ICT Blog

Someone asked me the other day what the golden padlock does to keep their details safe. Well its pretty basic really and you don’t have to understand how it happens, only what to look for to ensure that your information is communicated securely.

Very basically if the webpage address you are visiting is prefixed with “http://”, it is using a standard unsecure connection that can be intercepted and read by anyone who has the knowledge and intention to do so.  However, if the webpage address is prefixed with “https://”, it means that the data being sent and received is encrypted. When this happens you will see the golden padlock displayed on the Web Browser you are using.

Not every website uses the correct procedure for requesting your data entry, and you should lookout for none secure connections that require you to enter your private information, such as name and address etc. In the UK your name and address is regarded as private information by law and therefore it should kept and transmitted securly by the company requesting it.

Of course once you have communicated your private data, your next concern should be whether your data has been stored safely and securely. This one will keep you awake at night if you consider the possibilities.

To recap, using the golden padlocked https connection is good, but it only secures your communications. Once the data reaches the company you are communicating with, then you have to hope that they take the storage and safety of your data seriously.

In the UK and Europe there are guidelines and laws to ensure that your data should be kept securely by the companies who are given it. If you enter data onto servers outside of Europe, you may not be protected by these laws.

Just another basic Systems Adminsiration error. Its pretty basic,  but all your updates should be tested before you allow them onto your network, even if it means updates are delayed for a couple of hours.

I would imagine that there are some embarrassed people at the software company involved and the ICT departments where the incidents took place. They will obviously be updating their policies and procedures for OS amd Software updates in the future.

http://www.msnbc.msn.com/id/36694120/ns/technology_and_science-tech_and_gadgets/

The majority of viruses and malware incidents we have attended and removed for our clients have not been caused because of questionable browsing activities, but there are a number of cases that were.

Surfing for illicit or illegal material at work or in the home, will only put your business and personal data and reputation at risk.

If you believe that a web surfing incident was of a serious nature and illegal material was displayed or downloaded to your PC, then it may be followed up by the appropriate authorities at a later date.  Under these circumstances, you should not contact a computer engineer, as the chances are you will be losing crucial evidence that will prove your innocence. You should contact the authorities right away and offer your PC for forensic analysis and do not use the PC until they have had a chance to copy the hard drive contents.

I don’t know a single business or person who isn’t hooked up to the internet, but often securing their PC’s isn’t a primary concern because of the costs involved. Well now there is now excuse, Microsoft have realsed their free Security Essentials software and it comes highly recommended.

Ensure you uninstall your old AV/ASW software prior to installing.

http://www.microsoft.com/security_essentials/

Tips: Always ensure your Windows Updates are installed daily and MS Security Essentials is updated daily. Perform a quick scan daily and full scans once a week. Always leave your UAC on in Windows 7. Update all software that connects to the internet, Adobe PDF reader, Comms software, Browsers, email clients etc etc etc.

The popularisation of computers has seen ICT related power consumption rise to its highest levels prompting the question, how long can these unsustainable levels of power usage continue to go unchecked. The 2005 UK power usage figures of 348,700,000 MW h/yr could mean that the UK could be facing blackouts in the future, not only because of the rising power consumption of ICT equipment, but the fact that up to 10% of Power Stations in the UK could be closing down in the UK by 2013. As power consumption and prices are yet again on the rise, companies need to take action to ensure they are not squandering resources. The majority of private companies have already taken steps towards making savings, but Public organisations where electricity bills in excess of several £100,000 are common place, have no such ambition even though they have policies in place, staff education is poor.

With software and hardware now playing a greater role in Primary and Secondary care, how long will it be before the NHS turn to purely software and hardware to diagnose a patients illness.

Though we are part of the way there now, with GP’s getting more and more assistance in their consulting rooms from medical software that stop drugs being issued that could cause danger to the patient and other software that can help with the diagnosis.

The potential saving in staffing to the NHS could be huge, minimising the requirement for highly paid GP’s and consultants, by replacing them with medically training Diagnosis Technicians to oversee the consultation.

Eugene Kaspersky who runs Russia’s biggest security company has told ZDNet Asia, that Internet users should have a digital passport and that “the biggest problem in IT security these days is anonymity”. 

Eugene’s idea of bringing down the Iron Curtain on Internet freedom to protect computers from viruses and malware certainly isn’t a new one, but you have to ask isn’t there another way?
99.99999% of people who have access to the internet, don’t write the code that disrupts other individuals, businesses and governments, so why should everyone have to part with their Internet freedom, their anonymity. 

Rather than to require a digital passports (possibly a real money maker for someone), wouldn’t it be easier to require all programs created to be digitally signed, without the DC the operating system will not execute the code.

This simpler solution puts the emphasis on Microsoft and other operating system providers to issue digital certificates to those who wish to supply programs for their platform.  Any individual or business responsible for damage via their program, could see digital certificates banned and users seeking damage.

Next Month The real costs of the Internet Generation.

Formula = (Computer from £400, Broadband from £20 per month, Security Software £40 per annum, Electricity from 200wph x 5 hours 0.14p) x 10 million people per day

The Times online recently reported, that due to problems with the £12.7 billion NHS computer project, thousands of patients are being forced to wait 6 months or more for secondary care treatment and tests.  With the UK deep in recession and speculation increasing over public sector cuts, it certainly made uncomfortable reading for patients and NHS Staff alike, as £12.7 billion could certainly buy a great deal of healthcare.

The Department of Health requires that patients should wait no longer than 18 weeks from the time of the referral, unless a patient requests a longer wait.

St Barts in London, which hit the headlines when infected by a computer virus in  November 2008, introduced the new “Electronic Patient Records” system in April 2008.  It has a backlog of 22,000 records on its 18 week waiting list, but some are thought to be duplicate records.   However, 14,000 are considered by staff to be patients waiting in excess of 18 weeks.  Worryingly, patients could have to wait anything from 26 weeks to a year.

It was also reported that Staff and Doctors at the trust lost track of thousands of patients when the computerised records were introduced.

Computer and infrastruture upgrades, together with new and updated healthcare software has been under way for approximately 7 years.

It was reported by the Guardian News Paper on the 3rd September, that a member of staff at a London Council plugged a virused memory stick into a computer at one of their offices in May 2009.  The virus subsequently wreaked havoc affecting even the phone systems and costed more than £500,000 in system repairs and lost revenue.

One thing is sure, Ealing council have learnt the lesson the hard way, but every organisation needs to take note as it could happen to anyone.  Producing policies, educating staff and controlling the way in which personnel are allowed to access data and computer networks is crucial.

Draconian measures that can save our networks are nothing new?

The weak link in our network often come from removable media and access to our networks from computers we have little or no control over, such as staff accessing systems remotely from home.  Removable devices have always been a security problem and can easily be disabled from the network.  Staff accessing systems from home, should have laptops or PCs supplied by the organisation and those machines only used for accessing the organisations network.

Security Policies and Procedures can help save your data, network and possibly your business, lets face it not many companies could afford to lose half a million pounds due to a virus.

A Denial of Service (DOS) attack against Twitter brought the service to its knees.  Twitter was reported to be reliant on one service provider, lack backup, redundancy and a comprehensive disaster recovery plan, all of which contributed to affecting the system so badly.