Skip to main content
Category

Blog

Blog Posts

Featured Article : TikTok Termination?

By Blog, News No Comments

A recent US congressional vote means that TikTok and its parent company’s alleged ties with the Chinese Communist Party must be severed within six months or the popular TikTok app must be sold, thereby banning it in the US.

The Vote  

The unanimous Energy and Commerce Committee vote (50-0) in favour of forcing TikTok’s parent company ByteDance to divest itself or sell the app could see 170 million American users no longer able to use TikTok. There is now a wait to see whether the US Senate approves the measure before it becomes law. The stated purpose of the bill (as it stands) is to “protect the national security of the United States from the threat posed by foreign adversary controlled applications.” 

Chinese Links 

The worries that ByteDance’s links to the Chinese state make TikTok’s usage in the US a threat to national security date back to the Trump presidency. Back in 2020, (then) President Donald Trump tried to ban the app but was blocked by the courts. It was part of a wider trade and political war with China which is still carrying on. Other apps with links to China banned by Trump in 2021, for example, included the Ant Group’s Alipay mobile payment app, QQ Wallet, WeChat Pay, CamScanner, SHAREit, Tencent QQ, VMate (published by Alibaba Group subsidiary UCWeb), and Beijing Kingsoft Office Software’s WPS Office.

Bans In Many Countries 

The ban on TikTok was extended to number of other institutions and countries including:

– The European Commission, the UK government (and the BBC), the US government banned the TikTok app from staff devices, to protect sensitive personal data, increase cybersecurity, protect against misinformation, and to protect national security.

– In June 2020, India banned TikTok and around 300 other Chinese apps from government devices.

– In 2023, the TikTok app was banned from government devices in Australia and Canada.

– Other countries with a government device TikTok ban also include Taiwan, Ireland, Denmark, and Belgium.

Many may also remember how, in March last year, the CEO of TikTok, Shou Chew, had to appear before the House Energy and Commerce Committee in the US to discuss concerns about TikTok’s consumer privacy, data security practices, its impact on children, and the app’s alleged links to China.

This Time 

This time, however, rather than facing just a government device ban, TikTok is facing a whole country ban. Worse than that, it’s the country with TikTok’s largest audience, with estimates ranging around 113.3 million to 116.5 million users.

The stark choice facing ByteDance is to now either sell the TikTok app within 6 months (thereby severing alleged links with the Chinese state) or face removal from mobile app stores in the US, effectively wiping out its biggest audience, threatening the app itself.

What Would A Ban Mean? 

Looking at the broader picture, Banning TikTok in the US completely could have a significant impact on several fronts, given the app’s massive user base and economic influence in the country. Some of the potential effects could include :

– Massive user impact (businesses and home users). With millions of active users in the US, a ban would abruptly cut off access for a large community of creators and viewers. It would affect the way people consume and create short-form video content, potentially shifting these users to alternative platforms.

– A blow to the creator economy. Many US-based content creators rely on TikTok for income through brand partnerships, sponsored content, and the app’s creator fund. A ban could disrupt this economy, affecting the livelihood of thousands of influencers and content creators.

– A significant effect on market competition and innovation. For example, TikTok’s absence could create a vacuum in the social media landscape, encouraging competitors like Instagram Reels, YouTube Shorts, and Snapchat to fill the gap. This could lead to innovations within these platforms as they vie for the TikTok audience.

– Trouble for advertisers (brands). Brands that leverage TikTok for marketing and customer engagement would need to pivot their strategies to other channels. This could reshape digital marketing trends and impact the effectiveness of social media campaigns.

– More regulations. Heightened awareness and concerns over data privacy and security issues related to social media, could lead to more stringent regulations and policies affecting all platforms, not just TikTok.

– Effects on international relations. Given the geopolitical tensions underlying concerns about TikTok’s Chinese ownership, a ban could have diplomatic repercussions, influencing US-China relations (making them even worse) and possibly affecting American companies operating in China. Some commentators have already suggested we are witnessing a kind of ‘cold war’ with China now anyway, with the US restricting things like microchips and other components in a bid to perhaps stifle the growth of what it sees as a more powerful and growing economy.

– Legal and political ramifications. Implementing a ban would likely involve legal challenges and a complex regulatory process. It could set a precedent for how the U.S. government addresses concerns about foreign-owned technology companies in the future.

All in all, therefore, the impact of a TikTok ban in the US would extend well beyond the app itself, affecting the social media ecosystem, the digital economy, and even international relations. However, the specific outcomes would depend on a variety of factors, including how such a ban is implemented and the response from users, creators, businesses, and other stakeholders.

User Revolt Reported In The US 

Not surprisingly, there have been reports in the US of congressmen being inundated with calls from TikTok users objecting to a ban. It’s also been reported that TikTok encouraged its users to call their representative to vote against the measure.

