In this article, we take a brief look at the importance of patch management in maintaining security.

Patches and Patch Management

Patches are the software fixes for known security vulnerabilities in software such as operating systems, third-party applications, cloud-platforms, and embedded systems. Patch management is the ongoing process of distributing and applying those important security updates to the software so that business computers and network devices are up to date and are capable of withstanding low-level cyber-attacks.

Why Is Patch Management Important?

In addition to patching to guard against potential security breaches through known vulnerabilities, patch management is also important for:

• Compliance and avoiding penalties for non-compliance (e.g. data protection)
• Maintaining and improving productivity and business continuity and avoiding costly disruption. Keeping patches up to date avoids crashes, outages, and downtime. Also, patches often include new features that can improve productivity.
• Guarding against additional risks posed by ‘Bring Your Own Device’ (BYOD) e.g. by installing patches across all devices, whatever their physical location.
• Keeping ahead of market developments.  For example, no new patches could indicate no new version on the horizon, thereby giving a heads-up to looking for alternatives for some software.

Patch Management Systems

Although patch management is an important (basic) security measure for businesses of all sizes to take, businesses with a large number of IT assets could find it particularly challenging without having a system of patch management in place.

A patch management system can involve teams or automated software determining  which tools need essential patches, how, and when. Installation can be centralised or installed separately on different devices. A patch system also involves testing code changes and deciding which patches are right for each software program, as well as developing and maintaining schedules for the installation of patches across different systems.

An example of the steps involved in developing a simple patch management system include:

– Carrying out an inventory of IT Assets and categorising them by risk and priority.

– Building-in the ability to scan the network and identify any missing patches.

– Developing suitable testing and evaluating patch stability.

– Setting up monitoring and evaluating systems for Patch updates.

– Making sure that backups are created on production environments.

– Making sure that automation can be built-in where possible, and that checks are in place to ensure the reliability of automation.

– Setting appropriate schedules and developing a guiding policy.

– Implementing the system.

Patch Management at Work

Keeping up with patch management is vitally important for an effective system. Common ways that businesses actually operate patch-management in the real world include enabling and using Patch Manager features in their Operating Systems and using cloud-based, automated patch management software themselves or through their MSPs.

What Does This Mean For Your Business?

Patching is not simply about maintaining cyber defences against old and new threats, but is also vital for maintaining compliance and productivity, and, therefore, business continuity and the avoidance of penalties and market fallout that could threaten the life of the business. Finding automated, reliable patch management systems can help businesses stay up to date, and focus more of their time on their actual businesses processes and marketing. Many businesses now trust the expertise and specialist knowledge of their MSPs to help them put effective patch management systems in place and to manage them on their behalf.

If you have Amazon Echo devices in your home (or office), the ‘Drop In’ feature allows you to use Alexa as an intercom through your Echo devices. Here’s how:

– Open your Alexa app.

– Tap ‘Devices’ (lower-right corner).

– Tap ‘Echo & Alexa’ to display a list of all of your Echo devices and enable ‘Drop In’ on each device.

– Scroll down to ‘Communications’ and select ‘Drop In’ (to select from ‘On’, ‘My Household’, or ‘Off’). ‘On’ allows only permitted contacts to Drop In, ‘My Household’ is so only devices on your account can Drop In. For no Dropping In, choose Off.

To Drop In (use the Echo as an intercom):

– For a specific device: say “Alexa, drop in on Living Room Echo” (or wherever the Echo is). The name of the device can also be used if you know it.

– For a group of devices, if there is more than one on in one area (e.g. the living room) say “Alexa, drop in on Living Room.”

– To speak to the whole household/all devices: ask Alexa to “Drop in everywhere.”

– To end the Drop In connection: say “Alexa, end drop in.”

In a recent blog post, Google has announced that the automatic enrolment of Google account users in Two Step Verification ‘2SV’ is coming soon.

Passwords – Single Biggest Threat To Online Security

In the blog post on ‘On World Password Day’ (May 6), Google’s Director of Product Management, Identity and User Security, Mark Risher, shared some of the measures that Google would be taking to improve the online security of Google account users by reducing the risks posed by the password-based login.

Mr Risher shared Google’s belief that “passwords are the single biggest threat to your online security” due them being easy to steal and hard to remember.  He also pointed out how, instead of making and trying to remember more complicated passwords, 66 per cent of Americans have admitted to using the risky practice of ‘password sharing’ (i.e. using the same password across multiple websites and platforms).  This means that if one of those websites is compromised and the password stolen, all the other accounts (sites) are then vulnerable.

