Latest News

Are we finally moving on from Windows XP?...

Date: 04.11.2014

On 31st October, Microsoft stopped selling some versions of Windows 7 and 8, which have been available since 2009 and 2012 respectively.

The earlier operating system of the two currently dominates with a market share of 53%, while Windows 8 has only managed 6%. Most will agree that the drastic changes implemented in Windows 8, which consumers have overwhelmingly rejected, will account for its failure. However, there is another statistic currently under scrutiny, concerning the now obsolete Windows XP.

October 2014 has seen the share of XP users drop from 24% to 17%. This is a positive step, particularly from a security perspective, as the XP operating system, which was released in 2001, is no longer supported by Microsoft, after a move that troubled many businesses early this year.

IT professionals have been warning those reluctant to move away from XP, that any security flaws arising in the 13-year-old operating system will no longer be fixed. It appears that, despite understandable reservations, the message is being received.

The case for safer online practices has stepped up the pace this year, both through industry and government efforts worldwide, and through a forced increase in awareness - according to Symantec there was a 493% increase in the number of identities exposed through data breaches in 2013 compared with 2012. When it’s so easy to fall victim, it makes sense to take every precaution within our control. Keeping operating systems up to date is one aspect of this we cannot afford to ignore.



Sources

Phone Hacking: Communicating the Threats...

Date: 10.10.2014

Last week, the European Commissioner for Digital Economy and Society was heavily criticised for comments relating to the celebrity photo hacking incidents that took place last month. According to the BBC, at a meeting in Brussels last Monday, he stated,

"If someone is dumb enough as a celebrity to take a nude photo of themselves and put it online, they surely can't expect us to protect them.
"I mean, stupidity is something you can not - or only partly - save people from."

While there are many who have expressed agreement with this point of view, it does not benefit cyber security professionals, part of whose job it is to make clients feel secure online, when the victims of these crimes are the ones taking the blame.

It is easy for anyone with a solid background in IT to reel off the reasons why the victims of cyber crime 'should know better', but in a field as vast and ever-changing as this, how much should we expect those outside to know?

At this year’s Black Hat conference in Las Vegas, keynote speaker Dan Greer explained that cyber security has grown so quickly in recent years, that no one person, even as a specialist, can follow every strand of it. The key is to communicate. Sharing knowledge and making it accessible to the end user is one of the most important aspects of cyber security.

This is exactly the issue Apple brought up, when they came under fire for the hacking incident, with concerns that iCloud security might not be up to scratch. However the Wall Street Journal quoted CEO Tim Cook as saying, "When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece[…] I think we have a responsibility to ratchet that up. That's not really an engineering thing."

Everyone knows when to lock the front door and why. We take precautions based on our physical security because we’re taught to from childhood. This needs to permeate though to our data as well, for everyone. Businesses and individuals. Whether the data at risk is in the form of personal photos, financial details, classified business information, every person needs to know how and why to protect themselves.

McAfee have recently adopted the slogan, "Safe is not a privilege. It is a right." This is the viewpoint we, the cyber security professionals, should be taking. We need to allow people to exercise this right, by sharing information, helping them to understand the information, and showing them how to adapt.

Cyber attacks will continue to grow and advance, but it might only take one user’s mistake to let them take control. Reaching out to the end user enables them to make the decisions that could make all the difference.

Sources:



Black Hat and Def Con...

Date: 20.08.2014

What are Black Hat and Def Con and why are they important?

Some articles we've mentioned on Twitter and published lately focus on findings brought to light during in Black Hat and Def Con events, but what does that mean?

Both are conferences held in Las Vegas, founded by the same man - cyber security expert Jeff Moss, and both have a focus on cyber security, but Black Hat is intended for security professionals, while Def Con is geared towards hackers.

It might seem strange to invite hackers to have a platform on which to showcase and discuss their work, which has the potential to cause devastation for billions of internet users, but in order to fight criminal hackers, equal understanding of their methods is vital.

