united kingdom exit from europe relative image

Warning that UK digital economy may be ‘at risk’ from Brexit

September 14th, 2017 Posted by News

Businesses have warned the UK’s £240bn data economy could be at risk unless a suitable Brexit transition deal is established by the Government.

Under EU regulations, businesses are only allowed to move data from within the bloc to countries outside of it if those countries meet the EU standards for data protection. This is intended to stop corporations laundering data to jurisdictions where they could use it for purposes that would not be allowed in the EU.

Although, as part of the EU, the UK is currently compliant with EU data protection law, it will become a separate jurisdiction after Brexit and will require an “adequacy” agreement in terms of its data protection laws.

To meet these requirements the Government has introduced a Data Protection Bill, which will enshrine the EU’s new General Data Protection Regulations in UK law, but businesses are concerned this may not be enough.

Josh Hardie, deputy director-general of the Confederation of British Industry, said the bill shows the Government “has taken the right steps… but in the long-term, we need an ‘adequacy decision’ with the EU, where the UK can prove our data laws and business environment meet EU standards”.

“Unless the Brexit negotiations find another way, getting such a deal would mean first becoming a ‘third country’. In other words, we’d need to leave the EU before that process could even begin.”

Edward Snowden leaked information about intelligence programmes.
Edward Snowden leaked information about intelligence programmes

The legal uncertainty of the UK being a “third country” would “affect jobs, growth and prosperity across the UK” he said.

“The last major data deal between the EU and a third country was with New Zealand and that took four years,” he added.

One of the most controversial adequacy agreements in recent years was made by the European Commission at the turn of the millennium, when it quickly asserted US legal principles complied with EU ones.

It stood by this decision even after Edward Snowden provided documentary evidence to the contrary, and would not concede the “Safe Harbor” arrangement was invalid until a legal challenge was escalated to the European Court of Justice.

Safe Harbor – the adequacy decision which allowed Facebook, Microsoft and others to transfer EU citizens’ data to the US – was declared void, and those data transfers became illegal overnight. However, they continued anyway.

Using contractual arrangements, US-based corporations continued to process EU citizens’ data while the commission quickly worked on putting together a new agreement.

 

Original story written by  Alexander J Martin, Technology Reporter at Sky News.

google-home-amazon-echo-apple-homepod

‘Dolphin’ attacks fool Amazon, Google voice assistants

September 8th, 2017 Posted by Latest News

Voice-controlled assistants by Amazon, Apple and Google could be hijacked by ultrasonic audio commands that humans cannot hear, research suggests.

Two teams said the assistants responded to commands broadcast at high frequencies that can be heard by dolphins but are inaudible to humans. They were able to make smartphones dial phone numbers and visit rogue websites. Many smartphones feature a voice-controlled assistant that can be set up to constantly listen for a “wake word”.

Google’s assistant starts taking orders when a person says “ok Google”, while Apple’s responds to “hey Siri” and Amazon’s to “Alexa”.

Researchers in China set up a loudspeaker to broadcast voice commands that had been shifted into ultrasonic frequencies. They said they were able to activate the voice-controlled assistant on a range of Apple and Android devices and smart home speakers from several feet away. A US team was also able to activate the Amazon Echo smart speaker in the same way. The US researchers said the attack worked because the target microphone processed the audio and interpreted it as human speech.

“After processing this ultrasound, the microphone’s recording… is quite similar to the normal voice,” they said.

The Chinese researchers suggested an attacker could embed hidden ultrasonic commands in online videos, or broadcast them in public while near a victim.

In tests they were able to make calls, visit websites, take photographs and activate a phone’s airplane mode. However, the attack would not work on systems that had been trained to respond to only one person’s voice, which Google offers on its assistant.

Apple’s Siri requires a smartphone to be unlocked by the user before allowing any sensitive activity such as visiting a website.

Apple and Google both allow their “wake words” to be switched off so the assistants cannot be activated without permission.

“Although the devices are not designed to handle ultrasound, if you put something just outside the range of human hearing, the assistant can still receive it so it’s certainly possible,” said Dr Steven Murdoch, a cyber-security researcher at University College London.

“Whether it’s realistic is another question. At the moment there’s not a great deal of harm that could be caused by the attack. Smart speakers are designed not to do harmful things. “I would expect the smart speaker vendors will be able to do something about it and ignore the higher frequencies.”

The Chinese team said smart speakers could use microphones designed to filter out sounds above 20 kilohertz to prevent the attack.

