Paul Wallbank – Brilliant Communications

Author: Paul Wallbank

  • Protecting your data

    Protecting your data

    As we continue to be amazed at the scope of the News of the World hacking scandals, it’s worthwhile considering how valuable our personal and business information has become.

    This is no news to companies like Google and Facebook, who have built businesses worth hundreds of billions of dollars on our willingness to give away personal information.

    Even if it’s unlikely that we, or our customers, are going to be the target of the London tabloids or the paparazzi, our information is still worth protecting and here’s just a few ideas on making your business a bit more secure.

    Phone message banks

    At the core of the News Of The World out is the newspaper’s abuse of other peoples’ messagebank services where reporters, or private investigators hired by News International, have accessed messages left on mobile phone services.

    Calling this behaviour “hacking” is giving it more credit than it deserves, accessing mobile phone message banks is usually easy because the victim doesn’t change the default PIN code the mobile carrier uses for mobile accounts.

    So the first thing to do when setting up a mobile service is to ask your carrier how to change the PIN codes for your mobile account. While you’re talking to them ask if they offer an SMS service to notify you whenever your phone service is accessed remotely.

    With any electronic device you buy it’s sensible to change any default passwords or PIN codes or passwords when you set them up as a matter of habit.

    Passwords

    One of the biggest weak links in our online business and private lives is the use of passwords.

    We tend to be quite careless with how complex we make it and who we give it out to so it’s worthwhile being careful with the sites we use for our critical passwords.

    As well as making them complex, say a long phrase with a character acting the space like Mary&had&a&little&lamb, you should change them on a regular basis as we’ve seen many passwords been leaked by businesses this year.

    Secret questions

    Another thing to consider are the secret answers to questions many providers ask you to set up.

    Questions such as your mother’s maiden name could be easily figured out by a professional or determined investigator and social media sites like Facebook can make this even easier.

    US Vice Presidential candidate Sarah Palin was caught out by exactly this in 2008 where hackers figured out her secret passwords from public records.

    Using hotel and public networks

    We should also keep in mind that phone hacking is only one part of corporate security, earlier this year there were allegations Federal government emails had been compromised by Chinese organizations.

    This almost certainly happened through plain text passwords being sent through hotel or public networks. It’s wise to make sure that Secure Socket Layer (SSL) access is required on all your remote access.

    Tighten your own organisation’s practices

    We shouldn’t forget however much of the data in the News Of The World scandal has been accessed through paying off staff, allegedly including the royal palace bodyguards.

    It’s difficult to see how you can protect yourself against corrupt workers however you can reduce the risk of your organisation  giving out details by restricting confidential data to a “need to know” basis with access logging enabled.

    “Blagging” – or to use the horrible American term “pretexting” – is pretending to be someone else to get important data. Again, slack procedures by various government agencies and private organizations have been responsible for much of the data being given away.

    There’s no doubt too many organizations are cavalier with their customers’ information and hopefully the recent hacking events along with the News Of The World scandal will force businesses to start taking user privacy seriously.

    For smaller businesses, we have to show respect to our customers and have the procedures and trained staff in place to make it difficult for the blaggers to compromise our systems.

    Measures can include refusing to give out passwords and identifying data which the customer should know as well as insisting on sending details to a known SMS number or email address.

    As reprehensible as the behaviour of the journalists, their editors and the News International management is, we should have no doubt that the tactics employed by their private investigators are widespread in everything ranging from domestic disputes to industrial espionage cases.

    Given the value of our, and our customer’s, private and commercial data we need to take security seriously.

    For years we’ve been warned that cyber warfare would break out one day, the various corporate data breaches and The News Of The World scandal show the battles have been closer than we thought.

    Similar posts:

    • No Related Posts
  • eBusiness Introduction

    eBusiness Introduction

    Introduction

    At the time of writing the e-Business book in early 2011 social media use has exploded, Facebook has raced past 600 million users, Google has offered six billion dollars to buy daily offer site Groupon; and smart phones are outselling personal computers. The way we do business is rapidly evolving as these technologies change our world.

    Many businesses feel challenged by these changes. At the end of 2010 some of the Australian retailing industry tried to turn back the tide with a campaign for tax changes to stop people buying online. These shop owners didn’t understand the Internet’s real effects on their businesses are a lot more subtle and powerful than saving a few GST dollars.

    Driving most of the change is how our customers, suppliers and employees are becoming more informed by using the web to discover who we are and talking to each other about their experiences in dealing with us. In this environment, having an online presence becomes a business essential.

    There are many reasons why businesses haven’t gone online: the cost; the jargon; and the time it takes to set up a website or social media presence. This book will show you how to set up a full web presence in just seven easy steps — it won’t take you more than a weekend to implement a basic but functional and professional look.

    eBusiness will help anyone who wants to get their ideas, project or business onto the internet cheaply and effectively. Much of the advice here is for small or start-up organisations that want to get their message out to the world.

