In response to popular demand we have added support for Business Cards and Networking to ReceiptAngel.co.uk months ahead of our planned schedule - not to mention support for 'Other Document' making 'Work to Cloud'  a reality.

This means that a variety of work that could previously only be done in one place can be easily and quickly moved to 'the cloud' and so passed to the most appropriate person - wherever they are.

Not only is this a leap forward for small and virtual enterprises but it's an absolute godsend for the growing army of UK Virtual Assistants (VAs) and their clients who can now outsource admin work and other tasks like never before - leaving entrepreneurs and business owners more time to develop their business.

Free trials are available at www.ReceiptAngel.co.uk for the next month so you can try it all for free.

What is claimed to be the first truly practical solution to maintain client confidentiality when electronic documents are sent, such as medical records transferred between doctors and lawyers, was launched to acclaim this week at the Law Society LEXEL conference.

Previous encryption systems have proved impractical. Partly because they are too complex for most people to handle, but mostly because everyone involved has to have the same system installed.

The TakeCare eDisc gets around this problem by packaging everything up onto a self-burning encrypted CD (or eDisc) which connects itself to a secure web service that generates and delivers the keys to the intended recipient - relieving the user of all complex tasks.

This means that documents and other material can be sent securely to anyone and without anyone needing to put a system in place to either send or receive information securely.

"Using this technology is childs' play, and that gives it the power to be transformational for all of us in the legal profession." commented Dick Jennings, R.D.Y.Jennings & Co, Solicitors

Barry James - the CEO of TakeWare, the company behind the system, for which it holds patents in the UK and internationally said "We are delighted with the response to TakeCare. We know that confidentiality is of paramount importance to both doctors and lawyers and this removes an important obstacle to maintaining that in an increasingly digital environment - and it's very green as well of course".

For more information about TakeCare eDiscs, go to www.TakeWare.com/eDisc

The massive, widely publicised, losses of personal data over the last year or two has meant that there has been a gulf opening up between the need for security and the means to provide it. Since the HMRC lost almost half the population's records on a CD the demands and expectations of the population in general (and the Information Commissioners Office in particular) have gone throught the roof - culminating in what amounts to a new regime - with new powers being put into place for the ICO at present.

But really practical tools, to deliver what is needed and being demanded, have been lacking. I.E. To keep personal information safe - In transit in particular.

TakeCare is a new product that fills the gap using new, patented, technology to make it easy for non technical people to exchange documents and other digital information securely. The breakthrough means that the sender and receiver no longer need to acquire and install the same software. They need just a Windows PC and an Internet Connection. The TakeCare 'eDisc' (encrypted disc) contains the encrypted information and everything that's needed to accees it, while the web is used to provide the 'keys' to just the intended recipient - so keeping the data secure.

Ian Sadler of e-safe Insurance commented.

The actions of the ICO and other regulators over recent months have sent a salutary reminder to all businesses as to the importance of protecting data and the needs for encryption when data is sent or requested via transportable media. Failure to comply with the regulators has clearly been shown to result in substantial sanctions and penalties.

To date actually achieving compliance in an effective manner that is both cost effective and not disruptive of the business information exchange process (especially between businesses that have no formal trading relationships and come into contact with each other only occasionally or even one time only) has been a difficult if not impossible task given the multitude of system incompatibilities that exist between individual organisations and the totally ad-hoc nature of many data exchanges.

TakeCare changes this in a profound and fundamental manner; it is a real and much needed, breakthrough. It makes it practical - for the first time - for non technical staff to use high level encryption to secure documents and data moving between organisations without calling on specialist IT support or having to follow a difficult computer process. In doing this it reduces and minimises the risks and exposure to regulatory problems - and the dangers of regulator sanctions and fines. 

Ian Sadler,  CEO, e-Safe Insurance

For more information or to order call 0844 8844 941

As we reported a couple of months ago The Information Commission's Office now has teeth and is using them in making regular, high profile, prosecutions - presumably to demonstrate how serious they are in tackling data loss at all levels.

When 'motorised vehicles' first appeared on roads designed (if at all) for horse powered transport and driven by engineers and 'early adopters' they were very dangerous indeed. When you consider that the road sense of the typical pedestrian at that time involved little more than a glance over the shoulder when a horse drawn vehicle clattered towards them - with time to spare - then the combination must have become pretty lethal pretty quickly.

