Tech News : Get Notified By Google If Your Passwords Are Compromised

As part of Google’s latest security updates to Chrome and Android, users will not only be alerted if any of the passwords in their Password manager are compromised but will also be given the opportunity to make a quick fix.

Quick Fix – Change Password

In the ongoing competitive battle between Google’s Chrome browser (and its Android OS) and Apple’s equivalent, Google has released new security updates. Part of the updates to the Password Manager that’s built-in to Chrome and Android is the new quick-fix feature which will enable the Google Assistant to navigate to the compromised accounts and change passwords within seconds. 

Benefits

Firstly, the fact that users are alerted when a password has been compromised is valuable because if users are made aware of a problem, they can quickly take action before more damage is done, rather than simply finding out after the event (e.g. stolen data or money) and/or the password being used by other attackers after being passed on/sold on.

Secondly, having a fast-track route to a quick fix through being offered a one-click ‘Change Password’ button means that users can minimise the amount of time that they are exposed to risk, and can quickly and conveniently change a password without having to go back to the site where it has been compromised, click on the forgot password/change password link, and go through a longer process that way.

Setting Up The Feature

The feature, which is powered by Google’s AI technology (since 2018) ‘Duplex’, is available to users who have turned “Safe Browsing” on and who are signed-in and syncing to Chrome.

On Android, for example, to receive alerts if any passwords have been compromised (e.g. in a data leak on a third-party website or app) navigating to the ‘Settings’ in Chrome and selecting ‘Privacy and security’ > ‘Safe browsing’ and tapping on ‘Standard protection’ gives users the option to switch “Warn you if passwords are exposed in a data breach” to on or off.

Users can also choose to check saved passwords themselves to see if any have been exposed in a data breach. Again, this can be done via ‘Settings’ in the Chrome app, by tapping ‘Passwords’ > ‘Check Passwords’.

What Does This Mean For Your Business?

This is one of several new security features announced in answer to Apple’s recent iOS 14.5.1, and macOS 11.3.1 security updates, and specifically, is an answer to Apple introducing compromised password alerts with iOS 14. Clearly, being alerted and being able to check password compromises, and being able to change a password quickly and easily is likely to be very beneficial to users.  Google also recently announced that it will soon be automatically enrolling its users in Two-Step Verification ‘2SV’ to improve the security of its services, but the future of authentication and verification is most likely to be ‘passwordless’ and based on biometrics. For example, last year, Google announced that users could verify their identity by using their fingerprint or screen lock instead of a password when visiting certain Google services (e.g. Pixel devices and all Android 7+ devices) due to Google’s collaboration with many other organisations within the FIDO Alliance and the W3C that led to the development of the FIDO2 standards, W3C WebAuthn and FIDO CTAP that allows fingerprint verification.  Both Apple and Google may, therefore, be highlighting features based around more traditional security ideas now, but the direction of travel is away from passwords altogether.

Tech News : New Privacy Features For Android 12

Google has announced the release of the first beta of Android 12 which has a range of new features including some security measures which Google hopes can match those of Apple.

Design Change

Announced recently at a developer conference, and on Google’s blog, the addition of the new features to Android 12 mark the “biggest design change in Android’s history”

In addition to being able to completely personalise their Android phone with a custom colour palette and redesigned widgets, Google says that users will also notice that the Android 12 OS is much faster, smoother, and more responsive to touch, with smooth motion and animations.

Security Features

Some of the features that have really caught the attention of tech commentators are those designed to give Android security features that are on a par with its competitor Apple.

These new features include:

– A new Privacy Dashboard.  This offers users the convenience and ease of having a single view into permissions and settings as well as showing what data is being accessed, how often and by which apps. The dashboard also makes it easy for users to revoke app permissions.

– A new indicator for the microphone and cameras. Similar to iOS indicators, the new Android 12 indicator (top right) lets now users know when their apps are accessing the microphone or camera, and two new toggles in Quick Settings allow users to remove app access to these sensors for the entire system.  These features enable users to guard against cyber criminals using (via apps) the camera or microphone to spy, eavesdrop, and steal personal data.

– Approximate location permissions.  This feature recognises the fact that apps don’t need to know a user’s exact location to function properly and, therefore, just giving an approximate location gives the user more control over how much information is shared with apps.

