How Does Encryption Work?

Posted on by Andy Miller

Encryption comes from the age-old science of cryptography.  In the digital world of today, encryption refers to using electronic devices to generate unique encryption algorithms which essentially scramble messages and data making them unintelligible to anyone who tries to intercept them, and also to provide an effective way to lock our electronic devices.

Using Encryption

Encryption can be used for most things that have an internet connection, such as messaging apps, personal banking apps, websites, online payment methods, files and more.

Why?

Cybercriminals seek our personal data (especially financial details) which they can find in our files, on our personals devices, and on websites / platforms and places online where we have submitted that data e.g. for registration/login, payment, in the form of emails and other messages, and our personal data may be stored in many different places (servers and databases) across the Internet and the digital world.

Verizon figures show that nearly one-third of all data breaches in 2018 involved phishing and that phishing was present in 78% of cyber-espionage incidents and the installation and use of backdoors.  Also, IT Governance figures, for example, show that 421,103,896 data records were confirmed to have been breached in October this year (still only 50% of the monthly average!) in111 incidents (including the compromising of sensitive and financial information).

A recent nCiper survey showed that the main driver for encryption is the protection of sensitive information and that organisations use encryption to protect intellectual property and the personal information of their customers.

Symmetric and Asymmetric Encryption

There are two main encryption methods, symmetric and asymmetric, both of which are made up of encryption algorithms, and the use of prime numbers forms a fundamental aspect of popular encryption methods.

Note: You will often hear the term ‘keys’ used as part of the explanation of encryption.  Keys in this sense means a random (but unique) string of bits that are generated by an algorithm to scramble and unscramble data.  Generally, the longer the key, the harder it is to break the encryption code.

Symmetric encryption uses the same (identical) key for encrypting and decrypting data. With symmetric encryption, two or more parties have access to the same key. This means that although it is still secure, anyone who knows how to put the code in place can also reverse engineer it.  Symmetric key encryption is generally used for encrypting large amounts of data efficiently e.g. 256-bit AES keys are symmetric keys.

Asymmetric encryption, on the other hand, uses a pair of keys, one for encrypting the data and the other for decrypting it. For the first key (used to encrypt data), ‘public key’ cryptography uses an algorithm to generate very complex keys, which is why asymmetric encryption is considered to be more secure than symmetric encryption (the code can’t be run backwards).  With asymmetric encryption, the public key is shared with the servers to enable the message to be sent, but the private key (owned by the possessor of the public key) is kept secret. The message can only be decrypted, therefore, by a person with the private key that matches the public one. Different public-key systems can use different algorithms.

Public Key Encryption – HTTPS

Public key encryption is widely used and is useful for establishing secure communications over the Internet e.g. for TLS/SSL, which enables HTTPS.  For example, A website’s SSL/TLS certificate is shared publicly and contains the public key, but the private key is on the origin server i.e. it is “owned” by the website.

Different Methods of Encryption

There numerous common encryption algorithms and methods.  These include:

  • RSA – Unveiled by three mathematicians back in 1977, RSA is a public-key encryption algorithm and a common standard for encrypting data sent over the internet.
  • Triple DES – designed to replace the original Data Encryption Standard (DES) algorithm and uses three individual keys with 56 bits each.  Triple DES is being used less frequently now but is still used in financial services and other industries.
  • Blowfish – also designed to replace the original Data Encryption Standard (DES).  This is a flexible and strong standard that is found in many different software categories e.g. e-commerce platforms (to protect passwords).
  • Twofish – One of the fastest, can be used in hardware and software environments, and (like Blowfish) is freely and often bundled in encryption programs.
  • AES – Advanced Encryption Standard (AES) is an incredibly strong encryption algorithm used by the U.S. Government, and likely to become the private sector standard in future.

Free Encryption

In addition to Blowfish and Twofish, other free encryption tools include LastPass (a popular password manager), VeraCrypt (available for Windows, OS X and Linux OS), and FileVault2 (good for encrypting data on macOS devices and Mac hardware).

Windows 10 includes its own encryption tool ‘BitLocker’ which enables you to use encryption on your PC’s hard drive and on removable drives.