Recession, redundancies, under resourcing of the Police and other authorities together with Black-eEconomy mean:

• Data can now be exchanged for hard cash – there’s a ready market in the Black-eEconomy
• eCrime proceeds now officially exceed those from drug trafficking – and are still growing.
• The likelihood of being caught – much less convicted is so low it can be discounted pretty much altogether.
• This growth is likely to mushroom further over the next two years or more – law enforcement lacks the skills, procedures, manpower and tools (let alone funding) to even attempt more than token investigations and prosecutions
• A trend has been identified of redundant workers – often with IT related skills - entering this arena as an easier and more lucrative option than finding another job in a shrinking economy
• This form of crime carries little or no social stigma (and a certain cache in many circles)
• Most organisations have personal and other data which is of value and are therefore potential targets.
• A further trend where employees are ‘planted’ in organisations with intent to take data or existing employees – often under financial pressure in the recession or being made redundant – are being targeted and ‘groomed’ for data.
• The risks falls on the ‘victim’ organisation – who might also be fined £1m or more by the regulator if personal data is taken – a double whammy.

This Black-eEconomy is a global problem that affects the UK perhaps more than most. In his evidence to a US Senate Commerce Committee Yuval Ben Itzhak, Finjan's Chief Technology Officer, said

"In our Q1 2009 report on cybercrime, for example, we revealed that one single rogueware network are raking in $10,800 a day, or $39.42 million a year. If you extrapolate those figures across the many thousands of cybercrime operations that exist on the Internet at any given time, the results easily reach a trillion dollars,"

and: cyber-security threats have increased significantly over the past five years, and have reached the point where they pose a significant threat to all organisations"

For more see:

www.publictechnology.net/modules.php?op=modload&name=News&file=article&sid=19506

Meanwhile the Police’ pleas for more funding are falling on deaf ears:

www.theregister.co.uk/2009/03/26/janet_williams_pceu/

It’s difficult to avoid the conclusion that this is just the beginning of a epidemic – and the conclusion that the only way to effectively contain it – let alone tackle it – will be with prevention.

Perhaps the most vulnerable sector are SMEs – who share the same problems with the corporates but do not have either their financial resilience or access to heavyweight security tools and infrastructures.

Clearly a new approach is badly needed.

According to top lawyers: "From an IT and HR point of view, organisations need to be more vigilant about data protection, because there are likely to be a number of prosecutions, and a growing public awareness of privacy issues."

Paula Barrett, a partner at law firm Eversheds, advised firms wanting to vet potential employees to treat recent actions as  "cautionary tales".

More at  www.vnunet.com/vnunet/news/2238014/ico-case-first

Psychology + New Technology = Behaviour change
Humans are the weakest link where security is concerned - ask any security specialist. Or  just look at the news over the past year or so.

Yet we have tended to respond by upping the technology and ignoring the psychology - when we know what is really needed is behaviour change. This of course falls outside the remit of the technologists. It's somebody else's problem. They provided the technology tools - it's up to the human element to follow the guidance and use them as instructed. Despite the fact that it has never worked - and never will outside of a 'command economy'.

Psychology + Different Technology = Reduced Risk
This isn't a magic formula - just a new recipe that combines Psychology's insights with technology in a novel way.

It's long been known that one of the most powerful ways of influencing behaviour is to just introduce an observer. Behaviour changes. This is a big problem in experimental psychology where a huge amount of ingenuity and effort is expended in excluding this powerful effect from experiments about other things.

However it really is just what's needed to persuade people to change their risky behaviours in a sustainable way.

DLP is about People and Policies not Ports
CCTV changes the way people behave the moment they become aware of it. If you know you are likely to be held accountable there's much more of an imperative to avoid the shortcuts and risky behaviour that has caused so much havoc - from the HMRC to memory sticks in pub car parks - and the leakage of millions of peoples personal records. Not to mention valuable and sensitive company data.

Especially if it's supported by reminders - crucially appropriate reminders presented clearly at the right times - which bring to mind the reality of the risks. In this case the risks of exposing personal and commercially sensitive data by carelessness and corner cutting.

Accountability by design
We have brought these two factors together in a new way that goes to the root of this endemic problem - rather than just providing technological sticking plasters. Effectively providing accountability plus very good reasons for the individual to change behaviour sustainably - and so reduce the risks.


All these 'little' risks are borne collectively by the whole organisation and it's management - especially with the changes over the last year and the introduction of SIROs (Senior Information Risk Owners). So it can no longer be left to the IT folks - who have, at best, only part of the solution - and have neither the authority nor the tools to influence the humans involved.

