Category Archives: Business

Now Scotland hits out over Macquarie Bank

The Scottish government has added to concerns being voiced about Macquarie Bank potentially “asset stripping” Britain’s prized Green Investment Bank if the Australian investment bank is successful in acquiring the bank, possibly as early as next month.

The Scottish government’s Cabinet Secretary for Economy Jobs and Fair Work Keith Brown has written to the UK government, warning that privatising the bank “may result in an asset stripping exercise.”

His concerns mean serving and former MPs from five political parties have sounded alarm at the prospect of the so-called “Millionaires Factory” taking over the Green Bank.

Although Mr Brown’s statement does not mention Macquarie Bank by name, it is the only serious contender to buy up the £2 billion ($3.4 billion) bank.

“The veiled manner in which privatisation is taking place offers no reassurance that the future of the Green Investment Bank is being modelled in line with the reassurances offered to the Scottish Government in 2015, which state that the original purpose of the bank would be maintained.”

‘Financial asset stripper’

The term “asset stripping” means breaking up a company and selling off its most profitable parts, even if that is not in the company’s long-term interests. Critics of the sale fear Macquarie Bank will break up the Green Bank in this way and rob it of its ability to act with an environmental mission.

Macquarie Bank has been hit with the unflattering “asset stripping” tag for more than a decade, when the board of the London Stock Exchange deemed the bank unfit for a takeover.  Britain’s Telegraph cited a source close to the LSE describing Macquarie Bank as “purely a financial asset stripper.”

The SNP’s intervention is significant as it has previously suggested the British government might have to formally seek Scotland’s approval for any privatisation deal. The Green Investment Bank was created in 2012 to finance infrastructure green energy projects would otherwise struggle to find.  In 2015 it began turning a profit. Its headquarters are located in Edinburgh.

Mr Brown’s statement adds to concerns raised in the past few weeks by MPs from a range of political parties, including the former Tory and Liberal Democrat Ministers who helped create the bank, the Labour opposition and the Greens.  Former Tory Minister Gregory Barker called for the sale to be halted immediately and the former Lib-Dem Secretary Vince Cable last week told Fairfax Media that Macquarie Bank was the “worst kind of company” to be acquiring a bank set up to solely finance environmental projects.

Perimeterless Networks

The variety of ways workers are now connecting together and to the web to work more effectively continues to grow.

As the connections expand, so do the steps that need to be taken to ensure those connections communicate with the network in a secure fashion.

Because employees increasingly are using mobile devices to connect to the corporate network, this puts pressure on IT to provide endpoint security and device management solutions that make sense for both the mobile worker and the enterprise.

Research firm IDC predicts that the number of mobile workers will increase to 1.19 billion by the year 2013. The variety of devices that these workers use to connect to the network will also continue to grow.

According to the iPass 2011 Mobile Enterprise Report, 73 percent of enterprises allow non-IT managed devices to access corporate resources. This is a figure that is likely to get larger as 83 percent of firms said they expect to support Apple’s iOS, while 77 percent anticipate supporting Android-enabled devices.

Each mobile device provides its own set of security vulnerabilities. Additionally, mobile equipment has less evolved security applications – most have no anti-virus or anti-spyware protection on the devices themselves. So endpoint devices are among hacker’s preferred targets.

According to the Juniper Networks Malicious Mobile Threats Report 2010/2011, there was a 400 percent increase in Android malware between June 2010 and January 2011.

To take advantage of the productivity offered by web-enabled endpoint devices, including laptops, smartphones and tablets, it is essential that firms adopt policies and procedures that protect enterprise data while enabling staff to use the mobile devices that best fit their needs.

Use Best Practices for Endpoint Security Solutions
There are a number of established best practices for endpoint security management- among these observances are:

  • Require the staff to sign policies and usage statements for all endpoint devices, including those owned by the business and employee-owned equipment. Policies and usage statements should clearly state the security and support that IT will provide, so it is responsible only for those apps and services that IT delivers and approves.
  • Use the cloud layer to route all network requests such as email and server access to block security threats before they can do any damage.
  • Place security solutions in the cloud. This method enables the enterprise to provide central endpoint device management and security rather than going to each device to install security applications.
  • Use the cloud layer to provide authorization capabilities, allowing workers to access different areas of the network, depending on their needs. For example, an auditor might need access to sensitive corporate financial information, while a customer service representative would need to access customer transactions.
  • Delete corporate information from endpoint devices in the event that they are lost or stolen or if the employee’s relationship with the company ends. The Juniper malware study reports that 1 in 20 mobile devices were lost or stolen.

