Microsoft has sunk a white cylinder which has computers inside in order to find out if it could improve energy efficiency by cooling the computers. This would reduce the cost of cooling them if they were out of water.
If the trial proves successful, it could remain there for five years, and more cylinders will be added.
Ben Cutler, the leader of this project named Natick, says it could also help reduce computer issues “Additionally because there are no people, we can take all the oxygen and most of the water vapour out of the atmosphere which reduces corrosion, which is a significant problem in data centres."
The cylindrical capsule contains just 12 computer server racks which although just a small amount, still have enough storage to hold millions of films. It was built by a French ship making company, Naval, where the computer racks were put inside, before being shipped to Orkney.
The computers are powered using an underwater cable supplied by the European Marine Energy Centre, EMEC, which connects the capsule to the internet at the shore.
It was because of EMEC’s location and knowledge, as well as the internet connectivity coverage of Orkney which lead to Microsoft choosing this location. A Microsoft spokesperson explained that “More than half of the world’s population lives within about 120 miles of the coast”
“By putting data centres in bodies of water near coastal cities, data would have a short distance to travel to reach coastal communities, leading to fast and smooth web surfing, video streaming and game playing as well as authentic experiences for AI-driven technologies.”
The worries surrounding excessive energy use due to the extremely quick growth of data centres having been increasing more in recent months.
A representative of Tech UK, Emma Fryer, says that these concerns are over-stressed, “What's happened is we've had the benefit of Moore's Law,"
"We've been able to deal with explosions of data with only a small increase in the energy used."
On the topic of Project Natick, Fryer labels this type of thinking as radical, agreeing that locating such data centres by or in the sea is beneficial due to the fact “50% of the world’s population live near the coast.”
However, data consultant Professor Ian Bitterlin disagrees, stating that this would affect the environment, eventually resulting in “warmer sea and bigger fish.”
He also raises the point that 90% of European data centres are in main cities, due to the fact they are most needed in these locations due to the likes of businesses, rather than for the purpose of internet access.
Natick manager Cutler reassures that water would only increase in temperature by “a few thousandths of a degree”, and that the environmental benefits will outweigh the negatives.
Which? (the consumer rights people) have gone public about what appears to be some fairly large numbers of complaints that they have received about Microsoft’s new Windows 10 OS.
Windows 10 was released in July 2015 as a free upgrade for one year and was designed to run across laptops, desktop computers, smartphones and Microsoft's augmented reality headset HoloLens.
Upgrade Caused Issues Leading to Complaints
As an IT Support Company in Hertfordshire we have had many enquiries from customers relating to Windows 10, particularly during the phase (up until July) when the free upgrade was being offered.
Which? has said that (in hundreds of complaints received) the upgrade caused various issues including files being lost, emails no longer working properly and issues with printing and Wi-Fi.
What could be seen as even more galling than launching faulty software, is the fact that many users had their operating systems upgraded to Windows 10 without their intent or consent.
i.e. Windows 10 was simply installed without their permission or request.
As an IT Support Company in Hertfordshire we have heard of some people experiencing problems after the Windows 10 upgrade so it is interesting to read about the reports that Which? have received.
Which? (the consumer rights people) have been public about complaints they've received, plus their findings of a survey, in which over 5,500 members were polled back in June of this year. Of those surveyed, about 300 (of the 2,500 that had upgraded to Windows 10) had gone on to install a previous version of Windows.
In many cases, users had to fork out to have their computer repaired. Famously, one Californian woman, Teri Goldstein, was awarded $10,000 when she sued for problems arising from the forced upgrade.
Microsoft Defends Itself.
Keen to deflect further criticism, Microsoft reminded people that it provides help both online and via phone.
A Microsoft spokesperson said "Customers have distinct options. Should a customer need help with the upgrade experience, we have numerous options including free customer support."
"The Windows 10 upgrade is a choice designed to help people take advantage of the most secure and most productive Windows," continued the spokesman.
However, Alex Neill from Which? said "There have also been complaints about poor customer service from Microsoft when users contacted the company about the problems they are having.
We rely heavily on our computers to carry out daily activities, so, when they stop working, it is frustrating and stressful. Many people are having issues with Windows 10, and we believe Microsoft should be doing more to fix the problem".
It doesn't stop there; in August, a Windows update disabled millions of webcams which prompted a Microsoft engineer to admit they done a "poor job" of alerting people.
The French Data Authority caused more consternation when it proclaimed in July that Windows 10 was "gathered an excessive amount of personal data" about users.
The general consensus from some media commentators is that Windows 10, whilst far from perfect is nevertheless still better than Windows 8, which would hardly seem to be an accolade.
What Does This Mean For Your Business?
The majority of us use a Windows-based operating systems when conducting our daily work.
Microsoft appears to be increasingly belligerent when it comes to upgrading its software and as a consequence, we can perhaps justifiably feel aggrieved and threatened when the annoying nag-ware repeatedly asks us to upgrade.
It would make sense to discuss upgrade issues with your trusted IT personnel (some people prefer to downgrade) and ascertain which settings can be changed to reduce or eliminate the data collected by Microsoft. Ensure - in advance - that key operating software and devices will continue to work properly when upgrades occur and ensure you can "roll-back" to a previous version if necessary.
Security commentators, the U.S. Senate and the public have all reacted with shock over Yahoo’s recent announcement that a hack of its systems back in 2014 led to the details of 500+ million users being stolen.
As an IT Support Company in Hertfordshire we have of course heard examples and details of several high profile IT security breaches but the sheer numbers affected by the Yahoo hack are staggering.
Back in 2014 Yahoo fell victim to what it has described a "state sponsored attack", but it is not until now that the sheer scale of the attack has been announced.
Marissa Mayer (The current CEO) had failed to turn the company around (despite various initiatives and acquisitions) and so the decision was made to sell the core business to web giant Verizon for $4.83 billion in July. This deal, which had not been finalised, could now be less certain given the latest bombshell, not least of which is the public outcry at Yahoo's apparent lack of regard towards security.
There are reports that Yahoo knew about the issue well before the deal was brokered to Verizon, prompting calls for a formal investigation.
As an IT Support Company in Hertfordshire we know that as well as the duty that your company has to protect any stored data of its staff, customers and stakeholders there is also the need to comply with data protection and other laws.
Yahoo is now facing a lawsuit from a New York man, Ronald Schwartz, over the 2014 data breach. The company has been accused of gross negligence and the lawsuit is on behalf of those people affected in the United States.
Compensation (for 'unspecified damages') is being sought for “reckless disregard for the security of its users’ personal information that it promised to protect”.
This is a bitter blow to the company which has already had a hard time maintaining confidence in recent years despite various CEOs being brought in to try and save the demise of the one-time paragon company.
What Does This Mean For Your Business?
Whilst there are a number of issues of concern here, the salient points that can be drawn are that even blue-chip household names like Yahoo can be hacked and have your details exposed.
Moreover, it seems that (incredibly) these leviathan corporations can - and do - report their breaches well after the event, wittingly or otherwise.
This means that you may have been compromised and not know it until months (or even years) after the event which just goes to show that regularly updating passwords and maintaining a disaster recovery plan are essential, at the very least.
Maintaining an evolving security schedule/policy is essential and all staff or persons with access to your online data need to be regularly trained and updated.
Police in Melbourne (Victoria) have issued a warning after deliberately infected USB sticks led to household computers being left vulnerable to cyber criminals.
As an IT Support Company in Hertfordshire we are well aware of the dangers of sharing USB sticks between different computers and of what can happen if computers and storage media aren’t scanned for malware.
In the case of the incident in Melbourne the perpetrators left deliberately infected USB sticks in places for unsuspecting members of the public to find and then take home or to work to try on their computers. The (unmarked) devices contained a range of malware, including rogue media-streaming services.
Once connected to the victim’s computer it becomes infected and spread malware to others. It's relatively easy for the infected computer to show no outwards signs of being infected, making the hack even more pernicious.
As an IT Support company in Hertfordshire we know that this method of spreading malware is thankfully rare. This is partly due to the cost of the devices and relative expense in distribution compared with (say) phishing emails. Where this vector of attack is employed, businesses are the usual target due to the greater potential rewards for expenditure.
The number of people willing and/or ignorant of the risks associated with inserting unknown devices onto their computers is surprisingly high as a study conducted by the University of Illinois discovered earlier this year. In their experiment, they strategically placed 297 USB sticks around the university campus and were shocked to discover that between 45% and 98% of the sticks would have successfully infected computers (had they actually contained malware).
This lack of care with regards to USB drives extends beyond college students as evidenced in the well-publicised case involving the attack on an Iranian nuclear plant, subsequently affecting their uranium centrifuges. It is understood that (incredibly) a powerful virus known as Stuxnet was recently left on a USB stick which was then deployed within the Iranian nuclear facility.
What Does This Mean For your Business?
The message here is simple. Be very careful when considering introducing unknown devices onto your machine or network, for obvious reasons.
What is less obvious is that even new devices, in full packaging, from high street shops may also be a security risk. Given the "number of hands" they change through from manufacturer through various distributors until they eventually reach the high street, malware can potentially be introduced at any stage.
Whilst no specific retailer is being mentioned in this context, the advice remains the same; be very careful when introducing new or unknown devices to your network and if in doubt, ask your security expert to verify it for you.
The Blockchain technology that is currently at the heart of the Bitcoin cryptocurrency is thought to be so important that the technical challenges of adapting it for use elsewhere can be overcome and will lead to its use on a much wider scale.
As an IT Support Company in Hertfordshire we know how important effective systems that allow collaboration can be in supporting business activities. One of the big advantages of Blockchain is that it Its allows mass collaboration. It also has the advantages of constantly being updated and reconciled so it's always current, and it has security and reliability hard coded into it through the use of the Blockchain ‘trust protocol’.
Blockchain itself can best be described as open and programmable technology that can be used to record transactions for virtually anything of value that can be converted to code from finances to accounts, votes, insurance claims, and important documentation like marriage / birth / death certificates. It is a kind of incorruptible, distributed ledger.
Bitcoin is a digital currency that uses the Blockchain technology at its core. Bitcoin operates without the need for central banks and uses highly secure encryption to regulate the currency units and to verify transfers of funds.
As an IT Support Company in Hettfordshire we are no stranger to the challenges that using and adapting new technology can create. In order for the Blockchain technology to reach its true potential going forward, technical commentators have noted that it faces several quite complex challenges. These include:
Work to find a way to connect the different Blockchains is already under way.
What Does This Mean For Your Business?
The days when businesses can buy, sell and transfer funds quickly and easily anywhere in the globe are now not far off thanks to the development of the Blockchain technology. If the technological challenges of finding ways to make an all-purpose Blockchain can be met, businesses will be less reliant on big banks and will be able to use new financial systems that are flexible, interoperable, secure, and convenient.
Cyber Crime figures are still too high and in an apparent attempt to encourage website owners to adopt the more secure HTTPS protocol Google’s Chrome browser will now be a displaying a red ‘X’ on top of the lock in the address when you visit a HTTP (unenencrypted) website.
Reason: To Show That HTTP Provides No Data Security.
As an IT Support Company in Hertfordshire we have seen a huge rise in the use of cyber crime methods such as malware and DDoS attacks in recent times. From a user’s point of view it’s likely therefore to be good news that a browser has opted having built-in measures to improve security. This move by Google hopes to highlight the issue of improving web security in the future by encouraging, in this case using a shaming tactics, a move to encrypting and secure serving of websites over HTTPS rather than settling for the old, traditional, now less secure protocol of HTTP.
The main goal of the Google Chrome change is therefore to show that when you visit a website with HTTP in the address bar there is no data security. The red ‘X’ symbol will replace the current ‘white page’ symbol that is displayed when you visit a HTTP website using Google Chrome.
Why is HTTP Less Secure Than HTTPS?
Where the traditional HTTP protocol is used when serving web pages it is possible for someone to snoop on the connection and therefore potentially steal passwords or other sensitive and potentially valuable data.
Where the HTTPS protocol is used to serve web pages there is the added security measure of encryption in place. Your connection can’t be snooped upon or hijacked e.g. to insert malware.
As well as protecting your data, HTTPS also ensures that the website you’re connecting to is the genuine website and not one set up by an imposter. This is particularly important in today’s online environment where fraud is prevalent and fake websites are often used in cyber crime such as phishing attacks.
Expected For Some Time.
Many technology experts and commentators have been vocal in their approval of this change to Google Chrome which has broadly been hailed as a bold and overdue move in the right direction for web users.
The move by Google had been expected; back in 2014 at its conference, it made public its opinion that HTTPS should be everywhere.
See The Change.
You can see the change in Google Chrome by typing “chrome://flags” into your Google Chrome browser, going to “mark non-secure as” and selecting “mark non-secure origins as non-secure”.
What Does This Mean For Your Business?
If your business is already using HTTPS for your website then this is good news as the more than 1 billion Google Chrome users will be able to see that your website is secure and you will therefore have a greater chance of converting those visitors into customers rather than losing them from the site. It could also mean more positive perceptions of your website and perhaps another source of competitive advantage if your competitor’s website is HTTP.
If your website is not using HTTPS there are of course cost implications in purchasing an SSL Certificate. As Web and Google Chrome users this change is good news as it gives us all opportunity to take more security precautions at a time when cyber crime levels are very high.
Picking up your packages from Amazon is about to get easier if you live near a Morrisons Stores as Amazon Lockers are about to be installed in them
Have Worked Well So Far.
As an IT Support Company we know that how quickly and easily customers are able to have access to our services is important to them. Having a great distribution / delivery strategy in any business can be an important source of competitive advantage. 1000 or so Amazon lockers are already installed in stations, airports, convenience stores, shopping centres and universities worldwide, and they have been shown to work well, hence the stepping up of this part of the distribution strategy.
How Amazon Lockers Work.
When customers order goods from Amazon online, instead of the goods being delivered to home the customer can choose a convenient nearby collection point. One of the biggest advantages for customers is that they don’t have to wait in to receive their parcels but can pick them up on the move, at their convenience from a secure and trusted location.
When the Amazon parcel has been delivered to the Amazon Locker, the customer receives an email or text that contains a code (the email also contains a bar code). The customer then goes to the locker and enters the code or scans the barcode in order to retrieve the parcel.
New Delivery Channel For Amazon.
As an IT Support Company in Hertfordshire we know how important the delivery aspect of any product or service is, and for Amazon the new deal with Morrisons means that they can expand their Locker scheme through a valuable new delivery channel. There will also be some brand strengthening benefits.
Morrisons Bring More Customers To Stores.
Morrisons have had a rough ride in recent times as they were reported to have been late entries into the supermarket online retailing game, and like Asda, Tesco and Sainsbury’s, they have seen the profits trimmed by German discounters Aldi and Lidl. The Amazon Locker scheme is therefore, one way to bring more customers into their stores.
Other third party partnerships that Morrisons have introduced into their stores this year for the same reason include Timpson (dry cleaning, key-cutting and shoe repair). This is also in keeping with the ‘market’ theme that runs through Morrisons stores and the idea that the stores become valuable hubs.
What Does This Mean For Your Business?
This story illustrates how online businesses are refining and differentiating themselves in terms of their distribution to achieve the best possible experience and convenience levels for the customer (remember the much-publicised drone parcel delivery tests too). As well as providing a ‘hard to copy’ competitive, the Locker idea also links in with the omni-channel approach that leading online businesses are adopting i.e. using a variety of channels to provide a seamless and more convenient shopping experience to the customer.
