Category Archives: Blog

Tescos Online Banking Thefts

Tescos Online Banking Thefts

Tesco Bank is reported to be working with the National Crime Agency to investigate an incident where suspicious transactions resulted in money being taken from thousands of customer current accounts.

Money Taken.

In what was described by Tesco as a ‘sophisticated’ attack last weekend, suspicious transactions were spotted by Tesco’s automated monitoring systems in an estimated 40, 000 customer accounts. In what many security commentators are saying appears to be a bank hack on an unprecedented scale, Tesco moved to suspend all transactions while the event was taking place.

Unfortunately there have been reports that despite Tesco’s attempts thwart the attack, money was actually taken from 9,000 current accounts.

Refund Pledge Made Good.

Tesco is reported to have already made good on a pledge to refund any money taken from the customer accounts in the attack. Latest reports show that the 9,000 account holders affected have now been given a total of £2.5 million in refunds.

Core System Thought To Be Safe.

Security commentators have suggested that because customers were still able to ATMs the indications are that the core computer system looks unlikely to have been affected. Tesco did, however, suspend online debit transactions and blocked customers from making online payments using their debit card since Sunday to prevent further criminal activity.

Not Many Current Accounts.

Although Tesco Bank has 7.8 million customers, it only has 137,000 current accounts, with the rest of the business being based around loans and credit cards. This is a much smaller number of current account customers than the big 4 banks of Lloyds Banking Group, HSBC, Royal Bank of Scotland and Barclays.

The majority of Tesco Bank’s business is carried out via an online app, and therefore cyber security is a key concern. This latest attack has therefore come as a major shock, and looking on the plus side, Tesco Bank was able to spot the incident early, take preventative action, and start warning customers by text, and promptly issue refunds.

Via Website.

The speculation by some security commentators at the time of the attack was that criminals may have been able to exploit an issue in a third party’s connection to Tesco’s website to get in.

Tesco, however, have since stated that they know the exact nature of the attack but are not able to say more because it is part of a criminal investigation.

Tesco Bank Chief executive Benny Higgins has apologised to customers.

What Does This Mean For Your Business?

The financial sector has been warned about the likelihood of cyber attack attempts and, as customers, it is frustrating to hear that major banks can be affected in this way.

As bank customers, the kinds of precautions we can take are to make sure that we have a very strong password (one that isn’t used elsewhere), and to make sure that the security software on the PC, phone or tablet is kept up to date.

It is also important to watch out for phishing emails. It may also be the case that we need to be extra vigilant in the wake of an attack as some cyber-criminals have been known to send out spam (posing as updates from the affected company) in order to trick customers into parting with their password details.

It is noted that were the speed of response not as quick, the impact could have been a lot worse. This reinforces the fact that all companies need to maintain disaster recovery plans and policies to adhere to in the event of a major issue.

Flat Growth in IT Spending 2016 Thanks to Brexit

Flat Growth in IT Spending 2016 Thanks to Brexit

U.S. IT research and advisory company Gartner has warned that IT spending in UK is set to suffer as a result of Brexit uncertainty, and the resulting loss of business confidence, and the falling value of the pound.

Spend Slump

The uncertainty surrounding Brexit appears to have been contagious and a recent warning from a U.S. perspective shows that worldwide growth in IT spending in 2016 is likely to flatten out to $3.41 trillion as a result. This may sound like a pretty large number in itself but the knock-on effect of the UK’s momentous decision is a growth rate that is now only slightly inflated from an outlook of negative 0.5%.

In terms of the UK, last year’s IT spend was £123.9bn but the Brexit aftershock means that this figure could be reduced by as much as 5% in 2016’s IT spending.

Why?

The erosion in business confidence, a falling pound, price increases, and general uncertainty about what happens next all indicate that for the rest of 2016 at least the UK could be under a post Brexit cloud.

Companies may therefore choose to reduce or cut discretionary IT spending and may delay or even pull out of the kinds of mergers, acquisitions, and expansion projects that would have had a large IT spending element to them.

A Decline in Sterling

The downward trajectory of UK sterling for example has meant that US based PC maker Dell has announced a price rise to UK retailers this week. Sterling’s decline also looks likely to affecting other IT costs. For example, companies who have not already paid the annual maintenance fee on their software will notice a price increase for it because it is usually priced in dollars.

