Tag: Information

Categories
Business

Why Your Business Needs to Define Its Ethical Code

define_ethics_code_400.jpg

As the technology that businesses have available to them develops, so does the propensity for this technology to be used unethically. This has become especially apparent where data collection is concerned, and what that data is used for after it has been collected. How can you keep operations moving both productively, and ethically?

Collection Concerns
Data collection is one of the current big concerns in technology. With another newsworthy data breach practically every other day, companies that accumulate data for seemingly little reason effectively put their clients and customers at a greater risk of having this data stolen. Reflecting upon this, it is no wonder that 75 percent of consumers are concerned about brands keeping track of their browsing habits.

Facebook has been the focus of some negative attention in past months thanks to these concerns. In addition to the Cambridge Analytica situation, Facebook has adopted artificial intelligence technologies to analyze their users. This analysis is used to predict future behaviors, these insights being sold to advertisers. While this brings up many legitimate concerns about data privacy, it also introduces a different topic: the need for a code of ethics surrounding the use of collected data, as well as how much data is collected.

Why This Is a Real Issue
It should come as no surprise that businesses and individuals have different priorities, and that these different priorities shape their ethics in different ways. Likewise, the primary purpose of any business is to generate revenue through profit. Therefore, it only makes sense that a business as a unit would have the motivation to collect as much data as they can – after all, the more data available, the more insights that could be presumably be gleaned, and the more successful the business would be… in theory.

However, as mentioned above, many businesses seem to collect as much data as they can just so they can have it. This is not a great approach for them to take for a few reasons. Most obviously, because it just enables more data to be compromised if a breach was to occur.

Without the guidance of a code of ethics leading your business decisions, the likelihood of risking your clients’ data for the sake of advancement – be it more insight, improved automation and artificial intelligence, or another business goal – becomes much higher.

Enforcing Ethics
In order to create a workplace that is in alignment with your determined ethics, you need to make sure of two things. One, that you clearly establish and share them within your business so that your employees are on the same page as you are, and two, that you stand by these ethics.

To accomplish this, learning your company’s ethics should be a part of an employee’s onboarding process, with a written document leaving no questions as to what will and won’t be tolerated. Then, you need to make sure that you not only listen when ethical violations are reported, but also allow those reporting them to remain anonymous.

What would be the most important aspect of your policy for employees to follow? Share it in the comments!

Categories
Security

Are American Voting Systems Secure?

american_voting_secure_400.jpg

Election Day for the United States is November 6th, and regardless of your feelings regarding U.S. politics, the fact of the matter is that millions of Americans will soon go to the polls and cast their ballots. Unfortunately, what many of them don’t realize is how insecure their voting machines actually are, and how they are potentially putting their vote at risk.

What Most Polling Places Have
The majority of American polling places are operating with equipment that is fast approaching 15 years old. For reference, here’s a brief list of products and technologies that haven’t even been around for ten years yet:

  • Google Chrome
  • Airbnb
  • Spotify
  • Kickstarter
  • 4G
  • Mobile GPS
  • Instagram
  • The iPad

One cofounder of nonprofit group Open Source Election Technology, Greg Miller, puts it this way: “You have equipment that was introduced in 2005. In that time frame, how many times have you changed your mobile phone? And how many times have we replaced our laptops?” In short, the American voting system is reliant on, as Miller described it,”… obsolete hardware [and] software that relies on a diet of spare parts.”

The other cofounder of the nonprofit OSET, John Sebes, has demonstrated just how vulnerable these systems could potentially be to manipulation.

Most polling places collect all of the voting data onto a piece of portable media, like a CD or a USB drive, and bring it to a separate location to be tallied. Unfortunately, the machines used here are also usually outdated, as is the software used to process the results of the vote.

In a live demonstration on a national news network, Sebes used one of these machines to tally votes for two fictional candidates, Thorfer and Varda. In the example, Thorfer had won in a landslide with over 3,000 votes, the opposing Varda only receiving 100. However, with a very simple malware, Sebes was able to just switch the tallies, making “Varda” a fraudulent winner – and while access to these tallying computers is secured, some may not be secured as well as others are.

Furthermore, many polling places maintain a paper backup of the vote, just in case there needs to be a recount, but there are also many who have no paper backup at all. This includes some states known as “battleground” or “swing” states, where a much smaller number of votes can potentially have a significant impact on the final outcome.

How to Minimize the Issue
Unfortunately, the easiest solution to this problem is also impossible. One would think that there would be a singular set of standards for all polling places to abide by – but since the American Constitution specifies that each state is in control of its own electoral procedures, this consistency is effectively made impossible.

However, there are other ways that have been suggested to protect voting technology… some of which are decidedly lower-tech.

Temporarily Eliminate Online Voting
Some states have made online voting available, primarily to service members or other citizens who may be abroad, and many allow email ballots to be submitted. However, until security is improved for these methods, it has been suggested that they are suspended.

Utilize Physical Backups
Yes, we know. We generally say that all of your backups should be saved to the cloud, but in this case, that would be counterproductive. After all, a physically-generated paper backup that records each vote isn’t hackable (unlike a digital system) and could easily be used to cross-check any contested results.

Invest in Improved Voting Equipment
As one might imagine upon hearing that most American voting machines are over a decade old, updating the infrastructure that enables the prime responsibility of democracy is clearly not a priority for those dispersing the funds. It has been suggested that Congress get involved, funding research into improving these machines and replacing the problematic older machines, as was last done in 2002.

