Zambia to tax online calls.

Zambia to tax
online calls

Govt says aim is
to protect telcos.

Wednesday, Aug 15th

Avoiding disaster in the wake of Spectre & Meltdown

Avoiding disaster in the wake of Spectre & Meltdown

Earlier this month, while the majority of South African business owners were still enjoying their summer holiday, the global technology industry suffered a rather devastating blow. Two major security vulnerabilities, dubbed Meltdown and Spectre, were discovered in the Central Processing Unit (CPU) chips that power most of the computers in the world.

Essentially, these hardware vulnerabilities allow programs to steal data that is currently being processed on computers. While programs are typically not allowed to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of sensitive information stored in the memory of other running programs. This might include, for example, your passwords stored in a password manager or browser, photos, emails, instant messages – and valuable intellectual property that sits within a business.

According to researchers, there is no simple fix for Spectre, which could require redesigning the processors. With regards to Meltdown, the software patch needed to fix the issue could slow down computers by as much as 30% - which is not the news that time-strapped business owners want as they settle into a new year of work...

Is your technology 'house' in order?

While it is certainly bleak news, the Meltdown/Spectre debacle serves as an important wake up call for business owners and managers everywhere. The reality is that any business can be affected by any vulnerability - at any time. This applies to businesses that employ less than five people, and extends to multinational corporations. So while Meltdown and Spectre are hot off the press, new vulnerabilities and flaws are actually being uncovered all the time...

The critical takeout here is to constantly invest in robust Internet security. It is useful, perhaps, to compare your business to your residential home. As a home owner, you probably take basic precautions and invest in things such as burglar bars, alarms, armed response, security guards - and of course – insurance!

Your business requires the same approach - and you can do this for your enterprise systems and infrastructure in various ways. For example, next generation firewalls are the technology equivalent of burglar bars. They are a serious deterrent, and your first line of defence against intrusions from outside (or even inside) your IT network.

Secondly, anti-virus systems are similar in nature to home alarm systems. They notify you when a vulnerability has been detected, and then hold it in quarantine until you decide what to do next. Thirdly, patch management can be likened to home security guards.

When a vulnerability is documented, the installation of patches ensures that your systems are no longer vulnerable. And last (but not least), backup software serve as your insurance. They allow you to recover your data more easily after an attack or incident, and to minimise any downtime in the interim. Without the insurance of a backup, your data will be lost – which often has a crippling effect on a business.

Internal awareness & education

In addition to investing in the right internet security tools and platforms, driving awareness and education within your business is imperative. Ultimately, employees and staff are the real front line soldiers. Often, they are the ones to fall victim to spam and malware – and are very likely to be targeted more frequently than owners and managers.

As a result, savvy business owners must invest in the education of employees and managers around Internet security, ensuring that they fully understand the threats – and how to identify them.

Looking ahead, here are some quick tips to ensure that you enter the year with robust security in place...

• Ensure all software and anti-virus programmes are up to date

• Pay attention to detail! (Does the email look trustworthy? Is it threatening in nature? Can I verify the sender?)

• Ensure that backups are ALWAYS up to date

• Bookmark your favourite (and important) websites to ensure that you don't click on a link that is not real

• Beware of enticing 'pop ups'

Finally, it is important to note that businesses that do not have an existing engagement with an IT company/consultancy will definitely be at a higher risk of falling victim to attacks and/or hardware vulnerabilities. Regular engagement with IT professionals keeps business owners abreast of key trends and threats within the technology environment.

This doesn't necessarily mean that you need to take on a support SLA, but it does mean that an engagement (at the very least) bi-annually is required with a company that can complete a security assessment and provide objective reports on the risks within your business.

* By Colin Thornton, Managing Director of Turrito Networks and Dial a Nerd

ALSO ON ITWEB AFRICA

Burkina Faso govt lauds US$20.6m fibre optic project Published on 23 July 2018

The 307km-long fibre network holds promise of high-speed and cost effective communication, say officials.

The unique capabilities of satellite data connections Published on 14 August 2018

South Africa's Internet penetration is three percentage points above the Southern African average, and one percentage point above the global average, according to Q-KON.

Cyber theft: 'US$172 billion from 978 million consumers in 20 countries' Published on 28 March 2018

Rectron adds Norton to reinforce security solution offering for Africa.