All posts by Paul Stradling

News

Tech News : Windows 11 May Not Work On Your Computer. But You Can Try!

A Microsoft recent update announcement about Windows 11 appears to say that although the new OS still won’t run on some older PC’s, Microsoft doesn’t plan to stop you from trying.

The Problem

When Microsoft’s June Windows 11 announcement showed that its minimum hardware requirements meant that it would only support eighth generation and newer Intel Core processors (as well as Apollo Lake, and newer types of Pentium and Celeron processors), it became clear that the new OS may simply not be able to run on many older computers.

Also, the required “hard floor” (minimum configuration) for Windows 11 is that a device needs a Trusted Platform Module (TPM) chip (a type of security chip used for things like storing passwords and encryption keys) to run it.  Without this type of chip, Windows can’t be run on a device, and even with devices that meet the “soft floor”, they may receive a notification that an upgrade to Windows 11 is not advisable.

At the time, Microsoft recommended a Windows PC Health Check app as a way for users to find out whether their PC would be able to support Windows 11 (https://aka.ms/GetPCHealthCheckApp).

Latest Announcement … Expanded Chip List (A Bit)

In Microsoft’s latest announcement, it said that following tests of whether devices running on Intel 7th Generation and AMD Zen 1 processors could support the OS, it has expanded the list of compatible 64-bit processors to include Intel® Core™ X-series, Xeon® W-series, Intel® Core™ 7820HQ (only select devices that shipped with modern drivers based on Declarative, Componentised, Hardware Support Apps (DCH) design principles, including Surface Studio 2).

Microsoft also says that it has expanded the PC Health Check App so that it gives more information and links support articles with possible remediation steps for those whose PC doesn’t look like it will support Windows 11.

You Can Try

Microsoft also appears to be saying that users who try to install Windows 11 via Windows Update on their unsupported system won’t be able to, however installing Windows 11 manually from an ISO file boot disk (e.g. onto an older machine) will be possible, although there won’t be driver compatibility or much system stability, and it will be at the user’s own risk.

If Not 11, Then 10 Is For You

Microsoft says that for those who are using a PC that won’t upgrade to Windows 11, and who don’t want to buy a new device yet “Windows 10 is the right choice” and that Microsoft will still support Windows 10 through October 14, 2025.

What Does This Mean For Your Business?

Although having to test to see if your older computer can support Windows 11 (having those with older computers feeling excluded) isn’t the ideal way that Microsoft wanted to introduce its new OS, it’s not as bad as it sounds.  In reality, the minimum requirements for Windows 11 aren’t likely to exclude too many older devices although some may have the same stability issues that they may have experienced anyway with Windows 10. Clearly, Microsoft wants to make sure that its first new OS in a long time is up to the demands of modern users who regularly use their PCs for video conferencing, productivity, and gaming, and has set its minimum system requirements accordingly to align with many on these common apps. Businesses with older PCs that won’t take Windows 11 can continue with Windows 10 with support until late 2025 anyway. It will mean, however, for some businesses, it’s a case of thinking about replacing some PCs sooner than they would have liked to get the benefits of Windows 11.

News

Featured Article: New ICO Head and Data Protection Law Reforms

Highlighting an early target of tackling cookie pop-ups, the UK government is to appoint John Edwards as the new ‘light touch’ ICO who will be expected to reform post-Brexit data protection rules for the UK.

Data Protection Reforms

Since Brexit, the UK government has been seeking to reform data protection regulations in the UK in a way that it says will cut down on what Digital Secretary Oliver Dowden has been quoted describing as the “needless bureaucracy” of the current system of data protection and data transfer between countries. The Government message is that the appointment of a new ICO who could “go beyond the regulator’s traditional role” would be a way to reform regulations and make new data adequacy agreements with other countries that would reduce barriers to data transfer, help data (and more trade) to flow more freely, and improve innovation and economic growth.  The government has been keen to stress that despite (and perhaps to facilitate) these planned changes, the new regulator will have a “light touch”, but data will still be protected.

Cookie Pop-Ups

It appears that cookie pop-ups have been used by the UK government as an example and as part of the justification for wanting to make changes to data protection laws. Digital Secretary Oliver Dowden has argued in recent media reports that the requirement for the kind of cookie pop-ups that are present on most large sites, asking for permission to store a user’s personal information, are a visible example of the kind of needless bureaucracy at work that could be avoided with a change to data regulations.

What Is Data Adequacy?