A Google spokesman said: “We take user privacy and security very seriously at Google, and we’re reviewing the claims made.”

Amazon said in a statement: “We take privacy and security very seriously at Amazon and are reviewing the paper issued by the researchers.”

eyeimage

Credit Suisse fund invests in ‘employee Big Brother’ technology

August 30th, 2017 Posted by News

Big Brother is coming to a workplace near you… with a little help from Credit Suisse. The Swiss bank’s NEXT Investors Fund has taken a majority stake in Sapience Analytics, an Indian “people analytics solutions company” which “delivers unprecedented visibility into work patterns and behaviour in an organisation”.

Sapience’s technology allows bosses to automatically track the work patterns of employees by monitoring their use of PCs, laptops, tablets and mobile phones. That sets it apart from traditional work monitoring systems which require users to log their activity in time sheets.

Sapience’s tools are already being used by “leaders of over 70 major customers to make better informed decisions and improve operating efficiencies across their enterprises”, according to a note announcing the Credit Suisse investment, the scale of which is not being disclosed. “We are seeing rapid growth for Sapience in the US market,” said Sapience chief executive and co-founder Shirish Deodhar, adding that the group will move its headquarters to the US as a result of Credit Suisse’s investment.

NEXT Investors was originally used to make fintech bets on behalf of Credit Suisse’s investment bank, but moved under the group’s asset management umbrella in 2013 so the Sapience investment will be funded using client money, not the bank’s. Two Credit Suisse veterans – NEXT Fund portfolio manager Greg Grimaldi and senior advisor Frank Fanzilli – are also joining the Sapience Analytics board.

Interestingly, there are “no plans” for Credit Suisse’s direct employees to use Sapience’s tools to monitor their own workforce but they will be used by some third parties that do work for Credit Suisse.

 

ransomewareaug

Ransomeware ‘here to stay’, warns Google study

August 22nd, 2017 Posted by Latest News, Subjects, Tech Talk

Cyber-thieves have made at least $25m (£19m) from ransomware in the last two years, suggests research by Google.

The search giant created thousands of virtual victims of ransomware to expose the payment ecosystem surrounding the malware type.

Most of the money was made in 2016 as gangs realised how lucrative it was, revealed a talk at Black Hat.

Two types of ransomware made most of the money, it said, but other variants are starting to emerge.

Track and trace

“It’s become a very, very profitable market and is here to stay,” said Elie Bursztein from Google who, along with colleagues Kylie McRoberts and Luca Invernizzi, carried out the research.

Ransomware is malicious software that infects a machine and then encrypts or scrambles files so they can no longer be used or read. The files are only decrypted when a victim pays a ransom. Payments typically have to be made using the Bitcoin virtual currency.

Mr Bursztein said Google used several different methods to work out how much cash was flowing towards ransomware creators. As well as drawing on reports from people who had paid a ransom, it sought out the files used to infect machines and then ran those on lots of virtual machines to generate “synthetic victims”. It then monitored the network traffic generated by these victims to work out to where money would be transferred. The data gathered in this stage was also used to find more variants of ransomware and the 300,000 files it found broke down into 34 of them.

The most popular strains were the Locky and Cerber families.

Payment analysis of the Bitcoin blockchain, which logs all transactions made using the e-currency, revealed that those two strains also made the most money over the last year, with Locky collecting about $7.8m (£5.9m) and Cerber $6.9m (£5.2m).

The research project also revealed where the cash flowed and accumulated in the Bitcoin network and where it was converted back into cash. More than 95% of Bitcoin payments for ransomware were cashed out via Russia’s BTC-e exchange, found Google.

On 26 July, one of the founders of BTC-e, Alexander Vinnik, was arrested by Greek police on money laundering charges. The police were acting on a US warrant and his extradition to America is being sought.

The gangs behind the ransomware explosion were not likely to stop soon, said Mr Bursztein, although established strains are facing competition from newer ones.

“Ransomware is a fast-moving market,” he said. “There’s aggressive competition coming from variants such as SamSam and Spora.”

Novel variants were expanding quickly and many were encouraging fast expansion by paying affiliates more if they placed the malware on to large numbers of machines. The ransomware as a service model was already proving popular, he warned.

“It’s no longer a game reserved for tech-savvy criminals,” he said. “It’s for almost anyone.”

Microcomms can help you with cyber security protection. Please contact us for advice and information.

