Web security expert Troy Hunt to be welcomed into the Infosecurity Hall of Fame

Image

Australian web security expert Troy Hunt has been revealed as the latest industry luminary to be selected to join the Infosecurity Hall of Fame. He will be inducted into the Hall of Fame at Infosecurity Europe, Europe’s number one information security event.

Troy’s inclusion in the Infosecurity Hall of Fame recognises his contribution to the advancement of information security, education and good practice as an industry advocate, through his security research, public education, blogging and outreach work. In addition to creating courses for online education provider Pluralsight, Troy is a Microsoft Regional Director and MVP of Developer Security, and he speaks at events and trains technology professionals across the globe. Troy is also the creator of Have I Been Pwned – a free data breach search website which enables non-technical consumers to discover whether their data has been compromised.

Established in 2008, the Infosecurity Hall of Fame recognises the pioneers who have made a significant and long-term contribution to information security on a global level. It acknowledges and celebrates the achievements of these visionaries, luminaries, practitioners, advocates and thought leaders who have provided intellectual or practical input that has shifted the advancement of the industry.

Troy will be officially inducted during a session on the Keynote Stage on 11.20-12.10 on Thursday 6th June, when he will deliver the Hall of Fame Annual Lecture on the topic of Rise of the Breaches.

Troy Hunt said: ‘A huge amount of the work many of us do in the industry is solitary. Being inducted into the Hall of Fame is recognition that our efforts have been noticed and have made a positive difference to the community. That’s an enormously fulfilling feeling. I’ve always looked at Infosecurity Europe as the standout event in the region for catching up on what’s happening in the broader industry. There’s a huge amount of value in the knowledge sharing that goes on. For me, the ‘hallway track’ is one of the most valuable aspects; I love having the opportunity to meet with peers and engage in ad hoc conversations and have built a lot of long-lasting valuable relationships. The connections people make will help drive the next generation of meaningful solutions in the industry.’

Nicole Mills, Exhibition Director of Infosecurity Europe, said: “The history of computing and information security has been written by many brilliant minds who have dedicated their lives to its advancement. Troy Hunt epitomises this, having devoted his career to building knowledge, skills and capabilities among technology professionals across the globe – something that’s becoming ever more critical as the cyber security skills shortage continues to bite. He has also made a significant contribution to increasing public understanding of their exposure to data breaches, and the fundamentals of how to safeguard themselves. We are truly delighted to confirm Troy’s induction into the Infosecurity Europe Hall of Fame.”

The theme of Troy Hunt’s Hall of Fame Annual Lecture will be ‘Rise of the Breaches’. In it, he will give visitors a look inside the world of data breaches, based on his experiences dealing with billions of breached records. He’ll share what’s motivating hackers, how they’re gaining access to data and how organisations are dealing with the aftermath of attacks. Most importantly, Troy’s insights will help visitors to contextualise these incidents and understand both what these attacks actually look like and how to defend against them.

About the Infosecurity Hall of Fame
The Infosecurity Hall of Fame celebrates the achievements of internationally recognised information security visionaries, luminaries, practitioners and advocates. Selection of the inductee is made by the Infosecurity Magazine and Infosecurity Europe editorial and content teams. Inductees must:
• Be an internationally recognised and respected information security practitioner or advocate
• Have made a clear and long-term (over 10 years) contribution to the advancement of information security
• Have provided intellectual or practical input that has contributed to and accelerated the advancement of information security
• Be an engaging thought-leader demonstrating creativity and original thinking in information security.

INFOSECURITY EUROPE HALL OF FAME ALUMNI
• James Lyne (2018)
• Professor Mary Aiken (2017)
• Brian Honan (2016)
• Jack Daniel (2015)
Dr Eric Cole (2014)
• Mikko Hypponen (2013)
• Shlomo Kramer (2013)
• Alan Turing (2013, posthumous)
• John Colley (2012)
• Raj Samani (2012)
• Neira Jones (2011)
• Colonel (Ret’d) John Doody (2012)
• Graham Cluley (2011)
• Rik Ferguson (2011)
• Merlin, Lord Erroll (2010)
• Stephen Bonner (2010)
• Ed Gibson (2010)
• Charlie McMurdie (2010)
• Eugene Kaspersky (2010)
• Dan Kaminsky (2009)
• David Lacey (2009)
Dr Paul G Dorey (2009)
• Dr. Whitfield Diffle (2009)
• Phil Zimmermann (2009)
• Adam Laurie (2008)
• Professor Fred Piper (2008)
• Alan Paller (2008)
• Bruce Schneier (2008)
• The late Professor Howard Schmidt (2008)

Infosecurity Europe, now in its 24th year, takes place at Olympia, Hammersmith, London, from 4-6 June 2019. It attracts over 19,500 unique information security professionals attending from every segment of the industry, including 400+ exhibitors showcasing their products and services, industry analysts, worldwide press and policy experts, and over 200 industry speakers are lined up to take part in the free-to-attend conference, seminar and workshop programme – https://www.infosecurityeurope.com

14

What To Do Following A Data Breach? By Paolo Sartori

Image

Since GDPR came into place last May, data breaches have been at the forefront of many companies’ focus. Breaching GDPR could cost a company vast sums if the appropriate actions are not taken following a breach. The fine for breaking these rules currently stands at €20 million or 4% of the company’s revenue, whichever is higher.

Whether it is carried out by a cyber-criminal distributing malware or an employee mistakenly sending out email addresses, data breaches are becoming increasingly common. What many companies are unaware of is the steps that they need to take once they have fallen victim to a data breach. 

The following are the steps TransWorldCom recommends that all businesses should take after they have found themselves victim of a data breach:

What is key when it comes to data protection is education. A business is only as strong as its weakest link and data security education needs to be at a high standard across all employees as anyone can be targeted. This stands true for both avoiding a breach and also addressing it. There are five important tasks that need to be completed following a data breach in order to remain complicit with GDPR legislation.