Crowdfunding fundraising volume has grown to the point where it is now estimated to be worth over $34 Billion. Could this popular way of raising funds for products and projects be something that your business could use, and if so how easy is it?
How Crowdfunding Works.
As an IT Support Company in Hertfordshire we know that one of the main barriers to bringing tech company ideas to life is where to get the funding.
Crowdfunding involves using a specially designed Crowdfunding online platform to enable you to raise funds from investor donations for a project or product in return for e.g. being first to get the product, access to unique / personal / special products, equity in your company, preferable / special rates for products and services.
Different Crowdfunding Platforms For Different Needs and Markets.
It’s not just tech companies that need funding for projects of course, and as an IT Support Company in Hertfordshire our customers come from many different industries. There are also many different Crowdfunding platforms to choose from and each has a different application.
For example, some of the most popular Crowdfunding platforms include:
Making it Easier.
One of the main things to remember about Crowdfunding is that it shouldn’t be the first part of the process. If you’re thinking about Crowdfunding you will need to have done a great deal of work and planning before considering asking people for money. Here are 10 important pointers to help you to achieve Crowdfunding success:
What Does This Mean For Your Business?
In an economic climate where attracting investment and getting funding is more challenging, Crowdfunding presents your business with another opportunity to raise funds for projects and products. Remember that you will need to have done the thinking and planning about the project and its management before setting up the campaign and you will need to devote time to communicating with (and keeping good relationships with your investors), as well as preparing adequately for the possibility of real success.
With cyber crime levels high and businesses looking for ways to stay as many steps as possible ahead of the cyber criminals, Mozilla now gives businesses the chance to check the security levels of their webservers with a free online tool.
Why Build It?
As an IT Support Company in Hertfordshire we know how many businesses in the UK are now prioritising the issues of data and cyber security in order to avoid falling victim to the increasingly prevalent cyber attacks.
Symantec’s figures for example show that the UK is now the most targeted nation in the world for spear phishing attacks and social media scams and ranks second only to Germany for ransomware attacks.
Akamai figures show also that there was a huge increase in the first quarter of 2016 in distributed denial-of-service (DDoS) attacks. These attacks frequently overwhelm web servers and consequently bring down business websites.
With these kinds of threats in mind, Mozilla built a scanning tool called Observatory for in-house use to help with its own security. The tool was built by Mozilla security engineer April King and the company has now decided put the scanning tool online as a free resource for developers, system administrators, and security professionals to help configure their sites safely and securely.
How Can You Use It?
As an IT Support Company in Hertfordshire we’re always interested in security developments that could benefit ours customers. What makes Mozilla’s new online tool more attractive is that you don’t have to pay to use it.
To use the tool go to https://observatory.mozilla.org/ and type in the domain name of the website you would like to scan. The scanner gives your website a score from 0 to 130 depending on how well defensive security technologies have been configured and implemented on the web server.
Some aspects of your security are awarded +5 or +10 points for going above and beyond the call of duty in defending your website.
The results of the Observatory test are presented in a user-friendly way and they link back to Mozilla's web security guidelines. These have descriptions and implementation examples thus allowing website administrators to more easily understand the issues detected during the scan, and to be able to prioritise them.
What Kind of Things Does It Check For?
Mozilla says that Observatory checks for the presence of preventative measure against cross-site scripting attacks, man-in-the-middle attacks, cross-domain information leakage, cookie compromise, content delivery network compromise, and improperly issued certificates.
What Doesn’t It Check For?
Observatory does not scan for any vulnerability in the website code as there are already a large number of free tools available for that purpose.
What Does This Mean For Your Business?
Your business website administrator now has an extra free tool available to them which can help in the fight against cyber crime. This tool can not only offer real world defence tips and highlight potentially costly vulnerabilities, but it can also help developers and operators to become more familiar with the kinds of defensive security standards that are necessary today.
Some of Uber’s customers in Pittsburgh (U.S) will very soon be getting a lift from a robot driver as the result of a new project involving converted Volvo and some Ford cars.
Free Ride if You Take the Risk
As an IT Support Company in Hertfordshire we’re always interested to hear about the latest technological developments and if this one is rolled out to cities around the world it will certainly provide a news experience for most people.
With this new project Uber customers in Pittsburgh will order their Uber car in the usual way, but when the car arrives it could well be one of the a driverless cars that Uber is testing.
The scheme, soon to be launched in the city combining 100 of the latest technology Volvo XC90s (and some Ford Focus cars) and Uber’s popular ferrying service will see customer cars arrive and reach their destination in the same way, but with a few big differences.
If the customer is picked up by the autonomous vehicle the ride will be free as a reward an incentive for taking part of the scheme.
Autonomous But Not Unmanned Cars.
As an IT Support Company in Hertfordshire we know how it can often take some time for people to get used to and become comfortable with using new technology. In the case of this scheme people will be required to put an awful lot of trust in that technology immediately as they allow a ‘driverless’ car to take them through the busy city streets.
Even though the custom, self-driving vehicles will be fitted out with all the technology to go about their work without human help, for the introductory scheme at least they will have someone in the front seat. This person will be there to satisfy safety regulations which currently don’t allow totally driverless vehicles on the public roads, and to and take notes about how the cars are used. It is also very re-assuring for passengers who are unlikely to have complete trust in this brand new type of service to have a person on hand to potentially take charge should anything go wrong.
The details observed by the person / engineer in the front seat will be combined with computer measurements and recorded data from the special cars to ensure that safety and service levels are maximised.
First Step To Uber Job Losses?
Although the announcement of the real life use of this technology has caused much excitement in technical circles, some commentators have pointed out that could be the first step to Uber driver job losses around the globe, thereby going against one of the things that Uber was very proud of.
What Does This Man For Your Business?
Although this scheme is unlikely to have any direct effect on the vast majority of people reading this, it shows how quickly ideas that seemed part of a distant future can be developed and incorporated into businesses today. It could also have implications for and open up business opportunities in countries around the world if it is rolled out on a large scale and if enough passengers become used to and comfortable with computers rather than people being in charge of land based public and private vehicles.
Microsoft has been under the tech microscope throughout the introduction of Windows 10 and the latest story to hit the headlines concerns the August update that caused Webcams to stop working.
As an IT Support Company in Hertfordshire we know how important it is that software is kept updated, particularly where security and genuinely helpful new features are concerned. The move to the ‘Windows as a Service’ model means that regular updates can be more easily distributed to customers. Update / version 1607 also know as the Anniversary Update because it was the first anniversary of the release of Windows 10 earlier this month is one of a series of these frequent installations of feature updates.
Windows 10 updates are cumulative so each one contains all previously released fixes, and if earlier updates have been installed only the new fixes that are contained in each new update package are downloaded and installed on to the user’s computer.
Webcam Problem Caused.
As an IT Support Company in Hertfordshire we know how popular programs that often involve webcams such as Skype and Lync are. Unfortunately reports to Microsoft’s support site have shown that the latest Windows 10 update that was released at the beginning of August is has affected web cam use, including webcams working with platforms from companies owned by Microsoft (Skype and Lync). The update is reported to have caused either frozen images or streaming problems in webcam images, whether the webcams were connected via USB cables or on the same network.
There has to date been no official word from Microsoft as such about the problem, although there have been some comments on Microsoft support threads from engineers who are reported to be working on a fix for the problem.
Although the exact nature of the cause of the problem is still therefore largely a matter of speculation, some commentators have suggested that the fault may be due to the update ending support for 2 widely used video encoding systems that Windows 10 has been using.
Current indications are that the fix for the problem may not be ready for at least another week. It has also been noted by some commentators that changes to the way in which Microsoft handles updates could have made the fix more complicated. For example, prior to this update, Windows 10 users could roll-back to a previous version within 30 days of it being installed. With the latest update reducing this to 10 days it is unlikely that users can roll back to a version where the webcam was working.
What Does This Mean For Your Business?
If your business has been affected by this latest problem it now (unfortunately) means that there will be a wait until a fix has been found.
It is worth noting however that although there have been some inevitable teething problems with and some criticism about the introduction of Windows 10 and the new ‘as a service’ model there are many more positive features, benefits and opportunities that the OS offers businesses.
Recent research from Dynatrace appears to show that load times for shopping websites around the world has been getting much longer. This could mean that our thirst for more content is frustrating us and hitting online retailer profits.
As an IT Company in Hertfordshire we know how important it is, particularly in an age of wide-scale mobile device use for web pages to load quickly in order to minimise customer wait times and to prevent losing visitors to competitors.
The latest Dynatrace research however has shown that that despite an increase in connectivity, retail websites globally have been loading more slowly. Australian websites, for example, have increased their load times by nearly 3 seconds from 2015 and now take an average of 8.2 seconds to load.
U.S. average home page response times have also increased by a half a second over the last year to 3.9 seconds and shopping site page load times globally have increased 7% over the year to 4.5 seconds.
Why Are Things Slowing Down?
As an IT Support Company in Hertfordshire we are often asked for help in improving the traffic, conversion, and customer experience of websites. This latest research has shown that there are some factors however which are difficult to control. For example, some of the reasons for the slowdown in load times on web shop pages globally could include:
Why Speed Matters.
The unfortunate fact is that consumers who are now used to fast speeds e.g. on Google search, become impatient very quickly when they encounter slow loading web pages. Just a couple of seconds or even fractions of seconds on top of what they expect makes the difference between them leaving or staying on the website.
For example, North American fashion retailer Nordstrom’s online sales fell by 11% when its website response time slowed by only half a second. For a company making around $14bn (£10.6bn) across 121 stores in the US and Canada, the result has been estimated at tens of millions of dollars lost.
It’s not just the fact that your company loses a sale because of a slow page load, but also that a competitor will gain that sale, and could possibly keep the loyalty of that customer for more future sales. Perception of your company / your brand could also be damaged by slow load times, thus wasting advertising spend that it has taken to get the visitor to your web site in the first place.
What Does This Mean For Your Business?
Clearly, consumers really value fast page load times. The speed at which things happen for them is a vital factor in creating a good retail experience. If you’re an online retailer, you need make sure that you strike a balance between providing enough personalisation and rich content provision at the same time as keeping things fast, simple, reliable and fun for your web shop visitors. This requires good website architecture as well as monitoring of the website performance.
The main reason why financial and technology companies have started to invest in and roll out biometrics for authentication is because of the well documented security risks posed by a reliance on passwords. A recent high profile study however reveals that British people do not trust biometrics.
As an IT Support Company in Hertfordshire we know about the importance of cyber and data security and how a reliance on just passwords can be risky. A recent YouGov study commissioned by e-mail provider GMX shows that even though UK people may accept this fact they still have many trust related questions about security measures such as the use of biometrics.
Rather Use Passwords.
It is not surprising that where there is a news technology that is relatively unproven in the wider market people are likely to perceive risk and be cautious. As an IT Company in Hertfordshire we know that companies and individuals need to have faith in and / or some knowledge about IT systems, software or news ways of doing things in order to be really ‘on board’ and comfortable with them. In keeping with this, 60% of those surveyed said they would rather use passwords that biometric logins.
Who Has Our Biometric Data?
We are notoriously protective over any aspects of our medical and biological data and this, coupled with the large number of high profile data breaches in recent years, has contributed to our apparent mistrust over who stores our biometric data and how well it is protected.
More than 40% of those surveyed for example don’t want companies to have any access to their biometric information and one-third said they were afraid that their biometric information could fall into the hands of criminals. In fact, only 5% of those surveyed thought that there is no risk associated with biometric logins.
Technical Hitch - Locked Out.
Just as many aspects of modern car engines rely on chips and computers and have therefore been perceived to have moved out of our control, so we also fear that the power to potentially stop and disrupt us will rest with the biometrics. 41% of those surveyed for example said that they were afraid that a malfunction would leave them locked out of their own accounts.
Being locked out of our accounts however, is something that could happen anytime without biometrics being involved e.g. forgotten PIN numbers, damaged cards, and faults with bank ATM software can and do give the same result.
Better For Whom?
Although many of us can see how biometrics would be more secure e.g. because of the uniqueness of our fingerprints, voices and irises, some commentators have argued that biometrics are simply sacrificing security for convenience.
For example, systems have to be available to allow us to change passwords for everything but once a company has your fingerprint there will be no need for you to try and change anything and it will, therefore, be more convenient for that company.
What Does This Mean For Your Business?
At a time when fraud has become the number 1 crime in the UK and when cyber crime is soaring to new levels, relying on passwords alone for security is clearly not working.
It is likely that businesses and consumers would, therefore, welcome new and effective ways to beat the cyber criminals provided they can be used simply and quickly, and that the biometric data that we provide is itself kept as secure as possible. Biometrics are however already here.
Samsung, for example, has introduced an iris scanner to its Note 7 phablet and Barclays Bank will soon be rolling out voice authentication for telephone banking customers. It looks as though we will simply have to expect and accept more biometrics as part of our normal business and home lives.
The results of a survey by TechUK appear to show that the UK’s vote to leave the EU has damaged the confidence of technology companies in the growth potential in the UK.
The survey carried out among IT industry group members is given extra importance because 77% of the tech companies surveyed who have a European HQ have those headquarters based in the UK.
As an IT Support Company in Hertfordshire we know how quickly many tech companies tend to grow and how important the potential for growth of a geographic territory is to many of them. Unfortunately this latest survey has shown that among the Industry group of IT firms there has been a 23% drop in their confidence that there will be sufficient growth potential in the UK over the next 2 years.
Perceive a Negative Impact.
The Technology industry in the UK is known to have preferred the UK to remain in the EU. It is unfortunate but not surprising therefore that 78% of the tech companies surveyed thought that the vote to leave the EU would have a negative impact on their business.
It seems that any anticipation of negative outcomes is not confined to activities in the UK. 49% of the TechUK member companies surveyed for example thought that foreign direct investment would be negatively affected by the ‘Leave’ vote.
TechUK members also thought that the Brexit vote could drive down capital investment and R&D spending in the UK.
Single Digital Market.
As an IT Support Company in Hertfordshire we are all too aware of the hope and vision for many years that the UK’s flourishing technology sector, with London as a major technology hub can be fed by having access to and being an important player in the digital market. For many tech companies this vision was of a digital single market based around the EU. It is believed by many in the industry that occupying a significant position and having a good reputation in this market can help UK businesses to attract those with the right tech skills to UK tech companies and a protect international data flows.
Call For the Government to Lead By Example.
With maintaining the UK’s position in the market in mind, TechUK are reported to have called on the government to lead the digital revolution by example by developing the right digital infrastructure and by creating conditions that make the UK a place that technology companies want to invest in.
What Does This Mean For Your Business?
For Tech businesses in the UK, the results of this survey could be another indicator of tougher times ahead and a slowdown in digital aspirations (and much more so if Brexit actually goes ahead).
It is known anyway that salaries for tech workers in London are lower than in other world tech centres and that this is damaging the potential of attracting the right skilled employees. This, combined with falling numbers of computer science graduates, has already fuelled fears of a major skills gap forming. This latest news of a drop in confidence levels in the UK by tech companies could only make things worse.
Many believe though that it is not down to just businesses alone to solve these problems.
The government, the education system and businesses need to find ways to work together to develop a base of digital skills in the UK population and to make sure that the whole tech eco system finds effective ways to address the skills gap and keep the UK’s tech industries and business attractive and competitive after Brexit.
Researchers have discovered a multi stage method by which criminals could gain access to VW vehicles. It is thought that the key fob ‘hack’ could affect millions of VW owners but it is not known if or to what extent the hack is already being used by real criminals.
