Category Archives: Blog

New National Cyber Strategy Tough On IT Suppliers

New National Cyber Strategy Tough On IT Suppliers

With most of the media focus in recent weeks being on preventing and retaliating to state-sponsored cyber attacks, one key point about the UK’s National Cyber Security Strategy (NCSS) that has been largely ignored is how tough it may be on UK IT Suppliers.

What Is The NCCS?

As the name suggests, The National Cyber Security Strategy (NCSS) is a (five-year) plan for defending the UK’s systems and infrastructure, for deterring adversaries, and for developing a whole-society capability. The strategy, recently outlined in a speech at the recent ‘Future Decoded’ conference by UK Chancellor Philip Hammond, will be carried out with the help of a £1.9bn budget which was allocated by the previous Chancellor George Osborne.

The Impact For IT Suppliers.

In the Chancellor’s speech outlining the new strategy, although he focused on responding and retaliating to cyber attacks, some key issues relating to policy changes and the impact that the strategy will have on IT Suppliers were overlooked. These will mean that:

  • Suppliers to the public sector will have to be subject more stringent checks and regulation to preserve cyber security. This looks likely to mean that if products or services are supplied to the government, it is the responsibility of the supplier to make sure that they already have high-level security features included in them. This means that the government’s job as the customer will be to remove those security features if they don’t believe they need them.With this new model, rather than the customer adding more security protection after receiving the products / services, it is the responsibility of the supplier to ensure that security features are maximised before delivery.
  • There will be a rating system for suppliers, the results of which will be made public. This means that public sector companies and members of the public will have a means with which to judge the supplier in terms of how secure their products and services are, and this could  impact upon future business for that supplier.
  • The government also looks likely to grant itself the power to test a supplier’s cyber security measures, and to force them to make changes to improve them where it thinks they are needed.
  • Suppliers will be made liable for cyber breaches that affect public services.

What Does This Mean For Your Business?

Although the government appears to believe that there will be a general benefit from cyber security regulations in the UK (being seen as higher in the UK than in other comparative advanced economies), if you are an IT supplier to the public sector this new national strategy may dramatically affect you.

It will mean higher costs and greater risks and responsibilities, plus it could mean that smaller suppliers may find it harder to compete. The effects of a poor rating could also mean that future business is affected and this could cause greater anxiety for suppliers and put more pressure on them.

Artificial Intelligence Being Added to Microsoft Office 365

Artificial Intelligence Being Added to Microsoft Office 365

Microsoft has added a new toolkit called ‘Microsoft Team’ to Office 365. The new add-on will use intelligent services in an attempt to reinvent workplace communications and collaboration.

What Is ‘Microsoft Team’?

The Microsoft Team add-on is a reported to be a chat-based workspace that could enhance and improve teamwork within organisations. It uses video, voice communications, and threaded conversations. Team members can create ‘channels’ in order to organise conversations by topic. These channels can then be customised using the ‘Tabs’ feature. ‘Tabs’ allow participants to easily access frequently used documents and applications.

This new add-on to 365 is reported to work with Word, Excel, PowerPoint, SharePoint, OneNote, Planner, Power BI and Delve.

Microsoft Team is being seen as a way of taking greater account of what have become modern collaborative working practices, thereby making the Office 365 system more relevant and more productive for users.

The A.I. Element.

One of the most notable parts of this add-on is its incorporation of an artificial intelligence aspect.

This is the result of a push by Microsoft over several years to somehow deploy A.I. in their products to help users to manage modern digital communications workloads. Many people will already be familiar for example with the A.I. enabled Cortana at the front end of Windows 10.

The A.I. features in this Microsoft Team add-on come from Microsoft’s research lab projects such as natural language processing and deep learning. Microsoft Team uses a Bot framework whereby developers can tap into a collection A.I. components and apps and with just a few lines of code can use them within their Team’s environment. This could, for example,  involve being able to put a number of specialist A.I. algorithms to work.

