Google Beacon – persistent project or privacy predicament?

Just another day at the office when an unexpected parcel from Google drops on the door step… the random gift of a Google Beacon!

The organisation is pushing the initiative once more by sending businesses free Beacons to encourage implementation. Unfortunately, in today’s security conscious environment these deliveries are sparking more privacy questions than implementations.

What is Project Beacon?

Project Beacon provides proximity experiences for customers using Bluetooth low energy (BLE) technology to send signals to local smart devices. The device continuously broadcasts an identifier which connects to a user’s device. Once your device has interacted with the Beacon it can then transmit its programmed action to the device.

Google Beacon

What are they and why is Google promoting Beacons?

Google is promoting the advantage of improved offline attribution with Google ads. Since the Beacons can be used to pinpoint a physical location, you can track conversion from online advertising to in store visits.

For example, if someone searches for a winter coat locally and visits a Google advertisement for your store but then clicks off before purchasing it wouldn’t have been classed as a conversion. However, with Google Beacon, the device can be tracked into the store as a physical visit.

For the customer, Beacons enable promotions to be broadcasted to receptive devices in the Beacon range to encourage in-store visits. You can read more about the features and benefits of Google Beacon here.

What does this technology mean for privacy?

The concerns around Beacon privacy and security is not just relevant to Google, but other distributors as well, including Apple. Although many may consider these threats minimal, they are still concerns according to Kontakt.io.

Hijacking

As default, most Beacons do not encrypt the data that’s transferred to them from connected devices. Kontakt.io explains a hacker could change the connected Beacon password and change it so that they have full control of the device, putting the entire IoT infrastructure at risk.

Physical tampering

Unsurprisingly, as a Beacon is a physical box, it is also subject to physical attacks. Although this is extreme and unlikely, someone could physically remove the device, take it apart to access its information.

Cloning and Piggybacking

One of the largest threats is from cloning, where an attacker listens to the device and captures Beacon data, copying the information to an external application without consent. After capturing the data, the hacker may clone it, copying the configuration and contents to another Beacon in order to mislead customers. Using a duplicate Beacon opens up an array of possibilities for the hacker, including triggering in-app payments.

As the latest drive continues and technology gets smarter, so do the hackers and the future of project Beacon is still undecided.

Wannacry and the importance of patching

A blog by Ross Devine, head of technical support.

I’m sure that you’ll all of heard about the outbreak of the ransomware WannaCry which was widely reported in the UK media due to the devastating effect it had on parts of the NHS.

wannacryThis Ransomware was propagated via a vulnerability that was patched out by Microsoft back in March.

We completely understand that patching has typically been regarded as a bothersome task that people would rather put off until tomorrow.

Hindsight, however, is all good but had the organisations and bodies kept up to date with their server and client patching they would not have suffered at the hands of the criminals that released this Ransomware into the wild.

This outbreak has shown us all that patching, no matter how mundane, should be placed at the core of our security plans rather than at the periphery. We advise all of our customers and businesses, in general, moving forward, to review their update schedules.

For all our customers that take Proactive Support, this is a task that we will be happy to assist with where required.

What this has done is thrust the importance of server patching for any organisation, or end user’s IT systems into the public consciousness, no doubt the next time you have an outage your MD or end user will be asking if the servers have been patched, what will your answer be?

 

For information on security and managed hosting services contact virtualDCS on 03453 888 327 or by emailing enquiries@virtualDCS.co.uk

 

Top 5 Cloud Trends for 2017

A blog by Antonio Francis – Support Engineer

As the end of 2016 approaches, businesses are putting together their forecasts and predictions for the cloud computing industry over the next few years. Likewise, I decided to put together a list of trends that I think the industry needs to be prepared for.


More users joining the cloud

cloud trends 2017With cloud computing advancing at such a rapid rate, it’s clear that more people will be migrating towards it in order to seek its benefits – such as how flexible and cost effective it has become.

