HOW TO MAKE MONEY ON GDPR.

We huddled. It was in a seminar. At 8.30 a.m. This shows you how serious the issue was. I often go to seminars but they don't cause the audience to huddle. With GDPR, we were bonding over something difficult and inevitable, listening to one another's questions and taking notes of every answer.

GDPR, 400 days to go. You'll have to appoint a Data Protection Officer, preferably one that is liked by your staff and not outsourced, because there is a lot of liking to be done.

Also, there is money to be made if you get it right. By "getting it right" I mean avoiding the headless chicken run in 2018 and getting GDPR strategy in place now. Don't wait until the regulations hit you. Get ahead of them.

Clarify what your "legitimate interest" for gathering data is, so you can defend it when someone questions it quoting their new "right to object" and be aware that those who object may also quote "fundamental rights and freedom taking priority in legitimate interest". If you collect biometrics, ensure that you are sharing just the code you created based on them and not the biometrics. There are 8 rights you need to take into account when you are writing your strategy.

And how to make money on it? Make it your business asset to care about your customers' data now BEFORE everyone has to. This way you can build trust and effectively sell more.

As a customer, wouldn't you want to buy from someone who is ahead of the game? Wouldn't you change suppliers to those who are not sucking teeth, nodding heads, clutching pearls, but calmly implementing their GDPR strategy, revealing what they do with your data, respecting your privacy and asking for your consent? And if on top of that they mkrypt emails with your confidential data, that's what a safer world looks like.

Beatrice Freeman, COO for the award-winning mkryptor

HOW TO MAKE MONEY ON GDPR. We huddled. It was in a seminar. At 8.30 a.m. This shows you how serious the issue was. I often go to seminars but they don’t cause the audience to huddle. With GDPR, we were bonding over something difficult and inevitable, listening to one another’s questions and taking notes of every answer.

GDPR, 400 days to go. You’ll have to appoint a Data Protection Officer, preferably one that is liked by your staff and not outsourced, because there is a lot of liking to be done.

Also, there is money to be made if you get it right. By “getting it right” I mean avoiding the headless chicken run in 2018 and getting GDPR strategy in place now. Don’t wait until the regulations hit you. Get ahead of them.

Clarify what your “legitimate interest” for gathering data is, so you can defend it when someone questions it quoting their new “right to object” and be aware that those who object may also quote “fundamental rights and freedom taking priority in legitimate interest”. If you collect biometrics, ensure that you are sharing just the code you created based on them and not the biometrics. There are 8 rights you need to take into account when you are writing your strategy.

And how to make money on it? Make it your business asset to care about your customers’ data now BEFORE everyone has to. This way you can build trust and effectively sell more.

As a customer, wouldn’t you want to buy from someone who is ahead of the game? Wouldn’t you change suppliers to those who are not sucking teeth, nodding heads, clutching pearls, but calmly implementing their GDPR strategy, revealing what they do with your data, respecting your privacy and asking for your consent? And if on top of that they mkrypt emails with your confidential data, that’s what a safer world looks like.

Beatrice Freeman, COO for the award-winning mkryptor

Not invented?

A rare treat yesterday: my favourite weather! Blue sky and zero wind. Perfection. I was waiting to cross Commercial Rd and basking in it. How glorious... screech on vinyl. A cyclist went by, his hands firmly in his pockets. Slow and steady, circus-like movement. Beanie hat. Age 30-50. Was it you? What happened to your awareness of the invention of gloves?

I proceeded to my morning coffee with a newspaper - and my amazement deepened. 65 people down with campylobacter, following the ingestion of raw milk. Voluntary ingestion, raw milk trending. Ah. Has pasteurisation not been invented?

I had no bewilderment left when I read the report about leaked exam results compromised through unprotected email. None. I'm not even going to ask whether email encryption has not been invented.

Beatrice Freeman, mkryptor

STICKS.

Common sense seems to be less and less common as it gets outsourced to the gadgets. Intriguingly so. In the quest for independence from parents - not to be told what to do - the young ones get a gadget. Which tells them what to do.

Ofcom reports that last year one third of us took steps to reduce the online addiction. And are much happier for it. Next step: get rid of gadgets that measure what common sense can measure. You already have your eyesight, your gut feeling, your sense of smell, hearing and memory. And you can compute it all on your own using your own brain. That's what it's for.