According to Microsoft, the outcome of being able to use A.I. elements in this practical way should be to empower the collaborative team to augment their abilities and therefore achieve more. An application programming interface (API) and a Connector model have also been built-in to Microsoft Team to enable developers to add feeds to it. These feeds could be from services like Twitter, Facebook etc.

What Does This Mean For Your Business?

If you are looking for ways in which to get more leverage from collaborative working and to find ways to improve and enrich the experience of team working this new add-on to Office 365 could be a relatively easy way to help your business achieve that. Teams working remotely may find this especially useful.

The fact that it also gives access to A.I. elements means that it could have advantages over other collaborative systems and these could help translate into areas of competitive advantage.

If nothing else, it’s an opportunity to re-explore all the benefits of Office (beyond just Excel and Word)  which you may not be using.

Tescos Online Banking Thefts

Tescos Online Banking Thefts

Tesco Bank is reported to be working with the National Crime Agency to investigate an incident where suspicious transactions resulted in money being taken from thousands of customer current accounts.

Money Taken.

In what was described by Tesco as a ‘sophisticated’ attack last weekend, suspicious transactions were spotted by Tesco’s automated monitoring systems in an estimated 40, 000 customer accounts. In what many security commentators are saying appears to be a bank hack on an unprecedented scale, Tesco moved to suspend all transactions while the event was taking place.

Unfortunately there have been reports that despite Tesco’s attempts thwart the attack, money was actually taken from 9,000 current accounts.

Refund Pledge Made Good.

Tesco is reported to have already made good on a pledge to refund any money taken from the customer accounts in the attack. Latest reports show that the 9,000 account holders affected have now been given a total of £2.5 million in refunds.

Core System Thought To Be Safe.

Security commentators have suggested that because customers were still able to ATMs the indications are that the core computer system looks unlikely to have been affected. Tesco did, however, suspend online debit transactions and blocked customers from making online payments using their debit card since Sunday to prevent further criminal activity.

Not Many Current Accounts.

Although Tesco Bank has 7.8 million customers, it only has 137,000 current accounts, with the rest of the business being based around loans and credit cards. This is a much smaller number of current account customers than the big 4 banks of Lloyds Banking Group, HSBC, Royal Bank of Scotland and Barclays.

The majority of Tesco Bank’s business is carried out via an online app, and therefore cyber security is a key concern. This latest attack has therefore come as a major shock, and looking on the plus side, Tesco Bank was able to spot the incident early, take preventative action, and start warning customers by text, and promptly issue refunds.

Via Website.

The speculation by some security commentators at the time of the attack was that criminals may have been able to exploit an issue in a third party’s connection to Tesco’s website to get in.

Tesco, however, have since stated that they know the exact nature of the attack but are not able to say more because it is part of a criminal investigation.

Tesco Bank Chief executive Benny Higgins has apologised to customers.

What Does This Mean For Your Business?

The financial sector has been warned about the likelihood of cyber attack attempts and, as customers, it is frustrating to hear that major banks can be affected in this way.

As bank customers, the kinds of precautions we can take are to make sure that we have a very strong password (one that isn’t used elsewhere), and to make sure that the security software on the PC, phone or tablet is kept up to date.

It is also important to watch out for phishing emails. It may also be the case that we need to be extra vigilant in the wake of an attack as some cyber-criminals have been known to send out spam (posing as updates from the affected company) in order to trick customers into parting with their password details.

It is noted that were the speed of response not as quick, the impact could have been a lot worse. This reinforces the fact that all companies need to maintain disaster recovery plans and policies to adhere to in the event of a major issue.

Flat Growth in IT Spending 2016 Thanks to Brexit

Flat Growth in IT Spending 2016 Thanks to Brexit

U.S. IT research and advisory company Gartner has warned that IT spending in UK is set to suffer as a result of Brexit uncertainty, and the resulting loss of business confidence, and the falling value of the pound.

Spend Slump

The uncertainty surrounding Brexit appears to have been contagious and a recent warning from a U.S. perspective shows that worldwide growth in IT spending in 2016 is likely to flatten out to $3.41 trillion as a result. This may sound like a pretty large number in itself but the knock-on effect of the UK’s momentous decision is a growth rate that is now only slightly inflated from an outlook of negative 0.5%.