The research, carried out by Researchers from the UK's University of Birmingham and from the German engineering firm Kasper & Oswald, has been presented at the USENIX Security Symposium in Austin, Texas.
The Equipment & Method.
As an IT Support Company in Hertfordshire we often here reports of many different types of hacks and cyber crime activity, most of which relies upon the criminal being remote from the victim. Even in the case of the VW hack there is a remote element despite the crime being simply a more modern form of car theft.
The researchers discovered that most Volkswagens built since 1995 only use one of a small number of electronic master keys to remotely operate the doors. Fortunately though, this master key is in itself not enough to operate the doors. In order to do so, it needs to be combined with a unique code generated by each remote key device.
The researchers, therefore, used a piece of radio hardware costing only $40 to create a device that can intercept the signal sent from the key fob to the car. The researchers estimate that the person using the device could operate it successfully within 100 metres of the vehicle being targeted.
The decrypted signal could then be used to make a copy of the key fob, and this key fob could be used to open the car doors.
Several Models Vulnerable.
The researchers reportedly tested the hack on the Jetta, Golf and Passat Volkswagens, and on the Audi A1 which is manufactured by Volkswagen. Although these were the models that the researchers used in their test, Volkswagen has not confirmed exactly which models could be affected by hacks of this kind.
Volkswagen is reported as saying, however, that it will continue to work on its security.
Shared Results Volkswagen.
One piece of good news is that the researchers shared their findings back in November with Volkswagen, and they also agreed to not share the specifics of how the hack was achieved when the findings were published - hence no specifics with this article.
Firmware Update Needed.
According to the researchers, this kind vulnerability is not likely to have a fast and inexpensive fix. They suggest that a firmware update will be needed.
What Does This Mean For Your Business?
If you have Volkswagen business vehicles then this may, of course, be of immediate concern but this story is really part of a wider issue of security of how we can maintain the security of our possessions and devices that have smart or computerised element to them, such as the IoT.
So many of us are now buying devices for mobile use or for use in the home and / or workplace that have a smart element to them / are connected to the Internet, that we now have many more possible security vulnerabilities around us that we are not fully aware of.
Some security scanners are available for those types of devices e.g. BullGuard’s IoT Scanner is a web-based application - see http://iotscanner.bullguard.com/. Generally though, we should take what precautions we can while simply expecting more security weak spots to be discovered in our cars and devices in the near future.
After the Brexit vote the consensus is that the work of information security professionals and those charged with protecting company data will be affected, but exactly how is still unclear.
Article 50 Not Yet Triggered
As an IT Support Company in Hertfordshire we face the same uncertainty as many other businesses as to the exact outcomes of the Brexit vote, and we are all unlikely to know until long after Article 50 has been triggered. Being an IT Support Company in Hertfordshire however also means that we have a strong interest in what implications there will be for data security and for those responsible for it.
GDPR and Safeharbour
UK businesses and data security professionals alike were aware anyway of the main implications of GDPR when it comes into force (predicted for May 2018). There was also some certainty about the replacement of the Safeharbour data-sharing agreement with the new EU-US Privacy Shield. Opinions about how Brexit will change things have however been less prevalent and less confident.
Here are some insights into the possible post-Brexit implications for information and data security in the UK.
GDPR Will Still Apply Here.
With the triggering of Article 50 not looking likely for some time and with the negotiations for Brexit possibly taking years, GDPR will be law before Brexit takes place.
As an IT Support Company in Hertfordshire it is our understanding that GDPR also applies to any country that holds data about EU citizens. We can therefore assume that compliance with GDPR is necessary and should be prepared for.
Several Options For Data Protection Law Models.
When it comes to what form the UK’s post-Brexit data protection laws could take there are a few likely options:
Changes for the ICO?
Until Brexit, the Information Commissioner’s Office (ICO) looks likely to remain part of the Article 29 Working Party, a body of EU data protection authorities. It is not yet clear though how the ICO will participate in the European Data Protection Board which is the successor to the Working Party under the GDPR.
If Brexit occurs without the UK joining the EAA, data transfers from Europe could be affected. The UK could end up having to implement something similar to GDPR anyway in order to gain adequacy.
UK access to law enforcement data could be adversely affected by Brexit due to mistrust of the UK’s surveillance powers and laws by other EU countries. This could mean that UK may have to negotiate data transfer agreements with other EU countries (which may still include Scotland).
What Does This Mean For Your Business?
Until a definite direction for post-Brexit data protection laws is settled upon (which could take years), businesses can only act on what looks certain and / or highly likely
We know that GDPR will apply anyway and other models we could follow are likely to be quite similar to GDPR. Given the relatively limited time until GDPR comes into force it seems that the best course of action is to keep preparing for it.
Facebook has announced that it is giving its customers who are desktop users of ad blockers the chance to specify the brands and businesses that they are happy to see ads from rather than blanket blocking all adverts.
Ads Fund Content.
As an IT Support Company in Hertfordshire we are aware of the importance of good content to attract visitors and improve conversion, as well as the importance of on and offline advertising to achieve visibility. Online advertisers frequently make is that one of the important reasons that we are able to access so much high value content for free is because many content providers are able to use online advertising for their funding.
Ad Blocking Threat.
Advertising is also a great revenue generator, and as an IT Support company in Hertfordshire we know that as well as serving a useful purpose for users, the other side of the coin is that ad blockers also pose a threat to advertisers and prevent advertising worth billions in revenue from being seen.
Facebook may have generated $6.2bn / £4.7bn in revenue from adverting in the last quarter but ad blockers are now used on 200 million peoples’ computers worldwide, thereby probably reducing the amount of revenue that could have been generated by a significant amount.
Why Use Ad Blockers?
Not all adverts are seen by their intended target i.e. we are often shown adverts that are irrelevant to us. Adverts can also be distracting, interruptive and annoying. Avoidance of the negative aspects of advertising is therefore the motivation for so many people using ad blockers.
Customising Your Desktop Ad Viewing.
Bearing in mind the amount of revenue that Facebook makes from adverts, it is now giving its customers who are desktop users of ad blockers the chance to specify the brands and businesses that they are happy to see ads from rather than blanket blocking all adverts. In a blog post on Facebook’s newsroom, the Ads and Business Platform Vice President Andrew Bosworth said:
“With today’s announcement, we’re building on these efforts by making ad preferences easier to use, so you can stop seeing certain types of ads. If you don’t want to see ads about a certain interest like travel or cats, you can remove the interest from your ad preferences. We also heard that people want to be able to stop seeing ads from businesses or organizations who have added them to their customer lists, and so we are adding tools that allow people to do this. These improvements are designed to give people even more control over how their data informs the ads they see.”
It is thought that move to get around the ad blockers will not be technically difficult because Facebook loads the ads onto its service itself.
Most Use Mobile.
It is worth noting that most visits to Facebook come via mobile devices anyway, and that ad-blockers tend not to work on those mobile devices.
The main criticism for this move by Facebook appears to be that the motivation is to simply make more money by being able to display more adverts. Facebook’s Andrew Bosworth however has said that the motivation for the move is for the principle rather than for inventory.
Mr Bosworth has also pointed out that Facebook have invested heavily to ensure that the advertising that users do see is “uninterruptive” and relevant.
What Does This Mean For Your Business?
If you’re an advertiser or if you’re a company that relies of revenue generated from ad displays on your web pages this is a small bit of good news. It does depend of course on whether or not users decide that they want to see adverts featuring your brand / products.
If you’re a Facebook customer who has put an ad blocker on your desktop to avoid seeing adverts, this move by Facebook could cause some frustration and annoyance.
New research by Vodat International has shown that those shoppers born between 1995 and 2010 and known as ‘Gen-Z’ have different shopping habits from previous generations that will mean that many retailers will have to make changes to attract them.
Gen-Z Like to Try Before Thy Buy
As an IT Support Company in Hertfordshire much of what we provide is service based and it is therefore more difficult for customers to ‘try before they buy’. According to this survey, trying before buying is a feature of the habits of Gen-Z shoppers. This is just one of the behaviours that retailers need to take into account in order to create the right shopping environment for this next generation of shoppers. Other challenges to both physical and digital retailers in the coming years include:
Gen-Z are an unknown quantity. Not much is known about their habits and preferences compared to other generations such as the millennials.
What Does This Mean For Your Business?
As an IT Support Company in Hertfordshire we know how important a good digital marketing strategy is and how on and offline elements of a retailer’s business should combine to give a consistent and positive experience to customers. If you are a retailer it is therefore important that you are able to offer the right digital customer experience in order to attract Gen-Z customers to physical stores. The physical store itself should be the important link in the chain of an omni-channel experience that businesses will have to ensure is consistent throughout.
Retail businesses will need to develop the right back-end systems to support the new consumer-facing technology that will enable them to deliver the right omni-channel experience.
In the months leading up to the cut-off date for the free Windows 10 upgrade at the end of July Microsoft received criticism for its automatic upgrades. With the latest update to Windows 10 designed to make sure Cortana is always on in some form Microsoft could face more criticism for what some may see as tougher tactics.
As an IT Support Company in Hertfordshire we are often asked about different aspects of Windows 10. One of the subjects that often comes up is the A.I. style virtual personal assistant called Cortana that Microsoft has added to many of its operating systems including Windows 10, Windows 10 Mobile, Windows Phone 8, Xbox and Android.
For as long as people have been doing business they’ve tried to find handy and effective ways to stay organised whether it was diaries, secretaries, a filofax, or their Outlook calendar. Cortana takes on part of this role and more. It is intended to help the users with a number of tasks. For example Cortana can set reminders, answer questions by using information from Bing Search, and recognise the user’s voice.
Can’t Turn It Off.
As an IT Support Company in Hertfordshire we know that it’s vital that new software adds value and is easy to use and intuitive. Although Cortana is thought by many to be very useful at certain times the latest Windows 10 update means that the Cortana feature can’t be totally turned off. It is important to remember however that users have the power to instruct it not to be heard during normal computing anyway. The fact that it is always on and always at hand however could be regarded as being helpful.
Microsoft are quick to point out that although users get the best results from Cortana by signing in, if users choose not to sign in it will still be on and users will still be able to use the chat and conduct searches on the web and on their device. Users can also choose to hide Cortana in the taskbar if they wish.
By always being on Cortana will however be able to continuously collect metadata.
In order for Cortana to act as a kind of intelligent personal assistant, it needs to collect personal data about you. As well as being a practical reality this aspect of Cortana has raised concerns among some users and commentators about privacy.
The sort of data that Cortana draws upon in order to be of maximum use is your browsing and search history, your location history and information, your voice search history and your contacts, your calendar, and your content and communication history.
In short, Cortana does access a lot of your personal information and data but there is a strong argument that it needs to do this in order to provide maximum benefit. The fact that it will now be switched on and gathering data all the time therefore looks likely to make it more powerful and therefore more useful.
What Does This Mean For Your Business?
Having Cortana switched on all the time will not feel like any major change on the surface but could make the feature more helpful and effective. Cortana does in fact offer businesses a very powerful tool to help save time and help with personal organisation as well as offering a convenient, handy and portable way to access all kinds of information without being tied to a keyboard.
For example, it can help you to quickly find your device resources e.g. OS settings or files, it can help you to find specific places within walking distance when you’re out and about on business (e.g. a restaurant) and it can use ratings to help you find the best restaurant for that important business lunch meeting.
One type of malware that is now being widely used is ransomware. The tricks used by ransomware vary widely however and so here is a rough guide to how the different know types of ransomware operate.
Encrypting and Then Deleting Files
As an IT Support Company in Hertfordshire we are often asked about cyber and data security matters. Malware is a major threat to all businesses and ransomware is a particularly type of malware.
The ultimate object of ransomware is to force the victim to make a payment to halt and reverse the effects of malware i.e. pay for a software key to release the files that the ransomware has encrypted.
Jigsaw ransomware for example not only encrypts the files but deletes one of the files that it has encrypted every hour until the money is paid. This means that even if the victim pays they can’t reverse the damage. What is more, Jigsaw deletes an extra 100 files for good measure each time victim restarts their computer.
Encrypting Whole Drives and Servers.
As an IT Support Company in Hertfordshire we are often hear about how customers have been affected in the past by viruses and malware. These news types of ransomware however can cause huge disruption and problems for businesses.
Ransomware such as Petya for example encrypts whole drives such as your computer’s entire Master File Table whereas ransomware like RansomWeb and Kimcilware are designed to infect whole web servers encrypting their website databases and hosted files.
Encrypting Your Network Drives.
The scale and scope of the dishonest work carried out by variants of ransomware varies widely. Some versions such as those called DMA Locker, Locky, Cerber and CryptoFortress work by going for the network drive and try to encrypt parts of the Server Message Block (SMB).
Compressing to Speed Up Encryption!
In order to make the encryption of files as fast as possible some ransomware such as Maktub even goes to the trouble of compressing the files first.
Being Attacked in the Cloud.
With more businesses moving critical files to the Cloud so the cyber criminals follow. Some new forms of ransomware are able to delete or overwrite cloud back-ups.
Multiple Operating Systems
Ransomware such as SimpleLocker for example encrypts files on Android, and Linux.Encode.1 encrypts files on Linux.
Receive a Spoken Ransom Message Through Your Speakers
It sounds chilling but ransomware such as Cerber generates a script that allows it to speak a ransomware message through the victim’s speakers in 12 different languages!
Buying In Ransomware!
For some cyber criminals it’s simply a case of buying in ransomware such as Tox as a service via underground forums. It can provide everything the cyber criminal needs including the vital facilitating of the transfer of funds.
What Does This Mean For Your Business?
As with any malware risk the trick for a business is not to get infected in the first place with the software that enables the attack to be launched.
Businesses need therefore to raise awareness among staff that they all need to be very careful about opening emails with attachments and / or emails from sources that are not familiar.
Keeping computer updates, patches, and anti virus software up to date is also very important. Having a reliable, secure back up of your important files and folders is also advisable if not essential.
The Information Commissioner’s Office (ICO) is reported to be considering making changes to the UK ‘cookie law’ that could see fewer cookie warning banners displayed on websites.
About the Cookie Law
As an IT Support Company in Hertfordshire we know how important matters of privacy and security in the online world are to web users. The cookie law is essentially a privacy measure that was introduced to make people aware of how the information about them is collected online and to give them the opportunity to say yes or no to it. The cookie lawn began life as an EU Directive before being widely adopted in 2011 and then becoming an update to the UK’s Privacy and Electronic Communications Regulations.
Cookie Banners on Websites
As an IT Support Company in Hertfordshire we know how important it is that people are able to quickly and easily access what the want on a website and they perceive their visit to your business website as being a good experience. Cookie banners can delay and can be irritating.
The actual placing of cookies on your computer itself is of course the result of clicking yes on the banner. An ICO study found that 94% of UK websites now feature these banners or warnings and that UK websites place an average of 44 cookies on your first visit. These figures mean that we in the UK have more cookies and more cookie warnings than many other European countries.
Why The Re-Think By the ICO?
Despite the ICO enforcing the law for the last 5 years they have now submitted suggestions to the EU’s Consultation for some changes for the following reasons:
What Kind of Changes?
The ICO appear to be in favour of changes that achieve a balance between the privacy rights of individuals and the information interests of business and society services. This means that the ICO would favour exemptions to the cookie law where there is minimal impact to a person’s privacy, but have rejected the EU’s suggestion of a cookie-free version of website content where the individual’s ‘choice’ would be to stop viewing the page.
What Does This Mean For Your Business?