 

GDPR

GDPR will change data protection – here’s what you need to know

August 18th, 2017 Posted by News, Uncategorized

General Data Protection Regulation, or GDPR, will overhaul how businesses process and handle data. Wired’s GDPR guide explains what the changes mean for you.

 

What is GDPR exactly?

The GDPR is Europe’s new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon. After publication of GDPR in the EU Official Journal in May 2016, it will come into force on May 25, 2018. The two year preparation period has given businesses and public bodies covered by the regulation to prepare for the changes.

Don’t we already have data protection laws?

Each member state in the EU operates under the current 1995 data protection regulation and has its own national laws. In the UK, the current Data Protection Act 1998 sets out how your personal information can be used by companies, government and other organisations.

GDPR changes how personal data can be used. Its provisions in the UK will be covered by a new Data Protection Bill, which has been announced by the government.

Is my company going to be impacted?

In short, yes. Individuals, organisations, and companies that are either ‘controllers’ or ‘processors’ of personal data will be covered by the GDPR. “If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR,” the ICO says on its website.

Both personal data and sensitive personal data are covered by GDPR. Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address… you name it. Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more.

These definitions are largely the same as those within current data protection laws and can relate to information that is collected through automated processes. Where GDPR differentiates from current data protection laws is that pseudonymised personal data can fall under the law – if it’s possible that a person could be identified by a pseudonym.

GDPR2

So, what’s different?

In the full text of GDPR there are 99 articles setting out the rights of individuals and obligations placed on organisations covered by the regulation. These include allowing people to have easier access to the data companies hold about them, a new fines regime and a clear responsibility for organisations to obtain the consent of people they collect information about. Here’s the low-down:

Accountability and compliance

Companies covered by the GDPR will be more accountable for their handling of people’s personal information. This can include having data protection policies, data protection impact assessments and having relevant documents on how data is processed.

Under GDPR, the “destruction, loss, alteration, unauthorised disclosure of, or access to” people’s data has to be reported to a country’s data protection regulator – in the case of the UK, the ICO – where it could have a detrimental impact on those who it is about. This can include, but isn’t limited to, financial loss, confidentiality breaches, damage to reputation and more. The ICO has to be told about a breach 72 hours after an organisation finds out about it and the people it impacts also need to be told.

For companies that have more than 250 employees, there’s a need to have documentation of why people’s information is being collected and processed, descriptions of the information that’s held, how long it’s being kept for and descriptions of technical security measures in place.

Additionally, companies that have “regular and systematic monitoring” of individuals at a large scale or process a lot of sensitive personal data have to employ a data protection officer (DPO). For many organisations covered by GDPR, this may mean having to hire a new member of staff. In this job, the person has to report to senior members of staff, monitor compliance with GDPR and be a point of contact for employees and customers.

There’s also a requirement for businesses to obtain consent to process data in some situations. When an organisation is relying on consent to lawfully use a person’s information they have to clearly explain that consent is being given and there has to be a “positive opt-in”.

Access to data

As well putting new obligations on the companies and organisations collecting personal data, the GDPR also gives individuals a lot more power to access the information that’s held about them. At present a Subject Access Request (SAR) allows businesses and public bodies to charge £10 to be given what’s held about them.

Under the GDPR this is being scrapped and requests for personal information can be made free-of-charge. When someone asks a business for their data, they must stump up the information within one month.

The new regulation also gives individuals the power to get their personal data erased in some circumstances. This includes where it is no longer necessary for the purpose it was collected, if consent is withdrawn, there’s no legitimate interest, and if it was unlawfully processed.

GDPR fines

One of the biggest, and most talked about, elements of the GDPR is the power for regulators to fine businesses that don’t comply with it. If an organisation doesn’t process an individual’s data in the correct way, it can be fined. If it requires and doesn’t have a data protection officer, it can be fined. If there’s a security breach, it can be fined.

Smaller offences could result in fines of up to €10 million or two per cent of a firm’s global turnover (whichever is greater). Those with more serious consequences can have fines of up to €20 million or four per cent of a firm’s global turnover (whichever is greater).

 

hacked

What to do if your business Social Media account is hacked

August 16th, 2017 Posted by Uncategorized

Even if you’re embarrassed, it’s important to let people know that you’ve been hacked – and most importantly, set up your accounts and educate staff to avoid it happening again.

If a business’s social media accounts are hacked, it can be hugely detrimental to its reputation and relationship with the public.

Here, security experts and social media professionals share advice on how to handle a hack and restore your company’s image.

