842710939_d8f092ed9f_b (1)
April 28, 2016
BY 
Why press freedom matters and how tech can help

World Press Freedom Day: Why it Matters and How Tech Can Help

Finland is home to the freest news media in the world, according to Reporters Without Borders. It's fitting, then, that the annual UNESCO World Press Freedom Day conference will be held in Helsinki this year, May 2-4. Freedom of information is a topic that's close to our heart. We were fighting for digital freedom before it was cool - yes, before Edward Snowden. A free press is foundational to a free and open society. A free press keeps leaders and authorities accountable, informs the citizenry about what's happening in their society, and gives a voice to those who wouldn't otherwise have one. Journalists shed light on issues the powers that be would much rather be left in the dark. They ask the tough questions. They tell stories that need to be told. In a nutshell, they provide all of us with the info we need to make the best decisions about our lives, our communities, our societies and our governments, as the American Press Institute puts it. That's a pretty important purpose. But it can also be a dangerous one. Journalists working on controversial stories are often subject to intimidation and harassment, and sometimes imprisonment. Sometimes doing their job means risking their lives. According to the Committee to Protect Journalists, 1189 journalists have been killed worldwide in work-related situations since 1992, when they began counting. 786 of those were murdered. Freedom of the press and digital technology are inextricably intertwined. Journalists' tools and means of communication are digital - so to protect themselves, their stories and their sources, they also need digital tools that enable them to work in privacy. Encrypted email and messaging apps. Secure, private file storage. A password manager to protect their accounts. A VPN to hide their Internet traffic and to access the content they need while they're on assignment abroad. F-Secure at World Press Freedom Day It's because press freedom and technology are so intertwined that it's our honor to participate in this year's World Press Freedom Day conference. Here's how we'll be participating in the program: Mikko Hypponen, Chief Research Officer at F-Secure, will keynote about protecting your rights. Tuesday May 3, 14:00 to 15:45 Erka Koivunen, our Cyber Security Advisor, will participate in a pop-up panel debate on digital security and freedom of speech in practice. Tuesday May 3, 15:45 – 16:15 Sean Sullivan, our Security Advisor, will be on hand to answer journalists' questions about opsec tools and tips. One of our lab researchers, Daavid, will be inspecting visitors' mobile devices for malware. We'll feature our VPN, Freedome.   Check out our Twitter feed on May 3 for livestream of Mikko's and Erka's stage time.                 Banner photo: Getty Images

April 27, 2016
BY 
Internal startups are a way for big companies to innovate and adapt.

