National Small Business Week is underway, and the festivities didn't take long to address one of the most glaring and ever-present issues for small to midsize businesses (SMBs): cybersecurity. The Small Business Administration (SBA) is the US government agency dedicated to providing concrete help, training, and recommendations that small businesses can put into practice right away in their day-to-day operations. To that end, rather than just offer pie-in-the-sky security trends, today's SBA cybersecurity panel gave SMBs concrete tips, resources, and steps they can take to mitigate security vulnerabilities and put a comprehensive security strategy in place.
These are pretty good, and while some of them may require a bit more time and planning, there really are some things you can do right now, even if you aren't a business.
Encryption and how you control data your is a hot topic right now, but understanding encryption and how it relates to your personal data is confusing. YouTuber CGP Grey explains encryption, as well as some of the issues up for debate right now, as simply as possible.
"If Nest wanted to increase profits it could sell your home’s environment data to advertisers. Too cold? Amazon ads for blankets. Too hot? A banner ad for an air conditioner. Too humid? Dehumidifiers up in your Facebook.
To be clear, that hasn’t happened yet but Nest already shares “anonymous” data with “partners” and Google just happens to be in the business of showing you ads for things. It’s something that will eventuate."
This will absolutely happen. Everything has been turned into marketing, why wouldn't your connected home information become part of the same attempt to get personalized advertising.
Why are technology companies who promote the use of their products for business messing around with April Fool's pranks inside those same products? That's just stupid.
"While the encryption debate may have temporarily subsided, burner phones seem to be getting the spotlight.
It might be because terrorists aren’t using encryption as much as they are utilizing the quick, easy, and anonymous method of obtaining and discarding a prepaid phone."
I've often wondered why governments have spent so much time decrying the use of encryption when criminals can just get an untraceable burner phone and accomplish the same thing in a much simpler fashion. Heck, how many years of Law and Order episodes do we have where criminals used burner phones and yet no one ever made a big deal out of those being available.
Now, to be fair, there are some legitimate uses for prepaid, untraceable, phones. Domestic violence victims, for example, need a way to communicate and stay safe from their abusers, and if those abusers have access to the records involved, which they often do because they are married to the victim, then this law will make things more dangerous for those folks. Until I've had more time to look at the alternatives and the full impact, I wouldn't go running to support this change, but it only makes sense that we would be having a discussion about this loophole first.
After all, the use of burner phones is something that forces us to balance the legitimate privacy concerns of users with the security needs of law enforcement without all the extra technical confusion over encryption. That's truly the argument we should be having, how to balance privacy rights and law enforcement needs when it comes to technology. I suspect, however, that many want to look at the more technically complex areas just to take advantage of people's confusion about the topic to install fear about it, instead of something they can easily understand.
So, encryption becomes the scary boogie man that terrorists use to keep hidden, because people don't really understand the need for truly secure encryption that we all have.
Lots of people who have no idea how encryption works, on the other hand, have had, or know someone who has, a prepaid phone, for completely legitimate reasons. Let's see how they feel about their right to privacy when it comes to something we all understand.
The thing that bugs me the most about this situation is not the argument about what Apple should or shouldn't be required to do, it's the number of politicians who feel the need to pipe in on behalf of the government, who clearly have no idea how encryption works.
The whole point of encrypting data is to protect it from the prying eyes of the companies that are transmitting or hosting it. If Apple could access everything in iCloud, or Dropbox could access encrypted information stored on it's servers, that would defeat the entire purpose. It would in fact, no longer be encrypted.
But that technical reality doesn't stop someone like the mayor of New York City from saying the companies have a "duty" to turn over data they don't actually have access to.
Can we have a conversation about encryption with people who actually understand it, please?
The newspaper has reported that the Justice Department is weighing how to move forward with an ongoing investigation that has run into trouble because of the service’s encryption. A federal judge had okayed a wiretap order during the course of the investigation, but because the communications being tapped is encrypted, they can’t see what’s being said.<br /><br />The department hasn’t decided how to proceed with the case. There are some that are advocating that they push ahead much like they’ve done with Apple: go to court and attempt to force the company to provide them with access to the information, while others are looking to hold off.