End-to-End Encryption

End-to-end encryption is used to encode and scramble information so only the sender and receiver can see it. For example, WhatsApp uses end-to-end encryption and although the messages go through a server, none of those messages can be read by anyone other than the sender and receiver.

WhatsApp and its end-to-end encryption were criticised by Amber Rudd in 2017 (who was Home Secretary at the time) when it was revealed that the first London Bridge terror attackers used WhatsApp to plan the attack and to communicate.  This led to government calls for ‘back doors’ to be built-in to WhatsApp and other end-to-end encrypted communications tools to allow government monitoring.  These calls were resisted on the grounds that building back doors means that security is compromised, and cybercriminals could also exploit these back doors.

Fails

Although encryption provides effective security and privacy it is not always infallible. For example:

  • Back in May 2018, A German newspaper released details of a security vulnerability discovered by researchers at Munster University of Applied Sciences, in PGP (Pretty Good Privacy) data encryption. PGP is an encryption program that is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and disk partitions, and to increase the security of e-mail communications.
  • Also, in October this year a report by a former Google employee on the ‘Freedom of the Press Foundation’ website warned organisations that any data stored on Google’s G Suite is not encrypted, can be accessed by administrators and can be shared with law enforcement on request.

Quantum Threat

One on threats to existing encryption that many tech commentators fear in the near future comes from quantum computers.  For example, quantum computers can perform calculations much faster than classical computer and this could enable them to defeat the encryption that currently protects our data e.g. our online banking records and other personal documents on hard drives.  With people having access to (commercial) quantum computers, this could become a real threat (e.g. access to Quantum Systems are now being offered via the cloud).

As well as the quantum threat, there is also some concern among tech and security commentators about the encryption and anonymisation technology that is being used to hide criminal activity e.g. on the dark web

The Future

In the immediate future, therefore, some companies are seeking to address the threat from quantum computers cracking existing encryption algorithms. Estimates of when there will be commercially available quantum computers range between 10 and 20 years, although state-sponsored use of quantum computers for wrongdoing could conceivably happen sooner.

The National Institute of Standards and Technology is already pushing researchers to look ahead to this “postquantum” era.

Recently, IBM researchers developed two quantum-proof cryptographic algorithms (Kyber and Dilithium) which now make up the “Cryptographic Suite for Algebraic Lattices” (CRYSTALS).  These have enabled IBM to create the world’s first quantum computing-safe tape drive.

In the meantime, however, with cyber threats evolving at a fast pace, companies and organisations that don’t use encryption as one of their security tools are effectively making things too easy for cybercriminals to access their data, with potentially devastating consequences.

Facebook’s New Tool Allows You To Port Your Photos & Videos To Google

Posted on by Andy Miller

Facebook has announced that it is releasing a data portability tool that will enable Facebook users to transfer their Facebook photos and videos directly to other services, starting with Google Photos.

Why?

Facebook acknowledged in its white paper (published back in September) that under GDPR currently, and under the California Consumer Privacy Act rules next year, data portability is a legal requirement. Also, Facebook said that it had also been considering ways to improve people’s ability to transfer their Facebook data to other platforms and services for some time e.g. since 2010 Facebook has offered Download Your Information (“DYI”) to customers so they can share their information with other online services.

In addition to the legal requirements and Facebook’s existing DYI service, Facebook highlights its own belief in the principle of data portability, and how this could give people control and choice while encouraging innovation as the reason for the introduction of its new data portability tool.

What Is It?

Facebook says that its new photo transfer tool (the roll-out has just started) is a tool based on code that has been developed through participation in the open-source Data Transfer Project and can be accessed via Facebook settings within Your Facebook Information.

The tool will enable Facebook users to transfer their Facebook photos and videos directly to other services (Google Photos first).

The first part of the roll-out is in Ireland with worldwide availability planned for the first half of 2020.  Facebook says that the tool is still essentially in testing and that it will be refined based upon feedback from users and from conversations with stakeholders

Help From The Data Transfer Project

One of the key factors in the development of the portability tool was Facebook joining the Data Transfer Project (along with Google, Microsoft, Twitter, Apple, and others) which is an open-source software project that’s designed to help participants develop interoperable systems that will enable users to transfer their data seamlessly between online service providers.

What Does This Mean For Your Business?

