Data Security

Featured Article – Google: What Do they Know About You?

Posted on by Andy Miller

To have access to Google’s many features and services, as with other platforms, we need to give some personal information and then sign-in, but have you ever wondered just how much information Google keeps about you and your activities?

Google

This article looks as some of the many different types of personal information that Google stores, and how you can manage the situation, and reduce any potential risks that you may perceive as coming from your personal data being stored by Google.

Your Personal Data

Many of us accept that certain personal information needs to be stored privately with Google, but you may wish to know which information Google categorises as ‘public’.  To check this, login to your Google account, go to ‘Manage Your Google Account’, click on ‘Personal Info’, scroll down to ‘Choose What Others See’ and click on ‘Go to About me’.  Here you’ll be able to see which information is ‘hidden’ e.g. with a padlock icon, or ‘visible’ with an earth icon.  From here you can also click on ‘Privacy Check-up’ link so that you can manage other aspects of what information is stored about you and your Google-based activities.

‘Data and Personalisation’ Section

When you log into your Google account, go to your account page and click on the ‘Data and Personalisation’ link.  At this point, you will be able to see if your ‘Web & App Activity’, ‘Location History’ and ‘YouTube History’ are switched on or off.  If they in the ‘On’ position on tick-box control, then you can assume that Google is tracking and storing plenty of your data relating to these factors.

Web & App Activity

As the name suggests, this relates to your activity on Google sites and apps, and this also includes your location. The stated reason for collecting this information (with your consent, via the toggle control) is to give you “personalised experiences”.  Within the ‘Activity Controls’ section here you should also be able to see tick-box controls for the tracking and storing of your Chrome history and activity from sites, apps and devices that use Google services, and for including any voice and audio recordings.

You can stop Google from tracking this further by turning off the blue toggle switch in the ‘Activity Controls’ section relating to your Web & App Activity which then gives you the option to ‘pause’ this type of tracking.

If you’d like Google to automatically delete this data either every 3 or every 18 months, you can select the gear icon and choose the ‘Automatically Delete’ option and then choose which timeframe. Once this has been done Google will immediately delete current data that’s older than the timeframe specified by you.  Also, you choose to Delete activity by either Last hour, Last day, All time or a custom range.

Location History

By allowing Google to track your location history, Google can record and display information about where you’ve been with your devices, even if you haven’t been using a specific Google service at the time.

The positive aspects of Google storing this information is that you can get personalised maps and recommendations from Google based on places that you’ve visited, and if you click on the ‘Manage Activity’ link in your location history section in Google, it can be interesting to see where you’ve been on holiday and checked in with your location.  Google lists all of what it calls the ‘confirmed’ places you’ve visited (which Google gives you the option to confirm yourself) and the so-called ‘unconfirmed’ places.

The disadvantage of Google storing (and of you reviewing) this kind of information is that if it fell into the hands of criminals or those you would specifically not want to know where you are the data could be a threat damaging e.g. showing a burglar that you’re away from your home on holiday.  You may also feel personally that the information stored about your habits is a little bit too much like ‘big brother’ or borders on an infringement of your privacy.

You can stop Google from tracking this further by turning off the blue toggle switch in the ‘Activity Controls’ section relating to your Location History which then gives you the option to ‘pause’ this type of tracking.

If you’d prefer Google to automatically delete this data either every 3 or every 18 months, you can select the gear icon and choose Automatically delete Location History, then choose which timeframe. Once this has been done Google will immediately delete current data that’s older than the timeframe specified by you. You can go back over these steps and check that the visual location timeline is empty is you really want to be sure that Google has complied with your request.

Your YouTube History

Google tracks your YouTube search and watch history i.e. what videos you’ve searched for, watched and when, and this is used by Google to show videos at the top of the page when you next visit YouTube that you may be interested in based on your History.  There could, however, be several downsides to this e.g. on a shared computer, not wanting others to see which videos you have been watching, or the suggestions may not be things you are actually interested in at that point in time.

As with the other aspects of what Google stores and tracks, it’s a case of following the arrow next to ‘YouTube History’ link in your ‘Data & personalisation’ section of Google and setting your preferences from there.

Your Purchase History

CNBC research in May 2019 highlighted how Googlemail creates a (difficult to delete) page of your purchase history which it was believed was created by tracking your purchase receipt emails, and perhaps details stored in locations other than the inbox.