The Latest VoIP Solutions

Many SMBs and SOHOs are walking away from their traditional phone companies and moving to the Internet for their telephony needs. In tech jargon, they’re switching from POTS (“plain old telephone service”) to Voice over IP (VoIP, pronounced as one word). Read on to find out what it is, why you should use it, and what to watch out for.

VoIP lets you make phone calls over the Internet with a number of advantages over your landline. It gives you low calling rates, especially when making overseas calls; excellent voice quality, rather than the muffled squawk of a traditional phone; and extra features (or easy access to the hard-to-use features you already have).

A phone using VoIP is different from a regular phone; instead of connecting to an analog phone line, it connects to a computer. That computer is usually called a VoIP gateway, and it’s the bridge between the handset and other telephone users.

Breaking it Down: VoIP Types

 

Cloud vs. Local

The gateway connects you to the regular telephone network, or to other VoIP users. Your gateway might be on-site, or it might be a hosted service—“in the cloud”—that you connect to via the Internet.

Running it yourself might be a good option if you have the expertise in-house, but for most people, a service is the simplest and least expensive option.

 

Which System?

Classical VoIP is based on Internet standards like SIP and RTP. The best-known example of a commercial service like this is Vonage; the best-known in-house product is probably the Cisco UCM Suite.

Some newer systems are based on a different standard, called Asterisk. This is a robust, battle-tested system supported by many vendors, including Fonality.

(Normally, you can ignore all this nerdy alphabet soup, but it’s helpful to know which standards your system uses, in case you ever need to know about compatible add-ons.)

No discussion of VoIP software would be complete without mentioning Skype. It’s probably best known as a consumer-focused, free, peer-to-peer service, but the company also offers a service aimed at businesses of all sizes. It’s not just a program you run on your computer; you can also buy dedicated desk phones that work with Skype.

 

Security

One of the advantages of VoIP over regular phone service is the extra security. In the VoIP world, voice scramblers aren’t just the preserve of the military.

It’s similar to working with a secure website, such as your bank. By enabling encryption, you get privacy for your business communication, plus authentication (i.e., protection against call rerouting).

While we’re on the subject of security… remember to stay safe. If your users connect to any Internet services—including VoIP—make sure they’re protected with business-class security.

Also, check with your provider about emergency calling (911 in North America, 112 elsewhere). Some providers do a better job than others of routing your call to the correct dispatcher for your location.

Moving to the Cloud

Why move to the cloud? There are plenty of good reasons, but mainly it makes good business sense. You can call it efficiency, or call it doing more with less. But whichever spin you prefer, cloud computing lets you focus on what’s important: your business.

Cloud computing can be used for almost all types of applications, not just business security. While the idea of cloud computing can sometimes seem hard to grasp, it’s clear that it saves its users money – especially SMBs, including small office/home office (SOHO).

Plenty of oh-so-clever industry people will tell you what cloud computing is and isn’t. Here’s my simple view: It’s what we used to call software as a service (SaaS), but it’s set up so it’s easy to switch on, simple to expand and contract, and usually has a usage-based pricing model.

Read on to discover why moving to the cloud will save you money in five ways (six, if you’re picky)….

 

1. Fully utilized hardware

Cloud computing brings natural economies of scale. The practicalities of cloud computing mean high utilization and smoothing of the inevitable peaks and troughs in workloads. Your workloads will share server infrastructure with other organizations’ computing needs. This allows the cloud-computing provider to optimize the hardware needs of its data centers, which means lower costs for you.

 

2. Lower power costs

Cloud computing uses less electricity. That’s an inevitable result of the economies of scale I just discussed: Better hardware utilization means more efficient power use. When you run your own data center, your servers won’t be fully-utilized (unless yours is a very unusual organization). Idle servers waste energy. So a cloud service provider can charge you less for energy used than you’re spending in your own data center.