Workforce

It is also thought that as well as hitting tech spending, the UK technology sector will also take a hit in terms of software developers who work in the UK potentially being tempted away to work for higher salaries in other countries. Moving out of the UK may be especially attractive if the software developers are not British and if they feel worried about their status in the UK anyway when Brexit actually starts and Article 50 is triggered.

What Does This Mean For Your Business?

If you’re thinking of reducing your IT spend or are already being hit by price rises in that area it is probably little consolation to know that you are not on your own. It is of course important to balance the urge to delay and be cautious with the recognition that technology is still advancing and many of your competitors are still likely to be moving more aspects of their business to the cloud this year.

There are still likely to be some growth areas in IT spend such as in software, and particularly in customer relationship management (CRM) software. Datacentre systems’ spending is also set to increase by 2% this year on last year.

For businesses in the UK it may also be a case of looking at how much smarter they can work and look for lower cost but innovative solutions that can help to keep them competitive.

Secure Version of Popular WordPress SEO Plug-In Available From Friday

Secure Version of Popular WordPress SEO Plug-In Available From Friday

With WordPress being the most popular CRM style website platform, used by 26% or all websites, a security problem with a popular SEO plug-in within WordPress has been a serious issue. WordPress however have now fixed the flaw and you can update your website with the new version from this Friday.

What Was The Problem?

The WordPress system allows website owners to quickly and easily update and add to their website by adding all manner of code and functionality in the form of pre-written plug-ins’ that can be searched for, downloaded and installed automatically.

The security issue related to a flaw in the code for one of the very popular and widely installed plug-ins called “The All in One SEO Pack”, downloaded by 30 million users and estimated to be in use now in a million websites.

A ‘Bot Blocker’ component was used in the plug-in to detect and block spam bots based on their user agent and referrer header values, and it was in this element that the vulnerability was discovered.

Exploited

This Bot Blocker had a flaw in the code which meant that it could be exploited remotely by sending HTTP requests with specifically crafted headers to the website. Hackers then were able to put malicious Javascript into these headers that could be logged inside the tracked bot panel page, and then executed to steal an admin’s session token.

Totally anonymous users therefore could relatively easily get into a WordPress website that had the plug-in installed and store an XSS (JavaScript) payload in the dashboard without the website owner / administrator knowing. Finding the admin details is of course vital to hackers / cyber criminals being able to take over a website.

The seriousness of flaws in some aspects of WordPress has been highlighted several times in recent years such as when 26,000 WordPress websites with the Pingback function enabled were used as part of a botnet to launch DDoS attacks on other websites back in February this year.

What Does This Mean For Your Business?

The discovery of this latest flaw means that if your business website is a WordPress website that has the All in One SEO Pack installed you will need to make sure that you upgrade to this to the latest 2.3.7. version as soon as possible (after Friday), or you can make sure that you don’t have the Track Blocked Bots setting enabled in the website.

Roll-Up Screens Could Be With Us by 2017

Roll-Up Screens Could Be With Us by 2017

Imagine being able to roll up the screen (display) on your tablet or even to fold that tablet up into something the size of a smartphone. Prototype versions of folding and rolling displays are already here and technology commentators believe we could be using them as early as next year.

This Year

Back in January this year at the Consumer Electronics Show LG displayed an 18-inch prototype screen that could be rolled up just like a piece of paper. The prototype was an example of LG’s investment in and work with OLED, a light-emitting diode that contains thin flexible sheets of an organic electroluminescent material.

OLED

OLED is widely considered to be the successor to LED technology and one of its big advantages is that there is no need for a lighting back panel on the screen / display, and the lighting source used is very small. This means that OLED screens can be thinner, smaller and more power efficient.

Other Advantages

As well as enabling small foldable / rollable screens OLED has several other advantages including:

The pixels themselves produce the light, so when they need to be black they can be turned off completely rather than relying on a backlight. This means that OLED produces very vibrant images because of the very dark (absolute) blacks.

The faster refresh rate than standard LED-backlit gives a smoother more responsive display, thus improving the experience for the user. This can be particularly beneficial for gamers.

Why Rolling Screens and Foldable Devices?

Having thin displays that can be rolled means that there can be greater flexibility in the shape of devices in the future, and much greater flexibility in the types of places where displays can be installed. Some commentators see more opportunities in wearable technologies where flexibility of the display itself is important.

Challenges

Challenges to the wide scale use of OLED, rollable / foldable screens and devices are the fact that they may be prohibitively expensive for many people as new technologies tend to be in the early adoption stage.