Mr Risher also noted that, in 2020, searches for “how strong is my password” increased by 300 percent, thereby indicating a growing demand for better and safer login and verification methods.

Two-step verification (2SV) 

The best way to protect an account from a breach or bad password, according to Mr Risher’s Google blog post, is to have a second form of verification in place, thereby enabling confirmation that it is really the account holder who is logging in.

Although Google has been offering two-step verification (2SV) for years, according to the blog post, the plan now appears to be to “start automatically enrolling users in 2SV if their accounts are appropriately configured”.

Google has also built its security keys into Android devices, and launched the Google Smart Lock app for iOS, to enable people to use their phones as their secondary form of authentication.

Password Manager

Password Managers are a practical and secure way to store and get access to different passwords for different programs and platforms when needed. Google has its own Password Manager built into Chrome and Android and iOS, uses the latest security technology to protect your passwords across multiple sites and apps.

Google’s Password Manager is also integrated into its single-click Google Security Checkup to tell users if any of their passwords have been compromised, show if passwords are being used across different sites, and indicate if passwords are strong enough.

What Does This Mean For Your Business?

Although Google will be automatically enrolling users in 2SV to improve security, a passwordless future and biometrics are likely to be the way that tech companies go to offer greater security going forward.

For example, Microsoft’s Corporate Vice President and Chief Information Officer Bret Arsenault has signalled the corporation’s move away from passwords on their own as a means of authentication towards (biometrics) and a “passwordless future”.  Also, in August last year, Google announced that users could verify their identity by using their fingerprint or screen lock instead of a password when visiting certain Google services (e.g. Pixel devices and all Android 7+ devices).  This was because of Google’s collaboration with many other organisations in the FIDO Alliance and the W3C that led to the development of the FIDO2 standards, W3C WebAuthn and FIDO CTAP that allows fingerprint verification.

Unlike the native fingerprint APIs on Android, FIDO2 biometric capabilities are available on the Web which means that the same credentials be used by both native apps and web services. The result is that users only need to register their fingerprint with a service once and the fingerprint will then work for both the native application and the web service. Also, the FIDO2 design is extra-secure because it means that a user’s fingerprint is never sent to Google’s servers but is securely stored on the user’s device.  Only a cryptographic proof that a user’s finger was scanned is actually sent to Google’s servers.

It is clear, therefore, that although password authentication/verification systems such as 2SV can provide just about enough security, for now, biometrics appears to the way forward and the way to stay ahead of cybercriminals using ever-more sophisticated ways to crack or steal passwords.

An investigation by consumer watchdog ‘Which?’ has highlighted how millions of people around the UK are using old routers with security flaws.

The Investigation

The Which? investigation surveyed 6,000 UK adults and, with the help of Red Maple Technologies, looked at the security aspects of 13 models of (commonly used) old routers from companies such as Virgin, Sky, TalkTalk, EE, and Vodafone.

Could Affect Millions

It was discovered that 6 million users may have router models that have not been updated since 2018 at the latest, with some not being updated since as far back as 2016! The investigation discovered issues with more than half of all routers (of those surveyed).  This suggests that as many as 7.5 million users could using routers that have security risks.

Vulnerabilities and Risks

Which? reports that the security vulnerabilities and risks to the old (and not updated) routers include:

– Weak default passwords that can be easily guessed by hackers, meaning that the router could be accessed remotely, from anywhere in the world.

– Local network vulnerabilities which could allow a cybercriminal to take control of a user’s device, see what a person is browsing, or even direct a user to malicious websites.

– Lack of updates to the Firmware which could negatively affect a device’s performance and leave outstanding security issues.

What To Do

There are a number of measures that can be taken to ensure that a router is as secure as possible.  These measures include:

– Changing the username and password(s).  Changing the username and password of the router from the default one (printed on a label on the device) to something much more secure makes it much less vulnerable to common attacks. Using WPA2 security requires each new device to submit a password to connect anyway, but if it is not active it can be switched on through your router settings. Changing the network password (via the router settings) can also improve security.

– Keeping the router’s firmware up to date. The router control panel should enable the updating of the firmware, thereby ensuring that the router has the latest fixes and patches installed. In some cases, users may have to download new firmware from the manufacturer’s site to make the router as secure as possible.

