Cyber Security & Learning from TalkTalk

When we last discussed cyber security the point regarding high profile companies being hacked was a relevant one and now with the latest incident regarding TalkTalk, it has just been hammered home once more. This short article discusses what happened and how we can all learn from it

 

Short version of what actually happened

TalkTalk do not know how many of its 4 million customers have been affected by the data breach, but what we do know is that the cyber-attack which took place on Wednesday, 21^st of October, affected people’s names, addresses, bank account numbers and sort codes. As TalkTalk put it on their website, these details ‘may have been accessed’. TalkTalk were hacked, the hackers attempted to blackmail them, they refused to pay and reported the breach.

What can we learn from it?

If there is only 1 thing to learn from it, it’s that system data must be encrypted. Most systems have debit/credit card details encrypted, but the possibilities to take advantage of other customer data these days is enormous. There is a thriving black market for stolen data, and you don’t even have to go to the Darknet to get it, it’s readily available online.

The other thing to take way from the TalkTalk incident is to have a proper post-breach response plan, this should include quick distribution of accurate information to the relevant parties (customers and authorities), allowing the proper assistance if required, but also to lessen the impact on your customers and begin the process of rebuilding their trust in your organisation.

George Toursoulopoulos is a technology specialist and CEO of Synetec, one of the UK’s leading providers of bespoke software solutions.

Software, Data Hacking and Fitness Bands

So everybody, well almost everybody, is wearing a fitness tracker of some variety. Almost everybody, because I haven’t jumped on that bandwagon yet, but that’s another story. With the ability to develop applications specifically for these devices and for these apps to be available across devices, there is an increasing amount of interest in this topic. This short article outlines some basic capabilities, what you should consider and some posed safety risks which you should know about to prevent your data from being ‘hacked’.

Part 1: Software Development

Back in May 2015 Microsoft released a SDK (software development kit) for those who want to create apps for the Microsoft Band fitness tracker. With this SDK developers are able to create applications that can access information from the fitness bands sensors and also allow applications to send notifications from a paired smartphone to the fitness band. This allows developers to create applications that support Windows, access all calorie data recorded and stored in the fitness band and connect to the band from tasks running in the background. The functionality exposed by this SDK includes access to all the fitness bands sensors such as a heart rate monitor, accelerometer and gyroscope. Versions of the SDK are available for each mobile operating system. This in tandem with Microsoft Health (a cloud-based fitness service that offers personalised health related information using data gathered from fitness bands) allows the potential for competition against Apple and Google and there offering.

Ignoring the individual software vendors and fitness bands themselves the scope is simply immense! Not only are existing fitness apps so much more useful, because let’s face it who wants to input all their calories intake or exercise details into an app when it can be done automatically, but the opportunity to provide focused and extremely relevant informed services to the consumer has never been better. As more and more devices become connected and can share your health related information, the more useful they can become. I will admit I was pretty envious when hearing about the WIFI weight scale that shared information with the fitness band and all that information was shared with an app on the users phone to provide amazing data and reporting. With the ability to develop and deliver apps that can access some of these devices, the potential is exciting.

 

Part 2: Your health data

All the data that is recorded by the sensors on your fitness band is available when pairing to the device through the Bluetooth LE protocol, which doesn’t require a password to pair two devices. By using the standard Android SDK you can easily scan for any Bluetooth LE fitness band in the vicinity and attempt to connect to it. In fact the only thing that stops anyone from just connecting to these bands and accessing all the data is if there’s already a phone connected to the device! However, it is also possible to disrupt the connection between a paired phone and a band, giving the software the opportunity to connect instead. So what is the downside of having your band hacked? Not much at this stage, they are still in their relative infancy and only record calorie and exercise related information, but this is also changing and you wouldn’t want your GPS recorded location history available? That could quite easily allow someone to know where you worked, lived, etc.

No doubt the band manufacturers will address this, but until then it’s possible.

George Toursoulopoulos is a technology specialist and CEO of Synetec, one of the UK’s leading providers of bespoke software solutions.

Managing Home Working

Many IT roles are ideal for a flexible working policy, however there are always issues to consider when implementing such policies. This article addresses some of these issues and provides some guidelines to ensure that both the business and the employees are better off for it.