Crossing the boundarys between Management, HR and IT
Up to now manager had the influence and authority but not the information - and the IT folks may have had the information but not the clout to even attempt to modify their colleagues behaviour.

So we have provided a tool for managers - whether in HR or a department or any small company - to provide the accountability for data that you would expect for other key assets - 'Accountability-By-Design'.

A tool that does not require IT skills to install or to use. Clear management information accessible to any manager (HR or elsewhere) about how each staff member is looking after their devices and crucially: the company's information.

A Powerful Tool for SIROs and other Managers
It's often said that "You can't manage what you can't measure". No wonder we have struggled to tackle the problems of data-loss, and the losses have kept on mounting. Sacking is a very blunt instrument - and often the only one available - and that after-the-event.

TakeAView - a part of the new TakeMeasures range - provides the foundation for measuring the risk and providing the information for managing the people - before disaster strikes. It's part of a three step process allowing managers everywhere to TakeAView, TakeAction and TakeControl of the risks that they are responsible for.

It power lays not so much in the technology but in the simplicity of 'Accountability by Design'.

See www.TakeWare.co.uk/tav/compliancereport for a glimpse of the future: Accountability by Design.

http://www.pcadvisor.co.uk/news/index.cfm?newsid=109741&

You may have seen it mentioned on BBC News or Ch4 News. It seems to be enslaving a huge number of drone 'bot' PCs around the world at present - and was up to 9 million the last time I saw a figure quoted a few days ago - and attracting speculation as to what the perpetrators have in mind for them.

This indicates that as we expected the trend towards doubling in capacity and halving in price every year or so is set to continue for the foreseeable future for all such memory devices - not just SD cards - and is great news for TakeWare!

Justice Secretary Jack Straw announced 24^th November that the government will be creating new powers to:

• Impose fines on data controllers for deliberate or reckless loss of data

• Inspect central Government Departments and public authorities' compliance with the Data Protection Act without prior consent

• Serve warrants requiring individuals and companies to provide information needed to confirm compliance with the Data Protection Act

• Impose a deadline for the provision of information needed to assess compliance

The will also shortly publish guidance on when organisations should notify the ICO of breaches of the data protection principles and a statutory data sharing Code of Practice to provide practical guidance on sharing personal data.

Jack Straw Justice Secretary said:

"As new technologies have developed, the secure storage and careful sharing of personal information held by both the public and private sectors has become paramount.

"Strong regulation and clear guidance is essential if we are to ensure the effective protection of personal data.

"The changes we propose today will strengthen the Information Commissioner's ability to enforce the Data Protection Act and improve the transparency and accountability of organisations dealing with personal information. This is very important if we are to regain public confidence in the handling and sharing of personal information.

The Prime Minister and I are very grateful to Professor Mark Walport and Richard Thomas for all their work on the Review, from which these decisions flow."

These changes come as we prepare to launch TakeWare® DLPGuard – which will give Data Controllers a powerful new tool to enforce use of encryption across any organisation – and TakeWare® ContractorSafe – which provides an entire working environment which uses strong encryption and can be used to prevent most of the high profile data breaches seen over the last few months.

It’s not yet clear but it looks highly likely that this legislative approach will directly affect the new SIROs (Senior Information Risk Owners) created in all organisations – most of whom remain unaware of their newly crystallised responsibilities.

Contact us direct for more details.

Full Story http://www.publictechnology.net/modules.php?op=modload&name=News&file=article&sid=18100

Bosses 'ignore toxic data risk'

Bosses must stop leaving data security to the "IT boys" and other staff and take responsibility themselves, the UK's information watchdog has said.

Many did not understand the risks of storing personal data, said Information Commissioner Richard Thomas.

They had to realise that it could be a "toxic liability" as well as an asset to an organisation, he added.

Mr Thomas is currently investigating 30 "serious" breaches of data protection law by the government and other bodies.

But he said a lot of data losses went unreported and some organisations were not even aware that it had gone missing.

Tighter policies

"It's often said that personal data is an asset for an organisation, we are saying it can be a toxic liability. There are many risks associated with holding information," he told BBC Radio 4's Today programme.

"There has been too much sloppiness, too much lack of awareness, of the risks of holding information and we are saying, really this is a matter for the top board, the chief executive of an organisation.

