Why your business needs a Password Manager

By

Trying to remember your password for every website, portal, tool and piece of software is borderline impossible. Some organisations like to solve this problem by using a very simple and memorable password, variations of the same password, or worse – the exact same password for everything! That’s just asking for trouble.

Simple and memorable passwords are very easy for hackers to gain access to, with a staggering 81% of breaches caused by weak or reused passwords. Even using a very strong password, but used across many sites and logins, means a single breach on one site or platform can compromise your information everywhere else. That’s where a password manager comes in.

What is a Password Manager?

The average enterprise uses 91 services! Teams, Microsoft apps, emails, Dropbox, Social media channels, CRM, marketing software, sales automation, online store, website – the list goes on and on. With more accounts than you can possibly recall, how are you supposed to remember strong, unique passwords for all of them? The simple answer is you can’t – but a password manager can.

A password manager is an application that creates, remembers and automatically fills in your passwords for you. Log in to an account one time, or manually add log in information to your password manager, and it will automatically store your username and password. All your passwords are stored in an encrypted format, which means they’re safe and protected. A password manager provides fast, secure and easy access to all your stored passwords with the help of a single master password.

A password manager can be incredibly beneficial for any business that wants to boost security, simplify the onboarding and offboarding process, as well as help employees manager their passwords more effectively.

Why is this important?

Passwords are essential

No one needs to be told that passwords are important – we all know this. But it’s important to remember that your password is your first line of defence. Put simply, no matter what service it is that you’re using, the security is often times only as good as the password that you’ve set.

Making a very strong password is often complicated. A password manager really takes a lot of the pain out of the process and makes an often complicated and time consuming process simple and easy. A password manager does this by creating and remembering new, strong and complex passwords that are extremely difficult for hackers to crack.

Unique

The strongest passwords are comprised of letters, numbers and symbols in a string of no particular order or sense. These passwords should look like a cat just walked across your keyboard (for example: jR7z5$R?68<*G>M). Creating a solid, complex and secure password is great – but if you’re not using unique passwords for each of your accounts, it’s basically pointless.

A site or application’s security is only as good as the password you use! Furthermore, many websites are at risk of data breaches that could potentially reveal your login details. Even if you create a strong and complex password, using the same password across multiple sites, accounts and applications means a cybercriminal can potentially own the master key to accessing every one of your accounts that use the same email and password combo, putting yourself and your business at risk for cyber attacks.

Account volume

The average organisation uses 91 services and applications, which means that even if you created unique passwords for all of them, you’d never be able to remember them all. While randomly generated passwords are difficult for computers to crack, they veer on being impossible to remember; especially if you are using a different password for each of your accounts (which you indeed should).

Fortunately, with a Password Manager you won’t need to frantically search for the scrap of paper you wrote your email password on and then ‘hid in a safe place’, or compile a Word document listing all of your logins. Password Managers keep all of your passwords in one encrypted and password-protected app.

Simplicity

Password managers significantly increase your security while also simplifying your life … how often does that happen!?

A password manager requires you to remember a single password – that’s it – then it does the rest. No more trying to remember if it was a capital letter in this password, or a 3 instead of a capital E – and best of all, no more password resets!

What makes a great Password Manager?

Usability

A password manager, particularly in a business context, isn’t effective if no one is using it. In order to ensure employees adopt the use of a password manager, it must be intuitive and easy to use.

A great password manager is:

Efficient: must be able to be used to complete tasks quickly and easily

Effective: should help users achieve specific goals

Engaging: the UI (User Interface) and UX (User Experience) should be pleasant and satisfying to use

Easy to learn: simple enough to be picked up and easily understood without deliberate effort

Error tolerant: should be designed to prevent errors and help users recover from errors that do occur

Likewise, a password manager in a business environment must be usable cross platform and compatible with different operating systems and devices.

Simple Onboarding and Offboarding

A simple onboarding and offboarding process helps your organisation save time and money.