Firstly, the breach needs to be located and stopped. Similar to finding the leak that leads to a flood, when it comes to a data breach you need to find the source. This could be due to the fault of an employee or a peripheral device that has been penetrated by hackers.

It then needs to be understood how the breach occurred and the scale of the breach. Due to increasingly creative cyber-attack methods, a data breach can happen in a variety of ways. Whether it is via a phishing email that has been mistakenly opened, malware that has been downloaded or a simple GDPR breach where a client’s details are mistakenly sent out, it is important to identify where and how the breach took place.

Thirdly, the business needs to notify all those who may have been affected by the breach, take advice from compliance and, where necessary, the ICO. As a company, you have a duty of care to any and all clients or employees who have been affected by a data breach. For example, if sensitive information has been sent out whether it is something relatively innocent like a list of email addresses or something more serious like banking details, the company has a duty to notify every individual on what information has been potentially leaked.

Following this, internal security procedures need to be looked at and the current estate needs to be audited for existing and further vulnerabilities. Without going through your data systems meticulously after a data breach, you could leave yourself open as a target for more attacks from cyber-criminals, especially if the initial data breach attracts any publicity. Going through your network’s defences should be a routine activity for any company’s IT department, however it becomes even more pertinent after a breach has taken place.

Finally, the company needs to change and update the processes for the preparation, control and recovery from future attacks. As with every aspect of business, it is vital that mistakes are learnt from. This could take the form of installing new anti-virus software and firewall security or it could be a case of educating all employees on how to ensure that they keep their data safe and avoid potential data breaches. In the era of frequent hacks, you can now hire professional hackers to test your cyber-security by attempting to penetrate your system. This may sound extreme, but it could be the difference between a safe data system and a breach resulting in a €20 million euro fine.

Web security expert Troy Hunt to be welcomed into the Infosecurity Hall of Fame

Image

Australian web security expert Troy Hunt has been revealed as the latest industry luminary to be selected to join the Infosecurity Hall of Fame. He will be inducted into the Hall of Fame at Infosecurity Europe, Europe’s number one information security event.

Troy’s inclusion in the Infosecurity Hall of Fame recognises his contribution to the advancement of information security, education and good practice as an industry advocate, through his security research, public education, blogging and outreach work. In addition to creating courses for online education provider Pluralsight, Troy is a Microsoft Regional Director and MVP of Developer Security, and he speaks at events and trains technology professionals across the globe. Troy is also the creator of Have I Been Pwned – a free data breach search website which enables non-technical consumers to discover whether their data has been compromised.

Established in 2008, the Infosecurity Hall of Fame recognises the pioneers who have made a significant and long-term contribution to information security on a global level. It acknowledges and celebrates the achievements of these visionaries, luminaries, practitioners, advocates and thought leaders who have provided intellectual or practical input that has shifted the advancement of the industry.

Troy will be officially inducted during a session on the Keynote Stage on 11.20-12.10 on Thursday 6th June, when he will deliver the Hall of Fame Annual Lecture on the topic of Rise of the Breaches.

Troy Hunt said: ‘A huge amount of the work many of us do in the industry is solitary. Being inducted into the Hall of Fame is recognition that our efforts have been noticed and have made a positive difference to the community. That’s an enormously fulfilling feeling. I’ve always looked at Infosecurity Europe as the standout event in the region for catching up on what’s happening in the broader industry. There’s a huge amount of value in the knowledge sharing that goes on. For me, the ‘hallway track’ is one of the most valuable aspects; I love having the opportunity to meet with peers and engage in ad hoc conversations and have built a lot of long-lasting valuable relationships. The connections people make will help drive the next generation of meaningful solutions in the industry.’

Nicole Mills, Exhibition Director of Infosecurity Europe, said: “The history of computing and information security has been written by many brilliant minds who have dedicated their lives to its advancement. Troy Hunt epitomises this, having devoted his career to building knowledge, skills and capabilities among technology professionals across the globe – something that’s becoming ever more critical as the cyber security skills shortage continues to bite. He has also made a significant contribution to increasing public understanding of their exposure to data breaches, and the fundamentals of how to safeguard themselves. We are truly delighted to confirm Troy’s induction into the Infosecurity Europe Hall of Fame.”

The theme of Troy Hunt’s Hall of Fame Annual Lecture will be ‘Rise of the Breaches’. In it, he will give visitors a look inside the world of data breaches, based on his experiences dealing with billions of breached records. He’ll share what’s motivating hackers, how they’re gaining access to data and how organisations are dealing with the aftermath of attacks. Most importantly, Troy’s insights will help visitors to contextualise these incidents and understand both what these attacks actually look like and how to defend against them.

About the Infosecurity Hall of Fame
The Infosecurity Hall of Fame celebrates the achievements of internationally recognised information security visionaries, luminaries, practitioners and advocates. Selection of the inductee is made by the Infosecurity Magazine and Infosecurity Europe editorial and content teams. Inductees must:
• Be an internationally recognised and respected information security practitioner or advocate
• Have made a clear and long-term (over 10 years) contribution to the advancement of information security
• Have provided intellectual or practical input that has contributed to and accelerated the advancement of information security
• Be an engaging thought-leader demonstrating creativity and original thinking in information security.

