Thursday Thoughts - 4 June
COVID Track and Trace will become a feature of life in UK for some time to come. I share the publicised telephone numbers that the NHS will use to contact those who need to isolate. If in doubt you can choose to contact them via the contact tracing website.
Also featured are homeworking and emails, the need to be cyber aware, ICO warnings to a firm who accessed “excessive amounts” of employee’s sensitive data. This will be one to read if you plan to provide your staff with a mobile app to access work systems from their personal phone.
The new feature from Facebook “Email Marketing tools for small businesses” has not proved popular with privacy experts. I share some of their concerns.
Back again this week is blogs of the week on the varied topics of: how to make your email stand out, moving on, working from home and using Pinterest for business.
COVID track and trace
The NHS have publicised more information about track and trace. The only number they will use are:
• 0300 013 5000
• Texts from “NHS”
Sadly, scammers can fake these numbers so if you are concerned you can ask for an email or a text login so you can use the Test and Trace web site instead the ONLY official website is:
Real contact tracers will NEVER do any of the following:
· Ask you for details of card or bank account numbers
· Ask you to provide or fill in social media login details
· Ask you to set up a pin
· Ask you to download anything
You can get more details here: https://fullfact.org/online/test-and-trace-scam/
Town centres planning for lockdown release
Many town centres are planning their next phase and it is good to see that Cllr. Andrew Western, Leader of Trafford Council will be the BID's guest for an online Q&A on Thursday 11th June. All Altrincham town centre businesses welcome. For more local information: https://lnkd.in/d8AWwZi
Check your staff continue to process personal data lawfully
Every organisation is required to ensure that anyone acting on their behalf only processes the data that they are authorised to. Staff have to understand the importance of protecting the data, and their role in the organisation. This week the ICO issued guidance recommending businesses remind staff what policies and procedures are in place and what their responsibilities are. You can access this guidance here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/?utm_source=linkedin&utm_medium=information%20commissioner%27s%20office&utm_term=18bf9a9c-3ef8-42ec-a66f-d86ee70d8a3f&utm_content=&utm_campaign=#14
Homeworking and emails
As we can no longer just walk up to colleagues to have a chat its likely your inbox is a lot busier than usual. It is therefore important for businesses to consider if there are more safeguards they can put in place to keep email communication secure. The latest recommendations from the ICO are:
• Review and implement the NCSC guidance on defending against phishing attacks
• Block the ability to add forwarding rules to external addresses
• Advise staff to always use corporate email to transmit or discuss personal data (do not use personal email or messaging accounts)
“Don’t Click” on suspicious links
There are even more reasons to be vigilant with the recent EasyJet cyber breach and NHS track and trace. Now is the time to super vigilant about emails we receive ... if in doubt report it and then delete the message. Better to be safe than sorry. If it’s genuine the organisation will contact you again. You can find guidance on how to report suspicions emails here: https://www.ncsc.gov.uk/information/report-suspicious-emails
Do you trust Facebook with your business contact lists?
Facebook this week confirmed that it is testing Email Marketing Tools for Small Business Pages. It will be possible for contacts to be entered individually or uploaded from spreadsheets. Facebook said these tools will enable SMBs compose emails via easy-to-use tools and send those emails out directly via the Facebook platform, with the ability to track their performance.
Privacy experts are unanimous that they feel this is a step too far likening it to letting the fox loose on your henhouse. Most agree that it is merely a mechanism for Facebook to use the businesses contact details to sell ads etc. Interestingly many experts also said they would automatically opt out of a list such as this or worse still actively block a business they knew was using this tool. You can read more here: https://www.adweek.com/digital/facebook-confirms-test-of-email-marketing-tools-for-small-business-pages/
GDPR fines and warnings
A Dundee-based financial firm has been given a warning by the ICO because it used a mobile app which allowed it to access an “excessive amount” of employees’ sensitive personal data. The employees were able to access work systems from their personal phones but the app collected information such as carrier, country, device make and model, operating system, phone number, location, a list of installed apps and email as well as capturing SMS messages which were relayed through the corporate email system. You can read the details in the Dundee Courier article here: https://www.thecourier.co.uk/fp/news/local/dundee/1321856/exclusive-dundee-firm-alliance-trust-savings-censured-after-whistleblowers-spying-concerns/
Privacy handbook for NGOs
To raise awareness and assist Humanitarian Organisations with compliance with data protection the International Committee of the Red Cross has launched a Handbook on Data Protection in Humanitarian Action. You can access the handbook here: https://lnkd.in/dj953Na.
