Fines should help to curb data breaches
The news that the Information Commissioner’s Office is now able to fine organisations that are reckless with personal information is very welcome, and long overdue (Information Commissioner gets stronger powers, 9 May).
The increasing incidences of lost data, both in the public and private sectors, have been well documented and we’ve known for some time that there is a desperate need for more stringent protection of customer data.
The fines should ensure that organisations finally take the
need for strengthened internal data infrastructures seriously and, hopefully,
put a stop to the careless mistakes.
Jason Goodwin, SAS
Phorm is able to pry into web pages
It’s not just the user who should be worried about Phorm (Internet service providers put user privacy at risk, 12 May). Any web site that provides unencrypted page access to logged-on users will have those pages scanned due to the way Phorm intercepts the data. Google on the other hand cannot see these pages.
Many of these pages are restricted for personal or business reasons. There is no way I know that Phorm can avoid profiling these restricted pages, despite the fact that this kind of interception must be unlawful.
Wireless networks pose little danger
I was surprised to read that wired networks are inherently more secure than wireless (Long road to 802.11n Wi-Fi, 28 April).
While this opinion may have had some traction a few years ago, I don’t think it applies now. With WPA2-AES encryption and 802.1x authentication, wireless is often more secure than wired networks, as evidenced by deployments in sensitive locations such as military airfields.
Additionally, many companies still operate wired networks that a determined hacker could compromise in seconds from within any semi-public space. Given the inevitable transition to all wireless offices, the big issue going forward will be the effective management of legacy and multi-vendor Wi-Fi deployments, not wired versus wireless.
Training is key to secure teleworking
I read with interest David Neal’s article about the importance of staff training on security (On the web, it pays to suspect everything, 12 May). With teleworkers, the security threats will be very different from those who are office based.
In many instances teleworkers do not have the same level of protection that their office-based colleagues enjoy.
The number of teleworkers is set to increase rapidly and it’s important that organisations look at what this means from an IT perspective, as well as from a user perspective. We have found that interest in remote access security training is becoming increasingly important to our customers. The secret of successful security is to focus on allowing the correct people into your network, not keeping everyone out.
Katie Lyon, Computerlinks
BBC puts BT in a win-win situation
BT could fibre the UK at a cost of somewhere between £10bn and £15bn, depending on whether it goes to the street cabinet or into the home, but it is in a difficult position as it is bound by significant market power conditions (Row over iPlayer highlights need for fibre, 5 May).
Broadband is currently available from BT as a wholesale service and most customers are using its IPStream service. This utilises capacity-based charging where an ISP installs, for example, a 255Mbit/s connection from BT and BT then determines the number of sessions across that connection.
The cost of a 255Mbit/s pipe is around £300,000 a year, which is economic when usage isn’t constant as it is split between the end-user costs. However, the BBC’s iPlayer service encourages constant usage, and so the only option an ISP has is to increase the size of the pipe and suddenly the pipe costs are significant per user.
Operators that took advantage of local loop unbundling could be thought to be immune to this as they provision their own equipment in the BT exchanges, but they then have to connect the equipment back to their own networks. Unfortunately, most operators don’t have their own networks so they have to buy backhaul services from BT, and BT doesn’t sell those services cheaply.
Therefore the main winner out of this is actually BT, as it sells more wholesale services one way or another.
Steve Kennedy, NetTek
Wi-Fi risks can be easily addressed
Risks around deploying the new high-speed Wi-Fi 802.11n standard are not unfounded, but the potential security concerns can be easily addressed (Long road to 802.11n Wi-Fi, 28 April).
Point monitoring using a mobile device or laptop solution allows users to identify isolated risks. Ad-hoc or continuous monitoring with an enterprise-level tool, which alerts users to potential security weaknesses, adds a further level of security.
It is also worth pointing out that companies that do not employ any wireless security measures are unnecessarily risking not only their corporate data, but also wireless network performance.
Ian Schenkel, AirMagnet
Security policy is key to protection
If we are ever to resolve the perennial issue of data protection, organisations must pay more attention to how security technologies are implemented and, more importantly, ensure that they have adequate security processes in place (Security professionals aim to end data breaches, 28 April).
No one would ever consider stuffing a Jiffy bag with £50 notes and sending it in the post. So why does the attitude persist that it is OK to do this with a few million people’s bank details?
Technologies such as RFID and encryption can play a valuable role in helping to prevent unauthorised access to, or corruption of, data. But if the right policies and procedures are already in place to foster a culture of prudence, these technology solutions should really only ever have to serve as a back-up.
George Purrio, Imation
Failing to prepare is preparing to fail
I find it quite sad to read that after all these years most companies still have to rely on a few good people pulling their weight to get out of sticky situations (Firms rely on British pluckiness at times of crisis, 28 April).
The effort and dedication shown by such employees is fantastic, but it is sad that in times of non-stress or no burning platform, organisations do not have the foresight and patience to put in place processes that work, and train people to understand them. Why should they after all, if the only benefit would be the well-being of their employees?
Firms perhaps consider that investing in disaster planning processes and training is wasting time, as it does not raise revenues. But ultimately it would, because contented employees work better. However, that is a longer-term approach: not typical of our plucky British firms, apparently.
Why firms must heed the BCS
Further to the news that the British Computer Society (BCS) is urging the government to strengthen the laws governing the penalties for inadequate data protection, it is important for all businesses to fully realise the extent of the situation and ensure their security solutions are up to date and able to defend against all possible threats (Calls for tougher data rules intensify, 5 May).
The BCS should, of course, be commended for its commitment to this worthy cause, but organisations are best advised to take responsibility for their own actions from the outset. The loss of customer data is incredibly embarrassing from a brand point of view, with bad press and irreversibly damaged customer confidence far surpassing the impact of any financial penalties.
The move by the BCS should serve as a reminder that firms can and should be doing more to protect their data.
Graham Cluley, Sophos
Time for world to go out with a bang
Cern’s Large Hadron Collider plans might explain why we haven’t contacted any alien life out there (Is Cern about to wipe out life on Earth, 5 May). Maybe that’s just the way of the universe, blowing ourselves up. Technology has already messed up this planet beyond repair, so why not end it all today instead of dragging this slow death out.