Likewise, when an employee leaves your company, it is important that your password manager has the ability to revoke their access to work related passwords and data. According to a SailPoint Market Report, more than 2 in 5 employees reported have access to a variety of corporate accounts after leaving their last job.

The report concluded that an efficient onboarding and offboarding process helps prevent some of the internal security risks with provisioning and application usage.

Administrative Controls & Monitoring

Your password manager should offer tools that enable you to oversee your employees’ use of the program. This means monitoring features such as dashboards, delegated administration, team sharing, role-based permissions, analytics and auditing.

These tools should enable you to enforce all organisational password policies and aid in regulatory compliance. It is however important to note that your password manager’s monitoring tools should not compromise the privacy of your employees.

Password Sharing

Password sharing is a very standard office operation. However, the methods via which employees use to share those passwords, such as email and internal chat programs, are not safe from hackers.

An enterprise level password manager enables employees to share passwords in a secure, convenient and efficient way. Administrative tools should allow you to share passwords on a temporary basis or with full access.

Likewise, these shared credentials should update automatically so that all other team members continue their access.

Security

Arguably the most important aspect of your password manager is security.

Be sure to utilise a password manager which uses a zero-knowledge protocol in its security architecture. This allows the employee full, exclusive control over the encryption and decryption of their data via a Master Password. This Master Password should never be stored on the password manager’s server or anywhere in the company’s network.

Additionally, your password manager should alert you and all employees in the event a data breach occurs.

eStorm recommends Keeper Password Manager!

eStorm is dedicated to enforcing the same cyber security methods we suggest to our clients. We use Keeper Business Password Manager in-house to protect our organisation against cyber attacks, safely share credentials, enforce IT security compliance standards, and promote security, privacy and productivity.

Learn more about Keeper Password Manager here and contact us for a quote or demo at [email protected] or 07 3120 0640.

 

Hybrid working: the future of office spaces

By

The time of employees being confined to one physical workspace was already fading before the COVID-19 pandemic. However, the pandemic has forced the hand of many businesses to experience remote working first-hand.

Now that we are returning to a new ‘normal’ many offices are looking to create a permanent and sustainable hybrid workplace to keep employees happy and safe, while ensuring productivity and efficiency remains high. We are yet to see how businesses and their teams will go with this transition. To ensure your team adjusts as smoothly as possible during this transition, we’ve provided a few areas below for you to consider in your implementation.

What is a hybrid workplace?

A hybrid workforce is when on any given day, you will have a mix of some employees working in the office and others working remotely. Often mistaken with ‘flexible working arrangements’ there is a clear distinction between the two. Unlike flexible work, the hybrid model provides employees with the autonomy to decide how, when and where they work best.

Hybrid working looks different in every organisation; consequently, there is no ‘one-size fits all’ when it comes to an implementation strategy. However, there are several considerations all businesses will need to take into consideration when exploring the benefits of hybrid working.

What are the benefits of hybrid working?

A study completed in 2018 found that 60% of employees who had hybrid or flexible work options were more productive and engaged in their work more than those with office-based or entirely remote teams. Happy employees lead to loyal employees. Hybrid working arrangements require a certain level of trust between the company and its teams, and while this may seem difficult at first, most companies indicate that the reward of loyalty is worth it.

Flexible and hybrid working options are often sought out by job seekers in today’s competitive job market. Consequently, you might find that thanks to the change in working arrangements, finding new, high-quality employees will not be as difficult. Another advantage to hybrid office styles is that it can assist in your brand transitioning to a global scale. This working style means you can easily have employees across the world, communicating with clients in all different time zones.

What are the key considerations when transitioning to a hybrid workplace?

The best way to transition to a hybrid workplace is to first recognise that everyone works differently. To ensure that each employee can complete their work in the most productive way possible, your business will need to consider the following.

Maintaining Communication

Hybrid arrangements will alter how teams interact and communicate with one another; for example, ‘water-cooler’ conversations and other informal conversations had by employees almost cease to exist when remote work comes into play. These informal conversations can be essential for employee wellbeing and work enjoyment. Introducing Microsoft 365 to your employees’ tools can help overcome this thanks to the new Team’s functionality — check out our recent article on how Microsoft can support your business going remote.

