Author: Andy Miller

Samsung’s Advice To Virus-Check TVs Causes Customer Concern

Posted on by Andy Miller

Samsung’s recent release of a how-to virus check video coupled with the advice to complete the check “every few weeks” has caused confusion and concern among customers.

Video

At the heart of Samsung’s virus-checking information release was a 19-second video guide that Samsung said had been posted simply to educate and inform customers. The video guide, which was watched more than 200,000 times, was presented to customers via a tweet which it is reported, has since been deleted.

The video showed Samsung TV owners how to access the sub-menu and go to the System Manager to conduct their own “Smart Security Scan”.

Although this feature is already built-in to Samsung TVs, it was the fact that the tweeted video contained the advice that customers would need to carry out the scan themselves every few weeks to prevent malicious software attacks that caused concern that there were known attack attempts or that their QLED TVs were vulnerable in some way.

Misunderstanding

Samsung is since reported to have said that the video was simply for information and was a proactive way to remind and educate customers that the feature existed and how to operate it as a preventative measure and that the video was not sent as a reaction to a specific current threat.

What Are The Risks?

A smart TV is essentially an IoT device, and as such, faces similar potential risks to other IoT devices, although Samsung TVs don’t appear to be at any more of risk than other devices.  In fact, back in 2017, after claims that many zero-day vulnerabilities had been found in Samsung’s smart TV operating system, the company reminded users that its TVs already contained features that allowed them to detect malicious code at platform and application levels.

That said, Samsung’s Smart TVs are likely to have a built-in microphone, an Internet connection with streaming apps, and customers may enter credit card details for buying on-demand video content. All this means that the potential privacy and security risks exist.

What Does This Mean For Your Business?

It appears that security and privacy are very sensitive subjects for consumers and that an attempt to remind customers about a security feature ended up highlighting one of the risks of owning a smart TV, leading to concern and an unnecessary PR gaffe.

In the light of the tweet and video, some security commentators have criticised Samsung for making security checks the responsibility of the customer rather than the company sending out automatic security updates.  Also, the company may be expecting too much of some of its customers to ask them to delve into the perhaps complicated sub-menu to find the virus scan feature, and to do so on a regular basis.

ICO’s Own Website Fails GDPR Compliance Test

Posted on by Andy Miller

Irony and embarrassment are the order of the day as the Information Commissioner’s Office, which is responsible for ensuring GDPR compliance in the websites of businesses and organisations has been forced to admit that its own website is not GDPR compliant.

Cookie Consent Notice

The problem, as pointed out to the ICO by Adam Rose, a lawyer at Mishcon de Reya, is that the ICO’s website currently uses implied consent to place cookies on mobile devices, which is prohibited under the Electronic Communications Regulations (PECR) 2003.  These Regulations operate alongside GDPR, and as highlighted on the ICO’s own website, consent needs to be clearly given for cookies (e.g. by a tick box) and where they are set, the website needs to give users, mobile or otherwise, a clear explanation of what the cookies do and why.

Article 6

It has been reported that Mr Rose argued that the ICO’s own website’s cookie consent tools were at odds with Article 6 of PECR.

ICO’s Own Guide

For example, in the ICO’s own online guide, in terms of getting marketing consent, it states that “some form of very clear positive action” is needed, “for example, ticking a box, clicking an icon, or sending an email – and the person must fully understand that they are giving you consent”.

Cookies Admission

Under “Cookies” in the guide, and in admission of not being fully compliant itself at the moment, the ICO now states that “We use a cookies tool on our website which relies on implied consent of users.  In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.  This means that we are in the process of updating the tool (Civic Cookie Tool) which, by default, requires explicit opt-in action by users of our website.”

This means that the ICO has yet to upgrade to the version of the Civic Cookie Tool which includes explicit opt-in, and therefore, the ICO isn’t currently compliant with the laws that it is supposed to help implement and uphold.

Why?

Even though the ICO announced back in May last year that it would be upgrading to the new version of the Civic Cookie Tool, this has not yet happened. This appears to indicate a possible failure on the ICO’s part in the planning and implementation aspects of this particular tool on its website.

