Technology

Browser Support For Early Versions of TLS To End

Posted on by Andy Miller

The makers of all popular browsers – IE, Edge, Safari, Firefox, and Chrome included – have announced plans to disable Transport Layer Security (TLS) protocol versions 1.0 and 1.1 by default.

TLS

Transport Layer Security (TLS) 1.0 and 1.1 are the early versions of encryption used to secure connections to HTTPS websites. Their job is to provide confidentiality and integrity of data in transit between clients and servers.

This week, and not unexpectedly, all the big browser manufacturers released co-ordinated announcements that TLS 1.0, which will be 20 years old next January, and TLS 1.1 will no longer be supported by their browsers. Newer, updated versions of the security protocol will be favoured instead.

Why?

The reasons given for dropping these versions of the protocol are that:

  • They are now rarely used. For example, Microsoft announced that fewer than “one per cent of daily connections in Microsoft Edge are using TLS 1.0 or 1.1.”. Apple, more accurately puts the figure at less than 0.36% of all connections.
  • 20 years is a is a long time for a security technology to stand unmodified, and newer successor versions of TLS are more advanced, provide better performance and are more secure, e.g. TLS 1.3.
  • The finalization of TLS 1.3 by the Internet Engineering Task Force (IETF) in August 2018, means that the proportion of legacy TLS connections will drop even further, and TLS 1.2 is also required for HTTP/2, which should bring performance improvements for the web. Also, vulnerabilities in 1.0 and 1.1 versions will no longer be addressed by the IETF.
  • Old versions of TLS rely on MD5 and SHA-1, both now broken, and thought to contain other flaws.

When?

Each browser has given slightly different dates for their formal dropping of TLS 1.0 and 1.1. For Microsoft browsers it will be later this year. For Apple support for TLS 1.0 and 1.1 will end in March 2020. For Mozilla, March 2020 will also be the removal date, and for Google browser users on early release channels, the date will be January 2020.

What Does This Mean For Your Business?

It is understandable that, with these versions being very old and unmodified, and not used by many connections, and with newer, more secure and better performance versions available, now is a good time to end default support for TLS 1.0 and 1.1. We are told that the newer successor versions offer greater security and performance and less vulnerability to certain types of attack e.g. BEAST, LogJam and FREAK (Factoring RSA Export Keys). These benefits are, of course, likely to be attractive to most businesses.

News of the co-ordinated killing-off of these 2 versions of the protocol may not be such great news of course, to those who have websites that still only using TLS 1.0 or 1.1, because browsers will soon flag up those websites as insecure or state that they are unable to connect.

Businesses Turning To Zero-Trust Security Model

Posted on by Andy Miller

As a widening attack surface and evolving threats mean that organisations continue to breached despite a large security spend, many businesses are now turning to the ‘zero-trust’ security model.

What Is The Zero-Trust Security Model?

The Zero Trust security model, introduced by analyst firm Forrester Research, is an alternative architecture for IT security that doesn’t work on the traditional assumption that the perimeter is the main focus and that the inside of an organization’s network can be trusted. Zero-trust assumes that untrusted actors exist both inside and outside a company network, and that every user access request has to be authorised, using the principle of “never trust, always verify”. In this way, Zero-trust can address lateral threat movement within the network i.e. stopping insider and other threats from spreading once inside.

Breaches

Almost 70% of organisations are getting breached an average of five times a year, with 81% of breaches being simply linked to weak, default or stolen passwords. Once inside networks, attackers can camouflage their attack behind a legitimate identity like a database administrator, can go on to access and decrypt encrypted information, and be harder to spot and stop because of their apparent legitimacy.

According to some security commentators, this shows that identity, and identity-centric security measures are areas that organisations need to focus on, and this is where architecture such as zero-trust can help.