Americans view the right to vote as a basic human right, so it seems especially bad that their infrastructure can get in the way of their doing so. Don’t let your business technology do the same to your employees and their work. Reach out to COMPANYNAME for a better solution by calling PHONENUMBER.

Categories
Casserly Consulting Blog

Know Your Tech: Encryption Key

encryption_key_400.jpg

Security is a necessity. Every technology professional will tell you this, but in an age where employees are taking information on the go, it’s trickier than it’s ever been before. Encryption is one of the ways that businesses are attempting to shore up their security, but this also requires having an encryption key. This week’s technology term is all about encryption, as well as how encryption keys protect your business’ data.

Defining Encryption and Encryption Keys
Encryption is the act of scrambling your organization’s data so that it can’t be seen by prying eyes. Anyone who doesn’t have the encryption key will see nothing but a bunch of nonsense. Through the use of algorithms, these keys are guaranteed to be unique, meaning that there are no two patterns that are alike. Of course, depending on the type of encryption being used, there could be one or two keys needed to decrypt information.

Symmetric algorithm: Symmetric algorithms are often called secret key encryption. This uses one key to encrypt and decrypt data. Since this makes for an efficient encryption method, it can be used to encrypt large amounts of data. The bad side of this encryption is that it only uses one single encryption key, so you need to make sure that it remains in your possession at all times.

Asymmetric algorithm: Asymmetric algorithms are commonly used in public/private encryption, in which there are two keys involved. The public key–the one used to encrypt data–can be shared, whereas the other–the private key–is private, and used to decrypt the data later. Asymmetric is considered the more secure of the two options, since the private key that decrypts the data isn’t actually shared.

What Are These Keys Used For?
Encryption keys are used for a variety of objectives, but the ultimate goal is still the same: security of both the data and the encryption keys themselves. The strength of the encryption key depends on several variables, including the length of the symmetric keys and the algorithm used to create it. These keys usually have short shelf lives called a crypto-period, meaning that you should understand details about how the encryption key will be used before committing to it and expecting it to work for you indefinitely.

  • Data encryption keys: These keys prevent data from being read by anyone who isn’t authorized to view it. These keys are also held onto for a bit past their crypto-period.
  • Authentication keys: An authentication key is used to determine that the data encrypted has not been altered at all while it’s in transit. This is ideal for sending and receiving data so that authenticity is guaranteed.
  • Digital signature keys: Digital signature keys are similar to authentication keys, but they take it a step further by applying a digital signature to the user. This means that someone who digitally signs a document can’t actually deny that they’ve done so.
  • Root keys: The public key infrastructure is used for authentication and digital signatures, and the root key is the highest level of key in this infrastructure. Due to the importance of this key, it’s generally protected by a hardware security module.
  • Master keys: A master key can be used to encrypt multiple other keys. This means that they need to be extremely secure with a hardware security module, and they should last for a long time, if not forever.
  • Key encryption keys: These keys can transport other encryption keys. They should be long-lasting and unchanging.

Does your organization want to take full advantage of encryption? To get started, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

Increased Network Complexity Necessitates Shifts in Monitoring Strategies

network_complexity_monitor_400.jpg

Businesses of all sizes have come to depend on their IT for productivity. IT administrators that constantly monitor their network and infrastructure reduce downtime, leading to higher resource availability. With the increasingly complex makeup of an organization’s network this becomes quite the task.

What Makes a Network Complex?
First we should mention that computers are complex machines and if you’ve ever tried to fix one without the specific knowledge it takes to do so, you more than likely ended up like everyone else who has tried, and called a professional. The traditional computing network was made up of centralized servers, end points in the form of workstations, and some networking equipment that allowed these machines to communicate with one another. Adding the availability of the Internet to that equation makes the network much more complex, mostly due to the breadth of the Internet as it exponentially increases your business’ exposure to threats.

Expanding that even further with the growing number of endpoints on a network due to the deployment of wireless networks that connect all the smartphones, laptops, and tablets to the network; and, all the other connected devices that are out there today… there is a lot of ground to cover. That’s not even considering virtualized data, cloud platforms, a website, and other higher-bandwidth applications such as video streaming or communications systems.

Network Monitoring Best Practices
Before we start listing ways you can monitor your network and infrastructure more effectively, we should mention that as trained professionals, we recommend entrusting your network monitoring to people who are versed with the makeup of your business’ network and infrastructure. Our managed IT services platform is a perfect complement to a large complex network filled with potential problems.

5 Monitoring Practices to Consider

  1. Pay Attention – This goes without saying, but by keeping the health of your network at the top of your list of priorities and monitoring components in real-time, you can be more proactive in fixing issues before they become downtime-causing problems.
  2. Find an Overreaching Solution – By integrating an end-to-end monitoring strategy, it gives you the power to coordinate efforts and present technicians with one version that they can act upon. Find a solution that handles both wireless and wired networks, virtual and physical environments, databases, and applications and supports all necessary protocols and languages to be able to monitor any device or program.
  3. Optimize Bandwidth – Data flow bottlenecks can absolutely hinder your business’ ability to utilize all the tools effectively. Monitoring bandwidth levels can bring about favorable results.
  4. Prepare to Scale – For the modern business, scalability is key. To ensure that the staff of your business has access to the productivity systems they require, being able to scale up or back–depending on the situation–is essential.
  5. Ensure Your Solution Is Flexible– When you choose a monitoring platform, be sure to choose one that doesn’t have inflexible licensing models as you need it to be able to work across all types of devices and applications.

The IT professionals at COMPANYNAME are experts and monitoring and managing business networks. Call us today at PHONENUMBER to find out more about how we can help you run a more efficient business with technology.