Criticisms 

The vote and proposed ban have led to other criticisms, including that from The American Civil Liberties Union (ACLU) which pointed to the app’s value to many Americans for information and communication, and describing the ban as a “cheap” political point scoring measure in an election year.

What Does TikTok Say? 

TikTok has said (on the ‘X’ platform) that it amounts to “an outright ban” and that “This legislation will trample the First Amendment rights of 170 million Americans and deprive 5 million small businesses of a platform they rely on to grow and create jobs”. 

What Does This Mean For Your Business? 

The potential total ban of TikTok in the US represents a pivotal moment not only for the app’s parent company (ByteDance) but also for a broad spectrum of stakeholders ranging from individual creators to large corporations. For ByteDance, the forced sale or severance of its largest international market could significantly impact its valuation, strategic direction, and global influence.

The loss of the US market (TikTok’s largest) would not only diminish its advertising revenue but could also deter potential investors and partners concerned about the platform’s stability and future growth prospects.

For businesses and creators that rely on TikTok, the ramifications could be profound. The US, for example, is home to a significant creator economy where individuals and businesses leverage TikTok for brand building, audience engagement, and revenue generation. A ban would necessitate a strategic move to alternative platforms, which may not offer the same level of engagement or demographic reach as TikTok. This could disrupt marketing strategies, content distribution plans, and income streams for countless users.

The competition within the social media landscape would most likely intensify in the wake of a TikTok ban. Rivals such as Instagram Reels, YouTube Shorts, and Snapchat stand to gain the most, absorbing TikTok’s displaced user base – the US may not be too unhappy about US-based company apps taking TikTok’s place. This shift could spark a wave of innovation as platforms vie to capture and retain these new audiences, potentially reshaping the social media ecosystem.

From a broader economic perspective, a TikTok ban could have ripple effects beyond well the tech industry. The platform has become an integral part of digital marketing strategies for many businesses of all sizes. The disruption to these strategies could have downstream effects on sales, customer engagement, and brand loyalty across various sectors.

Also, the ban could bring about stricter regulatory scrutiny over social media platforms, leading to increased compliance costs and operational challenges. This heightened regulatory environment could stifle innovation and deter investment in the tech sector, impacting the wider economy.

The implications of a US-wide TikTok ban could, therefore, extend way beyond the app itself, affecting the livelihoods of creators, the strategies of businesses, the dynamics of social media competition, and the broader digital and national economies. Stakeholders will now, most likely, closely monitor developments and prepare should the worst happen. TikTok has held firm and denied any Chinese state links before. Nevertheless, the US is making a powerful statement with the unanimous vote and bill proposing a possible total ban which reflects the strength of resolve now in the US. It also reflects their willingness to pile-on the pressure in what is also a political battle with what they consider as a major rival.

Tech Insight : DMARC Diligence (Part 2) : The Forgotten Domains : A Hidden Vulnerability

By Blog, News No Comments

In this second article of the “DMARC Diligence” series, we shift our focus towards securing non-sending or “forgotten” domains and outline a strategy for their protection through DMARC implementation.

Recap Of Part 1 

You may remember that in part one of this DMARC Due Diligence series of articles we laid the groundwork by exploring the essentials of the email authentication protocols SPF, DKIM, and DMARC. We learned how these mechanisms work in tandem to validate email sources, ensuring that only authenticated emails reach their intended destinations. The primary takeaway was the importance of implementing these protocols to shield email communications from the prevalent threats of phishing and spoofing attacks.

Here, in Part Two of the three-part series, we take a look at some key issues around securing non-sending or “forgotten” domains.

The Risk Of Non-Sending Domains 

Businesses often accumulate multiple domain names, yet routinely only a select few which are actively used for emails. This leaves a number of domains essentially dormant, with no emails being sent from them. These can be referred to as non-sending or “forgotten” domains.

However, their existence and registration on servers mean that even if they are dormant/forgotten, they’re still viable for exploitation and make ideal targets for cybercriminals to conduct spoofing and phishing attacks under the guise of your reputable name.

How Big Is The Problem? 

The problem of dormant or forgotten domains and their exploitation for email spoofing is significant and aligns with broader issues of email server misconfiguration and domain spoofing that impact businesses globally. For example, a KnowBe4 study (which used a domain spoof test) discovered that 82 per cent of email servers are misconfigured, thereby potentially enabling domain spoofing. Domain spoofing extends beyond email to include website spoofing, where fraudsters profit from the reputation of reputable domains, costing advertisers up to $1 million in lost revenue per month.

Recent Examples  

Examples of non-sending or “forgotten” domains being exploited by cyber-criminals include:

– As reported by Krebs back in 2020, attackers exploiting an authentication weakness at GoDaddy (the world’s largest domain name registrar) by using legitimate but inactive domains to distribute malware, including a potent strain of ransomware named Gand Crab. Despite efforts to fix the vulnerability and clean up affected domains, new campaigns exploiting these dormant domains emerged, thereby highlighting the ongoing challenge of securing unused domains against cyber exploitation.

