Articles

DFK IT Committee Newsletter April 2016


 Paul Fiumara, Chair, DFK International IT CommitteeWelcome to our eleventh DFK IT Committee Newsletter!

 In this edition we look at computer security, computer viruses, cloud      computing and automation. We also look at a few business apps and  other tips and tricks, which we hope, you find useful.

As many of you would be aware, the Executive Office has been embracing advances in technology in recent years in an attempt to improve services to members.

From the intranet and the DFK Portal to the DFK referral tool, there have been a raft of new programs introduced that members are expected to use and of course to benefit from. Like any change, people are sometimes a little slow to jump in and embrace these changes.

In response to this challenge the executive office has been disseminating information to members through regular emails and at our last International Conference time was specifically allocated for training members on the use of these new technologies in the IT workshop.

Due to the success of the last IT workshop we have been asked again to run a similar workshop at our next DFK International Conference. Our committee are delighted to be involved with this and look forward to meeting with our fellow members to assist them with practical ways in which they can further embrace Information Technology within their firms.
In line with keeping technology in the forefront of members’ minds, I am also pleased to introduce a new section in our newsletter called “Zoe’s Tips”. This section is dedicated to providing tips to members on how to best utilize the technology made available from the Executive Office.

I trust you will enjoy reading our newsletter and please feel free to contact myself or the DFK IT committee if you have questions or suggestions on any matter relating to information technology and its usage in our practices and our lives.

Regards,

Paul Fiumara, Chair, DFK International IT Committee


 

Meet the Committee

Paul Fiumara, Chairman, Australia                                         Rahul Doshi, Dubai
Ragunathan Kannan, Deputy Chairman, India                    Graham Hauck, USA
Mike Basilicato, USA                                                                 Ray Mack, Canada
Marc Belanger, Canada                                                            Gabriel Soto, Mexico
Anne Brady, Ireland                                                                   Boris Vidas, Croatia
Jose Luis Calvilllo, Mexico


 

Integration and Automation
by Paul Fiumara, DFK Hirn Newey, Brisbane, Australia

Since the first books started to appear from The Gutenberg Press, which spawned the Industrial Revolution, we have become quite accustomed to the concept of “Automation” in our society.

The printing and automotive industries have long embraced automation as an essential part of their business models. In more recent times we have noticed significant improvements in medical technology and aviation where automation plays a key role in delivering the benefits and efficiencies that they are able to deliver to their customers.

The accounting profession benefited from the introduction of computers in relieving the need to have to type or duplicate hand written scribe into finished products such as financial statements and the like.

Where things are getting a lot more exciting in our industry is the ability to gain greater efficiencies through automation by utilizing technologies that “integrate” or to put it another way, are able to share or pass information between each other. Integration per se does not mean automation, however for us it becomes the necessary piece to make it all come together.

In looking to the future and in particular making the right decisions about how you should structure your product delivery it is essential to consider how it is that you can integrate your technologies with the aim to increase efficiencies via automation.

Cloud technology provides the greatest opportunity for us to take advantage of these efficiencies by providing the perfect platform to allow for integration and ultimately automation. Those who do not recognize or support cloud technology will ultimately be left behind.


 

Lessons from the hackers
http://www.smithink.com/u/lessons-from-the-hackers?ct=t(March_newsletter_2nd_send3_15_2016)

By David Smith Smithink 07-Mar-2016

Lessons from the hackersWell it had to happen. We were caught by one of those vicious phishing attacks. A simple click on a malicious email set it all in motion. Easy to do but with somewhat dire consequences. It allowed access to the particular email account. Messages and contacts deleted and the malicious email sent to the contacts in that account. It all could have been avoided with some simple measures. I’ll come to that later.

You see we’re a virtual business – no office (everyone works from home) and everything in the cloud. It’s highly efficient and cost effective. From an IT perspective, however, it’s a bit more difficult to manage as each team member has their own computing environment. I blame myself. I should have been more vigilant and insisted on higher security measures (which I had already implemented in my own home office IT set-up).

