Your Monthly Biz Tech Roundup from Seeto

Around the world, there are many different new years traditions: singing Auld Lang Syne, pouring molten tin in Finland, munching 12 grapes (one for each chime) in the centre of Madrid or dressing up as a bear and dancing in Moldova. However you chose to ring in the year, Seeto is here to support you and your business in 2023 to make business tech work for you.

In this, the first Take Ctrl of 2023, we’re smashing our new year’s resolution to bring you the business tech news and views you need to know.

We also introduce our new targeted solutions and, in the Seeto Take, Seeto co-founder and resident futurist Mark Ridley gives us a glimpse into our passwordless future; a future that might be closer than you think…

Need To Know

Gen Z workers are not tech-savvy in the workplace

A recent survey commissioned by HP suggests that employers overestimate the tech savviness of younger staff. This is putting younger workers at a disadvantage in the workplace as they may not have the skills they are assumed to have and need to succeed, nor the equipment that more established colleagues may have at home in a hybrid working scenario.

Read the article at WorkLife

LastPass admits summer breach compromised customer data and password databases

Following a breach last summer, where it was believed that attackers had managed only to exfiltrate LastPass source code, LastPass has now informed users that their stored data may be at risk. At the time Seeto advised organisations to review the risk presented by a breach of one or more LastPass vaults. This may now be a reality. LastPass advises users to change all passwords stored in the service.

Although this breach doesn’t paint this password manager in a good light, password managers and identity management tools are nevertheless still a wise investment, as they encourage long, strong and varied passwords. Seeto recommends always enabling MFA where offered and the stronger your master password, the better.

Read the announcement on The LastPass Blog
Read the analysis by Sophos

Will leaky AWS S3 Buckets become a thing of the past?

Has AWS finally cracked the code so that users can’t accidentally make private S3 storage buckets public? Changes coming to the service will simplify permissions and (hopefully) make it significantly more difficult for organisations to inadvertently expose private data to the wider internet.

Read all about it at The Reg

Gmail to introduce end-to-end encryption

End-to-end encryption secures information while it’s transferred between users. Secure email communication is already offered by Google, but this development means that without your secret key, even Google won’t be able to see the content of secure messages. The feature is available in testing for organisations on the following plans: Google Workspace Enterprise Plus, Education Plus, and Education Standard. There’s no news on when it might roll out more widely, but it’s definitely one to watch!

Read the announcement at Bleeping Computer
Apply to join the beta (if on an eligible plan)

Can click, will click phishing emails

New National Cyber Security Centre (NCSC) advice recommends organisations take a multi-layered approach to phishing protection: typical training and blame-heavy approaches are not as effective as they can be. NCSC is now advocating a “defence in depth” approach where technologies and changes to human behaviour are layered to maximise effectiveness.

Read the guidance from the NCSC

Product Showcase

Did you know Seeto offers a range of business tech and cyber security targeted solutions? We’ve packaged our most in-demand services into short-term project packages, each one designed for an immediate impact on your company’s performance, security and reputation. These project-based services target specific urgent business technology and security needs in your organisation.

Security solutions

• Cyber Essentials
• Business Technology Security Diagnosis
• Security Culture
• Securing Remote Workers
• Email Security

For more information about any of the Seeto Targeted Solutions visit our services pages or send a message through the contact form.

The Seeto Take

Passwords to passwordless

Passwords are at the heart of every company’s security. Unfortunately, while passwords worked well to secure a small number of computers in the 1970s, they’re a terrible solution for real humans to use day-to-day in an era where most of our work is distributed across a large number of tools and websites.

We’ve seen some important improvements to help make passwords work easier for actual people. Single Sign On (SSO) companies like Okta have made it possible for people to just remember one password, which then lets them access many linked systems. Two-factor, or multifactor, authentication (2FA or MFA) adds a randomly generated code to your login, so that it’s no longer just a password that you need to know, but also relies on a device, typically your mobile phone, that you have to have.

But, objectively, passwords are still a terrible design for humans who weren’t designed to remember 12 random characters that change every month; they were just the best solution that we had available to us. Fortunately for all of us poor humans, Microsoft, Apple and Google are starting to introduce a new and more secure way of logging in to our apps.

For some time, Microsoft has allowed users to have secure and ‘passwords-less’ login to Windows devices with a feature called Windows Hello. This lets you set a login that doesn’t require a long password – typically a fingerprint, face recognition or a pin code specific to the device. This works with other security methods to ensure the login is more secure than just having a standard password.

Now Google and Apple are joining the password-less club, and passkeys will start to become the standard replacement for passwords for websites and apps. Using a passkey means that we can completely replace the password text box. Instead, our passkey stores a secret. When requested – by a website or an app – the passkey sends the secret and, if it matches, you’re logged in.

Passkeys work just like the physical security keys that you may have seen or used, sometimes known as ‘FIDO authenticators’. These allow us to use our phones, laptops, computers or USB security keys for multi-factor authentication (instead of codes sent by SMS). Just like the FIDO authenticators stored on these devices, passkeys are invisible and integrate with Face ID, Windows Hello, or other biometric readers offered by device makers.

Google’s new support for passkeys is important as it greatly improves the security of apps and websites, and replaces much of the need for password managers. Physical security tokens and features like Windows Hello can also make logging into devices much easier. Finally, the terrible age of the password might be coming to an end.

If you’d like to discuss how you can prepare for passkeys, or use physical security tokens in your company, reach out to the friendly Seeto team using the contact form.

Recent OS Updates

Last updated 3 July 2024

Windows

Microsoft currently supports Windows 10 and Windows 11.

• Windows 10 version 22H2 (10.0.19045)
• Windows 11 version 22H2 (10.0.22621) and version 23H2 (10.0.22631)

macOS

Apple officially supports the following Mac operating systems:

• macOS Sonoma 14.5
• macOS Ventura 13.6.7
• macOS Monterey 12.7.5

iOS and iPadOS

The supported iPhone and iPad operating systems are:

• iOS 17.5.1
• iPadOS 17.5.1

Android

Google supports the following Android operating systems:

• Android 14
• Android 13
• Android 12

Note that your device manufacturer may not support every version that Google produces security fixes for.

Learn how to check and update your Android version here.