Google states in its accounts help section that “Your Google Account includes purchases and reservations made using Search, Maps, and your Assistant” (note that there’s now no mention of Googlemail) and according to Google, the feature is included as a way of organising things “to help you get things done”.  Getting things done, for example, means asking your Google Assistant about the shipping status of a purchase, or asking your Google Assistant to show you your flight reservations, or using Google’s search to ask questions like, “Is my flight on time?”

Deleting From Your Purchases Page

In Google’s help section here https://support.google.com/accounts/answer/7673989 and in the subsection ‘delete your purchases and reservations’, Google provides instructions on how to delete them i.e. sign in to your Google account, go to the Purchases page (for which a link is provided),  view your purchase details and select ‘Remove Purchase’, and follow the on-screen deletion instructions.

Downloading Your Data

If you’d like to download the data from the Google ‘products’ you’ve used, Google lets you do this here: https://support.google.com/accounts/answer/3024190?hl=en&ref_topic=7188671

Beware

Even though Google does appear to allow you to manage most aspects of what data is collected about you and your activities when signed in, there have been suggestions, reports and stories published online that may indicate that you could still be tracked by Google when signed-out.  For example, back in August 2018, An Associated Press report accused Google of recording the locations of its users via their mobile devices, even when they had requested not to be tracked by turning their “Location History” off. Also, some have suggested that cookies have been used to help track YouTube activity when you’re signed out, that Google can use information from Wi-Fi and other wireless signals near your phone to keep tracking you, and that there appear to be some contradictions between Google’s statements on certain privacy issues.

Looking Forward

For many of us, we’d like to have control of our personal data (if we had the time to check it all) and are pleased that there are now laws (e.g. GDPR) to help us to do this, but we’re also aware of the value of personal data to legitimate businesses e.g. for personalisation of services, and in marketing communications which have always been valuable in gaining, retaining, and maximising the value of customers.

Clearly, data security and privacy laws perform an important role of protection, and technology giants, as well as other companies and organisations, need to continue abiding by these laws and it is helpful to allow customers easy access to see and to personally manage what information is held about them both privately and publicly.

Facebook Sued Down-Under For £266bn Over Cambridge Analytica Data Sharing Scandal

Posted on by Andy Miller

Six years after the personal data of 87 million users was harvested and later shared without user consent with Cambridge Analytica, Australia’s privacy watchdog is suing Facebook for an incredible £266bn over the harvested data of its citizens.

What Happened?

From March 2014 to 2015 the ‘This Is Your Digital Life’ app, created by British academic, Aleksander Kogan and downloaded by 270,000 people which then provided access to their own and their friends’ personal data too, was able to harvest data from Facebook.

The harvested data was then shared with (sold to) data analytics company Cambridge Analytica, in order to build a software program that could predict and use personalised political adverts (political profiling) to influence choices at the ballot box in the last U.S. election, and for the Leave campaign in the UK Brexit referendum.

Australia

The lawsuit, brought by the Australian Information Commissioner against Facebook Inc alleges that, through the app, the personal and sensitive information of 311,127 Australian Facebook Users (Affected Australian Individuals) was disclosed and their privacy was interfered with.  Also, the lawsuit alleges that Facebook did not adequately inform those Australians of the manner in which their personal information would be disclosed, or that it could be disclosed to an app installed by a friend, but not installed by that individual.  Furthermore, the lawsuit alleges that Facebook failed to take reasonable steps to protect those individuals’ personal information from unauthorised disclosure.

In the lawsuit, the Australian Information Commissioner, therefore, alleges that the Australian Privacy Principle (APP) 6 has been breached (disclosing personal information for a purpose other than that for which it was collected), as has APP 11 (failing to take reasonable steps to protect the personal information from unauthorised disclosure).  Also, the Australian Information Commissioner alleges that these breaches are in contravention of section 13G of the Privacy Act 1988.

£266 Billion!

The massive potential fine of £266 billion has been arrived at by multiplying the maximum of $1,700,000 (£870,000) for each contravention of the Privacy Act by the 311,127 Australian Facebook Users (Affected Australian Individuals).

What Does This Mean For Your Business?

