Mark Davies - The Identity Organisation
In the new and imminent GDPR world, mandatory reporting of a data breach becomes a reality for all businesses, and for those businesses who don’t report a breach, very large fines will apply. Running a business is about to become even more complex, but the real issue will be, how you as a business owner protect the data you hold, and whether or not that protection works.
The threat landscape has changed and we’re all aware of recent high profile fraud attacks that have resulted in data breaches and loss of profit and productivity. Only the other night there was a report on BBC Points West about a firm in Somerset who switched to online banking for the first time, and were defrauded of £3 Million.
Whilst, this was more of a straightforward internet fraud, interestingly, in the new GDPR world, it’s likely that such a breach would come under scrutiny and there would be questions about the processes for the detection of, and response to cyber-attacks. No doubt, the Information Commission will be interested when Companies fall victim to a fraud, wanting to understand what else could have happened apart from the successful attack? That’s the connection between security and GDPR.
As customers become more and more aware of their privacy rights - much strengthened under GDPR - and as that awareness grows, the onus on Businesses to protect their customers’ privacy and security will grow with it.
So, GDPR compliance cannot be a case of, “trying your best!” Demonstrating that, as a Business owner, you have taken the security of customer data seriously, is the core aim of GDPR. But, because the threat online is continuously changing in response to new defences, businesses not expert in the cyber-security field cannot hope to protect themselves adequately. The question then becomes -How do you demonstrate that you have done your best? Quite simply, security must underpin everything that you do online. And another small wrinkle. GDPR doesn’t only apply to digital data, but also any information you might hold in paper format!
More and more investment by large companies is going into trying to second guess what hackers have done on their networks and how to respond to an attack. They’re partnering with lots of organisations to develop new defence systems and data audits across their networks.
Smaller and Medium-sized Businesses may feel that they can’t afford this kind of investment. The question you have to ask yourself is, “can you afford not too?” if you don’t trust your systems and processes, how can you expect your customers and suppliers too? Under GDPR, they will want to be able to trust you to protect their data.
Data is the future
There is a risk that a lot of smaller businesses will, “press the panic button,” and reduce or delete completely the data that they hold on customers and suppliers. But, if you have no insight about your customers anymore it’s going to put you in a difficult position. In the future, even more than now, businesses will need to make data work for them, to be able to grow. But, in the GDPR world, they won’t be able to take a haphazard approach to how they use, store and protect that data.
Businesses of all sizes will have to make people aware of what they’re doing with their data, where it is, what it is and how they can get access to it. And as the public begins to understand what their data is worth, not just to the businesses they interact with, but also those who would seek to use it for criminal purposes, it’s only natural that they will want to see it protected. So, it’s not just about protecting the data you hold, but also protecting and growing your Business.
In summary. In the new GDPR world, all businesses will have to be transparent about the data they hold and what they do with it, comply with regulations and protect the data they hold.
Essentially, everything will come down to, as it always does. Trust!
Jacqui Lewis-Everley - ilateral
This is not a new story (Google announced it's plans September 2017), but many people are still unaware that Google Chrome and Firefox will be blocking websites that use SSL certificates issued by Symantec as of April this year. You many think "Well, my SSL certificate was issued by GeoTrust/RapidSSL/Thawte, not Symantec", but the reality is that Symantec provided SSL certificates to many companies (including the ones mentioned) and if you bought one of these SSL certificates, then your website might be blocked.
The result of this is that potentially thousands of websites could be blocked by Chrome and Firefox (there is a more detailed post about this on The Register), but a lot of websites providers still seem unaware that this update is coming. It is of the upmost importance that is your site is protected by an SSL certificate, you contact your provider and ask them if this update effects you!
You might feel that Google has gone to far in doing this, "how can one company dictate the availability of so many websites" you may ask? The reality is, Symantec's SSL company has not always been adhering to industry standards when issuing SSL certificates and have issued a certificate where they should not. Consequently, Chrome and Firefox developers feel they cannot trust certificates provided by Symantec. This may be a bit of a frustration for some people, but SSL certificates are supposed to be secure and provide a level of credibility to a site. If there is evidence that a supplier might not be providing secure certificates, it is the responsibility of companies like Google to help protect it's users.
If you want to find out more information about the whole story, Google posted an article on their security blog last year, you can go check it out.
Bob Pointer - CFIL Global
Words in papers, words in books,
Words on TV, words for crooks,
Words of comfort, words of peace,
Words to make the fighting cease,
Sometime ago before my move to the forest I attended an event, in my then local area, entitled “Magic at the barn”. Stage on behalf of local charities it provided amateur and professional illusionists, magicians and mentalists of various standing and ability, with an opportunity to showcase their acts.
