Are YOU The Best Defence Against Cyber Attack?
In the wake of the crippling WannaCry ransomware attack, experts at the UK’s National Cyber Security Centre (NCSC) are keen to point out that a technology-led approach to cyber security means that the strengths of staff in the fight against cyber-crime are being overlooked.
Unreasonable Expectations
According to recent reports from the NCSC, too much of a technology-led security culture in an organisation can mean that unreasonable expectations are placed upon people in terms of making them do things that are difficult, impractical, and bordering on unrealistic in the name of security.
A prime example is a password policy that expects people to remember multiple, complex passwords that have to be frequently changed.
The Result
Evidence shows that when people in organisations are forced to use IT security systems that are impractical, incongruent with the flow of work and where people feel that they are unable to reveal that they can’t work within the system (for fear of punishment / sanctions), the results can be:
- Employees are blamed for password failures and are accused of being incapable or uncooperative.
- Employees look for other (unauthorised) ways of working and take matters into their own hands so that they can get their work done on time while avoiding punishment e.g. Shadow IT. The term ‘Shadow IT’ refers to apps and services that employees bring into the company systems without going through the approved channels. These are their own ideas to solve their own specific work problems.
New Relationship Needed
Experts at the NCSC now believe that, rather than locking themselves away in a kind of IT ‘bunker’ and issuing orders, there needs to be a change in the nature of the relationship between the IT Security Team in an organisation and the users of the IT systems. IT Security Teams may be able to achieve more effective results for the organisation by adopting a collaborative approach with employees.
Employees As Assets
If IT Security Teams work on the assumption that employees are assets who have information that the security professionals do not have about how the business runs and how it needs to run, through meaningful communication and collaboration, lessons can be learned, and systems and security can be improved in a more realistic way.
This re-framing and new IT security paradigm can mean that old, often ineffective security assumptions are challenged e.g. the idea that long, complex and regularly change passwords provide more than just a little extra protection.
What Does This Mean For Your Business?
Cyber and data security are vital to businesses, but only by collaborating, communicating, and creating a culture where employees are listened to, empowered and supported can businesses build security systems that are practical, effective, and work in harmony with the day-to-day business.
Although there are of course security and compatibility issues based around the idea of people introducing their own unapproved IT methods to the workplace (Shadow IT), some businesses find that allowing it to continue can mean that innovative and up-to-date solutions are found that can ultimately work better than the approved ways of doing things.
It is worth remembering that a large amount of cyber-crime now relies upon social engineering and human error to be successful. Businesses, therefore, need to provide IT and data security education and training to all employees, and understand that a chain is only as strong as its weakest link.
BA Says ‘Never Again’ After Weekend Meltdown
BA has moved to try and mitigate some of the damage caused to its reputation as a result of an IT systems meltdown that left 75,000 passengers stranded at airports and separated from their luggage over the busy Bank Holiday weekend, by announcing that it will never allow it to happen again.
Power Surge
BA has stated that its flights from Heathrow and Gatwick airports on Saturday were cancelled, and flights into Britain were severely affected because a power surge shut down BA’s baggage and communication systems.
The failure of the IT systems really became less of an incident and more of a disaster because they were out of action for a day, so not only did this mean flight cancellations, but also that the airline struggled to locate and contact its staff.
Costs
In financial terms, the immediate, foreseeable costs of the IT meltdown to BA are estimated to be in the region of £170m on the market value of BA owner’s IAG share value (a 4% fall). In addition to this, compensation claims from passengers could reach as much as £150m as many had to pay for overnight accommodation, pay extra for spare seats in premium economy cabins to get to their destinations, or incur the costs of travelling with other airlines.
The cost to BA’s reputation, and damage caused to customer loyalty and the BA brand are much harder to calculate, but look likely to be significant.
Criticisms
Passengers and media criticisms have centred around the way the incident was handled e.g. a lack of communication with customers at the time, and the length of time that it took the BA Chief Executive Alex Cruz, to make an apology. Some IT commentators also pointed to the apparent lack of workable Business Continuity and Disaster Recovery Plans.
Despite BA’s claims that the problem was a local one with a local fix (problem at a data centre), the GMB union suggested that the problem was more international in nature since BA had made hundreds of its dedicated UK IT staff redundant in favour of outsourcing the work to India, presumably as a cost-cutting measure.
Scepticism
This week, IT commentators in the media have expressed scepticism about BA’s claims that a power surge was the cause of the problem. Critics of the claim have pointed out that not only is the airline industry notorious for running outdated infrastructure, but that surge protection is usually built into data centres.
A report in the Times even indicated that SSE and UK Power Networks, the two electricity companies that provide the power to the area in which BA has its data centre, have denied there was a power surge.
Some IT commentators have suggested that the real problem may have been more related to what happened when the power was switched back on, such as reboots of crucial databases taking a very long time and not being tested recently.
