Business & technology journalist seeking remote freelance projects
Mark Zuckerberg is still pushing for the creation of Libra, but it's obviously futile for him at this point. He knows we don't trust Facebook.
How much customers care about data breaches is often dependent on the type of customer data obtained by attackers. If it’s username and password information for a specific site, the potential damage is less than loss of social security numbers, or financial and medical data. If your organization has been breached, prepare to answer a variety of questions, some relating to ancestral origins of security staff and other more pertinent ones relating to the breach cause and remedies taken to lessen or remove the damage caused. Before delving further into this, let’s look at the official line, based on surveys and observations from security professionals.
I’d like to believe that all readers will use this post to prepare for a ‘what if’ scenario but the sad truth is that some of you are reacting to a data breach and lack an incident response plan. My condolences, as a rough patch is coming for your business. All you have to look forward to is reputational damage (with a corresponding reduction in sales or subscription levels), a drop in staff morale, regulatory fines, penalties and other costs such as those involved in breach investigation, security enhancement and of course damage control via PR, marketing and senior executives.
Contrary to many opinions discovered online, shadow IT (a.k.a. rogue or stealth IT) is not down to the IT team saying no or refusing to provide required productivity tools necessary for a specific job role. In truth, it is often down to restrictive budgets and senior management decisions on same. Speaking as an IT pro, we do not care what software users need and would happily supply it if the budget is available and the software need is indicated.
Secure Socket Layer (SSL) or Transport Layer Security (TLS) refer to security technologies that encrypt data sent between a web server and web browser. Even though TLS is more likely, the industry still refers to the process as SSL, especially when dealing with the certificates necessary to secure a website.
If you are a small or medium business, you may have left your data backups in the hands of outside help or, even worse, to chance. Disclaimer: This post is not one of those list-based offerings, with biased recommendations leading to affiliate links, but instead an indication of the tools available to prevent data loss. Whether free or budget solutions, all providers will offer a free version or a time-limited trial. Take the time to try before purchase and select the tools best suited to your requirements.
As IT pros, we’ve been aware for quite some time that some users are a threat to security, whether by their use of shadow IT, their susceptibility to social engineering attacks from cybercriminals, or by using their employee role and access permissions to compromise data security. In security terms, we call them ‘insider threats’ and they are much more difficult to defend against than remote attackers. Just ask the NSA, where contractors are hired to aid global surveillance programs and later leak details of them to the public via prominent newspapers.
Two years plus and counting and companies are still being impacted by WannaCry. Here are the four main reasons why an old exploit and ransomware is still an issue. Since it’s first release in 1985, Microsoft Windows has gone through nine major releases and has grown in popularity, effectively dominating the desktop, laptop and server market, despite competing operating systems from Apple, Google and a variety of Linux-based distros. This popularity, more than any other factor, made it an ideal target for hackers, with WannaCry (a ransomware attack that targeted and spread globally through unpatched systems on May 12, 2017) aimed at the Windows OS but specifically the Microsoft SMBv1 aka SMB1 server protocol running on port 445.
Why is the GNFA relevant? What are the benefits to companies and to certified GNFA professionals?
As IT pros already know, when we speak of ports, we mean the 16-bit virtual ports used when interconnecting systems i.e. during communication over protocols such as TCP or UDP and not physical connections on the system such as USB, HDMI etc. See the OSI model and list of port numbers and their assigned function if not an IT pro. Port 80 is commonly used for HTTP activity, for example, and many applications communicate using assigned default ports.
In the last ten years or so, securing our local area networks has become more difficult, thanks to ubiquitous high-speed broadband and a proliferation of internet-enabled devices. Some of these are branded ‘smart’ but their widespread adoption could be considered less so. Some, like smartphones, add convenience but most introduce security risks. Whether it’s at home or at work, smart devices vary widely in terms of security. Some devices operate on Bluetooth, others connect to wireless networks and via cable. Whatever the connection protocol, it’s important to ensure that all are monitored as part of a cybersecurity policy or if at home, a common-sense attitude to security.
