Information technology security and business

This article is written in partnership with Dell. To find out more about promotional content please visit our Privacy Policy.

Technology has had an undeniably colossal affect on how we do business. We can now communicate with people around the world in real time, pay for goods with the swipe of a card or click of a mouse and download files from the cloud with the push of a button.

Like with most things in life though, technology does have its downsides. Historically, technological problems have centred around speed and reliability. Thanks to advances in programming, processing power and cabling, technology is now faster and more reliable than it has ever been. This is also in part thanks to more people becoming ‘tech savvy’. People expect more of technology, and more people are working to improve it. As such, the age old issues of speed and reliability which have plagued almost all forms of technology, are no longer under the spotlight. I would argue that security is now a bigger issue.

A padlock on an ethernet cableThe growth of the global tech savvy population means that more people understand how technology works, which is great in some respects, but from a security perspective, it can be concerning. If your employees know how to access confidential files you store on your server, or your customers are able to apply 99% discounts to products in your online shop then you have a problem.

In 2014 eBay was one of the most high profile victims. Vulnerabilities in Javascript and Flash code on some listing pages enabled hackers to steal users information, post fake listings and redirect visitors to fake payment pages. In 2013 Sony was fined a quarter of a million pounds by the ICO in the UK for compromising customer details in a 2011 data breach.

In it’s recently released business security e-book, Dell state that they believe many of the security problems we face today are because businesses use fragmented systems and they use a different security solution to protect each one. Whilst your payment system might be completely watertight, if it’s linked to your website, which happens to contain some vulnerable Java technology, then hackers may be able to crawl into your systems. To quote Dell’s Director of Product Marketing, Bill Evans “Patchwork solutions that combine products from multiple vendors inevitably lead to the blame game“. He goes on to say that when using fragmented systems, each vendor “is responsible for only part of the problem” making it very difficult to properly secure your systems.

There are many different solutions for companies out there. As a business you could ground yourself firmly in the first half of the 20th century and refuse to adopt technology of any kind. After all, if all the details on your client, Mrs Jones, are kept in a file in filing cabinet 35B on the sixth floor of the of your customer information storage centre, a hacker cannot squirrel their way into your network and then publish Mrs Jones’ details on the Internet. That does however mean that when Mrs Jones pops in to see you, you have to keep her waiting for 20 minutes whilst you go to find her file – as opposed to typing her name in and pulling up her details on your tablet.

There are often benefits of using software and technologies from different vendors, and it would be foolish to dismiss a good business system just because it has a few minor potential security floors. The challenge then is to find a security system than can protect your new technologies.

A security key on a keyboardUsing a single, comprehensive security system, such as Dell Endpoint Security to protect all your information technologies would help top alleviate many of the problems that arise when using a patchwork network of security systems. Using one system would instantly eliminate conflicts between security software. It can also be much easier to manage one unified system than trying to juggle several separate schemes.

Naturally each individual security system may have some specific advantages that one universal security system may not, but the fact that a universal system is just that, universal to all your businesses technology, is a huge advantage.

Dell believes that all good universal security systems should: protect the entire business both internally and externally; comply with all internal policies and indeed national laws; and enable employees to adopt technologies with confidence and ease, promoting efficiency and innovation.

What are your views on business technology security? Let us know in the comments below.

Nanotechnology Regulation

Nanotechnology applications chart

Last week I did not post as I was preparing to chair a session at a plenary for the European Commission in Brussels. Full details are available here, but today I would like to pose a few issues that were raised during the event.

This is not the first time I have spoken at conferences about nanotechnology regulation, nor is it my first Technology bloggers post on the matter. Readers might like to take a look at these posts going back to 2012.

But as an overview my interest is in regulation. And the problems raised 3 years ago are ever more pressing. Nano products are everywhere (see the diagram above, and that is old), they do not have to be labeled, and there are still questions about health and regulation that have never been answered.

Last week’s topic was the Responsible Nano Code, a document drawn up to offer guidance to nanotechnology producers as a guide. It is voluntary, has no legal standing (I will come on to that though) and is a set of principles rather than a regulatory code.

The code can be freely downloaded here.

The principles address issues such as Director Board accountability and involvement, stakeholder involvement, worker health and safety, public health, safety and environmental risks, wider social, health, environmental and ethical implications and impacts, engaging with business partners and transparency and disclosure. And if you read the code you find nothing that anyone wouldn’t agree with.

The preparation was a serious endeavour too, it took several years to come to its final draft, and involved a lot of people. Founders included the Royal Society, Nanotechnologies Industries Association, Nanotechnology Knowledge Transfer Network and Insight Investment.

