In their report on the top connected device threats in 2016, Pwnie Express Surveyed over 400 respondents in the areas of information technology and security. Their results are a warning to all businesses:
(The Internet of Evil Things)
What is the Internet of Things?
In our recent post on Ransomware and the Internet of Things, we briefly discussed what the “Internet of Things” (IoT) is, and how we expect it to become increasingly vulnerable to ransomware. Examples of the IoT include any electronic device that is connected to the internet: cell phones, pacemakers, electronic components in factories, thermostats, cars, and more.
And we can expect the IoT to grow over the next several years. According to a 2016 report on internet security from Symantec, “In the USA, there are 25 online devices per 100 inhabitants, and that is just the beginning. Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, and will reach 20.8 billion by 2020.”
What Kinds of Threats Can Be Expected?
According to Pwnie Express’s report, the major IoT device threats in 2016 will be related to:
Wireless access points can present several vulnerabilities, such as failure to modify default configurations. “Routers, switches, operating systems and even cellphones have out-of-the box configurations that, if left unchanged, can be exploited by individuals who stay abreast of such things.” Brad Casey, Techopedia.com.
BYOD (Bring Your Own Device) policies can also leave your organization vulnerable. In addition to making a tempting target for hackers, users of mobile devices are often not as careful as they need to be when downloading apps. Even more worryingly, according to the report The Internet of Evil Things, “Most security professionals are not ready to monitor or detect less-common RF and off-network IotT devices, 87% cannot see Bluetooth devices, and 87% cannot monitor 4G/LTE devices in real time. Additionally, 71% cannot monitor off-network WiFi devices in real-time and 56% cannot monitor on-network IoT devices in real-time.”
Preparing to Protect Against Vulnerabilities
While many information security professionals seem to be aware of the threats they face from working with mobile devices and the IoT, surprisingly few seem to be prepared for it.
For example, The Internet of Evil Things states that 35% of respondents say that their organization has no BYOD policy in place. Further, while 65% of the respondents report that they have a BYOD policy, only 50% of them actually have a way to enforce these policies. Obviously, unenforced policies are an invitation to non-compliance and do not provide real protection.
While connected devices offer advantages in terms of flexibility for organizations, they also come with great risks. And with attacks still on the rise in 2016, protecting your business is more important than ever.
Pokémon Go – What Is It?
Pokémon is a name derived from “pocket monsters,” and is a hugely popular franchise including the original video game and more. Most recently, the franchise includes Pokémon Go, a free-to-play mobile app that has been enjoying huge success since its release in July 2016. If you have a smartphone, or you know someone who has a smartphone, or if you’ve so much as walked outside recently, odds are good that you’ve encountered Pokémon Go.
More than Just Pokémon Go – Augmented Reality
Pokémon Go is a specific example of Augmented Reality (AR). AR creates a blend of the real world and the virtual world. In the case of an app like Pokémon Go, virtual images can be inserted into video that has been captured on a tablet or smartphone. The game uses a phone’s GPS to track a player’s location in the real world and then uses AR to overlay Pokémon on the screen for the players to capture.
However, augmented reality has a great deal of potential beyond game play. Future business applications abound, with some already taking place. Examples include:
“Unlike a real-world training scenario, a trainee can play through an AR situation as many times as they need to grasp a concept or procedure. AR training can also be a lot more elaborate – it’s far simpler to have someone take a virtual car engine apart than a real one – and can be repeated with as many people as necessary.” Nick Heath, ZDNet.
There are also potential uses for AR in retail. For example, the companies Cimagine and Shop Direct announced a partnership “…to allow potential customers to virtually place a piece of furniture in their house using their tablet. This works by users taking a snapshot of their room then digitally placing 3D furniture images in the area they want.” Arjun Kharpal and Alice Tidey, CNBC.com.
Ian Jacobs predicts that “…in the customer service space smartphone apps will provide virtual overlays of documents, such as account statements, to provide FAQs and display account information…. Technical repairs and training, which currently require in-person interactions or blind step-by-step instructions, will be resolved by two-way video.” Forrester.
Pokémon Go Security Concerns
With any new technologies there are bound to be new security issues. In its first two months of existence, Pokémon Go has already provided examples of the issues augmented reality may hold for businesses.
For instance, Pokémon Go requires users to login using their Google credentials. Initially, however, it also meant that users were giving the game and its developers full access to their Google account. (This problem has since been resolved, according to later reports.) For a business, this serves as a warning – no matter how tempting the app, your IT department will always need to keep careful track of what apps you allow your employees to download on devices used for work.
As another example, the very popularity of an app like Pokémon Go can make it dangerous. According to Joseph Steinberg at Inc.com, because the game has been available only in a limited number of countries, some people in other countries have obtained it through unofficial channels. As a direct result of this, “… hackers have already successfully posted malware–infected versions of the app in some file sharing services.” This may be of particular concern, given the recent increase in ransomware attacks affecting smaller businesses.
The future of augmented reality promises to provide businesses with both increased opportunities and increased challenges. We can expect to see AR affecting all areas of how people play and work.
Cybercrimes against small to medium sized businesses are on the rise in the US. Most of these businesses have no idea how secure their computer systems are or know how to guard them.
On top of that, these same companies don’t know what government security regulations they have to adhere to. Especially when they attempt to implement security policies to protect their data or client’s data. The results of a poorly executed or non-existent security plan could result in of data loss, client loss, revenue loss and fines from government entities.
If you work or own one of these companies that I just described, it is imperative that you attend our Lunch & Learn, 7 Strategies to Defend Against Cyber-Attacks.