What Does This Mean For Your Business?
This story is an example of how, where IT systems are so vital to the running of day-to-day business, having a modern infrastructure that is monitored and tested regularly is vital (also from a security perspective).
The story also illustrates how important having current, workable, well thought-out and well-communicated Business Continuity and Disaster Recovery Plans are in modern business, particularly for businesses of this scale.
Reports of the criticisms by affected passengers also illustrates how important communication, a fast response, and a fast, clear apology can go towards mitigating some of the damaging and costly effects of a PR disaster.
Tech Tip : The Malicious Software Removal Tool
While Windows Defender (that comes with Windows 10) offers some virus and malware protection, if you are unlucky enough to pick up a computer virus that has somehow circumvented your anti- virus, you can download the post-infection ‘Malicious Software Removal Tool’ to help.
This tool focuses on the detection and removal of any active malicious software that is currently running on your computer. It runs in quiet mode in the background and alerts you of any problems the next time that you log on to your computer.
To activate the Malicious Software Removal Tool:
- Go to the Start Menu
- In the Search bar, type in the name of the program in full or just type in “mrt” (Malicious Software Removal Tool)
- The Malicious Software Removal Tool will appear on the Start Menu
- Click on it to run it and begin scanning your computer.
Don’t forget, next week we’re running a webinar about Mailchimp Mastery. Here’s the MKLINK registration link for it … you’ll already have your own personalised link.
Report Blames Brexit Uncertainty For UK Tech Employment Challenges
A recent report by ‘Hired’ has shown that the uncertainty surrounding Brexit has made UK employers less likely to seek migrant tech employees, and has made less overseas tech workers seek jobs in the UK.
The Report
The report (gathered data from over 20,000 foreign candidates, 200 UK candidates and 850 clients) focused on the attitudes of foreign workers towards UK’s decision to leave the EU.
The study discovered that the number of foreign candidates looking for work in the UK had dropped by more than 50% and that representation of foreign job-seekers in their total talent pool had decreased by over 60%.
Additionally, offers from UK employers had dropped from 25% at the start of 2016 to just 18% over the period of just one year.
Brexit – Negative Impact On Tech Sector
In the survey of UK-based candidates, Hired found that 71% said that UK’s withdrawal from the tech sector in the EU would have a negative impact on the industry.
When surveying job concerns, Brexit now came at the top of the list, followed by happiness at work, personal development, and salary.
31% anticipated that it would become increasingly difficult to find a job in the coming year, and 77% of those surveyed were sure that the uncertainty would last for at least a year.
In the wake of Brexit, 70% of survey participants contemplated leaving Britain to relocate to other cities in Europe. North America and Australia were also popular choices.
Less Likely To Start A Business In The UK
The report also showed that confidence in starting a business in the UK has also been diminished, with 41% of all tech workers declaring that they would now be less likely to do so.
Employment commentators have noted that foreign workers are still very uncertain about their likely immigration status after Brexit, and tech commentators have suggested that UK companies should still continue to look at workers through the tier 2 skilled worker programme, which focuses on workers from outside the EU, as well as local talent.
Other Options
With an existing skills gap in the UK and with the potential for it to be exacerbated by Brexit, UK companies could consider other options. These could include broadening the pool of institutions from which companies hire, or looking for people with the right skills but perhaps no formal degree could be other options. In-house tests could be conducted to confirm skills or capability.
Brain Drain Could Follow
If tech businesses are discouraged from starting up in the UK as the report appears to suggest, this could lead to a ‘brain drain from the UK’ to Europe.
Temporary
The report makes worrying reading now, but the more optimistic and pro-Brexit commentators tech commentators appear to agree that foreign candidates and companies will regain confidence in immigration to the UK once Brexit has actually happened, and the rules UK government’s Brexit rules and conditions are more clear to all.
What Does Mean For Your Business?
If you are a tech business this could, of course, mean that from now on (and much more so if Brexit goes ahead) you could find it much more challenging to attract skilled people from overseas.
Salaries for tech workers in London may also need to be increased anyway in order to keep existing talent let alone attract overseas talent.
The falling numbers of computer science graduates here in the UK means that employers will have to consider the passion and commitment of prospective, self-taught staff members alongside formal qualifications.
It is not down to just businesses alone to deal with the fallout of Brexit uncertainty and to solve the skills gap challenge. The government, the education system and businesses need to find ways to work together to develop a base of digital skills in the UK population and to make sure that the whole tech eco-system finds effective ways to keep attracting and retaining overseas tech talent, while addressing the skills gap challenge, and keeping the UK’s tech industries and business attractive and competitive in the global marketplace.
Who Really Benefits From Accelerated Mobile Pages
Back in October 2015, Google announced that it was introducing a new open source initiative called Accelerated Mobile Pages (AMP) in order to dramatically improve the performance of the mobile web. In May 2017, AMPs are still attracting criticism and the accusation that Google may be the only real beneficiary.
