Do your staff understand the full risks involved if they lose their business smart phone or another mobile device that contains company data?
Quite possibly not, according to new research carried out on behalf of Kaspersky Lab. It found that over three-quarters of people working in European small and medium-sized businesses would wait more than an hour before telling the company about the theft or loss of a business-owned device.
An hour doesn't sound long, but if a company smart phone falls into the wrong hands, 60 minutes is time enough to do a whole lot of damage. Racking up call charges to premium rate or international numbers is the least of your worries. Being slow to report a stolen device could see your valuable company data being siphoned off.
See the latest business tech bargains we've found online.
Or buy IT equipment now from these trusted suppliers:
Customer and employee contact details, financial information, confidential emails, access to company Twitter and Facebook accounts ... these days a smart phone is as powerful as a computer, only harder to secure and easier to lose. You need to treat it with the same amount of care.
What's more, the research questioned IT managers too. 29% of them reckoned it would take a whole day for employees to tell them about a lost or stolen device.
David Emm, senior security researcher at Kaspersky Lab, has some good advice for companies that want to take better care of their mobile devices.
“The ever-growing abilities of mobile devices make our lives much easier," he confirms. "However, what we don’t always consider is the ease with which such tools can be stolen, leaving a wealth of business critical information in the hands of thieves."
"To a seasoned cybercriminal, it will take only a matter of minutes to bypass the four digit password protection used on most devices, especially smart phones. If your mobile device is lost or stolen, it is critical that the IT department is informed as fast as possible. They can then block access of this device to the corporate network and, in the best case, wipe all of its data.”
Of course, you can't remotely wipe a device unless you've put in place systems to let you do this. If you're a sole trader or run a very small company, it's probably enough to take steps to back up each individual device and install a remote wipe app. Read our advice here.
Larger businesses will want to look into mobile device management (MDM) solutions. MDM software gives you much greater visibility and control of the mobile devices in your business, so you can restrict how they're used, what's stored on them and - crucially - scrub them clean and lock them out of the company network.
Make sure you keep yours safe. (Image: Flickr user Johan Larsson.)
New smart phones have some strong security measures enabled out of the box. But did you know there are some simple steps you can take to make sure yours is secure?
The simplest thing you can do protect your smart phone is to set a passcode. Once set, you will be required to enter the code to unlock and use your phone. The minor inconvenience of entering this each time will pay major dividends if your phone is ever lost or stolen.
A thief will be unable to access your phone without the passcode.
Along the same lines, you should also make sure your phone is set to lock automatically when not in use. This means you won't have to remember to lock it yourself each time.
Keeping your smart phone updated with the latest software is just as important as keeping your computer up to date.
Installing the latest updates helps you avoid any security problems that could affect your mobile operating system. For example, a security flaw in previous versions of Apple's iOS (which runs on every iPhone) could allow an attacker to bypass your lock screen.
You can search our website for details of security vulnerabilities affecting your particular model of phone.
All of the rules you've learned about being safe on your desktop computer apply when you're using your smart phone.
Be careful using public wireless connections, and particularly wary when the network doesn't require you to enter a password to connect. These connections are unencrypted, which means people can easily intercept your data.
Double-check the network you're connecting to is the one you think it is. Some attackers may try to steal your data by posing as a legitimate hotspot.
If you work with sensitive data a lot, consider a secure VPN connection for when you use public Wi-Fi. This should protect data even if you've connected to a dodgy network.
Giri Sreenivas is vice president of Mobile at security specialists Rapid7.
Distributed denial of service attack. DDoS for short. Four letters that are can strike terror into the heart of anyone who's been on the receiving end of one.
DDoS attacks aim to take websites offline by overwhelming them with requests for information. Typically, they involve hundreds or thousands of computers, all coordinated to bombard the site simultaneously.
Often, the owners of these computers don't even know what's going on, because the source of the attack is malware that's infected their machines.
DDoS attacks have hit the news regularly in 2012. Last month, Teresa May and the Home Office were targeted. Back in May, Webfusion - one of the UK's largest web hosts - was on the receiving end of a sustained attack (the firm produced an interesting white paper explaining what happened).
The motives for DDoS attacks vary. Sometimes they're random. Sometimes they're political. But there's often a financial aspect. They can come from your competitors, or they can be blackmail, pure and simple. Pay up, or your website stays offline.
And although it's only big name brands that hit the news, online criminals are increasingly turning their attention to smaller companies. Without the resources to deflect attacks, they're softer targets.
As security expert Don Smith told us recently:
"More and more smaller companies are being attacked by cyber criminals, yet many still hold the view that they are too small to be targeted."
If you're not prepared, combating a DDoS attack can be tricky. When your website's overwhelmed by spurious traffic, you may find you're unable to even log in yourself.