INFOSECURITY EUROPE HALL OF FAME ALUMNI
• James Lyne (2018)
• Professor Mary Aiken (2017)
• Brian Honan (2016)
• Jack Daniel (2015)
Dr Eric Cole (2014)
• Mikko Hypponen (2013)
• Shlomo Kramer (2013)
• Alan Turing (2013, posthumous)
• John Colley (2012)
• Raj Samani (2012)
• Neira Jones (2011)
• Colonel (Ret’d) John Doody (2012)
• Graham Cluley (2011)
• Rik Ferguson (2011)
• Merlin, Lord Erroll (2010)
• Stephen Bonner (2010)
• Ed Gibson (2010)
• Charlie McMurdie (2010)
• Eugene Kaspersky (2010)
• Dan Kaminsky (2009)
• David Lacey (2009)
Dr Paul G Dorey (2009)
• Dr. Whitfield Diffle (2009)
• Phil Zimmermann (2009)
• Adam Laurie (2008)
• Professor Fred Piper (2008)
• Alan Paller (2008)
• Bruce Schneier (2008)
• The late Professor Howard Schmidt (2008)

Infosecurity Europe, now in its 24th year, takes place at Olympia, Hammersmith, London, from 4-6 June 2019. It attracts over 19,500 unique information security professionals attending from every segment of the industry, including 400+ exhibitors showcasing their products and services, industry analysts, worldwide press and policy experts, and over 200 industry speakers are lined up to take part in the free-to-attend conference, seminar and workshop programme – https://www.infosecurityeurope.com

14

Issue 3 2019

Corporate Vision Issue 3 2019 cover

Welcome to the March issue of Corporate Vision, your source for all the latest news and innovative features from across the globe. Within the global business landscape, companies both large and small continues to strive towards delivering an exceptional service to clients, despite the uncertainties within their respected sector.


An example of this, is Scottish Land & Estates’ latest app and website which provides a 24/7 photo and video reporting platform that aims to provide convenience to both tenants and landlords when communicating about property maintenance. The app has been designed to help members continue to provide high-quality and well-maintained homes.

Elsewhere, Project Lifesaver program protects, and when necessary, provides public safety agencies with the search and rescue tools they need to safely recover individuals with cognitive disorders who have wandered off from a safe environment including those with Alzheimer’s disease and Autism. The program began when it became apparent to founder, Gene Saunders that there was a major void that needed to be filled in providing search, rescue and protection for those who are prone to the life threatening behaviour of wandering.

Also, Stocks Taylor Benson Limited (STB) have been creating and producing brilliant graphic design since their inception in 1988. With a diverse portfolio which is packed with unique and innovative design projects to spark the imagination, STB have no marketing jargon or overinflated titles – just great ideas which have been brilliantly executed.

Here at Corporate Vision, we hope that you enjoy reading this month’s packed edition and look forward to hearing from you.

Cirrus Response announces new automation products that build engagement

Image

On-the-fly translation, powerful Conversational AI and integration with WhatsApp empower businesses to expand into new markets

Call & Contact Centre Expo, ExCel, London,
27 – 28 March 2019-03-14
Stand No: 500

London, UK – Cirrus Response, award-winning supplier of omni-channel cloud Contact Centre Solutions is showcasing three new and upgraded products at Call & Contact Centre Expo designed to automate, streamline and enhance the customer experience. The solutions on display include CirrusTranslate, an upgraded version of Cirrus Conversational AI (CAI) and integration with WhatsApp. All enable enterprise contact centres to better manage and filter calls to improve agent performance, and to provide a more engaging experience for the customer.

Brand new for CCCExpo, CirrusTranslate provides the option for customers to select the language of their choice and hear on-the-fly translation which replicates having a human translator on the call. Software-based translation, available 24/7 with no need to book in advance, is more cost effective than having a team of human translators, and provides businesses the ideal way to expand into overseas markets while keeping costs low. The new service is launched with 15 languages initially, which include Russian, Japanese, Chinese Mandarin and a wide range of European languages. New languages can be added by arrangement.

Cirrus CAI manages text-based conversations, whether on webchat, text, messenger or WhatsApp. A Digital Assistant, rather than a chatbot, Cirrus CAI automates straightforward customer service and sales conversations, freeing up agents to concentrate on more complex or emotional conversations. Unlike traditional chatbots, the service offered by Cirrus is delivered with a library of typical responses (if x then y), which significantly speeds up time to value as it removes the onerous task of mapping out all likely responses, and the continuous monitoring by a business analyst typically required for chatbots. Cirrus CAI is available with a range of personas, with a tone of voice developed for different vertical market sectors.

Cirrus CAI enables contact centres to offer 24/7 support to customers, and can increase sales. In addition, Cirrus CAI can be used to filter calls, so that they are passed to the most appropriate agent, or team of agents for a more effective response.

In keeping with Cirrus’ omni-channel pedigree, WhatsApp integration is now available, providing customers with even more channel choices.

Jason Roos, CEO of Cirrus Response commented; “At Cirrus we are passionate about providing the very latest enabling technology to contact centres to help them better manage the customer experience, improve the working lives of their agents, increase productivity and, ultimately, build and expand their businesses. As an agile company we aim to harness the very latest technology, pushing the boundaries of the traditional contact centre, to develop usable and engaging solutions that delight customers and that agents enjoy using.”

Jason Roos, will be presenting Familiarity breeds loyalty. A local language for a global business, at Call and Contact Centre Expo on the Wednesday 27 March at 11.45am.

Glen Blow, will be presenting The real-world benefits of artificial intelligence at Call and Contact Centre Expo on Thursday 28 March at 11.45am.

As Online Platforms Boom, What Is The True Value Of Data?

Image

Throughout the corporate landscape companies are increasingly creating new online platforms which will help them to better support clients, and in-so-doing will drive them to share data with them.

For example, Cloud Gateway, the award-winning hybrid cloud connectivity platform-as-a-service (PaaS), have recently announced a partnership with global interconnection and data center company, Equinix, to create a new cloud connectivity system that empowers businesses to embrace a complete multicloud strategy.

The partnership will combine Cloud Gateway’s hybrid connectivity PaaS, with Equinix’s Cloud Exchange (ECX) Fabric’s rich, extensive ecosystem of 1,800 network and 2,900 cloud and IT service providers. This will provide businesses with one streamlined and secure platform to quickly deploy hybrid digital infrastructure anywhere in the world.