Why an Internal Startup Could Be Companies’ New Recipe for Success

AirBNB. Uber. These are but two examples of disruptive startups that are popping up to challenge big organizations' legacy mindsets and business models. Digitalization has completely shaken the world, and companies have two options: adapt to stay in the game, or be left behind in a cloud of dust. But it's hard to turn a big ship around. That's why F-Secure's Harri Kiljander, Janne Jarvinen and Marko Komssi believe that a great way for companies to accelerate innovation is to bring the startup model in-house. They've collaborated with peers from other organizations in a new ebook, The Cookbook for Successful Internal Startups. The book is a practical guide to establishing and running an internal startup. An internal startup, they say, is a great route to cheaper innovation execution and faster time to market. And the three have experience to draw on: F-Secure has developed its VPN product, Freedome, its password manager, Key, and its smart home security device, Sense, all as internal startups. The book pulls together F-Secure's learnings as well as the learnings of other companies who use the model. I caught up with Harri, Janne and Marko to talk about the internal startup scene. What is your definition of a startup? Harri: A startup is an organization that is established to build a new product or a new service under a significant uncertainty. Trying to do something new that doesn't exist yet, and constrained by a lack of established processes or budgets or resources. Janne: To me, a startup is the means to build something new and disruptive, and build it as fast as possible, with the intention of scaling as quickly as possible. You're not trying to make something that just a few people can do for a living, but you're trying to build up a big business quickly from something new. Marko: A startup is an entity that is searching for a scalable, profitable business model. It differs from a company in that a company has already found its business model. Why do you want to encourage big companies to form internal startups? Harri: Big companies are really good at doing old things. An internal startup is great way to introduce new ways of working and to try developing and launching new and better products and services. Janne: All companies want to explore new areas, but in the established organization it's difficult to start something new. With an internal startup, you don't worry about the existing organizational structures. From a company perspective, because the startup is not embedded into the larger organization, it's easier to handle and it's easier to see whether it's producing results. It also gives employees the chance to be involved in something new. How has the internal startup model been beneficial for F-Secure products Freedome and Key? Harri: One of the key elements has been the rapid development and feedback cycle - the classic cycle of build, measure, learn. Build something, release it, gather feedback from users and markets, and then adjust your product, pricing, channels, etc. The more rapid you can make this cycle, the higher the likelihood of being able to generate success. Janne: We built Freedome and Key much faster as internal startups than we would have done in the traditional way. The global launch took place just nine months after the idea, and that's extremely fast. Marko: Freedome was incubated in strategic unit, not the business unit. It had more freedom as it was able to work independently, without being under any existing business pressure. What is the biggest advantage an internal startup has over an independent startup? Harri: The ability to access the big company resources, including free labor and expertise. In a big company there are a lot of experienced people who yes, may be stuck with old ways of working, but they still have lots of experience and know about doing business. Marko: Access to the company lawyers, marketing competence, PR, company name brand, social media channels with established followings, etc. A startup has to pay for everything or get the competence somehow, whereas a big company has it in house. And vice versa, what is the biggest advantage an independent startup has over an internal startup? Janne: It's not constrained by a company's mindset and objectives, so it has more freedom. However, once an independent startup gets financing, the people writing the checks will start to want some control anyway, so in that sense it's not so different from an internal startup. Marko: The feeling of ownership. The independent startup team really feels that they own the idea. With an internal startup you somehow still feel that you are a company employee first. So ownership is weaker in an internal startup and that has an impact. What do you hope people take away from the startup cookbook? Harri: I hope people get a spark of courage to establish this kind of exercise in their own established organization. If they're not sure how to go about it, they are welcome to contact the writers of the book and we might be able to help them. Even big organizations can do things fast if they follow the recipes or principles we outline in the book. Janne: I hope people in large organizations see that they can explore new areas using this model. Our goal is to really help people learn from other companies' experiences so that they don't have to learn everything on their own. Read The Cookbook for Successful Internal Startups The Cookbook for Successful Internal Startups was created by the industrial organizations and research partners of Digile’s Need 4 Speed program. F-Secure is the driver company of N4S and Janne Järvinen leads the N4S consortium. Harri Kiljander is Director of Privacy Protection, Janne Jarvinen is Director of External R&D Collaboration, and Marko Komssi is Senior Manager, External R&D Collaboration at F-Secure.

April 26, 2016
BY 

Latest Posts

Why press freedom matters and how tech can help

Finland is home to the freest news media in the world, according to Reporters Without Borders. It's fitting, then, that the annual UNESCO World Press Freedom Day conference will be held in Helsinki this year, May 2-4. Freedom of information is a topic that's close to our heart. We were fighting for digital freedom before it was cool - yes, before Edward Snowden. A free press is foundational to a free and open society. A free press keeps leaders and authorities accountable, informs the citizenry about what's happening in their society, and gives a voice to those who wouldn't otherwise have one. Journalists shed light on issues the powers that be would much rather be left in the dark. They ask the tough questions. They tell stories that need to be told. In a nutshell, they provide all of us with the info we need to make the best decisions about our lives, our communities, our societies and our governments, as the American Press Institute puts it. That's a pretty important purpose. But it can also be a dangerous one. Journalists working on controversial stories are often subject to intimidation and harassment, and sometimes imprisonment. Sometimes doing their job means risking their lives. According to the Committee to Protect Journalists, 1189 journalists have been killed worldwide in work-related situations since 1992, when they began counting. 786 of those were murdered. Freedom of the press and digital technology are inextricably intertwined. Journalists' tools and means of communication are digital - so to protect themselves, their stories and their sources, they also need digital tools that enable them to work in privacy. Encrypted email and messaging apps. Secure, private file storage. A password manager to protect their accounts. A VPN to hide their Internet traffic and to access the content they need while they're on assignment abroad. F-Secure at World Press Freedom Day It's because press freedom and technology are so intertwined that it's our honor to participate in this year's World Press Freedom Day conference. Here's how we'll be participating in the program: Mikko Hypponen, Chief Research Officer at F-Secure, will keynote about protecting your rights. Tuesday May 3, 14:00 to 15:45 Erka Koivunen, our Cyber Security Advisor, will participate in a pop-up panel debate on digital security and freedom of speech in practice. Tuesday May 3, 15:45 – 16:15 Sean Sullivan, our Security Advisor, will be on hand to answer journalists' questions about opsec tools and tips. One of our lab researchers, Daavid, will be inspecting visitors' mobile devices for malware. We'll feature our VPN, Freedome.   Check out our Twitter feed on May 3 for livestream of Mikko's and Erka's stage time.                 Banner photo: Getty Images

