Blog posts in IT security

Friday Donut tip: secure remote working

Every Friday we bring you a great business IT tip. From nuggets that make repetitive tasks easier to easy ways to banish tech annoyances, we’re here to help.

If there’s something you’d like our help with, send an email to info@itdonut.co.uk or just leave a comment on this post. We’ll try and cover it in a future IT Donut tip.

Safer remote working

As remote working becomes more common, businesses are having to cope with some new security risks. There’s the possibility of laptop theft, of course, and using insecure wireless connections means anyone could be eavesdropping on your data.

And what if your laptop gets rained on, or you leave it in a taxi by accident? You won’t just lose your laptop, but you’ll lose all the data on it too – and that could be a big blow to your business.

To avoid this happening, whenever possible, don’t save important documents and data to your laptop. If your business has a network server, you should have space on there to save everything. If you don’t have a network drive available on your computer, ask your IT supplier to set one up and put a shortcut on your desktop so you can find it easily.

Of course, it’s not always possible to save to a network server. If you’re not in the office, you need to be connected remotely to your company network so you can access your resources. If you’re working without a connection, save files to your laptop and make sure you copy them to the server once you’re back online.

Use the power of the cloud

If your company doesn’t have its own network server, you can achieve a similar effect using cloud storage. Services like Dropbox and Box let you create a special folder on your computer. Anything you save in there automatically gets copied to a server on the internet too. So if you lose your laptop, you don’t lose your data.

Finally, here’s one last tip for laptop workers: if you’re stepping away from your computer, make sure you lock it. In Microsoft Windows, just hold the Windows key and tap L. That’ll make sure nobody can meddle with it while you’re not there.

• Three keyboard shortcuts you won’t be able to live without
• Increase laptop battery life
• Open web and file addresses faster

Data loss kills businesses

Your data and IT infrastructure play a key role in the continued success of your business, regardless of the size of your company.

That’s underlined by a statistic I came across recently from the Department of Trade and Industry revealing that 70% of UK businesses that suffered a catastrophic data loss were closed within 18 months.

Bad IT is disrupting business

At Dell, we’ve just published a report in conjunction with Intel which looks at the server and storage needs of small businesses in Europe. We commissioned the research because we wanted to learn more about the attitudes of smaller companies towards servers and storage.

The report reveals that two-thirds (66%) of European small businesses are heavily dependent on their IT and almost a third (32%) of these say it is critical to their business. And most businesses are miles off achieving a failure-free IT system with 93% of respondents indicating that they have experienced IT problems which inhibited their ability to continue doing business.

We asked about how often disruption occurs, too: 17% claim it happens at least once a week (that must cause some serious problems), but the better news is that 40% say it only happens rarely.

Can new tech improve things?

We also looked at small business’ attitudes towards new technologies such as cloud computing. Our findings suggest adoption rates are low, but it would be interesting to investigate how many companies use cloud services without even realising it.

According to our research, only 17% of small businesses said they had started using cloud computing and 28% said they had no intention of moving their infrastructure to the cloud. Security and privacy were the most commonly cited concerns, although performance and availability were also significant.

You can read the full report, Manage Your Changing IT Needs, at Dell’s new online portal for European small businesses, Dell’s Small Business Centre.

• Small business owners optimistic about 2012
• Why 2012 is when businesses will embrace the cloud
• How to prevent IT disasters

Information is the lifeblood of business, so why don't small companies protect it?

Information is the lifeblood of a business. Without it, everything else you need to make a business tick - like sales, customers or profit – stalls permanently. So making that information easily accessible is vital.

As it’s so important, you’d expect the information to be easily available to the people who need it, and protected from those who don’t. However, the reality is different: at last year’s IP Expo, 60% of people surveyed by my company City Lifeline said they had lost access to their company’s IT system following an unexpected incident. Oops.

In 40% of these cases systems were down for six hours or more, bringing the business to a halt for an entire working day. Just think of all the things your business uses IT for in just one day. Imagine not being able to access your email, check customer documents or view essential data.

Losing access to your data hurts your pocket too. Symantec’s 2011 SMB Disaster Preparedness Survey found that losing access to data and electronic communication systems costs small companies an average of £7,500 a day in lost business and productivity.

