Cybersecurity

Blog

sales: 01344 567990

support: 01344 989530

Cybersecurity

  • 7 questions to ask yourself as a business owner after 150 million individuals have their data leaked

    150 million individuals have their data leaked by a Fitness App. Data leaks are a common issue that continues to go on and on. Each time more and more money and time is lost by people, companies, and governments in fixing, patching, strengthening and understanding why it went wrong this time.

    Let’s look at the positives on the latest data breach

    • The data breach was reported to all users within 4 days of the hack being discovered, and that was only a month after they believe it occurred
    • The passwords were all stored using encryption, although some the encryption was a lower level than it could have been.
    • Only usernames emails and encrypted passwords were exposed, no personal information such as date of birth, credit cards, height or weight

    As yet the Under Armour (who own the MyFitnessPal app) have yet to confirm the cause, although speculation is that it was due to user clicking an infected email attachment. User training on security is becoming more and more important, if you don’t have a training program for your team that is run at least annually you are putting your customers at risk. As firewalls and antivirus and spam detectors have become more and more robust, the hackers are also adapting with more and more elegant and creative ways to get the link to the user.

    Things to think about as a business

    • If you allow any (and we mean any) employee to connect their own device to your wifi, is that wifi separate from the corporate network ?
    • If you have any corporate mobile devices, are you monitoring the patch, firewall and antivirus status of the devices, what access to other physical ports are allowed?
    • What intelligent devices do you have on your network that are connecting and talking with the outside world, are they on a separate network ?
    • Are there any physical network cabling / ports in public places, are they disconnected or protected ?
    • How are you monitoring the training of staff on their security awareness, is cybersecurity awareness part of a new starters induction ?
    • Consider unwanted people that might enter the building, are staff aware of which doors should be kept closed ?
    • How would you detect a data breach ?

    If you don’t have the answer to these 7 questions our security consultancy services are available to assist.

    #telanovaReporter

  • How your phone is leaking data in the physical world.

    If you own a modern (post 2012) phone, then you may have had a pop up at some time on your phone when in a shop or cultural or leisure centre. It may be that you found the pop up on your phone useful, you clicked it and it led to an webpage of the place you were in and gave a coupon or information for the location.

    What you may not have known is that same technology can also being used to track your movements. Bluetooth Low Energy (BLE) works by transmitting data to your phone over a very small distance (generally less than 7m). This is very useful in museums for instance, to tell you which room you are in and provide you with a map and information. In doing so your phone tells the beacon your MAC address (one of your phone’s unique identifiers).

    Your mac address can thus be tracked as you move around the area covered with the transmitters, not all beacons will cause a popup, but it will receive your MAC address regardless to allow the tracking.

    What’s the impact for the business? Tracking how people move around and where they stop allows for better product placement and keeping the flow moving. What’s the impact for you ? Tracking anonymous MAC addresses could mean that you do or don’t get offers depending on how often you are in the building. Imaging a regular shopper getting no offers, but a new shopper (new phone) being given the option of a voucher to help them become a customer.

    Will you be keeping your Bluetooth on next time you enter a location, or turning it off to go stealth mode ?

    #telanovaReporter

  • Human integration with technology and systems.

    Connecting all the time

    Andrés Lucero of Aalto University, Helsinki, Finland recently published ( arXiv:1804.04833 [cs.HC] ) his autoethnography about his period of times in his life that he has voluntarily lived without a mobile phone. Since 1999 he spent two separate periods (2002-2008 and 2014-2017) without a phone. Both related to when he was working in academia and cycling to work. Interesting points to note were that even during these periods he had access to wifi enabled tablets, but the need for authentication codes and secure communications were the key areas that were affected by not having a mobile phone. Additionally in Finland at the age of 7 children receive their first mobile phone and house keys so that they can travel to school on their own.