10 Cyber-Attacks Per Week

More businesses are recognising the need for a better approach to all-round security, particularly in an environment where hacking’s on the up. For example, The UK‘s National Cyber Security Centre has just announced that it has stopped 1,600 attacks over the past two years, many by hostile nation states and that there are now 10 such attacks per week. Also, the NCSC’s Active Cyber Defence (ACD) initiative reports removing 138,398 phishing sites hosted in the UK between September 2017 and August 2018.

Four Pillars of Zero-Trust Security

The zero-trust security model is, therefore, believed to be another step forward in the battle against cyber-criminals. The success of the zero-trust security model is based upon four key ‘pillars’, which are:

  1. Verifying users. This involves identity consolidation which can tackle weak / shared password issues (using single sign-on and one-time passwords), de-facto authentication everywhere, and monitoring user behaviour e.g. time and location factors.
  2. Validating devices.
  3. Limiting access of privileged users where possible.
  4. Applying machine learning to all these factors, and using this to step up the authentication processes wherever necessary. Machine learning also removes the need for manual intervention.

Benefits

Those who have implemented zero-trust security have reported many benefits. These include cost savings due to gains in incident response efficiencies and technology consolidation, and greater confidence in supporting users on mobile devices and rolling out new partner and customer experiences.

Challenge

One main challenge to the growth of the adoption of zero-trust security measures is the mistaken belief that it has to be time-consuming and takes a lot of effort to implement. Security commentators are keen to point out that, in reality, implementing a zero-trust security model is a step-by-step process.

What Does This Mean For Your Business?

It seems that the benefits of the zero-trust model are now becoming widely known by UK businesses and organisations. For example, an IDG study revealed that 71% of security-focused IT decision makers are actively pursuing a zero-trust security model, 10% are currently doing pilots, and around 8% who have implemented it fully.

It’s important to realise that the implementation needn’t be a huge hassle and expense and can be tackled step-by-step, using commercial off-the-shelf technology. This approach to security offers businesses the chance to customise their security for their specific data and assets, and strengthen their infrastructure from the ground up by enabling the identification of vulnerabilities and gaps in their current security models at the root level.

This approach can bring some much-needed benefits, not least of which is a greater feeling of trust and a confidence boost. In terms of more measurable benefits to businesses, a Forrester and Centrify study, for example, has shown that by applying best practices of zero-trust principles, organisations recorded 50% fewer breaches within just two months. These kinds of figures are making this approach to security very attractive to many businesses, particularly those who have fallen victim to costly cyber attacks.

Microsoft Co-Founder & Billionaire Philanthropist Paul Allen Dies

Posted on by Andy Miller

Microsoft’s lesser-known co-founder, Paul Allen, who left the company in 1982, has died aged 65 from complications of non-Hodgkin’s lymphoma (lymphatic cancer), with news of his death bringing praise for his generosity as a philanthropist.

School Friends To Billionaires

School friends Bill Gates and Paul Allen set up Microsoft in April 1975 in Albuquerque, New Mexico. In fact, it was Allen who was credited as coming up with the name Microsoft after the pair rejected the name of “Allen & Gates” because it sounded like a law firm or consulting company. Allen chose ‘Microsoft’ because it was an amalgamation of the words ‘microcomputer’ and ‘software’, and because the pair were originally working on making software to run on microcomputers.

The beginnings of success for Allen and Gates happened when, after re-writing software for the world’s first home computer, they bought Dos (disk operating system) from Digital Research and licensed it to Big Blue for IBM PC operating system.

After leaving Microsoft in 1982, Mr Allen set up media and communications investment firm Vulcan in 1986.

Generous

As well as being someone who enjoyed his own wealth and interest in music and the arts by hosting some memorable parties, Paul Allen was well known for his substantial generosity to some worthy causes. For example, Mr Allen donated a staggering $2bn+ to many causes including ocean health, homelessness and science. His interest in using his own resources to create a better world for all were well known.

