Dispel tech myths in the office

In part four of our series on technology in business, we look at some digital ‘old wives’ tales’ that aren’t founded in fact, and could be stopping you from taking your company to the next level

TechMythsThe sci-fi writer Arthur C Clarke once said that, “Any sufficiently advanced technology is indistinguishable from magic.” That’s true, and that’s probably why there are so many myths and fallacies masquerading as mantras and facts in technology today. When a computer the size of your pocket is more powerful than the technology that put us on the moon, and all your work documents can be stored safely on another continent but be accessible in an instant, who knows what to believe when it’s all so wondrous? Don’t worry though: we’re here to shatter some of the rumours for you, myths that might actually be holding your business back. Be sure you don’t fall prey to any of these tall tech tales anymore.

Open source is less secure
The code powering all software is either closed source – private and confidential, as most commercial ventures are – or open source: viewable so that others can edit and improve upon content, and usually free. The Windows operating system is the former; the Linux operating system is the latter.

Both types of software have their pros and cons. Closed source software may often be more consumer-friendly and expensive (say, Adobe’s famous Photoshop image editing software), while open source alternatives can be just as powerful, even more customisable, but less easy to use (Photoshop’s  open source equivalent, the GNU Image Manipulation Program, for instance).

However, the notion that open source software is somehow less secure than closed source is a myth. Just because the code is freely available, it does not follow that it is easier to hack. On the contrary: the community can iron out the flaws in it in a transparent manner, whereas a proprietary programme may harbour all sorts of undiscovered bugs and flaws that hackers could exploit. Think of open source code as a huge fortress with thick, unassailable walls. You can see them – but you can’t climb over them. Closed source, meanwhile, is cloaked in darkness – and who knows what secret passages lie within?

In fact, one of the world’s leading experts says there’s no clear winner when it comes to which is more secure. “I’ve done a lot of work on this, and there’s no objective evidence either way,” Dr Ian Levy, technical director with CESG, a department of Britain’s GCHQ intelligence agency that advises the government on IT security, told ZDNet’s news magazine recently. “On average, good open source is about as good as good proprietary, and [bad] about as bad as bad proprietary,” said Levy.

Macs don’t get malware
Unlike some of the other fables in this list, this one does have some truth in history. Apple computers are by no means inherently more secure than their Windows counterparts by design, but virus makers will typically target the maximum number of vulnerable machines in order to ensnare as many computers as possible. And if Windows machines outnumber Macintoshes at a ten-to-one ratio, as they did for many years, why bother focusing on them? Sure, there were a few scare stories – the Renepo worm in 2004, the Leap-A virus in 2006 that spread via the Mac iChat messaging software – but by and large these were the exception and not the rule, and browsing the web on any iMac you were generally immune to harm.

Not any more. The surge in Mac sales (and its coolness) over the last decade however has completely changed that, and you may be just as much at risk clicking on random links on a MacBook as a ThinkPad in 2015. While you’re still more vulnerable from traditional viruses on a Windows PC, you’re very much a target from scammers, who have become much more sophisticated, on any machine. You can just as easily install unpleasant bloatware and adware that hurls incessant pop-ups at you on a Mac. And one of the biggest security flaws in computing – compromises to the Java browser plug-in, which made up 91% of all attacks in 2013 – is common to both platforms.

The good news is that both platforms have become much more secure as time has gone on. Microsoft’s own Security Essentials is one of the best and most reliable anti-virus and security tools on Windows (and is free). Apple’s OS X operating system meanwhile now lets you restrict app installations to those all thoroughly vetted) from Apple’s own Mac App Store.

Working remotely means not working
You’ve probably heard lots of talk about the future of the office not being in the office at all – how superfast broadband is freeing us all from our desks and saving employers money on desk space and more.

The chances are you’ve also heard just as much in reaction from sceptics, unconvinced that sitting at home in your pyjamas answering emails in the middle of the night is the way forward. Yahoo! CEO Marissa Meyer made headlines in 2013 when she banned all employees globally from working from home, insisting that it would better foster collaboration.

Allowing employees to work remotely may or may not be the right move for your business, but you shouldn’t rule out flexible working in some form, not least because some recent studies have found it can actually improve productivity. Last year, after a nine-month experiment where workers at a call centre were allowed to work from home, Harvard economics professor Nicholas Bloom actually found productivity didn’t just stay the same, it improved. Compared to those who remained in the office, those at home made 13.5% more calls, and, perhaps more crucially, had a 50% lower turnover rate. In today’s tough economy, employee retention has never been more important, and when the price you can put on it turns out to be more profit for you, working remotely should be a matter for discussion at any board meeting if it isn’t already.

