Passwords – how to deal with the weak link in business IT security

By Bill Carey, Vice President of Marketing and Business Development at Siber Systems

As we enter 2013, we can be sure that one major security risk that businesses will continue to struggle with is passwords. Passwords are the most commonly used method of protection for data, but the problem is that with so many passwords to remember employees will often compromise your business’s security by taking shortcuts. According to analysis by Verizon, 90 per cent of successful breaches in 2012 started with a weak or default password or a stolen and reused credential. Meanwhile Wired’s Mat Honan’s feature published in November called for the password to be eradicated completely.

In reality, companies are wholly reliant on their employees using multiple passwords to keep data secure. And with the EU’s proposed penalty of 2% of global turnover to companies when a data breach has occurred, it is vital companies get a grip on how to manage employee passwords. Continue reading

It’s Not All Fun And (Olympic) ‘Games’ – SMBs Need To Take Device Security Seriously

An AVG survey of 1,000 US- and UK-based small to medium sized businesses (SMBs) conducted by GfK in 2011 shows that the adoption of mobile technology is a visible trend with one in five SMBs (19%) employing Android smartphones and an equal proportion using BlackBerry devices.

The survey called SMB Market Landscape Report 2011, reports that on average, employees are spending one day a week (20% of their time) working away from the office.

With the Olympics fast approaching, SMBs in and around London will be affected by the increase in traffic on public transport. Many have begun to think of ways to keep workers productive and remote and mobile working has become an increasingly attractive option. With people from all across the world coming to London, the Olympic Games can also potentially become a haven for criminal opportunists looking to steal mobile devices and data.

Whilst the majority of SMBs may have an Olympic travel strategy it is important that they also have an adequate IT security plan that will keep their data secure outside of the office. Despite numerous high-profile cases of hacking into corporate databases in recent years, only about six in 10 (58%) SMBs said they were worried about loss of company or customer information, social engineering or employee identity theft. SMBs seem to assume their larger competitors are more likely to be targeted by data thieves.

The SMB Market Landscape Report highlighted losses relating to security breaches including 22.1 million man-hours of labour responding to them. This equated to £1.18m spent on replacing damaged hardware and £2.19m in lost sales or revenue opportunities. Furthermore, stolen data can be used by criminals for financial gain or malicious intent and could result in a loss of reputation for the SMB.

There are ways to keep SMBs mobile workers secure and an antivirus solution should be the first point of implementation within the SMBs IT security strategy. Security software can be installed on devices such as the mobile phone, tablet or laptop easily and quickly and in the event of a stolen device, software can be installed that allow a user to lock, locate and wiped their devices to avoid further security threats.

In addition to using antivirus security software, AVG has created ten top tips for effective mobile working to help SMB employees stay protected during the Olympics:

1. Count the items you take out of your bag out and count them back in if you are working while on public transport — don’t forget your power cable or any other important item!

2. Think about where you are sitting and whether anyone can look over at your screen — this might sound like an obvious thing to point out, but thieves steal credit card PIN numbers by looking over peoples’ shoulders all the time, so be aware of the details you have on your screen.

3. As use of personal mobile Wi-Fi hotspots grows, users should not be tempted to connect with an apparently free wireless connection in a public place unless it is advertised by the web café owner etc. If you don’t know where your connection comes from, then you don’t know what you are connecting to.

4. Shut down your Bluetooth connection (unless you need it) when working in a public place. So-called ‘Bluejacking’ and ‘Bluesnarfing’ attacks are not the biggest information security risk around, but they are a consideration to be aware of.

5. If you have to use a “public” (or kiosk) computer then make sure that you never access your online banking details, make electronic purchases, or enter ANY personally identifiable information (including your address) on the machine. Be equally careful on your own laptop if using public Wi-Fi.

6. If your smartphone has Internet access, have you enabled filters and other onboard protection barriers? Similarly, turning off GPS capabilities can also limit location-trackers attempting to connect with your phone.

7. Don’t ask a stranger to “look after” your laptop while you use the restroom or go to the bar in a web café. Similarly, keep your laptop bag close to you throughout an evening event if you have to keep all your equipment with you.

8. Password protection should be enabled on your laptop and smartphone — and 12345678 or password or admin are not sensible passwords. Opt for an alphanumeric mix with special characters in upper and lower cases such as “puppyLove567$.”

9. Make a note of your smartphone manufacturer’s emergency phone line so you can call them to have your phone immobilised in the event of a loss.

