Archive for November 2017

Your Latest IT News Update

Serious Bug In Apple Mac OS Discovered

Apple is reported to be urgently working on a software update after Turkish developer Lemi Ergin publicly reported a simple but serious bug in its Mac Operating System.

<More>

GDPR Could Increase Hackers Ransoms

A researcher has suggested that the GDPR fine structure could lead to cyber-criminals being given price points to set their ransoms at because now they know how much money they should be asking.

<More>

Bitcoin Value Tops $10,000

The crypto-currency Bitcoin has now reached a record high of $10,000 (£7,462) after only trading at $1,000 at the start of the year, with some experts saying it’s got further to climb.

<More>

Government Could Use Blockchain To Verify Your Identity

A report by the educational charity and think tank ‘Reform’ has suggested that Blockchain technology could be used by the UK government as a more effective, efficient, and modern way to provide verification of the identities of citizens.

<More>

Small Businesses Get New OS MasterMap® Data

The government has announced that its new £40m Geospatial Commission will start its strategy of releasing more of the location data held by public bodies to help businesses and boost economic growth, by giving small businesses free access to OS MasterMap® data.

<More>

Tech Tip – Sort Outlook Deleted Items by Date Deleted

If you’ve ever accidentally deleted an e-mail and you can’t remember what day it was originally sent to you, and you need to track it down then this is the tip for you. Here’s how it works:

<More>

Serious Bug In Apple Mac OS Discovered

Apple is reported to be urgently working on a software update after Turkish developer Lemi Ergin publicly reported a simple but serious bug in its Mac Operating System.

MacOS High Sierra Affected

The bug was discovered in the most recent version of MacOS High Sierra. It has been reported that, by entering the username “root”, and leaving the password field blank, and hitting the enter key several times, a user is granted unrestricted access to powerful administrator rights on the computer.

Troubleshooting Feature / Serious Threat

Even though Ergin is credited with finding the bug (and has faced criticism for going public about it), it is reported to have actually been mentioned on an Apple support forum more than two weeks ago as a possible useful feature for troubleshooting rather than as a serious security threat.

What Can Be Done?

If a person were to access a computer using the flaw they could potentially read and change the files of other users on the same computer, or as superuser they could delete crucial files or install malware.

Can’t (Typically) Be Done Remotely

The fact that the enter key has to be hit several times means that a person would really need physical access to the computer in order to exploit the bug. If, however, a person has been granted remote access to the computer e.g. for tech support, the bug could technically be exploited that way.

Insider Threat?

A malicious attack or breach from within a company by a person with physical access to computers is a real possibility for businesses and organisations. For example, where ‘malicious’ insider threats are concerned, research (Egress) shows that that 24% of workers have purposely shared information with competitors or new and previous employers and other entities. Insider leaks, breaches, and other threats can undermine company efforts to comply with data protection laws and protect competitive advantage, and can leave companies open to huge financial risks, loss of customers, and damage to their brands.

Criticism

Other security experts / commentators have been quick to criticise Mr Ergin for apparently not following the responsible disclosure guidelines typically observed by security professionals i.e. notifying Apple of the flaw first, thus giving them a reasonable amount of time to fix it before going public.

Patch On The Way

It has been reported that Apple is working on a software update / fix for the bug, and in the meantime, Apple has offered users a temporary workaround.

What Does This Mean For Your Business?

If your business has Apple Macs with MacOS High Sierra, and if you are too worried to wait for the patch, the workaround allows the Root user to set a password. Instructions for the workaround can be found on the Apple support site here: https://support.apple.com/en-us/HT204012 .

Only last month Apple released a supplemental update for MacOS High Sierra which incorporated various bug fixes for Macs.

This story illustrates how new software / operating systems are often released with bugs in them, many of which are usually discovered by security researchers, but it is worrying that users have been left vulnerable in this case to fairly serious threats by what is a simple (some would say embarrassing) fault.

GDPR Could Increase Hackers Ransoms

A researcher has suggested that the GDPR fine structure could lead to cyber-criminals being given price points to set their ransoms at because now they know how much money they should be asking.

GDPR

The EU’s General Data Protection Regulation (GDPR) comes into force 25th May 2017. As part of the enforcement mechanism, a fine structure has been published to encourage compliance with the Regulation. The fine structure for GDPR is actually tiered depending upon the scope of the violation, but it has been published and widely publicised that lesser violations will attract fines of 2% of global turnover, and more serious violations will attract fines of up to €20 million, or 4% of their global turnover (whichever is greater).

Price Point Provided

Researcher Mikko Hypponen has made the point, therefore, that these figures could give cyber-criminals who are using ransomware, or hackers stealing data, a price point to set the ransom at because now they know how much money they should be asking.

Hypponen argues that because the criminals know what data is worth / what covering-up a data breach may be worth to some companies (probably large, well-known ones), these companies may be actually willing to pay anything less than the full amount of the fine to avoid serious damage to their reputation, loss of customers and more.

According to Hypponen, ransoms could, therefore, be set at up to 2% or 3% of the targeted organisation’s global annual turnover. This could equate to millions of dollars in some cases.

