The Impact of the Heartbleed Bug on Business

The Heartbleed bug has swept across the nation, impacting a countless number of businesses and consumers. The bug is a vulnerability in OpenSSL, which is the name of a 1998 project that was started to encrypt websites and user information across the web. What started as a project committed to data encryption is now standard on 2/3 of all websites on the Internet. Without OpenSSL, our personal information submitted across every website we visit could land in the hands of cyber criminals. Ironically, the OpenSSL software that was designed to protect users contained a flaw that made it possible for hackers to trick a server into spewing out the data that was held in its memory.

14b6heartbleed-affected-sites-660x369-400x223

When news of the Heartbleed struck, business scrambled to find out how many of their systems were using the vulnerable version of OpenSSL. While the big web companies, such as Google and Yahoo, were able to move fast to fix the problem – smaller e-commerce sites are struggling to “patch” the software quickly. As the larger sites close the door on the Heartbleed bug, hackers are turning their attention to any small and medium businesses that may not have the knowledge or manpower to update and protect their e-commerce sites accordingly.

However, regardless of the size of the business, if customers learn that a company’s system has been hacked and their personal information was compromised, legal issues could arise. Angered customers – and their lawyers – will look to hold businesses accountable for any personal data that lands in the hands of hackers. Businesses need to communicate with their customers to inform them what steps have – and will be – taken to fix the problem. That way, customers can update their passwords accordingly once a business has confirmed that their site is clean.

Many of the impacted sites are not just popular for personal usage, but are used every day by businesses of all sizes. Companies will need to follow the same steps as their customers and wait to receive confirmation from any frequently used websites that the issue has been resolved before changing their passwords. It’s also important to realize that other devices, such as Android smart phones and tablets, are vulnerable to the bug as well.

The Heartbleed bug ordeal is just another reminder of the security challenges companies are facing as more and more economic activity move online. According to eMarketer, an independent research organization, worldwide business-to-consumer e-commerce sales are likely to increase to $1.5 trillion this year. With money like that on the line, you can bet cyber criminals will be vigorously targeting businesses to try and get a piece of the pie. Companies need to take all necessary precautions to protect themselves and their customers.

To learn more about protecting your business, click here.

Blog Author: Vanessa Hartung

Your Fridge May Be Sending Out Spam – And Not the Canned Meat Kind

5550052.cms

At the 2014 Consumer Electronics show, the Internet of Things and smart devices stole the spotlight. Tech heavyweights Samsung and LG unveiled their “Smart Home” devices, which consisted of household appliances that were able to communicate with the homeowner and each other. These M2M devices (machine to machine) are each assigned an IP address, allowing them to connect to the Internet and transfer data (or, in other words, talk to each other) over a network without the need for human interaction.

This technology provides businesses and consumers with an array of benefits, without a doubt. Consumers are able to save on time and money – now that they can switch their appliances to an energy saving mode remotely or text their fridge to find out if they need to buy milk at the store before arriving home. Businesses are able to collect endless amounts of information from their customers and their devices – such as maintenance requirements or customer food preferences. However, with both parties looking to utilize IoT as soon as possible, security measures have been overlooked.

Between December 23 and January 6th, several Internet-connected “smart” devices – including refrigerators – sent upwards of 750,000 malicious emails. This is believed to be the first cyber attack involving IoT, and likely won’t be the last. Many IoT devices are poorly protected and consumers aren’t able to detect or fix security breaches when they do occur. As more of these smart appliances “come online”, attackers are finding ways to exploit them for their own needs.

Additionally, following an M2M conference in Toronto, ON, the Director of Policy for Ontario’s privacy commissioner pointed out that these devices also hold a lot of data that will be personally identifiable. Organizations are being urged to think about the privacy of customer data before employing M2M and IoT devices. Recently, customer data was leaked by LG’s smart TV as it was collecting and transmitting personal information to the manufacturer because there was no encryption. In an even more bizarre circumstance, the signal transmitted from a wireless camera used to monitor the interior of a Canadian methadone clinic was being picked up by a back-up camera inside of a vehicle outside of the building.