Prepare for the very worst

Unplanned downtime can stem from something as innocent as a workman cutting through a power cable or as sinister as a malicious cyber attack. Whatever the cause, they all have one thing in common: the element of surprise.

The best business owners not only prepare for the things that are going to happen, but also for things that could happen. “I didn’t know it was going to happen,” is not much of an excuse when faced with an angry customer or an office full of staff who can’t get their work done.

If your business’s information is adequately backed-up, the chances are good that your IT systems will be working by the end of the day. But if not, the consequences can be disastrous.  In a worst case scenario the lost data can never be recovered, and neither can the business.

Some research suggests up to 70% of small businesses that lose data in a major incident are forced to shut within a year. Yet the Symantec report mentioned above also shows that less than half of smaller businesses bother to back up data every week. A mere 23% take daily backups.

Risks are part of business, but...

Taking the odd risk is part and parcel of being in business, but risking the safety of your information is equivalent to cutting off your oxygen supply. Huge corporations often have the money, expertise and resources to escape from a tricky IT gaffe. Quite often, smaller businesses do not.

This vulnerability makes investing in off-site data backup vital. It only takes a one-off incident to disable access to your IT systems. And it only takes one major incident to cripple your business forever.

If you lack the time and resources to create a backup strategy from scratch, it may be worth working with an IT supplier which can store your data securely in a different location. Some suppliers operate or have space in colocation data centres, highly secure buildings specifically designed to keep your information safe. (The company I work for, City Lifeline, offers colocation services.)

Do your business justice by investing in your information in the same way you would invest in a new computer or member of staff. Your information is key to your company’s viability, so return the favour and look after it just as well.

• Continuity planning and backup options
• Find the right backup methods
• Five mistakes you may be making with your IT security

Roger Keenan is MD of City Lifeline.

It's time to loosen up your business IT

Put your feet up and relax about your business IT (Image: Cristian Borquez on Flickr)

There's nothing wrong with being risk averse, and there's nothing wrong with not wanting your staff to do silly things or waste time with their company computers.

Those are the - perfectly logical reasons - why many businesses lock down their systems tightly. They want to stop employees opening the wrong kinds of files, installing dodgy software or accessing social networks.

Fine. But as someone who's fairly IT literate, I've always found locked-down PCs highly offputting. By and large, I know what I'm doing and I know what I need to do my job. I just want the IT department to let me get on with it.

Young workers want more flexibility

A recent piece of research has got me wondering whether this might be a growing sentiment. The 2011 Cisco Connected World Technology Report suggests that young workers (by which it means students and professionals under 30) take many factors into account when deciding where they want to work.

It's not all about the salary - the internet, flexibility and social networks can all make a difference. For instance:

• More than half of students either wouldn't accept a job offer from a company that banned access to social media, or would find a way to circumvent the ban.
• One in four employees say that not being able to work remotely and flexibly would influence their job decisions - they might leave a job sooner, for instance.
• Two out of five people would opt for a lower paying job over a higher paying one, if it offered more flexibility over use of IT and social media, and more mobility.

The overall impression is that younger workers want more choice over what IT they use and how they use it at work.

They want more flexibility in where and when they work. And they want to be allowed to use social networks because they believe services like Facebook and Twitter are key communication tools.

Is it time to loosen up your IT?

I can almost hear the tuts from IT managers at the idea of loosening restrictions, allowing people to use their own devices and turning off web blocking software.

But here's the thing: it's happening already, whether you like it or not. If you've blocked Facebook on your work computers, your employees will just be accessing it on their phones.

Then you've got mobile devices. You might think you've banned staff using their own mobile gadgets for work. But what's to stop them loading documents onto their iPad to review on the train, or connecting a smart phone to the company Wi-Fi?

Times are changing for office IT

Times are changing. The so-called 'millennials' - the next generation of workers - have grown up using IT and computers their entire lives. We don't need to teach them how to use it at work, because they already know.

Maybe, just maybe, if we open systems up and give people more freedom to use the tools and devices they want, they'll be able to do better work.

