By Lysa Myers
You might think that soaring rates of computer security breaches on businesses is simply bad news. How could it not be when we see report after report of major businesses whose networks have been compromised? While there may be an endless number of holes through which attackers can get into a network, there’s another side to this story. There is always some hope to be gleaned from doom and gloom security statistics.
“Mature Market” or “Battle Tested”?
On the one hand, an increase in breaches means attackers are either more numerous or more successful than they have been in the past. It’s likely to be a bit of both as the criminal underground has become a more mature market. For example, feature-rich toolkits fitted with the latest exploits are available to attackers even before vendors can patch their vulnerable software. Black markets are now mature and easily accessible. This means criminals know exactly how much data will sell for and they know how to best spend their time to generate a maximum return on investment.
On the other hand, these tools and data are available to everyone, not just the “bad guys”. And, most importantly, the means to fix or mitigate problems are readily available too. These are just as easily used to determine your company’s own weaknesses to find ways to protect yourself. Let’s not forget, the cost benefits for protecting your business is inherently higher than it would be for an attacker to try to bypass your defences.
The more a platform or operating system has been successfully attacked, the more the attackers have shown their hands. We know what browser plugins or content management systems or software applications they prefer to attack. We know what exploit techniques they look for. We know how they try to thwart defences and hide their tracks. This is all information we can use to spend our time and money more effectively to decrease the value for attackers.
“Abandon Hope” or “Just Run Faster Than the Other Guy”?
There are a lot of people that like to declare that some security technology or other is “dead” – how it cannot possibly protect you, and is therefore useless. However, the fatalists are ignoring the fact that, while those same technologies were never meant to protect you against every possible type of attack, they still have some use. Just because something isn’t a silver bullet doesn’t mean you should toss it out the window, roll over and let the rampaging hordes strip you of all your valuable data.
By making incremental improvements to the protection of your data and the systems in your network, you can make yourself a less tempting target to cybercriminals. That’s very important – there are plenty of businesses that are ignorant of how to properly protect their systems and data. And by being better protected than average, you will immediately cut off the least motivated attackers. By being well protected, you can either block or mitigate the damage of all but the most skilled and determined attackers.
You don’t have to break the bank or have the greatest defensive minds in the industry to protect yourself, because the best defence is comprised of lots of different elements, so you can add a piece at a time. One of the best pieces of the defensive puzzle is information gathering, which may be time-consuming but also fairly simple.
How Can We Do That?
There are three steps you need to perform to be well protected. You can start small with each of these steps and then build on them as you have the need, time or resources.
Identification of the data and resources on your network can be a bit of a rabbit hole – you could spend an infinite amount of time watching the never-ending changes that happen moment to moment. But you can still get a lot of value out of simply increasing the visibility within your network, and there are a lot of products that can help you automate this process.
The first step is finding all the machines that are supposed to be connecting to your network. From there, you need to figure out what data lives where – both customer data and proprietary data. Having a product like Identity Scrubber can help you find a wealth of data such as passwords, credit card details, national insurance numbers, etc. Don’t forget to check your publicly available information – is there information on your website that would give an attacker clues that could be used to talk your employees out of sensitive information?
Once you know the systems and data you have, you can then better monitor changes to those systems. For example, these changes will let you know when someone or something is in your network that should not be.
Now you know what you’re trying to protect, you can go about restricting access to those people that shouldn’t be accessing it.
The most obvious things to consider are things like anti-malware products and hardware / software firewalls. Larger businesses may have these in place already, but many smaller businesses may not feel they have the expertise to manage these. Modern security products have come a long way, and are now geared more towards simplicity. Also, many vendors now offer managed services, which means the difficult management is done for you.
Passwords are equally obvious, but often ignored – having an enforced policy for strong, unique and frequently refreshed passwords can go a long way towards deterring attackers.
The least commonly understood way to restrict access by attackers is what’s called the Principal of Least Privilege. Users should not have access to any data or resources that they don’t need. This could mean former employees, or people that only need data for a short period of time, or it could mean restricting people in one department from being able to access data from another department. Does someone in Development really need to be able to access information from Finance? Or does Finance really need to access Development servers? If someone does talk that person in Human Resources out of his or her login password, restricting access may be what keeps an attacker out of more sensitive information.
In the event someone does make it into your network, it still doesn’t mean they will necessarily get the valuable data they seek. There are ways to make your data so difficult to access that their hard work will be for nothing.