Sports Fan

Mr Allen also had a keen interest in sport and was the owner of the Portland Trail Blazers basketball team and Seattle Seahawks football team. Mr Allen saved the Seahawks from having to relocate, and this intervention is partly credited for helping them to reach three Super Bowls, and win the NFL championship in 2013.

Several Battles With Cancer

Paul Allen had several battles with cancer, firstly in 1983 with the blood cancer Hodgkin’s disease, then in 2009 with non-Hodgkin lymphoma, with the final return of the non-Hodgkin lymphoma this year, the complications of which caused his death.

What Does This Mean For Your Business?

The results of Paul Allen’s working life now form an essential part of all businesses as he is regarded as being one of the key founders of home computing, which led to PCs being a tool used in nearly all offices and led to the growth of whole industries. Microsoft Corporation, the company he co-founded with his school friend Bill Gates, has gone on to be a multi-national company worth around $800 billion, and third only in value behind trillion dollar tech companies Apple and Amazon.

The Microsoft Windows Operating System for desktop is by far the most popular operating system in the world, with the MS OS second only to Android in popularity for all platforms. In this sense, Paul Allen’s contribution to the world of computing and how it affects all of our lives will continue long into the future.

His work in promoting, helping, and donating to good causes is also likely to have had multiple positive effects around the world too.

Tech Tip – Setting Print Screen Key To Screenshot On Windows 10

Posted on by Andy Miller

On Windows 10, starting with version 1809 (October 2018 Update), the ‘Snip & Sketch’ app has been re-purposed to become the new default for screenshots. You can, however, choose to set the Print Screen key on your keyboard to open the screen snipping tools. Here’s how:

— Open Settings.

— Click on Ease of Access.

— Click on Keyboard.

Under “Print Screen shortcut,” turn on the “Use the PrtScn button to open screen snipping” toggle switch.

New Tech Laws For AI Bots & Better Passwords

Posted on by Andy Miller

It may be no surprise to hear that California, home of Silicon Valley, has become the first state to pass laws to make AI bots ‘introduce themselves’ (i.e. identify themselves as bots), and to ban weak default passwords. Other states and countries (including the UK) may follow.

Bot Law

With more organisations turning to bots to help them create scalable, 24-hour customer services, together with the interests of transparency at a time when AI is moving forward at a frightening pace, California has just passed a law to make bots identify themselves as such on first contact. Also, in the light of the recent US election interferences, and taking account of the fact that AI bots can be made to do whatever they are instructed to do, it is thought that the law has also been passed to prevent bots from being able to influence election votes or to incentivise sales.

Duplex

The ability of Google’s Duplex technology to make the Google Assistant AI bot sound like a human and potentially fool those it communicates with is believed to have been one of the drivers for the new law being passed. Google Duplex is an automated system that can make phone calls on your behalf and has a natural-sounding human voice instead of a robotic one. Duplex can understand complex sentences, fast speech and long remarks, and is so authentic that Google has already said that, in the interests of transparency, it will build-in the requirement to inform those receiving a call that it is from Google Assistant / Google Duplex.

Amazon, IBM, Microsoft and Cisco are also all thought to be in the market to get highly convincing and effective automated agents.

Only Bad Bots

The new bot law, which won’t officially take effect until July 2019 is only designed to outlaw bots that are made and deployed with the intent to mislead the other person about its artificial identity for the purpose of knowingly deceiving.

Get Rid of Default Passwords

The other recent tech law passed in California and making the news is a law banning easy to crack but surprisingly popular default passwords, such as ‘admin’, ‘123456’ and ‘password’ in all new consumer electronics from 2020. In 2017, for example, the most commonly used passwords were reported to be 123456, password, 12345678 and qwerty (Splashdata). ‘Admin’ also made number 11 on the top 25 most popular password lists, and it is estimated that 10% of people have used at least one of the 25 worst passwords on the list, with nearly 3% of people having used the worst password, 123456.