    With two factor authentication heavily reliant on mobile phones either for SMS/text codes or smart phone apps with authentication code production, it becomes more and more difficult to imagine the operation of today’s work environment without a phone. In one situation the service he was trying to use reluctantly ended up emailing the security details to an email address that they weren’t able to verify.

    Moving back in to the connected world and embracing all forms of device, including wearable, Andrés Lucero also had to learn how to cope with synchronous and asynchronous forms of communication such as Whatsapp, where in a group things are said and discussed through the night which aren’t for people sleeping to respond to until they want to.

    The paper makes for an interesting study, and demonstrates a number of situations where normal life is eased by the power of live connection. Eg. location and travelling directions, location based entertainment and two factor authentication services. The paper also shows how remaining in control of technology can help maintain control of stressors.

    For security all businesses should be using two factor authentication where they can, and with smart phones being one of the most popular methods the need for all employees having access becomes apparent. However there are alternatives, if you’d like to discuss please contact us below.

    #telanovaReporter

  • Just when you thought it was safe to go online

    Facenet and dating of the future

    Sometimes there are times when you read something that makes you consider the future in a very poor light. Having this particular program made publically available at this early stage of development is also a cause for concern of how skewed the world will become in the near future.

    Many people will have by now at sometime in their adult life joined , have a close friend or family member that has experienced one of the online dating services. The services generally rely heavily on the basis of instant attraction. In many, you are presented with a visual of the person before any details of the personality are supplied to the browser. Again on the visual impact, the browser can choose to like / skip etc.

    Think now to the newly released python script, from Charles F. Jekel and Raphael T. Haftka of the University of Florida [arXiv:1803.04347 [cs.CV]], that based on just 20 of your likes is able to build a generic facial representation, which when applied to further images has an accuracy of 60% of knowing if you will like that image.

    Once trained on 406 profiles, where each like represented a different classifier, it was over 70% accurate. Being one of the first algorithms in the area, accuracy is likely to improve over time. The question being then is where will this lead ?

    Will you be able to take your liking profile from one supplier and use them with another. The reality of how oddly familiar this all seems, think about where else your liking data is used for marketing. Marketing teams will see the usefulness of this data being collected. Will the privacy agreement you’ve signed protect you liking data. The company you use could use that data for their own purposes as long as it is in their privacy agreement.

    Fast forward a few years, and every website you visit could be presented by a computer generated personna that is facially configured to match your dream person. How could you resist not purchasing 63 pallets of widgets that you really don’t need just because you want to please them.

    During the rise of computers we were wowed by the amazing graphics and realism that slowly grew as processors became more powerful. Soon the realism will not be realism but a distortion of reality based on our dreams and desires.

    Back in reality however, it may just be time to think twice about how you let companies use your data, not all of your data is input by you on a clearly laid out form. Your data is how you navigate, how you interact, how you choose, what you look at. Under GDPR companies must release all your data they collect about you to you, and must tell you how they are processing it.

    For more information about the FaceNet script see https://github.com/cjekel/tindetheus/ * arXiv:1803.04347 [cs.CV]

    For more information about GDPR email This email address is being protected from spambots. You need JavaScript enabled to view it.

    #telanovaReporter

  • Stealthy Trojans need the 'door bouncer' treatment on your network.

    No, this isn't a blog post on Brad Pitt. 

    I'm hopeful you've heard of the mythical story of the Trojan Horse? Where, in 1194 BC, the Trojans built a gigantic wooden horse that was disguised as a gift and left it outside the City of Troy's gates. The people of Troy celebrated the peace offering and took the horse inside its impregnable walls. Little did they know, the horse was full of Trojan's best warriors - and at night, they jumped out; opening the gates to the Trojan army where they plundered and razed the city.

    The same ruse is now being used to enter our networks and steal our sensitive data. All it takes is a user to open or download a link sent from a malicious email that is disguised as secure and safe. A study in 2011 showed that a 69.9% of all malware attacks are Trojans.