Data Adequacy partnerships are agreements that protections are in place and are similar in two countries, thereby allowing the safe sending of people’s personal data internationally. Having a data adequacy partnership in place was part of the negotiations with the EU for Brexit.

For post-Brexit UK, heralded by the impending appointment of John Edwards as the new ICO, the UK government is now keen to make new, more frictionless data adequacy partnership agreements with the EU and many different countries which the UK wants to trade with.

Criticism

Critics of the UK government’s post-Brexit push to reform data protection regulations with new data adequacy partnerships are worried that this could weaken the UK GDPR and lead to the personal and private data of UK citizens being put at risk of being taken and shared.

Privacy advocates have also been sceptical as to whether it is realistic and possible for the UK government to give UK citizens and consumers more control over how their data is used on the one hand, while also giving businesses (and the government) greater freedoms to use that data through new agreements.

EU and GDPR

It was only in June this year that the UK government managed to achieve a data adequacy agreement with the EU, and any more proposed changes to that agreement now by the UK may be difficult to negotiate.

Who Is John Edwards?

John Edwards, the person named to succeed the current Information Commissioner (data protection regulator) Elizabeth Denham, is currently New Zealand’s Privacy Commissioner and head of its Office of the Privacy Commissioner (OPC), where he has been in the job for more than 7 years. Prior to his work with the OPC, he was a self-employed barrister and solicitor focusing on information and privacy law, and Chair of the Global Privacy Assembly from 2014-17.

In addition to his obvious legal background and experience, he is also known for overseeing New Zealand’s adequacy status with the EU, which is one of the reasons why he is favoured for the UK job.

Hates Facebook?

Mr Edwards is also known for his apparent dislike for Facebook. In April 2019 for example, after Facebook appeared to not accept any responsibility for the Christchurch massacre (mosque shootings) where one shooter described YouTube to be “a significant source of information and inspiration”, Mr Edwards was quoted from his Twitter account in the Guardian as saying, “Facebook cannot be trusted” and that the company were “morally bankrupt pathological liars”. He was also quoted as saying of Facebook that they “allow the live streaming of suicides, rapes, and murders, continue to host and publish the mosque attack video, allow advertisers to target ‘Jew haters’ and other hateful market segments, and refuse to accept any responsibility for any content or harm”.

Recently, Mr Edwards has indicated on his Twitter account that he doesn’t hate Facebook.

Why Is This Relevant?

The relevance of a possible Facebook-hater as the ICO is that he would be responsible for imposing fines for breaches of the UK Data Protection Act 2018 and the Privacy in Electronic Communications Regulations (PECRs) and would have an influence over the UK government’s Online Safety Bill.  This Bill is designed to establish a new regulatory framework to tackle harmful content online and would, therefore, potentially affect Facebook as a major content hosting platform.

Is An Overseas Regulator A Problem?

Some critics have highlighted the fact that the current UK ICO, Elizabeth Denham, who has been criticised for not enforcing data protection laws well enough, has been working from home in Canada throughout most of the pandemic, and the UK now looks set to appoint another ICO from overseas where there is a different data protection regime.

What Does This Mean For Your Business?

If the government’s argument is to be accepted, changing data protection laws to help data transfers between different countries and the UK could unlock more trade and benefits for British businesses. If the argument of some data privacy/security advocates is to be accepted, new data laws could mean that our personal data is more at risk and that the government is proposing a balancing act that may not be possible to realistically achieve. For Facebook and other social media companies, the appointment of John Edwards as the new ICO may give them cause for concern given his previous comments about Facebook, and his soon-to-be power over the imposition of penalties and the possible impact of the development of the UK’s Online Safety Bill.

News

Tech Insight : What Is 3D Printing?

In this article, we look at what 3D printing is, its benefits, and how it is being used now to add value in many different industries.

What Is It?

3D printing (“additive manufacturing”) describes how, using a special printing machine, a three-dimensional object can be constructed from a CAD model or a digital 3D model. The 3D printing machinery builds up layers of material to create a 3D object. The machinery is directed by ‘slicing software’ which slices a 3D model into hundreds or thousands of layers, thereby instructing the printer on how to build up layers to create the finished model. 3D printing is used across the board from hobbies to state-of-the-art commercial purposes.

Made of What?