– Just this month, Cyber Security Company, Guardio Labs reported uncovering what they referred to as a major “SubdoMailing” campaign which involved the hijacking of 8,000+ trusted domains to send millions of spam and malicious phishing emails daily. The big brands whose subdomains they reported were being exploited in the campaign included MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, and eBay.

The DMARC Solution For Non-Sending/Forgotten Domains 

As highlighted in the previous article in this series, DMARC offers a way to authenticate mail and specify how unauthenticated emails should be treated. However, its real power lies in its ability to be applied to all your domains, active or dormant. This means that by configuring DMARC records for your non-sending domains, you can effectively seal off a potential backdoor for attackers, preventing them from masquerading as your business in malicious campaigns.

Step-by-Step DMARC Implementation For Non-Sending Domains 

With this in mind, here’s an example of a step-by-step strategy for businesses with multiple domains for using DMARC to close the backdoor vulnerability that non-sending/forgotten domains provide:

– Conduct a comprehensive domain audit to identify all the domains your business owns. Next, distinguish between those used for sending emails and those that are not.

– For your non-sending domains, establish DMARC records in the DNS with an initial policy of p=none. This monitoring mode allows you to collect data on how these domains might be exploited without impacting legitimate email traffic.

– Analyse DMARC reports. Regularly reviewing the DMARC reports to identify unauthorised usage of your non-sending domains can provide insights to guide you in tightening the DMARC policy to more restrictive settings (p=quarantine or p=reject), effectively blocking malicious emails.

– Ongoing vigilance. With the cyber threat landscape perpetually evolving, getting into the habit of continually monitoring your DMARC reports and adjusting your policies as needed can help maintain robust protection against emerging threats.

What Does This Mean For Your Business? 

Acknowledging and securing your non-sending/forgotten domains with DMARC is now not just a technical safeguard but is now an essential strategy in fortifying your business’s cybersecurity posture. With email fraud now rampant, overlooking these domains could leave your business susceptible to cyberattacks, compromising your integrity and the trust you’ve built with your clients and partners.

Also, as regulations around data protection become increasingly stringent, ensuring that all your domains are shielded with DMARC demonstrates a proactive stance on cybersecurity. This not only helps compliance with laws like GDPR but also positions your business as a trustworthy and secure entity in the digital marketplace.

The protection of non-sending domains via DMARC implementation, therefore, is a crucial step in closing the security gaps within your business’s digital domain strategy.

Next Week…

Next week, in the last of this three-article series, we’ll be focusing on a detailed step-by-step guide for DMARC implementation, the crucial role of monitoring and reporting for effective DMARC management, strategies for optimising DMARC policies, and preparing for future email security challenges. The hope is that this series will provide UK businesses with insights into maximising email security, enhancing brand protection, and ensuring compliance with evolving regulations.

Tech News : New Quantum Attack-Proof PCs

By Blog, News No Comments

At its Annual Partner Conference 2024, HP announced the world’s first business PCs to protect firmware against quantum computer attacks.

This Issue 

As highlighted by Global Risk Institute research, 27 per cent of experts think there is a 50 per cent likelihood of a cryptographically relevant quantum computer (CRQC) by 2033. HP says that “when that day comes, the security of existing digital signatures on firmware and software will be in question and digital trust will dissolve.” 

If quantum computers reach a point where they can crack our current cryptographic protections, the implications for businesses, societies, and individuals could be profound and wide-ranging. For example, the consequences could include:

– Massive data breaches and privacy loss, compromising everything from financial records to private communications.

– The undermining of financial systems, enabling unauthorised access to financial accounts, manipulation of transactions, and theft of funds. This, in turn, could erode trust in digital banking and financial systems, leading to widespread economic instability.

– National security communications being exposed, thereby compromising state secrets, military operations, plus critical infrastructure, potentially altering the balance of power on a global scale.

– Disruption of digital trust systems like digital signatures and SSL certificates, which underpin the security of online communications and commerce, thereby disrupting e-commerce, undermining the integrity of digital contracts, and eroding trust in online services.

New Cryptographic Standard? 

In response to these potential threats, the security community has been actively developing and standardising quantum-resistant cryptographic algorithms. These Post-Quantum Cryptography (PQC) algorithms aim to secure cryptographic systems against quantum attacks by relying on mathematical problems that are believed to be difficult for quantum computers to solve.

However, HP says that migrating our entire digital world to a new cryptographic standard is a huge undertaking and that while software can be updated, hardware can’t. This includes some of the cryptography that protects PC firmware. HP points out that “with no cryptographic protections in place, no device would be safe – attackers could access and modify the underlying firmware and gain total control.” 

