Mark Davies - The Identity Organisation In the new and imminent GDPR world, mandatory reporting of a data breach becomes a reality for all businesses, and for those businesses who don’t report a breach, very large fines will apply. Running a business is about to become even more complex, but the real issue will be, how you as a business owner protect the data you hold, and whether or not that protection works.
The threat landscape has changed and we’re all aware of recent high profile fraud attacks that have resulted in data breaches and loss of profit and productivity. Only the other night there was a report on BBC Points West about a firm in Somerset who switched to online banking for the first time, and were defrauded of £3 Million. Whilst, this was more of a straightforward internet fraud, interestingly, in the new GDPR world, it’s likely that such a breach would come under scrutiny and there would be questions about the processes for the detection of, and response to cyber-attacks. No doubt, the Information Commission will be interested when Companies fall victim to a fraud, wanting to understand what else could have happened apart from the successful attack? That’s the connection between security and GDPR. As customers become more and more aware of their privacy rights - much strengthened under GDPR - and as that awareness grows, the onus on Businesses to protect their customers’ privacy and security will grow with it. Known unknowns So, GDPR compliance cannot be a case of, “trying your best!” Demonstrating that, as a Business owner, you have taken the security of customer data seriously, is the core aim of GDPR. But, because the threat online is continuously changing in response to new defences, businesses not expert in the cyber-security field cannot hope to protect themselves adequately. The question then becomes -How do you demonstrate that you have done your best? Quite simply, security must underpin everything that you do online. And another small wrinkle. GDPR doesn’t only apply to digital data, but also any information you might hold in paper format! More and more investment by large companies is going into trying to second guess what hackers have done on their networks and how to respond to an attack. They’re partnering with lots of organisations to develop new defence systems and data audits across their networks. Smaller and Medium-sized Businesses may feel that they can’t afford this kind of investment. The question you have to ask yourself is, “can you afford not too?” if you don’t trust your systems and processes, how can you expect your customers and suppliers too? Under GDPR, they will want to be able to trust you to protect their data. Data is the future There is a risk that a lot of smaller businesses will, “press the panic button,” and reduce or delete completely the data that they hold on customers and suppliers. But, if you have no insight about your customers anymore it’s going to put you in a difficult position. In the future, even more than now, businesses will need to make data work for them, to be able to grow. But, in the GDPR world, they won’t be able to take a haphazard approach to how they use, store and protect that data. Businesses of all sizes will have to make people aware of what they’re doing with their data, where it is, what it is and how they can get access to it. And as the public begins to understand what their data is worth, not just to the businesses they interact with, but also those who would seek to use it for criminal purposes, it’s only natural that they will want to see it protected. So, it’s not just about protecting the data you hold, but also protecting and growing your Business. In summary. In the new GDPR world, all businesses will have to be transparent about the data they hold and what they do with it, comply with regulations and protect the data they hold. Essentially, everything will come down to, as it always does. Trust!
0 Comments
Jacqui Lewis-Everley - ilateral This is not a new story (Google announced it's plans September 2017), but many people are still unaware that Google Chrome and Firefox will be blocking websites that use SSL certificates issued by Symantec as of April this year. You many think "Well, my SSL certificate was issued by GeoTrust/RapidSSL/Thawte, not Symantec", but the reality is that Symantec provided SSL certificates to many companies (including the ones mentioned) and if you bought one of these SSL certificates, then your website might be blocked. The result of this is that potentially thousands of websites could be blocked by Chrome and Firefox (there is a more detailed post about this on The Register), but a lot of websites providers still seem unaware that this update is coming. It is of the upmost importance that is your site is protected by an SSL certificate, you contact your provider and ask them if this update effects you! You might feel that Google has gone to far in doing this, "how can one company dictate the availability of so many websites" you may ask? The reality is, Symantec's SSL company has not always been adhering to industry standards when issuing SSL certificates and have issued a certificate where they should not. Consequently, Chrome and Firefox developers feel they cannot trust certificates provided by Symantec. This may be a bit of a frustration for some people, but SSL certificates are supposed to be secure and provide a level of credibility to a site. If there is evidence that a supplier might not be providing secure certificates, it is the responsibility of companies like Google to help protect it's users. If you want to find out more information about the whole story, Google