At the end of the experience I received a number of emails congratulating us on how we dealt with the episode, and suggesting that we should write about it. So here’s the article!

What we did wrong

1. I had failed to insist on two factor authentication for all of our team and for all our applications that has two factor authentication enabled. Two factor authentication works like internet banking. To login you need a username and password and the system then sends a code to your phone. This means that without your phone your account can’t be accessed. Of course the concept can be annoying so you can set it to remember devices that you’ve authenticated so that it only send the code occasionally when that device is used. What it means though is that any new device that tries to access your account can’t do so without the code sent to your phone. Remote access by a hacker can’t occur (unless they’ve nicked your phone or found a way to change the phone number).
2. I had failed to check that each team member had a high quality anti-virus/malicious software scanner installed that also checks email attachments before they’re opened. The machine concerned was an Apple Mac where the user thought that Apple was immune from such attacks. Readers may be aware of my preference for non Apple devices but perhaps that’s a subject for another day!
3. I had failed to provide any training as to what to look for. These days I am suspicious of virtually every email attachment or link. Before opening I firstly look at the sender’s email address to ensure it’s legit. If it’s link I hover over it to see where it’s going to. Be mindful that some malicious emails use tinyurl or similar url shortening utilities to hide where the link actually goes.

What we did right

1. Despite being 100% in the cloud, we still have backups. We use Google Apps for Business. In addition we use another service (Backupify), which for a few dollars each month backs, up our entire Google Apps data every night. Recovery was as simple as just a few clicks.
2. We communicated. As quickly as we could we sent out an email to anyone who we thought may have received the malicious email from us to warn them of the possibility. The only improvement we could have made is that we could have worded that email better but at the time we just wanted to get the notice out as quickly as possible.

The next morning, after we ascertained who would have received the malicious email we sent out a well worded apology to that group and fielded calls and helped people who had any concerns.
3. While some people were understandably upset, most were very understanding and quite a few congratulated us on how we dealt with it.

Of course we had a number of the cloud-hosting providers who were proactive in letting us know that if we were on their platform such an event wouldn’t have happened due to the tight way they lock down their platforms. That of course is true but it comes at a cost, which is not warranted for a business of our size, and the applications we use. For most professional service firms, however, such platforms should be considered for a wide variety of reasons including security.

So in addition to wasting a day or so and giving me some additional grey hair we have learnt some valuable lessons. I hope that this note will help you avoid similar trauma.


 

Let’s get serious about Cloud
by Boris Vidas, iAudit, Croatia
Only few years ago, when somebody would say the word “cloud” our first thought would be restricted only to a “cloud” in the sky and various natural phenomenon connected to clouds. In any way, at that time, we would not be open to the knowledge of all things we today, in the IT world, connect with this word.

So why is cloud computing so popular these days and is this technology really so dominant that the resistance is futile? Anyway, let’s try to find some reason as to why cloud computing has rapidly become a “must-have” technology.

There are many significant benefits for companies in using cloud technologies such as the lack of capital expenditure, the ability to quickly scale and the ability to outsource maintenance. When we translate these benefits into money the conclusion is very simple – cloud computing is cheaper because of economics of scale. So, like with any other task, when you outsource it, you end up with more flexibility to move quicker and, of course, with additional time and money this can be spent on increasing productivity and competitiveness by doing more important tasks such as focusing on your operations and customers.

However, there are also downsides with cloud computing such as limitations in having to fit in to the predefined options of the selected provider. But what happens if you consider the ability to fit in with a predefined set of variables for lower price as a confirmation of the flexibility of your organisation and an advantage to the competition on the market? In that case, if you are flexible enough to go with the available provider’s cloud computing options, you are in the hot seat to grow faster by having more time to focus on your product and to better serve your customers.