In fact, the possibility of a DDoS attack is something you should consider when choosing a web host, because the way they handle them can vary remarkably.
Some hosting companies will simply take your website offline completely so that their other customers aren't affected. Worse, you might get a bill for the extra traffic the attack generated.
Other web hosts will provide far more constructive assistance. Ask if they can give you examples of how they've fended off attacks in the past, and look for security features that come as part of your package, like DDoS protection.
Also make sure they keep their servers and apps up-to-date, because often the latest versions of ecommerce and content management tools are more resistant to DDoS attacks.
Looking for a new web hosting firm?
Here are some firms you might like to consider:
Have you ever suffered a DDoS attack? How did you cope?
How secure is your personal identification number (PIN)? An enlightening study reveals many PINs are predictable and easy to guess. So, is it about time you changed your PIN?
The fascinating study, by Data Genetics, reveals the most commonly used PINs and therefore the ones most likely to be guessed.
It found that the most infrequently used PIN is 8068. Does that make it the safest? Well, perhaps, although now it's been revealed in this study, it might become a lot more popular!
According to the stats, the most common PIN is 1234. Out of the 3.4 million numbers surveyed, it made up 11% - or 374,000. What little imagination some people have!
In fact, the top 20 PINs all fall into the category of 'easy to remember'. For instance:
It seems PINs with lots of repetition or a pattern to them are chosen most frequently. Interestingly, 2580 comes just outside of the top 20 at number 22. This looks like a random number until you realise these are the numbers down the centre of a telephone keypad.
Other easy to remember four-digit PINs come from years of birth. A disproportionate amount of PINs begin with 19. This is bound to change to 20 as the population ages. Day and month of birth also figure quite prominently.
Most devices, credit cards and locks that are protected by a PIN limit the number of times an incorrect number can be entered. So does it matter if you use a common PIN?
Well, let's think about it in more detail. If I'm a bad guy and I get hold of your bank card, I generally get three guesses before the card is locked.
Going from the statistics in the study, if I take the three most common PINs as my starting point, I have a one in five chance of getting yours right. Not bad and probably worth a gamble.
Unless your bank can prove you have been grossly negligent with your PIN (sticking it to your credit card, for instance) the general rule is that you will be reimbursed for any financial loss if your card is stolen and your PIN used to extract money.
So, isn’t it simply a case of using the most convenient, easy to remember PIN and - should it get compromised - waiting for the banks to sort it out?
Well, even assuming you are able to reclaim your money, there's quite a kerfuffle involved in the process. Anyone who's gone through it will know that the inconvenience and lost time is enough to deter you from using a weak PIN.
In addition, you may highlight yourself as an easy target – if you did it once, why not again? Don’t bring unwanted attention on yourself just for the sake of four little numbers.
If government statistics are accurate, even the smallest companies need to give serious thought to IT security. That's because official figures show 76% of small businesses have reported a cyber-breach in the last year alone.
You can tell the government is alarmed by the statistics, because it has decided to establish a 'Cyber Reserve' force to deal with the security threats posed by online crime. It's uncertain what this means in practice, as the details won't be revealed until next year.
However, it should signal a more co-ordinated approach to combating cyber-crime, with the goverment recruiting experts to fight back against sophisticated hackers and fraudsters.
Although things have moved on considerably since this 2006 report found internet fraud was slipping through policing procedures, it still sometimes seems like online criminals are several steps ahead of the authorities.
Just in case the message hasn't sunk in yet, let's make it absolutely clear: your business could be a target for online criminals.
We recently spoke to security expert Don Smith who explained that smaller companies often find themselves singled out in online attacks because they're seen as soft targets:
“More and more smaller companies are being attacked by cyber criminals, yet many still hold the view that they are too small to be targeted."
"If they have any public profile – if they’ve been in the news, for instance - then they can be a soft target. They also might get targeted if they handle the intellectual property of big clients, for example, a creative agency working on a big account."
“This leaves small organisations vulnerable to a number of risks, including attacks, data loss, service disruptions and reputation damage. Just like larger enterprises, small businesses need visibility into the threats that face their organisation.”
Clearly, that begs the question: what should you do about it? Hopefully, you'll have got the basics right. You'll be protecting your network with a firewall, and each individual computer and server in your business will have its own firewall too.
But to really get a grip on your IT security, you need to spend a little time on security planning. The first stage is to identify your most valuable data, so you can find ways to protec it.
It's worth reading the full interview with Don to understand a bit more about the security issues your company could face. We also have some really useful information about putting a security plan together and assessing the risks your business faces.
With just a little preparation, you can reduce the chance of your business becoming another IT security statistic.
(Police lantern image: conner395 on Flickr.)