Also, as some tech and security commentators have pointed out, there is still a lack of clear legal rules on cookie compliance, and this has even led to confusion on some points among data protection experts.

It could also be argued that a lack of regulatory enforcement against cookie compliance breaches may mean that most website operators can still put consent rules to the bottom of the list of business priorities with no fear of consequence.  It’s also unclear if the regulator would or would not be able to carry out some kind of enforcement of the law against itself.

What Does This Mean For Your Business?

Many businesses may be thinking that, aside from the obvious irony of the regulator not being totally compliant, what hope do the rest of us have of getting it right if the ICO can’t?

This story could also act as a reminder to businesses that consent is a complicated area in data protection, and that it may be worth revisiting what cookie consent tools are in place on their websites and whether they are up to date and compliant.  For example, as the ICO has discovered, if you’re responsible for implementing the updated version of tools relating to your GDPR compliance, the planning and implementation needs to be managed in order to avoid unwittingly leaving the organisation open to possible infringements of current regulations.

Revenue Risk To UK Companies Too Slow To Adopt AI

Posted on by Andy Miller

Research from the McKinsey Global Institute shows that UK companies could lose 20% of their cash flow if they are too slow to invest in and adopt Artificial Intelligence (AI) tools.

Could Miss Out

Even though the report highlighted the UK’s higher than average AI-readiness, the country could miss out on a potential 22% boost to the economy and a 120% growth for individual businesses if organisations do not start investing now in AI tools that could help them gain considerable competitive advantages.

Investment Pockets

The research noted that the UK currently only has pockets of innovation for AI e.g. Google’s DeepMind AI division, and that in order to replicate this kind of innovation for growth, businesses need to be in a position where they can offer AI at scale, invest in the necessary talent and find ways to use the findings of the latest research to help achieve commercial success.

IT Skills Shortage

The UK already has an IT skills shortage and is experiencing a “brain drain” from UK university talent to US companies, a further brain drain pressure caused by Brexit fears, and the pull of attractive higher salaries and advanced tech sector careers in tech firms overseas.

Oxford University – Massive Donation For AI

One way of combatting an AI brain-drain and helping to grow UK AI talent which could help UK businesses with AI is to have an AI centre in the UK.  Oxford University has just received the largest single donation to a UK university of £150m from US private equity billionaire and Republican political adviser Stephen Schwarzman for the purpose of building an institute to study the ethics of AI. Mr Schwarzman is reported as saying that artificial intelligence is the major issue of our age.  He has also given £279m to the Massachusetts Institute of Technology (MIT) to establish a centre for computing and artificial intelligence.

What Does This Mean For Your Business?

Both this research, and some Nesta research from last year have highlighted how UK businesses may be facing added competitive challenges and missing out on revenue in the not-too-distant future due to an ongoing skills shortage that has been amplified and exacerbated by Brexit uncertainty, and by late investment in and adoption of AI.

McKinsey’s latest research builds on its research from last year where it attempted to simulate the effects of AI on the global economy.  The results showed that AI could deliver additional global economic activity of around $13 trillion by 2030, or about 16 per cent higher cumulative GDP compared with today. This, of course, would be good for businesses that have invested in AI, and where many of the potential challenges are adequately tackled e.g. the UK’s IT skills shortage.  It should also be accepted that the productivity growth that AI could help fuel is likely to be affected by a host of different factors in different parts of the world e.g. labour automation, innovation, the pace of adoption of AI, and the global connectedness or labour-market structure of any given country.

It is also worth noting that AI can deliver threats as well as opportunities, in the form of AI-based cyber-attacks which are a developing risk to whole nations and economies as well as individual businesses. This is certainly one area where nations such as the UK must invest in its own AI defence structures and tools.

Tech Tip – ExpressVPN App

Posted on by Andy Miller

If you’d prefer to keep your communications from your mobile device as secure as possible you may like to try a secure VPN app such as ExpressVPN.