10. Most important of all, make sure that you have a fully updated anti-virus suite installed and fully operational on your PC at all times. Protection should cover not only Internet security for web browsing, but also firewall technology, email defences and shields to guard against threats carried via Instant Messenger services.

By Mike Foreman, SVP of global sales at AVG

IT Survey Shows 55% Of Companies Worry About Cloud Security

A survey of UK business IT chiefs commissioned by ramsac, a leading IT solutions consultancy based in Surrey, has revealed that fears over security are slowing the take up of Cloud Computing Solutions.

Whilst 94% of responders believe they fully understand the benefits and risks, only 44% believe it offers a secure enough alternative to more traditional on premises based systems. Despite these questions, a noteworthy 44% said they would consider implementing more Cloud elements into their IT services portfolio to realise its potential benefits.

Managing Director of ramsac, Robert May, comments, “Whilst there is a huge buzz around the potential benefits of using the Cloud there is also, understandably, a reticence to blindly passing over some of the most mission critical systems to be hosted and run by a third party. The traditional method of hosting your own servers and connecting them to the Internet has served most businesses well in the past, so the suggestion of such a massive change in the paradigm obviously raises a lot of questions and potential fears over the real-world connotations. It’s up to the IT industry to demystify exactly what the Cloud is and what it can offer, so customers can make informed choices and to help them find the right fit for their IT needs.

ramsac’s survey delved deeper into the specific concerns over using Cloud services with some interesting results. The most prominent fear highlighted by responders is the lack of liability for providers in the event of problems (cited by 55%). This was closely followed up by concerns over privacy, which was registered by half the companies polled. Understandably the loss of control over services and data ranked highly (39%) and uncontrolled or variable costs, as well as the availability of services and data were both cited by 22% of responders.

Another important consideration is the degree with which companies are prepared to rely upon Cloud services. The survey showed that of those looking to utilise Cloud services, a significant 83% want to use a hybrid Cloud model which uses both traditional ‘on premise’ servers for some applications, whilst hosting others off site in a secure data centre (allowing the retention of key systems in-house whilst making the most of other hosted services to find an ideal balance of cost and functionality). Robert May adds, “We’re not surprised the survey showed businesses are looking to mix both traditional and Cloud services. There is a vast range of choice available and we advise our clients that it is best to treat it like a menu, picking the items that suit your requirements best and offer the best mix to achieve value for money.”

The survey also suggested that the question of using Cloud Computing is very much dictated by the type of application as well. The results show Email was the top candidate for Cloud, with 77% of responders citing it as a key area. This was followed by CRM with 39%, Payroll with 17%, Accounts with 17%, Project Management with 16% and HR and Procurements both highlighted by 5% of responders as potential Cloud services.

Robert May concludes, “Despite the obvious concerns over moving completely to a Cloud Computing model there is an undeniable interest in it as an alternative to the traditional in-house IT hosting. It’s also something that once an organisation has its sights on it, it is often very keen to move at least some business functions over quickly to take advantage. Our survey showed that of all the companies making the decision to use Cloud, 50% want to do so within the next twelve months and the rest intend to do so within the next one to two years – so we are likely to see the trend really take off in the immediate future.”

By Robert May, Managing Director of ramsac

Cloud Collaboration And Content Management: The Great Myth Over Security

Millions of users, who place documents into the Dropbox storage servers or other Cloud based collaboration solutions such as Huddle each day, are potentially putting their data at risk, despite the belief that it will be safe and secure. This is according to Simon Bain,CTO of Simplexo.

Despite findings from the Cloud Industry Forum, which have highlighted that data security is uppermost in the minds of 62 per cent of businesses in the UK, corporate Britain is seeing a dramatic increase in the use of Dropbox and its competitors, such as Google Drive, Huddle, Box Net and Jungle Disk, thanks to the rise of employee adoption.

Simon Bain stated: “With the glare of security very firmly focused at Google and its new Terms and Conditions for the Google Drive, we should not forget that other players in this market also have similar T’s & C’s.”

“Corporate users need to look more closely at how they are using these services, particularly syncing, which is a really important part of a Cloud storage offering – in other words having all of your files available from anywhere. But do users realise that in a lot of cases their files are physically downloaded to their devices? If you lose a device, or leave it unattended, all of your files are accessible to a third party,” he continued.

In the rush to have documents available everywhere, corporate and data security has been marginalised, often for ease of use for the end user and simplicity of providing the service.

