Category: Guidance

May 13, 2017

Ransomware: What Is It?

Imagine you’ve been working hard to create a new presentation for work or an official document or a personal photograph album. When you finally finish the work, a message appears on screen that says

“All of the files on this computer have been encrypted. You have 24 hours to submit payment to receive the encryption key, otherwise your files will be permanently destroyed.”

You’ve been hit with Ransomware.

This could be lies – it could just be an empty threat, but it could also be very real and if you don’t pay then your files may be lost permanently.

What do you do?

Step 1: disconnect from the Internet immediately.

Step 2 : Make a choice on whether to pay

If you pay, then maybe you get your files back and maybe not.

If you choose not to pay then switch the computer off and get it to an expert ASAP.

Across the globe in 2014, there were 8.8 million ransomware attacks reported and this crime is rising rapidly.

For further information refer to article

www.fightbackonline.org/index.php/guidance/12-explanations/19-ransomware-what-is-it-and-how-do-i-protect-against-it

May 11, 2017

Holiday and Travel Scams

Scammers con unsuspecting travellers and holidaymakers out of millions of pounds each year and sometimes leave them stranded with nowhere to stay. The scams are usually through fake websites and sometimes by phone and often started by email.

The most common types of this fraud are:

Fake holiday bookings. The scammers create fake websites that look like reputable companies, but they take your money. It may be weeks or months before you realise there is no holiday.
Fake holiday accommodation without travel. It may only be when you travel to the holiday location that you find it doesn’t exist.
Fake airline Tickets. Scammers take your booking and my even send you what looks like a genuine ticket but when you arrive at the airport you’ll find it’s fake.

To avoid being scammed – do not click on links in emails and make sure you are dealing with a reputable company – ABTA assured, lots of positive reviews online.

Most importantly – only pay by credit card. NEVER pay by bank transfer or money transfer agency such as Moneycorp or Western Union.

You holiday is important, so take the time to make sure it really exists.

There is further information at

http://www.fightbackonline.org/index.php/guidance/13-warnings/12-don-t-lose-your-holiday-to-a-scammer

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

May 10, 2017

General Data Protection Regulation

The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give legal rights to people who have information stored about them.

Other European Union countries have passed similar laws and there is the complication that often data is held in more than one country.

The General Data Protection Regulation (GDPR) comes into force in May 2018. It is an EU regulation and takes effect in the UK regardless of the BREXIT situation.

With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to individuals.

Who does the GDPR apply to?

The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

It does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

It applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the Data Protection Act (DPA) – i.e. the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.

If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach.

However, if you are a ‘controller’, there are still obligations where a ‘processor’ is involved – it places further obligations on you to ensure your contracts with processors comply with the GDPR.

Does the GDPR apply to Personal Data?

Like the DPA, the GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – e.g. an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

For most organisations, keeping HR records, customer lists, or contact details etc., the change to the definition should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria.

Basically, if you are subject to the DPA then you need to plan to ensure compliance with the GDPR .

More information available at http://www.eugdpr.org/

April 27, 2017

Worldwide Business Review Awards

World Wide Business Review magazine send out huge numbers of emails to businesses asking if they would accept a nomination in the 2017 UK Enterprise Awards hosted by Worldwide Business Review.

Who nominates the businesses? – that isn’t disclosed but it’s an easy assumption that it’s whoever is on the email lists they buy.

If you send a reply email accepting their nomination then you get a letter asking for supporting information.

The supporting information is fairly standard :-

An overview of the company
Flagship products or services
Biggest achievements to date
Future of the company
An award winning area of the business
Main competitors and what sets your business apart from theirs
Details about the individual

These are all sensible areas of research into a potentially award winning business, but the last question is the killer.

“Do you have a suggested award title?”

This is not about a reason for the award – it’s about trying to get the ‘customer’ to commit to the idea of wining by selecting their own winners title. In essence – everyone can have an award.

