If you’d like super-fast and easy way to open the items/programs that are pinned to your Taskbar in Windows 10, here’s how:

– Look at the Taskbar and note which number order (left to right) the item/program is that you’d like to open.

– Use the keyboard shortcut Windows key + [Number key], with the number key corresponding to the position of the pinned program on the Taskbar. For example, Windows key + 2 will open the second pinned item on the Taskbar.

US-based scientists have reported creating “living robots” that can now re-produce.

Next Step From Last Year

Last year, a team of US scientists reported creating ‘living robots’ which were actually bundles of stem cells from African clawed frogs. The researchers discovered that they could ‘program’ these cells to accomplish certain tasks, hence the robot comparison. The cells were dubbed ‘robots’ because they could act on their own (on behalf of people).

In the research, the cells, about the size of grain of sand and dubbed ‘xenobots’, could move microscopic objects, move quickly round Petri dishes and even heal themselves.

Latest Research Reveals Reproduction

The latest research from the same team, published in the Proceedings of the National Academy of Sciences (US), revealed that the ‘robots’ (synthetic multicellular assemblies) could spontaneously (i.e. over a couple of days) reproduce by replicating kinematically through moving around and compressing other dissociated cells in their environment together to make functional self-copies.

Never Observed Before

Whereas (known) reproduction in life forms involves growth within or on the body of an organism, followed by splitting, budding, or birth, what is amazing about the xenobot ‘robots’ is that they could perform non-growth based kinematic replication. This means that they could make copies of themselves by gathering cells from around them with their ‘mouths’ and assembling them into baby blob-like bots. Based on this, the researchers claim that this kind of kinematic replication has never been observed before, nor was it known whether multicellular systems were even capable of it. Some scientists suggest that although it has not been observed before, it may have been essential in the origin of life.

AI Used To Design

Not only did the researchers make ‘robots’ that could assemble copies of themselves, but they also used artificial intelligence (AI) and a supercomputer to try and discover the best body shapes and configurations for xenobots that could most effectively build new baby bots. The AI work concluded that a C-shaped bot was most effective at gathering cells to make baby bots, and this program influenced how the xenobots behaved in doing so.

What Does This Mean For Your Business?

In addition to being an incredible discovery in itself, the research suggests that, with more development, xenobots could create new opportunities such as their use in medicine (e.g., to help deliver drugs within the body), or in other valuable ways such as cleaning up environmental contaminants. The research has also challenged traditional machine self-replication knowledge and assumptions and highlighted how reconfigurable organisms and kinematic (rather than growth-based) replication could lead to many more discoveries that could help in many different sectors. Given the speed of the move to the development of robots that can re-produce, many may also feel that, as with AI, regulation will need to keep up in order to prevent this science moving too quickly into areas of real danger.

In this article, we take a look at what a Business Continuity Plan is, what it should contain, and why it’s such an important document.

Preparing

Accepting that the unexpected and disasters will happen (and that you can plan how to maintain business continuity while you deal with them) is an important step in safeguarding your business. Maintaining the ability to ensure that core functions and critical systems remain in place in the event of such a situation involves planning, an important part of which is the business continuity plan (BCP).

What Kind Of Events?

The kind of events that create the need to have a BCP in place and ready to go include:

– Hardware failures/server failures.

– Outages and/or file corruption.

– The effects of cyber-attacks.  For example, 53% of senior managers believe that a cyber-attack is the most likely thing to disrupt their business (Sungard) and the effects could include damage to / locking out of systems (malware and ransomware), fraud and extortion, data breaches (which could also attract fines under GDPR, damaging publicity and loss of customers).

– Important 3rd supplier failure or the loss of key employees.

– Failures of part / a component of a network.

– Environmental/natural disasters (e.g. fire and flood).

– Theft or loss of equipment holding company data.

– Financial and cashflow issues.

The Business Continuity Plan

The goal of a BCP is to ensure that resources are available to ensure continuous operation and disaster recovery following an emergency. A BCP, therefore, is the plan/document that contains all the details of just how a business will continue operating during any kind of unplanned disruption in service.

Not The Same As A Disaster Recovery Plan

A disaster recovery plan (DRP) is part of the BCP. The DRP is the part that focuses mainly on the restoration of IT infrastructure and operations following a crisis rather than focusing on the entire organisation which is the job of the BCP.

How To Make A BCP

There are several stages to making a workable BCP. These are:

Create the team to develop the plan.

