ICO – Name and Shame

The Information Commissioners Office is now naming and shaming any one found in breach, or nearly in breach, of the data protection act, irrespective of if it was deemed severe enough to receive a fine.

How does this affect you? What impact would slack security policies, have on your image? If you can’t prove you keep information safe, can you fulfil your other duties to your customers?

If you discovered that an organisation that you use, and that holds your personal information, had been named and shamed for lacking in data protection procedures, how would you react? Would you take your custom else where, to a company that had not been named in such a way? As a business can you even take that chance?

In a time where the competition for business is stiff, it is imperative that you don’t stand out from the crowd for the wrong reasons.

The ICO has the ability to hand out crippling fines to a business or organisation that they deem to be in breach of the Data Protection Act, but it also names on their website, companies that are close to being in breach.

As far as the ICO is concerned personal data is categorised as:

“Data which relates to a living individual who can be identified –

(a) From those data, or
(b) From those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”

It is your responsibility to ensure that all the information that you hold is properly handled and properly controlled. The ICO also has the right to use criminal prosecution, non-criminal enforcement and audit, as well as the monetary penalties against those that are found in breach.

“The Commissioner may impose a monetary penalty notice if a data controller has seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress.”

The question remains, what procedure should you have in place to ensure that you are not found in breach? 

Well as far as the ICO is concerned there are some very basic measures that you should have in place such as, Shredding all your confidential paper waste and training your staff,  and checking the physical security of your premises. 

But there are also other measures that need to be taken, for instance, encryption on your computer systems, taking  regular back-ups of the information on your computer system and keeping it in a separate location so that if you lose your computers, you don’t lose the information. Allowing your staff access to only the information they need to do their job, and strict rules on sharing passwords. You should be downloading the latest patches or security updates firewall and virus-checking on to your computers. And when it comes to disposing of old equipment, you must securely remove all personal information before disposing of old computers (by using technology or destroying the hard disk).

Making sure that you have the correct policies in place is priceless when you consider the implications of not doing so. Its not just peace of mind, its good business practice.

Why being Green needn’t make you Blue

"Sustainable development is development that meets the needs of the present without compromising the ability of future generations to meet their own needs." - Brundtland Commission, 1987

Paying attention to sustainable development is not just important to the pocket, but it can be especially sensible when so many potential customers and clients are actively seeking greener products and services.

Making environmentally conscious decisions about your business operations can be good for the bottom line. There is a misconception that in order to make a company greener it requires a cash injection, when in actual fact a lot of the changes are small, have very low overheads but make a difference and lower outgoings - actually saving you money.

As predictions about the availability of energy, water and other natural resources are validated, going green may also enable companies to keep customers and investors happy, maintain market share, become more efficient, it may also help avoid liability for environmental damage. For small businesses to be actively involved in sustainable development, they need to adopt environmentally sound business principles and translate these into action.

High oil prices and global warming are driving the move towards going green, the knowledge that our natural resources won’t last forever is increasing the number of customers and shareholders that are demanding a move toward the corporate social responsibility of a companies actions.

As far as an organisation is concerned adopting environmental practices is all about money. Taking on board environmental practices could help save money and gain new business, however some ‘green moves’ can be very pricey, but the deciding factor is often that going green helps companies enhance their public relations, how the public perceive an organisation can have a strong impact on company profit.

There are certain things as an organisation that you can do to make your company greener:

Perform an energy audit: Some utilities offer businesses free on-site consultations on how they can reduce usage and save money. Most common suggestions can include: Insulation upgrades, timers to automatically turn off lights, and energy efficient light bulbs.

Go paperless: Encourage e-mailing. When paper is necessary, print on both sides and use old letterheads/non sensitive documents as scrap paper.

Recycle: Recycle glass, paper, plastic, metal and manufacturing waste, and reuse packaging for postage.

Include Green issues in the Staff Satisfaction survey: Dedicate a section to Green issues within the annual employee survey.

Reduce commuting: Encourage carpooling, offer passes to employees who take the bus or train, add bike racks for cyclists.

Reduce business travel: Teleconference instead of travelling. For must-go trips, keep track of the miles driven and flown and buy "carbon offsets" to make up for the greenhouse gas emissions. 

Buy green: Tell suppliers that you're interested in sustainable products, set goals for buying recycled, refurbished, or used.

Detoxify: Talk to suppliers about alternatives to toxics, such as used batteries and copier toner, and make sure you properly dispose of the ones you can't avoid using.

