Is your router spying on you? Think about how much trust you place on that little device which converts the signal from your ISP and connects all your devices to the internet.
Are you in compliance when it comes to storing customer data? Are you exposing your business to risk from bad actors and potential fines from regulators with a lax attitude towards data security?
How many times a day do you look at your smartphone? Could this be bad for your long-term health?
These are the questions that we explore in this edition of the Continuous technology news round-up. If you’ve been busy spending the summer working on your grilling, you can still catch up on the important events in the technology industry.
We’ve also taken the liberty of pulling out salient points from each story and describing how they can be useful for a business. That means you can keep your eyes on those burgers because the Continuous team is keeping you up-to-date on the pulse of modern technology.
Compromised Routers – What You Need To Know
If you have wireless internet, this applies to you. We’re pretty sure that’s almost everyone, so listen up. Late in May, a warning from the FBI was issued recommending everyone to reboot their wireless router. They were issuing the warning following one of the most sophisticated malware attacks ever discovered.
Dubbed VPNFilter, this piece of malware infected millions of home and small-office routers. The exploit is effectively able to eavesdrop on traffic passing through the router. Log-in credentials, SCADA traffic, and other data you wouldn’t want bad actors being privy to are potentially at risk.
Routers from the following manufacturers have been shown to be vulnerable to the exploit:
Specific models of infected routers are available here.
The FBI suggested that foreign governments may be the source of the malware based on the complexity. The article suggests that over half a million routers across 54 different countries have been infected with VPNFilter since 2016.
Here’s a clip from an article in The Washington Post about how IoT devices can become compromised:
Internet of Things malware isn’t new. The 2016 Mirai botnet, for example, created by a lone hacker and not a government, targeted vulnerabilities in Internet-connected digital video recorders and webcams. Other malware has targeted Internet-connected thermostats. Lots of malware targets home routers. These devices are particularly vulnerable because they are often designed by ad hoc teams without a lot of security expertise, stay around in networks far longer than our computers and phones, and have no easy way to patch them.
Small Business Takeaway: Noted in the article is the level of sophistication of this exploit, and although the official recommendation from the FBI is to reset compromised routers immediately, that may not be enough.
VPNFilter may be able to remain effected through a reboot. To fully mitigate the risk, it’s recommended that you reset the router to original factory settings.
This may require reconfiguring the router for your network which can be difficult if you’re not particularly savvy with network configuration. In addition, it’s a good idea to update the firmware of your router to include any security patches sent from the manufacturer.
Wi-Fi Alliance Introduces WPA3 Security
The cyber security industry is constantly looking for new ways to stay ahead of cybercriminals, and the Wi-Fi Alliance has a solution, at least in the Wi-Fi landscape. The next generation of Wi-Fi security, WPA3 has been introduced and promises to enhance Wi-Fi protections for both personal and enterprise networks.
The previous edition, WPA2 has been around for more than a decade but will still continue to operate and provide a baseline level of security. Don’t panic if you’re still on leveraging WPA2 security, it still works well.
WPA3-Personal: more resilient, password-based authentication even when users choose passwords that fall short of typical complexity recommendations. WPA3 leverages Simultaneous Authentication of Equals (SAE), a secure key establishment protocol between devices, to provide stronger protections for users against password guessing attempts by third parties.
WPA3-Enterprise: offers the equivalent of 192-bit cryptographic strength, providing additional protections for networks transmitting sensitive data, such as government or finance. The 192-bit security suite ensures a consistent combination of cryptographic tools are deployed across WPA3 networks.
Small Business Takeaway: WPA2 is a still a widely used and acceptable form of wireless network security, and while the transition to WPA3 will ultimately provide more protections.
Depending on your network, and security need, it may be worth having a conversation with your IT management team about migrating to WPA3.
GDPR Becomes Enforceable, Creates Confusion for Businesses
With widespread instances of major data breaches, and customer information being sold on the dark web, it was only a matter of time before regulators stepped in to help protect consumers.
The rise of cloud technology has largely been a good thing for businesses, but with more businesses leveraging the cloud for day-to-day operations there has been a spike in security breaches.
The General Data Protection Regulation (GDPR) was agreed upon by the EU in 2016 but became enforceable in May of 2018 and has presented businesses behind the curve with some serious challenges.
By some UK estimates, 83% of enterprise workloads will be cloud-based by 2020. Breaking down those figures further, about 41% of enterprise workloads will be run on public cloud platforms, and another 22% on hybrid cloud networks.
Here’s a clip from Forbes describing one of the biggest problems for CIOs:
Cloud compliance under GDPR it is not going to be an easy task. Results from a recent survey done by Commvault showed that only a small number (12% of the 177 global IT organizations surveyed) understand how GDPR will affect their cloud services. These results raise the assumption that companies that use cloud services will be more vulnerable.
Small Business Takeaway: While the information above pertains specifically to UK-based businesses, there’s a bigger lesson to consider.
All businesses leveraging a cloud network need to be aware of current laws and regulations surrounding data security. Ignoring these could put sensitive data at risk and expose the business to exploits AND potential fines from regulators in the event they are put up to a security audit.
Ensure that your IT management team understands compliance in your industry and regularly perform stress tests to ensure your systems remain safe from attackers.
Tips for Technology Detox
This might seem strange coming from an IT support company, we get it. But technology addiction has become a serious issue for the younger generations. An article on CNBC cited some tips for helping you achieve “unplugged” status throughout your day.
Independence from technology can be just as important as using tech to achieve business objectives.
You might be shocked to learn how often you look at your smartphone throughout the day, and notifications on your phone are certainly a contributing factor to interrupting concentration.
CNBC’s tip suggested turning off notifications from people who may “over-communicate”:
If you're not ready to completely turn off your iPhone notifications, you can start by limiting alerts from certain apps, or even specific people. You may want to try turning off text message alerts from specific people in your address book, like those who text you too much.
Small Business Takeaway: Successful businesses keep employee health and wellness at the front of their mission statement. This goes beyond access to healthcare and vacation days.
Some of the tips in this article could be useful for those employees who might seem to spend too much time with their head buried in their devices all day.