Is there any harm in that? No, but should people be given awards where they pick their own title for the award and if so does it have any merit?

Some people call these types of awards “Vanity Awards” or “Trophies for Sale” and they exist in the book world, in business, in wealth, in International commerce etc. This is not illegal but it is certainly questionable and the value of such awards is dubious at best.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

March 1, 2017

Web of Trust

https://www.mywot.com/

“Powered by 140 Million Users & Machine Learning, our free browser extensions, mobile app and API let you check if a website is safe before your reach it, giving you a clean and safe browsing environment” claims the Web of Trust (WOT) website checker.

WOT claims to secure you against scams, malware, rogue web stores and dangerous links on the Internet.

The idea behind the Web of Trust is to try to make the Internet a safe place by automatically checking any website before your browser opens it. It does this by having a regularly updated list of dangerous websites. That list comes from its users marking websites as dangerous, so it’s crowdsourced information. WOT say they also use blacklists compiled by other people, of dangerous websites.

This is a great idea – if you find a dodgy website then you tell WOT and they can then warn other people about it.

But, this approach does have it’s limitations. For example, auction sites have been marked dangerous by WOT because of one or a few bad sellers. It’s also possible that some sites are marked dangerous by members because they don’t like them rather than there being anything dodgy about them.

Reputation icons are also shown next to links on search engine results, social media platforms, webmail, and other popular sites to help you search safely.

When the WOT add-on is installed, you will see a small doughnut shaped icon next to your browser’s address bar. The icon shows you the site’s rating and reputation: green indicates a safe website, yellow tells you to be cautious, and red indicates potential danger.

The Web of Trust website also has an online community with more than 100,000 posts so it is an important community which discusses website ratings, security and online safety.

Alternatives

There are lots of alternative services that provide a similar warning before you access websites. Google Safe browsing is one of the most popular and is free.

There are also similar services provided by the makers of anti-virus and anti-malware software. Site Advisor is one of the most popular. These services don’t have the advantage of crowd sourcing but they are technically very proficient.

If you worried about the safety of browsing then do look at WOT and its competitors and pick the one that works best for you.

If you have had bad experiences with websites or these protection services – do let me know, by email.

February 15, 2017

HSBC To Use Voice Identification Passwords

You may have seen the recent adverts on TV or heard them on radio saying that HSBC customers can now use their voice as their password. This is only for telephone banking.

HSBC say “Voice ID making telephone banking safer than ever”.

Access telephone banking through your voice
No need to use your security number
Easier and safer to access your account through telephone banking

Can it really be accurate, reliable and ‘unfakeable’?

Francesca McDonagh, HSBC UK’s head of retail banking and wealth management, described the change as “the largest planned rollout of voice biometric security technology in the UK”. “The launch of voice and touch ID makes it even quicker and easier for customers to access their bank account, using the most secure form of password technology – the body.”

However, Barclays has already introduced voice recognition software, though only available to certain clients. RBS and NatWest have offered finger print technology for more than a year.

First Direct is owned by HSBC and will have access to this technology for its customers within weeks.

How it will work?

HSBC say “Your voice is unique, just as your fingerprint is which means you can create your own voiceprint with us. Once you’ve created your ‘voiceprint’, you’ll be able to use your voice to access telephone banking and we’ll use this to further help protect against fraud”.

When you contact HSBC telephone banking – instead of entering two random digits from your telephone banking security number, they’ll verify it’s you by asking you to say a short simple phrase.

Will it be safe?

HSBC are convinced this is secure. You might think that a simple recording of your voice would do the trick, but HSBC say their system is far more sophisticated than that and can identify recordings.

HSBC also say their system will be able to cope with people who have got colds or slight impediments. “Things such as the size of your mouth or your vocal tract don’t change. Neither do your cadence or your accent when you’ve got those little colds”.

How do You sign up for Voice ID?

Simply call 08000 852 380 to enrol for HSBC Voice ID

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.