All posts by Paul Brennan
There are a few practical – and costless – steps you can take to address a couple of security the issues which affected our clients recently: manager and supplier spoofing.
Manager spoofing is where an attacker pretends to be a senior manager in your business. An email purporting to be from the manager, or business owner, will be sent to someone in accounts, who has authority to make an online bank payment. These emails are straightforward, “Could you pay £1427.00 to Supplier Co., account number and sort code are XXX XXX. Needs to be done now”, and will appear to come from the manager, although the return email address will be the attacker’s. If this payment is made, a second request will be made the following day, usually for a higher sum.
Supplier spoofing is a variation on the same theme but it is far easier for an attacker to execute. All they need to do is email, supposedly from one of your suppliers, with a change of bank details. This type of legitimate email is received regularly by most businesses, but few have checks in place to ensure their next payment doesn’t go to a fake account. We have even known clients to receive a telephone call from the attacker confirming the change of bank details.
There is no malware utilised in any of these attacks, so systems-based prevention is difficult. What’s needed are strong process controls. Staff should be informed of the threats and a policy document drawn up detailing the following:
Requests from managers to make payments to new bank accounts should not be made without face-to-face or telephone confirmation.
All changes to supplier bank details need to be confirmed via pre-existing channels.
Management sign-off required for new payees or changes to existing payees.
Initial payment to a new bank account should be capped and receipt confirmed.
Internal checking: ensure no one person is able to authorise, pay and review transactions.
You can now get these specific risks added to your insurance policy, without an increase in premiums, but only if you have the processes and procedures in place. So it’s a good idea to review procedures, write them down, distribute to staff, and make sure you add insurance cover for these risks next time you renew.
Let us know if you would like some help with this, we can give you a template.
More than a billion Yahoo users may have been hacked in an attack dating back to 2013. This is deemed to be the largest data breach in history.
It stands as a further embarrassment to a company that was once one of the biggest names on the internet, but one which has failed to keep up with the rising stars such as Google and Facebook.
Yahoo advised that names, phone numbers, passwords and email addresses had been stolen but assured users that no bank and payment data had been taken.
Those account users affected should have received notification by Yahoo, however, all users are urged to change their password and security questions.
This recent attack serves as a timely reminder to continually renew and update passwords.
Points worth consideration:
– Don’t re-use Passwords. Research suggests that at least 62% of people in the UK use the same password for more than one account
– Remember to change security passwords too. Your mother’s maiden name and the name of your first pet doesn’t change, so time to change those questions instead!
– Abandoned accounts are filled with personal data. You may not have used the accounts in years, but hackers can still gain valuable personal data from these sources too
Microsoft UK have announced a price increase from 1 January 2017 of between 13% and 22% to bring GPB prices into line with euro levels.
The increase will apply to Windows desktop, Microsoft Office, Windows Server, Exchange Server, Office 365 and other business software. Subscriptions for products like Office 365 are protected from the increase for their initial 12 month period.
This is the first price increase for Office 365 since its release, previous price movements were all downwards, and it has been many years since we have seen cost increases for Windows and Office.
As you will already be aware, this summer saw particularly volatile pricing for everything from PCs to IT security products, most of which are ultimately denominated in US dollars. The volatility has calmed but all GBP prices are higher than they were earlier this year across the board.
Trying hard to suppress political comment here………….
This guy has been taking care of an incredibly valuable and important task for 17 years. The cost of replacing it is significant and the software, which works only on a machine of this vintage, fits the requirement perfectly.
As various vulnerability horizons approached, special arrangements had to be made: this box wasn’t internet-enabled, no email client got near it, its network was known as The Oasis, as it was a closed system.
We would send new, young, engineers out to carry out the many tasks required, most of whom had never seen Windows 98, but they all wanted keyboard time on this one. It’s what passes for heritage in our game.
We think this is the last ’98 machine in the client base and it will be switched off today. It is certainly the last PC of this vintage connected at the moment, but we occasionally encounter systems decommissioned years ago, which are brought back into life for the Work Experience person.
Don’t let this nostalgia fool you, Windows 98 was a nightmare of an operating system. It did more for the malware industry ‘than all the hackers in China’. Microsoft had no idea about security back then. Not like now. Of course.
Why Settle is 20 years old today. Back in 1996 the technological landscape was very different than it is now. A few clients had email but most didn’t. Their networks were used for databases and word processing. Where it existed, internet was via a dial-up modem and there wasn’t much to do on it. Email soon moved its way onto most of our desktops quickly followed by antivirus software, but I remember one of two people insisting they didn’t need protection from viruses.
Until this point, most of us were limited to who we could do business with by the contacts we had, but the ramifications the internet was about to create have were evident. To capture this sentiment, we chose the name Local Planet Solutions Ltd (which is still our formal identity), alluding to the global village. Technology would soon transform us into a point on a global map of professionals and service providers.
‘Local Planet Solutions’ had a relevant message 20 years ago but well before we rebranded as Why Settle, transforming clients into global-ready professionals was old news; few were good enough to be left out of the revolution and remain in business.
