You cannot be serious….

…yes you can and you must be. But serious about what? About your passwords, that’s what. Like many others, I’ve been banging on about passwords for years and years and years. From a company that would put a new laptop on a desk for the user with the password on a post-it note attached to the lid to companies that shared passwords by email to people using easily guessable passwords the whole issue of password security is not going away.

And it’s causing major problems and financial loss.

In 2019, 80% of all data breaches which resulted in financial loss, were the result of compromised passwords whilst IBM have stated that the average cost of a data breach to businesses in 2020 was $3.86m so you can see stealing passwords (and other information) is big business.

But this post is not about the physical stupidities like leaving passwords lying around it’s about the passwords you and I use that are part and parcel of our day-to-day web access.

Every year a company called NordPass* evaluates the latest password data across 50 countries. They get this by examining a database of 4TB of data, all of these passwords have been nicked, stolen, and hacked. These security breaches are the result of hacking, phishing and other “nocturnal” cyber activities.

Passwords, credit card numbers, bank account details, usernames, dates of birth and other details are made available for sale on the Dark Web and this is where NordPass gets their seed data.

The Most Common Passwords 2021

And it seems that in 2021 little has changed. The most common passwords they found were

  1. 123456 (used a staggering 103 million times)
  2. 123456789 (46m uses)
  3. 12345 (33m uses)
  4. qwerty (22m uses)
  5. password (21m)
  6. 12345678 (15m)
  7. 111111 (13m)
  8. 123123 (10m)
  9. 1234567890 (10m)
  10. 1234567 (9m)

All of the above would be cracked in under one second. That’s how secure these passwords are

Apparently a “stunning” number like to use their own name – “Charlie” being the 9th most popular password in the UK whilst popular music acts and sports also have their own claim to fame. “Onedirection” being popular, along with “Liverpool” whilst in Canada “hockey” was the top sports related password and “dolphin” was number one amongst animal related passwords.

NordPass have mapped the data too and, according to their data 187,219,153 passwords have “leaked” from the UK, that’s an average of 2.785 passwords per capita.

How should you formulate your passwords?

Passwords should be 16 characters or more – a M1xture! of UPPER case, lower case, numbers and characters and should NOT be used for more than one account. They should not use ANY personal information, no address details, no phone numbers, no pets names in fact nothing that can be gleaned from social media and day to day interactions

Challenge to remember? You bet. Difficult to crack? Most certainly. According to How Secure is my Password 45Erp!VBN?1869y& will take 41 trillion years to crack.

I have over 250 passwords that I use so I have to use a Password Manager to store them. I use LastPass but many others are available, including NordPass’ own, and some are free. I suggest, though , that you use one that can synchronise across all of your devices, PCs, Macs, tablets, phones etc so that you always have your passwords with. A good Password Manager will not only store your passwords very securely but should also create secure passwords for you.

Go ahead and test your passwords using their secure tool.

I might not be a cyber security expert – but I know quite a bit and know some very good ones so if you need some help with your cyber security, your SEO or any other element of your online marketing activities then why not kick things off with a free consultancy session, drop me an email or just give me a call on 01793 238020 or 07966 547146.

In the meantime, be safe out here. The World Wide Web can be a dangerous place

*NordPass have a vested interest in password security – they sell a Password Manager

What does your Phone Number tell people about your business

For years and years the Americans have been very clever with phone numbers, using words to make them memorable, 1-800-468 3647* is quite tough to remember, but using the letters on a phone pad it instantly becomes 1-800 Hot Dogs, which is far more memorable. I also reckon that it made for quite a fight between businesses and telephone companies for the best numbers. The best we seemed to manage in the UK was the fight for “special” numbers – such as 0800 123123

And then came the mobile phone explosion, and the numbers you used were the ones handed out by your mobile phone company, there was no choice. Well, there was, but you had to hunt it down and “special” mobile phone numbers were expensive, because the providers knew the value.

For a long time, companies would display both landline and mobile numbers – and quite a few still do. However, for the last 5 years (maybe more) I have noticed that a lot of companies only use their mobile number. This is possibly sole traders and other businesses who work from home, or a home office. It enables them to easily keep business telephony separate from private. I’ve worked with many people who have 2 mobile phones, 1 for business and the other for personal calls.

A sign written van with just a mobile phone number

I’ve noticed that more and more sign written vans only have a mobile number on them, and in my opinion, this is a missed opportunity. And there are still people who won’t trust a company that only uses a mobile number simply because it used to shout “rogue trader” or similar, a company lacking any form of physical base.

Why should a mobile only number be a missed opportunity?