This stage will ensure that the plan actually gets made and updated and is able to take into account the main issues.  This involves getting support from top management, assigning a person to manage the process, and putting together a team consisting of key people from each business department who can feed into the plan. The team should also decide upon the scope of the plan.

Start documenting the details of the BCP from the outset.

Everything decided in the making of the plan should be documented. This is something that should be set up at the beginning so that each new element can be added and checked and so that at least something is available if anything happens during the planning process. The plan should be securely stored off-site (e.g., in the Cloud) and each relevant person given access.

Conduct a full risk assessment.

This involves generating a list of all the known possible man-made, natural, and environmental risks and threats that could disrupt the continuity of the business and prioritising this list in terms of how serious the impact could be. This prioritisation of risk and threats will indicate which areas of the BCP should be tackled first.  The kinds of risks and potential threats that could be taken into account include:

– Natural and environmental risks related to geographic location weather patterns. These could include floods, storms (esp. lightning), earthquakes, landslides and more.

– Technology-related issues, such as human error and the effects of cyber-attack, loss of telecommunications, vital equipment/hardware failures, data outages and corrupted data, power failures, loss of Local Network Services, and prolonged technology outages.

– Market and financial-related risks and threats. These could include trends and movements in the market, cashflow issues, and stakeholder issues.

– Facility-related issues and internal hazards e.g., fire, electrical failures, water leaks, HVAC failure, chemical spills/leaks, strikes and more.

Create recovery plans for each function.

With the risks and threats identified and prioritised, the next stage is to:

– Generate a list of the critical functions of the business/organisation.

– Look closely at how each risk could affect each critical function of the business/organisation.

– Create individual recovery/continuity plans for each situation where you have identified how a risk could adversely affect that function. These mini-plans could include details such as creating data backups or maintaining a secondary location.

Define who does what.

Where each of the smaller plans has been created to tackle risks and threats to critical functions, the next stage is to assign responsibility to staff members who will be needed to undertake and co-ordinate the plans and to detail protocols they need to follow. This should mean that key staff know what to do and have a plan to refer to in the event of incidents and emergencies.

Test and update the plan.

The plan should be viewed as a living document and not a one-off exercise. Your BCP should be regularly reviewed and updated, e.g. if there are changes/additions to the risks and threats, or changes to key staff members.  Also, the plan and its key elements should be tested to ensure relevance and effectiveness.

What Does This Mean For Your Business?

The survival of a business depends upon not just accepting that bad things do happen, but on making the effort to prepare for at least what can be reasonably foreseen. Downtime and disruption can very quickly have a serious and costly effect on a business in terms of lost revenue, lost customers, reputational damage and more. Businesses also have a responsibility to stakeholders to ensure that risks and threats are identified and planned for where possible. Creating and maintaining a BCP, therefore, should be given a high priority as it can protect the life of the business itself.

In this tech insight, we take a look at the many threats to email security that businesses face and what businesses can do to mitigate them, together with what help is available to help tackle those threats effectively.

Email Accounts For Most Security Breaches

Prioritising email security is important because most cyber-security breaches involve email, with social engineering a strongly favoured tactic favoured by cyber-criminals and 99 per cent of email attacks relying on victims clicking links (Proofpoint Annual Human Factor Report).

Types of Email-Based Attacks

The many different types of email attack threats that businesses face include targeted phishing schemes, business email compromises, and ransomware attacks. For example:

– The Check Points mid-year security report in August this year showed that ransomware attacks (for extortion) have increased dramatically over the past year, with 93 per cent more attacks carried out in the first half of 2021, and with ransomware now appearing in 10 per cent of breaches (Verizon).

– Phishing. This cheap, easy, and highly effective tactic uses emails purporting to be from reputable sources containing links that (if clicked-on) direct the victim to pages where payment and other personal data is stolen or malware is downloaded. For example, at the end of 2019, Thomas Cook customers were targeted by phishing attacks in the wake of the travel company going into receivership. Verizon’s 2021 Data Breach Investigations Report shows that phishing increased by 11 per cent from Aug 2020 to Aug 2021 and that phishing is present in 36 per cent of breaches. The National Cyber Security Centre offers advice on how to protect your business/organisation from phishing attacks here: https://www.ncsc.gov.uk/guidance/phishing.