– Changing the network name/SSID. Changing this from the default name will give would-be attackers less of an idea of the type/name of the router manufacturer, thereby making it more difficult for them.

– Stopping the Wi-Fi network name/SSID from being broadcast.  This can be achieved via the router settings, but it will mean that the user will need to manually type in the network name when connecting new devices (because it will not be visible).

– Disabling Remote Access, UPnP, and WPS. Using the router settings to turn off features like remote access, Universal Plug and Play (usually for easy games console and smart TV access) and Wi-Fi Protected Setup (WPS – for easy connection of new devices) may sacrifice some convenience but will also make the router more secure.

– Using a guest network. This enables you to give access to a Wi-Fi connection without giving access to the rest of the network.

– Enabling the router’s firewall. This will filter data and block unauthorised access.

– Plugging other ways in through your devices and programs. This involves keeping security on devices and their programs/apps up to date and patched : use strong passwords, use security software, and disable any devices that do not need access to Wi-Fi.

– Asking your service provider for a router upgrade. Which? recommends that users with certain routers ask their provider for an upgrade as soon possible. Some providers offer free upgrades (Virgin Media), others may require a one-off payment to cover a new router or, as with Sky, an extra £5 monthly payment (Broadband Boost) ensures the latest router upgrades.

– Considering the cost/benefit of moving to a new provider. Switching, in some cases, could be a way to get a new, up-to-date, and more secure router, and improve the broadband speed and service.

What Does This Mean For Your Business?

If you have an old router with old firmware, you could have a weak link in your cyber-security.  If that old router links to IoT devices, these could also be at risk because of the router.  Taking a close look at your router, its settings and getting to grips with firmware updates, the firewall, and what information about your router may be visible to would-be attackers could be important steps in improving router security.

Also, router manufacturers could take more responsibility for reducing the risks to business and home router users by taking steps such as disabling the internet until a user goes through a set up on the device which could include changing the password to a unique one.

Vendors and ISPs could also contribute to improved router security for all by having an active upgrade policy for out-of-date, vulnerable firmware, and by making sure that patches and upgrades are sent out quickly.

ISPs could do more to educate and to provide guidance on firmware updates (e.g. with email bulletins).  Some tech commentators have also suggested using a tiered system where advanced users who want more control of their set-up can have the option, but everyone else gets updates rolled out automatically.

In this article, we take a brief look at ten popular programming languages and what they’re used for.

Recent History

What we would recognise as the first computer programming languages date back to the 1940s, were very specialised and were based on mathematical notation. The 1950s saw the development of the first compiled programming language ‘Autocode’, at the University of Manchester. Most of the major language paradigms that we now use, however, have their roots in the 1960s and 1970s.  The 1980s also brought advances in programming language implementation, and from then on through the 90s and 2000s there have been huge advances in IT, hardware, processors, the growth of the Internet, the IoT and more.  This brought further development of programming languages and the introduction of new languages.

Popular Examples

Here are some examples of popular programming languages and what they are used for:

C

C, which dates back to the 1970s, is an imperative language that was used to develop early operating systems (IBM) and is still used in systems development (e.g. operating systems, embedded devices, and firmware). Writing in C is now more of a specialised skill and it is used mostly for low-level systems programming.

C++

C++ essentially extends C with object-oriented features and was developed to help with faster and more powerful platforms. Like C, however, this language is specialised and used for systems programming and low-level hardware development.

C#

C# (pronounced C sharp) is a language similar to Java and is used, for example, to develop Microsoft applications.

Java

Java, which is similar to C and C++, was introduced by Sun Microsystems in the early 90s. Java has cross-platform compatibility and is used for business, Web, and mobile apps and is the language at the core of Google’s Android OS.

JavaScript

JavaScript, not to be confused with (and not related to) Java, although using Java-like syntax, is a high-level language that is used widely across the Web to create interactive elements. This language is used to create code that runs in web browsers (client-side), support for it has been added to all major web browsers, and it can be combined with html.

PHP

PHP is a popular language that was developed to extend a CGI program to support HTML forms and database access and is a general-purpose scripting language that works well as a web application server-side scripting system. PHP can interact with different database languages including MySQL.

SQL

Although regarded as not essentially a language, Structured Query Language/SQL is a domain-specific database query language that is used for managing data held in a relational database management system.  As such, it is very helpful for facilitating the retrieval of specific information from databases.