Image: creating a self-destructing message
Sending sensitive information through email: most of us know it's a bad idea, yet we've all done it at some time or another. Whether it's providing the password to access a protected file or confirming your mother's maiden name, email often seems like the easiest option.
Yet email is inherently insecure. Not only can emails be intercepted as they travel through cyberspace, but if the recipient isn't strict about deleting messages, your information could sit in their inbox for months or years. If their account ever gets hacked, your data is in the hands of the bad guys. Email hacking happens a lot, so it is a real risk.
So, for this Donut tip of the week, we wanted to show you a handy online tool that lets you send sensitive information in a form that self-destructs once it's been read. Sort of like Mission: Impossible, only with fewer pyrotechnics.
To get started, hop on over to Oneshar.es. Then it's really easy to create your one-time message:
That's it! The link uses SSL encryption, which means the message itself is protected from interception when the link is viewed.
Obviously, anyone with access to your link can click it to see the message - but as messages self-destruct once viewed, you don't have to worry about who sees the link once your recipient has used it. Certainly, Oneshar.es deals with the problem of having important information sitting in inboxes.
Now there's no excuse for putting your password in an email ever again.
Smart phone applications could pose a significant threat to your company’s IT system in terms of security, availability or mobile data costs if left unchecked.
In a worst-case scenario, valuable and sensitive data could be at risk if you allow employees to download and install apps at will to their personal and work devices.
While smart phone settings can vary from device to device, all potentially leave a company open to abuse. Every time you install an app, it's important to check what resources and data the app is requesting permission to use.
At some point, everyone has skipped through lengthy terms and conditions to save time. It's these terms and conditions which often explain what data the app will use and how it will use it - so not reading them could mean unwittingly giving an app control over sensitive data, or even the phone itself.
Although an app may appear to be a harmless game or a useful productivity tool, there is nothing to stop it from including code to send a text message, make a phone call or even read data stored on the phone and upload it to an external server.
To minimise these risks, your business and its employees should consider some simple steps:
How sure can you be that a company promoting an app has not included hidden features or a developer has not included some malicious code? Software vendors with a track record of delivering solutions to businesses generally have the development disciplines in place to protect you from these risks, so beware the unproven startup or one man band developer.
Smart phone apps are extremely attractive, but it’s important not to forget that under the veneer of simplicity, IT is extremely complex. Your systems can be manipulated by people who understand that complexity, if they are left unchecked.
Paul Ridden is Managing Director of Skillweb, a privately owned, UK based business that provides technology solutions designed to help organisations manage their mobile workforces and track the movement of their goods.
If you want to find a way to immediately annoy potential customers and drive visitors away from your website, look no further than the humble CAPTCHA.
We've written about these squint-worthy, hard-to-interpret messed-up bits of text before, but today I stumbled upon one that goes beyond a joke.
It popped up this morning on the Ticketmaster website. I had a fair stab at the image on the right side, but I still have no idea what's going on with the left image. Any ideas at all?
I'm convinced the days of the CAPTCHA are numbered. They're designed to guard against targeted hacking attempts and automated 'bots' that fill in online forms automatically.
But really, unless you're running some sort of super high security website, they cause far more problems than they solve.
When you've taken time to create a nice clear website that makes it really easy for people to buy from you or send you a message, then making them fill in a CAPTCHA is like asking them to complete a fiendish puzzle before they can go any further.
Imagine what would happen if the local corner shop asked you to solve a Rubik's Cube before letting you buy a pint of milk. Wouldn't get much custom, would they?
When you use CAPTCHAs on your website, you risk having the same effect.
While the world's attention is diverted by a story involving a member of the Royal Family and partial nudity, don't let your guard down. Although the Duchess of Cambridge may be in the headlines today, there's a far more urgent threat to your IT systems out there: Emma Watson.
Security firm McAfee reckons the Harry Potter star is 2012's most dangerous celebrity. And it's not because she's particularly adept at hacking into Windows XP or an expert at guessing passwords (although who knows what damage a few well-placed spells could wreak?).
No, according to McAfee's research, anyone searching online using terms like 'Emma Watson and nude pictures' runs a high risk of landing on a dangerous website that's infected with malware. As the firm explains:
"McAfee research found that searching for the latest Emma Watson pictures and downloads yields more than a 12.6% chance of landing on a website that has tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware."
Now, you might justifiably argue that anyone searching for things like that deserves everything they get from the web's seedy underbelly. But if they're doing it on work time, using your company computers, you should be worried.
Sure, you can discipline the employee responsible, but if your server's infected with a virus or a trojan has stolen your customer list then you'll have bigger problems to worry about than whether your staff member actually found what they were looking for.
Your company policies should - of course - make it clear that this sort of thing is not allowed, but that's not much use either once your computers are infected. And that's why every single PC in your company should have security software installed and up-to-date.