This is not going to go away, and it has profound impacts on where mobile and cloud technology will go from here. If the government gets its way, people and companies currently storing and sharing data across encrypted services will no longer be able to depend upon the data being safe from prying eyes, as the services themselves will have the means to access it directly. (If the government requires them to access and turn it over, they would have to leave it open to at least themselves in order to comply with potential court orders, as well as anyone else who figures out how to access the back door.) It will not be protected from the service storing it.
The interesting thing is that, if the companies are required to build in back doors to encrypted data, would using those services then violate current privacy laws like HIPAA?
This move by the government could literally cripple cloud services as viable business solutions, and then where will we be?
"Large, well-fortified organizations and enterprises may not be as attractive to data thieves as they once were. You can thank better training, bigger IT budgets and more effective security measures for this welcome bit of news.
Things are less rosy for small companies, however.
Shrinking budgets, limited resources, and lax or outdated security practices have now made SMBs the hacker’s preferred cyber-target, says a recent New York Times post–a vulnerability confirmed by recent industry stats."
This makes sense, criminals have always gone for the easier targets when given a choice. Small businesses used to be able to hide under the radar when it came to cyber security because their data just wasn't worth as much, but with the rise in ransomware and other quick-paying hacks available, those small companies with lax security become easy pickings.
Truly, data security has become everyone's problem.
I've heard a lot of good things about Slack, but it's not one of the tools we use at work, and without other people to collaborate with, trying it out seems a little silly. Maybe some of these will help me convince my wife to try it out with me?
Do you use Slack? How are you making use of it? More importantly, how do you like it?
"Thomas Brown of The Brown Firm in Florida was yet another victim of a ransomware attack which encrypted his data, leaving him out of business and without access to his data. The cybercriminals demanded $2500 in bitcoin for the decryption key. The firm said that they had to pay up or lose all their data so they paid up – and got the decryption key.
Since the incident, the firm has improved computer firewalls and replaced passwords with passphrases that are regularly changed, according to the article in the Jacksonville Daily Record. The firm has also installed an isolated server that is used to back up files each day."
Backup, backup, backup!!!
Seriously, keep safe out there but nothing makes this kind of malware less useless than having another copy of all of your data sitting somewhere that is not connected to the infected machine. If this firm simply had an external hard drive with copies of their data sitting on a shelf, paying the ransom isn't an issue. The data is accessible elsewhere.
So, go and make a copy of your data somewhere. It'll protect you not only from ransomware, but also from hard drive failure!
"More than three-quarters of IT professionals have seen and kept secret potentially embarrassing information about their colleagues, according to new research conducted by AlienVault.
The research, which surveyed the attitudes of more than 600 IT professionals into how they are treated, found that many are being called in to help get their colleagues out of embarrassing situations at the office.
Almost all the respondents (95%) said that they have fixed a user or executive’s personal computer issue during their work hours. In addition, over three-quarters (77%) said that they had seen and kept secret potentially embarrassing information relating to their colleagues’ or executives’ use of company-owned IT resources."
Yeah, and some of it we can never un-know, no matter how hard we try. ;-)
Truthfully, I didn't know all of these, and I use Dropbox all the time. May have to give a few of these tricks a try as well, especially using it to request files from someone else. I had not thought of that.
Are you a Dropbox user? Have you used all of these?
"I remember when I was in high school, one of my friends was learning to write code and, as some friends and I were giving him a hard time about spending his free time reading about Java for Dummies (or something like that), he said, “Technology is going to change everything, you’ll see.”
Said friend now makes a lot of money (much more than Biglaw money) working for Google. What was preventing me or my friends from learning how to code? Cynicism. The exact kind of cynicism that asks the question, “Why should I care about legal technology?”"
Technology isn't going anywhere. I feel the same way about the work I do as a trainer. Sure, you could just keep doing what you're doing and not attend any training to attempt to learn how to use a given tool more efficiently. That only means that when someone does learn a better way of doing things, and changes your workplace, you'll be the one left behind.
Do you want to be that person?
As a remote worker, I use quite a few of these, but not all. The ones I use all the time?
As well as things not on this list:
I may have to take a look at a couple of others on this list though.
