At Apple’s annual Worldwide Developers Conference (WWDC24), the company announced the launch of its new, standalone, homegrown, password manager app for iPhone, iPad, Vision Pro, Mac and Windows.

The free app, simply called ‘Passwords’, an extension of Apple’s iCloud Keychain feature, is set to debut with iOS 18, iPadOS 18, and macOS 15, and is designed to streamline and enhance password management for Apple users.

The ‘Passwords’ app can store and sync passwords, passkeys, and two-factor authentication codes across Apple devices and Windows PCs, organise logins into categories, autofill usernames and passwords, and generate new passwords. Apple’s new ‘Passwords’ app is already being hailed as a rival to password managers like 1Password, LastPass, and Dashlane.

Google has announced that Google Maps Timeline (formerly known as Location History) data will be stored locally on users’ devices instead of their Google account (in the Cloud) from December 1, 2024. Timeline helps users track routes, trips, and places they have been to over time if Location History and Web & App Activity settings are enabled.

The change, first announced in December 2023, is understood to be a move to help with user privacy and control of their data, e.g. following allegations that Google misled consumers and illegally tracked their movements despite turning off Location History, and to reduce the risk of unauthorised access and data breaches.

Also, the move may help Google to comply with increasing data protection regulations. Google says, however, that since the data shown on a user’s Timeline comes directly from their device, Timeline won’t be available on Maps on the user’s computer after their data is moved to their phone but there is the option for users to back up Timeline data to the cloud with end-to-end encryption.

New research from the International Energy Agency (IEA) has revealed that even though Europe may outspend the US on clean energy this year, China’s clean energy spending plans will massively surpass that of Europe and the US combined.

China In First Place 

The ‘World Energy Investment 2024’ report from the IEA, which tracks capital flows in the energy sector, shows that clean energy investments are set to be up by more than 50 per cent from 2020.

The report shows that whereas Europe is expected to be spending an estimated $370 billion on clean energy, while the United States spends $315 billion (about $970 per person), China is expected to lead in clean energy investment this year with approximately $675 billion (about $2,100 per person) – nearly twice as much as the combined investments of Europe and the US!

Investment In What And Why? 

The report shows that the focus of China’s investment is primarily on solar photovoltaic (PV) technology, driven by falling module prices and strong domestic manufacturing capabilities. Solar PV investments alone are projected to exceed $500 billion globally, with China contributing a substantial portion.

Also, China’s investments are being bolstered by rapid growth in three new clean energy industries – solar cells, lithium battery production, and EV manufacturing.

Why Are Europe and The US Not Investing As Much? 

The lag in clean energy investment by Europe and the United States compared to China highlighted by the report, can be attributed to factors such as:

– Scale and speed. China’s aggressive scaling and rapid deployment of renewable technologies outpace Europe and the US. However, this is partly down to China benefitting from substantial state funding and low manufacturing costs, enabling quicker and more extensive deployment of solar PV and other technologies.

– China’s manufacturing dominance. China’s dominance in manufacturing solar panels, batteries, and EVs at lower costs due to economies of scale and cheaper labour allows it to invest more heavily in these areas. This competitive edge in production costs gives China a significant advantage over the US and Europe.

– Government policies. Chinese government policies provide strong incentives and subsidies for clean energy projects, fostering growth in the sector. In contrast, the US and Europe have more fragmented policies, with varying levels of support across states and countries, which slows investment.

– The cost of capital. Higher financing costs in Europe and the US hinder clean energy investments. In China, favourable financing terms from state-owned banks lower the cost of capital, encouraging more investment.

– Infrastructure challenges. Europe and the US face significant challenges in upgrading their grid infrastructure and energy storage systems to support renewable energy. China, however, appears to have been more proactive in modernising its grid infrastructure, facilitating the integration of renewable energy sources.

– Strategic policy. China’s industrial policy focuses heavily on becoming a global leader in clean energy, emphasising both domestic production and export dominance. Europe and the US are still developing comprehensive strategies to match China’s aggressive approach.

– The different regulatory environments. Stricter environmental regulations and longer approval times for new projects in Europe and the US can delay investment and project implementation. In China, regulatory processes are often more streamlined, allowing for faster progress.

Isn’t China The Biggest Greenhouse Gas Producing Country? 