There is also only a limited number of companies producing / using this technology in devices e.g. LG, and Panasonic, and therefore there is an element of scarcity.

Many challenges also exist to making devices fully flexible and foldable e.g. the need for batteries and other bulkier, less flexible components.

What Does This Man For Your Business?

This technology has so far only really been used in TV displays but it could clearly have so many other advantageous applications for businesses e.g. in display and promotional advertising, visual merchandising, mobile advertising, communications / telecoms products, and events.

The possibilities and potential uses however will have to wait a little longer for affordable and practical versions of the technology to catch up, and if (as commentators suggest) this may start happening as soon as next year then it could be exciting.

“Shadow IT” … Some Hidden Benefits.

“Shadow IT” … Some Hidden Benefits.

At IT Pro’s 2nd Collaborate and Communicate event in London this week, the UK country Manager for Dropbox suggested that instead of clamping down on ‘Shadow IT’, companies could actually benefit from some of the innovative solutions that it introduces.

What Is Shadow IT?

Shadow IT describes the apps and services that employees bring in to the company systems without going through the approved channels. These are their own ideas to solve their own specific work problems e.g. using certain apps such as Whatsapp or Slack to communicate with each other rather than using the official company email or other communications systems.

Where whole departments or companies then start to adopt these emergent IT solutions this is known as‘Stealth IT’.

Why Shadow IT?

The growth of Shadow IT in UK companies has several main drivers including:

  • Necessity – the mother of invention. There may be weaknesses in the current IT arrangements.
  • A more relaxed grip by IT departments on every aspect of IT in the company.
  • Tech-savvy employees who keep up to date with the latest developments and find better / quicker ways for their specific purposes.
  • Bring Your Own Device (BYOD) has allowed everyone to get used to staff bringing in their own hardware and software solutions in.
  • The high speed at which new technologies come to market.
  • Cloud computing, SaaS and PaaS applications enabling staff and departments to get around the official IT channels.
  • More employees spending more time away from their desk / the office and being allowed to work remotely or in a more antonymous way.
  • A lack of awareness an inability to mange and monitor every aspect of what staff are using.

Why Encourage It?

In terms of the comments by Dropbox’s UK country Manager Peter Mark van der Linden, you could say that it’s a case of perspective and publicity for their own product because Dropbox gained popularity by the Shadow IT process.

For example users brought the “magic folder” into eight million businesses, the businesses then saw the value of the product and then requested an ‘official’ business version which Dropbox were obviously happy to provide.

Although there are of course security and compatibility issues based around the idea of people introducing their own unapproved IT methods to the workplace, allowing it to continue could mean that innovative and up-to-date solutions are found that ultimately could work better than the approved ways of doing things.

What Does This Mean For Your Business?

Rather than seeing Shadow IT as a threat to control, security and the strategy of the business, you could choose to see it as a potential area adding value and bringing innovation into the company. At the very least it could be a way to highlight the shortcomings of IT decision makers in the company, identify weaknesses within IT that caused the need for the shadow alternative in the first place, and to identify potential IT stars and innovative problem solving talent in the company.

Secret Messages That Delete Themselves Trialled By Facebook

Secret Messages That Delete Themselves Trialled By Facebook

A new secret messaging service for Messenger app is currently being trialled by Facebook. Users can choose which single device to use the service on, and can then specify how long the messages last on that device before they become hidden or are deleted.

Why?

According to Facebook, this service could be useful to those wishing to discuss all manner of very private matters such as health and financial issues. Services like Snapchat already use a disappearing message system and this new secret message service from Facebook is their 3rd attempt at launching something similar.

What’s Special About It?

One key aspect of this new service is that it uses end-to-end encryption to make the conversations on Facebook Messenger secure. Facebook themselves for example will not be able to read the messages being sent via this service unless one of the parties involved in the conversation reports or sends the details to Facebook.

Limitations

One clear limitation of the new “secret conversations” service is that users are tied to one single designated device when using it. This means a conversation can’t be carried on from desktop to mobile to tablet.

Another limitation (or advantage depending on how you look at it) is that conversations on this service can only be one-to-one. At the present time the service does not support rich content such as images, videos, or making payments and it also doesn’t support chatbots.

Secure?

The encryption aspect of the service clearly adds an important secure dimension to the service. The fact that the new service has been built using an open, widely used standard therefore could be a potential area for security concerns. The service is however reported to be built on the reliable protocol called ‘Signal’.