A change in the cookie law is unlikely to have a huge commercial impact in the UK although exemptions may mean that website visitors have a better experience when visiting the company website. If subtle changes are made to the cookie law it could of course mean that changes will need to be made to the cookie banner and when / how / if it is displayed. This could mean that you will need to consult your web hosting company.
The use or malware is on the rise and especially the use or ransomware. A new Chinese variant of a ransomware that uses Google Docs as a hiding place has just been discovered.
Criminals Use Google Docs to Hide It.
As an IT Support Company in Hertfordshire we are all too familiar with the threat of malware infection that our customers face. Following in the recent wake of the ‘Locky’ and ‘Raa’ ransomware attacks comes the new variant of ransomware which cyber criminal have hidden in Google Docs.
A Variant of 'my-Little-Ransomware'.
This latest ransomware threat has been dubbed 'cuteRansomware' and Internet Security experts say it is a Chinese variant of a ransomware package published a few months ago on GitHub known as 'my-Little-Ransomware'.
What is Ramsomware?
Ransomware is a form of malware that typically encrypts important files on the victim’s computer so that they are locked out of them. A demand for money is then issued to the victim in exchange for a key to a release the files.
As an IT Support Company in Hertfordshire we can confirm that this kind of malware attack has dramatically increased in recent months, and that the criminal perpetrators are finding many different and new ways to help the ransomware to beat your security measures.
How Cute Works.
The cuteRansomware recently discovered by security researchers works in a similar way to other known ransomware programs but has some key differences that enable it to beat the victim’s security. For example, Cute:
The Reason For Using Google Docs
Unfortunately, traditional detection tools still lack visibility into SSL meaning that those deploying cute are at an advantage at this point in time.
Fewer File Types.
One small plus point is that the cuteRansomware variant seeks out and encrypts fewer file extensions than the ‘my-Little-Ransomware' that it was developed from. It is still however likely to target the most popular file extensions, thereby making it able to do a very effective job of locking the user out of their own important files.
What Does This Mean For Your Business?
As more businesses move things into the Cloud this latest ransomware indicates that Cyber Criminals will be moving there too, using the cloud for delivering malware and exfiltrating data via command-and-control. As with any malware risk however the trick for business is not to get infected in the first place.
Businesses need therefore to raise awareness among staff that they all need to be very careful about opening emails with attachments and / or emails from sources that are not familiar.
Keeping computer updates, patches, and anti virus software up to date is also very important, particularly in the case of cute. Having a reliable, secure back up of your important files and folders is also advisable if not essential.
If you’ve long suspected that there must be plenty of untapped opportunities in the ‘Internet of Things’ (IoT) then you’re not alone. A recent ‘Barometer ‘ report by Vodafone has shown that three quarters of organisations see how they use the Internet of Things (IoT) as being a critical factor in their success.
What is the IoT?
The Internet of Things (IoT) refers to the many devices for mobile use or for use in the home and workplace that have a smart element to them or/and are connected to the Internet.
The Vodafone Barometer Report.
As an IT Support Company in Hertfordshire we are always interested in the innovative ways that companies can employ new technology to add value and gain competitive advantage. The latest Vodafone Barometer Report is based on an independent study (conducted by Circle Research) which surveyed nearly 1,100 enterprise and public-sector executives from 17 countries. It therefore provides a good snapshot of the way businesses are thinking about the use of technology and where they see the next big opportunities.
The report shows that 37% of adopters say that they are already running their entire business on IoT, and 48% say they’re using IoT to support large-scale business transformation.
In fact the report shows that three quarters businesses say that the IoT will be critical to their success in the future. As an IT Support Company in Hertfordshire we are aware of the potential of the IoT and how companies who tap into it in a way that really works for them can see some significant benefits early on.
Which Industry Sectors?
According to the report those companies who are embracing the IoT most are involved in retail and transportation and (of course) the supply of consumer electronics.
Increased IoT Budgets.
Not only are businesses making predictions and walking the walk, but they also appear to be putting their money where the mouth is. 89% of companies have increased their IoT budgets over the last year, with investment now accounting for almost a quarter of IT budgets.
The report also shows that these adopters are allocating more budget to IoT than to cloud or analytics.
Getting a Return.
The report also shows that it’s not just as case of throwing money at it now with the hope of a future return. Many businesses are reporting very positive results. 63% of businesses say they’ve seen “significant” return on investment and on average they measure a 20% improvement in metrics like revenue, cost, downtime and utilisation.
What Does This Mean For Your Business?
This report shows that the IoT is a real opportunity.
Those businesses who are ahead of the curve and have already invested in it are already reaping the considerable rewards. The chances are therefore that your business competitors will be incorporating more aspects of the IoT into their business soon (if they aren’t doing so already), and there may therefore be hitherto unknown opportunities for your business to do the same.
U.S. IT research and advisory company Gartner has warned that IT spending in the UK is likely to flatten out following the uncertainty and loss of confidence caused by the UK’s Brexit vote.
As an IT Support Company in Hertfordshire we know that businesses need to keep a close eye on their IT spending and show much return they get on their investment. Leading on from a less than spectacular negative 0.5% growth prediction anyway, the perspective from the U.S is that IT spending in the UK this year isn’t likely to grow much more.
Worldwide growth in IT spending in 2016 is likely to flatten out to $3.41 trillion and the Brexit aftershock means that last year’s UK IT spend figure of £123.9bn could now be reduced by as much as 5% in 2016’s IT spending
As an IT Support Company in Hertfordshire we know that when there are warning of hard times companies may choose to reduce or cut discretionary IT spending and may delay or even pull out of the kinds of mergers, acquisitions, and expansion projects that would have had a large IT spending element to them.
In the aftermath of the Brexit vote the erosion in business confidence, a falling pound, price increases, and general uncertainty about what happens next all indicate that for the rest of 2016 at least UK companies could be keeping IT spend to a minimum.
A Decline in Sterling
The downward trajectory of UK sterling for example has meant that US based PC maker Dell has announced a price rise to UK retailers this week. Sterling’s decline also looks likely to affecting other IT costs. For example, companies who have not already paid the annual maintenance fee on their software will notice a price increase for it because it is usually priced in dollars.
It is also thought that as well as hitting tech spending, the UK technology sector will also take a hit in terms of software developers who work in the UK potentially being tempted away to work for higher salaries in other countries. Moving out of the UK may be especially attractive if the software developers are not British and if they feel worried about their status in the UK anyway when Brexit actually starts and Article 50 is triggered.
What Does This Mean For Your Business?
If you’re thinking of reducing your IT spend or are already being hit by price rises in that area it is probably little consolation to know that you are not on your own. It is of course important to balance the urge to delay and be cautious with the recognition that technology is still advancing and many of your competitors are still likely to be moving more aspects of their business to the cloud this year.
There are still likely to be some growth areas in IT spend such as in software, and particularly in customer relationship management (CRM) software. Datacentre systems’ spending is also set to increase by 2% this year on last year.
For businesses in the UK it may also be a case of looking at how much smarter they can work and look for lower cost but innovative solutions that can help to keep them competitive.
The latest trial of a secret messaging service by Facebook hopes to build on the experience of previous attempts and create a new and popular service whereby users can choose which single device to use the service on, and can then specify how long the messages last on that device before they become hidden or are deleted.
As an IT Company in Hertfordhsire we know that privacy and security issues are important to our customers, and whether in our business or personal life there are things that people send to us in emails and texts for exampe that are commercially or perhaps personally sensitive. Facebook says it's new secret messageing service could therefore be useful to those wishing to discuss all manner of very private matters such as health and financial issues. Services like Snapchat already use a disappearing message system and this new secret message service from Facebook is their 3rd attempt at launching something similar.
One key aspect of this new service is that it uses end-to-end encryption to make the conversations on Facebook Messenger secure. Facebook themselves for example will not be able to read the messages being sent via this service unless one of the parties involved in the conversation reports or sends the details to Facebook.
As an IT Support Company in Hertfordhsire we know that people now tend to use several devices during the day in their business and personal lives e.g. their smart phone, tablet and perhaps their desktop.
One clear limitation of the new “secret conversations” service is that users are tied to one single designated device when using it. This means a conversation can’t be carried on from desktop to mobile to tablet.
Another limitation (or advantage depending on how you look at it) is that conversations on this service can only be one-to-one. At the present time the service does not support rich content such as images, videos, or making payments and it also doesn’t support chatbots.
The encryption aspect of the service clearly adds an important secure dimension to the service. The fact that the new service has been built using an open, widely used standard therefore could be a potential area for security concerns. The service is however reported to be built on the reliable protocol called ‘Signal’.
The secret conversations service is being tested on a limited basis at present although it is believed that this could be expanded later this summer.
What Does This Mean For Your Business?
If the secret converations service is used for business / commercially sensitive conversations it could of course have security advantages e.g. the encryption of the messages, the fact that the messages are only received / sent by your personal devices and therefore can’t be found on / recovered from other devices, and that messages can be set to disappear after a time period.
This means that even if you lose that device / have the device stolen the messages may still not be read by others.
If you don't know exactly where your business data is stored then you are not alone. A recent report by cyber security consultancy CNS Group has revealed that only a little over a quarter of UK business IT decision makers are able to say with ceratinty that their data is stored in the UK. The same report also shows that business IT decision makers would actually prefer their data to be stored in the UK.
Store It In the UK
As an IT Support Company in Hertfordshire we are often asked about data storage and data backup issues of all kinds. This report shows that 92% of business IT decision makers think that their data should be stored in the UK. Only 27% of those surveyed however were certain about exactly where their data was stored.
Issues based around security, control, quality, and changes in the business environment appear to be at the heart of most decision makers’ wishes to keep company information assets close to home.
Trust and Data Integrity Issues
The results of the report seem to show that the mere fact that the data is stored at least somewhere in the UK is important for UK businesses. For example not knowing whether data is stored in the UK causes questions to be raised by IT decision makers about data quality and trust. 21% of those surveyed thought that not knowing whether their data was stored in the UK could mean that there is a lack of data integrity.
22% of those surveyed also thought that not knowing whether their data was stored in the UK made them think that they did not know the accreditations or clearance of those accessing and managing their data.
One very important reason for knowing exactly where in the world business data is stored is for compliance. As an IT Support Company in Hertfordshire we know how important compliance issues can be to UK businesses, and with the EU’s General Data Protection Regulation (GDPR) due to come in to force in 2018 companies will need to be certain about where their data is stored and managed in order to comply with the regulation.
What Does This Mean For Your Business?
This report appears to show that knowing where their data is stored and managed is important in terms of feeling more in control as well as being in a better position to ensure compliance in the near future. Businesses could therefore take steps now to ensure that they are well prepared. This could mean asking for very specific information from your business data storage providers about exactly where in the world your company data is being stored, how it is backed up and encrypted and who has access to it.
Figures released by Fraud prevention service Cifasn show that we may have been be contributors to the 57% rise in identity fraud last year because we are not careful enough about what we share on social media about ourselves.
Over 85% of Identity Frauds Online
As an IT Support Company in Hertfordshire cyber and data security are issues that we take very seriously, but how many of us think very carefully about whether the kind of information we share in our online social media accounts could be useful to fraudsters?
The figures taken from 261 UK companies show that not only did the number of identity fraud victims in the UK rise from 94,500 in 2014 to 148,000 in 2015, but that over 85% of these frauds were carried out online!
Social Media First Stop
As an IT Support Company in Hertfordshire we have heard warnings about criminal using fake identities. The fact is however that convincing fake identities on social media are quite difficult to set up and many of today’s fraudsters prefer using stolen, genuine identities.
Ease of access to and vast choice offered social media profiles has meant that identity thieves are turning to platforms like Facebook, Twitter, LinkedIn as their first port of call. People freely share information about themselves on social media platforms that could easily be pieced together by determined criminals to produce a genuine identity that could in itself prove to be very lucrative.
Personal data is valuable to cyber criminals. The kind of information that identity thieves are looking for in addition your name, address and of course your bank details is your date of birth, pictures of the home, workplace or school, and perhaps any information about other potential victims.
What Does This Mean For Your Business?
For businesses this means that they are now more likely to receive fraudulent requests / orders online for goods and services from people who are using someone else’s identity. For many businesses the process for creating an account online would mean accepting the person’s details at face value and it would only be at the payment stage that detection would be most likely e.g. if they are trying to use details from an old / cancelled card.
Even then in many cases this would mean that the person who attempted to commit the fraud would be very difficult to locate.
Intel has warned against simply accepting all connect requests via LinkedIn because cyber criminals have been using the popular professional network to target victims for hacking and phishing attacks.
How Does It Work?
As an IT Support Company in Hertfordhsire we know that many businesses use LinkedIn as part of their social media strategy and that it important to try to widen your professional network to get the most out of it.
One aspect of social media however that can be used against us as well as working for us is the sharing of personal information. Social media profiles can give people a lot of information about us e.g. name, birthday, location, friends etc., so your LinkedIn profile can also reveal a lot of information about you and your connections. Personal information, especially information that could be matched up with other details and stolen information from elsewhere can be very helpful research material for cyber criminals when planning their attacks.
According to the CTO of EMEA at Intel Security, because LinkedIn is a professional network i.e. it gives details of your position in an organisation and your professional network, this can enable hackers to target senior level professionals and ultimately to target the corporate network.
Connect Requests From Cyber Criminals
As an IT Support Company in Hertfordshire we are all too aware of the rise in cyber crime in recent years, and of the ever more inventive and sophisticate ways that are being used to reach victims.
According to Intel, a cyber criminal could therefore request to connect via LinkedIn with as many junior and mid level employees and executives at the target company as possible. The criminal could then use their links with people in that organisation to provide the validation when they target the senior level executives, thus making it more likely that these executives will link connect them.
With all the right connections in place a cyber criminal could then use them to launch a well targeted phishing campaign. This could involve using name, job and company information to email things like fake invoices and authentic looking emails that could request wire money transfers or malware such as ransomware.
LinkedIn Security Concerns
This is not the first security concern relating to LinkedIn as data search engine LeakedSource recently revealed that the usernames and passwords of what could be up to 117m LinkedIn were put up for sale on the dark web by the hacker that stole the data.
What Does This Mean For Your Business?
It is important to raise awareness in your business that this type of crime exists and introducing a clear company policy around social media could also help. Members of staff should be asked to exercise caution when asked to link up with people they don’t know on LinkedIn.
Staff should also be made aware of / given some training about how to avoid common scams, including making staff aware of the risks of opening unknown attachments in emails or clicking on unknown links.
The prospect of Brexit and the resulting speculation about the consequences have meant that the Information Commissioner's Office (ICO) has stated that despite the Brexit vote there will be no relaxation in data protection laws and that the data protection laws set by the EU will still apply.
The ICO has however stated that leaving the EU before any new data protection laws come into effect could mean that these laws may not apply in the UK.
As an IT Support Company in Hertfordshire we know what an important part of governance and compliance that data protection is, and how complicated some aspects of it can be. Data protection law can be a particu;ar;y complicated area and the complications surrounding Brexit and the confusion and lack of knowledge about exactly what kind of relationship the UK will now have with the rest of Europe has led to speculation about the relevance to the UK of EU data protection laws.
The ICO has therefore sought to clarify the situation this week by confirming that in order for the UK to trade with other countries in the EU, the UK’s own data protection laws / standards will at least have to be on a par with those in the EU i.e. at least on a par with GDPR. In legal language this means that the UK will need to provide ‘adequacy’ for its own data protection laws.
What Is GDPR and Will It Still Matter?
