Archive for IT Infrastructure

Facial Recognition In The Classroom

A school in Hangzhou, capital of the eastern province of Zhejiang, is reportedly using facial recognition software to monitor pupils and teachers.

Intelligent Classroom Behaviour Management System

The facial recognition software is part of what has been dubbed The “intelligent classroom behaviour management system”. The reason for the use of the system is reported to be to supervise both the students’ learning, and the teachers’ teaching.

How?

The system uses cameras to scan classrooms every 30 seconds. These cameras are part of a facial recognition system that is reported to be able to record students’ facial expressions, and categorize them into happy, angry, fearful, confused, or upset.

The system, which acts as a kind of ‘virtual teaching assistant’, is also believed to be able to record students’ actions such as writing, reading, raising a hand, and even sleeping at a desk.

The system also measures levels of attendance by using a database of pupils’ faces and names to check who is in the classroom.

As well as providing the school with added value monitoring of pupils, it may also prove to be a motivator for pupils to modify their behaviour to suit the rules of the school and the expectations of staff.

Teachers Watched Too

In addition to monitoring pupils, the system has also been designed to monitor the performance of teachers in order to provide pointers on how they could improve their classroom technique.

Safety, Security and Privacy

One other reason why these systems are reported to be increasing in popularity in China is to provide greater safety for pupils by recording and deterring violence and questionable practices at Chinese kindergartens.

In terms of privacy and security, the vice principal of the Hangzhou No.11 High School is reported to have said that the privacy of students is protected because the technology doesn’t save images from the classroom, and stores data on a local server rather than on the cloud. Some critics have, however, said that storing images on a local server does not necessarily make them more secure.

Inaccurate?

If the experiences of the facial recognition software that has been used by UK police forces is anything to go by, there may be questions about the accuracy of what the Chinese system records. For example, an investigation by campaign group Big Brother Watch, the UK’s information Information Commissioner, Elizabeth Denham, has recently said that the Police could face legal action if concerns over accuracy and privacy with facial recognition systems are not addressed.

What Does This Mean For Your Business?

There are several important aspects to this story. Many UK businesses already use their own internal CCTV systems as a softer way of monitoring and recording staff behaviour, and as a way to modify their behaviour i.e. simply by knowing their being watched. Employees could argue that this is intrusive to an extent, and that a more positive way of getting the right kind of behaviour should (also) have a system that rewards positive / good behaviour and good results.

Using intelligent facial recognition software could clearly have a place in many businesses for monitoring customers / service users e.g. in shops and venues. It could be used to enhance security. It could also, as in the school example, be used to monitor staff in any number of situations, particularly those where concentration is required and where positive signals need to be displayed to customers. These systems could arguably increase productivity, improve behaviour and reduce hostility / violence in the workplace, and provide a whole new level of information to management that could be used to add value.

However, it could be argued that using these kinds of systems in the workplace could make people feel as though ‘big brother’ is watching them, could lead to underlying stress, and could have big implications where privacy and security rights are concerned. It remains to be seen how these systems are justified, regulated and deployed in future, and how concerns over accuracy, cost-effectiveness, and personal privacy and security are dealt with.

TalkTalk Super Router Security Fears Persist

An advisory notice from software and VR Company IndigoFuzz has highlighted the continued potential security risk posed by a vulnerability in the WPS feature in TalkTalk’s Super Router.

What Vulnerability?

According to IndigoFuzz, the WPS connection is insecure and the WPS pairing option is always turned on i.e. the WPS feature in the router is always switched on, even if the WPS pairing button is not used.

This could mean that an attacker within range could potentially hack into the router and steal the router’s Wi-Fi password.

Tested

It has been reported that in tests involving consenting parties, IndigoFuzz found a method of probing the router to steal the passwords to be successful on multiple TalkTalk Super Routers.

The test involved using a Windows-based computer, wireless network adapter, a TalkTalk router within wireless network adapter range, and the software ‘Dumpper’ available on Sourceforge. Using this method, the Wi-Fi access key to a network could be uncovered in a matter of seconds.

Scale

The ease with which the Wi-Fi access key could be obtained in the IndigoFuzz tests has prompted speculation that the vulnerability could be on a larger scale than was first thought, and a large number of TalkTalk routers could potentially be affected.

No Courtesy Period Before Announcement

When a vulnerability has been discovered and reported to a vendor, it is normal protocol to allow the vendor 30 days to address the problem before the vulnerability is announced publicly by those who have discovered / reported the vulnerability.

