This week’s technology news – 27th March 2015

Are you really YOU online?

Cifas have published Fraudscape, their annual survey of 277,000 fraud cases from 245 members spanning a range of UK sectors.  With cyber security issues topping the chart of risks for business in 2014/15, ID fraud is becoming the largest emerging threat as cyber criminals turn their attention to using other people’s identifies or creating new false identities, as increased vigilance by business and consumers has begun a decline in accounts being hacked or taken over.  It is estimated that there are 758 frauds occurring every day at a rate of 31 per hour in the UK (Cifas members alone) and the Department of Health estimates there were an eye watering 30 million cases of prescription fraud in 2014.

The survey findings report:

• 41% of all frauds recorded in 2014 involved criminal abuse of personal data or ID details to impersonate someone or create fictitious ID to steal money.
• 113,839 cases of ID fraud were recorded in 2014, up by 5% on 2013.
• Average victim’s age was 46
• Men are twice as likely as women to have their ID stolen.
• Emerging trend for young adults (21-30) being targeted (up 51% since 2011 to 14,850), reflecting this group’s increased use of financial products.
• The 55+ age group has witnessed a 15% rise in ID fraud victims from 2013 reaching 25,346 in 2014.

Read the full survey at:

Cifas CEO Simon Dukes described ID fraud as being on an industrial scale, “The frauds we are recording point to increasingly sophisticated, predatory and organised criminals”.  Cifas acknowledge that the stats may be the tip of the iceberg as this is only what has been reported by their members and is on public record.

The true extent is expected to be far greater, as the UK stats which create the starting point for data gathering, are understandably challenging and much goes unreported.  The Department for Business, Innovation and Skills figures records the following baselines:

• There were 5.2 million private sector businesses in the UK at the start of 2014.
• 180,000 charities (England and Wales)
• 560 central government bodies
• 400 local authorities
• 150 NHS Trusts

Then there are the individuals who have suffered fraud.   Collating reports therefore from across 5.4 million organisations and identifying how many out of 60 million people have suffered fraud requires some degree of estimation (and the figures do not include SMEs in the private sector which according to the Federation for Small Businesses accounts for over 99% of all private sector business in the UK and almost 50% of private sector employment).

But the warning bells are there for us all. The last recorded stats from the now disbanded National Fraud Authority (NFA) put the cost of fraud to the UK economy at £15.5 billion in 2013.   The Cifas fraud cases route to the City of London Police. But few of Cifas’ members know the point at which an ID has been compromised which would help target prevention efforts.

WHAT TO DO?  Any organisation which has not taken steps to increase resilience by improving its firewalls, beefing up id authentication, encyption and having sound antivirus and malware software in place could be placing it and its customers at unnecessary risk.  Reporting ID fraud and data breaches as standard has the potential to strengthen national security learning if government and industry can work closer together.  Added to this, education and awareness training amongst employees and consumers is a must as we find ourselves in an ever more cynical world surrounded by criminal intent.


Threat to Safe Harbour Agreement in Euro court

Europe’s highest court, the European Court of Justice’s (ECJ) will shortly be reviewing how European’s data is shared with US companies in a landmark case which questions the effectiveness of the US Safe Harbour Agreement.

Brought by activist Max Schrems off the back of Edward Snowden’s whistleblowing, the lawyer’s complaint is that companies such as Facebook (by being complicit in Prism, an NSA surveillance system), are ignoring privacy practices and that the Safe Harbour Agreement should be scrapped in favour of local regulators acting to protect European’s data.

The Safe Harbour agreement (in place since 2000), allows US firms to collect data on their European users and store them in US data centres as long as certain principles around storage and security are upheld (eg. Giving notice to users and advising them on how the data can be accessed and by whom).

UK data regulator Ofcom are reported to have said at the hearing that scrapping Safe Harbour would “risk disrupting trade that carries significant benefit for the EU and its citizens”.

If upheld, the decision would have severe repercussions for any US firm dealing with Europeans’ data, including giants such as Twitter, Google, Microsoft and Yahoo.   Twitter commented they would be forced to build datacentres in Europe to hold separated info.  Facebook has not responded formally, although the BBC has quoted that the social media behemoth would welcome an update of the Safe Harbour rules post Snowden.

For UK organisations where the issue of sovereignty is important, let alone the level of data protection required, the issue is likely to drive them to seek to preserve and protect their customers data by having it only reside in various UK datacentres to avoid the risk of losing control of the data at any time and having to deal with local regulators and data laws.