– Android Private Compute Core. This is a kind of sandbox, like the partitions used for passwords or biometric data, but can hold data for use in machine learning. The Android Private Compute Core enables features like Live Caption, Now Playing and Smart Reply and because all the audio and language processing happens on-device, isolated from the network, this preserves user privacy.

– Password Manager improvements.  Then new features being introduced to Google Chrome and Android’s Password Manager include making it easier for users to import passwords e.g., from NordPass, and an automatic password alert that tells users when Google detects that any saved passwords have been compromised in a security breach. Also, a new quick fix feature will enable the Google Assistant to navigate to the compromised accounts and change passwords within seconds, thereby trying to minimise the amount of time that users are exposed to risk.

Apple Update

It’s a fortnight since Apple (Google’s big competitor) released its critical iOS 14.5.1, macOS 11.3.1 security updates, so it’s not surprising that the new Android security features are being announced now.  Some tech commentators have noted, however, that the latest Android security and privacy updates don’t have an answer to Apple’s App-Tracking Transparency Feature, which requires apps to ask users for permission before tracking them across the web. It has been reported, however, that Google is still working on an alternative.

What Does This Mean For Your Business?

For Google, this update of Android is as much a competitive move as a simple update, designed to close the perceived (security) gap between its benefits and that of Apple’s iOS, and to challenge the idea in the marketplace that Apple products are always more secure. These extra security features will also be of benefit to business and domestic consumers alike but features such as the improved Password Manager may be bad news for companies like Nord (NordPass) and LogMeIn (the owners of LastPass) as it will be easier to transfer passwords across to Android. Google’s Android OS does still, however, have some catching up to do with Apple on features such as Tracking Transparency.

Featured Article – The Issue of Push Payment Fraud Reimbursement

With Barclays Bank recently publishing the figures of refunds it made to customers who fell victim to authorised push payment (APP) fraud, there have been calls for greater transparency and reform to the current (voluntary) reimbursement code.

Authorised Push Payment (APP) Fraud

APP refers to situations where consumers have used a bank transfer to pay for goods or services that are fake/don’t exist and the money is stolen by fraudsters.

The Contingent Reimbursement Model (CRM)

Where money has been stolen in this way by fraudsters, banks can choose to use a voluntary code, introduced in May 2019, called the Contingent Reimbursement Model (CRM).  This code sets out how and by whom consumers who have suffered APP fraud losses are re-imbursed.  Banks that sign up to the code are often the ones to re-imburse victims where the conditions of the code are met.

Issues

There are, however, several issues relating to this code and the reimbursement to APP fraud victims that organisations such as consumer champion ‘Which?’ have been pushing to change.  For example:

– An apparent gap in fraud protection and redress for fraud via authorised push payments compared to other forms of payment such as debit and credit cards.

– A lack of transparency by banks and building societies about their reimbursement rates relating to APP fraud. There has been criticism that figures are not being published and/or are not being published on a regular basis.

– A feeling among banks (as outlined recently in a blog post by Starling) that other organisations used by criminals as part of their frauds (e.g. social media companies and telecoms networks) should be taking some responsibility and co-operating with banks to prevent fraud.  For example, social media may be used to advertise the fraud and also to find those who are willing to launder money (money mules) and to buy stolen identity and card data.

The Reality

One way to get a realistic view of what is happening as regards the behaviour towards consumers who are victims of fraud could be to look at the figures by the Lending Standards Board which oversees the CRM code. Their figures show that in the first year of the code’s introduction, banks ruled that 77 per cent of fraud victims were partially or fully to blame for their losses and that customers were fully at fault in 60 per cent of cases.

Which? Wades In

Consumer champion ‘Which?’ has also published concerns online about how banks and building societies have been behaving as regards re-imbursement (or not) and has published its view of the issues that it hopes will “help inform the Lending Standards Board’s one-year review of the CRM Code”.  According to ‘Which?’ these issues are:

– An over-reliance (by the banks) on victims having ignored warnings.

– Unreasonable expectations of how victims should have verified who they were paying.

– A failure to properly assess vulnerability.

– Poor communications (by banks) with victims.