 

3. Lower people costs

Whenever I analyze organizations’ computing costs, the staffing budget is usually the biggest single line item; it often makes up more than half of the total. Why so high? Good IT people are expensive; their salaries, benefits, and other employment costs usually outweigh the costs of hardware and software. And that’s even before you add in the cost of recruiting good staff with the right experience.

When you move to the cloud, some of the money you pay for the service goes to the provider’s staffing costs. But it’s typically a much smaller amount than if you did all that work in-house. Yet again, we have to thank our old friend: economies of scale.

(In case you worry that moving to the cloud means firing good workers, don’t. Many organizations that move to cloud computing find they can redeploy their scarce, valuable IT people resources to areas that make more money for the business.)

 

4. Zero capital costs

When you run your own servers, you’re looking at up-front capital costs. But in the world of cloud-computing, financing that capital investment is someone else’s problem.

Sure, if you run the servers yourself, the accounting wizards do their amortization magic which makes it appear that the cost gets spread over a server’s life. But that money still has to come from somewhere, so it’s capital that otherwise can’t be invested in the business—be it actual money or a line of credit.

 

5. Resilience without redundancy

When you run your own servers, you need to buy more hardware than you need in case of failure. In extreme cases, you need to duplicate everything. Having spare hardware lying idle, “just in case,” is an expensive way to maximize uptime.

Reduce Your Investment

Trojans, worms and spyware sound like elements straight from a summer blockbuster, but the kind of action/adventure they provide on your PCs, Macs, smartphones and tablets make them more like a horror movie.

By deploying effective endpoint security, you can help prevent attacks and keep your users safe from viruses and other malware, such as spear phishing and advanced persistent threats. Today’s  state-of-the-art endpoint security has come a long way from its early roots in “antivirus” and has morphed into a complex suite of sophisticated protections against modern threats.

But good protection isn’t free; so, how can you save money, while still protecting your computers? Here’s how to reduce your investment….

 

Keeping users safe

In an ideal world, users would be perfectly security conscious. These mythical users wouldn’t:

  • Click on suspicious links.
  • Open file attachments emailed by criminals pretending to be their friends.
  • Respond to phishing messages that appear to be from a bank.
  • Disable software updates because warnings and reboots are annoying.
  • Disable a security product because it slows down their PC.
  • Install free software from an untrustworthy developer, because their friend liked it on Facebook.

Sadly, our world is less than ideal. Much, much less: A recent report said that 86 percent of U.S. businesses surveyed had lost sensitive data during the previous year.

User awareness training helps, but it isn’t sufficient. That’s why your endpoints need securing. Doing so helps prevent your users from accidentally exposing sensitive business information, such as your  banking credentials, secret-sauce recipes or future product plans.

 

Save time and money on endpoint security

Your challenge is to protect your users while minimizing costs: How do you save time and money, while keeping your company safe?

Look for a modern endpoint security solution – not one thrown together from an old antivirus program and a fresh coat of paint.

 

How can you tell?

A start-of-the-art solution does the following:

  • Works intelligently in the background, without bogging down the user’s computer
  • Scans for malware in seconds, not hours
  • Uses a reliable, built-from-the-ground-up cloud security service to identify malware, not a huge signature file that’s quickly out-of-date
  • Works intelligently while offline, reconnecting with the cloud service to check changes made while disconnected
  • Fixes infected PCs, if necessary, by rolling back the computer’s state to a known-good point
  • Automatically monitors untrusted software executions to prevent infection
  • Allows you to enforce certain policy settings, such as use of USB ports, and prevents users from disabling security features
  • Doesn’t fight with competing installed products, to allow you to test it safely

Outsourcing about IT

Just a few short years ago, the image of an IT department for small and medium businesses was one of Dilbert-looking technicians noodling around with Cat 5 cable and speaking in a blend of Klingon and Robot. In other words, IT seemed completely remote, complicated and inaccessible to most employees. Additionally, each new hardware and software deployment, including installing malware protection, could take weeks to manually implement across the enterprise, and rarely went smoothly.