April 27, 2016
Internal startups are a way for big companies to innovate and adapt.

AirBNB. Uber. These are but two examples of disruptive startups that are popping up to challenge big organizations' legacy mindsets and business models. Digitalization has completely shaken the world, and companies have two options: adapt to stay in the game, or be left behind in a cloud of dust. But it's hard to turn a big ship around. That's why F-Secure's Harri Kiljander, Janne Jarvinen and Marko Komssi believe that a great way for companies to accelerate innovation is to bring the startup model in-house. They've collaborated with peers from other organizations in a new ebook, The Cookbook for Successful Internal Startups. The book is a practical guide to establishing and running an internal startup. An internal startup, they say, is a great route to cheaper innovation execution and faster time to market. And the three have experience to draw on: F-Secure has developed its VPN product, Freedome, its password manager, Key, and its smart home security device, Sense, all as internal startups. The book pulls together F-Secure's learnings as well as the learnings of other companies who use the model. I caught up with Harri, Janne and Marko to talk about the internal startup scene. What is your definition of a startup? Harri: A startup is an organization that is established to build a new product or a new service under a significant uncertainty. Trying to do something new that doesn't exist yet, and constrained by a lack of established processes or budgets or resources. Janne: To me, a startup is the means to build something new and disruptive, and build it as fast as possible, with the intention of scaling as quickly as possible. You're not trying to make something that just a few people can do for a living, but you're trying to build up a big business quickly from something new. Marko: A startup is an entity that is searching for a scalable, profitable business model. It differs from a company in that a company has already found its business model. Why do you want to encourage big companies to form internal startups? Harri: Big companies are really good at doing old things. An internal startup is great way to introduce new ways of working and to try developing and launching new and better products and services. Janne: All companies want to explore new areas, but in the established organization it's difficult to start something new. With an internal startup, you don't worry about the existing organizational structures. From a company perspective, because the startup is not embedded into the larger organization, it's easier to handle and it's easier to see whether it's producing results. It also gives employees the chance to be involved in something new. How has the internal startup model been beneficial for F-Secure products Freedome and Key? Harri: One of the key elements has been the rapid development and feedback cycle - the classic cycle of build, measure, learn. Build something, release it, gather feedback from users and markets, and then adjust your product, pricing, channels, etc. The more rapid you can make this cycle, the higher the likelihood of being able to generate success. Janne: We built Freedome and Key much faster as internal startups than we would have done in the traditional way. The global launch took place just nine months after the idea, and that's extremely fast. Marko: Freedome was incubated in strategic unit, not the business unit. It had more freedom as it was able to work independently, without being under any existing business pressure. What is the biggest advantage an internal startup has over an independent startup? Harri: The ability to access the big company resources, including free labor and expertise. In a big company there are a lot of experienced people who yes, may be stuck with old ways of working, but they still have lots of experience and know about doing business. Marko: Access to the company lawyers, marketing competence, PR, company name brand, social media channels with established followings, etc. A startup has to pay for everything or get the competence somehow, whereas a big company has it in house. And vice versa, what is the biggest advantage an independent startup has over an internal startup? Janne: It's not constrained by a company's mindset and objectives, so it has more freedom. However, once an independent startup gets financing, the people writing the checks will start to want some control anyway, so in that sense it's not so different from an internal startup. Marko: The feeling of ownership. The independent startup team really feels that they own the idea. With an internal startup you somehow still feel that you are a company employee first. So ownership is weaker in an internal startup and that has an impact. What do you hope people take away from the startup cookbook? Harri: I hope people get a spark of courage to establish this kind of exercise in their own established organization. If they're not sure how to go about it, they are welcome to contact the writers of the book and we might be able to help them. Even big organizations can do things fast if they follow the recipes or principles we outline in the book. Janne: I hope people in large organizations see that they can explore new areas using this model. Our goal is to really help people learn from other companies' experiences so that they don't have to learn everything on their own. Read The Cookbook for Successful Internal Startups The Cookbook for Successful Internal Startups was created by the industrial organizations and research partners of Digile’s Need 4 Speed program. F-Secure is the driver company of N4S and Janne Järvinen leads the N4S consortium. Harri Kiljander is Director of Privacy Protection, Janne Jarvinen is Director of External R&D Collaboration, and Marko Komssi is Senior Manager, External R&D Collaboration at F-Secure.

