Mobile Working Causes Absenteeism
Research by B2M Solutions has concluded that instead of saving costs, mobile working could be costing UK businesses £1.18 billion per year, as 40% of mobile workers attribute time taken off work to stress and anxiety caused mainly by reliability issues with mobile devices.
The Research
The B2M Solutions ‘Mobile Impact Survey’ gathered the opinions of 200 mobile workers in the US and UK who said that the mobile device they used at work was a critical tool that they needed to complete their work tasks, and that device reliability was of the uppermost importance.
What’s The Problem?
According to the B2M Solutions research, there are several elements involved in causing stress and anxiety-related ailments in mobile workers including:
- Not offering employees the resources they need. The research indicates that although businesses are giving more responsibility and arguably more freedom to their employees, there is a lack of investment in tools to ensure that the critical mobile devices needed to perform these new tasks are operating correctly, and can be depended on. When the devices don’t perform as they should, this creates frustration and stress in users. The B2M research showed, for example, that device issues in the field like battery failure (40%) or poor Wi-Fi coverage, and crashing apps, led to 16% of mobile workers taking at least one day off work in the last year. This figure includes the 7% who took six or more days sick leave as a result.
- Always being connected to work and switched-on. The blurring of lines between work time and your own time, and always being reachable by employers / colleagues makes it difficult to escape an underlying level of stress.
- Being unable to complete tasks, as well as customer anger and rudeness as a result of mobile device failure causing increased stress and anxiety levels.
Didn’t Tell Managers
The research also revealed that a quarter of mobile workers haven’t told their managers or IT departments that their equipment is failing because they didn’t think that anything would be done about it.
Huge Cost To Business
In addition to the human suffering caused by stress and anxiety, the cost to businesses, many of which are unaware of the problems because their employees haven’t told them and / or because they haven’t checked, is estimated to be huge. For example, according to the research, if the findings are applied to the entire US mobile workforce, the cost of sick leave from stress or anxiety caused by device reliability problems to the US economy is around $8.6bn per year. If you add this figure to the UK research results, the coat to both economies is $10.2bn.
In fact, even the ‘True Cost of Ownership’ figures from the research don’t include additional potential financial impacts e.g. paying overtime to remaining workers to pick up their sick colleagues’ excess work, any financial penalties for missing customer deadlines, any brand reputation damage, insurance claims or even the cost of out of court settlements for some workers who can’t return to work.
What Does This Mean For Your Business?
It is likely that we all have some experience of the frustration and stress that technology failures and hold-ups can create, particularly when we are against the clock and a customer / colleague / boss is waiting. The cumulative effects of this kind of stress over time, coupled with a feeling that you’re on your own i.e. nothing will be done even if you report it, is bound to be demoralising, and it is no surprise that absenteeism from stress and anxiety and the knock-on financial impacts on the company are the results.
In the light of this research, businesses may benefit from taking more proactive steps to predict and prevent mobile related issues before they impact the mobile worker. Also, the fact that many businesses are unaware of the impact that mobile device issues actually have on productivity and worker health suggests that better device monitoring is needed.
Tech Tip – Lockdown Your Wi-Fi
If you’re using Windows 10 and you want to make sure you’re not exposed to the security risks posed by insecure wireless networks, there is a quick and easy way you can protect your Wi-Fi connectivity. Here’s how:
Go to Settings.
Go to Network & Internet > Wi-Fi
Make sure that the ‘Connect to suggested open hotspots’ option is disabled, unless you connect through a virtual private network or VPN service.
Find Out What ‘Deep Fakes’ Are and Why They’re A Threat
Deep fakes are digitally manipulated videos that have been created using deep learning technology to make the subject of the video (often a famous person) say anything the video maker wants them to say, even incorporating the style and facial expressions of another person.
Example
An example here is a video that demonstrates the technique, and features a fake video of Barack Obama saying things that he would never normally (publicly) say. Example : https://www.youtube.com/watch?v=AmUC4m6w1wo
Improving Fast
The technique, which had its less than auspicious first uses in pornography, where porn actors were made to look and sound like famous people, has much improved and become arguably more convincing as deep learning and AI have led to more seamless and convincing results.
Style Transfer
The development of the technology used in deep fake videos has improved to the point where even a person’s style can be superimposed and incorporated. An example of this can be seen in videos created by researchers at Carnegie Mellon University, who have been able to use artificial intelligence technology to transfer the facial expressions of one person in a video to another.
See this example on YouTube: https://www.youtube.com/watch?v=ehD3C60i6lw where John Oliver is made to reflect the style of Stephen Colbert, a daffodil is made to bloom (time lapse) the same way as a hibiscus, and Barack Obama is given the same facial expressions and style as Dr Martin Luther King and President Donald Trump.
