Kenya’s CMA warns over ICO.

Kenya's CMA warns of danger

Initial Coin Offers unregulated, it says.

Zim TelOne rules out debt write-off

Friday, Feb 23rd

Avoiding disaster in the wake of Spectre & Meltdown

Avoiding disaster in the wake of Spectre & Meltdown

Earlier this month, while the majority of South African business owners were still enjoying their summer holiday, the global technology industry suffered a rather devastating blow. Two major security vulnerabilities, dubbed Meltdown and Spectre, were discovered in the Central Processing Unit (CPU) chips that power most of the computers in the world.

Essentially, these hardware vulnerabilities allow programs to steal data that is currently being processed on computers. While programs are typically not allowed to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of sensitive information stored in the memory of other running programs. This might include, for example, your passwords stored in a password manager or browser, photos, emails, instant messages – and valuable intellectual property that sits within a business.

According to researchers, there is no simple fix for Spectre, which could require redesigning the processors. With regards to Meltdown, the software patch needed to fix the issue could slow down computers by as much as 30% - which is not the news that time-strapped business owners want as they settle into a new year of work...

Is your technology 'house' in order?

While it is certainly bleak news, the Meltdown/Spectre debacle serves as an important wake up call for business owners and managers everywhere. The reality is that any business can be affected by any vulnerability - at any time. This applies to businesses that employ less than five people, and extends to multinational corporations. So while Meltdown and Spectre are hot off the press, new vulnerabilities and flaws are actually being uncovered all the time...

The critical takeout here is to constantly invest in robust Internet security. It is useful, perhaps, to compare your business to your residential home. As a home owner, you probably take basic precautions and invest in things such as burglar bars, alarms, armed response, security guards - and of course – insurance!

Your business requires the same approach - and you can do this for your enterprise systems and infrastructure in various ways. For example, next generation firewalls are the technology equivalent of burglar bars. They are a serious deterrent, and your first line of defence against intrusions from outside (or even inside) your IT network.

Secondly, anti-virus systems are similar in nature to home alarm systems. They notify you when a vulnerability has been detected, and then hold it in quarantine until you decide what to do next. Thirdly, patch management can be likened to home security guards.

When a vulnerability is documented, the installation of patches ensures that your systems are no longer vulnerable. And last (but not least), backup software serve as your insurance. They allow you to recover your data more easily after an attack or incident, and to minimise any downtime in the interim. Without the insurance of a backup, your data will be lost – which often has a crippling effect on a business.

Internal awareness & education

In addition to investing in the right internet security tools and platforms, driving awareness and education within your business is imperative. Ultimately, employees and staff are the real front line soldiers. Often, they are the ones to fall victim to spam and malware – and are very likely to be targeted more frequently than owners and managers.

As a result, savvy business owners must invest in the education of employees and managers around Internet security, ensuring that they fully understand the threats – and how to identify them.

Looking ahead, here are some quick tips to ensure that you enter the year with robust security in place...

• Ensure all software and anti-virus programmes are up to date

• Pay attention to detail! (Does the email look trustworthy? Is it threatening in nature? Can I verify the sender?)

• Ensure that backups are ALWAYS up to date

• Bookmark your favourite (and important) websites to ensure that you don't click on a link that is not real

• Beware of enticing 'pop ups'

Finally, it is important to note that businesses that do not have an existing engagement with an IT company/consultancy will definitely be at a higher risk of falling victim to attacks and/or hardware vulnerabilities. Regular engagement with IT professionals keeps business owners abreast of key trends and threats within the technology environment.

This doesn't necessarily mean that you need to take on a support SLA, but it does mean that an engagement (at the very least) bi-annually is required with a company that can complete a security assessment and provide objective reports on the risks within your business.

* By Colin Thornton, Managing Director of Turrito Networks and Dial a Nerd

ALSO ON ITWEB AFRICA

Nimbus acquires stake in Paratus Africa Published on 08 February 2018

Paratus CEO says company plans to invest over N$150 million on infrastructure, the bulk of which will be invested in fibre.

Entersekt partners with ForgeRock Published on 20 February 2018

As launch partner in the ForgeRock Trust Network, Entersekt will contribute mobile-first authentication and global expertise.

dotAfrica completes promotional expedition Published on 08 February 2018

Roadshow to encourage adoption of .africa geographic Top Level Domain has ended.