Try it out. How about the lost and found USB sticks. If someone wants you to "find" a USB stick, why is that? Because they "lost" it and you may "help them find it"? Or to prey on your curiosity to infect you and destroy your stuff? The bit of news that half of us when faced with a USB stick that is not ours would plug it in is so against common sense it hurts. And if you lost yours, go to the dry cleaners. That's the thing they now retrieve most.

More common sense: if you have confidential email to send, encrypt it. That's what email encryption is for. To make you safe. Buy one or get one free from the award-winning mkryptor.

ILLUSIONS.

   Quite surprising to see so many illusions out there. Let's take the Centennials, people born in 21st century, described by the media as the best of humanity, the inspiring creatures. Not really. Centennials are 15 1/2 or younger. They haven't lived long enough to experience life's challenges. Cushioned and effort-free, they spend most of their time on crafting lies about their lives to post on Instagram.

   Another illusion: Finland as the weird land of madness. Not really. Finland is about innovation, hard work, persistence, clear vision, nature and true friendships. The current marketing, which I saw last week in the window of the Helsinki Tourist Office, does nothing to promote that. Their slogan is: " Hel yeah". Erm, no.

   And my favourite illusion of all: the symbol for email. What is it? It’s an envelope. While email is a postcard. Email is not protected by any envelope. You haven't got an envelope until you've installed email encryption. But as the envelope illusion is sitting there, everywhere, we don't shop for the proper envelope. Don't risk it, mkrypt it.

I'm from mkryptor, so I would say that? Yes. I'm not into illusions.

Beatrice Freeman, Marketing Director for mkryptor

WILL THE USER WIN?

The new Gov verification service will see a shift in the way government deals with personal identity.  The main challenge, as we've pointed out previously, is that the new approach will add inconvenient extra steps to an already signed-up population on the Government Gateway.

How existing users will be migrated is not clear. Yet, this little "how" is probably one of the most important aspects of this transition.  The original principle was that the verify scheme would allow you to use existing relationships where your identity had been checked.

The issue now is that the providers do not represent a body of organisations that most people have any existing relationship with.

This means that you now have to create a new relationship with private sector organisations in order that you do business with government.

Whether you want to undertake such an exercise and hand over your data in this way isn't something the UK population has been consulted about.

If they don't shut down the Gateway, transition to new services will be rather difficult as it won't be clear: 1) why existing users have to change nor 2) what the benefits to them are.  

The original GDS work was superb because it put the user first. How will this new solution put the user first?

Simon Freeman, CEO Fresh Skies

Taking risks

I'm mesmerised by the way phone-addicts miraculously escape accidents. Very smooth. Until it doesn't go so well. This time, it was the ornamental water strip. I watched a busy female in dainty shoes plunge into it with one foot. She left a sad trail of single prints all along Tooley Street. It was a cold morning. I bet her tiny foot was frozen. Same happens with unencrypted email: you don't encrypt and you stay miraculously unharmed. Until one day: Splash! Oops... Only it's not your foot covered in mud and shivering, but your reputation.

Don't risk it - mkrypt it.

Get yourself a freemium to avoid muddy situations.

“Security flaw” or just the old complacency?

It is both a sad day and a happy day at the same time.  The news that the law firm at the centre of the global data leak that has resulted in the fall of at least one government leader with potentially more to come has demonstrated what we at Fresh Skies have been nagging on about to law firms in the UK.  This case has shown:

1) Not encrypting emails is a big mistake. 2) The use of ‘web site data exchange’ technologies is risky if not maintained correctly. 3) The implications of such data leaks go beyond reputational damage.

The partners at the culpable law firm simply will not have enough professional indemnity insurance to cover the cases that will now no doubt flood in.  Will Iceland go after them for the costs of another election caused by the loss of their leader resulting from this data leak?

I am sure Mr Cameron will also be displeased.  But the UK government has done NOTHING to encourage secure communications in the UK.  

The Law Society and SRA do not enforce any regulation to make their legal firms do the right thing.  

Perhaps this will be a wakeup call for them.  The reality is that the heads will be further buried deeper into the sand and fingers stuck in ears with ‘la la la we’re not listening’ echoing around the halls of these esteemed organisations.