Productivity

Certain roles within IT lend themselves to task based planning, which is perfectly suitable for remote working. A software developer for instance is assigned tasks, each task has an agreed timeline and then the dev gets on with it. As long as the tasks are being done to a reasonable schedule and at the quality that has been specified, then the business is better off by having happier employees and they are happier because they can work when and how it suits them. The regular review of the task progress eliminates most of the potential pitfalls. So productivity needs to be quantifiable.

Communication

Email can be cumbersome, so instant messaging and VOIP phones should be used to make life easier. Additionally, for certain types of tasks and early phases of projects, there is no substitute for being in the same location and having a face-to-face. Bottom line is that communications must be easy for all concerned and at certain points there is no substitute, which has to be recognised by everyone within the team.

Company Ethos

It’s sometimes a pre-existing idea within a business that remote working is an opportunity to slack off. If it’s handled correctly the company gets additional hours for no charge because of the additional pressure for team members to be more productive and put in a ‘good shift’ when they cannot physically be seen, that works to the company’s advantage and all parts of the organisation need to understand that. This can be a harder sell in some companies, but that’s part of the challenge.

Summary

With longer and more expensive commutes, cost of office space and better infrastructure available to homes across the country, home working is making increasingly more sense. That doesn’t detract from the fact that some people just aren’t suited to it or they might not have the correct environment at home that is conducive to it, that has to be taken into account. It doesn’t mean they are bad employees or slackers, nor that home working doesn’t work, but it does need to be identified and agreed that it might not be suitable for them. Finally, any employer obligations need to be considered such as health and safety assessments where applicable, insurance, etc...

George Toursoulopoulos is a technology specialist and CEO of Synetec, one of the UK’s leading providers of bespoke software solutions.

Top 3 Tips to Effective Software QA

Introduction

Software Quality Assurance is and always will be a challenge, furthermore it can be a costly one. To get it right requires a combination of the right people and the right processes, both which require investment and a prioritisation within the organisation. Below are some of the key elements in getting it right.

 

Build the right QA team

Firstly, let’s not kid…hiring good QA’s is hard. There are many low end candidates and a fair bit of needing to separate the wheat from the chaff. We see a lot of CV’s from candidates working in large outsources and most of these candidates are more suited to working in a tightly managed team performing routine tasks. You need to find diligent, bright people that are capable of understanding the systems. The nature and complexity of the systems have a big effect on the calibre of candidate. There is a large difference between testing a simple ecommerce website selling widgets versus a risk management system for a financial institution. These QA’s will need to get into the nitty-gritty of the system, how the users will use it and what the dev’s might not have thought of in order to find the faults. The other consideration is when you hire the right people, due to their calibre you will need to allow for career development and its fairly common to see the right candidates move into BA roles, so the challenge doesn’t end with hiring the right candidate.

Testing Automation

If you are not automating the majority of your testing, QA becomes a mind-numbing and time consuming process that is a breeding ground for human error. It becomes extremely difficult to get the consistent regression testing that you need for high quality software in production. Back to the point above, the right QA’s will have the ability required to ensure quality test plans and the ability to automate them. Automating the regression testing of the product is also the main area where you should consider using outsourced resources if there is a bottleneck, as they can assist in getting over the one-off resource bottleneck. Ideally, automated test scripts should be run nightly on the latest build with the results being reviewed and interpreted every morning by the test team, in turn this should filter to the dev team so that product regression is kept to a minimum.

Storyboards and Testing Plans

All test storyboards should be logged in the product backlog for reference, this number can be quite large, but it should be done. All bugs found by the testing team should be logged to the storyboard too, so that it’s included going forward to assist in avoiding product regression. Going back to the automation, the more test storyboards that have been automated, the lower will be the reliance on manual testing and the challenges that come with that.

 

Conclusion

Ideally, you should treat the testing as part of your product development engineering and integrate the testing with the development as much as possible. Automate as much as is feasible for your scenario and ensure you have high quality QA’s for what needs to be performed manually.

George Toursoulopoulos is a technology specialist and Director at Synetec, one of the UK’s leading providers of software services and solutions.