What’s The Danger?
The danger, according to US lawmakers and intelligence organisations, is that videos could be made by adversarial nation states and used as another tool in disinformation campaigns. For example, at key moments, politicians and other influential figures could be made to appear to make false and /or inflammatory statements that could be believed by less politically aware recipients. In short, these videos could be used to influence opinions e.g. at election-time, and could afford a foreign power a way to interfere that relies upon human error – the same thing that many successful cyber attacks have relied upon.
What Does This Mean For Your Business?
With the US Midterm elections on the way, with allegations of Russian interference and possible collusion still hanging over President Trump’s head, and with some evidence that Facebook was used by a foreign power to try an influence the last US election result, it is understandable that the US government is worried about any tools that could be used to interfere in their democratic process. This is one of the reasons why Microsoft has seized 6 phishing domains that allegedly belong to Russian government hackers, and has introduced a pilot AccountGuard secure email service for election candidates.
If the technology behind deep fake videos keeps improving, it is possible to see it being used as another tool in other types of cyber-crime.
There is, of course, an upside and some ways that deep fake technology can be used in a positive way. For example, deep fake could be used to help film-makers to reduce costs and speed up work, make humorous videos and advertisements, and even help in corporate training.
Microsoft Launches ‘AccountGuard’ Email Service For Election Candidates
A new kind of pilot secure email service called ‘AccountGuard’ has been launched by Microsoft, specifically for use by election candidates, and as one answer to the kind of interference that took place during the last US presidential election campaign.
Ready For The Midterm Elections
The new, free email service (which people must useOffice 365 to register for) is an off-shoot of Microsoft’s ‘Defending Democracy’ Program. This program was launched in April with the aim of protecting campaigns from hacking, through increased cyber resilience measures, enhanced account monitoring and incident response capabilities.
The AccountGuard pilot has been launched in time for the US Midterm elections which are the general elections held in November every four years, around the midpoint of a president’s four-year term of office.
Who Can Use AccountGuard?
Microsoft says that its AccountGuard service can be used by all current candidates for federal, state and local office in the United States and their campaigns; the campaign organisations of all sitting members of Congress, national and state party committees, any technology vendors who primarily serve campaigns and committees, and some non-profit organisations and non-governmental organizations. Microsoft AccountGuard is offered free of charge and is full service, coming with free email and phone support.
Three Core Offerings
AccountGuard has three core offerings. These are:
- Unified threat detection and notification across accounts. This means providing notification about any cyber threats in a unified way across both email systems run by organisations and the personal accounts of these organizations’ leaders and staff who opt in. This part of the service will only be available only for Microsoft services including Office 365, Outlook.com and Hotmail to begin with, and Microsoft says it will draw on the expertise of the Microsoft Threat Intelligence Center (MSTIC / MSTIC).
- Security guidance and ongoing education. Registering for Microsoft AccountGuard gives organisations best practice guidance and materials. These are in the form of off-the-shelf materials and in-depth live sessions.
- Early adopter opportunities. This means access to private previews of the kind of security features that are usually offered by Microsoft to large corporate and government account customers.
Similar To Google
Some commentators have highlighted similarities between the AccountGuard idea and Google’s Advanced Protection Program (APP), also launched this year, although APP is open to anyone, requires log in with hardware authentication keys, and locks out third-party app access.
What Does This Mean For Your Business?
When you think about it, what Microsoft appears to be admitting is that its everyday email programs are simply not secure enough to counter many of the threats that now look likely to come from other states when elections are underway. Microsoft’s other, non-political business customers who are also at risk from common cyber attacks e.g. phishing, may feel a little left out that they are apparently not being offered the same level of security.
Also, protecting democracy sounds like quite a grand aim for a service provider offering an email service. Microsoft does, however, accept that it can’t solve the threat to US democracy on its own and that it believes this will require technology companies, government, civil society, the academic community and researchers working together. Microsoft also acknowledges that AccountGuard is limited to protecting those using enterprise and consumer services, and that attacks can actually reach campaigns through a variety of other ways. Microsoft also appears to be hinting that it may be thinking of expanding AccountGuard to industry as well as government depending on how the pilot works.
Only 32% of Emails Clean Enough To ‘Make It’
A bi-annual study by FireEye has found that less than a third of over half a billion emails analysed were considered clean enough not to be blocked from entering our inboxes.
Phishing Problem Evident
The study found that even though 9 out of 10 emails that are blocked by email security / anti-virus didn’t actually contain malware, 81% of the blocked emails were phishing attacks. This figure is double that of the previous 6 months.