Another significant issue often mentioned with cloud technology is security. We could easily write a seemingly endless list on the pros and cons regarding security of data stored on machines that you actually cannot see nor control. However, when considering security of the data in any IT system, it is important to bear in mind that even a superficial analysis of the most often exploited vulnerabilities of IT systems shows that hackers or people who want to steal your data attempt to exploit human error or human behaviour and not technical vulnerabilities. So, taking this into consideration, together with the technical characteristics of the cloud infrastructure and IT infrastructure back in our office, we consider our data is more secure on servers in Google’s or Amazon’s data centres which offer cutting edge IT technology than on servers located within our office. The data security is issue everywhere – in the cloud, in your server room and at your home, so do not take it as an excuse for not exploiting opportunities that can boost your productivity and focus on the customers. At the end of the day, a happy customer means more revenue for your business and that is always good news.


 

Beware of RansomWare Viruses
by Rahul Doshi, N R Doshi & Partners, United Arab Emirates

Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Victims are forced to pay the ransom through certain online payment methods such as Bitcoins, in order to grant access to their systems, or to get their data back. Ransomware viruses infects all types of computers including Windows PC, Macs, Linux and Android. Recently, Locky ransomware virus has infected several thousands of computers globally including some of the renowned hospitals in Europe and North America.

Infection and encryption
Computers are usually infected through an attachment to a seemingly harmless e-mail message, which appears to be sent by a legitimate company. A file attached to the email message, usually a .zip, .doc, .docx, .xls, .xlsx, .exe, containing the malware code. When the file is executed, the ransomware contacts its control server to generate an encryption key, a part of which is sent back to the infected computer. The ransomware uses the encryption key to encrypt files across all the local hard drives and the mapped network drives. It then displays a message that the files are encrypted and demands a payment to decrypt the files. User’s computers may also be infected by ransomware when they visit malicious or compromised websites or may be downloaded by malware already infected in the system.

Beware of RansomWare Viruses

Ransomware is a type of malware that restricts access to the infected computer system in Safeguarding your Data.

We hold on our computers a lot of client data as a part of our compliance with laws and professional standards. Therefore, it becomes very important to safeguard our data by taking appropriate precautionary measures.
a) Delete suspicious looking emails that you received, especially if they contain attachments. Avoid opening such emails or attachments and clicking such links.
b) Backup your data so that data may be quickly restored with as little loss of data as possible. Disconnect the back-up drive as soon as the back-up is executed.
c) Using a reputed antivirus software and firewall increases the chances that such malware is blocked before it infects the computer.
d) Keep the computer’s operating system, software and the antivirus definitions updated regularly.
e) Configure Microsoft Office to disable all macros at startup. Be careful to run only those macros that are absolutely essential.
f) Use Office 365’s Advanced Threat Protection’s machine learning capability to block dangerous emails

In the event you are infected by the ransomware, it is important to immediately notify the firm’s IT department some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Victims are forced to pay the ransom through certain online payment methods such as Bitcoins, in order to grant access to their systems, or to get their data back. Ransomware viruses infects all types of computers including Windows PC, Macs, Linux and Android. Recently, Locky ransomware virus has infected several thousands of computers globally including some of the renowned hospitals in Europe and North America.

Infection and encryption
Computers are usually infected through an attachment to a seemingly harmless e-mail message, which appears to be sent by a legitimate company. A file attached to the email message, usually a .zip, .doc, .docx, .xls, .xlsx, .exe, containing the malware code. When the file is executed, the ransomware contacts its control server to generate an encryption key, a part of which is sent back to the infected computer. The ransomware uses the encryption key to encrypt files across all the local hard drives and the mapped network drives. It then displays a message that the files are encrypted and demands a payment to decrypt the files. User’s computers may also be infected by ransomware when they visit malicious or compromised websites or may be downloaded by malware already infected in the system.


 

Windows XP – Why you must NOT be using it
by Paul Fiumara, DFK Hirn Newey, Brisbane, Australia

I know I am probably sounding a bit like a broken record when I say this, but since 2014 I have been reminding members that they must upgrade any Windows XP computers in their business and homes because it is an unsupported product, and as such, is prone to attack. I re-iterated this message in our December 2014 Newsletter and also in my IT presentation that I delivered in Stockholm last year.