The fear is, of course, that weak passwords are a security risk anyway, and leaving easy default passwords in consumer electronics products and routers from service providers has been a way to give hackers easier access to the IoT. Devices that have been taken over because of poor passwords can be used to conduct cyber attacks e.g. as part of a botnet in a DDoS attack, without a user’s knowledge.

Password Law

The new law requires each device to come with a pre-programmed password that is unique to each device, and mandates any new device to contain a security feature that asks the user to generate a new means of authentication before access is granted to the device for the first time. This means that users will be forced to change the unique password to something new as soon as the device is switched on for the first time.

What Does This Mean For Your Business?

For businesses using bots to engage with customers, if the organisation has good intentions, there should not be a problem with making sure that the bot informs people that it is a bot and not a human, As AI bots become more complex and convincing, this law may become more valuable. Some critics, however, see the passing of this law as another of the many reactions and messages being sent about interference by foreign powers e.g. Russia, in US or UK affairs.

Stopping the use of default passwords in electrical devices and forcing users to change the password on first use of the item sounds like a very useful and practical law that could go some way to preventing some hackers from gaining easy access to and taking over IoT devices e.g. for use as part of a botnet in bigger attacks. It has long been known that having the same default password in IoT devices and some popular routers has been a vulnerability that, unknown to the buyers of those devices, has given cyber-criminals the upper hand. A law of this kind, therefore, must at least go some way in protecting consumers and the companies making smart electrical devices.

Facebook Messenger May Introduce Voice Commands

Posted on by Andy Miller

It has been reported that Facebook has been testing how voice commands could be used in its Messenger platform to help users to send messages, initiate voice calls and set reminders.

Internally Testing

Facebook is reported to have confirmed to tech news platform ‘TechCrunch’ that it is internally testing a prototype of voice control (which was discovered by a TechCrunch tipster) in the M assistant of Messenger.

Facebook’s new speech recognition feature goes by the name of ‘Aloha’. It is believed that Aloha will be used for Facebook and Messenger apps, as well as external hardware. The Aloha voice assistant could become part of Facebook’s planned Portal video chat screen device / smart speaker, which is currently in development.

Benefits

Enabling voice control in the Messenger platform could bring considerable benefits to users, such as being able to use Messenger ‘hands-free’ in the car, improving accessibility, and generally making it easier for people to use the Messenger platform in the home and on the go.

How Will It Work?

Initial reports indicate that Aloha will be activated in Messenger by tapping an M assistant button which will appear at the top of a message thread screen. This will enable listening for voice commands.

Need To Differentiate

Apart from the obvious, high profile, negative publicly over the Cambridge Analytica data sharing and the recent massive hack, Facebook has experienced challenges in recent times as many of its younger users have moved to Snapchat. Facebook bought Instagram in a move that many saw as a way to attract the young users that moved from Facebook, but this strategy doesn’t appear to have been highly successful.

Adding a voice assistant to Messenger could, therefore, be a way for it to tackle part of this issue, and to differentiate its Messenger option from competitors such as SMS, Snapchat, Android Messages, iMessage and other texting platforms. Facebook is also known to be experimenting with other visual features such as Facebook Stories, augmented reality filters and more in order to help engage and retain users, and differentiate its services.

What Does This Mean For Your Business?

Facebook has been relatively late to the market with a digital voice assistant, but it appears to have found a way to deploy it at a time when it may be most needed to help differentiate its services from competing services, and to generate some good publicity amid the bad.

One of the biggest challenges that Facebook has at the moment, apart from the fact that Snapchat, iMessage, WhatsApp and other services are already popular and users may be loyal, is one of trust by users. The Cambridge Analytica data sharing scandal, and the recent hack which could have more reverberations as cyber-criminals sell and use the data they stole, may mean that users may not trust Facebook to handle their speech data as responsibly as they would like. There are, for example, stories of how other digital voice assistants have listened-in on their users e.g. back in May when an Amazon Echo (Alexa) recorded a woman’s conversation and shared it with one of her husband’s employees. It remains to be seen, therefore, whether users will now be willing to trust Facebook with what is still quite a sensitive area of personal data governance, particularly where business conversations are concerned.

