News

Tracking For People Who Lose Things

Google Assistant is now supporting Tile’s Bluetooth tracker which means that Tile customers can use a simple voice command to enlist the help of Google Assistant in finding their lost keys, wallet, TV remote control and more.

What Is Tile?

Tile uses Bluetooth and a phone app to locate physical ‘Tile’ tracking devices of different sizes which can be attached to keyrings, bags, slipped into wallets, or even attached to a dog’s collar.  The tile app on the user’s smartphone can then be used to ring a Tile (the physical tracker that’s attached to e.g. your keyring) if it’s nearby (the Tile gives off a tone so it can be found), and by tapping the ‘Find’ button in the app, the item that has the Tile tracker attached can then be located.

If an item has been genuinely lost outside of the house, Tile can also be used to locate the item on a map which shows the last time and place that the item was with the used, and users who can’t locate their item this way can also ask the wider Tile community to anonymously help them find it.

Tile also has partnerships with manufacturers so that its technology is already built-in to items e.g. Sennheiser earphones.

Tile is reported to have already sold more than 22 million devices worldwide in 195 countries with its system being used to find 6 million items every day.

Google Assistant

The support from Google Assistant (via Nest devices – the Nest Mini or Nest Hub) means that, rather than opening a Tile app on their phone to locate their missing items, users can simply ask the Google Assistant where their item is, and/or ask the Google Assistant to ring their missing item. This adds an extra layer of convenience for Tile and Google Assistant users.

Competition From Apple

The move to partner with Google gives Tile a better opportunity to fend off likely competition from Apple, which is reported to be on the verge of releasing its own item location tracking system.

What Does This Mean For Your Business?

For Tile, teaming up with Google is a very important strategic move helping it to add extra convenience and a powerful brand endorsement to its services, strengthen its current competitive edge, and give it more of a chance to fight off competition from Apple when it enters the market (soon) with a similar service.

For Google, this is a chance to add another value-adding feature to its digital assistant’s services, thereby helping it compete in another small way with competitors like Amazon.

For users of Tile, and future users of Tile who have a Google Nest device, this offers an even more convenient and fast way of using Tile’s services.

WhatsApp Ceases Support For More Old Phone Operating Systems

WhatsApp has announced that its messaging app will no longer work on outdated operating systems, which is a change that could affect millions of smartphone users.

Android versions 2.3.7 and Older, iOS 8 and Older

The change, which took place on February 1, means that WhatsApp has ended support for Android operating system versions 2.3.7 and older and iOS 8 meaning that users of WhatsApp who have those operating systems on their smartphones will no longer be able to create new accounts or to re-verify existing accounts.  Although these users will still be able to use WhatsApp on their phones, WhatsApp has warned that because it has no plans to continue developing for the old operating systems, some features may stop functioning at any time.

Why?

The change is consistent with Facebook-owned app’s strategy of withdrawing support for older systems and older devices as it did back in 2016 (smartphones running older versions of Android, iOS, Windows Phone + devices running Android 2.2 Froyo, Windows Phone 7 and older versions, and iOS 6 and older versions), and when WhatsApp withdrew support for Windows phones on 31 December 2019.

For several years now, WhatsApp has made no secret of wanting to maintain the integrity of its end-to-end encrypted messaging service, making changes that will ensure that new features can be added that will keep the service competitive, maintain feature parity across different systems and devices, and focus on the operating systems that it believes that the majority of its customers in its main markets now use.

Security & Privacy?

This also means that, since there will no longer be updates for older operating systems, this could lead to privacy and security risks for those who continue using older operating systems.

What Now?

Users who have a smartphone with an older operating system can update the operating system, or upgrade to a newer smartphone with model in order to ensure that they can continue using WhatsApp.

The WhatsApp messaging service can also now be accessed through the desktop by syncing with a user’s phone.

What Does This Mean For Your Business?

WhatsApp is used by many businesses for general communication and chat, groups and sending pictures, and for those business users who still have an older smartphone operating system, this change may be another reminder that the perhaps overdue time to upgrade is at hand.  Some critics, however, have pointed to the fact that the move may have more of a negative effect on those WhatsApp users in growth markets e.g. Asia and Africa where many older devices and operating systems are still in use.

