There’s no such thing as free Wi-fi…

Posted on : 28-06-2016 | By : richard.gale | In : Cyber Security, Uncategorized

Tags: , , , , , , , ,

0

Every day thousands of business travellers arrive at their destination searching for the “free Wi-Fi” sign so that they can stay in touch. What most people don’t realise is this creates an excellent opportunity for the cyber criminals to get their hands on your personal information and sensitive corporate data. We are all familiar with some high profile hacks – Sony and Talk Talk to name just a few but there isn’t a week that goes by without another hitting the headlines.  It is all too easy to see cyber security as problem only for large corporates and not something that we mere mortals have to deal with.  An expression very familiar to most cyber security experts is; “why would anyone be interested in me or my information…”

If you have a device with information stored on it, and/or you send information over the internet this is exactly what the cyber criminals are looking for! 

Remember the phrase “one man’s trash is another man’s treasure”!

Why Do Cyber Criminals Want Your Information

So why are cyber criminals so keen to get their hands on your information?  They want your personal details, your clients or suppliers’ details, your trade secrets, or simply a list of email addresses. All of these details are highly valuable when traded on the dark web. The value of a laptop maybe $600 but if you have confidential merger plans on the disk then the PC could be worth millions of dollars to a criminal or business rival.

Even if you think you don’t have any of this information you may still be of interest.

You may be a target as the weakest link and the way in to a more valuable target further up the supply chain.

How Do They do It?

One of the most common way for hackers to steal your data is to use software to intercept the Wi-Fi network at which point they can see everything on a fellow free Wi-Fi user’s screen. They can then see all the traffic travelling to and from to extract important information.

Another popular method used by hackers is to set up rogue Wi-Fi hotspots in areas where large numbers of users are likely to be searching for a connection. These hotspots can use generic names like “free Wi-Fi” to cause trusting users to connect, at which point their personal information can be collected.

The easiest way for thieves get their hands on your data is get the device itself. Home Depot and Pfizer suffered from huge data compromise due to laptops holding confidential information that had been stolen from laptops left in the back of a taxi. A recent study found that nearly half of all executives have lost a device in the past year!  It is estimated that over 2 million laptops are lost or stolen in the US each year.

It’s nearly impossible to secure against an opportunistic thief or simple forgetfulness, so it’s important to take precautionary steps..

 

 

What Steps Can You Take to Protect Your Devices And Your Information

There are a number of steps that you can take to protect your information when you travel.

Before You Go

Back Up

Save all the information on the devices that you are required to take on your trip.

Do You Need The Device/Data for the Trip

Think about the device you are taking and what information is on that device. Ask yourself are you travelling with data that you cannot afford to lose?

Be suspicious of emails you receive

Before you travel especially if they are linked to large international events.

Do not post your travel plans on any social networking site.

Many of the CEO email scams where scammers impersonate the CEO email to defraud the company happen while the executives are out of the country.

 

Whilst Travelling

Protect Your Device

Never pack it in the hold, or leave it on a hotel table while you grab a coffee.  If you do need to leave it behind then lock it away in the hotel safe. Always pin code/ password your device. Last year a report found that 50 per cent of executives had lost their device.

Install Anti-Virus Software

There are a number of mobile device security software solutions available. Install on all your devices for added protection.

Disable Bluetooth Access

When you allow access to a device via Bluetooth connection, once connected this connection stays open and data can flow freely with very little or no user confirmation. How often have you connected your phone to the Bluetooth in a hire care, when you connect your phone you can see details of the previous which if still in range would enable access to their data.

Don’t Use Public Wi-Fi

Public Wi-Fi networks are available everywhere these days. The traveller should use with extreme caution as they are often poorly protected and easily imitated by cyber criminals who set up their own “hotel” networks. The names of Wi-Fi networks are manually created so anyone can set up using any network name. Criminals might set up a network called “official hotel Wi-Fi”.  Once you click and connect to the scammers rogue network they have their hands on all of your data. Always verify with the hotel, café, airport lounge etc. that you are connecting to the official network and check that it has the padlock sign in the top bar. If possible avoid using any public network.