Additionally, another recent development in the world of data is the news that a leading UK innovator in business intelligence solutions is targeting a global market of more than five million users with the launch of a new software service aimed at bolstering corporate security.


Power BI Sentinel has been designed to provide additional benefits to businesses using Microsoft’s analytical tool Power BI by providing secure document back-up, change tracking, documentation and data lineage analysis.

Alex Whittles, who is a Microsoft MVP (Most Valuable Professional) and founder of big data company Purple Frog Systems in Telford, has spent the last six months developing the new software.

He said: “I’ve had this idea going round and round in my head for about 10 years so I’m absolutely delighted to finally be launching Sentinel.

“We have invested a considerable amount of time and money in this project over the last six months and our specialist developers have come up with a software service which will provide organisations with greater security and governance of their data, including helping manage GDPR compliance.

“This is particularly important within large corporate organisations where Power BI is being used in multiple locations, across a number of departments and by a large number of employees

“There are currently a number of limitations to using Power BI on its own, but our new software is designed to bridge some of those gaps by providing automated documentation of reports and giving data controllers the capabilities to view, in real time, how and what data is being used across all parts of the business.

“The software is designed not only to save businesses time and money but it also has huge implications when it comes to improving data security and simplifying and accelerating disaster recovery,” he added.

Meanwhile, the DMA has partnered with the University of Edinburgh to explore the true value of data. In a bid to uncover the true worth of information to business, the DMA is partnering with the University of Edinburgh to deliver a series of lectures, roundtables and thought-leadership material as part of a new campaign exploring the value of data. The Value of Data campaign aims to elevate and champion the role of data and help organisations responsibly deliver value to their customers.

“In line with our core value of putting the customer first, ethics will sit at the heart of this project. We’ll be exploring the concept of data driving shareholder value in an ethical and monetary sense and looking to showcase the value of values,” said Rachel Aldighieri, MD at the DMA. “In partnership with the University of Edinburgh, we will be creating tools and training that will help businesses thrive from innovation, technology and data, while ensuring responsible marketing sits at the core of business practices.”

Working alongside Merkle, the campaign sponsor, and the University of Edinburgh’s research Centre for Design Informatics and Bayes Centre, supported by Edinburgh Innovations, the DMA aims to create a navigable roadmap to establish bold, innovative and data-led approaches that will have a positive impact on businesses and the customer experience. As the leading trade association representing the interests of the data and marketing industry, this is one of a number of initiatives the DMA is embarking on to improve the customer experience and promote responsible marketing.

Firas Khnaisser, Chair of DMA Scotland, and head of decisioning at Standard Life added: “We want to ask difficult questions about where the ‘value’ of data really lies. In the data? Its quality, quantity, or in the way we use it to create better outcomes for customers? The true value of data will help our industry develop better services, create better customer experiences and evolve into better societies.

“Scotland is a hub of data expertise, fintech firms and start-ups thanks to government investment, and close collaboration between private, public and educational institutions. The DMA wants to lead the data debate from Scotland – and to drive the conversation across the UK and the world.”

This campaign shows that the corporate landscape is slowly coming to understand the fact that data plays a large part in every business and every consumer’s lives, but moving forward more needs to be done to ensure that the true value of data is understood by everyone.

Disaster Recovery: 5 key takeaways for your business

Image

It’s not always possible to avoid disaster and the increasingly chaotic world we find ourselves in today is making their frequency (whether economic, political, environmental, etc.) ever more probable. A solid and tested disaster recovery strategy is a must for any business that wants to minimise disruption and loss of profit. Below are some of the bets takeaways to consider when it comes to your business and disaster recovery.

1) Consider the threats

In the past when talking about disaster and disruption, businesses were primarily concerned with displacement. Floods, fires, hurricanes – all could cause a high enough level of disruption to displace employees from the business building, shutting down facilities and the ability to complete tasks. This still happens, especially with the increased frequency of extreme weather events. Businesses still need to consider offsite recovery procedures in their disaster recovery plans. However, another, potentially bigger threat looms close:  data loss. Cyberattacks have, in recent times, taken down universities and government agencies as well as giant corporations and small businesses alike. It’s taking companies longer to detect cyberattacks, with malware potentially spreading further and corrupting your data.

2) Upgrades can derail disaster recovery

You might have what you think is an airtight disaster recovery plan in place, it’s carefully considered, and you test it regularly too. Basically, you’re expecting the unexpected. Think of the last instance your office upgraded its hardware or software, made changes to storage, production, and just about anything else. A disaster recovery plan must be a dynamic document that evolves with every move the business makes if it’s to be valid in all situations, at all times. Be vigilant of how changes might affect your disaster recovery strategy, perhaps appointing a dedicated member of staff to make amends when needed or getting experts, like Sungard AS, to handle it for you.

3) Back up your data

Once upon a time, businesses backed up their data on tapes. Data was copied onto physical tape, and they were then stored offsite in a safe location. If a data centre experienced disruption, tapes would be driven to the business site, and recovery would begin. Today, there’s just so much more data to deal with and a better solution: the cloud. Backing up data to the cloud is an essential part of disaster recovery as storage replication across a dedicated network ensures recovery. It’s also a cost-effective and scalable solution that tends to suit most businesses.

4) Recovery isn’t straightforward

Creating and implementing recovery plans isn’t an easy task. Consider that one company can have multiple systems and computers with processing disparity and the complexity of a recovery plan begins to emerge, creating the need for various recovery systems. Care must be taken when integrating multiple systems and processes into recovery to ensure comprehensive coverage of disaster-prone elements.

5) RTO: recovery time objective

An essential question for any recovery plan is ‘How long can you be down before you must be up and running again?’ Answering this question is difficult as it hinges on things like industry, budgets, business size, and much more. Fully online businesses will have a lower tolerance of downtime compared to manufacturing companies that have an in-built buffer which allows for work continuity. Every business needs to take their RTO into account, implementing precautions and testing the recovery plan to minimise disruptions beyond the RTO.