Simply put, a mobile phone is harder to remember than a geographic number. Mainly because we are familiar with geographic numbers, the one for our region for example. We might also be familiar with surrounding regional numbers and those from the major cities too, 020 for London and 0117 for Bristol for example). This familiarity makes a landline number easier to remember because all you have to do is remember the region and a 6 or 7 digit number (Swindon 123456 for example).

And this is the next benefit. If I see a tradespersons’ sign written van and it has a landline and mobile number, I’ll instantly know whether they are local to me, or “just visiting” and I’ll be far more likely to contact a local trade than one based elsewhere.

But landlines have their own issues too. If you change phone providers, move from one exchange region to another or move from one office to another you may not be able to “take” your landline number with you. This means you’ll have to update websites, your Socials, letter heads, compliment slips, business cards etc. Which is a very good reason for just using a mobile number.

Is there a better way to use phone numbers?

Get an IP (Internet Protocol) phone number. An IP number is a virtual phone number. It’s not associated with any telephone exchange but is based in the Internet. You can have a physical desk phone (but you need one that’s IP Phone capable, not a cheap £10 phone from Amazon). You can use your PC/Laptop/tablet instead. Simply set up an IP Phone App and configure it correctly, have a headset and microphone (Bluetooth is great) and your “good to go”. You can even take IP calls on your mobile phone, yes really. I’ve used a Sipgate number for more than 10 years now. 01793 238020. It’s moved with me from an office, to working from home and then when I got a different office it “came” with me too. I could have gone with Vonage, who offer a similar service. If you are a larger business, you might need something more sophisticated, and there are plenty to choose from and now the Video Conference provider, Zoom, has launched a very competitively priced IP Phone service too. Read about IP telephony on the Money Supermarket website.

And, best of all, when you move location you don’t have to do anything at all. Your phone number comes with you, wherever you choose to go. All you need is an internet connection.

You could even get an IP phone number for the next town/city that you want to expand in to, giving you a virtual presence there and making it even easier for potential clients to contact you.

If you need help with your telephony then I probably know enough to be able to point you in the right direction and if you need assistance with your SEO, Email Marketing, Social media or any other type of online marketing activities then I can definitely help you so you really should get in touch – even if it’s just for a free consult. You can call me on 01793 238020 or 07966 547146, email andy@enterprise-oms.co.uk or book a slot using my calendar and we’ll take it from there

*(1-800 being the US equivalent of a free phone number, known in the States as a Toll Free Number)

National Cyber Security Month

October is National Cyber Month.
What is National Cyber Security Month?

National Cyber Security Week

Threats of Cyber Crime from Cyber Criminals continue to increase and we all need to be increasingly alert and focussed on the threats, the impact they could have on our lives AND the things we can do to minimise the risk to ourselves and our businesses.

National Cyber Security Month 2021 has the overarching theme “Do your part. #BeCyberSmart” and looks to empower individuals and businesses to own their role in protecting their part of cyberspace.

If we all do our part then we will all benefit from a safer place to live and be in a safer place to do business. Not only that but we’ll also be denying the cybercriminals the space they need to extort, employ fraud and generate the money they lust after.

USer name and password box

How can we contribute?

We can all look to implement stronger/better security practices such as not clicking links in emails, not opening emails from people we don’t know or even opening emails we weren’t expecting. We can install security software on our phones, our tablets and our computers. We can use stronger passwords, and make sure we use unique passwords for EVERY application.

Each week, National Cyber Security Month will have a different focus, starting with Week 1 – Be Cyber Smart

Week 1, Starting October 4 – Be Cyber Smart

Hacker, tilting his hat

Our lives are increasingly intertwined with the internet and the World Wide Web. Pretty much all personal and business information is stored on internet connected platforms, from banking to social media, from email to SMS, from phone and video calling to watching TV and listening to music and beyond. The internet simplifies some areas of our lives and makes it more complex in others but the one, overarching common factor, is the need for a strong level of security to keep our data safe.

That’s why Week 1 of National Cyber Security Week focuses on the best security practices and “cyber hygiene” to keep our data safe, owning our role in Cyber Security and starting with the basics. That includes using unique, strong, passwords and making sure that we use multi-factor authentication (2FA) where it’s available, preferably avoiding SMS (text Message) authentication where possible.

Week 2, Starting October 11 – Fight the Phish – Trust No One

Phishing attacks, where emails and text messages are sent containing web links encouraging you to click the link, visit a website set up by cyber criminals and enter your user names and passwords are still on the increase. Why are they on the increase? Because they work. People see an email that purports to come from their bank, HMRC, DVLA, Post Office, BT etc. and are given a warning claiming that the recipient needs to do something NOW or they will be locked out of their account, will be arrested, won’t have an order delivered …. or one of many other ruses. You click the link and either have malicious software sent to your computer without your knowledge and approval or give away user names and passwords to cyber criminals, enabling them to access your personal accounts and to steal from you.