Limited

The secret conversations service is being tested on a limited basis at present although it is believed that this could be expanded later this summer.

What Does This Mean For Your Business?

If the secret converations service is used for business / commercially sensitive conversations it could of course have security advantages e.g. the encryption of the messages, the fact that the messages are only received / sent by your personal devices and therefore can’t be found on / recovered from other devices, and that messages can be set to disappear after a time period.

This means that even if you lose that device / have the device stolen the messages may still not be read by others.

Techie Buzz! Cyberloafing

Nigel FloodTechie Buzz! Cyberloafing

Don’t know your bits from your bytes? Don’t worry! We helpfully explain a tech term each month to keep you in the loop. This month we ask are you Cyberloafing?

Are you a Cyberloafer? Or do you think your employees are Cyberloafers? Well, the truth is they probably are and so are you. Cyberloafing is the act of spending time at work on the internet and doing anything but work.

You know… twitter status updates, snooping on friends, enemies and exes on Facebook and playing Angry Birds.

In fact, it’s estimated between 60% to 80% of the time employees spent on the internet at work has NOTHING to do with work, according to an NBC News Survey in 2013. It wasn’t exactly what the connected workplace was supposed to be about.

The Worknet Network: Paul Coleman (Kingsbridge Insurance)

theworknetnetwork

Paul ColemanWe like to share the love by recommending people and businesses we work with and would gladly refer to you, based on how great we think they are. Today, we recommend Paul Coleman of Kingsbridge Insurance Brokers.

In a world of rising premiums, Paul has been our heroic insurance broker, managing to actually reduce our insurance costs this year.

Unlike the impersonal service and random pricing of some of the big insurance providers, Paul takes time to visit us at least once a year and understand our business so he can arrange appropriate cover. He also ensures we don’t have cover we don’t need (and which we’d pay for under less personalised cover).

The thing we really like about Paul is his transparency. He’s even gone so far as to separate out his fee so we can see clearly what he is being paid and what we’re paying to the insurance companies. Now, who else would do that?

If your business insurance renewal date is looming, we’d heartily suggest dropping Paul a line to see whether he can wow you with his service and bring your renewal costs down.

Call him on 0118 960 2412 or visit the website for Kingsbridge Insurance Brokers at www.kibl.co.uk

And tell him we sent you!

Sector Focus: Recruitment

Sector Focus: Recruitment

There simply isn’t a sector or industry in the UK The Cloud doesn’t affect in some way. In our  regular series, we’ll take a look at a specific sector to find out how cloud technology is making a difference. This month, we go undercover in recruitment.

The recruitment sector may have had a tough time of it during the recession, but things are seriously looking up. With increased confidence in the marketplace and companies – particularly small businesses – now looking to expand, the outlook for recruiters is rosy. According to figures from the Recruitment and Employment Confederation from April, a huge 69% of small businesses are looking to hire, with the key sources being local recruitment agencies and word of mouth referrals.

As well as an opportunity, this puts pressure on agencies who already face
several key challenges:

1. Being able to scale up as well as down, depending on the seasonality of recruitment and responding to the changes in the marketplace. Often these changes happen in a matter of weeks rather than months, so responding quickly is key.

2. Information management. The traditional filing cabinet and paperbased
recruitment office is being replaced with more centralised documentation systems to prevent duplication and improve workflow.

3. Security of data. The holding of sensitive confidential data on clients and candidates is a potential minefield if ever compromised. Not only do information security policies need to be implemented, there needs to be a full disaster recovery policy in place with regular backups undertaken to ensure no loss of recruitment client and candidate data in the event of disaster or theft.

Within the recruitment sector, cloud services are affecting the industry on two levels. On an infrastructure level, cloud computing technology, such as Hosted Desktop offers a new way of working for recruitment offices.

Previously, recruitment offices had to utilise an in-house server – bringing with it all the issues of in-house IT – at once a costly and inefficient use of resources from the traditionally
lean operation most recruitment consultancies run.

This application of cloud technology has helped remove one major concern over security of data. As a cloud solution, confidential customer and client data no longer needs to be held
in a physical location, where it may be susceptible to flood, fire, theft or general damage.

Unlike some other sectors, recruitment doesn’t suffer from a dearth of specific recruitment applications. Countless cloud-based recruitment software-as-a-service packages are  available promising applicant tracking, customer relationship management, financial management, client and customer portal access and other functions to help run and automate the recruitment function.