Rethink transportation: Consider the fuel it takes to ship and receive products. Purchase or lease energy-efficient cars and trucks for business use. 

Provide leadership and resources for going green: - Assign a respected person to head up Green initiatives. Include “green" in your company's mission statement and business plans.

Get employees involved: Create a team to lead the company's eco-efforts and determine where you can have the biggest impact for the least amount of money.

Communicate Green issues: Inform suppliers and customers about your efforts. And get in touch with local regulatory agencies, many offer financial incentives to businesses that implement green initiatives.

Save water: Monitor sinks and toilets for leaks that waste water.

Explore alternative energy sources: Consider using solar energy, bio-fuels, wind power and other alternative energy sources.

Implement green manufacturing: Use energy-efficient equipment, and streamline processes.

Implement green policies: Establish policies and standards.

Becoming a Green company doesn’t need to cost the earth, but it just might save it. 

Microsoft turns up the heat on Internet scammers!

Microsoft has stepped up its ongoing battle against Internet scammers, by once again using the power of the U.S. court to dealing a blow to an emerging ‘botnet’ and taking off-line a provider of free Internet domains.

Microsoft used the same method that had worked in previous battle against Rustock and Waledac botnets. They asked a U.S. court to order Verisign to shut down 21 Internet domains that were associated with the servers that formed the brains of the Kelihos botnet.

The Kelihos botnet infected between 42,000 and 45,000 computers, which is a relatively small botnet however it was still distributing just under 4 billion spam messages every day, the majority of which were junk email’s related to stock scams, pornography, illegal pharmaceuticals and malicious software. Technically, the botnet looked a lot like the previously tackled Waledac, and some security experts think it may have been built by the same criminals.

The concept of a highly disruptive botnet that Microsoft had previously shut down in 2010 resurfacing under a different name, was not something that sat well within Microsoft's digital crimes unit. They felt compelled to take it down quickly to minimize, damage, and to make a point to other criminals that once a botnet was eradicated, it stayed that way, a point they feel has been effectively made.

Microsoft went further in the fight against reoccurring botnet’s by naming one of the domain owners, Dominique Piatti owned cz.cc and ran out of The Czech Republic a domain that had multiple issues. Malicious sites on Piatti’s cz.cc domain had previously been used to trick Macintosh users into thinking they needed to buy a fake security program, called MacDefender.

The order came from the U.S. District Court for the Eastern District of Virginia, Alexandria Division on Sept. 22 but it was sealed until Monday 26, and Piatti was served with a court summons in the case by Microsoft lawyers in the Czech Republic.

Security experts say that many subdomain hosting companies, which usually offer free domain-name registration, have opened up a lawless frontier of flood gates on the Internet where nearly anything goes. Making the internet a very dangerous place for those that do no have their whit’s about them, however alot of time and effort goes into botnet’s making them look as genuine and safe as possible. 

The only comment that Piatti was able to put on record was via email: " I would be glad to give you my side of the story, but I feel that I should hire a lawyer first,".

There is a bright side, and a positive message to come from this, the reassuring feeling that a leader such as Microsoft is taking a zeros tolerance approach, perhaps other companies will take heed and we can tackle internet crime together.

Lack of ‘cyber protection’ revealed in survey.

The Ponemon Institute has done more research into how well prepared IT and security professionals are for attacks on their cyber systems, the results are in, and it is abundantly clear that they are simply not prepared, at all!

The results of the survey, commissioned by Juniper Networks showed, that 84% of more than 1,000 IT and security professionals asked in the UK, Germany and France admitted to suffering security breaches.

For a staggering 44% of these organisations, the breaches cost them more than £220,000.

Cyber threats are progressing in both how regularly they occur, and how sophisticated they are, it is imperative that companies know how to protect their networks and their hardware.

As far as the UK is concerned, UK organisations reported several breaches, 55% of respondents admitting to two or more breaches in the past 12 months alone, and 91% admitting to at least one breach, these results are shocking and hammer home how vital it is to have dependable ‘cyber protection’ and what is truly shocking is that 6% of the UK organisations said they did not know if they had even had an attack!

The light at the end of a very dark and dangerous tunnel is that Rombus can help you protect your business as a whole by increasing your network security and ultimately your business stability.

Digital Advertising, More Bang for your Buck

The marketing and advertising industry has taken a particularly hard knock in recent economic downturn; however it appears that the online divisions are going from strength to strength.