The Express VPN app is straightforward to use, offers both a virtual private network and a number of advanced features such as the choice of connecting to 100+ servers around the world. ExpressVPN, which hides your IP address and encrypts your network data offers apps for every device you own on a single subscription: Windows, Android, iOS, Linux, routers, and more.

The app is available from the Google Play store and Apple’s App Store / iTunes.

Facial Recognition Glasses For Covert Surveillance

Posted on by Andy Miller

The “iFalcon Face Control” AR glasses that incorporate an 8-megapixel camera in the frame and NNTC facial recognition technology (are due to go on sale next year) are reported to have already been deployed into several security operations.

US / Dubai Manufactured

The facial recognition-enabled smart glasses are made by American company Vuzix and use facial recognition algorithms from Dubai-based company NNTC.  It has been reported that the NNTC facial recognition algorithms rank in the top three for accuracy in the US government’s Face Recognition Vendor Test and can detect up to 15 faces per frame per second, thereby enabling them to identify a specific individual in less than a second.

To date, only 50 pairs of the facial recognition-enabled glasses have been produced, all of which have been sold to security and law enforcement and are, according to NNTC, being used as part of security operations in the United Arab Emirates capital Abu Dhabi.

The iFalcon Glasses Won’t Need An Internet Connection

The iFalcon Face Control glasses that are due to go on sale next year will come with a portable base station.  This will mean that they will have a portable connection to a stored a database of targets, thereby giving the user greater mobility as they won’t need an Internet connection for the software to function.

Similar Used In China

Facial recognition glasses have already been used by police forces in China last year in order to keep blacklisted people e.g. certain journalists, political dissidents, and human rights activists away from the annual gathering of China’s National People’s Congress.

Other Deployments

Known use of facial recognition for law enforcement already happens in the US through its incorporation with body cameras and CCTV cameras, and in the UK it has been used in deliberately overt trials and deployments e.g. a two-day trial in Romford, London by the Metropolitan Police in December 2018 using use vehicle-mounted cameras, at the Champions League final at the Millennium Stadium in Cardiff 2017, and at the Notting Hill Carnival in 2016 and 2017.

Criticism and Problems

The use of facial recognition technology at events and trials in the UK has, however, come under fire over several issues including poor levels of accuracy, a lack of transparency in how it is used, the possible infringement of privacy and data security rights e.g. what happens to images, and value for money in terms of deployment costs versus arrests.

This led to ICO head Elizabeth Dunham launching a formal investigation into how police forces use facial recognition technology (FRT) in the UK.

Data security and privacy are such thorny subjects for agencies, organisations and businesses alike that even though using facial recognition to help organise photos has been a standard feature across the social media industry, Microsoft is now issuing an update to its Windows 10 Photos app that prompts users to perform the almost impossible task of confirming that all appropriate consents from the people in the user’s photos and videos have been obtained in order to use facial recognition to find photos of friends and loved ones.  This move shifts the burden of responsibility away from Microsoft to the user.

What Does This Mean For Your Business?

The covert and mobile nature of these new glasses not only seems to be somewhat dystopian and ‘big brother’ but could, in theory, provide a way for users to simply get around existing data protection and privacy laws e.g. GDPR.

As a society, we are to an extent, used to being under surveillance by CCTV systems, which most people recognise as having real value in helping to deter criminal activity, locate and catch perpetrators, and provide evidence for arrests and trials. The covert use of facial recognition glasses is, however, another step further on from this and from the deliberately overt and public trials of facial recognition in the UK to date.  As such, to be used in the UK, it will require faith to be put in the authorities that it is used responsibly, and that its accuracy is proven, and that rights groups are able to access facts, figures, and information about the technology, where and how it is used, and the results.  Presumably, the ICO may also have questions about the use of such glasses.

If there is no public transparency about their use, this could also result in suspicion, campaigning against their use and a possible backlash.

Criminal Secrets Of The Dark Net Revealed

Posted on by Andy Miller

Recent Surrey University research, ‘Web Of Profit’ commissioned by virtualisation-based security firm Bromium has shown that cyber-criminals are moving to their own invisible Internet on the so-called ‘dark net’ to allow them to communicate and trade beyond the view of the authorities.