‘Which?’ has called for urgent action to ensure that businesses adhere to the Code (CRM) and has called upon all those organisations signing up to the Code to test warnings to see if they are ‘effective’, make judgements based on what is reasonable on evidence of actual customer behaviour and to train staff in how to identify customers who could be vulnerable to APP fraud. Which? has also called for code signatories to properly explain specific reasons for reimbursement decisions to victims and has called on the Payment Systems Regulator to look at whether or not the voluntary industry code is effective in its current form.

Barclays The First To Publish Details

Barclays Bank recently became the first CRM code signatory to publish its APP fraud reimbursement rates online. According to Barclays, 74 per cent of its customers who suffered APP fraud losses in the first two months of 2021 have now been repaid. This appears to be a reversal of the trend identified by the Lending Standards Board.

Looking Ahead

We all make decisions about what offers seem legitimate to us and who/what to pay money to, however, not every Web user is as experienced or informed with regards to cybercrime, and many web users could also, for many reasons, be described as more vulnerable to fraud. Fraudsters are also becoming more sophisticated and creative in their methods which could, arguably make more consumers more vulnerable to APP fraud.

The banks and building societies have argued, perhaps with some legitimacy, that some responsibility for preventing push payment fraud may lie with other organisations in the chain (e.g. social media companies). However, it appears that, based on Lending Standards Board figures, the apparent lack of transparency in banks and building societies publishing figures about how many customers have been reimbursed for the APP losses may be due to the fact that most consumers have not been re-imbursed and often appear to be blamed for falling victim to fraud.

Looking ahead, it may be necessary, as suggested by ‘Which?’ and recommended by the Finance and the Treasury Select Committee, for the current voluntary CRM code to become mandatory with the hope that regulatory oversight could bring better reimbursement outcomes for consumers and greater transparency from banks and building societies. It may also be helpful for more of a collaborative approach to be taken among all links in the chain used by fraudsters to tackle the problem.

Tech Insight – Tech Insight: What Are Firewalls?

In this article, we take a brief look at what a firewall is, what types there are, and the benefits and drawbacks of firewalls.

Firewall

A firewall is a network security system that can monitor and control incoming and outgoing network traffic based on predetermined security rules.  Based on these rules, it decides whether to allow or block specific traffic and as such, provides a valuable, controllable security barrier between inside network devices and potential threats from outside (the Internet).

Hardware firewalls protect the machines on a network and software firewalls protect the individual machines that they are installed upon.

How Do Firewalls Work and What Types Are There?

Firewalls use their set of configurable rules to decide which traffic is allowed through and which traffic must be blocked. The firewall is generally able to do this by scanning packets of data (e.g. for known malicious code or attack vectors which are regarded as threats according to the rules). The main ways in which firewalls work include:

– Packet filtering.  This involves using certain identified threats as filters for incoming data. The small ‘packets’ (from packet switching) that make up data being sent digitally across the Internet are scanned and are either allowed to enter the network or are blocked depending on whether they are within or outside of the configured firewall rules.

– Proxy service/proxy server firewalls. These firewalls are intermediary (application level) servers that separate end-user clients from the destinations that they browse. They create a mirror version of the computer behind the firewall but prevent direct connections between the customer device and incoming data packets. As well as being used as firewalls, proxy servers also work as web filters, provide shared network connections, and cache data to speed up common requests. Proxy service firewalls are very secure.

– Stateful inspection/dynamic packet filtering. Often found on non-commercial and business networks, a stateful firewall (using stateful inspection) works by individually tracking sessions of network connections traversing it (i.e. it monitors the full ‘state ‘of active network connections). This method of firewall filtering therefore relies upon looking at the whole context of the traffic and data packets trying to access the network, rather than just looking at discrete traffic and data packets in isolation.

Benefits and Disadvantages

The benefits of having firewalls in place include:

– Protecting business continuity and protecting the business from threats that could cause damage, disruption, and lead to fines (data protection), loss of customers, reputational damage and more.  For example, firewalls monitor traffic, filter out malware and trojans and, prevent hacking attempts, and maintain privacy as well as security.

Although firewalls are generally for the good of the business, some of the disadvantages include some firewall rules being so strict that they can restrict the legitimate work of employees, thereby affecting productivity, firewall maintenance for large organisations can be complex (unless handled by the MSP), some firewall costs can be high, and some malware attacks (e.g. through phishing) can get past firewalls.

What Does This Mean For Your Business?