Back in July 2018, 16 months after the UK Information Commissioners Office (ICO) began its investigation into the Facebook’s sharing the personal details of users with political consulting firm Cambridge Analytica, the UK’s ICO announced that Facebook would be fined £500,000 for data breaches.  This Australian lawsuit, should it not go Facebook’s way, represents another in a series of such lawsuits over the same scandal, but the £266 billion figure would be a massive hit and would, for example, totally dwarf the biggest settlement to date against Facebook of $5 billion to the US Federal Trade Commission over privacy matters.  To put it in even greater perspective, an eye-watering potential fine of £266 billion would make the biggest GDPR fine to date of £183 million to British Airways look insignificant.

Clearly, this is another very serious case for Facebook to focus its attention on, but the whole matter highlights just how important data security and privacy matters are now taken and how they have been included in different national laws with very serious penalties for non-compliance attached. Facebook has tried hard since the scandal to introduce and publicise many new features and aspects of its service that could help to regain the trust of users in both its platform’s safeguarding of their details and in the area of stopping fake news from being distributed via its platform.  This announcement by the Australian Information Commissioner is, therefore, likely to be an extremely painful reminder of a regrettable and period in the tech giant’s history, not to mention it being a potential threat to Facebook.

For those whose data may have been disclosed, shared and used in a way that contravened Australia’s laws, they may be pleased that their country is taking such a strong stance in protecting their interests and this may send a very powerful message to other companies that store and manage the data of Australian citizens.

Billions Of Devices At Risk Due To Wi-Fi Chip Vulnerability

Posted on by Andy Miller

A security threat to devices, Wi-Fi access points (APs), and routers that comes from the Kr00k Wi-Fi chip vulnerability could affect billions according to security researchers.

Kr00k

The existence of Kr00k, also known by the catchy name of CVE-2019-15126 was made public at the recent RSA Conference in San Francisco and its discovery was attributed to ESET security researchers Miloš Cermák, Robert Lipovský and Štefan Svorencík.

Broadcom and Cypress Chips

According to the researchers, the Kr00k vulnerability is present in Wi-Fi chips manufactured by Broadcom and Cypress.  These chips are present in billions of devices and, prior to patches being developed and released already by many major manufacturers, the kinds of devices that were at risk included home smart speakers (Amazon Echo), Kindles, smartphones (Apple iPhone and Samsung Galaxy), the Raspberry Pi 3 and many Wi-Fi routers and access points that have Broadcom chips.

What Could Happen?

The Kr00k vulnerability could allow attackers to decrypt Wi-Fi traffic, thereby gaining access to data. Kr00k can do this by forcing an extended dissociation period in Wi-Fi devices, which is the temporary disconnection that occurs when a device moves between access points or when there is a low signal. In this period, Kr00k resets the encryption key used to secure packets to an all-zero value, giving the attackers access to your data.

This kind of attack, however, may not be as easy as it sounds because attackers would need to be within close range of their target’s Wi-Fi network.

Related to Krack

Some security commentators have noted that Kr00k is related to Krack, discovered in 2017, a vulnerability that was also a threat to devices that connected using Wi-Fi and required attackers to be in close proximity to the Wi-Fi network.  Krack was found to be a vulnerability in the Wi-Fi Protected Access 2 (WPA2) protocol.

What Does This Mean For Your Business?

The security researchers who discovered Kr00k shared their findings with the relevant manufacturers early-on which meant that the major manufacturers were able to quickly develop and release patches, thereby significantly reducing the scale of the threat posed by Kr00k.  Also, the need for attackers to be in close proximity to a Wi-Fi network to exploit the vulnerability is unlikely to be particularly attractive to many cybercriminals who prefer methods that allow maximum financial gain with minimum effort and that position them a long distance from their targets in a way that cannot be traced back to them.

Additionally, in this case, even though it is technically possible for attackers to use the dissociation period to decrypt Wi-Fi traffic, the data that they would be intending to steal is subject to being additionally encrypted by TLS thanks to HTTPS.

Dentist’s Legal Challenges To Anonymity of Negative Google Reviewer

Posted on by Andy Miller

ABC News in Australia has reported how a Melbourne dentist has convinced a Federal Court Judge to order tech giant Google to produce identifying information about a person who posted a damaging negative review about the dentist on Google’s platform.

What Happened?