Not So Far-Fetched

Taking one recent incident as an example, Hypponen’s predictions may not appear too far-fetched. HBO network was hacked and the hackers are reported to have demanded $5.5m for the release of the stolen data. Even though this sounds like a very large sum, it is still less than 2% or 3% of the company’s 2014 annual revenue.

It is certainly possible that some companies would pay a ransom to keep a breach quiet as Uber were recently reported to have paid hackers $100,000 to delete the data from a hack that took place 2 years ago, and to keep quiet about it.

Hypponen has, therefore predicted that, after the introduction of GDPR on May 25th 2018, companies (particularly large turnover ones) will be targeted by hackers for personal information, and will be given ransom demands that are close to GDPR fine levels.

Taking Advantage of GDPR

Another prediction of how cyber-criminals may use GDPR to their advantage is by hackers / scammers stealing data with advanced ransomware and then blackmailing the victims with the threat of reporting them to the data protection commissioner. This is because ransomware can affect the availability, access, and recovery of personal data. These things, as well as passing personal data to hackers via the ransomware are technically serious breaches of GDPR by the victim company.

Ransomware

As well as hackers stealing data directly, ransomware is fast becoming the most popular way for cyber-criminals to make money, and is likely to be a greater threat after GDPR. The fact that it is automated and doesn’t require any special user rights to operate it makes it a popular choice, and an ideal way for criminals to sell data to the highest bidder (which is often the victim company).

Bitcoin Store

There are even reports that large companies / corporations and banks have been buying up stores of Bitcoin as a short-term way to deal with data breach / ransom-based cyber attacks.

What Does This Mean For Your Business?

Where GDPR is concerned (especially with the pressure of the approaching deadline) many companies are seeing it as an opportunity to address possible data security / privacy loopholes that could leave them at the mercy of cyber attackers anyway, and to expand their ability to manage the use of data.

GDPR could even be viewed as a way of developing a global standard for data protection, which could be an opportunity for businesses to offer products and services worldwide that comply with this standard.

Quite apart from GDPR, businesses and organisations of all kinds should be trying to continuously improve their cyber resilience anyway.

Ways that companies could protect themselves against hacking / ransomware threa ts include only giving users access to what they need and taking away admin privileges, backing up all critical files effectively and securely, and testing those backups to make sure that information can be restored in a usable form.

One way in which companies could test their response to a live ransomware Trojan in their network is to plant dummy files in the network that should never be touched by legitimate users and act as alarms.

Companies and organisations should also make sure that they have workable Business Continuity and Disaster Recovery Plans in place, and to be aware that paying hackers does not guarantee the return of stolen data, and could increase reputational damage if the public see this as a way of trying to hide a breach.

Bitcoin Value Tops $10,000

The crypto-currency Bitcoin has now reached a record high of $10,000 (£7,462) after only trading at $1,000 at the start of the year, with some experts saying it’s got further to climb.

What Is Bitcoin?

Bitcoin is a digital web-based currency that operates without the need for central banks and uses highly secure encryption (a crypto-currency) to regulate the currency units and to verify transfers of funds. Bitcoin, which was first produced in 2009, uses the ‘Blockchain’ technology. Blockchain is an open and programmable technology that can be used to record transactions for virtually anything of value that can be converted to code and is often referred to as a kind of ‘incorruptible ledger’.

There are approximately 15 million Bitcoins in existence with a value that is estimated to have surpassed $167bn. In order to receive a Bitcoin, a user must have a Bitcoin address i.e. a ‘purse’ (of which there is no central register).

Surge In Value

Bitcoin may have experienced a surge in value over this year as a whole but the rise has been by no means smooth. The crypto-currency first managed to reach a value of $1,000 in late 2013, and after a volatile general rise found itself valued at $1,000 again at the beginning of this year.

The surge in the last part of this year has been attributed to many to factors such as:

  • An announcement this month that CME Group, a US-based derivatives marketplace operator, plans to launch a Bitcoin futures product in the very near future.
  • The suspension of the Segwit2x project. The project aimed to create the SegWit2x Blockchain (the underlying code of Bitcoin), and a new currency referred to as B2X. The idea was to alter the underlying code to enable more transactions, but in practice software bugs and a lack of popularity that risked splitting the community has meant that SegWit2x has been shelved for now.
  • A growing awareness of Bitcoin and its benefits, and of the general rise in its value over time boosting confidence in the crypto-currency and its value.

Bumps In The Road

Bitcoin has experienced many high profile bumps in the road on its rise in value. These include a decision by China to stop exchanges from trading in the crypto-currency earlier this year.

Crypto-Currencies Generally More Popular

The success of Bitcoin has helped to boost the popularity of virtual currencies generally. One example is Ethereum which was worth $10 at the beginning of the year and is now worth $480.

Crime Link

Bitcoin is often the currency that ransomware scammers request their victims to pay with because of the anonymity that it offers. Some currency commentators have even suggested that the recent surge in the value of Bitcoin is partly because European banks may be buying Bitcoin to pay off ransomware as a short-term way to deal with cyber-security.