In this case, the vulnerability was first reported to TalkTalk back in 2014, so IndigoFuzz chose to issue the advisory as soon as possible.

Looks Bad After Last October

News that a vulnerability has remained unpatched after it was reported 4 years ago to TalkTalk looks bad on top of major cyber attack and security breach there back in October 2017. You may remember that the much publicised cyber-attack on the company resulted in an estimated loss of 101,000 customers (some have suggested that the number of lost customers was twice as much as this figure). The attack saw the personal details of between 155,000 and 157,000 customers (reports vary) hacked, with approximately 10% of these customers having their bank account number and sort code stolen.

The trading impact of the security breach in monetary terms was estimated to be £15M with exceptional costs of £40-45M.

What Does This Mean For Your Business?

It seems inconceivable that a widely reported vulnerability that could potentially affect a large number of users may still not have been addressed after 4 years. Many commentators are calling for a patch to be issued immediately in order to protect TalkTalk customers. This could mean that many home and business customers are still facing an ongoing security risk, and TalkTalk could be leaving itself open to another potentially damaging security problem that could impact its reputation and profits.

Back in August last year, the Fortinet Global Threat Landscape Report highlighted the fact that 9 out of 10 businesses are being hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and many even have patches available for them. This should remind businesses to stay up to date with their own patching routines as a basic security measure.

Last year, researchers revealed how the ‘Krack’ method could take advantage of the WPA2 standard used across almost all Wi-Fi devices to potentially read messages, banking information and intercept sensitive files (if a hacker was close to a wireless connection point and the website doesn’t properly encrypt user data). This prompted fears that hackers could turning their attention to what may be fundamentally insecure public Wi-Fi points in e.g. shopping centres / shops, airports, hotels, public transport and coffee shops. This could in turn generate problems for businesses offering WiFi.

BYODs Linked To Security Incidents

A study by SME card payment services firm Paymentsense has shown a positive correlation between bring your own device (BYOD) schemes and increased cyber -security risk in SMEs.

BYOD

Bring your own device (BYOD) schemes / policies have now become commonplace in many businesses, with the BYOD and enterprise mobility market size growing from USD $35.10 Billion in 2016 to USD $73.30 Billion by 2021 (marketsandmarkets.com).

BYOD policies allow employees to bring in their personally owned laptops, tablets, and smart-phones and use them to access company information and applications, and solve work problems. This type of policy has also fuelled a rise in ‘stealth IT’ where employees go outside of IT and set up their own infrastructure, without organizational approval or oversight, and can, therefore, unintentionally put corporate data and service continuity at risk.

Positive Correlation Between BYOD and Security Incidents

The Paymentsense study, involving more than 500 SMEs polled in the UK found a positive correlation between the introduction of a BYOD policy and cyber-security incidents. For example, 61% of the SME’s said that they had experienced a cyber-security incident since introducing a BYOD policy.

According to the study, although only 14% of micro-businesses (up to 10 staff) reported a cyber-security incident since implementing BYOD, the figure rises to 70% for businesses of 11 to 50 people, and to 94% for SMEs with 101 to 250 employees.

Most Popular Security Incidents

The study showed that the most popular types of security incidents in the last 12 months were malware, which affected two-thirds (65%) of SMEs, viruses (42%), DDoS distributed denial of service (26%), data theft (24%), and phishing (23%).

Positive Side

The focus of the report was essentially the security risks posed by BYOD. There are, however, some very positive reasons for introducing a BYOD policy in the workplace. These include convenience, cost saving (company devices and training), harnessing the skills of tech-savvy employees, perhaps finding new, better and faster ways of getting work done, improved morale and employee satisfaction, and productivity gains.

Many of these benefits are, however, inward-focused i.e. on the company and its staff, rather than the wider damage that could be caused to the lives of data breach victims or to the company’s reputation and profits if a serious security incident occurred.

What Does This Mean For Your Business?

This is a reminder that, as well as the benefits of BYOD to the business, if you allow employees or other users to connect their own devices to your network, you will be increasing the range of security risks that you face. This is particularly relevant with the introduction of GDPR on Friday.

For example, devices belonging to employees but containing personal data could be stolen in a break-in or lost while away from the office. This could lead to a costly and public data breach. Also, allowing untrusted personal devices to connect to SME networks or using work devices on untrusted networks outside the office can put personal data at risk.
Ideally, businesses should ensure that ensure that personal data is either not on the device in the first place, or has been appropriately secured so that it cannot be accessed in the event of loss or theft e.g. by using good access control systems and encryption.