In terms of the UK, last year’s IT spend was £123.9bn but the Brexit aftershock means that this figure could be reduced by as much as 5% in 2016’s IT spending.

Why?

The erosion in business confidence, a falling pound, price increases, and general uncertainty about what happens next all indicate that for the rest of 2016 at least the UK could be under a post Brexit cloud.

Companies may therefore choose to reduce or cut discretionary IT spending and may delay or even pull out of the kinds of mergers, acquisitions, and expansion projects that would have had a large IT spending element to them.

A Decline in Sterling

The downward trajectory of UK sterling for example has meant that US based PC maker Dell has announced a price rise to UK retailers this week. Sterling’s decline also looks likely to affecting other IT costs. For example, companies who have not already paid the annual maintenance fee on their software will notice a price increase for it because it is usually priced in dollars.

Workforce

It is also thought that as well as hitting tech spending, the UK technology sector will also take a hit in terms of software developers who work in the UK potentially being tempted away to work for higher salaries in other countries. Moving out of the UK may be especially attractive if the software developers are not British and if they feel worried about their status in the UK anyway when Brexit actually starts and Article 50 is triggered.

What Does This Mean For Your Business?

If you’re thinking of reducing your IT spend or are already being hit by price rises in that area it is probably little consolation to know that you are not on your own. It is of course important to balance the urge to delay and be cautious with the recognition that technology is still advancing and many of your competitors are still likely to be moving more aspects of their business to the cloud this year.

There are still likely to be some growth areas in IT spend such as in software, and particularly in customer relationship management (CRM) software. Datacentre systems’ spending is also set to increase by 2% this year on last year.

For businesses in the UK it may also be a case of looking at how much smarter they can work and look for lower cost but innovative solutions that can help to keep them competitive.

Secure Version of Popular WordPress SEO Plug-In Available From Friday

Secure Version of Popular WordPress SEO Plug-In Available From Friday

With WordPress being the most popular CRM style website platform, used by 26% or all websites, a security problem with a popular SEO plug-in within WordPress has been a serious issue. WordPress however have now fixed the flaw and you can update your website with the new version from this Friday.

What Was The Problem?

The WordPress system allows website owners to quickly and easily update and add to their website by adding all manner of code and functionality in the form of pre-written plug-ins’ that can be searched for, downloaded and installed automatically.

The security issue related to a flaw in the code for one of the very popular and widely installed plug-ins called “The All in One SEO Pack”, downloaded by 30 million users and estimated to be in use now in a million websites.

A ‘Bot Blocker’ component was used in the plug-in to detect and block spam bots based on their user agent and referrer header values, and it was in this element that the vulnerability was discovered.

Exploited

This Bot Blocker had a flaw in the code which meant that it could be exploited remotely by sending HTTP requests with specifically crafted headers to the website. Hackers then were able to put malicious Javascript into these headers that could be logged inside the tracked bot panel page, and then executed to steal an admin’s session token.

Totally anonymous users therefore could relatively easily get into a WordPress website that had the plug-in installed and store an XSS (JavaScript) payload in the dashboard without the website owner / administrator knowing. Finding the admin details is of course vital to hackers / cyber criminals being able to take over a website.

The seriousness of flaws in some aspects of WordPress has been highlighted several times in recent years such as when 26,000 WordPress websites with the Pingback function enabled were used as part of a botnet to launch DDoS attacks on other websites back in February this year.

What Does This Mean For Your Business?

The discovery of this latest flaw means that if your business website is a WordPress website that has the All in One SEO Pack installed you will need to make sure that you upgrade to this to the latest 2.3.7. version as soon as possible (after Friday), or you can make sure that you don’t have the Track Blocked Bots setting enabled in the website.

Roll-Up Screens Could Be With Us by 2017

Roll-Up Screens Could Be With Us by 2017

Imagine being able to roll up the screen (display) on your tablet or even to fold that tablet up into something the size of a smartphone. Prototype versions of folding and rolling displays are already here and technology commentators believe we could be using them as early as next year.

