OMiT Computing

Tomorrow is World Backup Day 2017, as the campaign states, "Don't be an April Fool". 

People now create and generate over 1.8 zettabytes of data per year but, unfortunately nearly 30% of people have never backed up their data.

Backing up your data will protect your life's work when that hard drive fails. If you are a small business, a data backup can be what saves your company. World Backup Day is here to make sure that people actually start backing up.

Share World Backup Day with all your friends and family. The virtues of both local and offsite data backup sites should be emphasised.

To all the IT professionals saying "Hoho! I'm good. I already got backups."  Then March 31st is a great day to tell your bosses and colleagues about the importance of data backups and is a good day to TEST THOSE RESTORES and make sure that they actually work.

If you are a small or medium sized business, then a data disaster can be the end your company. Ever heard of the bookmark sharing site called Mag.nolia? Of course you didn’t, they suffered a catastrophic data disaster and had to shut down when they lost both their primary and backup data stores.

Spread the word, the campaign is here http://www.worldbackupday.com/

Yesterday, 16th March 2017, the Information Commissioner's Office published a penalty notice detailing a data breach by a person described as a senior barrister. This case is of interest because it highlights the risks of using home based IT equipment when processing data of a sensitive nature. 

The full decision notice is here: ICO Fines Barrister for Data Breach.

The main points of the decision are as follows: 

• On the 5th January 2016 a local authority solicitor informed relevant people that sensitive documents were available online and that the author could be identified.
• The barrister, who specialises in Family law, had created documents on a home computer for work purposes.
• The home computer was password protected but the documents were not encrypted.
• Other family members had access to the home computer.
• On the 19th September 2015 the barrister's spouse uploaded the documents in question (725 of them) to an online directory to keep them safe while a software upgrade was performed on the home computer. An assumption was made that the documents were safe.
• The documents were visible to an internet search engine which indexed and cached 15 of them, 6 of which contained confidential and highly sensitive information relating to lay clients who were involved in proceedings in the Court of Protection and the Family Court.
• In total, between 200 and 250 individuals were affected by the breach including vulnerable adults and children.
• Upon notification that the documents were visible, they were removed immediately but had been available for some 3 months.
• Taking into account the co-operation and swiftness of action of the subject of this decision, the fine was reasonably small at £1000, this could have been much worse.

This case brings into focus the risks that are taken with sensitive data every day. There was no intention in the above case to contravene the Data Protection Act, there was no intention to be careless with sensitive information, however, the apparent lack of a robust governance system and appropriate training will have been significant contributory factors. 

Questions to be asked by anyone who stores and processes personal information, considering the impact of this case are:

• How do we govern the storage of personal information?
• What guidance do we publish for our staff?
• What processes are in place to control access to stored information?
• Do we allow the use or personal equipment? If so how do we govern it and what is our risk?

The Thales Data Threat report, now in it's third year of publication has been published in conjunction with 451 Research. You can download the report from here, some personal details are required. The report is compiled form a survey of 1100 IT security Executives from around the world.

The key findings in this years report are:

• 67.8% of respondents stated that their organisation had suffered a data breach at some point, an increase of 7%. 26% reported a breach in the previous year, up from 21.6% in the last report.
• 88% of respondents feel some degree of vulnerability to data threats. 
• Compliance is the primary reason (44%) for spending on information security. 
• Data sovereignty has become a hot topic in light of new regulations, with encryption being identified as the clear favourite choice to satisfy local data privacy laws. 
• Complexity remains the top barrier to adoption of security solutions.
• Spending and forecast spending is up, which is great news, however, old habits die hard and once again network and endpoint security top the spending list, despite being ranked the least effective (in endpoints case anyway)

It would be marvelous to see training appear somewhere in the top spending list one year, no amount of security systems and technologies can secure your information without training, not just the IT staff but the whole organisation. The best way to defend your organisation or your business is to inform your staff, empower them  to be effective participants in your security policies.

Sophos, the leading security software vendor, has made the Home Edition of their popular antivirus software free. This applies only to home users, businesses will still have to pay for Sophos protection. Sophos Home will protect up to 10 Windows PCs or Macs and can be managed centrally in a web portal. This means that you can protect  your PCs and ensure they stay protected. 

Sophos have also added in web filtering, which means that you can easily decide which content you want to allow, warn about or block for each of your family's computers. Sophos home will also automatically block websites carrying malware, using bad certificates or pretending to be legitimate.

Sophos have clearly gone head to head with other free antivirus providers, the main two being AVG and Avast, but they promise no adverts or popups prompting to buy their products. 

You can try it out here, sign up for a free account required, no payment information will be requested.

Oracle have urged their customers to apply their latest released security update without delay. The first Oracle critical patch update for 2017 sees 270 security flaws fixed. Of these 100 are remotely executable without needing credentials, which means that systems can be compromised without the need for a username and password! Most of the 100 remotely executable flaws can be exploited over the HTTP protocol. 

17 of the fixes are for Java SE, 16 of which can be exploited remotely without credentials. The update contains fixes for products across Oracle's range including Flexcube, Oracle Applications, Fusion Middleware, MySQL and Peoplesoft. 

27 vulnerabilities are fixed in MySQL of which 5 are remotely executable. There are 8 fixes for Oracle's Point of sale applications including 1 for the MICROS system that is remotely executable without authentication. Point of sale applications are increasingly becoming targets for malware that is designed to steal customer card details.