All posts by Paul Stradling

News

Tech News : Guarding Against The Rise In Router and VoIP Attacks

After a recent high profile media story highlighted how poor router security led to a police raid of the home of an innocent family, we take a look at how Wi-Fi piggybacking attacks against home and domestic targets, and VoIP hacking of businesses worldwide are growing threats.

What Happened?

It has been reported that in January this year during the lockdown, the family home of a couple and their two young children was unexpectedly raided by police. The shocked and frightened family could only look on as their desktop computer, two laptops (and a borrowed laptop), current (in-use) mobile phones and old mobile phones retrieved from drawers around the house were taken away by officers. The family found themselves with just a landline for communications, and under suspicion for a crime which, as it later transpired, they did not commit, and knew nothing about.

Work Laptop

To make matters worse, the father of the family was forced to tell his boss that the police required the decryption key to unlock his work laptop, thereby making him fear for his job.

Wi-Fi Accessed Due To Poor Router Security

When the devices, which the family were told had been taken for ‘evidence’, were finally returned two months later, it became clear that a mistake had been made because the family’s Wi-Fi connection had been used without their knowledge, and by an unknown party to upload illegal images to a chat site. 

The evidence given to the police by the National Crime Agency which led to the raid, had suggested that the illegal uploading had come from the family’s IP address. In reality, the family had simply fallen victim to criminals piggybacking their insecure wireless connection. The weakness that had allowed the attack is believed to have been a weak/poor default password on their old router.

Router Danger

A recent Which? investigation looked at the security aspects of 13 models of (commonly used) old routers from companies such as Virgin, Sky, TalkTalk, EE, and Vodafone. It was discovered that 6 million users may have router models that have not been updated since 2018 at the latest, with some not being updated since as far back as 2016! The investigation discovered issues with more than half of all routers (of those surveyed).  This suggests that as many as 7.5 million users could have routers with security risks.

The main vulnerabilities threatening the security of business and home-user routers, which are often the same thing now with remote working, include weak default passwords that can be easily guessed by hackers, meaning that the router could be accessed remotely, from anywhere in the world. Local network vulnerabilities can also allow a cybercriminal to take control of a user’s device, see what a person is browsing, or even direct a user to malicious websites. A lack of recent updates to the Firmware of a router could also negatively affect a device’s performance, thereby affecting productivity, and leave outstanding security issues.

VoIP Systems Hacks on the Increase

Recent ‘Check Point’ research has also shown that there has been a big rise in cyber-fraud operations targeting VoIP phone systems worldwide. For example, a Gaza-based hacking group was found to be responsible targeting servers used by more than 1,200 organisations based across over 60 countries, with half of those targets being in the UK! What’s more, hackers worldwide are creating their own social media groups to share tips and know-how relating to VoIP phone system hacking and to organise and co-ordinate future attacks.

What To Do

Businesses can guard against router security threats by taking measures such as changing the username and password(s), ensuring that the router’s firmware up to date, changing the network name/SSID, stopping the Wi-Fi network name/SSID from being broadcast, enabling the router’s firewall, or simply opting for a router upgrade / a new, more secure router.

To guard against the threat of VoIP phone system hacks, businesses need to make sure that their security patch installation management systems and procedures are up to date, call billings are regularly analysed, there is clear and robust password policy in place, and that an intrusion prevention system is implemented.

News

Tech Insight – What Is Bandwidth?

In this article we take a look at what bandwidth is, ways to improve bandwidth, and we look at how bandwidth ‘throttling’ is used.

Bandwidth

Bandwidth refers to the maximum amount of data that can be transferred from one point to another over an internet connection in a given period of time. It is typically calculated and expressed in bits per second (bps) or megabits per second (Mbps).

The data that is transferred across the Internet is sent in the form of data ‘packets’, each containing a source and destination, and the content being transferred.  Networks with higher bandwidths are able to transfer larger numbers of data packets than connections with lower bandwidths.