Facebook has been offering its DYI service for nearly 10 years, but the new portability tool is something which will enable Facebook to meet its legal requirements under GDPR and the CCPA while helping Facebook to stay competitive with other online services.

Facebook is also acutely aware of the damage done to user trust over the data sharing with Cambridge Analytica, which is why the recent white paper that Facebook published about its portability ideas clearly acknowledged that portability products need to be built in a privacy-protective way.

For Facebook users, this new tool may be one of the many new services that help them to be more trusting of Facebook again by making them feel that they have real options and choices about what they do with their files from Facebook (even though it’s a legal requirement to give people the portability option).

Over Half of Businesses Don’t Respond To GDPR Requests On Time

Posted on by Andy Miller

The results of a survey by Talend show that 58% of businesses worldwide fail to address requests from individuals for a copy of their personal data within the one-month time limit as required by GDPR.

Bad, But Better Than Last Year

The survey, which involved 103 GDPR-relevant companies across the globe (84% of which were EU-based companies) revealed that more than 18 months after the General Data Protection Regulation (GDPR) came into force, most companies are still not complying with the Regulation when it comes to data requests.

Even though a 58% failure to comply rate is not good, it is an improvement on 2018 when 70% of the companies surveyed reported they had failed to provide an individual’s data within one month.

Public Sector, Media & Telecoms Worst Offenders

The Talend survey revealed that only 29% of public sector organisations and only 32% of companies in the media and telecommunications industries were able to respond with the correct data within the one-month limit, putting them at the bottom of the compliance table for this issue.

Average Performers

The survey also showed that companies in the retail (46%), financial services, travel, transport and hospitality sectors barely achieved an average response rate within the one-month limit. This, however, was a small improvement on the previous year.

Why?

According to Talend, the lack of a consolidated view of data and clear internal ownership over pieces of data, and a lack of automation in processing requests are key reasons why companies are failing to respond to data requests within the legal time limit.

In some industry sectors too (e.g. financial services), retrieval of the information may be complicated by clients perhaps having many different contracts with the same company with their data being spread across different offices and systems.  This, coupled with the fact that processing data requests is often manual, time-consuming, and, therefore, costly (“spend, on average, more than $1,400 to answer a single SRR” – Gartner) goes some way to explaining the slow response. (SRR means subject rights request)

Also, there is a lack of proper ID checks by companies where data requests are concerned with only 20% asking for ID, and there have also been reports of companies struggling to find the right email address to send the data requested to.

What Does This Mean For Your Business?

With GDPR becoming law 18 months ago, the potential fines for non-compliance being large, and with companies and organisations having appointed specific people to be in charge of data management and security, these results do look a little disappointing on the surface, and many businesses would expect to do better.  However, GDPR has brought a much larger volume of data requests for some organisations and back in June it was even reported by law firm Squire Patton Boggs that one year on from the introduction of GDPR, companies were facing cost pressures from a large number of subject access requests (SARs) coming from their own employees.

Nevertheless, the shift in responsibility towards companies that GDPR has brought, and the widespread knowledge about GDPR is a reminder also, that companies really should have a system and clear policies and procedures in place that enables them to respond quickly and in a compliant way to data requests, whoever they are from.

Record Levels Of Carbon Dioxide Emissions

Posted on by Andy Miller

The Global Carbon Project reports that carbon dioxide emissions, which are linked to climate change, extreme weather events and rising oceans haven reached record-breaking high levels this year.

Emissions High But Rate of Growth Slowing

New papers published in “Earth System Science Data,” “Environmental Research Letters” and “Nature Climate Change” contain the predictions from Global Carbon Project scientist Rob Jackson.

The papers highlight the fact that, although CO2 emissions are at a record high this year, and could (if dramatic actions aren’t taken by nations with regards to energy, transportation and industry) keep increasing for another decade, the actual rate of growth of CO2 emission levels has slowed noticeably from the last two years.

Highest Ever Levels Says World Meteorological Organisation

The World Meteorological Organisation’s annual report published this week also brought CO2 levels to the world’s attention when it concluded that carbon dioxide levels recently reached an all-time high.  This is believed to be the highest level in human history.  News from Yale’s Environment 360 report also warned that if current emission levels persist CO2 levels could reach 500 ppm in as little as 30 years. By contrast, it was around 310 ppm in 1960 and has been rising almost linearly. Currently, it’s at around 410 ppm.