However, these are only recruitment-specific applications. Using these systems, if you were to use email or any Microsoft Office application such as Word or Excel, you’d still need licences and versions installed on individual desktops or laptops, or on your local server. Only through Hosted Desktop, would every element of the IT infrastructure be hosted off-site and fully-managed.

Of course, both hosted solutions work alongside each other. Hosted Desktop delivers all the infrastructure and resilience, support and remote working opportunity expected of a busy
recruitment office. And the 3rd party specialist recruitment applications are available to use as normal, either via their own cloud-based package or installed as an application on your
Hosted Desktop.

Perhaps the main area where cloud technology has made a difference is the ability of recruiters to expand and contract when needed. Users can be added and removed in hours
with the per user pricing structure, allowing temporary but immediate changes in the numbers accessing the system. Furthermore, this is done securely and in a controlled manner and almost eradicates the risk of data leakage or information theft. With everything automatically backed-up off-site on a regular basis, the problems of lost emails, missing documents and accidentally deleted files becomes a thing of the past, allowing a full papertrail (digitally, of course!).

Know a recuitment agency looking to take their business to the next level? Refer us and if they take up our Hosted Desktop package, they’ll get their first month of services free and you’ll receive the equivalent value off your services.

Simon Says: Broadband Connections

Simon Says: Broadband Connections

Our Technical Manager answers your questions about cloud computing or technology. If you’d like to ask a question please contact us at network@worknet.co.uk

Question: I’ve been a very satisfied customer of your IT support for many years, but now we’re thinking of making the jump to Hosted Desktop and all the benefits it entails. However, I’m concerned about two things:

1) our broadband connection here isn’t particularly fast so I’m not sure whether it will work and

2) as you know our desktop computers and laptops are getting on a bit and I suspect they’ll need replacing. Will we have to do this before we move to Hosted Desktop?

Thanks, Marie (by email)

Simon: Thanks for your question, Marie. Hosted Desktop is, indeed, a step forward from your traditional IT network with in-house server. Our Hosted Desktop package offers businesses, like yours, a completely resilient, fully backed-up IT network which doesn’t look or feel any different from what you have now, for a costeffective monthly fixed price. The benefit, of course, is because you’ll no longer have a server on-site. It will free up room in your office and all your data is safely and securely stored in an impenetrable Tier IV data centre in the UK so no chance of fire, theft or flood bringing your business down. You’ll also have full access to updated Microsoft Office applications, which means not having to mess about with
annoying upgrades, new licences and of course you can add and remove users as required. But enough of the sales job, let me answer your questions.

In answer to your first question, the speed of your broadband connection isn’t actually the important factor in whether Hosted Desktop will work for you. A quick, simplified explanation may help here.

With Hosted Desktop, the desktop you see everyday on your work computer is actually just  an image of your desktop running on a server all the way back at the secure data centre. Therefore, the only thing which needs to travel up and down your broadband connection is the image. A more important factor than outright speed is something called latency. This is the time delay between you pressing a key and the message travelling to the server to make the action, and then it travelling back to your screen so you can see that action on your monitor. As long as latency is good, Hosted Desktop will work perfectly in your office. There are limits to the speed, of course, but we find that almost all locations in the UK can now get a sufficiently good speed.

Your second question is actually related to the first. Because you are only using your work computer or laptop to display an image of your desktop on your monitor, it doesn’t need to have super-high processing power. Therefore you won’t need to replace any of your computers. In fact, you may even have a couple of older computer you can drag out of your store cupboard and put back into use!

Do you have a question you want Simon to answer or a concept you need explained?
No problem, just email Simon at network@worknet.co.uk

 

Refer us and save money on your services.Most of our business comes through the fantastic word-of-mouth you kindly give us and referrals. We like referrals and recommendations a lot. The reason is we know you’re a great customer, so we’re pretty sure you know some good people and businesses who would make great customers too.That’s why we’ve launched our Worknet Referral Scheme, our way of thanking you for your recommendation and rewarding you for referring people to our business.It’s really simple. Every person or business you refer to Worknet is offered their first month of services free and, if they take up the offer and become our customer, you’re rewarded with the equivalent value deducted from your services. There’s no limit to the number of people you can refer and no limit to the amount you can earn. Start earning moneyoff right now!