For WhatsApp, this move is a way to stay current and competitive in its core markets and to ensure that it can give itself the scope to offer new features that will keep users loyal and engaged with and committed to the app.

Business Leaders Lack Vital Digital Skills Says OU Survey

The Open University’s new ‘Leading in a Digital Age’ report highlights a link between improved business performance and leaders who are equipped, through technology training, to manage digital change.

Investing In Digital Skills Training

The latest version of the annual report, which bases its findings on a survey of 950 CTOs and senior leaders within UK organisations concludes that leaders who invested in digital skills training are experiencing improved productivity (56 per cent), greater employee engagement (55 per cent), enhanced agility, and vitally, increased profit.

The flipside, highlighted in the same survey, is that almost half (47 per cent) of those business leaders surveyed thought they lacked the tech skills to manage in the digital age, and more than three-quarters of them acknowledge that they could benefit from more digital training.

Key Point

The key point revealed by the OU survey and report is that the development of digital skills in businesses are led from the top and that those businesses that invest in learning and development of digital skills are likely to be more able to take advantage of opportunities in what could now be described as a ‘digital age’.

Skills Shortages

The report acknowledges the digital skills shortages that UK businesses and organisations face (63 per cent of senior business leaders report a skills shortage for their organisation) and the report identifies a regional divide in those companies reporting skills shortages – more employers in the South and particularly the South West are finding that skills are in short supply and reporting that recruitment for digital roles takes longer.

One likely contributing factor to some geographical/regional divides in skills shortages and difficulty in recruiting for tech roles in those areas may be the spending, per area, on addressing those skills shortages.  For example, London is reported to have spent (in 2019) £1.4 billion (the equivalent of £30,470 per organisation), while the North East spent the least (£172.2 million), and South East spent only £10,260 per organisation.

Factors Affecting The Skills Shortage

The OU report identifies several key factors that appear to be affecting the skills shortage and the investment that may be needed to address those skills shortages. These include the uncertainty over Brexit, increased competition, an ageing population, the speed and scope of the current ‘digital revolution’, and a lack of diversity.

What Does This Mean For Your Business?

Bearing in mind that the OU, whose survey and report this was, is a supplier of skills training, the report, nonetheless, makes some relevant and important points.  For many businesses, for example, managers and owners are most likely to the be the ones with the most integrated picture of the business and its aims, and if they had better digital skills and awareness they may be more likely to identify opportunities, and more likely to promote and invest in digital skills training within their organisation that could be integral to their organisation being able to take advantage of those opportunities.

The tech skills shortage in the UK is, unfortunately, not new and is not down to just businesses alone to solve the skills gap challenge. The government, the education system and businesses need to find ways to work together to develop a base of digital skills in the UK population and to make sure that the whole tech ecosystem finds effective ways to address the skills gap and keep the UK’s tech industries and business attractive and competitive.  As highlighted in the OU report, apprenticeships may be one more integrated way to help bridge skills shortages.

Featured Article – Proposed New UK Law To Cover IoT Security

The UK government’s Department for Digital, Culture, Media and Sport (DCMS), has announced that it will soon be preparing new legislation to enforce new standards that will protect users of IoT devices from known hacking and spying risks.

IoT Household Gadgets

This commitment to legislate leads on from last year’s proposal by then Digital Minister Margot James and follows a seven-month consultation with GCHQ’s National Cyber Security Centre, and with stakeholders including manufacturers, retailers, and academics.

The proposed new legislation will improve digital protection for users of a growing number of smart household devices (devices with an Internet connection) that are broadly grouped together as the ‘Internet of Things’ (IoT).  These gadgets, of which there is an estimated 14 billion+ worldwide (Gartner), include kitchen appliances and gadgets, connected TVs, smart speakers, home security cameras, baby monitors and more.

In business settings, IoT devices can include elevators, doors, or whole heating and fire safety systems in office buildings.