3D printing can use different materials and many different processes to build an object. For example, vat polymerisation uses a liquid photopolymer that’s cured by light, material extrusion uses molten thermoplastic that’s deposited through a heated nozzle, and powder bed fusion uses powder particles that are fused by a high-energy source.  The most popular type of 3D printing (at the consumer level) is fused deposition modelling (FDM) which works by extruding thermoplastics (ABS and PLA), through a heated nozzle, thereby melting the material to build up layers of plastic.

Value Highlighted In The Pandemic

Some of the value of 3D printing was highlighted in March/April 2020 when large-scale 3D printing was used to meet the huge demand for nasal swabs in the US (Northwell Health and FormLabs), and for making PPE like face shields in the UK (University of Sheffield, iForge).

Global Market Size

The recent MarketsandMarkets forecast predicted that the global 3D printing market will grow by a massive 22.5 per cent per year from $12.6bn this year to $34.8bn by 2026.

Examples of Industries Using 3D Printing

Some examples of how different industries are using 3D printing include:

– Healthcare: Used to make 3D dental implants, knee implants and custom 3D-printed orthotics/insoles (Belgian 3D printing firm Materialise).

– Aerospace: Using 3D printing to make aircraft parts such as castings for gear cases and covers, fuel tanks, and transmission housings, as well as to create fixtures, jigs, gauges, and templates (to reduce production costs).

– Manufacturing: Using 3D printing to create custom, low-volume tooling and fixtures thereby saving costs and allowing designers and engineers to spend more time on revenue-generating parts.

– Education: The education sector is using 3D printing in many ways e.g., parts for educational tools to help PhD students who use the printers for research, and colleges (e.g. Purdue in the US) using 3D printing to help students to learn about emerging additive manufacturing materials and technology.

– Robotics: Companies in the robotics field use 3D printers to help (quickly) produce low cost, low weight parts such as end-of-arm tooling and end-use parts (grippers, fingers, and other robot components).

From Prototype to Developing Final Products

The development of 3D printing is such that the industrial manufacturing sector is now moving from a prototype phase of 3D printing adoption to developing final products.

The Benefits of 3D Printing

Some of the main benefits of 3D printing include:

– Reducing costs and waste (e.g. in part manufacture).

– Speed and helping to reduce time to market (e.g. rapid prototyping).

– Flexibility. For example, unlike traditional manufacturing where a new tool, mould, die, or jig is required to make a new part, a 3D printer can make almost anything that fits within its build volume.

– Quality and consistency, due to step-by-step assembly and monitoring.

– Accessibility.  3D printers can be used by a much wider range of people/businesses than traditional manufacturing setups.

Disadvantages of 3D Printing

Some of the disadvantages of 3D printing include:

– Limited materials (that can be used by printers to build objects).

– High costs of equipment and products.

– Restrictions on build size (based on the size/capacity of the printer).

– The need for post-processing, i.e. most 3D printed parts need cleaning up to remove support material.

– Cost per unit doesn’t reduce for large volumes unlike injection moulding.

What Does This Mean For Your Business?

3D printing is still in the early phases of growth and although set up costs can be relatively high, it is delivering value in several different sectors in areas such as rapid prototyping in manufacturing and producing very specialised customised implants for healthcare. 3D printing has both hobby and commercial applications and businesses that design and/or manufacture products or need components may decide to look at ways in which 3D printing could have advantages over traditional methods and supply that could contribute to cost, speed, and flexibility benefits, and could be the source of new competitive advantages.

News

Tech Tip – Get Gmail in Your Windows 10 Mail App

If you’d like a tidy, easy way to see your Gmail emails and Microsoft emails all in one place in Windows 10, here’s how to set it up:

– Click on ‘Start’ and type ‘Mail’, and select the Mail app.

– Open the app, right hand side click “+ Add account” and select Google/Gmail from the list.

– Enter your Gmail login details and complete any security verification.

– Click on ‘Allow’.

News

Tech News : Biometrics Could Assist the Taliban

Human Rights groups fear that the Taliban could soon be able to use collected biometric data to identify contractors and locals working with the US military.

What Biometric Data?

It has been reported that, over time, while on operations in Afghanistan, the US military collected biometric data such as fingerprints and retina scans using a handheld device called HIIDE (Handheld Interagency Identity Detection Equipment).  The plan was to collect the data of 80 percent of the population (25 million people) in the hope that it would enable the identification of bomb-makers, as well as those working with and helping the US military.