In short, yes. China is the largest emitter of greenhouse gases in the world. For example, in 2021, China accounted for about 27 per cent of global carbon dioxide emissions, making it the single largest contributor to climate change. This is largely due to China’s heavy reliance on coal for energy and its rapid industrialisation and urbanisation over the past few decades. However, as highlighted by the ‘World Energy Investment 2024’ report, there now appears to be a strong commitment by China to transitioning towards cleaner energy sources. Its clean energy investments will be crucial for reducing its carbon footprint and addressing the global climate crisis.

Global Disparity 

The ‘World Energy Investment 2024’ report highlights not just the fact that China’s clean energy investment will far outstrip that of that of the US and Europe this year, but also that there is an uneven distribution of clean energy investments globally. For example, other regions, particularly developing economies, struggle to keep pace. Clean energy investment in emerging and developing economies remains low, accounting for only about 15 per cent of global spending. High financing costs and lack of supportive policies are major barriers in these regions.

Fossil Fuel Investment Still Strong 

Another key point outlined in the report, however, is that investment in fossil fuels remains strong, with upstream oil and gas investments projected to increase by 7 per cent in 2024 to $570 billion, following a 9 per cent rise in 2023. Coal investments have also been rising, with more than 50 GW of unabated coal-fired power generation approved in 2023 (predominantly in China). Despite this, clean energy investments are growing faster – for every dollar invested in fossil fuels, nearly two dollars are now directed towards clean energy technologies.

What Does This Mean For Your Organisation? 

The disparity in clean energy investment revealed by the IEA’s ‘World Energy Investment 2024’ report carries significant implications for businesses in the UK and across Europe. For new clean energy industries, the rapid advancement and substantial investment seen in China underscores the urgency for Europe and the UK to bolster their efforts. The heavy investment in solar PV, lithium batteries, and EV manufacturing in China sets a high benchmark, illustrating the benefits of aggressive state support and strategic industrial policies.

For UK businesses, this disparity presents both a challenge and an opportunity. The challenge lies in competing with China’s scale and speed of deployment. However, this also opens opportunities for innovation and collaboration in clean energy technologies. UK companies can leverage their expertise in renewable energy and look to form partnerships that tap into global supply chains. Also, businesses can advocate for more robust government policies that provide clear incentives and reduce financing costs, making clean energy projects more viable.

To increase investment in clean energy, Europe and the UK must address several key areas. First, there is a need for comprehensive and cohesive policies that provide consistent support across all regions. This includes streamlining regulatory processes to reduce approval times for new projects and ensuring that environmental regulations are balanced with the need for swift project implementation. Also, improving access to affordable capital through state-backed financial incentives or low-interest loans could help make a significant difference.

Enhancing infrastructure is another critical area. Upgrading grid infrastructure and expanding energy storage capabilities are essential to support the integration of renewable energy sources. Investments in these areas not only facilitate the transition to clean energy but also create new business opportunities in infrastructure development and maintenance.

Strategic industrial policies that focus on building domestic capabilities while engaging in international cooperation may also help to position Europe and the UK as leaders in the global clean energy market. By fostering innovation and supporting emerging technologies, the UK could develop a competitive edge and create sustainable economic growth.

Addressing these challenges, therefore, through targeted investments and supportive policies will not only help the UK and Europe catch up with China’s clean energy spending but also drive long-term benefits for businesses. Increased clean energy investment will enhance energy security, create jobs, and help position the UK as a key player in the global transition to sustainable energy.

This video-update explains how to customise your LinkedIn URL to something more relevant for you …

Quick Access in Windows File Explorer allows you to pin frequently used folders and files, making them easily accessible. Customising Quick Access can save you time when navigating to commonly used locations. Here’s how to do it :

– Open File Explorer.

– Navigate to the folder you want to pin.

– Right-click on the folder and select ‘Pin to Quick Access’.

– To remove an item from Quick Access, right-click on it and select ‘Unpin from Quick Access’.

Here we look at why organisations need to have an effective employee offboarding procedure in place and suggest a checklist for you that could form the basis of this procedure.

Why? 

Members of organisations inevitably change over time for various reasons, perhaps to relocate to another job and move away, or they may be asked to leave, or for many other reasons. However, when employees or contractors/third parties leave a business and there is no effective ‘offboarding’ plan or system in place, they are likely to still have access to your organisation’s systems and data through old passwords and access-rights. Like it or not, this makes them a potential threat to your business.

Creating an effective offboarding plan and process that can be actioned (immediately) as the employee leaves, therefore, can protect you and your clients, maintain the security plus help ensure safe continuity of the business, whilst help to fulfill legal and stakeholder responsibilities.

