Were You One Of The 87 Million Facebook Users Caught Up In The Cambridge Analytica Saga?

Facebook data saga

The Big Fight: Facebook Vs Cambridge Analytica

The Facebook / Cambridge Analytica saga has been fascinating.

Mark Zuckerberg’s grilling by the Senate was cringe-worthy stuff. He came away virtually unscathed. Not because he was proven innocent of any dubious goings-on, but because most of the senators had no idea how Facebook works.

It all started with a personality quiz called, “This Is Your Digital Life.” Anyone who took the test had their data harvested by Cambridge Analytica. Worse still, their friends’ data was mined too.

Facebook announced that if you were amongst the unfortunate 87 million people affected, you would be notified via your News Feed.

But what if you haven’t been notified and are still sceptical?

You can check if your Facebook data was shared with Cambridge Analytica by logging into Facebook and visiting their help page.

This is probably a good time to check out the other apps that have access to your Facebook account and disable any that you no longer use.

What does Facebook know about you?

It’s events like this that make you stop and think about what you share on social media.

PCWorld.com offers a guide on how to download your Facebook data.

If you’re not comfortable with what you find, here’s their article on how to delete, disable, or limit your Facebook account.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Do You Know Where Your Data Is?

That might sound like an odd question, but it has been prompted by an article by Simon Secure cloud storageQuicke in MicroScope.co.uk.

According to Simon, research carried out by Varonis highlights that many senior managers only have a loose grip on understanding where their information is stored. In fact, 67% of companies surveyed admitted that their senior management had no idea where their data was, with 74% having no formal process for tracking files that had been placed in the cloud.

Very disturbing reading.

Not only that, but only 9% of companies had a process in place to authorise and review those accessing hosted information with a whopping 68% having no plans to introduce such secure procedures.

The article went on to quote David Gibson, VP of strategy at Varonis:

“The results clearly show a lack of control by those organizations that have adopted cloud file sync services.

“The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored. This should act as a wake-up call for organizations to develop a conscious strategy to ensure secure collaboration as quickly as possible.”

Are you using the cloud? If so, do you know where all your data is? And do you have security procedure in place?

If not – why not?

Destroy Your Data–5 Ways to Say Goodbye

goodbye

The thought that you could unwittingly open your data up to unscrupulous hackers is at the forefront of most peoples’ minds. But what about when you dispose of your old computer, hard disk, or USB stick?

If you don’t destroy your data before disposing of your hardware or dropping it off at your local recycling centre, you could see your personal data fall into the wrong hands.

Here are 5 top tips for data destruction from PCPro – well worth a read.

1. Overwrite it

Simply deleting files or formatting them won’t do it. Although they appear removed from your OS, they’ll still be lurking in the recesses of your hard drive.

The answer is to overwrite the data at least 3 times. The article in PCPro suggests using the Gutmann method, which ‘writes a series of 35 patterns over the hard drive’, their preferred free tool is Eraser.

2. Smash it

To eradicate the data you have to physically destroy the hard drive, or more accurately, the platters within the hard drive.

This can be done using various methods: hammering large nails through it, using a sledgehammer to pummel it, take an angle-grinder to it, or dunk it in dilute hydrochloric acid.

The easiest method is to unscrew the hard drive using a Torx screwdriver and remove the platters, which can then be sawn and generally destroyed.

3. Demagnetise it

Although this method won’t work on USB sticks or SSDs (because there’s nothing magnetic about those data storage devices), it can be used on hard drives.

But be warned, waving a household magnet over it won’t be enough to delete your data. Demagnetising (or degaussing) isn’t a viable home data destruction method as degaussing machines are rather expensive.

4. Disc destruction

We’re not talking about scratches as they would have to be pretty deep to make any impact, so you might as well go the whole hog and destroy the disc.

Cut it up using a strong pair of scissors or shears, or, if your shredder has a slot for CDs, use that and dispose of the bits in separate bins to make sure it can’t be put back together again.

5. Purge your printer

Believe it or not, lots of printers have built in hard drives and may automatically store a copy of any document that passes through it – bet you didn’t realise that.

Assuming you’re not planning on selling on the printer (or returning it to the lease company), remove the disc and destroy it. If you do want to sell it on, connect the printer to a PC and wipe it using the a data erasure tool.