Packages like McAfee's own All Access software (£74.99) will guard against viruses, trojans and spyware, and show a warning screen when you try to visit a dodgy website. Alternatives include AVG Internet Security (£97.99) or Kaspersky's Small Office Security package (possibly best value of the lot because it covers five computers for £159.99).
While packages like these won't entirely guard against employee mistakes, stupidity or bad luck, they do provide a strong line of defence for your company. Even if you're not in the habit of searching for nude pictures of Harry Potter actors.
Image of Emma Watson: Flickr user david_shankbone under Creative Commons.
Hardly a week goes by without one company or another being hacked and user passwords being made public on the internet. Do we have any hope of keeping our passwords safe?
Actually we do have some hope, but we all have to play our part and choose strong passwords.
Hopefully, the websites we have online accounts with are doing their utmost to protect our personal information, and in particular our passwords. But even if they are, that’s not the end of the story as simple passwords can be cracked quite easily by hackers.
We need to do our bit by making sure we have strong passwords that are hard to crack. Here are five ways.
All you need to do is mix these up a bit to come up with a good password. For example:
Top tip: make sure you mix it up. The password Olympics1066 is not as strong as the others.
Lyric: She was more like a beauty queen from a movie scene
Name: Michael Jackson
Number: 1983 (Song released in this year)
Choose the first letter from the phrase and mix the initials and number in. For example:
Top tip: once you decide how you want to mix it up, stick with it. If the mixing it up part could confuse you then you could write down a memory jogger – read on to find out how.
Phrase: Just like that
Name: Tommy Cooper
Number: 1921 (his birth year)
You get the idea!
We all need help remembering things so why not write down something to help jog your memory? It is very unlikely that someone will be able to decipher a decent memory jogger, because you can write things down in a way that makes perfect sense to you but is useless to anyone else.
Lets take the Tommy Cooper example. You could have ‘Tommy’ written down in your address book, followed by a memory jogger, like this:
In this case the memory jogger stands for initial-date-phrase-date-initial
Using this would give a password of:
Remember, that really need to change your passwords every so often, because you can never be quite certain if your password is in the wrong hands.
The biggest problem most of us face is that we have so many online accounts that we forget what they are. Give yourself a fighting chance and keep a list somewhere. As you join new shopping sites, social sites and other sites, add them to the list. If you want to change a password, you will at least know where to look!
Who poses the biggest threat to your company data? You've probably thought about external security threats, but have you stopped to consider the damage your employees could do?
Information risk management specialist Ascentor reckons nearly 15.9m people are ready to damage their employer's business, and says over two million already have. These statistics and more are summarised in this infographic, and you can see the full version over on the Ascentor website.
Not even emptying your computer's recycle bin guarantees your files are gone for good.
Although you can't see or open them on your desktop, the information is still there on your computer's hard drive, which makes it relatively easy to recover if you know what you're doing.
Obviously, that's good if you delete something by accident. But it's very bad if you're trying to delete sensitive information, like financial details or personal information. If your computer falls into the wrong hands, so could your data.
Thankfully, it's easy enough to scrub data off your hard disk for good. Here are three options for you to consider:
Of course, if you can't be bothered with all that and you don't need to keep your computer in working order, there's an option that's much more fun. Unplug your computer, rip out the hard drive and drill some holes in it. Satisfying.
Smart phones are portable and valuable, making them prime targets for theft. Some reports suggest that 20,000 mobile phones are lost or stolen in the UK every day. And with the Olympics expected to attract extra opportunistic thieves, now's not a bad time to give your smart phone security the once-over.
Quite apart from the cost of replacing a phone (Apple's top-of-the-range iPhone costs £700!), you need to think about the value of the data stored on it too. All those contact details, emails, files, photos ... could you afford to lose them? That's why this Friday, we have three crucial security tips every smart phone owner should follow:
Most smart phones come with software to copy data to your computer, creating a backup of everything on your phone in case it gets lost or stolen. iPhone users will be familiar with iTunes. Android handsets usually come with something similar, like Samsung's Kies software.
Be careful though - if you keep your phone and laptop in a bag which gets stolen, you could lose your backup too. Perhaps it's better to back the data up online. Again, most smart phones offer this option: Apple has iCloud, and MyBackup Pro is a good option for Android phones. If you use a BlackBerry, check out the BlackBerry Protect app.
Keylock is the first line of defence when a thief gets their hands on your phone. It prevents them from accessing any of the phone's functions without entering a PIN code or drawing a certain pattern on the screen.
Every smart phone offers a keylock and you should definitely use it. Many handsets also have an auto-erase option, which wipes everything from the phone if an incorrect PIN is entered too many times.