Firewalls are a long-established (and now a relatively standard) element of cyber-defences that still provide a vital protective function. The fact that they can be applied to different parts of the IT system and infrastructure and can be configured with different rules and different levels as required and left to operate on their own gives them flexibility but at the same time, they provide businesses with a level of confidence that networks are being monitored automatically. Firewalls, however, are just one (important) tool in the overall defence of business networks and devices.  Today’s cybercriminals are finding ever-more inventive ways to breach defences and exploit human errors and social engineering opportunities, so businesses need to employ a large number of different security (and privacy) tools and strategies to ensure that they are protected day-to-day.

Tech Tip – How To Delete The Last 15 Minutes of Your Search History In Google

If, for whatever reason, you have not used Incognito browsing in Google and would like a fast and easy way to delete the last 15 minutes of your search history, here’s how:

– Open the Google Search app on your Android or iOS device.

– Tap on your profile picture (top-right).

– Tap on “Delete the last 15 mins”.

To erase your search history for a longer period:

– Tap on the Search history button.

– Select the date range to be deleted.

– Alternatively, set up an auto delete function via the search and location history in the Google account settings.

Tech News : Clubhouse For Android Launched In The UK

Drop-in audio conversation social network app ‘Clubhouse’ has launched its Android (beta) version for download in the UK.

Clubhouse Android Launched In English-Speaking Countries

San Francisco-based Clubhouse announced on May 9 that, starting in the U.S., and quickly following in other English-speaking countries, it was rolling out of the beta Android version of its popular app.

Still Invite Only

Clubhouse has stressed, however, that despite what will be a worldwide rollout over the next few weeks, the app will continue to have the waitlist and invite system in order to “keep the growth measured”.  Clubhouse says that the plan is to continue to scale out the backend over the coming months in order to open up further to the millions of people on its iOS waitlist.  The app will also be expanding its language support and adding accessibility features to help with the growth in membership.

Android users in the UK can now download the Clubhouse app from the Google Play Store.

Problems Earlier in the Year

Clubhouse has acknowledged that the problems that it experienced earlier in the year, such as server outages, notification failures, and surpassing the limits on its early discovery algorithms were a result of rapid growth.  The company says that it has switched its focus from “hiring, fixing, and company building” to investing to enable the growing app to be able function well for the membership.

Hype and Benefits

The Clubhouse app has grown very quickly, accompanied by quite a bit of hype, but also because it appears to offer users the kind of direct access to an audience with influential people and industry leaders from around the world that it would be very difficult, costly, and time-consuming to get normally. Also, the real-time conversations mean that time is saved while issues, ideas and plans can be addressed and discussed instantaneously. As such, it has proven to be very appealing to business users.

Privacy Concerns

Important aspects of the Clubhouse app that were not mentioned in the recent announcement are the possible security and privacy concerns.  For example, the Clubhouse app doesn’t appear to have end-to-end encryption (like WhatsApp), user data is routed through Chinese servers (and by implication, the Chinese state) and the requirement on sign-up that users must upload their device address books, thereby sharing other peoples’ contact details without consent.

What Does This Mean For Your Business?

The rapid initial growth of Clubhouse has been fuelled by some of the potential benefits valued by businesses (e.g. the possibility of getting direct access to an audience with influential people) and finding new business opportunities, coupled with the exclusivity (invite only) and the other benefits of getting in early before the crowd. The app had some problems due to its growth exceeding its capacity but the promise to invest by Clubhouse may mean that it may suffer fewer outages going forward. Now that Clubhouse is really growing it can expect some stiff competition from other popular meeting apps (e.g. Zoom) and the threat of big social media players quickly launching their own versions (e.g. Twitter’s ‘Spaces’). The security and privacy concerns remain, however, despite the big Android rollout, and for users it may simply be a case of weighing up the known risks against the possible benefits, accepting that this is simply an exclusive space to meet and chat but that it comes with potential privacy and security risks at this stage in the app’s life.

Tech News : AI Keystroke Spy Tools

With AI recently in the spotlight in Europe over the need to regulate over some ‘unacceptable use’, some experts are warning of the threat of AI keystroke reading spy tools.

Possibilities

Companies like TypingDNA developing AI biometric verification (back in 2017) based on recognising the individual characteristics of how a person types, suggest that it is possible that similar programs from other sources could be used for malicious intent as well as good. 

