CODA.ie | Audio | Design | AI

Tag: Security

  • Ken On Tech: 6 tips for the new year and a digital “detox” that’s good for the soul

    Ken On Tech: 6 tips for the new year and a digital “detox” that’s good for the soul

    Radio life has me doing many things, including a monthly feature called Ken On Tech on The KCLR Daily, KCLR’s mid-morning show presented by Brian Redmond and running 10am-1pm Monday to Friday. You can listen here.

    Today (8 January) is the first feature of the year so I’ve gone to the studio armed with six tech tips for the new year, not explicitly related to radio or podcasting but definitely with much broader appeal and a little challenge to finish things off. These might save you money, save your sanity, and give you a little bit more freedom for the year ahead. Let’s dive in.

    1. Audit your digital subscriptions

    We’re a week into 2024 but when it comes to saving a few quid, any time is a good time to start looking. In terms of subscriptions, especially when it comes to Christmas, there can be a lot of trial signups that lead to ongoing subscriptions, even more so with mobile apps these days that start with a “free trial” that you need to cancel a few days before the billing starts. If you’ve got Amazon Prime, Disney, Paramount+, Netflix and Spotify then you’re potentially shelling out €50-60 a month. Got a PS5 or Xbox with online subscriptions but you’re not gaming online? That could cost you another €150 a year.

    And to bring it back to radio and podcasting, are you paying for podcast hosting or memberships that you’re not using, is there room to let them go? Did you know that using services like Press Reader if you’re a member of your local library could net your newspapers and magazines for free?

    Make a list of all the digital subscriptions you’ve got and you’ll be surprised how quickly they can add up.

    2. Update your passwords

    I’m a stickler for this, especially in the work setting but when it comes to critical accounts like email or banking, social media etc. I’ll look to change passwords often and I’ll use a password manager like 1Password to help generate and store complex passwords. We’re well past the stage in life of using the same password for everything but if you’re still in that boat, I would implore you to start making changes and updates. Biometrics can be handy as well, if you’ve got finger print access or facial recognition for a mobile device, they can add a layer of security without the need to remember complex passwords.

    3. Implement 2FA/MFA everywhere you go

    From a work point of view, this is a must, and if you’re reading this in a position where you manage password or access control, especially for email services, then you really should have 2FA/MFA involved. If you’re unfamiliar with the acronyms, they 2FA stands for ‘two-form authentication’ while MFA stands for ‘multi-factor authentication’. 2FA is a security system that requires two separate, distinct forms of identification to access something (think your standard password, plus a one-time password). MFA requires at least two or more forms of identification (think your standard password, plus a one-time password, plus finger print).

    Google and Microsoft provide authenticator apps for Android and iOS devices. The catch, of course, is that if you use a code generator on your mobile device it means you need your mobile device available in order to access the service you want. That might prove difficult if you’re trying to log into your email on someone else’s computer (as an example) but your phone is dead or you’ve left it behind you. Still, the extra layer of security can save a lot of headaches.

    Learn more about MFA here.

    4. Clean up your inbox

    A cluttered inbox can be overwhelming and if you saw the state of my work account yesterday after a few weeks away it would give you chills. I’ve seen worse, mind, having serviced inboxes with a hefty five to six figures worth of emails left unread, no organisation and unread notices on all devices. You don’t need the hassle or anxiety it can bring so if you’ve got a busy inbox, set aside some time this week to clean it all out.

    Services, like unroll.me (the EU might have a flag on the play for this one), can help unsubscribe from unnecessary newsletters and promotional emails. Email services like Outlook, Gmail etc. provide an infinite amount of rules and tools to help you categorise emails, ship them off to folders, label them and make your inbox more manageable.

    You could also take my approach – get to a point in the year where you just hit ‘select all’ and ‘move to archive’. If it’s important, it will come back. If you don’t need it and haven’t looked in your archive, trash it. A clean inbox is like a clean desk or a freshly-made bed, a thing of beauty.