Fossil Fuel Use

Fossil Fuel use accounts for 90% of all CO2 emissions. Although coal use is in decline globally, oil and natural gas use are still high, particularly so (high per capita emissions) in wealthier countries.  Scientists have highlighted the fact, therefore, that affluent countries must drastically cut their CO2 emissions to offset the increase in emissions from developing countries as they turn to natural gas and gasoline for their growing transportation and energy needs.

In terms of a percentage breakdown, about 40% of global carbon dioxide emissions can be attributed to burning coal, 34% comes from the use of oil, 20% is thought to come from the use of natural gas, and the remaining 6% is thought to come from cement production (common in developed and rapidly developing countries), and from other sources.

Biggest Emissions

Among the biggest CO2-emitting countries and regions are China, the U.S., Russia, India and Japan. In terms of biggest per capita CO2 producers, Saudi Arabia tops the table with a 16.85 per capita level of CO2 emissions.  It has also been reported that the U.S, which has roughly one car per person, has an oil consumption per person that is 16 times greater than in India and six times greater than in China.  Many climate protesters point to America’s large number of petrol-guzzling cars as being a major contributor to the problem.

Pulling Out of Climate Change Agreements

In November, President Donald Trump announced that he planned to withdraw the US from the Paris climate agreement.  This is the agreement that was aimed at reducing greenhouse gas emissions to halt the rise in global temperatures (to stop melting ice caps, raising sea levels, killing wildlife, and the devastation of vast areas with flooding).

Renewable Energy

Many climate change and energy commentators have pointed to greater use of renewable, green energy sources (e.g. tidal, wind, solar) as being a way of bringing down CO2 levels while delivering many other environmental benefits.  For example, a recent report by the International Renewable Energy Agency (IRENA) suggested that the increased deployment of renewable energy and energy efficiency in G20 countries (and globally) could reduce CO2 emissions from the energy sector by 70% by 2050, and completely phase them out by 2060.

What Does This Mean For Your Business?

Climate change bringing a rise in temperature and a rise in CO2 emissions is now thought by many to be a global emergency. The increasing number of warnings from experts and scientists, coupled with climate change protests in cities around the world, and with Greta Thunberg proving to be a formidable spokesperson with a strong message from the next generation, mean that climate change, and how we should all take responsibility for our contribution to it (through recycling and cutting back on fossil fuel use) is an issue very much to the fore. This appears to be an emergency which affects businesses and individuals, and businesses that lead the way in playing their part in reducing their carbon footprint will be making changes now that will help them to compete, and their efforts will be valued by increasingly environment-conscious consumers who will be looking for products and services that deliver ‘green’ value, help them to feel good about themselves and their efforts, and reduce their own carbon footprint.

Tech Tip – Easy Timer In Google

Posted on by Andy Miller

If you need to complete a piece of work in within a certain time, or you’ve got a call to make or meeting to go to in an hour or two, there’s an easy timer reminder (and stopwatch) already built-in to Google.

To operate the timer:

– Type “start a timer” into Google.

– Choose “Timer” and enter the required time period (hours, minutes, seconds).

– Click on the “Start” button.

– A bleeping alarm will sound at the end of the time period you’ve selected.

– You can press “Reset” to get a new time goal.

The Difference Between Backup and Disaster Recovery

Posted on by Andy Miller

We’re all familiar with the value of making a backup of business data, but how does this fit with ‘Disaster Recovery’ and ‘Business Continuity’ strategies?  This article takes a brief look at how these elements fit together to ensure that businesses can survive, function and get back up to speed when disastrous events (external or internal) pose a serious threat.

Reality

Normal life rules apply to the business environment i.e. things can and do go wrong, and backup and disaster recovery are both based upon this understanding.

Business continuity in the event of a ‘disaster’, is about making sure that your essential operations and core business functions can keep running while the repairs can be made that get you back up to speed.

What Could Go Wrong?