As Gene Bransfield told The Guardian in their article on the Denial of Service Dog project unveiled at this year's Def Con, "You want to effectively communicate to them what the issues are." The purpose of these projects is to communicate the very present risks of security flaws to the wider public.

Hackers often use their skills to identify risks present in current infrastructure rather than to cause damage. When companies employ hackers to do this in order to show where extra security measures are required, they are sometimes referred to as "white hats".

These conferences are an vital for sharing recent developments in cyber security. As computer security analyst and risk management specialist, Dan Geer, explained in the keynote speech at Black Hat USA, this is a subject that has grown so rapidly that to keep track of all the latest insights is becoming impossible. Cooperation between specialists and sharing information is key to staying ahead of threats. This is the basis of the Black Hat and Def Con conferences, and how Harlequin ITS works, by communicating with our huge network of contacts to find the best solutions.

Contact us to find out how we can help you with any of your IT requirements.

Potential for Mass Malware Attacks on iOS Devices...

Date: 15.08.2014

Georgia Tech researchers have revealed a study showing that large-scale infections of Apple's iOS devices could be made possible by hacking iPads and iPhones associated with unprotected Windows computers. The findings were made public at this year's Black Hat conference in Las Vegas.

These unprotected PCs, coupled with vulnerabilities within iOS (some of these were fixed with the version 7.1 update), could enable hackers to gain complete control of any iPhone or iPad.

Deter these sorts of attacks, whatever devices you use, by keeping operating systems up-to-date and ensuring any computers you connect your devices to are properly protected by the appropriate anti-malware and anti-keylogging software.

For more information on our exclusive anti-keylogging and anti-malware package, at only £10 per year (inc. VAT), contact us.

Heartbleed - Password Changes...

Date: 10.04.2014

Following news of the Heartbleed bug, which left internet servers open to expliotation by cybercriminals, we suggest updating passwords for the following services:

• Facebook
• Tumblr
• Google (all logins)
• Gmail
• Yahoo (all logins)
• Yahoo Mail
• DropBox

Patches have now been applied to these servers, however, it might be beneficial to change other passwords as a precaution, especially if you are using the same password for multiple websites.

Heartbleed is not a virus, but a flaw in encryption used by internet servers. Cybercriminals might have exploited this, enabling them to extract information such as passwords.

Find out more about creating a secure password in our article: Passwords.
Cyber Security - Data Breaches...

Date: 11.03.2014

Loss or theft of data is something than can affect every organisation. It can be costly both financially and in a wider business sense. Understanding this threat is imperative to keep your home as well as your business secure. In this article we will briefly explain the nature of data breaches and touch upon how they can be prevented.

CAUSES:

Research conducted by security specialists at The Ponemon Institute shows that data breaches are caused by three main areas:

• Malicious or criminal attack
• System glitch
• Human factor

Human factor accounts for the majority of breaches, being the root cause of 37% of these incidents. For this reason, it is vital that employees are properly informed about the dangers of data breaches and take precautions as a matter of course.

The second most prominent cause, accounting for 34% of data breaches, is malicious or criminal attack. With online threats, attackers will find a target and exploit weaknesses in their security to gain access to their computer systems. Once inside, they can access data without detection.

Attackers may be able to penetrate security systems by deciphering a user's password or by installing malware on an unsuspecting user's computer or mobile device. Malware can take advantage of security problems in old or out of date software, or it can be spread through email attachments and links. Take a look at our articles below on malware and passwords for more information.

PREVENTION:

The Ponemon Institute's research shows that the financial costs of a data breach are reduced significantly by two main factors: beginning with a "strong security posture" and having an incident response plan in place.

In terms of addressing malicious attacks it is worth considering anti-keylogging software which works in association with anti-malware/virus solutions. These types of tools will mask key strokes and prevent cybercriminals from obtaining information such as passwords and sensitive client data that is entered by the user.