"It's no good saying the IT boys are looking after this, it's no good saying the lawyers are sorting out the policies, it's no good saying human resources are doing the training - it's right across the organisation.

"Computing power is so strong these days that many bosses don't simply understand what are the risks they are facing."

He said organisations should tighten up their policies, encrypt laptops, improve supervision and buy software that prevented large amounts of data can not be downloaded "all at one time".

"Things will inevitably go wrong, therefore you should plan for things going wrong," he told Today.

Giant databases

He said progress was being made but added: "We are still long way from saying we have got a tighter grip on the management of personal data."

In a speech later at the Royal Society of Arts in London, Mr Thomas will urge companies and other organisations to hold the least amount of data possible and warn they should face tougher penalties when any is mishandled.

He will also warn that creating giant databases of personal information would carry "significant risks" for the UK.

The government has recently defended a proposal to create a huge database recording all internet and telephone traffic.

Opposition parties have criticised the plan which could see details of every phone call, e-mail and text message sent in the UK recorded and kept for two years.

'Lose trust'

"The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong," he will say.

"The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made.

"The more you lose the trust and confidence of customers and the public, the more your prosperity and standing will suffer.

"Put simply, holding huge collections of personal data brings significant risks."

The speech will come as new figures show that reports of data loss are increasing.

About 100 incidents were reported to the commissioner's office in the six months from November last year. The total for the year to date is 277.

The NHS is one of the worst offenders, reporting 65 incidents in total, including 27 computers lost or stolen.

However, the real figures are likely to be much higher, because there is currently no legal obligation to report data losses.

There have been a string of high-profile data losses in recent months.

Earlier this month, a computer hard drive containing the personal details of about 100,000 members of the armed forces was reported missing during an audit carried out by IT contractor EDS.

And last year, HM Revenue and Customs lost a disc containing the names, addressees, dates of birth and bank account details of up to 25 million people claiming child benefit.

From: http://news.bbc.co.uk/1/hi/uk_politics/7697093.stm

According to SC Magazine "the activity of placing moles is becoming common".

Others say that the FSA has been quietly warning finance and insurance companies for the last two years of this growing practice.

For more see:
www.scmagazineuk.com/Companies-being-hit-by-moles-who-are-employed-by-gangs-to-steal-data/article/118641/ 

It turns out that BackupGenius has been the subject of such a false positive from some adware scanners recently. We have investigated this very rigorously and it has been confirmed to us how this has come about.

In just the kind of way that Tablet PCs had failed to. They were supposed to – but never did, despite the hype and the backing of a huge industry, from Microsoft on down.

So it’s the price – right? Well no actually The price levels help but while they are a little cheaper than a laptop they’re not that much cheaper. You can pick up a decent laptop with your groceries from Tesco’s for £299– and shave at least 10% off that with just a quick search online.

It’s about technology, portability and most of all psychology. It’s about what people want. Half the world’s addicted to Facebook and most people live at least part of their lives through email and the web.

We’ve put up with breaking open the laptop and finding a power socket – or sitting at a desk to do it – only because we had to. WiFi is increasingly everywhere, so with an Eee or - one of a growing league of clones – we don’t have to.

These are computers you don’t have to ‘sit at’. Or ‘lug around’. You pick them up – do some stuff – put them down or drop them in a pocket. Sometimes they’re connected – sometimes not.

This is a new experience. This is a new kind of freedom: Ubiquity. Take it in the kitchen, even use it in the bath! The day I got my first Eee I stood at the bar waiting for a pint typing away quite comfortably! Try doing that with your laptop.

Is it a ‘desktop replacement’? No. These devices will see more of the coffee table, kitchen worktop, the bedroom, the high street and the open spaces than the top of anyone’s desk. Reaching the parts all the other PCs fail to reach – remarkably like your mobile phone.

Maybe it started with the OLPC (One Laptop Per Child) initiative – maybe it didn’t but the worldwide love affair with ‘netbooks’ marks a sea change – we have a new landscape…. and Microsoft has a problem.

Because it’s a change driven entirely by demand. Not just that it’s far outstripped supply, but that it’s setting the direction - and the pace. This idea didn’t come out of the labs and strategies of Microsoft or HP. The established players are all playing catch-up. Indeed Microsoft – caught uncharacteristically on the hop– have changed their product pricing and XP retirement strategy as a result. Twice. A special version for the new little beasties – and a special low price. Restrictions on screen and disc size relaxed within days of their announcement.

