fbpx

Let’s Get This Straight

If you own and use a computing device, either for work or in your personal life, then it is vulnerable to malicious misuse by unknown third parties.

Please note I used the term, “computing device”. This will obviously include a computer running Microsoft Windows, probably one of the most targeted platforms by attackers. And why not, we live in Microsoft Windows world – and with so many systems out there the odds increase that lazy and/or unknowledgeable users will have skipped updates and patches so leaving them open to abuse.

Up there as a worthwhile target of opportunity are the predominantly Linux servers that run the internet we know and love. Compromise one of those and there could be a big pay day for the attacker – or just bring them down, for the column inches and the prestige of their peers.

When my engineers are helping our clients and when I am in meetings discussing the specific issues of compliance, security and governance, we still hear that people in business have bought an Apple Mac because it is invulnerable to hackers! Just read the following article:

Serious MacOS Vulnerability Patched – Schneier on Security

This thought process must stop because everyone thinking this and relying on the technical knowledge at Cupertino (Apple’s HQ) for their protection is giving the attackers a wide stream of attack vectors that just makes the internet worse for them and all other users.

Then we come to smartphones and tablets. First Android devices – they are vulnerable, so take these steps:

  • Install some type of protection software – at Octagon (and many of our clients) all our Android users have ESET protection software on their devices. This is written into our policies and procedures for any device that handles Octagon information.
  • Get your apps through the Google Play Store – there is a degree of curation that gives confidence that the apps are “honest”. But it is not guaranteed.

Now let’s look at iPads and iPhones. The first thing is that unlike Android devices where the OS is deployed by a variety of manufacturers who may or may not keep the security updates flowing, Apple controls both the hardware, operating system and apps from the “walled garden” App Store. This is an advantage when it comes to security. ESET does not offer an iOS version of its protection software – low need, low demand, no economic point. But my thoughts have been turning to the possibility of there being a flaw in Cupertino’s plan to control the whole ecosystem and I am in the process of testing several iOS security apps on my devices for possible deployment across Octagon and out to our clients – that is unless ESET gets in the game.

There may be a chink in the Cupertino security structure on the horizon anyway. This month a number of legal cases around the world may break down the App Store “Walled Garden”.

Apple charged over ‘anti-competitive’ app policies – BBC News

Linus TechLinked

‘Two Goliaths’: Apple labels Epic’s Australian challenge to in-app purchases ‘self-serving’ | Apple | The Guardian

This blog is not about the business model or fairness but about security and a lowering of the “walled garden” that may expose countless more devices to malicious software.

Make sure you are getting advice and support from channels that have your best interests in mind and are thinking about your business goals and reputation when they supply you with solutions.

Clive

Clive is the CIO at Octagon Technology with special responsibility for data privacy and security. The world of business technology is constantly changing and to meet this challenge he recently graduated from Edinburgh Napier University with an MSc in Advanced Computer Security and Digital Forensics. His dissertation was on data privacy in small businesses using Microsoft 365 for business.

The degree is not the end of the studying – to keep current Clive spends some of his time at work simply reading and studying the latest technology trends and threats so our clients can benefit from this knowledge. This knowledge also shapes and supports the products and services our people deliver to the clients.

To fully use Clive’s new Master’s degree in Computer Security, Clive and Diana have a joint venture with an international research company to get access for our clients to up to date information, schemas, analytics, templates, actionable tools and guidance. Whatever the size of your organisation if you are not approaching IT, security and privacy in a way that supports and benefits you, they can help, from the boardroom to the shop floor. 

If you would like to discuss any of these matters with Clive, email me at kamila@octagontech.com and I will organise a video meeting for you. He will be happy to answer questions about your particular issues.

Kamila

General Manager