The X-Files mantra of “Trust No one” applies here. Any email that contains a request for such information should always be approached with caution and, if you have even a small inkling of concern, then simply open your web browser and visit the website of the sender to check out the veracity of the email.

Week 3, Starting October 18 – Explore, Experience, Share

Week three focuses on the National Initiative for Cyber Security Education (NICE), inspiring and promoting the exploration of careers in the cybersecurity sector. Whether you are a student or a veteran or seeking a career change, this week is all about the exciting, ever changing, field of cyber security, a rapidly growing business sector with something for everyone

Week 4, Starting October 25 – Cybersecurity First

The last week of National Cybersecurity Month looks at making security a priority. Actually taking a Cyber Security First approach to designing and building new products, developing new software, creating new Apps.

Make Cyber Security Training a key part of onboarding when taking on new employees (and, at the other end, making sure that technology rights are revoked when people leave organisations).

Ensure that your employees are equipped with the cyber secure tools that they need for their jobs. If you practice a BYOD (Bring Your Own Device) policy, allowing employees to use their own phones, tablets and computers then you need to ensure that the cyber security deployed is as strong as that on equipment that you provide.

Before buying new kit, or signing up to a new service, do your research, check the security. Is it secure enough? Can it be made more secure? Can it be remotely wiped? Who has control? All of these questions, properly answered, will ramp up your cyber security defences and help keep the cyber crims at bay

When you set up new equipment, that new phone, tablet or laptop, I know it’s exciting but please invoke the Cyber Security first, don’t leave it until last – it might be too late. Make sure default passwords are replaced with something secure and lock down those privacy settings.

Cyber Security MUST NOT be an afterthought. If it is, you could find yourself paying the price

And if you need some help, you can always ask me. I might not know the answer but I know people in the Cyber Security industry that I can put you in touch with. Email andy@enterprise-oms.co.uk, phone/message me 07966 547146, call 01793 238020 or message me on Social Media and we’ll get it sorted.

Passwords are not just for Chrismas

Wow, what a year. One thing’s for certain, 2020 is one year that will never be forgotten. Covid, Lockdown, Furlough, words that have been added to the canon of speech this year. And, to cap it all, Christmas is just around the corner and the world is still full of massive levels of uncertainty.

Whether you are working from home, #WFH, working in an office or still out and about I know that as Christmas approaches the big wind-down starts to feature in our minds.

Nothing wrong with looking forwards to Christmas but it’s important that you don’t allow your Cyber Security guard to fall too.

Andy, checking out websites as part of his work

Why not? Simply because the hackers and cyber criminals won’t – if anything they’ll be upping their activity because they know that our minds will be on other things. In previous years we’d have been looking forward to Christmas Markets, Christmas parties, gifts, food, television and everything else that’s associated with the season of goodwill.

Our vigilance MUST remain high, both in the office and when working from home. Keep your eyes open for suspicious looking emails, especially those coming from unexpected quarters, with messages that promise much, such as tax refunds or deliveries of items you don’t remember ordering. Also beware of emails with links to websites that look OK but in reality will do harm.

It’s also a good idea to take a fresh look at your password security. Turkish researcher Ata Hakcil analysed more than 742m passwords that have been revealed in data breaches (hacks) that turned up on the Dark Web. Ata went on to make a worrying number of discoveries.

Of the 742m only 169m were unique which just goes to show how frequently we reuse passwords and how many passwords are used by a lot of people.

Worst passwords of 2020

Unfortunately, not a lot has changed over previous lists

  1. 123456 (same place as 2018 & 2019)
  2. 123456789 (up 1 place) (same as 2019)
  3. passwords (up one place on 2019)
  4. qwerty (a fall of one place on 2019)
  5. password (slips two places)
  6. 12345678 (up 1 on 2019)
  7. 123123 (a new entry)
  8. 111111 (up from No. 10 in 2019)
  9. 1234 (yes, I kid you not, 1234)
  10. 1234567890 (a new entry in this Top 10)

Disturbingly, at least 1 in 10 people have used at least one of these poor passwords – I hope you’re not one of them.

Data breaches are inevitable. To be as secure as possible you need to use strong, unique passwords for each individual account that you have. This makes the theft of one password much less of a disaster than if you use the same (or close variant) across all of your accounts.

What’s a Strong Password?

A strong password isn’t a word at all. The best ones are passphrases comprising of a random combination of words with 12 characters or more, using mixtures of alphanumeric, UPPER & lower case characters and symbols.

Think of a nonsense phrase, or even a line from your favourite song. Science Friction Burns My Fingers for example. Noe, run the words together, use hyphens, underscores and number substitution.