As an IT Support Company in Hertfordhsire we are familiar with the new General Data Protection Regulation (GDPR) and what it means for UK organisations. This new EU data protection law is due to come into force in 2018 and will affect all companies worldwide that process the data of EU citizens.
The fact is that GDPR would need to be adhered to by the UK anyway, regardless of its position in the EU as the point about GDPR is that a company’s location is irrelevant. If the data a company collects and handles relates to any EU citizen and it can identify them then GDPR applies.
ICO Group Manager Says Law Unaffected By Brexit
Prior to the Bexit vote the ICO's group manager Garreth Cameron is reported to have told delegates at the Data Security in the Cloud conference that the UK's strong data protection laws would remain unaffected by a vote to leave the EU although that the exact details of how they work in that new context would be a matter for the UK government to decide.
The ICO has also stated that consistency in data protection laws for international trade is going to remain an important issue and that the huge growth in the digital economy has meant that there may need to be at least some reform to the UK’s existing data laws.
What Does This Mean For Your Business?
It’s a case of keep calm and carry on where data protection laws are concerned. The same data protection laws and regulations apply for the time being and it is also important that businesses make sure that they are prepared for and up to speed with GDPR because even though it is an EU regulation, it applies to all countries worldwide including the UK.
The Windows 10 free upgrade has been in the news again recently. As an IT Support Company in Hertfordshire we have received many questions about the upgrade but luckily we haven’t heard of it affecting a computer in quite the same way that it affected the computer of Teri Goldstein, the owner of a travel agency in California.
Forced Upgrade – Left Unstable
A recent court case involving Microsoft and Teri Golodstein revealed that her computer downloaded and started to install Windows 10 automatically without her knowledge – what is known as a forced upgrade. Unfortunately the install failed and the computer is reported to have slowed down and become unstable. This in is reported to have resulted in days of lost business. This, coupled with the fact that Microsoft’s customer support was unable to help resulted in Goldstein taking Microsoft to court.
How Do Forced Upgrades Happen?
Windows users have been given the chance over the past year to upgrade to Windows 10 from Windows 7 and 8.1 via online prompts. A change in tactics by Microsoft dating back to February however has meant a shift to ‘Recommended’ from Microsoft which essentially means that users get an automatic / forced download and install onto their PC.
As an IT Support Company in Hertfordshire we have heard many negative comments about forced / automatic upgrades.
Some users have noted that the install began before the instructions on how to stop it were clear, and that once the install begins it can’t be stopped.
Users have also complained that whereas a notification message about the upgrade should be able to be dismissed by clicking on the ‘X’ in the top corner, Microsoft’s tactical changes mean that a click on the ‘X’ is now taken as approval for the upgrade to begin.
$10,000 Paid By Microsoft
In the court case brought by Goldstein against Microsoft, she argued that her Windows 7 computer automatically tried to update itself to Windows 10 without her permission and that she had never even heard of Windows 10 at the time. Goldstein won her case and Microsoft agreed to pay her $10,000 (the equivalent of £7,500).
After initially appealing against the court's decision Microsoft, is thought to have then dropped its appeal to prevent the court costs from mounting up.
What Does This Mean For Your Business?
There is now just a month for taking up the offer of the free upgrade (by July 29th). If you’re still running older versions of Windows such as 7 & 8.1 it appears as though you will need to very soon make a decision about upgrading to Windows 10 and be very careful about how you respond to any notifications that you receive to prompt you to upgrade.
Be aware that there has been a shift to automatic downloads and that clicking on the ‘X’ in the top corner of upgrade notifications can now be taken as your approval for the upgrade to begin.
Now may be the time therefore to seek professional advice on the subject. It is also worth seeking information about the many benefits and positive aspects of Windows 10 rather than simply focusing on the potential risks.
Many of us will be all too used to receiving bogus calls supposedly from a Microsoft tech support person telling us there’s something wrong with our computer and asking us to make changes to the settings to allow them to ‘fix’ it. As an IT Support Company in Hertfordshire we of find this type of crime particularly worrying, and just make things worse there is now a new variant of this type of scam.
New Bogus Tech Support Scam
The latest incarnation of the old ‘I’m from Microsoft’ style fake tech support phone call now uses an on-screen pop-up malware warning that claims to be from your ISP and asks you to call a number.
In order for the pop-up to appear in the first place however the victim’s computer must be infected with malware. In the case of this particular scam your computer is infected using single "bad" pixel adverts.
As an IT Support Company in Hertfordshire we advise all of our customers to make sure that all relevant patches and security updates have been installed and that at least the basic, essential security measures have been taken (see Cyber Essentials).
We are all now aware that cyber crime, particularly that involving malware is relatively commonplace and the fact that we are aware and that most of us have at least some basic levels of protection means that cyber criminals need to be more cunning than ever. This latest scam as reported by US security firm Malwarebytes in the U.S., Canada and now the UK uses pop-up adverts that claim to be from popular ISPs.
How The Scam Works
In the case of this latest scam it relies upon infecting your computer in the first place with the malware which displays the pop-up advert. The worrying thing is that in this case the cyber criminals are using legitimate online advertising networks to place adverts on websites. These adverts don’t even need to be clicked on to infect your computer because they contain a single ‘bad pixel’ that can redirect you and infect your computer while you’re browsing on a legitimate website without you knowing.
How Do They Know Who Your ISP Is?
After your computer is infected by the advert, you are re-directed to an invisible page in the background that checks the IP address on your computer. The ownership of this IP address can then be traced to a specific ISP, and a pop-up advert is served on your page that features the name of that ISP and gives you a bogus number to call them on.
What Happens If You Call The Number?
Calling the number means that you will be greeted by convincing fraudsters who claim to be your ISP. From what is known about similar calls, it is likely that the fraudster will then try and convince you that you have viruses and errors on your computer which they can clean off for a fee. The final step will therefore be that they will try to persuade you to log in to your banking site.
In other bogus tech support scams, cyber criminals also use banking 'Trojans' to extract the victim’s financial information and install malware onto the victim’s computer that joins them up to a botnet so their computer is used in attacks on other computers.
What Does This Mean For Your Business?
Vigilance is once again needed to help defeat the cyber criminals. This latest attack comes on the heals of ‘Locky’ and ‘Raa’, both of which used malware. It important in this case to raise awareness among staff that they all need to be very careful in their web browsing as well as in their opening of any emails with attachments and / or emails from sources that are not familiar.
All staff should also be made aware of who the company’s ISP is and that bogus tech support calls exist and what form they take. It may also be good practice to have a designated person who deals with communication with the IT ISP.
Keeping computer updates, patches, and anti virus software up to date is also very important. Having a reliable, secure back up of your important files and folders is also advisable if not essential in today’s business environment.
The subject of digital currencies and how digital value is handled and exchanged has been in the news recently on a number of occasions. For example you may have heard that Australian entrepreneur Craig Wright publicly identified himself as Bitcoin creator Satoshi Nakamoto. Bitcoin is a type of digital currency, but the technology that is at the heart of Bitcoin is called Blockchain.
Far from just being a Bitcoin component, this ‘Blockchain’ technology and IT platform looks set to revolutionise how everything of value is handled in the digital world.
It’s A Global Database
As an IT Support Company in Hertfordshire we’re always excited when a change comes along that deliver new digital opportunities for businesses. It’s especially good if we’re able to describe in simple terms what the technology actually is and what it can do.
A recent Computer World article described the basis of Blockchain as a global database and a kind of “incorruptible ledger” for of economic transactions. This open and programmable technology can be used to record transactions for virtually anything of value that can be converted to code from finances to accounts, votes, insurance claims, and important documentation like marriage / birth / death certificates.
Mass Collaboration and Trust
The big advantages of this revolutionary new platform in addition to its incorruptibility are that it allows mass collaboration, and it is constantly being updated and reconciled and therefore gives a true and current view of things.
As an IT Support Company in Hertfordshire we deal with business customers for whom quality and reliability of products, services and technologies are vitally important. Blockchain has security and reliability hard coded into it through the use of the Blockchain ‘trust protocol’ which means that it is reliable and that it minimises risk.
Bitcoin and Blockchain
The value of Bitcoin reached a new 20 month high at the end of May of over $500 per Bitcoin.
Increased confidence in the use of Bitcoin and the fact that it has now been legitimised by its acceptance from reputable banks and retailers is believed to make the value of Bitcoin rise even higher for the foreseeable future. This of course will also aid the rise of Blockchain.
What Will Blockchain Mean For Your Business?
The innovative technology at the heart of Blockchain is thought to be on verge of having as high an impact as the technology that brought us PCs, the Web, mobile technology and the social web. Something this dramatic could therefore have a huge impact on how all businesses operate and could mean a major paradigm shift.
As well as providing possible new opportunities, Blockchain will first require some serious learning and training to take place. Your business could therefore first take the plunge and buy something using digital technologies. You may also want to launch a pilot project based around these technologies, hire or buy in Blockchain knowledge and consultancy to see how and where it could begin to work in your business and to train staff, and make a start upon a next-generation Blockchain architecture project.
To begin with, the awareness that Blockchain has very much arrived and keeping up with reading any news and information about it is a good place to start.
For many organisations the days of relying on huge data centres crammed full of physical servers have, or are about to come to an end. Sever virtualisation means that a physical server’s resources are divided by software into many different virtual environments / virtual machines which then essentially become ‘private servers’.
As an IT Support Company in Hertfordshire we are aware of the benefits of doing so and it is not surprising that the results of the annual Computer Weekly/TechTarget IT Priorities poll show that server virtualisation is a now top area of planned datacentre infrastructure investment for the coming year.
If you’d like to know a little more about why sever virtualisation has become so important and what kind of investment companies are likely to be making, read on.
Why Does This Poll Matter?
The Computer Weekly/TechTarget IT Priorities poll results are significant and important because they reflect the investment plans for the coming year of 1,000 European IT managers and decision makers. As well as your plans possibly being reflected in the poll results, they could also reflect the plans of your competitors.
Spend on Virtual Server Maintenance in UK and Ireland
The poll results showed that 38.4% of the 194 respondents in the UK and Ireland put server virtualisation at the top of their IT investment list for the year ahead. The Computer Weekly website used the results of Gartner research to support the idea that this planned investment is more likely to be in the maintenance of existing virtual server farms rather than in the creation of new ones.
This is because most enterprises already have the vast majority servers virtualised. The Gartner figures suggest that the worldwide level of investment in this area will be up nearly 6% on last year and could total $5.6bn.
As an IT Support Company in Hertfordshire we have seen the benefits that the move to virtualisation has given to many businesses. For example, whereas in the past companies used large numbers of physical servers (physical estates) which generally had a single app running on each of the servers, today’s businesses are keen to downsize their physical data centre footprint and consolidate wherever possible into virtual servers. This allows them to make much better and more efficient use of the processing power of servers, take up less physical space in data centres, and use less power and therefore reduce costs.
Virtualisation also allows for much greater adaptability, easier and less costly updates and it allows the money that would have been spent on the physical servers and datacentre space to be spent elsewhere.
Compliance Activities A Priority in the UK
The TechTarget IT Priorities data report showed that although datacentre consolidation was a close 2nd on the list of potential investment priorities, compliance activities were identified as a top priority with 36.8%.
What Does This Mean For Your Business?
The results of the poll reflect the many benefits that businesses are now getting from downsizing their physical datacentre footprint, consolidating and moving into virtualisation. Cost savings, and the ability to upgrade infrastructure and roll out better performing kit that takes up much less floor space are just some of the attractive benefits that can come from a move to virtualisation, all of which can translate into a more efficient, better and smarter performing, and more competitive business.
The General Data Protection Regulation (GDPR) encompasses the new regulations in relation to how the personal data of EU citizens is handled by organisations. When it comes into force in 2018 it will apply to all companies worldwide that process the data of EU citizens and it is highly likely that your company will need to be compliant.
As an IT Support Company in Hertfordshire we are very aware of the importance of companies taking measures to make sure that their data is kept safe and secure, and in a way that complies with the law, and that cyber security risks are minimised.
With GDPR about to come into force in a relatively short time, how much do you know about it and its implications for your business? Here is a brief summary of some of the main points.
It Will Still Apply, Regardless of the Referendum Result
If you hold and handle personal data about any EU citizens that could identify them GDPR will apply to your company regardless of which country you are based in or whether your country is part of the EU.
Many More Things Will Be Classed As ‘Personal Data’
GDPR will cover a much wider area in terms of what counts as personal data.
Under these new regulations, any data that could identify an individual such as genetic, mental, cultural, economic or social information will count as personal data. This means that you will have a greater management responsibility.
Obtaining Valid Consent For Information Use Will Be Necessary and Could Be Challenging
Under the new regulations your organisation MUST be able to PROVE clear and affirmative consent to process personal data. This means that your organisation must remember to explain clearly, and exactly what personal data they are collecting and how it will be processed and used. Your organisation will therefore need to make sure that this step is built into every occurrence of personal data collection without fail and that the proof is stored and can be accessed quickly if necessary.
Many Organisations Must Appoint a Data Protection Officer (DPO)
If you are a public authority processing personal information or if your main activity involves the regular and systematic monitoring of data subjects on a large scale, or if your main work involves the processing on a large scale of special categories of data you will need to appoint a DPO.
This person will of course need to be very familiar with all aspects compliance with existing UK and the new EU regulations. This could therefore have an impact on staffing and resources (for training).
Privacy Impact Assessments (PIAs) Are Mandatory
Under the GDPR Data Controllers must conduct PIAs where privacy breach risks are high so that the risks to data subjects are minimised. This means that to minimise risks to data, subjects PIAs will be needed.
There Will Be a Common Data Breach Notification Requirement of 72 hours
Your organisation will need to have the capability and systems in place to enable it to monitor for, identify and notify the ICO of a data breach within 72 hours of discovering it.
All Data Subjects Will Have ‘The Right To Be Forgotten”
Your organisation must not hold data about a person for longer than is necessary, must not change the use of the data from the purpose for which it was originally collected (when consent was given for that specific purpose), and must delete any data about a subject at the request of that data subject. This gives subjects the right to opt out completely i.e. ‘the right to be forgotten’.
Liability Goes Beyond Data Controllers
Under GDPR it won’t just be the DC who is held liable for data processing issues.
Liability and responsibility will extend to all organisations that touch personal data.
Privacy Must Be Designed and Built-In To The System
Your software, your systems and processes must be designed around compliance with the principles of data protection every step of the way.
What Does This Mean For Your Business?
As an IT Support Company in Hertfordshire one of the important service that we provide is IT Consultancy. GDPR will mean that companies like yours will need to take a fresh look at how they deal with personal data. It is therefore likely that you may need to seek professional advice about how you will be able to manage your data in a safe and compliant way once GDPR comes into force.
Hardly any data will not fall under GDPR which means you will need to take GDPR seriously and become very familiar with it and its implications. GDPR will mean for example that:
For many of us in the UK view staying connected and accessible e.g. with our smart phones and mobile devices as a vital aspect of modern business, but what about those messages we receive outside of our set work hours?
As an IT Support Company in Hertfordshire we offer Telecoms, Internet Access and Wireless Connectivity services to all kinds of businesses to help them stay connected to their customers and other stakeholders. For those of us who go home from the office or clearly separate our work from our home life, we may sympathise with the current French Government’s ideas about work emails outside of work hours being seen as unwanted and potentially harmful.
The Need to Disconnect
According to recent BBC reports France’s Francois Hollande's Socialist Party are to vote for a Labour Law clause in a contentious the Labour reform bill that could mean that when employees of companies with over 50 people are out of work hours they will have the right to completely ‘disconnect’ from all work communications.