Speed

Bandwidth is not the same as speed because while bandwidth refers to the amount of information received per second, speed refers to how fast that information is received or downloaded.

Latency

The latency/delay/ping rate is the time lag that users experience while waiting for something to load (e.g. web pages). Even if plenty of bandwidth is available, reducing latency will improve the speed at which data packets move across the network.

Not all data makes it through to its destination. Taking bandwidth as the maximum that could get through, the ‘throughput’ refers to how much actually makes it to the destination. Some data can be prevented from doing so due to factors such as packet loss caused by errors in transmission or congestion. 

Broadband

Internet Service Providers (ISPs) enable users to connect to the Internet at high speed through broadband. This is essentially a wide bandwidth data transmission carrying different types of signals through an infrastructure made of different components along the route (e.g. coaxial cable or optical fibre). Different ISPs offer different broadband speeds but, as previously mentioned, speed is not the same thing as bandwidth.

Ways To Improve Bandwidth

Some of the key ways that you can improve bandwidth are to:

– Upgrade your plan with your ISP to get higher Mbps e.g. to a Fios Gigabit Connection.  This may be helpful for those who stream large amounts of content and use many different devices.

– Update/upgrade the router or frequently reboot the router to strengthen the Internet connection.

– Use physical, Ethernet wire connections to the router. This can help to get around problems such as connection issues with other devices.

Throttling

Bandwidth throttling is a way that ISPs intentionally slow down their internet service/slow down the data transmission for reasons including regulating network traffic, saving money, minimising bandwidth congestion, or, as in most cases, due to excess use on a plan that has a data cap. Throttling is not illegal but users should be informed if the ISP is using it.

Avoiding Throttling

One way to avoid throttling is to use a virtual private network (VPN) as ISPs cannot see the encrypted traffic. Users can test whether their service is being throttled, for example, by running two speed tests, one using the normal connection and one using a VPN.  If the VPN is much faster, this could indicate that throttling is being used.

What Does This Mean For Your Business?

Businesses, therefore, need to assess how much bandwidth they are likely to need, e.g. by taking into account factors such as how many employees need to be accessing the network and the bandwidth requirements needed for the applications that they use. Other ways to help include getting on the right plan from the ISP, using cables to the router, organising network backups and updates, monitoring and policing the traffic, migrating apps to the cloud, using WAN optimisation tools, and more. For businesses to maximise productivity and continuity, how to maximise their bandwidth is, therefore, an important consideration.

News

Featured Article : Safely Moving Your Tech Hardware

With many of us now owning tech items such as laptops, desktops, and printers, we look at the best ways to prepare tech hardware for a safe journey to a new home.

Tech Owners

An Aviva survey from 2020 showed that the average UK home now has 10.3 internet-enabled devices (286 million in UK homes) and that having children in the home increases the average number of devices.  For example, a UK home with 3 children can now typically hosts 15.4 internet-enabled items.

Add to these statistics the fact that the number of people working from home in the UK almost doubled during the pandemic (ONS figures) to 25.9%, and it’s clear that our tech devices, such as laptops and PCs, have a value and importance well beyond their physical price tag as work tools, vital communications and home research tools, and entertainment gateways.

When it comes to moving home, therefore, it is especially important to ensure that these items are protected and that they can quickly resume their function safely at their new destination.

Preparation of Tech For The Removals Journey

Good preparation begins with good IT practice and extends to preparing for any possible risks to your tech items. Key preparation activities should be:

– Backing Up. Having a reliable, secure, cloud-based backup service for your work and vital data should be standard work practice anyway to preserve business continuity and to preserve valuable memories (photos and videos). Before moving, however, backing up PCs and laptops can ensure that in the event of any physical damage to an item, your data has been saved.

– Connection. Making sure in advance, where possible, that where you’re moving to has enough sockets, phone points, and likely a decent likely broadband provision (check with your provider if in doubt) can enable a fast tech setup at the other end.