Simon Freeman

CEO Fresh Skies

Phishing email that knows your address

The BBC has published a story that should be of no surprise to any readers of our blog.  Shock horror, bad guys have your data and are using it against you.  Well, about time too.  Not that I support such fraud and nefarious schemes but come on guys, if you are going to go to the effort of sending out emails with criminal intent then have the imagination to at least spell and grammar check your work.  Relying upon Google translator to turn it from Russian or Chinese is a sure sign of laziness.

The BBC article shows clearly that the criminals are starting to get smarter.  Not smart, I hasten to add, because they are still lacking the imagination to do more sophisticated attacks with the tools they have.  But they are getting better.  It is like watching a caveman work out how to use fire.  Eventually they will get it and end up burning down half the planet.  The cyber criminals are pretty much the same.

You really have no excuse to continue your ‘do nothing’ approach. We’ve just given you the freemium version of our award-winning email protection. We dare you: try it, experiment. Even the cavemen are experimenting.

Simon Freeman CEO Fresh Skies

If Easter Bunny didn't bring you email encryption, have one on us.

The opposite of privacy is Twitter. And Twitter's user base is not growing. Even if the revenue is up, share prices crashed. Like with the muffin top: having given it the full airing, now we keep it private. Privacy awareness is on the grow.

I'm a great believer in privacy and so is mkryptor. The free version of our uniquely usable email protection is out now. Go get it. Spend the rest of Easter having fun.

Free email encryption (better than chocolate).

Beatrice Freeman

Marketing Director for mkryptor

Newsnight looks at email

Email was never designed to do what we use it for. By the time this problem became apparent, it was too late to do anything about it.

It is a shame that such an important subject is given so little thought on a programme carrying such credibility for insight and analysis of current issues. But rather than celebrate the achievement of Ray Tomlinson they decided to have a shallow look at the current state of email.  So what might they have covered?  Well, email is not in decline in some situations and it is (in some ways) in others.  The facts are this.  Email is still growing in business-to-business and business-to-consumer modes.  It is declining in consumer-to-consumer, which is driven by the newer generations being brought up on phones and tablets with more limited interfaces.

Let’s break email down into its basic parts. It will help us understand why it’s successful and why the reports of new kids on the block are maybe exaggerated.  What is ‘email’?  ‘Email’ is simply the moving of information in an asynchronous manner between two entities using SMTP (simple message transfer protocol).  The important points here are that: 1. it is asynchronous communication and 2. that the information moves.  This is key because to understand the limitations of email you need to understand what the essence of email really is.

What is email?

The asynchronous manner is simple to understand.  I am not talking some deep IT protocol principle here, just the fact that you can communicate between two entities over a period of time.  Synchronous communication is a phone call.  Both parties have to be on the same call at the same time and having a conversation at the same time.  You do not phone someone and say your opening sentence and then hang up and the person at the other end ring you back some time later and reply.  Phone calls and face-to-face communication are very useful.  But calls have limitations: 1. you need both parties available at the same time.  2. you both have to be willing to communicate at that time.  We accept these limitations and have no problem here.  

Funnily enough, when email has limitations we are not ok with that at all.  By its nature, email is asynchronous.  The good thing about email is that you can send a message without having to worry about whether it is convenient to the person at the other end.  What this means is that it email enables a more convenient way to communicate and lends itself well to non-time-critical communication.  Email is convenient. It is because email is so convenient that the issues start.  When the tool is used in a hierarchical organisation (one boss, many employees) then numbers of emails in the boss’s inbox can be considerable.  It is also inappropriately used for time-critical communication when a call or other channel may be better.  It therefore puts us all into the mode that some emails may be time-critical and so we have to watch it. This is how constant monitoring becomes the norm.

The second attribute of email is that information moves.  You put information into your email and that information is sent, basically as text and it is (as much as you could describe anything online as ‘physical’) physically moved to the recipient’s machines.  This has some advantages in that once moved, the recipient has it locally to use. But it also has some disadvantages: 1. once sent you cannot control what the recipient does with the information; 2. they can forward it and share it at will.  This can lead to many of the issues you will be familiar with.  Newsnight at least managed to identify that.