Don’t Use Shared Computers

Often hotel lobby’s will have some shared computers with internet access.  You have no idea how safe the network is so again avoid using wherever possible.

Don’t Do Any Financial/Sensitive Transactions

Take extra precautions whilst connecting to Wi-Fi. Do not send any financial information or business critical information whilst abroad and save it until you are back in the office safely within your secure network.

 

When You Return

Change all your password in case they have been stolen.

Look out for any suspicious emails

When The Unthinkable happens – What to Do If Your Data Is Lost Whilst Travelling

Assess – What has happened, what is the potential impact?

If your laptop has been stolen with company data on then; if it was password protected, encrypted and you have the ability to track and remote ‘wipe’ the disk then you are probably in a reasonable position. The cost will be a new laptop not a new career.

Conversely if you had sent your corporate takeover plans to Dropbox, uploaded them onto your personal un-protected iPad and lost that then the significance of loss is much higher.

Inform – Relevant people about what has happened.

Depending on what has been lost this could be your IT department, management, bank, customers, suppliers, partners, police, insurance firm and potentially shareholders.

Forward looking firms have a policy explaining what to do in this situation with contact and help points. The main point is to make sure relevant people are aware and so can help make the right decisions to minimize the consequences of loss.

Remediate – Resolve the problem as quickly and effectively as possible

Change your passwords immediately. This may help prevent criminals accessing your emails and sensitive information.

Disable the lost device if possible and wipe data from it. Track it and keep law enforcement and your IT department informed.

If you think banking/financial information may be compromised then inform your bank and accounts department.

Monitor activity. It may be useful to explain to customers/suppliers what has happened so they can monitor too. An all too common fraud is to imitate a CFO and give customers new bank account details to send their payments to.

Replace compromised, lost equipment

Review policies and ensure they are communicated and enforced

 

Losing information whilst travelling be very worrying, the main thing is not to panic. Having a clear understanding of how to protect yourself helps significantly to reduce this and the likelihood of loss in the first place.

 

Raising Awareness

The most important tool in the battle against the cyber criminals is awareness. Training is crucial in helping people to understand what the issues are, what is at stake and the simple steps they can take to drastically reduce the risk.

Develop a cyber security culture that becomes a part of everyday corporate life whether in the office or on the road.

5 Minutes with Isabella De Michelis Di Slonghello, founder and CEO of Hi Pulse

Posted on : 28-06-2016 | By : richard.gale | In : 5 Minutes With, Featured Startup, Innovation

Tags: , , , ,

0

Isabella De Michelis Di Slonghello, CEO and founder of Hi Pulse, a fintech firm focusing on privacy preferences management. Isabella previously was Vice President for Technology Strategy at Qualcomm.

What gets you out of bed in the morning?

I’m a Mum on duty and an entrepreneur launching a new technology business. It’s a real challenge to match and deliver on both fronts. As (at High Pulse) we are in the development phase of the product and it’s an internet service, which will boost consumers privacy, I have taken a lot of inspiration in talking to my children when we designed the requirements. Not surprisingly, they returned very constructive feedback showing they are fully aware of the internet economics and of the so called free-internet model functioning. They are 9 and 13 years old. So I take this as a good sign of maturity of how younger generation are looking at the internet: a wonderful experience on condition to remember what the rules of the game are.

For several years you have worked in Government Affairs… the EU is now taking major steps to strengthen data protection, such as the GDPR – what changes should we expect in the next couple of years? In your opinion, is GDPR sufficient?

I consider the adoption of GDPR a pivotal step in the construction of the digital world of the future. Many are the challenges to its implementation, however the goals set forth in the Regulation are achievable and companies shall start immediately looking into what the new requirements set. I hope other jurisdictions in the world will get inspired from the GDPR. I sense that some players in the market may feel uncomfortable with some of the provisions and in particular, with those which relates to “enforcement”. However, a strong enforcement scheme is what will trigger a much more solid and consumer friendly environment and this is really highly welcome.

Based on your experience as Vice President and Managing Director at Qualcomm Europe and VP Technology Policy Strategy (EMEA) at Qualcomm Technologies, what advice would you offer to women aspiring to leadership positions within the IT/tech industries?