I am extremely interested in the concept, principles and methodology of mentalism. The use of influence to exploit human nature are much the same as those used by fraudsters and social engineering (sic).
For every lie there has to be deception – but deception does not necessarily involve a lie.
Professor Albert Mehrabian in his article “Decoding of Inconsistent Communications” published in the Journal of Personality and Social Psychology in 1967 first highlighted the importance of verbal and nonverbal messages and introduced what is commonly known as the 7%-38%-55% rule. This rule is the stock in trade of the “Human lie detectors and body language gurus” who ply their trade online. Whilst Mehrabian’s proposition related to very focused and specific circumstances and has been widely misrepresented as the make-up of all intra-personal communication it does highlight the undisputed link between what we say verbally and what our bodies say.
Concrete words, abstract words,
Crazy words and lying words,
Whilst I agree that nonverbal communication plays a pivotal role in effective communication I don’t subscribe to the theory that in all interactions words only account for around 7% of the process.Words are the primary way in which we relay our message our nonverbal behaviour assists in directing that message.
In neuro-linquistic programming (NLP) the premise that we mainly operate on auto -pilot conforming to established patterns of behaviour is a fundamental principle which manifests itself in the use of embedded commands – hidden messages within a communication which speak directly to the unconscious mind. As a non practicing NLP practitioner I am aware of how powerful these verbal cues can be if used correctly – as evidenced by the results of my current work with Sales professionals at Volvo Trucks UK.
Whilst used correctly and ethically embedded commands are a useful tool in many circumstances, seeing them used alongside “conscious hypnosis” in the name of entertainment to me clearly evidenced the dangers of their misuse to manipulate and deceive.
Today in our technology enabled lives we are bombarded with messages all our waking hours from various media sources so how easy would it be for marketeers, Sales man and fraudsters to embed messages or information which bypasses our conscious mind?
The answer extremely easy as evidenced by a study undertaken at Glasgow University in 2012. In this experiment participants were provided with spoken messages via headsets and were required to press a button after each message if they thought it contained the truth. The messages relayed were based on the semantic illusion theory the most famous example of which is the message;
“How many animals of each kind did Moses take into the Ark”
Obviously this is not a true statement as it was Noah not Moses but this experiment evidenced that if a statement like this is delivered in the right way and “sounds” true we will accept it.
Another example is the Barnum or Forer effect again much loved by mind readers and astrologists which refers to the tendency for people to accept generic personal feedback consisting of relatively trivial statements as being highly accurate (Tobacyk & Milford, 1988).
So,what is the relevance of this here today? It is in my view extremely relevant in fact it could cost everything – our money and our very identity.
The principle of what is now known as social engineering is to use human nature against us to the advantage of another.
Organisations are very adept now at installing high tech monitoring systems to maintain the security of their data but every system has its weak point and invariably that is the human element.
Emails, social media, on line dating, there are so many ways now to use words as trojan horses to influence, misdirect or deceive us. Why send 1000s of hopeful emails asking to help get money out of an African princes embargoed account when you can send one from a trusted associate asking to meet for a drink at a new venue shown on an attachment or gain an individuals confidence through manipulation of their unconscious mind.
Understanding how human beings think and behave are vital skills for anyone in business. However it is a dying art as we rely more and more on technologically mediated communication.
Words are like a certain person
Who can’t say what they mean
Don’t mean what they say
Wordy Rappinghood – The Tom Tom Club
Oh and by the way without going back tell me, did I go to the “Magic at the barn” event?
Paul James - Best Parteez
So, the dream is to have a static bouncy castle Adventure-land here in the Forest of Dean. We can visualise an amazing centre full of magical stuff for kids (and adults too1). One that has a WOW factor when you enter, and makes you want to come back for more fun!
Perhaps we would fill it with amazing inflatables, softplay of super high quality, trampolines, climbing frames, slides, didicar tracks …..the list goes on.
A separate room for birthday parties would be good too, with in house catering from the centres cafeteria. One that has everything to create the perfect party.
And, make it all so good, the Forest of Dean would have something to be proud of. A venue so magical, people would come from miles around…..as well as the locals and tourists staying in the area.
So, all we need to make this happen is – an astronomical amount of money, support from the local council, a huge venue, and the knowledge to make it nothing less than brilliant!