What Are AMPs?
Accelerated Mobile Pages are ‘light-weight’ web pages that are designed using existing technologies e.g. faster, optimized HTML and a faster Google page caching system, to allow them to work across multiple platforms and devices. The idea is that, even if web pages have rich content like video, animations and graphics, AMPs will be able to load instantaneously (alongside smart ads) on phone, tablet or mobile devices of all types.
What’s The Problem?
AMP has been designed for speed and simplicity, and as such, critics of the initiative have said that the limited layout options make AMP web pages appear rather undistinguished and bland.
Also, if your website hasn’t been professionally made, for example, Google isn’t able to cache your coded AMP Web pages unless they’re guaranteed free of HTML errors.
Critics also say that, if more people create pages in AMP, they are optimized specifically for Google, and are, therefore, locked-in to Google (rather like Google’s own version of Facebook). This could be construed as being rather the opposite of ‘open’.
Rather than having your own detailed analytics data for your web pages, using AMP also means that you can only have access to a small subset of the data that Google gathers. This could therefore give you a less informed view of your online business.
Other critics have also pointed out that the stripped-out, uniform appearance of AMP (everything looking the same in AMP) , and the endorsement of Google means that AMP could be open to abuse by those looking to spread fake news, or to publish (potentially high ranking) low-quality content.
Advantages of using AMP
Despite drawing a large amount of criticism, there are reports to show that mobile websites are able to appear on devices at almost instant speeds and up to 85% faster than standard mobile pages.
In addition to racking up shares and views, AMP could also ensure that more people will read your content. It is important to make the point, however, that AMP pages are likely to get higher priority in Google’s mobile search than other web pages.
What Does This Mean For Your Business?
Back in October 2016 StatCounter figures showed the mobile access overtaking desktop for the first time with 51.3% of global web traffic accessing the web using smart-phones and tablets. Just a look at your own website analytics should confirm that most of your business website visitors are likely to be using mobiles and tablets. It is therefore important to have pages which rank well in mobile search and load quickly onto mobile devices (in under 3 seconds if possible). AMP appears to offer these benefits but it seems that these may be offset slightly by having to present relatively bland-looking pages to potential customers, risking getting too locked-in to Google, and forgoing some important analytic insights.
It is still relatively early days for AMP, and it is in Google’s interest to ensure that the criticisms by businesses and technical commentators are heeded so that more businesses choose to use AMP.
No … For Net Neutrality
The current Net Neutrality regulations, set in 2015 and designed to force ISPs to treat all data traffic as equal, have been overturned by two-to-one in a vote by the US Federal Communications Commission (FCC).
What Is Net Neutrality?
The idea of having an Open Internet means that individuals and organisations should be able to easily access and use all of its resources. Part of ensuring that this can happen involves making sure that certain principles are adhered to, one of which (along with open standards, transparency, no Internet censorship and low barriers to entry) is ‘Net Neutrality’.
Net Neutrality is the idea that public information networks like the Internet can function best for their users if all content and data (e.g. emails, digital audio files, digital video) is treated equally. If this is allowed to happen, it is believed that innovation and trade will be enhanced.
What Are Net Neutrality Rules?
In order to ensure that this could have a chance of happening, it was believed that ISPs needed to have rules / regulations imposed upon them to make sure that they didn’t prioritise and fast track some data over other data i.e. fast-tracking data that companies had paid more to reach customers more quickly. This behaviour is often referred to as ‘blocking’ and ‘throttling’ of data. In short, having common Net Neutrality rules could prevent access providers from deciding who ‘wins’ and ‘loses’ on the Internet.
This led to the introduction of Net Neutrality rules, but opposition (e.g. Comcast, along with Verizon and AT&T) meant that changes were made to the rules back in 2015.
In Europe, the first EU-wide Net Neutrality rules were adopted In October 2015.
Why The Vote To Overturn The Rules?
Objections to the rules back in 2015 centred around the idea that the rules acted like a kind of ‘big brother’ that potentially harmed jobs, discouraged investment, and may have negatively affected the enthusiasm of some ISPs to improve US broadband. Many commentators have noted that the changes made to the rules in 2015 rendered them less effective, and were the first stage of an obvious attempt to dismantle them.
What Does This Mean For Your Business?
To allow fair competition and equal opportunities, there must be something that looks like an ‘equal playing field’ in place. Some Internet giants such as Facebook, and Alphabet (Google’s parent company) have publicly backed the open net rules and even after this decisive vote against having rules, US ISPs like Comcast, Charter Communications and Altice NV have all pledged in public statements to keep the data flowing freely. It has also been reported that one million statements supporting neutrality have been filed on the FCC website. It is clear therefore that, despite the vote, there is an understanding that sometimes, especially where individual commercial interests are concerned, the only thing that can really force organizations to behave in a certain way are the existence of rules and adherence to them.