// archives

Social Responsibility

This category contains 5 posts

Cybersecurity: greater opportunity, less risk

Trust in sharing economy businesses is built primarily on peer group usage and ratings. The fact that peers not only reveal their opinions, but a huge amount of information as well, inevitably raises the question of cybersecurity. Providers, users and regulators all share responsibility for providing a satisfactory response.

cyber_blog

Trust: the key ingredient of success

Consumers making use of conventional business offerings place their trust in a combination of proprietary brand reputation and industry-specific regulation. But the recipe for success in the sharing economy includes another basic ingredient: the trust of the peer group. Peers share ratings and recommendations that are visible everywhere in real time, in personalised form. For example Uber passengers rate their ride and the driver; in turn, drivers get to rate their passengers. This way, depending on the trust they place in the judgement of their peers, new customers can decide whether or not to do business with a particular provider. Monolithic, laws-based regulation thus gives way to a peer-to-peer trust model. This creates enormous opportunities for providers for new, interesting business.

Blessing and a curse

The trust model on which the sharing economy is based can enable companies to respond more quickly and precisely to changing customer needs, market developments or their own weaknesses. It also provides highly relevant information for people with similar interests. Broad-based ratings create transparency – for better or for worse. Because the system can cut both ways: just as a positive rating can help attract new customers, bad marks can destroy the trust of prospective customers before they’ve even been able to try out the offering for themselves.

The main disadvantage of the sharing economy is its vulnerability to manipulation. An aggressive competitor, frustrated customer or disgruntled former employee can easily torpedo a platform’s reputation by posting fake ratings.

Where there’s data there are also people wanting to steal it

The security and data privacy risks of a sharing economy structure shouldn’t be underestimated. A peer-to-peer provider very rapidly gathers, processes and saves a huge mass of personal data, including credit card or user information and consumer profiles. This information is what cybercriminals are after. Just imagine the economic, social and emotional damage that would ensue if someone were to steal and make public the entire bookings made by regular customers of a hotels platform. Unfortunately, the levels of protection defined for data of this type vary from country to country around the world. Each provider is basically free to do what they think is right.

Taking responsibility as a provider

Data security is in large part the responsibility of sharing platform providers. In other words, peer-to-peer providers have to adapt their systems and technologies to the information they gather, and assure appropriate protection. In concrete terms this means a sharing provider should only gather data relevant to their core business, and publish clear, concise terms and conditions governing their use. A layperson must be able to understand and accept these terms in good conscience.

Given the lack of standards and the complexity of the issue, at the moment there are big differences in how conscientiously providers fulfil this duty. And there are also big differences in the rules and regulations governing these matters in different countries and industries. Most digital players capture more data than they need for their core business and have terms and conditions designed to cover them for any eventuality – pages and pages of legal fine print that the average reader will have problems reading through, never mind understanding.

Anyone shifting all or part of their business model to the digital space should start thinking about and incorporating the data privacy issues right from the conceptual phase. New technologies can help bring a market-ready idea to success by delivering it in a contemporary package. But by the same token the rigours of cybersecurity can nip a sharing economy idea in the bud or derail a digital project before it’s reached its goal.

Users: take responsibility for yourself!

The people who use sharing platforms have only limited tools at their disposal to prevent the data privacy rules from being violated. So if you choose to engage in this type of business you should take responsibility for your own actions. For example you should be careful about what personal information you reveal to what providers. This means that you should pay attention to how the platform’s trustworthiness is rated, read the terms and conditions, and decide for yourself whether you’re prepared to take the described risks. If you want to avoid credit card fraud, for example, you may want to use a prepaid card with a limited amount on it for sharing purchases, or make payments via a separate account which you don’t keep much money in.

Assuring cybersecurity also means protecting your own platform, making sure that your computer, tablet and smartphone are sufficiently shielded from attach from cyberspace. There are already many powerful applications available to do so.

Regulators: create a basic framework

The role of the regulator in the digital economy is to require basic protection of customer data and make sure the legislation keeps pace with the times and technology. Against this backdrop the European Parliament has revised the EU’s General Data Protection Regulation (GDPR), scheduled to come into force at the end of May 2018. The regulations contain important additional rights, provisions to protect users, and substantial penalties for violation.

Also relevant is the PCI DSS, the international credit card standard (Payment Card Industry Data Security Standard). The PCI DSS, formulated in 2006 by a council established by credit card organisations, is designed to ensure a uniform approach to implementing security requirements for credit card transactions.