Google has proved over the last 10 years that user data really is king. Most of Google’s profits come from targeted advertising based on their users data – Location, Search Phrases, Blogs etc. – This is exactly the same business model that Facebook and others are trying to emulate. With Facebook it is based on the data that you place on to their social network. With Dropbox and the other Cloud storage providers, they are also looking to monetize the information that you place within their storage. As a corporate user you need to be careful that you do not break your own companies employment policies when you use these services, but also that you are not breaking state or national data protection legislation. As I have said ‘Data is King’ this is true also of your data for you. Sales records, quotations, bank statements. Do not give these away.”

“I am obviously a believer in using the ‘Cloud’ as a way forward for both personal and corporate life. However there are certain guidelines that I think need to be adhered to before we all start throwing our hard disks away and placing everything in to the hands of others,”

“While security on the Cloud servers is very important overall, document security cannot be overlooked and I think suppliers do have responsibility for this. The likes of Dropbox need to be more open with their users and not hide behind T’s and C’s.”

Some of the questions we need to be asking are:

  • Can somebody access our data?
  • Is your data only yours? Or does your agreement with your provider actually sign usage over to them. (Check as most providers do exactly this)?
  • Are the servers secure that my information is stored on?
  • Is my store separate from others? Or is there a large silo that everybody’s files get dumped in to?
  • What about the files? Are they encrypted?
  • If there is an on-line search capability? Is this secure or does it hold plain text in a database?
  • If a hacker gains access to the servers, can they see my files?
  • Are my login details and or user credentials held on the server?

Bain said: “Get positive answers to these questions before placing any documents into a store unless the data has no commercial value. Banks go to great lengths to make sure that we are secure during our on-line banking sessions. So why go and drop your bank statement in to an on-line box?”

By Simon Bain, CTO of Simplexo

Cyber Security In The Wake Of Consumerisation

The dawn of the Internet brought with in many things, including the birth of cybercrime – providing criminals with a new way of conducting wrong-doings. There’s also no doubt that cyber-attacks, whether internet or intranet-based, continue to grow in sophistication. Unfortunately, cybercrime costs the UK economy £21bn a year, affecting businesses, enterprises and organisations, everywhere.

In light of this, businesses need to be able to understand what can be done to safeguard and protect the confidentiality, integrity and availability of their information assets – especially as end users are becoming more mobile, moving sensitive data along with them. However, the disturbing reality is that many small and medium enterprises (SMEs) are unaware of, or appear unconcerned by, the security risks they face with regards to information assurance.

These risks have been increased by the latest trends such as  Bring Your Own Device (BYOD) and the increased usage of uncontrolled and unauthorised, internet based file repositories, such as Dropbox in the enterprise  – which are rapidly being incorporated into the workplace. In fact, this move towards a more flexible style of IT governance, combined with an increasingly mobile culture, is creating a lucrative portal for cyber criminals to exploit – offering them a far lower likelihood of prosecution when compared to traditional crimes.

However, as business users start to use multiple mobile devices more expansively than ever before, IT departments have to keep up with the pace of change, by finding ways to combat this problem. An effective security defence is required; one that is a nimble tactical approach that can react rapidly to the threat of a security breach and act decisively and automatically when a response is required.

Moreover, businesses need a strategic approach to cyber security to balance risk management with business opportunity. Even the smallest businesses need to learn from previous infiltration, exfiltration and business disruption attacks and take practical steps to combat cyber threats.

Traditional cyber security measures remain critical – patching regime, antivirus, perimeter defences are all necessary – but contemporary threats demand enhanced and innovative responses if they are to deter hackers; indeed, one must now assume that someone ‘will’ get in. One thing that may help is having an agile cyber security solution that is designed to consider eventualities before they occur and deal with them when they do.

Once a secure and effective solution is in place – one that works with the business – companies can reap a number of benefits including: fast breach identification, contained and isolated localisation of issues, rapid and automated resolution and uninterrupted productivity – without full system lockdown and full incident lifecycle visibility to support impact analysis.

There’s no doubt that hackers are getting smarter. It’s no longer feasible to only do patch updates on current systems and hope that this will do the job. By bringing in additional defences and responsive technologies, for instance, non-signature based malware detection, application execution control or even a virtual security engine that can adapt to business changes, organisations can build a defence-in-depth capability. IT departments need to learn to identify both internal and external threats or engage someone with the necessary skills to get the job done.

