Archive for March 17, 2020

Low Life Patent Troll Owned By Softbank Tries To Stop A Company From Making COVID-19 Tests So That It Can Cash In…. WTF?

Posted in Commentary on March 17, 2020 by itnerd

I am used to covering low life scumbag patent trolls. But this is the lowest of the low when it comes to patent trolling. This will take a bit of effort to explain so hang with me here. The patents in question ended up in the hands of this patent troll via this route:

Back in 2018, the disgraced biotech company Theranos sold its patent portfolio to Fortress Investment Group, a division of Softbank. Now two of those patents have wound up in the hands of a little-known firm called Labrador Diagnostics—and Labrador is suing a company called BioFire Diagnostics that makes medical testing equipment.

The testing equipment that is in question are machines that test for COVID-19. Yes. The pandemic that is sweeping the planet, putting millions into lockdown/social isolation/. and has resulted in the deaths of thousands. I’m going to go out on a limb here, but I am going to say, and I think that you would agree, that suing a company who is trying to help to stem the greatest medical crisis in a generation for patent infringement is a really bad idea.

Needless to say, the blowback was epic:

Facing an avalanche of bad publicity, Labrador announced on Tuesday that it would grant royalty-free licenses to companies developing COVID-19 tests. The company also claims it didn’t know that BioFire was working on a coronavirus test when it filed its lawsuit last week. The company seems to be going forward with the lawsuit.

I find the possibility that they were unaware to be completely implausible. The fact is that they tried to cash in on the pandemic, got slapped silly with all the bad press from trying to do so, and backed off as fast as they could. But in a strange way, I’m not shocked by this. Why? Just look at the players involved:

  • Fortress Investment Group is a division of Softbank. These are the same humans who brought you the WeWork debacle.
  • The patents were bought from Theranos which is another epic debacle.
  • The patent trolls are represented by infamous law firm to patent trolls everywhere Irell & Manella who once claimed it could represent a monkey in a copyright infringement dispute.

This has epic gong show written all over it.

IAITAM Says More Data Breaches Are Likely As Unprepared Companies, Agencies Face “Nightmare” Data Risks

Posted in Commentary on March 17, 2020 by itnerd

Many companies and government agencies have already sent employees home to work remotely in response to concerns about the coronavirus.  This week, thousands of additional employers will likely follow suit until concerns about the contagion ease.  The International Association of IT Asset Managers (IAITAM) is warning that most employers may have rushed into making their decision without thinking through how to secure their most sensitive data.

As an example a 2015 IAITAM report that found 17 percent of U.S. Securities and Exchange Commission (SEC) laptops were not where they were supposed to be and 22 percent had incorrect user information.  The Washington, D.C. office of the SEC sent all employees home to work last week due to the discovery of a coronavirus case in the agency’s headquarters.  Under the circumstances cited in the IAITAM report, the SEC would have little confidence that it knows who is working remotely on which machines and under what circumstances.

In the best-case scenario right now, a company or agency has a Business Continuity plan that incorporates ITAM and one that can send employees home with IT assets that are accounted for and working properly.  Under this approach some employees using high-end, expensive computers and other equipment may not be able to work from home, while others requiring only a laptop and word-processing software will be able to operate offsite with ease.
If your company is sending home people with equipment, IAITAM has this advice:

  1. Sign out and track all IT assets that are being taken home.  No IT assets should be allowed to leave a company site for the first time without formally accounting for each movement.
  2. Make sure solid firewall and passcode protections are in place for accessing company systems.  Companies and agencies that plan properly will “scale up” to accommodate a shift in traffic from the workplace to remote access.
  3. Consider requiring employees to sign a Non-Disclosure Agreement (NDA) about the data they will have access to outside the office.  The data is often significantly more valuable than the IT assets in which it is contained.  Vital company information may be at stake and an NDA sends a message to employees that they have serious responsibilities that must be honored and respected.
  4. Provide education and training to employees about how to responsibly manage their equipment and the company’s data.  For example, parents who are accustomed to allowing a child or spouse to use a personal smartphone or computer must be coached to avoid doing so with company IT assets.  Companies may also elect to forbid the use of company IT assets on public Wi-Fi networks, such as coffee shops and fast-food restaurants.
  5. Monitor employee data use and other remote practices. It would be nice to assume everyone will follow the rules and be a team player, but that doesn’t always happen. Any potential for mischief or data abuse may be heightened in a work-from-home environment.  Remember that most data breaches are caused by insiders, not outside hackers.
  6. Tighten up the reins on Bring Your Own Device (BYOD) practices.  The reality is that the longer someone is out of the office, the more likely it is that they will do company business on their personal smartphone, computer, tablet or other Bring Your Own Device (BYOD) asset. A device that is BYOD could simply be a personal phone that receives work emails. If the employee’s contract or policy language does not give the data rights to the organization, the IT Asset Manager will need to make an addendum giving the rights to the organization. The employee may own the device, but the work-related data is 100 percent owned by the company.