Leadership positions are always open for women who want to take on opportunities in IT/tech as in every other industry. But it requires a high level of commitment, a great dose of energy and the openness to understand that finding a mentor and building your own network of influence are as important steps as distinguishing yourself by skills like executing, partnering and communicating.

In your opinion, how can we get more girls into IT?

It’s a public policy imperative. Computer science programming should become a basic competence from elementary schools onward and be taught to boys and girls at the same time. There would be lot more girls in IT if coding would be treated for what it is – a basic learning tool like, maths and physics.

Which tech innovations/trends are you the most excited about?

Bringing internet connectivity to the next 4 bn people in the world is one of the greatest objectives which I would like to see realized in coming years. Technology innovation in that space has lot of potential. Applications in personalized health have also strong potential. I expect big data to be a big contributor to future trends and financial technology to really take a boost in coming years.

Hey, Let’s Be Careful Out There!

Posted on : 10-06-2016 | By : Maria Motyka | In : Cloud, Cyber Security, Data, Innovation, IoT

Tags: , , , , ,

0

In the context of accelerated digitisation, especially the adoption of innovations in the areas of cloud computing, IoT and the growth of social networking, as well as with increased mobility of the workforce, organisational security and risk management need to be rethought.

The way we work is constantly changing; according to recent research by Gartner, within the next 1.5 – 2 years, ’25 per cent of corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls’. Digital users now spend 30% of all connected time, 2 hours a day, on social media (Global Web Index) – let’s not fool ourselves, some of it (whether it’d be using the seemingly innocent Messenger app or the boring meeting savior Instagram) is within the office environment. And it’s definitely not just the Millennials who are guilty of the Social Media at work crime! The Bring Your Own Device (BYOD) trend is also becoming more and more popular, even within the traditionally conservative work environments (employees who get to work on their own laptops/tablets are said to be happier and thus more productive than the company devices-strained ones). While (according to Code42’s 2016 Datastrophe study) 87% CIO and CISOs claim that their companies have a clearly defined BYOD policy in place, a shocking 67% of knowledge workers (organisation’s end users) disagree (Infosec Magazine). When things go wrong and the freedom to connect/work anyplace, anytime compromises organisational security, it is the company that takes the hit.

At the same time, organisations often primarily rely on CXOs to deliver enterprise security, managing the increasingly sophisticated threats, in times when companies (and devices used by employees, often at work and at home) are being constantly compromised. This is not sufficient. All employees, across all functions, are responsible for securing the organisations they are part of. As highlighted by Gartner in the Managing Risk and Security at the Speed of Digital Business report, it is crucial for organisations to apply resilience to not only processes and technology, but also people. We cannot afford to overlook the ‘human’ element of security. Best practices include regular training and digital security awareness campaigns for everyone, as well as extending protections to company’s employees within their home environments (Gartner), in response to the blurring of the tech we use for personal and professional purposes, as well as the flexible work trend. Gartner proposes a ‘people-centric security’, which is about aiming for a perfect balance between protecting the company with the need to allow increased employee agility and adopt new and often risky new tech to stay competitive.

For now, it seems like ‘seeking’ a balance and regular employee education is the best companies can do.

Laptops and smartphones get and will get lost or stolen (whether in a club on the way to work). Data which is stored on or can be accessed through these devices can often be worth a thousand times more than the actual device. This is not an exaggeration; one obvious example being the infamous iPhone, which stirred the Apple-FBI encryption dispute. Moreover, the punishment doesn’t seem to fit the crime – charges for stealing a phone or a laptop usually fail to take into account the value of potentially compromised data. This is going to have to change in the future, especially when the devices we carry will store more and more data (not only confidential due to being work-related but also highly intimate, for example health-related).