Vista looking more vulnerable by the day. The only serious attempt to get it onto a Eee class machine – by HP – judged a pretty obvious mistake, that’s hobbling their strategy in this exploding market.

Microsoft have had to move fast to stop this getting away form them entire. Linux has taken a hold while most people were looking the other way.

The price difference has been more a psychological than a financial or practical factor – that it doesn’t ‘feel’ like buying a PC – so ‘so what’ if it doesn’t have Microsoft Windows on it?  The hardware is beginning to ‘feel’ disposable.

Time will tell, but Linux2008 has proved itself here already. It’s now a contender.

But it’s early days – and the industry has, it seems, yet to realise how important this all is. Pumping out some clones to capitalise on Asus’s success is one thing… absorbing a shift in the zeitgeist – a new computing paradigm - is quite another.

Even before all this more and more people were needing more than one PC – work PC, laptop – home PC…  Now there’s another reason, and the age or ubiquity has silently dawned – while most people were asleep.

© Barry E James, June 2008

Just back from California and the RSA security conference it’s clear that there’s a shift in the awareness of this issue – in the USA as well as here - and that it’s now a top three issue for many companies – it’s even acquired a name: DLP – “Data Loss Prevention”.

The birth of a term

While it’s interesting to see the birth of a new term (try Googling it today and you’ll come up dry, but go back in a couple of weeks or so and it’ll be a different story) this is no new problem. It’s over two years since we started running seminars on this – notably with MERIT in 2006.

It’s official – sort of: This dropped into my inbox from California this morning:

“… Data Loss Prevention (DLP) solutions enable business and government organizations to safeguard their most valuable assets — intellectual property, customer data, and other sensitive information. … DLP is a top 3 priority for CIOs in 2008, realize the importance of DLP to demonstrate compliance, reduce risk, safeguard brand and reputation…”

Ugly though the term is – and goodness knows we have enough alphabet soup already – the fact that I also heard it mentioned on almost every stand I visited over three days there attests to the fact that it is something we have needed to put a name to for a while now. The language is playing catch-up

A new market

It’s emerged that not only is there a black market in such data – but that it’s undergoing something of a recession itself – with street prices for personal data falling recently because of oversupply, and inbuilt ‘QA’ checks with data ‘vendors’ being blackballed if they supply overused or out of date information. It’s now a fully-fledged criminal business - and it’s globalising.

Time was when you could rely on the likelihood that the laptop stolen at the station or left in the taxi would be wiped and resold in some pub within a few days. That’s changed with the new ‘owners’ as aware as we are that the data probably has far more value than the laptop.

Zeitgeist - a shift in attitudes

Likewise just last year the company/organisation losing such data was as likely as not to be regarded as a victim rather than culpable. That’s changing too – fast. Since the recent highly publicised breaches everyone from Gordon Brown and M&S on down is increasingly aware of what a dim view the press, the regulators and soon no doubt the courts will take when the ‘victim’ didn’t take credible precautions.

There will be an answer: DLP (with apologies to Paul McCartney):

There is in fact an answer to the problem of lost and stolen laptops – it’s simple, comprehensive, inexpensive and practical (and no it’s not just encryption – that can only ever be a part of the answer). It can ensure not only that the data isn’t breached – but that it isn’t lost to you either.

Stop-Loss

Whether it’s for your own organisation or for your clients we’ll be happy to fill you in on how to close off this risk  – for free. As you would expect we have some tools – and a very neat and effortless solution – to help with this. But this advice is genuinely free and something you can apply yourself straight away with no cost to you, no charge at all.

Just go to www.TakeWare.co.uk/contacts/stoploss and leave your phone and email  details and we will respond with the information you need to prevent this becoming a problem. What have you got to lose?

© Copyright Barry E James, The TakeWare Company, April 2008 (V1.00)

Along side the FREE download we are pleased to offer to our first 100 customers the chance to get a fully functioning BackupGenius™ device at rock bottom prices:

2GB only £9.99
(around 8GB of compressed data)

4GB only £14.99
(around 16GB of compressed data)

To avoid dissapointment ORDER NOW HERE, this offer is only available to the first 100 orders.

Go to the TakeWare® Store

(UK orders only, international customers please contact us for pricing)

Watch this space!

Soon you can download a TakeWare app to your own memory device for the first time - creating your very own Plug&Go appliance!

Watch this space for imminent news!