What is Internet of Things (IoT)?
Even though according to McKinsey Global Institute, the Internet of Things has the potential to create an economic impact of $2.7 trillion to $6.2 trillion annually by 2025, a vast majority of us still have none or at best very little understanding of it.

First proposed by Kevin Ashton in 1999, IoT can be best described as a structure or scenario where objects, both living and non-living, are assigned a unique identifier and using that they independently communicate with each other over a network. In this case, the Internet.

Imagine your car could automatically send messages to your mechanic’s computer. So when you take your car for a service, the mechanic already knows everything that needs to be fixed. Or imagine if your refrigerator knew the next time you walked into a supermarket and displayed to you on your smart glasses that you were running out of eggs.

Only a few years ago this was Sci-Fi movie stuff but it is catching on faster than we think. According to Cisco, 25 billion devices will be connected to the Internet by 2015 and 50 billion by 2020. IoT is already an integral part of our lives; think smartphones, smart watches, smart glasses, smart TVs and for that matter smart anything. The following 5 factors influenced by IoT could critically blindside SMBs.

Security
This one is the most obvious yet most glaring. Almost every employee or colleague you know carries a smartphone. Some if not all connect to the company Wi-Fi and/or access business emails and files using those devices. This is already a security concern. Now as devices such as watches, glasses, office printers, landline phones etc. start connecting and communicating independently to each other, the data and network security can get scarily vulnerable.

Privacy
Organisations and companies that handle personal information of their employees and customers are under increasing pressure to ensure its protection. Company policies pertaining to collection, storage, access and use of personal information will need to revised and kept up-to-date to avoid potentially expensive legal battles.

Employees
The phones we carry these days are almost always far more powerful and capable than the ageing pc’s and macs we use at work. The business software systems are similarly clunky. IoT, with its well-connected and intuitive ways, is becoming a norm for most of us. In order to increase or at least maintain creativity, productivity and engagement among employees, businesses will need to be adaptable to constantly evolving technology.

Customers
IoT will have the biggest impact on our discovery, purchase and consumption of products and services, with a conservative market value estimated to be $8.9 trillion by 2020. Businesses, no matter how traditional and seemingly secure, will urgently need to ensure their products or service are offered, delivered and supported through the right channels.

Competition
An unprepared business could rapidly leak information, data, employee and its customers. A seemingly unshakable competitive advantage could be lost quickly. Depending on the point of view, IoT’s biggest advantage and disadvantage is its ability to level the playing field. It’s not the size of the organisation, market share or capability that would count but it’s what you do with it that would make the difference.

A vast number of traditional industries are being constantly disrupted using technology as the main weapon. With willingness to adapt, the only main barrier to entry, small and medium sized businesses will need to make new technology awareness and adoption key priority to survive.

This article was written by Austin D'Mello, Managing Partner of Vocatys, an emerging technology consulting company. If you liked this article please share it with your network. You can also subscribe to the exclusive monthly newsletter by emailing us at hello@vocatys.com.

References:

• http://en.wikipedia.org/wiki/Internet_of_Things
  
• http://whatis.techtarget.com/definition/Internet-of-Things
  
• http://blogs.starcio.com/2013/06/20-reasons-why-internet-of-things-will.html
  
• http://teqy.co/facts-internet-things-infographic-exigent/
  
• http://mobilefuture.org/issues/internet-of-things/
  
• http://heavy.com/tech/2014/02/what-is-the-internet-of-things-definition-examples/
  
• http://www.baselinemag.com/innovation/slideshows/fascinating-facts-about-the-internet-of-things.html
  
• http://www.fastcompany.com/most-innovative-companies/2014/industry/the-internet-of-things
  
• http://www.informationweek.com/strategic-cio/executive-insights-and-innovation/internet-of-things-done-wrong-stifles-innovation/a/d-id/1279157
  
• http://www.mckinsey.com/insights/business_technology/disruptive_technologies
  
• http://newsroom.mastercard.com/news-briefs/new-research-finds-gaps-between-small-businesses-and-technology-adoption/
  
• http://blogs.office.com/2014/05/15/survey-finds-technology-is-critical-for-small-business-owners-but-many-have-yet-to-adopt-cloud-solutions/
  

When it comes to cloud, there are 2 kinds of businesses out there. Ones that have adopted cloud and ones that don’t yet know they have. A plethora of services from emails, media and file storage to various mobile apps are cloud based in some form.