HP’s Answer 

HP’s future-proofing answer is embedding protection against quantum computer hacks in PCs at the chip level via its 5th-generation ESC chip. By isolating the chip from the processor and OS, HP says the ESC provides a hardware platform that reduces the risk of data breaches and improves productivity by preventing downtime.

Start Now Says HP 

HP points out that with typical PC refresh cycles now every 3 to 5 years (and with the wider trend towards extending the life of hardware to improve sustainability), the migration to post-quantum cryptography should ideally start now. HP says that with its 2024 ESC upgrade, the hardware will be in place to protect PC firmware-integrity with Quantum-Resistant Cryptography, thereby delivering a secure foundation ahead of upgrades to software implementations of cryptography within PCs in the future.

What Does This Mean For Your Business? 

The potential of quantum computers being capable of breaking asymmetric cryptography is placing the entire digital world at an increasing risk. For UK businesses, this threat represents both a challenge and a call to action. Research suggests that the arrival of cryptographically relevant quantum computing is not a question of if, but when, with a significant number of experts anticipating its emergence by 2033. This reality necessitates a proactive approach to cybersecurity, particularly in safeguarding digital signatures on firmware and software that underpin the trust and integrity of our digital interactions and transactions.

Currently, the security community is responding by developing and standardising quantum-resistant cryptographic algorithms / Post-Quantum Cryptography (PQC) solutions. These could secure against both classical and quantum computing threats, thereby safeguarding digital assets and communications in the quantum era. However, as HP points out, transitioning our digital infrastructure to a new cryptographic standard is a potentially monumental task, complicated further by the limitations of hardware adaptation.

For UK businesses, this means that relying solely on software updates for future protection may be insufficient. Hardware (particularly PC firmware) that is less frequently updated and often overlooked in cybersecurity strategies, presents a critical vulnerability. This is why HP believes the introduction of the world’s first business PCs designed to protect firmware against quantum computer attacks is a significant development. HP’s idea of embedding protection at the chip level through its 5th generation ESC chip could offer businesses a solution that anticipates the quantum threat and addresses the challenges of hardware security at the same time.

HP also believes its approach of isolating the chip from the processor and operating system could create a more secure hardware platform. This idea may be particularly relevant for UK businesses, where the trend towards extending the lifecycle of hardware for sustainability purposes further exacerbates the vulnerability to future quantum attacks. With the threat apparently just a few years away, HP’s suggestion of starting the migration to quantum-resistant cryptographic solutions now, as part of the typical PC refresh cycle, sounds like it could be a sensible move for businesses.

In short, the message for UK businesses is that the threat of quantum computing to cybersecurity is real and approaching fast and preparing for this issue means adopting a holistic view of cybersecurity that includes both software and hardware considerations. Although HP’s new solution offers one potential answer to quantum threats, there will most likely be other innovative solutions offered by other companies in the near future and it will be a case of businesses choosing the one with the best fit for their individual needs and budget.

Tech News : Bitcoin Value Hits New High

By Blog, News No Comments

With the famously volatile Bitcoin cryptocurrency briefly hitting a new all-time high value of $69,000 recently, we look at the reasons why this happened and what could happen next.

Why? 

This latest surge in the value of Bitcoin has been attributed to US finance giants like Grayscale, BlackRock, and Fidelity investing billions of dollars into Bitcoin, thereby driving up its value and becoming major players or “Bitcoin whales” in the cryptocurrency market.

Some reasons why Bitcoin is so appealing to them include:

– Bitcoin’s scarcity. This particular cryptocurrency has a cap of 21 million coins, of which 19 million have already been mined, thereby giving potential for high returns.

– Bitcoin ETFs offering a more accessible way for investors to gain exposure to Bitcoin, especially in retirement accounts like IRAs, without dealing with the complexities and costs of direct cryptocurrency purchases and management.

Last High 

Bitcoin reached its new high of $69,000 (on March 5, 2024), only to see its trading value fall to around $62,185 just six hours later that day. Bitcoin’s previous highest value of $68,789.63 was reached back in November 2021. At the time, the rise was fuelled by its increased adoption by mainstream finance and significant investments from large corporations and institutional investors. Also, there was heightened interest in cryptocurrency as a hedge against inflation and currency devaluation amid expansive monetary policies worldwide.

Volatile 

However, from its inception in 2009, Bitcoin’s volatility has become legendary. For example, in 2021 it saw a drop from highs of over $63,000 in April to as low as $29,000 in a few months, while in 2022, Bitcoin’s value plummeted from a high of $68,000 to below $20,000. At that time, the fall was driven partly by the broader instability in the crypto market and the collapse of TerraUSD Classic (USTC). However, many of its famous crashes have been triggered by a variety of factors, including hacks, regulatory changes, market sentiment shifts, and broader economic conditions.