The type of keystroke recognition used in the TypingDNA system (which is safe and secure and has not been used for nefarious purposes) uses timings and durations of key-press events and compares these against the normal typing pattern that each new enrolling customer gives a sample of when they sign up to the app. The same company has also managed to create a system called ‘Focus’ that can tell a user when they are most focused, tired, or stressed, purely based upon their typing.

Given this is already possible, the argument from some tech and security commentators is that it may only be a matter of time before AI keystroke analysis is used by cybercriminals to steal private, personal data.

Keystrokes Research

Keystroke dynamics/keyboard biometrics/typing biometrics research has been going on for over 20 years, and there have been several studies into how keystrokes can be analysed to extract data.

Back in 2017, for example, a study by Princeton University showed that keystrokes, mouse movements, scrolling behaviour, and the entire contents of web pages visited may already have been tracked and recorded by hundreds of companies. The study revealed that no fewer than 480 websites of the world’s top 50,000 sites were known to have used a technique known as ‘session replay’, which, although designed to allow companies to gain an understanding of how customers use websites, also records an alarming amount of potentially dangerous information. The researchers found that companies were now tracking users individually, sometimes by name.

Back in 2019, researchers from SMU’s (Southern Methodist University) Darwin Deason Institute for Cyber-security found that the sound waves produced when typing on a computer keyboard can be picked up by a smartphone and a skilled hacker could decipher which keys were struck. That particular research project tested whether ‘always-on’ sensors in devices such as smartphones could be used to eavesdrop on people who use laptops in public places and the researchers were able to pick up what people were typing at an amazing 41 percent word accuracy.

AI and Machine Learning Used For Bad

AI and Machine Learning have already been used for illicit purposes, such as deepfake videos and faked images.  For example, Social media analytics company Graphika reported identifying images of faces for social media profiles that had been faked using machine learning for the purpose of China-based anti-U.S. government campaigns. These campaigns, dubbed ‘Spamouflage Dragon’, involved the production and distribution of AI-generated photos (made using GAN) to create fake followers on Twitter and YouTube and Videos made in English, targeting US foreign policy, its handling of the coronavirus outbreak, its racial inequalities, and its moves against TikTok.

What Does This Mean For Your Business?

The rapid growth of AI and its incorporation into many systems and services across Europe has recently required new rules and regulation to keep up. Tech and security commentators have also been warning for many years about the possible uses of AI for dishonest purposes.  Although this has already happened with deepfake videos, there are real fears that AI can be manipulated to spot patterns that could be used in social engineering attacks, identify any new vulnerabilities in networks, devices, and applications and, of course, analyse keystrokes to steal valuable personal information from a user. Combining keystroke recognition, cameras, AI chips in phones and other AI-enabled spying methods could, if used in the right combination, pose a threat to the data protection defences of businesses. It is important to remember, however, that AI also points the way forward for protection (e.g. its incorporation into anti-virus and other cyber-security systems).

Featured Article : Life After Cookies

With Google recently committing to phasing out third-party cookies as Firefox and Safari have already done, we take a brief look at the possible alternatives and replacements for using cookies to track and understand user behaviour.

Cookies

Cookies are pieces of code/small text files used for tracking and stored on the browser of someone who visits a website. First party cookies are generated when a person visits one particular website (domain) and are only used for finding out what that person did when they visited that particular site. This type of cookie does not record details about a person’s activities when they go on to visit other websites after leaving that website.

Third-party cookies are created by a third-party (e.g. an advertiser) and are placed on a visitor’s computer when that user visits a website.  The purpose of third-party cookies is to track a web user and gather data about their activities and preferences (e.g. websites they visit frequently, what they purchased online and what they show interest in). This enables the building of a visitor profile which, in turn, leads to them being shown ‘relevant’ targeted adverts. 

The Trouble With Third-Party Cookies

Google has recently joined other browser companies in committing to the phasing out (over 2 years) of third-party cookies. The reasons for phasing out third-party cookies are:

– Legislation. Improved and new data privacy laws. The introduction of GDPR, the California Consumer Privacy Act (CCPA) and Privacy Rights Act (CPRA) preventing tech companies from tracking everything that users do without permission and sharing the data with multiple other third parties.