    5. Review privacy settings in apps

    With frequent updates to social media platforms, especially in an Irish setting thanks to the introduction of GDPR in recent years, it’s worth reviewing privacy settings regularly to ensure the platform’s settings are still in line with your own preferences.

    We’ve seen changes to services from Meta (Facebook, Instagram, WhatsApp), X (formerly Twitter), TikTok and more in recent months about how personal information is being used or garnered through continued use of the service. If you’ve got a lot of historical content on Facebook, for example, did you know that they provide an option to restrict all previous posts to just you, or your friends, and take them (generally) out of the public view? Even that alone might be a good place to start.

    6. Educate yourself on phishing scams and online security

    Working in the radio space it’s very easy for me to say this – don’t become the focus of one of our news stories, especially if it has to do with scams or security. Week-in, week-out, we hear of stories popping up in the news or those that have been reported to local Gardaí where someone has been duped out hundreds or thousands of Euro off the back of taking a fake support call from someone purporting to be Microsoft or Google, or even their bank. It could be a call, it could be an email that looks authentic but is leading you down a path where you may end up giving up personal information and security information like passwords, banking codes etc. Once that information is in the hands of a bad actor, anything could happen and sometimes the worst does.

    Microsoft have some handy tips here on how to spot a phishing email that are well worth a read if you’re unfamiliar with them.

    7. Take a digital detox

    Last one for this month, if you’ve found yourself doom-scrolling over the Christmas break or you can’t get through an episode of something from your soon-to-be-cancelled streaming TV provider without your phone in your hand, maybe it’s time for a digital detox.

    Consider limiting your social media use in the evening and at weekends. Stop oversharing. Be more mindful of your screen time and start engaging in more offline activities like working your way through that pile of books beside your bed since Christmas 2021, spending more time with the family, or go for a meal without your phone. A little less screen time and a little more peace of mind in 2024 isn’t such a bad thing – if nothing else, it’s good for the soul!

    Got your own tips to share? Email ken@kenmcguire.ie and catch the Ken On Tech segment on The KCLR Daily on the first Tuesday of every month.

  • Cybersecurity month: 10 simple tips for safeguarding your radio station from cyber threats

    Cybersecurity month: 10 simple tips for safeguarding your radio station from cyber threats

    Did you know that October is cyber security month in some quarters?

    Whether you’re a national, regional, local or community radio station, cyber security should always be kept on the agenda. Devices can go missing, pet names get used for passwords, programs get installed that shouldn’t and, with the rise of scammers, suspect links and attachments in emails to invoice redirection and outright theft, there’s always something to consider.

    Each year, for the entire month of October in Europe, hundreds of activities around cyber security take place from conferences to workshops, training to webinars and more. It’s all driven by the European Union Agency for Cybersecurity (ENISA) which runs an annual campaign dedicated to promoting cybersecurity among EU citizens and organisations, along with providing up-to-date online security information through awareness-raising activities and the sharing of good practices.

    It sounds like a mouthful, and you can read more about it here, but in essence, it’s a month-long effort to aid the understanding and importance of cyber security for the world we live in today.

    For radio stations, it’s paramount. Think of your internal setup – from remote staff to in-house workers, reception through to sales and commercial departments, news and sports programming to production and advertising. You may be running internal file stores, having countless connected machines from desktop computers to CCTV, your on-air playout system to your online streaming service. You’ve got full-time staff, part-time staff, contractors, swing jocks, cover reporters, work experience students and more – and that might be just on any given day.

    A 48-port network switch.
    A 48-port network switch. Photo: Brett Sayles / Pexels

    Then think of your external setup as the analogue world has shifted to digital. You might have one transmission site, or you might have a dozen. They could be all interconnected, all networked. You’ve got primary links, backup links, AOIP connections, SIP connections and a plethora of hardware and software from many different providers that all have a key job to do in keeping the show on the road.

    While you may not be able to bridge every gap or plan for every scenario, there are some simple things you can do to help improve cyber security hygiene for your radio station. And yes, these tips could be adapted and applied to businesses in all walks of life, but I’m focusing on the radio side of things for the minute.