There is a potentially huge range of ‘disasters’ that businesses could make plans to be able to overcome, and even though organisations come in different sizes and have different budgets, the risks they face are generally the same.  Typically, the more obvious ‘disaster’ threats the business include:

  • Hardware failures/server failures.
  • Outages and/or file corruption
  • The effects of cyber-attacks.  For example, 53% of senior managers believe that a cyber-attack is the most likely thing to disrupt their business (Sungard AS 2019) and the effects could include damage to / locking out of systems (malware and ransomware), fraud and extortion, data breaches (which could also attract fines under GDPR, damaging publicity and loss of customers).
  • Environmental/natural disasters e.g. fire and flood.
  • Important 3rd supplier failure or the loss of key employees.
  • Failures of part / a component of a network e.g. as highlighted by recent problems with banking and airline industry services.
  • Theft or loss of equipment holding company data.

Backing Up Your Data – Where To Store It

When it comes to backups, security, integrity, cost, scalability, complying with legislation, your own business plans, and ease of daily use are all considerations.  Where / how to store backed-up data is a decision tackled differently by different companies.  In the UK, GDPR (the data protection regulations) should be taken into account in these decisions.  Places to back up data could include:

  • On-site – storing data in the same location e.g. on an external hard drive in the workplace.  Although the data backup is close to hand, this is not a particularly secure solution and in the event of flood/fire/theft disasters, your data would be gone.
  • Off-site – taking the data away on a hard drive or another physical storage medium.  This means it’s less at risk from local issues (e.g. loss, theft, damage) but could mean it takes longer to restore data .
  • Online – backing up your data on hosted servers (in the cloud) and accessing them through an application. This is now becoming the preferred method for most businesses as it is convenient and fast (if you have an Internet connection) and it cuts out many of your on-site potential disaster risks (fire, flood, loss and damage of physical storage media).

Some businesses prefer to use a ‘hybrid’ cloud backup to help address any vulnerabilities that cloud-only or local-only backup solutions have.

There are many dedicated online backup solutions available e.g. IDrive Business, Backblaze Business, Carbonite Safem, or larger solutions for businesses with much bigger data backup requirements.

Backup Decisions

Taking regular, secure backups of your business data is an important part of good practice.  It is also an important element of disaster recovery and the business continuity process.

There are several types of backup that businesses need to make decisions about.  These include whether, if/when and how to make:

  • A full backup – one that covers every folder and file type and typically takes a long time.
  • An incremental backup – the first back up is a full one, followed by simply backing up any changes made to the previous backup.
  • A differential backup – similar to an incremental backup, requires more storage space but has a faster restore time.
  • A mirror backup – an exact copy of your data that has the advantage of removing the obsolete files each time.
  • An Image-based backup – captures images of all data and systems rather than just copying the files.
  • A clone of your hard drive – similar to imaging and creates an exact cloned drive with no compression.

In reality, many businesses make use of many different types of backup solutions at the same time.

Business Continuity, Backup Decisions and Disaster Recovery

Accepting that disasters happen and that you can plan how to maintain business continuity while you deal with them (using a disaster recovery plan) is an important step in safeguarding your business. Maintaining the ability to ensure that core functions and critical systems remain in place in the event of a disaster (business continuity) involves planning, an important part of which is the disaster recovery plan (DRP).  Creating this plan is usually an interdepartmental process, which is often led by information technology.

RTO & RPO – Linking Backups To Your DRP.

There are two metrics you can use to help you to make data backup decisions that relate to your DRP.

The Recovery Time Objective (RTO): the recovery window / how long (time) the business realistically has to recover from a disaster before there are unacceptable consequences.

The Recovery Point Objective (RPO): how far back (the maximum tolerable period of time) your organisation needs to go in recovering data that may have been lost due to a disaster.

By working out these time periods (particularly RPO), it can help you to decide upon the frequency of backups, which backup methods are most suitable and preferable to you e.g. the need to go back longer periods may favour online backups, and businesses with  large quantities of valuable historic data may struggle with a short RTO (which may require tiered data recovery).

In today’s business environment it is worth bearing in mind that your customers are not likely to be very tolerant of downtime, so recovery windows now need to be as short as possible. Many businesses, therefore, simply opt for a daily backup.