General Upward Trend 

All that said, it’s worth noting that despite the many downturns, Bitcoin has shown a general upward trend and a pattern of recovery and growth over time, though the timing and trajectory of these recoveries have varied widely.

Good News For Some 

Clearly, the current high value of Bitcoin is good news for many investors, not least of which is El Salvador’s President Nayib Bukele’s national government which has followed a policy of purchasing 1 BTC daily following the FTX exchange collapse. What many may see as a somewhat risky endeavour (especially for a nation’s public funds) has seen the country adopting Bitcoin as legal tender, acquiring nearly 2,800 Bitcoins, and now having an investment that could potentially yield a 40 per cent profit! For some, therefore, El Salvador’s policy could be viewed as a forward-looking strategy that could redefine financial sovereignty and economic stability.

What Does This Mean For Your Business? 

The recent surge to a new all-time high of $69,000 for Bitcoin, albeit brief, is significant for several reasons, especially for so-called ‘Bitcoin whales’ and other business investors in the UK and globally. This peak, driven by massive investments from US finance giants, underscores Bitcoin’s appeal due to its scarcity and the potential for high returns. Also, the introduction of Bitcoin exchange-traded funds (ETFs) provides an accessible investment route, avoiding the complexities of direct cryptocurrency management.

This latest high-point reflects Bitcoin’s ongoing appeal amidst a landscape where digital currencies are increasingly viewed as a hedge against traditional financial uncertainties. However, the sharp decline in its value just hours later also highlights the inherent volatility of Bitcoin. Its history is riddled with rapid ascents followed by steep declines, clearly illustrating the risky nature of investing in cryptocurrency.

For businesses considering Bitcoin or other digital currencies as an investment, the current high represents both an opportunity and a cautionary tale. Bitcoin’s appeal lies in its decentralised nature, finite supply, and its potential to offer significant returns. Businesses attracted to Bitcoin enjoy the advantage of high liquidity and the potential to diversify their investment portfolio away from traditional fiat currencies, which may be subject to inflation and devaluation.

That said, its volatility suggests a cautious approach is best, where businesses should not invest more than they can afford to lose and rather consider Bitcoin as part of a diversified investment strategy.

Looking ahead, predicting the future value of Bitcoin and the duration of its current high is challenging with market analysts divided. Businesses should, therefore, try to stay informed and agile, ready to adapt their investment strategies in response to Bitcoin’s rapid price changes.

For businesses wary of Bitcoin’s volatility, there are, of course, alternatives in the cryptocurrency space, such as stablecoins, which are pegged to fiat currencies and offer less price volatility, or investing in blockchain technology itself, which underpins cryptocurrencies and has broader applications across industries.

All things considered, despite this latest rise being good news for some, companies may be well advised to approach cryptocurrency investment with a strategy that acknowledges its volatility, incorporates thorough research, and includes a plan for managing potential downturns.

An Apple Byte : Apple Fine and Sideloading

By Blog, News No Comments

In two recent blows to Apple, it’s just been fined £1.5bn for breaking EU competition laws over music streaming, while its latest iPhone update means allowing developers to offer their own ‘app stores’.

The Fine 

Following a complaint by Swedish music streaming service Spotify, Apple has been fined £1.5bn by the European Commission for abusing its market position by preventing developers from telling users about alternative, cheaper music services outside the Apple app store (which is illegal under EU antitrust rules). However, it’s been noted that the EC found no concrete evidence of consumer harm and Apple has said it will appeal.

The Update 

In other bad (but expected) news for Apple, in compliance with the Digital Markets Act (DMA), its latest iOS 17.4 update allows developers to offer their own ‘app stores’ (also referred to as ‘sideloading’). This means that users can download new software without going through the official App Store, and developers such as Google can now offer their own app store, which offers their own content and their own restrictions. However, developers will still have to pay a fee to Apple for installs.

Security Stop Press : Wireless Chargers Phone Hack & Fry Threat

By Blog, News No Comments

Researchers from the University of Florida have reported how VoltSchemer, a set of attacks that exploit two commonly found features in commercial-off-the-shelf wireless chargers (COTS), can give attackers control over a phone then enable man-in-the middle attacks.

VoltSchemer attacks work by exploiting voltage noises from the power supply (electromagnetic interference) to manipulate wireless chargers without the need for any malicious modifications to the chargers themselves. The researchers were able to show how such attacks were successful on 9 top-selling wireless chargers and can also alter chargers to overheat and ‘fry’ phones.

Since these attacks rely on setting up a malicious power source in a specific location, the advice is to use your own personal charging port (e.g. the one at home) or your own portable charger/plug where possible.

Sustainability-in-Tech : How Cheese Helped Extract Gold From E-Waste

By Blog, News No Comments

ETH Zurich researchers have reported discovering an effective method for recovering gold from e-waste with the help of byproducts from the cheesemaking process.