Before always-on broadband arrived around 13 years ago, clients would schedule times for their networks to connect to the internet to collect email. A few back-and-forth email conversations could take all day. There was no expectation of a fast response, never mind an immediate action. Within a short period, being at your desk made you instantly accessible to pretty much everyone you knew.
Then came the early Blackberry adopters, who were first to take email with them 24 hours a day. As more players entered the smartphone market within the last decade a critical mass was reached. Quickly, most of our clients moved from working standard office hours to doing staccato pieces of work until their head hit the pillow. The first and last thing many of us now do in the day is check our email.
In the space of a few years our clients became always-on professionals in a global marketplace. From our IT management perspective, everyone needed everything to work all the time. Fortunately, some technology improved: hardware is remarkably better than it was 20 years ago, but other aspects, like broadband, still has a long way to go.
We were no longer just enabling clients to participate in the global village, we were facilitating them to provide ever-better levels of service. Many now export their services beyond these shores. We know they provide world-class levels of service because they are tested competitively worldwide. This is beyond what was imaginable for many 20 years ago.
Both our clients and Why Settle staff seem to be under pressure to get through more work in less time with each technical iteration. For us, we know there are easier jobs in IT than managing and supporting hundreds of varied networks, but none of us choose that easier living.
We enjoy what we do, the occasionally-stressful challenge of making a client competitive on the world stage is genuinely fulfilling – and we’re good at it, which helps.
We enjoy working with our clients. To a greater-or-lesser degree, we are part of their team. We tell each other, we don’t support networks, we support people. Support the person right and you’ll get there with the technology.
We also enjoy working with our own supply chain (caveat broadband suppliers on this point). The technology we sell and support has to work in an increasingly vulnerable space. Together with our clients we invest time, money, strategy and reputation on making the right decisions. For this, we have to trust our suppliers.
When we discuss strategy with clients now we often ask them to consider aspects they have little grasp of, but the objective is no different than it was on 1 November 1996: We’re going to make you more agile, more resilient and more efficient. We’re going to make you a better employer and a better business.
My sincere thanks to our clients and everyone who does business with Why Settle for their support. You allow us to do what we really want to do in life – help the good guys.
News broke this morning that Glasgow City Council’s email is down because a safety measure they installed went rogue. An air conditioner in the server room malfunctioned, releasing gas. This in itself was an inconvenience but all IT systems continued to operate until the gas reached the fire suppression system.
The fire suppression system was unable to differentiate between air con gas and smoke, so started hosing down the servers. On Tuesday afternoon the Council took to Twitter to explain that their email system had been down since Monday. A day later there’s still no news of remediation. The failure also brought the telephone switchboard down for a period on Monday.
Air con systems are absolutely necessary for server rooms but we’ve seen similar instances to this too often. Systems designed to keep your servers safe, involving water, electricity and (often) fans running on an external wall, are notoriously prone to what Glasgow City Council yesterday called a ‘catastrophic’ failure.
The Council’s apparent lack of Business Continuity plans are another story. Getting this right isn’t difficult, or particularly expensive. Continuous image backup to a failover server elsewhere on the Council estate would have systems back in minutes. They could also outsource this risk to to Office 365.
It was 20 years ago today that the PC first stepped beyond the ubiquitous MS DOS operating system as Windows 95 was launched. Before 24 August 1995 every PC and laptop in the world, bar a tiny number of Apple Macs and PCs running IBM OS/2, ran on an incarnation of DOS. Early on the market was dominated by IBM DOS, a licenced version of MS DOS, there were even clone versions of DOS, command line-compatible with the Microsoft version.
DOS was always meant to be a staging post for the IBM and ‘IBM compatible’ PCs, as we referred to them back then. IBM dominated the computer market and licenced Microsoft’s operating system for PCs as a stopgap until they were in a position to launch their own product. That was due to be OS/2 (Operating System 2), but in a portent for many subsequent releases of Windows, OS/2 was unloved at launch. It also cost hundreds of pounds, far more than DOS.
Windows existed before 1995 but it was what we called an operating environment, sitting on top of DOS, but if you wanted to get anywhere on your PC, you needed to know a handful of DOS commands, typed onto a dark screen with a flashing cursor.
Windows 95 kicked the computing world on by a magnitude. It obliterated the memory limitations inherent in DOS (as did OS/2, although OS/2 did so before most people needed to reach beyond those limitations), setting off a semi-conductor boom as memory chip demand soared. With more memory, came better software, but at launch Microsoft seemed to know little of what was just around the corner. There was no internet browser included in the volume market product.
Microsoft, the world’s largest software company, had missed the signs that this internet thing was going to be a big deal. They hurriedly readied Internet Explorer, which was launched a week before Windows 95, and made an upgrade available, if you wanted a browser with your new operating system.
Within a year Microsoft were distributing books on how to use Windows as a web server, but this was a futile attempt to stem the flow of Unix, for years thought to be a dying relic of an operating system, of taking control of the web server marketplace. Today, estimates of the web server market share of Unix derivatives (most commonly Linux) are as high as 98%.