– Malware attachments to emails. It is estimated that a business is targeted by a ransomware attack every 11 seconds (Kaspersky) and Between 2019 and 2020, ransomware attacks rose by 62 percent. Malware is now involved in over 70 per cent of system intrusion (Verizon). Common forms of malware include viruses, worms, Trojan Horses, spyware, adware, and ransomware. Remote Access Trojans (RATs), for example, are malicious programs that can arrive as email attachments and provide a ‘back door’ for administrative control over the target computer, and can be adapted to avoid detection and to carry other types of attack tactics including disabling anti-malware solutions and enabling man-in-the-middle attacks.

– BEC and VEC. Whereas Business Email Compromise (BEC) attacks have been successful at using email fraud combined with social engineering to bait one staff member at-a-time to extract money from a targeted organisation, security experts say that this kind of attack is morphing into a much wider threat of ‘VEC’ (Vendor Email Compromise). This is a larger and more sophisticated version which, using email as a key component, seeks to leverage organisations against their own suppliers.

– AI-based threats.  Many technology and security experts agree that AI is likely to be used in cyberattacks in the near future and its ability to learn and to keep trying to reach its target (e.g. in the form of malware) make it a formidable threat. Email is the most likely means by which malware can reach and attack networks and systems, so there has never been a better time to step up email security, train and educate staff about malicious email threats, how to spot them and how to deal with them. The addition of AI to the mix may make it more difficult for malicious emails to be spotted. The good news for businesses, however, is that AI and machine learning is already used in some anti-virus software (e.g. Avast) and this trend of using AI in security solutions to counter AI security threats is a trend that is likely to continue.

Protecting Your Email From Common Threats

Ways to protect your email from common security threats include:

– Always keeping anti-virus and patching up to date.

– Staff education and training; e.g. how to spot suspicious emails and what to do/what not to do, such as not clicking on links from unknown sources.

– Disabling HTML emails if possible (text-only emails can’t launch malware directly).

– Encrypting sensitive data and communications as an added layer of protection.

– Getting into the routine of checking your bank account’s activity for suspicious charges.

– Making sure important and sensitive company data is backed up and including business email compromise (BEC) in business continuity planning and disaster recovery planning.

– Preventing email archives from being publicly exposed; e.g. by making sure that archive storage drives are configured correctly.

– Monitoring for any exposed credentials (particularly those of finance department emails).

– Using two-Factor Authentication (2FA) where possible, and enterprise users may wish to block .html and .htm attachments at the email gateway level so that they don’t reach members of staff, some of whom may not be up to speed with their Internet security knowledge.

– Not using the same password for multiple platforms and websites (password sharing). This is because credentials stolen in one breach are likely to be tried on many other websites by other cyber-criminals (credential stuffing) who have purchased/acquired them (e.g. on the dark web).

Broad Methods and New Approaches

Other broader methods that companies can use to protect their email security include:

– Adopting a ‘zero-trust’, “never trust, always verify” approach to company cyber security. The control that administrators have, and the monitoring and alerting can help dramatically reduce risk, including with company emails.

– Moving from perimeter to pervasive email security, e.g. as suggested by Mimecast’s CEO Peter Bauer.  This involves dealing with threats to the perimeter, from inside the perimeter, and from beyond the perimeter, plus an API-led approach to help deliver pervasive security throughout all zones.

Tech Company Help

Ways offered by tech companies to help businesses and organisations keep their email secure include:

Microsoft

Outlook’s Junk Email Filter, and the Report Message add-in for Outlook.

– Office 365’s Advanced Threat Protection (ATP) plans.

– Secure Score for Office 365 / Microsoft 365 Defender portal – a way to measure and get suggestions about how to protect your business from threats, all through a centralised dashboard – find out more here: Microsoft Secure Score | Microsoft Docs

– The “campaign views” tool in Office 365 that is designed to offer greater protection from phishing attacks by enabling businesses to be able to spot the pattern of a phishing campaign over individual messages.

– Offering online advice for protecting Outlook email accounts – see Help protect your Outlook.com email account (microsoft.com).

– Microsoft is making its plus addressing (disposable email address), custom email feature available to all Office 365 users by adding it to Exchange Online.

Google

Google also offers a number of tools and suggestions, including:

– Advanced Gmail security for phishing and malware for G Suite administrators  – see Advanced phishing and malware protection – Google Workspace Admin Help.

– Offering steps to identify compromised accounts – see Identify and secure compromised accounts – Google Workspace Admin Help.

– Advice on Firewall settings.