Finally, email is insecure.  Its protocols are not secure. The attempts to make it secure using SMPTs are a poor (but not useless) solution to the problem as email is stored in email inboxes typically on servers in data centres and very few people own their own.  Your email is therefore available to read by whoever has access to these servers.  Google is one example.  Your email is stored in Gmail servers which are run by Google who openly admit to reading your emails to enable them to make money on targeted advertising based on what you write.

Dislodging email

Email has been around for a long time and nobody has yet come up with anything suitable to replace it with.  If they had, you would be using it.  Email is hard to dislodge because it is a simple-to-use solution and it is conveniently asynchronous.  The convenience factor far outstrips the downsides (at least in the average user’s perception). And email is ubiquitous and therefore difficult to replace.  

The challenge for any replacement technology is whether it is proprietary or open.  Email protocol is open standard.  Anyone can develop a solution to handle email and you need not refer to anyone.  But today we live in a money-driven society and the clever entrepreneurs want to invent something and roll it out to millions and make a lot of money.  Only this is very hard to do with proprietary communication technology.  It is like the first video phone.  Why would you buy the first one?  If nobody else has one, what good is it?  Expand this up and imagine that there are thousands of different communications technologies.  Which do you choose?  

The idea that any single proprietary technology will get enough of a footprint to replace email in the near future is unlikely.  The probability that the world’s IT companies will cooperate enough together to come up with a global standard to replace email is low.  Email was successful because it was the first.  It did not have to dislodge another well-entrenched technology.  It is why we have the issues we have today.  It was never designed to do what we use it for and by the time this problem became apparent it was too late to do anything about it.

We like asynchronous communication

The technologies in other channels can be divided into a number of chunks.  A communication channel can be asynchronous or synchronous and it can either move information or move permissions (authorisation to access static information).  

Text messaging (SMS) is a good example of asynchronous communication but has limited use due to the size of messages available to us.  It is a useful channel and we use it for what it was intended for.  Other channels allow for more sophisticated information exchange (pictures etc.), but are basically the same thing.  Few synchronous channels exist: live chat is one, phone calls (and VOIP), video messaging.  Few have widespread use because we do like our asynchronous communication.  We do like to control when we respond and do it, at our convenience, unlike phone calls which are done at the convenience of the caller.

There are also channels for the exchange of information which remains static.  I.e. it is placed on a server and the recipient is told there is content for them to look at (ironically, notified by email).  These can be very effective but they suffer the issue that there are large numbers of these solutions and we (the public) will not tolerate having 100 different communication accounts.  So adoption will be slow and will never hit critical mass.  They are not open standard and for this reason will never replace email.

Discussions of replacement of email need to look at the reasons for its replacement.  If the issue is that a boss in a hierarchy is getting too many communications from their staff then the channel changes will not fix this.  Can’t cope with 100 emails per day?  So how will you cope with 100 requests to read information on a server share or collaboration system?  

Authentication

The problem is a structural one and not a technology one.  Security will never be cracked until we accept strong authentication.  That means less convenience and more steps to do what you do today easily.  There is no strong authentication on the horizon either.

This problem was best described by a friend of mine as being like a balloon.  Even if you grab the balloon and squeeze it to try and make it smaller all that happens is that the balloon bubbles out the side of your hands.  Email is the same.  There is a strong chance that any change will be just that: a change and not an improvement.  Meanwhile, we will continue to make the best of what we have.  Email.  In other words: don’t delete your Outlook off your laptop yet, think what emails you are sending and make sure you do the simple things - if it’s confidential, encrypt it.

Simon Freeman CEO Fresh Skies

4 new encryption resellers sign up with mkryptor

Following the 4th Cyber Security Showcase in Vienna we have signed up 4 new European resellers.

For the first time since the launch of the award-winning mkryptor we saw companies actively seek email encryption solutions.

We heard that the formerly preferred PKI had failed the expectations. While it is a good protection for email in transit, it is not user- or customer-friendly. Throughout Europe users are finding PKI difficult, time-consuming, awkward and off-putting. As a result, sensitive emails are being sent unprotected.

This has prompted cyber security and business risk managers to look for a usable solution. Thank you for talking to us - and a big welcome to our new partners.

