June 2018 - Blutone Technologies

Blog

  • The Cybersecurity Glossary for Non-Geeks

    25 Jun, 2018

    You don’t have to be an IT professional to be concerned about the safety of your personal and corporate data. But sometimes cybersecurity articles are written in professional jargon that can make it hard for those who aren’t programmers or IT pros to understand.

    Here is some cybersecurity terminology you should be familiar with:

    • Internet of things (IoT) – common products, such as automobiles and appliances, that are enabled with internet access to gather and distribute data; important because these products are often not developed with a high level of security in mind and can therefore expose data to hackers
    • Credential-harvesting – the practice of stealing access credentials such as login details and account numbers
    • Nation-state/cyberespionage – hackers backed by a government seeking information to give themselves an economic, military, and/or political advantage over other countries; usually very well-funded and efficient
    • Cyber-criminals – hackers targeting person and financial information that they hope to sell or exploit in some way; these organisations are often sophisticated and well-funded and operate much like a normal corporation
    • Hacktivists – activist hackers who seek to hack into systems to gather information to influence political or social groups, with the aim of getting businesses and governments to change their practices; Anonymous is the best know hacktivist group
    • Malicious insiders – employees or partners who have inside access to systems and use their knowledge to steal or facilitate the theft of data
    • RaaS (Ransomware as a Service) – this malevolent version of SaaS provides anyone willing to pay entry to the lucrative business of ransomware; a developer builds the ransomware and then sells it for a relatively low price to “affiliates” who in turn use the software to hijack victims’ devices; concerning largely because the affiliates do not need much technological expertise
    • Social engineering – using social media and email to bypass security measures and attempt to gather data directly from victims in phishing attacks; can also be used to influence public opinion
    • Router scanning – automated scanning is used to identify vulnerable routers, and then the configuration files of the routers is extracted to facilitate further hacking and data theft
    • DDoS (Distributed Denial of Service) – interrupts users ability to log into their services, often targets large scale providers of access to multiple applications; an example is the Dyn outage that made many apps such as Twitter, Reddit and email services, unavailable to many users
    • Money-muling – the process of “cashing out” and transferring illicit funds gathered in Australia to overseas locations

    The Australian Cyber Security Centre noted in their 2017 report that “Advanced malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, sophistication and severity. The reach and diversity of cyber adversaries are expanding, and their operations against both government and private networks are constantly evolving.” Blutone Technologies is ready to keep your systems safe – from your personal computer to your small business to your large enterprise. Get in touch and let’s make sure your devices are secure.

  • Meltdown and Spectre: The Tale of Two Cyber-Villains

    18 Jun, 2018

    Whether you are running a SOHO business with just one or a few computers, or a large enterprise with thousands, PC security threats are a real and constant danger. Spectre and Meltdown were revealed at the beginning of 2018 – no, they are not superhero movie villains, but very real cybersecurity dangers. And while both have largely been mitigated through system update patches, the tale of these two cyber-villains is a cautionary one worth your review.

    Meltdown and Spectre were widely reported at the beginning of the year, and even if you haven’t heard of them, you almost certainly saw the urgent communiques directing you to update your operating system software. That’s because the updates contained important patches to mitigate the risk from these two bugs, which, it turns out, have existed for decades but were not fully detected until 2017.

    First, a little information about how your hardware and software should work: Your operating system is merely a platform that allows software to run. The operating system does not need to know what data is being used or gathered by the software – it merely needs to know how to allow the application to work. The operating system does not need to know the names and addresses of your customers in order to allow you to put them into an Excel spreadsheet, for example.

    Further, the data gathered in individual software applications is kept separate from each other, except in cases where the user has explicitly allowed applications to share information. An example of shared information might be a plug-in or integration that allows QuickBooks to share information with a sales CRM. Otherwise, the data contained in software should be stored and accessed discretely.

    These two key OS functions – separating software data from the operating system and creating a barrier between applications – are precisely the functions at risk.

    Meltdown, a flaw in virtually every Intel processor made since 1995, breaks that barrier between your operating system and the software running on it. Spectre breaks the barrier between applications. In both instances, the computer is made vulnerable to hackers. With Meltdown, an operating system attack could potentially allow access to the personal data gathered by software running on the system; and Spectre could allow a hacker the ability to access the data gathered by multiple pieces of software by attacking just one application.

    The moral of this story is clear: Your computer security is a constant priority. Just last month, a series of newly-discovered Spectre-style flaws vulnerabilities were reported. And it’s not simply a matter of keeping your system updated – monitoring for data breaches is equally important for all users, from home to small office to enterprise. Blutone Technologies offers affordable security for all your devices – get in touch today and we will make sure your systems are protected.

  • NDB Update

    11 Jun, 2018

    NDB Update

    The Office of the Australian Information Commissioner (OAIC) several weeks ago published the very first report on the Notifiable Data Breach scheme, or NDB. The results, especially given they only covered about 6 weeks, from mid-February to the end of March, show that Australian businesses are under constant assault and need to be vigilant about protecting data.

    In six short weeks, 63 breaches were reported. Yes, more than 10 a week. What is perhaps a little surprising is that the majority of breaches were in the health service provider sector. Less surprising is the assault on legal, accounting, management and finance businesses.

    Almost 80% of those reporting noted that contact information was breached; one third involved a breach of health data; and 30% reported the breach involved financial information. 24% identified identity information – such as passport and driver’s license numbers – as the target.

    The good news is that more than half of the breaches reported are preventable, as they were caused by human error. The bad news is that almost all the rest were caused by malicious or criminal attacks.

    The other bit of good news… or, at least, “not as bad as it might be” news”… is that most reported breaches involved fewer than 100 people. In fact, 37 of the 63 breaches reported involved fewer than 10 records.

    What is missing from the OAIC’s statistics is more detail about the number of people involved in breach of more significant data than simply contact information. 33% of the breaches divulged health information, for example – but were these primarily cases of one letter with Joe’s health information accidentally sent to Sam?

    Six breaches were reported that involved between 1,000 and 100,000 records. It would be good to know the exact nature of these thousands of records – were they the ones that lost financial, identity or health information? And how many of those thousands were breached as a result of malicious or criminal activity?

    It’s clear that your business and personal computers need vigilant monitoring. Blutone Technologies can offer you the peace of mind you need as we continue to see these attacks, breaches, and data losses mounting. Give us a call today.

    Source: OAIC’s NDB Quarterly Statistics Report

     

    The OAIC just published information about the reasonable steps that must be taken in order to protect personal information and stay in compliance with current regulations, it’s worth taking a look: (link to https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-securing-personal-information )

Why Choose Us

  • Tech Expert on demand – for quick fixes 123
  • Solutions tailored to your needs
  • Tech Expert on-site – for those hands on solutions
  • Priority access for Entrepreneur and Business
  • Free Membership – to get you started
  • Remote concierge service
  • Free Tech Expert advice – to point you in the right direction
  • On-site concierge service
Contact Us Today