From a business point of view these services bring great deal of advantages at shockingly affordable prices. These advantages, however, come with their own perils. We have complied a list of top 5 pitfalls of using cloud that should be actively avoided.

Don’t go cheap
With global price wars between industry giants and smaller players, going cheap should not be an option. In the end only the fittest will survive. Given the relatively low differentiation in product offerings it would certainly be wiser to choose a well-established service provider irrespective of the price. Ultimately you will get what you pay for.

Don’t lock yourself in a contract
Small and medium sized organisation should avoid contracts where ever possible as a general rule. Cloud services is a rapidly changing industry. Even a 2 year contract could become very restrictive and stop you harnessing the full advantages of ongoing innovations.

Don’t allow free access
One of the biggest advantages of cloud computing is its ease of use and accessibility. It opens up a range of possibilities like accessing emails on your smartphones and files on multiple devices anywhere, any time. While it may have been main reason to go cloud, without a well formed IT governance policy and security strategy, it will quickly and easily turn into a nightmare.

Don’t ignore ongoing monitoring
Another huge selling point of cloud services is that need for maintenance is little to none. While there may not be any need to maintenance, ongoing monitoring of services should not be overlooked. Every service has its own variables, thresholds and limitations. They need to be monitored regularly to ensure optimal usage, avoid cost blow-outs and in some cases service outages.

Don’t forgo local backups
Most cloud services run from multiple data-centres with multiple backups and fail-safe technologies which ensure that you will have your service up and running even if one of the data-centres were to go down. Some offer additional backup services as well. Which is all well and great until you suddenly lose your internet connection or in a worst case scenario the service provider’s entire operation is hacked and rendered inaccessible. Always work on the philosophy that there can never be too many backups. Having a local backup solution will keep you and your team going no matter what.

While innovative technologies bring a great deal of improvements in our live and businesses, they do come with their own pitfalls. What other pitfalls have you come across while adopting cloud technologies? Feel free to leave us a comment below.

For those of you who missed this in our last BYOD post, feel free to download and share this. 

Ever increasing use of mobile devices at workplaces, especially small and medium sized businesses can be greatly beneficial but it also poses potential risks. A policy that clearly enumerates scope and accountability would significantly reduce threats and provide a range of long-term benefits.

This checklist, while not all encompassing, is meant to be a starting point.

No matter what they say, no matter how well encrypted your network is, no matter how many firewalls and anti-virus software you have, there is no such thing as truly secure network.

On a regular basis we hear a number of organisations being ‘hacked’. Think of NASA, Pentagon, Target, Adobe, Facebook, Forbes.com, US Navy and the list goes on. They are all large and high-profile organisations with seemingly unlimited resources at their disposal to protect themselves against these attacks. Yet they find themselves among many that suffer ongoing security breaches.

Interestingly, at least 4 of the organisations mentioned, have verified the cause of the breach was a form of ‘Social Engineering’ technique. According to Wikipedia, in the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information. So metaphorically speaking, one does not need to disarm the alarm or break through doors or windows to get into your home if one can simply talk you into opening the door for them. The techniques employed are only limited by one’s own imagination.

The good news though is that you don’t need to spend big bucks to avoid such attacks. The following tips may not eliminate the threat but it will greatly minimise your company’s susceptibility to it.

You and your team are the weakest link
It all starts with awareness. Social engineers are relentless and often quite talented at their art. Knowing you and your team are the biggest threats to your IT, unintentional of course, is the first step. We humans are surprisingly easy to manipulate.