posted an article on their security blog last year, you can go check it out. Bob Pointer - CFIL Global Words in papers, words in books, Words on TV, words for crooks, Words of comfort, words of peace, Words to make the fighting cease, Sometime ago before my move to the forest I attended an event, in my then local area, entitled “Magic at the barn”. Stage on behalf of local charities it provided amateur and professional illusionists, magicians and mentalists of various standing and ability, with an opportunity to showcase their acts. I am extremely interested in the concept, principles and methodology of mentalism. The use of influence to exploit human nature are much the same as those used by fraudsters and social engineering (sic). For every lie there has to be deception – but deception does not necessarily involve a lie. Professor Albert Mehrabian in his article “Decoding of Inconsistent Communications” published in the Journal of Personality and Social Psychology in 1967 first highlighted the importance of verbal and nonverbal messages and introduced what is commonly known as the 7%-38%-55% rule. This rule is the stock in trade of the “Human lie detectors and body language gurus” who ply their trade online. Whilst Mehrabian’s proposition related to very focused and specific circumstances and has been widely misrepresented as the make-up of all intra-personal communication it does highlight the undisputed link between what we say verbally and what our bodies say. Concrete words, abstract words, Crazy words and lying words, Whilst I agree that nonverbal communication plays a pivotal role in effective communication I don’t subscribe to the theory that in all interactions words only account for around 7% of the process.Words are the primary way in which we relay our message our nonverbal behaviour assists in directing that message. In neuro-linquistic programming (NLP) the premise that we mainly operate on auto -pilot conforming to established patterns of behaviour is a fundamental principle which manifests itself in the use of embedded commands – hidden messages within a communication which speak directly to the unconscious mind. As a non practicing NLP practitioner I am aware of how powerful these verbal cues can be if used correctly – as evidenced by the results of my current work with Sales professionals at Volvo Trucks UK. Whilst used correctly and ethically embedded commands are a useful tool in many circumstances, seeing them used alongside “conscious hypnosis” in the name of entertainment to me clearly evidenced the dangers of their misuse to manipulate and deceive. Today in our technology enabled lives we are bombarded with messages all our waking hours from various media sources so how easy would it be for marketeers, Sales man and fraudsters to embed messages or information which bypasses our conscious mind? The answer extremely easy as evidenced by a study undertaken at Glasgow University in 2012. In this experiment participants were provided with spoken messages via headsets and were required to press a button after each message if they thought it contained the truth. The messages relayed were based on the semantic illusion theory the most famous example of which is the message; “How many animals of each kind did Moses take into the Ark” Obviously this is not a true statement as it was Noah not Moses but this experiment evidenced that if a statement like this is delivered in the right way and “sounds” true we will accept it. Another example is the Barnum or Forer effect again much loved by mind readers and astrologists which refers to the tendency for people to accept generic personal feedback consisting of relatively trivial statements as being highly accurate (Tobacyk & Milford, 1988). So,what is the relevance of this here today? It is in my view extremely relevant in fact it could cost everything – our money and our very identity. The principle of what is now known as social engineering is to use human nature against us to the advantage of another. Organisations are very adept now at installing high tech monitoring systems to maintain the security of their data but every system has its weak point and invariably that is the human element. Emails, social media, on line dating, there are so many ways now to use words as trojan horses to influence, misdirect or deceive us. Why send 1000s of hopeful emails asking to help get money out of an African princes embargoed account when you can send one from a trusted associate asking to meet for a drink at a new venue shown on an attachment or gain an individuals confidence through manipulation of their unconscious mind. Understanding how human beings think and behave are vital skills for anyone in business. However it is a dying art as we rely more and more on technologically mediated communication. Words are like a certain person Who can’t say what they mean Don’t mean what they say Wordy Rappinghood – The Tom Tom Club Oh and by the way without going back tell me, did I go to the “Magic at the barn” event? Paul James - Best Parteez So, the dream is to have a static bouncy castle Adventure-land here in the Forest of Dean. We can visualise an amazing centre full of magical stuff for kids (and adults too1). One that has a WOW factor when you enter, and makes you want to come back for more fun! Perhaps we would fill it with amazing inflatables, softplay of super high quality, trampolines, climbing frames, slides, didicar tracks …..the list goes on. A separate room for birthday parties would be good too, with in house catering from the centres cafeteria. One that has everything to create the perfect party. And, make it all so good, the