Formal collaboration between teams is often seen to be most effective in tight groups working through specific tasks. Changing the environment in which these types of teams work can result in small challenges or hurdles. However, don’t let the fear of these changes deter you from transitioning to hybrid working.

There are plenty of programs out there that are built specifically for this that you can integrate into your staff’s everyday use. A perfect example of this is Microsoft Sharepoint, a tool that has a variety of uses for keeping teams and employees connected with the business as well as accessing relevant information easily. Alternatively, team members may select specific days where the entire team will be present in the office to formally collaborate.

Building trust amongst teams and within the organisation

As mentioned above, hybrid working requires employees and employers to trust one another for this transition to work. Find ways to let your employees know that your intentions are to keep them safe and protected during the uncertainty of COVID-19, while also requiring them to manage their workload in a way that is best for them.

Mutual trust between an organisation and its employees is also examinable through company culture and whether a team member feels as though they ‘fit-in’ or ‘belong’. Businesses will need to continue to engage workers through shared, company-wide one-off experiences that are equal to the experience enjoyed by staff who work on-site. This might include scheduled zoom sessions or virtual watercooler chats.

Matching your IT strategy to your employee’s working arrangements

As it currently stands, your office will likely have better technology than your employee’s personal devices. By reflecting on your current IT strategy and optimising your business’ and employees’ needs, eStorm can work with you to ensure your team is working with the best technology and accessing all the data necessary to complete their work.

Our team can also assist you in finding the right programs to foster the best communication and working strategies suited for your team. This might include video conferencing software, team communication and file sharing, and tools to assist with tasks.

Find out more about how eStorm can assist with hardware and software procurement for your team, as well as transiting your business to either a private cloud or hybrid cloud to best suit your new workplace.

Ready for hybrid working?

Like any workplace transformation, it isn’t a task that can be completed in a week, month or even a year. Businesses will need to take in many factors of consideration while rolling out a new hybrid workforce. It is a continuous journey of reflection and self-learning.

You can trust us to be with you every step of the way, looking after all your IT needs, giving you one less thing to worry about during this process. If you would like to learn more about how hybrid working arrangements will affect your business’ current IT setup, contact the friendly eStorm team at any time on 1300 378 676 or [email protected].

The newest technologies to introduce into your classroom

By

New and advancing technologies are shaping almost every aspect of our lives. It is no surprise then that the typical classrooms are starting to shift to incorporate new educational opportunities. As access to technology increases, so does the technical literacy and savviness of our students. Teachers are now leveraging all kinds of technology to engage students and provide immersive learning experiences.

Creating personalised learning experiences

Introducing technology into the classroom isn’t about replacing teachers; it is about supporting the delivery of a lesson while also providing a personalised experience for the students. In the past, there has been a stronger push for the education system to shift standardised testing and start making allowances for each child’s unique learning style.

These new technologies introduce students to the concept of blended learning, where they become their own directors of when, where, and how fast they move through an activity. Additionally, many new technologies are built-in with the ability to analyse student behaviours and can adapt the lesson in real-time depending on the student’s strengths and weaknesses.

Let’s take a look at how these new forms of technology are being used today.

Augmented, virtual and mixed reality

These forms of transformative technologies are supporting the instructions given by teachers as well as creating immersive lessons to be fun and engaging for students of all levels.

These adapted lesson plans can include a way for students to experience:

  • A virtual reality roller coaster during a physics lesson,
  • Going on a virtual field trip to ancient Greece during a history class,
  • Providing a way for students to deep-dive into molecular structures, or
  • Compare the real size of dinosaurs to nearby trees or buildings in the schoolyard.

The lesson plan ideas are endless with the introduction of augmented, virtual and mixed reality technologies in the classroom. Start transforming your classroom today by using these three augmented reality apps.

Devices

We have already seen the huge impact one-to-one devices have made on the education industry. However, there is still a clear divide and disadvantage for students of lower socio-economic background whose parents cannot afford a device for each of their children. The effects of this were further seen during the remote-learning period at the start of this year due to COVID-19.

