2015 marks the 25th anniversary of the incorporation of Cadzow TECH Pty Ltd — although the Cadzow family has been in the IT industry since the late 1970s. Back then, the first work the company did was run training courses in Ventura Publisher. And it's amazing to think we were only 8 years old. Apparently the traditional 25th gift is silver, or Netflix vouchers.
We still have clients from those days, some of whom have stayed the same, some have evolved remarkably, changed hands, or incorporated the next generation of their families into the business. It's been great fun, and an honour to have so many folks trust us with their IT.
In the last 10 years, one of our areas of focus has been professional services, mostly IT fleet management and consulting. This side of our business has grown agreeably, thanks in a substantial part to referrals by existing clients and business colleagues. We've worked hard to build a practice around professionalism and fidelity — and quality outcomes.
Part of our management service is essentially a type of external CIO role. There are lots of areas that might seem to be mundane business issues but which involve IT and where better results can be achieved with good advice and management upfront. Some examples are: moving premises, renovations, changes to headcount, anything to do with electrical power, major equipment purchases, acquisitions and mergers, other digital asset matters (software projects, websites, social media).
Clients managed by Cadzow are invited to always discuss these matters before making decisions; in most cases the discussion is included in your existing arrangements. (If you're managed elsewhere, be sure to include your advisors in your plans. Your IT providers do not want to hear about a major new thing at the last minute.)
As we've mentioned previously, Windows XP is still discontinued. Getting rid of these systems should be occupying your attention.
Windows 2003, the server version of Windows XP, will drop out of support in 2015, so any services running on such a system, particular those that are Internet-facing, will need to be migrated elsewhere before they become unsafe.
Possibly less front-of-mind now that you have a fleet of shiny new Windows 8 boxes is that Windows 10 is about to land. Microsoft really, really wants you to use Windows 10; so much so that they're giving it away!
The proverbial Joe I-Just-Want-My-Phone-To-Work Average would not have heard much about it, but 2014 and 2015 have been pretty bad years for encryption. This is technology that protects everything from social media to banking from the prying eyes of hackers in basements (and, for that matter, those of the dedicated men and women of our law enforcement agencies).
There were the ‘POODLE’, ‘FREAK’ and ‘LogJam’ vulnerabilities, and OpenSSL, a widely-used encryption library, was found to have a lot of embarrassing flaws. And yes these wacky names have meanings. Don't ask.
The good news is that, for users, these flaws have been largely mitigated by software updates, so if your system is updating regularly, you don't need to do anything extra, or panic whether anyone can intercept uploading your cat photos onto Facebook. And, despite giving cryptographers palpatations, there was never much serious fear that some of these flaws were being actively exploited, especially considering the speed mitigations were rolled out.
But on back-end systems such as servers, there is still work to be done to ensure their exploitability is as close to zero as can be. For systems managed by Cadzow, this configuration work has been done at various times over the last year, so you can be assured your system is communicating over the Internet with best practices.
Peer-To-Peer (P2P) Systems
BitTorrent-type systems are used to distribute large files across the Internet in easily-processed small chunks. Although there is a proportion of legitimate material on these networks, they are overwhelmingly used to distribute movies and television shows against the wishes of the copyright holders. The risk of using this software is not reducing, and business owners should have zero tolerance for their existence on their systems. Also see:
Lately some Australian website hacks/defacements have been in the news, both due to the benign organisations attacked and the political message invariably displayed. It can be frightening, and people wonder why they are being hacked into.
But often, the organisations whose websites are defaced are targetted only because the hackers know how to break into that particular type of site. They use the “low-hanging fruit” of known security vulnerabilities in out-of-date content management systems.
In principle, the defence is simple: keep the website code up-to-date. In practice, this can present varying levels of difficulty. Some content systems (eg. Wordpress) have online updaters, so all the components of the site can be updated very simply. Other systems need to be updated manually, or have no updates at all.
Business owners should ask their web developers to review their site at least yearly and ensure it is up-to-date, secure, and backed-up.
You might not be too concerned if your website is defaced, but when it happens it can be, at best, embarassing, or, at worst, it might be serving up viruses to visitors, or being used to distribute even worse material. And recovering a defaced site can be difficult if there are no current backups of the site. At the very least the fees to recover the site will be more than keeping it safe in the first place.
Website News II: ‘Mobilegeddon’
While you're talking to your web developer, ask them how mobile-friendly or mobile-optimised your site is. Many sites will need a refresh or tweak because Google is now prioritising mobile-friendly sites in search rankings, and this has been dubbed by wags as “Mobilegeddon” due to the subsequent loss of ranking some sites will suffer.
Updating your site may simply be a matter of updating the back-end code, or the changes required may be more extensive. Your web developer will advise the costs and any technicalities.
Another issue business owners should be aware of is that there is increasing talk about reducing the use of http (the unencrypted web protocol) in favour of https (the encrypted web protocol). The use of https not only protects the information flowing from A to B from spying but ensures its integrity, since it can't be modified.
Generally, the use of https on a website requires additional costs and processing power. Thus, in the recent past, website operators have made a choice about whether http or https suits them best, with https being reserved for the most private communications. But more latterly, many of the costs are reducing and the risk of intercepted communications is growing. So https is rapidly becoming more and more important, even for sites which seem benign.
To push the matter along, the next standard for HTTP will only operate with encrypted connections, so websites which don't use https will not be able to take advantage of HTTP/2. Furthermore, Google is giving some slight precedence to sites offered over https in its search rankings. And important web organisations like Mozilla are beginning to actively push the best new web features into https-only.
What does this mean for the average business owner? For the moment, virtually nothing. But keep a few things in mind:
If you're about to refresh your website, put it on https. Don't ‘consider’ it, don't weigh up the pros and cons, don't worry about the minor expense, just do it.
If you have a current site that is mostly public but has some private components, such as a “Contact Us” form, but which runs on unencrypted http, put the site on https.
In as little as ten years, web browsers will be quite hostile to non-https websites, and they will end up pushed to the outer.
Obligatory iOS Stuff
It's worth regularly checking that your iPhone/iPad is being backed up, whether to iCloud or your computer:
Once you've checked the backup is working, ensure your device is up-to-date. iOS 8 has had many updates, which improves the quality of the system, encrypts much more data and closes some security holes.
Another important feature that should be enabled is Find My iPhone. This not only allows you to locate the device when it's slipped behind a couch, but you can wipe it remotely if stolen. And this mechanism is how iPhones/iPads are secured against being wiped and reused when stolen. Ensure it's switched on via Settings → iCloud → Find My iPhone.