Digital transformation is simplified as the aim to eliminate paper-based documents and go ‘fully digital’. As much as we would like to, it’s generally impossible to achieve a paperless office. Barriers include financial, accounting, legislative and compliance requirements that require retention of original paper documents for a specified number of years. Some industries (legal, for example) have yet to make all their processes digital and physical form-filling is common in many situations. Therefore, any worthwhile security policy must consider both physical paper-based documents and their digital counterparts.
Facebook is determined to launch their own digital currency called Libra, but why would anyone trust them at this point? Some question, huh? On pondering how to compose my thoughts in a manner other than a succinct “you’ve got me stumped there, matey,” I decided that maybe I should give Facebook a fair shake. After all, they’ve accumulated more than two billion users, a discerning group it must be said.
In many jurisdictions, there is a legislative or accounting requirement to store data for a minimum of five years. Easier said than done. That’s why multiple data backups are necessary. Ignoring the complexities involved in protecting our data from internal and external attacks, let’s look at the problems associated with successfully storing data (whether structured or unstructured) in the short and long-term.
Disclaimer: Azure Monitor’s official documentation is more than 2700 pages of fascinating material. Azure Application Insights is a small part of it. Given the variety of nodes, features, apps and development methods in an Azure infrastructure, app and performance monitoring objectives can be achieved in many ways. This article focuses on Application Insights only. If you’re reading this, chances are you’ve already adopted Azure as a preferred method of entry into cloud computing.
Bluetooth security… Some consider it an oxymoron, like ‘global intelligence’ community or ‘offshore support’ while others recognize Bluetooth flaws and understand their causes. Whatever side of the fence your opinions lie, it’s fair to observe that Bluetooth has its issues and security vulnerabilities are now being exploited by hackers seeking access to data.
If reading this, you are likely interested in or already utilize cloud solutions. Both Azure and AWS (Amazon Web Services) offer a variety of infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) offerings. Selection between the two, with AWS the dominant market leader, is typically based on business requirements and online research or direct referrals (some of your contacts recommend a solution based on pricing, uptime or other).
In most companies, at least those who believe in managing security correctly, the rollout of all updates is controlled by the IT team. Only users with administrative access can install security patches, firmware and software updates or service packs. Basic users are also blocked from installing software on company assets.
Since encryption is used to secure data, it would seem only natural that encrypting something twice would increase security. However, that isn't always the case. Disclaimer: This post does not involve detailed analysis of encryption concepts designed to make the head explode.
Should businesses be worried about Huawei tech on their networks or is this really just hysteria and a political agenda that is sending shockwaves across the IT landscape? Let's discuss.
Over the past few years, Slack has risen to be the largest collaboration tool to help teams stay on track. In this article, I will discuss how it works and some concerns about the tool.
The use of big data by enterprises is almost commonplace at this point, with advocates claiming it aids decision-making, increases revenue and productivity and decreases operational costs. But it comes at a cost to data privacy. With these advantages, national and international companies, banks and government organizations have now amassed huge data sets.
It’s safe to say that most users rely on hundreds of passwords to access their devices, websites and apps. Few will remember these passwords, unless of course they are in the habit of using the same password for multiple logins–a big security no-no. For years, security pros have emphasised the need for different passwords, as identical passwords make it way too easy for hackers. If they obtain one password and it’s also used in to access online banking, for example, your resulting zero balance is to be expected.
How many of us have seen news articles complaining about cheap Chinese goods flooding Western countries? I’m sure we are familiar with inflammatory articles published by journalists that ultimately failed to show the whole picture in an accurate manner. Sensationalist articles of this nature are of course very popular but few of them identify the actual problem...
It’s worth noting that the following content reflects past experience with amateurs and does not reflect anyone associated with my credited or uncredited portfolio. It refers to unsolicited queries and early encounters with providers and seekers of budget content. It’s not a name and shame post or designed to act as a tutorial. The title is not a dig at the mentally ill — get a life if you think so.