    Once downloaded or opened, the malware infects your network or local computer. Attackers can then steal data such as credit cards, financial information, email accounts, passwords and emails, and even send thousands of emails to clients from your own email with the same link or file, creating a snowball effect that is hard to stop. Whatever is saved or used on your network is at risk.

    It's a network's Achilles heel.

    Thankfully, whilst Trojans are getting sneakier and craftier as technology gets more complex and advanced, so do the deterrents and prevention we can put in place. These prevention's act the same way as a bouncer at a club; checking ID's and making sure no unwanted visitors get in.

    That's what Telanova is; a bouncer. We monitor remotely and seamlessly in the background, allowing you to get on with the important work at hand without having to worry and lose sleep over network security issues. Contact us to find out how we can protect your network's city walls from attacks.

     

     

  • Would you trust a HTTPs verified site?

    Oh, you think you're so safe with your little green padlocks, huh?

    Think again. PhishLabs have recently published research where they have found a staggering 24% of phishing sites use HTTPS, an otherwise well known protocol that used to establish trust and privacy of using a site.

    Over the years, we have seen a massive push towards encryption of everyday services. Browsers now display a warning for sites that aren't encrypted and half the web now uses standard encryption for their websites. So why fight the competition when you can just join them?

    How many times have you visited a website and trusted inputting your sensitive financial data just because your browser says its safe? It's time for that behaviour to change!

    How to stay safe online

    Create complex passwords.Yes, I know, you've heard it all before. But the reason you've heard this before because it is the forefront of security, and arguably the most important part. Having a strong password (e.g. complex, numbers, capitals, special characters) can save you from a world of trouble.

    Be overly cautious.If its too good to be true, it probably is. Don't enter or give any information to anyone unless you can authenticate who they are. And, for whatever reason, don't click random links on the internet.

    Look into active web protection.In a day and age of increasing number of cyber attacks, we also fortunately have an increasing number of methods to protect ourselves. Look into installing some form of active web protection that blocks possible malicious websites e.g. McAfee

     

  • Your teams are being targeted

    Sharks circling targeting users

    Like spearing fish in a barrel.

    The sharks are circling.

    Advances in technology have seen great benefits to humankind as a whole. Each step forward for mankind, sees an additional step forward for the criminal underground.

    Machine learning is becoming more wide spread. If your company uses Adwords, you may well be using their own machine learning on which of your adverts performs better based on the demographic and information of the person they display the advert to.

    In the past many of us will have received an email purporting to be from a bank or parcel carrier that we’ve never used. You may well have become accustomed to saying to yourself, but I don’t have a Western Union account etc.

    What now if the machine learning was reading your public social media, of you and your friends and tailoring the email or social post to match what you wanted to see. Imagine if you suddenly saw a post on your social feed that said
    yourname
    I know you went to insert place last year and I wondered if you’d seen these photos of the place insert sample image ,
    catch up soon
    insert a name of a friend

    • How closely would you look at the poster's signature
    • Would you click and check out the photos ?
    • What if it said update your Adobe Reader / Gallery Pack software when you did ?
    • Did it all seem legit ?
    • What if on the gallery page you visit theirs more social engineering, such as donate to just giving page ?
    • What would your employees and friends do ?

    In research published this month shows that by using machine learning to facilitate socially engineered phishing campaigns they are achieving a 5-14% better rate of return.

    • How does a 5-14% higher chance of breach fare with your company?
    • When and how did you last assess your risk of attack?
    • What action have you taken to reduce that risk ?
    • Are you ready for the onslaught ?
    • What actions have you already taken to upskill your employees?
    • What packages are there that can assist you ?

    Want to know more, enter your details below.

    Enter your name, telephone and email address so we can contact you
    Name :
    Email :
    Phone :

We use cookies to provide you with the best possible experience in your interactions on our website

You agree to our use of cookies on your device by continuing to use our website

I understand