Disaster Recovery Plan

At the heart of your business disaster recovery strategy should be the disaster recovery plan (DRP) which should provide step-by-step workable instructions to ensure a fast recovery.  A DRP should be tested and kept up to date to ensure that it will work in reality in the event of a disaster and typically includes elements like:

  • A plan for roles and communications, detailing employee contact information and who’s responsible for what following the disaster.
  • A plan to safeguard equipment e.g. to keep it off the floor, wrapped in plastic away from flooding.
  • A data continuity system that details what the business needs to run in terms of operations, finances/accounts supplies, and communications.
  • Checking that your data backup regime is working, and that very recent copy is stored in a secure place but would be easily and quickly accessible when needed.
  • An asset inventory, including photos where possible, of the hardware (workstations, printers, phones, servers etc) reference for insurance claims after a major disaster.
  • Keeping (up to date) documentation that lists all vital components of your IT infrastructure, hardware and software, and a sequence of what needs to be done to resume business operations with them.
  • Photos showing that the hardware was in use by employees and that care had been taken to minimise risk e.g. items were off the floor (e.g. to avoid flood damage).
  • A supplier communication and service restoration plan so that you quickly restore services and key supplies after the disaster.
  • Details of a secondary location where your business could operate from if your primary location was too badly damaged in a disaster.
  • Details of the testing, optimisation and automation of your plan to ensure that it could be implemented quickly, as easily as possible, and free from human error.

Putting The Pieces Together

The basic difference between a backup and disaster recovery, therefore, is that a backup is having a copy of your data, and disaster recovery is the whole strategy to recover your business operations and essential IT environment in the event of a serious event e.g. cyber-attack, equipment failure, fire or flood.

Creating a DRP involves completing a risk assessment and business impact analysis in order to identify critical applications and services, and it is from here that your business can then create its own tailored RTOs and RPOs which in turn, will link to your backup strategy and cycles.

Backups are essential files that enable a full restore, and as such are an important element of ongoing good practice and of your DRP, and your backup should relate strongly to the underlying strategy of disaster recovery.

One thing is certain about backup and disaster recovery which is that having no plan for either is means planning to fail.

Hacker’s Website Closed Down In International Operation

Posted on by Andy Miller

A website (and its supporting infrastructure) which sold a variety of hacking tools to other would-be cybercriminals has been closed down after an investigation by agencies from multiple countries including the UK’s National Crime Agency (NCA).

IM-RAT

The main tool that the agencies were particularly interested in eradicating was the Imminent Monitor Remote Access Trojan (IM-RAT) which is a hacking tool, of Australian origin, which has been on sale for 6 years and was available for sale via the Imminent Monitor website.

According to Europol, once installed on a victim’s computer the IM-RAT malware, which could be purchased for as little as $25, allowed cybercriminals to secretly “disable anti-virus and anti-malware software, carry out commands such as recording keystrokes, steal data and passwords and watch the victims via their webcams”.

Big International Operation

The investigation and the operation to shut down the sale of IM-RAT was led by the Australian Federal Police (AFP) and involved judicial and law enforcement agencies in Europe, Colombia and Australia, and was coordinated by Europol and Eurojust.

Coordinated law enforcement activity has now ended the availability of IM-RAT, which was used across 124 countries and sold to more than 14 500 buyers. IM-RAT can no longer be used by those who bought it.

In a week of actions (in November), the international agencies dismantled the infrastructure of IM-RAT, arrested 14 of its most prolific users and seized over 430 devices for forensic analysis.

Back in June, search warrants were executed in Australia and Belgium against the developer and one employee of IM-RAT and most recently, actions to fully shut down the distribution of IM-RAT have also been taken in Australia, Colombia,  Czechia, the Netherlands, Poland, Spain, Sweden and the UK.

In the UK, it has been reported that the NCA searched properties in Hull, Leeds, London, Manchester, Merseyside, Milton Keynes, Nottingham, Somerset and Surrey in relation to the investigation.

The shutting down of the whole IM-RAT infrastructure, and the detailed analysis of the malware and the website used to sell it mean that IM-RAT can no longer be used.

Tens of Thousands of Victims

With the IM-RAT malware/hacking tool being so widely used, Europol believes that there are probably tens of thousands of victims around the world, and so far, investigators have been able to find evidence of stolen personal details, passwords, private photographs, video footage and data.

IM-RAT

Although IM-RAT allows cybercriminals to secretly take control of a computer, there are some common signs which indicate that a computer may have been infected with IM-RAT.  These signs include an unusually slow internet connection, unknown processes running in a system (which are visible in the Task Manager, Processes tab), files being modified or deleted without your permission, and unknown programs being installed on your device (visible in the Control Panel, Add or Remove Programs).