Change passwords on all accounts

First, determine whether you’re still able to log into the hacked account.

“If you can log in, change the passwords on all your social media accounts – not just the ones that have been hacked,” advises Romain Ouzeau, chief executive of Iconosquare, an Instagram analytics company. “As some social media platforms offer the ability to log in via other sites and services [Tweetdeck, for example], you may be compromised on additional networks.”

As a general rule, Rob Brown, vice president of the Chartered
Institute of Public Relations
 (CIPR), advocates the use of a different password for each social media platform. “Update passwords every two months, choosing longer passwords that contain different characters, and use two-step verification if a social media service offers it,”
he says.

If you’re not able to log in, head straight to the social media company’s contact pages and tell the relevant team that you’ve been hacked.

Clean up the mess

If you’ve been hacked, there’s a chance that communications will have been sent from your account by the offender.

“If this happens, take a screen grab of the content before removing it,” says Lee Campbell, cyber computing lecturer at the University of Gloucestershire. “Then report the breach to the social media provider.

“If the compromised social media account includes content of a threatening, or abusive nature, report it to the police via Action Fraud, the UK’s national fraud and cyber crime reporting centre.”

Communicate and take control

Even if you’re embarrassed, it’s important to let people know that you’ve been hacked.

“Post an update from the reclaimed hacked account, stating what has happened and that unauthorised changes and/or communications may have occurred,” says Blaise Grimes-Viort, chief services officer for social media business, The Social Element.

“If any private or direct messages have been sent, contact those who received them directly to tell them what happened and that they shouldn’t click on any of the links that were sent.”

It’s also worth checking to see which third-party apps (auto post tools, for example) are connected to your social media profile. Review the list and delete any that you no longer use. If you keep seeing unwanted content posted through your account, you may want to revoke access for all third-party apps.

Prevention is the best plan

“If you have a response plan in place before an attack happens it means there are clear actions for employees to take – this helps members of staff act quickly and can help with damage limitation” recommends Microcomms in-house Cyber Security expert Richard Howard.

“The majority of cyber attacks are caused by human error – deliberate or not – so employee training and communication is vital and should also cover advice on spotting suspicious activity, such as phishing emails.”

There are also some simple things that you, as a business owner, can do to improve security across your network. Use the latest antivirus software, run frequent scans for malware (malicious software) and perform a regular off-site backup of your systems.

You can manually adjust the settings on your [social media] account profile pages, restricting who can see your posts, photos and user profile. Also, tighten access to your mobile devices by setting a pin number of at least six digits on each.

Microcomms carry out cyber security health checks, staff training and will provide advice and recommendations to keep your business well protected from attack.

UK mobile coverage winners revealed in study

July 28th, 2017 Posted by Voice
mobile_coverageThe provider of best mobile coverage in the UK is influenced by geography as well as the operator, a study suggests.

No one provider dominated, with EE coming out best in England, Vodafone the overall winner in Northern Ireland and Three in Scotland and Wales.

The study, from mobile network performance firm RootMetrics, also suggests that England has the highest amount of 4G while Wales trails behind.

Operators will bid for fresh spectrum for faster services later this year.

“These latest results have really shaken things up and show the increasing competitiveness in the UK, particularly over the last six months,” said Scott Stonham, general manager of Europe for RootMetrics.

“EE continues to lead the way, but Three and Vodafone are close behind. What is clear is that each operator showed strong performance in at least one particular country, while nobody was able to sweep the board at the four-nations level.

“UK consumers have strong mobile options depending on how and where they use their devices most,” he added.

The report assessed availability of 4G services across the UK, examining six categories, including network reliability, network speed and data performance.

  • England – EE (91%), Vodafone (83%), O2 (82%), Three (69%)
  • Northern Ireland – EE (90%), O2 (83%), Vodafone (80%), Three (61%)
  • Scotland – EE (83%), O2 (80%), Vodafone (76%), Three (59%)
  • Wales – EE (79%), Vodafone (60%), O2 (60%), Three (54%)

In the UK’s 16 largest cities, EE received the highest scores in all categories. It was also judged the UK’s overall best-performing network, due to England’s larger population.

Three won the award for reliability.

Ian Fogg, an analyst at research firm IHS Markit said: “To succeed, mobile operators must balance the amount of spectrum they own with how they manage their networks.”

Merger distraction

O2, which did not win in any category may have been hampered by its planned merger with Three, which was blocked.

“It may have been a distraction which meant things like discussions around network planning were put off,” he said.