Mkryptor in Vienna

As we approached landing, the flats were alive with the sound of wind power. I did not mind the lack of hills. I was busy being happy that BA actually made it. We took off 30 min late because "the plane wouldn't detach from the jetty". At first, this sounded much better than the wrong kind of leaves. But then, it started worrying me. Either the aircraft did not want to go to Vienna (was Vienna that bad?), or maybe this was a coded message for something very unexpected.

Vienna displayed full summer glory on a sunny February day with plus 20 Celsius. The "brown beer soup" looked like a white upside-down French onion soup, with cheese at the bottom and cream froth on top. The "beer cabbage" tasted neither of beer or cabbage but of juniper honey. Unexpected, I thought. But not unpleasant.

Catching up with my old Viennese friend I was told that the conference had featured earlier on morning TV.  Ah. So Vienna is not just about palaces and the civilised intake of cake. They also take cyber security seriously.

I liked it how the opulence and the gentle sparkle of chandeliers created a new standard for doing business. This was an immeasurable improvement on the ordinary exhibition surroundings. 25 British cyber security companies took part in the showcase with lots of intriguing presentations over two days. Someone kindly commented that mkryptor had the best visuals (thank you Paul Rodger) and certainly none did pass my stand without being gently encouraged to mkrypt.

I hope we all raised cyber awareness very high indeed. The 4th CEE Cyber Security event in Vienna was beautifully organised and executed by UKTI to promote British exports. 225 visitors from 15 states attended.

Beatrice Freeman, Marketing Director for mkryptor

The personal touch

Haven't we got used to the thought that online is where all good business happens? I dare to claim that when it comes to the top serious matters, that's not the case.

By top serious matters I mean the heart and the hearth. According to a leading tile seller, last year 99% of buyers bought their tiles not online, but in stores. On Valentine's I kept seeing couples romantically strolling along the river, him with a bunch of roses protruding from his rucksack, her charmed - no online activity spotted. We are constantly reminded that there is a whole digital-only generation. Not really.

With these observations, I'm leaving for Vienna to present mkryptor at the biggest annual European event put together by the UKTI. While no doubt I will be reminded not to leave my luggage unattended, I hope that you won't leave your personal emails unencrypted.

Beatrice Freeman, Marketing Director for mkryptor

Apple argue the case for encryption in this letter to customers

The time has come

You probably wouldn’t put the award-winning mkryptor and low-sugar cereal into one basket. Now you can. (Not a Tesco basket though, with those staggering extras they charge suppliers: the pay-on-time discount, the fuel-our-growth fee, and of course we would want your eye level, so the eye-level fee too.)

Did you know that Kellogg's Red Berries Low Sugar cereal and our email encryption hit the shelves at the same time, hugely before anyone cared? We had to wait for the market to grow up and now there is enough cyber security awareness for mkryptor to launch Version 3.0. Kellogg’s had to wait for a climate change too, and now the sugar impact awareness makes Kellogg's low sugar offering finally welcome. The time has come, mkryptor and Red Berries, who would have thought.

Which brings me to a baffling fact: men have taken twice as many selfies as women. Of course we can think that men are twice as vain. Or that they are twice as good at technology. Or has the time come for men to look twice as appealing, as they did with the flamboyant outfits in past centuries?

Ah, nostalgia... Being a great fan of steam engines, I loved reading about The Flying Scotsman, proudly steaming away again. The magnificence! Thousands were thrilled. But how does that agree with the coal-is-the-source-of-all evil thinking? Has the time come to stop that?

If coal is of no interest to you and you prefer virtual things, grab your old virus and send it to a library. Do this so others can “safely experience the virus infections of yesteryear”. Old-school hackers apparently used to write viruses for fun. Now the fun has gone criminal. How sad. Either way, the Malware Museum Curator is asking for your virus donation. Does anyone go there? Yes. The museum has attracted more than 100,000 visitors in just four days since its launch.

This one I did not anticipate -  but, quite obviously, the time has come.

Beatrice Freeman, Marketing Director for mkryptor

Cyber resolutions for a safer 2016

The City of London Police have just released this handy P.R.O.T.E.C.T guide to staying safe online.

And while raising cyber security awareness can only only be commended, it’s just a shame they couldn’t have added one more top tip - encrypting your confidential emails.