What Is The Dark Net?

The dark net describes parts of the Internet which are closed to public view or hidden networks and are associated with the encrypted part of the Internet called the ‘Tor’ network where illicit trading takes place.  The dark net is not accessible to search engines and requires special software installed or network configurations made to access it e.g. Tor, which can be accessed via a customised browser from Vidalia.

Deeper

Infiltration and closing down of some of the dark net marketplaces by the authorities are now believed to have led to cyber-criminals moving to a more secure, invisible part of the dark net in order to continue communicating and trading.

How?

Much of the communication about possible targets and tactics between cyber-criminals now takes place on secure apps, forums and chatrooms.  For example, cyber-criminals communicate using the encrypted app ‘Telegram’ because it offers security, anonymity, and encrypted channels for the sale of prohibited goods.

Diverse Dark Net Marketplace

Posing as customers and getting first-hand information from hackers about the costs a range of cyber-attacks, the researchers were able to obtain shocking details such as:

  • Access to corporate networks is being sold openly, with 60% of the sellers offering access to more than 10 business networks at a time. Prices for remote logins for corporate networks ranged from only £1.50-£24, and targeted attacks on companies were offered at a price of £3,500.
  • Phishing kits are available for as little as $40, as are fake Amazon receipts and invoices for $52.
  • Targeted attacks on individuals can be purchased for $2,000, and even Espionage and insider trading are up for sale from $1,000 to $15,000.

Corporations Targeted

One thing that was very clear from the research is that cyber-criminals are very much focusing on corporations as targets with listings for attacks on enterprises having grown by 20% since 2016. The kinds of things being sold include credentials for accessing business email accounts.

Specific Industries

The research also showed that cyber-criminals are moving away from commodity malware and now prefer to tailor tools such as bespoke versions of malware as a way of targeting specific industries or organisations.  For example, the researchers found that 40% of their attempts to request dark net hacking services targeting companies in the Fortune 500 or FTSE 100 received positive responses from sellers, and that the services on offer even come with service plans for conducting the hack, and price tags ranging from $150 to $10,000, depending on the company to be targeted.

The industries that are most frequently targeted using malware tools that are being traded on the dark net include banking (34%), e-commerce (20%), healthcare (15%) and even education (12%).

Researchers also uncovered evidence that vendors are now acting on behalf of clients to hack organisations, obtain IP and trade secrets and disrupt operations.

What Does This Mean For Your Business?

The dark net is not new, but some commentators believe that the heavy-handed nature of some of the police work to catch criminals on the dark net is responsible for pushing criminal communication and trading activity further underground into their own invisible areas.  End-to-end encrypted communications tools such as Telegram mean that cyber-criminals can carry on communicating beyond the reach of the authorities.

The research should show businesses that there is now real cause for concern about the sensitive, informed and finely tuned approach that cyber-criminals are taking in their targeting of organisations, right from the biggest companies down to SME’s.  This should be a reminder that cyber-security should be given priority, especially when it comes to defending against phishing campaigns, which are one of the most successful ways that criminals gain access to company networks.

Law enforcement agencies also need to do more now to infiltrate, gather intelligence, and try to deter and stop the use of different forums, channels and other areas of the dark net in order to at least prevent some of the more open trading of hacking services and tools.

Mastercard’s AI-Based Digital Wellness Could Make Online Purchasing Easier and Safer

Posted on by Andy Miller

Mastercard has announced the introduction of its Digital Wellness program which utilises AI-based click-to-pay technology and new standards in order to provide an easier and safer online shopping experience.

The Program

The Mastercard Digital Wellness program provides tips and resources that are designed to help businesses (especially small and independent businesses) protect themselves from cyber-attacks and data breaches. The program includes Secure Remote Commerce, Mastercard’s Cyber Readiness Institute (a collective of business leaders), and The Global Cyber Alliance which provides SMBs with free cyber-security tools.