The first step is to take the data you’ve identified and encrypt it. You will want to go a step further with usernames and passwords, by salting and hashing them so that they can’t easily be retrieved. Security software can be helpful here too; known malicious behaviour or files should be identified before they can infiltrate systems.
Just because the news on information security appears bleak does not mean everything is doom and gloom. There are simple things you can do to drastically decrease the possibility of catastrophe and to get your organisation that much further ahead of the pack.
Now is the time to make those changes, so you won’t have to be another statistic.
Lysa Myers is a virus hunter for Intego, a Mac security software company that has developed award-winning antivirus and network protection solutions for the Mac platform since 1997.
Young adults lean towards ‘on-the-job’ learning as 6 in 10 say pandemic has impacted educational plans
- Six in 10 (61%) of 16-25s agree learning ‘on-the-job’ is the best way to get on the jobs ladder in the current environment
- 59% would rather study a degree subject connected to a profession than one they are good at
- 59% believe tech sector offers strong career opportunities and is voted most futureproof sector by 16-25s following the pandemic
- QuickBooks launches free online programming course with Amigoscode to help young people kickstart their tech career
Nearly two thirds (63%) of 16-25s have seen their future educational plans impacted by the pandemic, new research from Intuit QuickBooks1 – the financial software provider – reveals, with the uncertainty caused by COVID-19 driving young people to look for faster and more secure ways to get jobs.
And with more than half a million young people now unemployed – a rise of 35,000 from the previous quarter2 – six in ten (61%) 16-25s agree that learning ‘on-the-job’ is the best way of getting on the careers ladder in the current environment.
With COVID-19 highlighting the importance of more ‘futureproof’ career options, the technology sector has been identified by 16-25s as offering particularly strong career opportunities (59%).
To help young people kickstart their tech career, QuickBooks – home to top UK tech talent – has launched a free online programming course with Amigoscode.
Careers-focused learning takes priority
If they were to attend university or study for a degree, 59% of 16-25s would rather study a subject connected to a profession than one they’re good at, while nearly a third (31%) would only consider studying for a degree that would help them get a job in a sector that is likely to grow in future.
However, almost half (45%) of 16-25s are now reconsidering attending university at all. A quarter (26%) believe it is now more important to get on the job ladder than get a degree, while 19% don’t want to go to university because they are worried about their safety.
As remote learning becomes the new norm, more than a quarter (28%) of 16-25s now plan to carry out an online university degree (such as those offered by the Open University) instead of physically going to university.
Technology sector is voted most futureproof
The research reveals 16-25s believe the technology sector is the most futureproof (40%), ranking significantly higher above the second most popular option (construction – 27%).
Almost a fifth (19%) of the 16-25s surveyed already have a career in the technology sector, while 34% are considering it – rising to 38% of those aged 16-19.
Of those who are interested in the sector but are not currently considering it, the biggest barrier is simply not knowing how to get a job in this area (32%), closely followed by having never received any information about the sector from careers advisors etc. (30%). A quarter (25%) don’t think they could afford to undertake the necessary training or qualifications to get a job in the sector.
Ben Brown, Head of Engineering at Intuit QuickBooks, comments:
“With COVID-19 causing economic uncertainty and driving unemployment levels, young people are increasingly looking for ways to fast-track onto the careers ladder. And getting straight into the tech sector, which has proven to be resilient in the face of the pandemic, is particularly appealing. Technology, after all, is the fuel that has allowed many other sectors to continue operating.
“On-the-job learning is common in the tech sector, but to be a successful candidate, applicants need to demonstrate genuine interest and enthusiasm by having carried out their own independent learning. Employers can enable this by creating opportunities for young people to take part in free training courses and taster sessions, which helps them to gain valuable skills and decide if the sector is for them.
“QuickBooks engineers frequently host and coach participants through Code First Girls sessions – which are aimed at women looking to learn more about programming – and we are thrilled to be partnering with Amigoscode to offer a free programming course.”
Nelson Djalo, Founder of free coding resource Amigoscode and Software Engineer, comments:
“The perception of not having enough knowledge is the main barrier to young people getting into the technology sector. Skills can be built over time – passion, drive and a willingness to learn are the most important qualities to have. People from lots of different backgrounds and interests can get into the sector, and there are a whole host of roles aside from programming and software engineering.