What about companies and government agencies that did not invoke their BC plans with ITAM protections built in, and are now sending employees home to work things out as best one can on their own personal devices?  (This could also apply to companies and agencies that have such plans in place, and ITAM, but rushed ahead out of coronavirus fears and did not call on the protective provisions.)  For those companies and agencies, the list of potential problems is long:

  1. Companies and agencies will have little or no information about the devices being used to conduct company business.  In the absence of the most basic mobile device management (MDM) system, companies will be almost completely blind as to who is accessing their data.
  2. Companies and agencies that do not require their workers to operate remotely through a virtual private network (VPN) will be relying on personal Wi-Fi systems that may be entirely insecure and/or already corrupted. Unprepared companies may also find that their VPNs are unprepared for a tidal wave of outside access.  Companies that allow employees to use BYOD devices to do business on public Wi-Fi systems may be even more vulnerable to attack.
  3. The longer employees are working remotely in a vulnerable state, the bigger a target they may become for phishing and other attacks.  Already, there have been countless coronavirus-related attacks. Those working at major companies and government agencies may find themselves in the crosshairs of such sophisticated schemes.  In the absence of training and ongoing guidance from their company, the sensitive data on personal devices could be at considerable risk.
  4. Data on personal devices (outside the reach of a company or government agency) likely will remain there when the employee returns to work.  This creates a huge risk if the personal device is “handed down,” sold to a third-party or improperly disposed of.  In these scenarios, the exposure of sensitive company data may be entirely unintentional and end up becoming public.

Infographic: How to Prevent Data Center Downtime

Posted in Commentary on March 17, 2020 by itnerd

Data centers have become central to the global economy, the environment and human welfare. Thus, the cost of data center downtime, while enormously expensive in monetary terms, is enormously greater when you consider the total impact.

And speaking of enormity, data center downtime prevention faces enormous challenges in itself. Threats come from every direction: hackers, extreme weather, accidents, operator errors, equipment failures and facility-related issues.

To help clarify priorities and actions, the infographic below, Data Center Downtime: Causes and Prevention, should prove to be most helpful. It first lays out the scope of the problem, and then defines major risk areas and provides various means of addressing them. Some suggestions are as simple as the proper labeling of equipment; others, such as preventing cybercrime, require multiple actions on a very wide front. With so much to do, an infographic such as this one is a very useful tool in establishing context.

While many reviews of data center downtime focus exclusively on the business revenue costs, the infographic takes notice of the human costs, which should always be top of mind. Arc flashes are a serious event, producing extreme temperatures and potentially chain reactions that can (and often are) life-threatening. To learn how to address this and other issues relating to data center outages and prevention, continue reading.

Data Center Downtime from Pro Access Floors

ServiceNow Releases Four Emergency Response Apps to Help Customers Navigate COVID-19 Crisis Management

Posted in Commentary with tags on March 17, 2020 by itnerd

ServiceNow today announced a customer care plan to support its public and private sector customers in managing the COVID‑19 pandemic.

As part of this effort, the company has announced four new community apps to help its customers, including government agencies and enterprises, manage complex emergency response workflows. These apps are now available at servicenow.com/crisisresponse for customers to access free of charge through September 30, 2020.

Emergency Response Operations app for government agencies

Washington State’s Department of Health, a ServiceNow customer, initially created the Emergency Response Operations app on the Now Platform to manage their own response to COVID‑19. Working with ServiceNow, the Department of Health is making the app available to all government entities at no charge.