This Year

Back in January this year at the Consumer Electronics Show LG displayed an 18-inch prototype screen that could be rolled up just like a piece of paper. The prototype was an example of LG’s investment in and work with OLED, a light-emitting diode that contains thin flexible sheets of an organic electroluminescent material.

OLED

OLED is widely considered to be the successor to LED technology and one of its big advantages is that there is no need for a lighting back panel on the screen / display, and the lighting source used is very small. This means that OLED screens can be thinner, smaller and more power efficient.

Other Advantages

As well as enabling small foldable / rollable screens OLED has several other advantages including:

The pixels themselves produce the light, so when they need to be black they can be turned off completely rather than relying on a backlight. This means that OLED produces very vibrant images because of the very dark (absolute) blacks.

The faster refresh rate than standard LED-backlit gives a smoother more responsive display, thus improving the experience for the user. This can be particularly beneficial for gamers.

Why Rolling Screens and Foldable Devices?

Having thin displays that can be rolled means that there can be greater flexibility in the shape of devices in the future, and much greater flexibility in the types of places where displays can be installed. Some commentators see more opportunities in wearable technologies where flexibility of the display itself is important.

Challenges

Challenges to the wide scale use of OLED, rollable / foldable screens and devices are the fact that they may be prohibitively expensive for many people as new technologies tend to be in the early adoption stage.

There is also only a limited number of companies producing / using this technology in devices e.g. LG, and Panasonic, and therefore there is an element of scarcity.

Many challenges also exist to making devices fully flexible and foldable e.g. the need for batteries and other bulkier, less flexible components.

What Does This Man For Your Business?

This technology has so far only really been used in TV displays but it could clearly have so many other advantageous applications for businesses e.g. in display and promotional advertising, visual merchandising, mobile advertising, communications / telecoms products, and events.

The possibilities and potential uses however will have to wait a little longer for affordable and practical versions of the technology to catch up, and if (as commentators suggest) this may start happening as soon as next year then it could be exciting.

“Shadow IT” … Some Hidden Benefits.

“Shadow IT” … Some Hidden Benefits.

At IT Pro’s 2nd Collaborate and Communicate event in London this week, the UK country Manager for Dropbox suggested that instead of clamping down on ‘Shadow IT’, companies could actually benefit from some of the innovative solutions that it introduces.

What Is Shadow IT?

Shadow IT describes the apps and services that employees bring in to the company systems without going through the approved channels. These are their own ideas to solve their own specific work problems e.g. using certain apps such as Whatsapp or Slack to communicate with each other rather than using the official company email or other communications systems.

Where whole departments or companies then start to adopt these emergent IT solutions this is known as‘Stealth IT’.

Why Shadow IT?

The growth of Shadow IT in UK companies has several main drivers including:

  • Necessity – the mother of invention. There may be weaknesses in the current IT arrangements.
  • A more relaxed grip by IT departments on every aspect of IT in the company.
  • Tech-savvy employees who keep up to date with the latest developments and find better / quicker ways for their specific purposes.
  • Bring Your Own Device (BYOD) has allowed everyone to get used to staff bringing in their own hardware and software solutions in.
  • The high speed at which new technologies come to market.
  • Cloud computing, SaaS and PaaS applications enabling staff and departments to get around the official IT channels.
  • More employees spending more time away from their desk / the office and being allowed to work remotely or in a more antonymous way.
  • A lack of awareness an inability to mange and monitor every aspect of what staff are using.

Why Encourage It?

In terms of the comments by Dropbox’s UK country Manager Peter Mark van der Linden, you could say that it’s a case of perspective and publicity for their own product because Dropbox gained popularity by the Shadow IT process.

For example users brought the “magic folder” into eight million businesses, the businesses then saw the value of the product and then requested an ‘official’ business version which Dropbox were obviously happy to provide.

Although there are of course security and compatibility issues based around the idea of people introducing their own unapproved IT methods to the workplace, allowing it to continue could mean that innovative and up-to-date solutions are found that ultimately could work better than the approved ways of doing things.