The measure has been suggested because there is a strong level of acceptance in the French government that having to answer work emails at home is stressful, intrusive, damaging to relationships and potentially damaging to a person’s health and wellbeing.
If the measure goes through it will reportedly mean that the companies affected will each need to draw up and adhere to a Charter that states after which hours staff should not send or be expected to respond to work emails.
Driven By The Digital Revolution
As an IT Support Company in Hertfordshire we have witnessed how the digital revolution has made in-roads into, and in many cases has become an integral part of our daily work and personal lives, often in a welcome way. The digital revolution however has meant that peoples’ personal lives around the world have been increasingly encroached upon by their work lives, and in France there is now a feeling that legislative intervention could offer some necessary protection.
The proposed disconnection clause is the one part that has reached consensus of a contentious new French labour law named after Labour Minister Maryam El Khomri.
2 Types of Time
The BBC article about the new measure highlighted how the French recognise two clearly different categories of time as defined by the Greeks. Chronos is the regular divisible time whereas Keiros is the kind of kind of productive and creative thinking time that employers will need to protect if the measure goes through.
Not All Agree
There are of course many arguments against the introduction of the measure. Some companies for example operate in markets around the world in many different time zones, and working at night in these markets is necessary in order to compete. In other jobs such as sales, leads arrive and buyers make their vital purchase decisions for example at unpredictable times, so here too a strict adherence to the measure may not be helpful.
What Does This Mean To Your Business?
To French businesses, if this becomes part of law it will mean some big changes to how communications are managed within many companies.
It could be argued that what may be lost in opportunities or competitiveness as a result of adherence to the clause could be made up for by e.g. a happier more creative workforce with less absenteeism, and of course a better home life.
In the UK, businesses could choose to take a leaf out of the book of our French neighbours by voluntarily taking measures to show that they value and respect workers and their wellbeing. This could be achieved in big ways such as drawing up their own company disconnect charter or in small ways such as a “no email Friday” where employees are encouraged to give themselves a break by minimising digital messaging on an allotted day.
There is also an argument that smarter working practices could minimise the need for out-of-hours intrusions and that education and the subject in your workplace could in itself help to cut down on unnecessary out-of-hours work intrusions, and reduce the stress associated with them or worrying about them.
Offering stress busting measures and activities within the company and by regularly communicating with staff and listening to their concerns could also help.
As an IT Support Company in Hertfordshire we are well placed to see how many of the by-products of operating and doing business in a digital world end up sitting on company computers, IoT devices, databases and servers. These by-products can be files generated by web browsers and their plug-ins like cookies, log files, temporary internet files, flash cookies, and other data and information from programs that has been stored. This could include secondary, non-critical information that is related to your products and services, perhaps with a view to it possibly having some use again in the future.
You will be glad to know therefore that these digital by-products now have a name - ‘data exhaust’.
How Much Data Exhaust Are We Talking About?
It is obviously difficult / virtually impossible to give an accurate estimate of the size / scale of digital exhaust in the UK although a recent Computer Weekly Article tried to describe some of the key facts about ‘data exhaust’ to us. One of these facts was the size / scale of ‘data exhaust’. Computer Weekly used the example of Google which collects all the data it can without yet having a primary use for it. Data exhaust is therefore bigger than what’s become known as ‘Big Data’ i.e. it’s too big to work with it record by record.
Some of It Could Be Useful To Your Business
As an IT Support Company in Hertfordshire we provide online backup services for all kinds of company data, some of which probably could be described as secondary data. Some of the secondary data that is collected about products and services e.g. statistics could be used to help in marketing of those products and services. Data exhaust can therefore be very useful and could be used in future to add value to your products and services.
Some of It May Never Be Useful To Your Business
There is a balance to be struck between keeping potentially transformative exhaust and simply building up a vast amount of useless data into a ‘data swamp’.
Customers May Not Like You Using It
Just because you have stored a great deal of data about your customers or subscribers and their online behaviour, it doesn’t mean that it is appropriate or wise to use it all. Using certain types of data could result in negative PR and could negatively affect your marketing and customer relations.
What Does This Mean For Your Company?
Rather than just collecting everything, your company should make decisions along the way about what data is most likely to be useful, and what data is simply clutter. This could involve consulting with the employees closest to the core business and most in touch with the data as this could help you decide what can and should be thrown away.
Companies may also want to take legal advice about what data can be used and in what way.
Building up a store of data will also require scalable storage.
There is also the need to make sure that all of the data you collect is secure and protected from potentially costly data breaches.
You may be one of the many IT decision makers in UK businesses who have been busy thinking about and possibly avoiding, putting off or ignoring any decisions relating to upgrading to Windows 10 from Windows 7 and 8.1. As an IT Support Company in Hertfordshire we have had enquiries from many different businesses about the pros and cons of Windows 10. For Microsoft however it appears that the time has come to try and move more people a little more directly towards upgrading.
From February IT commentators from several of the popular online media channels noted that they had received many reports about Microsoft switching the upgrade to ‘Recommended’, and by choosing to interpret the losing / rejection of the notification as an approval to upgrade. This apparent tactical shift by Microsoft towards ‘Recommended’ for the Windows 10 upgrade has actually been rolled out in a phased way over what has turned out to be nearly 3 months. It looks therefore as though Microsoft has made a commitment to speed things along now as regards the uptake of the free Windows 10 upgrade prior to the end of the offer in less than 2 months.
What Does ‘Recommended’ Mean?
In terms of Windows Update language, ‘Recommended’ means that (where users haven’t altered the default behaviour) there is an automatic download and install onto their PC with no human assistance needed.
Clicking the ‘X’ Can Now Equate to Tacit Approval
Most of us are used to the idea that we are able to dismiss a notification by clicking on the ‘X’ in the top corner of a notification box and that the X is an alternative to clicking on the acceptance of what we are being notified of. In the case of the Windows 10 Upgrade however, for Windows 7 & 8.1 customers whose Windows Update settings are configured to accept 'Recommended' updates, choices may now be thin on the ground.
The stage has now been reached whereby Google has revised the Get Windows 10 (GSX) app support document, and just as clicking on OK in the notification means that the upgrade and its scheduled implementation is approved, clicking on the ‘X’ also appears to indicate tacit approval.
On the face of it this tactic looks the most likely to cause some anger among users as it appears to be something that could be perceived as quite forceful. As an IT Support Company in Hertfordshire we know that businesses often need to seriously consider the impact that significant IT changes could have on the future of the business. This can often take time and can require a detailed information search and some consultancy.
The size of the automatic Windows 10 download is reported to several gigabytes, which if you didn’t really want it anyway could mean that you could find that your data connection and your available space are squeezed.
Free Windows 10 Upgrade Offer Ends July 29th
The free Windows 10 upgrade offer ends on July 29th. Reports indicate that Microsoft are likely to start removing the “Get Windows 10” from that date, but it is not known whether the it will alter the ‘Recommended’ status of the update.
What Does This Mean For Your Business?
If you’re still running older versions of Windows such as 7 & 8.1 it appears as though you will need to very soon make a decision about upgrading to Windows 10, and be very careful about how you respond to any notifications that you receive to prompt you to upgrade. Now may be the time to seek professional advice on the subject.
It is also worth seeking information about the many benefits and positive aspects of Windows 10 rather than simply focusing on the potential risks.
Data security and the weaknesses of passwords are subjects that have been very much in the spotlight recently, and these issues have led to some of the larger banks / credit companies / financial institutions moving into biometrics and even the use of ‘selfies’ as a means of authentication / verification.
Facebook however have come up with another use for facial recognition in terms of enhancing the sharing experiences on its platform. As an IT Support Company in Hertfordshire we are well placed to see what an important promotional role social media now plays in the marketing of businesses as well as for personal communications.
Facial Recognition for Photo Sharing
Facebook’s ‘Moments’ is an app similar to Google Photos or Whatsapp that allows you to group together your photos that feature the same friend or friends, and then simplifies the process of sharing the photos with them if they have installed the same app.
Moments scans your photos using facial recognition, and when it finds ‘familiar’ faces you can sync them to the subject of the photo. If your friends also have the Moments app they can see the photos added to their own synced collection (or get notified via Facebook that Moments photos are waiting for them).
The Moments app builds photo albums and slideshows featuring you and your tagged friends that can be searched and scrolled through, and renamed. The slideshows can be shared with your friends, to their Facebook wall and elsewhere. The Moments app is intended to work best by sharing photos with the closest 10 or so people to you.
The original version of Moments drew upon Facebook’s database to automatically tag photos with people’s names.
Data Protection Compliance Issues Rectified
One aspect of Moments that needed altering was the fact that it didn’t comply with the EU and Canada data protection requirement of giving people a way to opt out of the process. This has now been rectified as app now links together photos of similar-looking faces but asks the user to identify who they are.
The signs so far are that Moments is proving very popular and according to Facebook 600 million pictures have been shared via the app to date.
What Does This Mean For Your Business?
As an IT Support Company in Hertfordshire we can see first hand what an increasingly digitalised business environment UK businesses now operate in. Pictures relating to your products and services, company activities, and stakeholders of the company can therefore play an important role in communication and marketing e.g. through distribution via various social media, on the website, or internally.
Apps like these can make sure that you not only get access to all of the photos that your friends / colleagues take of you but that they provide a time saving (cost saving) and easy way to share them. Keeping up with the very technical trends like these apps could also provide opportunities for reaching and engaging with specific target markets.
A respected UK Cyber Governance Health Check of FTSE companies has shown that boardrooms may be among the last to hear about cyber attack attempts on businesses and therefore may be slow to react.
As an IT Support Company in Hertfordshire it is our experience that businesses of all kinds are now giving much greater priority to cyber and data security not just for the sake of compliance, but because of the huge increase in cyber crime across all industries this year. It is therefore worrying news that the boardroom which should be leading and championing the fight against cyber crime could be too detached from this important business issue.
The Health Check
The UK government’s Cyber Governance Health Check is intended to help understand and improve how FTSE 350 companies are managing cyber security risks, and the latest Cyber Governance Health Check carried out by KPMG shows that even though two thirds of those FTSE companies have suffered a cyber attack in the last year, 54% of boardrooms only hear about cyber security twice a year or when there is a security incident.
Up until now in the UK there has been evidence to suggest that the boardroom has been a place that has given far too little time and effort to addressing cyber security issues. In 2013 for example nearly half of boardrooms thought the subject not worthy of discussions whereas that figure has thankfully fallen to 15% this year.
Too much of a heavy and inflexible focus on governance and compliance, as well as a view that cyber security was the job of the IT department are thought to be contributing factors to lack of awareness in the boardroom and vulnerability to fast evolving cyber security threats.
As an IT Support Company in Hertfordshire we are more aware than most of the many cyber threats that UK businesses now face, and we would strongly recommend that it is an issue that is given high priority in a business, especially when you consider how so many businesses have become digitalized to such a large extent.
Higher Priority But Still Underprepared
Recent research by Ipsos MORI in partnership with the Institute for Criminal Justice Studies at the University of Portsmouth has confirmed that the issue cyber security has now been given much higher priority by businesses, but those businesses are still underprepared and are lacking the knowledge of how to improve their security.
The research showed for example that even though 69% of businesses say cyber security is either a very high (33%) or fairly high (37%) priority for their organisation’s senior management, many may not fully understand how their organisation is at risk and what action to take.
Just half *(51%) of all businesses (*the figure is higher among medium and large firms) have tried to identify the cyber security risks faced by their organisation e.g. using health checks, risk assessments or audits, but only 29% have formal written cyber security policies, and only 10% have a formal incident management plan.
The same research showed that the most common cyber security breaches over the last year (68%) have been caused by viruses /spyware / malware. Most businesses however would be likely to acknowledge that human error is a big factor in triggering virus /spyware / malware attacks.
What Does This Mean For Your Business?
Although the latest research shows that there is still a problem at boardroom level with the issue of cyber security, things have improved over the last 2 years.
It is important for UK businesses especially at board level to take steps to understand their risk profile, understand where and what their information / data assets are, and to take steps now to protect those assets and improve cyber resilience.
This could involve improving awareness among and giving training to all staff, making sure that at least all essential areas are covered e.g. using the government’s Cyber Essentials Scheme, conducting regular health checks, risk assessments or audits, making sure that formal written cyber security policies are in place and that Business Continuity and Disaster Recovery Plans are in place.
Seeking expert, external professional help and Cyber Security Consultancy Services could also be a good way to quickly get up to speed with identifying and managing the cyber security threats facing your business.
Different perceptions and a lack of awareness of the opportunities available may be the main reasons why young people miss out on IT careers in some industries according to a recent article in Computer Weekly. The article used the Financial Services industry as an example and incorporated the observations and experience of a leading London based investment management Careers Company in order to shed some light on the problem.
As an IT Support Company in Company in Hertfordshire we are well aware of some of the reasons why a person embarks upon an IT career, but it is interesting to discover why so many young people may be missing out.
According to Investment 2020 who partner with firms to provide apprenticeships and careers information to young people, some of the challenges that some young people have experienced when pursuing an IT career route in Financial Services are based around often mistaken perceptions like:
There may also be a belief among your people that they don’t possess the necessary skills to get those kinds of jobs, and a lack of awareness of the opportunities that are available.
New Opportunities All The Time
As an IT Support Company in Hertfordshire we know that with the move to mobile technology, the Cloud, the potential of the IoT, and with new developments like Blockchain, there are always going to be many new and unforeseen opportunities in the constantly evolving world of IT.
The Right Attitude
Commentators in education, IT recruitment and investment companies however are among those hoping to counter mistaken perceptions and beliefs and to point out that employers are likely top place a great deal of value on young people with the right attitude, enthusiasm, good communication skills, the ability to solve problems creatively, and a range of other softer skills. This is almost the opposite to the purely technical skills based, introverted stereotype ‘techie’ of the past.
Fast Moving Technology
According to commentators such as Andrew Rydon, CTO of IT at Henderson Global Investors it is not only true that technology roles don’t just require technical skills but also the speed at which technology is driving change in the finance industry means that it’s the ideal time for young people to join IT roles within the industry.
Supported Apprenticeships Really Are A Worthwhile Alternative
Many industry leaders and commentators are now in agreement that apprenticeships offer a very good alternative to university for young people seeking work opportunities because they can help make young people more prepared for the world of work, can help them to build up networks to support their work, and they can help young people to develop a mix of important work skills early on.
What Does This Mean For Your Business?
Technical skills are of course important and valuable but when recruiting young people for IT and technology roles, it is also important to consider the value of the other skills they posses, their attitude and their enthusiasm when considering their value to your organisation in the longer term.
Remaining open to the value of diversity, and offering structured learning and nurturing environments and programs such as apprenticeships are great ways for the Financial Services and your industry to make sure best value adding talent is attracted, nurtured, and given the opportunities to progress.
As an IT Support Company in Hertfordshire we know that there are some industries that are generally faster adopters and greater users of technology, IT and the Web for business. According to research by Nominet the UK’s domain registrar, and by the Department of Business, Innovation and Skills (BIS), many of the UK’s tradespeople could be missing out getting business by not being online.
Laggards or Local Advertising & Recommendations?
In terms of getting their business online many of the UK’s tradespeople appear to have been slow to do so. Although on the surface this could be a sign that tradespeople are ‘laggards’ in the marketing sense, many tradespeople work well from local advertising (on and offline), recommendations, and through group / comparison sites like Checkatrade, Mybuilder.com and Rated People. Although these are technically ‘online’ they don’t require tradespeople to register domains and set up websites which is what Nominet appears to be wanting them to do.