Goodbye Skype Classic, Hello Blockchain-as-a-Service

Posted on by Andy Miller

Just as November will see Microsoft asking Skype users to switch from Skype Classic to version 8, tech commentators are predicting that Microsoft and other companies will be looking to start reaping the financial benefits of offering blockchain as a service (BaaS).

Skype Classic Replaced By Version 8

Microsoft has announced that it will be moving all users of the Classic version of its Skype video call software to version 8 of the software from 1st November for desktop, and 15th November for mobile and tablets.

The company says that it will be sending out notifications to those using the older versions of Skype by the end of October to warn them that they may lose functionality if they don’t switch to version 8.

Why?

The reason for the move is to ensure that users of desktop and smaller screens i.e. tablets or mobiles have the same experience of the program. This is because version 8 applications have been optimized to work in conjunction with modern, mobile-friendly cloud services architecture.

Fewer Features, For Now

Microsoft has admitted that the newer version of Skype won’t offer the same features as the previous versions, but the company has said that it plans to re-introduce some of those features.

Meanwhile, Skype’s Insider community is able to access and test the new ‘Skype 14’ via the Microsoft Store.

Making The Most of Blockchain

Tech commentators have noted that Microsoft and many of the other big tech companies, including Amazon and Oracle, are now looking to make the most of the growing blockchain as a service (BaaS) market. Microsoft was one of the first software vendors to offer BaaS on its Azure cloud platform as far back as 2015, but the predictions are that from the end of this year onwards, the market (estimated to be worth $7billion) will start to grow rapidly.

What Is Blockchain?

Blockchain, the open-source, free technology behind crypto-currencies like Bitcoin, is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.

Why?

The BaaS market is likely to take off in a much bigger way because it offers enterprises the chance to deploy distributed ledgers without the cost or risk of deploying it in-house, and without needing to find in-house developers.

Big Tech Companies Well-Placed

Tech commentators have noted that as well as Microsoft, big companies who look well-placed to have the resources claim a major stake in the BaaS market include Amazon, Oracle, Salesforce.com, and VMware.

It is also believed that large online real-estate/mortgage companies such as Redfin, Zillow, and LendingTree could benefit from using blockchain-based online services in the transfer of property.

Real-World Blockchain Examples

The benefits of blockchain technology are already being in enjoyed by many companies, and some of the ways that it is currently being deployed include:

  • Walmart’s pilots where the time it takes to trace a food item from shop to farm was reduced, through the use of blockchain, from 7 days to just 2.2 seconds.
  • A pilot project between car-maker BMW and start-up Circulor with a view to eliminating battery minerals produced using child labour. In that project, blockchain is being used to help provide a way to prove that artisanal miners are not using child labour in their cobalt mining activities.
  • Using the data on a blockchain ledger to record the temperature of sensitive medicines being transported from manufacturer to hospital in hot climates. The ‘incorruptible’ aspect of the blockchain data gives a clear record of care and responsibility along the whole supply chain.
  • Using an IBM-based blockchain ledger to record data about wine certification, ownership and storage history. This has helped to combat fraud in the industry and has provided provenance and re-assurance to buyers.
  • Shipping Company Maersk using a blockchain-based system for tracking consignments that addresses visibility and efficiency i.e. digitising a formerly paper-based process that involved multiple interactions.
  • Start-up company ‘Electron’ building a blockchain-based system for sharing information between those involved in supplying energy which could speed up and simplify the supplier switching process. It may also be used for smart grid processes, such as local load-balancing of supply and demand.

Launches

It has also been reported that Hewlett-Packard Enterprise (HPE) has launched a BaaS flexible charging offering, and SAP has also launched BaaS on its Leonardo digital software platform.

What Does This Mean For Your Business?