Such a plan and process can start with a simple checklist, although you may find it ends up being longer than you first thought. With this in mind, we take a close-up look at employee offboarding and provide a summary offboarding checklist that you may want to use to help with your own offboarding process.

What Kind of Threats? 

Examples of the kinds of potential threats that an organisation may need to guard against upon employee exit include:

– Damage, theft, and disruption. Departing employees can cause significant harm by stealing data, attacking company systems, or disrupting network operations due to lack of proper security measures.

– Insider threat. Ex-employees with active access rights can leak sensitive information, engage in industrial espionage, extort the company, or steal customer data. Insider threats account for a significant portion of data breaches.

– Data exfiltration. Departing employees might take sensitive information like client lists or intellectual property with them (intentionally or unintentionally), leading to competitive disadvantages and legal issues.

– Social engineering. Ex-employees may manipulate current employees using their insider knowledge to gain unauthorised access, often through phishing attacks.

– Sabotage. Disgruntled former employees might delete important files, corrupt data, or disrupt services, causing operational and financial damage.

– Legal and compliance risks. Failing to revoke access can lead to breaches of data protection regulations, resulting in legal penalties and reputational damage.

– Continuity of business operations. Inadequate access control can disrupt business processes, especially if the ex-employee held key roles or knowledge, leading to operational bottlenecks.

– Financial fraud. Ex-employees with access to financial systems may commit fraud, manipulate accounts, or process unauthorised transactions, impacting the company financially.

– Loss of customer trust. Compromised customer data due to inadequate offboarding can erode trust, damage the company’s reputation, and lead to business losses and legal actions.

How Big Is The Problem? 

A 2023 PasswordManager.com (US) survey found that 47 per cent of 1,000 workers admitted to still using their employers’ passwords even after leaving the company, with 58 per cent of them saying this was because the passwords had not changed since they left the company. Interestingly, 44 per cent said someone still working for the company shared it with them!

Also, a UK government Cyber Security Breaches Survey 2022 revealed that while many UK businesses are aware of the risks, implementation of robust off-boarding procedures remains inconsistent. For example, only 36 per cent of businesses had formal cyber-security policies, and even fewer medium-sized enterprises reviewed these policies regularly.

Examples 

Some high-profile examples of organisations who have suffered data breaches at the hands of ex-employees include:

– In 2023, Tesla reported that a significant data breach had been caused by two former employees who leaked personal information of over 75,000 individuals, including employee records and other sensitive data.

– Also in 2023, a former RAC employee was found guilty of stealing personal data of road traffic accident victims. The ex-employee had accessed and photographed sensitive data, which he later attempted to sell.

– Back in 2016, broadcasting watchdog Ofcom suffered a large data breach when a former employee downloaded around six years’ worth of third-party data before leaving for a new job at a major broadcaster. The data was then offered to the new broadcaster who informed Ofcom.

Legal Responsibility

The examples above highlight one important reason for closing any potential holes in security during an employee exit which is the legal responsibility under current data laws. The United Kingdom General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018 (an updated version of the DPA 1998) are the primary legislative frameworks governing how businesses or organisations in the UK should manage the protection and handling of data. Within these frameworks, the data controller (i.e. your company or organisation) holds the responsibility for data matters.

Protecting this data is crucial not only to safeguard the individuals whose data the company holds but also to protect the company itself from legal penalties, reputational damage, and other consequences. In addition to personal data, businesses must ensure the protection of other sensitive data such as financial records, intellectual property, and details about company security controls.

Procedure 

These threats and responsibilities demonstrate that businesses and organisations need to address them as part of due diligence. This can be done by developing a built-in company procedure when an employee leaves (offboarding).

The Checklist 

This company procedure could be built around a checklist / a kind of security audit that covers all the main areas from which leaving employees need to have their access revoked and which plugs any potential loopholes. The checklist could include, for example:

1. Notification and Planning 

– Inform the IT security team and relevant departments about the employee’s departure, especially if the departure is contentious.

– Plan the off-boarding process and assign responsibilities.

2. Email and Communication Management 

Emails are a window into company communications and operations and a place where sensitive data is exchanged and stored. It is also a common ‘vector’ for cyber-criminals. Therefore, Revoke access to company email accounts.

– Set up auto-forwarding and out-of-office replies with new contact details.

– Revoke access to other email programs and mass mailing services (e.g. Mailchimp).

3. Access to Systems and Networks

Revoke login details and permissions for company computer systems and networks.

