If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Networked multifunction printers are the norm, nowadays, in offices and home-offices across the world.

Priced to pleased and loaded with popular features, they’ve come to be seen as the discreet yet efficient office multifunction sidekicks that sit politely in their place, waiting to receive new jobs, over the network.

What almost everybody forgets it the security risk networked printers represent. Combining several functions in a single unit, including fax, copy, print and scan, these devices are likely to be compromised by hackers.

Since nobody pays close attention to these seemingly mundane devices, they can easily be hacked under the IT Surveillance Team’s radar which, typically, has other (more pressing) threats to deal with, namely on the web server front. In the case of multifunction printers, the attacks are as likely to come from inside the office as from the outside world, which add to the severity of the security risk.

What’s the big deal if the networked printer secretly slides under a hacker’s control?

Well, for one thing, the hacker could view, collect, steal or distribute everything that goes through the device. Imagine your competitor electronically getting all your latest business proposals — that would surely endanger your entire company.

The following types of attacks are most likely to occur within the realm of your office’s multifunction printer so make sure to learn about these attack scenarios:

• DoS - Specialized malware can be programmed to crash printers and scanners, therefore disrupting paper-based business operations.
• Code execution - Hackers can exploit vulnerabilities to load a rootkit into printers, thereby hijacking all documents passing across the network (not just the compromised device).
• Document spying - Featring built-in network, fax / modem and LAN / WAN capabilities, there are a variety of ways to smuggle the stolen data out of an organization, once it’s been captured.
• Credentials theft - If users need to enter a password for certain operations, such as scanning to email, an attacker can capture user names and passwords to gain further access to network resources.

While they may look harmless, modern multifunction printers aren’t dumb machines anymore. IT Admins need to pay attention to these devices’ vulnerabilities and weaknesses to be in a more favorable position where they can apply patches and, at the very least, prepare comprehensive risk-management strategies.

A word of caution also to the multifunction printers that can be accessed through an online authentication interface, through any web browser. Though this system is remarkably convenient for end-users, such authentication methods can easily be bypassed to launch commands which may completely hijack the device.

If you’re serious about closing all prime networked entry points for hackers, perhaps ou should also include all multifunction printers connected to your network.

Tags: network, printers, hackers, hijack, devices, business, authentication, security

If you enjoyed this post, make sure you subscribe to my RSS feed!

While making the wrong long-term plan could drive someone right into a proverbial brick wall, the dangerous habit of overly relying on short-term thinking to decide anything and everything can turn into equally catastrophic failures.

At the very least, resorting to short-term thinking for business management can be quite stressful as the lack of solid longer-term thinking sets the stage for a stressful work environment where everything seems to hang in the latest decision needing to be made.

For instance, look at how many business decisions are being made just to pump up the current quarter’s results. Worse yet, consider the legions of C-level executives who bend over backwards to tie in short sighted money deals with ever more capricious investors. The short-term thinking pitfalls are obvious, in today’s business environment, hence the importance of learning to recognize it in order to properly manage it.

Short-term management has upsides which, among other things, helps the company move swiftly when market changes occur but the downsides are way more risky as they could bring down the whole organization into a sort of vortex made strong by countless small mistakes adding up into a much larger “situation” that ends up spinning out of all control (and endangering everybody’s job).

Short-term thinking paves the way to exciting business management times as everything is up for discussion on a regular basis but that’s the kind of mindset that people who like to plan far ahead feel uncomfortable with.

The holy grail isn’t just short-term or just long-term, it’s about balance — a sort of comfort zone for decision making where the latest “trends” don’t necessarily wildly skew everything that was already planned ahead.

If anything, perhaps this article will help you realize how foolish it can be to jump head first in the latest media spin only to find out, a little later, that the spin had more to do with hot air than anything else.

So take your time. Think. Decide better and elevate yourself over the often risky pool of trends and media spins that , unchecked, can scrap a well laid out plan in favor of an impulsive and frenzied scramble for sudden (and usually largely irrelevant -or- unnecessary) reorganization.

Life is much better for those who manage to escape the short-term thinking roller coaster.