– Security. Make sure that prior to removal, devices have password protection in place so that only you access them, and that any sensitive data is not stored on the device itself (which should be part of normal backup procedures).

– Careful disassembly. It is easier for your removals company, and safer (for the device) to ensure that everything has been disassembled in an organised way (e.g. peripherals, leads, power adapters, your router, monitors, and computers). Arranging the items so that each device and its cables and adapters go in the same box can speed up re-assembly at the other end.

Packing Tech Devices For Removals

Tech devices and peripherals are high value and contain small components that can be easily damaged by knocks and bumps.  Also, some devices are rarely disassembled after their original assembly in the home, so users can be unfamiliar with which lead goes where, and belongs to which device.  With these concerns in mind, when preparing for your home removals:

– Ensure that you have boxes, bubble wrap, packing paper, tape, and enough soft materials to pack them with similar protection to when they were first shipped.

– Record what goes where. Taking a photo on your phone of where cables are plugged in, and or using labelling (round cables) or colour-coded tape can help you to re-assemble your tech hardware quickly at its new home.

– Take portable storage devices with you.  If you still use storage devices such as USBs, or even external hard drives, you may decide that its better and safer to take these with you (e.g. in a bag/box in your car) so that you can minimise the chance of losing them or forgetting which box you put them in.  Cloud back-up storage can be a much safer way of keeping your personal data safe.

– Label your boxes.  Clearly labelling your tech device boxes will help you to quickly find and re-assemble them at the other end.

– Trust your removals company. Your removals company has experience in safely transporting tech devices and high-value, delicate home and office hardware. Their fully trained, trustworthy staff are able to assess your situation from the quote to the move itself. Your removals company should also be able to give advice wherever it’s needed.

News

Tech Tip – Sending ‘Private’ Emails in Gmail

If you need to send an email containing private/sensitive information, you can do it in Gmail using confidential mode. Here’s how:

– Open Gmail and log into your account.

– In the upper-left corner of the screen, select Compose.

– At the bottom of the New Message window, marked by a padlock and clock icon, is an option to ‘Turn confidential mode on/off’. Turn it to ‘on’.

– Set the expiration date for the email i.e.,1 day, 1week, 1 month, 3 months, or 5 years.

– If you would like the email to require a passcode in order for it to be read, select the ‘SMS passcode’ checkbox.

– Click ‘Save’.

– Write the email and send it.

It’s worth noting that the contents of any emails you send using this confidential mode can’t be forwarded by the recipient, copied, printed, or downloaded.

News

Tech News : Get Notified By Google If Your Passwords Are Compromised

As part of Google’s latest security updates to Chrome and Android, users will not only be alerted if any of the passwords in their Password manager are compromised but will also be given the opportunity to make a quick fix.

Quick Fix – Change Password

In the ongoing competitive battle between Google’s Chrome browser (and its Android OS) and Apple’s equivalent, Google has released new security updates. Part of the updates to the Password Manager that’s built-in to Chrome and Android is the new quick-fix feature which will enable the Google Assistant to navigate to the compromised accounts and change passwords within seconds. 

Benefits

Firstly, the fact that users are alerted when a password has been compromised is valuable because if users are made aware of a problem, they can quickly take action before more damage is done, rather than simply finding out after the event (e.g. stolen data or money) and/or the password being used by other attackers after being passed on/sold on.

Secondly, having a fast-track route to a quick fix through being offered a one-click ‘Change Password’ button means that users can minimise the amount of time that they are exposed to risk, and can quickly and conveniently change a password without having to go back to the site where it has been compromised, click on the forgot password/change password link, and go through a longer process that way.

Setting Up The Feature

The feature, which is powered by Google’s AI technology (since 2018) ‘Duplex’, is available to users who have turned “Safe Browsing” on and who are signed-in and syncing to Chrome.