“Added to that, O2’s challenge is that it has less spectrum than some of its competitors but a large customer base.”

In response the company said: “We spend over £2 million every day improving network service and expanding coverage”, adding “different network surveys produce different results”.

Although 5G is still some years away from commercial availability, Ofcom is due to auction 3.4GHz spectrum in October, which will be used for the next generation of mobile networks.

The regulator has capped the amount of spectrum each operator can bid for. EE is not allowed to bid in the 2.3GHz category, which will be auctioned at the same time and can be used to enhance 4G.

EE currently has around 45% of the UK’s usable spectrum, following its acquisition by BT, which bid for spectrum in 2013 even though it did not have a mobile division at the time.

Further auctions of spectrum suitable for 5G are expected in 2019.

The timeframe for the auctions could be delayed because of legal challenges from Three.

customermsile

Re-thinking Customer Loyalty in Cornwall

July 20th, 2017 Posted by Industry Focus, retail

A new app – Alliop, is revolutionising the way customer loyalty works in Truro.

alliop

By downloading the free  smartphone app, customers can earn ‘stamps’ at outlets, which accumulate to unlock rewards.

Customers are encouraged to tap their smartphone on the provided iBeacon, a small battery operated standlone Bluetooth-enabled transmitter, which wirelessly connects with modern smartphones. A quick tap adds points, which accumulate in order to gain rewards as set by the business.

By offering rewards in a similar way to the traditional loyalty card, customers are incentivised to continue visiting.

Early adopter Cornish Food Box Company director, Tor Amran, comments: “Previously we had two paper stamp cards for coffee and pasties, but we had no idea how many cards were in circulation, how many stamps people had or how frequently they were visiting. With Alliop we now have access to this information at the push of a button and we can contact customers directly with bespoke messages.”

Several companies in Truro are now involved with the scheme – Illustrated Living, Mustard & Rye, Plum Boutique and Secret Truro. The hope is to spread take up of the app across Cornwall so visitors and locals can all take advantage.

Business Insights

Alliop’s easy-to-use marketing tools allow businesses to send targeted and personalised SMS messages, emails and push-notifications via a comprehensive customer relationship management portal. With each tap businesses can gain greater insight into a variety of areas including frequency of visit and how recently customers have visited. Further to this, customer details such as email address and mobile phone number allow for direct communication to develop engagement further.

If you’d like to know more about Alliop,how it works and pricing, get in touch with Microcomms and we can talk you through the technology and help you engage your customers in a loyalty scheme that works for both of you.

 

hpzsyrde4o_0c70c677_df0b_e9c2_ca45_d8748c4acfbd

A Timeline of Future Technology

July 18th, 2017 Posted by News

infographic-timeline-of-future-technology

365

New Microsoft Bundle includes Windows 10

July 12th, 2017 Posted by IT Services, Subjects

Microsoft has bundled up its core products for businesses for a monthly fee, to encourage companies to upgrade to Windows 10. Its new offering, Microsoft 365, includes Office 365, Windows 10, and Enterprise Mobility + Security, for a monthly, per-user fee.

By wrapping its products into one package, the company is making it easier for businesses big and small to manage and pay for the software. It also pushes customers to the latest versions of Office and Windows and, as it’s subscription-based, ensures they’ll always have the latest version of software – something Microsoft are keen to encourage among its user base. In the recent Cyber Security attacks, Microsoft have scrambled to produce patches for their old software, but this has still left some users vulnerable. Having latest versions should help alleviate this pressure.

There are two main versions of the new package:

Microsoft 365 Business

Caters for businesses with up to 300 users. Alongside Windows, Office and the security tools, the bundle will also include Microsoft’s mileage tracking app, called Mile IQ, and previews of three new SMB-focused apps: Listings, for email marketing; Connections, to help publish your business information online; and Invoicing. It will hit public preview on 2 August and be available in the autumn.

Microsoft 365 Enterprise

For larger companies, Microsoft 365 Enterprise comes in two versions E3 and E5, with both available on 1 August. The former comes with Office, Outlook and Exchange, Teams, Skype for Business, SharePoint, Yammer and Microsoft’s threat protection system, as well as analytics and management software. E5 adds further analytics and compliance tools, and Microsoft’s advanced security tools, as well as PSTN Conferencing and Cloud PBX.

Speak to Microcomms about any 365 needs – we’ve got all the packages covered. We can help you determine which is the right solution for you and your business.