Also, the Afghan government has collected biometric data (including fingerprints and iris scans) for its e-Tazkira biometric identity card, and for voter registration in the 2019 elections (facial recognition). At the beginning of this year, the Afghan government had also planned to conduct biometric registration of students and staff of madrassas around the country, in a bid to prevent misuse of the schools, and to help in the move towards a single source curriculum.

What Could Happen?

The fear is this; now that the whole biometric infrastructure is in the hands of the Taliban, the Taliban could obtain and use biometric readers, the HIDE devices, or find other ways to use the collected data to identify and punish anyone who worked with/for the Americans.  Unfortunately, it has been reported that HIDE devices are already in Taliban hands and that the Taliban have been making house-to-house inspections using a biometrics machine.

Social Media Profile Fears – Facebook Takes Action

Facebook has announced that in response to concerns that friends lists in Facebook profiles could be used by the Taliban, it has launched a one-click tool for people in Afghanistan to quickly lock down their account, thereby preventing those who aren’t their friends from downloading or sharing their profile photo or seeing posts on their timeline. Facebook is also reported to be continuing a ban on Taliban content on its platform.

Although the new Facebook feature will provide some peace of mind and protection, it will not stop the Taliban from using confiscated/stolen devices to access friends lists.

Other Social Media Companies

Twitter has responded to accusations that the Taliban has been using its platform by saying that its rules don’t allow groups that promote terrorism or violence against civilians.  Also, LinkedIn has said that it has taken some measures to limit the visibility of connections for its members in Afghanistan.

What Does This Mean For Your Business?

This story highlights the importance of data security and particularly how access to personal data can be a two-edged sword in certain situations. In ordinary circumstances, the worst that can happen with data breaches or inadequate privacy or security measures for data storage / devices / social media platforms is theft (identity, money, and more personal data), or damage to a company and its reputation, in a war situation, data can viewed in a whole new light. Just as the accuracy of the collected biometric data could have been used to protect the Americans, their contractors, and Afghan citizens, now that the data (and the readers) are in Taliban hands, the data can mean the difference between life and death. In modern warfare, personal data can be a valuable weapon in itself and lessons learned in Afghanistan could have implications for how biometric data is stored in other countries.

News

Featured Article: Legal Bot : From Motoring Fines to Asylum Applications

In this article, we take a brief look at the many different ways that technology is increasingly being used by legal professionals and by those seeking legal services, and how advancement such as AI are making a valuable contribution.

DoNotPay

DoNotPay (https://donotpay.com/), described as “the world’s first robot lawyer”, is an app/chatbot program that helps users to draft legal letters.  The app, which dates back to London in 2015 (when its writer, Joshua Browder, was still a student in London), was originally designed to help users to get out of parking or speeding tickets. Mr Browder was inspired to develop the program after his own experiences of receiving tickets as a young driver and got information about the best way to contest tickets from his own research and multiple freedom of information requests. Mr Browder decided that using software to create documents was easier than copying and pasting the same document multiple times.

How It Works – Machine Learning

Users type their side of an argument into the app, in their own words, and DoNotPay uses a machine learning tool to provide the legal language for drafting their argument.

Emergency Housing & Refugee Legal Help

Back in August 2016, Mr Browder altered the DoNotPay app from helping drivers, to helping those in need of emergency housing. In March 2017, and based on the fact that his grandmother was a refugee from Austria during the Holocaust, Mr Browder changed the app again so that it could be used to provide refugees with legal advice and help. At the time, the app was focused on helping refugees to the UK and the US to complete their immigration applications with the legal information coming from working with the help of lawyers in both countries. DoNotPay was made available to users through the Facebook Messenger app.

Expanded

The number of legal situations now covered by DoNotPay has been expanded so that the list of legal matters that the app can now help users with includes, compensation for victims of crime, copyright protection, creating a Power of Attorney, insurance claims, cancelling any subscription, getting money back on a holiday you can’t go on, cancelling gym membership, and even connecting with an inmate in a US jail!

Success Rate

The DoNotPay app, which has 150,000 paying subscribers, has been reported to have an 80 percent overall success rate, but a 65 percent success rate for parking tickets.

Other Legal Apps

There are many other types of legal help apps, including:

Fastcase (US)  – an app to help users find and save cases of interest and details about those cases.

LegalDefence (UK) – for a monthly subscription, users get unlimited advice with any issues (from Slater and Gordon lawyers).

LawOn (UK) – a free legal advice app to help users find a good lawyer, and to answer legal questions.