So there you go, 5 ways to make sure you don’t pass on any of your sensitive data without realising it.

 

Author: MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Mobile Data – An IT Headache

A recent article in Microscope.co.uk, looked at the changing landscape of IT and the impact it is having on data security.

According to Dave Everitt, general manager EMEA at Absolute Software, the increasing use of personal devices (such as smartphones) in the workplace is dramatically changing the landscape for IT departments everywhere.

He uses the term ‘consumerisation’ of IT to describe the increasing use of smartphones by social media savvy employees and how companies must devise ways of managing and securing company data held on those devices, without using ‘big brother’ tactics.

Today, more and more employees are taking their own devices into work and using them to store company data on them. If an employee synchs their company email with their personal smartphone, who is responsible if that phone is stolen and the data lost?

There could be trouble ahead…

Companies will be forced to put in place procedures to ensure their data integrity by the growing number of laws around data security.

If companies don’t comply, they could face hefty fines (not to mention damage to their reputation). The article goes on to say that ‘according to the Ponemon Institute, the average cost of a data breach to an organisation in the UK is £1.7 million, while in Germany it is €2.41 million’.

Not only that, but with a public that’s more aware of the security of their personal information, and a more mobile workforce, IT departments are facing a monumental headache.

What can be done?

IT departments simply have to get to grips with situation and put procedures in place to prevent a disaster from happening. The article made several suggestions:

    • Think ahead – think of the worst possible scenario and work backwards to ensure you have the systems in place should a laptop, for example, ‘drift’ off the network
    • Make sure you know what devices you have and where they are
    • Install an asset management system that can keep track of multiple operating systems (such as Windows, Macs, smartphones etc.) via a single console
    • Work with HR and Legal to implement a clear policy on the use of consumer devices at work. Decide what is acceptable and legislate against what isn’t
    • Communicate – it’s IT’s job to talk to employees and to make sure everyone is aware of the reasons for having security policies in place. Also make sure they know what to do, should the worse happen, and a laptop goes missing

Technology has been responsible for many great things, but it can be a double edged sword. Greater mobility of data has compromised its safety and companies must work hard to ensure their customers’ data remains safe.

To read the full article, click here.

Author: MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Keep Your Mobile Safe

mobile phoneThey are everywhere these days.

Everyone from kids to Grannies are in love with their mobile phones. In fact, it’s hard to imagine how we used to cope without them (remember those days?).

Whether for business or personal use, most of us would be totally lost without our phones.

We came across an interesting article in the FSB Business Networking Magazine (December/January 2012) written by that famous Dragon, James Caan.

A fellow mobile phone addict, James talked about the dangers of using a personal mobile for work. As he states, unless it’s protected, you could be putting your business information at risk.

Just think for a moment about the information that’s contained on your mobile. If it’s lost, what would be the cost to your business?

Here are James’s top tips to keep your mobile devices (and their information) safe:

  1. Make sure your phone is in a secure pocket and your laptop always close to hand when you’re travelling
  2. Get a case for your phone so you can tell it apart from others
  3. When you’re using their mobiles on wireless networks when out and about, make sure they understand the dangers of wi-fi hotspots at airports, cafes etc.
  4. Never use your mobile or laptop desktop to store PINs or bank information
  5. Always password protect and encrypt your device, just in case you misplace it
  6. If your device is lost or stolen, act quickly

Thanks James – these are things that we should all be doing to keep our data safe.

Author: MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Changes in Data Breach Laws

lawA recent article in Microscope.co.uk is giving a heads up for the proposed changes in the data breach laws across the EU.

At the moment, the Information Commissioners Office (ICO) has the ability to dole out fines of up to half a million pounds to any company that fails to look after its data. The problem is, this maximum penalty is rarely used.

The proposed changes will see a much tougher stance being taken, including a fine of up to 5% of turnover. Plus, the company will have to reveal it has a problem within 24 hours.

The article went on to quote Grant Taylor, Cryptzone Vice President of the compliance vendor, as saying that the 24 hour rule would be a ‘game changer’ elevating data security to a boardroom discussion across Europe.

He went on to comment that, “as has been reported, in the US where data breach notification legislation is a lot more onerous that in Europe, the costs of remediating a breach are a lot higher. As a direct result, we have found that the issue is discussed a lot more amongst companies and, as a consequence, the profile of IT security generally seems to be far greater.”