April 26, 2016
Why Hackers Love your LinkedIn Profile

An employee opens an attachment from someone who claims to be a colleague in a different department. The attachment turns out to be malicious. The company network? Breached. If you follow the constant news about data breaches, you read this stuff all the time. But do you ever wonder how hackers get otherwise smart, professional people to fall for their tricks? How do they know who to email? What to say to get their victim to fall prey? Where do they get the information that gives them a foothold into an organization? The answer is so simple, and just makes too much sense: LinkedIn. Recon made easy The first phase of any targeted hacking scheme is the reconnaissance phase - where the hacker gathers information about the company, employees, their job titles, email addressses, etc. What better place to start than LinkedIn? "LinkedIn is a treasure trove of easily accessible personal information and company IT data," writes penetration tester Trevor Christiansen. "Unbeknownst to most of the employees who post their information on LinkedIn, any hacker looking to wreak havoc on a company’s highly sensitive, business-critical data could find his or her point of entry using this ubiquitous business networking forum." White hat hackers (the good guys) like Christiansen use LinkedIn to gather information too, albeit with a different end purpose in mind - to test and improve an organization's security. F-Secure CEO Christian Fredrikson described two such exercises performed by F-Secure's ethical hacking team in his recent keynote at CeBIT. In one exercise, the hackers targeted employees who mentioned mainframe-related info in their profiles. In the other, they targeted source code developers. So, exactly how do hackers, good and bad, use LinkedIn to gain a foothold into company they intend to hack? Our own white hat hacker, Knud in F-Secure's Cyber Security Services team, describes a common scenario. "You just search for employees working at a target company via the standard LinkedIn interface," he says. "Now, armed with a list of names, you can start Googling them until you find a company email address." Now, he says, you have the email format used in the company. For example, firstname.lastname@company.com. "Shoot off an email to a few random employees asking something stupid like 'Bob, is that you? Long time no see,'" he continues. "With a bit of luck, someone will reply and you'll have the corporate signature. With the corporate signature, plus names, positions and job descriptions people helpfully put on LinkedIn, you can start spoofing internal emails." Building rapport for social engineering Knud points out that the more information people share in their profiles, the easier it is to build rapport. "For example, someone lists their graphic design skills. So you send an email that reads, 'Due to your experience with icon design and great layout skills, I wonder if you have time to take a quick look at something we are working on in <other department>; see attached (malicious) document and get back to me." To gain even more information, a hacker can create a fake profile and then connect with the employee. This gives them greater access to contact details and the person's network. Combined with information gleaned from Facebook or other social networks, such as interests and hobbies, hackers can get a pretty full picture of the employee they intend to target, enabling them to sharpen their spear even more. The best defense So what's an employee to do, scrub your profile of all but the most basic info? Decline to list your employer? Such suggestions would seem to defeat the purpose of LinkedIn, where profile information can hopefully lead to networking opportunities. Companies in turn appreciate the promotion they get via their employees on LinkedIn. Luckily, F-Secure Security Advisor Sean Sullivan doesn't believe self-censorship the answer. "It's not really the problem of the employee to limit what they write on LinkedIn," he says. "A security-minded organization should have a policy that states that employees should be mindful." Indeed, the best weapon against these types of attacks is employee awareness. Your information may be available on LinkedIn, but if you're are aware of the ways hackers exploit that info, you'll be less likely to fall for tricks. Employer-sponsored education on social engineering tactics would help employees learn to be suspicious of any communication that seems even the slightest bit off. Hackers may love LinkedIn, but only as long as it gets them where they want to be. To head them off, awareness is key.     Image courtesy of Mambembe Arts & Crafts, flickr.com