Initially, those that have steered away from this technology may have done so because it was new in the arena. However, now it has had time to prove itself as the new way forward, the barrier to entry has fallen for many companies.

Cybersecurity

As the push towards the cloud increases, the more the cloud providers will be targeted. Hosting providers will need to look into improving their security and this should come in the form of a solid platform to host on, strong firewalls and being on top of the latest threats out there.

Providers will also need to ensure that if they’re holding confidential information, they’re also using a top tier security level data centre.

Competitive Pricing

As more businesses migrate to the cloud, the more hosting providers will be targeted as partners. This competitive aspect will then affect provider pricing, as they will have to match or beat the competition. It will also consequently affect the prices of storage and hardware.

Rethink hosting

Current hosting providers may need to rethink how their business model is working. Their current platform may be well suited to their currents needs and those of their customers, but they need to plan for future growth and may need to shake things up.

This could mean that they’ll need to separate out the lower level security customers from the higher ones. They may also need to think about simplifying things without losing security as they’ll have so many more customers to look after.

Flexibility

One of the more popular cloud computing advantages is that you’re not tethered to a desk or office when working, providing the freedom to work from anywhere. As this benefit is so popular, with employees working on the move and in between meetings, I can only imagine that this aspect will evolve over the next few years, in order to meet customer demands.

Businesses should turn to cloud and SaaS for security

A new report by Kaspersky Lab claims that small and medium businesses are struggling to keep their organisations secure and are turning to SaaS for assistance.

The report concludes that this is due to tight budgets, small IT teams and an increase in cyber-attacks, with 66% of participants spending less than $1,000 a year on IT security, compared to 68% of enterprises that spend over $1 million each year.

saasPolling 4,395 executives over 25 countries, the report also finds that 55% of participants were concerned about BYOD adoption within their organisation and that 49% of businesses felt vulnerable because of security incidents affecting third-party cloud services.

Vladimir Zapolyansky, Head of SMB Marketing, Kaspersky Lab said:

“The report shows that SMBs currently face a number of challenges when it comes to protecting their businesses from security threats. On the one hand, they typically have a lack of resources, budgets and security expertise that can make them attractive to cybercriminals.

On the other hand, increasingly complex security environments resulting from trends such as the volume of mobile devices they need to protect requires action. This makes it all the more important to spend budgets wisely and look at other options for remaining vigilant and getting the protection they need, and by taking a SaaS approach to security, SMBs can take advantage of endpoint security solutions without having the hefty budgets of enterprise counterparts.”

40% of SMBs and 26% have VSBs have since agreed that outsourcing could be the answer and are actively looking to outsource software and IT infrastructure to third parties.

LinkedIn blocked by Russian authorities

The business social network LinkedIn will now be blocked throughout Russia, after a court case found the company guilty of violating local laws on data storage; this paves the way for other networks and cloud computing providers to be blocked.

Russia’s communications regulator Roskomnadzor has said that LinkedIN would be completely unavailable to access within 24 hours, with some internet providers already blocking access to more than six million Russian members.

LinkedINKremlin spokesman Dmitry Peskov told journalists in Moscow that Roskomnadzor was acting strictly in accordance with Russian law, however, many citizens are concerned that the ban is actually about censorship and control. Many are concerned that more popular social networking sites, such as Facebook and Twitter will also be blocked.

What happened?

In 2014, Russia introduced legislation that required international companies dealing with consumer data to relocate their servers to Russian soil in order to protect citizen privacy. Google has reportedly taken steps to comply with the law, however other social networks and some large cloud computing providers have resisted the order.

LinkedIn has not transferred any of its data and has therefore been blocked by Russian authorities. This is the first time that the law has been enforced against a US-based social network.

How has LinkedIn responded?

According to BBC reports, a LinkedIn spokesperson stated that:

“Roskomnadzor’s action to block LinkedIn denies access to the millions of members we have in Russia and the companies that use LinkedIn to grow their businesses. We remain interested in a meeting with Roskomnadzor to discuss their data localisation request.”

1 2 3 29