    Plenty of variables in a connected world, which could mean plenty of opportunities for would-be cyber attackers. So from safeguarding sensitive data to ensuring uninterrupted broadcasts, here are ten quality cyber security tips that you could implement immediately to bolster your radio station’s defences and protect your assets.

    10 simple cyber security tips for radio stations (and other businesses)

    1. Implement robust firewalls

    Every radio station’s IT infrastructure should be shielded by robust firewalls. These act as the first line of defence against external threats, filtering out malicious traffic and preventing unauthorised access. That’s literally what firewalls do – provide a layer of protection from the outside world. Typically a single firewall setup will sit between your internal network and your external connection to the internet.

    All manner of rules and configurations can be implemented to restrict traffic from outside sources, and limit requests to resources from inside (e.g. blocking certain websites or categories of online content). Whether you’re managing a firewall yourself or you’ve engaged the services of a third-party IT or security firm, you should ensure that your firewall hardware and software settings are regularly updated and reviewed.

    2. Secure data storage

    Radio stations handle a plethora of data and information every single day, from listener contacts and queries to commercial contracts and big finance deals, to sensitive employee information and more. It’s vital to store this data securely. Where you can, opt for encrypted storage solutions and consider using cloud services that offer advanced security features and regular backups. Always ask yourself the question – if I lost this data in the morning, how much would it impact my ongoing operations? If the answer is anything more than ‘not at all’, you need to consider your data storage options.

    3. Regularly update software

    In April 2014, Windows XP reached end of life. The extended support for Windows 7 beyond the end of life was reached in January 2023. Windows 10 will reach its end of life in October 2025. Yet there are core systems in radio stations around the world that are still running on dated, unsupported and no longer updated operating systems or running outdated software.

    If you dig deep enough, you may even find it as a requirement of your insurance that you’re required to be running on updated versions of particular software. In the case of Microsoft, regular updates are pushed for Windows 10 and Windows 11 and, while sometimes they introduce headaches when done in the background, they’re provided for a reason – especially OS security upgrades.

    The bottom line, keep essential software up-to-date and in line with your provider’s schedule for updates. Where you’re using other third-party software whether for remote access, scheduling, traffic and advertising, playout or the management of other key hardware and infrastructure, keep up with patch notes from vendors and apply updates regularly.

    4. Establish a strong password policy

    This one’s a simple one and can be applied to any walk of life. There are two areas jumping off the page immediately for this – one is with users logging on to an internal network (also picked up in my next point) and the other is for email and social media.

    A strong password policy can be put in place by domain administrators (assuming your internal network uses a domain) while policies can also be set for Microsoft 365 / Google Workplace accounts for accessing email and other associated online services. For example, please don’t let someone’s password be ‘password’ or ‘abc123’. Consider a strong password policy, that can be enforced, encouraging longer, more cryptic options.

    Tools like 1Password will provide password generators, LastPass too have an online option available here. If you’re only as strong as your weakest link, and that link is your password, it’s an easy one to improve. Equally, if you’re not already using MFA (multi-factor authentication for cloud accounts, remote studio access, email etc) then that’s a move you should be considering.If you’re a Microsoft 365 user, you may have already seen warnings coming about transitioning users from old 2FA methods to authentication apps, or doubling up with a password and an authentication app for additional layers of security.

    5. Limit network access with defined roles for domain users

    This is possibly more of an internal matter than an external matter but if you’ve got all desktops in your radio station on your primary network, and let’s say those desktops have access to shared files, running orders, contact details, show logs and more, that’s a lot of information you’re leaving up for grabs.

    If you don’t have something in place already, consider a separate area, machine or network setup for program preparation that may allow access to the web in general, social media tools or printers. However, a better conversation starts with your network administrator in defining user roles and requirements for those accessing your network. Programming staff shouldn’t need access to commercial shares, your commercial staff shouldn’t need access to technical shares etc.

    Users could be segmented into groups (a news pool, a music pool) with access rights to certain areas of your network restricted based on their role. If everyone has the keys to the castle, who’s really minding the castle?