Think about it though, it would create employment, generate more business for the Forest of Dean and give the area another great tourist destination.
Would love to hear your thoughts on this 😊
Bob Pointer - CFIL Global
I consider myself an extremely lucky man. I am one of the fortunate few who’s passion has become their business.
I have been fascinated by human behaviour since I first read “The naked Ape” by Dr Desmond Morris. Since that time, I have read numerous good, bad and indifferent books on the subject.
However, in this blog I want to focus on just one, an interesting and revealing book Detecting Deception: A Bibliography of Counter Deception Across Time, Cultures, and Discipline (2006) by Barton Stewart Whaley. This book was recommended to me as a serious exploration of the history of deception (an important aspect of human behaviour) and I can highly recommend it to those who, like me, want a more in-depth look at the subject than can usually be found.
Whaley describes deception as “the intentional distortion of another’s perceived reality”. He describes how deception can be categorised as dissimulation and simulation.
Dissimulation refers to hiding the “real” by masking, disguising or confusing whilst simulation refers to actions taken to divert attention.
He provides a very detailed account of the role of deception, which can and unfortunately does manifests itself in one form and another in our everyday lives. However, what intrigued me was the focus on a period in history where deception techniques became part of warfare.
World War 2 helped shape the world as we know it now and many of the stories, for instance the breaking of Enigma code, are now well known. But for me there is an equally enthralling story which centres on a not so well known individual Jasper Maskelyne who joined the British Army at the commencement of the war. In his civilian life Maskelyne was a stage magician and he soon recognised the opportunity to use his skills in miss-direction and deception to assist in the theatre of war.
There are many stories documented about his activities and, like with many other “folk heroes”, some of them seem fanciful. However, there is photographic and documentary evidence to support a good proportion of them.
After gaining some success working on “special projects” within his unit the Royal Engineers in January 1941 he was tasked with putting together “a force for subterfuge and counter espionage” which were then deployed supporting the battle against Rommel’s troops in the North African campaign.
Maskelyne and his team which included an architect, carpenter and stage-set builder were known as the “magic gang”. Together they were responsible for creating illusions which made trucks look like tanks and tanks look like Trucks which confused the enemy’s intelligence gathering operations.
However one of his greatest documented achievements has to be an illusion which even today sounds impossible; miss – directing the German bombers tasked with destroying the strategically important port of Alexandria. Incredibly the magic gang created a mock-up of the port including fake buildings, anti –aircraft guns and a light house. Whilst this was impressive in itself incredibly he also managed to disguise the Suez canal by the use of series of revolving cones of mirrors. These devices were capable of projecting strobing light over an area of 8 miles which dazzled and disoriented the German pilots.
After this success the gang played a major role in the lead up to the pivotal battle of El Alamain. Again, using miss-direction techniques namely the creation of over 2,000 fake tanks and a complete infrastructure including buildings and railway tracks. This created the illusion that the attack was to be staged from the south rather than from the North where a 1000 tank had been disguised as support lorries.
The parallels between military tactics and the art of miss-direction and deception are clear to see and the Cold War that followed on from the open conflict of the Second World War introduced the era of espionage which honed these techniques into an art form.
But unfortunately, such skills repackaged and technically enabled are today widely used in another theatre – Fraud – masking and simulation through mass market or directed phishing attacks plus the use or disguised Trojan attachments etc. are stock in trade for the modern fraudster or “social engineer”.
However not all the stories featured within Whaley’s excellent tome were just extraordinary some were also quite bizarre. For example, the case of the chicken Elmer Gwynne who was appointed a sergeant in The US Army. This action was taken to swerve a ban on soldiers keeping pets. The chicken was part of a magic act performed by his keeper Jack Gwynne – a member of the United Services Organisation - so alongside his "handler" the chicken was enlisted! This stunt backfired as rather than raise morale the outcome of the performances were near riots as starving soldiers in India and Burma tried to capture the “sergeant” as a welcome addition to their rations!
Maxine Smith - Body Awareness Therapies
As a parent, we blame ourselves and apologise when our children behave badly; when they get into trouble at school, are disrespectful to another adult or hurt another child. We feel guilty, berate and blame ourselves for the hurt and distress our children cause.
Therefore, would it be safe to assume that when our children behave in an unacceptable way, they are not behaving in the way we believe we taught them? Or are they?
I ask that question because children are more likely to learn from what they see rather than what we tell them.
Therefore, is it possible that we have, unconsciously, taught our children, an attitude, a behaviour, or a way of viewing the world that they are now acting out with their friends, teachers or the person on the street?