What Are The Risks?

The risks are that the Internet connection in IoT devices can, if adequate security measures are not in place, provide a way in for hackers to steal personal data, spy on users in their own homes, or remotely take control of devices in order to misuse them.

Default Passwords and Link To Major Utilities

The main security issue of many of these devices is that they have pre-set, default unchangeable passwords, and once these passwords have been discovered by cyber-criminals, the IoT devices are wide open to being tampered with and misused.

Also, IoT devices are deployed in many systems that link to and are supplied by major utilities e.g. smart meters in homes. This means that a large-scale attack on these IoT systems could affect the economy.

Examples

Real-life examples of the kind of IoT hacking that the new legislation will seek to prevent include:

– Hackers talking to a young girl in her bedroom via a ‘Ring’ home security camera (Mississippi, December 2019).  In the same month, a Florida family were subjected to vocal, racial abuse in their own home and subjected to a loud alarm blast after a hacker took over their ‘Ring’ security system without permission.

– In May 2018, A US woman reported that a private home conversation had been recorded by her Amazon’s voice assistant, and then sent it to a random phone contact who happened to be her husband’s employee.

– Back in 2017, researchers discovered that a sex toy with an in-built camera could also be hacked.

– In October 2016, the ‘Mirai’ attack used thousands of household IoT devices as a botnet to launch an online distributed denial of service (DDoS) attack (on the DNS service ‘Dyn’) with global consequences.

New Legislation

The proposed new legislation will be intended to put pressure on manufacturers to ensure that:

– All internet-enabled devices have a unique password and not a default one.

– There is a public point of contact for the reporting of any vulnerabilities in IoT products.

– The minimum length of time that a device will receive security updates is clearly stated.

Challenges

Even though legislation could make manufacturers try harder to make IoT devices more secure, technical experts and commentators have pointed out that there are many challenges to making internet-enabled/smart devices secure because:

  • Adding security to household internet-enabled ‘commodity’ items costs money. This would have to be passed on to the customer in higher prices, but this would mean that the price would not be competitive. Therefore, it may be that security is being sacrificed to keep costs down-sell now and worry about security later.
  • Even if there is a security problem in a device, the firmware (the device’s software) is not always easy to update. There are also costs involved in doing so which manufacturers of lower-end devices may not be willing to incur.
  • With devices which are typically infrequent and long-lasting purchases e.g. white goods, we tend to keep them until they stop working, and we are unlikely to replace them because they have a security vulnerability that is not fully understood. As such, these devices are likely to remain available to be used by cyber-criminals for a long time.

Looking Ahead

Introducing legislation that only requires manufacturers to make relatively simple changes to make sure that smart devices come with unique passwords and are adequately labelled with safety and contact information sounds as though it shouldn’t be too costly or difficult.  The pressure of having to display a label, by law, that indicates how safe the item is, could provide that extra motivation for manufacturers to make the changes and could be very helpful for security-conscious consumers.

The motivation for manufacturers to make the changes to the IoT devices will be even greater if faced with the prospect of retailers eventually being barred from selling products that don’t have a label, as was originally planned for the proposed legislation.

The hope from cyber-security experts and commentators is that the proposed new legislation won’t be watered down before it becomes law.

Life After End-of-Life For Windows 7 Updates

Pressure from die-hard and disgruntled Windows 7 users may have been a factor in Microsoft issuing a second update to its old Windows 7 Operating System, only two weeks after the official end-of-life date of Wednesday 14 January.

(Almost) No More Support

Microsoft had already made many announcements that support for its Windows 7 Operating system and Windows Server 2008 would (and we thought, did) formally and finally end on 14 January as part of the final push to move users over to the SaaS Windows 10 OS.  There are still opportunities for those with Windows Virtual Desktop to get an extra three years of extended support (of critical and important security updates) as part of that package, and for customers with active Software Assurance to get ‘Extended Security Updates’ for subscription licenses for 75% of the on-premises annual license cost.