Businesses owners could reduce the BYOD risk by creating and communicating clear guidelines to staff about best security practices in their daily activities, in and out of the office. Also, it is important to have regular communication with staff at all levels about security, and having an incident response plan / disaster recovery plan in place can help to clarify responsibilities and ensure that timely action is taken to deal with situations correctly if mistakes are made.

Slack ‘Actions’

Chat App ‘Slack’ has announced the introduction of a new ‘Actions’ feature that makes it easier for users to create and finish tasks without leaving by having access to more 3rd party tools.

What Is Slack?

Slack, launched way back in 2013, is a Silicon Valley-produced, cloud-based set of proprietary team collaboration tools and services. It provides mobile apps for iOS, Android, Windows Phone, and is available for the Apple Watch, enabling users to send direct messages, see mentions, and send replies.

Slack teams enable users (communities, groups, or teams) to join through a URL or invitation sent by a team admin or owner. It was intended as an organisational communication tool, but it has gradually been morphing into a community platform i.e. it is a business technology that has crossed-over into personal use.

In March 2018, Slack and financial and human capital management firm Workday formed a partnership that allowed Workday customers to access features from directly within the Slack interface. Slack is believed to have 8 million daily active users.

What Is ‘Actions’ and How Does It Help?

The new tool / feature dubbed ‘Actions’ will bring enterprise developers deeper into Slack, because it allows for better / more integration with enterprise software from third-party software providers e.g. Jira, HubSpot, and Asana.

Slack knows that many users now like to choose what software they use to get their job done, and the Actions feature will, therefore, be of extra value to the 90% Slack’s 3 million paid users who regularly use apps and integrations.

Actions can be accessed using a click or tap of any Slack message, require no slash commands, and are being made available to all developers using the platform to deploy bots and integrations. To begin with, Actions will be displayed based on what individuals use most frequently.

What Does This Mean For Your Business?

If you use / your business uses Slack, the interoperability of these systems resulting from integration between software from third-parties means that you have greater choice in what software you use to complete your tasks without having to leave Slack. This offers time and cost saving benefits, as well as a considerable boost in convenience.

Slack knows that there are open source and other alternatives out there, and the addition of Actions will help Slack to provide more valuable tools to users, thereby helping it to retain loyalty and compete in a rapidly evolving market.

TSB Computer Meltdown – Problems Nearly 2 Weeks On

Customers of TSB are reportedly still experiencing difficulties with internet and mobile banking services nearly 2 weeks after problems first began.

What Happened?

TSB, which was acquired by Spanish bank Sabadell in 2015, tried to fully migrate its computer systems from its old Lloyds Bank systems to its new core banking system, known as Proteo4UK. Proteo4UK is basically a version of Sabadell’s in-house core banking platform Proteo which has been designed for TSB.

The system had already been rolled out to staff in November 2017, and the full rollout to customers was also supposed to have happened in November but was put back until April to avoid potential confusion of the expected interest rate rise.

Why Migrate?

The expected benefits behind TSB’s decision to migrate were cost savings through not having to pay £160 million per year to Lloyds Bank for hosting, and the opportunity to be able to implement its own customer-facing systems offering digital banking services.

TSB had already launched a mobile app for Android and iOS devices to enable customers to use banking services via the new system in a convenient way, and was in the process of offering iPhone X users the opportunity to use their faces as identification.

Meltdown

Unfortunately for 1.9 million TSB customers, the bank staff, and TSB’s reputation, the migration did not go to plan and resulted in what some commentators have described as a ‘meltdown’ of its banking systems.

Some of the problems experienced by customers have included not being able to access their own money, no access to any mobile and online services, problems with direct debits, and amounts of money appearing and disappearing. It was even reported that one customer was mistakenly credited with £13,000. TSB has also been deluged, understandably, with complaints, with TSB staff facing hostility, and the reputation of the bank taking a battering in the media.

Response

Several apologies later, and even though TSB’s CEO Paul Pester announced in BBC Radio 4 interview that he would take direct control from the banks’ platform, and that he’d drafted in a team of global experts from IBM, and although the mobile app is now reportedly fixed, some customers are still reported to be experiencing problems. Some have appeared in tv news reports telling of their experiences and of their fears that important bills may not have been paid as a result of the system’s problems.

Treasury Committee Wants Answers

Executives from TSB and parent company Sabadell have been asked to appear before MPs to respond to questions and give evidence to the Treasury Select Committee on Wednesday 2nd May over the ongoing IT system outage.

What Does This Mean For Your Business?