Mobile apps can help you fight back against mobile phone thieves. GPS functions can pinpoint where a stolen phone is. And - as news stories show - the police are becoming increasingly switched on about how to use these tools to recover stolen property.
The best-known is Apple's Find my iPhone. But other platforms are catered for too. Windows Phone handsets have tracking functions built in. Android users can try Plan B, and BlackBerry Protect includes tracking functions too.
Some tracking tools let you remotely wipe the phone too, but the key is to install one now. Because once your phone's gone, it's too late to do anything about it!
Previous Friday tips:
Image: Flickr user JAK SIE MASZ.
“You’ll miss me when I’m gone” is a phrase I've heard various (older) family members say to me, usually as I roll my eyes at the latest bit of wisdom they've decided to impart.
However, it’s apt for business IT. In the last couple of weeks we've seen how a seemingly small 'software update' resulted in a broad outage of NatWest’s banking systems. It even led to an unheard of step: bank branches opening on a Sunday.
If, like NatWest, IT is at the heart of your business then what are the implications of such a problem if it happens to you? What should you do to maintain reliability?
IT has become a hidden service that we take for granted. The internet, once derided as a fad, is now a key service in our lives. From shopping and booking travel to connecting with friends and researching school projects, it’s essential.
What’s more, people have started to view broadband as a basic human right, almost in the same league as water, food and sanitation. This is the level to which the internet has risen in just over 15 years. It demonstrates how important IT is to our everyday lives.
If you run a business then this trend will have spread into your world too. It was not that long ago that IT was the preserve of the accounts department who used it to process payroll. But today it’s used by every member of staff for almost everything they do.
If your business depends on IT, do you give it the attention required to keep it beating at the heart of your company? There are four simple steps you can take to make sure your IT provides good service – day in and day out:
1. Buy the right equipment
I recently visited a prospective client who wanted to set up a call centre. Staff would use their computers as the base from which to make calls and update their customer relationship management (CRM) database. They told me they were planning to buy refurbished (second-hand) computers to keep costs down.
My advice? If you plan to base your company on a database that requires reliable IT, second-hand equipment is a false economy.
That doesn’t mean you have to buy super-expensive business computers. But most well-known brands offer PCs with a three-year warranty and next-day help if you need it. What’s more, buy business-grade IT, not computers designed for domestic use. There’s a difference – and it could mean you get a PC that lasts four years instead of two.
2. Monitor your systems
There are many free or cheap services out there that can monitor your systems for problems like low disk space, a failing networking connection or high memory use. These services are simple to install and can be combined to create a single web page that puts a green, amber or red dot next to each IT asset to show its status.
3. Audit your equipment
This one’s easy. The main aim of auditing is to stay ahead of the IT age curve. A computer’s average lifespan is three to five years, so it makes sense to look at replacing each computer once it’s four years old. If you don’t know how old your equipment is then you can’t make that assessment.
The simplest approach is to note the purchase date of all assets in your business. Then rank them in order, newest at the top, oldest at the bottom. If any computers are over five years old, replace them immediately. Put any over four years old on a list for replacement soon. Keep updating your list and you’ll stay on top of your hardware replacement (this helps spread the costs too).
4. Take security seriously
I see too many companies that don’t take their IT security seriously. They think staff will self-manage things like spending hours on Facebook or emailing friends from a work computer. Of course, they don’t – so you need to manage this through a policy or software.
Internet security is a large and growing problem. Simply going to the wrong website can result in malware, spyware and unwanted software ending up on your computers. Stop this, and you’ll significantly reduce the chance of system failure.
Following these simple steps will help ensure your IT systems stay working to the best of their ability: as a vital business tool that helps to generate revenue. As my old Gran always used to say, "you'll miss me when I'm gone".
Craig Sharp is Managing Director of Abussi Ltd
Keeping your IT system secure and protecting your data can be a complex task. A secure IT system has many elements, from a firewall and anti-virus software to strong passwords and physical security.
Then there's the human factor. It's no good having the strongest passwords imaginable if your staff write them down or share them with each other.
For all but the smallest businesses, it's usually a good idea to seek expert IT security advice. Remote data access, cloud services and mobile devices are creating more fragmented IT systems - and with less centralisation, it's hard to keep everything under lock and key.
To help businesses get to grips with the different elements of their IT security, the Information Commissioner's Office has released a new guide. It's a little light on specifics, but it does contain a very useful checklist to help you cover all major areas of your IT system.
It's excellent reading if you want a good overview of the IT security challenges you face, or want to brief yourself before you speak to your IT supplier or security consultant.
Download the guide from the ICO website >> (PDF, 300K)
This week, online services LinkedIn, eHarmony and Last.fm all suffered security breaches which saw users' passwords fall into the hands of hackers. It's not the first time something like this has happened and it won't be the last: previous victims have included Gawker and Twitter.