Rewrite your IT policy
If your current IT policy is more than 6 months old, it is time to re-write. Do not amend, just re-write. Technology and its usage is changing rapidly. Having an updated, all-encompassing policy is not just to scare employees into compliance but it is to educate them.

Control all mobile phones that access the business network
If you and/or your team use personal mobile phones for anything related to the business viz. phone calls, SMS, emails, apps and documents, you need to control it. Mobile phones connecting to multiple Wi-Fi access points, especially free public ones, are most vulnerable. There are free Mobile Device Management (MDM) tools that are easy to manage, are low cost cloud based solutions and can be easily deployed to manage these mobile devices.

Ban all external storage devices
The fastest way to break into a network would be to have a USB drive seemingly empty but loaded with a rootkit that unleashes itself the moment the drive is plugged in. Files can be transferred over your network’s storage or simply use services such as Dropbox, iCloud, Google Drive, OneDrive etc.

Emails are for correspondence not collaboration
This cannot be emphasised enough. Forbes.com was hacked and defaced by Syrian Electronic Army using a simple email phishing attack. Cultivate a culture and policy where basic text emails are only used to correspond and to collaborate you can use anyone of these free collaboration tools. Most importantly, seriously consider before opening email attachments or clicking on links in an email.

Reconfigure Router and Wi-Fi
Your router is the gateway to your network and if there is a Wi-Fi access point attached, it becomes very visible and hence very vulnerable. With the help of your IT support provider reconfigure your router to best practice standards.

Passwords and 2-Step Verifications
Google, Apple, Microsoft, Twitter, Facebook and a host of other service providers offer 2-Step Verification/Authentication, which once set up, you will need to enter your password and the 4-8 digit code sent to your mobile via SMS to access your account. This may sound painful but it would be nothing as compared to pain highlighted in Mat Honan’s case. So wherever possible, set-up this 2-step verification and change all passwords at least once every 1-2 months.

Trust NOBODY
Even seemingly unimportant information such as IT hosted in-house or cloud-based is valuable information to anyone interested. While sharing Wi-Fi passwords and other such security information can obviously be detrimental, create a culture of zero trust when it comes IT. Include a broad IT policy compliance clause in every contract and agreement with external suppliers.

Designate specific IT people
This one applies to businesses using external IT support providers. Designate no more than 2 staff, one primary and the other secondary, to act as liaisons to your service provider. No one else is to have any conversation or perform any actions pertaining to IT. Thus reducing potential information leaks and improving the effectiveness of the service.

Cultivate a culture
Doing a full circle we come back to you and your team. We are, after all, humans, creatures of habit. If habits are not cultivated to be good, they will form anyways, and in most cases, they will be bad. So proactively help create good habits and culture. Regular formal and informal meetings and training sessions will yield a long term sustainable IT aware culture.

So there you have it. The best things in life are indeed free. You do not need to be an IT guru nor would you need an addition to your IT budget to implement these basic yet effective tips to secure your IT. These will not eliminate the threats but will significantly reduce your chances of being ‘hacked’.

References

• http://www.crn.com/slide-shows/security/240165003/top-10-security-breaches-of-2013.htm
  
• http://en.wikipedia.org/wiki/Social_engineering_(security)
  
• http://online.wsj.com/news/articles/SB10001424052702304526204579101602356751772
  
• http://arstechnica.com/information-technology/2014/02/iranians-hacked-navy-network-for-4-months-not-a-surprise/
  
• http://www.forbes.com/sites/chrisversace/2014/01/22/2014s-hacking-pain-is-cyber-securitys-gain-for-symc-feye-pawn-keyw-csco-cuda-ftnt-impv/
  
• http://abcnews.go.com/Technology/story?id=119423
  
• http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/
  
• http://www.theinquirer.net/inquirer/feature/2320371/2013-was-a-very-hacked-year
  