US lawmakers regulate on contact tracing
US Senate lawmakers plan to regulate contact-tracing and exposure-notification apps so that these new tools do not come at the expense of users’ privacy. This has come about because as demonstrations escalated in Minnesota contact tracing was used to track protestors. You can read more here:
Decentralised contact tracing systems
Italy and Latvia are the latest to launch decentralised contact tracing systems using Exposure Notification API designed by Apple and Google You can read this here: https://lnkd.in/dUAQVeC
VMware's cloud director platform vulnerability
A vulnerability in VMware's Cloud Director platform could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. This includes:
• Viewing the content of the internal system database (including customer password hashes)
• Modifying the system database to access foreign virtual machines assigned to different organizations within Cloud Director
• Escalating privileges from "Organization Administrator" to "System Administrator" and gaining access to cloud accounts
• Modifying the login page, allowing the attacker to capture passwords etc
• Accessing other customer data related (full names, email addresses, or IP addresses)
You can read the full article from Hacker News here: https://thehackernews.com/2020/06/vmware-cloud-director-exploit.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29&m=1
Security researchers have warned of a new multi-platform Java-based malware that can encrypt both Windows and Linux devices. This has been deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries and has been named “Tycoon”. After they infiltrate their victims' networks they manually deploy a "ZIP archive containing a Trojanized Java Runtime Environment (JRE) build". You can read more here: https://www.bleepingcomputer.com/news/security/new-tycoon-ransomware-targets-both-windows-and-linux-systems/
Blogs of the week
Some great blogs this week that caught my eye:
Lee Houghton - How do you stand out when sending emails?
If you are struggling with getting your point across in emails there was a really interesting post from Lee Houghton this week. Lee’s simple approach shows how to make an IMPACT and get results. It’s well worth a look! https://www.linkedin.com/posts/lhoughton_a-guide-to-making-an-impact-activity-6672055312557621248-orFF
Amanda Coleman - “Deep breath…move on”
Amanda captured the mood of many this week as we got to the end of the first half of 2020. It seems that this fact has caught many of us off guard and we are worrying that we haven’t achieved targets and goals we set in the New Year. Amanda argues we need to recognise that we are living through a global pandemic and accept that in a crisis responses are different. As we all try to navigate our way forward we shouldn’t worry that sometimes it feels tough and the uncertainty is unsettling - because it is. Amanda shares 10 things that the first half of 2020 has taught her - “Be easy on yourself when times get tough” is one we could all listen to. You can read the whole blog here: https://amandacomms1.wordpress.com/
Jenni Brown - Work From Home: Can we really extrapolate from the current situation?
In her blog Jenni discussed a recent poll that shows 50% of people working from home felt isolated and 7 out of ten were missing social interactions with others at work. Jenni started working from home as part of a planned move initially she was in a remote team and then she chose to work from home as a VA. She explains it takes forethought in terms of choosing workspace location, layout, desk size etc. Previous experience building connections in a remote work setting no doubt also helped. You can read the blog here: https://www.jjbofficeservices.co.uk/jjb-office-services-blog/
Altrincham HQ - How to use Pinterest for business
Catching up from last week I was absolutely intrigued by Altrincham HQ’s Blog about Pinterest in a work setting. It wasn’t anything I had considered but as Alex points out with 300 million users, 2 billion pins saved it has to be considered. His interview with Maeri Howard really helps to illustrate the utility of the platform (I’ve recommended it 5 times in the last week to businesses who were unsure what use Pinterest would be to them). The key takeaways are:
• People come to Pinterest to get inspired and try new things.
• You reach people when they’re planning and making decisions.
• On Pinterest, brands inspire – they don’t interrupt. Share your ideas with people who want to take action.
You can see the video and read Alex’s blog here: https://altrinchamhq.co.uk/how-to-use-pinterest-for-business/