Windows 95 was replaced after three years with a close clone, Windows 98, before the hugely successful Windows XP launched in 2001. Even though Microsoft stopped issuing security updates for XP a year ago, it still retains an impressive 11% market share, more than twice that of Apple’s Mac OS X.
When they launched Windows 95 Microsoft looked imperious. They still retain over 90% market share of desktop and laptop devices, but there’s a soft underbelly to those figures. Windows has failed to make a significant impact on the tablet and mobile marketplace. The decision to give Windows 10 away for free to Windows 7 and 8 users, was not a benevolent act. Microsoft are making a play for your disk operating system for the next 20 years.
Microsoft release the new version of the world’s most popular desktop operating system, Windows 10, on 29 July, and for most people, they are giving it away for free! A quick clarification on the version name is probably helpful. There was no Windows 9, we went straight from Windows 8 to 10, and even now, six years after Windows 7 was released, more business PCs ship with this version of Windows than the largely-unloved Windows 8.
If ever a business wanted to call a truce with its loyal customers it’s Microsoft with the most un-Microsoft gesture – anyone who has purchased a Windows 7 or 8 PC in the last six years is entitled to a free upgrade to Windows 10.
It’s probably fair to say there’s a fair degree of trepidation in the IT community at the prospect large portions of their user base trying to upgrade to a brand new operating system. This migration has no precedent. While Windows 10 is functionally better than 7 or 8, we are not expecting our client’s lives to become more productive after the upgrade; experience of earlier Windows upgrades suggests there could be lots of problems.
You have one year from the release date to decide if you want to accept the free update offer. There’s a lot to check before doing so: your older printers and devices may not work, and many software applications will either work differently, or not at all. It’s also unlikely Windows 10 will make your PC run faster…..
So it’s free, and Microsoft would really like you to take up their offer, as supporting old systems is a heavy dead cost on all software companies, but even a free upgrade is not necessarily good value.
I’ll upgrade mine, but not until later in the year.
You may have heard Microsoft will later this year release to manufacture Windows 10, a new operating system for PCs (and other devices) to replace Windows 8.1. There is obvious confusion as to why they followed Windows 7 and Windows 8/8.1 by omitting Windows 9 and going straight to 10, but this is Microsoft we’re dealing with here, they also omitted Windows 4, 5 and 6, going instead for Windows 95, 98, 2000, XP and Vista.
We’ve been beta testing Windows 10 since October. It’s a perfectly acceptable operating system, the most important feature of which is the return of the much beloved Start button, which Microsoft, in their wisdom, decided to remove from Windows 8 in an attempt to create a common user interface for desktop and tablet users.
Eight years ago Microsoft’s hugely successful Windows XP was replaced by their hugely unsuccessful Windows Vista, a slow, cumbersome beast, which was very late to market. As a consequence of that failure, the software behemoth upped their game with the release of Windows 7 in 2009, a fast, secure and familiar environment. At last users had a reason to move from XP.
As of December 2014, Windows 7 still has 56% of the world’s desktop operating system, but its replacement, Windows 8, combined with Windows 8.1, only has 13.5% market share – less than the no-longer secure Windows XP, which is still running on 18% of the world’s PCs.
Much to Microsoft’s frustration, the lesson from those who invest in technology is that they buy and keep what they like, and they’ll not deploy operating systems their users don’t like, such as Vista and Windows 8. Even today, over two years after the release of Windows 8, Dell’s business PCs ship with Windows 7 installed, and an upgrade licence for Windows 8.1.
Microsoft’s grip on the desktop and laptop markets, despite their flops, remains imperious. Apple have a little over 5% of the market, while Linux and others have 3.8%, leaving Microsoft with over 90% of the spoils, but it has single digit share of the tablet and smartphone markets.
As users live more of their lives on smartphones, the encroachment risk to Microsoft, primarily from Google’s Android, and to a lesser extent from Apple’s iOS, is clear.
In order to combat this risk, Windows 10 will run on desktops, tablets and smartphones. Software vendors will be able to write applications for desktops which will run, without modification, on Windows 10 smartphones.
This is the key play for Microsoft, if they can create an environment where your accounts software will run on your desktop and the phone in your pocket, they will leverage the huge legacy investment we have all made in desktop working to grab hold of our mobile lives.
Delivering on this strategy is so important to Microsoft, they are offering all Windows 7, 8 and 8.1 users an upgrade to Windows 10 FREE OF CHARGE!
You may deduce that if Microsoft are offering their perennial cash-cow free of charge they are a worried collection of software developers. They are. This is a major gamble, and there is no guarantee it’s going to work. Some of our engineers are working with the beta trail of Windows 10, but I’ve no intentions of finding out how well, or otherwise, my laptop performs after a Windows 10 upgrade.
There is a methodology of PC design: know the specification of the operating systems which are going to run on it, test them and make sure all your components work. Microsoft are now offering us an operating system to run on PCs and laptops which have never been designed to run Windows 10. There are thousands of PC designs with tens of thousands of components, upgrades will be problematic.