LawBite (UK) – An app focused on helping small businesses to access legal advice. Businesses can choose between case-by-case fixed fee (around 50 percent of similar lawyers), or subscription packages.

Using AI and Analytics To Help With Research For Legal Cases

In the US, for example, the earliest technological help with time-consuming and complicated legal case research came in the 1970s and 1980s with PC revolution when continuously published, updated, and annotated legal databases like Westlaw and LexisNexis were introduced.

Challenges

Some of the key challenges in today’s environment for lawyers embarking on research for their legal cases are converting the raw data produced by research into something usable and finding a way to crunch is the huge increase in the amount of available information both from law on the books, and secondary sources.

Legal Search Engines

AI-based legal search programs / search engines are another way that the legal profession is using technology to help in case preparation.  For example, Westlaw Edge, a (US) search engine (and WestSearch Plus), is an example of how AI is used in a specialised search engine for legal professionals to return relevant documents, and provide responsive suggestions in answer to law questions, thereby crunching lots of legal information, saving time, and increasing the confidence of legal professionals.

Litigation Analytics

One way that lawyers can make informed decisions about which way a judge may rule on a particular type of claim and other similar facts of interest in making litigation strategy decisions is another area where technology is helping. For example, tech tools like Litigation Analytics use graphics and data visualisation to present data so that legal professionals can get a more informed insight into the likelihood of a court or judge granting a motion, or denying a motion.

Tax Appeals

In the US, the TAX-I software system is used by legal firms to analyse historical court data for tax appeal cases and can correctly predict how appeals will be determined with an estimated success rate of around 70 percent.

Disputes

Litigate (https://www.litigate.ai/) is an example of software that can create detailed chronologies related to cases, thereby saving legal professionals time, and making a positive difference to manual tasks and data analysis work.

Murder Cases

AI-based tools are now also used in research for murder trials. For example, back in December 2020, it was reported that AI was used for the first time at Old Bailey by a legal team in a trial conducted about the killing of Rikki Neave. The ‘Luminance’ technology was used to speed up the examination of evidence and search for patterns and connections that may have been unapparent or overlooked in past human inspections. AI tools like Luminance can save thousands of man-hours, spot details that could lead to solving cases and getting convictions, as well as saving tens of thousands of pounds in the costs of investigations and legal costs.

What Does This Mean For Your Business?

For businesses looking for cheaper legal advice solutions, apps can offer a convenient way forward. For legal professionals, AI-based tools can search and crunch large amounts of legal data, thereby saving time and money, and perhaps uncovering patterns and details that may be missed by humans. The success of apps like DoNotPay show that handy, accessible technology can be effective in helping with many different and common legal problems and can provide a cost-effective way for ordinary citizens with limited funds to get fast access to justice.  Also, AI-based solutions could prove to be valuable in tackling legal backlogs and helping the legal sector to cope with developing challenges going forward.

News

Tech Insight : How (Simple) 2FA is Being Beaten

In this article, we take a look at how two-factor authentication, introduced to help add an extra layer of security to logins, has its own vulnerabilities.

What Is 2FA?

Two-factor authentication (2FA) combines a username and password with another factor (e.g. sending an SMS or email with a code) to enable a person to login to an online account / platform / system, or website. This means that 2FA provides an additional layer of security to the username/password system

Why 2FA?

A username password system on its own has been found to be vulnerable to attacks and breaches because:

– There has been a huge increase in cybercrime and data breaches in recent years, and increasingly sophisticated attack methods are now more widely available, many of which can be bought off-the-shelf for relatively small amounts.

– Stolen passwords from previous breaches are widely available for cyber criminals to buy/swap, so most hacking-related breaches happen due to compromised (and weak credentials); for example, three billion username/password combinations were stolen in 2016 alone.

– Passwords can now be more easily cracked using technology. For instance, a computer recently set a record by guessing 100 billion passwords per second.

– Many people still set weak passwords and share the same password between many sites/platforms/accounts, thereby increasing the risk.

– Most people can only successfully remember shorter, more uniform, or more memorable strings of characters, and consequently these often end up being partly words, names, dates, or a combination, thereby perpetuating the problem of people choosing simple easier to crack passwords.

– Legislation, compliance, reputation, and tightened security policies have meant that online sites and apps must offer tighter security (i.e. not just passwords).

