Google Beacon – persistent project or privacy predicament?

Just another day at the office when an unexpected parcel from Google drops on the door step… the random gift of a Google Beacon!

The organisation is pushing the initiative once more by sending businesses free Beacons to encourage implementation. Unfortunately, in today’s security conscious environment these deliveries are sparking more privacy questions than implementations.

What is Project Beacon?

Project Beacon provides proximity experiences for customers using Bluetooth low energy (BLE) technology to send signals to local smart devices. The device continuously broadcasts an identifier which connects to a user’s device. Once your device has interacted with the Beacon it can then transmit its programmed action to the device.

Google Beacon

What are they and why is Google promoting Beacons?

Google is promoting the advantage of improved offline attribution with Google ads. Since the Beacons can be used to pinpoint a physical location, you can track conversion from online advertising to in store visits.

For example, if someone searches for a winter coat locally and visits a Google advertisement for your store but then clicks off before purchasing it wouldn’t have been classed as a conversion. However, with Google Beacon, the device can be tracked into the store as a physical visit.

For the customer, Beacons enable promotions to be broadcasted to receptive devices in the Beacon range to encourage in-store visits. You can read more about the features and benefits of Google Beacon here.

What does this technology mean for privacy?

The concerns around Beacon privacy and security is not just relevant to Google, but other distributors as well, including Apple. Although many may consider these threats minimal, they are still concerns according to Kontakt.io.

Hijacking

As default, most Beacons do not encrypt the data that’s transferred to them from connected devices. Kontakt.io explains a hacker could change the connected Beacon password and change it so that they have full control of the device, putting the entire IoT infrastructure at risk.

Physical tampering

Unsurprisingly, as a Beacon is a physical box, it is also subject to physical attacks. Although this is extreme and unlikely, someone could physically remove the device, take it apart to access its information.

Cloning and Piggybacking

One of the largest threats is from cloning, where an attacker listens to the device and captures Beacon data, copying the information to an external application without consent. After capturing the data, the hacker may clone it, copying the configuration and contents to another Beacon in order to mislead customers. Using a duplicate Beacon opens up an array of possibilities for the hacker, including triggering in-app payments.

As the latest drive continues and technology gets smarter, so do the hackers and the future of project Beacon is still undecided.

virtualDCS BSI certification

We’ve passed again! virtualDCS recertifies its ISO 27001 status

The renewed ISO 27001 accolade showcases the team’s continuous commitment to information security and data protection.

Looking at the entire scope of the business, from how the company purchases teabags to its comprehensive staff vetting procedure, the BSI assessed and commended virtualDCS on its processes and unique structure.

virtualDCS BSI certification

ISO 27001 is the international standard for best practice for information security management systems, covering technical and business controls that ensure a company is managing its data in the most secure way possible.

Richard May, Managing Director of virtualDCS said:

“There’s often some confusion around the standards and what they cover, but in essence, the re-certification shows that we’re managing customer data in the most secure way possible. This means that anyone that works with us can continue to be confident that we’re handling their information with the utmost sensitivity.

Many businesses that have an ISO 27001 certification tend to heavily limit the scope of the audit, but we wanted to encapsulate the entire business and its practices. If we’re going to be certified, then we’re going to do it right.”

Re-certification was truly a team effort as each employee within the company is responsible for a set of unique standard operating procedures. These procedures are monitored and updated by the appointed team member. virtualDCS chose to deploy this unique approach so that information security would be at the forefront of everyone’s mind and at the heart of the business.

For more information contact the team on 03453 888 327, using the contact form below or by emailing enquiries@virtualDCS.co.uk

Infographic: A history of Ransomware

Have you ever wondered where Ransomware came from? Our latest Infographic reveals this and so much more.

What was the first recorded example of Ransomware and how was it administered?  When did it officially become ‘Ransomware as a Service?’

How was this technology spread before the Internet? These are just a few of the questions commonly asked around the latest business threat.

We’ve created this infographic to answer these common queries, but if there’s anything else you’d like to know feel free to contact the team using the contact form below.

 

a brief history of ransomware

SaaS just makes sense

When technology companies create game-changing software, they’re posed with the question ‘to SaaS, or not to SaaS’?

Software as a Service (SaaS) makes it simpler for developers to sell software, send it to market and make an impression in the industry. Combined with the fact that customers are actively driving forward this method of software delivery for their own benefit, SaaS is a no brainer – it just makes sense!

What are the benefits for developers?

Although there are numerous benefits for software developers, such as increased availability, the protection of intellectual property and reduced sales times. There are, two distinct advantages acting as the main driving force – these are financial efficiency and scalability. We’ve explored these below.

Financial efficiency

SaaS businesses are more financially efficient than traditional software companies and there are a number of reasons for this. One option for developers wanting to SaaS their Software is to create and maintain their own hosting platform, however, with this choice, the developer would have to purchase the hardware outright and then employ a team to manage and maintain it.

SaaSWhen partnering with a hosting provider, SaaS eliminates this requirement as the software developer rents space and facilities from the service provider, paying for them on a monthly or quarterly basis.

Scalability

Another fantastic feature for developers utilising SaaS is the ‘pay as you go’ system. With SaaS, the developer only pays for the resources that customers use. Many providers also offer needs based scaling, so when the demand is high they’ll have more resources available and software will continue to run as efficiently as ever. It’s also the responsibility of the hosting provider to account for future growth, which means the developer doesn’t have to spend money purchasing or maintaining hardware that may not be used.

 Benefits for end users

From a commercial perspective it’s clear why developers are utilising SaaS solutions, but why are end users driving the industry forward? SaaS enables them to access a range of benefits, including:

  • Instant access to new releases and updates
  • Reduced pressure on the IT department
  • Faster implementation times
  • Reduced costs overall
  • Access anywhere solutions

You can also read more about these benefits on our SaaS hosting solutions page.

If you’re considering hosting a SaaS solution and would like to find out more, please contact the virtualDCS team and we’d be happy to discuss your requirements and offer you a free proof of concept.

Wannacry and the importance of patching

A blog by Ross Devine, head of technical support.

I’m sure that you’ll all of heard about the outbreak of the ransomware WannaCry which was widely reported in the UK media due to the devastating effect it had on parts of the NHS.

wannacryThis Ransomware was propagated via a vulnerability that was patched out by Microsoft back in March.

We completely understand that patching has typically been regarded as a bothersome task that people would rather put off until tomorrow.

Hindsight, however, is all good but had the organisations and bodies kept up to date with their server and client patching they would not have suffered at the hands of the criminals that released this Ransomware into the wild.

This outbreak has shown us all that patching, no matter how mundane, should be placed at the core of our security plans rather than at the periphery. We advise all of our customers and businesses, in general, moving forward, to review their update schedules.

For all our customers that take Proactive Support, this is a task that we will be happy to assist with where required.

What this has done is thrust the importance of server patching for any organisation, or end user’s IT systems into the public consciousness, no doubt the next time you have an outage your MD or end user will be asking if the servers have been patched, what will your answer be?

 

For information on security and managed hosting services contact virtualDCS on 03453 888 327 or by emailing enquiries@virtualDCS.co.uk