– Privacy Campaigners. Many privacy campaign groups and others have challenged tech companies and advertisers over the years about privacy and tracking users. 

– High profile Criticism. Among other things, in January the UK Competition and Markets Authority started investigating whether restricting cookies on Chrome could help Google increase its dominance in the online ad industry. For example, some commentators have questioned Google’s motives for removing third-party cookies, suggesting that forcing a reliance upon first-party cookies may simply be a way for Google to get more of a grip on the ad market and receive the revenue that would have been spent on third-party platforms.

The Challenge

The challenge is to create an alternative that is compliant, acceptable to users and privacy groups, and enables advertisers, publishers, and owners of ad-supported websites to keep revenue streams.  For example, Google (Ad manager) data shows that when advertising is made less relevant by removing cookies, funding for publishers falls by 52 per cent on average.

Alternatives

With this in mind, here are some examples of the possible alternatives to cookie-based systems:

– Using machine learning systems (Google) to model user behaviour and to pursue a modelled, first-party approach. This means using first-party data and the data Google can gather from users who consent, integrated with tools like the Google Tag Manager. Consent Mode, for example (announced in September 2020), gives advertisers access to a new tag setting, dubbed “ad_storage”.  This controls cookie behaviour for advertising purposes, including conversion measurement. With Consent Mode, a website visitor is given the option to consent to the use of ads cookies (or not) on the cookie consent banner, thereby enabling Google tags to determine whether or not permission has been given for the site to use cookies for advertising purposes for that user. If a user consents, conversion measurement reporting continues normally. If a user does not consent, the Google tags are adjusted accordingly to not use ads cookies, but instead to measure conversions at a more aggregate level. Crucially, Google’s Consent Mode enables the use of conversion modelling for those who don’t consent, thereby recovering some 70 per cent of ad-click-to-conversion journeys that would otherwise be lost to advertisers. Google believes that Consent Mode, coupled with its Tag manager is a way for Google Ads, Campaign Manager, Display & Video 360, and Search Ads 360 to continue reporting conversions while respecting users’ consent choices for ads cookies. 

– Google’s Privacy Sandbox, which it originally announced last August, and touched upon again in January this year.  Google describes this as “a new initiative to develop a set of open standards to fundamentally enhance privacy on the web” and “a secure environment for personalisation that also protects user privacy”.  The idea of Sandbox is to move all user data into the Google Chrome browser where it can be securely stored and processed so that it stays on the user’s device and is, therefore, making it compliant with privacy laws. It is understood that the Privacy Sandbox may also include an algorithm to group people according to their common web browsing and thereby create ‘clusters’ of people (who can’t be directly identified) with similar interests. These clusters can then be targeted by adverts without affecting the privacy of the individuals in a cluster.

– Federated Learning of Cohorts (FLoC).  This is another Google idea that uses third-party data, doesn’t affect the ability of publishers to track their own visitors, and allows ads to be targeted at groups of users based on common interests (interest-based advertising). The FloC idea, however, has been met with criticism from the Electronic Frontier Foundation over privacy concerns and that it could be equivalent to a “behavioural credit score.”

– Microsoft’s PARAKEET proposal is an alternative to Google’s FLoC.   PARAKEET (Private and Anonymized Requests for Ads that Keep Efficacy and Enhance Transparency) places a proxy server between the user and the ad company, with users being given a unique ID, known only to the proxy server. This means that when a web page requests an ad, the request is routed via the proxy server and statistical noise is added to mask the user’s private data.  This system allows the PARAKEET gatekeeper service to provide aggregate reporting to ad networks.

– Systems made by rivals of Google Ads, such as Trade Desk Inc’s (open source) Unified ID 2.0 where people can protect their privacy by logging on to websites using encrypted copies of email addresses, i.e. the system creates an identifier for each person who logs in with their email address. Also, Criteo SA, an AdTech company is reported to have developed a possible alternative.

What Does This Mean For Your Business?