One of the most important steps in improving security is educating your employees about safe online practises and having a working data security policy. Make sure everyone is aware of the risks relating to online security. 74% of IT decision makers asked by BT, in a recent study, stated that they would like to train all of their employees in cyber security practises. Users that are able to make informed decisions about their online actions are extremely valuable in keeping your data secure.

It goes without saying that data that is not backed up is a risk to you organisation. Aside from outside threats to your data security, computers are not invulnerable to failure, so ensuring that you have a data backup procedure in place to recover important information in the event of such a failure is an essential consideration to make. Find out more about this in our article below on 'backing up your data'.

Realistically, it is not always possible for an organisation to take on these tasks by itself, which is why many choose to employ an outside vendor to monitor systems and act on any security threats. There are a number of ways an external company can help to bolster an organisation's cyber security as well as assisting should an attack occur.

Backing Up Your Data...

Date: 06.03.2014

Your data is valuable; whether sensitive client details, business plans, or documents that take a long time to create.

No matter how hard you work to prevent it, there is always a chance that your data might be lost, stolen destroyed. For this reason, it is imperative that you have a reliable form of backup.

The ideal scenario is to ensure that you have either an onsite hardware solution by which the data is backed up at the end of each day (please be aware of the laws regarding personal data leaving site being encrypted), or by partnering with an offsite/hosting partner to back up data automatically, as it changes. These types of solutions come with standard 128 bit encryption with a higher level of encryption available, normally for an additional charge.

These cloud based solutions should be chosen with care as you want to ensure your data is separate to others and also that it conforms to all the correct regulatory bodies.

If you would like to speak to us about any of these solutions or advice on creating policies, please feel free to get in touch.

Passwords...

Date: 04.03.2014

The first step to keeping safe online is to use good, strong passwords. Hackers sometimes use computer programs designed to 'crack' passwords, which work by trialling common combinations of characters until the correct combination is found. This can take time, and the more difficult a password is to decipher, the longer this process will take, buying you valuable time. Long strings of unrelated words are often more difficult for a computer to figure out than a short word with numbers. This might also be easier to remember.

If you are worried about your online security and would like to see how Harlequin ITS can help, please feel free to get in touch.

Focus on Cyber Security...

Date: 25.02.2014

Issues of Internet security are becoming ever more prevalent, with new instances of data breaches and cyber attacks appearing weekly in the news, but research suggests UK businesses may not be responding to the threats. According to recent findings by BT, "Just 17% of UK business leaders see cyber security as a priority."

In a series of short articles over the coming weeks, we will look at the subject of 'Cyber Security' from a business perspective, simplifying the risks and explaining how to protect yourself and your company from present and future threats.

'World's BIGGEST online fraud' : Suspects caught by having "location" on their mobile...

Date: 09.08.2013

Two Russians arrested over their suspected involvement in the largest online fraud in US history were tracked down by analysing photos they posted to social media sites and tracking the location of one suspect's mobile phone, Reuters reports.

Four Russians and a Ukrainian national were named as suspects in a credit card hacking scam investigation involving 160 million cards and victimising organisation including NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Euronet and Global Payment in an indictment unsealed on Thursday.

The gang allegedly acted as wholesale suppliers of stolen credit card data to carding forums resulting in losses of more than $300m to just three of the organisations they targeted.

Read the full story here.

Samsung overtakes Apple as most profitable global handset maker...

Date: 03.08.2013

Samsung has overtaken Apple in worldwide handset-sales profits, banking $5.2bn versus Cupertino's $4.6bn in the second quarter of 2013, according to the latest data from Strategy Analytics.

"With strong volumes, high wholesale prices and tight cost controls, Samsung has finally succeeded in becoming the handset industry's largest and most profitable vendor," writes Stategy Analytics' Neil Mawston in a blog post on Friday.

Read the full story here.