Complicated passwords are always safest
Passwords are the weakest link in any security system – because they’re human. We have so many to remember, and memorising ones deemed ‘secure’ becomes an ever greater challenge as password crackers constantly share lists of commonly used phrases, so that their powerful computers can tackle all permutations of these first. That means even long, memorable phrases (the quick brown dog jumps over the lazy fox, for instance) can be cracked by computing brute force these days.

So what’s the solution? Surprisingly, that mix of numbers, upper and lower case letters and punctuation marks that you’ve managed to memorise may not be as robust as you might think – unless you deploy it in just the right way. If you’re having to remember more than one complicated and unique password you’re going to struggle, or just use the same one everywhere, which is a very bad idea. Because hackers effectively compare notes on common password formulations, it’s actually much safer to come up with a memorable phrase and use the acronym of that to make doubly sure it’s unique to you, according to security expert Bruce Schneier. For instance, ‘The year that my father was born was: 1956’ could be Tytmfwbw:19fs.

If you want to breath easier though, consider using two-step authentication (which sends a second pin code to your phone) on any Internet service that offers it, or a password manager such as 1Password or LastPass.

Cloud secure?
It’s almost impossible to avoid hearing talk of the cloud, or the use of it, for that matter – everything from your Hotmail address to Netflix movie streaming relies on faraway data centres that shuttle information to you over the Internet. There’s still a lot of paranoia around the concept however when it comes to using it within your business: a 2014 study by Computing.co.uk of 120 IT managers at small- to medium-sized enterprises found that only 5% had completely moved away from in-house servers, while 42% said cloud technologies did not suit their businesses.

The cloud is by no means secure (you only have to look at the fallout of Edward Snowden’s NSA leaks to see that even the biggest companies will sometimes readily give up their users’ data) but neither necessarily is the ‘solution’ that your cash-strapped IT advisor is pushing for to keep everything in-house.

Ultimately, what matters is not where your data is stored but how it’s accessed, according to cloud security author and consultant David S. Linthicum. “Anything that can possibly be accessed from outside – whether enterprise or cloud – has an equal chance of being attacked, because attacks are opportunistic in nature,” he says. In other words, anything that’s connected to the web in some way is a target: one 2012 study by Alert Logic found that web application-based attacks hit both cloud service provider environments and on-site environments almost equally, 53% to 44%.

What matters most is that your IT policy is scoped out by experts who understand what your security needs are. Where your data is stored should be a result of that.

Emptying recycle bin deletes files forever
We all know that you can retrieve an accidentally purged file from your computer’s Recycle Bin or Trash folder, but once you’ve emptied that, it’s gone for good? Right?

No. Very, very wrong. While doing so theoretically frees up space on your computer’s hard drive, it is not a guarantee that the data has in fact been overwritten. Even after multiple wipes, there’s a chance some of your data will remain on your computer in some form – which is why forensic data retrieval experts are sometimes able miraculously to recover precious photos and files from ‘wiped’ computers. In fact, the only really thorough way to wipe a hard drive is to expose it to a magnetic field, or simply burn the whole thing.

For corporations, where factors like data retention and privacy come into play, this is very important. While larger companies will often have best practices in place, employees at smaller companies are still bound by the same laws and may not realise what they are doing. While giving away old computing equipment to charities is an established corporate responsibility practice, you should never give away a hard drive, even if it has been carefully wiped multiple times. Hard drives and other digital devices should be destroyed by a government-approved data destruction service, preferably in the presence of your IT and security staff.

Blocking websites makes employees more productive
Many of us have experienced the sterile, authoritarian efficiency of a heavily-policed office IT admin before, and know almost instinctively which sites are the first to be blocked – time wasters like Facebook, Twitter, YouTube and Buzzfeed. But banning such sites in the hope that you’ll get more work out of your employees, rather than for simple security reasons, is a fallacy. If anything, allowing your staff to use their time as they see fit can be beneficial. A 2013 study by Microsoft and Ipsos MORI found that almost 50% of staff believe social network access actually makes them more productive. It might sound counterintuitive, but study backs this up: a little freedom helps people focus better in the long run.