First of the ‘Afterlife’ Updates

The first of the two surprise updates to be issued, just for extended security updates (ESU) users, after the end of support was a patch to fix a wallpaper issue, whereby a blank screen was being shown on Windows re-start instead of the stretch option for the background desktop for some users.  Comments by some disgruntled users on social media may have contributed to Microsoft releasing an update to fix the issue.

The Second Update

A second update announced by Microsoft really relates to an extension of the same issue. This time, Microsoft says it’s working on a fix to this issue for all, and not just for those who subscribed to its ESU program.  On Microsoft’s Support pages it says that an update to resolve the issue will be released to all customers running Windows 7 and Windows Server 2008 R2 SP1.

In the meantime, Microsoft suggests that customers can mitigate the issue either by setting their custom image to an option other than Stretch, e.g. Fill, Fit, Tile, or Centre, or customers can choose a custom wallpaper that matches the resolution of their desktop.

What Does This Mean For Your Business?

Even though the widely publicised end of support date for Windows 7 has been and gone, it should be remembered that there are an estimated 40 million people still using Windows 7 which means there is no shortage of people to complain publicly, via social media when things go wrong.  Microsoft is, therefore, in that difficult period before users are unsupported before they finally switch to Windows 10 where there is likely to be more bad publicity to come for Microsoft as more issues start to affect the remaining Windows 7 users.

There is also now the very real risk that Windows 7 will be targeted more by cybercriminals, leaving those who still use it in a much more vulnerable position.  At least in the case of the recent updates, Microsoft has been seen to do something beyond the call of duty to help users after the date that it officially ended support, although it’s unlikely that Microsoft will not make a habit of doing so in future.

Police Images of Serious Offenders Reportedly Shared With Private Landlord For Facial Recognition Trial

There have been calls for government intervention after it was alleged that South Yorkshire Police shared its images of serious offenders with a private landlord (Meadowhall shopping centre in Sheffield) as part of a live facial recognition trial.

The Facial Trial

The alleged details of the image-sharing for the trial were brought to the attention of the public by the BBC radio programme File on 4, and by privacy group Big Brother Watch.

It has been reported that the Meadowhall shopping centre’s facial recognition trial ran for four weeks between January and March 2018 and that no signs warning visitors that facial recognition was in use were displayed. The owner of Meadowhall shopping centre is reported as saying (last August) that the data from the facial recognition trial was “deleted immediately” after the trial ended. It has also been reported that the police have confirmed that they supported the trial.

Questions

The disclosure has prompted some commentators to question not only the ethical and legal perspective of not just holding public facial recognition trials without displaying signs but also of the police allegedly sharing photos of criminals (presumably from their own records) with a private landlord.

The UK Home Office’s Surveillance Camera Code of Practice, however, does appear to support the use of facial recognition or other biometric characteristic recognition systems if their use is “clearly justified and proportionate.”

Other Shopping Centres

Other facial recognition trials in shopping centres and public shopping areas have been met with a negative response too.  For example, the halting of a trial at the Trafford Centre shopping mall in Manchester in 2018, and with the Kings Cross facial recognition trial (between May 2016 and March 2018) which is still the subject of an ICO investigation.

Met Rolling Out Facial Recognition Anyway

Meanwhile, and despite a warning from Elizabeth Denham, the UK’s Information Commissioner, back in November, the Metropolitan Police has announced it will be going ahead with its plans to use live facial recognition cameras on an operational basis for the first time on London’s streets to find suspects wanted for serious or violent crime. Also, it has been reported that South Wales Police will be going ahead in the Spring with a trial of body-worn facial recognition cameras.

EU – No Ban

Even though many privacy campaigners were hoping that the EC would push for a ban on the use of facial recognition in public spaces for up to five years while new regulations for its use are put in place, Reuters has reported that The European Union has now scrapped any possibility of a ban on facial recognition technology in public spaces.

Facebook Pays

Meanwhile, Facebook has just announced that it will pay £421m to a group of Facebook users in Illinois, who argued that its facial recognition tool violated the state’s privacy laws.

What Does This Mean For Your Business?