Tags: short-term, long-term, management, business, decisions, media spin

If you enjoyed this post, make sure you subscribe to my RSS feed!

Are you popular? Do other people have in interest for gathering data on you? Are the interested parties friendlies or otherwise utterly dangerous?

All these questions quickly come to mind for information security experts who look to secure data in all ways possible to prevent that it get leaked into the wrong hands.

The internet connects over 1.5 billion people daily, for anything ranging from email or web surfing to complex remote medical interventions — that makes for a tempting target for ill intended individuals looking to get their hands on sensitive data, which is basically why you need to protect yourself better.

What you did to protect your data a year ago probably isn’t as good today because the very nature of threats keeps shifting in sometimes unforseen territories. Regularly assessing the efficiency of your data protection will become even more critical in the future as attackers, ranging from more or less talented hackers, organized crime and even foreign governments will try their best to steal anything of value (for them) that you may have.

Your computer’s hard drive is like a proverbial safe which instantly becomes (way) more vulnerable from the moment you connect to the internet or even a home wireless network.

If you intend to have the upper hand against those determined to steal your data, you need to be one step ahead of them, namely with the following no non-sense strategies:

• Enclaves - Early on, determine what’s the most sensitive data you must protect and give it special treatment because that’s probably what the data thieves will be looking for.
• Border firewalls - Network-layer firewalls work best when combined with application-layer counterparts so be creative in protecting your “borders”.
• Strong authentication - Require strong passwords (on everything) which must be changed regularly and for more serious security needs, consider using token-based systems (physical USB key-like devices with ever changing “tokens” to access the data).
• Configuration and patch management - Make sure your (1) equipment, (2) software and (3) human resources are always “well maintained”… and up-to-date!
• Host-based firewalls - Server and workstation intrusion, virus and malware protection is still essential to weed out the unwanted stuff that somehow finds a way in (in spite of all the other protections).
• Data encryption - Make sure to especially encrypt data on mobile devices since they’re the ones likely to be lost (or stolen) when in transit — encrypt all you can.
• Awareness and training - An aggressive cybersecurity program will go a long way in efficiently protecting yourself against newer threats.

While some treat data security entirely as a hit-and-miss process, experience shows that luck favors the prepared, when it comes to cybersecurity.

Forget the antiquated (but still active, alas) Nigerian bank scam threat pouring in email boxes all over the world, the newer threats tend to be socially engineered so ensuing phishing attacks are savvily aimed at the intellectual interest of the end user, making them that much harder to debunk. In other words, attacks are getting uncomfortably personal.

As you attempt, most probably armed with gear, software and knowledge, to fend off the attackers’ attempting to break open the gates to your digital kingdom, keep in mind that people are the weak link in any network security effort.

Interestingly, there’s a corollary to the “people are the problem” saying and it has to with the widely recognized fact that people are also the most effective “tool” to fight attackers.

Although you may never be perfectly secure, make an effort to prevent data thieves from succeeding in their highly illegal —and overwhelmingly stealth— attempts to steal from you.

Tags: security, cybersecurity, it, firewall, border, encryption, data theft, hard drives

If you enjoyed this post, make sure you subscribe to my RSS feed!

Information. Almost all organizations accumulate it. Some rise above the others by seeing their data as a strategic asset to be intelligently exploited. The later requires a mix of vision, faith and creativity.

Do your organization truly understand the value, hidden away in arrays of hard drives?

For the sheer sake of achieving new heights, in this digital era, let’s hope it does!

The typical scenario is that of an organization which accumulates various pieces of data which are very seldom toyed around with to find new, more creative uses for. Just think about the various departments all working in proverbial silos or paranoid IT folks trying to “secure” the data so much that it ends up locked away in some data center, never to be seen again!

The era of merely shuffling numbers in a spreadsheet are numbered. Nowadays, the required data manipulation complexity level goes way beyond summarizing a column or two. It’s now about twisting the data way beyond its initially intended use to produce otherwise unforseen value.