Sc13nce-fricti0nBurnsMy_Finger5%

That’s one password – you need a unique one for EVERY account that you have. Now, that’s a challenge to remember so you need a password manager. Because of my work, I have access to 789 accounts of one sort or another and I have 789 different passwords. Obvious there’s no way I could remember all of those – I struggle to remember 4 important ones which his why I use a password manager. Not only does it store all of my passwords in a safe place it also generates new, random, ones for me.

Top 10 Password Managers

There are loads of great password managers out there. I use LastPass because it was one of the first to integrate with my browser AND be available across all of my devices, desktop, laptop, Chromebook, phone and tablet.

TechRadar recently reviewed Password managers and their top 10 free and paid-for password managers is as follows

  1. Dashlane
  2. NordPass
  3. RoboForm
  4. 1Password
  5. LastPass
  6. Keeper
  7. BitWarden
  8. LogMeOnce
  9. mSecure
  10. ZohoVault

You TechRadar’s reviews here. And don’t forget, your web browser probably has a password manager built in and may even generate new ones for you but it may not synchronise across all of your devices

And PLEASE, if this applies to to you – STOP USING PASSWORD or 12345678 and use one of the above instead

Have a great Christmas, a happy new year and I look forward to communicating with you in the new year. If you need any help, please, just ask. You can reach me by phone – 01793 238020 – email – andy@enterprise-oms.co.uk or just hunt me down on Social Media.

Staying in touch with clients and teams – the digital transformation.

Video Conferencing in Russia
Video Conferencing in Russia

For years, technologists have been promoting digital transformation, using technology to communicate rather than having to attend endless, often pointless, meetings. Corona virus, lock-down and working from home has really pushed many businesses to take a fresh look at the options available to them.

Lock-Down means that a lot of us are having to work very differently, working from home, whether from a home office, the dining table, the kitchen table or a bedroom dressing table or a shed at the end of the garden it’s all quite new.

There’s no doubt that as a result of this forced, rapid, transition, many of us will find that continuing to work from home is far better than commuting to an office, warehouse, workshop or other business location. And, in the long term, everybody wins. No commuting means time saved, no travelling to meetings means time and travel costs saved and no travelling is much much better for the environment too. It also means we get to spend more time with our families.

One to one video conferencing

There are a number of platforms that will help you to do this. Simple platforms such as Skype and Messenger are familiar to a lot of people, Google Hangouts and Microsoft Teams are also in pretty common use but they often lack some of the features that make video-conferencing much easier.

Video Conference Options

Video Conference comparison

The key features that I look for include

  • Maximum permitted meeting length
  • Screen sharing – so that I can share presentations etc.
  • Recording, can the session be recorded so that I can share it with the delegates for them to refer back to?
  • What services do the free accounts NOT have?

As an example, Zoom, which has really increased in popularity over the last couple of months has a Free account that allows video conferences of any length with 2 people but this drops to just 40 minutes for 3 or more but does permit screen sharing. However, there are concerns over the security of Zoom.

To overcome this, the Zoom Pro account at £143.88 + VAT annually increases the meeting length to 24 hours and provides 1Gb of cloud storage,

Webex, a Cisco product, is more secure. The free account limits the number of people in your call to 100, places no limits on meeting length but does not offer any recording and does not offer screen sharing.

The Webex Small Teams account, £135.00 + VAT PA adds screen sharing and recording to the free account.

Other providers of similar services include

If you want any help with your digital marketing please don’t hesitate to get in touch for an informal chat by email (andy@enterprise-oms.co.uk) by phone (01793 238020) or ask me on Social Media – Linkedin or Twitter and I’ll be only too happy to talk.Thanks for reading and I hope you stay well

Ring Me:      01793 238020      07966 547146
Email Me:    andy@enterprise-oms.co.uk
Find Me:      Linkedin     Twitter
Visit Me:      Bowman House, Whitehill Lane, Royal Wootton Bassett, Wilts, SN4 7DB

*Unfortunately, I can only offer this opportunity to businesses based in the UK. For international customers, my standard consultancy fee of £60.00 applies (paid in advance)

Living through Corona virus times

Times are tough, I know but having worked with companies through 3 recessions I know that some will thrive, some survive and others go to the wall.

Some will fail no matter what they do but for a lot of companies there are alternatives.

You can accept the status quo and roll with the punches OR you can fight for your survival.

My experience is that those who fight for their survival will come through the current situation fighting fit and with a great chance to thrive because they will be better than they were and they’ll be ready to leap on opportunities that have been left begging by those who simply accepted the status quo.

So FIGHT for your business and if I can help – get in touch.

Book a free 40 Minute, remote, consultancy

I have demonstrable success in the fields of SEO, Social Media, Email Marketing and much more.