Microsoft’s future career as a carrier

Microsoft has been delivering text, voice and video services for many years to both consumers and businesses across phones, tablets and PCs. Their current offerings are Skype and Lync, with the latter soon to be rebranded Skype for Business.   Currently over 100 million people now use Lync to communicate at work. This week Microsoft announced that Skype for  Business would include an enterprise-grade PSTN connection to Office 365 Skype for Business.

Microsoft’s strategic partners (including AT&T, BT, Colt, Equinix, Level 3 Communications, Orange Business Services, TAT Communications, Telstra, Verizon and Vodafone) will be working together with Microsoft to deliver secure and direct connections to Office 365 Skype for Business customers through Azure ExpressRoute for Office 365.   Azure ExpressRoute leverages partners’ networks to provide a private, dedicated and high bandwidth connection that bypasses the internet – essentially making Office 365 an extension of your on-premise environment whether you’re on site or not.

Skype for Business can handle all an organisations’ communications and with Azure ExpressRoute and their partners providing a direct connection rivalling traditional communication companies, Microsoft is essentially placing themselves into the carrier business.

This will offer businesses a one-stop-shop for a secure communication package, which is where Microsoft is aiming this offering – for now. In principle this technology could be used on a commercial device. The user, instead of buying a phone, minutes and texts from a high-street carrier, could order a Windows 10 phone with a subscription to Office 365 that includes minutes and texts through Skype direct from Microsoft.

Whether Microsoft does or doesn’t tie these devices and services together in such an offering, its potential does highlight the importance of Microsoft’s strategic partnerships which benefits all – not just Microsoft going forward.


Troublesome domains

When browsing the internet – or even securing your own website, you will likely only worry about a few TLDs (top level domains), with the most common being .com, .net and .org.    In recent years there has been an explosion of new TLDs with the number now available rising to over 650.

One of the most recent TLD’s ”.sucks” has been stirring up trouble.   It’s easy to see how this new domain could be a serious nuisance as all it takes is for someone to take your company’s name and register the new “.sucks” domain and they have the perfect, virtual home in an ideal location to poke mischief and maliciousness at your brand, with the potential of you losing big business.

The initial answer for most will be simple; to buy the domain before anyone else can and cause trouble, but this is where it gets ugly.  The group who purchased the rights to sell “.sucks” called Momentous is charging astronomical fees of $2,500 for ”.sucks” domains.   To major organisation, this could be small change and amount to no more than regular IT admin housekeeping, however for SMEs or professional individuals, the cost is extortionate – and every business will need to calculate the risk of a 3rd party taking over this domain and the potential cost of damages to its brand in doing so.

ICANN, the international body that supervisors all things internet, including the creation and approval of new TLDs clearly decided that “.sucks” was fit for purpose.  Whether ICANN is fit for purpose itself in thinking that such a domain name could be positive in any way for business is risible.

Organisations are now left with a wholly unnecessary headache and unwanted financial outlay if they are to insure against potential negative outcomes.  Hopefully a sharp backlash from disapproving businesses will make ICANN recognise their folly – and in future only permit the release of sensible domain names that add value to the internet.



Week’s technology news – 6th March 2015

Let’s get it on!  Top collaboration trends
A recent survey of over 500 organisations by an American industry analyst showed that whilst many companies have adopted collaboration tools, the difficulty for companies of all sizes is to find toolsets that meet ALL of their organisational needs.

1. 87% confirmed they used ‘distributed collaboration’ (where people can work with distance of time and space, collectively, often using complex information for a set goal or purpose) for some of their work.

2. 78% reported they were working on between two – seven projects simultaneously and most people are now part of three to five teams at work (with the larger the organisation and level of role, the greater the pull to collaborate on projects).

3. 40% advised they spent half their working time in non-decision making meetings, mainly around brainstorming or planning, with a high percentage involved in problem solving and project status meetings.

4. Top five meeting problems were:
a. No clear agenda communicated in advance
b. Stakeholders not prepared or didn’t attend
c. People bringing personal agendas to meeting
d. People re-hashing old topics and decisions + late arrivals
e. Straying from the agenda

5. No ‘behavioural metrics’ which could improve meeting value – here are the most requested metrics:
a. value for interpersonal interactions
b. number of decisions arising from meeting
c. percentage of time spent in the meeting

6. Collaboration leverage – using “the right technology for the right process at the right time with the right people” The top three processes to secure this were:

a. new product/service development
b. crisis management and decision support
c. effective sales /marketing.