The dentist, Dr Matthew Kabbabe, alleges that a reviewer’s comment posted on Google approximately three months ago advised others to “stay away” from his practice and that it damaged his teeth-whitening business and had a knock-on negative impact on his life.

Even though Google provides a platform to allow reviews to be posted in order to benefit businesses (if reviews are good), perhaps encourage and guide businesses to give good service, and to help Google users to decide whether to use a service, the comment was the only bad one on a page of five-star reviews. In addition to the possibly defamatory nature of the comment, Dr Kabbabe’s objection to the anonymity that Google offers comment posters, and that it could, as such be, something posted by a competitor or disgruntled ex-employee to damage his (or any other business) drove him to take the matter to the Federal Court after, it has been reported, his requests to Google to take the comment down were unsuccessful.

Landmark Ruling

Not only did Federal Court Judge Justice Bernard Murphy request that Google divulge identifying information about the comment poster, listed only a “CBsm 23″ (name, phone number, IP addresses, location metadata), but also the tech giant has been ordered to provide any other Google accounts (name and email addresses)  which are from the same IP address during the period of time in question.

Can Reply

Reviews posted on Google can be replied to by businesses as long as the replies comply with Google’s guidelines.

Dealing with some apparently unfair customer comments online is becoming more common for many businesses.  For example, hotels and restaurants have long struggled with how to respond to potentially damaging criticism left by customers on TripAdvisor. Recently, the owner of the Oriel Daniel Tearoom in Llangefni, Anglesey made the news when they responded to negative comments with brutal responses and threats of lifetime bans.

What Does This Mean For Your Business?

For the most part, potential customers are likely to be able to take a balanced view of comments that they read when finding out more about a business, but the fact that a Federal judge ruled in favour of not allowing those who have posted potentially damaging comments to hide behind online anonymity means that there may well be an argument for platforms to amend rules to try to redress the balance more in the favour of businesses.  It does seem unfair that, as in the case of the dentist, where the overwhelming majority of comments have been good, an individual, who may be a competitor or person with an axe to grind is allowed to anonymously and publicly publish damaging comments, whether justified or not, for a global audience to see and with no need to prove their allegations – something that would be subject to legal scrutiny in the offline world.  It will be interesting to see Google’s response to this ground-breaking ruling.

Google Indexing Makes WhatsApp Group Links Visible

Posted on by Andy Miller

A journalist has reported on Twitter that WhatsApp groups may not be as secure as users think because the “Invite to Group via Link” feature allows groups to be indexed by Google, thereby making them available across the Internet.

Links Visible

Chats conducted on the end-to-end encrypted WhatsApp can be joined by people who are given an invite URL link but until now it has not been thought that invite links could be indexed by Google (and other search engines) and found in simple searches. However, it appears that group links that have been shared outside of the secure, private messaging app could be found (and joined).

Exposed

The consequences of these 45,000+ invite links being found in searches is that they can be joined and details like the names and phone numbers of the participants can be accessed.  Targeted searches can reveal links to groups based around a number of sensitive subjects.

Links

Even though WhatsApp group admins can invalidate existing links, WhatsApp generates a new link meaning that the original link isn’t totally disabled.

Only Share Links With Trusted Contacts

Users of WhatsApp are warned to share the link only with trusted contacts, and the links that were shown in Google searches appeared because the URLs were publicly listed i.e. shared outside of the app.

Changed

Although Google already offers tools for sites to block content from being listed in search results, since the discovery (and subsequently publicity) of the WhatsApp Invite links being indexed, some commentators have reported that this no longer happens in Google.  It has also been reported, however, that publicly posted WhatsApp Invite links can still be found using other popular search engines.

Recent Security Incident

One other high profile incident reported recently, which may cause some users to question the level of security of WhatsApp was the story about Amazon CEO Jeff Bezo’s phone allegedly being hacked by unknown parties thought to be acting for Saudi Arabia after a mysterious video was sent to Mr Bezo’s phone.

Also, last May there were reports of an attack on WhatsApp which was thought to be a ‘zero-day’ exploit that was used to load spyware onto the victim’s phone.  Once the victim’s WhatsApp had been hijacked and the spyware loaded onto the phone, for example, access may have been given to encrypted chats, photos, contacts and other information.  That kind of attack may also have allowed eavesdropping on calls and turning on the microphone and camera, as well as enabling attackers to alter the call logs and hide the method of infection.  At the time, it was reported that the attack may have originated from a private Israeli company, The NSO Group.