• http://aneuron.com/stay-secure-friend-hackers-targeting-smbs/
  
• http://blog.quatrashield.com/2013/12/17/357/
  
• http://www.infosecurity-magazine.com/view/25357/pwc-and-infosecurity-europe-release-the-latest-information-security-breaches-survey/
  
• http://en.wikipedia.org/wiki/Phishing
  
• http://www.emc.com/collateral/fraud-report/rsa-online-fraud-report-012014.pdf
  
• http://www.scmagazine.com/february-2014-threat-stats/slideshow/1809/#1
  
• http://www.cio.com/article/598122/15_Free_Enterprise_Collaboration_Tools
  
• http://www.androidcentral.com/no-excuses-its-time-turn-two-step-authentication
  
• http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
  
• http://www.computerworld.com/s/article/9181939/Infected_USB_drive_blamed_for_08_military_cyber_breach
  

Forget Big Data or the 2.5 billion gigabytes data being created by us each day based on IBM research back in 2012.

Let’s just focus on the data your business generates every day. Each one of your departments, your employees, your suppliers and your customers create large amounts of data every day. It may be in the form emails, phone calls, social media and company website interactions.

Now what if every business decision you made was not just driven by your innate intuition and vast experience but now also armed with an accurately analysed version of all your data? They call it Data Driven Decision Making (DDDM). Simply put, it is what is says. Imagine KNOWING what your customers, clients or employees truly need and being able to fulfil that need exactly when they need it. It’s one of many advantages DDDM brings to a business. To learn more, have a look at some of the research articles listed below.

The good news here is that you are closer to being data driven than you think. These 5 steps will put your business on the path to becoming a data-driven powerhouse.

1. Collect
To start with, carefully and comprehensively collect data from every source available. At this stage the scope needs to be as wide as possible. Think everything from employee banter, customer service, sales, marketing (websites, social media) and operations to global economy. At this stage it’s all about quantity. It can be recorded on excel sheets or word documents. Keep it simple.

2. Assess
You’ll be surprised how much information there is when you really start to look for it. So instead of trying to tackle everything all at once, start by identifying small chunks of information directly relevant to your business, employees, customers and suppliers.

3. Organise
Once identified move this data into a Business Intelligence or Data Analytics service. There are a host of apps and cloud based services that are free or have free trials that allow you to try before you buy. Most of them are priced per user per month with no contracts. See the reference section below for some options.

4. Analyse
Analytics services and tools provide visual and numerical representations of data being analysed. They convert raw data into usable information and provide comparative analysis in various combinations.

5. Act
This is where you deliberately put into action strategies driven by the precise information at hand.

Repeat
This one’s a bonus step and also the most important. New data is created every second. To truly realise the full potential of DDDM, the fundamental steps above need to be an ongoing process.

In this Digital age information is gold. The truly rich are not the ones that have the most but are the ones that do the most with what they have. So stop worrying about fancy terms like Big Data and use what you have to transform your small business into a Data-Driven Powerhouse!


References
Data Driven Decision Making (DDDM)

• http://www.a51.nl/storage/pdf/SSRN_id1819486.pdf
• http://www.clrn.org/elar/dddm.cfm
• http://www.marketingcharts.com/wp/online/top-benefits-of-data-driven-decision-making-35749/
• http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1819486

Small Business Data Analytics Solutions

• http://www.predictiveanalyticstoday.com/top-10-data-analysis-software/
  
• http://www.entrepreneur.com/article/224888
  
• http://www.getapp.com/software-customer/Small%20Business/data-analytics-software
  
• http://www.computerweekly.com/feature/The-best-software-for-small-businesses-SMEs-Essential-Guide
  

While entertaining to us Game of Thrones fans, this video very well highlights the Cold War that has been brewing between the big social networks of this planet. Ryan Holmes, CEO of Hootsuite has detailed this pretty well on his blog. 