Protein Fibre Sponge 

The group of researchers, led by ETH Professor Mezzenga, have reported using a sponge made from a protein matrix (a cheesemaking byproduct) to extract gold from e-waste.

The protein matrix/protein fibre sponge was made by denaturing whey proteins under acidic conditions and high temperatures, thereby aggregating them into protein nanofibrils in a gel. The gel was then dried to create the protein fibre sponge.

The Process 

To test the protein fibre sponge, the research team salvaged 20 old computer motherboards and extracted the metal parts. They then dissolved the parts in an acid bath to ionise the metals. The protein fibre sponge was then placed in the metal ion solution and the gold ions adhered to the protein fibres.

The final part of the process was to heat the sponge, thereby reducing the gold ions into flakes. These flakes were then melted down to form a gold nugget.

How Much Gold?

The researchers reported making a nugget of around 450 milligrams out of the 20 computer motherboards using this process. The nugget was reported to be 91 percent gold (the remainder being copper), which corresponds to 22 carats.

Not Just Gold 

Despite being particularly effective at extracting gold ions, the researchers reported that the process can also be used to extract other metal ions.

How Much Gold In E-Waste? 

It’s estimated that 7 per cent of the world’s gold may be currently locked-away in e-waste and that there is 100 times more gold in a tonne of e-waste than in a tonne of gold ore! Also, for every 1 million mobile phone handsets that are recycled, an estimated 35,274 lbs of copper, 772 lbs of silver, 75 lbs of gold, and 33 lbs of palladium can be recovered.

What Does This Mean For Your Business?

The growing pile of e-waste, the fact that in global terms only 20 per cent of e-waste is formally recycled, and that so much of the world’s gold (7 per cent), and other precious metals are locked up in e-waste are huge challenges. This ingenious method for gold recovery developed by the ETH Zurich researchers which uses a cheesemaking byproduct is, therefore, very promising in terms of sustainability.

The fact that it’s also reported to be a cost-effective method (and, therefore commercially viable) is a bonus that could see it being made ready for the market soon. Another benefit of this method is its flexibility, making it useful for extracting gold from industrial waste from microchip manufacturing or from gold-plating processes. It’s understood that the scientists are also eyeing the possibility of manufacturing the protein fibre sponges out of other protein-rich byproducts or waste products from the food industry, thereby potentially widening the scope and perhaps reducing the cost of the process even more.

Although apparently effective, it should be remembered that tackling the world’s e-waste problem needs a much wider approach. For example, creating a circular economy for electronic goods where waste is minimised, resources are maximised, the environment and health are protected, while businesses and developing economies can still meet their demand, would all help. However, there’s still quite a way to go before this can happen.

Some of the actions that could help bring these necessary changes about could include more legislation and having a more digital and connected world to help accelerate progress towards sustainable development goals. This could possibly be achieved through ‘device-as-a-service’ business models, better product tracking and take-back schemes, plus entrepreneurs, investors, academics, business leaders and lawmakers working together helping create a circular economy that really works.

The e-waste challenge is significant, but as the ETH Zurich researchers have shown, innovative yet relatively simple solutions exist and could have a major impact if scaled up.

Tech Tip – Easy Batch Renaming of Files in File Explorer

By Blog, News No Comments

Renaming multiple files one by one can be tedious and time-consuming. Windows File Explorer offers a simple way to batch rename files, which can be especially useful for organising documents, photos, or project files efficiently. Here’s how it works:

– Select the all the files you want to rename in File Explorer (mouse click and drag or Ctrl + A).

– Right-click just one of the selected files and choose Rename (or press F2).

– Type the new name for the files and press Enter.

– Windows will automatically append a number to each file to differentiate them

Featured Article : WhatsApp Updates

By Blog, News No Comments

Here we look at some of the latest WhatsApp updates and the value and benefits they deliver to users.

Search Conversations By Date For Android 

The first of three new updates of significance for WhatsApp is the “search by date” function for individual and group chats on Android devices. Previously, this function had been available on other platforms (iOS, Mac desktop and WhatsApp Web).

As featured on Meta’s Mark Zuckerberg’s WhatsApp channel (Meta owns WhatsApp), WhatsApp users on Android can now search for a chat on a particular date (not just within a range). For example, one-on-one or group chat details can be date searched by tapping on the contact or the group name, tapping on the search button, and then tapping the calendar icon (right-hand side of the search box), and selecting the individual date. This feature is likely to deliver a better user experience by giving greater precision and control and potentially saving time in locating specific messages.

Privacy Boost From User Profile Change 

Another potentially beneficial boost to the privacy aspect of what is already an end-to-end encrypted messaging app is (in the beta version) closing the loophole on sharing profile pictures without consent, impersonation, and harassment by preventing users from taking screenshots within the app. If users try to screenshot a profile picture, for example, WhatsApp now displays a warning message. Although the ability to download profile pictures was stopped 5 years ago, it was still possible to take screenshots. Closing this loophole in the latest update should, therefore, contribute to greater user privacy and safety.