–  Blocking malicious emails before they reach email boxes.  For example, on its Cloud blog on 16 April 2020, Google reported that Gmail blocks more than 100 million phishing emails each day.

What Does This Mean For Your Business?

With so many types of attacks relying upon email as a way in (e.g. phishing), effective email security is vital. Businesses and organisations need to make sure that they are prepared to not just effectively defend against the whole range of email attacks but are be able to spot and eliminate threats as they arrive, and ensure that staff are aware of email threats and know what to do when faced with suspicious emails and links. Also, attackers adapt their campaigns and methods very quickly, and use methods that can evade the more common protection solutions (i.e. ‘polymorphic’ attacks) so businesses and organisations must find ways to get a fuller picture of the email threats they face and find solutions that can focus effectively on zero-day and targeted attacks in addition to known vectors. With the threat of AI-based attacks now on the horizon too, there has never been a more important time for businesses to take a very close look at what more they could be doing to maximise their email security.

In a change to its Private Information Policy, Twitter has banned the sharing of personal media, such as images or videos without the subject’s consent.

Why?

Twitter says that as part of its ongoing work to align its safety policies with human rights standards, it needs to take action to tackle the possible misuse of media and information that is not available elsewhere online as a tool to harass, intimidate, and reveal the identities of individuals.  Twitter says that it is particularly concerned about how sharing images or videos, without consent, could have a disproportionate effect on women, activists, dissidents, and members of minority communities in terms of violating their privacy or even leading to emotional or physical harm.

Existing Policies and Rules Not Enough

Twitter’s existing policies and rules only cover explicit instances of abusive behaviour. The update to the Private Information Policy, however, means that Twitter can now take action on media that is shared without any explicit abusive content, but is posted without the consent of the person depicted.

What Can’t You Share Anyway?

The existing aspects of Twitter’s policies mean that users can’t share the following media or information without the consent of the subject / the person it belongs to:

– Home address or physical location information, including street addresses and GPS coordinates.

– Any identity documents e.g., government-issued IDs and social security or other national identity numbers.

– Contact information, including non-public personal phone numbers or email addresses.

– Any financial account information e.g., bank account details or credit card details; other private details such as biometric data or medical records.

How Will The Change Work?

The change to the Private Information Policy means that if Twitter is notified by the individuals depicted (or by an authorised representative) that they did not consent to having their private image or video shared, Twitter will remove it.

Exceptions

Twitter has said, however, that the policy is not applicable to:

– Media featuring public figures or individuals when media and accompanying Tweet text are shared in the public interest or add value to public discourse.

– Situations where images or videos of private individuals are shared in an effort to help someone involved in a crisis situation e.g., the aftermath of a violent event.

– Situations where the ‘context’ dictates that the image/video should stay e.g., where the image/video has been made publicly available and/or is being covered by mainstream/traditional media.

Criticism

The policy change received criticism online for lacking clarity e.g., about who is considered to be a public figure and what can be defined as “private” images. Some critics also questioned how the policy would be enforced and suggested that the policy may end up disproportionately affecting those marginalised individuals that Twitter claims it will protect.  Twitter sought to clarify its position by posting on its own platform to say that images/videos showing people participating in public events such as large-scale protests, sporting events, etc. would not generally violate the policy and that they would require a first-person report of the photo/video in order to review the media before any enforcement action could be taken.

What Does This Mean For Your Business?

With the strengthening of data protection laws (e.g. GDPR in Europe) and social media companies now under serious scrutiny over how they protect their users (e.g. the recent Facebook Whistleblower allegations), it is not surprising to see social media platforms announcing new safety measures.  For Twitter, this strengthening of an existing policy to deal more effectively with image and video privacy and security issues sounds helpful and responsible but, as critics have said, needs further clarification and still relies upon Twitter’s own judgements about context, public interest, and other (often grey) areas. This illustrates how complex the matter of sharing, consent, and social platform self-policing and policies have become. This expansion of an existing policy is one in what is likely to become a long line of incremental changes for Twitter to try and show that it can keep its own house in order, dodge being cast as a ‘publisher’ rather than a ‘platform’, and thereby avoid the need for more regulation.

If you’d like to quickly search within a whole website (e.g. a competitor’s website for specific term or subject) here’s a quick way to do so using Google.

– Go to Google.

– In the search field, type “site:” followed by the URL of the site and your search terms. For example: site:bbc.co.uk Christmas

– This should return all pages (and many images) in the website that feature the search term you’ve specified.