Businesses need to remain agile in the face of disruption, anticipating and adapting to evolving threats before they’re able to cause damage. A vital thing to remember is that any disaster recovery plan must be tested and updated regularly; it should be thought of as a living and breathing heart of the business safety strategy, and not a one-off exercise undertaken to tick off the safety list.  

3

How to get Health and Safety software implementation right

Duncan Davies, CEO at Notify

Image

One of the most common themes we hear when speaking to Health and Safety professionals is that the stress and upheaval of implementing a new Health and Safety system might outweigh the benefits. Naturally, that’s something we disagree with, but nonetheless, the transition to using technology to manage Health and Safety within an organisation is something that requires some dedicated planning and thought. 

We know a thing or two about software projects so, in the spirit of sharing best practice, here’s what we’ve learned from the many clients we’ve worked with over the past few years:

Step 1: Finding the solution that’s right for you

It goes without saying that to successfully implement any software, it needs to be the right software for your organisation. Give yourself plenty of time to talk to your peers and wider network about what they are using. Do they consistently recommend a particular provider? And don’t forget the power of Google, but make sure you scour the market fully, to understand who offers what (and why!).

Before you head off and start your research, however, we recommend completing a manual audit of your processes and identifying which parts of this you hope to be made simpler, or more efficient through technology. Having your expectations clear from the start will enable you to make the best decision. Make sure you’re clear on “the problem you’re trying to solve” because down the line someone in your organisation is going to ask you “Why?”.

For example, do you have gaps in employee engagement? Is your monthly reporting a headache? Do audits still get completed using Word or Excel? Are you struggling with version control? Make sure you know what you want to achieve and factor this into your audit, too.

From here, you know what you’re looking for.

Modern software providers will offer a free, no-obligation demo of their platform, and in some cases, a free trial of a basic version to let you “get your hands on the software” and make an informed decision in your own time.

You need to be clear on the adaptability of the platform: can it be configured to mirror existing processes, or will you be obliged to use a fixed structure? If you’re looking for something that can be developed to meet your exact needs, then make sure you get clarity on what comes as standard and what will cost more; and make sure you will get appropriate support for the bits you’ve added.

The technology provider should also be transparent on costs, enabling you to budget accordingly. Make sure you do your research on the difference between perpetual licencing (you buy the software outright but have to pay for future upgrades) and things like Software as a Service (SaaS, where you typically pay a subscription and get upgrades and support included).

Also, check how the pricing works; for example, if it’s on a per-user basis, figure out how expensive this might be today and as you add employees to the business in the future.  That should make any financial conversations far easier for you, which leads us on to our next tip…

Step 2: Learn to love your FD (if you don’t already!)

In previous blog posts, we’ve discussed the positive impact that technology can have on an organisation’s Health & Safety culture and compliance and that many of these benefits also have a positive effect on the bottom line. If the budget for Health and Safety is sometimes hard to come by, it’s time to show your workings out, so do your homework right!

You should be able to highlight the positive impact that technology could have, not only in terms of employee engagement but in tracking incidents and reducing the risks that can have financial implications, something your FD will be very interested to hear about.

The costs of safety massively outweigh the costs of ‘no-safety’, but you’ll need to get the FD on-side. Make sure you talk about the potential cost of stoppages, insurance premiums (and claims), lost time from staff absence, sickness levels, fines, and reputational or investor damage.

No technology system can ever reduce all risks to zero, so the key is to try and quantify the costs of not doing anything versus the benefit of having a platform that gathers information quickly and helps you analyse and understand it.

This knowledge and planning should make future budget approval an easier task because you’re continuously tracking and monitoring risks, making improvements and preventing incidents that could cost the business, as well as showing your department as a value-adding business partner.

Step 3: Communication is key

Before a new system is implemented, it’s crucial that you make sure your colleagues are clear on any impending changes and what it means for them. You want the workforce to be on board from the start, and providing them with information about the system and “what’s in it for me” will be a big win in terms of employee engagement.

Any responsible technology provider (like us!) will be able to provide materials that you can use to help introduce a Health and Safety software system, from user guides to short videos to internal communication templates.

Equally important is getting buy-in from the Board and other senior colleagues, as they’ll be able to reinforce the importance of the system to the business. After all, the last thing you want to do is spend money on a tool and see nobody using it!

Step 4: Making it happen

The fun part!

The platform you purchase today needs to grow with the organisation you could become tomorrow. When your new software is implemented, you should look to build a list of priorities and work through them to ensure you’re getting the most out of it, keeping a note of any ‘would like to have’ functionality that you can feedback to the tech provider.

Support from their team in these early stages is crucial to getting things off to a flying start, so you will want to ensure you receive a Service Level Agreement (SLA) from the provider to make sure you know what level of Support to expect.

You’ll need to choose a provider who will be on hand to understand your processes and build the system in line with these requirements. They should also provide suitable guidance to help you manage things once it’s all systems go and help you build a wish-list for additional features you’d like to see added to your platform over time.

From here, it’s about communicating across the organisation (again, we can help with that!) and providing training and support where required, to make sure your shiny new system actually gets used so you can begin collecting lots of valuable data, that can help you be more effective and efficient than ever before!

Step 5: Show and tell

The best Health and Safety software solutions will provide a suite of insightful reporting tools that you can use to create relevant, real-time dashboards, featuring measurables that line up with your business objectives. This data can be used to show impact, both of the software itself but most importantly of the Health and Safety function, allowing you to track progress over time.

Of course, once you have the data, and you understand what it’s telling you, you should be looking at sharing the insights. Armed with this information you’re much more able to influence your board directors and colleagues across the business. You can help identify for them where risk is greatest, what needs to be done to mitigate it, and what this means in business terms.

If you can help them join the dots between activities that are creating risk and your actions that have helped reduce that risk, you’ll find life much easier when it comes to next year’s budget!