Striving for the sweet spot between data security and taking advantage of the opportunities offered by the new tech/following the new working trends also means being clever about WHAT to protect. Not all data needs to be equally secure. As stressed by Richard Gale during ISITC’s General Meeting‘s security panel, companies need to focus on protecting their ‘crown jewels’. Utilising cloud tech and allowing employees the freedom to work flexibly won’t stop you from identifying and investing in protecting crucial data. Detection and response is yet another element which ought not to be overlooked. What would be the worst-case scenario and what your organisation do if the CEO’s mobile phone/laptop went missing? What steps is your company going to take if a Social Media app sends out phishing messages to employees? While it’s impossible to perfectly protect all the data, it’s worth having an action plan for when things go wrong.

Let your employees bring your own devices and go on, embrace the cloud – when doing so however, train, educate, invest more in protecting what’s most valuable and be prepared for when data does get compromised!

 

Talking about BYOD and training your employees about how to be digitally secure – a few months ago we shared a Cybersecurity Manual with 10 hands-on security tips, which you can read here.

5 (or 10) Minutes With Nektarios Liolios, Co-Founder & CEO at Startupbootcamp FinTech

Posted on : 10-06-2016 | By : Maria Motyka | In : 5 Minutes With, Finance, Innovation

Tags: , , ,

0

You were part of the fintech innovation before the phrase ‘fintech’ even existed – can you please tell us about your early ‘fintech’ experiences?

I was part of InnoTribe – a non profit initiative set up by SWIFT in 2009. We considered it to be our responsibility towards our members (banks and national institutions) to educate them about technology changes.

First, we initiated InnoTribe Sibos, the big thought-leadership conference and after that, little-by-little, we started introducing new things. We launched our innovation projects, looking at working with startups to build solutions for the community and set up the InnoTribe Startup Challenge – my baby, which started as an experiment. We talked to the bankers, the consultants, business providers… who we didn’t talk to was the startups. Therefore, we decided to organise a competition where the main prize would not be money or funding but access to the industry experts and knowledge base.

This was how I got into this and how my life started gradually shifting from being in a very corporate job within the industry to this beautiful space which operates between the corporate financial industry and entrepreneurship – Startupbootcamp Accelerator.

 

What is it like to work at Startupbootcamp? Which element of your work excites you the most?

I left SWIFT to work in fintech because I got really excited about working with entrepreneurs, who have a great vision and take risks to execute.

This environment is completely opposite to corporate life; you don’t see organisations taking many risks, you don’t see organisations executing fast. I find it hugely inspiring to engage with entrepreneurs who come with the most amazing propositions, seeing the ones who have the hunger to execute their vision, who know that as a startup you need to act fast, you need to be open to feedback…

The other side of my job that excites me is being able to have ‘my’ involvement in industry by doing things differently. Our programmes (Fintech and InsurTech) are funded by organisations, which understand the importance of innovation and have both the appetite and the capabilities to execute.

Working with banks and insurers who are smart in the way in which they approach innovation, who actually do not just talk, as many do, but DO – is actually as exciting as working with entrepreneurs.

nektarios

During your time at Startupbootcamp, the company launched FinTech programs in London, Singapore and New York, as well as an InsurTech programme in London – what are the key differences between the current state of FinTech adoption and FinTech opportunity in these metropolites? Which cities are next – do you have plans to launch programs elsewhere in the nearest future?

There are not that many differences between these cities. Across all of the programmes we don’t see as many payments innovations anymore, a lot of it is focusing on wealth & investment management, they all have the same startup ecosystem, the financial industry, a good pool of mentors to draw from.

Perhaps one thing worth mentioning about Singapore is that when we launched it, we were the first programme, the first FinTech accelerator and this was only 18 months ago! When you look at the landscape now there is about a dozen of them. This shows that the market is big enough and the appetite is big enough for there to be multiple initiatives.

New York is probably a bit more arrogant. Entrepreneurship, or at least the methodology, has originally come over from the US, so there is a perception of saturation, which actually does not reflect the reality. We still manage to attract amazing startups and partners.

We are working on three more programs and I can’t currently yet disclose the details but what I can reveal is that we are now also looking at some emerging markets/locations. We hope to launch additional programmes within the next three months if all goes well.

The New York issue opens up an interesting conversation…

What frustrates me is that people look at what FinTech accelerators do and compare them to traditional startup accelerators, working with e-commerce propositions or apps they could put on app store and which will sell the next day.