Windows XP was released in 2001 (15 years ago) and support for the product ended 8th April, 2014, meaning that no further security patches were being written for this operating system. Despite the system reaching its end of life, I reported in 2014 that it was estimated that nearly one-third of the world’s computers were still running Windows XP at that time. If you think my concerns may have been unwarranted, let me share the following true story with you.

Earlier this year a major hospital in Melbourne Australia was attacked by a computer virus, which infected Windows XP computers within their Pathology department. As a result of the computer virus outbreak, staff in the pathology department are now manually processing blood, tissue and urine samples instead of leveraging their systems to register, test, record and communicate results. Only urgent pathology specimens are being processed due to delays resulting from the manual workarounds. Staff are having to use fax machines to communicate the need for urgent results, while critically abnormal results are being phoned to wards (including intensive care and the emergency ward).

As we become more globally connected, the importance of maintaining IT systems increases. This isn’t a new thing, it has been very apparent since we welcomed the internet into our operations. While it has been traditionally cost-prohibitive to roll-out and support new desktops across an organisation, there are IT as a Service (ITaaS) and Desktop as a Service (DaaS) options that can mitigate the capital investment, removing these barriers. The excuses for not maintaining systems and inadvertently creating high risk IT environments are simply no longer valid.

In the 2015 DFK IT Survey we asked our members to tell us what their next significant IT investment was likely to be. A response we received from one of our member’s was “replacing Windows XP with Windows 8”. Well, I certainly hope that member has made the upgrade from Windows XP!


 

Zoe’s Tips
by Zoe Daniel, Membership Executive, DFK International

Zoe

Welcome to a new feature of the DFK IT Committee Newsletter, Zoe’s Tips!

In each forthcoming newsletter I will be sharing tips with you on how to utilise your DFK Membership via Information Technology!

 

In this first column I am going to encourage you and your staff with an interest in IT best practice to register for the members site at www.dfk.com/login

Over the next few weeks we will be launching an Information Technology Section on the members sites where the IT Committee will be uploading documents on interesting developments that will affect your business and best practice documents.

Get registered now!


 

Recommended Apps

TripitTripit
Tripit pulls together travel information from your confirmation emails for flights, hotels, rental cars, events bookings and converts it into a single itinerary. Just forward your emails to the app and it will do the rest. If you’re travelling with others you can easily share the plans, making this a useful app for coordinating a group trip.
• Free, iOS and Android

DuolingoDuolingo
Duolingo, a free and incredibly well-designed language learning app. Though not a replacement for proper language tuition, the app is a fun way to get the basics, or to keep yourself fresh on grammar and vocabulary, before a trip abroad. Just like a computer game, the app guides you through levels that you need to complete before advancing, and you gain experience points along the way.
• Free, iOS and Android

Did you know? Useful Links & Tips

Did you know? How to avoid surveillance … with the phone in your pocket
By Chrisopher Soghoian

Who is listening in on your phone calls? On a landline, it could be anyone, says privacy activist Christopher Soghoian, because surveillance backdoors are built into the phone system by default, to allow governments to listen in. But then again, so could a foreign intelligence service … or a criminal. Which is why, says Soghoian, some tech companies are resisting governments’ call to build the same backdoors into mobile phones and new messaging systems. From this TED Fellow, learn how some tech companies are working to keep your calls and messages private.                                                                                                                                                       Click here to watch the full talk

What happens when our computers get smarter than we are?
By Nick Bostron

Artificial intelligence is getting smarter by leaps and bounds — within this century, research suggests, a computer AI could be as “smart” as a human being. And then, says Nick Bostrom, it will overtake us: “Machine intelligence is the last invention that humanity will ever need to make.” A philosopher and technologist, Bostrom asks us to think hard about the world we’re building right now, driven by thinking machines. Will our smart machines help to preserve humanity and our values — or will they have values of their own?                                               Click here to watch the full talk

 

NR Doshi

NR Doshi