The fact that we now use mobiles devices more than desktop computers for work and leisure made it more or less inevitable that Microsoft would want to make changes to Skype to make the mobile experience of the program a priority.

The benefits of blockchain technology are just starting to be realised and exploited by many different companies around the world. The BaaS market is, therefore, still at the beginning of the curve, and it makes sense that big tech companies are well placed to be in the market early with their enterprise offerings. BaaS offers businesses the opportunity to harness the power and unique benefits of blockchain without the costs, and difficulties of trying to develop their own in-house offerings. Blockchain has already proven itself to be a technology that can save time and costs, provide fast and secure traceability, visibility and efficiency, and provide a real competitive advantage for companies that are willing to investigate how it could be used to add value to their particular business.

Even governments and cities around the world have realised the benefits and are committing considerable resources to the use of blockchain. For example, Dubai has committed to putting all of its documents on blockchain in the next few years and has founded a public-private initiative called the Global Blockchain Council to foster the development and use of blockchain technology in and between local government teams, local businesses and international start-ups.

Tech Tip – Disable Flash in Edge to Speed Things Up

Posted on by Andy Miller

Adobe Flash may be a way to make websites more exciting and engaging, but it can contain bugs, security holes, and it can really slow things down when you’re waiting for Flash-heavy pages to load. In Windows 10 you can quickly and easily turn off Flash in the Edge browser. Here’s how

Go to Settings and scroll until you can click “View Advanced Settings”.

Toggle “Use Adobe Flash Player” to off.

Company Fined £150k For Nuisance-Calling People Who Had Opted-Out

Posted on by Andy Miller

Manchester-based Oaklands Assist UK Ltd has been fined £150,000 by the ICO for making approximately 64,000 nuisance direct marketing calls to people who had already opted out of automated marketing.

Serious Contravention of UK Law & EC Directive

The monetary penalty by the ICO was delivered under section 55A of the Data Protection Act 1998 (DPA) due to a “serious contravention” of Regulations 21 and 24 of the Private and Electronic Communications (EC Directive) Regulations 2003.

The law states that live calls must not be made to any number registered with the Telephone Preference Service (TPS) unless they have specifically consented to the call. It appears, however, that Oaklands Assist UK Ltd completely ignored this, and continued to call those who had opted out via the TPS.

Complaints

It has been reported that Oaklands Assist UK Ltd was one of the most complained-about organisations in June 2017, clocking up 59 complaints. It is understood that the nature of the calls related to questions about accidents that call recipients may have had.

The complaints ranged from reports of:

  • Callers being abusive when asked how they got recipients details and using profane language when hanging up.
  • Callers becoming angry and aggressive when asked to remove recipients details from the call list (when the recipient was on hands-free in the car, with children present).
  • Callers making repeated and often silent calls, and even call recipients complaining of stress, exhaustion and depression as a result of receiving and trying to avoid multiple calls.

No Response

According to the ICO, Oaklands Assist UK Ltd ignored requests for information from the ICO that had been made six months earlier, and only responded when threatened with criminal proceedings by the ICO. Even then, the company was reported to be “vague and obstructive” in their answers.

Tried To Escape

It has also been reported that the ICO had to intervene to prevent Oaklands Assist UK Ltd from being struck off the Companies House register, which is thought to have been a bid by the company to escape the sanction.

Moves are also now afoot by the UK government to make directors of companies personally responsible for penalties such as ICO fines to stop them from evading penalties by dissolving the offending company and simply starting up again under a different name.

What Does This Mean For Your Business?

If you’ve ever had your time wasted and / or perhaps even experienced abuse from callers asking you about the accident that you (haven’t) had, then this action by the ICO will be music to your ears. Of course, you can register with the TPS not to receive unwanted marketing calls but in this case, the company concerned simply ignored that service, and ignored any rules and regulations surrounding making outgoing marketing calls.

