Public Wi-Fi and Your Business

Public WI-FI and your Business.

Are you meeting your obligations about the WIFI you’re providing to your

customers?

With the demanding for wifi on the move there are requirements you

should be aware of to keep your business from being sued or you as a business

owner being arrest for breaking the law.

Depending on your setup for how you provide Free WI-FI to you customers will help prevent such issues. Free WI-FI is not just opening up your router to have no security settings on it and let anyone use it; this can lead to problems both for you and your customer.

To help minimize legal issues you should be aware of:   

A) DATA RETENTIONS (EC Directive) Regulations 2009.

These Regulations were enacted to implement an EU Directive into UK law, to assist with the prevention and detection of organised crime and terrorism by compelling communication service providers to retain certain communications information, including Internet USER Data.

The Regulation place an obligation on “public communications providers” to retain certain user data generated or process in the UK for 12 months from the data of the communication in question.  The definition of a”public communication provider” includes Public WIFI providers, however the Regulation only apply if they have been served a notice by the Secretary of State.

Note that the Secretary of State must serve the notice to all providers unless the data in question is already retained by another provider in the UK under these regulations.

B) Data Protection Obligation.

As with the Data Retention Regulations, Public WI-FI providers need to be aware of the Obligations under the Data Protections Act 1998 (DPA 1998). Because of user registration you will come under the DPA 1998, so storage and handling of this information much be secure and handled with care.

The DPA 1998 governs all use of personal data, including its storage and transmissions also you are required to register with the Information Commission.  If you fail to comply with the Data protection Act you can be liable to a fine up to £500,000.  

C) Digital Economy Act 2010 (DEA2010) Online copyright infringement.

This is designed to combat online copyright infringement as part of the Communication Act 2003 which makes “Internet Service Provider” (ISP’s) have the obligation to notify user of any infringement of copyright. Also ISP’s will apply other restrictions including reduction of speeds.

In 2012, OfCom revised the DEA 2012 which made WI-FI provider sit outside this due the cost to the provider as they would have less than 400,000 subscribers, so this would be one thing to look out for.

In conclusion it would be necessary for you as a business providing Free Public WI-FI to publish a Policy and Terms & Conditions for the end user to sign up to which will help minimize your liability and make the end user aware of their responsibilities when using Public WI-FI.

And another thing is consider using a WI-FI provider other than just opening up your wireless network to you customers. WI-FI hotspot finders can be found on Mobile Phone company sites and through Searches on the internet.

If you’re not sure about using public WI-FI why not switch it off on your mobile and just use your Data minutes, this is more secure and you will be avoid WI-FI tracking software also consider switch off your GPS to hide your location when posting to social media websites.

GOOGBYE WINDOWS XP

Goodbye to XP

With the end of Microsoft support for Windows XP, it is the time to move. There are lots of reasons to Upgrade and it would be best to move to windows 7 or 8, hardware permitting.

Here are just 3 reasons 

Pt. 1 Security.

With all the patches over the 12 years of windows Xp, Windows 7 /8 have those all in place now and also enhanced the security of its Operating systems. The threats today are very different to what Windows Xp had to contend with, and the present threats are very complex and the people are now very different (hackers/thieves/companies/governments) are more developed and well equipped to exploit WinXP.

Pt. 2. Hardware.

The time has passed and 12 years on the technology like Wi-Fi and Bluetooth, WI Max, mobile broadband. USB 2.0 and 3.0. Windows Xp does not have the features people today expect and used today. The user experience is important and windows 7 and 8 have help to improve it for the users including touch screen and faster processors and that is for laptops to servers.

Pt. 3. People and Places.

In the years since the introduction of windows XP people and places have progressed to using windows 7 or 8 as the main OS for the personal computers. So when going to work and finding their company Operating System is 12 yr. old and in some cases older than their kids and grandkids the morale of a work force is bound to be affected and reduce productivity and compatibility with more recent software issues.  Also the windows Xp will not have the same features to be able to work with more recent browsers like Internet Explorer 10 or Google chrome which are designed to help enhance the user experience.

Desktop

So long and thanks for the experience.

Windows Xp was in its time a very good and stable operating system, but like all of us we age and the experience and knowledge we pass down to our kids to in some places kids have never used Windows Xp so did not have the privilege and pleasure, including the odd nightmare of using windows Xp.

So let us say a fond farewell to an old friend. 

Goodbye Windows Xp

Telephone Scams

Would you be will to let anyone nosey around your computer and see all your files and change setting to your systems.

it is a common scam where you receive a call from someone claiming to be from Microsoft or a technical  support company. They say they have been notified by your Internet Service Provider stating you have a number of viruses or problems with you system, they ask you to log onto a page so you can let them take control of your PC or server. At this point you now have given over access to them to do what they want to your computer or network.

The main operating system they deal with is Microsoft windows and they are not too up to date as to start with Linux or Mac OS.