What Does This Mean For Your Business?

In this case, although it’s alarming that the details of many group members may have been exposed, it is likely to be because links for those groups were posted publicly and not shared privately with trusted members as the app recommends.  That said, it’s of little comfort for those who believed that their WhatsApp group membership and personal details are always totally private.  It’s good news, therefore, that Google appears to have taken some action to prevent it from happening in future. Hopefully, other search engines will now do the same.

WhatsApp has end-to-end encryption, which should mean that it is secure, and considering that it has at least 1.5 billion users worldwide, surprisingly few stories have emerged that have brought the general security of the app into question.

Worries About Huawei Persist

Posted on by Andy Miller

Security fears about Huawei products being used in the new 5G networks are still being expressed by the Trump administration, while Google has clarified its position on the matter.

What’s So Bad About Huawei?

Back in July 2018,  espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S. (the so-called ‘Five-Eyes’), agreed at a meeting in July this year to try to contain the global growth of Chinese telecoms company Huawei (the world’s biggest producer of telecoms equipment) because of the threat that it could be using its phone network equipment to spy for China.  This led to the US, Australia and New Zealand barring Huawei Technologies Ltd. (with Japan more or less joining the ban) as a supplier for fifth-generation networks.

At the time, the Trump administration drew attention to the matter when Meng Wanzhou, the chief financial officer of Huawei, was detained in Vancouver at the request of U.S. authorities for violating US sanctions on Iran.

Since then, other countries have joined the ban and other allegations have been made against Huawei e.g. the US Department of Justice (DOJ) charged Huawei with bank fraud and stealing trade secrets back in January 2019.

What About The UK

As for the UK government, it will allow Huawei equipment to be used in the country’s 5G network, but not in core network functions or critical national infrastructure, and not in nuclear and military sites.  This has led to White House chief of staff Mick Mulvaney visiting just last week to help dissuade the UK from using Huawei’s products in phone networks.

Latest Warning From the US

The latest warning about Huawei products from the US has been voiced by Robert Strayer, who is the US deputy assistant secretary for cyber and communications. Mr Strayer, who is on a tour of Europe this week, warned that allowing Huawei to provide key aspects of the 5G network infrastructure could allow China to undermine it and to have access to “sensitive data”.  Mr Strayer piled on the pressure by warning that if the UK adopts Huawei as a 5G technology vendor it could threaten aspects of intelligence sharing between the US and UK.

Google Clarifies

As a US company, tech giant Google has been banned by the Trump administration since May 2019 from working with Huawei which last year led to Google confirming (via blog post) that it wouldn’t be working with Huawei on new device models or providing any Google apps (Gmail, Maps, YouTube, Play Store) for preload or download on Huawei devices.

In the light of more recent allegations and warnings about Huawei, Google has chosen to clarify its position in an article on its support pages (find it here https://support.google.com/android/thread/29434011?hl=en).  The article states that “To protect user data privacy, security, and safeguard the overall experience, the Google Play Store, Google Play Protect, and Google’s core apps (including Gmail, YouTube, Maps, and others) are only available on Play Protect certified devices”.

Google says in the article that sideloaded Google apps will not work reliably on Huawei devices.  Sideloaded apps are those which haven’t been through a certification process to appear in the Store and to run on a Windows device.  The fear is that sideloading apps could mean that apps could be installed which appear to be genuine and normal, but which may have been altered or tampered with in ways that could compromise user security.

What Does This Mean For Your Business?

The Trump administration in the US is keeping the pressure on as regards discouraging countries with which it has security and defence connections, and leverage as an ally or friend with to avoid installing Huawei products in networks, particularly in critical parts.  Clearly, a Republican administration (and in this case, and apparently inward-looking one championing US companies) in a country which has traditionally seen communist China as a threat is likely to be at least suspicious of Huawei products.  It is of course, unknown exactly what evidence exists to support the idea, and it should also be remembered that it is not long since President Trump launched a trade war with China, and may also be additionally conscious of spying issues from foreign powers after the allegations of Russian influence possibly influencing his own election as president.