Synetec supporting SportsAid

Synetec were proud to get involved with the SportsAid Charity Golf Day this year. The event was held at the immaculate and prestigious Stoke Park.  

Most importantly the day raised awareness and funds for the tremendous work and effort that SportsAid puts into helping the next generation of British sports stars by giving them financial support and recognition during the critical early years of their careers.Click here to learn more about the great work being undertaken by SportsAid.

The imposing Stoke Park

The challenging and gorgeous 7th hole, which was the inspiration behind the famous 16th hole at Augusta

Case Study: CRM and Portfolio Management System Integration

Industry: Financial Services

Introduction: The organisation wanted to maximise their return on investment from their CRM system and assist the sales team to develop new business by having the appropriate data from their Portfolio Management System available in a secure and timely manner.

Challenges:

• The business had significant information available within their PMS such as client holdings across funds, positions, subscriptions, redemptions and valuations which needed to be manually retrieved, this in itself was such a time consuming process that it was mostly avoided

• This PMS-based information needed to be reviewed in conjunction with the data stored in the Client Relationship System, looking at all related information in one place made it far more powerful and effective

• The data needed to be up to date, visible to only authorised personnel and not negatively impact the performance nor the stability of the PMS

Objectives:

• The data from the PMS needed to be enriched with all available related information from the CRM

• All relevant information pertaining to the client needed to be accessible from within 1 screen

• The information needed to be available near real-time

• The performance of the PMS needed to be unaffected

• Security should be in place to ensure that only relevant information was available and that any confidential or unrelated information was excluded

Solution:

This Investment Manager partnered with Synetec in order to deliver functionality to enrich and make available information that has improved the performance of their sales team. In the absence of a proprietary API, the data from the PMS was accessed through scheduled nightly reports.

Not only could the sales person view all relevant CRM information of the client, but also any transactions involving the client’s accounts and the valuation of their holdings.

Benefits:

This system allowed the valuable data that was locked in the PMS to contribute to the success of the business as a whole. Initial indications are that sales have improved significantly with the sales team attributing the majority of that increase to this integration and the additional information at their fingertips.

George Toursoulopoulos is a technology specialist and Director at Synetec, one of the UK’s leading providers of software services and solutions.

Top 3 Tips when taking software to mobile devices

Introduction

Can we have a version of that for Tablet and Smartphone please? We have long since passed the point where tablets and smart phones are being used for business, the challenge is when a proprietary system has functionality that is inaccessible on these devices. This article attempts to address the key criteria to assess before taking that step forward.

Which part?

"We want to use the system on our iPad" is all well and fine, but does the entire system need to be accessible via a tablet? For example, in a CRM system, the list of clients and client contacts is viewed almost every time the user logs on, it's a primary purpose of the system, but do they really to be able to change their user settings or schedule reports to run via a tablet version? It might make sense to take a phased approach and leave the less frequently used parts of the system for a future phase, if at all. The main objective is usually to make the frequently used parts of the system available on different devices, not to make a complete mobile version of the system, making that distinction can save an awful lot of time and money.

Which way?

The existing systems architecture will influence many of the decisions to be made and also affect what sort of effort will be required. Having the same functionality implemented on different platforms will greatly increase the effort and costs when implementing new or changing existing functionality. For example in a windows-based system, it might make sense to move all common functionality to a WCF service that can be called by both the windows application and the mobile version, this would ensure only 1 set of code and greatly increase maintainability. Thought has to go into which platforms to develop for, is both Android and iOS required? If so, can that perhaps be implemented by making a dynamic web-based version of the application (using responsive or adaptive html) that is then accessible and works across platforms. Often a change to the main application can make moving forward much easier.

Watch it!

Maintain the system's integrity is often overlooked in these types of projects, with all the excitement of moving to a mobile platform issues such as system and data security can be overlooked and with this different type of accessibility come different types of security challenges. The usability of the system is also something that can be underestimated, to do this properly the commonly used pieces of the system need to be redesigned so that they are usable on the different devices. To get the most out of the system it will look different on a tablet from a Smartphone.

George Toursoulopoulos is a technology specialist and Director at Synetec, one of the UK’s leading providers of software services and solutions.