One solution – outsourced IT – has found greater acceptance in the past few years as its benefits have become more tangible to even small businesses. It is estimated that globally, 74 percent of companies use some form of outsourced IT solution, up 25 percent from 2009.

Read further for compelling reasons why a small or medium business should consider the IT-outsourcing trend.

 

Cost savings

Moving IT off-site can save an SMB thousands of dollars per year. As most business decisions are predicated on the bottom line, this is often the main driver in the decision to migrate. Areas of savings include:

Reducing hardware expenses. Servers, storage, cabling, cooling, and datacenter square footage expense can now be on a cloud vendor’s dime, not yours.

No salary or benefits expenses for IT employees.

Potential tax savings by converting capital expenditures (servers), that depreciate slowly over time, to a monthly cost which can potentially be deducted in the current tax year.

 

The latest software versions – hassle-free

Outsourcing IT means software, including malware protection for endpoints, can be updated automatically by the provider. This obviates the need for a local tech to run around taking workstations offline for upgrades.

Furthermore, updating software not only unlocks newer features, but also closes exploits in older versions that might allow hacker penetration. So it’sworth exploring any platform that can make this process painless and automatic, such as a cloud service.

 

Focus on your business, not technical issues

Anyone who survived working in Corporate America from the 1980s onwards is familiar with the spectacle and lost productivity that accompanies the proverbial “system going down.”

When outsourcing IT to the cloud, this nightmare occurs less often as data is often distributed redundantly across many servers that are monitored constantly, leading to greater stability and uptime, and less worrying about IT matters.

 

Improved security

Reputable outsourced IT providers are dead serious about security against malware, zero-day hacks and other intrusions and constantly monitor and update their protection schemes.

For most SMBs, outsourcing will provide a more frequent and secure back-up solution than their existing IT setups. Furthermore, as the data is kept off-site, it is well- protected from a local catastrophe, such as a fire or flooding.

 

No new employees to manage when scaling up

Scalability is easy with outsourced IT – simply contact the vendor for more storage, memory and processors as needed. There is no longer any need for job postings, interviews, expensive training, personality clashes, worker’s compensation or other common HR issues and liabilities just to get tech personnel to handle the increased operations.

Proactive About Potential Breaches

Are you tiring of users continuously badgering you to get corporate network access for their mobile devices?  Does your corporate management want to buy tablets for the sales team? If so, your small- to medium-sized business (SMB) needs to start proactively addressing mobile security breaches such as malware.

Modifying your existing security policies and protocols, establishing new policies and educating your mobile workforce are economically sound frontline solutions for securing your corporate enterprise and trade secrets.

Here are some tips on how to address mobile device security breaches beforethey happen:

  • Establish corporate information access guidelines. It’s important to pre-determine how mobile device users will access corporate information. Will users download data to devices? Will they access the data remotely? The answer will vary from company to company, so be sure to consider your situation uniquely.  If your company has to be in compliance with a regulatory body like PCI Data Security Standards (DSS) or the Health Insurance Portability and Accountability Act (HIPAA), then consult with your auditor before enabling network access to mobile devices.
  • Establish device control policies. Bring Your Own Device (BYOD) can be full of benefits like saving on corporate hardware purchases and increasing productivity for your mobile workforce and SMB. However, the negatives can outweigh all those positives when a BYOD device brings malware into your network. Create a policy that governs how your corporate IT staff can gain control over a personal device, while maintaining your network security. Include information about how to keep personal information private (e.g., via a mobile device backup strategy that doesn’t touch personal data) and define corporate ownership over data and applications.
  • Enforce device-level security.  Both corporate-owned and personal devices should have secure passwords and screen locks; document this requirement in your mobile device policies. In addition, make sure it’s clear that both personal and corporate mobile devices maintain up-to-date corporate-approved (and preferably corporate-managed) antivirus and security software installed to guard against malware and other security risks.
  • Develop and deliver mobile workforce security training. Education can be just as powerful a security tool as technology. Develop and deliver mobile workforce security training built around keeping your mobile workforce productive and prepared to be the first line of defense against malware and other security threats to their mobile devices. Spell out your corporate policies and include a participant sign-off stating that they understand and will abide by the policies.
  • Determine deal breakers for your mobile device policies. In establishing mobile security policies – regardless of your industry – there are going to be deal breakers when you have to deny certain user requests.
    Deal breakers might include devices not running the current version of its OS, or they may be jail broken. There should also be a defined escalation path for deal breakers so the denial can be dealt with in an official manner with reasons formally documented in your mobile device security policies.