Opinion

What do you make of these proposed changes?

Are they a good thing?

Leave a comment below, we’d love to hear what you think.

New Electronic Communications Regulations–Cookies

cookiesSadly, we’re not talking about chocolate chip or all-butter cookies, but rather the text files that websites put on a user’s computer to store information, such as user preferences.

The new rules governing cookies were brought in to play in the UK on 25th May by the Privacy and electronic Communications (EC Directive)(Amendment) regulations 2011/1208 (see here for more details – and more information on the amending regulations is available here).

Of course, it’s going to take time to come up with workable solutions to these amendments, so the Commissioners Office has given organisations and businesses running websites (aimed at UK consumers), up to 12 months ‘to get their house in order’ before taking enforcement action under the new law.

According to the FSB Business Informer (Jul/Aug 2011), the Department for Culture, Media and Sport has also addressed concerns that changes to the use of cookies could have a serious impact on the web by supporting cross-industry work that would result in adverts having an easily recognisable icon to make it easy for users either to access more information or refuse cookies.

So, if you run a website aimed at UK consumers it would be wise to keep an ear to the ground to make sure you take the necessary action to ensure you don’t fall foul of the new rules.

Author: MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

How Secure is Cloud Computing?

It would appear as though everyone is turning to the cloud these days. Undoubtedly, it has its advantages, such as:

  • Cost savings
  • Increased storage
  • Automation
  • Flexible
  • Greater mobility
  • No more worries about updates leaving you free to concentrate on innovation and building your business

But what about security? How secure is your data when it’s in the cloud?

Keeping your data safe

This is an issue addresses by ITPro. As discussed in their article, there are three basic models for cloud services:

  1. Infrastructure as a Service (IaaS) – such as Amazon Web Service, where they provide the infrastructure leaving you to deploy your own virtual servers
  2. Platform as a Service (PaaS) – such as Microsoft Azure, where you run your applications on the service’s operating system, using its storage infrastructure
  3. Software as a Service (SaaS) – such as Salesforce.com, where you store your data in the service’s databases and use its software to process information

Each of these will require differing security measures, with IaaS demanding that you secure your individual virtual servers. But with PaaS you are reliant on the security features of the service operating system (both your OS security and infrastructure are in the hands of your cloud service provider). As for SaaS, this is the simplest and yet hardest to deal with because even though all your security needs are taken care of by your service provider, you also have to trust your provider (or at least make sure you have a binding agreement that includes security provisions).

An issue of trust

ITPro went on to say that to Salesforce.com’s Tim Barker, Vice President of Marketing in Europe, the Middle East and Africa, gaining trust is an important and consistent focus for them as a company.

However, their trust needs to be verified, which is why he states “We work to ISO 27001 standards, with third party accreditation and we’re also evaluated by prospective customers who send their own security people. So we’re probably more regularly reviewed that any other vendor, right down to code reviews.”

Bearing that in mind, you could argue that cloud services offer a security advantage as a vendor’s solution has probably had much more money spent on its infrastructure, security and competencies than an internal IT department can afford.

Securing your data

As you move away from physical servers and towards virtual networks and private clouds, securing your data (rather than applications) has become more important.

In the cloud, processing resources are fluid and there’s no way to tie data to a specific server – or even to a specific application or service. Instead of treating cloud security as yet another place for firewalls and as yet another threat, it’s time to seize the opportunity to rethink the way we secure data.

One possible answer is encrypting your information within your databases. Therefore the key to working with cloud services is to secure your data.

Author: MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Disaster Recovery Can Be Done On a Budget

Disaster recovery planFor many business owners, the term “Disaster Recovery Plan” sounds expensive. But it doesn’t have to be.

However, it is a necessity.

No one likes to look on the gloomy side of life, but disasters do happen. Every small business (regardless of size or industry sector) should have some form of disaster plan in place – just in case.

After all, it only takes a laptop being carelessly left lying around containing sensitive data, or a disgruntled employee, customer or bored teenager, to break into your systems to shut you down for weeks.

Be prepared

Your disaster recovery plan will minimise opportunities for lost data and maximise the opportunities to recover the data.