It is possible that they heard something we said, witnessed our behaviour, observed our habits? Actions they are now displaying in their own behaviour. We may well have told them off for exactly the same things, not realising we are teaching and reinforcing, certain types of behaviour on a daily basis.
Therefore, the question to ask is
Are we to blame or are we responsible?
Blame implies that we are, indeed, bad parents who can’t teach our children right from wrong, parents who are incapable to keeping our children on the right path. On the other hand, we may decide, actually, our children are the ones who behaved badly, I am not to blame, they are. If any of the above is the case, we become powerless, as though there is nothing we can do to change or alter their behaviour.
Responsibility on the other hand puts us in a powerful position. When we take responsibility, we have an opportunity
We can help them to understand
More importantly, it is an opportunity to address our own behaviour. To look in the mirror that our children are holding up for us to see, and make a change in our behaviour. If we can be honest with ourselves, we can be honest with our children. And, Yes, that is painful and maybe we will lose face, for all of 2mins.
Your child could begin to see you, for the humans you are. They will respect you for recognizing your mistakes, your honesty, and your willingness to shift in your behaviour.
As a result, you are more likely to be mindful of how you behave to reduce the risk of reinforcing their unacceptable behaviour through your own.
For many parents, this may well be the first opportunity to have an open, honest and frank discussion with their young person that could make all the difference now, and in, years to come.
The trick is to be self-aware and identify where your own behaviour falls short of the standards you set yourself and teach your child to live by.
Jason Whitehead - Vitality Mortgages
If like most people in the UK , you think the mortgage rate you have on your home is the best rate you can have. I’m here to tell you that in most cases that isn’t true. Many UK home owners are surprised to learn that they can compare mortgage rates from different lenders, and save money on their mortgage by switching.
Most UK residents are gobsmacked when they learn how easy it is to go online and compare mortgage rates from various lenders. But with the bank’s willingness to offer lower mortgage rates to better compete, have combined to create the perfect scenario for UK homeowners.
We do understand that years ago, comparing mortgage rates was uncommon. Only the very wealthy had the connections and ability to work with various lenders. But easing regulations have made an environment where various mortgage lenders can compete with each other, and they do not need a physical branch in your area to provide you with a cheaper mortgage.
So try our free review let us help you to start making those savings call us today
As a Professional Aerial Photographer, lately I have been noticing a growing number of questionable drone photographs being used in the local press, and lets be honest, have probably been taken illegally and in contravention of the CAA guidelines for drone use. I am talking about photographs such as a bird’s eye views of the centre of London, or a bird’s eye view of a church in a town centre, overhead videos of Liverpool town centre, that sort of thing. You are probably wondering how the pictures where taken, in fact we as professional aerial photographers are wondering the very same thing.
In my own home town, we have had the local press publish stills from videos and links to youtube videos that have clearly been taken illegally. By Illegal I mean they have been taken by an enthusiastic amateur photographer with a drone, and then they have been published in the newspaper. there are, as I see it at least two issues with this.
1. The newspaper in printing the photograph are in some ways complicit in the taking of the illegal photograph by allowing it to be printed without checking on the photographer’s credentials.
2. This fuels the illegal uses of drones, and fires the aim to get more and more “risqué” pictures.
This sort of, turning a blind eye as to the authenticity of the photograph, by the press is at best a “little disappointing” from a professional’s aerial photographer standpoint. All too often we see Drones being flown to overlook people’s gardens, all too often they are being flown too close to airports, being flown in such a way that they scare livestock, you know the sorts of things, all to get that “special image”. With Christmas around the corner things will only get worse as the market explodes with drones being bought as the “Christmas toy to have”. Even a modestly prices UAV now is capable of being flown way out of the sight of its owner and potentially into the path of a plane. Surely the press have a duty, as well as the Drone industry, to collectively educate the public. The Drone Manufacturers put a leaflet into every purchased Drone highlighting “The Drone Code” as issued by the CAA. Perhaps they, the press and manufacturers, should also pay for some infomercials or print some informative articles in the local and national press prior to the Christmas rush highlighting the dangers of operating drones. Any intervention from the Professional aerial photographer against an over enthusiastic and miss guided amateur will, and can only be interpreted as sour grapes on the amateurs part so self regulation will not work in my opinion, although we do have a duty to report the worst offenders to the police. I say this as my experience of being known in the area as a professional drone operator, has led to people accusing me of overflying their gardens or their piece of land. Taunts of "I saw you the other day flying over that house", when in fact it was another amateur drone operator breaking the rules.