The ad ecosystem, which ultimately provides huge amounts of revenue for companies like Google also supports (and is very important in revenue terms for) ad customers, publishers, and owners of ad-supported websites. While new solutions must be found that provide acceptable levels of privacy (which is a task in itself), the way forward in terms of alternatives to cookies has generated a number of different options including the use of machine learning, proxy servers, and encrypted email logins, all of which are designed to provide smarter and more private and acceptable ways of still supplier data for advertising. With Google being the most powerful of the big advertisers and cookie users, it appears likely that its modelled, first-party approach using its machine learning resources is going to be the most prominent replacement for cookie-reliance. It is relatively early days though, and the important aspect for many businesses that rely heavily upon Google Ads is that any new system is still able to provide the same or better results in terms of conversion.

Tech Insight : What Is Patching or Patch Management?

In this article, we take a brief look at the importance of patch management in maintaining security.

Patches and Patch Management

Patches are the software fixes for known security vulnerabilities in software such as operating systems, third-party applications, cloud-platforms, and embedded systems. Patch management is the ongoing process of distributing and applying those important security updates to the software so that business computers and network devices are up to date and are capable of withstanding low-level cyber-attacks.

Why Is Patch Management Important?

In addition to patching to guard against potential security breaches through known vulnerabilities, patch management is also important for:

  • Compliance and avoiding penalties for non-compliance (e.g. data protection)
  • Maintaining and improving productivity and business continuity and avoiding costly disruption. Keeping patches up to date avoids crashes, outages, and downtime. Also, patches often include new features that can improve productivity.
  • Guarding against additional risks posed by ‘Bring Your Own Device’ (BYOD) e.g. by installing patches across all devices, whatever their physical location.
  • Keeping ahead of market developments.  For example, no new patches could indicate no new version on the horizon, thereby giving a heads-up to looking for alternatives for some software.

Patch Management Systems

Although patch management is an important (basic) security measure for businesses of all sizes to take, businesses with a large number of IT assets could find it particularly challenging without having a system of patch management in place.

A patch management system can involve teams or automated software determining  which tools need essential patches, how, and when. Installation can be centralised or installed separately on different devices. A patch system also involves testing code changes and deciding which patches are right for each software program, as well as developing and maintaining schedules for the installation of patches across different systems.

An example of the steps involved in developing a simple patch management system include:

– Carrying out an inventory of IT Assets and categorising them by risk and priority.

– Building-in the ability to scan the network and identify any missing patches.

– Developing suitable testing and evaluating patch stability.

– Setting up monitoring and evaluating systems for Patch updates.

– Making sure that backups are created on production environments.

– Making sure that automation can be built-in where possible, and that checks are in place to ensure the reliability of automation.

– Setting appropriate schedules and developing a guiding policy.

– Implementing the system.

Patch Management at Work

Keeping up with patch management is vitally important for an effective system. Common ways that businesses actually operate patch-management in the real world include enabling and using Patch Manager features in their Operating Systems and using cloud-based, automated patch management software themselves or through their MSPs.

What Does This Mean For Your Business?

Patching is not simply about maintaining cyber defences against old and new threats, but is also vital for maintaining compliance and productivity, and, therefore, business continuity and the avoidance of penalties and market fallout that could threaten the life of the business. Finding automated, reliable patch management systems can help businesses stay up to date, and focus more of their time on their actual businesses processes and marketing. Many businesses now trust the expertise and specialist knowledge of their MSPs to help them put effective patch management systems in place and to manage them on their behalf.

Tech Tip : Using Alexa As An Intercom System

If you have Amazon Echo devices in your home (or office), the ‘Drop In’ feature allows you to use Alexa as an intercom through your Echo devices.  Here’s how:

– Open your Alexa app.

– Tap ‘Devices’ (lower-right corner).

– Tap ‘Echo & Alexa’ to display a list of all of your Echo devices and enable ‘Drop In’ on each device.

-Scroll down to ‘Communications’ and select ‘Drop In’ (to select from ‘On’, ‘My Household’, or ‘Off’). ‘On’ allows only permitted contacts to Drop In, ‘My Household’ is so only devices on your account can Drop In.  For no Dropping In, choose Off. 

To Drop In (use the Echo as an intercom):

– For a specific device: say “Alexa, drop in on Living Room Echo” (or wherever the Echo is). The name of the device can also be used if you know it.

– For a group of devices, if there is more than one on in one area e.g., the living room: say “Alexa, drop in on Living Room.”

– To speak to the whole household/all devices: ask Alexa to “Drop in everywhere.”

– To end the Drop In connection: say “Alexa, end drop in.”