Python

Introduced in the late 1980s, Python (named after the eponymous Monty Python Show) could be regarded as relatively new.  This a good general-purpose language that is regarded as being relatively easy to learn due to its simple and straightforward syntax. Python is now used, for example, in creating web applications and artificial intelligence applications, and is the language behind platforms like Pinterest and Instagram.

Ruby

Ruby (Ruby on Rails) is a dynamically typed, high-level, general-purpose programming language. It is also a relatively new language (mid 1990s), and, Like Python, it is regarded to be relatively easy to learn, and is used in the development of web apps.

Visual Basic

Visual Basic is a third-generation, event-driven programming language from Microsoft that was introduced in the early 1990s but declared ‘legacy’ in 2008.  Visual Basic.NET (VB.NET) is Microsoft’s implementation Visual Basic language that allows developers to write .NET applications using Visual Basic.

Looking Ahead

Looking ahead, some tech commentators have noted that although general-purpose, imperative languages are good for building apps and scripts, the need to match a language with a purpose means that special-purpose declarative languages are a likely way forward. There is a large number of different languages now, but the likelihood is that some will go, leaving a set of preferred, standard declarative languages.

There has also been research into and development of AI to help ‘advise’ on how to improve programming languages.  For example, researchers from Intel, Georgia Institute of Technology, University of Pennsylvania, and MIT developed a machine learning algorithm, called machine inferred code similarity (MISIM) that can look at what a program is supposed to do and (based on its learning from the Web) make suggestions about how to improve it. This idea points to the likelihood that, in the not-too-distant future, human programmers will have AI-powered helpers, and may eventually rely on machine programming to do the majority of their programming work.

In this article we look at ‘business intelligence’, how it can be obtained, and why it’s important.

Business Intelligence

Business Intelligence refers to how a company/organisation can use its historical data to improving strategic decision-making and thereby provide a (hopefully sustainable) competitive advantage.

What Data?

In day-to-day operations, businesses and organisations generate, receive, gather, and store large amounts of (sometimes complex) structured and unstructured data from internal systems and external sources.  The more complex data is often referred to as ‘big data’. The kind of historical data that businesses/organisations collect and refine for their business intelligence could, for example, include e-mails, memos and notes, news, user groups, chats, reports, web pages, software reports and stats + analytics, image and video files, marketing material, presentations and more.

Analysis & Processes

The idea of business intelligence is to be able to analyse and gain meaningful value from much of this data. Types of analysis of data can be descriptive, diagnostic, predictive or prescriptive. The analysis can uncover trends in large datasets and reveal important insights that a business can use to its advantage.

Analysing company data can involve processes such as data preparation, data mining (of databases), stats and machine learning, statistical analysis, performance metrics and benchmarking, data visualisation (turning data into charts/graphs), and reporting the findings of the analysis and the conclusions with decision makers and other stakeholders.

How?

Processing and interpreting large amounts of different types of data to get a bigger picture and reveal opportunities is challenging, and usually requires the use of business intelligence software/tools. Popular examples include:

– Microsoft Power BI, a desktop app for Windows that draws upon automated, cloud-based technology.

– Board International, which combines predictive analytics and performance management.

– Domo, a cloud-based platform that offers business intelligence tools tailored to different industries.

– Dundas BI, can be tailored for 19 industries, creates dashboards and scorecards, and performs reporting (standard and ad-hoc).

– MicroStrategy, can also be tailored for a broad range of industries and offer cloud, on-premises, or hybrid deployment.

Why?

Business intelligence software/tools can benefit a business by:

– Revealing valuable market trends and business insights as well as flagging up areas for improvement.

– The ability to aggregate different data sources to gain a much fuller picture of what is happening within the business.

– Increasing customer satisfaction by enabling a better understanding of customer behaviour and patterns. This, in turn, can lead to more successful marketing, increased ROI, better customer loyalty and increased profits.

– Improving operational efficiency.

– Enabling better, more informed decisions to be made, thereby improving the business strategy, improving competitiveness, and helping to avoid costly errors.

What Does This Mean For Your Business?

Businesses generate, gather, and store large amounts of data. Rather than being a cost, challenge, and/or risk to the business, finding a way to draw together, analyse, interrogate, and present the data as useful information can add value by identifying strengths, weaknesses, opportunities, and threats. It can also give managers a much clearer, all-round view of the business which can lead to better and smarter decision making. This can reduce risk and make business more efficient and competitive.