For US, European, and other trusted tech network product companies from elsewhere, less for Huawei could mean more for them, and the rub-off bad publicity for Huawei also seems to have negatively affected Huawei’s sales of phone handsets, which has meant that US, Japanese and other phone suppliers have picked up more phone business.

In the run-up to next US presidential election, and with UK looking for trade deals outside the EU, it is likely that the US will continue to try and bring the UK and other countries round to its way of thinking about Huawei.

Google In Talks About Paying Publishers For News Content

Posted on by Andy Miller

It has been reported that Google is in talks with publishers with a view to buying in premium news content for its own news services to improve its relationship with EU publishers, and to combat fake news.

Expanding The Google News Initiative

Reports from the U.S. Wall Street Journal indicate that Google is in preliminary talks with publishers outside the U.S. in order expand its News Initiative (https://newsinitiative.withgoogle.com/), the program where Google works with journalists, news organisations, non-profits and entrepreneurs to ensure that fake news is effectively filtered out of current stories in the ‘digital age’.  Examples of big-name ‘partners’ that Google has worked with as part of the initiative include the New York Times, The Washington Post, The Guardian and fact-checking organisations like the International Fact-Checking Network and CrossCheck (to fact-check the French Election).

As well as partnerships, the Google News Initiative provides a number of products for news publishing e.g. Subscribe With Google, News on Google, Fact Check tags and AMP stories (tap-operated, full-screen content).

This Could Please Publishers

The move by Google to pay for content should please publishers, some of whom have been critical of Google and other big tech players for hosting articles on their platforms that attract readers and advertising money, but not paying to display them. Google has faced particular criticism in France at the end of last year after the country introduced a European directive that should have made tech giants pay for news content but in practice simply led to Google removing the snippet below links to French news sites, and removing the thumbnail images that often appear next to news results.

Back in 2014 for example, Google closed its Spanish news site after it was required to pay “link tax” licensing fees to Spanish news sites and back in November 2018 Google would not rule out shutting down Google News in other EU countries if a “link tax” was adopted by them.

Competitors

Google is also in competition with other tech giants who now provide their own fact-checked and moderated news services.  For example, back in October 2019, Facebook launched its own ‘News’ tab on its mobile app which directs users to unbiased, curated articles from credible sources.

What Does This Mean For Your Business?

For European countries and European publishers, it is likely to be good news that Google is possibly coming to the table to offer some money for the news content that it displays on its platform, and that it may be looking for a way to talk about and work through some of the areas of contention.

For Google, this is an opportunity for some good PR in an area where it has faced criticism in Europe, an opportunity to improve its relationship with publishers in Europe, plus a chance to add value to its news service and to help Google to compete with other tech giants that also offer news services with the fake news weeded out.

Growth in Threats To Apple Compared To Windows Machines

Posted on by Andy Miller

In a trend that appears contrary to popular perceptions, the latest Malwarebytes (annual) State of malware report has revealed that the growth in attacks on Apple endpoints is outpacing the threats targeting Windows machines.

11 Threats Per Mac Endpoint

The report shows Mac threats were up (2019) four-fold year on year with 11 threats per Mac endpoint on average for Apple compared with only 5.8 threats per Windows endpoint.  An ‘endpoint’ refers to an Internet-capable computer hardware device on a TCP/IP network e.g. desktop computers, laptops, smartphones, tablets, printers etc.

Why?

It is likely that the growth in the average number of threats to Apple machines isn’t just down to the fact that there are now more Apple users, but also because Apple may not be taking enough measures that are tough enough to tackle adware and pups (potentially unwanted programmes) compared to efforts made to tackle more traditional malware.

Kaspersky Figures

Figures from Kaspersky this month also show increasing dangers for Mac users as it reports that two years on from its detection, Shlayer Trojan malware attacks one in ten macOS users, and it accounts for almost 30% of all detections for the macOS.

Criminals More Creative and Persistent

As well as the increasing danger for Mac users, in the report, Malwarebytes CEO Marcin Kleczynski highlights how adware, pre-installed malware and multi-vector attacks all show how cybercriminals appear to be heading in a direction where they are “more creative and increasingly persistent with their campaigns”.

Even though threats to Apple endpoints are growing at a faster rate, it is still Windows and Android devices that face the most threats from annoying and hard to uninstall adware and malware (including ransomware).