All you have to do is get in touch for a free chat by LinkedIn message, email (andy@enterprise-oms.co.uk) Zoom, Webex, Skype etc

Ring Me:      01793 238020      07966 547146
Email Me:    andy@enterprise-oms.co.uk
Find Me:      Linkedin     Twitter
Visit Me:      Bowman House, Whitehill Lane, Royal Wootton Bassett, Wilts, SN4 7DB

*Unfortunately, I can only offer this opportunity to businesses based in the UK. For international customers, my standard consultancy fee of £60.00 applies (paid in advance)

Corona Virus & Marketing

SEO, Email Marketing, Blog, Video and Social banner

Even with Corona Virus you shouldn’t make knee jerk decisions with your marketing budget.

Remember, In the middle of the storm it can be difficult to see anything but chaos but the storm will pass. Your best defence is to do everything that you can to still be standing when the storm passes.

The purpose of this post is to give you some marketing things that you can be thinking about during these troubled times and to make an offer that will save you £50.00 on one of my services so that your website can come fighting fit on the other side of the Corona Virus pandemic.

When I was working as a business consultant during the 2008 recession I heard of many businesses who chopped their marketing budgets as a reaction to the turn-down. They then wondered why they weren’t attracting any new business and as their competitors recovered they were left behind.

Businesses that I was working with at the time recognised that there was an opportunity to step in to the gap left by companies which appeared to have disappeared. They took more considered action, reduced their marketing budget and put plans in place to ramp marketing back up once it was clear that the recession was coming to an end.

This put these clients in a prime position and they went on to prosper.

In these troubled times this is the action that you should consider. I know that times are dark, and likely to get darker, but if we don’t think positively and plan to still be here when the Covid-19 pandemic recedes then I know that some of us won’t be in business when that time comes around. 

The role technology plays in business continuation

Working from home, and in self-isolation, will be new to many people. Technology will have provided you with an opportunity to work from wherever you, and your staff, are with the only requirements being a device (desktop/laptop, phone or tablet) and an internet connection.

Cloud based audio and video conference solutions help maintain teams and enable client communications. SkypeMicrosoft TeamsZoomWebexSlackWhatsApp and more prove both free and subscription options to communicate, train, make presentations and simply remain in touch.

As more of us work form home it’s likely that online search behaviour will change as more people mix business searches with personal during their working day.

How will your business cope? 

As with any crisis, how your company responds is key, are you calm and taking action or are you panicking?

Either way, here are a number of things that you can be working on when faced with the current situation

Stay ahead of your competition

If you pause your marketing activities and your competitors don’t who do you think will be in a prime position when things begin to improve? Stay in touch with your clients using eMail, Video and Social Media, Keep an eye on search trends, are there any opportunities that you can make use of.

Remember that SEO is a long term strategy

I know that SEO is one of the services that I provide but it is worth remembering that it IS a long term strategy, taking weeks or months to have a proper impact so give your Search Engine Optimisation due consideration when reviewing your marketing budget. Google’s servers and algorithms won’t be taking a break.

Don’t buy cheap SEO

I know that it might be tempting to take up one of those “all you can eat” SEO offers at £75.00 per month but the risk to your business could be a lot greater than the small amount of money that you’d save. As the marketplace improves you could find yourself left with no rankings, no traffic to your website and possibly penalties from Google from trying to game the system.

Move offline marketing spend online

If people aren’t going out and about they are not going to be looking at advertising hoardings and billboards. They’re not going to be seeing “in-store” marketing either so think about whether you could shift some of your offline budget online to make up for this.

Understand search trends

By understanding trends in search you’ll be in an ideal position to leap on any opportunities and’or changes in direction. By keeping an eye on how people are searching you’ll be able to create content that meets the needs of those searchers. Google Trends is a really great way to stay on top of this

Produce more digital content

Consider using this as an opportunity to create those webinars you’ve been thinking of. By 2025 research is estimating that online learning will be worth about $158 Bn. Lessons learned now will be incredibly valuable going forward. Think about adding video conferencing and video calling to your communication options to reduce face-to-face meeting but stay in touch with key contacts, potential clients and your market. 

Free 40 minute Website and SEO Consultancy

I’m still offering my Free Consultancy sessions and am more than happy to conduct them over the phone or by video link

Detailed Website and SEO Review – Special Offer

Save £50.00 on an in-depth website and SEO review

And if you want something to listen too, have a listen to some of my Podcasts, you can find them on SpotifyApple Podcasts and my website.

If you want any help with your digital marketing please don’t hesitate to get in touch for an informal chat and I’ll be only too happy to talk.