The fact is though that having their own website, advertising their own services, testimonials, details and photos of jobs / projects could help individual tradespeople to compete more effectively in a world where customers now naturally turn to Google searches for most things.
Setting Up Cafés?
The research by Nominet and the Department of Business, Innovation and Skills (BIS) found that by getting online it could mean £16,500 extra per year from an average of 21 extra jobs for tradespeople. As an IT Support Company in Hertfordshire we know how a good, well planned and regularly updated web presence can bring vital enquiries and opportunities for businesses.
What is different about Nominet’s idea however is how it plans to reach tradespeople with its message. Nominet is reaching out to tradespeople who need to get their first website by setting up ‘Bacon and Web Cafés’ around the UK starting with Old Street in London, soon to be followed by more in Birmingham, Glasgow and Manchester later in the year.
What’s In It For Nominet?
In essence Nominet is launching a new .uk domain campaign and it therefore appears to make sense to seek plenty of sign-ups from a large UK business sector that looks as though it has lagged behind in its adoption of all things technical including websites.
Lack of Knowledge?
Nominet’s own research showed that nearly a quarter of respondents would like to set up a website but didn’t know how, and 10% or respondents feared the cost of doing so. It is therefore thought that this simple lack of knowledge is the main reason why 51% painters and decorators for example have no website and 48% of cleaners have no web presence at all.
Nominet’s scheme to impart the necessary knowledge and promote its services via cafes is therefore thought to be an effective and headline-grabbing way to spread the digital word in a real world, non threatening setting.
What Could This Mean For Your Business?
For tradespeople who are helped by the scheme it could clearly mean the likelihood of getting more business in a way that is more flexible and less costly than traditional paper based advertising.
If you run a web company, Nominet’s research could have provided you with an opportunity to find your own inventive way to target a largely untapped market of tradespeople in your area e.g. advertising at popular indoor and outdoor food outlets.
How It Happened
It is normal for web hosts to store multiple websites on rented space on web servers and in that respect 123-reg is no different in renting out space on its a virtual private server (VPS). Cleaning up servers as part of maintenance is therefore important but in the case of 123-reg on this occasion it used software with automated scripts to ‘clean up’ the servers. Unfortunately a coding error in that software resulted in the deletion of multiple customer websites. The software was intended to detect server activity but the automatic deletions were triggered when the script wrongly showed several VPSs as running no servers.
67 Servers Across Europe
The customers who lost their websites in the incident had their websites hosted on 67 of the 115,000 servers that 123-reg has spread across Europe. 123-reg is part of Host Europe Group (HEG), which is reported to have described itself as Europe’s largest privately owned hosting company. 123-reg has 800,000 customers in the UK where it hosts 1.7m sites.
The fault actually occurred on the morning of Saturday 16th April and an email was sent to customers explaining what had happened the following day.
Reports indicate that as the VPS service in this case was “unmanaged” and123-reg did not have back ups of all the customer websites affected unless those customers had also specifically purchased back up. Customers who hadn’t purchased the back up aspect had therefore been responsible for backing up their websites themselves.
123-reg is however now reported to be using a data recovery specialist to "manage the process of restoration" although this will be on a on a case-by-case basis and therefore is likely to take considerably longer to resolve than those customers with backups who were able to be back online the next day.
As an IT Support Company in Hertfordshire we can imagine that the response from customers who had lost their websites would not have been one that any hosting company would like to be on the end of, and it wasn’t in this case! Reaction was predictably very angry and swift as customers took to social media like Twitter to voice their fury and frustration about how it could possibly happen, the levels of communication that they had received from the company about it, plus the impact that it would have on their businesses. Lost sales (goods, services and tickets), loss of potential new business and funding, as well as potential loss of the business itself were all concerns raised by customers.
What Does This Mean For Your Business?
This incident indicates how important it is for your business to make sure that you and / or the company that hosts your website has a secure backup of your website as well as other critical business data. Making this one of the key selection criteria for your host / hosting service could therefore save you from some serious problems in the future.
The incident also highlights how important the host selection process is in the first place, and to carefully choose a host whose services and capacity closely match the specific requirements and scale of your business both now and in the foreseeable future.
This particular incident also shows how fully automated processes can save time, but building in a simple human check at crucial points in a high potential risk system could save a lot of trouble and heartache.
Another important lesson to be learned here is that as part of IT governance in today’s business environment, and as part of your responsibility to your stakeholders it is necessary to have a disaster recovery process in place.
Disposable E-mail Could Be One Answer
Using a disposable email address when you don’t feel 100% comfortable giving out your business or personal email address can be a way to put you back in control, and to defend yourself against more spam.
What Are They?
Disposable email services, many of which are free, are operated via websites where you can generate new and individual email addresses and email aliases, and in some cases associated domain names. Depending on the disposable email service you choose the email addresses, and the mails received in the inbox (and domains) are deleted within specified short time period. This breaks the link between you and the spammers while allowing you enough time to get the information you want.
The Benefits of Disposable Email
As an IT Support Company in Hertfordshire we are hearing from more and more businesses who use disposable email because of its unique benefits. The benefits of using disposable emails for you and your business include:
Popular Examples of Disposable Email Services
Googling disposable email services gives a wide range option but here are some of the more popular examples of disposable email services:
GuerrillaMail - see https://www.guerrillamail.com/ Allows creating email addresses with nine domain names. No registration needed and email addresses last an hour.
Mailinator - see https://www.mailinator.com/ Free web-based addresses created as messages are received, with no registration required. Publicly visible email.
Air Mail - see http://getairmail.com/ Auto generated email address which gets changed every 10 seconds. You can read your inbox via your browser at a later time using a unique URL.
10 Minute Mail - see http://10minutemail.com/ Copy and paste email onto clipboard, expires in 10 minutes. Gives the option of extra 10 more minutes by clicking a link.
YOPmail - see http://www.yopmail.com/ No registration, no password. Messages are kept 8 days. Free, and fast.
MaskMe - see https://www.abine.com/maskme/ Very versatile. Mask your email, phone, and credit card as you browse and shop on the web.
As an IT Support Company in Hertfordshire we often help customers with the many different aspects of their IT security. One kind of threat that has shown quite significant growth this year is malware, and specifically ransomware scams. One of these scams that has claimed many UK victims recently is dubbed ‘Maktub’ and has led to the UK's national fraud and cybercrime reporting centre ‘Action Fraud’ call centre receiving 500 calls. Here is a bit more information about what has been described as a kind of ‘smash and grab’ ransomware attack because of its speed and effectiveness.
How the Scam Works
The ‘Maktub’ scam that was first brought to the public’s attention by Radio 4’s ‘You and Yours’ programme uses a combination of tactics to extract money from its UK victims. The first step is a phishing style email informing the victim that they owe £800 to a named UK business or charity (some well known names, some not). What adds an air of apparent credibility to the email is the fact that the targeted organisation’s postal address is included in the email. The email body also contains a link.
If the link is clicked on this starts the second step of the process which is the loading of malware (ransomware) onto the victim’s computer. The ransomware immediately takes anything of value on the hard drive and encrypts it, and this triggers the next step.
The third step is the victim being issued with a ransom demand (a bitcoin payment) for the release of the information that increases with time the longer the ransom is not paid. A website associated with the scam reportedly displays the rates at 1.4 bit coins ($580) for the first 3 days rising to 1.9 bit coins ($790).
Where Did They Get The Addresses?
The scam has unfortunately proved to be quite successful so far, and many people have asked how the criminals were able to get the postal address and link it with the name and email address for the victims. The most likely explanation is that the perpetrators obtained the data from a leaked or stolen database. This would of course also be better for the perpetrators because it makes them even harder to track down. The scam has also caused distress to the charities whose names were wrongly and unlawfully used in the emails as the creditors.
What Does This Mean For Your Business?
Even if you’re an IT Support Company in Hertfordshire you’re still as much as a legitimate target as any other organisation anywhere else for cyber criminals. We would urge everyone to take the advice of Action Fraud which is that if your business receives such an email, not to click on the link under any circumstances but to delete email from your system and to inform Action Fraud. In order to protect your business from this and other similar scams you may wish to, as part of an enterprise wide governance approach, employ a number of IT security strategies.
Some recent news that has been of particular interest therefore is the announcement of Facebook’s plans at the F8 developer conference about Bots and how anyone can now make their own bot using Facebook’s application programming interface (API) known as ‘Messenger Platform’.
Creating Our Own Bots, Powered by the ‘Central Brain’
Giving people access to the know-how within Facebook’s API means that users can now create their own uniquely intelligent bots which will then be powered by Facebook's Bot Engine, likened to a kind central brain for collective learning. The link-up with the Bot Engine means that collective learning can be passed on to the bots, thus making them more ‘intelligent’ and better at the tasks they were designed for. The predictions are therefore that Facebook’s plans could trigger a bot development gold rush, and in so doing help Facebook to gain an advantage over competitors Apple, Microsoft and Google. It could also be another possible source of future revenue for Facebook. For bot developers access to Facebook’s resources in this way could be a huge commercial opportunity.
As an IT Support Company in Hertfordshire we’re well aware that IT jargon and techie terms for things can sometimes be unhelpful, so here’s a quick explanation of what is meant by bots.
Bots are essentially computer software programs that can interact with using Artificial Intelligence e.g. Chatbots that can answer questions and chat in a way online that resembles human conversation. The hope is that these kinds of bots can bring a kind of conversation back to business that has been lost in the drive for growth scale. For example a bot could act as our very own digital personal assistant that is able to learn about our likes, dislikes and interests, answer our questions and help us to organise our lives.
The Benefits of Bots
Taking chatbots as an example the benefits for an organisation using them include:
What Can They Really Do?
There are many real-life examples of how bots are being used by organisations world wide right now. These include:
Other soon-to-be launched / soon-to-be developed bots include:
The days of using lots of different apps to get things done are now on the decline. Recent Forrester Research for example estimated that 80% of the typical US Smartphone user's time was spent in just 5 apps. Also there have been some major new developments in A.I. such as deep learning and neural networks. These have meant that chatbots can learn from data sets and mimic the way that the human brain works.
As with all new ideas there are plenty of examples of things not going to plan and plenty of potential flaws. Twitter users for example found great amusement in exploiting the learning aspect bots by training Microsoft’s chatbot ‘Tay’ to give racist and inappropriate answers. Many people also have concerns about security whereby bots which learn so much about us are let loose on a platform such as Facebook (that already knows so much about us), and what the consequences of a hack under these circumstances could be.
What Does This Mean for Your Business?
Bots could therefore mean that you could reduce costs, and add value to your services by putting bots to work to interact with your customers to enhance customer service. This could mean help and savings on labour, training and staffing, and could provide a source of competitive advantage that could be quickly added to or changed if/when needed. You could use bots for all stakeholder groups and thus you could gain a kind of virtual growth that is greater than the physical sum of your organisation’s parts.
These and other useful features such as the many plugins have made Wordpress and incredibly popular platform. In fact Wordpress now makes up 25% of all websites and as an IT Support company in Hertfordshire we have a great deal of experience of helping our customers to make their Wordpress business websites a productive and secure as possible. One potential weakness in Wordpress websites has however been highlighted by a recent DDoS cyber attack where the cyber criminals exploited the pingback feature in multiple Wordpress websites in order to use them as part of a cyber attack on another website.
In the latest reported Wordpress relates attack, researchers at Sucuri noticed that cyber criminals over a number of incidents used a huge network of 26,000 Wordpress websites to launch multiple Layer 7 (also known as flood) Denial of Service (DDoS) attacks. A Denial of Service (DDoS) attack is one where the perpetrator uses multiple compromised systems that are often infected with a Trojan virus to launch a single attack on one system.
In this most recent of a cyber attack involving Wordpress the perpetrators used a series of IP addresses (in the 184.108.40.206/24 range) to control the botnet of Wordpress sites. The 26,000 Wordpress websites were then used by the attacker to generate 10,000 to 11,000 HTTPS requests per second against one website. When subjected to a flood of requests of this kind (known as a Layer 7 or flood attack) servers are unable to handle the load, a large consumption of memory is caused, and the operation of the server is therefore seriously disrupted.
Nothing New For Wordpress
This recent DDoS attack is the most popular kind that is used against Wordpress, and is estimated to make up around 13% of all the attacks involving the system. The huge popularity and widespread knowledge of Wordpress are reasons why criminals continue to target the platform. According to Imperva’s 2015 annual Web Application Attack Report (WAAR) Wordpress is now thought to be the most attacked CMS with around 3.5. times more attacks than non-CMS applications. Only last year for example thousands of Wordpress sites were attacked or hijacked using malicious ‘Nutrino Exploit Kit’ code.
Some Protection Was In Place
The frequency of this kind of attack against Wordpress has meant that the system had an IP logging feature added to its version 3.9 to enable the IP address where ‘pingback’ requests originated to be noted. This should mean that the attacker’s IP shows in the log user agent. In this most recent case however the perpetrators were able to carry out an attack despite the logging feature being in place.
What Can You Do To Protect Your Website?
If you have a Wordpress website for your business one step that you can take to prevent it being used as part of a larger attack against other sites is to disable pingbacks. It is the pingback element of Wordpress that has repeatedly been responsible for so many of the attacks.
As an IT Support Company in Hertfordshire we are fortunate enough to work with many businesses in the local area who pride themselves of providing quality products and great service to their customers. Displaying testimonials and reviews online are great ways to let potential new customers know the kind of positive experience they are likely to have if they sign up, but what if those reviews are used against us either as a form of unfair competition, or simply to damage our online reputation?
We All Use Reviews
Figures show that we all use and put a high degree of trust in online reviews. This is certainly true in our world of IT Support where we are essentially providing a service that can only really be experienced while it is being used. A 2015 Bright Local survey for example showed the proportion of consumers who read online reviews for products and services to be as high as 92%, and showed that as much as 40% of consumers form an opinion by reading just 1 to 3 reviews. Online reviews therefore can have a powerful influence on our purchasing decisions, and over the fortunes of a business. As any business that has experienced the result of one or more prominent bad reviews on e.g. Trip Advisor will know the negative impact on trade can be significant.
Although last year’s UK Competition and Markets Authority (CMA) report about online reviews and endorsements put the estimate of UK consumers who use online reviews at only 54% it did highlight one of the major concerns for businesses that has led to a lack of trust in online opinions i.e. potentially misleading practices. These include fake reviews being posted onto review sites, negative reviews not being published, and businesses paying for endorsements in blogs and other online articles without this being made clear to consumers.
A recent piece by the BBC highlighted the mixed online reviews of a Manhattan restaurant to introduce the subject of how new technology could help to cut down on misleading practices in online reviews and endorsements. This could of course benefit businesses, customers, and those who are most likely to be influenced by reviews, those who haven’t tried your product or service before. Some of the new technology that could help to restore trust in online reviews includes:
‘Twizoo’ for Twitter. This mobile app from a start-up reportedly works by weeding out paid-for and out-of-date reviews. The advantage of this app is that it takes into account a reviewer’s full social media profile and their tweets over time, and allocates a quality score. This means that it is much more difficult for fake reviews to be posted from recently set up accounts, or for friends and family of the business to influence reviews. This quality based system also reduces the clout that tweets have after a period of 3 months. This reduces the ability of dishonest tweets to have a lasting effect on the business, plus it gives a more accurate picture of the service that potential users can expect at the current time.
Yelp - secret source code. This secret algorithm at Yelp reportedly weeds out overly enthusiastic 5 star reviews.