It’s imperative for organizations and consumers to comprehend the security and privacy risks associated with M2M and IoT enabled devices. Consumers will need to ensure that they keep their software up-to-date, change all default passwords to something more secure, and place their IoT device behind a router. Meanwhile, organizations who manufacture these devices must incorporate any available security measures available to ensure their customer’s information and network stayed protected. The benefits of IoT devices far outweighs the concerns, but those concerns still need to be addressed before IoT can really take off.

To learn more about the Internet of Things, check out our previous blog post by clicking here.

Blog Author: Vanessa Hartung

 

TeraGo Networks Attends TechBrew in Vancouver

On January 29th, TeraGo Networks joined more than 170 tech professionals at TechBrew, one of BCTIA’s most popular events, to check out new technologies and discuss 2014 trends. BCTIA (BC Technology Industry Association) is a not-for-profit organization that supports the development, growth, and advancement of technology companies located in British Columbia. Gathered in the Stanley Park Pavilion, TechBrew attendees interacted with the coolest new technologies and conversed with cutting-edge innovators and influential decision-makers.

Photo credit: Kim Stallknecht Photography and BCTIA

Photo credit: Kim Stallknecht Photography and BCTIA

We had the honor of presenting during the event, which gave our representatives the opportunity to provide attendees with information on the technologies we employ and the types of services we offer. Networking with tech professionals, colleagues, and customers allows for us to provide support to the industry where we can, offer connections to our services, and recognize industry trends.

After speaking with several attendees, it became clear that data centres – and the availability of data centre facilities – was the hot topic of the night. The increased use of data centres and colocation facilities across the globe has not gone unnoticed by IT professionals and businesses in BC. With cloud computing at an estimated worth of $200 billion globally by 2016, companies are eager to secure the space they need to utilize the cloud.

Additionally, many companies are specifically looking for data centres in the lower mainland of BC. In a recent article, IBM stated that they believe Kelowna is the best place to build a data centre in North America because it’s far from earthquake and flood zones and close to cheap power sources. The city is also just a short distance from Vancouver and the US border, bringing any US based companies that are looking to avoid the National Security Administration (NSA) up to Canada. The recent practices of the NSA has cast doubt on the security of data centres located in the United States, compelling businesses to look elsewhere for data centre and colocation facilities.

Discussing this growing data centre trend  with TechBrew attendees gave us some great insights on the resources needed for businesses to effectively utilize the technology. Not only do companies need to find space within a data centre or colocation facility, but they need to acquire a secure, symmetrical connection in order truly benefit. Without a reliable and safe connection, companies will not be able to protect the data they send to and from the data centre. And if the connection isn’t symmetrical, companies will not be able to upload as fast as they download, which results in lower productivity levels. To learn more about data centre services, click here.

We look forward to attending many more BCTIA events!

Blog Author: Vanessa Hartung

Top IT Predictions for 2014

It’s that time of year again – businesses around the globe are busy preparing for 2014. After reviewing multiple research documents released by industry leading companies, such as Gartner, IDC, CA Technologies, and CompTIA, we’ve compiled a list of the top I.T. predictions for 2014.