In the wake of consumerisation, no matter the size of the company, you need cyber assurance.

By John Green, CTO at Prolinx

Software License Optimisation For Small Firms

Software licencing is a minefield. The lack of standardisation in the industry means that businesses have to grapple with a wide variety of complexities as a result of software publishers either constantly changing their licence regulations, or integrating new licencing models due to the likes of virtualisation technology, which is revolutionising the way all sizes of organisations manage their IT estate. This complex and severe approach to licencing is also likely to be more pronounced in the current economic climate as software publishers strive to protect their revenues via their licencing agreements.

The fact remains that for businesses, software costs are unavoidable. Studies show that 30% or more of IT budgets are consumed by software licence and maintenance. With this in mind, licence optimisation should be a proactive and ongoing activity, not just a reactive and event-based one.  Going past simple software asset management, licence optimisation enables businesses to understand not just what software it has installed, but ties together information on what is actually being used, and how that usage ties back to the licence entitlements enumerated in the software license agreement.  When software assets are managed and optimised in this way, most organisations enjoy reduced licence consumption and more efficient utilisation of software assets. It provides the fastest return on a software asset management investment.

These and a few other simple guidelines will prepare an organisation for potential audits and establish a foundation for true license optimisation.

1.    Define software asset management policies

It’s critical for IT organisations to define and implement software asset and licence management policies and procedures to be followed throughout the business. ISO and ITIL (Information Technology Infrastructure Library) standards prescribe Software Asset Management (SAM) best practices to aid in this process. This means that there must be specific policies on every aspect of SAM, with an aim to reduce IT costs and limit the business and legal risk related to the ownership of software, while maximizing IT responsiveness and end user productivity.

An example of this, is the need for processes to be put place to prevent shareware and freeware installations such as Adobe Acrobat,  which can inadvertently lead to licencing liabilities, as well as to validate software installation and upgrades. In addition, educating employees on what they “may” or “may not” install will prevent rogue installations, which often jeopardise enterprises’ compliance status.

Using tools that automate licencing procedures is a good way of ensuring adherence to compliance regulation. They will help businesses understand their licencing position by matching installed versus purchased software. This will also help ascertain over-buying or under-buying and often enable re-purposing of licences – reassigning licenses from users who are not actually using the software, to those who need it but don’t have it —  resulting in cost savings.

Finally, to make sure these SAM policies are indeed effective, undertaking periodic internal audits is highly recommended. This will not only ensure that the enterprise is always “audit-ready”, but also reinforce the importance to adhering to IT policy to employees.

2.    Focus on the major software publishers

The highest value applications and the largest software publishers such as Adobe, Oracle, Microsoft, Autodesk and Symantec, pose the utmost risk of audits. These publishers represent the largest potential unbudgeted expense if businesses find themselves out of compliance, post a vendor audit.

However, at the same time, by concentrating on these large publishers, businesses will be able to optimise the use of owned licences, avoid paying for unused licences, and even place themselves in a strong negotiating position with these vendors. They will be able to re-allocate licences to other locations and departments; re-harvest licences or reclaim unused licences for use on other computers; as well as gather data of software usage prior to contract renewal to use as leverage. All these measures could potentially result in significant cost savings.

3.     Carefully monitor virtual IT environments

Virtualisation is the biggest IT trend today and is the key enabler to the Cloud, but software licencing is often forgotten or under-managed in virtualised environments. The risk of licence non-compliance is greatly increased in virtual environments for two main reasons – it’s easy to create new virtual machines running copies of operating systems and software applications; and software publishers have adopted licencing rules for virtual environments that add significant complexity to the already complicated task of managing software licences.

4.     Understand software publisher licence rules and usage rights

Usage rights of software can significantly impact an organisation’s licence position., Simply put, usage rights define what can be done with a piece of software and at what levels or numbers. Businesses should take full advantage of usage rights, including their rights to upgrade or rights of second usage where existing licences allows use of a software application on more than one machine per user, which avoids over-spending on licences and maintenance. Equally, it is crucial that licence usage restrictions are applied to stay within compliance. 

By Vincent Smyth, General Manager EMEA, Flexera Software

Does Software Piracy Matter?

Think of software piracy, and images of counterfeit goods being sold in shady establishments or downloaded from unscrupulous websites probably spring to mind. In fact, under-licensed software use is also a widespread and long-standing problem, and forms a large slice of the software piracy pie.