7. The impact of these collaboration leverage processes sought to create the ‘ability to make better and faster decisions’ and to increase ‘the number and quality of decisions coming from meetings’.  Tools that support better, faster decision making to help meeting productivity include: Powernoodle, ThinkTank and Other tools like Clarizen, that focus on collaboration and project management, enable those in meetings to track the outcomes of their decisions and give feedback to the meeting participants.

8. 52% not happy with their collaboration tools as they failed to support physically distributed teams and project work.

9. Larger companies use more collaboration tools but need to review with users which work best for their workforce:

a. 86% of those surveyed use email (still most popular though decreasing with Apps)
b. 72% now using desktop video conferencing over room–based video conferencing (49%), revealing that mobile technology an increasing driver.
c. 72% use Chat/IM/Texting

Businesses can use all manner of collaboration tools.  There is no single panacea but if tools can improve teamwork interactions and communications between teams, organisations need to think about what will work best for their business in practice.  Review your collaboration techniques and technologies.  And for staff, seek to be more productive: go into meetings prepared, communicate properly, contribute meaningfully and succinctly – and finally don’t arrange a meeting if you don’t have to!


The evolution of unified authentication

Online authentication has evolved greatly since its original implementation through internet sites and services. On a basic level, each account you hold with a particular site would be isolated with your username, password and other details sitting in their database.

As the needs and expectations of online services have grown, so has the need for a more unified attempt at tying online authentication together and this prompted the definition of ‘Identity 1.0’ (also called digital identity, a set of methods for identity verification on the internet using emerging user-centric technologies).

Microsoft’s initial attempt to streamline login was a system called ‘Passport’ debuting in 1999.  Passport worked as a middleman, by providing established identities to users which sites could call upon to authenticate access and eliminate registering for additional accounts for sites which supported the Passport authentication method.  This also alleviated the users password being stored on the site’s database and instead a single, hopefully more trusted source being Microsoft.

Like many of Microsoft’s best plans the idea was solid but ultimately failed. This was partly due to several rebrands of the service confusing consumers alike as Passport changed to .NET  in 2001 which eventually morphed to the Windows LIVE ID in 2006 (and today is simply a Microsoft account). The other reason for the lack of success was a lack of incentive for third-parties to invest in the system, as the user would get the benefit of one less login but the service provider would lose any benefit of creating their own direct consumer database.

The next evolution of digital authentication called ‘Identity 2.0’ was based from the web 2.0 theory of the World Wide Web transition. An example of this in action is the Facebook login – a popular service, where you can login to other sites or application using your Facebook name and password. This implementation went far beyond Microsoft’s Passport.  Not only does it save users from having to remember yet another password, but the services are able to request information such as a user profile picture, address or contacts after user consent and display this natively on another site.   It also works the other way around where tasks done on the associated site could relay information back to facebook, such as ‘liking’ a page, setting a comment on your profile, or potentially most importantly sending information to your friend’s Facebook pages.

‘Identity 3.0’ was defined last year by the Global Identity Foundation and hopes to address the current concerns around digital authentication.  The new principles change it so that only one identity (which is unique and private) is needed, thus eliminating the need for a body to issue or record multiple identities. The identity of one entity to another remains cryptographically unique; negating the need for user-names or passwords and minimising the risk of too much personal information being aggregated.  Also the biometrics of the individual remain within their sole control, so biometric information will not be used, exchanged or stored outside the person’s control.

The principles outlined in Identity 3.0 show similarities to Apple’s approach to authentication with ‘Touch ID’ on the latest iPhones and iPads. Users are able to authenticate purchases direct from Apple with a fingerprint. Most importantly third-party software developers are also able to take advantage of this without compromising the biometric data.  Developers can write apps that use the individual’s fingerprint for authentication, be it a purchase or as a key to unencrypt emails, without the fingerprint data leaving the device, or without the user needing to enter a traditional password. Many such new devices linking user authentication with security access at work and crossing with personal lifestyle were reviewed in our blog dated 6th February.

With newly announced devices like this week’s Samsung Galaxy S6 sporting a similar, speedy fingerprint sensor to Apple’s Touch ID, it may not be long till most people have access to an alternative login like a finger print to alleviate entering passwords altogether.