Most people would accept that facial recognition could be a helpful tool in fighting crime, saving costs, and catching known criminals more quickly and that this would be of benefit to businesses and individuals. The challenge, however, is that despite ICO investigations and calls for caution, and despite problems that the technology is known to have e.g. being inaccurate and showing a bias (being better at identifying white and male faces), not to mention its impact on privacy, the police appear to be pushing ahead with its use anyway.  For privacy campaigners and others, this may give the impression that their real concerns (many of which are shared by the ICO) are being pushed aside in an apparent rush to get the technology rolled out. It appears to many that the use of the technology is happening before any of the major problems with it have been resolved and before there has been a proper debate or the introduction of an up-to-date statutory law and code of practice for the technology.

Avast Anti-Virus Is To Close Subsidiary Jumpshot After Browsing Data Selling Privacy Concerns

Avast, the Anti-virus company, has announced that it will not be providing any more data to, and will be commencing “a wind down” of its subsidiary Jumpshot Inc after a report that it was selling supposedly anonymised data to advertiser third parties that could be linked to individuals.

Jumpshot Inc.

Jumpshot Inc, founded in 2010, purchased by Avast in 2013, and operated as a data company since 2015 essentially organises and sells packaged data, that has been gathered from Avast, to enterprise clients and marketers as marketing intelligence.

Avast anti-virus incorporates a plugin that has, until now, enabled subsidiary Junpshot to scrape/gain access to that data which Jumpshot could sell to (mainly bigger) third party buyers so that they can learn what consumers are buying and where thereby helping with targeting their advertising.

Avast is reported to have access to data from 100 million devices, including PCs and phones.

Investigation Findings

The reason why Avast has, very quickly, decided to ‘wind down’ i.e. close Jumpshot is that the report of an investigation by Motherboard and PCMag revealed that Avast appeared to be harvesting users’ browser histories with the promise (to those who opted-in to data sharing) that the data would be ‘de-identified,’ ( to protect user privacy), whereas what actually appeared to be happening was that the data, which was being sold to third parties, could be linked back to people’s real identities, thereby potentially exposing every click and search they made.

When De-Identification Fails

As reported by PCMag, the inclusion of timestamp information and persistent device IDs with the collected URLs of user clicks, in this case, could, in fact, be analysed to expose someone’s identity.  This could, in theory, mean that the data taken from Avast and supplied via subsidiary Jumpshot to third parties may not be de-identified, and could, therefore, pose a privacy risk to those Avast users.

What Does This Mean For Your Business?

As an anti-virus company, security and privacy are essential elements of Avast’s products and customer trust is vital to its brand and its image. Some users may be surprised that their supposedly ‘de-identified’ data was being sold to third parties anyway, but with a now widely-reported privacy risk of this kind and the potential damage that it could do to Avast’s brand and reputation, it is perhaps no surprise that is has acted quickly in closing Jumphot and distancing itself from what was happening. As Avast says in its announcement about the impending closure of Jumpshot (with the loss of many jobs) “The bottom line is that any practices that jeopardize user trust are unacceptable to Avast”.  PCMag has reported that it has been informed by Avast that the company will no longer be using any data from the browser extensions for any other purpose than the core security engine.

Tech Tip – Automatic Back-Up

Keeping a back up of your important folders is vital and you can easily set OneDrive in Windows 10 to make automatic back-ups.  Here’s how:

– On the right-hand side of the taskbar, select OneDrive > More > Settings.

– On the AutoSave tab, select ‘Update Folders’ and select the folders that you’d like to automatically back up (sync).

– Remember, if you’re working on an important file in Word, for example, you can use the toggle switch (top left) to set AutoSave to ‘On’ so it will be automatically saved to OneDrive.

Featured Article – ‘Snake’ Ransomware, A Threat To Your Whole Network

Over the last couple of weeks, there have been reports of a new type of ransomware known as ‘Snake’ which can encrypt all the files stored on your computer network and on all the connected devices.