I've mentioned before that I think passwords are broken. But they're here to stay, at least for the foreseeable future. So for this Friday's Donut tip, we explain what you should do if you have an account with one of the affected services.
To begin with, be wary of any emails you receive warning that your password has been leaked. They might be genuine, but there are lots of phishing attempts going round too, so you're better off just deleting them.
The next step is easy: PANIC!
Actually, I'm just joking. You definitely don't need to panic. It's counterproductive and unnecessary, because it's actually pretty easy to secure your accounts:
That's it, unless - like most people - you use the same or a similar password for other things. You see, scammers aren't stupid, and they know that if you use that password for your LinkedIn account, perhaps you also use it - or something similar - for more important services, like your email.
This means you also need to change any identical or similar passwords that you use on other services. You should really have a different password for each one.
You've probably seen the usual advice about creating strong passwords. Use upper and lowercase letters, numbers and symbols, don't use words you'd find in the dictionary, and so on. But these passwords can be devilishly hard to remember.
I like the song lyrics trick: take a memorable line from a song, pull out the first letters of each word, then wrap it in a number that you can remember.
For instance, a Rolling Stones fan might choose the first line from Sympathy for the Devil: 'Please allow me to introduce myself'. And he might be able to remember 1960, because that's the year he was born.
Shortened, it becomes 19Pamtim60. Not bad.
Previous Friday Donut tips:
Every Friday we bring you a great business IT tip. From nuggets that make repetitive tasks easier to easy ways to banish tech annoyances, we’re here to help.
If there’s something you’d like our help with, send an email to firstname.lastname@example.org or just leave a comment on this post. We’ll try and cover it in a future IT Donut tip.
As remote working becomes more common, businesses are having to cope with some new security risks. There’s the possibility of laptop theft, of course, and using insecure wireless connections means anyone could be eavesdropping on your data.
And what if your laptop gets rained on, or you leave it in a taxi by accident? You won’t just lose your laptop, but you’ll lose all the data on it too – and that could be a big blow to your business.
To avoid this happening, whenever possible, don’t save important documents and data to your laptop. If your business has a network server, you should have space on there to save everything. If you don’t have a network drive available on your computer, ask your IT supplier to set one up and put a shortcut on your desktop so you can find it easily.
Of course, it’s not always possible to save to a network server. If you’re not in the office, you need to be connected remotely to your company network so you can access your resources. If you’re working without a connection, save files to your laptop and make sure you copy them to the server once you’re back online.
If your company doesn’t have its own network server, you can achieve a similar effect using cloud storage. Services like Dropbox and Box let you create a special folder on your computer. Anything you save in there automatically gets copied to a server on the internet too. So if you lose your laptop, you don’t lose your data.
Finally, here’s one last tip for laptop workers: if you’re stepping away from your computer, make sure you lock it. In Microsoft Windows, just hold the Windows key and tap L. That’ll make sure nobody can meddle with it while you’re not there.
Backing up your data doesn’t have to be that difficult. It doesn’t even have to involve expensive-sounding ‘backup solutions’ or wrestling with 300 individual CDs, each of which contains a small but crucial portion of your company’s data.
Here are some straightforward ways to get started. Obviously, they’re not your only options – so it’s a good idea to chat to your IT supplier to make sure you’re backing up everything you need to.
After all, there’s nothing worse than smugly telling everyone you’re all backed up, then realising you’ve lost your ground-breaking 400-slide PowerPoint presentation.
Sure, it might be cheap and cheerful, but this approach will get the job done for you.
Buy yourself two external hard drives. These can be attached to your PC, allowing you to copy data to and from them. Do this regularly. Daily if you can.
Copy all your important data, including accounting data, word processing and spreadsheet files, plus your email, calendar and contacts.
Some hard drives come with software to make this a bit easier for you. If you use Windows, you can get Microsoft’s free SyncToy software to automatically copy selected folders across to a second hard drive.
Why two hard drives? It covers you against the risk of fire, theft and other physical damage (like dinosaurs attacking your house). Keep one drive on the premises and keep the other one somewhere else – like with a friend or family member you trust. You’ll probably need to back up to that drive less regularly, but doing so weekly will ensure you can get most of your data back.
The other good option is some sort of online backup service. Over time these services usually work out more expensive than buying a couple of hard drives, but they are convenient. Try Dropbox, Mozy or Carbonite.
Ok, so you’re a business with its own premises and maybe a few employees. You’re right to think that you need something a little more advanced. But don’t worry – you still have a number of choices.
Again, online backup can be a really good place to start. But you have to be careful. You want a company you can rely on (because backups are the things you turn to as a last resort). And check the costs carefully. Many online backup services copy non-essential files, pushing up your monthly bill.