Spending on internet advertising in the UK topped £3.5 billion in 2009, for the first time it beat television ad spending. This was a first for not only the UK, but internationally. The high in 2009 capped what can only be described as an extraordinary decade when, in 2000, internet ad spend topped £153m, a growth by 2,200 per cent. 

What does this mean for the average businesses? The truth of the matters is: your money reaches more people and goes a lot further through online advertising than it would through the use of other more traditional means of advertising. 

This is the first recession of the digital age, and know one truly knew the impact that it would have, but the increase in internet ad spending speaks volumes in showing that some areas of the media are more that merely getting by.

The transition for the more traditional marketing agencies has not been smooth or easy, which does not bode well for those businesses and clients who turn to those agencies to help them through the marketing landscape. 

Those who were slow to respond to the changing technologies and subsequent consumer habits are being punished for slow reactions by loss of revenue and wasted money on what is now considered as dead marketing. 

Internet ad spend is set to increase and those who have been reluctant to spend will now have to become much bolder in how they choose to not be left in the dark, this I believe will put traditional marketing agencies and media providers into very choppy water. 

Traditional methods step aside, the internet has truly come of age.

OBM Vs TAPE – The advantage of Online Backup versus Tape Drives.

Change is hard to deal with, especially when it comes to something as important as your system, should something go wrong it would put even the bigger companies in a very difficult position. 

Could you afford to loose a week of work? How would you manage if you were hit by a flood, or if your buildings went up in flames? Would your information survive? Could you keep trading the next day?

Everyone in business knows that it is wise to backup your computer system regularly. Some people do and some wisely store their backup in premises away from their office for added security. Others simply never get round to backing up their system. Making the decision to back you systems up is the fist step, but deciding how to do so is the next, you could choose traditional tapes, or your could look to the future and use Online Backup Management (OBM)

Without 100% reliable backup, your business is vulnerable in the event of fire, flood, virus, theft, power cut etc. It is very easy to forget to backup your data on a daily basis, you may not even get back to the office at the end of a busy day of seeing customers and the risks to your business remain. The most up to the minute, affordable and reliable way to backup your data is with online backup from Rombus Computers.

But lets break it down and see which is really better:  Tape Vs OBM

Level of Capital Expenditure:
Tape: High . Especially for larger data volumes, or complex backup requirements.
OBM: Low . An ongoing monthly operating fee, depending on how much data you want to backup.
Winner: OBM

Total cost of ownership:
Tape: Moderate . Together with hardware maintenance costs, there are often unseen human resource costs.
OBM: Low . Per GB monthly fees reduce as storage volumes grow.
Winner: OBM

Maintenance/Management:
Tape: High . Engineers are required to design, manage and maintain tape backup processes as well as recover data.
OBM: Low . Management of online data backup processes can be pushed to the user level.
Winner: OBM

Scalability (ability to handle growing amounts of data):
Tape: Low . Limited flexibility when storage volumes increase or backup strategies change.
OBM: High . The growth of the infrastructure can be managed enabling your data volumes to grow without concern.
Winner: OBM

Data Security:
Tape: Low . Tapes can be lost, stolen or damaged in even the most well managed tape backup procedures.
OBM: High . Copies of your data is stored in an encrypted format in a highly secure data centre.
Winner: OBM

Reliability:
Tape: Low . Tapes often suffer from reliability issues.
OBM: High . Data is stored in a highly secure data centre constantly monitored and engineers are on call. You can access your data via any computer with internet access.
Winner: OBM

Protection:
Tape: Low . Data is generally stored in an unencrypted format.
OBM: High . Data is encrypted when in transit and in storage, eradicating the risk of it being compromised.
Winner: OBM

Ease of Data Restoration:
Tape: Low . Time intensive processes are required in order for engineers to restore large data sets.
OBM: High . Individual or multiple files can be restored quickly and easily by the user.
Winner: OBM

Future Proof:
Tape: No . As storage technology evolves your tape backup investment can quickly become obsolete.
OBM: Yes. We continually invest in performance hardware to meet customers' storage requirements.
Winner: OBM

Required length of Backup window:
Tape: Long . Large data volumes and longer working hours are continually shortening tape backup windows.
OBM: Short . Backups take place instantly whilst users are working and incremental backups shorten the backup cycle.
Winner: OBM

Looks like OBM comes out on top. Tapes do work but the level of risk and cost is so high that it is destined to become a dinosaur of the technical age.

For more information on OBM go to: http://www.rombus.com/products/rombus-obm