Under-licensed software is where software has been installed onto more PCs than the licence agreement allows. For example, a licence may support the software being installed on up to 20 personal computers (PCs), but it may end up being installed on 30 PCs. Its use is sometimes seen as acceptable due to a belief that it does not hurt Intellectual Property (IP) owners or the economy, but this could not be further from the truth.  According to the BSA’s 2010 global software piracy study conducted by IDC, under-licensed software was installed on 27 percent of PCs in the UK with a commercial value of £1.2 billion.

Software piracy also deprives the economy of much-needed revenue and jobs – an additional study by IDC found that reducing the PC software piracy rate in the UK by 10 percentage points over four years would create 13,011 high-tech jobs, £5.4bn in new economic activity and £1.5bn in additional taxes by 2013, with 87 percent of those benefits expected to remain in the local economy.

But where should the buck stop in a business in terms of handling software licensing – and why is it not treated in the same way as other business assets?

While most companies keep track of their mobile phones or car fleet, many managers either turn a blind eye to under-licensed software use, or are entirely unaware of the problem. It is generally assumed that that the IT director or the financial director is shouldering the responsibility of managing a company’s software assets. In fact, in 2011, the BSA polled 250 Financial Directors (FDs) in the UK about their attitudes towards software piracy, and found that despite 85% of FDs being responsible for their company’s software licensing, only 7% claimed to be very confident that the software was being deployed correctly, and almost 30% admitted that illegal software could be used in their organisation.

A risk to cash flow and business operations 

The Business Software Alliance (BSA), a global organisation representing the software industry, is committed to the eradication of software piracy through both education and enforcement action. Already in 2012, the BSA has taken action against companies found to be using under-licensed software. Blackpool-based building services engineering company, George Morrison, paid £10,000 in damages while Rugby-based power-conversion company, Converteam UK Limited, was made to pay £8,000 for using under-licensed software. In most cases, the price of using under-licensed software far exceeds the cost of doing things properly, and the impact on cash flow of unexpected legal costs and purchases can be very harmful to the business bottom line.

In addition, being caught using under-licensed software deeply affects brand reputation. In this increasingly competitive economy, reputation has emerged as a major differentiator between brands. Unfortunately many firms, knowingly or unknowingly, put their reputation in jeopardy by using under-licensed software. The BSA also encourages employees or members of the public to confidentially report any businesses that are breaking the law through software piracy. Reports are incentivised, and whistleblowers could receive a substantial financial reward for outing illegal software use. Incidentally, the BSA has launched a campaign in Reading this month to ensure businesses in the area hold the correct licences for all software installed on their devices. As part of this campaign, it is encouraging reports of the suspected use of under-licensed software to be made via a hotline or the BSA website, for a potential reward of up to £20,000.

While under-licensed software may appear to be of identical quality to licensed software, it carries significant potential business risks.  Firstly, businesses using under-licensed software may not have access to technical support.  Secondly, they won’t receive regular software updates, so may be giving away their competitive edge as they will not have the tools they need to do their job properly.  Thirdly, and most importantly, they may not have enhanced protection against viruses and malware, as in some cases only critical security patches will be applied to under-licensed software.

Licence to save

More positively, effective management of software licenses can provide significant savings on staff time as well as software costs. Managing IT assets correctly through an effective on-going business process, known as Software Asset Management (SAM), can identify instances of under-licensing and also when too many licenses exist.

The long game

A double-dip recession and continued exposure to wider European economic pressures dictate that UK businesses keep a close eye on their assets and software is no exception.  It is the accepted method for business interaction, crossing vertical sectors, geographic regions and business sizes, and, as such company directors must take software licensing more seriously, and audit it regularly alongside all other business assets.

By valuing the IP of software as much as other business assets, we can have a positive effect on the UK economy, as well as ensure that UK Plc is running itself on state of the art software that is legal, safe and fit for purpose.

By Julian Swan, Director of Compliance Marketing of the Business Software Alliance (BSA) in EMEA

New Service Maximises Untapped Marketing Potential Of Corporate Email

Companies can now maximise the marketing potential of their employees’ emails using a new first of its kind service from email and web security company, The Email Laundry. The Brand and Sign service enables businesses to make every employee a part of their marketing team by transforming every corporate email sender into a relevant, targeted and accountable email marketer.

Nearly nine tenths of corporate communication (87 per cent) is via email, yet many companies still fail to capitalise on its untapped potential as a cost-effective marketing channel. This is a particular problem for companies whose employees increasingly check and send business email on smartphones, which rarely carry any company branding. Moreover the Companies Act 2006 includes provisions for Trading Standards to fine businesses that fail to include company registration numbers and addresses on emails from their employees.