Thanks for reading and I hope you stay well

Ring Me:      01793 238020      07966 547146
Email Me:    andy@enterprise-oms.co.uk
Find Me:      Linkedin     Twitter
Visit Me:      Bowman House, Whitehill Lane, Royal Wootton Bassett, Wilts, SN4 7DB

*Unfortunately, I can only offer this opportunity to businesses based in the UK. For international customers, my standard consultancy fee of £60.00 applies (paid in advance)

Yes, it’s “Password Madness” time

USer name and password box

Government Communications Head Quarters (GCHQ)- where the UK spooks provide signals intelligence to the UK’s government, military and Military Intelligence and the Department for Digital, Media and Sport (DCMS) carried out their first UK Cyber Survey and the results didn’t make for great reading.

Apparently

  • 42% of us Brits expect to lose money to on-line fraud
  • 23.2 million worldwide victims of cyber breaches used 123456 as their password
  • 15% say they know how to properly protect themselves from harmful on-line activity
  • 33% rely on friends and family for help with their cyber security
  • Young people are the most likely to be cyber aware, privacy concious and careful of the details they share on-line
  • 61% of internet users check Social Media daily, 21% say they never look at it
  • More than 50% use the same password for their email that they use elsewhere
Hacker Inside

Dr Ian Levy, NCSC Technical Director said “Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.” whilst Margot James, DMCS Minister said “We shouldn’t make their (cyber criminals) lives easy so choosing a strong and separate password for your email account is a great practical step. “

Most Regularly Used Passwords

RankPasswordTimes Used PasswordTimes Used
1.123456 23.2m ashley432,276
2.1237567897.7m michael425,291
3.qwerty3.8m daniel368,227
4.password3.6m jessica324,125
5.11111113.1m charlie308,939

It’s a shame that the top password list hasn’t really changed for at least 10 years – it shows how complacent a lot of us are with our on-line security.

I used to have 3 passwords, a simple one that I used really casually for newspaper sign-ups etc – name123 (not my real passwords, merely examples) a medium security one that I used on shopping sites, n@m3123 and a more secure one, used for banking etc – c3ler0n! (and all of the ones that I used feature on the Have I Been Pwned list).

About 5 or more years ago I switched to a Password Manager. I have 801 log-ins and 801 different passwords. All of them are at least 16 random characters long and comprise upper & lower case letters, numbers and symbols (where permitted).

Logging On

My Password database is stored securely in the cloud and is replicated on my PC, Phone and Tablet and accessible from my Chromebook too. I use LastPass but others exist and here’s a review of some of the top ones.

As you can see, I do my best to stay on top of my security but if you feel adrift, or need some help, just give me a call on 01793 238020 or email andy@enterprise-oms.co.uk for a free chat.

General Data Protection Regulation (GDPR)

Keyboard with the word 'Privacy' overlaidWhat is the GDPR?

The General Data Protection Regulation (GDPR) is the name given to the new law that will come into effect on 25 May 2018 to provide added protection and security to the data that businesses hold on, and about, individuals. It will replace the UK’s Data Protection Act (DPA).

At the end of this post you’ll find a simple glossary of terms for reference

Why do we need the GDPR?

There has been a huge change in the amount of data, and the way we use it, since the Data Protection Act came into effect 20 years ago.

Back then, a home PC was a rarity, now it’s pretty much the norm and households typically have multiple devices (PCs/laptops, phones, tablets, smart TVs and other internet connected devices) whilst the majority of businesses are totally reliant on IT and data.

As a consequence of these changes the laws relating to data needed updating and there was a strong drive to have common data protection laws across the EU due to the increased globalisation of business. Brexit will have no impact on the new regulations

What impact will the GDPR have on my business?

There will be a need to ensure that the way you collect, store, manage, use and destroy data is in compliance with the new regulations and there may be a requirement to employ new staff, outsource services or allocate new responsibilities to existing employees.

People & Accountability

DATA PROTECTION OFFICER

To comply with the new regulations you may need to allocate data protection responsibilities to employees or employ a new member of staff, depending on the size of your business and the data protection requirements placed on it. The following businesses MUST appoint a Data Protection Officer (DPO)

  • Public Authorities
  • Businesses whose core activities involve large scale systematic monitoring and profiling activities
  • Businesses whose core activities involve large scale processing of special categories of data such as ethnic origin, political opinions or religious beliefs

DPOs can be employed or outsourced but must report to the highest level of management.