Upon completion the code was presented across the world. In the USA however several problems were seen due to the nature of the law there. One problem is the risk of being sued. If a company states that they follow a code they become liable to legal action if someone can demonstrate that they did not in fact follow some aspect of the code. So companies are reluctant to state that they follow a code unless it is mandatory.

Also if a code is followed by a group of companies, it becomes the benchmark, so all companies are then judged according to that code, even if they do not participate. So implementation carries some really serious consequences.

In the US, nanomaterials are regulated in the same way as any other materials, and not specifically as nano, which to some seems problematic. Health issues have been raised (see my first nano post through the link above) and never resolved. And we must bear in mind that we are talking about hundreds of thousands of products in all sectors. In order to follow through on the pledges in the code, producers would have to educate and look after not only their own workers, but anyone who deals with these products throughout their entire lifespan. This includes, transport workers, salespeople, shopkeepers, waste collectors and disposal workers, end users, the list goes on.

And if there is a need for regulation, who is going to write it? I can’t write it, so do we need an expert? But can we get a nanotechnology expert who is probably positive about the undoubted advantages of pursuing a technology to write the regulations? Will they be balanced? Or should we ask a member of Greenpeace, or anyone else who might hold serious doubts about the processes and politics involved?

These are open questions, and although I cannot myself offer any answers it is something that we can and should all discuss. And it makes for an interesting line of work!

What’s in Your Computer (and phone, and WiFi)?

gates

Lenovo

This week the news is full of Lenovo, a computer manufacturer that has been selling machines that they have already fitted with what some call Malware or just Adware. Magic in the machine indeed!

The mal/adware in question is made by a company called “Superfish.” The software is essentially an Internet browser add-on that injects ads onto websites you visit. Details here.

Besides taking up space in your computer, the add-on is also dangerous because it undermines basic computer security protocols.

That’s because it tampers with a widely-used system of official website certificates. That makes it hard for your computer to recognize a fake bank website. This means that you are more likely to give all of your personal data away, let nasty things into your computer, and allow people to monitor your use.

No good I hear you say, and all so that they can feed you adverts while you are browsing.

Hidden Extras?

But this news does bring up another question, what else is in the computer? What else is it programmed to do? The simple answer is that I and probably most of you do not know. We have bought a machine that does the things we want it to do, but who knows what else?

Now as I eat my breakfast, I like to read the ingredients on the side of the packet. It is good for language skills as it is usually in several languages. But can I do this with my computer? You don’t get much in the way of documentation with a $400 laptop. Certainly not considering what is inside it.

So the computer company in question have disabled something at their end and the problem is resolved. But if they tell you that they fixed the problem are you going to believe them? After they did something that put your computer and everything saved on it at risk? Or should you put a new operating system on the new machine, wipe the hard drive and start again?

Why do we trust these manufacturers when they consistently do things that are not in our interest? WiFi providers that con your computer into trusting fake certificates so that they can block certain sites (and read your mail or follow your searches)? Samsung that record your voice through your smart TV and send it non encrypted over the Internet to unnamed third parties, social media sites and search engines that collect your data, mobile phone companies that map your every movement, the list goes on.

So if you cannot trust wifi, or computer manufacturers, or Google, or Facebook, or Samsung to treat our data securely and correctly, who can you trust? And more to the point why are we giving them our lives to play with?

Mind Your Language in front of the TV

Samsung-F8500-plasma-review-smart-tv

Privacy

I have a friend who puts tape over the webcam on his laptop while he is working, because he believes that people can hack into his computer and watch what he is doing. I must admit I thought it was a bit strange at first, but then hunting information I discovered that it was not only possible, but a well known crime involving organized gangs.

The UK recently took down a Russian website that was showing live webcam, taken without the knowledge of the people that were taking the footage. The incident not only involved security cameras, but all types of baby monitors and practically anything that has a camera and transmits data wirelessly.

Check out this article here.

Smart TV

But this is small fry really when you read this week’s news. A large TV manufacturer which has a product that recognizes voice controls seems to have been transmitting everything said in front of the TV to a third party.

They do this so that said third party can sieve through the words used to see if a command has been given. But there are many unanswered questions. Who is the third party? What are they doing with my data? Is it secure? The list goes on.

But said company are not trying to hide what they are doing:

Voice Recognition

You can control your SmartTV, and use many of its features, with voice commands.

If you enable Voice Recognition, you can interact with your Smart TV using your voice. To provide you the Voice Recognition feature, some voice commands may be transmitted (along with information about your device, including device identifiers) to a third-party service that converts speech to text or to the extent necessary to provide the Voice Recognition features to you. In addition, ******* may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features. Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.

I am not sure that everyone who buys a TV of this type reads the Global Privacy Policy – SmartTV Supplement however, and they might be giving away a lot more than they would like to without knowing.

The BBC carries an article about this news with all of the names included. I think it is probably true though that if one company do it, then so do all the others.