Is a Big Data Mean to Your Business

First there was dot-com. Then web 2.0. Then cloud computing. Now it seems “big data” is catching all the headlines.

Big data is the term used to describe the enormous datasets that have grown beyond the ability for most software to capture, manage and process the information.  But volume is not the only way to define big data. The three Vs generally used to describe big data also include the multiple types – and sources – of data (variety) as well as the speed (velocity) at which data is produced.

If you need more perspective, think about this for a second: According to IBM, 90 percent of the data in the world today has been created over the past two years. That amounts to 2.5 quintillion bytes of data being created every day.

 

How can big data help me?

Big data may seem to be a bit out of reach for SMBs, non-profits and government agencies that don’t have the funds to buy into this trend. After all, big usually means expensive right?

But big data isn’t really about using more resources; it’s about effectively using the resources at hand. Take this analogy from Christopher Frank of Forbes who likened big data to the movie Moneyball: “If you have read Moneyball, or seen the movie, you witnessed the power of big data – it is the story about the ability to compete and win with few resources and limited dollars. This sums up the hopes and challenge of business today.”

Specifically, it shows how organizations with limited financial resources can stay competitive and grow. But first, you have to understand where you can find this data and what you can do with it.

 

Big data strategies

Ideally, big data can help resource-strapped organizations:

  • Target their market
  • Make better decisions
  • Measure feelings and emotions

 

Targeted marketing

Small businesses can’t compete with the enormous advertising budgets that large corporations have at their disposal. To remain in the game, they need to spend less to reach qualified buyers. This is where it becomes essential to analyze and measure data to target the person most likely to convert.

There is so much data freely accessible through tools like Google Insights that organizations can pinpoint exactly what people are looking for, when they are looking for it and where they are located. For example, the CDC used big data provided by Google to analyze the number of searches related to the flu. With this data, they were able to focus efforts where there was a greater need for flu vaccines. The same can be done for other products.

 

Decide

Big data can be like drinking from a fire hose if you don’t know how to turn all the facts and figures into something useable. But once an organization learns how to master the analytical tools that turn its metrics into readable reports, charts and graphs, it can make decisions that are more proactive and targeted. And only then will it have an intimate relationship with the “big problems” affecting the business and an understanding of how to improve its situation.

 

Social eavesdropping

A majority of the information in big data comes from social chatter on sites like Facebook and Twitter. By keeping a close eye on what is being said in the various social channels, organizations can get a bead on how the public perceives them and what they need to do to improve their reputations.

Take the paper “Twitter mood predicts the stock market” as an example. Johan Bollen tracked how the collective mood from large-scale Twitter feeds correlated with the Dow Jones Industrial Average. The algorithm used by Bollen and his group predicted market changes with 87.6 percent accuracy.

Imagine what you could do for you organization if you could track how people felt about you.

 

Considerations

Data has always presented a problem when it comes to security; it’s a primary target for cyber attacks because the bad guys know that it is one of the most valuable resources a company has.

Do You Need Management Device

Visions of kicking back and working from the beach with a piña colada in one hand and an iPad in the other are no longer just flights of fancy for many workers. Businesses are finding that it really is possible for employees to work remotely on their own devices without losing any productivity.

As a result, many companies are measuring the benefits of employees working remotely against the logistical issues inherent in developing a mobile device management plan.

There are many tangible benefits of BYOD (Bring Your Own Device), including:

  • Reduced equipment costs
  • Increased employee satisfaction and efficiency
  • Decreased IT staff burden (since employees maintain their own equipment)
  • Reduced office space square footage (as workers are mostly off-site)

The risk in BYOD is that these devices can potentially expose security vulnerabilities not directly supervised by IT staff or addressed by corporate antivirus solutions. This is where the need for mobile device management comes in.