With the Season 4 of our favourite show coming to end, a GoT related post was inevitable.

It is that time again as football (soccer) fever grips this planet. Nike has 'Just do(ne) it'. This one is inspiring on many levels and yet very entertaining. Enjoy!

So there is a new malware in town called GameOver Zeus or GOZ. On 2 June 2014, FBI announced it had teamed up with its counterparts from around the globe, including the Australian Federal Police, to bring down a botnet that is believed to be responsible for stealing over a $100 million from businesses and consumers.

What is it?
GameOver Zeus is essentially a malware. It is reported to be one of the most sophisticated of its kind. Specifically designed to steal baking details, it not just takes over the computer but turns the computer into a zombie that becomes a part of a much larger network of other infected computers. Thus forming a botnet spread across the world used to harvest banking and other critical information.

During the operation they also uncovered network of computers and servers infected with CryptoLocker, a ransomware that encrypts and locks you out of important files on your PC and demands a fee in return for unlocking them.

Both of these allow creators full access to your server or computer, often with minimal detection.

Modus Operandi
The main distribution vehicles for these have been, like most, emails and phishing.

Carefully worded emails with attachments are sent to all the contacts on the infected PC unbeknownst to the owner. Friends, family and colleagues are easily caught off guard.

What you need to do?
As of writing this, the botnet has been taken down. Having said that GameOver Zeus is no ordinary malware. It does not have one specific control centre. It has a peer-to-peer command structure thereby making it very tricky to pin it. The authorities have issued a fortnight’s warning to businesses and users to protect their servers and PCs. Apple Macs are not affected by these malwares. But here are a few urgent things all, and I mean ALL, users of any devices connected to the internet must do as best practice;

• Always ensure to update your computers and devices with the latest available updates.
  
• Especially for old Windows PCs, make sure you have an always updated antivirus software.
  
• Use strong passwords and change them at least every 2 to 3 months.
  
• Avoid visiting unknown random sites.
• And last but the most important one is remain hyper vigilant with emails even from people you know. If they seem even slightly out of the ordinary do not open them. All attachment must be treated with some level of suspicion.

Remember every glitch is a bug, not all are dangerous but you never know which one is. So in the big bad world we call Internet be very aware!

References

• http://www.fbi.gov/news/stories/2014/june/gameover-zeus-botnet-disrupted/gameover-zeus-botnet-disrupted
  
• http://www.fbi.gov/news/stories/2014/june/gameover-zeus-botnet-disrupted/documents/gameover-zeus-and-cryptolocker-poster-pdf
  
• https://www.us-cert.gov/ncas/alerts/TA14-150A
  
• http://www.us-cert.gov/ncas/alerts/TA13-309A
  
• http://www.news.com.au/technology/online/gameover-zeus-virus-link-to-australia-as-fbi-moves-to-shut-down-the-global-banksiphoning-operation/story-fnjwnfzw-1226941496956
  

Bring-Your-Own-Device (BYOD) is fast becoming a jargon like ‘Big Data’ but unlike the ambiguity the latter carries, it is what is says. Quite simply put it’s a business strategy where employees get to bring and use their own laptops, smartphones or tablets to access company emails, applications and data.

The advantages of such a move for any organisation are in most cases undisputed. Increased productivity, greater employee engagement, employee satisfaction and significant cost savings for companies are merely the tip of the iceberg. Yet there is hesitation and often complete refusal to adopt BYOD. Broadly speaking there are three main reasons for that.

1. Complexity
The very notion of letting employees use their own devices to freely access company network and data without the ability to control their access can be very daunting. It will effect standard company policies, employee contracts and the overall company culture.

Solution
We recommend start by establishing a BYOD policy. Every department must be involved and it should encompass acceptable use, devices and support, risks and liabilities, security and responsibility. The policy must include a provision for managing change with an ongoing review system. Feel free to download our BYOD Policy Development Checklist.