On Android, for example, to receive alerts if any passwords have been compromised (e.g. in a data leak on a third-party website or app) navigating to the ‘Settings’ in Chrome and selecting ‘Privacy and security’ > ‘Safe browsing’ and tapping on ‘Standard protection’ gives users the option to switch “Warn you if passwords are exposed in a data breach” to on or off.

Users can also choose to check saved passwords themselves to see if any have been exposed in a data breach. Again, this can be done via ‘Settings’ in the Chrome app, by tapping ‘Passwords’ > ‘Check Passwords’.

What Does This Mean For Your Business?

This is one of several new security features announced in answer to Apple’s recent iOS 14.5.1, and macOS 11.3.1 security updates, and specifically, is an answer to Apple introducing compromised password alerts with iOS 14. Clearly, being alerted and being able to check password compromises, and being able to change a password quickly and easily is likely to be very beneficial to users.  Google also recently announced that it will soon be automatically enrolling its users in Two-Step Verification ‘2SV’ to improve the security of its services, but the future of authentication and verification is most likely to be ‘passwordless’ and based on biometrics. For example, last year, Google announced that users could verify their identity by using their fingerprint or screen lock instead of a password when visiting certain Google services (e.g. Pixel devices and all Android 7+ devices) due to Google’s collaboration with many other organisations within the FIDO Alliance and the W3C that led to the development of the FIDO2 standards, W3C WebAuthn and FIDO CTAP that allows fingerprint verification.  Both Apple and Google may, therefore, be highlighting features based around more traditional security ideas now, but the direction of travel is away from passwords altogether.

News

Tech News : New Privacy Features For Android 12

Google has announced the release of the first beta of Android 12 which has a range of new features including some security measures which Google hopes can match those of Apple.

Design Change

Announced recently at a developer conference, and on Google’s blog, the addition of the new features to Android 12 mark the “biggest design change in Android’s history”

In addition to being able to completely personalise their Android phone with a custom colour palette and redesigned widgets, Google says that users will also notice that the Android 12 OS is much faster, smoother, and more responsive to touch, with smooth motion and animations.

Security Features

Some of the features that have really caught the attention of tech commentators are those designed to give Android security features that are on a par with its competitor Apple.

These new features include:

– A new Privacy Dashboard.  This offers users the convenience and ease of having a single view into permissions and settings as well as showing what data is being accessed, how often and by which apps. The dashboard also makes it easy for users to revoke app permissions.

– A new indicator for the microphone and cameras. Similar to iOS indicators, the new Android 12 indicator (top right) lets now users know when their apps are accessing the microphone or camera, and two new toggles in Quick Settings allow users to remove app access to these sensors for the entire system.  These features enable users to guard against cyber criminals using (via apps) the camera or microphone to spy, eavesdrop, and steal personal data.

– Approximate location permissions.  This feature recognises the fact that apps don’t need to know a user’s exact location to function properly and, therefore, just giving an approximate location gives the user more control over how much information is shared with apps.

– Android Private Compute Core. This is a kind of sandbox, like the partitions used for passwords or biometric data, but can hold data for use in machine learning. The Android Private Compute Core enables features like Live Caption, Now Playing and Smart Reply and because all the audio and language processing happens on-device, isolated from the network, this preserves user privacy.

– Password Manager improvements.  Then new features being introduced to Google Chrome and Android’s Password Manager include making it easier for users to import passwords e.g., from NordPass, and an automatic password alert that tells users when Google detects that any saved passwords have been compromised in a security breach. Also, a new quick fix feature will enable the Google Assistant to navigate to the compromised accounts and change passwords within seconds, thereby trying to minimise the amount of time that users are exposed to risk.