 

A new landscape of threats

Tablets and smartphones are arguably less secure than desktop PCs and laptops because they lack pre-installed malware protection. Most computers include at least a trial version of an antivirus suite, but for the newest mobile gadgets, individual users and IT managers are on their own to search for and install mobile endpoint security management.

This vulnerability has not escaped the attention of hackers, who unleash creative new threats like SMS text messaged-based attacks on a daily basis. The old-school virus, while still annoying, does not hold a candle to the damage caused by these new approaches in cybercrime, which include more sophisticated Trojans, keyloggers, phishing attacks and malicious apps than ever before.

 

Maintaining security while not breaking the bank

Enforcing a ban on these devices is a near impossibility, but there are options for businesses on a tight budget to maintain security:

  1. The first cost-effective step is to immediately establish protocols regarding these devices in the workplace, including guidelines for acceptable use, forbidden applications and how to avoid dangerous activities, such as browsing certain questionable sites while connected to the company’s Wi-Fi.
  2. Next, evaluate your current solutions to see if they can be modified to protect BYOD devices through password enforcement, remote wiping or other protective measures.
  3. If the quantity of devices or sensitivity of data requires a more robust solution, explore whether the use of Mobile Device Management (MDM) software makes sense. MDM provides a centralized platform to manage all BYOD devices and is recommended if IT personnel are spending an inordinate amount of time securing tablets and smartphones – or if the sheer variety of devices and new threats tests their expertise.

 

Main components of an effective MDM program

If you determine that an MDM service is appropriate, how do you choose one? Use the following as a mini-checklist to cover the major recommended features:

  • Cloud-based, so updates are automatic and painless
  • Remote configuration and monitoring
  • Passwords, blacklists and other security policies enforcement
  • Backup/restore functionality of corporate data
  • Logging/reporting for compliance purposes
  • Remote disconnection or disabling of unauthorized devices and applications
  • Scalable, so new users and increasingly sophisticated devices can be accommodated easily

Rethink Your Endpoint Security

For those reluctant to say goodbye to signature-based malware protection, read on for the first of a four-part series that delves into why small and medium-sized businesses should rethink their current solutions and explore cloud-based strategies for endpoint protection.

 

We are gathered here today, with not-quite heavy hearts, to say farewell to a constant companion. Our “friend” was part of our daily lives, popping up at the oddest times, seemingly just to say “hi,” or – as in any other high-maintenance relationship – demand we drop everything to give it some attention right now.

Imperfect, needy and often intrusive, we nonetheless tolerated its presence as a necessity in this cruel, crazy world full of bad guys – until something radical came along that made our “friend” a casualty in the unceasing conflict that can be called “The Malware Wars.”

The radical new element in the fray? The cloud. So, join us in saying, “Rest in peace, signature-based antivirus program,” and, “Hello, cloud-based endpoint security strategies.”

 

The changing world of web threats

Signature-based antivirus protection arguably peaked in the late 1990s and has been playing catch-up with the blackhats ever since. File injection and other basic virus types were mostly supplanted by Trojans, worms, backdoors and other stealthier nasties, which the big antivirus companies responded to slowly, as these threats did not fit their model of a virus.

Demonstrating how ineffective some solutions are to this day, the notorious 12-year-old Back Orifice 2000 Trojan is still infecting machines, and one out of three web malware encountered in 4Q 2011 were zero day threats, which are completely undetectable by signature-based schemes.

Hackers are also increasingly using social media scams and phishing, with even LinkedIn notifications becoming fair game for delivering exploits. It is clearly a more complicated world in the security space, and only getting worse.

 

New devices, greater risks

Apart from this ever-present development of increasingly sophisticated malware, endpoint security strategies must take into consideration the proliferation of mobile devices used to access workplace email accounts, enterprise Wi-Fi connections and even corporate VPN tunnels. From a security viewpoint, this is a nightmare, especially because mobile devices are fast becoming the number one target for hackers, with both the iPhone and Android devices being compromised in greater numbers.

As downloading antivirus software and updating signatures on every single employee-owned device by IT personnel can prove impossible even for SMBs, it demonstrates that the signature-based approach is broken, and any solution needs to be easy to implement on both current and future endpoints for it to be considered viable.