Minimum Age Lowered To 13 

One slightly more controversial change to WhatsApp’ T&C’s’s terms and conditions however is the lowering of the minimum age of users in Europe (and the UK) to 13 from 16. This brings the service in line with its minimum age rules in the US and Australia, and the move by WhatsApp was taken in response to new EU regulations, namely the Digital Services Act (DSA) and the Digital Markets Act (DMA), and to ensure a consistent minimum age requirement globally. The two new regulations have been introduced both to tackle illegal and harmful activities online and the spread of disinformation, and to help steer large online platforms toward behaving more fairly.

In addition to the minimum age change, WhatsApp is also updating its Terms of Service and Privacy Policies to add more details about what is or is not allowed on the messaging service and to inform users about the EU-US Data Privacy Framework. The framework is designed to provide reliable mechanisms for personal data transfers between the EU and the US in a way that’s compliant and consistent with both EU and US law, thereby ensuring data protection.

Criticism 

However, although the minimum age change (which may sound quite young to many parents) will be good for WhatsApp by expanding its user base and good for users by expanding digital inclusion and family connectivity, it has also attracted some criticism.

For example, the fact that there’s no checking/verification of how old users say they are (i.e. it relies on self-declaration of age and parental monitoring) has led to concerns that more reliable methods are needed. The concern, of course, also extends to children younger than 13 accessing online platforms (e.g. social media) despite the set age limits.

In Meta’s (WhatsApp’s) defence, however, it already protects privacy with end-to-end encryption and has resisted calls and pressure for government ‘back doors’. It has also taken other measures to protect young users. These include, for example, the ability to block contacts (and report problematic behaviour), control over group additions, the option to customise privacy settings, and more.

Competitors 

Regarding compliance with new EU regulations, the European Commission has been actively engaging with large online platforms and search engines, including Snapchat, under the Digital Services Act (DSA). Also, given the widespread impact of these regulations on digital platforms and their emphasis on data privacy and security, it is likely that Signal (a competitor), and other messaging and social media platforms, are taking steps to align with these new requirements.

Some people may also remember that Snapchat came under scrutiny last summer from the UK’s data regulator to determine if it is effectively preventing underage users from accessing its platform. The investigation was in response to concerns about Snapchat’s measures to remove children under 13, as UK law required parental consent for processing the data of children under this age.

What Does This Mean For Your Business? 

The latest WhatsApp updates, alongside the broader implications of new EU and UK regulations, herald potentially significant shifts for businesses, messaging app users, and the industry at large. These changes, encompassing enhanced search functionalities, privacy safeguards, and adjustments to user age limits, will reshape some user experiences and offer both challenges and opportunities.

The “search by date” function for Android users should enhance user convenience and accessibility, save time, facilitate precise and efficient message retrieval, plus improve user engagement and satisfaction. Businesses leveraging WhatsApp for customer service or internal communications, for example, could find this feature particularly beneficial, i.e. by enabling quicker access to pertinent information, and streamlined interactions.

The extra privacy enhancements essentially reflect a growing industry-wide focus on user security and digital safety and will strengthen individual privacy (always welcome). They also emphasise the importance of user-consent and control over personal information and should remind businesses of the need to prioritise and manage user data both in line with (evolving) regulatory standards and today’s consumer expectations.

The adjustment of WhatsApp’s minimum user age in Europe and the UK presents a bit more of a nuanced landscape. While aiming to broaden digital inclusion and connectivity, this change also highlights the complexities of age verification and online safety. Messaging and other platforms, however, must find ways to navigate these complexities, ensuring compliance while fostering a safe and inclusive digital environment for younger users.

The broader context of the DSA and DMA, along with similar regulatory efforts in the UK, signal the transformative period that digital platforms are now in and although we can all see the benefit of curtailing harmful online activities, there’s also an argument for resisting pressure to go as far as giving governments back doors (thereby destroying the privacy and exposing to other risks). Messaging apps and social media platforms, including WhatsApp and its competitors (e.g. Snapchat, Signal, and others) have known regulations were coming, probably expect more in future, and are now having to adapt to enable compliance and retain trust while introducing other features valued for users at the same time.

Businesses using apps like WhatsApp (which also has a specific business version) are likely to already value its privacy features, e.g. its end-to-end encryption, for data protection. As such, they are unlikely to oppose any more helpful privacy-focused, or improved user experience changes, as long as they don’t interfere with the ease of use of the app (or result in extra costs).

Tech Insight : DMARC Diligence (Part 1) : The Basics of Email Authentication

By Blog, News No Comments

In this, the first of a series of three articles explaining DMARC and email authentication, we look at why SPF, DKIM, and DMARC are the key pillars of email authentication.