  1. Security: In a survey conducted by CompTIA, it was revealed that businesses are funnelling resources into better security, and that 56% of CIOs have indicated that IT security is their top priority. As the number of devices used by employees increases (driven by BYOD – bring your own device) it is getting increasingly difficult to protect company data. Factor in the technical advances made by cyber criminals, who are finding more and more ways to get around security barriers, and you’ve got a real problem on your hands. There is a delicate balance between enabling and protecting the business, and IT members will need to find the happy medium.
  2. Outsourcing IT: Several companies are either planning or rolling out programs and technology trends such as cloud computing, mobility, and big data. This combination of multiple technology trends, in addition to the increased adoption rate of these technologies by enterprises, will contribute to a IT skills shortage. For many companies, change is occurring fast, and they don’t have the in-house resources or expertise needed to implement their plans. In order for businesses to obtain the full benefits of these technologies, they will need to employ outsourced resources.
  3. Data Centre Utilization: Businesses of all sizes are quickly filling up data centres across the country. Best advice – get in while you can. Data centres are comparable to a finite resource – once they’re full, that’s it. And as the demand for data centre services increases, so can the price. Several smaller businesses perceive data centres an inaccessible – believing that the costs will be too high – but that’s not the case. There is a variety of data centres across the country, ranging in price, size, and security level. Still don’t think your company needs data centre services? Check out our post on the Top 5 Benefits of Using a Data Centre for Business.
  4. The Internet of Things: We’re on the brink of the Internet of Things (IoT). Currently, many companies are aware of IoT, but haven’t yet explored the possibilities of an expanded Internet. As a result, several businesses are not operationally or organizationally ready to employ IoT. However, Gartner predicts that companies will be using 2014 to prepare for IoT by utilizing data centre resources, adopting a variety of data management software, and ensuring the right employee resources are in place. IoT is not restricted to any particular industry, and with the advent of massively connected devices, businesses now have access to more information than they actually act on. Gartner’s prediction focuses on the “opportunity to build applications and services that can use that information to create new engagement models for customers, employees and partners”. This means that IoT is set to become more user friendly and accessible – so you had better start preparing for it.
  5. Software Defined Anything: Gartner predicts that software spending will increase by 25% in 2014. Software-defined anything (SDx) is a collective term used to define the growing market momentum for software systems that are controlling different types of hardware. More specifically, it’s making software more “in command” of multi-piece hardware systems and allowing for software control of a greater range of devices.

Reviewing the five top IT predictions listed above, there appears to be three things in common; businesses will need to manage a vast amount of data, businesses will need a reliable Internet connection, and businesses will need to act fast. So if you haven’t solidified your 2014 IT plans, or if you have – and it doesn’t include at least one of the items listed above, then it’s time to hustle.

Blog Author: Vanessa Hartung

How to Train Employees on Company Cyber Security

Guest Author: This week’s blog was provided to us by Theo Schmidt, an independent blogger. Schmidt has an interest in computer science and engineering, which he uses to fuel his blogging. You can learn more about him on Google+.

No matter your line of work, company cyber security is something that should weigh heavily on your mind. Whether it be phishing scams or malware attacks, it is important to ensure that employees know what they are expected to do to prevent and avoid security breaches.

Suspicious Links

It is important that employees realize that the sites they visit can negatively affect the entire company. Typically these sites are not sought after but are brought on via email or links from other sites.

A company can help to prevent visitation to harmful websites by installing a powerful firewall protection. However, employees are at the front lines of defense. They must be trained and reminded that bad links can be just as dangerous as anything else on the web.

Unknown Emails

Scammers and phishers know what they’re doing when they try to trick people into giving up information. Sometimes an email is an obvious scam—a prince in Nairobi is asking for monetary donations or something equally ridiculous. Other emails can be a bit trickier though.

Email scammers are getting smarter and better at making the email address look legitimate. Often they will attach a file that they want downloaded disguised as a form or important information. However, once the file is downloaded the company’s security, data, contacts, and even financial information can be at risk.

Employees should exercise extreme caution when downloading any file, whether they think they recognize it or not. In general, it is smarter to keep computers as clean as possible and storing only work-related materials.

Logging In

When employees are asked to log in to sites they are not familiar with using their company login information, plenty of information is automatically given up to the intruding site. From there it is possible that they will be asked to download files, give up more information, or the site will simply have the password and username on hand for whatever they wish to do.

Logging in to an untrustworthy site is an easy albeit foolish mistake to make. It is important to make employees aware of the risks at hand. Companies can still protect themselves with encryption software and training to help employees spot these scamming sites.

Sharing Information

Additionally, it is key that employees recognize the importance of keeping the company’s data safe and secure. This means that not only should they do what they can to keep it safe inside, they won’t let it be leaked outside as well.

Information can be leaked via blogs, emails, or anything else. Employees should keep passwords secret and frequently change them. Passwords should never be repeated on multiple sites.

Enforce Change

Keeping employees up on security procedures is a process. Employees won’t change their behavior overnight nor will they decide to care about the company’s security on a whim. It must be made a part of their everyday job expectations to work against cyber threats. Just like any other positive behavior in employees, it should be recognized and reinforced.