Health and Safety technology should empower organisations to nail basic compliance, but the icing on the cake comes from providing this valuable information to the business.

Furthermore, sharing this data across the organisation will show the workforce that their input is really valued, along with highlighting for them the impact they’re helping to create by using the technology tools in the right way.

Frequent communication (why not present your dashboard ‘live’ in screens in the business, or do a quarterly update)  is the best way of ensuring ongoing engagement with Health and Safety and making the workplace safer for all, which is really the end goal, after all!

If you’re currently looking at Health and Safety technology and want to try out Notify for yourself, register for a Demo and we’ll show you how clients like Travis Perkins, ThyssenKrupp, Alexandra Palace and London Zoo have used our software to deliver real business benefits.

 

54% of Western European IT directors have reported instances of employees falling victim to phishing emails by Paolo Sartori

Image

New research by Sapio has shown that 54% of Western European 900 IT directors sampled reported instances of employees replying to phishing emails or clicking on links that are within unsolicited emails. This type of data breach can put a whole company’s data system at risk.

Phishing emails are a common method used by cyber-criminals to attempt to distribute malware or receive sensitive data. It is a technique that preys on human error as the emails sent are usually well-disguised as emails that one might regularly receive. They have previously been used to trick people into moving money into rogue bank accounts or to divulge sensitive information. They can also be used to delude the recipient into downloading malware that is under the guise of a seemingly mundane attachment.

There have been a number of high-profile cases of phishing. In 2014, a number of celebrities had their nude photos leaked. This was initially thought to be the result of a data breach with Apple’s cloud systems, but it was later revealed to be the product of a number of phishing emails. In 2016, John Podesta, Hilary Clinton’s campaign chairman was tricked into giving away his Gmail password.

Phishing started to become prominent in the mid 1990s, but, with phishing kits being more readily available on the dark web, the attacks are becoming increasingly frequent. One of these kits collates phishing tools and resources that then creates a website designed to collect sensitive information, but is under the façade of a reputable website.

A study by Sophos showed that it was larger businesses who were most vulnerable to these cyber-attacks, despite these businesses being the most likely to have regular data protection training for employees. In Britain, 45% of organisations have fallen victim to phishing attacks in the past 2 years.

We have long been told that businesses and individuals alike need to be planning ahead of hacks and the ensuing data breaches, but with hackers becoming more creative it seems our public cyber security needs to be improved. While businesses normally have excellent and reliable cyber security, it is only as strong as the actions of individual employees, as malicious emails can penetrate even the most robust protection measures. In terms of ensuring that data is safe and secure for the future, there needs to be a concerted effort to educate individuals against the full scope of data threat.

Personal and professional cyber security go hand-in-hand, a chain is only as strong as its weakest link, and employees succumbing to fake emails for example leave us all exposed. The real danger in these circumstances comes when issues arise and are then ignored. Employees need to not only be educated on the preventative measures, but also on what steps to take following a data breach.

TransWorldCom offer the following tips that should be followed when it comes to being vigilant around suspicious emails:

1)  Inspect the email address that it comes from:

Return Path studied over 760,000 email threats that targeted some of the world’s most famous brands. The analysis found that nearly 50% of all the phishing emails spoofed the brand’s name in the display name. Despite the display name appearing legitimate, when the email is closely inspected it will not match up to emails that one would usually receive from that company.

2)  Check for any spelling mistakes, bad grammar or strange images:

Legitimate emails should not contain any grammatical or spelling errors, but phishing emails are often sent out quantity over quality approach so often contain bad spelling and grammar.

3)  Don’t click on any links:

Hovering over a link should tell you the actual URL that the link will take you to. Always err on the side of caution and do not open links unless you are absolutely sure as to where they lead.

4)  Don’t download any attachments:

It is rare to receive unexpected attachments in an email, especially from a company such as a bank. If you are not expecting an attachment or if it looks at all suspicious then avoid downloading it.

5)  Be wary if an email suggests a sense of urgency in replying, clicking certain links or downloading attachments:

Phishing emails are often blunt and imbue a sense of urgency when it comes to downloading attached items or clicking on suspicious links. It is rare that a legitimate email will require such urgency.

In summary, it is best to be cautious when it comes to emails. Inspect the subject, the email address and the body of the email. If you are at all unsure of an emails legitimacy then avoid opening it, clicking on any links or downloading any attachments. Feel free to give the company that the email appears to be from a call or an email to see if the email really came from them. It is always better to be safe than sorry.

There are ways to increase your computer system’s defences from phishing emails. When it comes to software, make sure that all of your firewalls and anti-virus software is up to date. As a rule, avoid clicking on pop-ups and keep your email inbox clear. It is often easy to get overwhelmed by an overflowing and messy email inbox. Organise your inbox in files and delete any messages that you no longer need.


Back to the future: How to keep up with an increasingly flexible and diverse workforce

By Kyle Addy, Voluntary Benefits Director, Benni

Image

The world of work is changing, and businesses are being challenged to keep pace with the demands and expectations of today’s increasingly flexible and diverse workforce.

Those who don’t will find themselves unable to attract and retain the best employees.

Kyle discusses the best strategies and benefits to help source, manage, motivate and retain top talent in a changing workplace, while controlling costs.

Be aware of changing labour trends

There’s no one solution for managing a diverse workforce, but understanding how society is changing is key for tapping into solutions
Examining some of the key workplace changes (i.e.: the rise of technology, flexible working and hyper-connectivity)
Discussing policies and benefits to support employee needs as these workplace changes develop
 

Create options

Why voluntary benefits are one way to create a benefits package that appeals to all workforce generations
Discussing the best options which allow employees to choose and pay for the benefits which best suit their individual needs (i.e.: critical illness, dental insurance, cash plans, retail discounts, etc.)
 