Business-Focused

The report highlighted the 13 per cent rise in global business threats last year, and how Trojan-turned-botnets Emotet and TrickBot have been targeting businesses and organisations with ransomware new families, like Ryuk, Sodinokibi and Phobos. Also, businesses are facing new risks from hack tools and registry key disablers.

What Does This Mean For Your Business?

As pointed out in the report, those in the online security industry are having to work hard to protect users and businesses from programs that violate user privacy, infect devices, or turn their own infrastructure against them. Businesses and organisations, whether they use Apple or Microsoft Operating Systems need to be acutely aware of (and make sure they are protected against) the threats outlined in the report (malware, ransomware, adware, credit card skimmers and skimmer scripts), as well as phishing and the increasing use of social engineering in attacks.

Mac users may want to check the advice on Apple’s website about features (found in System Preferences) that help protect Macs and the personal information of users from malicious software/malware e.g. protection from malware embedded in harmless-looking apps.  See: https://support.apple.com/en-gb/guide/mac-help/mh40596/mac

Also, Apple advises that MacOS users should exercise caution when accessing scripts, web archives and Java archives, which all pose potential threats.

Tech Tip – Deleting Your Personal Metadata From Microsoft Documents

Posted on by Andy Miller

If you really want to make sure that you fully protect your data and identity, one thing you may not know is that Microsoft Office documents store metadata which (although largely useful) could be linked back to you.  There is an easy way to stop this from happening – here’s how:

For Microsoft Word, Excel, or PowerPoint:

– Click on ‘File’ (top left).

– On the Info page, click on ‘Check for Issues’.

– Click on ‘Inspect Document’ (which opens the Inspector window).

– Make sure all the checkboxes in the Document Inspector are checked.

– Click the ‘Inspect’ button.

– A green checkmark in a circle indicates that no data of that type has been found. A red exclamation mark means it found data of this type.

– Next to that data type’s description, click the ‘Remove All’ button.

– You can also click the ‘Reinspect’ button to make sure that nothing was missed.

WhatsApp Ceases Support For More Old Phone Operating Systems

Posted on by Andy Miller

WhatsApp has announced that its messaging app will no longer work on outdated operating systems, which is a change that could affect millions of smartphone users.

Android versions 2.3.7 and Older, iOS 8 and Older

The change, which took place on February 1, means that WhatsApp has ended support for Android operating system versions 2.3.7 and older and iOS 8 meaning that users of WhatsApp who have those operating systems on their smartphones will no longer be able to create new accounts or to re-verify existing accounts.  Although these users will still be able to use WhatsApp on their phones, WhatsApp has warned that because it has no plans to continue developing for the old operating systems, some features may stop functioning at any time.

Why?

The change is consistent with Facebook-owned app’s strategy of withdrawing support for older systems and older devices as it did back in 2016 (smartphones running older versions of Android, iOS, Windows Phone + devices running Android 2.2 Froyo, Windows Phone 7 and older versions, and iOS 6 and older versions), and when WhatsApp withdrew support for Windows phones on 31 December 2019.

For several years now, WhatsApp has made no secret of wanting to maintain the integrity of its end-to-end encrypted messaging service, making changes that will ensure that new features can be added that will keep the service competitive, maintain feature parity across different systems and devices, and focus on the operating systems that it believes that the majority of its customers in its main markets now use.

Security & Privacy?

This also means that, since there will no longer be updates for older operating systems, this could lead to privacy and security risks for those who continue using older operating systems.

What Now?

Users who have a smartphone with an older operating system can update the operating system, or upgrade to a newer smartphone with model in order to ensure that they can continue using WhatsApp.

The WhatsApp messaging service can also now be accessed through the desktop by syncing with a user’s phone.

What Does This Mean For Your Business?

WhatsApp is used by many businesses for general communication and chat, groups and sending pictures, and for those business users who still have an older smartphone operating system, this change may be another reminder that the perhaps overdue time to upgrade is at hand.  Some critics, however, have pointed to the fact that the move may have more of a negative effect on those WhatsApp users in growth markets e.g. Asia and Africa where many older devices and operating systems are still in use.

For WhatsApp, this move is a way to stay current and competitive in its core markets and to ensure that it can give itself the scope to offer new features that will keep users loyal and engaged with and committed to the app.