New Click-To-Pay Checkout System

Coming out of the Digital Wellness Program is Mastercard’s new click-to-pay checkout system which is enabled by Mastercard’s deployment of EMVCo’s (Europay, Mastercard, Visa) specification. The standards that make up EMVCO’s specification provide a foundation that enables the processing of e-commerce transactions in a consistent, streamlined fashion over a variety of digital channels and devices, including smartphones, tablets, PCs and other connected devices.

This means that the click-to-pay checkout system can be used for all kinds of online shopping, across multiple devices, and across cards, and can replace old key-entry checkout systems.

Tokenization and NuData

The click-to-pay checkout system incorporates tokenization and NuData, which represent Mastercard’s AI and machine learning tech. NuData can prevent fraud by (for example) monitoring website traffic changes, analysing changes in browsers and web surfing speeds, and verifying all the user data that makes a user unique (such as an individual’s scroll speed on their device).

The inclusion of AI technology means greater security and no need for customers to enter passwords when they pay.

The Advantages

The key advantages of the click-to-pay checkout system from the Digital Wellness Program are that:

  • It tackles the problem that customers feel unease when it comes to paying for things online because of the added security.
  • It’s fast and easy – the instant click-to-pay with no need for passwords tackles the reluctance of online shoppers to create a new user account.
  • Merchants who adopt the system have a system from a known and trusted provider that could give them a better chance of preventing fraud.

These factors mean that the system could make customers more likely to feel comfortable shopping for things on smaller websites or with unknown retailers.

What Does This Mean For Your Business?

For Mastercard, this is a way of selling its services to the huge market of smaller and independent businesses.

For merchants, it’s a way for them to leverage the latest AI tech to protect themselves and their customers from fraud, and tackle popular known barriers to purchases from smaller retailers online i.e. worries about security and the unwillingness to take the time to set up a new user account when they want to buy something.

For customers, the system should provide a safe and fast purchasing experience which can only reflect well on the merchant.  It remains to be seen, however, how many merchants take up the new system and what the cost versus benefit implications will be.

Accounting Systems Too Complex (And Lack Investment)

Posted on by Andy Miller

A recent Barclaycard survey shows that 48 per cent of Chief financial officers (CFOs) think that current accounting systems are too complex.

Complex Systems

According to the survey, some of the main reasons that CFO’s find their accounting systems to be too complex are that they are not digitised enough and too are labour intensive.  This is the reason why 44% of CFOs say that they would want more automation when they upgrade.

Not Investing Could Be Affecting Bottom Line

The Barclaycard survey also found that a Chief Financial Officer’s (CFO’s) leadership style and willingness to invest in their financial and accounting software has a real impact on their businesses’ bottom line.  For example, over a fifth (22%) of finance heads believe their accounting software is out of date, which, according to Barclaycard, could mean that UK CFOs are missing out on £6.7 billion each year by not taking advantage of early payment discounts.

Complex And Out Of Date

According to Barclaycard’s survey results, even though 85% of the CFOs surveyed said they recognise the need to continuously invest in their accounting systems, this is clearly not happening and this may be because more than three-quarters (77%) admit to not having time and resources to find the right one.

This lack of investment and time, coupled with apparent resistance to change in many businesses appears to have led to a situation whereby 22% of businesses are using out-of-date accounting software, with 40% of businesses not having upgraded their accounting software for five years!

Missing Out

Barclaycard’s survey indicates that because many accounting software systems are outdated, companies can’t automate payments to meet supplier conditions for an early settlement discount, and this could mean that UK corporates are missing out on of £14.4bn of saving per year (the equivalent of £75,389 per business).

The Survey

This survey, conducted on behalf of Barclaycard conducted by Opinium Research in February 2019, was carried out among 500 senior financial decision makers in companies with turnover of £6.5 million or more and who do not outsource their accounts payable.

What Does This Mean For Your Business?

Even though the research was conducted by Barclaycard, which has an interest in accounting systems, it does highlight some of the challenges and barriers to upgrading that many businesses face, such as not having the time, money, and other resources to help them invest in a new system, thereby making them miss out on possible savings from early settlement discount.