Unsolicited calls can be a major disruption to businesses, even if the calls are not abusive or relating to fake accidents or PPI. For example, Ofcom data shows that UK consumers received 2 billion+ calls and texts from claims firms in 2017, and Aviva data shows that this is the equivalent of 6 million calls and texts per day, (mainly aimed at people aged 65 and above). Not only does this disrupt any businesses that receive the calls, but it also makes it more difficult for direct marketers who do play by the rules, and makes consumers simply want to dismiss all marketing calls, favouring non-interruptive communications.

GDPR was introduced to give us more rights where the use of our personal data is concerned, and gives us the right to be forgotten. As consumers, this may make us feel as though it has given us more power, but for businesses it has also created a lot of work in preparation for GDPR, has required extra costs of hiring / appointing / training an in-house DP expert, as well as creating the fear of fines or other problems though not being able to fully comply with the extensive detail of the Regulation. Companies should, however, be more re-assured by recent comments from ICO Deputy Commissioner James Dipple-Johnstone who was quoted as saying that businesses that take their data protection responsibilities seriously “have nothing to fear from an ICO inspection or investigation” and that the real norm of the work of the ICO relating to GDPR is simply audits, advisory visits and guidance sessions.

Elon Musk – World’s Most Expensive Tweet!

Posted on by Andy Miller

Tesla’s CEO Elon Musk’s tweet(s) about taking the company private using ‘secured’ funding has cost him not just his role as Chairman for 3 years, but also a $20m (£15m) fine, and some damaging fraud accusations.

What Happened?

Back in August, the South African-born, 25th richest person in the world (Forbes), and Chairman of American multinational corporation specialising in electric vehicles ‘Tesla’ made a short series of tweets that put him on the wrong side of the US financial regulator Securities and Exchange Commission (SEC) rules.

In the tweets, Mr Musk said that he was considering taking the electronic car maker Tesla off the stock market and into private ownership, stated that he had “funding secured” for the deal, and that Tesla shares would be valued at $420 each.

The tweets resulted in a lawsuit being filed against Tesla last week (although Tesla was not actually named in it) by the SEC, and allegations of fraud brought midscale negative publicity.

The tweets also caused problems for money market investors as the company’s share value fell due to lack of confidence, and $7 billion was wiped from Tesla’s market value, down 14% at the end of last week.

What’s The Problem?

The 9 separate issues (allegations) with Mr Musk’s announcements via Twitter, according to the SEC included the facts that Mr Musk had not agreed upon any terms for a going-private transaction with the Fund or any other funding source, and that he had never discussed a going-private transaction at a share price of $420 with any potential funding source. In short, the SEC has said that Mr Musk’s stated intentions had no basis in fact, and that said the market chaos following the announcement hurt investors.

Reached Agreement

It has now been reported that a deal has been reached between the regulator and Tesla whereby Mr Musk has 45 days to leave his role as chairman (or face another large fine), and can’t be chairman of Tesla for 3 years, although he can stay on as Tesla’s Chief Executive Officer. This will mean that a new independent chairman will need to be appointed to preside over the company’s board. Tesla and Mr Musk will also have to pay a $20m (£15m) fine.

What Does This Mean For Your Business?

Bearing in mind the damage done to the market value of the company (and investors), and the fact that Tesla faces a large fine, Mr Musk still remaining as the CEO means that he still got off more lightly than some had wanted or predicted. For example, agreeing to this SEC deal means that Mr Musk still retains influence but not as much power, and can avoid receiving the potentially more damaging punishment of being barred from serving any publicly traded company as an officer or director. Some commentators have also said that the only reason that Mr Musk wasn’t stopped from being CEO too is the fear of a stock collapse.

This story is an example of how a person’s style, power, and ability to grab headlines may be an asset to a company in boosting its rapid growth, but could become a liability later on, particularly if they appear to wield too much power and / or act in a way that appears not to take account of regulations or investors.

As the SEC puts it, this is essentially a case of misconduct by the person at the top, and is an example of why big companies need strong corporate governance and oversight in order to protect investors.