2. Security
This is often the one sole reason for organisations to completely shun the idea of BYOD. Which is more than justified in some specific industries more than others. IT departments already have a tough time trying to protect their networks and data when every aspect of that network is controlled by them. The idea or having employees freely access these networks from unmonitored devices can potentially pose a serious threat.

Solution
Mobile Device Management (MDM) are low cost software solutions that can be deployed rapidly to manage, monitor, secure and support a wide range of mobile devices operating on networks of virtually any service provider. They containerise organisational data on any device thereby making the process of adding and removing devices from the network simple and secure. Blackberry’s BES10 and IBM’s MaaS360 are among the well acclaimed MDM solutions.

3. Cost
Cost of doing business is not always monetary. Introduction of new solutions and strategies almost always have some level of initial disruption of productivity which is often more expensive and hence harder to justify. With limited resources cost is always biggest deterrent.

Solution
There is no simple and straightforward solution to this. Every company is unique and needs to evaluate its position accordingly. We do, however, recommend triggering the process by initiating the BYOD policy formation. It will not just help build the scope of the project but also highlight its viability.

And finally, staggering the deployment is highly recommended. It would not only help alleviate the concerns but small doses of trial and error are often the foundations upon which robust polices are built.

What is it?
Heartbleed Bug is a major and I do mean seriously “MAJOR” security flaw in widely used OpenSSL cryptographic software library. This bug allows anyone on the Internet to read the memory of the systems that are protected by OpenSSL. This bug was introduced in December 2011 and has been lurking out there since the version 1.0.1 release of OpenSSL on 14th March 2012.

For the technically inclined, there’s plenty more information at www.heartbleed.com

What does that meant to me?
A vast majority of systems online i.e. emails, websites, IMs, banking and pretty much most services online that are protected by OpenSSL are at serious risk. So essentially anything you do online that requires you to login including most apps on your mobile phones are potentially unsafe. By using any of these services you could be putting your details out in the open for anyone to see, steal and use.

Due to the nature of the access one can gain because of this bug, it is very hard if not impossible to detect the breach. If it has happened we wouldn’t really know it.

Should I panic?
Despite the scary sounding prognosis above, the short answer is, No. There are currently 2 kinds of people out there working very hard, day and night; people that are trying to fix this bug and people that are trying to exploit this bug.

• People trying to fix it (good guys) only need to update their systems with OpenSSL 1.0.1g released on 7th April 2014. Trust me it’s far easier said than done but not as slow as it is for the bad guys.
  
• People trying to exploit it (bad guys) can’t just do so in one go and steal all the information. They can only do this in chunks of 64kb in one attempt. This means they have to keep repeating the attack many thousands of times to make it worthwhile. That takes time. A lot of time!
  
• Also Attackers are often not interested in the stolen data itself, they seek to try and sell this data. They have to find buyers and that again takes time.
  
  

So while the race is on, good guys have an advantage and most importantly panicking, as we know, will not solve anything.

What do I do?
To what extent the damage has already been done we will not know, for quite a while. However, there are a few things you can do at this point in time to mitigate or at least minimise the damage.

• While changing your passwords immediately sounds like the obvious step to take, I would recommend holding off for just a few more days. With most systems still being patched (it’s a painfully long process), changing your password on a vulnerable system will not really help. So give it a few days and then go change every password, pin and login details of every service you use online.
  
• For now (I know this is not going to be easy) avoid as best as you can using online services especially ones that require credit card details and other banking details.
  
• And finally, if they haven’t already started, get your IT department, IT support providers and/or system administrators to immediately update your networks and servers with the latest version of OpenSSL 1.0.1g.
  
  

As I mentioned earlier, there is no reason to panic but every user online right now needs to be hyper vigilant and avoid secure activities on the Internet.

For more information and/or help feel free to contact us on heartbleed @ vocatys . com. Also pass this information along to other peeps in your network that could benefit from this.