Amazon - multiple measures. As well as constantly reviewing its own readers’ star rated reviewing system, Amazon reportedly favours reviews by standard rather than discounted paying customers as a way of improving review quality. It is also reported to have brought lawsuits against over 1,000 defendants for reviews abuse.
The Walt Disney World Wristband. This wristband system gathers information about wearer and what services they have actually used at Walt Disney World to match against the reviews.
More of a Level Playing Field in Future
The wider adoption of quality based systems like these could quite simply provide more of level playing field for businesses and could help to protect you from some of the more obvious, frustrating and damaging reviews that you may have received as a result of potentially misleading practices. These systems may also make it more difficult for some businesses to unfairly influence reviews in their favour.
A ‘Distributed Denial of Service’ (DDoS) is just such an attack, and has such it has become a very popular way for criminals to inflict damage to businesses. As an IT Support Company in Hertfordshire we often receive questions and requests from our customers about which systems provide the highest levels of security and protection from the known cyber threats. Google is now offering a service called “Project Shield” that is reported to offer and extra degree of protection in the safety of its Cloud - BUT only for certain types of websites at the moment.
The Threat of DDoS Attacks
DDoS attacks such as the one that a used a Pingback feature loophole to leverage 26,000 Wordpress websites, and similar to the attacks launched on Xbox Live and PlayStation Network gaming can be very disruptive and damaging. With DDoS the perpetrator uses multiple compromised systems that are often infected with a Trojan virus to launch a single attack on one system. The result is to overwhelm that system rendering it unavailable. It is estimated that a DDoS attack can cost the criminal around £30 to execute (presumably excluding labour costs) and it can be ordered anonymously. For the business that is the focus of the attack the results can not only be the temporary disruption, but the fallout from that disruption which can include lost customers, bad press and damage to reputation. In monetary terms estimates of the average cost of this kind of attack to a business is around the £300,000 mark.
Help From Google’s “Project Shield”
For those who run news, human rights or elections sites which host “free expression” content some comfort and protection can now be gained from the fact that Google is now offering protection in the safety of its Cloud as part of what it is calling “Project Shield”. The free service is inviting applications through its website https://projectshield.withgoogle.com/public/ . According to Google’s Project Shield if the online application is approved the successful webmaster will be emailed the configuration instructions, and provided they have administrative privileges for the website, and they can modify DNS records, protection for DDoS attacks for their website can be set up in as little as 10 minutes.
How It Works
Google’s Project Shield uses a technology known as “reverse proxy” to route a website’s traffic through Google’s infrastructure (Google Cloud Platform), whereby “illegitimate traffic” can be stopped from reaching the server. Google suggests that the service is akin to “a train conductor only letting ticketed passengers aboard”. Although it is unlikely to noticeably affect a website’s performance, users from countries where Google’s IP addresses are blocked will not be able to access the content served through Project Shield.
The 12 month ‘David and Goliath’ battle between Pensioner Deric White from Pimlico in London and Apple over the incident resulted in a judge finding that Apple had been “negligent in the treatment of the claimant's telephone, causing the claimant’s loss of photographs of particular sentimental value, and the loss of all his contacts".
The counter argument by Apple’s spokesperson that Mr White hadn’t demonstrated that he’d lost anything was finally rejected because ‘difficulty’ in assessing damages didn’t mean that no compensation should be due to the Mr White. The London County Court judge finally awarded Mr White £2,000 in damages (£1,200 in compensation, and £800 in costs)
The Value of Backing Things Up
As a Hertfordshire based IT Support Company one of the important services we offer is online backup of our customers’ valuable files and data. The loss of files for businesses (and individuals like Mr White) can be very costly and disruptive, and it is always worth making sure that your have a robust backup in place. A system that works even in low bandwidth locations and with the support of locally placed backup provides a very secure backup solution.
In Mr White’s case it is unfortunate that he agreed to sign up for iCloud just after his phone’s bungled repair, at which point he was unaware that the photos, videos and contact information had already been lost. Even though Mr White received monetary damages, this is unlikely to be a substitute for his precious digital memories which included photos and videos of his once-in-a-lifetime honeymoon trip to the Seychelles.
How It Happened
Mr White’s loss of photos, videos, and contacts occurred when he took his Apple iPhone 5 to the Apple Store in Regent Street back in December 2014 in the hope that they could stop the text messages that he’s been receiving twice a day during his honeymoon asking him to re-set his password. The files were deleted by member of staff at the ‘Genius Bar’ in the store who tried to carry out a fix. Mr White, who had also just beaten cancer, said the loss of these precious digital memories had left his wife in tears and had left him livid. Mr White said that after being told that the problem with the phone had been “sorted”, he believed that the person knew what they had done and sent him on his way “like an imbecile”.
The kind of data that we’re talking about in this case is believed to be personal data like email addresses, phone numbers and dates of birth. One other worrying aspect of the theft is that the hacked database contained the last four digits of the credit / debit cards of around 100 customers who had purchased Wetherspoon vouchers online. Obviously this aspect of the theft could have been worse but the whole episode highlights some very important points for all businesses in terms of online and data protection.
Protecting Your Business From Cyber Criminals
As a company offering IT Support Services in Hertfordshire and beyond one of the services that demand has increased noticeably for is IT Security, not just for bigger organisations but also for SME businesses. The reasons for prioritising security are that there has been a well publicised increase in cyber crime against all kinds and sizes of businesses recently. The fuel for this trend has been fast technological change and IT developments combined with ever-more adept cyber criminals sharing and using more sophisticated and creative methods. Attacks like the one against JD Wetherspoon’s database are becoming all too common for businesses across South East England. With increased cyber crime and with the introduction of new data protection regulations next year it is worth making sure that your business is a protected now.
How The JD Wetherspoon Database Hack Took Place
In the case of JD Wetherspoon, the criminals, thought to be from a Russia-based hacker group, targeted a database that was linked to an old version of their website that was still with the old host. This is one of the most likely reasons why the crime that occurred back in June has only recently been detected. The stolen customer details are from those signed up to receive the Wetherspoon’s newsletter, registered with The Cloud to use Wi-Fi in their pubs, submitted a contact us form on the website, and / or bought vouchers online prior to August 2014.
Not Detected by JD Wetherspoon
One of the worrying aspects of this hack was that it wasn’t actually detected at all by JD Wetherspoon, but only came to light thanks to a cyber intelligence group called CyberInt. They made the discovery while investigating another case where the breach reportedly came up in their Argos Cyber Threat Intelligence Platform via one of its sources (a cyber-crime forum on the Dark Web). CyberInt now believe that the stolen information is likely to be sold on a forum run by Russian hacker ‘w0rm’, and that JD Wetherspoon is probably one of many ‘Big Names’ targeted by the same hacker group.
The motivation for this and many similar crimes is likely to be use of the stolen data to commit more crime such as theft (of money & identity) and fraud. This type of crime can have a serious negative effect on the lives of those whose data has been stolen and sold. It is also worth remembering too that a theft like this can also damage to the reputation and the brand value of the company that the data was stolen from. In the case of JD Wetherspoon the fact that there was such a long gap between the crime and its detection meant that it also didn’t allow any time for customers affected to take any precautionary steps to prevent the criminals from taking money from their bank accounts.
Since the crime’s detection the Information Commissioners Office (ICO) has been notified of the breach and a forensic investigation is now underway. JD Wetherspoon are reported to have said that that there are no indications that the stolen data has been used for fraudulent activity to date.
Protecting Your Business From Cyber Criminals
Falling victim to this kind of security breach and not reporting can mean large fines, greater reputational damage, and other legal consequences. Moves that you can make to protect your business include ensuring that security practices and systems are up to date and robust, and that they conform to best practice. The advice from the experts at CyberInt is that this can be best done by “collecting targeted cyber intelligence from thousands of sources including the dark web, the deep web, social networks and other sources, and by continuously assessing the organisation’s resilience to these attacks.”
Other research figures such as those by The Centre For Retail Research also appear to support this finding. Their figures show that in 2015 in the UK only 16.5% of online spending was done by smartphone, compared to 71.4% by PC and 12.1% by tablet. The same study showed even less purchasing online by smartphone in the rest of Europe - only 7%.
The most likely causes of this frustrating trend for businesses are the practicalities of handling a phone compared to a tablet or desktop. The current (and recent past) crop of mobile phones can be small and fiddly and can make it difficult to carry out many of the data input operations needed to make a purchase e.g. credit card and delivery address details.
Immediacy & A Good Response Rate
One advantage that mobile phones certainly have over the desktop or tablet for example is their immediacy i.e. they are always with us. This tends to mean that any special offers sent to then are likely to have a good response rate.
Although the use of smartphones to actually make a purchase appears to be less than you would expect, it is on the increase. For example UK Black Friday weekend shopping in November via smartphone totalled £472 million.
Possible Solutions To The Problem
Several new systems and different formats have been developed to help increase purchases made by mobile phones. Some high profile ones include:
After the initial wave of blackmail emails, it now seems that some ex members of the website are now receiving blackmail letters. Those targeted so far have been ex members living in Canada because this is where most of Ashley Madison’s members are based. The recent ‘snail mail’ extortionists are banking on those exposed members paying up to prevent their partners, wives and loved ones finding out that they were members of a website that appeared to facilitate affairs.
How Did This Happen?
It is widely believed that hackers calling themselves ‘The Impact Team’ were able to hack into a main database, and from there make several high profile data dumps, and put the on the ‘dark web’ where it could be accessed by cyber criminals using encrypted browsers. As well as the uncomfortable situation that many ex members find themselves in, it also seems like there could be more grief to come for Ashley Madison itself in the future. The hackers are reported as saying that they have 300 GB of employee emails in their possession, and tens of thousands of Ashley Madison user pictures and user messages.
The vast majority of Ashley Madison members / ex members who had their details stolen are reported to be men (an estimated maximum of 14% were women). Within only 48 hours of the reports of the security breach going public dozens of Canadian citizens contacted legal firms in order to file lawsuits against Ashley Madison. An early public casualty of the exposure was U.S. reality TV star and ironically former executive director of the anti-abortion and pro-marriage group Family Research Council Josh Duggar. He then resigned from the post and publicly confessed his infidelity. There have also been 2 suicides in Canada linked to the leak.
What Is The Relevance of This Story?
As an IT Support Company in Hertfordshire, the relevance of us telling you about a dating site security hack that mostly affected Canadian members is that hackers can operate from anywhere in the world, can be very sophisticated and cunning in their methods, and would be willing to target the data of any business, including yours if a) if you make it easy for them to do so and b) if it has a value. As we have put things like CRMs and larger and more sophisticated databases at the centre of our businesses we have all become more tempting targets for cyber criminals.
The Latest - The Blackmail Letters
Security expert blogger Graham Cluley has reported that some ex members of the website are now receiving blackmail demands through the post. These letters are reported to be asking for sums around the £3,000 mark in order for the receiver to avoid their membership of the website being made known to their loved ones. The advice from online security experts like Graham Cluley is for recipients of the blackmail letters to ignore the demands and to share the letter with the authorities.
The reality in 2016 is that whether you are an IT Support Company in Hertfordshire like us, an international business, or a local SME business in the South East, you are now at risk of an attack by cyber criminals. As we as a business community hear about more frequent and some very high profile cyber attacks, we are now prioritising our online and data security, and listening more to what the professionals have to say.
The New Norton Cyber Security Report
One of the main messages that the new Norton Cyber Security Report appears to deliver is that even though we may assume that the millennial generation are the most teach-savvy generation, they are also the generation who are less likely to heed warnings about cyber crime. This is surprising when you consider that they also the generation who are likely to have been informed most about the reports of cyber crime e.g. through their use of social media and due to the fact that the Web as one of if not the main source of news and information has only come about during their lifetime.
What the Stats Say
We as global consumers have spent an average of 21 hours and $358 per person over the last year dealing with online crime, and although the fear of cyber crime exists in the home and workplace, action to reduce the risks is often lacking.
Why Are the Millennial Generation More at Risk?
1. According to the 2016 Norton Security Report they are less security conscious when it comes to choosing and using passwords. 32 % of millennials in the UK share their passwords for online services compared to 13 % of baby boomers. Only 33% of millennials said they always use a secure password (the 8 character letter and number mix) compared to 49% of baby boomers. 2. One in five millennials for example felt like their chances of being compromised by cybercrime was negligible. This indicates that they appear to perceive less risk and don’t seem to fear the consequences of security breaches. These 2 factors together go some way towards explaining why 31% of millennials say they fallen victim to cyber crime.
The Lessons For Business
Based on the findings of the 2016 Norton Cyber Security Report business owners should not to assume that just because someone is young they are necessarily more web savvy, and therefore less of a security risk. To maintain an effective defence against cyber attack all staff members, regardless of age, should be briefed and made aware of how to work in a secure and compliant way online.
Other findings in the report such as the fact that nearly half of the millennials surveyed rely on credit card companies to protect them after a hack, could also suggest that younger staff members may be less prone to taking responsibility for the results of security breaches as well as being less cautious in the first place. This could suggest that they are more likely to be the source of security breaches and therefore may need frequent reminders of the risks and of your organisations security procedures and policies.
No matter what the industry, communication and efficiency are key. In recent years advances in email and mobile phone technology have helped pave the way to staying connected. But the Cloud is taking over!
Office 365 is a cloud-based service, taking the industry’s most recognised software and making it accessible from wherever you are in the world. With high tech security controls and back up systems in place, using Office 365 enables you to have remote access to emails, documents, contacts and calendars at the touch of a button. This eliminates paper work and saves time, ultimately improving efficiency and productivity in the workplace.
Employees will find transition to Office 365 smooth and efficient as it also runs the standard Microsoft software such as Word, PowerPoint, Excel and Publisher.
Using a standard Internet connection, this cloud offering allows both office-based and remote workers to access live information at any given time, supported with features such as instant messaging to drive productivity and help stay connected.
Skype for Business plays a big part in cloud software, being a key tool in bringing international companies closer together. Skype for Business offers the opportunity to host video conference calls to any worldwide location. This significantly reduces travel time, expenditure and other associated costs.
With any cloud-based software you also gain the advantage of being up-to-date at all times, with upgrades and downloads to install as they become available. This method of upgrading eliminates any associated costs that would normally be spent on engineers and IT specialists.
This saving can also be seen with hosted cloud services. Data centres have been set up around the UK and worldwide, home to all the required computer hardware and servers. Operated and run by IT specialists, the data centres are manned 24 hours a day, 7 days a week, to ensure servers are fully operational at all times. You essentially get all the benefits of an in-house server without the upfront and running costs making this an ideal option for new start-up businesses as well as SME’s looking to expand.
Ultimately, cloud-based solutions have transformed work processes so much that they are set to stay. They offer a company the opportunity to work in a modern, efficient and well-connected environment. However, with all your data located off-site you need to work with a company that you can trust. GCIS are IT specialists and offer a comprehensive range of technology solutions, from structured cabling, access control and telecom solutions, as well as a range of cloud solutions.
GCIS understand that no two businesses are the same and have a wide and varied portfolio working with small start-up businesses through to large corporate enterprises, offering bespoke products to suit any requirement. For more information on their range of services you can call 01438 347090 or email firstname.lastname@example.org.
Whilst our old website served us well, we decided that it was time to launch a new and improved version that reflects the company offering in 2015. Additionally we have created the website to be 'Mobile Friendly' ahead of the forthcoming Google update.
We hope you enjoy using the website and find that it provides the information you need quickly, with a minimum of hassle.
If you have any feedback, please get in touch.