Apple Update

It’s a fortnight since Apple (Google’s big competitor) released its critical iOS 14.5.1, macOS 11.3.1 security updates, so it’s not surprising that the new Android security features are being announced now.  Some tech commentators have noted, however, that the latest Android security and privacy updates don’t have an answer to Apple’s App-Tracking Transparency Feature, which requires apps to ask users for permission before tracking them across the web. It has been reported, however, that Google is still working on an alternative.

What Does This Mean For Your Business?

For Google, this update of Android is as much a competitive move as a simple update, designed to close the perceived (security) gap between its benefits and that of Apple’s iOS, and to challenge the idea in the marketplace that Apple products are always more secure. These extra security features will also be of benefit to business and domestic consumers alike but features such as the improved Password Manager may be bad news for companies like Nord (NordPass) and LogMeIn (the owners of LastPass) as it will be easier to transfer passwords across to Android. Google’s Android OS does still, however, have some catching up to do with Apple on features such as Tracking Transparency.

News

Featured Article – The Issue of Push Payment Fraud Reimbursement

With Barclays Bank recently publishing the figures of refunds it made to customers who fell victim to authorised push payment (APP) fraud, there have been calls for greater transparency and reform to the current (voluntary) reimbursement code.

Authorised Push Payment (APP) Fraud

APP refers to situations where consumers have used a bank transfer to pay for goods or services that are fake/don’t exist and the money is stolen by fraudsters.

The Contingent Reimbursement Model (CRM)

Where money has been stolen in this way by fraudsters, banks can choose to use a voluntary code, introduced in May 2019, called the Contingent Reimbursement Model (CRM).  This code sets out how and by whom consumers who have suffered APP fraud losses are re-imbursed.  Banks that sign up to the code are often the ones to re-imburse victims where the conditions of the code are met.

Issues

There are, however, several issues relating to this code and the reimbursement to APP fraud victims that organisations such as consumer champion ‘Which?’ have been pushing to change.  For example:

– An apparent gap in fraud protection and redress for fraud via authorised push payments compared to other forms of payment such as debit and credit cards.

– A lack of transparency by banks and building societies about their reimbursement rates relating to APP fraud. There has been criticism that figures are not being published and/or are not being published on a regular basis.

– A feeling among banks (as outlined recently in a blog post by Starling) that other organisations used by criminals as part of their frauds (e.g. social media companies and telecoms networks) should be taking some responsibility and co-operating with banks to prevent fraud.  For example, social media may be used to advertise the fraud and also to find those who are willing to launder money (money mules) and to buy stolen identity and card data.

The Reality

One way to get a realistic view of what is happening as regards the behaviour towards consumers who are victims of fraud could be to look at the figures by the Lending Standards Board which oversees the CRM code. Their figures show that in the first year of the code’s introduction, banks ruled that 77 per cent of fraud victims were partially or fully to blame for their losses and that customers were fully at fault in 60 per cent of cases.

Which? Wades In

Consumer champion ‘Which?’ has also published concerns online about how banks and building societies have been behaving as regards re-imbursement (or not) and has published its view of the issues that it hopes will “help inform the Lending Standards Board’s one-year review of the CRM Code”.  According to ‘Which?’ these issues are:

– An over-reliance (by the banks) on victims having ignored warnings.

– Unreasonable expectations of how victims should have verified who they were paying.

– A failure to properly assess vulnerability.

– Poor communications (by banks) with victims.

‘Which?’ has called for urgent action to ensure that businesses adhere to the Code (CRM) and has called upon all those organisations signing up to the Code to test warnings to see if they are ‘effective’, make judgements based on what is reasonable on evidence of actual customer behaviour and to train staff in how to identify customers who could be vulnerable to APP fraud. Which? has also called for code signatories to properly explain specific reasons for reimbursement decisions to victims and has called on the Payment Systems Regulator to look at whether or not the voluntary industry code is effective in its current form.

Barclays The First To Publish Details

Barclays Bank recently became the first CRM code signatory to publish its APP fraud reimbursement rates online. According to Barclays, 74 per cent of its customers who suffered APP fraud losses in the first two months of 2021 have now been repaid. This appears to be a reversal of the trend identified by the Lending Standards Board.