Once they have control they have you caught if u should it down your PC or network can be locked out to you or they can install a ransom ware program that will require you to make a payment  to release your PC.

Here are a few things to help you.

1.       Microsoft or Internet Service Provider will not call you with a problem to your PC. As they do not monitor PCs or networks. The only thing is they monitor your download limit if you have one.

2.       Ask who is you broadband supplier as it is not usual for broadband providers to call   about problems with PCs.

It will be OK to call your broadband provider about any calls you had received from them.

3.       DO NOT follow their instructions or let them access your systems.

4.       Always ask questions about what information they have on you.

5.       IF YOU CAN GET THEIR NUMBER AND ANY OTHER DETAILS.  PLEASE

       PASS IT TO THE POLICE FOR THEM TO FOLLOW UP.

They use remote access software, which a lot of legitimate technical support companies 

use everyday to repair and update networks and PCs.

  

This telephone scam is usually from the criminal scammer looking to extort money or information from the victim.

What I did to the scammers is to pretend to be so stupid and play along with them and as I progress through I ask more stupid questions and eventually have them so mad they normally hang up. 

Here is a clip which i found on the Youtube site of a savvy user messing with the scammers.     

This clips is courtesy of YouTube and thanks the Creator of the video. there are many more on the site.

So my final thoughts are if you receive a call claiming to be technical support from a computer company that you have not contacted it is probably a scammer call. so just HANG UP on them.

Threats for 2013

City of culture

With the year of 2013 being an important year to  this Legenderry city, it will be a year for businesses to be vigilant in their IT security and awareness of scammers and malicious attacks on companies IT systems and websites either to make money from scams and threats to companies.

Don’t let me scare you but it is like flying a fly to the world, that Legenderry is open to attacks from scammers and other forms of attacks, but if you are not prepared to be security aware you are FARE GAME to attack.

Targets

You and me and small businesses to multinationals, government departments and various organisations could be the targets for any Malware or other forms of attack on websites or systems. The criminal scammers will mainly target small and medium businesses due to being unaware of threats and have little education in information security and also naivety in anti virus will make it easier for them. 

Threats

Social engineering

Social engineering explained by Sophos 

Usually an email with link and attachment that could lure you into clicking on it and then the virus will be downloaded.

Malware which is software designed to corrupt or open systems to further attacked including stealing of data and vital information can be delivered by email and unwittingly staff could open them and release the malware on to company systems.

Dedicated Denial of Services

These are attacks on websites for large amounts of request for information ie, web page requests for millions of bot nets which overload the web page and causes it to crash. Possible target's could be Derry City Council site and the city of culture site and various others that could highlight the city.  

This type of attack is usually because of an issue with the company or government and carried out by crusaders hackers or military hackers.

Scams including Ransom ware

This can vary from fake sites looking to gather information for unethical mailing or business offer none existent services, or ransom ware is software downloaded to lock your device until you make a payment.   

Telephone Scammer

Contacting potential victims with a story about issues with their PC and getting them to log on and going to a site so that the scammer can access the victims PC to possibly getting their banking information.           

Keep up with the threats

Anti-virus is not the be all and end all of data security. 
The concept of Defence in Depth is securing your systems from the inside outwards to firewalls on the network and Internet facing end of you systems, also securing your desktops and Hard drives.

Updates of security software and other applications also patches for Operating Systems but if not required don’t up date.

Making the staff and management aware of threats and training in security awareness and policies is also an important factor too.

 

  

Once again I do hope all businesses in this Legenderry city prosper in the year of culture.

Email Security Your Business!

Email Security Your Business!

There various threats your business and one threat is to your emails, this doesn’t matter what ever system or device you are using at the time to check emails.

The threats are phishing , spam , email borne malware, discovery demand , acceptable use violations.

Phishing – emails sent to try and get you to give out your personal information like banking details    and password,  (Spear Phishing) emails personally directed to user and these may get through you filter and have a link to a bogus site.

Spam – clicking on spam can be costly as to links can be bogus and also cost you staff time in deleting spam mail all these can reduce productivity .

so as one says time is money .

Email Borne Malware – Emails attachment and links can be bearers of viruses and malware that can corrupt you operating system or network , this will need the user to become award of not clicking unsolicited email links.

Discovery Demand - Legislation request email a good example would be the emails of the Sun and news of the world group during the inquiry. This includes text messages too.

Civil and criminal investigations can bring penalties if u have not archived the email and data too.

Acceptable usage violations – staff using company emails for personal use and also using personal device to send company information, the latest example is the scandal within the CIA and the US Army Generals and mistresses love affairs. 

Gen Petraeus and Gen Allen both served in Tampa, Florida, home to US Central Command

Once you are aware of the threats you need to assess them to understand the risk the pose to the company.

How often have you stored your password for your office network  on your mobile and not used the mobile security to secure the phone also have u sent an email from your business account to with personal info in it, this will be archived by the company and may be used against you in disciplinary hearing .