What Does This Mean For Your Business?

For businesses, this kind of malware caused considerable problems, not least in terms of data protection, disruption, industrial espionage and extortion, and left their devices wide open to hackers. This internationally co-ordinated move by multiple agencies is an important step in the battle against so-called ‘crime as a service’ and bulletproof hosting where organised gangs have sought to profit from crimes that they can carry out from a distance via the Internet.

If you believe that your device may have been infected by IM-RAT, the Europol advice is to disconnect your device from the network in order to prevent any additional malicious activity, install trustworthy security software, and run a scan of your device using security software. When you’re satisfied that you’ve removed the infection, change the passwords for your online accounts and check your banking activity.

Some general steps you can take to guard against falling victim to malware include keeping your anti-virus software and patching up to date, installing a firewall, only using strong passwords (that aren’t shared across different accounts), covering up your webcam when its not in use, regularly backing up your data, and making sure that you don’t open any suspicious-looking emails and attachments even if they do come from people on your contact list.

The Battle Between ‘Slack’ and ‘Teams’

Posted on by Andy Miller

With Microsoft’s announcement that it’s Teams product has 20 million daily active users (and growing), sending Slack’s share price downwards (Slack has 12 million users), the battle is well underway in the $3.5 billion chat-based collaborative working software market.

What Is Slack?

Slack, launched in 2013, is a cloud-based set of proprietary team collaboration tools and services. It provides mobile apps for iOS and Android, and is available for the Apple Watch, enabling users to send direct messages, see mentions, and send replies.

Slack teams enable users (communities, groups, or teams) to join through a URL or invitation sent by a team admin or owner. Slack was intended to be an organisational communication tool, but it has gradually morphed into a community platform i.e. it is a business technology that has crossed over into personal use. Slack recently introduced an “email bridge” into its platform that will allow those who only have email to communicate with Slack users.  Back in May last year, ‘Slack’ introduced a new ‘Actions’ feature that made it easier for users to create and finish tasks without leaving by having access to more 3rd party tools.

In October this Year Slack announced that it has 12 million daily active users, which is 2 million increase since January.

What Is Teams?

Teams, announced in November 2016 and launched by Microsoft in 2017, is a platform designed to help collaborative working and combines features such as workplace chat, meetings, notes, and attachments. Described by Microsoft as a “complete chat and online meetings solution”, it normally integrates with the company’s Office 365 subscription office productivity suite. In July 2018, Microsoft introduced a free, basic features version of Teams which did not require an Office 365 account, in order to increase user numbers and tempt users away from Slack.

Microsoft Teams is also the replacement for Skype for Business Online, the support for which will end on 31 July 2021, and all new Microsoft 365 customers have been getting Microsoft Teams by default from 1 September 2019.

Share Tumble For Slack

Slack’s share value fell earlier this year after it announced that its projected sales growth would be lower for the second half of the year. Slack became a publicly-traded company on the New York Stock Exchange in June, and investors have been saying that it will need to maintain an impressive growth rate to compete against competitors like Microsoft (with Teams), Alphabet (Google) and Facebook.

The recent announcement by Microsoft that Teams has 20 million daily active users compared to Slack’s 12 million and has increased daily active users by more than 50% from June caused another downward push on Slack’s share value.

Slack’s Challenge – To Get More Large Paying Customers

Slack, which enjoys popularity in the U.S corporate workplace has been trying to emphasise that it is not just a chat/messaging app, but that it can connect to companies’ other applications in a way that can streamline workflows and aid real value addition and savings.  Slack is, however, facing a challenge in convincing big businesses that it is worthy, paid-for alternative to its more well-known competitors, and according to Bloomberg Intelligence analyst Andrew Eisenson, less than 1% of Slack’s customer base are large customers that spend more than $100,000 a year. One of the problems that Slack has is that although large companies in the US use it and like it, they currently have a free version, so Slack will have to convince them to upgrade to the paid-for version.

Despite having lower user numbers than Teams, some tech commentators have noted that Slack has stickiness and strong user engagement which help to attract businesses that want to get into using workstream collaboration software.