With FinTech it does not work like that. It is a regulated industry, you need to collaborate, your customers are the distributors. Therefore the key thing we are trying to achieve with accelerators is not so much to achieve funding for startups – funding happens if a startup is good. Our goal is to offer startups the opportunity to test and validate their proposition with a bank or with an insurer; they need to prove that whatever is built is going to be used. Starting a pilot during an accelerator programme and proof of concept are more important than raising a quarter of a million or half a million in so early stage.

In the US when you talk about startups in general success is measured by how much money is raised.

 

Over the last two months, Startupbootcamp FinTech team visited Tel Aviv, Dublin and Turin with the FastTrack tour. Could you please tell us more about the events and the initiative?

FastTrack is an initiative to attract startups to join the programme. These one day events are very informal and startups apply for them locally. We have put together a small community of great local mentors, with whom the startups can spend some quality time together and receive feedback to their business models – so there is value that is added to them. If we see a startup that we really like, we fast track it to the final selection. Right now our FinTech London applications close on 26th of June and we are looking for more FinTech startups to apply to find the best 10 hidden gems.

This is really for us to meet the founders in person. Everyone who works within this space will agree: the team is more important than the product. You need to meet the founders, spend some time understanding their vision, you need to see how ‘coachable’ they are, how open they are to feedback – all of this has an impact on how attractive they are to a programme.

What I find interesting is that sometimes, when we go with a fast-track tour to a certain location, it’s the first time anybody has put a FinTech group together. When we did the very first FastTrack in Beijing, about three years ago, nobody had been to Beijing before to talk about FinTech.

 

What needs to be done to build a stronger bridge between the startup community and the financial industry?

What we do very much focuses on that, this is really the key thing an accelerator does. I think that despite the few people who do something like us, there is still a lot of need for ‘translation’ – banks have certain assumptions, startups have certain assumptions and often there is nobody in the middle to have them speak the same language.

When we talk to the banks, we try to get them to understand that a startup cannot operate according to their requirements. When they say: We like what you do we’ll come back to you in six months, the banks need to understand that startups do not have enough money to last for six months. That is why they came to the bank now. Equally, if a startup has a first conversation, if they have a proposition and the bank says ‘I like it’, they also need to understand that even with the best intentions, a bank cannot start using a startup’s technology within the next two weeks, because of procurement processes and diligence – a lot of it is about understanding each other.

Another aspect is that there is a lot of nonsense in B2B to be frank about it. Banks often pretend to be doing something meaningful when they’re not. It’s crucial for banks to understand what they need -the value they will get from the startup innovation.

What they will see in the programme is not what will change the direction of a company. It is about experimentation, R&D. If they like a startup and run a proof of concept, one day it might be relevant for the bank. There is also the assumption that ‘we’re going to set up a fund, and do all things FinTech – this is a bit naive and just  the way it is presented to the outside.

 

Which tech innovation do you predict to be the next big thing? 

Everybody wants to know that and nobody really does! I think one of the things that is important is that because nobody really knows, it is about trying new things, seeing what works, where things don’t work.

Of course I will mention blockchain – everyone talks about it being the next big thing but no one knows how it might manifest itself. The underlying principle of this technology has great, transformational potential and slowly we’re starting seeing real propositions. Around 25% of the propositions we receive are blockchain-based. It is a large number, 80-100 applications per location. Out of these, if we are lucky, we might get 1 into the programme. A lot of it is noise, it is people being excited about the tech, but people who are not focused on solving a business problem (which is what a good startup should be doing). We however started seeing startups which are looking at more niche aspects on banks’ challenges and propose blockchain as a solution.

In the security space proxy voting is a big problem. It’s a process that hasn’t been touched by any kind of innovation for 40 years and blockchain is exactly the type of technology that can help the based proxy voting problem, yet no one offers such innovations.

Blockchain is exciting, bigdata is exciting. Yet who knows what is going to come tomorrow?

 

You are known to be a big shoe fan. How many pairs of New Balances do you currently own? 

I don’t have a precise number, I’ve got about 200 pairs:)