Authentication has evolved significantly over the years, but depending on the devices and services you use, your own experience – and the amount of accounts you actively use – this will vary considerably. This in theory will only improve in the years to come, but the next big challenge in unified authentication could come from getting device and platform manufacturers to play nice with each other.  Whereas specific apps are available on only the most popular platforms like iOS and Android. This could turn out the same for login options. The market as always will ultimately go for the most simple and intuitive experience for the user.


New digital technology to stop blaggers unlawfully securing jobs
Who doesn’t want to appear better on paper?  Unfortunately according to Cifas, the UK’s fraud prevention service, 63% of all confirmed employment fraud in 2014 including CV fraud, related to people lying about their education, employment or qualifications.  So recruiting an honest, qualified employee may not be as easy as we thought.

The remedies in education are dealt with by universities subscribing to the Higher Education Degree Datacheck system. This logs the detail of degrees, diplomas etc. in subjects and levels achieved.  It also picks up bogus named establishments.

For businesses though, it is far more difficult, time consuming, costly and a considerable administrative task, involving checks on search engines and social networks. As a result, many organisations do their due diligence AFTER appointing someone, because to do so prior, would make the recruitment process literally grind to a halt, as most qualifications are not readily digitised (ie. mounted certificates).    The problems get particularly acute when dealing with jobs in fields such as finance and law that have a well-defined scheme of professional qualifications.  Inevitably though, with tough competition for jobs the final choice can rest on who has the best qualifications ‘on paper’.

Where technology steps in
Pearson have come up with a new digital solution called ‘Acclaim’.  Prospects get digital badges when they complete a particular course or project.  Neatly, the badge links back to the awarding body which can verify the person actually achieved that qualification. Additionally, metadata buried with the badge offers employers further insight into the qualifications.  Started in 2014, Pearson hope to issue 1 million digital badges in 2015.

The scheme has the buy-in from a number of professional organisations as well as trusted career sites such as LinkedIn. With signatories including Adobe, Microsoft’s Sales Academy, and IT consultancy Citrix, plus schools and colleges, it should start to level the playing field and create the necessary transparency especially in the IT and Technology field.  Happily for the IT industry, where a lot is achieved based on experience vs an academic qualification, the new Pearson system embraces this and career skills can be included in the new digital certificates.

Cifas report that the number of people being prosecuted for CV and qualification fraud is on the rise.  It is a crime – and people have been jailed for falsifying their education history.  It doesn’t seem worth it – but some small lies have led to very large cover ups.

Examples of CV Fraudsters ‘MOST WANTED’

• In 2012, former Yahoo boss Scott Thompson falsely claimed to have a computer science degree and had to step down once the truth was uncovered.
• Upping the ante even further was Marilee Jones, former dean of admissions at MIT, who claimed to have three University qualifications, two degrees and a doctorate, she had not earned. It took 28 years for the falsehoods to be unearthed. Ms Jones resigned soon after.
• Alison Ryan, would-be PR manager for Manchester United, claimed to have a first class degree from Cambridge. In fact, she got a second and had been banned from practising law. She was sacked from the £125,000 a year job at the football club in 2000.


Are Sony on solid ground?
Interviewed at this week’s Mobile World Congress, Kazuo Hirai CEO of Sony Pictures, was in an upbeat, honest mood despite being challenged on several fronts about the output from Sony recently.  When asked about the lack of impact with its Android phone, Hirai confessed Sony would keep a close eye on the profitability of its mobile phone arm, as the market was very volatile and carries many inherent risks.  If the ROI wasn’t still there, Hirai commented there were no guarantees of anything in the future – it was just the nature of the electronics business.

Neither has Sony stolen a march in the wearable technology field. Its smart ‘EyeGlass’ is clunky in comparison to its more slick rival, Google Glass.  Sony’s smartwatch and intelligent fitness bands are out there – but in a kind of ‘so what’ manner. Hirai acknowledged the market itself hadn’t yet decided what product most resonated with customers and was a challenge to all suppliers in this space – with everyone searching for the right feature and functionality set, form factor, convenience AND good battery life.

His reflections on the damage to Sony Pictures from the January cyber attack were robust but contemplative as he put the attack in context:  “The Government.. FBI’s enquiries told us that for 90% of companies, had they been attacked the way Sony Pictures were, they would also have been vulnerable, as it was not a run of the mill attack”.  Hirai added that cyber security and network security was a very high priority for them and had been for a long time since the Playstation attack several years ago.