• Are tablet computers right for business?
• Embrace employees who bring their own IT to work
• How to switch off in an always-on world

20 inspiring and insightful Steve Jobs quotes

1 “What made the Macintosh great was that the people working on it were musicians and poets and artists and zoologists and historians who also happened to be the best computer scientists in the world”

2 “Be a yardstick of quality. Some people aren't used to an environment where excellence is expected.”

3 It’s not the consumers’ job to know what they want.”

4 “Your time is limited, so don't waste it living someone else's life. Don't be trapped by dogma – which is living with the results of other people's thinking. Don't let the noise of other's opinions drown out your own inner voice. And most importantly, have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary.”

5 “Things don’t have to change the world to be important.”

6 “Being the richest man in the cemetery doesn't matter to me. Going to bed at night saying ‘we've done something wonderful’, that's what matters to me.”

7 “We don’t do market research. We don’t hire consultants. We just want to make great products.”

8 “The most compelling reason for most people to buy a computer for the home will be to link it into a nationwide communications network. We're just in the beginning stages of what will be a truly remarkable breakthrough for most people – as remarkable as the telephone.” (speaking in 1985)

9 “Simple can be harder than complex. You have to work hard to get your thinking clean to make it simple, but it’s worth it in the end because once you get there, you can move mountains.”

10 “My model for business is The Beatles: They were four guys that kept each other's negative tendencies in check; they balanced each other. And the total was greater than the sum of the parts. Great things in business are not done by one person, they are done by a team of people.”

11 “What a computer is to me is the most remarkable tool that we have ever come up with. It's the equivalent of a bicycle for our minds.”

12 “I'm the only person I know that's lost a quarter of a billion dollars in one year. It's very character-building.”

13 “You can’t just ask the customers what they want and then try to give that to them. By the time you get it built, they’ll want something new.”

14 “Your work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do. If you haven't found it yet, keep looking. Don't settle. As with all matters of the heart, you'll know when you find it.”

15 “You have to trust in something — your gut, destiny, life, karma, whatever. This approach has never let me down, and it has made all the difference in my life.”

16 “When you're a carpenter making a beautiful chest of drawers, you're not going to use a piece of plywood on the back, even though it faces the wall and nobody will ever see it. You'll know it's there, so you're going to use a beautiful piece of wood on the back. For you to sleep well at night, the aesthetic, the quality, has to be carried all the way through.”

17 “It’s really hard to design products by focus groups. A lot of times, people don't know what they want until you show it to them.”

18 “Innovation comes from people meeting up in the hallways or calling each other at 10:30 at night with a new idea, or because they realized something that shoots holes in how we've been thinking about a problem. It's ad hoc meetings of six people called by someone who thinks he has figured out the coolest new thing ever and who wants to know what other people think of his idea.”

19 "I don't think I've ever worked so hard on something, but working on Macintosh was the neatest experience of my life. Almost everyone who worked on it will say that. None of us wanted to release it at the end. It was as though we knew that once it was out of our hands, it wouldn't be ours anymore. When we finally presented it at the shareholders' meeting, everyone in the auditorium stood up and gave it a five-minute ovation. What was incredible to me was that I could see the Mac team in the first few rows. It was as though none of us could believe that we'd actually finished it. Everyone started crying.''

20 “Stay hungry, stay foolish.”

The cookie crumbles: making sense of new EU law

No, not that sort of cookie

The new EU law on website cookies came into force on 26 May. But there’s been little clear guidance of what’s expected of website owners or what the penalties might be if you don’t comply.

For business owners who might not even know what a cookie is, expecting them to interpret this new law seems a little much! It’s frustrating, so we’ve tried to make some sense of what you need to do to comply with the law.

What is a cookie, anyway?

A cookie is a small piece of information that a website can place on your computer when you visit it. Cookies are used for all kinds of things - most commonly, for web analytics, to track what people do when they’re on a website.

However, they can also be used by sites to remember what was in your shopping basket last time you visited, or to show you particular adverts or content depending on what you’ve looked at before.

The principal behind the new cookie law is that people have a right to know and decide what’s downloaded to their computers. When they first visit a website, they should see an explanation of the cookies that site uses and be able to choose which should be used.