BYOD is bring your own desktop/device, many people today are using their own devices to work on and these may not be up the security standard required by the company, causing a noncompliance issue.

Archiving – with selected software archiving can be done, and the storage of relevant emails can be important if any legal issues arise. Archive storage can be on-site or in the cloud for easy recovery, for disclosure if required.

Education

Staff and management must be aware of company policies and the law when using various devices within the company. Regular training and updates to staff will also aide compliance for certain legislation include DPA.

  

Social Media

The use of various social media sites to communicate with clients and piers should not be encouraged. It is best used for marketing and following trends, sending business messages to and from clients can end up in the public domain.

This can lead to loss of confidence in your ability to manage communication and understand privacy for clients.

Policies

Good questions to ask are.

Does the company have an email policy

Are staff aware of the acceptable use policy.

Do these policies cover staff and  BYOD devices ,Business Continuity plan.

Mobile Security

 Broadcasting your details

Even with all the court issues between Apple and Samsung, whatever device you use will still need some form of security. 

                                                                              

From Iphone to Ipad or Galaxy to Galaxy Note, your device will have a signature where ever you go as the device will try for a WIFI network thus leaving a list of IP addresses as you go.

During that time, anyone on the wifi network you are in can download malicious code to your device also have a valuable device will attract attention from unwanted admirers.

General tips to avoid losing it or having it 'jacked' as they say.

Lock you device- using a simple password may be sufficient and setting the lock to activate after a few minutes of inactivity will be a start.

Voice mail- With phones you should also set a password for your voice mail as the papers proved it can be accessed from almost anywhere using a simple technique. This was published in the press and shown on television, so to protect your business info left on voice mail, set a password. just to let you know it is a criminal offence as 'The Sun staff' know. 

Update- don’t forget to let your updates keep coming as they always help with little bits of code security.

Wifi – It is now available nearly everywhere so switch it off unless needed.  As your device will always try to connect to a network when on and you don’t now who is on any network until too late.

Anti-Virus – always have one installed on your device. Don’t forget to get your IT department to secure it if company phone/device.

Segregate your profile – if you use your own device for work it would be advised to have a work profile and personal profile to isolate the information on device.

GPS – when not required switch it off as it leave a trace of your locations, showing off like using Foursquare or Facebook locations this can be shown to set a pattern and affect personal security.

Apps – not in use switch apps off as a lot of apps use up power and access address book and other systems setting.  

Social media – if using a company device don’t be adding people unless for business needs. SMS message too can carry malicious software too so the random text message from you local Indian may not be from them as you may think.

There are tools that you can use when you travel and apps that can be downloaded that will lock your phone if you loose it, and other to secure files that need to be. Also be aware of personal secure as devices can and will be stolen give a chance.  

Wifi and Blue tooth can be easily picked up as I have noticed while I was walking my dog I was able to access several network on my phone, this is known as a drive by and was commonly used by government bodies when sniffing and eavesdrops on criminals etc.   

2012 Events Can your Business Cope.

Can Your Business Cope

2012 is an eventful year for the UK and Northern Ireland with the Queens jubilee and the Olympics, with these events there are opportunities for the scammers and hacker to make gains from unsuspecting people and businesses. Also the events can increase pressures for businesses in relation to staff and technical demands 

 

Scam and Malware,                                                   

Email scam looking to gather personal information and business information, Man in the Middle acts when staff are browsing site in relation to events as these can host malware when u click on the sites.

Fraud as in sites offering services and so called special deals.

Then use the motto “it’s too good to be true” and click away from it.

Technical Issues.

These can be anything from requiring a new part/ equipment sent from a supplier and can be delayed due to traffic and demands for equipment possibly.

Bandwidth for internet connections will be reduced because demand by media and public viewers online. This can cause delays on data transfer download speeds slowly up, wifi signals getting over run.

                                                                                     

Manning and Traffic.

With more traffic on the streets of London and the special Olympic lanes this can cause delays for staff coming to work. Train overcrowding with day trippers to see events.

So how will you cope when staff in larger numbers, do not turn up for shifts and days. The infamous sickie or duvet day to watch the sports they like.

When at work your staff could be using the internet to keep up with all that is happening and watching event live so reducing productivity over the Olympic period.

Global Terrorism and Activists.  

With such a larger public event the temptation to all sorts of terrorist groups make London and various other locations a nice target to attack for publicity.To minimise the risks, the government have over 13,500 troops and spending £553 to protect events.

Also we must not forget last summer the riots that hit London and Manchester and other places.

Planning.

So with all that could go wrong you may think what is the point of working during the Olympics, it’s the little customer who hates sports and wanted that service you’re offering or part you supply, and maybe those 500,000 toilets rolls ordered by the Olympic stadium that they need for the closing event.

Yes we need to keep work and planning is the key, planning your staff to be at work when they can possibly by a minor incentive for attendance during the period.

Making sure your backups are all working and have been checked and set for regular backups.

Planning any major tasks that may need to be completed outside normal hours.