“Let’s hack and disable your cell phone. Start whistling in three, two, one, GO!”
Researchers at the University of Michigan and University of South Carolina claim to have discovered that music could be used to disable or, to a certain extent, even control some IoT devices. The researchers say they were able, through sound waves, to add steps to a Fitbit tracker and interfere with a cell phone app’s ability to control and access Internet of Things devices.
What does this mean? As IP enabled devices become more and more common, we are culturally on a course that the most likely device that we will use to control and interface with them is our cell phones. These IoT devices use chip based devices that are built upon the architecture of micromechanical systems (MEMs). Since these devices lack standards or shared design criteria, there is no governing body to say, “this is good or this is bad,” when a new product comes out.
Common examples where exploits are known and published include the interfaces between fitbits, drones and toy cars with your cell phone.
There are IoT devices in your workplace, today, whether you approved them or not. For example, I am wearing a Garmin watch that supports Bluetooth and wireless, and it is connect to our office public Wi-Fi. Since I know the logon information for the corporate Wi-Fi, I COULD put my watch on the private network, and, more likely than not, no one would know that it was a watch. After all, it has logged on with a valid username and password, and it is logging on from a known location-the office. What if my watch got hacked and became a proxy for, say, a server that was sending out inappropriate content?
Who is at fault? The network admin for not having enough security? Me, for not notifying the network admin that I have an IP enabled watch? Garmin, for making a watch that is hackable?
The IoT world is changing who we use technology. The lack of standards or the inability to track device proliferation shall make the news with ever growing frequency.
It is best to respond to this threat before it is a problem. Mobile Device Management can help. Learn more about TNT's Mobile Device options here.
There are several things to consider before moving your servers to the cloud. Without question, you have used servers in the cloud. Remember online banking that you started using a decade ago? Those were servers, made available to you “in the cloud.” Sure, those who made that service available to you had no idea how prolific that technology would become.
Now, you have some server(s) that you think might be best managed and maintained by having them be cloud based. Here are a list of 5 things that you need to take into consideration before you pull the trigger.
Considerations when Moving Servers to the Cloud
- There are one-time setup fees and monthly recurring charges for moving servers to the cloud. Get a handle on the difference. Some companies charge no fee to migrate, but they get that money back on hidden/back end fees based on your usage. Some charge a setup fee, but they give you very predictable recurring fees that you can count as accurate. Keep in mind that you are buying this service from a business that makes money. One way or another, they will get back their costs from you. Otherwise, they will go out of business, and so will access to your server.
- Take a tour! If you can’t go to the facility, get them to give you a test account, so you can see what the experience is like. Not all servers or services are created equal.
- Ask about backup. Nearly every vendor out there gives you a monologue about their uptime. They spout off facts and figures that sound like this…. "Our servers are up 99.999% of the time, or your money back.” That said, events happen, and your servers’ data gets corrupted/deleted/hacked, etc. What does your vendor do if you discover that everything got hacked on Friday night and you didn’t find out until Monday morning? You need to know what they are going to do for you to get you access to the server that was running on Friday at lunch, before it went down. FYI-most providers don’t include backup until you get to a premium level service
- Ask what support looks like. Having a phone number and an email address is better than having only an email address. Ask where support is! Many folks struggle to be understood when support is on the other side of the world with a non-English native speaker. The importance of communication only increases as the urgency increases.
- If you are seeking assistance in the move (which you should do, since your experience is limited, at best), ask for a plan. Find out which servers and services were selected to be moved first, and learn why they were picked.
Moving to the cloud shall happen, whether it be on your watch or your successor's. Be a part of the change, but be smart about it.
If you are interested in learning more about moving servers to the cloud, especially the point about backup,
Businesses are on the hook for customer information and data security, and we are not talking about credit cards.
In a recent court hearing, the Federal Trade Commission cited a company lacked “even basic precautions to protect the sensitive consumer information maintained on its computer system." It appears that actual harm from a data breach doesn’t necessarily need to be proven if the potential for harm exists. The ruling sends a clear and sobering signal to business owners: You must make significant, demonstrable efforts to protect yourself from data breaches or face the consequences.
In the ruling, the FTC stated, "Among other things, it (the company) failed to use an intrusion detection system or file integrity monitoring; neglected to monitor traffic coming across its firewalls; provided essentially no data security training to its employees; and never deleted any of the consumer data it had collected.”
The days of keeping all emails from a customer, including ones for order and purchase approvals, now represents a liability, not an asset or a CYA tool.
Too often, small businesses state, “Nobody is interested in the data we have. We’re not Sony or a government agency.” That thinking can now put you out of business.
Many IT leaders and business owners often think that there is a single product or service that they can subscribe to and this problem goes away. None exists. You need a managed security system that includes multiple products and offerings to address the gamut of requirements.
Lastly, there is no substitute for cyber security training for users. IT staff are not the ones who initiate the breaches-it is nearly always employees or innocent staff who don’t realize what they are doing.
The Network Team recently hosted a workshop on cyber security. As part of the workshop, we distributed handouts to help you help your employees strengthen the data security of your network. Fill out the form below to download the handout.
In ancient times, they city of Jericho was a modern Manhattan. It was the center of trade and commerce and known throughout all the Middle East as a crown jewel of civilization. Jericho’s leaders built a large wall to protect it from invaders. The wall was so big, that nearly none of the city’s occupants took the time to stay trained in the use of combat weapons like the villages who lived outside the city walls.
God’s people marched around Jericho seven times and the wall fell. Despite the size of their force being much smaller than the number of people living inside the wall, the city fell to the Israelites.
This was preventable, if Jericho’s leadership was like Webroot.
Most of our customers start with some over the counter firewall product that came with a $20 gift card to their favorite department store. They feel by using this firewall, they are as safe as the residents of Jericho. They do nothing to holistically protect the assets inside the company feeling that their firewall is doing all the hard work for them.
By using Webroot, you are doing the same thing as providing a wall not only around your city, but also around each of your assets. The best part, is that you don’t have to worry about bricks, concrete and training for your users as Webroot is a cloud-based product, meaning all the heavy lifting is done by smart guys (and gals) in a faraway place. The software that gets installed is minimalistic and does not require updating, meaning no matter who is attacking, the way automatically protects from the current attack.
In the past, TNT recommended products from Trend Micro, Barracuda and others for endpoint security. These products all had unique configurations with a need for maintenance, or they did not work. With Webroot, it is a set it and forget it technology, meaning once we set it up, there is very little for either of us to do. It is much like getting electricity installed in a new home.
You ought to try it out. It’s free for 30 days and costs only a couple of dollars a month per user after that.
Reach out today to learn more.