It is well known that many banks run on old systems which have led to glitches in the past i.e. customers not being able to access their money, and have been the cause of worries about security. The case of TSB illustrates how the company had good commercial intentions as a challenger bank in migrating its systems to reduce costs and meet the modern customer’s digital expectations, but ended up creating a PR disaster for itself. It is thought that the problems could cost the bank millions in lost customers, compensation, and damage to the brand.

Some commentators have criticised the bank for mismanaging the migration and for focusing too much on creating fancy apps rather than focusing on just getting the migration to happen as smoothly as possible.

It has also been suggested that, if joining or switching to a new bank, customers could do worse than to ask their proposed new bank what their plans are in terms of core banking platforms, whether they have any major IT projects planned, and how up to date is the core banking system is.

The problems with TSB’s banking systems will undoubtedly have impacted many businesses as customers were unable to access funds or to spend as they normally would, or to pay existing agreements, and this all adds up to extra costs, reduced profits, and stress for business owners.

This story is also a reminder to businesses that unforeseen and potentially costly IT problems can happen, particularly with cyber-crime activity, and that having a good Business Continuity Plan and Disaster Recovery Plan is important.

10 Gbps Home Broadband Speed Achieved In Test

Broadband operator Hyperoptic is reported to have achieved home Broadband speeds of up to 10 gigabits per second (Gbps) in a recent test.

Hyperoptic?

‘Hyperoptic’ is the company name in this case, but the term hyperoptic generally refers to the kinds of super speeds that can be achieved with full fibre / fibre-to-the-building / fibre-to-the-home / ‘fibre-to-the-premises’ infrastructure and packages.

A First

The result of the test, which was carried out in a home in the former Olympic village in east London (presumably because it is fully fibre linked), is thought to be the first time that such speeds have been brought to a UK home using an existing ISP network rather than a dedicated line.

How Fast Is That?

Quoted broadband speed figures are often not what they seem, but speeds of up 10 gigabits per second would mean that:

  • A standard HD movie file (5GB) could be downloaded in 4 seconds, compared with 6 minutes 40 seconds on a 100Mbps connection.
  • A 25GB Xbox game could be downloaded in 20 seconds, compared with more than 33 minutes on a 100Mbps connection.
  • The latest full 4K ultra high definition movie (75 GB) could be downloaded in just 1 minute, compared to 1 hour 40 minutes on a 100Mbps connection.

Why Do We Need Hyper Speeds?

Spending more time on more powerful gadgets / mobile devices, the growth of the subscription economy for services, the continued growth of online shopping, the growth of the cloud, the popularity of gaming, video and social media programs, the popularity of TV / Film and other media streaming services, the demand to download bigger and better quality files, and the frustration of buffering and slow connections over many years have all stimulated UK demand for better and faster connections. Also, more businesses are looking to future-proof their networks, and they feel that much faster connections are needed for effective global business competitiveness.

As things stand, a recent survey by cable.co.uk found that the UK ranks only 31st in the world for average broadband speeds, with an average broadband speed of just 16.51Mbps.

Trials of Full Broadband In 6 UK Regions

Back in September, the UK government announced that six regions of the UK would be hosting trials of full fibre broadband for businesses, schools and hospitals as part of a £200m scheme by the Department for Digital, Culture, Media & Sport (DCMS).

According to the DCMS, £10 million of the total £200 million budget will be spent on trials for full fibre broadband in Aberdeen and Aberdeenshire, West Sussex, Coventry and Warwickshire, Bristol and Bath & North East Somerset, West Yorkshire and Greater Manchester.

Commitment From Big Providers

The big UK broadband providers are making more of a commitment to the kind of full-fibre connections that could bring much faster speeds. For example, BT has promised to bring full-fibre connections to 3 million premises by 2020, 700,000 of which will be in rural areas. Also, TalkTalk has announced a big investment in infrastructure which will bring full-fibre technology to 3 million homes and businesses.

Criticism

Despite this recent announcement by Hyperoptic, there are many valid criticisms about any big plans for boosting broadband speeds with the widespread use of fibre-optic cables in the UK including:

  1. Even if you have a fibre-optic cable to your home / business premises, there will still be shared traffic points in the network which will slow down your broadband at certain times.
  2. Full fibre-optic, ultra-fast broadband is not likely to be a reality in the UK anytime soon. At the current rate, BT Openreach has stated that only two million premises will have access to ‘full fibre’ by the end of 2020.

What Does This Mean For Your Business?

