious emails and malware Command & Control server communications
  8. Keep essential software up-to-date to the latest version

What to do if you have a ransomware problem

If you have fallen victim to WannaCrypt or any form of ransomware, do the following:

  • Pull the power lead from your machine immediately
  • Inform a member of your IT team or your line manager

Finally

Security incidents such as WannaCrypt can strike at any time. Therefore it is important to maintain a regular backup schedule as part of your wider Disaster Recovery strategy.

The National Cyber Security Centre (NCSC) has released a statement with guidance and more information regarding the attack.

About Network ROI

Network ROI is a Managed Service Provider based in Scotland with skilled technical engineers throughout the UK.

As a Cyber Essentials and IASME certified company, we help organisations improve the security of their internal networks and reduce the likelihood of outside threats.

If you are worried about WannaCrypt or any other form of cyber crime, call us on 0131 510 3456 or fill out the form below and a member of our team will be in touch soon.

  • We'd love to keep in touch with you by email with offers, news and new product information. We treat all personal data with respect, and we promise NEVER to sell your details to third parties for marketing purposes.
VISIT THE NETWORK ROI BLOG
EMAIL SERVICEDESK HOW TO GET SUPPORT YOUR PORTAL QUICK SUPPORT CHAT SUPPORT