Cyber Warfare

Cyber Security: A Fresh Approach

June 25th, 2013 by ProcessFlows

The topic of cyber security is growing exponentially each year as we commit more of our lives to the interconnected world of cyber space. As a result the threats and exploits pitched against us have grown to match. Our initial response to these threats was to “lock” the user down by limiting their ability to carry out many very basic operations whilst using their PC or workstation on the network. We are now beginning to understand that to make our responses effective to the threats posed we have to deploy systems and approaches that do not force the user to change the way they work or to impose steps too onerous in steering the user from insecure to secure.

The User Factor

Humans by nature are reluctant to change and they don’t necessarily respond well to being asked to perform additional tasks to aid security. Especially if they are seen to impede the speed with which they can complete what they see as a mundane and security irrelevant task. In fact if confronted by such systems they become “poacher not gamekeeper”, subverting the very systems put in place to protect them and their employers. User non-compliance with security systems already in place have become a common denominator in security breaches.

To counter the threats posed in today’s cyber space, it has become the accepted wisdom that both software engineers and cyber security proponents need to factor in the human response to the systems deployed. The psychology of the user is as an important a consideration as for instance which encryption algorithm is to be used.

Identifying the Threats

The threats posed to our networks are various:

  • Threats are both inbound and outbound.
  • Inbound threats encompass those that wish to disrupt the service, steal the data and corrupt or delete files.
  • Whilst outbound threats are those which seek to steal our information and or subvert our communications.

Outbound threats are arguably the hardest to defend against, since these will be perpetrated by insiders, people we trust to have access to our systems. Either deliberately or by accident. The most secure of networks is rendered insecure if the users write their passwords on “Post-it Notes” and stick them on their monitors. The user is the weakest link! Grant Morrison when writing “The Invisibles” put it this way;

“Chaos sneaks in every time. They can cover the world with surveillance cameras, but they can’t stop the guys in the monitor rooms from jerking off or playing the fifteenth sequel to “Doom” for the hundredth time.”

Countering the Threat

Often what it all boils down to is deploying some sound common sense along with your security products and procedures. There are some basics to consider and take action on:

  • Only allow access to data and resources that are required by the individual to carryout their legitimate daily tasks.
  • Identify if the user is required to be able to copy data off the network.
  • Should the user have access to plug ‘n play devices, such as thumb drives?
  • If the user has access to plug ‘n play devices should the flow of files be one way, either in or out?
  • Once data is stored on a removable device control where that device can be used within or outside of the network.
  • Establish an audit trail for data leaving the network.

Technologies are emerging that provide this level of security but nothing will stop the legitimate user sitting next to the unauthorised user and allowing them to read or photograph the on screen output. Or am I becoming paranoid at this stage?

Conclusion

We have a duty of care to protect the data we store, in some cases this need to protect that data is prescribed by law. The informed response in 2013 is not to look at cyber security or for that matter any security in isolation, a holistic approach is what is required. A good marriage between systems and common sense is essential. There are many third party companies operating in the information security consultancy business, be sure you select one with independently trained and certified consultants.

This is a guest article, submitted by Paul Simms at Reflect Digital

We can source any software for you! Please email us for more information or call us at +44 (0)1962 659168. Quotations submitted within an hour!

Data loss prevention: NHS, can you afford not to comply?

May 31st, 2013 by ProcessFlows

Data loss prevention NHSThe NHS lost track of nearly 1.8 million patient records in a single year, as a result of several data breaches, a Daily Mail investigation reveals. The Information Commissioner’s Office, which has levied fines totalling over £1million on NHS bodies, is asking for powers to conduct compulsory audits on hospitals and NHS trusts.

Data loss prevention: NHS, are you able to prove compliance?

All medical institutions in the UK must conform to the Caldicott principles, a set of guidelines established in England and Wales in 1997, to ensure that patient information is secure and confidentiality is not undermined. All hospitals, care homes and home care agencies within the NHS must also safeguard Intellectual Property Rights and the Data Protection Act.

Is your organisation able to prove compliance? Are you protected against data leaks and data theft? When traditional data loss prevention and data software and Acceptable Use Policy fail, Spector360 can help. Only Spector360 monitors, captures and analyses all user and user group activity including email sent and received, chat/IM/BBM, websites visited, applications accessed, web searches,  file transfers and data printed or saved to removable devices.

Spector360 allows Information Security Officers, IT managers and senior management to be able to see and track actions taken on a specific document, to track company owned laptops and mobile devices even when not connected to the network.

Data breach? Act now!

With Spector360’s, comprehensive search functionality, you can quickly find exactly what you are looking for, for example who was copying confidential files, who was printing out patients’ files or who was copying data on external devices.

Spector360 has over 75 predefined reports available and allows you to customise your own. With keyword and event alerts, you will also be automatically informed when an alert has been triggered, allowing you to act rapidly, appropriately, decisively and with confidence. Not six months later, when the auditors are already in the house, but on the spot, so you could immediately prevent wrongdoing and ensure that you will be never caught in a legal bind.

See Spector360 in action

Spector360’s vast functionality and deep-drill reports can only be fully comprehended after a hands-on demonstration. As a GOLD certified SpectorSoft partner, Software Paradise is able to perform evaluation installations, demonstrations and presentations of Spector360. Schedule your demo at spectorsoft@softwareparadise.co.uk now.

SpectorSoft has kindly provided an online based test drive of Spector360 that let’s you take a look at all the great features direct in your browser.