“I offer programming courses and coding tutorials because I believe the sector should be accessible to anyone. I’m pleased to be partnering with QuickBooks to offer a tailormade course for anyone who is interested in getting into the industry and wants to learn more about programming.”
The Amigoscode x QuickBooks course is available here as a video, and here as a playlist. The 2.5 hour course and video playlist covers the basics of programming; the basics of Python and a project task (building a CV). Participants will also build a portfolio which could be the starting point of their tech journey/career.
Watch Nelson’s other tutorials on the Amigoscode YouTube channel here.
Case studies of young QuickBooks software engineers are available on request.
Five things to consider when organising a remote work Christmas party
By Kate Palmer, HR Advice and Consultancy Director at Peninsula
Christmas is usually a time of cheer and celebration, and the perfect way for employers to incorporate this in the workplace is by organising a Christmas party for their staff. However, things will have to be a little different this year due to the ongoing disruption caused by the coronavirus pandemic. While the easiest, and cheapest, option for employers is to not go ahead with their annual festive plans, in the spirit of keeping Christmas alive some may choose to organise a remote party.
There are, however, some important things that employers should be aware of.
- The coronavirus pandemic has highlighted the need for employers to keep their employees’ wellbeing in mind, much more than ever before. This is why, even with something that can be considered a ‘treat’ for employees, people who are working carers, have been struggling with work-related stresses, may not want to partake in a Christmas party this year, however well-intentioned it may be on the employer’s part. It is therefore advisable that remote parties should be optional and not constrained to a certain timeframe in which staff must be in attendance.
- Employers should ensure that those in attendance do not feel excluded from any activities during the party. For example, if an employee does not drink alcohol and a virtual wine tasting activity makes up the bulk of the event, such a person would not be able to contribute to the fun and may therefore feel left out. Consequently, it may be better for employers to ensure that there is a wide range of activities available that cater to the individuals who are attending.
- When attendees and potential attendees, have been established and the activities have been finalised, it is in the best interest of the company to send out emails to them. It should detail what is expected of them at the event and highlight that the same conduct is expected of them at a remote party as it would be at an in-person event. It should also outline that the same disciplinary procedures would apply in a situation where an employee commits a form of misconduct during the event.
- Similarly, employees should be made aware that the same grievance produce applies – to ensure that if company rules are broken by an employee or a grievance with the company itself, the affected employee will be able to raise this with the company.
- Finally, while employees can use their social media accounts in their own personal time, including at work social gatherings, employers must ensure that the use of social media should be done in a manner that does not adversely affect the company’s reputation.
To conclude, remote parties are the perfect way to ensure that social distancing rules are adhered to and that employees are rewarded for their efforts, there should be a mutual sense of responsibility on the part of the company and its employees.
Reasons to remote manage in a socially distanced world
By Paul Routledge Country Manager D-Link UK and Ireland
As the world continues to adapt in varying degrees to the ongoing COVID-19 pandemic, many businesses and enterprises will find themselves adjusting to more permanent, new ways of working, problem-solving and service delivery. Governments and global leaders have already introduced new measures to support these adjustments, and as a result we have already seen many companies re-evaluate how they work as well as how teams are organized and provided for. As the pandemic remains a fixture of this year of which the impact will continue to be felt in the year ahead, it’s becoming clear that the role of technology and the innovation therein will be key to ensuring businesses can weather ongoing the crisis.
For many businesses, until recent years, the vast bulk of network management was conducted and carried out on location at the client site. However, the value of remote network management has fast become an asset to businesses in the 21st century – giving IT service providers more capacity to manage a larger number of customer sites at any given time.
In addition, remote network management solutions play an important role in increasing transparency across sites by providing a complete view of the status of different networks via comprehensive interactive dashboards and informative management systems. For example, Nuclias by D-Link offers an easy to set up network management solution that provides flexibility to make onboarding, studying, troubleshooting, and reporting network activity quick and easy.
For IT service providers, establishing new ways of working is particularly important. As they seek alternative methods of supporting customers in different locations, many will be looking to the advantages that remote network management has to offer.
Before the pandemic, D-Link Europe explored the state of play of network management and challenges its partners were facing in this space. The study found that, 75% of IT service providers in Europe were already using remote access tools to support or manage network infrastructure on customer sites, yet a quarter (25%) were still relying on in-person visits to resolve network issues for customers.