Students who leave school unfamiliar with technology or with the risks and responsibilities associated with it will lag behind their peers when it comes to further education, jobs and general life skills.

Artificial intelligence

Having access to virtual assistants in the classroom can assist students who may be struggling to comprehend tricky concepts. This allows teachers to spend their spare time on students who may have higher needs. The use of AI in the classroom can also create a personalised learning experience tailored to their strengths, weaknesses and needs.

Gamification

Children have always learned through play, with lessons revolving around hands-on experiences and creativity. The shift in our educational system has seen an increase in classrooms being more ‘sit still, listen and learn the facts.’ We are potentially reaching an enlightened age in education, whereby play is re-introduced to the classroom, and students are experiencing a more immersive and engaging learning experience.

3D Printing

3D printing has slowly been introduced into Australian classrooms for some time now and is being used to assist students coming to grips with complex concepts. Furthermore, students are now able to bring their designs to life or assist in providing visual representations of what they can interact with.

We are seeing an increase in 3D printing being used in subjects such as Chemistry where students can print molecules in 3D. History students are also able to print out models of historical artefacts.

Robots and Coding

Robots have made an incredible impact on today’s classrooms by assisting in the teaching of coding. Robots are not just reserved for older students; small and simple bots can help very young students to understand sequencing, estimation and problem-solving concepts.

It is often said that coding will be the next universal language as well as an essential skill for many new jobs. Using robots to teach this topic in a fun and engaging way will hopefully support students who wish to explore new and advancing industries when they finish school. Students get instant feedback since the robot either behaves according to their intentions or doesn’t, exposing a bug in the code that students must then fix themselves.

Drones

A key element of today’s education pedagogy is encouraging students to view information from a variety of perspectives. Drones can assist in doing that in a literal way, by leveraging their interest and love of technology to show them different ways of looking at the world or viewing a physical problem.

Drones can be used in several ways, such as:

  • Using footage to stimulate writing exercises,
  • Mapping the path of the drone to learn about distance and time,
  • Flying a drone to help improve hand and eye coordination, and
  • Encouraging physical activity and education by filming their movements and discussing them later.

Not sure where to start?

The potential for technology to influence the way we teach or engage students isn’t just limited to the ones mentioned. Rather, as new and emerging technologies change the way we work and live, they will inevitably find their way into classrooms, preparing today’s students for tomorrow’s challenges.

To help you start transforming your classroom to take advantage of these new opportunities:

  • Microsoft has released a free challenge to students in year 7 to 12 to learn about AI, known as the AI for Good Challenge.
  • SpheroEdu also has a new platform for teachers and students to start learning and testing their coding skills to move robots.

To learn about more opportunities to integrate technology into the classroom, or if you are wanting to upskill your teachers to effectively use these new tools in lesson plans, contact the friendly eStorm team at any time on 1300 378 676 or [email protected].

Microsoft Surface Pro 7. Is it worth the upgrade?

By

On October 2nd Microsoft unveiled a series of new devices that covers the gap between a conventional laptop, a tablet PC, and to many’s surprise, a device that crosses the line between a smartphone and tablet. Whilst Microsoft was showing their most innovative products to date, this artile is not about the new products they have launched, it is about a product that we are all familiar with. The Microsoft Surface Pro 7.

Microsoft unveiled the new Surface Pro 7. Which for the last seven years stayed the same in physical design. It was a revolutionary device when it was first released as it was the only tablet PC convertible that received positive remarks from the consumer, but it still had its shortcomings, especially the battery life and constant heating. It was the first product in the Surface family to feature a stylus pen input in which years later, Apple had followed suit with the iPad Pro. It was a brilliant device for someone who loves to take notes, draw, and just someone who loves writing in general. But in 2019, with all the new competition from other brands, is it even relevant?

As per TechRadar’s review, the Surface Pro 7 is, astonishingly, no longer the shining flagship Surface product, that privilege now belongs to the new ARM-based Surface Pro X. And the most impactful of all from their review is that the latest Surface Pro is a refinement – not a revolution.