Commitment to wellness

Why employers should introduce health and wellbeing strategies as part of their benefits offerings (e.g.: access to onsite health screenings, wellness experts, EAPs and gym memberships)
How to tailor these benefits to support a diverse workforce at every stage of their life
 

Avoid stereotypes

Why it’s important to avoid generational stereotypes when making decisions about company benefits
(E.g.: contrary to popular belief, almost two thirds of millennials care about work perks and benefits — even more than their older peers)
The best in-house strategies business and HR teams can use to get a better understanding of their workforce demographic
 

Improve benefits communication

Attracting, retaining and engaging employees may depend on how well employees understand — and therefore take advantage of – available benefits offerings
Different generations have clear communication preferences, so it’s important to tailor efforts to your workforce
Examples of the best communication channels for different demographics
Why it’s important to use technology to supplement, not replace face-to-face, ongoing communication

5

Loneliness at the Top: Why Stressed Execs Don’t Seek Help

Image

CEOs and senior executives are among the least likely to take part in staff wellbeing programmes. Finola Billings explores why in an interview with emotional resilience specialist and founder of the Calm Execs programme, Julian Hall. 

Despite increasing calls for staff wellbeing programmes, one emotional health specialist has discovered that leaders of organisations still regularly dismiss their own health needs. After 21 years working in a high-stress financial services environment, Julian Hall paved a new career path by training as an anger management coach. After struggling initially to even bring the word “anger” into organisations, he rebranded to ‘Calm People’ and now talks instead of “emotional resilience”. But after over 50 years of bringing these emotional resilience programmes to businesses under the banner of Calm People, Julian hit another hurdle. Calm People would need to treat senior management differently. 

“I spent a number of years trying to take [anger management] work out into organisations. I realised the brand associated with anger is really, really not helpful because people just don’t want to engage with it”, Julian tells us.

“Some employers don’t like to talk even about stress. And we might have the same workshop running in three different organisations with three different names and those names reflect the different ways each organisation wants to present them. They’re either really into stress or they’re really away from it – so we just change the name accordingly.”

Calm People was pushed to adapt yet again when CEOs and senior executives began to ask if there were any separate programmes for them. When Julian and his team researched why these questions were being asked, they discovered several interesting truths about the inner life of CEOs, as well as about the misconceptions people have about senior management and mental health awareness. 

 “We found that, while other people further down the organisation might not want to admit it, senior executives are under a slightly different level of pressure to other people and they do experience a more stressful environment than other people in the organisation”, he explains. 

“The second thing we found was that senior executives are less likely to engage in emotional resilience work with other members of their teams because to do that means to acknowledge that you might be able to be vulnerable. They don’t want to be vulnerable with their teams. We needed to develop something that was explicitly tailored to them and help them work on themselves and remain strong without having to acknowledge anything to anybody else.”

The programme, Calm Execs, which has worked with executives in large organisations like LV Insurance and Schroders investment, continues to grow its portfolio and impact with leaders of businesses of all sizes and kinds. When asked about the differing stress levels of senior management in smaller businesses compared to larger ones, Julian points out the need to uphold the image of the leader remains the same no matter the size of the organisation.

“The chances are [senior executives] are probably not that different. If we look at it from the point of the CEO, there has until recently been this idea that the CEO is invulnerable. They are the leader of the organisation. There can’t be anything wrong with them! In all sorts of ways, they’ve got to be perfect and just that image itself brings a huge amount of pressure with it. There are a lot of CEOs and senior executives who think that if they acknowledge that they feel vulnerable sometimes then they give permission to everybody else to do that and their whole organisation will crumble.”

And while others might assume that CEOs and senior executives must have already trained their emotional resilience to get to where they are, the truth can be quite different. The research at Calm People has revealed the key to the problem is in the leaders refusing to acknowledge their humanity.

“Everything we’re doing is about being human. We’re just introducing people to the subject of humanity and then saying let’s just look at your humanity in a little more detail and then let’s see if you can develop some coping mechanisms.

“What we’ve been doing with these executives is raising their awareness and helping them understand that they are allowed to be human. They don’t have to expect they work under inhuman levels of pressure stress and make themselves ill.

 “When we start having those conversations with them, they start to realise that they can work on [emotional wellbeing] at the same time as being a really effective, high-performing senior executive.”

Undoubtedly, Julian explains, it is unhealthy and unfounded beliefs that seem to be the pitfall and cause of toxic and stress-fuelled working environments.

“It’s a misconception that if your raise people’s awareness of mental health that is you raise people’s awareness of mental health is that everybody goes off with mental health issues. What happens if you raise people’s awareness of their mental health is, they’re able to go, “right that thing that goes on in my head is not right. I now have the awareness and I could go and do something about it.” You’ve just given somebody choice.

 “There are a lot of people at the top of businesses saying, “do as I say not do as I do” and any of them who are parents must have learnt that children learn through role modelling but so do employees. And so, if the CEOs is role modelling one particular behaviour but saying something different, you’ve got an unhealthy organisation.”

A senior manager’s lack of self-care does not just lead to an unhealthy organisation, it is also incredibly damaging for the individual. When a CEO’s emotional health problem crosses the border into a mental health issue, the result can be quite dramatic.

“If they don’t deal with emotional health issues that they might be having, and they keep suppressing those, they will turn into mental health issues. And actually, it will become a binary choice one day if they’re not careful – it will become you’re either going to be that or that and you can’t be both. You’re going to have to take some time out.”

So, to raise awareness about the issue, and to help those busy executives who like to think in ‘measurables’, Julian recommends executives make use of Calm People’s quick and free health assessment tool.

“The Mental Health Foundation did a survey in 2018 that said I think 74% of adults in the UK feel overwhelmed at any point in time or different points in time. And we looked at that and said well how many are actually going to the NHS, how many are going actively into psychotherapy and counselling and by stripping those numbers out of it we know there’s at least 11 million people in this country – 11 million adults – that regularly feel overwhelmed and anxious and who don’t get any help.”