Discovered

Snake ransomware is so-called because it is the reverse order spelling of the ‘ekans’ file marker that it attaches to each file that it encrypts.  It was discovered by the MalwareHunterTeam and studied in detail by Vitali Kremez who is the Head of SentinelLabs and who describes himself as an “Ethical Hacker”, “Reverse Engineer” and “Threat Seeker”.

How Does It Infect Your Network?

Snake can be introduced to a computer network in infected email attachments (macros) e.g. phishing emails with attached Office or PDF documents, RAR or ZIP files, .exe files, JavaScript files, Trojans, torrent websites, unpatched public-facing software and malicious ads.

How Does Snake Operate?

As ransomware, the ultimate goal of the cybercriminals who are targeting (mainly) businesses with Snake is to lock away (through encryption) important files in order to force the victim to pay a ransom in order to release those files, with the hope of restoring systems to normal as the motivator to pay.

In the case of Snake, which is written in Go (also known as Golang), an open-source programming language that’s syntactically similar to C and provides cross-platform support, once it is introduced to an operating system e.g. after arriving in an email, it operates the following way:

– Firstly, Snake removes Shadow Volume Copies (backup copies or snapshots of files) and stops processes related to SCADA Systems (the supervisory control and data acquisition system that’s used for gathering and analysing real-time data). Snake also stops any Virtual Machines, Industrial Control Systems, Remote Management Tools, and Network Management Software.

– Next, Snake (relatively slowly) uses powerful AES-256 and RSA-2048 cryptographic algorithms to encrypt files and folders across the whole network and on all connected devices, while skipping files in the Windows system folders and system files.

– As part of the encryption process, and unlike other ransomware, Snake adds a random five-character string as a suffix to file extension names e.g. myfile.jpg becomes myfile.jpgBGyWl. Also, an “EKANS” file marker is added to each encrypted file.

Ransom Note

Lastly, Snake generates a ransom note named Fix-Your-Files.txt which is posted on the desktop of the victim.  This ransom note advises the victim that the only way to restore their files is to purchase a decryption tool which contains a private key that has been created specifically for their network and that, once run on an affected computer, it will decrypt all encrypted files.

The note informs the victim that in order to purchase the decryption software they must send an email to bapcocrypt@ctemplar.com which has up to 3 of the encrypted files from their computers attached, not databases or spreadsheets (up to 3MB size) so that the cybercriminals can send back decrypted versions as proof that the decryption software (and key) works on their files (and to encourage payment and restoration of business).

Timing

Snake allows cybercriminals to not only target chosen businesses network but also to choose the time of the attack and the time that encryption takes place could, therefore, be after hours, thereby making it more difficult for admins to control the damage caused by the attack. Also, cybercriminals can choose to install additional password-stealing trojans and malware infections together with the Snake ransomware infection.

What To Do If Infected

If your network is infected with Snake ransomware there is, of course, no guarantee that paying the ransom will mean that you are sent any decryption software by the cybercriminals and it appears unlikely that those who targeted your company to take your money would do anything other to help than just take that money and disappear.

Some companies on the web are offering Snake removal (for hundreds of dollars), and there are some recommendations that running Spyhunter anti-malware software on your systems may be one way to remove this particularly damaging ransomware.

Ransomware Protection

News of the severity of Snake is a reminder to businesses that protection from malware is vital.  Ways in which companies can protect themselves from falling victim to malware, including ransomware include:

– Staff education and training e.g. about the risks of and how to deal with phishing and other suspicious and malicious emails, and other threats where social engineering is involved.

– Ensuring that all anti-virus software, updates and patching are up to date.

– Staying up to date with malware and ransomware resources e.g. the ‘No More Ransom’ portal (https://www.nomoreransom.org/ ), which was originally released in English, is now available in 35 other languages, and thanks to the cooperation between more than 150 partners, provides a one-stop-shop of tools that can help to decrypt ransomware infections – see https://www.nomoreransom.org/en/decryption-tools.html.

– Making sure that there is a regular and secure backup of company data, important business file and folders.

– Developing (and communicating to relevant staff) and updating a Business Continuity and Disaster Recovery Plan.

