Riverbank It management

Since April this year the Information  Commissioner's Office (ICO) has had real teeth. It now has the power to fine companies up to £500,000 for serious breaches of the Data Protection Act.

Common breaches of the Data Protection Act include:

• Loss of laptops, disks and data sticks containing client data.
• Insecure transmission of personal information.

Simple steps that you can take:

"I was sitting at home one evening working on the computer when they phone rang. It was Microsoft warning me that they had a report of a virus infection on my computer. They would like to run a free scan on the computer to check it." So began the lament of a friend who got caught by this scam.

With 20:20 hindsight it's obvious that the call wasn't genuine, but it's not so obvious if you are taken by surprise. This particular episode ended with demands for money to remove the alleged viruses. Refusal to pay led to threats and obscenities being written on the computer screen by the people who now had remote access to it - very disturbing when it's happening in your home.

Six months on this scam is still running and yesterday made an appearance in the national press. It seems that the frequency of calls is increasing.

Today's second security alert concerns fake Twitter e-mails. Several Riverbank clients have received them this week.

Be alert for messages like this:

"Hi, You have 2 unread message from Twitter. Please click on the link below:"

If you receive an e-mail that doesn't seem quite right, do not open it. Even if it's from someone you know.

Last weekend an employee at one Riverbank client had her Yahoo account hacked. The hacker sent out messages to everyone in her address list. The e-mail led to a fake anti-virus warning. For the unwary who clicked on the link it disabled the computer's anti-virus software and installed malicious software on the computer.

Have you got a private e-mail account? Is the password a word that could be found in a dictionary or is somebody's name? If so, it's time to change it. Make sure it contains a mixture of upper and lower case and that it contains numbers and/or non-alphabetic characters.

Watch out for good e-mails being filtered out by the Outlook junk mail filter. The Riverbank service desk has seen an increase in the incidence of false positives over the past few weeks. Our thoughts are that this could be due to changes in a recent Office update.

The Outlook junk mail filter is good but it's not the Riverbank recommended anti-spam solution. We firmly believe that you should keep at ams length the rubbish that now makes up 95% of global e-mail. You do this by directing your e-mail through a filtering process before it ever reaches your own computer system. It keeps you safer and it makes best use of that precious Internet bandwidth.

Sophos currently has some great special offers if you are due to renew your anti-virus software licence, or are thinking about upgrading from another product.

The following offers are available on a range of products until 31 March:

• Take a 2 year licence and pay for just 21 months (i.e. get 3 months free)
• Take a 3 year licence and pay for just 30 months (i.e. get 6 months free)
• Take a 5 year licence and pay for just 48 months (i.e. get 12 months free)  

If your renewal is due this year why not consider renewing early to take advantage of this special pricing?  Your new licence will not start until your current licence expires, so this is a great way of saving money.

I attended a PGP event this morning to hear the latest news around IT security and encryption (by the way 'PGP' stands for 'Pretty Good Privacy' and it's also a world leader in encryption technnology).

The news is that spending on IT security is increasing even during a recession, because companies recognise the importance of staying secure and the damage any security breach can cause (prison, for example).  Many firms have now got all their laptops encrypted and are now starting to take email encryption seriously. After all, what's the point in keeping everything nice and secure on your computer and then broadcasting confidential information on the digital equivalent of a postcard?

The PGP message is clear. You can implement a fully-automatic email encryption system quickly and easily. And with zero impact for computer users it won't get in your way. If you would like to find out more about it do call me on 01844 278036 or e-mail malcolm@riverbank.co.uk.

The Sophos Security Report for 2010 has some thought-provoking predictions for 2010. One is the impact of cloud computing. As more data is stored on the web so the security threats will migrate to those sites and the individual desktop computer will become less important. Before you commit your data to a web-based system you might want to know how good your supplier's security protection is. If a major data store did suffer a security breach the impact could be enormous.

More worrying on a global scale is the arrival what Sophos calls a third phase of security threats. The first phase was the hobby virus writer whose interest in writing such stuff usually ended when they found a girlfriend. The second phase was the arrival of organised criminality out to sell fake goods, get access to your bank account or steal your identity. A new third phase is happening at government level with attacks aimed at getting commercial, military or political gains.

As individuals and businesses all we can do is to make sure that we protect all aspects of our computer usage including personal computers, servers and mobile devices like iPhones, BlackBerrys and Windows Mobile phones.

Welcome to the slightly weird world of TV licensing.  It seems to be the case that if you let employees in your office view live TV via the web you need to have a TV licence. So far so good - your company is watching TV so you need a licence.

But why would your employees be watching live TV when they are at work? Arguably your PR people or marketing department might need to keep an eye on what's happening. But everyone else probably has no need to watch TV. So should you prevent them doing so?

 This is where web filtering comes in. Many Riverbank clients now use web filtering to prevent staff accessing unauthorised web sites (pornography, gambling etc), and that could include streaming live TV. By doing so you would protect yourself from the TV licensing authorities.

Bumbling idiots. That’s how one IT manager described his computer users. They are the threat within. They sit next to the sort of internal threat you might imagine – the disgruntled employee who knows enough about IT to try to inflict real damage. Together these two groups of people pose the greatest risk to your IT security.

So how do you reduce the risks from the people on the inside?