It is not just with accounting systems that businesses would like to reduce complexity and increase automation where possible but struggling with accounting technology and systems is certainly not uncommon.  For many small businesses, it’s often a case of using desktop accounting software with related third-party apps and integration without much software training and asking the accountant for technology advice.  For example, a recent Zoho and AccountingWeb report showed that small businesses ask their accountants for technology advice 83% of the time, and 40% of those accountants say they are asked technology questions up to 20 times a month.

Premium, Paid For Version Of Mozilla’s Firefox Planned

Posted on by Andy Miller

It has been reported that Mozilla will be introducing a (paid for) premium subscription-based Firefox service this October to run alongside the free, open-source Firefox browser.

Why?

Mozilla’s share of the (free) browser market has been squeezed by some heavy competition from Google’s Chrome browser and although the Firefox browser is present on many computers and is used to sell people services, it isn’t actually making Mozilla any money.  Also, Mozilla relies heavily on revenue that it receives from search companies that pay to be featured in the Firefox browser, with much of that money coming from its competitor Google. Mozilla, therefore, is looking to diversify and find a way to build its own additional independent revenue stream from the bundling of value-adding services that it already has.

What?

Reports indicate that the new paid for bundled service could include:

  • VPN bandwidth that exceeds what’s available (free) via Mozilla’s ProtonMail VPN partnership i.e. giving paying customers for its new service access to a premium level VPN bandwidth.
  • An as yet, unspecified allotment of secure cloud storage.

Other possible parts of the bundled subscription service could include (although this has not been confirmed):

  • Mozilla’s free file transfer service “Firefox Send”.
  • Mozilla’s password manager “Lockwise”.
  • Firefox Monitor, Mozilla’s service, similar to HaveIBeenPwned.com, which allows you to check whether your personal information has been compromised by any of the numerous data breaches.
  • The “Pocket” application, also known as “Read It Later” which helps with managing a reading list of articles from the Internet by letting you save web pages and videos to Pocket in just one click. Mozilla acquired this service in 2017, and it already has a Premium version available for $45 per year.
  • Tools from ‘Scroll’ (a start-up working with Mozilla) that could result in users of the new premium service getting access to certain news sites.

How Much?

Current reports indicate that the premium Firefox service could cost users around the $10 per month mark.

Still Free Firefox

Mozilla has announced that it won’t charge for existing Firefox features as part of its shift to offering subscription services and that the free Firefox browser will continue to run as normal.

What Does This Mean For Your Business?

For Mozilla, this offers a way to diversify and generate a stream of revenue that isn’t connected to Google and monetises the synergies that it can get from a bundle of some of the products and services that it already owns. It’s also another way to compete in a tough browser market where there is one very strong and dominant market leader that already monetises popular advertising services that display across other browsers and platforms.

For users, access to a premium level VPN bandwidth and secure cloud storage from a known and trusted brand may justify a monthly subscription, particularly with some of the other value-adding services that could be bundled in and may not have been tried businesses to date.

Tech Tip – Night Light For Windows

Posted on by Andy Miller

If you leave your computer on and/or need to work late into the evenings, for example, the Windows 10 ‘night light’ feature enables the gradual limitation of the colour spectrum from your computer so that your body’s Melatonin (the bedtime-indicating chemical) isn’t impeded.

When a screen is left on it emits blue light which can keep you overly awake.  With the night light setting on, warmer colours are displayed which can help you sleep.  Windows knows what time zone your computer is in so scheduling it for your sunset and sunrise should be easy.

To activate night light:

Go to ‘Settings’, click on ‘System’.

Put night light ‘On’ and click on ‘night light settings’ to select ‘colour temperature’.  You will also see a ‘Turn on Now’ button to help you get the right colour temperature.

Under ‘Schedule’, toggle ‘Schedule night light’ to ‘On’.

Either select ‘Sunset to sunrise’ or select ‘Set hours’ and enter custom times for the night light to turn on and off.