There might be some loyal fans to the Surface Pro that will still be eager to buy this product or those people who finds the additional USB type C port useful to upgrade. There are a lot of downside to this launch as it was noted that the Type cover and the Surface Pen is still sold separately. There’s also an issue with a major dip in the battery life of the device compared to previous generation. What happened to Surface Pro 7 is the same thing happening to Apple’s iPhone in which innovation is now defined as the refinement of the things that already existed.

In general, the Microsoft Surface Pro 7 is not a bad product. Once again, it is the refinement of years of development all cluttered to this device. To answer my question from the title of this article, I would say that it is worth it if you are a big fan of the line-up. If you are someone who already owns a Surface Pro 6, I do think that you can still live without the upgrade.

The 3 keys to high performance & cost savings with IT

By

 

Efficiency. It’s that ever illustrious goal that every IT professional and leader endeavours toward. But, even with maximum effort and precision planning, efforts in the pursuit of ultimate efficiency can fail to hit their intended targets.

According to Kumar Krishnamurthy, a principal with PwC’s Strategy Consulting Group, we must move our focus toward improving effectiveness and the experience for the user.

Focusing on the needs of the business, not just technology

Merim Becirovic, IT managing director at business and technology consulting firm Accenture, says that businesses can become stuck when making decisions as a result of the sheer number of new capabilities the market has made available.

Becirovic thinks this kind of technology-first approach leads to tools and services being adopted that don’t adapt to user needs.

In our new role, we need to enable businesses and help them uncover new streams of revenue. Concurrently, we must focus on the specific needs of the customer and the growth potential of any technology in alignment with overarching organisational goals.

Relationship building

Director in operations excellence practice at West Monroe Partners, Colleen Campbell, says that in order to achieve maximum potential efficiency, we must connect with business stakeholders.

“If a technology leader can state clearly how their technology choices have impact ROI, business leaders will listen and see the line that is drawn from cost to benefit.”

“This is accomplished through relationship building, stakeholder management, communications strategies, program management, metrics, skill capabilities, cultural alignment to goals, and organisational changes.”

CTO of digital design agency SPR, Matt Mead, says there needs to be a sense that business and IT leaders have worked together in projecting and implementing the IT needs for the upcoming year.

Developing IT plans in a vacuum or simply duplicating the strategy of the previous year can lead to significant inefficiencies and affect the businesses ability to remain competitive.

The Cloud

The cloud offers efficiency like never before. Almost any organisation can become more efficient by leveraging the power of cloud / SaaS / IaaS offerings.

These services are designed with agility in mind and allow businesses to scale up or down as they need while leveraging best-of-breed solutions to fulfil the ever changing needs of an organisation.

Gabe Girodano, chair of the MIS department of Ohio University, says that while data centre to cloud migration costs can be rather high, the medium to long-term cost savings are worth it. The lower physical infrastructure expenses, combined with reduced IT management and user support costs can produce significant cost-savings over time.

“The rapidly increasing cost of IT security will make these savings even more significant in many settings moving forward.”

A Framework for identifying and assessing emergent technology

By

Emerging technologies introduce challenges and threats to existing organisational competitive advantages, as well as presenting opportunities for organisations to take the lead in completely new areas, long before the competition takes root.

The need to monitor the technological horizon is vitally important. Emerging technology represents a series of potential investments that can have a serious impact on the business. Assessing the technology landscape, making the smart decisions and advocating for the right technology will help secure the organisation’s future.

However, not all emerging technologies are relevant, and not all live up to their promises. In order to choose the right technology for your business, practitioners must evaluate new technologies for their impact, relevance and probability of success. Whether you choose to adopt or ignore a new piece of technology, the wrong choice can be costly.

Each year, organisations of all sizes measure, analyse and plan where they’re investing in technology, however there is still no widely accepted framework for analysing and evaluating emerging technology.