Looking Ahead

We all make decisions about what offers seem legitimate to us and who/what to pay money to, however, not every Web user is as experienced or informed with regards to cybercrime, and many web users could also, for many reasons, be described as more vulnerable to fraud. Fraudsters are also becoming more sophisticated and creative in their methods which could, arguably make more consumers more vulnerable to APP fraud.

The banks and building societies have argued, perhaps with some legitimacy, that some responsibility for preventing push payment fraud may lie with other organisations in the chain (e.g. social media companies). However, it appears that, based on Lending Standards Board figures, the apparent lack of transparency in banks and building societies publishing figures about how many customers have been reimbursed for the APP losses may be due to the fact that most consumers have not been re-imbursed and often appear to be blamed for falling victim to fraud.

Looking ahead, it may be necessary, as suggested by ‘Which?’ and recommended by the Finance and the Treasury Select Committee, for the current voluntary CRM code to become mandatory with the hope that regulatory oversight could bring better reimbursement outcomes for consumers and greater transparency from banks and building societies. It may also be helpful for more of a collaborative approach to be taken among all links in the chain used by fraudsters to tackle the problem.

News

Tech Insight – Tech Insight: What Are Firewalls?

In this article, we take a brief look at what a firewall is, what types there are, and the benefits and drawbacks of firewalls.

Firewall

A firewall is a network security system that can monitor and control incoming and outgoing network traffic based on predetermined security rules.  Based on these rules, it decides whether to allow or block specific traffic and as such, provides a valuable, controllable security barrier between inside network devices and potential threats from outside (the Internet).

Hardware firewalls protect the machines on a network and software firewalls protect the individual machines that they are installed upon.

How Do Firewalls Work and What Types Are There?

Firewalls use their set of configurable rules to decide which traffic is allowed through and which traffic must be blocked. The firewall is generally able to do this by scanning packets of data (e.g. for known malicious code or attack vectors which are regarded as threats according to the rules). The main ways in which firewalls work include:

– Packet filtering.  This involves using certain identified threats as filters for incoming data. The small ‘packets’ (from packet switching) that make up data being sent digitally across the Internet are scanned and are either allowed to enter the network or are blocked depending on whether they are within or outside of the configured firewall rules.

– Proxy service/proxy server firewalls. These firewalls are intermediary (application level) servers that separate end-user clients from the destinations that they browse. They create a mirror version of the computer behind the firewall but prevent direct connections between the customer device and incoming data packets. As well as being used as firewalls, proxy servers also work as web filters, provide shared network connections, and cache data to speed up common requests. Proxy service firewalls are very secure.

– Stateful inspection/dynamic packet filtering. Often found on non-commercial and business networks, a stateful firewall (using stateful inspection) works by individually tracking sessions of network connections traversing it (i.e. it monitors the full ‘state ‘of active network connections). This method of firewall filtering therefore relies upon looking at the whole context of the traffic and data packets trying to access the network, rather than just looking at discrete traffic and data packets in isolation.

Benefits and Disadvantages

The benefits of having firewalls in place include:

– Protecting business continuity and protecting the business from threats that could cause damage, disruption, and lead to fines (data protection), loss of customers, reputational damage and more.  For example, firewalls monitor traffic, filter out malware and trojans and, prevent hacking attempts, and maintain privacy as well as security.

Although firewalls are generally for the good of the business, some of the disadvantages include some firewall rules being so strict that they can restrict the legitimate work of employees, thereby affecting productivity, firewall maintenance for large organisations can be complex (unless handled by the MSP), some firewall costs can be high, and some malware attacks (e.g. through phishing) can get past firewalls.

What Does This Mean For Your Business?