The best way to do that is to store copies of your data at on off-site location by either:

  • Hiring a service provider to physically pick up copies of your data daily from your office
  • Electronically transmit the data to a remote location
  • Hire a service bureau

You must also become familiar with your data, equipment, key personnel, procedures and supplier relationships. This will help you create a plan that’s right for your business.

It may be the case that you have the expertise you need amongst your staff to devise and implement your plan. However, it may be wise to get help from an external IT support company.

Tools

Electronic systems for disaster recovery are fast and safe. Microsoft offers several key disaster recovery features in its products for small businesses, such as:

  • Windows Small Business Server 2003 R2 – protects work, prevents data loss, and restored deleted filed with automatic data backups
  • Windows Vista – offers Windows Complete PC Backup and Restore
  • Microsoft Exchange Hosted Services –  preserves email access during and after emergency situations

Know your data

Do you know how much data you have?

Don’t worry, many businesses find it difficult to understand how much they have, what they have and where they have it. But this information is critical to establishing your backup requirements.

Test your plan

You should aim to test your plan once a quarter so staff understand their responsibilities and roles within your disaster plan.

Don’t panic

If the worst happens, don’t panic.

It may not be as bad as you think. After all, how many times have you thought you’d lost data only to realise it had been saved in a different location to normal?

Should a real disaster strike, you need experts who can help recover your data and a plan for how your employees will be able to continue with their work.

A good recovery plan is like an insurance policy – you need to spend enough to make sure you survive, but no so much that your business can’t sustain the cost.

Author: MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Disaster Recovery Planning

scream10 tips for disaster planning

Successful disaster recovery depends on having a realistic and well understood set of objectives based on your business needs. This involves planning and preparation:

  • From the business impact analysis
  • Understanding and quantifying risks
  • Classifying and prioritising applications and data recoverability

Your Disaster Recovery plan should also be documented. But this isn’t a one off exercise; the dynamic nature of IT means your plan should be continuously reviewed and updated. Plus continual investment in new technologies to provide higher performance at lower costs is essential as it the need for data backups.

So what are the top 10 tips?

1. Linking your business and IT

The creation of your Disaster Recovery plan should be seen as best practice and not pitted against cost. Cutting corners here could prove very costly indeed so make sure it is integrated with your businesses day to day priorities.

2. Plan across the board

Your Disaster Recovery plan won’t work unless you take all your functional IT areas into consideration. Constantly ask yourself ‘what if’ and think about downtime and your loss tolerances. Your plan also needs to take into account everything during and after a disaster.

3. Keep it current

Although you hope and pray you’ll never need it, your plan should always be at the forefront of peoples’ minds. Once in place make sure it is maintained and amended to reflect your changing IT landscape.

4. Test

Yes it’s a complete pain and quite a major undertaking but how will you know if your plan will work unless you test it? Best to find out its shortfalls before it’s really needed.

5. Be realistic

Being realistic is vital in both your recovery point objective and recovery time objective.

6. Who is responsible?

The last thing you want is everyone heading for the hills when things go wrong. Make sure everyone knows the part they have to play.

7. Risk

Think of your Disaster Recovery Plan as an insurance policy – how much and what kind of insurance does your business need? And what risks are you prepared to take? You could be looking at a disaster such as flood or fire or it could be a systems failure. Take a look at all aspects of your business to make sure everything is covered.

8. Backup

What kind of backup do you use? Make sure  the medium you use works should it be needed. After all there’s no point in having a plan if you can’t retrieve your data.

9. Accessibility

If you house your backup data in an off site premises will you still be able to reach it if you need to? It sounds odd but if your office is victim to a fire and you keep your backup data in a building nearby – are you going to be able to get to it? Is it likely to also be affected?

10. Cost

Disaster Recovery plans can be expensive and is often a cost that many businesses simply can’t absorb. But what’s the alternative? How much will it cost your business if it all goes wrong and you don’t have a plan in place? It should be seen as an investment – it’s your peace of mind that when the worse happens your business will survive.

No one ever wants to think about the bad stuff that can happen but, a fact of life is it will happen to someone sooner or later.

Don’t leave your business exposed. If you’re unsure how to proceed find an expert who can help you with your Disaster Recovery Plan. It’s better to be safe than sorry.

Author: MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.