Webroot’s Quarterly Threat Trends Report data, for example, shows that 1.39 million new phishing sites are created each month, and that this figure was even as high as 2.3 million in May last year. It is likely that phishing attacks have increased so much because organisations have been focusing too much of their security efforts on detecting malware. Also, human error is likely to be a weak link in any company, and phishing has proven to be very successful, sometimes delivering results in a second wave as well as the first attack. For example, in the wake of the TSB bank system meltdown, phishing attacks on TSB customers increased by 843% in May compared with April.
A recent KnowBe4 study involved sending phishing test emails to 6 million people, and the study found that recipients were most likely to click on phishing emails when they promised money or threatened the loss of money. This highlights a classic human weakness that always provides hope to cyber-criminals, and the same criminals know that the most effective templates for phishing are the ones that cause a knee-jerk reaction in the recipient i.e. the alarming or urgent nature of the subject makes the recipient react without thinking.
Increase In Malicious Intent Emails
The FireEye study also highlighted the fact that there has been an increase over the last 6 months in the emails sent to us that have malicious intent. For example, the latest study showed that one in every 101 emails had malicious intent, whereas this figure was one in every 131 in the previous 6 months.
Biggest Vulnerability
As FireEye noted after seeing the findings of their research, email is the most popular vector for cyber attacks, and it is this that makes email the biggest vulnerability for every organisation.
What Does This Mean For Your Business?
It is very worrying that we can only really trust less than one third of emails being sent to businesses as being ‘clean’ enough and free enough of obvious criminal intent to be allowed through to the company inbox. It is, of course, important to have effective anti-virus / anti-malware protection in place on email programs, but phishing emails are able to get past this kind of protection, along with other methods such as impersonation attacks like CEO fraud. Organisations, therefore, need to focus on making sure that staff are sufficiently trained and educated about the threats and the warning signs, and that there are clear procedures and lines of responsibility in place to be followed when emails relating to e.g. transfer of money (even to what appears to be the CEO) are concerned.
Cyber-criminals are getting bolder and more sophisticated, and companies need to ensure that there is no room for weak ‘human error’ links of the front line.
ICO Highlights Prevalence of GDPR Myths
The Information Commissioner’s Office (ICO) has reported taking 500+ calls per week reporting GDPR data breaches, but one-third of the calls appear to be based on myths and misunderstandings or over-reporting about GDPR matters.
Update After Freedom of Information Request
The update by the ICO about how things appear to be going just three months after the introduction of GDPR came shortly after a Freedom of Information (FOI) by law firm EMW yielded figures that showed that the number of complaints between 25th May and 3rd July 2018 rose to 6,281 versus 2,417 during the same period in 2017.
Over-Reporting
A key problem highlighted by the ICO is that many companies feel that in order to achieve compliance and avoid being penalised, they have to be transparent to the degree that they “over-report” by reporting everything. Also, many of the reports are incomplete.
One common misconception highlighted by the ICO that is leading to unnecessary calls is that instead of reporting suspected data breaches to the ICO within 72 hours ‘from the point of discovery’, many companies appear to believe that the mandatory reporting period is 72 ‘working’ hours.
Fine Fears Unfounded
Another key point that the ICO was keen to make was that even though there have been some high profile cases that have involved big companies receiving big fines since the introduction of GDPR, many thousands of incidents are closed each year without financial penalty but with advice, guidance and reassurance offered instead. Another point that the ICO would like to make known is that the real norm of the work they do is simply audits, advisory visits and guidance sessions.
In fact, ICO Deputy Commissioner James Dipple-Johnstone has been quoted as saying that businesses that take their data protection responsibilities seriously “have nothing to fear from an ICO inspection or investigation”.
Cyber Crime Reports
The ICO has said that almost half of the calls that it received weekly involve some cyber element, and around one-third of calls relate to phishing attacks.
Phishing attacks are still such a popular method of cyber-crime because many companies have been focusing on malware detection and may not have trained and educated their staff about the risks, how to spot phishing attacks, and what to do about them.
What Does This Mean For Your Business?
Of course, organisations need to take their data protection responsibilities seriously to protect customers and the company itself, but part of dealing with that responsibility correctly is being clear on what GDPR actually requires a company to do; how and when. This is why GDPR requires (via mandatory appointment under Article 37) organisations / companies to have a data protection officer (DPO) i.e. someone tasked with the responsibility and security leadership role to oversee data protection strategy and implementation, and to ensure proper compliance with GDPR requirements. Part of the responsibilities of a DPO are to educate the company and train employees about GDPR and how it applies to them and their work. A DPO is required to have expert knowledge of data protection law and practices, and having a person on hand to consult about GDPR matters would be a good way to prevent unnecessary calls and complaints being made to the ICO, and to prevent unnecessary concerns, misunderstandings and mistaken beliefs prevailing within the company that could lead to other problems.