In the war against scammers, human error is the bigger problem. According to Comptia, 55% of breaches are due to mistakes made by employees. It can be difficult to spot potential problems because so often fake websites, emails, and links look real. However, the flaws are in the details.

Companies that store important data like electronic medical records, financial records, and other personal information are at a high risk of intrusion. Employees must be trained to diligently watch for signs of a breach in cyber security. So long as they know what to be aware of and what threat they themselves could pose, they can help the company by becoming part of the defense and less of a liability.

For more information on data protection, check out the Practice Studio website.

To learn about storing company information in a secure location, click here.

In-Car Internet: 25% of Cars Online by 2015

Guest Author: This week’s blog post was provided to us by Bradley Taylor, an independent writer. Taylor writes across a variety of subjects, but specialises in automotive and technology pieces. You can learn more about him on Google+ and follow his updates on Twitter.

All new cars could be connected to the Internet by 2015, as billions of dollars are being invested in the cars of the future. These futuristic cars will allow you to use the Internet via voice commands by using a technology similar to smart phones. Experts predict that Internet screens could even eventually be shown on dashboards; but wouldn’t that be a little distracting? Industry members say no; and it’s even been foretold that the online car will have a vast array of benefits that the driver will love. Picture this; finding free parking spaces with ease, having access to nearby restaurant reviews, and even get a countdown that let’s you know when the traffic lights will change without having to pick up your mobile device. Through the use of voice command – drivers can keep their eyes on the road and their hands on the wheel.

Image Credit: Flickr

Image Credit: Flickr

The app culture found that smartphones and tablets could soon become a big part of driving, which would totally change the way we use our cars. Major automotive brands are already spending around a third of their budget on in-car entertainment and Internet technology. Audi even recently announced that its self-driving technology would be just about everywhere within the decade. It’s thought that this technology will help to improve safety while driving. After all, it would be much safer to update your Facebook status via voice command rather than trying to do it illegally on your smartphone.

Understandably, many are concerned about encouraging the distraction of drivers, but these safety concerns are being addressed by automotive developers through the use a different technology – sensors. You may have even seen examples of these safety measures in place today, such as the vehicles that are able to administer the breaks automatically if your car gets too close to another object or vehicle.

Additionally, even though it’s illegal in most countries for drivers to use handheld devices while operating a vehicle, that hasn’t deterred drivers from using them. Integrating a voice operated Internet system into the vehicle would help eliminate the need, or want, for drivers to pick up their smartphones while driving.

This all sounds amazing, but the one other thing that’s concerning people is hackers being able to access the car. If there’s a data system in there, this means there’s the possibility of somebody hacking into it. Although this was demonstrated by security consultants who managed to break into the car without touching it, the risk is said to be very small due to the amount of time and effort put into security by the major companies. Ford even claims that their system is impossible to hack into, as the apps will be separated from the vehicle’s essential devices.

Although it might take a while before we’re travelling back in time in Deloreans, it won’t be long before we’re all enjoying an online, in-car experience!

To learn more about in-car Internet, click here. 

Having Trouble Securing Your Data? So is the Federal Government

Security breaches seem to be occurring on a regular basis lately, as more and more reports of lost data and hackers flood news headlines. Many businesses store their information in a virtual environment, but do little to protect it once it gets there. Complacency and a lack of understanding is  contributing the the number of attacks – and businesses aren’t the only ones being targeted by hackers.

IMG_0008

In an annual report to Parliament on Tuesday, commissioner Jennifer Stoddart reported that the number of data breaches reported by federal institutions between April 2012 and March 2013 rose from 80 to 109 during the same period the year before  (click here for report). Hackers are breaking into federal networks in record numbers, yet it seems as though this issue isn’t being taken seriously. Several of the reported incidents could have been prevented if the proper security measures were in place. Treating cyber crime as random and unpredictable is counter productive for government and business.