As with lots of things in life, the inescapable truth is that the true power of BI, short for business intelligence, ultimately resides in the smarts injected into it.

Since it’s always a good time to start (1) implementing, (2) using and (3) profiting from business intelligence software and tools, here’s a quick list of things to do, intended mostly for BI newbies:

1. Think big - Imagine how information can be used to improve -everything- about your business instead of focusing on the query tools (the low-level mechanics);
2. Start small - A focused project, for instance, will likely yielda fast win, generate executive enthusiasm and provide insight into BI’s almost inevitable complexities;
3. Encourage “business & IT” partnerships - Make sure you learn what drives the organization and staff the BI team jointly with business -and- techies;
4. Clean up your act - Use a data governance program to improve data integrity, especially when your source systems are a mess because they could extend that mess out to your BI platform;
5. Make tools engaging for users - Keep in mind that BI interfaces are typically optimized for different users and applications. As such, never underestimate the importance of interface appeal.

BI doesn’t come cheap and it’s not necessarily a walk in the park to properly implement but it’s typically worth it, especially when the right “data equals value” mindset permeates the organization.

There has been a surge in major acquisitions recently, such as Oracle-Hyperion, SAP-Business Objects and IBM-Cognos so that should, in theory, mean more software value for the money, assuming more smarts have been added to the “merged” offering. Although it’s still rather new, Microsoft’s PerformancePoint software might become a credible contender in the BI field, especially for mid-sized businesses.

BI’s increasingly strategic importance can’t go unnoticed, especially for executives.

Even though many organizations made their first steps with BI as departmental initiatives, they’ve transformed those pioneering developments into mission-critical apps.

Deploying BI across the organization brings, among other things, economies of scale thus reducing development and infrastructure costs.

In short, perhaps you too should take BI for a “data exploration” spin!

Tags: bi, business intelligence, strategic, organizations, oracle, sap, ibm, microsoft

If you enjoyed this post, make sure you subscribe to my RSS feed!

The subprime loan scandal is far from over, in the United States. In fact, the toll keeps rising as these line are written.

We’re talking about big name lenders who lost big on very shaky loans to individuals who were so tight in their budget (assuming they held one) that they got caught up in way too much debt, the instant the American economy hit a speed bump (in this case, most notably, a raise in the interest rates).

So here’s the top 5 list of (the estimated) write-downs on structured products, which include collateralized debt and loan obligations as well as asset and mortgage-backed securities (although leveraged loans aren’t included):

1. Citigroup • 9,8B$ — It’s a low estimate since Citigroup has stated that the figure could rise another 3B$ higher;
2. Merrill Lynch • 7,9B$ — Analysts are projecting for another 2B$ in write-downs, this quarter;
3. UBS • 4,4B$ — They still have roughly 40B$ in CDOs and mortgage-backed securities on their books;
4. Morgan Stanley • 3,7B$ — The total subprime exposure after write-downs could reach 6B$;
5. Wachovia • 1,0B$ — Was one of the year’s top subprime mortgage CDO issuers, this year.

Further down the list, you can find (in order) Credit Suisse, Lehman Brothers, Bank of America, BearStearns and J.P. Morgan Chase.

Some analysts say greed alone made the subprime market grow, derail and later, explode. While this might be true, at least in part, the subprime debacle is basically all about risk and reward trumping fundamental values that just went flying out the window when the easy money mirage swept Wall Street off its feet.

Probably the biggest tragedy in the subprime fiasco is the fact that the mainstream media has offered very little coverage of the millions upon millions of families and individuals who lost their homes and their trust in “the money system”.

Even if the write-downs are huge for the banks, the real drama happens at street level, with ordinary American citizens just trying to build up their dream, usually through a nice house where they could raise their family.

The subprime mess is a grim reminder of the importance of placing true value on top of any purchase decision’s criterias, especially when “losing everything” isn’t an option.

You may want to revisit this post in a year from now and compare the numbers to see who lost the most in this subprime financial storm.

Tags: subprime, cdo, mortgages, loans, money, banks, rates, finance

If you enjoyed this post, make sure you subscribe to my RSS feed!