As a small business owner, it's likely that security is never far from your mind. Every month, yet another major company falls victim to a hacker, losing critical data and gaining negative customer sentiment in the process.
In the past two months, though, the tech security news has hit a little closer to home. Are hackers spying on your company through your employees' smartphones and workstations? Read on to learn about new vulnerabilities that threaten your company's privacy -- but first, we'll begin this month's roundup of tech headlines with some exciting flash storage news from IBM.
IBM Announces Bigger, Faster FlashSystem 900
The Story: IBM has announced a major upgrade for its FlashSystem 900 rackmount flash storage units. While FlashSystem 900 previously offered up to 60 TB of storage per unit, the new version offers up to 180 TB.
In addition, IBM promises that the new FlashSystem 900 will use space more efficiently and achieve faster transfer rates thanks to its built-in compression algorithm and the onboard microprocessor.
Takeaway for Small Business: The new FlashSystem 900 should improve the performance characteristics of the IBM cloud -- or other public clouds using IBM's storage hardware -- when searching large databases or performing other I/O-intensive tasks.
For businesses that haven't migrated to the cloud yet, IBM has also announced a solution that should make moving to the IBM cloud easier. Spectrum Virtualize assists with moving data to the IBM cloud and helps to ensure the data's resiliency following a disaster.
Malicious iPhone Apps Could Secretly Record Pictures and Video
The Story: Engineer Felix Krause has released a proof of concept showing that a malicious iOS app -- once granted permission to use the camera -- could silently record videos of people using the app.
The problem has to do with the way in which iOS handles camera security. When you install an app that wants to use your device's camera, iOS asks for permission. Permission to use the camera is permanent unless you revoke it -- and iOS doesn't require an app to notify the user when it activates the camera.
It is, therefore, possible for a malicious app to record and transmit footage from both an iPhone's front and rear cameras -- and transmit those videos over the Internet -- without warning the user.
Takeaway for Small Business: The good news about this potential exploit is that it doesn't work unless an app has permission to use the camera.
If you do not grant camera permissions to third-party apps, you should have nothing to worry about. This news is cause for concern, though, if your business has a security policy that prohibits employees from using cameras in the office. Former FBI director James Coney advocates covering webcams to prevent spying; your company should consider a similar policy if a leaked video could cause a serious problem.
Google Announces Bug Bounty Program for Android Apps
The Story: Between iOS and Android, many smartphone users have long considered Android the less secure platform. Part of the problem is the ease with which users can install Android applications from third-party app repositories; many websites that claim to offer paid apps for free are actually distributors of malware.
To keep users safe and clean up the platform's reputation, Google has announced a bug bounty program for Android apps. If a security researcher can discover a remote code execution flaw in a popular Android app such as Dropbox or Snapchat, Google may pay the researcher a bounty of $1,000.
Takeaway for Small Business: Offering a bounty is a great way to encourage ethical hackers to help improve the security of the Android platform. If your company presently avoids Android due to its reputation for substandard security, it may not be long before you'll want to give the platform a second look.
Official JQuery Website Defaced by Hackers
The Story: In October, hackers gained access to the official JQuery website -- a WordPress blog -- and created a post that temporarily defaced the website's home page.
Takeaway for Small Business: Although the successful hacking of the JQuery website should strike fear into the hearts of small businesses with websites that rely on JQuery, the hacker group that penetrated the JQuery website did not alter any known version of the JQuery library.
If your company's website uses JQuery, though, it may be wise to confirm that the website uses the latest version of the library. You can check the version of JQuery that a page uses via the console in Chrome.
Adobe Flash Exploit Infects Computers With Spying Software
The Story: A serious vulnerability in Adobe Flash could make it possible for a hacker to infect a computer with malware that records webcam video, microphone audio, keyboard input and more.
The exploit infects computers by triggering Flash via malicious Microsoft Office documents. Adobe has already patched the vulnerability; Microsoft will probably follow suit shortly.
Takeaway for Small Business: If you've kept up with tech trends over the past several years, you already know that the Flash platform is a magnet for hackers.
The United States Department of Homeland Security actually suggests uninstalling Flash as a potential threat mitigation measure, and the Chrome web browser doesn't use Flash at all unless you give it explicit permission. This threat, though, is different than most because it doesn't use the browser as an attack vector.
Unless your company specifically requires Adobe Flash, you should strongly consider removing it from all corporate computers or adopting an automatic update policy to ensure that no workstations run obsolete versions of Flash. Alternatively, your company can run Microsoft Office applications from the cloud; this vulnerability does not affect cloud-based Microsoft Office applications.
There you have it, another installment of the latest technology news from Continuous Networks. We provide these updates to help business owners who are busy taking care of the day-to-day but still want to keep their fingers on the pulse of what's happening in the technology space.
Are you looking for an outsourced technology partner who will be as compassionate about your business as you are? You might not associate an outsourced IT vendor with an actual partner in your business, but that is how the Continuous team sets itself apart from the rest.
A little more about us:
We work tirelessly to understand your business and ensure that your success is never hindered by poor technology. Using these building blocks, we integrate with your business, become your trusted technology advisor and remain actively committed to evolving your IT within today’s ever changing technology landscape.
Ready to take the next step? Visit our website to book a consultation.