The data privacy legislation in Switzerland incorporates most of the existing international data protection rules, and is likely to adopt many of the new ones. Although the implications of the revised GDPR on a national and European level aren’t yet clear, we believe the enforcement of the regulation and any penalties that are imposed will prompt companies to tighten their data privacy rules and security controls on their customer data.

In a nutshell

Providers, users and regulators all share responsibility for cybersecurity. We can only keep the internet healthy, clean and economically beneficial if everyone involved plays their part. Regulation should create the framework for basic protection and transparency. Users have to act circumspectly to ensure their personal data don’t end up in the wrong hands. And last but not least, peer-to-peer providers have to comply with the data protection requirements.

Modern technologies such as the cloud enable companies to deliver new business models very rapidly. It’s rarely the technical implementation that stands in the way of success, but rather a failure to translate a promising idea into a business model capable of responding to change and the needs of the market. Looked at this way, cybersecurity is no longer an obstacle to success but a welcome springboard.

 

On Privacy: Things might not be what they appear

I got this forwarded at work and thought I share it with you. It is a video promoting safe internet banking but it is valid for all online topics. Be cautious what you put at any point online – it might be used in a way you did not intend it.

 

Less Spam today? Good news – I will tell you why

Microsoft Digital Crimes Unit

Did you notice that you got fewer spam e-mails today? All in all there were about 3.8 Billion fewer spam mails sent out. Why? Because there is one less Botnet in operation. Today Microsoft annaounced that we have taken down the Kelihos botnet in an action codenamed “Operation b79”.  This is the third botnet takedown in Microsoft’s Project MARS (Microsoft Active Response for Security), a program driven by the Microsoft Digital Crimes Unit in close collaboration with the Microsoft Malware Protection Center (MMPC) and the Trustworthy Computing team to annihilate botnets and advance the security of the Internet for everyone. Why does it matter? Because it is one step further in making cybercrime more expensive and it is the first time Microsoft has named a defendant in its fight against botnets making suddenly cybercrime much less anonymous.

Microsoft has a very interesting unit in the fight against Cybercrime – the Digital Crimes Unit. I had the opportunity to spend last week at their premise in Redmond, to have interesting discussions and get our efforts in regard to child abuse and digital crimes aligned. With our ever increased dependance on our computers, smartphones and networks at home, on the road and at work, it becomes more and more crucial to keep this infrastructure safe, secure and private. To achieve this we are working in close cooperation with local law enforcement agencies, government CERTs, Internet Providers and other organizations and agencies. From a personal perspective it is highly interesting to have the opportunity to work at national level as a facilitator and sponsor between these Swiss entities and the different units of Microsoft Redmond and to be able to participate in the fight against child abuse and cybercrime.

The fight against botnets will continue. There are still tens of thousands of computers infected that regularely try to connect to the three botnets Microsoft took down. The following video gives an impression of the state of two botnets as of 21. September 2011.

What now needs to be done is to clean up the infected computers. To aid in this I started working together with Government, Internet Service Providers and Community Emergency Response Teams so that we can also take advantage in Switzerland of the work that is done in Redmond. More on that in a later post once the initiative has advanced and all partners are on board. In the meantime – please keep your computers safe and private. With that you are participate in the global fight against cybercrime and you keep your privacy protected. You can find information on “how-to” in this earlier blogpost.

Interested to know more about the botnet takedown? Read here the official Microsoft Blog.

Follow the Microsoft Digital Crimes Unit on Facebook and Twitter.

 

Posting personal Information online? Beware if you overshare!

A new Microsoft study shows that before posting personal information online, more than half of U.S. teens and parents don’t truly consider the potential consequences of their actions.  Teens recognize the importance of limiting what they share online, yet they still reveal more personal data than their parents.  Six in 10 teens also say they have so-called “friends” in their social networks whom they’ve never met in person.

Chances are you already have a “digital reputation,” and you may not even know it.  On the Internet, we create an image of ourselves through the information we share in blogs, comments, tweets, photos, videos, and the like. Others add their opinions – both good and bad – and contribute to our online reputations.  Anyone can find this information and make judgments.  Accordingly, everyone needs to be cognizant of what they’re posting online, and how that aggregated information can tell one’s personal story and shape their digital impression.