Beating 2FA

Despite adding the extra second layer of security, cyber-criminals are already finding ways to beat simple 2FA.  For example:

– Using Google Play and a victim’s login credentials to install apps on a victim’s Android phone (e.g. an app that synchronises users’ notifications across different devices, thereby enabling access to a victim’s SMS 2FA messages). Also, attackers can use compromised email/password combinations for a Google account to install a message mirroring app on a victim’s smartphone via Google Play, thereby enabling 2FA code interception.

– SIM swapping. This is where the attacker contacts the target’s mobile service provider posing as the target and convinces them to switch the target’s phone number to a device of their choice, thereby allowing the attacker to intercept any verification codes.

– Exploiting a weakness in the Signal System 7 (SS7) protocol used by phone carrier networks, thereby being to intercept codes to mobile phones.

– Sending multiple ‘push to accept’ authentication to a user’s phone causing the victim to click on “accept” (even when not authenticating) to remove the notification from their screen.

– Using knowledge-based authentication (KBA) to get around KBA as a verification method.  For example, finding details of a target victim on the Web (e.g. mother’s maiden name, first pet, first car driven etc), can enable some attackers to get around KBA verification, reset a password, and take over an account.

– Supply chain attacks (like SolarWinds) where code components are infected, and the target companies download these pieces without knowing they have been compromised.

– Compromised MFA authentication workflow bypass exploited by using a denial-of-service vulnerability in the MFA module in Liferay DXP v7.3.

– So-called ‘pass-the-cookie’ attacks where hackers try to extract stored authentication data that’s held in cookies on the victim’s browser.

– Server-side forgery which uses four zero-day flaws in Exchange to nullify all authentication completely with Microsoft Exchange servers.

– Real-time or automated phishing.  For example, back in 2018 (as reported by Amnesty International), hackers sent fake but convincing security alerts (like Google or Yahoo) to journalists and activists based in the Middle East and North Africa, advising that the victim’s account had been breached, and providing a link to an official-looking fake login page to initiate a password reset. Here, the 2 FA code and other details could be stolen.

– Using reverse proxy and Modlishka with a phishing attack.  The Modlishka (meaning ‘mantis’) tool, created by Polish researcher Piotr DuszyÅ„ski, sits between a user and a target website (e.g. Gmail). When the victim connects to the Modlishka server, which hosts the phishing domain, a reverse proxy component makes requests to the site it wants to impersonate, the victim receives authentic content from the legitimate site, yet all traffic to and from the victim passes through (and is recorded on) the Modlishka server. This allows an attacker to record any passwords and intercept any 2FA tokens.

What Next?

With criminals beating simple 2FA, many businesses are turning to:

– Using multi-factor authentication (i.e. using multiple methods of authentication simultaneously) and in combination as needed.

– Biometrics – fingerprint scans, face scans, iris scans, voice-recognition and more.  Some biometrics authentication systems have already been shown to be vulnerable (e.g. voice recognition systems have been tricked) plus biometrics can’t be remotely revoked; if a fingerprint is compromised, it can’t be replaced (as a password can).

Protection

Some simple ways to protect yourself against attacks on 2FA include:

– Checking whether your password has been compromised via sites/services such as https://haveibeenpwned.com/ .

– Using stronger passwords and a Password Manager and avoiding password sharing.

– Limiting the use of SMS as a 2FA e.g., use Google Authenticator instead.

What Does This Mean For Your Business?

Many businesses now have policies for passwords, have adopted a zero-trust approach to security and realise that there are many vulnerabilities in username/password systems. Even though 2FA provides an extra layer of security, human error, the appliance of social engineering, and the increasingly sophisticated methods used by cybercriminals mean that 2FA can (and is) being beaten. Businesses are now looking towards multi-factor authentication and biometric security solutions in the shorter term for added protection although some biometric solutions have already been beaten or shown themselves to have other disadvantages.  Many businesses accept that fight against cybercrime is ongoing and that staying one-step ahead is the most that can be expected until there is a major security breakthrough.

News

Tech News : Delivery Scams Top The ‘Smishing’ List

Data, published by trade association UK Finance for security provider Proofpoint, shows that parcel and package delivery scams are now the most common form of ‘smishing’ attempts.

What Is Smishing?

Smishing is where an attacker sends a text/SMS message purporting to be from a reputable company, in this case, the Royal Mail or a parcel delivery company/courier service. The idea is that the recipient (who may be expecting a parcel delivery) is fooled into clicking on the link in the text message and this either send sends the attacker personal information (credit card number or password) or downloads a malicious program/malware to the victim’s phone. The malware can be used for snooping on the user’s smartphone data or sending sensitive data silently to an attacker-controlled server.