“We’ve developed an emotional health assessment that people can take online. That then gives them a lot of rich personal data about themselves in terms of their emotional health, across seven areas of emotional health, and it gives them a red-amber-green scoring. We are currently looking for investors to join us to build this into a fully serviced mobile-friendly website and phone app that will connect an individual to their emotional health.” 

Unlike other mental health apps, the Calm People app doesn’t purport to cure any particular condition, and it isn’t just another mindfulness meditation app. There are thousands of apps out there. While some are specifically designed to help a condition, others offer mindfulness meditation as the only solution.

“We are not the ultimate panacea, nothing is. The problem is that mindfulness is being promoted as that by a lot of people.”

“You’ve got apps out there that are about things like meditation and guided visualization and their marketing style is, “Look we do meditation. We do guided visualisation. Isn’t it amazing?”. They don’t say they help any particular emotional health disorder in any way. And then at the other end there are some apps out there that are designed specifically for people who feel they have depression or anxiety.

“What pretty much nobody does is ask the question “what’s going on for you?” Answer these questions and then we’ll tell you what we think is going on for you. 94% of the people who have taken out assessment say that it describes them accurately. It’s an awareness tool.” 

No matter how senior executives choose to confront their issues, it seems the key is that awareness must be raised to them that help is available. As a final tip to senior executives who might be struggling out there, Julian proposes a breathing tool that’s so simple it’s often disregarded.

“It always astounds me that almost anything we share on the internet, or that we share for free, people then immediately down value it and they never really do anything about it. What I’m going to share is something that’s widely available everywhere, but people don’t engage with it because it’s so widely available. It’s very simply engaging with your breathing. When I want to concentrate more, I focus on my breathing. Literally all I do is I plant my feet on the ground I sit upright I relax my belly and I take nice deep breaths from my abdomen. I want my belly expanding not my chest. And I take a deep breathing for a count of seven and then I pause, and I exhale and count out for eleven. All the time, I’m counting in and counting out, I’ll do that for about 2 minutes. So, anyone reading this, they should try that once an hour.”

The take-away here is that senior executives must not forget their own needs at the expense of their team’s needs. We know of 11 million adults who regularly feel overwhelmed, and Calm People has proven senior management teams of all sizes are amongst them. As Julian puts it, senior executives must remember they are human as well as a leader, and it is possible to be both at the same time.

27

How Innovative Designs Have Improved Traditional Products

Image

Technology and innovative design is constantly influencing the customer market — with brands releasing updated versions of the same product that we all feel inclined to buy. However, this isn’t just happening with modern inventions, but with traditional products too.

The end-goal for many businesses and creators is to streamline a product’s use for the end-user. With this, many of the everyday items we all love have been altered in one way or another to keep up with the requirements we now have as a society.

We’ve set our standards high, and no product is untouchable. Here, we take a look at some of the products that have been influenced by technology or design and how they have changed our lives.

 

Umbrellas
The umbrella has changed tremendously over the years. Making its debut in Ancient Egypt, they were used for protection against direct sunlight. However, the waterproofed version was created in the 11th century BC using leather, an extremely expensive material to use at the time which was later adopted across the European continent — predominately in Greece and Rome.

The umbrella fell absent for over 1,000 years after the Roman Empire dissolved but became popular again in the 16th century. Traditionally, umbrellas were quite detailed in their design and were more of a ‘prop’ during this period.

That’s not to say that umbrellas today can’t be a fashion statement though. Queen Elizabeth II, for example, uses a birdcage umbrella when making public appearances. This innovative design allows her to stay dry but remain completely visible when venturing outdoors, as the cover is transparent! With her bespoke umbrellas, she always matches her trim with her outfit. As well as this, unlike umbrellas years ago, many are now designed to be more compact and can be stored away in your bag.


Watches
Watches have truly transformed the way we lead our lives. Modern Britain revolves around time — from making sure our little ones arrive at school on time to catching the right bus for work. The history of the watch dates right back to the 16th century, where the devices were originally powered by a mainspring which turned gears to move the hands while keeping in time with a rotating balance wheel.

It wasn’t until the 1960s that the quartz watch was invented, where the product actually used electricity to operate. This type of watch took over the market at the time, which many still refer to as the ‘quartz crisis’ as mechanical watches were pushed aside. Following this, the quartz wristwatch was developed, and we haven’t look back since. Well, until now.

Smartwatches have taken over the world. You can’t walk by someone without one attached to their wrist. What once was an item that would only notify you of the time, can now make phone calls, send messages, track your health and more. What’s next for the watch?


Bank cards
Although we all know that money is an everyday essential, bank cards never used to be. Before the first bank cards were issued in 1967, people had to actually visit their bank to deposit or withdraw any cash. People could store money in their home, but this wouldn’t be protected!

It wasn’t until 1972 where the first bank card to feature an information-encoding magnetic strip was introduced. This allowed customers to visit an ATM and enter their personal identification number to gain access to the information that was associated with their account.

Today, it’s the introduction of contactless payments that has made the biggest impact on the shopping and banking scene. Recently adopted by banking associations and introduced across the high-street, the cards using radio-frequency identification can now make payments without the need to enter a pin.


Wallpaper
You wouldn’t think that there’d be any sort of progression with wallpaper, but what the future holds sounds quite exciting. Historically, wallpaper would be created using hand-painting, woodblock printing, stenciling and other types of machine printing — which dates back before 1700.

This form of design was so popular that in 1712, Queen Anne introduced a wallpaper tax which wasn’t abolished until 1836. This was likely because Britain was the leading wallpaper manufacturer in Europe at the time.

The future only looks bright for wallpaper though. At one time, we’d just be complacent with a nice design for the interior of our home, but developments have suggested that we should expect high-tech forms sometime soon. This will have the ability to block signals — no more stealing your neighbour’s WiFi!

These were just some of the advancements, but what does the future hold?

7