And that’s where it gets tricky. Many website owners don’t know what cookies their sites use themselves. There will be cookies used to smooth the browsing experience, cookies that collect information on user habits, and increasingly, third party cookies used by services like Google Analytics.

Audit your cookies

This confusion means the best way to start is to audit your website, so you know what’s there. There’s some good advice about doing a cookie audit here, and a free tool that can help too (although you’ll need to be using Google Chrome as your web browser).

If your website was built by a web developer or designer, they should be able to help you understand what cookies it uses. Your IT supplier may be able to offer advice too.

Decide which cookies you actually need

Once you have a list of all the cookies your website uses, decide which you actually need, and think about which ones your visitors are likely to accept.

For instance, do you need cookies for web analytics (yes, probably – without them you’ll struggle to learn more about the people who visit your site), or for social bookmarking services?

Then you need to work on telling visitors about the cookies you decide to keep. How do you explain each in a way that encourages people to accept them? In my experience, people can be understanding when they realise the benefits cookies bring them. So, with careful wording, you can make sure most are accepted.

You should list each cookie and link to information about it to have a greater chance of it being accepted. There’s a good example at the top of the Information Commisioner’s website:

“The ICO would like to use cookies to store information on your computer, to improve our website. One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete and block all cookies from this site, but parts of the site will not work. To find out more about the cookies we use and how to delete them, see our privacy notice.”

The message is followed by a simple check box which users can tick (or not). If they tick it, the site can activate all the non-essential, but useful cookies.

A big change

There’s no denying this is a big change. Some web designers have serious concerns about its impact.

For now, we can just advise you to manage these issues as well as possible, with the aim of making it easy for visitors to understand what your cookies are and why they are important. As more websites start to make these changes, people will become savvier – as individuals, we’ll discover our own cookie comfort levels and work from there.

Finally, don’t panic. There’s a year-long grace period for websites to get things in order. But what happens after that – in terms of penalties – is unknown. So our advice is to do the work now, while you have time to think it through, and before you are forced into doing it.

• Monitoring your web traffic
• Why you need web analytics
• Five myths of managing a business website

2011: the year of the data breach?

Are you taking care of data properly? (Image: Flickr user dawnzy58 under Creative Commons.) 

If the first months of 2011 are anything to go by, this could be the year of the data breach. It almost seems like companies are falling over each other to give away information about their customers.

Here are three high-profile data breaches that have hit the headlines in the last month alone.

While you read about them, think about how many smaller incidents may go unreported or even undetected. Then stop to consider if your business does enough to safeguard its customer data.

1. The Epsilon effect

Epsilon runs huge email marketing operations for clients like Citibank and Marks & Spencer, yet still managed to have millions of customer email addresses stolen when someone got into the company's systems without authorisation.

What we can learn: the information stolen during this breach belonged to Epsilon's clients, many of whom have since warned customers that they may receive more spam as a result.

So, if your business shares data for marketing purposes or joint ventures, make sure you only work with partners you trust, and ask searching questions to find out how they protect the data. Get a strong contract in place that - if possible - places financial liability for data breaches on their shoulders.

2. Don't Play with your data

Hugely-successful Jersey-based online retailer Play.com suffered embarrassment last month when users reported receiving junk email to addresses they'd only ever used on the site. It soon emerged that a company responsible for some of Play.com's marketing communications had suffered a breach.

What we can learn: spotted the pattern yet? Just as with the Epsilon breach, although Play.com customers were affected, the leak actually occurred at another company.

However, Play.com's subsequent customer communications are an exercise in good damage limitation. They apologised quickly, explained what went wrong and described the possible consequences for customers.

3. Losing data the old-fashioned way

York City Council adequately demonstrated that you can lose data without turning to high-tech hackers. All you have to do is print it out and then send it to the wrong place. The council was criticised this week for accidentally posting personal information to a third-party.

What we can learn: hard copies can cause problems too, especially when left lying around. If you have to print out sensitive information, grab it from the printer quickly, then keep it somewhere it can't get mixed up with other paperwork. Once you're done with it, shred it.

• Read about data protection basics
• Perform an IT security risk assessment