Interestingly, the findings show that the larger the number of clients a provider has, the less likely they are to use remote management tools. Only 22% of European IT service providers surveyed provide more than 50 customers with remote management services. Complete adoption of remote network management methods will be a gradual process, yet the pandemic and the government restrictions in place across much of Europe have a part to play in creating the circumstances where in-person visits occur much less often if at all.
As a result, it is likely we will see a more permanent adoption of remote networking management systems – as businesses work hard to adapt to a ‘new normal’ and an unpredicatable year ahead. The point of this will not only to provide network management services in a more efficient and less time-consuming way but also to uphold the safety measures now expected of most workplaces.
This is particularly pertinent in an environement where businesses are limiting contact in the workplace and adhering to safetymechanisms also seen more widely in society – including technologies such as group temperature screening cameras as well as track and trace systems. There is a clear opportunity for IT service providers to make the most of remote networking management tools’ benefits to uphold the safety and health of their own employees, as well as personnel at client sites by reducing unnecessary human contact.
An additional benefit to be reaped from remote network management is how IT service providers can economise on time spent travelling to and from client sites, in addition to time spent resolving issues on-site. D-Link research found that 60% of European IT service providers spend between four to six hours per week installing and configuring new wireless or wired networks at client sites. This additional time spent travelling to and from client sites puts employees at particular risk, especially as they often travel long distances to get there.
What’s more, in terms of the time technicians usually spend at client sites, when it comes to configuring a replacement wireless access point, only 31% of providers feel they can keep this service under one hour. Remote network management allows technicians to use this time more effectively. Nuclias by D-Link, for example, will enable administrators to stay on top of any management tasks like creating guest networks, adding Wi-Fi to additional locations, updating devices and upholding network security.
Furthermore, IT service providers will be able to offer their clients more benefits, by providing centralised management and more visibility of their network, allowing them to act on network disruptions and problems before they become pervasive issues. Nuclias Cloud is designed for smaller businesses who lack in-house IT skills, such as hospitality and retail chains. These companies can benefit from easy network expansion and implementation of updates without the need for additional training.
Remote management solutions, like Nuclias, are also well-placed to support the growth of IT service providers as they look to offer more managed services. Not only do they enable teams to provide deployments but also increased administration services and supervision of client networks; resulting in improved reactivity to issues and better quality of service. The added advantage of unlimited scalability, thanks to the use of cloud-enabled devices, means providers can also keep resources and costs low – generating a more significant return on investment.
Right now, it still feels like there is some way to go before normal life resumes – however, as the long-term impacts of COVID-19 become more apparent, companies worldwide will need to continue to relying on innovative technology to tackle workplace concerns. With solutions such as remote network management playing an important role in supporting service providers and their clients as they do.
Tax administrations around the world were already going digital. The pandemic has only accelerated the trend.
By Emine Constantin, Global Head of Accoutning and Tax at TMF Group. Why do tax administrations choose to go digital?...
Time for financial institutions to Take Back Control of market data costs
By Yann Bloch, Vice President of Product Management at NeoXam Brexit may well be just around the corner, but it is...
An outlook on equities and bonds
By Rupert Thompson, Chief Investment Officer at Kingswood The equity market rally paused last week with global equities little changed...
Optimising tax reclaim through tech: What wealth managers need to know in trying times
By Christophe Lapaire, Head Advanced Tax Services, Swiss Stock Exchange This has been a year of trials: first, a global...
Young adults lean towards ‘on-the-job’ learning as 6 in 10 say pandemic has impacted educational plans
Six in 10 (61%) of 16-25s agree learning ‘on-the-job’ is the best way to get on the jobs ladder in the current environment 59%...
Five things to consider when organising a remote work Christmas party
By Kate Palmer, HR Advice and Consultancy Director at Peninsula Christmas is usually a time of cheer and celebration, and...
Reasons to remote manage in a socially distanced world
By Paul Routledge Country Manager D-Link UK and Ireland As the world continues to adapt in varying degrees to the...
Barclays announces new trade finance platform for corporate clients
Barclays Corporate Banking has today announced that it is working with CGI to implement the CGI Trade360 platform. This new...
An unprecedented Black Friday: How can retailers prepare?
Retailers must invest heavily in their online presence and fight hard to remain competitive as a second lockdown stirs greater...
What’s the current deal with commodities trading?
By Sylvain Thieullent, CEO of Horizon Software The London Metal Exchange (LME) trading ring has been the noisy home of...