 

Why businesses need a framework for assessing new technology

  • Utilising a framework as a shared understanding, it becomes much easier to discuss technology analysis with customers and other members of the organisation
  • A framework as a shared understanding enables and simplifies communication and education around technology. A framework not only helps you educate someone on a piece of technology, but makes it much easier to learn about technology from others
  • The sharing of information around technology analysis between teams and departments becomes simplified, easier to understand and more efficient
  • A framework helps to identify which aspects of a piece of technology can be included or left out, depending on its application and relevance
  • The framework itself can be improved over time and collect inputs from relevant practitioners

 

The Emerging Technology Analysis Canvas

Similar to Alexander Osterwalder’s Business Model Canvas, the ETAC (Emerging Technology Analysis Canvas) is a framework designed to address the need for emerging technologies.

The ETAC is based on a set of questions arranged around a logical narrative that probe technology.

 

Emerging technology must fulfil four conditions:

  • The identification of a problem and related innovation that addresses the problem, in this case called a trigger. (We consider that both the problem and innovation must come in conjunction because often the innovation changes our perception of the problem).
  • The technology needs to have a significant potential impact. Often the impact may extend beyond the initial problem.
  • The technology has to be feasible given the available resources.
  • The technology has to navigate risks related to technology development and adoption. For example, the technology must develop and be adopted quickly enough to justify any investment.

The ETAC is structured around these 4 elements (Opportunity, Impact, Technical Feasibility and Future) and drills down into the details in each subsection.

 

ETAC (Emerging Technology Analysis Canvas)

 

Source: https://github.com/wso2/ETAC/blob/master/ETAC.md

Opportunity

  • Trigger: A problem and a solution that captured broader imagination that later evolved to a broader technology promising to solve broader problems.
  • Players: Organisations or individuals who are actively improving or using the technology to solve problems. For example, Amazon, Microsoft, and IBM are active players in serverless. We do not include the end users of the technology as players. Instead these are discussed under the value chain.
  • Drivers: external forces that positively impact the technology such as legislation. For this analysis, one can use the PESTLE framework [10] which considers the political, economic, socio-cultural, technological, legal, and environmental impacts on a technology. Among examples of drivers are cost saving, agility, productivity, automation, communication, trust, privacy, government policy, and law. Also, current industries and other emerging technologies can also act as drivers.

Impact

It is important to note that impact is analysed with respect to potential future and not limited to the current state of the technology.

Macro Impact
This discusses the impact on the industry under the following three themes.

  • Network effects and Interactions: A technology has network effects if the increased adoption increase the technology’s value for existing users thus creating a positive feedback loop.
  • Distruptees: – What technologies or industries will be affected by the emerging technology? The effects are twofold: the industries that compete with the emerging technology will be challenged, while the industries that complement it will be propelled. For example, AI may improve disease diagnosis, but at the same time that will reduce jobs for doctors. Some of the effects may be disruptive, where the affected technology or domain is significantly transformed by the technology. Furthermore, there are several impact areas we can consider. For example, we can use the PESTLE framework [10] in reverse and consider the political, economic, socio-cultural, technological, legal, and environmental impacts of the technology. We need to consider not only the first level effects but also the nth level effects as described by [7]. Furthermore, it is important to consider the crossover potentials of the technology where it can solve fundamental problems in a different industry or a segment, which in turn unlocks a wave of advance. An example of this is blockchain, where a technology designed to solve problems of decentralised money is being applied to areas such as identity, provenance or smart contracts in many industries.

Micro Impact
This discusses the impact on the organisation under the following four themes.

  • Competitive Advantage: how does the emerging technology affect competition between organisations? For example, AI enables organisations to automate decisions and make better decisions, thereby helping them out-compete their competitors.
  • Financial Benefits: How would the technology affect the bottom line of organisations. The benefits come in two forms. The technology might make the organisation efficient saving some costs or the technology might enable new revenue sources. For example, AI is being used to automate expensive human tasks, thus reducing costs significantly.
  • Supply Chain: this represent activities that are carried out starting from raw materials and skills until the product or a service is delivered and consumed by the end user. This section discussed how the technology affects the supply chain.