Firewalls are a long-established (and now a relatively standard) element of cyber-defences that still provide a vital protective function. The fact that they can be applied to different parts of the IT system and infrastructure and can be configured with different rules and different levels as required and left to operate on their own gives them flexibility but at the same time, they provide businesses with a level of confidence that networks are being monitored automatically. Firewalls, however, are just one (important) tool in the overall defence of business networks and devices.  Today’s cybercriminals are finding ever-more inventive ways to breach defences and exploit human errors and social engineering opportunities, so businesses need to employ a large number of different security (and privacy) tools and strategies to ensure that they are protected day-to-day.

News

Tech Tip – How To Delete The Last 15 Minutes of Your Search History In Google

If, for whatever reason, you have not used Incognito browsing in Google and would like a fast and easy way to delete the last 15 minutes of your search history, here’s how:

– Open the Google Search app on your Android or iOS device.

– Tap on your profile picture (top-right).

– Tap on “Delete the last 15 mins”.

To erase your search history for a longer period:

– Tap on the Search history button.

– Select the date range to be deleted.

– Alternatively, set up an auto delete function via the search and location history in the Google account settings.

News

Tech News : Clubhouse For Android Launched In The UK

Drop-in audio conversation social network app ‘Clubhouse’ has launched its Android (beta) version for download in the UK.

Clubhouse Android Launched In English-Speaking Countries

San Francisco-based Clubhouse announced on May 9 that, starting in the U.S., and quickly following in other English-speaking countries, it was rolling out of the beta Android version of its popular app.

Still Invite Only

Clubhouse has stressed, however, that despite what will be a worldwide rollout over the next few weeks, the app will continue to have the waitlist and invite system in order to “keep the growth measured”.  Clubhouse says that the plan is to continue to scale out the backend over the coming months in order to open up further to the millions of people on its iOS waitlist.  The app will also be expanding its language support and adding accessibility features to help with the growth in membership.

Android users in the UK can now download the Clubhouse app from the Google Play Store.

Problems Earlier in the Year

Clubhouse has acknowledged that the problems that it experienced earlier in the year, such as server outages, notification failures, and surpassing the limits on its early discovery algorithms were a result of rapid growth.  The company says that it has switched its focus from “hiring, fixing, and company building” to investing to enable the growing app to be able function well for the membership.

Hype and Benefits

The Clubhouse app has grown very quickly, accompanied by quite a bit of hype, but also because it appears to offer users the kind of direct access to an audience with influential people and industry leaders from around the world that it would be very difficult, costly, and time-consuming to get normally. Also, the real-time conversations mean that time is saved while issues, ideas and plans can be addressed and discussed instantaneously. As such, it has proven to be very appealing to business users.

Privacy Concerns

Important aspects of the Clubhouse app that were not mentioned in the recent announcement are the possible security and privacy concerns.  For example, the Clubhouse app doesn’t appear to have end-to-end encryption (like WhatsApp), user data is routed through Chinese servers (and by implication, the Chinese state) and the requirement on sign-up that users must upload their device address books, thereby sharing other peoples’ contact details without consent.

What Does This Mean For Your Business?

The rapid initial growth of Clubhouse has been fuelled by some of the potential benefits valued by businesses (e.g. the possibility of getting direct access to an audience with influential people) and finding new business opportunities, coupled with the exclusivity (invite only) and the other benefits of getting in early before the crowd. The app had some problems due to its growth exceeding its capacity but the promise to invest by Clubhouse may mean that it may suffer fewer outages going forward. Now that Clubhouse is really growing it can expect some stiff competition from other popular meeting apps (e.g. Zoom) and the threat of big social media players quickly launching their own versions (e.g. Twitter’s ‘Spaces’). The security and privacy concerns remain, however, despite the big Android rollout, and for users it may simply be a case of weighing up the known risks against the possible benefits, accepting that this is simply an exclusive space to meet and chat but that it comes with potential privacy and security risks at this stage in the app’s life.