The Issue 

Businesses face numerous cyber threats, with email being one of the most common attack vectors. Phishing, spoofing, and malware are prevalent issues, making email security a top priority.

Effective email authentication mechanisms/protocols, therefore, like SPF, DKIM, and DMARC are ways to improve email security and are crucial in mitigating these threats, ensuring only authenticated emails reach their destination.

What Is SPF? 

The SPF (Sender Policy Framework) email authentication protocol helps prevent email spoofing by allowing domain owners to specify which mail servers can send emails on their behalf, i.e. to verify the sender of an email message.

This is achieved by publishing SPF records in the domain’s DNS (Domain Name System). DNS is the internet’s system for translating domain names into IP addresses, enabling users to access websites by typing human-readable names instead of numerical codes.

When an email is sent, the recipient’s mail server checks this record to verify the email’s origin. If the server isn’t listed, the email could be rejected or marked as spam.

What Is DKIM?  

DKIM (DomainKeys Identified Mail) adds an additional security layer by attaching a digital signature to outgoing emails. This signature, verified against a public key in the sender’s DNS, ensures the email’s content hasn’t been altered in transit. DKIM’s role in email authentication, therefore, strengthens the integrity and trustworthiness of email communication.

What Is DMARC? 

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. DMARC is essentially an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorised use, such as email spoofing. It does this by allowing them to specify and enforce policies on how their email should be handled if it fails SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) checks, and it provides a way for receiving email servers to report back to the sender about emails that pass or fail these authentication methods. Essentially, DMARC is a set of rules and reporting protocols added to a domain’s DNS records to improve and monitor the security of the email ecosystem associated with that domain.

DMARC, therefore, offers a way to unify SPF and DKIM’s capabilities, allowing domain owners to define how unauthenticated emails should be handled, and it provides detailed feedback on all emails sent from the domain, aiding in the detection and prevention of unauthorised use and email spoofing.

The Evolving Email Security Landscape – Recent Changes By Email Providers 

In response to a surge in email fraud and to comply with global data protection regulations like the GDPR, major email platforms are tightening their email authentication policies. For example, Google and Yahoo recently (February) expanded their guidelines for high-volume emailers. Yahoo said: “Sending properly authenticated messages helps us to better identify and block billions of malicious messages and declutter our users’ inboxes.”   

As an indication of how serious the problem is, it’s estimated that half of the 300 billion emails sent per day are spam … to reiterate, that’s 150 billion spam emails sent each day! Google, for example, says it blocks a staggering 15 billion unwanted emails every day (spam, phishing, and malware).

The regulatory landscape, demanding higher standards of data privacy and security, plus the sheer volume of spam/phishing/spoofing/malware emails have now catalysed action in the form of platforms trying to enforce stricter measures.

For UK businesses, therefore, adapting to these enhanced authentication standards is crucial to ensure emails reach their intended recipients and to maintain compliance with data protection laws, preventing emails from being lost to spam folders or blocked.

The Necessity for DMARC, SPF, and DKIM 

For the reasons just outlined, implementing DMARC, alongside SPF and DKIM, has now transitioned from a best practice to a necessity, hence a sudden push by many platforms to verify domains. These protocols are fundamental in validating email sources, ultimately enhancing deliverability, and protecting against cyber threats. Although it can feel like an extra hoop for businesses to jump through, their adoption ensures that businesses maintain their credibility and that their communications are effectively received.

What Does This Mean For Your Business?

For UK businesses, the implications of not implementing these email authentication protocols can be significant. Without proper setup, domains are at risk of being used for email spoofing, leading to potential data breaches and loss of customer trust. Additionally, non-compliance with the updated policies of email providers can result in emails being undelivered, affecting operations and communications.

To navigate this landscape therefore, businesses must adopt a proactive approach, regularly reviewing and updating their SPF, DKIM, and DMARC configurations to combat evolving threats. This involves not only technical adjustments but also staying informed about the latest in email security practices and threats.

It’s important to remember that adhering to these email authentication standards is not merely about compliance, it’s about securing your digital communication channels. By implementing SPF, DKIM, and DMARC, businesses can significantly reduce the risk of cyber-attacks initiated via email, safeguard their digital assets, and ensure the integrity of their email communications.

Next Time …. 

In this first of three in the series, we’ve looked at understanding the basics of email authentication and its significance in the digital age, i.e. looking at SPF, DKIM, and DMARC and their importance as business cybersecurity tools.

In the next week’s (second) in the three-part DMARC Diligence Tech Insight series, we’ll be taking a look at the critical but often neglected issue of securing multiple domains, including those not actively used for sending emails. It will emphasise the importance of applying DMARC policies to these “forgotten” domains to prevent them from being exploited in cyber-attacks, offering guidance on implementing comprehensive email authentication strategies across all owned domains.