Forest of Dean would have something to be proud of. A venue so magical, people would come from miles around…..as well as the locals and tourists staying in the area. So, all we need to make this happen is – an astronomical amount of money, support from the local council, a huge venue, and the knowledge to make it nothing less than brilliant! Think about it though, it would create employment, generate more business for the Forest of Dean and give the area another great tourist destination. Would love to hear your thoughts on this 😊 Bob Pointer - CFIL Global I consider myself an extremely lucky man. I am one of the fortunate few who’s passion has become their business. I have been fascinated by human behaviour since I first read “The naked Ape” by Dr Desmond Morris. Since that time, I have read numerous good, bad and indifferent books on the subject. However, in this blog I want to focus on just one, an interesting and revealing book Detecting Deception: A Bibliography of Counter Deception Across Time, Cultures, and Discipline (2006) by Barton Stewart Whaley. This book was recommended to me as a serious exploration of the history of deception (an important aspect of human behaviour) and I can highly recommend it to those who, like me, want a more in-depth look at the subject than can usually be found. Whaley describes deception as “the intentional distortion of another’s perceived reality”. He describes how deception can be categorised as dissimulation and simulation. Dissimulation refers to hiding the “real” by masking, disguising or confusing whilst simulation refers to actions taken to divert attention. He provides a very detailed account of the role of deception, which can and unfortunately does manifests itself in one form and another in our everyday lives. However, what intrigued me was the focus on a period in history where deception techniques became part of warfare. World War 2 helped shape the world as we know it now and many of the stories, for instance the breaking of Enigma code, are now well known. But for me there is an equally enthralling story which centres on a not so well known individual Jasper Maskelyne who joined the British Army at the commencement of the war. In his civilian life Maskelyne was a stage magician and he soon recognised the opportunity to use his skills in miss-direction and deception to assist in the theatre of war. There are many stories documented about his activities and, like with many other “folk heroes”, some of them seem fanciful. However, there is photographic and documentary evidence to support a good proportion of them. After gaining some success working on “special projects” within his unit the Royal Engineers in January 1941 he was tasked with putting together “a force for subterfuge and counter espionage” which were then deployed supporting the battle against Rommel’s troops in the North African campaign. Maskelyne and his team which included an architect, carpenter and stage-set builder were known as the “magic gang”. Together they were responsible for creating illusions which made trucks look like tanks and tanks look like Trucks which confused the enemy’s intelligence gathering operations. However one of his greatest documented achievements has to be an illusion which even today sounds impossible; miss – directing the German bombers tasked with destroying the strategically important port of Alexandria. Incredibly the magic gang created a mock-up of the port including fake buildings, anti –aircraft guns and a light house. Whilst this was impressive in itself incredibly he also managed to disguise the Suez canal by the use of series of revolving cones of mirrors. These devices were capable of projecting strobing light over an area of 8 miles which dazzled and disoriented the German pilots. After this success the gang played a major role in the lead up to the pivotal battle of El Alamain. Again, using miss-direction techniques namely the creation of over 2,000 fake tanks and a complete infrastructure including buildings and railway tracks. This created the illusion that the attack was to be staged from the south rather than from the North where a 1000 tank had been disguised as support lorries. The parallels between military tactics and the art of miss-direction and deception are clear to see and the Cold War that followed on from the open conflict of the Second World War introduced the era of espionage which honed these techniques into an art form. But unfortunately, such skills repackaged and technically enabled are today widely used in another theatre – Fraud – masking and simulation through mass market or directed phishing attacks plus the use or disguised Trojan attachments etc. are stock in trade for the modern fraudster or “social engineer”. However not all the stories featured within Whaley’s excellent tome were just extraordinary some were also quite bizarre. For example, the case of the chicken Elmer Gwynne who was appointed a sergeant in The US Army. This action was taken to swerve a ban on soldiers keeping pets. The chicken was part of a magic act performed by his keeper Jack Gwynne – a member of the United Services Organisation - so alongside his "handler" the chicken was enlisted! This stunt backfired as rather than raise morale the outcome of the performances were near riots as starving soldiers in India and Burma tried to capture the “sergeant” as a welcome addition to their rations! |
Categories
All
CAP BUSINESS CLUBS BLOG
Archives
December 2018
Visit us on Facebook - We always appreciate any "Likes"
Contact us
T: 01594 723120 M: 07811 981929 Email: Here Office 3 The Main Place Old Station Way Coleford, Glos GL16 8RH |