The main in-house option is – again – hard drives or tape drives. Tape drives have traditionally been used by companies to back up large amounts of data, but we tend not to recommend them so much these days because hard drives are so cheap.
A good set up is to have seven hard drives. Five of them do your daily backups during the week (Monday – Friday). Use the other two to take regular archives, but make sure at least one is off the premises all the time. Keeping it at your home is the obvious thing to do.
Again, software is available to make this process more straightforward. I usually recommend BackupAssist, because it can back up all your email, calendar and contact folders, and it’s reliable. Which, let’s face it, important
From unlikely dinosaur attacks to the more plausible floods, fires, virus attack, hackers, computer crashes and accidental deletion, there are plenty of threats to your company data.
So the most important thing to do after reading this article is to act on it. Otherwise, by the time you realise you really need a backup system, it’ll be too late to do anything about it.
Craig Sharp is managing director of Abussi, an IT company based in Birmingham.
When you enter a gym’s locker room, there are hundreds of lockers. Each has its own combination lock. Without giving it too much thought, you open your locker using the combination only you know, which is the same combination you provided when you signed up at the gym.
Similarly, a password is a shared secret between a user and a service. When the user wants to connect to the service, they identify themselves with their username and prove that identity with the password.
The service checks the password. If it matches, the user is allowed to access the service.
We can think of the service as the locker, the username as the locker’s number and the password as the lock’s combination.
Problems occur, of course, if someone else has your combination. It could be that you use a very popular combination, or someone saw you using the same combination on your bag.
Alternatively, it could be that someone broke into the gym and saw the list of locks and combinations. Let’s take a look at these aspects in the virtual world.
On the internet, some passwords are more common than others. Hackers use lists of the most common passwords to increase their chance of guessing a user’s password quickly. The hacker tools used to guess these passwords are called crackers. Two types of crackers exist - online and offline:
To reduce the effectiveness of offline crackers, many services add a step to the process called salting. Using a salt, a different digest is created each time, even if the password is the same. So although salted passwords are not completely hack-proof, they’re much harder to guess.
So, that’s how passwords get cracked. Now, how do you stop that happening to your business?
On an individual level, always use strong passwords – and don’t use the same password on different websites. Think about what information the password is protecting. You want a really strong one for your online banking, PayPal and other online services you consider sensitive.
Use a really strong password for your email too, as getting access here can allow a hacker to wreak havoc by resetting your passwords on lots of other sites.
In your business, it’s important to realise that you can’t trust your users to choose strong passwords themselves. If you give them the choice, they’ll simply choose weak passwords. In fact, two years ago a database containing 32 million passwords was leaked to the web. Analysis of these passwords showed that 20% of users chose the same passwords from a pool of 5,000 words.
It’s up to you – or your IT administrator - to keep the passwords secure. Here’s how
Implementing many of these precautions will require help from your IT staff or IT supplier. But if you’re going to maintain the security of your systems and website, it’s vital you think carefully about enforcing a strong password policy.
Noa Bar-Yosef is Senior Security Strategist at Imperva.
Information is the lifeblood of a business. Without it, everything else you need to make a business tick - like sales, customers or profit – stalls permanently. So making that information easily accessible is vital.
As it’s so important, you’d expect the information to be easily available to the people who need it, and protected from those who don’t. However, the reality is different: at last year’s IP Expo, 60% of people surveyed by my company City Lifeline said they had lost access to their company’s IT system following an unexpected incident. Oops.
In 40% of these cases systems were down for six hours or more, bringing the business to a halt for an entire working day. Just think of all the things your business uses IT for in just one day. Imagine not being able to access your email, check customer documents or view essential data.
Losing access to your data hurts your pocket too. Symantec’s 2011 SMB Disaster Preparedness Survey found that losing access to data and electronic communication systems costs small companies an average of £7,500 a day in lost business and productivity.
Unplanned downtime can stem from something as innocent as a workman cutting through a power cable or as sinister as a malicious cyber attack. Whatever the cause, they all have one thing in common: the element of surprise.
The best business owners not only prepare for the things that are going to happen, but also for things that could happen. “I didn’t know it was going to happen,” is not much of an excuse when faced with an angry customer or an office full of staff who can’t get their work done.
If your business’s information is adequately backed-up, the chances are good that your IT systems will be working by the end of the day. But if not, the consequences can be disastrous. In a worst case scenario the lost data can never be recovered, and neither can the business.
Some research suggests up to 70% of small businesses that lose data in a major incident are forced to shut within a year. Yet the Symantec report mentioned above also shows that less than half of smaller businesses bother to back up data every week. A mere 23% take daily backups.