What apps help you work remotely? What does your list look like?
If you're like me, you might have utilize more than one cloud storage service. I use Google Drive most often, but I also use Dropbox and Box too. MultCloud is a service that allows me to tie them all together in one place. MultCloud does more than just provide a single log-in for all of the cloud services that I use. It also allows me to move files between services with a simple drag-and-drop.
By connecting your cloud storage services through MultCloud you create a single dashboard page on which you can view and access the files within all of your cloud storage accounts. To move a file between the services you just select a file from one service and drag it to the other.
This actually looks pretty cool. I might just have to check it out to help manage my various cloud accounts, some of which are work accounts and some personal. Working remotely means having stuff filed all over the place sometimes.
Has anyone out there used MultCloud or anything like it?
"Until a year or 2 ago, the best-known program for creating and using encrypted container files was TrueCrypt, which was open source and widely supported with millions of users. Then the project was abruptly shut down. No one quite knows why, but rumours persist that the developers were formally discouraged from maintaining something that could allow law enforcement agencies to intercept information.
Luckily, the project now lives on in the form of VeraCrypt, which is based on the TrueCrypt code. It's still open source and it's still free, and it works just the same. It includes some minor new features, some bug fixes, and ongoing support. And it will work with your existing TrueCrypt container files if you have any."
Anyone used this fork of the Truecrypt code? I'm definitely going to check it out soon for some archived data I've got laying around. At least when I get home and have a chance.
"Out in Atlanta, GA, Christina Lee and Michael Saba have been receiving a lot of knocks on their door for the past 11 months. These visitors all have one thing in common: they're looking for their lost/stolen smartphone. At least 12 visitors have shown up at the couple's Atlanta home, many with police officers, looking for their missing devices. The problem is that those lost iPhones and Android devices are not with Christina or Michael, meaning those device-location tools are wrong."
Oh man, that must suck.
"Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams.
The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores, according to Dan Tentler, a security researcher who has spent several years investigating webcam security.
"It's all over the place," he told Ars Technica UK. "Practically everything you can think of.""
Yikes. It's frightening how many people have webcams in use for security and leave them completely open for anyone to access because of the lack of built-in security. This is only going to get worse as we connect our homes to smart devices that are not secure. Imagine how many non-savvy consumers might have locks, garages, etc. connected to the internet and open to being hacked?
It's important that we get this right.
"It's one aspect of a tech policy problem that has been plaguing us for at least 25 years: technologists and policymakers don't understand each other, and they inflict damage on society because of that. But it's worse today. The speed of technological progress makes it worse. And the types of technology -- especially the current Internet of mobile devices everywhere, cloud computing, always-on connections and the Internet of Things -- make it worse."
And yet, look at the current crop of candidates. Which one of them truly understands technology? Yeah, exactly. Which one of them is even talking about tech policy beyond scary stories about terrorists maybe using encryption instead of understanding why encryption protects us and our information?
As much as there are lots of political issues out there, it disappoints me that we continue to find it humorous when the people given the responsibility for setting the rules when it comes to technology and the law, instead of realizing how much harm their ignorance causes all of us.
"NetClean's founder and CEO Christian Berg said that more effort should go into identifying paedophiles within the workplace because as many as two people in a thousand use work computers to view child sexual abuse material.
“While it may appear strange for people to do this at work, many people actually find their work computer to be the only truly private computer they own,” Berg said. “It is not shared with their spouses or children, it is often a laptop and they are the only person who uses it. Paradoxically, this makes them feel more secure to use it, even if it's for viewing illicit content.”
Last year the company published research which claimed that one in five corporate networks has been used to download child pornography. It interviewed 141 IT professionals at a conference and found that in only 3.5 percent of cases did the discovery lead to a criminal investigation, and in 69 percent of cases nothing was done. "
This is shocking, and the worst thing about it is that it shows how little organizations around the world pay no attention to network security. If there are people using your network, and your technology to download child abuse images, and you have no idea, how many people have hacked into your network and taken your data that you don't know about?
Seriously, just stop it. Do something. There's no excuse for not knowing what it happening over your own corporate network.
Click in to find related links.