 

Feasibility

  • Technical Merit – This discusses technology breakthroughs the technology has made as well as any technical limitations. For example, AI has achieved several breakthroughs such as deep learning, which has helped in surpassing human accuracy with many problems. However, there are multiple technical challenges including algorithmic attacks, the need for expert knowledge while tuning and applying the AI, and the significant time required for data cleanup.
  • Tools, Ecosystem, & Skills – This discuss the availability of required skills, tools and best practices, and a community. An example of a community is an open source user forum. As the technology matures, tools and ecosystems will get better, which improve the odds of success. For example, blockchains have built a healthy developer community and tools.
  • Friction – What kind of friction will the emerging technology face in its deployment? Here we only consider technical friction, and nontechnical considerations are discussed under Risks. As an example, blockchains are seeing concerns over the transaction rates and power consumption costs.

 

Future

  • Timeline: What are the key possible milestones in the technology development? For example, how long will it take for the core technology to be ready? How fast will the adoption be? For example, blockchains may need further breakthroughs before they are adopted widely and it might take at least 5-10 years to reach those milestones.
  • Risks: What are risks that might limit the technology deployment? This includes non-technical risks as well. We can think of these as the inverse of drivers. Just like with drivers, we can use the PESTLE framework [10] in reverse to find drivers. An example of a risk is that regulators may restrict blockchains based on taxes or money laundering legislation, even when those blockchains are designed to resolve other aspects than digital cash. Among other risks to be considered are the need for standards, privacy concerns, business models, current law and policy frameworks, lack of skills, complexity, security risks, monopoly and vendor lock-in.

 

Summary

The summary section discusses possible technology development and deployment scenarios while weighing other parts of the ETAC. In the opportunity section, we discussed drivers. In the impact and feasibility sections we explore the potential of the technology and technical reality. The future section discusses risks and potential key milestones. The summary section explores the tension between the potential of the technology and environment in which it has to operate to understand potential scenarios and associated likelihoods.

What we can learn from the Baltimore services hack

By

The Situation

On May 7th 2019, hackers digitally seized roughly 10,000 Baltimore government computers and demanded payment of 13 Bitcoins ($148,151 AUD) to free them back up. Using a ransomsware called RobbinHood, hackers have made it impossible to access servers without a digital key that only they possess.

What is a ransomware attack?
A ransomware attack is where hackers deploy malicious software to block access and take control over computer systems—in this case Baltimore city services and processes.

For three weeks city employees have been locked out of their accounts, while citizens have been unable to access vital services such as sites to pay water bills, property taxes and parking tickets.

A leaked N.S.A. tool, EternalBlue, was also used to exploit a vulnerability in unpatched software that allowed hackers to spread their malware faster and farther than they otherwise would have been able to.

This comes just 15 months after the attack on Baltimore’s 911 system, where hackers were able to disable the city’s 911 system for a day.

The Baltimore hackers ransom note demanded payment of 3 bitcoins per system unlocked, which totalled 13 bitcoins to unlock all seized systems. The note also threatened to increase the ransom if it were not paid within four days, as well as stating that information would be lost forever if it wasn’t paid within 10 days.

Government email systems and payment platforms remain offline, as well as affecting Baltimore’s property market as officials aren’t able to access systems needed to complete real estate sales.

Over 20 municipalities in the US have been hit by cyberattacks in 2019 alone, with an attack on Atlanta costing upwards of $17 million to fix.

 

The Takeaway

It’s important to note that ransomware attacks aren’t new. In 2017, a ransomware called WannaCry target tens of thousands of computers using Microsoft Windows operating systems in more than 100 countries. This attack included corporations in the UK, France, Russia, Israel and Ukraine as well as attacks on hospitals.

Ransomware schemes have become more effective since the invention of Bitcoin in 2009. Conventional payment networks make it difficult to accept payments without revealing your identity. Some ransomware schemes are so elaborate that customer service agents are hired to help victims obtain bitcoin and pay their ransom.