Eating Lunch At Your Desk Brings Health Risks

Recent research by BUPA has highlighted how many UK workers don’t take a proper lunch break each day and end up risking their health and happiness and reducing their productivity by eating at their desks.

The Number

The research, which involved the study of the habits of 2,000 full-time workers revealed that almost two thirds (64 per cent) claim they are not always able to take their legally required 20-minute break when working six hours or more.  Also, only 29 per cent of employees said they take a full hour for lunch every day and only 28 per cent of workers said they never take a breather of any kind during the working day.

Working Lunch & Eating At The Desk

According to the research, with 45 per cent of employees not leaving the workplace during what should be lunchtime, and with one-third of employees (31 per cent) usually eating at their desk, this results in them having what is essentially just a working lunch as they have to respond to work calls (42 per cent) and to emails (40 per cent) while they’re eating at their desk.

Health (and Happiness) Risks

There are many health risks associated with not taking a proper lunch break and with having a ‘working lunch’ at the desk.  These include:

– Overeating due to distraction.  The ‘working lunch’ at the desk means that you don’t get/feel as full, which then leads to feeling hungry in the afternoon and then eating more.  This behaviour and its effects were studied and identified by researchers from the University of Surrey in 2012.

– Negative effects on health from sitting down most of the day.  Not taking a break, and not moving from your desk, let alone the workplace, can contribute to some serious health problems.  For example, a University of Leicester Study (2012) showed that sitting for long periods increases your risk of diabetes, heart disease and death and that this can be the case for people who meet typical physical activity guidelines.

– Staying seated at the desk for long periods during the day can cause tension in muscles, pain in joints, and can weaken hip and core muscles, which can, in turn, lead to other problems with muscles and joints.

– Increased stress levels can come from not having a break and from interruptions during eating.

– Risks from bacteria on the desk and on the keyboard (and phone) that can be exacerbated during eating and by dropping food particles from lunch at the desk.  For example, a Printerland survey (March 2018) showed that the average desk contains 400 times more germs than a toilet seat and that only a third of staff members follow guidelines about cleaning up their workplace, and one in 10 never clean their desks.

Productivity Affected

Not having a proper lunchbreak and detachment from work also affects the brain’s ability to effectively ‘reset’ and boost our attention and our body’s ability to refresh our energy.  This can lead to reduced productivity in the afternoon. It can also mean that we miss out on the inspiration, ideas, and clarity of thought (to potentially realise the solution to a work problem) that a break can deliver.

Happiness

With the reduced productivity, increased stress, and physical problems that staying at a desk to eat brings can come lower levels of satisfaction and happiness at work and a faster route to ‘burnout’.

Why?

It is thought that feeling obliged to eat at the desk by the work culture in the UK, being seen to be at your desk through fear of appearing absent or not committed to and part of the company, work and culture, and/or feeling too busy/overloaded with work are some of the reasons for these unhealthy work break (or no break) patterns.

What Does This Mean For Your Businesses?

It is understandable that businesses, particularly where customers come in, frequently phone, or where service is particularly urgent, always need to have staff available to deal with customers and enquiries during business hours.  This, however, can still be achieved by the planning of rotas and by encouraging staff to make arrangements to ensure that communications are covered fairly while allowing for fixed breaks for all staff members.

Some ways that businesses and organisations can help staff to look after themselves, and in doing so, look after the company and its productivity include encouraging their employees to take lunches away from their desk, creating a physical environment where employees can take themselves away from their desks, managers leading the way in the behaviour they want to see in the workplace and in encouraging a healthy break-taking culture.  Also, workers can help to improve their own health at work by walking around more (and perhaps placing a laptop on a filing cabinet so they have to stand), having standing meetings, reducing TV viewing time when not at work (to help offset any continuing unhealthy behaviours at work), scheduling lunches with friends or alone to ensure that they actually leave the office and are more productive on their return.

That said, the workload, management style and values and the work culture can have a strong influence on whether workers feel able and safe to take breaks, and managers need to authorise, endorse, and be seen to reward a break-taking culture for it to succeed and hopefully, benefit the business in the process.