A recent Microsoft survey  found that 79 percent of hiring managers and job recruiters in the U.S. said they routinely review online reputational information when considering job applicants.   All of sudden, that photo of you partying hardy or playing a practical joke on a friend may not be so funny after all even if you consider them your private matter. College admissions officers are also looking into social networks. As college board vice president James Montoya points out, the people who evaluate applications at most schools are “often under 30 years old and often Facebook users themselves.” Of course they will check out your online reputation. Should a partying foto matter? I agree – no it shouldn’t. Can it make the tipping point in deciding for or against an applicant? Yes it very well can. As the Microsoft study shows – 70% of employers have turned down job applicants because they didn’t like what they found online.

Managing one’s online behavior and reputation is a key component of being a good digital citizen. Digital citizenship is usually defined as “the norms of behavior with regard to technology use.”  But digital citizenship is more than just teaching social norms – it’s a way to prepare young people for life in a technology-rich society. Digital citizenship empowers young people and helps them develop a sense of ownership and personal responsibility – in order to make appropriate, ethical decisions in the online world.

In an effort to create a culture of “good digital citizens,” Microsoft is committed to helping youth, teens, parents and caregivers think about their online reputations.  Today we are releasing a new whitepaper titled Fostering Digital Citizenship and a Teen Reputation Guide.  The guide notes a series of tips, including …

  • Tip 1 If you wouldn’t wear it, Don’t share it!
  • Tip 2 Don’t use technology as a weapon. Really angry? Walk away from the keyboard – hands off your smartphone.
  • Tip 3 Know what the Internet is telling people about you. Regularly search yourself online.
  • Tip 4 Create strong passwords, change them often, and don’t share them with friends.

We make a host of digital citizenship resources available at our Safety & Security Center.  In addition to our research, reputation guide and whitepaper we’ve recently created three infographics, depicting how teens spend their time online, as well as an “at school” Internet safety tip card. Check them out or contact me if you are interested in learning more.

Rather than relying solely on protective measures, an approach to online safety that includes digital citizenship will help young people interact more safely in the online world. Teaching them about digital literacy, and digital ethics and etiquette is an important part of successfully navigating today’s online and offline world. It can make the difference between getting into the university they want and getting the job they applied for.

One man’s terrorist is another man’s freedom fighter – Is it?

I just read an article in the New York times on Suspected Hackers, a Sense of Social Protest. It made me think of the often quoted “One man’s terrorist is another man’s freedom fighter“.

For me the facts are clear. Nobody should attack the infrastructure or privacy of somebody else. Full stop. I cannot see that attacks can lead to anything positive and we have had plenty of examples showing that peaceful protest in the end works best to initiate change. However, other people see it different. They see it as a kind of social protest if they direct attacks at targets that they see as “evil”. Might these targets be individuals, corporations or governments. And then there are the ones that don’t think at all. That just follow a “cool” call for action. Have you ever seen the youtube video where an anonymous branch calls for attacking Telefonica? Pretty cool I must say. If I would be bored that weekend and looking for something to do – anything really – to fit into a group…. I can see why kids are tempted to point their Low Orbit Ion Cannons pretty much anywhere.

The part that worries me is not so much the individual person that might or might not participate in an attack. What worries me is that we as a society don’t have an understanding what is acceptable behaviour and what not. Sure – we might have a legal definition in some countries – but then does that help much? What we need to come to is a social value of what is acceptable and what not. What is a terrorist – and what is a freedom fighter. What differentiates them from eachother. Only then we can sit down and talk to our kids, our friends, our employees about values. Only then we can blog about it – about making people think about what they are doing. Make them aware of the line that they are crossing when they tinker with other people’s privacy and with intellectual property of enterprises, governments etc.

I don’t have the answer. But I am putting this out as a starting point to talk about it. Do the first step, take this and start talking about it and hopefully make some people think about values. Talk to somebody and lets start a snowball effect. Lets take this as a start to accept other’s privacy and values and use our right of free speech and social protest where we have them – and with that help others to achieve what we already have . Freedom of expression. But it comes with a price – and the price is responsibility and values – and we need to get better in accepting our responsibility.

About the Author

Reto is partner at PwC Switzerland. He is leading the Cybersecurity practice and is member of PwC Digital Services leadership Team. He has over 15 years work experience in an information security and risk focused IT environment. Prior to working at PwC he was Microsoft's Chief Security Officer for Western Europe and also has work experience as group CIO, Chief Risk Officer, Technical Director and Program Manager.

more about me and contact info

replica Rolex