Employee negligence, or “human error”, was responsible for a majority of the federal government’s stolen data, with hacking and malware encompass the rest. Some of the stolen data included:

  • Human Resources Development Canada (now called Employment and Social Development Canada) reported that a staff member lost a portable hard drive that contained 585,000 personal records
  • A Justice Department employee lost a USB key that contained sensitive information on 5,000 people
  • A USB key, papers, and a laptop that contained information used by the Financial Transaction and Reports Analysis Centre (FINTRAC) was stolen in Calgary
  • A Security Intelligence Officer working for Corrections Canada had dropped a USB key containing personal information about 152 prisoners was lost while the Officer was dropping off a child at school
  • The personal tax information of 46 people was stolen along with an employee’s laptop

And the list goes on. It’s frightening to think that federal employees are so complacent with the personal information of others, but it happens every day. No one believes that it will happen to them, until it does. However, ignorance is not bliss, nor is it an effective method of data protection.

canada-facebook_

Employees need to be responsible for the protection of portable devices, especially the devices containing private information. Many business and government establishes take the time to install the best security measures, but the moment an employee transports data – the risk of a data breach increases drastically. This is becoming increasingly difficult to control as virtual environments continue to increase in use. Although it may be convenient, companies need to be aware of the risks associated with virtually accessible and transported data.

Some of the ways that companies can help decrease the amount of data lost to “human error” is through education, awareness, and guidelines. By educating and alerting your employees about the methods used by cyber criminals to gain access to private data, they’ll have a better understanding of how to keep the data secure. Additionally, creating awareness will show your employees that cyber crime is a reality that can happen to anyone, anytime. It’s not just something you hear about on the news, it’s something that hundreds of companies have experienced across North America.

Establishing some rules and guidelines around transporting sensitive data, either in a USB key, laptop, or external hard drive, can also help keep data safe. By attaching consequences to an employees actions, such as losing a USB key, it’s likely that they’ll remain vigilant. The other option would be to restrict the transportation of data all together by utilizing cloud technology. By moving all your data to a online environment, your employees can access the information from anywhere, anytime.

To learn more about storing your data in a safe location, click here.

Blog author: Vanessa Hartung

Deciding What to Put in the Cloud

Guest Author: This week’s blog post was provided to us by Tanya Williams, a freelance writer and blogger. She has been working with telecom companies for over 20 years, writing about new technologies and how businesses and business owners can take advantage of them. Her topics included IP based communications technologies, cloud computing, website developement, and many more.

Situation: “I have clients across North America, and some of my critical parts come from around the globe. I have a robust ERO system that helps me keep on top of production, deliveries, and collection. I have decided to move into Unified Communications to speed up everything. – Now, what part of my application should go to the cloud for my vendors and clients to see? What about safety and security?”

This situation may be specific, but is common among many business organizations. Clients and partners can come from different places all over the globe. However, the answer generally lies in the amount of information or applications that will be put in the cloud for general use across the organization, as well as issues relating to security and safety.

Here are some factors to consider when deciding what your company should put in the cloud.

  • Provider Responsibilities: As an organization, it is very important to be comfortable with giving up a certain level of control to cloud providers. Organizations who choose to take advantage of deploying on-premise platforms typically own the unified communications application. Upgrades, enhancements, extensions and other integrations are done as needed. Cloud providers do allow a certain level of management to the users, such as managing their servers, but organizations may not have full control.
  • Potential savings: When talking about savings which can be potentially achieved, it is vital to acknowledge that these savings are indeed, real. Research was conducted by Search Unified Communications in 2013 discussing the cost analysis of cloud technology vs. on-premises IP telephony. It concluded that a significant amount of savings is realized when incorporating this type of technology in businesses.
  • Availability: Cloud-based unified communication services are practically available all over the world. However, only a few companies have the capability of supporting and delivering a single global cloud service through diverse geographies. Therefore, if you have partners, clients and sites distributed throughout Europe, North America and Asia, it is possible to acquire such technology with the help of a limited number of possible partners who can provide support to all sites.
  • Services offered: For quite a while, cloud-based unified communications services lacked some features and applications needed to compare to on-premise solutions. Among such features are mobile extensibility, video and a wide range of end-points solutions. However, the evolution of the technology has increased the popularity of the cloud. Leading providers have developed various platforms that are derived from the original infrastructures, incorporating them to the existing platform.
  • Cloud management: It is a common belief that by using the services offered by cloud technology, a user organization offloads itself from responsibilities, casting the burden to the providers. However, such relationships require a good partnership between the cloud provider and the organization. The overall success of the delivery of services requires access to the company’s internal network coming from the operations center to the provider.