Disclaimer: I’m writing this in an effort to prevent novice freelancers from making the mistakes I did and I made a few, often wishing I’d done things differently. You’re free to agree or disagree with my observations but all are based on personal experience.
The EU’s PSD2 directive (a revised payment service directive) aims to regulate electronic payments in EU member countries. It has no impact on traditional paper-based transactions. The aim is to allow open banking, where cross-border transactions are easily performed, cheaper and involving any number of fintech providers (think digital wallets, payment gateways, and online shopping). Any organization engaged in the process, from the banks themselves to payment providers and account information services (credit checks and data processing) must incorporate strict security, transparency and protect users’ rights.
Not found in Webster’s, ‘I don’t care’ is nonetheless part and parcel of our workplace vocab, whether we vocalize it or not. As a former IT drone, I certainly wouldn’t accept a carefree attitude to bandwidth issues and definitely wouldn’t field ongoing complaints from network users when I know the location and reason for network disruption. Why should you care about bandwidth hogs?
How is it that so many organizations focus on perimeter defense but do little to protect the target data inside that perimeter? Wouldn’t it be wonderful to protect sensitive data even if the network is breached?
As writers, regardless of experience level, we check out job boards, seeking suitable projects or clients that will pay us for our expertise in crafting exquisite blog posts that clearly demonstrate the attractive nature of the product or service involved.
Often perceived as a precursor to Industry 4.0, the rollout of 5G, if the marketing is to be believed, will allow innovations that were previously restricted or unreliable due to lack of bandwidth. Speeds of up to 10Gbps are promised by telecom companies but since we have yet to experience real-life usage scenarios, this is mere speculation.
Users are part of any network and while sometimes troublesome, it’s the responsibility of the IT admin team to ensure that users can access only the resources necessary to perform their roles. The receptionist has no need to access software project data and software developers have no interest in HR resources. Therefore, user permissions are necessary. In smaller organizations, setting user permissions in Windows for network objects is achieved using Windows Explorer, simply right click on a file, folder, volume or device and permissions can be changed if the user has admin control. In this rudimentary example, the ability to read, write and modify file or folder permissions is assigned and a valid user can easily be added with the correct permissions. No big deal, right?
For home users, monitoring bandwidth usage per device may seem like a pointless exercise but their business counterparts typically recognize the value of doing so. Bandwidth is not a limitless resource and total broadband bandwidth (as provided by your internet service provider or ISP) is shared between all the devices connected to the network. If one is taking more than its fair share, then the bandwidth available to the rest is reduced.
There is no one-size-fits-all elixir that will satisfy your future bandwidth requirements. Just like ISPs, broadcasters, and telecom service providers, your organization will need to plan for a future with ever-increasing data traffic OR at least take the necessary steps to monitor and set traffic allowances according to business goals.
Whether you call it personally identifiable information (PII), protected health information (PHI), or employee data, it’s all sensitive, and in the wrong hands, data can be used against the compromised target in the form of identity theft or financial fraud.
Data privacy seems to have surpassed all other technological buzzwords (with Big Data, AI and IoT largely responsible for the increase in available data) in the last few years, primarily because of the number of data breaches, which continues to rise unabated each year.
In the computing world, virtualization by way of virtual machines is used to describe a method of avoiding the purchase of multiple physical computers or servers, one for each operating system. A virtual machine is not a machine in the true sense of the word in that it has nothing to do with mechanical power, and has nothing to do with virtual reality (VR).
Today’s employees are always connected, thanks to ubiquitous broadband and a wide range of portable devices, from smartphones, tablets and laptops to fitness trackers and a plethora of smart devices such as watches, cameras and GPS navigators. How necessary is this level of connection?
The link tax, death of the meme and more
how IoT devices communicate
overview of advantages such as audit trail and scalability
Why managed file transfer has many advantages over FTP
includes expert quotes and humour
includes expert quotes
IoT vs Security, with expert quotes
The key elements of a DR plan
includes expert quotes
An argument against data monetisation