Manufacturers also need to stop making ill guided claims that “their Drone will fly X” number of kilometres away from the base unit", this is really unhelpful in educating the public as to what they can and cannot do with their Drones. As Professional Aerial Photographers we have all seen YouTube and its full of videos of people doing distance tests, in doing the distance test they are breaking the “Drone code” as the drone will be well out of sight during most of the test. By way of example of these cavalier claims the new Mavic drone launched this month by DJI as part of their selling points a line in their spec sheet says” New OcuSync transmission system offers up to 4.3 miles of transmission range”. Some people may see this as a challenge and not just a flight statistic.
My fear for this industry is that, unless the public are educated they will continue to ignore the rules and regulations, as this industry is predominately unregulated. It will take nothing short of a disaster for the governing bodies to wake up and pay attention, by then it will be too late for our industry. Maybe we as professional drone operators should self-police it in the interest of our businesses, but that raises all kinds of other issues as previously mentioned. The fact remains that something has to be done to safeguard the future of our businesses, after all we have made a sizeable investment to just get started as a Professional aerial photographer, and "I kinda like the job", long may it succeed !!
Drone View Ltd
PFAW No UAV 2021
Make the best of your Website carousel.
Most people like to see images on a slider on a website, they are a fairly well established design element. However, there are some dos and don’ts to bear in mind:-
Get the auto rotate right:
1. Don’t make them whizz by too fast, give the user a chance to linger on the nice images, maybe even read a heading.
2. Prioritise the order of your slides, the first will always be most important, the fourth may not get seen by a lot of users.
3. Pause on mouse hover, give the user the chance to click on any links and disable autorotate on mobile.
4. If the user clicks on the play controls, stop the auto rotate - they may just be trying to look at something.
5. Add swipe as well as arrows to control the slider on mobile, users like that on touch screens.
There are more things you can do too - check out the full list on our website. http://ilateralweb.co.uk/web-design-news/you-spin-me-right-round-a-guide-to-carousels-on-home-pages/
Cyber Attacks - hype or stark reality?
Cyber security has become a key risk to businesses of all sizes. With almost 3 in 4 small businesses in the UK having experienced a security breach in the last 12 months, cyber attacks have become headline news.
In today’s business environment, virtually all companies (regardless of their size) collect and store personal information about customers, employees and others. With this increased level of data, follows a higher rate of data breaches - the theft, loss or mistaken release of private information - is on the rise.
Don’t be fooled in thinking that these data breaches are just a big business problem; small and medium-sized businesses with fewer data security resources are particularly vulnerable.
Why do businesses need cyber insurance?
With the average cost to a small business of the worst security breaches between £75-£311,000, having specific insurance coverage in place to mitigate these risks can reduce the financial impact.
Key considerations for businesses when choosing cyber insurance are whether the policy provides:
– Cover for the costs of dealing with data breaches
– Cover for the costs of dealing with cyber liability claims
– Cover for business losses from a cyber event
– Cover that helps businesses deal with the impact of cyber crime
– Cover for hardware and data corruption
– Access to expert advice and support e.g. IT, legal, forensic and media relations when an incident occurs.
How can businesses protect themselves?
The best advice to start with is to speak to an insurance expert. By trying to purchase this cover on-line or over the telephone, you risk there being gaps in your cover (see above) or simply not getting the cover that is tailored to your business.
At Cass Stephens, we are able to access specialist policies that are designed to meet the demand of businesses faced with this modern-day threat to their survival.
One insurer with whom we deal can offer cover that would deal with the following scenarios:
Example claims covered under the HSB Cyber Insurance policy
Data corruption and extra costs
Ex-employee hacked computer system. Data restoration and recreation required.
Property management firm’s email system became corrupted. IT investigation needed to confirm a virus was the cause. Former customers sued for damages after being infected by email. Claim: £31,261
Accountant’s laptop stolen containing 800 customer tax records. Cost to replace laptop, notify clients and investigate loss. Claim: £35,000
How many times have you witnessed a laptop or tablet being left unattended on a train whilst the owner visits the buffet carriage for instance?
Please feel free to get in touch if you have a specific enquiry or would simply like to talk through your options.
Andrew Long Cert CII
Commercial Account Executive
Cass Stephens Insurances Ltd
CAP BUSINESS CLUBS BLOG
Or...visit us on Facebook - We always appreciate any "Likes"
T: 01594 723120
M: 07811 981929
The Main Place
Old Station Way