Therefore, the abovementioned tips will certainly assist an organization in evaluating the services offered by cloud technology. It is vital to keep in mind that these applications continue to evolve rapidly. Taking note of any possible future enhancements can also help in making decisions as to the amount of information, and the number of applications that should be put in the cloud. Bottom line is that taking advantage of the benefits now can make an organization well prepared for further enhancements in the future.

What’s Preventing your Company from Adopting the Cloud?

Without a doubt, the number of IT professionals utilizing cloud technology is steadily increasing. The cloud provides companies with a secure, convenient virtual location to store their data. Many companies are also using the cloud for disaster recovery and Platform as a Service (PaaS). However, a recent study has revealed some unanticipated hurdles that companies need to overcome in order to adopt cloud computing.

cloud-question

The study, conducted by TheInfoPro, found that people, process, policy, and organizational issues are the four biggest obstacles to overcome when adopting cloud technology. It’s undeniable that cloud computing is expected to grow exponentially over the next couple years, but the roadblocks mentioned above are impacting the completion of any cloud related projects.

83% of IT professionals reported that they are experiencing difficulty implementing their cloud computing initiatives, which is a 9% increase since the end of 2012. However, IT-related roadblocks have actually decreased by 15%. Of the 83% of respondents that cited difficulties, 68% reported non-IT related obstacles as the problem.

The study also revealed that cloud security was another significant pain point for IT professionals. However, there is a variety of software and hardware tools available to IT members looking for increased protection. Additionally, many cloud vendors are recognizing that security is a concern for IT employees and are taking steps to implement additional protection.

Installing firewalls and obtaining your Internet connection through a reputable provider is two simple ways IT members can help protect the company network. However, when it comes to obstacles that are outside the control of IT employees, the solution isn’t quite as simple. Prior to implementing cloud initiatives, department leaders must be aligned. If every department is doing their part to support the implementation of cloud technology, the transition will be much easier.

To read the study conducted by TheInfoPro, click here.

To learn more about obtaining a secure Internet connection, click here.

Blog author: Vanessa Hartung

TeraGo Networks Presents: Back to Basics – What is a Firewall?

Typically, a firewall is one of those items that you don’t necessarily think of until something goes wrong. It’s always there in background, protecting your computer from viruses and other outside threats. The term “firewall” is actually an general term used to describe a specialized defence system for a computer network.

The term actually originated in construction, where specialized fire-prevention systems involve fire-resistant walls being placed strategically in buildings or automobiles to slow the speed at which a fire spreads. When using the term firewall in reference to computers, it describes the hardware and software that slows down the invasion of a computer system by blocking viruses and hackers.

Firewall

A computer firewall can take hundreds of different shapes, from specialized software programs, to specialized physical hardware devices, to a combination of both. At the end of the day, it’s priority is to block unauthorized or unwanted traffic from getting into your computer system. The firewall is located at a network gateway, which is the point of access.

So how does it work? Basically, your firewall will examine each network packet to determine whether or not to forward it on to its destination. Some other screening methods used by firewalls include screening requests to make sure they come from an acceptable or previously identified domain name and IP address. Other features can include logging and reporting, automatic alarms, and a graphical user interface for controlling the firewall.

For business, having a reliable firewall in place can dramatically reduce the threats that can result in costly data loss, breaches, and down time. Many companies also have customer information on file, so it’s imperative to have the proper security measures in place. Losing private customer information is inexcusable, and would likely result in a domino effect of lost customers. Once they learn their information isn’t being properly protected, it’s unlikely your company will retain their business.

To learn more about why your company needs a firewall, click here.

Blog Author: Vanessa Hartung

 

%d bloggers like this: