Monday, November 13, 2017

Cuts Mean Fewer ATMs But More Cashless Payments

Banking industry group LINK has warned that a plan to cut the fees that fund their cash machines could mean that more ATMs will be axed.

What Fees?


The 38 Card issuers (banks and building societies) have proposed a cut in funding (the interchange fee) that they pay to ATM operators over the next 4 years, from around 25p to 20p per cash withdrawal.

ATM operators such as LINK rely upon these fees to help them fund their network of free-to-use cash machines. Less funding could, therefore, mean that a reduction in the number of ATMs will be necessary.

Cuts - Where Multiple Machines Close Together

It has been reported that LINK will seek to minimise the impact upon users of their ATMs by only axing ATMs in areas where there are multiple cash machines close together.

One In Five Lost Says Lobby Group


The industry lobby group, the ATM Industry Association has, however, warned that as many as one in five of the 55,000 ATMs from which we withdraw cash could disappear, thus creating “ATM deserts” across the UK, with providers shutting unprofitable machines in deprived areas first.

LINK Deny Massive Cut In ATM Numbers

LINK reportedly disagree with the ATM Industry Association’s predictions and have pointed out that, despite a decline in the use of cash, and the inevitable closure of some cash machines with the fee cut, there are still 5,000 more free-to-use ATMs than three years ago.

Bigger Picture - Decline of Cash and Rise of Contactless

Many tech commentators see this development as simply another step in an ongoing and unstoppable, global move away from the use of cash (in developed economies) in favour of contactless payments.

Back in May, for example, projected figures from payments industry trade body ‘Payments UK’ showed that by as soon 2018, more payments could be made using debit cards than using cash. Payment commentators have also predicted that contactless debit card payments could account for more than 25% of payments by 2026.

A decline in the use of cash has been a clear pattern for some time now. A British Retail Consortium's (BRC) Payments Survey found for example that cash was used for fewer than half of all retail transactions across the UK in 2015, and this amounted to 20% fewer transactions made with cash than in 2011. Debit cards now make up around 40% of transactions in the UK, and 54% in terms of overall value of retail sales.

Contactless Cash Machine

The signs are that the remaining ATMs will be updated and developed to provide other types of services. For example, back in November 2016, Barclays conducted a trial of a new system which allowed customers to use their normal PIN in combination with leaving their smart-phone handset near to the bank machine, thereby enabling "contactless" near-field communication (NFC) transmission for cash withdrawal.

Also, in Portugal for example, ATMs are now part of a fully integrated cross-bank network and offer customers a range of other bank-related functions and services e.g. cash and cheque deposits, purchasing cinema and concert ticket purchases, tax payments, bill payments, and mobile phone top-ups. It has also been predicted that ATMs could be made self-service and more like tablet computers e.g. with swipe, pinch and zoom functions, and that drive-through ATMs could be developed to allow people to complete withdrawals or transactions that they started on their phones.

What Does This Mean For Your Business?

Many retail businesses will already know that consumers use less cash and prefer the convenience and speed of contactless. This is why businesses have had to invest heavily in new payments technology in order to make it easier and quicker for customers to securely complete transactions in-store. Retailers have, however, benefited from cost and time savings (and having to deal with less cash). Contactless payments can mean increased average transaction values (ATV), more footfall, a reduction in the costs and hassle of handling cash, and reduced business risks due to having a clear audit trail and assured payment.

For all of us, however, a sudden loss of one in five ATMs could prove to be very inconvenient in the meantime, and there is a view that the money saved by a tiny number of banks, could actually be at the expense of already hard-pressed consumers.

Art Galleries And Dealers Defrauded Through Email Hack

Art galleries and dealers in the UK have lost hundreds of thousands of pounds
after being targeted by email hackers.

Monitor, Intercept and Replace

The social engineering scam, known as a 'man-in-the-email' (man in the middle / MITM) attack, which has also worked on US art dealers, involves hacking into the email account of targets - in this case, London art dealers. The hackers have then monitored the email correspondence with the gallery’s clients, and intercepted and diverted payments from clients. This involved intercepting real PDF invoices sent to customers, and swapping them with fraudulent invoices with instructions to send payments to a different account.

It has also been reported that the hack has been used to steal payments made by galleries to their artists. After the money was received by the hackers, it is believed that that it was moved to untraceable locations.

At Least Nine Victims

Reports indicate that at least art galleries and art dealers in the US and now
in London have fallen victim to the hackers, and although no exact figure has been put on the losses, the nature of the products that the victims deal in indicates that they could run from tens of thousands to millions of pounds to date.

Warned

The Society of London Art Dealers is reported to have previously warned its members about email fraud, and has released further cyber-security materials following this latest scam.

Initial Steps To Prevent More Fraud

The London Evening Standard reported that one way that the Mayfair gallery (Simon Lee), and Thomas Dane Gallery in St James's have responded to this latest attack is by overhauling their invoicing procedures e.g. Simon Lee's gallery now issues a standard warning about cyber fraud with every invoice, and the dealer’s accountant confirms banking details with clients over the phone.

What Does This Mean For Your Business?


Online fraud has been on the increase for some time now. Netcraft figures (2016) show that 95% of servers are lacking HSTS security features and are prone to MITM attacks. MITM is also spreading from desktop connections to mobiles, and even to IOT space.

Spyware and malware programs (often arriving by email) are two of the prime causes of MITM attacks and companies can, therefore, seek to insulate themselves against these types of attacks with initial measures such as being proactive in renewing antivirus programs and patches, and conducting regular scans for malware. It is also important to raise awareness among staff and to educate them about the dangers of opening unknown emails. Other measures that companies can take to help themselves include:
  • Introduce multi-stage authentication processes.
  • Have a (verification / authentication / authority) procedure in place for any requests for bank details, payments, money transfers etc.
  • Empower and encourage staff to ask questions and conduct checks wherever suspicions are aroused.
  • Avoid visiting or exchanging information across any websites that do not have the security of HTTPS.
  • Make sure you have the latest version of your server and disable old security protocols versions.
  • Avoid using Free Public Hotspots, and if there is no option but to use them, use a Virtual Private Network or a SSL plugin.
  • Implement Certificate-Based Authentication for all employee machines and devices.

Quarter of UK Workers Deliberately Breach Confidentiality

Research by commissioned by data privacy and risk management firm Egress
Software Technologies has revealed that a quarter of UK workers have purposefully shared confidential business information outside their organisation.

Sharing Confidential Business Information

The findings of the OnePoll on behalf of Egress research, which involved 2,000 UK workers who regularly use email as part of their jobs, make worrying reading for UK businesses and highlight the common, but often overlooked security vulnerabilities of ‘insider threat’ and human error.

The research showed that not only have 24% of workers purposely shared info with other companies, but nearly 50% have received an email by mistake. This has meant that almost half (46%) of respondents in the research admitted to having received a panicked email recall request.

Malicious

In the case of ‘malicious’ insider threat, it is worrying that the research indicates that 24% of workers have purposely shared information with competitors or new and previous employers and other entities. This amounts to a data breach that it is difficult for companies to protect themselves against. These kinds of leaks and breaches can undermine company efforts to comply with data protection laws and protect competitive advantage, and can leave companies open to huge financial risks, loss of customers, and damage to their brands.

An example of insider threat that has been in the news (again) recently is the case of the disgruntled former Morrisons employee who stole and leaked the personal details of almost 100,000 staff to national newspapers, and on data-sharing websites. This resulted in a £2 million clean-up bill at the time, and now 5,518 former and current Morrisons employees are suing the company in the High Court.

Accidental


The Egress research appears to show, however, that a more likely risk that most companies face is accidental email misuse. The research revealed that the biggest human factor in sending emails in error is listed as ‘rushing’ (68%), and auto-fill technology, meanwhile, caused almost half (42%) to select the wrong recipient in the list.

8% of those workers involved in the research even admitted to alcohol being involved with wrongly sent emails.

Sensitive Attachments

The research showed that almost one in ten (9%) of staff had accidentally leaked sensitive attachments e.g. bank details or customer information, thereby putting customers and their own company at risk.

What Does This Mean For Your Business?

Accidental misuse of email clearly represents a real and prevalent risk to businesses that could leave them open to a variety of potentially serious financial, legal, and market risks. High pressure, busy business environments can make it more difficult for employees to always make the correct checks on emails before they press the send button, but highlighting the issue and reminding people to be extra-careful with email checks can be a good starting point.

The research also shines an important light on insider threat. Crowd Research Partners, for example, have found that 74% of organizations are vulnerable to insider threats, and 75% of survey respondents estimated insider threats cost their companies at least $500,000 in 2016.

There are many well-documented (see online) behavioural indicators of insider threat, the most common one being a lack of awareness e.g. employees with savvy IT skills creating workarounds to technology challenges, or employees using personal devices to access work emails.

Companies can help protect themselves by adopting a holistic and layered approach to user behaviour analytics to help spot potential risks. Companies need to pay attention to security infrastructures, and to adopt a comprehensive, risk-based security strategy that includes:
Awareness, education and training - compliance with security best practices, employee training and security monitoring.
  • Behaviour monitoring for detecting and mitigating insider threats.
  • Implementing appropriate procedures when employees terminate their employment e.g. denying them further access to IT system.
  • Information governance to provide the intelligence that drives security policies and controls.
  • User-based analytics to provide detection and predictive measures.
  • Development of an incident response program to consider internal and external breaches.
  • Being clear on legal and regulatory considerations.
  • A cross-organisational effort (people, processes and technology) to gain a detailed understanding of the organization’s assets and security posture.

Supermarket Voucher Scam Via WhatsApp

WhatsApp is being used by ‘phishing’ fraudsters to circulate convincing links
for supermarket vouchers in order to obtain your bank details.

How Does The Scam Work?

The WhatsApp messenger app is being used to send messages purporting to be from well-known supermarkets such as Asda, Tesco and Aldi that contain a link to an online survey. The message tempts the receiver into completing the survey with the offer of hundreds of pounds worth of shopping vouchers.

In order to complete the survey, victims must give financial information, and have to send the link to 20 contacts in order to receive the vouchers. This helps to legitimise the scam as the contacts are likely to recognise and trust the sender.

Small Differences In Letters

The bogus supermarket link has been able to fool more than 30 people so far because a very subtle, difficult to spot substitution of certain letters with similar characters. For example, the d in Aldi was swapped with a ḍ (notice the small dot underneath), which is actually a Latin character. Also a đ, known as a ‘crossed D’ (or dyet) has been used instead of a normal lower case d in order to fool potential victims.

Unclear

As yet, it is unclear whether just clicking on the link itself does something malicious like downloads malware, and there have been reports that doing so on social media has meant that the message was shared without the consent of contacts.

Brand Used Twice This Week

This is the second time in a week that the value and trust of the WhatsApp brand has been exploited by fraudsters. Earlier this week there were reports that a fake version of the WhatsApp messaging service for smartphones was distributed to more than one million unsuspecting people after it was put on Google Play store. In that case, the bogus app was used to spread spam adverts.

Bad Timing


The association of the WhatsApp brand with scams is damaging anyway, but the timing is particularly bad with the announcement only last month that WhatsApp is about to launch ‘WhatsApp Business’, with a free version for small businesses, and a paid-for version (a chance for WhatsApp to monetise its services) for enterprises with a global customer base.

WhatsApp has also suffered from bad PR, again by association, after it was announced that WhatsApp had been used by London terror attacker Khalid Masood minutes before he killed and injured multiple people back in March. This, in turn, led to Home Secretary Amber Rudd campaigning to abolish end-to-end encryption in social media platforms and to enable ‘back doors’ to be built into them for use by the authorities.

What Does This Mean For Your Business?

This is another example of how fraudsters are using the powerful combination of the trust placed in brands, very convincing messages, and apparent referrals from friends to commit socially engineered fraud. Cyber-criminals are becoming ever-more sophisticated and devious in their methods, and our use of social media platforms and mobile devices, and the lack of time and attention that we can give to individual messages, are helping criminals to carry out fast and successful scams.

It should be remembered, however, that a social media / messaging platform is simply the medium, and not all messages posted therein can be trusted. As advised by Action Fraud, people should avoid unsolicited links in messages, even if they appear to come from a trusted contact.

Fake WhatsApp - 1 Million Downloads

A fake version of WhatsApp, the free, cross-platform instant messaging service for
smartphones, was downloaded from the Google Play store by more than one million unsuspecting people.

Discovered By Reddit Users

Keen-eyed users of Reddit, the US-based social and web discussion forum spotted that the "Update WhatsApp Messenger", available for download in the Google Play store, wasn’t all that it seemed to be.

Clue in Developer Name

The fake WhatsApp was identified because it was made by using a special unicode character called a “Space” instead of an actual space. Concerned Reddit users were then able to take a screenshot of the subtle difference in the developer name and post it on the Reddit forum to alert others.

Although news of the fake app was then quickly circulated among online tech news channels, one million people had already downloaded the fake app.

What Does It Do?

According to tech commentators who have installed and decompiled the app, it is an ad-loaded wrapper (with minimal Internet access / permissions) which contains some code to download a second apk, also called “whatsapp.apk”. The fake app hides itself by not having a title and having a blank icon.

The result for those who have downloaded and tried to use the app is that they receive spam adverts, and are unable to detect and delete the app.

Google Play Fooled, Again


What has shocked and angered many victims and tech commentators is that Google Play was fooled into offering the fake, spamming app as a download. Unfortunately, it’s not the first time that something like this has happened with Google Play. Back in 2015, Google had to block a malicious app submitted to its Play store that spoofed BatteryBot Pro. The fake app was able to send premium-rate text messages, and block people from deleting it.

What Does This Mean For Your Business?

Most people place trust in well-known brands and perceived reliable ‘expert’ sources so, in this case, quite apart from the upset and trouble that the fake app has caused, there has been a sense of shock and anger that consumers were left exposed to risk by the brand platform that they had placed their trust in. Although the obvious advice would be to always check what you are downloading and the source of the download, the difference in the fake app from the real thing (in this case) was so subtle that users (and perhaps Google) could be forgiven for making a mistake.

The fact that many of us now store most of our personal lives on our smartphones makes incidents such as these all the more alarming. It also undermines our confidence in (and causes potentially costly damage to) the brands that are associated with such incidents.

To minimise the risk of falling victim to damage caused by fake apps, users should check the publisher of an app, check which permissions the app requests when you install it, delete apps from your phone that you no longer use, and contact your phone's service provider or visit the High Street store if you think you’ve downloaded a malicious / suspect app.

Monday, November 06, 2017

New System To Collect Biometrics Of All EU Visitors

The European Parliament is reported to have approved the introduction of a new
system which will collect biometric information about all non-EU visitors to the EU.

EES
Under the EU’s newly approved entry/exit system (EES), which is also part of ‘Smart Borders’ package, anyone travelling to an EU country from a non-EU country (e.g. post-Brexit UK), will need to provide some biometric information.

Whilst the term ‘biometric’ implies some kind of intrusion or sampling, what it will actually mean is the need to have a digital photo taken and a fingerprint scan, and for these ‘biometrics’ to be stored in a central database, along with travel documents and information about place of entry, exit and entry refusal.

Why?
The stated aims for the introduction of the new system are to reduce irregular migration of over-stayers, to fight organised crime and terrorism, and to speed up border checks by replacing the manual stamping of passports.

Who?
The new system will apply to every third-country national, even visa-exempt travellers travelling to and from the EU Schengen area. The Schengen area consists of most EU States, except for Bulgaria, Croatia, Cyprus, Ireland, Romania and the United Kingdom (Bulgaria and Romania are in the process of joining).

How Long?
The information collected by the EU with its new entry / exit system will be stored on the central EES database for least three years, or five years for over-stayers.

Access
Those who can access the information in the EU’s database will include border, visa and national enforcement authorities, and Europol. It has been reported that the information stored on the EES database can be consulted to prevent, detect or investigate terrorist offences, or other serious criminal offences.

The information will not be accessible to national asylum authorities.

Not New
Biometrics being used as an immigration control is not new. The UK government, for example, already operates its own biometric residence permit (BRP) system whereby those planning to stay longer than 6 months, or apply to settle in the UK need a biometric permit. This permit includes details such as name, date and place of birth, a scan of the applicant's fingerprints and a digital photo of the applicant’s face (this is the biometric information), immigration status and conditions, and information about access public funds (benefits and health services).

What Does This Mean For Your Business?

Since the UK is still in the EU, business travellers to the EU will not be subject to the new system just yet, but post-Brexit this will have to change. This could initially mean that UK travellers to the EU are subject to longer delays and greater scrutiny on entry / exit. There are also extra privacy / security concerns for UK citizens based around where (and how securely) very personal data is being stored, who has access to it, and worries about the results of hacking of the data e.g. we assumed that NHS systems and credit systems were safe until they were both subject to malware and hacking.

Some UK citizens may also be concerned about the apparent increasing need for states to gather information about citizens and their activities / movements e.g. this news border rule, US border checks that can require checks of social media, and the UK’s own storing of the browsing history of its citizens under the ‘Snooper’s Charter’.

The assumption is that, at some point, all information about one person collected in several locations could be pulled together, stored and cross-referenced in a way that feels too intrusive, and too much like ‘big brother’. For some, the argument that ‘if you have done nothing wrong, you’ve nothing to fear’ is sufficient, but others object to this being used as an excuse for states to gradually erode rights to privacy.

Election Concerns Over Facebook Influenced by Russians

Facebook has released figures ahead of a Senate hearing showing that Russia-based operatives have uploaded 80,000 posts to Facebook in the last 2 years.

Big Influence?
Ahead of Facebook, Twitter and Google’s Senate hearing on Monday, Facebook’s revelation about posts published between June 2015 and August 2017, means that 29 million Americans are believed to have seen them directly, but it is possible that 26 million American users have seen, and perhaps been influenced by liked and shared messages and comments that could have originated in Russia.

Kremlin-Linked Company
The implication is that, because the messages / posts are believed to have been posted by a created by a Kremlin-linked company, they may be state-sponsored. One of the key concerns is that many of the posts may have been sent around the time of the US election, and may, therefore, have had an unknown degree of influence on the opinions and choices of some American voters, and, therefore, on the outcome of the election itself.

This is particularly pertinent, given the accusations that have been circulating for some time now that President Trump’s campaign may have received help from Russia.

Two More Stories
The news from Facebook is even more timely and relevant because on Monday, the world’s media was buzzing with two more Trump-linked stories. The first was that President Trump's former campaign manager, Paul Manafort, and aide Rick Gates are facing money-laundering charges (unrelated to the 2016 election campaign). The second was that one of Mr Trump’s advisers (in a volunteer capacity, George Papadopoulos) has pleaded guilty to lying to the FBI over his contacts with Russia.

Not Violations, But Deleted
It has been reported that although many of the posts said to have originated in Russia did not actually breach Facebook’s guidelines, the company still went against its mission of building community by deleting 170 Instagram accounts, which posted about 120,000 pieces of content.

Also, Google’s YouTube

Google has also reported the posting of more than 1,000 political videos on YouTube on 18 different channels by Russian trolls, although it is not believed that they were targeting American viewers specifically.

Twitter Too

News has come from Twitter about the company suspending 2,752 accounts that it had tracked to the Russia-based Internet Research Agency.

What Does This Mean For Your Business?
The bigger picture is that election results (i.e. which party / candidate wins) haves a big effect on the business environment as well as on society. It is not a surprise that one country could seek to influence events in another, but it is a surprise to some that tech companies and social media companies are still able to offer a voice and a channel to all.

The challenge that tech companies such as Facebook and Google (with YouTube) face is that they need to protect the idea that they reject censorship (and interference from governments), while still being seen to be acting responsibly and proactively, while protecting their brands and monetising elements of their business at the same time. It is clearly frustrating to some governments and politicians, both in the US and the UK, that they don’t have more of an influence over social media and tech companies e.g. with the end-to-end encryption debate in the UK, and that they often only come up against lawyers for these companies rather being able to be seen to be publicly grilling the owners of these tech giants themselves.

As for the story about possible Russian influence over the US election result, it still has a good way to run and it is likely that we have only witnessed the start of many twists, turns and revelations.

Businesses Use Facebook Collaboration In Droves

Not only has Facebook’s Workplace Collaboration Tool exceeded expected take-up numbers by businesses, but it now getting a desktop app for group chats.

What Workplace Tool?
Facebook's Workplace platform app was introduced in October 2016 to enable businesses to have their own social network while allowing Facebook to compete in the same collaborative and communications business tool market as Microsoft’s Yammer, Slack and Google’s Cloud. Slack is the current market leader with 4 million daily users.

The Workplace platform supports features such as live video and instant messaging and can be used by businesses internally to replace tools such as email. Previously known in its testing phase under the working title of ‘Facebook at Work’ the Workplace platform is an all-in-one integrated structure and incorporates many of Facebook’s best elements.

More Than 30,000 + New Features.
One year on, Facebook’s Workplace, which was a late arrival in the market, now has 30,000 organisations signed up to it, which is more than double the number announced just six months ago. The platform has been given some new performance-boosting features such as screen sharing, and (the upcoming) group video chat support for up to 50 people per conference call.

Initial Worries Unfounded

The large numbers of businesses now using Facebook’s Workplace mean that initial fears by the company that it could be difficult to sell have proven to be unfounded. It was, for example, thought that the platform’s appearance and how it’s used could be too similar to, and could be seen as encouraging the use of social media at work that many companies had been seeking eradicate.

App
It has been announced that Facebook’s Workplace will also soon be augmented with a desktop version of its app for group chats, and an update in the not-too-distant future should mean that this app will support video calls.

With the extension of the app and the new features of the platform, Facebook has picked up on the value that users have been placing on messaging for real-time, reliable communication wherever they are (mobile or in the office).

What Does This Mean For Your Business?

Businesses are now realising that an effective, easy, low cost, and high-tech means of collaborative working and communicating (in real time) can bring greater effectiveness, efficiency and competitive advantage.

Facebook’s Workplace app provides businesses with a way to benefit from the use of a fully integrated social network, and another of its key advantages is that it offers a degree of familiarity because of its similarity to Facebook’s social platform.
Although Workplace was a relatively late market entrant, it was tested for years and already has over tens of thousands of subscribers, thus helping it to iron out any faults. Workplace’s special appeal and credibility is also helped by the fact that it comes from what most people would consider the definitive social networking expert company.

Half Of Us Don’t Check Contactless Amount

A new study by money management app Yolt has found that nearly half of UK s
hoppers (48%) don’t always check the amount before they tap to pay via contactless.

Switch To Contactless
The implications of the findings of the study are so significant because the UK has seen a significant shift away from cash to contactless. For example, British Retail Consortium figures show that contactless payments now account for a third of all card transactions in the UK.

Yolt Figures from the new study show that 76% of Britons have used contactless payments, and 40% make half or more of their card payments using contactless.

An average 416.3 million contactless payments are made each month totalling £3.913 million (UK Finance figures), and this is an increase of 147.6% on 2016 figures. At the same time, projected figures from payments industry trade body ‘Payments UK’ have shown that by as soon as next year, more payments will be made using debit cards (with contactless) than using cash.

London Especially

Transport for London (TfL) figures, for example, show that 40% of public transport customers in London are now paying for their journeys with contactless payment cards (rather than using pre-paid cards), and 82% of Londoners have used contactless payments, making it the most popular city in the UK for this type of transaction.

It should also be noted that, according to this latest study, only 38% of Londoners said they always checked the amount before using contactless to pay.

Young People Least Likely To Check
The new Yolt study also revealed that young people (18 to 34) are the least likely to check the amount before paying via contactless, with only 39% doing so every time they pay. In contrast, 62% of those aged over 55 in the study said they check the amount every time they use contactless.

What Does This Mean For Your Business?
As far as businesses are concerned e.g. in retail, the rise of contactless has meant the need to invest heavily in new payments technology in order to make it easier and quicker for customers to securely complete transactions in-store. Retailers have, however, benefited from cost and time savings (and having to deal with less cash). The fact that consumers aren’t checking shows a degree of trust in the contactless system, which is again good news for retail businesses, provided that systems are functioning properly.

This story is also an example of how daily contact with technology, and a lack of negative reinforcement in many situations has led to an increase of our trust in it. Some would say however, that too much trust can lead to lack of basic checks, and a dangerous suspension of basic reasoning and judgement. A study by the Georgia Tech Research Institute in March 2016, for example, showed how humans trusted robots in an emergency, even though the machines had shown themselves to have behaved unreliably just a short while earlier. In the experiment, a pre-programmed robot lead visitors to the wrong room, and took them around in circles, and yet, when a fire was staged shortly after, people ignored clearly marked exits and followed the robot deeper into the building.

With the decline of cash as a worldwide trend, we are likely to continue using contactless regularly, and card issuers are likely to continue happily driving the change in customer behaviour. We do need, therefore, to remember that human error is commonplace e.g. typing in wrong amounts for purchases, prices may be entered in systems wrongly, and that technology and systems of all kinds can go wrong, and can be interfered with by cyber criminals. Keeping up the habit of making basic visual checks could save us time, trouble, and money, and could help us to use technology more safely.

AI Cracks Captcha

An Artificial Intelligence (AI) algorithm has been developed that can fool the Captcha
website security check system by mimicking how the brain processes images and visual clues.

CAPTCHA
Most of us will be familiar with the Captcha system that requires us to prove that we’re not robots by recognising and entering a series of apparently random letters and numbers into a field i.e. solving visual puzzles to complete a login process.

Captcha, which stands for "Completely Automated Public Turing test to tell Computers and Humans Apart", was developed in the late 1990s as a counter-fraud measure, and to stop automated bots accessing and using websites and other online resources. If Captchas are not used, some of these bots can post spam comments in blogs, sign up for thousands of email accounts every minute e.g. on Yahoo, buy multiple tickets from ticket sites, gather email addresses (written in text) from web pages, distort online polls, and launch dictionary attacks on password systems. The use of Captchas can also offer full protection to pages that you don’t want indexed by search engines, and offer worm and spam protection.

Up until now, Captcha tests have been sufficient to separate humans from robots, and statistics show that the test is so complicated that even humans only pass it 87% of the time.

New System Beats Captcha

Details of the new Captcha-beating system have been published in the Journal of Science. The system was developed after research by Californian artificial intelligence company ‘Vicarious’, funded by Amazon founder Jeff Bezos and Facebook's Mark Zuckerberg.

Rather than using ‘neural networks’ that would require large networks of computers in layers and extensive training of those computers to solve problems, the new, simpler, algorithm based-system from Vicarious has been designed to imitate how the human brain responds to visual clues.

Little Training, Good Results
Reports of the results of tests with the new Recursive Cortical Network (RCN) show that by being able to actually pick out distorted letters and digits from images, it can beat the Captcha system with minimal training (other AI programs have needed 50,000 times more training).

The RCN algorithm works by recognising contours, edges, shapes, and textures of an image, and analysing the pixels to try and find a match with the outline of an object.

Tests to date have shown that the new algorithm can accurately guess a Captcha image 66% of the time, and can correctly guess an individual character with 81% accuracy.

What Does This Mean For Your Businesses?
The Captcha system has helped businesses by providing an easy way to deter potentially costly, disruptive and damaging bot attacks and spam. Many tech commentators, however, believe that the Captcha system (which dates back to 2000) is now outdated, and at the very least, needs to be improved. Now that a new algorithm has been developed that can beat Captcha, many tech and security commentators fear that it will now only be a matter of months before a similar system is being used to attack Captchas on websites, which can only spell bad news for businesses.

Two-factor authentication has proven itself to be an effective security gateway for websites, and many see this as the way forward.

Given the big tech names involved in the development of the Captcha-beating algorithm, you could, however, be forgiven for thinking that they may have an idea about (or already have another system) that could replace it.

Monday, October 30, 2017

Changing Faces With AR and AI

The combination of Augmented Reality (AR) and Artificial Intelligence (AI) has led to a cosmetics chain enabling customers to experiment with virtual make-up, and the animation of single still images into photos with moving facial expressions.

Virtual Cosmetics App

Back in March, the new ‘Virtual Artist’ app was first unveiled to the tech world. The app is now being used by French cosmetics / beauty brand Sephora to engage customers and allow them to try out and experiment quickly and easily with the company’s beauty products without needing to physically apply any of the actual products.

Photo Overlaid With AR Make-Up
Sephora’s ‘Virtual Artist’ app, which is used in some of their stores on iPads (available to customers as a  smart-phone version) allows customers to try-on virtual make-up. The app, which was developed in partnership with AR company ModiFace, scans a photo of the user’s face, maps where the lips and eyes are, and lets users try on different looks.

The app gives users virtual tutorials that use AI and AR to show users (using a photo of their own face) how to contour, apply highlighter, and create winged eyeliner.

The app currently allows users to experiment with lip colours, eyeshadows, and false lash styles, and to add the products they like to an online shopping basket.

Not The Only One
Sephora’s proprietary ‘Virtual Artist’ app is actually joining the tech beauty gadget market a little late, as it follows in the footsteps of other similar ideas such as the HiMirror Plus, which scan users’ faces and recommends products and skin regimens.

Bringing Still Photos To Life
Another recent innovation to hit the news is a face mapping, AR and AI combined system that has been developed by a joint team from Tel Aviv University and Facebook.

The system enables a single still photo of a person / emoji character / painting of a person’s face to be animated with moving facial expressions.

How It Works
To enable the animation to work, the subjects submit a single still image of their face, plus, they film themselves pulling a variety of faces. Face mapping of the still photo as a guide, and the expressions, combined with a ‘driving video’ of another face, and the software’s ability to fill in the invisible gaps in the picture e.g. the inside of a subject's mouth, enables moving facial expressions to be overlaid (using AR), thus producing an eerily realistic image with changing facial expressions and emotions.

Why?
Since the system was developed in conjunction with Facebook, tech commentators have speculated the first use of the system will be as part of a fun craze to help engagement with the Facebook platform.

What Does This Mean For Your Business?
It is not difficult to see how, as with the Sephora example, a system that encourages and enables customers to engage with, try out, and willingly widen their knowledge of a product range with minimum risk and hassle could be useful and relevant to many kinds of businesses in different markets e.g. beauty, interior design, furnishings / furniture, and other self / lifestyle / home and garden markets. The ability to enable customers (B2B and domestic) to visually experience and explore products and services like never before offers an exciting opportunity for businesses.

The ability to animate still images in a realistic and engaging way could also feed into multiple industries e.g. marketing / advertising / display / promotions, photography / graphics, greetings and gifts and many more.

The leverage gained from the synergies of combined new technologies could provide exciting business opportunities and areas to develop competitive advantages that are likely to reduce in cost over time.

eBay And Amazon Sellers VAT Warning

MPs have warned Amazon and eBay that their platforms may not be doing enough to prevent many sellers from not charging VAT on their sales, thereby potentially contributing to £1.5bn lost tax revenue for the government.

Report
The VAT loophole was highlighted in a recent report by MPs in the Public Accounts Committee.

What’s Been Happening?
If items are dispatched from UK soil, sellers have to charge VAT at 20%. Amazon and eBay, however, are believed to be keeping some of their stock in UK warehouses in order to provide next day delivery. Some of this stock is likely to be from overseas sellers, and it is believed, therefore, that goods from foreign sellers have been shipped to customers from UK warehouses without VAT being charged. This has enabled some foreign sellers to undercut genuine UK suppliers, and has meant a loss of potential revenue for the Treasury.

Working With HMRC

MPs have criticised an apparent lack of action to date by the big online selling platforms to address the issue, and some critics have also pointed to the fact that Amazon and eBay may actually be profiting from the fraudulent activity of sellers on their platforms by charging sellers a commission.
Amazon and eBay have told the commission that they are working with HMRC to resolve the situation, and that they are engaged in removing those offending sellers from their platforms.

HMRC Criticised
It is not just eBay and Amazon who have come in for criticism by MPs over this matter. MPs have also criticised HMRC for being over-cautious in pursuing what are regarded by many as being VAT fraudsters.

According to the MPs’ report, HMRC could help to stop VAT fraudsters by setting up an agreement with online marketplaces by March next year, and by acting with more urgency in making use of its existing powers.

HMRC has answered critics by pointing out that it had introduced new rules last year specifically to deal with the issues of liability for unpaid VAT by overseas sellers, and that these rules have brought about a ten-fold rise in the number of sellers registering for VAT.

What Does This Mean For Your Business?
This report from MPs and the publicity generated by it are likely to be good news for UK sellers who may have lost out to overseas sellers through simply complying with UK tax law and having to charge higher prices. Hopefully therefore, the report may put pressure on HMRC and big selling platforms like eBay and Amazon that could lead to a more level playing field, and could, of course, generate more much-needed tax revenue for the UK. It is particularly important for MPs to prioritise the issue now with the extra tax complications of Brexit just around the corner.

This may also be a shot across the bows for all large overseas sellers to warn them to respect the laws of the countries that they operate in and to remind them that they are accountable to governments in many of their lucrative markets.

4 Out Of 10 UK Businesses Not Ready For GDPR

A study by DMA group, formerly the Direct Marketing Association, has revealed that more than 40% of UK marketers say their business is not ready for changes in the forthcoming General Data Protection Regulation (GDPR).

What Is GDPR?

GDPR will come into force in May 2018. This new Regulation replaces the EU Data Protection Directive of 1995, and the focus of GDPR is on ensuring that businesses are transparent and protect individual privacy rights. The Regulation from the EU, which consists of 99 articles, covers data that is produced by an EU citizen, whether or not the company is located within the EU, and it covers people who have stored data within the EU, whether or not they are EU citizens.

The DMA Group Study Results
The recent DMA Group Study asked 197 (B2B) and consumer-facing companies their thoughts about GDPR and found that while more than half of companies (56%) feel that they are on track with their GDPR plans, 17% feel that they are behind and 15% still have no integrated plan.

16% of respondents themselves in the study were reported as saying that they felt extremely or somewhat unprepared for GDPR, and 31% felt that their whole organisation was extremely or somewhat unprepared.

What’s The Problem?
One of the biggest concerns of the companies surveyed was about the definition of consent (28%). Consent under GDPR, for example will have to be unbundled i.e. consent requests are separate from other terms and conditions, granular (a thorough explanation of options to consent must be given), named (state which organisation and third parties will be relying on consent), and documented (keeping records of how consent was gained).

Consent will also have to be easy to withdraw, and under GDPR implied consent will disappear. These complications around consent and the possible legal consequences of getting things wrong are clearly a concern for UK companies.
Another key concern and top priority highlighted by the study is the changing of a company’s privacy policy (15%) to take account of the new rules.

Worries about GDPR also appear to be growing in businesses as the deadline looms. The study showed for example, that 64% of marketers believed their organisations will be either very or extremely affected by the regulation, compared with 54% in May.

Positive
Some commentators have highlighted a possible positive perspective on GDPR as a catalyst to transform the way organisations speak to customers, and as a way of addressing issues in data protection that they may have had for a long time.

Equifax Reminder
The recent Equifax data breach, where 143 million customer details are thought to have been stolen, and where serious questions have been asked about the company’s conduct in handling the breach, has brought data protection into even sharper focus prior to GDPR and has reminded companies that they have to notify customers of a problem early on.

What Does This Mean For Your Business?

Warnings about the importance of GDPR preparation have been cropping up in the news for more than a year, and successive studies have revealed how businesses have felt unprepared and worried by the complications of the subject, or are simply in denial. One of the key challenges for companies in addition to getting an understanding of consent issues is making sure the technology is in place to help deal with data in compliant way e.g. having the ability to purge or modify data, search and analyse personal data to uncover explicit and implicit references to an individual, or accurately visualize where data is stored because the repositories are not clearly defined. Some technology products are now available to help deal effectively with data, and many tech commentators believe that developments in AI and machine pattern learning / deep learning technologies will be able to be used by companies in the near future to help with GDPR compliant practices.

At this late stage, companies need to press on with and get to grips with GDPR and its implications, perhaps seeking professional advice to highlight which areas are most legally pressing. Taking a positive perspective, not only is compliance with GDPR necessary, but it could actually make sound commercial sense, through providing competitive advantages (because data security is valued by customers), and could have knock-on effects to the cyber resilience of companies.

Companies that have been proactive and moved quickly on this issue could therefore be the ones most likely to minimise the threat of penalties (the law profession is already geared-up to respond to customer complaints), and gain advantages in a marketplace.

Russia Hit By Ransomware

A new type of ransomware dubbed "Bad Rabbit", similar to WannaCry and Petya, has been spreading across Russia, Ukraine and into other countries.

What is Ransomware?

Ransomware is a form of malware that typically encrypts important files on the victim’s computer. The victim is then given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway, and paying the ransom does not guarantee that any files will be released.

How Does It Infect?

The Bad Rabbit ransomware appears to be spread via a bogus Adobe Flash update and, worryingly, is still undetected by the majority of anti-virus programs.

What Does ‘Bad Rabbit’ Do?
Like other ransomware, Bad Rabbit encrypts the contents of the victim’s computer and asks for a payment of 0.05 Bitcoins / £213 to release the locked data. It is common for ransom demands to be made in the crypto-currency Bitcoin because it is out the control of banks and provides anonymity for the perpetrators.

In order to pay the ransom, users are directed to a .onion Tor domain where, where a countdown on the site shows the amount of time before the ransom price goes up.

Some tech / security commentators have noticed references to Game of Thrones characters in the malware.

What Effect Has It Had?
Bad Rabbit is reported to have hit almost 200 victims, most of which are in Russia and Ukraine, although others are in Turkey and Germany.

For companies that have been infected, whole servers have been locked down, thereby rendering the day-to-day IT-based aspects of the business impossible.

High profile victims of Bad Rabbit to date include Russian news agency Interfax where its subscription services were all made unavailable, the St. Petersburg-based Fontanka.ru news website, Ukraine's Odessa International Airport where its information system stopped functioning, Ukraine’s Ministry of Infrastructure and Kiev’s public transportation system.

What Does This Mean For Your Business?
For UK businesses and other organisations, it’s a case of always being on the lookout for suspicious emails and updates, keeping security software up to date and regularly backing up critical data. The advice with Bad Rabbit (according to The US computer emergency readiness team), as with other ransomware is to not pay the ransom, as is unlikely to guarantee that access will be restored.

In order to provide maximum protection against more prevalent and varied threats this year, businesses should now adopt multi-layered security solutions. Businesses should accept that there is a real likelihood that they will be targeted and therefore prepare for this by implementing the most up to date security solutions, virtual patching and education of employees in order to mitigate risks from as many angles ('vectors') as possible.

Having workable and well-communicated Disaster Recovery and Business Continuity Plans in place is now also an important requirement.

Southend ... The ‘Smart City’

Southend-on-Sea Borough Council is reported to have signed an agreement with tech company Cisco to deploy its ‘Kinetic for Cities’ platform in order to share the benefits of new digital technologies with its businesses and citizens, thereby making it a ‘Smart City’.

What Is ‘Kinetic For Cities’?
According to the Cisco blog, the Cisco Kinetic for Cities platform is a unified IoT platform strategy and a cloud-based platform that helps customers extract, compute and move data from connected things to IoT applications to deliver better outcomes and services. In essence, using sensors, digital management platforms, and analytics programs for all aspects of a city (including solutions for lighting, parking, crowd, environment and others), businesses and citizens can benefit from the effects of urban innovation, sector-specific solutions, city engagement that the technology provides.

Technology Hub
Through the use of the new platform, it is hoped that Southend can become a technology hub, and this can help it to grow and evolve, in line with the rest of the UK and with competition globally. It is also hoped that use of the digital platform could bring smarter, connected experiences for people who live in, work in, or visit the town.

Already Working In Other Cities
Cisco’s Kinetic for Cities platform is already being deployed in other cities such as Manchester (UK) where it is being used to project explore smart transport and CO2 emissions, in Jaipur (India) where it is helping to improve public safety.

How Will It Be Used In Southend?
At the current time, Southend Council looks likely to use the Kinetic for Cities platform for initiatives such as pilots relating to community safety e.g. building an intelligence hub with IP-based public safety systems for use with CCTV and advanced video analytics.

Also, there are plans to use the platform to help with traffic and parking management, easing of congestion, using the IoT to help monitor improve air quality, and to help manage energy better and bring down consumption, thereby reducing costs and helping the environment.

What Does This Mean For Your Business?

It has taken a long time for many of the potential benefits of the IoT to be realised, or for the IoT to be deployed in a more meaningful and beneficial way than in smart household gadgets. Using technology for the benefit of a whole town / city in this way represents a new kind of rapid regeneration which has the potential to benefit many more citizens and businesses than individual physical projects. Improving a whole town, and how efficiently it functions and how effectively it serves those who work and visit it in terms of experiences and opportunities can only be of benefit to locally based businesses, and can create an environment where businesses are better equipped to compete nationally and globally.

Sunday, October 22, 2017

Major Wi-Fi Security Risk

Researches have uncovered a major flaw in Wi-Fi connections dubbed as Krack, which could be putting homes and businesses at risk from hackers.

The Flaw
Researchers from Belgian university, KU Leuven, discovered that there is a critical flaw in the authentication system used by secure wireless connections.

All protected Wi-Fi networks use an old, four-way handshake (dialogue) system in order to generate a fresh session. With the handshake, the two devices agree a (session) key to use to keep a secure data connection between them.

According to the researchers, the system of random number generation used in authentication can actually be re-used, thereby allowing someone to enter a network and potentially spy on the data being sent in it.

Exploited
Hackers can exploit the ‘Krack’ vulnerability by tricking victims with a replayed, modified version of the original handshake, thereby making victims reinstall their live session key. This allows the set-up values to be reset which can thereby weaken encryption.

The researchers have found that the flaw means that attackers can potentially hijack a connection, decrypt and inject data, and even forge their own connection.

What / Who Is Affected?
The flaw is in the actual Wi-Fi protected access II (WPA2) security protocol i.e. in the standard itself. This means that there may be millions of routers in customers' homes and businesses that are vulnerable to attack. Service providers and their customers, therefore, face significant risks because of the flaw.

What About Patching?
The flaw, which has prompted a warning by the US Computer Emergency Readiness Team (Cert), can reportedly be fixed using software patches. Industry body the Wi-Fi Alliance is reported to be working with service providers to help develop a patch, and Google has said that it will be patching any affected devices over the next few weeks.

What Does This Mean For Your Business?
This is reminiscent of the problem encountered back in June, when, after an investigative study by Which?, Virgin Media made the news when its (Netgear) Super Hub 2 and Super Hub 2 AC home routers were found to all have exactly the same private encryption key, thus making them more vulnerable to hacks. This prompted the need for a security patch to be rolled out in order to protect large numbers of customers.

The latest flaw in Wi-Fi connections discovered by the Belgian researchers is another example of how, despite taking their own Internet and data security measures, businesses (and home users) can suddenly find themselves unwittingly being vulnerable to attack because of the equipment and software supplied by service providers who they have to trust. Once again, it is outside security researchers who have discovered the flaw.

Thankfully, patching is generally a fast and effective way to shut down vulnerabilities. Keeping up with patching itself is an important part of any company’s ongoing security processes, and the Fortinet Global Threat Landscape Report (back in August) highlighted the fact that 9 out of 10 businesses are hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and have patches already available for them.

Cortana Integrated With Skype

Microsoft has added its talking digital assistant ‘Cortana’ to Skype
to provide ‘contextual assistance’, which could help Skype users in their online chats.

What Kind of Assistance?
The idea is that the digital assistant can use its AI to pick up on what is being said in a Skype chat and then help to provide relevant information on that subject. This could be anything from (depending on the content of the chat) relevant restaurant option suggestions, movie reviews, and suggestions of smart replies and responses. According to Microsoft, Cortana will enable users to respond to messages in Skype without needing to type.

Your Digital Secretary
The addition of Cortana to Skype means that it will also be able to pick up on conversations about scheduling events, and will then be able to set up a reminder that can be sent to all of your devices. This will see Cortana acting like a kind of virtual secretary, able to ‘listen’ to and take note of all of your plans. This could have obvious benefits in making sure you don’t miss important appointments / events, and that you are able to improve business planning and organisation.

Cortana As Your Contact
The Cortana / Skype bundle will also mean that the digital assistant can be added as a contact in Skype. This means that you will be able to chat with it as you would other contacts, and use it to answer questions, suggest restaurants, check flights, give the weather outlook, and other information.

Setting It Up
Users will be able to easily set up Cortana in Skype on mobile devices by tapping Cortana on their chat screen, and by agreeing to allow Cortana to use the user’s location and IM conversations in Skype.

The Rollout
According to the Microsoft blog, Cortana in Skype will be ‘gradually’ rolled out, starting from 9th October, to Microsoft’s Android and iOS customers in the United States first.

What Does This Mean For Your Business?

This alliance of Cortana with Skype is another important competitive step in the battle for leadership in the voice-controlled / ‘Voice First’ market and will help Microsoft to achieve its aim of making Cortana available for its customers everywhere and across any device.

In September, Microsoft also announced that it was working in partnership with Amazon in a bid to put a lot of pressure on competitors, gain distribution and overlap, and to enable their respective AI digital assistants to work together in a move to create an open way to communicate and interconnect with AI platforms.

As consumers, figures show that over a one-third of us (in the US and the UK) use digital assistants weekly (the equivalent to Netflix’s adoption level). This is a trend that is set to continue. For example, Ovum forecasts the native digital assistant installed base to grow from 3.6 billion (from last year) to 7.5 billion active devices by 2021. As long as digital assistants are able to add and provide real value, and tangible benefits, more people will be willing to try them, and to integrate them willingly into their business operations e.g. Skype calls. The market is still in the early stages though, and with Google currently predicted to dominate, we are likely to see many more announcements for many more applications and integrations of digital assistants into devices and platforms in the near future.

Alexa Now Recognises Multiple Voices

Amazon’s Alexa AI digital assistant is now able to tell the difference
between the voices of different users in the same household, thus enabling the Amazon Echo to handle multiple-user profiles in a convenient way.

Following Google
This latest development from Amazon follows Google Home’s rollout of multi-user support in the UK back in June. Google Home can, therefore, already deal with 6 different user accounts and voices in a single unit. Each individual user-account responds to each individual user’s voice, and delivers tailored calendars, playlists and preferences to whichever user is speaking to that unit.

Don’t Need The App
Although Alexa could already handle multiple user accounts before, it required the use of an app and a confirmation code to do so. Now that everything can be operated by Alexa being able to successfully recognise multiple voices and deliver tailored services accordingly, it puts the Amazon Echo back in competition (in terms of features) with Google Home.

Compatible
It has been reported that the new feature is compatible with Flash Briefings, shopping, Amazon Music’s family plan and Alexa to Alexa calling.

Teaching Alexa
Just as with Google Home, the AI element of Amazon’s Alexa needs to be taught the difference between the voices of its different users in order to operate successfully for multiple users based on voice alone. This involves each user selecting “Your Voice” in the mobile app, and repeating a series of demo commands to Alexa.

Teens Use, Parents Pay
The Alex multi-voice recognition announcement follows hot on the heels of Amazon’s announcement that an expansion of its Household subscription means that 13-17 year-olds can shop on its site through the app, and using their parents' payment methods (provided that their parents have set a spending limit or approved each purchase). There is speculation among technical commentators that this is an area where Alexa (and its multi-voice recognition) may be employed in the near future.

What Does This Mean For Your Business?
This is another example of the fierce competition that is currently taking place in the new and rapidly evolving ‘Voice First’ market, which is currently being led by Google, but there is some competition from Microsoft with Cortana and now Amazon. Both Microsoft and Amazon, for example, managed to miss the smart-phone revolution but are concentrating efforts now on becoming serious competitors in ‘Voice First’ revolution.

This story is also an example of how technologies are being merged / combined, copied, collaborated on (Microsoft and Amazon), to enhance / augment, add value to, and better monetize existing services e.g. Skype incorporating Cortana, and the possible addition of Alexa to other Amazon services.

The widespread use of mobile devices and apps, the introduction of (and heavy investment in) AI and robotics into many aspects of products and services by market-leading companies now means that businesses have extra threats and opportunities. As workers, automation led by AI is also likely to alter the nature of jobs, and may mean that more people will need to seek more education / lifelong learning, and be more accepting of the need for change and frequent adaptation in their working lives.

Drone Hits Passenger Aircraft

A remotely piloted drone struck a Skyjet turboprop passenger plane as
it made its approach to land at Jean Lesage Airport in Quebec, Canada last Thursday.

What Happened?
The drone craft, which was being operated by a person as-yet unknown, was reported to have been flying at a height of about 450 metres / 1,500 feet and at an estimated 3,000 metres from the runway at the airport. As the Skyjet passenger aircraft came in to land, it was struck by the drone causing minor damage to the aircraft. Fortunately, the aircraft, which was carrying 8 passengers, was able to land safely.

Interim Rules In Place
Interim ‘Transport Canada’ regulations (to be approved next year), first introduced in March and amended in June, make it a violation for recreational drone to be flown within 5.5 kilometres from an airport, and 1.8 kilometres from a heliport without having special permission. Drone operators must also not fly their drones above 90 metres in height. Violation of the current regulations can warrant a $25,000 fine.

Accident Waiting To Happen
According to Canada’s Federal Transport Minister Marc Garneau's office, 1,596 drone incidents were reported to Transport Canada in 2017, 131 of which were deemed aviation safety concerns.

This was, however, the first time that a drone had actually struck a passenger aircraft in Canada, and Mr Garneau is reported as saying that it could have been "catastrophic" if the drone had collided with the engine or cockpit.

Worldwide Problem
Drones flying too close to airports have now become a problem worldwide. Back in July, for example, a drone being flown dangerously close to Gatwick airport in the UK meant that four Easyjet and one British Airways flights had to be diverted.

Drone Photographer Punished

In another incident in Essex back in August, a 28-year-old man from Kirby Cross was apprehended by police, after flying his drone too close to a railway station. The man was reportedly trying to use the drone to get photos of a Tornado steam engine, and was reported for a breach of his Air Navigation Order. According to the Police, the man had flown the drone within 50 metres of other people and property out of their control. Legally, a drone should not be flown within 150m of crowds or built-up areas.

The man was punished by way of an agreement contract with Essex Police, and was given a community resolution.

New Rules in the UK

In the UK, new government rules mean that drones weighing 250 grams and above now need to be registered online. Owners of these drones will also have to take safety awareness tests to determine their knowledge of UK safety, security, and privacy regulations. The government hopes that these new rules will help to develop accountability among drone owners and encourage them to act responsibly.

What Does This Mean For Your Business?
Drones are part of a new industry where the technology and products have been developing before the law has had an opportunity to catch up. Drones clearly have many productive, value-adding, and innovative business uses, and they have been tested and tipped for wider use in the future by brands such as Amazon for parcel deliveries. A move towards autonomous vehicles and new transport technologies means that drones currently have a bright future when used responsibly and professionally. The fact that drones are widely and easily available (with minimal restrictions) to individuals as well as companies, as shown by the many aircraft near misses, indicates that most people would welcome the introduction of regulations that contribute to public safety. It is important, however, that any new rules take account of the rights of the majority of responsible drone users, and don’t restrict the commercial potential of drones.

Staff Sue Morrisons Over Personal Data

5,518 former and current Morrisons employees are suing the company in
the High Court over failing to protect their personal data after it was posted online by a rogue employee with a grudge.

What Happened?

Back in 2014, Andrew Skelton, who was an auditor at the head office of Morrisons in Bradford, leaked the personal details of almost 100,000 staff. Mr Skelton is believed to have deliberately stolen and leaked the data in a move to get back at the company after he was accused of dealing in legal highs at work.

Although Mr Skelton was jailed for jailed for eight years in 2015 over the incident, and Morrisons was awarded £170,000 compensation against Skelton, lawyers for the employees whose data was stolen and leaked are now arguing that they should also be compensated.

What Kind of Data?
The data, which was stolen, sent to national newspapers, and posted on data-sharing websites by Skelton included details about staff salaries, bank details and National Insurance numbers.

It is estimated that the data breach cost the company more than £2m to rectify back in 2015.

Upset and Distress
In the recent case in the High Court, Jonathan Barnes, Counsel for 5,518 former and current Morrisons employees argued that they were victims too, and should therefore also (like Morrisons) be compensated.

Mr Barnes argued that due to a failure by Morrisons to keep staff personal safe, upset and distress was caused to people whose personal data had been posted online without their consent (and knowledge at the time).

The basis of the case is, therefore, that Morrisons may be responsible for breaches of privacy, confidence and data protection laws, and may have exposed employees to the risk of identity theft and potential financial loss.

The action at the High Court will last two weeks and is essentially concerned with liability. No decision has yet been made.

What Does This Mean For Your Business?

With so much focus on attacks from the outside by hackers and scammers, it’s easy to forget that attacks and data breaches / leaks can come from within. Businesses may not be aware that insider attacks top the list of threats to data and systems, and because (as in the case of Skelton) certain employees have legitimate access to sensitive and valuable company information, the risk is potentially huge. What makes this risk particularly hard to manage is the fact that trust needs to be placed in employees in order for them to do their job, although their motivations are hard to predict, anticipate or control. It is also likely that, as in the case of Morrisons, insiders can select the most sensitive of data, and inflict the worst kind of damage before the company even knows about it.

Businesses should, therefore, at least be aware of the threat, and try to restrict access to sensitive data to only those people who need access to it, to build in some monitoring and checking, and to build this kind of scenario into Business Continuity and Disaster Recovery Plans.

Cash From Cloud Bigger Than Expected

A Gartner report shows evidence that revenues from the public cloud
look likely to grow by 18.5% this year, and could top $260 Billion.

Public Cloud
The ‘public cloud’ refers to the service whereby companies / individuals can access virtual machines (VMs), applications or storage over the Internet on a pay-per-usage or free basis.

Technical commentators have noted that the market for cloud services is growing much faster than most other IT markets today, with much of the growth coming at the expense of more traditional, non-cloud offerings.

Big Growth Areas - SaaS and IaaS
The Gartner report shows that the big revenue growth areas this year are Software as a Service (SaaS) and Infrastructure as a Service (IaaS).

The greater than predicted rise in SaaS revenue for last year ($48.2 billion) is a key driver for the healthy forecast in public cloud revenue for this year, where software revenues are expected to reach $58.6 billion by the end of the year.
IaaS has also seen bigger than expected revenue growth, and Gartner predicts end of year revenues of $34.7 billion, which would be a massive 36.6% increase on last years’ end-of-year figures. Many technical commentators believe that IaaS is likely to be the fastest growing area of cloud computing over the next 5 years.

Amazon is the leader in the IaaS market with 44.2 % of the market, and has a much larger share than its closest rival Microsoft. Google has also gained momentum in the IaaS market with Azure.

PaaS Too
Even though Platform as a Service (PaaS) was one of the least profitable areas of the cloud last year, revenues for these services are forecast to rise significantly by 2020, and there are expectations of an increase to $20.8 billion this year (compared to $9 billion last year).

PaaS refers to the provision of a platform and environment that allows developers to build applications and services over the internet. The PaaS services are hosted in the cloud and can be accessed by their users via their web browser, thus providing ease and convenience to a hitherto more complicated and costly area of computing.

What Does This Mean For Your Businesses?

The general trend over the last year or so has been that the hybrid cloud has been the preferred enterprise strategy, while public cloud adoption has been growing, and private cloud adoption has flattened-out.

The growth in public cloud services, as shown by the Gartner report, is something that is happening worldwide, and it is being driven by digital business initiatives, data centre consolidations and application migrations to the cloud.

Now that businesses are less fearful of the early perceived risks of a move to the cloud e.g. security concerns, and are starting to realise the key benefits that cloud services offer (flexibility / adaptability, reduced costs - no need to purchase / upgrade in-house hardware or employ the expertise to manage it, security and reduced risk - including backup and recovery), it is not surprising to see big growth in its uptake by all kinds of businesses.

Monday, October 16, 2017

How Your Phone Can Depress You

Research by Nottingham Trent University has revealed that mobile phone
alerts can have a negative impact on your mood, especially if they're work-related and or non-human notifications.

App Research
The research, which was carried out to study the way people interact with the notifications on their phone and how they impact mood, was conducted by using an app called NotiMind which participants downloaded to their phones. The app collected details about the phone’s digital notifications, plus information about each participant's self-reported moods at different points in the day over a five-week period, and involved the sending of half a million notifications.

Findings
The collected data showed that one-third of the participants suffered negative effects on their mood from their phone notifications, such as feeling hostile, upset, nervous, afraid or ashamed.

Most Negative
Phone notifications which related to non-human activity e.g. Wi-Fi availability and the working of the phone itself were found to be the ones that had the biggest negative impact on someone's mood. Not surprisingly, work-related alerts (especially when several arrived) ranked a close second when measuring negative moods.

Why Negative?
The researchers noted that the disruption, distraction, and competition for attention that phone notifications bring, as well as the source (e.g. work-related) are contributors to negative feelings in recipients.

Most Positive
Those notifications which had the most beneficial effect on moods were found to be messages from friends, especially when several of these notifications arrived at once. Friend-related notifications were found to create a sense of belonging and feelings of connection to a social group in the recipients.

Emojis Help
Another interesting finding of the research was that the inclusion of emoji characters in notifications was found to lift the mood of recipients. This is particularly significant for the world’s fastest growing language in all forms of communications because they transcend traditional language barriers, and they help to quickly and easily communicate the emotional content of a message.

What Does This Mean For Your Business?
Most of us now have smart-phones, and the many apps compete for our attention, and the many different kinds of notifications that we receive privately during the course of our day at work disrupt our work and affect our moods. This means that modern businesses are likely to be affected by more constant and low-level disruption than in the past due to notifications and workers responding and reacting to them (often putting work aside to do so). It is also important to remember that being connected to (and being able to deal with) general life matters (without having to take time off to do so) can have a positive effect on workers.

In terms of how businesses communicate with their staff, customers and other stakeholders, this research could be valuable in terms of helping to structure notifications so that they will be received in a positive way. For example, knowing the best time of day to send notifications, not sending too many in a short time, linking messages to social / human subjects, and including emojis could help businesses to communicate in a more beneficial way with their public.

Are You Unwittingly Making Crypto-Currency?


Scammers are secretly installing 'mining code' in websites so that they

What's Happening?
Hackers are operating a popular scam which involves installing 'mining script' code such as Coin Hive into multiple web pages without the knowledge of the website owners. The scammer then gets multiple computers to join their networks so that the combined computing power will enable them to solve mathematical problems. Whichever scammer is first to solve these problems is then able to claim / generate cash in the form of crypto-currency.

If, for example, a website is able to get one million visitors a month, and if the Coin Hive Web Miner for Monero (XMR) is used, it could generate an income of £88 in the Monero crypto-currency.

What Is Coin Hive?
Coin Hive is crypto-currency mining software written in Javascript, which sends any coins mined by the browser to the owner of the web site. If you visit a website where it is being used (embedded in the web page), you may notice that power consumption and CPU usage on your browser will increase, and your computer will start to lag and become unresponsive. These slowing, lagging symptoms will end when you leave the web page.

can use the computers of website visitors to help them generate digital cash or 'crypto-currencies'.

Cloud Being UsedThere are reports that this crypto-currency mining scam is now being extended to target cloud-based computing services. If hackers are able to break into a cloud account they can harness a huge amount of computing power and use multiple machines to try and generate more income.

With cloud billing services making it hard to detect the scam before it is too late, victims can be left with large bills for servers that hackers have been using for their coin mining.

Measures Being Taken
Many different measures are now being taken by companies and organisations to stop the surreptitious use of mining including:
  • Researchers in Illinois are developing a monitoring system that can spot the signs of mining software e.g. the increased activity in processors when working out the complicated maths problems. The researchers are working with a cloud company with a view to deploying it in their network, and have plans to extend the system to personal computers.
  • Government officials the Crimean council have reportedly been sacked for using mining software on government computers.
  • The creators of the FiveM add-on for the video game GTA (Grand Theft Auto) V have released an update which stops people from being able to add miners to their code.
  • Security service Cloudflare has suspended the accounts of some customers suspected of using mining scripts.

What Does This Mean For Your Business?
The increased CPU usage and slowing down of computers caused by mining scripts waste time and money for businesses. There are some simple measures that your business can take to avoid being exploited as part of this scam.

If, for example, you are using an ad blocker on your computer, you can set it to block one specific JavaScript URL which is https://coinhive.com/lib/miner.min.js . This will stop the miner from running without stopping you from using any of the websites that you normally visit.

Also, a dedicated browser extension called 'No Coin' is available for Chrome, Firefox and Opera. This will stop the Coin Hive mining code being used through your browser. This extension comes with a white-list and an option to pause the extension should you wish to do so.

Coin Hive's developers have also said that they would like people to report any malicious use of Coin Hive to them.

Maintaining vigilance for unusual computer symptoms, keeping security patches updated, and raising awareness within your company of current scams and what to do to prevent them, are just some of the ways that you could maintain a basic level of protection for your business.

Legal Threat From GDPR

Speaking at the recent IP Expo in London, Irwin Mitchell solicitors warned
businesses that focusing too much on consent as a basis for data collection could mean that they miss other options and issues, and leave themselves open to the risk of fines from the UK regulator when GDPR comes into force next year.

Consent
One of the key areas highlighted by the speaker from Irwin Mitchell was the fact that obtaining consent will be far more difficult under GDPR, and that the stricter rules around the gathering of consent with GDPR could mean that companies that rely on it entirely face the risk fines.

Under GDPR, businesses will need to demonstrate that they have a basis for transferring and processing user data i.e. ensuring that they have 'legitimate interests' i.e. showing that they are using data for legitimate business purposes and that no privacy rules are being breached.

What About Consent?
Consent where gathering and using personal data is concerned is a notoriously complicated legal area.

When the EU's General Data Protection Regulation (GDPR) comes into force next year businesses will need ‘explicit consent’ to legitimate certain forms of data processing. GDPR will essentially make a number of other changes to the way in which organisations will have to gain consent.

Consent under GDPR will have to be unbundled i.e. consent requests are separate from other terms and conditions, granular (a thorough explanation of options to consent must be given), named (state which organisation and third parties will be relying on consent), and documented (keeping records of how consent was gained).

Consent will also have to be easy to withdraw, and this means that if companies focus too much first on the consent aspect of GDPR as a legal basis for using personal data, it may be at the expense of other options, and could leave them open to legal risks that they had missed.

Complications For Businesses
  • Some of the complications that could lead to some businesses being open to legal threats are that:
  • Under GDPR implied consent will disappear.
  • Terms and conditions can no longer be used as a catch-all.
  • Businesses that rely to some degree on consent as a legal basis will need to redraft their forms to make them compliant.
  • Many current marketing consents are not clear enough, and companies will need to sort through them, make sure they are compliant, and refresh them every two years.

Revealed Gap
For many businesses, trying to prepare for GDPR has revealed just how far behind they have been with data protection practices anyway, and many are still trying to find data that they should have been securing for years. With the clock ticking, compliance is a daunting challenge.

Focusing On The Wrong Things
Some GDPR commentators have pointed out that many companies have been focusing on the wrong things in their preparations for GDPR because they don’t understand the real legal risks.

For many businesses, there needs to be (and there hasn’t been) enough of a focus on the use of technology in their preparations in order to be realistically compliant in time.

Businesses are also not in a position of to see the day-to-day cases in which EU regulators are forming a point of view on data protection.

What Does This Mean For Your Business?
There is now a pervading view that although the legal profession understands many of the ins and outs of consent, and the other important legal matters relating to GDPR, many businesses do not, and there is likely to be a quantum of illegality into May 2018 and beyond.

The whole area of what is meant by consent is so complicated and carries so many new obligations that data controllers should concentrate first on looking at other legal grounds as an alternative to consent.

Businesses could help their own preparations by focusing on how they can use technology to achieve compliance in time for GDPR, but may need to seek the current best legal information and advice to make sure that they are aware of, and are covered for the worst legal risks.