March – Big Month for Royal Mail-Related Phishing

Research results released in April (by Check Point Software) showed that March was the biggest month in 2021 for Royal Mail-related cyber phishing attacks with a 645 percent increase on the previous two months, equating to an average of 150 per week.

Now, More Than half of Phishing & Smishing Attacks Are Parcel Delivery Scams

The new data shows that these kinds of parcel delivery scams now account for more than half of all reported text phishing, or ‘smishing’ attacks in the UK. For example, the new data shows that from 15 April to 14 July 2021, 53.2 percent of reported scam text messages were from attackers posing as postal delivery firms. Also, from 14 June and 14 July, parcel and package delivery scams accounted for 67.4 percent of all smishing attempts.

Driven By Pandemic

The increase in delivery-related smishing attacks has been driven by the big increase in online shopping that resulted from pandemic restrictions, bricks and mortar shop closures, and the need to stay at home.

How To Protect Yourself From ‘Smishing’ Attacks

Since smishing attacks basically rely upon human error (i.e. not being able to spot a smishing attack – or to report an attack if spotted to help warn others), so one of the best ways to protect yourself is to know the signs of a smishing attack. Information to help you to detect and avoid becoming a victim of smishing includes:

– Financial institutions never send text messages asking for credentials or transfer of money and credit card numbers, ATM PINs, or banking information should never be sent to someone in text messages.

– Many smishing scam messages offer quick money (e.g. from winning prizes or collecting cash after entering information) and they sometimes use coupon code offerings.

– A message received from a number with only a few digits is a sign that it probably came from an email address, which is a common sign of spam/scams.

– Avoid storing any banking information on a mobile device (in case of malware).

– Be wary of any delivery-related text messages other than the standard day/time of delivery messages.

– If you receive a smishing text, to protect other users, send the message to your telecom’s number so that it can be investigated.  Also, report such messages to Action Fraud (https://www.actionfraud.police.uk/).

What Does This Mean For Your Business?

Driven by the pandemic-fuelled increase in online ordering by consumers, it seems that attackers are shifting their focus from impersonating financial services and banks to impersonating the Royal Mail and other delivery services and couriers. This shows that the threat ecosystem has evolved over the past year towards scams based very much on human error (e.g. smishing and phishing). Businesses have also been targeted with more (sophisticated) ransomware and business email compromise (BEC) attacks. This threat evolution indicates that businesses may want to explore a more people-centric approach to cybersecurity to reduce today’s risks and, if they haven’t done so already, adopt a ‘zero trust’ approach to their cyber security. Businesses need to realise that today’s attackers would much rather log in than hack in and are, therefore, favouring the types of attacks that fool their victims into giving-up their information, rather than going through the complicated and time-consuming process of hacking in the ‘hard way’.

News

Tech Tip – Backing Up Your Chrome History

If you’ve lost your Google Chrome history and you’d like to avoid the frustration of having waste time trying to find those useful and interesting websites that you remember looking at, here’s how to back-up your history so it doesn’t happen again:

Enable Sync

Enabling sync on Google Chrome history copies your history (and bookmarks) to your other devices (where you’re logged into your Google account), thereby stopping you from losing it. To turn on sync:

– Open Google Chrome and sign in.

– In a new tab, go to the 3 dots (top-right) an select ‘Settings’ from the list.

– Click on “Turn on sync” and click yes to confirm.

Backup The History File

To backup the history file itself, so that Chrome automatically stores your browsing history in a MySQL database file on your computer so you can then store it in a secure location e.g., OneDrive or Dropbox:

– Open a browser and paste the following in (substituting your own username): C:\Users\Username\AppData\Local\Google\Chrome\User Data\Default.

– Find the file in the list called ‘History’ and copy it and paste it into another secure directory/drive as a backup.

News

Featured Article : Apps & Zaps – Ideas For Automating Your Business

In this article, we look at how Zapier and other alternatives can be used to link apps together and create automated workflows that can carry out daily/weekly marketing tasks for you in the background while you get on with running your business.

Zapier

Zapier (https://zapier.com/) is a tool that can automate repetitive tasks between two or more apps, without any extra coding or human intervention being necessary. It is a way of automating workflows which tells your apps to follow this simple automated workflow command: “When this happens, do that” (known as the Zap), meaning that when an event happens in one app, Zapier can then tell another app to perform (or do) a particular action.