    6. Encrypt sensitive devices

    Do you have a laptop or network-connected device heading to an outside broadcast? Have a phone passed around the studio as ‘the social phone’? If you’ve got portable devices heading out into the wilds – and that includes station-issued mobile handsets or other IP devices – make sure that there’s a strong level of security in place.

    For Windows-based laptops, look at Bitlocker encryption, for Mac-based options look at enabling FileVault. For mobile phones, you should at the very least have SIM and device logins enabled, whether by PIN, patterns or biometrics (Face ID, fingerprint). Got social accounts running on devices? Consider implementing 2FA/MFA or adding app-specific passwords (a useful feature on Android handsets) to provide an additional layer of security.

    7. Personal device (BYOD) policies

    When it comes to personal devices, my recommendation would be that they stay off-network (or get segmented network access i.e. guest access) and they shouldn’t be used for any station-related work including mails, socials or otherwise.

    If staff or contributors need to work on their own devices for any reason, then you need to consider a BYOD or Bring Your Own Device policy. This would determine how staff, contractors and other users can use their own laptops, smartphones or other personal devices on the company network if they need to access network-stored data to perform their job duties.

    Essentially your radio station owns the data, but you don’t own the devices that are being used to access it. Options on device management, allowing apps to run in a separate partition or profile on a device can be looked at but running a BYOD policy can bring challenges. You may have to offer and provide support for devices that you’re allowing into your network, you have to be able to ensure compliance with policies and procedures (including legal), and you’ve still got to ensure your data is protected.

    If it’s something you’re looking at, this article from the National Cyber Security Centre may shed some light.

    8. Educate staff on phishing threats

    The great unknown when it comes to network security is still the human element. How many times have we heard phone-ins on talk shows discussing bank accounts being emptied, credit cards being charged, and identities being stolen because someone clicked a link in an email?

    Remember the Sony hack in 2014? It might necessitate you inserting warning messages to emails internally on delivery, cautioning staff on opening links and attachments. It may necessitate training days, webinars, or regular briefings or, as with my last point below, engaging with cybersecurity experts to help inform and educate staff.

    Come across something in the news worth sharing with your team? The last thing you’ll want is one of your own team ending up on your morning talk show about how they’ve been scammed or had their Facebook account hacked because they clicked something they shouldn’t have, let alone the greater impact that could pose to your station.

    9. Regular backups

    Nightly, daily, incremental or whole snapshots, the choice is yours. If your radio station was hacked, flooded, struck by lightning or burned to the ground in the morning, could you survive with the loss of data? Or what if someone had clicked a link in a spurious email or opened an attachment they shouldn’t have and suddenly you find you’ve been locked out of vital systems? Imagine your playout was rendered unusable, could you spin it up in the cloud? Or if the building was fine but someone happened to gain entry to your network and delete everything overnight, have you backups in place?

    If the answer is no, or not regularly, then put them on the top of your list. For playout, the likes of Myriad offers automated backup of audio and metadata to Dropbox and One Drive along with replication solutions, while RCS provide a full Disaster Recovery solution for their on-air suite.

    Don’t leave it to chance though, and when you are making backups, try to have them backed up to somewhere other than the machine you’re taking them from. Redundancy counts for a lot.

    10. Collaborate with cybersecurity experts

    You can’t know everything and can’t be expected to know everything, that’s why IT contractors and cybersecurity experts exist. If you’re already working with a third-party provider, turn the conversation from reactive to proactive and open a dialogue about your cyber security options. Talk to them about auditing your radio station’s network and assess weak points, be they hardware, software or human. There’s no silver bullet

    A final word & additional reading

    If you fear you’ve been a victim of a cybercrime or data theft, you should report the incident to your local Garda station and may need to contact the Data Protection Commission.

    This article on the new cybersecurity requirements for the Radio Equipment Directive (RED) is also worth a read to give you an idea of security steps manufacturers will have to take for products in the European market by August 2025. This article too offers a similar breakdown.

    Got a tip to share for other radio stations? Leave it in the comments below.