Customer care plan

ServiceNow has launched a customer care plan to support its customers as they focus on maintaining business operations during the COVID‑19 pandemic. This includes a commitment to maintaining virtually 100% uptime for ServiceNow instances; and launching a Now Community forum where customers and partners can interact with other customers, as well as an Apps Suggestions portal, where customers and partners can provide their ideas for COVID‑19 related apps or features.

In addition to the State of Washington’s Emergency Response Operations app, ServiceNow has developed and introduced three, free of charge community apps to benefit all customers. The additional apps include:

  • Emergency Outreach: during a crisis, this workflow leverages the Now Platform to help companies connect with employees to assess the impact. Employers can reach out by email to provide information and safety measures and request a response to confirm if employees are safe and where they are located. Employers can also leverage the ServiceNow Now Mobile App to send push notifications to employees via mobile to get response.
  • Emergency Self Report: this workflow helps an employee notify their employer that they are self‑quarantined and when the employee will return to work, and provides workflow support for the employer.
  • Emergency Exposure Managementwhen a company becomes aware that its employee is diagnosed with an illness, this workflow helps the employer identify other people who might have been exposed based on the employee’s meetings history and job location.

More information about ServiceNow’s customer care plan, including accessing the community apps, can be found at servicenow.com/crisisresponse.

Customer support

As a global company, ServiceNow has critical business functions, including technical support and cloud operations, distributed in regions around the world. This model will help ensure consistent, world‑class customer support and service levels for its customers.

The company is committed to maintaining virtually 100% uptime for ServiceNow instances to ensure that customers have all of the capabilities available to them to continue their operations. ServiceNow maintains an Advanced High Availability Architecture with the ability to run a customer’s production application from a pair of data centers located in geographically different regions.

ServiceNow’s business continuity plan covers the ability for our cloud operations and technical support teams to work remotely in a safe and secure manner so they can continue to serve the company’s customers. All remote access happens using secure connections and multifactor authentication.

ServiceNow’s Knowledge 2020 customer event goes digital

In order to protect the health and safety of its customers, partners and extended community, ServiceNow’s Knowledge 2020 event will become a digital community experience. This digital event, which starts on May 5, replaces the in‑person event scheduled May 3‑7 in Orlando, FL. The Knowledge 2020 digital experience will showcase all the ways to unlock productivity through modern digital workflows, highlight the latest customer and platform innovations, and inspire the ServiceNow community to continue to create great experiences and unlock productivity for businesses.

Protecting our employees

ServiceNow has taken action to maximize the well‑being and safety of its 10,000‑plus global employees, office staff and communities. As part of its efforts, the company:

  • Has asked all employees globally to work from home, effective March 11th, in an effort to encourage social distancing;
  • Is continuing to compensate all full‑time and part‑time workers, contractors and support staff during this work‑from‑home period; and
  • Is requiring that employees avoid business travel unless it’s deemed business‑critical, and is within their own country.

Community giving

Across ServiceNow’s global community, we recognize that healthcare workers on the frontlines of COVID‑19 are in need of support. These workers are in need of supplies, such as masks, protection suits, goggles and medical testing equipment, as well as basic necessities, such as food, lodging, training and support. ServiceNow is making donations to the International Medical Corps and the CDC Foundation totaling $100,000 to support these efforts.

 

The US is fighting COVID-19 with 83% of healthcare systems running on outdated software

Posted in Commentary on March 17, 2020 by itnerd

According to data gathered by Atlas VPN, the US is fighting COVID-19 while having 83% of their healthcare systems run on outdated software.

Newest reports show, 83% of devices of 1.2 million IoT in the US healthcare run on outdated software: 56% of devices operating on Windows 7, and 27% are running Windows XP or decommissioned versions of Linux OS. The situation leaves multiple security vulnerabilities to be exploited by hackers.

At the moment, there is a 26% chance that 14% of patient monitoring tools will get attacked. Although the numbers may not seem as big, it is extremely concerning, considering every COVID-19 patient is being monitored in hospitals.

On March 15, the US Health and Human Services Department experienced a cyber attack on their computer. It happened right after the National Security Council posting a tweet to warn people about a fake text message claiming Trump will be ordering a two-week quarantine. It is believed the attack and the text message are somewhat related.

To read the full report, head over to: https://atlasvpn.com/blog/us-is-fighting-covid-19-with-83-of-healthcare-systems-running-on-outdated-software/