Since WannaCry, many organisations and sectors have made improvements to their security and security practices.

eStorm recommends taking stock of your networks to understand your exposure, assess the potential risks and patch vulnerable areas. We also recommend a multi-layered approach to security that includes:

 

If you have any questions about your business security, feel free to contact us at any time on (07) 3120 0640, email [email protected] or use the live-chat feature on our website between the hours of 9am and 5pm Monday to Friday.

The 5 Key Areas of Efficient Cloud Management

By

 

With more and more enterprises seeing the benefits in, and establishing, long-term cloud computing strategies, the consumption of cloud services has begun trending towards the omnivorous.

According to the International Data Corporation, over 85% of enterprises are starting to adopt multi-cloud architectures that include a mix and match of public cloud services, community clouds, hosted clouds and private clouds.

Likewise, IDC research shows that 50% of enterprises are likely to subscribe to over 5 different public cloud services while adding, expanding and dropping subscriptions based on specific organisational needs. These figures highlight the fact that getting cloud management right from the start is ever more important.

A mistake that more and more organisations seem to be making is how they think of and treat services like the public cloud. Treating public cloud services like a Netflix subscription, where you use the service and pay the bill at the end of each month isn’t quite right. In fact, many businesses are finding that on-premise services were costing them less than what they’re spending now. Of course, public cloud providers won’t tell you there are significantly more efficient ways to use their services. Your public cloud services need to be managed in a similar fashion to how you would manage on-premise infrastructure. Learning to manage these cloud systems, in regard to cost, planning, capacity and security is paramount.

In order to take charge of this complex environment, enterprises should focus on the following 5 key areas.

Cost and optimisation

Managing cloud costs can be significantly challenging for many enterprises and CIOs, especially if they’re new to cloud adoption.

In most cases, enterprises and CIOs are accustomed to buying and setting up equipment as and when it’s needed—but it’s not that simple with cloud services.

For example, developers running application tests might forget to turn off their VMs before leaving work on Friday afternoon and accidentally leave them running all weekend. As a result, an enterprise ends up burning through their entire month’s allocation for particular cloud services.

That’s why it’s vitally important that enterprises consistently track their cloud service consumption while aligning with their budgets. The importance of cloud service budgeting lead Microsoft to the acquisition of an organisation that helps enterprises track consumption while forecasting future spending.

Resource planning

Clearly identifying how much of a service is needed and when it is needed is significantly important in achieving operational efficiency.

Security

Key security functionalities to consider for your cloud computing environment include, but are not limited to:

  • Risk management
  • Appropriate segmentation of duties
  • Single sign-on
  • Key management

It’s also important to conduct a review of your current security systems and consult with a specialist for the implementation of appropriate, up-to-date and robust security systems tailored to your specific needs.

Secure-Files-and-Data-Optimised

Governance

It’s important to create policies that establish which staff or departments require access to what applications and services, how and when they can gain access to them and for how long.

Orchestration and provisioning

Automation, orchestration and provisioning are vital for managing complex cloud environments.  Blueprinting the connections and inter-dependencies involved in cloud and on-premise systems is vital.

Google plans new browser tools on privacy and ad transparency

By

Google recently announced plans to introduce new internet browser tools in the coming months that limit how a users’ web activity is tracked by advertising companies while delivering greater insight into why they are targeted by certain ads.

“Our experience shows that people prefer ads that are personalised to their needs and interests—but only if those ads offer transparency, choice and control,” said Prabhakar Raghavn, Google’s senior vice president for ads and commerce, in a recent blog post.

The new feature would allow Chrome browser users to delete cookies, which are the virtual trackers that websites and businesses use to document your browsing behaviour for data collection and re-marketing purposes, without also removing the cookies that remember passwords and enable easy login for websites, Google said. This announcement comes amid a time where increased public scrutiny is forcing Silicon Valley to be more transparent.

Google also mentioned a separate add-on, which will work across multiple browsers, that lists businesses involved in delivering ads to users, which also included intermediaries who are between the advertisers the publishers.