What Does This Mean For Your Business?

Microsoft has the advantage of a very well-known and trusted brand with huge reach, Teams already integrates with Office 365’s subscription office productivity suite, and there’s now a free version that doesn’t even require an Office 365 account.  Also, Teams is set to replace Skype for Business Online next year, and Microsoft has made sure that Skype for Business Online customers know that Microsoft’s investment and interoperability will make the migration to Teams a fairly painless one.

All this means that Teams appears to be in a very good position to continue what has been a rapid growth this year, and despite Slack’s positive features, Slack will have to fight hard to get big businesses interested in order to compete.

For users, there are now several good collaborative working services to choose from, but at the present time, the facts that investors don’t know when Slack is going to be profitable, coupled with a fall in revenue have led some commentators to think that Teams is looking as though it could come out on top.

Amazon Announces Smart Office Supply Re-Ordering Device

Posted on by Andy Miller

Amazon has announced the introduction of a ‘smart’ office essentials re-ordering device called Dash Smart Shelf which uses a weight-sensing, Wi-Fi-enabled smart scale to re-order products when they’re running low.

Why?

According to Amazon, monitoring and reordering everyday business essentials (e.g. printer paper) can be unnecessarily time-consuming for the small and medium-sized businesses (SMBs) that make up 99% of business in the U.S. (99.9% of the business population / 5.9 million businesses in the UK – FSB figures).  Having a smart inventory-tracking service could, therefore, mean that time and money in manual stock checking can be saved, plus the disruption of running out of a particular item when it’s needed can be avoided.

How Dash Smart Shelf Works

Amazon’s Dash Smart Shelf is a weight-sensing, Wi-Fi-enabled smart scale that looks like a closed laptop. The device is around 1-inch-tall and will be offered in three different sizes – small (7” x 7”), medium (12” x 10”), and large (18” x 13”). Amazon says that the Dash Smart Shelf can work on a range of surfaces e.g. from counter-tops to wire shelving.

The idea being that the Dash Smart Shelf is placed on the shelf where stationery is stored and the stationery e.g. packets of printer paper, sticky tape or pens are stacked (one Smart Shelf per item type) on top of it.  When supplies run low, the Dash Smart Shelf automatically orders more.

Incentive

The Dash Smart Self is for Amazon Business Customers and Amazon is offering them “business-only prices” on certain products, and savings of up to 15 per cent on orders for selected products placed using the new Dash Smart Shelf.

Easy

Amazon says that the Dash Smart Self is easy to set up and only requires a wall plug (included) or four AAA batteries, a connection to your business Wi-Fi and that you are logged in to your Amazon Business account via the web or Amazon Shopping app.

Timescale and Price

Amazon says that the Dash Smart Shelf will be made available first to Amazon Business customers with a registered U.S. business license “starting sometime in 2020”, and no prices have yet been made available.

What Does This Mean For Your Business?

Amazon makes the point that if you’re in a location far from an office supplies shop, or if you miss a big order (e.g. because you don’t have a certain sized cable), you will instantly see the value of a product that makes sure that you never run out of essential supplies. This product does appear to have the potential to save time, money and hassle by no longer having to manually monitor stock levels.  However, since this product is aimed SMEs, and one unit will need to be purchased for each office product type and the price per unit Dash Smart Shelf (as yet unknown) is going to be an important consideration. Businesses may wonder how much flexibility they will have in choosing which supplier (via the amazon platform) they can have with the device.

Amazon has made in-roads into our homes and found out much more about us and our listening, viewing and other consumption patterns with smart speakers (Echo), Fire TV, the Ring Doorbell and more, and the Dash Smart Shelf marks a move into our business lives by Amazon. As the company becomes the close, sole supplier of some of our valued home and business services, this should enable Amazon to use the data about us to tailor more services and offers, thereby helping it to increase our loyalty and commitment to Amazon, and further fuelling the growth, power and diversification of this online giant.

Tech Tip – Quickly Re-Open a Closed Tab

Posted on by Andy Miller

If you have several tabs open on your browser and you accidentally close an important tab, there is and fast and easy way to re-open it.

To re-open an important tab that you’ve accidentally closed:

– Press command+shift+t on a Mac or control+shift+t on Windows PC.

– Your tab will then be restored.