Riverbank It management

Today's security scare is courtesy of the Yorkshire Building Society who lost a laptop that contained "a substantial part of the customer database". Here's what they did wrong:

• The laptop was not encrypted.
• The laptop was not kept in a secure location (it was under a manager's desk).
• Unbelievably the manager had written down the passwords and just to make things easy for themselves kept the password details in the bag with the laptop computer.

The building society has made formal undertaking to the Information Commissioner's Office that it will correct these failings. One illuminating paragraph includes the commitment that "All staff are made aware of the ... policies for the storage and use of personal data and are appropriately trained how to follow those policies".  Are all of your staff appropriately trained in the need for IT security?

The FSA has fined Zurich Insurance £2.275m for a data loss. Not only did they fail to protect their customer data properly, they did not even notice they had lost confidential details of 46,000 customers. The problem was not so much the loss of the data - it was the lack of adequate systems that cost Zurich so dearly.

As a small business you probably aren't running the risk of a £2m fine, but you are running the risk of losing your reputation and your customers. Sensible data protection steps you need to take include:

• Encryption of data and laptops that leave your central system
• Controls over the use of removable devices like USB data sticks
• Policies and staff training to build an awareness of the importance of data security

If you need any help or guidance on data security for your business just ask Riverbank.

Since April this year the Information  Commissioner's Office (ICO) has had real teeth. It now has the power to fine companies up to £500,000 for serious breaches of the Data Protection Act.

Common breaches of the Data Protection Act include:

• Loss of laptops, disks and data sticks containing client data.
• Insecure transmission of personal information.

Simple steps that you can take:

"I was sitting at home one evening working on the computer when they phone rang. It was Microsoft warning me that they had a report of a virus infection on my computer. They would like to run a free scan on the computer to check it." So began the lament of a friend who got caught by this scam.

With 20:20 hindsight it's obvious that the call wasn't genuine, but it's not so obvious if you are taken by surprise. This particular episode ended with demands for money to remove the alleged viruses. Refusal to pay led to threats and obscenities being written on the computer screen by the people who now had remote access to it - very disturbing when it's happening in your home.

Six months on this scam is still running and yesterday made an appearance in the national press. It seems that the frequency of calls is increasing.

Today's second security alert concerns fake Twitter e-mails. Several Riverbank clients have received them this week.

Be alert for messages like this:

"Hi, You have 2 unread message from Twitter. Please click on the link below:"

If you receive an e-mail that doesn't seem quite right, do not open it. Even if it's from someone you know.

Last weekend an employee at one Riverbank client had her Yahoo account hacked. The hacker sent out messages to everyone in her address list. The e-mail led to a fake anti-virus warning. For the unwary who clicked on the link it disabled the computer's anti-virus software and installed malicious software on the computer.

Have you got a private e-mail account? Is the password a word that could be found in a dictionary or is somebody's name? If so, it's time to change it. Make sure it contains a mixture of upper and lower case and that it contains numbers and/or non-alphabetic characters.

Watch out for good e-mails being filtered out by the Outlook junk mail filter. The Riverbank service desk has seen an increase in the incidence of false positives over the past few weeks. Our thoughts are that this could be due to changes in a recent Office update.

The Outlook junk mail filter is good but it's not the Riverbank recommended anti-spam solution. We firmly believe that you should keep at ams length the rubbish that now makes up 95% of global e-mail. You do this by directing your e-mail through a filtering process before it ever reaches your own computer system. It keeps you safer and it makes best use of that precious Internet bandwidth.

Sophos currently has some great special offers if you are due to renew your anti-virus software licence, or are thinking about upgrading from another product.

The following offers are available on a range of products until 31 March:

• Take a 2 year licence and pay for just 21 months (i.e. get 3 months free)
• Take a 3 year licence and pay for just 30 months (i.e. get 6 months free)
• Take a 5 year licence and pay for just 48 months (i.e. get 12 months free)  

If your renewal is due this year why not consider renewing early to take advantage of this special pricing?  Your new licence will not start until your current licence expires, so this is a great way of saving money.

I attended a PGP event this morning to hear the latest news around IT security and encryption (by the way 'PGP' stands for 'Pretty Good Privacy' and it's also a world leader in encryption technnology).

The news is that spending on IT security is increasing even during a recession, because companies recognise the importance of staying secure and the damage any security breach can cause (prison, for example).  Many firms have now got all their laptops encrypted and are now starting to take email encryption seriously. After all, what's the point in keeping everything nice and secure on your computer and then broadcasting confidential information on the digital equivalent of a postcard?

The PGP message is clear. You can implement a fully-automatic email encryption system quickly and easily. And with zero impact for computer users it won't get in your way. If you would like to find out more about it do call me on 01844 278036 or e-mail malcolm@riverbank.co.uk.

The Sophos Security Report for 2010 has some thought-provoking predictions for 2010. One is the impact of cloud computing. As more data is stored on the web so the security threats will migrate to those sites and the individual desktop computer will become less important. Before you commit your data to a web-based system you might want to know how good your supplier's security protection is. If a major data store did suffer a security breach the impact could be enormous.

More worrying on a global scale is the arrival what Sophos calls a third phase of security threats. The first phase was the hobby virus writer whose interest in writing such stuff usually ended when they found a girlfriend. The second phase was the arrival of organised criminality out to sell fake goods, get access to your bank account or steal your identity. A new third phase is happening at government level with attacks aimed at getting commercial, military or political gains.

As individuals and businesses all we can do is to make sure that we protect all aspects of our computer usage including personal computers, servers and mobile devices like iPhones, BlackBerrys and Windows Mobile phones.