April 22, 2016
Facebook videos

Many of you have seen them. And some of you have no doubt been victims too. Malware spreading through social media sites, like Facebook, is definitively something you should look out for. You know those posts. You raise your eyebrows when old Aunt Sophie suddenly shares a pornographic video with all her friends. You had no idea she was into that kind of stuff! Well, she isn’t (necessary). She’s just got infected with a special kind of malware called a social bot. So what’s going on here? You might feel tempted to check what “Aunt Sophie” really shared with you. But unfortunately your computer isn’t set up properly to watch the video. It lacks some kind of video thingy that need to be installed. Luckily it is easy to fix, you just click the provided link and approve the installation. And you are ready to dive into Aunt Sophie’s stuff. Yes, you probably already figured out where this is going. The social bots are excellent examples of how technology and social tricks can work together. The actual malware is naturally the “video thingy” that people are tricked to install. To be more precise, it’s usually an extension to your browser. And it’s often masqueraded as a video codec, that is a module that understands and can show a certain video format. Once installed, these extensions run in your browser with access to your social media accounts. And your friends start to receive juicy videos from you. There are several significant social engineering tricks involved here. First you are presented with content that people want to see. Juicy things like porn or exposed celebrities always work well. But it may actually be anything, from breaking news to cute animals. The content also feels safer and more trustworthy because it seems to come from one of your friends. The final trick is to masquerade the malware as a necessary system component. Well, when you want to see the video, then nothing stops you from viewing it. Right? It’s so easy to tell people to never accept this kind of additional software. But in reality it’s harder than that. Our technological environment is very heterogeneous and there’s content that devices can’t display out of the box. So we need to install some extensions. Not to talk about the numerous video formats out there. Hand on heart, how many of you can list the video formats your computer currently supports? And which significant formats aren’t supported? A more practical piece of advice is to only approve extensions when viewing content from a reliable source. And we have learned that Facebook isn’t one. On the other hand, you might open a video on a newspaper or magazine that you frequently visit, and this triggers a request to install a module. This is usually safe because you initiated the video viewing from a service that shouldn’t have malicious intents. But what if you already are “Aunt Sophie” and people are calling about your strange posts? Good first aid is going to our On-line Scanner. That’s a quick way to check your system for malware. A more sustainable solution is our F-Secure SAFE. Ok, finally the poll. How do you react when suddenly told that you need to download and install software to view a video? Be honest, how did you deal with this before reading this blog?   [polldaddy poll=9394383]   Safe surfing, Micke   Image: Facebook.com screenshot      