Taking the odd risk is part and parcel of being in business, but risking the safety of your information is equivalent to cutting off your oxygen supply. Huge corporations often have the money, expertise and resources to escape from a tricky IT gaffe. Quite often, smaller businesses do not.
This vulnerability makes investing in off-site data backup vital. It only takes a one-off incident to disable access to your IT systems. And it only takes one major incident to cripple your business forever.
If you lack the time and resources to create a backup strategy from scratch, it may be worth working with an IT supplier which can store your data securely in a different location. Some suppliers operate or have space in colocation data centres, highly secure buildings specifically designed to keep your information safe. (The company I work for, City Lifeline, offers colocation services.)
Do your business justice by investing in your information in the same way you would invest in a new computer or member of staff. Your information is key to your company’s viability, so return the favour and look after it just as well.
Roger Keenan is MD of City Lifeline.
Not a secure way to store passwords. (Image: Nina Matthews Photography on Flickr.)
News just in. Your computer system has been broken into! Yes, your impregnable firewall, amazing anti-virus and 99.9% secure password have all been breached. How could this be? Step forward your company employees.
Recent studies have compounded old research highlighting the astounding ignorance and negligence of employees when it comes to security. Read on to see three ways your employees can undo all your investment in security, and to find out where you may be at risk.
A Computer Weekly survey reported that only 4% of employees would challenge a stranger walking into their office and sitting down at a computer. What's more, only 3% would actually ask them for identification.
I'd hope those figures would be higher in smaller businesses, where it's more common for everyone to know everyone else who works there. But it still demonstrates why you need a system of identification of authority - like ID cards - in the office.
Password security is another key aspect. Aside from the oft-discussed need to use upper and lower case letters, numbers and other random symbols in passwords, it’s how your employees remember logins that can fall short.
A common approach is to write passwords on post-it notes, then stick them under phones or keyboards. Worse, some people stick them in plain view. This gives any intruder a reasonable chance of gaining access with no tools or knowledge of your systems.
One reason passwords are such an issue is that people don't see them as being particularly valuable. One survey found 90% of commuters were happy to exchange their passwords for a free pen!
Sure, some passwords may have been fakes to get a free pen. But the statistics still show a lack of understanding about the damage even a low level user’s password can do in the wrong hands.
A Valentine's Day study provided random workers with CDs, claiming they contained a promotion to win a romantic holiday. In reality, the CDs sent people to a website promoting security.
The point of the exercise was that the people behind the CD were able to run unauthorised software on computers situated within a company's IT system. According to the study, 75% of people ran their CD.
And a more recent study by the US Department of Homeland Security involved leaving unmarked pen drives and CDs in company car parks, then letting curiosity do the work.
Again, no malicious code was run, but the potential for wrongdoing was there. CDs and pen drives were inserted by 60% of people. If the CD or pen drive had a logo on it, that figure rose to 90%. Scary stuff.
I hope these stories have opened your eyes to how even the simplest, most innocent notions can compromise your company’s security. Have you been hit by negligent employees? Do you think you’re at risk? Leave a comment below to let us know.
John Sollars is MD of Stinkyink.com
If the first months of 2011 are anything to go by, this could be the year of the data breach. It almost seems like companies are falling over each other to give away information about their customers.
Here are three high-profile data breaches that have hit the headlines in the last month alone.
While you read about them, think about how many smaller incidents may go unreported or even undetected. Then stop to consider if your business does enough to safeguard its customer data.
Epsilon runs huge email marketing operations for clients like Citibank and Marks & Spencer, yet still managed to have millions of customer email addresses stolen when someone got into the company's systems without authorisation.
What we can learn: the information stolen during this breach belonged to Epsilon's clients, many of whom have since warned customers that they may receive more spam as a result.
So, if your business shares data for marketing purposes or joint ventures, make sure you only work with partners you trust, and ask searching questions to find out how they protect the data. Get a strong contract in place that - if possible - places financial liability for data breaches on their shoulders.
Hugely-successful Jersey-based online retailer Play.com suffered embarrassment last month when users reported receiving junk email to addresses they'd only ever used on the site. It soon emerged that a company responsible for some of Play.com's marketing communications had suffered a breach.
What we can learn: spotted the pattern yet? Just as with the Epsilon breach, although Play.com customers were affected, the leak actually occurred at another company.
However, Play.com's subsequent customer communications are an exercise in good damage limitation. They apologised quickly, explained what went wrong and described the possible consequences for customers.
York City Council adequately demonstrated that you can lose data without turning to high-tech hackers. All you have to do is print it out and then send it to the wrong place. The council was criticised this week for accidentally posting personal information to a third-party.
What we can learn: hard copies can cause problems too, especially when left lying around. If you have to print out sensitive information, grab it from the printer quickly, then keep it somewhere it can't get mixed up with other paperwork. Once you're done with it, shred it.