by Grey Hare Editor | Mar 19, 2020 | Articles
Maintaining business proactivity
By Philip Ingram MBE
Travel is being restricted, people are being told to work from home, meeting cancelled, companies are desperately trying to take business online and remote, events are cancelled or postponed. The great British wartime spirit is being displayed by most as the few riot over toilet rolls, panic buy on a first come first served basis, forget our elderly, our sick, it’s me first; but one thing will be at the back of everyone’s mind; “what next?” This brings out the best in many if not most and the worst in some; a sad reflection on elements of our community. Businesses must be asking “how do I maintain my business proactivity?”
For businesses, many that can afford to are looking for ways to provide support to front line services. Only yesterday I was contacted by the investigation’s software company Altia-ABM asking for introductions to front line services who may benefit from their capabilities for free. We are seeing reports of major manufacturers like JCB and Dyson changing their production lines to make medical ventilators, we are hearing of distilleries switching to the production of alcohol-based hand gel (and not for internal use).
One thing is clear, the current COVID-19 pandemic is changing and will change the business landscape for some time to come if not make a permanent change. However, the first thing to recognise is that capabilities will still be needed, help provided, services delivered. The world is not stopping completely, so businesses that take a proactive approach are more likely to come out the other side of this crisis better than those that don’t. That is just simple logic.
So, what do I mean by a proactive approach in an environment with no meetings, increasingly restricted travel and no events? It is all about communicating, about informing, about contributing. It’s all about keeping a sense of perspective and as much of a sense of normality as possible. The crisis will pass, and a newer version of ‘normality’ will return so it is important that businesses don’t just disengage completely.
So how do you engage, what should you be doing?
First and foremost, inform, inform, inform. Keep your staff and customers up to date with what is happening. Ensure you have clear statements and contact details on the front of your websites if appropriate and in your telephone answering system. You know who your main customers are, make sure you or your team are talking to them throughout this crisis.
Secondly, secure, secure, secure. Threats to your data, your IP are not going to go away and will likely increase over the crisis period. GDPR fines will not be waived for careless data breaches so ensure your working practices for remote working are as secure as your practices in the office. Those that were a threat before COVID-19 hit are still a threat and will see this as an opportunity. Be on the lookout for phishing, malware, ransomware and people exploiting online social engineering opportunities.
Thirdly, engage, engage, engage. Don’t fall into the trap of isolating yourself, your business, your services. There are lots of ways to remain engaged. Talk to your suppliers and customers, keep them reassured. Publish articles, blogs, thought pieces, updates on your website and use email and social media to distribute them widely. Engage on social media, a perfect way to keep your followers confident that all is as normal as it can be. Finally look for different opportunities to communicate. I am doing PODCASTS and will likely start restart VLOGS as well. Webinars have long been an excellent way of delivering informed content and good debate. The key to getting and maintaining your audience is to provide good informative content.
With all of the social media enabled communications means almost enabling the building of a virtual world, this is a perfect opportunity to stand out from the rest and show how progressive you can be making the transition back to proper normality that much easier. So, don’t sit and wat for something to happen, take the initiative and be proactive that is the key to standing out in this crisis.
Note:: Grey Hare Media provides focused content – drop us a line or gave a call for a chat to see if we can help. It costs nothing to chat and could save or better your market position.
by Grey Hare Editor | Feb 4, 2019 | Articles
Pokémon GO has numerous security concerns
This article was first published in August 2016 but remains relevant.
Iran has become the first country to outright ban Pokémon GO outright. Despite restrictions on internet usage in Iran the BBC says, “there have been a number of discussion on social media about the game.”
They then added, “The Iranian High Council of Virtual Spaces, which is the official body overseeing online activity took the decision to ban the game after having tried to see to what extent the game’s creators would co-operate with them.” It is not known what cooperation was requested.
What’s on Dubai says Pokémon GO “is slowly beginning to take over.” However, Pokémon GO from developer Niantic has only been released officially in the US, UK and Australia. For those not in the know, it is a craze to catch virtual monsters in real world settings. As well as safety concerns of people playing it in dangerous areas, there seems to be a very real number of security concerns.
So what are the issues and potential threats associated with this growing craze? Philip Ingram MBE takes a look.
In the terms and conditions for the game it clearly states that the data used by the game, and this is personal data, locational data and with the option for the user to photograph themselves with their captured Pokémon character, photo data, could be moved to USA based servers; essentially bypassing any home country security or privacy laws given the option to capture local images. This will “almost certainly have concerned the Iranians”, James Abernethy a former British Intelligence officer told Security News Desk.
Thomas Rid, Professor of Security Studies with King’s College Londonhas said guidelines for US military and government workers when using Pokémon Go, were shared with him by a US government officer. They discuss Operational Security (OPSEC) best practices and include “avoiding playing the game anywhere that shouldn’t be geo-tagged, not using a personal Gmail account with the game or a username associated with your social media accounts, exercising caution when taking pictures of Pokémon with the in-game augmented reality camera, and staying aware of your surroundings.” Rid then noted this is, “generally good advice even if you aren’t an intelligence officer.” The Indonesian police have banned its use whilst on duty.
The issue with Gmail was identified by the blogger Adam Reeve who wrote, “To play the game you need an account. Weirdly, Niantic won’t let you just create one – you need to sign in with an existing account from one of two services – the pokemon.com website or Google. Now the Pokémonsite is for some reason not accepting new signups right now so if you’re not already registered there you’ll need to use a Google account – and that’s where the fun begins.”
He went on to highlight how logging in via your google account gave Pokémon Go full access to all of your Google account services, ie they could see and modify anything to do with your account.
Niantic quickly released a statement on their website saying, “We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”
It seems the developers of the game got it out to market before all of the security implications around the app had been considered. If that wasn’t enough a leading cyber security company has commented on potential issues where the game is available on BYOD in the workplace.
Devin Jones, SVP of Product Management at Cyber adapt said, “The release and popularity of Pokémon Go came out of the blue for everyone except the 40 million teenagers in the United States. This application provides an interesting case study that illustrates the risks of BYOD in the enterprise. Businesses can’t prevent users from downloading apps on their personal devices and those apps will drive traffic to and from the corporate network. How does a business maintain control and visibility of their corporate traffic when users are hunting down virtual monsters and sharing GPS coordinates directly with other users? More importantly, how do you know that GPS tracking packets aren’t exfiltrating your financials?”
Vladimir Kuskov, Security expert at Kaspersky Lab outlined another flaw, that could cause the BYOD problem when working on android devices: “The Android version of the Pokémon Go app has been affected with malware called the “HEUR:Trojan-Spy.AndroidOS.Sandr.a” and there has been a lot of advice online about how to get the app early if it has not been made available in a certain country.”
Kuskov concluded, “The use of popular online games as a vehicle for installing malware is well known, and the best way to protect yourself and your device is to only install apps from official app stores and to complement this with an appropriate security solution. Don’t take short cuts, disable device security or download software from an unverified source; it’s just not worth it.”
This article was first published in August 2016 but remains relevant – for further comment from Philip Ingram please visit the contact us page.
Recent Comments