    You can also visit the book’s website to find bonus resources such as links, frequently asked questions and advice on web consultants.

    Towards the end of writing e-Business Google and MYOB launched their Getting Australian Businesses Online project, which also helps local merchants set up a website. The appendix includes an overview as well as the instructions to help you maximise your results through this terrific service.

    I mentioned three reasons for why businesses are not online, but there’s also a fourth reason and that is that many businesses think they don’t need a website. Those days are over. In a world where our customers, staff and suppliers are online, we have to be online as well. This book will show you how to create an internet presence quickly and effectively so you can grab the opportunities on offer.

    Like to learn more? eBu$iness is available at all good book sellers and online through the John Wiley website.

    Similar posts:

    • No Related Posts
  • Picks and Shovels

    Picks and Shovels

    It’s often said the real money in a gold rush is made by those who sell the picks and shovels. A great example of this is yesterday’s announcement that Dealised, who provide software for group buying services, has raised $5 million in investor funding.

    Undoubtedly we’re in a gold rush for group buying sites with new services being launched weekly. One thing that many observers don’t understand about group buying sites is they aren’t really technology businesses, but sales driven directory services which have more in common with the Yellow Pages or the a giveaway local newspaper than Google, Facebook or Microsoft.

    Technology though is important to these businesses as they need to track and publicise their deals which is what Dealised does. By offering this as an off-the-shelf service, it frees up capital and makes life easier for the dozens, if not hundreds, of group buying services being launched around the world each week.

    Reducing barriers to entry is one of the things the tech industries are extremely good at ­– as the early group buying sites like Groupon and their local counterparts have found – and it’s something that all businesses need to keep in mind.

    The wave of group buying start ups is part of a broader wave of disruptive businesses that are entering all parts of our economy. As we see cloud services remove the cost of buying equipment and software, it becomes easier for new, hungry entrepreneurs to find opportunities.

    Another interesting aspect of Dealise’s business model is that the business itself is a spin off from the Spreets group buying service which was sold to Yahoo!7 at the beginning of the year.

    Overlooked in most of the coverage at the time was that the sale only covered the group buying operations and not the Dealise technology. This freed up the founders and their investors to focus on developing the Dealise software without the distractions of running a daily deals site with its troublesome sales staff and pesky customers.

    Most importantly, it kept the software platform which is the most scalable part of the business in the hands of the founders. This has given them the opportunity to build something that can be resold to thousands of other businesses.

    In the tech industry we’ve seen examples of this in the past, the best example is when Bill Gates and Paul Allen licensed their MS-DOS software to IBM rather than selling it outright which allowed a massive new industry around IBM compatible computers to develop with Microsoft getting a payment for every computer sold.

    While we may not see Dealise become the next Microsoft, it’s worthwhile considering some of these lessons, certainly both the gold rush and the licensing aspects show how we shouldn’t jump for what appears to be the easiest money.

    Our industries may not appear to be in a gold rush, but those reduced barriers to entry are affecting everyone from booksellers to manufacturers and café owners. Have a look at some of the software your competitors are using, it’s no longer business as usual.

    Similar posts:

    • No Related Posts
  • Building Innovative Cities

    Building Innovative Cities

    The New Lunatick’s Newcastle as a Smart and Innovative City forum raised an interesting question; “how do you build an innovative city?”

    In putting together the Digital Sydney project, this was something we closely looked at – how does a city become a global hub of innovation in the creative, digital, financial industries?

    What leaps out when studying successful industry hubs is that all have developed without government intervention; most have been an accident of history where resources have come together and have driven by a small group of like minded entrepreneurs.

    Those entrepreneurs have been attracted to various regions by the area’s proximity to the natural resources, transport links and available land suited to their industry. While those requirements vary between industries, access to a skilled workforce is the common factor between all of them.

    In many respects this is how the current mining boom has worked for Newcastle. Unlike the rest of Australia’s mineral fields, the Hunter Valley has a major city with a skilled workforce that understands mining and engineering.

    The challenge for Newcastle – and indeed for Australia as a nation – is diversifying the economy from depending upon resource exports and domestic consumption into creating wealth from the newer, knowledge based industries.

    For hubs to develop in these industries, regions need the factors identified by Richard Florida in his Rise of the Creative Classes where he found these cities offered the “three T’s” – Talent, tolerance and technology.

    Australian cities like Newcastle score well on these measures but to create hubs you need a motivated group of entrepreneurs and while these exist there may not be the numbers to create a critical mass.

    The main reason for this is the domestic investment structure; most Australians invest in housing and aren’t particularly inclined to invest in comparatively risky businesses, particularly those in industries they don’t understand.

    Governments can help by opening their data and making procurement friendly to new and smaller businesses – on both scores Australian governments at both levels do poorly with data often being unnecessarily guarded and tendering processes tend to be skewed towards large, usually multinational, corporations.