What Does This Mean For Your Business?

Rather than seeing Shadow IT as a threat to control, security and the strategy of the business, you could choose to see it as a potential area adding value and bringing innovation into the company. At the very least it could be a way to highlight the shortcomings of IT decision makers in the company, identify weaknesses within IT that caused the need for the shadow alternative in the first place, and to identify potential IT stars and innovative problem solving talent in the company.

Secret Messages That Delete Themselves Trialled By Facebook

Secret Messages That Delete Themselves Trialled By Facebook

A new secret messaging service for Messenger app is currently being trialled by Facebook. Users can choose which single device to use the service on, and can then specify how long the messages last on that device before they become hidden or are deleted.

Why?

According to Facebook, this service could be useful to those wishing to discuss all manner of very private matters such as health and financial issues. Services like Snapchat already use a disappearing message system and this new secret message service from Facebook is their 3rd attempt at launching something similar.

What’s Special About It?

One key aspect of this new service is that it uses end-to-end encryption to make the conversations on Facebook Messenger secure. Facebook themselves for example will not be able to read the messages being sent via this service unless one of the parties involved in the conversation reports or sends the details to Facebook.

Limitations

One clear limitation of the new “secret conversations” service is that users are tied to one single designated device when using it. This means a conversation can’t be carried on from desktop to mobile to tablet.

Another limitation (or advantage depending on how you look at it) is that conversations on this service can only be one-to-one. At the present time the service does not support rich content such as images, videos, or making payments and it also doesn’t support chatbots.

Secure?

The encryption aspect of the service clearly adds an important secure dimension to the service. The fact that the new service has been built using an open, widely used standard therefore could be a potential area for security concerns. The service is however reported to be built on the reliable protocol called ‘Signal’.

Limited

The secret conversations service is being tested on a limited basis at present although it is believed that this could be expanded later this summer.

What Does This Mean For Your Business?

If the secret converations service is used for business / commercially sensitive conversations it could of course have security advantages e.g. the encryption of the messages, the fact that the messages are only received / sent by your personal devices and therefore can’t be found on / recovered from other devices, and that messages can be set to disappear after a time period.

This means that even if you lose that device / have the device stolen the messages may still not be read by others.

Techie Buzz! Cyberloafing

Nigel FloodTechie Buzz! Cyberloafing

Don’t know your bits from your bytes? Don’t worry! We helpfully explain a tech term each month to keep you in the loop. This month we ask are you Cyberloafing?

Are you a Cyberloafer? Or do you think your employees are Cyberloafers? Well, the truth is they probably are and so are you. Cyberloafing is the act of spending time at work on the internet and doing anything but work.

You know… twitter status updates, snooping on friends, enemies and exes on Facebook and playing Angry Birds.

In fact, it’s estimated between 60% to 80% of the time employees spent on the internet at work has NOTHING to do with work, according to an NBC News Survey in 2013. It wasn’t exactly what the connected workplace was supposed to be about.

The Worknet Network: Paul Coleman (Kingsbridge Insurance)

theworknetnetwork

Paul ColemanWe like to share the love by recommending people and businesses we work with and would gladly refer to you, based on how great we think they are. Today, we recommend Paul Coleman of Kingsbridge Insurance Brokers.

In a world of rising premiums, Paul has been our heroic insurance broker, managing to actually reduce our insurance costs this year.

Unlike the impersonal service and random pricing of some of the big insurance providers, Paul takes time to visit us at least once a year and understand our business so he can arrange appropriate cover. He also ensures we don’t have cover we don’t need (and which we’d pay for under less personalised cover).

The thing we really like about Paul is his transparency. He’s even gone so far as to separate out his fee so we can see clearly what he is being paid and what we’re paying to the insurance companies. Now, who else would do that?

If your business insurance renewal date is looming, we’d heartily suggest dropping Paul a line to see whether he can wow you with his service and bring your renewal costs down.

Call him on 0118 960 2412 or visit the website for Kingsbridge Insurance Brokers at www.kibl.co.uk

And tell him we sent you!