Zaps

Each Zap, therefore, has a trigger and one or more actions. The trigger is the event that starts a Zap, and an action is what the Zap does for you. When a Zap runs, each action it counts as one task.

Good For Certain Types of Tasks

Zapier works well for tasks that are needed frequently e.g., sending out weekly reminders as well as for any situation where information needs to be moved from one app to another e.g., adding tasks from a project management app into a personal to-do list app. Zapier also works well for the kind of tasks that don’t require much thinking e.g.  copying emails of events to spreadsheet or collecting emails from web forms on landing pages and adding them to audience lists in Mailchimp.

Working on Automated Tasks in the Background

The great thing about Zapier, therefore, is that it can be set to work on low level tasks (i.e. labour intensive but not necessarily complicated tasks) in the background, thereby freeing up valuable resources and saving time.

Templates and Customisable

Zapier users have access to templates, and actions are customisable.

Alternatives to Zapier

There are many different alternatives to Zapier in the market for automating workflows by linking apps.  Popular alternatives include Automate.io, IFTTT (free), Microsoft Flow, Integromat, CloudHQ, Actiondesk, Huginn, Workato, Elastic.io.  Each are more suitable for different types of work and have different levels of integration with apps.

Examples of What Can Be Done – Integrations

Here are some examples of what kind of automated workflow tasks (integrations of apps) that can be achieved with a few different alternatives to Zapier.

Integromat – https://www.integromat.com/

– With online ads, Integromat can be used to streamline what happens with leads from online advertising (i.e. after a lead form ad has been filled-in). Automated worklows can be set up to automatically add contacts to a CRM as leads or enrol them in an email or SMS drip campaign.

– Using a pre-defined template, each time a new tweet is posted on Twitter, Integromat can automatically publish a new post on LinkedIn.

– Every time a new review is added to your ‘Google My Business’ location, Integromat can automatically store it in Google Sheets.

– Each time you publish a WordPress post, Integromat can be used to automatically publish the new post on LinkedIn.

– Any mp3 audio files added to Google Drive can be automatically transcribed with Google Cloud Speech and the text saved to a Google Docs document.

– Every time a Google Doc is created, it can be automatically converted to an audio file via the Google Text-to-Speech API.

– Automatically reply to a ‘Google My Business’ review depending on the rating, with a personalised response.

– Automatically create a new meeting in Zoom every time a new event is created or updated in Calendly.

Leadsbridge – https://leadsbridge.com/

Leadsbridge offers highly specific integrations for advertising and marketing. For example:

– Sync Facebook Custom Audiences with your Zoho CRM.

– Linking ActiveCampaign and Hubspot together e.g., to create new HubSpot contacts in forms, or create new HubSpot companies in smart lists.

Automate.io – https://automate.io/

Great for integrating cloud applications and automating your marketing, sales and business activities.  For example:

– An integration to sync between Mailchimp and Shopify that can automatically subscribe customers to a particular list in Mailchimp and send targeted emails.

– Sending an email in Gmail on a Successful Sale in PayPal.

– Scheduling Salesforce events on Google Calendar.

– Sync new Stripe payments to QuickBooks as customers.

– Get Slack notifications for new tasks on Microsoft SharePoint.

IFTT – https://ifttt.com/

IFTT, short for ‘If This Then That’, offers different ways of connecting services using Applets.  For example:

– Create an event on your iPhone’s calendar using your Google Assistant (Amazon Echo).

– Make your Instagram photos show up in your Twitter feed as a full image rather than a link (for single photo posts).

Microsoft Flow – https://flow.microsoft.com/en-us/

Microsoft Power Automate helps to streamline repetitive tasks and paperless processes. For example:

– Save all Outlook.com email attachments to a folder in your OneDrive, or save all Gmail attachments to Google Drive.

– Send an email when an item in a SharePoint list is modified.

What Does This Man For Your Business?

Zapier, Integromat, and similar platforms offer businesses the opportunity to save time and money, and make better use of their resources, and work smarter through automating workflow tasks so that they are carried out in the background. With these platforms, the existing templates mean that businesses don’t need technical expertise, APIs, custom scripts, or often unmaintainable solutions to be able to connect their different marketing tasks and get apps to communicate with each other in a way that can add value and possibly create sources of competitive advantage. At the very least, they can save a lot of time and effort and can help businesses to punch above their weight in terms of marketing processes and the level of in-house technical skills.