April 22, 2016
defenders days, human rights, digital freedom

When 200 human rights defenders from all over the world gather in Stockholm for Defenders' Days, it's our honor to hop a quick flight from Helsinki to join them. These activists handle highly sensitive information that exposes political corruption, reveals the unlawful conduct of authorities and otherwise threatens the powers that be. This puts their freedom at risk and opens their friends, families and allies up to threats and retaliation. Often these civil liberties advocates become the target of governmental surveillance -- a terrifying position to be in, even in a country that's supposed to enforce democratic norms. Some of the attendees of the conference weren't even officially "there" because of restrictions on them by their governments, which forces them to keep any evidence of their visit to Sweden a secret. Many of these brave people have been jailed for their cause, which may be as simple as fighting for the right to criticize their own leaders. Here are just a few examples of the kind of obstacles these everyday heroes face. I met a 39-year old Cuban activist who was traveling and being out from his country for the first time in his life. Everything in his hotel room from the bathrobe to the facilities blew his mind. Not only is his life spent in abject poverty, the police often arrest and jail him as he organizes in the name of free expression. This is why digital freedom and the right to be online is so crucial for the expansion of human rights. The ability to connect is a constant threat to entrenched power that depends on squelching rights. Internet access in Cuba is extremely restricted, costing as much as $2 per hour to get online. Imagine the cost of that given most of us spend nearly all of our waking life online. Now imagine your entire monthly salary is only $20. In Uganda, the government seems to want to shut down all social media platforms, fearing an "Arab Spring" like uprising that could threaten the dictatorship. Our Cyber Security Advisor Erka Koivunen -- who spent a decade working on cyber security response for the Finnish government -- gave a keynote that described the digital law enforcement advances western countries have built under the premise that they will only be deployed against citizens lawfully. But without proper oversight, these tools can be used for mass surveillance, especially when exported to third-world countries and undemocratic states. Watch Erka's talk about what activists need to know about the creeping digital power of states: https://www.youtube.com/watch?v=Tf7chaZusns&feature=youtu.be "The fact that oppressive governments so desperately seek to limit access to internet and services in foreign countries only serves to confirm how much they fear the freedom of speech," Erka explained. "They know that they would not hold a chance if people would know better and could organize opposition." But there is "light at the end of the tunnel," Erka told the activists. Technology got us into this mess and it can get us out. "Never in the history of mankind have we had access to such good encryption, this cheap (free!) and with such ease of use," he said. "Make good use of it to counter unreasonable invasions of privacy and even threats to your personal well-being and that of your loved ones." The audience, especially African representatives, had a lot of questions for Erka. They wanted to know whom to trust and how to find reliable security. Erka emphasized that proper opsec takes into account both the ethics of the company, as well as regulations of the country you choose your partner from. As citizens of the internet, our freedom is threatened anywhere connectivity is limited in the name of preserving power. It was our honor to meet with these women and men who have devoted their lives to defending the rights we all deserve.

April 20, 2016
Spring clean your PC and Android devices

The sun is out, the days are longer, and flowers are blooming. Spring has sprung - and with it, the perfect inspiration for cleaning, organizing, and getting rid of clutter. Whether or not you tackle your home this spring, at least take care of cleaning your PC and mobile devices - they need it too. Over time, computers and devices get bogged down by use and cluttered up with files you don't really need. This built-up junk makes them slow and unstable. Often people think they need to go buy a new device, when actually they just need a tune-up. With a little optimizing, you can get your old device running like new again. Here are the top three ways a good spring cleaning will help you get more out of the life of your device. 1. More space Are you running low on space on your device? No matter how much disk space a device has when it's new, over time it starts to run out. Apps, app data, large media files, downloads, and other unused user data start to litter your device. You might find your device is out of space for your photos, or you can't install any more apps. Cleaning up this excess junk will free up space for the content that you really want. 2. Faster performance Is it taking too long for your PC or phone to boot up? Too many processes running in the background that are dragging down your gaming or media experience? If your device is running slow or if apps are taking too long to start up, you could use an optimization for faster start-up times, browsing, file operations, and making your apps run smoother. 3. Better battery life Wouldn't it be nice if your batter would last a little longer? Your device's battery gets consumed by unnecessary apps and processes. By closing those out, you can extend your battery life so you don't need to plug in as often. Now, for the cleanup. There are some easy things you can do to get a cleaner, faster, more efficient device that's got space for the content you care about. Here are some easy steps: Photos and videos are some of the biggest space takers. You can free up a lot of space just by going through and individually deleting out the photos you don't want or need anymore from your gallery. Or you can back all of them up to another hard drive or cloud service, then remove them from your device altogether. Uninstall apps you don't use (Be strong! If you really need it down the road, you can always install it again). Open your Downloads folder and check what's there - chances are there's a lot of stuff you don't need anymore that you can delete. Clear your cached data from apps and browsers. This data is saved to enable quicker processing, but over time it all adds up and bogs your system down. Tip: Aside from the photos and videos, the quickest, easiest way to take care of the above items is to run a free cleaning with F-Secure Booster. It will get rid of all the old trashed files, temporary and log files and unused user data, to free up space for the stuff that really matters. The PC version of F-Secure Booster even has a software update tool to make sure all critical software and driver updates are taken care of. Ah, the beauty of spring...when everything old is new again!  

April 19, 2016