DATA PROCESSORS

Current law does not apply to pure data processors, i.e serviced providers who only deal with data as directed by their customer, only applying to data controllers. If you are a mailing house which accepts data from a client for producing mail shots (land mail or email) for example

GDPR introduces direct rules and accountabilities for data processors, including

  • Keeping records of data processed
  • Designating a Data Protection Office (where required)
  • Notifying the Data Controller where there has been a breach

Under GDPR, data controllers can only use data processors “providing sufficient guarantees to implement the appropriate technical and organisational measures so that the processing meets the requirements of GDPR and ensures the protection of the rights of data subjects

Accountability and the GDPR

Accountability is all about considering risks and demonstrating that you have considered, and managed, data protection risks. You will need to have clear policies in place to show that you meet the required standards and should establish a culture of monitoring, reviewing and assessing your data processing procedures

Privacy Impact Assessments

Businesses will be required to carry out a data protection impact assessment where carrying out any processes that use new technology that is likely to result in a high risk to data subjects, required in particular where there will be automated processing (including profiling) and on which decisions which affect the data subject and for large scale processing of personal data

Privacy By Design

Businesses must take data protection requirements into account from the inception of any new technology, product, or service, that involves the processing of personal data, with an ongoing requirement to keep those measures up to date.

Notification of Breach

The existing DPA requires an organisation to notify (register and pay a fee) the ICO that they will be processing personal data. This will no longer be a requirement under the GDPR, replaced by an obligation on the Data Controller and Data Processor to maintain detailed documentation, recording;

  • Processing records
  • Data location
  • Purpose of processing
  • Lists of data subjects
  • Categories of data
  • Security procedures

However, if you have fewer than 250 employees, the requirements are less onerous and you’ll only need to comply if your processing is “likely to result in high risk to individuals, the processing is not occasional, or includes sensitive personal data.

Because the processing of employee data is likely to involve sensitive personal data there will be an obligation on all organisations to maintain documentation, no matter what their size.

With the removal of registration and fee payment, the ICO loses their main source of income and this could make them keener to catch organisations in breach and fine them.

Under current  legislation there is no requirement to notify the ICO should you suffer a data security breach. This changes under the GDPR with the introduction of a requirement to report data security breaches to

  • Data Controllers (if a Data Processor breaches)
  • Regulators – if a Data Controller breaches and the result is a risk to the rights and freedoms of individuals – without undue delay (within 72 hours of discovery if feasible)
  • Affected Data Subjects – where the breach could leave them open to financial loss, for example. If the risk is high, this notification must be without undue delay.

When does the GDPR come in to law?

25 May 2018

Where will the GDPR apply?

Current data protection laws apply if you are located in the EU, or make use of equipment located in the EU, such as servers. The GDPR applies whether or not you are located in an EU country – it applies if you offer goods or services to EU residents or if you monitor their behavior.

If you want to transfer data beyond the EU (if you use a server based in the US to do your email marketing, for example) you need to ensure that the destination country has been recognised as having “adequate or equivalent” data protection regulations and you will have to ensure that suitable safeguards are in place to ensure the protection and security of the data you are transferring.

What happens if I don’t comply with the GDPR?

Currently, fines across the EU for a Data Protection Breach vary greatly with the UK having a maximum fine of £500,000 for a breach of the DPA.

One of the goals of the GDPR is to ensure that fines are consistent across national borders and to impose a significant increase in fines to emphasize the importance of good data management and security.

The new fines are to be split across two tiers

  • Up to 2% of annual, worldwide, turnover of the preceding financial year or EU10m (whichever is the greater) for violations relating to internal record keeping, data processor contracts, data security and breach notification, data protection officers and data protection by design and default
  • Up to 4% of annual, worldwide, turnover of the preceding financial year or EU20m (whichever is the greater) for violations relating to breaches of the data protection principles, conditions for consent, data subjects rights and international data transfers

The Information Commissioner’s Office (ICO) will also have increased enforcement powers and grounds for seeking judicial remedies under the GDPR, including a power to carry out audits and to require (demand)  information to be provided and obtain access to premises

Practical Steps to prepare for the GDPR

  • Ensure that you have the resources to plan and implement GDPR requirements
  • Identify all existing data systems and the personal data processed
  • Review existing compliance programs and update/expand as required to meet the requirements of GDPR
  • Ensure you have clear records of all data processing activities and that the records are available
  • When using Data Processors, ensure you include terms in your agreement relating to immediate notification of any data breach.
  • Develop and implement a data breach response plan and have templated notifications so that staff can act promptly
  • Put internal reporting procedures in place, have an internal breach register and train staff on notification and use
  • Ensure that you have sufficient resources to implement required changes
  • Consider appointing a DPO
  • Assess whether the organisation uses consent to justify processing
  • Develop, and implement, a policy on data storage and retention
  • Review contractual arrangements with Data Processors
  • Consider Data Protection when developing new technologies, services and goods and keep clear records
  • Ensure all policies and procedures are available and written in clear, concise and easily understood language
  • Consider how you will gain consent for the use of the ata you hold, and use, for advertising, marketing and/or social media
  • Examine your Privacy notices now and start updating them
  • Review privacy notices and other “fair processing” information given to employees
  • Review employment contracts, handbooks and policies. Is contractual “consent” sought?
  • Ensure that you can respond to Subject Access Requests within 1 month (no admin fee will apply under GDPR)
  • Train staff on data protection responsibilities

Summary

The GDPR will have a wide reaching impact on most businesses, both large and small, which make use of data within the organisation.