Some of the strategies we will discuss will be the perils of social engineering, training your staff to recognize the signs of a breach, and why constant monitoring of internal and external networks will help detect patterns of cybercrime.
This ESET sponsored event will include a delicious lunch, raffle prizes, and a Q & A Session at the end.
Come to our event and stay ahead of the threat.
Technology affects all aspects of our lives nowadays, from the work we do right through to the way we do it. So much has changed in recent decades that generations at school today are far more adept at using these technological features than preceding age groups, and this trend is set to continue.
In education today, IT education is not only about teaching students and pupils what they need to learn to advance in the modern world, but is also about how various tools and techniques can help them learn more efficiently. Here are some of the main reasons why IT education solutions are so important.
Firstly, it is important to put in place an IT solution for schools as it can help students get the most out of learning. With many classes today utilising various devices and technologies to learn, ensuring that these are being used in the most efficient way possible to maximise the learning experience is very important.
Devices such as smart boards and tablets all have their role in the classroom, but being set up with right software and cloud computing options can make the difference between implementing new technology just for the sake of it – and often to great expense – and implementing it cost effectively and for maximum impact.
With more and more young people being extremely adept at using technology in the first place, having a solution that can meet their expectations can also make a huge difference for an educational institution. Whether primary, secondary or higher education, students can become more engaged in lessons where technology is used correctly and in an engaging, modern way.
The importance of great IT education solutions also rolls over into the independent research and leisure time of pupils or students at an educational institution. Although many devices used in the classroom can enhance learning, having great software and cloud computing options in place to facilitate independent study and research is extremely beneficial.
This can enhance learning in many ways and help the school meet its targets in many different areas of learning. Again, this can help encourage curiosity and motivation to learn for a technology-orientated generation.
The next way that IT education solutions are so important is for the impact that they have on teachers and other staff at school, improving their ways of working. Schools and educational institutions are busy, creative and constantly-evolving organisms, and any IT solution needs to be able to adapt along with the institution’s changing needs.
Tools such as Google for Schools mean that not only can students take advantage of the benefits of technology in the classroom, but so can the staff. This can assist the ease of lesson preparation for teachers, coordination of lesson plans between teachers managing the same classrooms, and accurate records for attendance and pupil performance maintained by staff at the school.
Many modern cloud based tools are extremely collaborative and facilitate greater information sharing and record keeping. For institutions looking to improve efficiency in the workplace for the benefit of the institution as a whole – students, staff and results – then implementing these solutions can make a huge defence.
IT education solutions have a huge role to play in modern education, and finding a service provider that can deliver these can make all the difference for an institution. For schools looking to make a huge difference for their staff and their learns, time should be spent looking for a company that is dedicated to helping your institution take advantage of all that technology has to offer.
This could include new devices, a new IT infrastructure and the integration of cloud computing into the everyday lives of students and staff. As technology and innovation constantly moves forward, this can help any institution reap great rewards in the present and in the future.
We look forward to seeing all of you at Seasons 52. This will be an open forum discussion meaning you may ask questions throughout our event. We are here to help answer any questions and guide your company down a successful path. We will also be holding a raffle at the end of our session. Thanks and please register before spaces are all gone.
Not sure what the HITECH Act is all about? If you’re new to HIPAA compliance and related concerns, here’s a quick overview.
Summary of HITECH Act
HITECH stands for the Health Information Technology for Economic and Clinical Health. The HITECH Act was created in 2009 to encourage the adoption and “meaningful use” of electronic health records (EHR) and supporting technology in the U.S. This act was part of the American Recovery and Reinvestment Act (ARRA) economic stimulus bill. The HITECH Act initially offered financial incentives to providers who demonstrated “meaningful use” of EHRs. Later stages of the implementation of the act included penalties for providers who did not meet these requirements.
The HITECH Act also modified HIPAA. One of the ways it did so was by requiring covered entities to notify individuals whose protected health information (PHI) has been compromised. Additionally, it increased the fines that could be applied for noncompliance (up to $1,500,000); it authorized state Attorney Generals to bring actions to enforce violations of HIPAA; and it expanded portions of HIPAA to apply to business associates of covered entities and required the federal Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to audit both covered entities and their business associates.
Present and Future of HITECH Act
Many features affected by the HITECH Act are currently under debate, including changes to the definition of “meaningful use” of EHRs, cybersecurity issues, and interoperability issues.
As of April of this year, proposed new federal regulations may bring an end to the electronic health records “meaningful use” incentive program portion of the HITECH Act. This portion would be replaced with a simplified program. Concerns raised about these proposed changes state that they fail to address threats to cyber security from hackers and ransomware, a topic of real concern as healthcare providers have been under increased attack this year.
The proposed changes would also affect payment mechanisms for physicians, attempt to fight both information blocking, and would replace the current “meaningful use” program with the “advancing care information” category. As the HHS explains, this category would focus on interoperability and information exchange, and in contrast to the existing program, would not require and all-or-nothing approach to measuring the quality of EHR use. (For more on the proposed changes, see Healthcare Info Security’s in-depth article on the impact on security of Medicare’s new physician payment plan.)
Need to Learn More about HIPAA/HITECH Compliance?
If you’d like to learn more about HIPAA/HITECH compliance and how it affects your business, Aperio-IT will be holding a free Lunch and Learn Event on Wednesday, June 8. Brian Olsen, HIPAA Security Advisor, will be joining us to help answer your concerns about HIPAA regulations. You can find out details and register here to attend.
Have any HIPAA or HITECH Security questions? Come to our lunch and learn event and feel free to ask us any questions before, during our Q&A session or after our event. We are here to answer any questions you may have.
Additional links:
Sign up today for free & stay current with local IT news.