The test by Hyperoptic is really just a tantalizing view of what could be possible if we all had full-fibre broadband up to our premises, and a fabulous UK fibre infrastructure. Obviously, that could bring considerable value-adding, cost-saving, competitiveness-boosting benefits to UK businesses.

Sadly, the current reality is that businesses don’t have (and look unlikely to have any time soon) access to kind of speeds that overseas companies (e.g. competitors) enjoy, and certainly don’t have access to the speeds that the Hyperoptic test was demonstrating.

Whilst it is good that funding and momentum for the task of delivering faster (fibre or fibre/G.fast) broadband for UK businesses looks to be increasing, the UK has a long way to go, and the reality is that we may only actually have 7% full fibre coverage by 2020.

In terms of what it actually means for a business to be physically connected to a fibre broadband infrastructure, technical commentators say it will be a case of simply having a small box installed on the premises. In terms of costs, it seems likely that faster full-fibre packages will be an opportunity for ISPs to charge more.

Heartbleed – What Is It and What Should You Do?

Chances are you’ve been made aware of the threat posed by a rather troublesome online bug titled “Heartbleed”. Before you start rushing frantically about the office wondering if you need to sort out your antivirus settings or possibly even protect your bank account details, here’s where Google and other major online companies are at so far with regards to this worrying development.

download (2)

Heartbleed came to light a couple of weeks back after OpenSSL (a piece of software that deals with security purposes throughout the web) was compromised through one of its built-in features, known widely as heartbeat. Heartbeat exchanges data between website and PC to give your computer assurance that the site is active. Whilst the feature should only ever send back the same amount of data as it receives, hackers have found a way of requesting increased amounts of data that could potentially include passwords, cookies, logins and other personal information.

It’s understood that just under 20% of internet servers have the heart bleed bug, which is a scary amount despite the fact that this figure had been inflated in the past to as much as 60% of all servers. Whilst OpenSSL has since been patched, it’s important that you do change your passwords for the services that have been affected. Google was affected but has since been fixed, though you should still look to change your passwords as soon as possible.

Don’t panic. The chances of hackers getting hold of your personal information through heart bleed are incredibly small, so all you have to do is take the necessary precautions and keep up to date with what’s going on.

Turning Google Chrome into a Security Fortress With Add-Ons

A lot of people have identified Google Chrome as the ideal browser thanks to its speed, expansion options and multi-platform opportunities. As it’s now being widely used, the security aspects of the browser have come under scrutiny.

Adblock_logo_&_wordmark

So what can you do to enhance Chrome and make it a fortress against any unwanted intrusions? Here are some of the enhancements available to download that can really make an impact on the overall security of your browser.

Adblock Plus is a really useful tool that gets rid of the constant barrage of advertisements we often sift through when searching the web. It also provides a malware protection service and keeps your surfing private and protected.

HTTPS Everywhere is a must if you’re a regular user of the internet (who isn’t). Your surfing will be automatically navigated, giving you the simplest route to a safe and secure Chrome experience.

If you’re just looking for something that tells you which search results can be trusted, Chrome has Web of Trust available for installation. You’ll know a site is safe to use if it has the Web of Trust logo next to it. Simple.

There you have it. Getting hold of these useful add-ons can really improve the security of your web searches, so make sure you get hold of them as soon as you declare Chrome your browser of choice. If you’d like any more advice on keeping your surfing safe and secure, please get in touch with Pronetic and we’ll be happy to help.

Making the Most of Your New Mac Pro

If you’ve been lucky enough to get your hands on the irresistibly powerful Mac Pro since its release, you might be aware of its capabilities with third-party additions and various other upgrades.

Mac_Pro_2013_inside

It’s important to remember that upgrading a computer yourself can contribute towards hardware failure and file corruption if carried out incorrectly, so getting hold of business backup solutions can keep parts of your IT infrastructure protected. Here are some of the useful upgrades you can make to improve the efficiency of your Mac Pro in the office.

There are some excellent storage devices out there that can really enhance the storage capacity of your Mac Pro, as it is ultimately a machine that focuses on power rather than storage. The Buffalo DriveStation DDR has 3 TB storage capacities and is one of the fastest external drives on the market. If you’re willing to spend a bit more, the IoSafe Solo G3 is great for backing up files and also boasts 3 TB of storage.

You can upgrade the memory in this device to as much as 128GB of RAM as well as being able to enhance the CPU, though it ultimately comes down to your budget!

Considering upgrading your own hardware? Come and talk to us about IT equipment leasing, as you may find your business is better off leasing the latest capable equipment rather than spending big on an initial purchase. Get in touch to find out more.