– Disable VPN and remote access accounts.

4. Customer Relationship Management (CRM) Systems

– Revoke login access to CRMs containing customer and stakeholder data.

5. Collaborative Working Apps and Platforms

– Remove access to cloud-based platforms and collaboration tools (e.g. Teams, Slack).

– Ensure that the employee cannot access shared working groups.

6. Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA) 

– Deactivate any 2FA or MFA devices or apps used by the employee.

7. Privileged Accounts 

– Revoke access to any privileged accounts, including admin rights and root access on servers and databases.

8. Physical Security Measures

– Retrieve all company-related keys, pass cards, ID cards, parking passes, and similar items.

– Update physical security systems like alarm codes and biometric access.

9. Return of Company Assets 

– Ensure the return of all company devices, including laptops, phones, and tablets.

– Keep a record of which devices were allocated to the employee.

10. Data and Document Access 

– Retrieve any backup/storage media (e.g. USBs).

– Transfer or delete any items stored in separate folders on the employee’s computer.

– Conduct a thorough audit of the employee’s digital footprint within document management systems.

11. Password Management 

– Change any passwords shared with multiple members of staff.

– Implement a regular password-changing policy as a fail-safe measure.

12. Financial Security 

– Change PINs for company credit/debit cards authorised for the employee’s use.

13. Social Media and Online Presence 

– Remove the employee’s email address and extension from the company website.

– Update company social media to reflect the departure.

– Ensure the ex-employee is not featured in the business’s online estate.

14. Legal and Compliance

– Ensure the off-boarding process complies with legal and regulatory requirements.

– Remind the departing employee of their obligations under non-disclosure agreements (NDAs) and data protection laws during the exit interview.

15. Monitoring and Follow-Up 

– Implement monitoring to detect any unusual activity associated with the former employee’s accounts.

– Regularly review and update access review processes to adapt to organisational changes.

16. Customer and Client Notification 

– Notify clients and customers of the change and provide new contact details to ensure continuity.

17. Physical Document Retrieval 

– Retrieve any physical documents (e.g. handbooks) that could contain sensitive information.

By following a comprehensive checklist like this one, you can effectively manage the security aspects of employee off-boarding, ensuring that all potential loopholes are addressed, and that the company’s data and resources remain secure.

BYOD Threat? 

Where companies offer ‘Bring Your Own Device’ (BYOD) meaning that employees can bring in their personally owned laptops, tablets, and smartphones to work and use them to access company information, this could pose an additional level of threat during employee exit.

This threat may be lessened where companies opt for different types of BYOD such as corporately owned/managed, personally enabled (COPE), choose your own device (CYOD), personally owned and partially enterprise managed or personally owned with managed container application.

In any case, BYOD should always be accompanied by clear policies and guidance as part of effective management.

Ex-Employee’s Legal Responsibilities 

It should be remembered that, although the business / organisation has legal responsibilities to protect company data, the ex-employee is also subject to the law for their behaviour. This is of particular importance where an employee, who has dealt with the personal details of others in the course of their work, leaves or retires. For example, the ICO prosecuted a charity worker who, without the knowledge of the data controller (Rochdale Connections Trust), sent emails from his former work email account (2017) containing sensitive personal information of 183 people. Also, a former Council schools admission department apprentice was found guilty of screen-shotting a spreadsheet that contained information about children and eligibility for free school meals and then sending it to a parent via Snapchat.

What Does This Mean For Your Business? 

An effective offboarding procedure is essential to ensure that when employees or contractors leave an organisation, they pose a significantly reduced security risk. Without a proper system in place, departing employees may retain access to sensitive systems and data, which can lead to significant security breaches. This not only endangers the privacy and integrity of company and client information but also exposes the organisation to potential legal liabilities and reputational damage.

Implementing a comprehensive offboarding checklist is really a matter of due diligence and helps to systematically address all potential vulnerabilities. Such a checklist ensures that all necessary steps are taken to revoke access to company emails, systems, and networks, and to retrieve company assets. By meticulously following these steps, businesses can prevent former employees from inadvertently or maliciously accessing confidential information.

A well-structured, regularly updated checklist, therefore, facilitates clear communication among various departments involved in the offboarding process, ensuring that no critical task is overlooked. This organised approach can help maintain the continuity and security of business operations, safeguard the company from potential threats and ensure compliance with data protection regulations. A detailed offboarding procedure is a crucial element of any organisation’s overall security strategy, protecting both the company and its stakeholders.