Within the GDPR there are many undefined phrases, such as what counts as “large scale” and what is “new technology” and it is likely that these will only be determined as part of case law i.e. when a company is prosecuted for a suspected breach and their defence (or prosecution) need an accurate description of such terms.

It is likely that things will change as we get closer to implementation. However, you should start your preparation as soon as possible and the ICO has published a useful leaflet called “12 Steps to Take Now” which provides more helpful advice.

Disclaimer

I’m a digital marketer and SEO professional, not a legal practice. As a consequence, this should be used as a guide to the GDPR and legal support sought to ensure that your business is in compliance.

Glossary of Data Protection and GDPR Terms

  • Consent – Permission to collect, store and use personal data
  • Data Controller – A person, or persons, determined the purposes for which, and the manner in which any personal data are, or are to be, processed
  • Data Portability – The ability to move data from organisation to organisation, or across nation states
  • DPA – Data Protection Act, the regulations that the GDPR replaces
  • Data Processor – Any person who processes data on behalf of the data controller
  • Data Protection Officer – Person responsible for the oversight of organisational data protection strategy and implementation to ensure compliance with the GDPR
  • Data subject – The person to whom a data set relates (you and I)
  • GDPR – General Data Protection Regulations. The name given to the new regulations relating to the way we collect, store, use and destroy data
  • ICO – Information Commissioner’s Office – body responsible for upholding GDPR
  • Personal Data – anything clearly seen as personal, including name, address, phone number but also including IP addresses, cookie identifiers and UDID (Unique device Identifiers). Expressions of opinion about an individual also count as personal data so you need to be careful what you say about colleagues or clients in emails
  • Right to be Forgotten – The right to request the complete deletion of all personal data.
  • Subject Access Request – A request that an individual can make to find out the data that an organisation has relating to them.

And if you are struggling with your GDPR then give me a call on 01793 238020 or email andy@enterprise-oms.co.uk and I’ll do everything I can do to help.

How much did your last cup of coffee cost?

Cybercrime is everywhere these days, in 2016 the cost to the UK was over £1bn with more than 5.5m cyber offences taking place in the UK every year. That’s almost 50% of ALL UK crime.

Cup of coffee and coffee beansThere’s lots of advice on passwords, I regularly write about them, and other security measures that you can take but did you know that even a trip to your favourite coffee shop could end up being far more expensive than the price you pay for your Triple Grande Decaf Soy Latte Macchiato and blueberry muffin.

Imagine the scene, you’re between meetings and decide to drop into your favourite coffee shop for a cup of coffee, a cake and to tap into their Wi-Fi to read your emails, refresh your knowledge in time for your next meeting or simply to surf the web.

Spoof Wi-Fi Hotspot


Sign fro free wifi hotspot
When you sit down and try to log-on to the Wi-Fi there’s frequently a selection of hot-spots to choose from. How do you know which is the free service provided by the venue and which is a spoof.

It’s very easy to set up a Wi-Fi hot-spot using a mobile phone, Mi-Fi type of device or laptop and allow other users to connect through this free connection. This means that all of the traffic can then be intercepted by the person providing the spoof account. What sort of important information is passed from your laptop through this connection? It could be your details to access your online banking, the log-in to your company network or the necessary information required to access your corporate email account.

Time for a comfort break

Laptop and cup of coffeeThen the urge hits, you look around and see that everybody seems respectable enough so you head off to the toilet thinking that your laptop is safe on the table. After all, nobody would nick in sight of all those customers, staff and CCTV cameras would they?

You’d be wrong. Laptop tracking service provider, Prey, found that areas offering free Wi-Fi were the second most common target for  opportunistic laptop thefts, the only riskier place being left in a visible place in your car.

If stolen, it’s not only the inconvenience of replacing the laptop, reinstalling your applications and copying back your data [you do back-up your data don’t you?] it’s the additional costs that aren’t covered by your insurance.

The Ponemon Institute, a US cyber crime consultancy, put the real cost of the loss of a laptop and it’s data at nearly £31,000. This was broken down into £4,000 for the loss of Intellectual Property, forensics and legal bills adding around £1,500 with a staggering £24,500 attributable to the loss of income, customers and competitive advantage associated with a data breach

So, the next time you stop off for a cup of coffee and decide to log-on using their free Wi-Fi, just make sure you know which network that you’re connecting to and that you don’t leave your laptop unattended.

And if you want to talk about your cyber security, just give me a call on 01793 238020 or drop an email to andy@enterprise-oms.co.uk