    Assistance programs can also help on the fringes however it’s important not to repeat the mistakes of the film industry where several decades of government grants and funding has resulted in a generation of film makers more skilled at navigating bureaucracies and filling in application forms than telling stories.

    Where government assistance can do a good job is in bringing together the various industry groups which was the intention of Digital Sydney. Well targeted, low paperwork schemes like the Australian Technology Showcase and various trade programs can also help growing businesses.

    Overall though, the development of innovative cities lies in the hands of the residents, it’s up to the inhabitants of the city, town or region to bring build the hub.

    This is exactly what happened with the original Lunaticks society in 18th Century England that created the region that became known as Birmingham which was the heartland of the English economic powerhouse for over a hundred years.

    While we can wait for governments or investors, building industries is about innovators, entrepreneurs and workers. It’s time to get to work.

    Similar posts:

    • No Related Posts
  • The Lulz are on us

    The Lulz are on us

    Last weekend’s announcement that the LulzSec group of jolly hackers was breaking up was met with bemusement at what has been one of the most mysterious, albeit entertaining, chapters in the information wars of 2011.

    It’s quite clear that 2011 is the Year of the Hack with organisations ranging from electronics company Sony who now appear to be the joke of the online security world through to major banks, the FBI and even Google’s Gmail service being the subject of serious online attacks.

    That many of these attacks were successful is a reminder to all of us how important online security is and it is our responsibility to protect our customers’ and staff details by taking basic precautions.

    Take security seriously

    Many of the business hacks appear to have been because of slack security practices including out of date software and default passwords being used.

    Even if you don’t have a server yourself, make sure your computers have all current updates installed and that strong passwords are in place.

    Password Security

    A basic precaution is to have robust passwords. A combination of letters and numbers is the best.

    One nice little tactic is to use a phrase as a password and separate the letters with a character, for instance using “mary$has$a$little$lamb”, although you might want to choose a more intimate phrase.

    Keep in mind too that strong passwords aren’t much help if an incompetent corporation leaks them onto the web, along with your banking details. So use a layered approach where critical passwords for bank accounts are different to those that you might use for an online game or social media site.

    Restrict access

    The real risk to our security lies with our own staff, many “hacks” are actually employees erasing or give away data, which could be deliberate or accidental.

    Don’t give passwords or access to people who don’t need them, keep the business accounts away from your sales staff and lock employment records away from the IT folk. Private client information shouldn’t be shared around the office and particularly not with outside parties.

    Backup, backup, backup

    The DistributeIT debacle, which one is hesitant to describe as a “hack” as their complete loss of hardware, client data and backups sounds more like an internal problem than an outside attack, shows how important it is to keep your own backups.

    As we move our businesses to online and cloud based services, we have to put a lot of trust into those who provide those products. It’s good insurance to have easily available copies of mission critical data in case a problem.

    Invest in technology

    We’ve all heard CEOs and ministers claim they will save millions in outsourcing their IT departments. Those savings come from somewhere and information security is one of those corners that’s cut when reducing operating costs.

    Experienced tech workers have plenty of examples where management cries of “we’ve been hacked” have actually been hardware failures or staff mistakes bought on by poorly trained staff working with inadequate equipment.

    Sony appear to have fallen for this, having reportedly sacked many of their security specialists before the hacks began.

    Make sure you are making sensible investments in your technology and not going for the cheapest, or free, option simply to save a few pennies.

    Obey standards

    Nothing is more embarrassing than losing clients’ confidential data, particularly banking details.

    If you are taking customer payments, make sure you are complying with the DSS-PCI standards for card payments by giving the work to a reputable payment gateway.

    Have a contingency plan

    “There but for the grace of God….” is a good phrase to keep in mind when you see another business affected by a hacker, hardware failure or any of the millions of other unfortunate things that could stop your business.

    Even with the best planning in the world sometimes dumb luck just doesn’t go your way. You need to have a fall back plan to keep your business running if the unexpected happens.

    Be honest

    One thing that jumps out in a number of the stories is how some organisations are simply not honest with their customers.

    The process starts with misrepresenting how they secure and protect customer data. When an outage hits, they hide behind a call centre and often lie, or at least understate, the effects of the problem.

    In an age of social media, blogs and user forums trying to spin your way out of trouble is not the answer. If customers are going to trust you, they need to have confidence you won’t mislead them.

    As consumers, the various data breaches we’ve seen so far this year should make us pause before we give valuable personal data to businesses. It’s quite clear that some don’t deserve our trust.

    For businesses we need to show that we are worthy of our customers’ trust. The first step of that process is taking their privacy seriously.

    LulzSec, anonymous and all the other various hackers, anarchists and general troublemakers on the web are reminding us that we need to take our online responsibilities as seriously as any other others.

    Make sure you’re protecting your own business and your customers’ data.

    Similar posts:

    • No Related Posts