Brand and Sign gives corporate marketing teams complete control of their company’s outgoing communications, ensuring departmentally relevant and consistent email for every recipient of their company’s email. The new cloud-based service automatically applies email signatures – including the legally required company registration details – to every message sent by a company, regardless of whether it is sent from a mobile device or a PC.

Individual employees’ emails from various departments within a business – whether sales, accounting, legal or human resources – can be branded with relevant marketing messages targeted to their specific audiences. Companies using Brand and Sign can then measure the performance of every staff member via open and click-through data gleaned from the employees’ email signature.

“Companies send millions of emails every day, but often the only branding they carry is the email address of the sender. Considering 87 per cent of all corporate communications are via email, businesses are failing to attain the most from their primary communications tool. The concept of cloud has now gone beyond computing to the human level. Companies need to maximise the potential of both the technology they use and their individual employees’ use of that technology,” Ken Bagnall, CEO of The Email Laundry, said.

Marketers simply set up company emails to pass through the Brand and Sign cloud server. The company marketer logs into the server through a portal and assigns marketing messages to email signatures of specific employees or departments. The Brand and Sign cloud server then attaches relevant branded email signatures to specific employees’ outgoing email.

Bagnall said: “Brand and Sign not only enables more effective and consistent use of marketing messages, but also helps UK businesses comply with The Companies Act 2006. This legislation requires companies to include their registered company name and registration number, place of registration and registered office address in every sent email, with penalties of up to £1,000 for non-compliance.

“Brand and Sign attains maximum value from every email employees send. It provides a consistent and measurable company-wide standard that not only ensures email is compelling to specific recipients and compliant with the law, but also makes every employee, and every email they send, a marketing resource.”

By Ken Bagnal, The Email Laundry

Enforcement Of “Cookie Law” Requires Action By All Businesses With A Website

UK businesses could face fines of up to £500,000 if they fail to meet tough new website privacy laws which come into force this month, according to EMW, the commercial law firm.

EMW warns that there are no exceptions to the law for smaller businesses.

The regulation will come into effect on 25 May 2012 and will mean that visitors to the website will have to give permission for the website to download ‘cookies’.

A cookie is a temporary computer file which gathers information about the user’s online activity. It is activated by a user when they access particular pages on a site.  The cookie is sent from the website to the user’s computer and remains once they leave the site. When the user returns to the site the cookie allows the website to remember their preferences and settings.

“The effect of this change in the law will be far-reaching; any business that has a website will almost certainly use cookies at some point or other. The upcoming deadline is a wake-up call for those businesses that have not yet updated their website to gain consent from users,” Matthew Holman, Solicitor, EMW, said.

EMW explains that the old law only required businesses to give users the opportunity to ‘opt out’ and was often done by referring to the cookies in a privacy policy.

“This law marks a major shift in responsibility for the use of personal data: previously the user had to opt-out, now the user has to opt-in from the beginning,” Holman continues.

EMW says that businesses need to take three practical steps to prepare for the new rules:

  • review what cookies are used by their website
  • decide on the appropriate course of action to ensure that consent is obtained for the use of cookies (i.e. using pop-ups or banners on the website to obtain consent)
  • ensure that these measures are implemented on or before the 25 May 2012

“The risk of a £500,000 fine for extreme infringements of the rules should send a strong message to businesses that they must be ready in time,” said Holman.

EMW says that those businesses that have already taken action to deal with the new law should make sure that the websites cookie message is clear, user friendly and understandable.

“For most businesses it is very important that web users enjoy using their websites, so strict compliance with the law is not enough,” adds Matthew Holman.

“To be successful, businesses need to make sure that their website also remains user friendly.  That can be quite difficult to do when asking users for permission to use their personal data. To this end, collaboration between web designers and lawyers is important to ensure that the website meets the legal requirements whilst remaining pleasing to the eye and user friendly.”

By Matthew Holman, Solicitor, EMW

Internet Monitoring Plan To Have ‘Strict Safeguards’

The Draft Communications Bill was announced in the Queen’s Speech today (Wednesday), with one of the key features being that it will be easier for the police and intelligence agencies to monitor e-mails, phone calls and internet use.

However, with obvious concerns instantly springing to mind, there have been promises of “strict safeguards”.

Click here for the full story