We can source any software for you! Please email us for more information or call us at +44 (0)1962 659168. Quotations submitted within an hour!

SmartPhone Recovery Pro: Safe Communication for Your Children

April 18th, 2013 by ProcessFlows

SmartPhone Recovery Pro for Child's SafetyBeing a parent in the digital era can be a challenge. The growth of digital media and technology has revolutionised our children’s lives, providing them with new entertainment, networking and social opportunities. More and more children and teenagers are using smartphones, which allows them unlimited access to the Internet.

While the computers that children use at home are more likely to be secured by anti-viral and parental control software, their mobile devices allow them to view digital content with no restrictions. Kids are using various devices to access the Internet – laptops, tablets, smartphones, and outside home they have countless access points such as internet cafes, friends houses, public hotspots. The Internet brings a whole world of concerns, including online abuse, exposure to inappropriate content and cyber bulling.

Smartphone security tips for parents

With growing numbers of children having uncontrolled access to the Internet, it is becoming increasingly important to ensure that children have safe and positive online experiences. SmartPhone Recovery Pro for iPhone and Android can help parents view a range of data on their child’s phone. The software retrieves a staggering amount of information including browsing history, text messages, call logs, photos, videos, contacts and map history. With SmartPhone Recovery Pro, parents can monitor these types of data even if the information has already been deleted.

SmartPhone Recovery Pro supports any type of iOS and Android device. The software retrieves and recovers deleted data direct on the child’s smartphone or tablet. Thanks to SmartPhone Recovery Pro, parents can check the Internet history and bookmarked pages on their child’s phone and ensure that the youngster is not accessing any inappropriate content. By controlling their children’s smartphone activity, parents can also to make sure that the child is not exposed to threats like predators, bullies and scams.

Software Paradise is an official SmartPhone Recovery Pro reseller, distributing this powerful tool at the best UK price – £43.50.

 

We can source any software for you! Please email us for more information or call us at +44 (0)1962 659168. Quotations submitted within an hour!

UK Reseller Software Paradise Appointed as a Distributor of SmartPhone Recovery Pro

April 10th, 2013 by ProcessFlows

SmartPhone Recovery ProUK’s biggest IT reseller Software Paradise has been appointed by Enigma Recovery to distribute SmartPhone Recovery Pro – a powerful data recovery tool for iOS and Android smartphones and tablets.

Enigma Recovery uses state-of-the-art technologies to develop simple to use, yet powerful solutions to recover data from most of today’s handheld digital gadgets. In the 21st century digital era data loss can cause extreme stress both at home and at the workplace. SmartPhone Recovery Pro is very similar to the leading forensic software solutions on the market and is developed according to the same technology, algorithms and coding. Furthermore, SmartPhone Recovery Pro provides the same functionality but at a fraction of the cost.

Software Paradise has recently been appointed as a SmartRecovery Pro distributor, providing pre-sales support, trial versions of the software and licenses at the best UK price – £43.50. For more information, please see the SmartRecovery Pro product page.

We can source any software for you! Please email us for more information or call us at +44 (0)1962 659168. Quotations submitted within an hour!

What happens in Vegas stays on the Internet even if you’re not Prince Harry

February 27th, 2013 by ProcessFlows

With facial recognition long out of the lab, coupled with unauthorised mobile phone tracking that pinpoints your exact location and cookies capturing your every move on the Web, you are exposed like Prince Harry on a vacation in Las Vegas.

There are no secrets online. That emotional e-mail you sent to your ex, the snowboard gear that you are pondering buying for your winter vacation, those hours spent watching cat videos – can all be gathered to create a profile of you. Your details can be stored, evaluated, indexed and traded as a commodity to data brokers who, in turn might sell it to advertisers, employers, insurers or credit rating agencies.

Video Location Estimation System

And if users today are competing to become Mayors of places in Foursquare, in the near future they might as well be able to track other users only by watching a video. The Researchers at the University of California are building a location-centric database by analysing videos downloaded from the Internet.

The technology compares geotags, visual cues such as textures and colours, time stamps and sounds such as birdsong. According to the researchers the nascent system is already capable to “listen” to a train whistle and know it came from a train passing through Tokyo for example.

Google

Google’s search and advertising processes have been under investigation in the EU since 2010, over concerns that Google links differently to its own vertical services – thereby disadvantaging its competitors. Google’s latest privacy policy means that users get a simpler experience when signing up for a new Google-owned service. But it also means that Google can build up a more comprehensive picture of the user for advertising – for example, monitoring a person’s use of YouTube to help better target adverts within Gmail.

If you don’t like that Google does this, the best way you can still retain some anonymity is by not logging into Google services. You can also erase your browsing history and block Google from collecting keyword research data about your search queries.

Facebook

Facebook insists that it’s up to the user to decide how much they want to share with the community and this is true to an extent. Facebook lets you fine-tune the visibility of your “likes” and pictures among your friends, but you can’t entirely opt out of Facebook searches and control how much of yourself to expose to marketers. Facebook has eyes across the Internet. According to a study, the Facebook social button is integrated into 20 percent of the top 10,000 most popular Web sites. However, there are tools and browser extensions like Abine, DisconnectMe and Ghostery that can help you block trackers.

 

google facebook privacy security

Infographic by Veracode Application Security

 

We can source any software for you! Please email us for more information or call us at +44 (0)1962 659168. Quotations submitted within an hour!