What Does This Mean For Your Business?

The rise of crypto-currencies, such as Bitcoin, to the point where it was finally being taken up by investors, businesses and governments, has been filled with high profile ups and downs e.g. a fall in its value on the Tokyo-based Mt. Gox exchange following a hack in late 2013.

Despite its problems and bad press, in recent years, Bitcoin has shown a general decrease in volatility. 2017 has also actually seen a lot of optimism for the crypto-currency, which reached a point back in January where its worth was around the same value as that of a FTSE 100 company.

Bitcoin has many attractive advantages for businesses such as the speed and ease with which transactions can take place due to the lack of central bank and traditional currency control. Using Bitcoin also means that cross-border and global trading, and on the back of this latest milestone reached, it looks likely that the rise of Bitcoin is not over yet.

Government Could Use Blockchain To Verify Your Identity

A report by the educational charity and think tank ‘Reform’ has suggested that Blockchain technology could be used by the UK government as a more effective, efficient, and modern way to provide verification of the identities of citizens.

What Is Blockchain?

Blockchain is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes Blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.

Blockchain technology operates using the IBM cloud and is powered by Hyperledger Fabric 1.0 of Linux Foundation. The developers of the Blockchain system say that the trust between participants is not necessary because trust is embedded in the system itself, and that access to all relevant information is available to participants.

Blockchain is the same technology behind the crypto-currency Bitcoin, and it is now being applied to multiple industries and sectors.

What’s The Issue?

The underlying issue for the government is that there are people living and working in the UK without a legal identity, thus making it difficult to monitor births, deaths, work, taxation and migration.

Also, there are many different government departments which hold different and even contradictory versions of a person’s identity to a user-stored identity.

There is also the issue that individuals don’t currently have access to their public service identity and, therefore, lack control of it, and can’t authorise who can see it.

It is thought that among other benefits, a Blockchain-based system could shift more control from the government to the user.

Problems With The Current System

The Reform report argues that the current identity assurance platform, Gov.uk Verify, is not working as well as it could because of low uptake and departments such as HM Revenue & Customs (HMRC using their own service – Government Gateway).

It has been reported that with Verify, departments often have to request and check additional data because Verify doesn’t always provide enough information, and the new system also struggles to match information with legacy systems.

First Suggested Last Year

The idea of using Blockchain to help with identity verification was first publicly voiced by the government last August in relation to passports. The fact that nearly 20,000 British passports were either lost or stolen in 2016, and the resulting identity theft, coupled with the delays caused by inefficient passport checks led the government to think about the advantages of Blockchain.

With Blockchain passports, for example, personal information could be encrypted and stored digitally on a smartphone accessible via fingerprint scanning. This could allow fast access through the border if verified alongside biometric information. A Blockhain passport of this kind could also reduce the risk of identity fraud and the information being lost or stolen.

What Does This Mean For Your Business?

From the government’s point of view, a Blockchain app built across government departments, and acting as a layer on top of current databases, could be a more effective, efficient and secure way to verify the identities of citizens, make sure all databases have the same information and are automatically updated, and give us more control over who can see our identity details and in what form.

For governments, businesses, and organisations around the world, Blockchain is providing many exciting new opportunities. Dubai, for example, has committed to putting all of its documents on Blockchain in the next few years and has founded a public-private initiative called the Global Blockchain Council to foster the development and use of Blockchain technology in and between local government teams, local businesses and international start-ups.

As well as finding uses in the financial, legal and public sectors, recent real-world examples of how Blockchain is being used include:

  • Using the data on a Blockchain ledger to record the temperature of sensitive medicines being transported from manufacturer to hospital in hot climates. The ‘incorruptible’ aspect of the Blockchain data gives a clear record of care and responsibility along the whole supply chain.
  • Using an IBM-based Blockchain ledger to record data about wine certification, ownership and storage history. This has helped to combat fraud in the industry and has provided provenance and re-assurance to buyers.
  • Shipping Company Maersk using a Blockchain-based system for tracking consignments that addresses visibility and efficiency i.e. digitising a formerly paper-based process that involved multiple interactions.
  • Start-up company ‘Electron’ building a Blockchain-based system for sharing information between those involved in supplying energy which could speed up and simplify the supplier switching process. It may also be used for smart grid processes, such as local load-balancing of supply and demand.
  • Australian start-up Zimrii developing a Blockchain-based service that allows independent musicians to sell downloads to fans, distribute the proceeds between collaborators, and allow interaction with managers.

Blockchain clearly has huge untapped potential for all kinds of businesses and could represent a major opportunity to improve services, and effectively tackle visibility, transparency and efficiency issues.

Small Businesses Get New OS MasterMap® Data

The government has announced that its new £40m Geospatial Commission will start its strategy of releasing more of the location data held by public bodies to help businesses and boost economic growth, by giving small businesses free access to OS MasterMap® data.

The Commission

It has been announced that the new £40m Geospatial Commission, sitting under the authority of the Cabinet Office, will release Ordnance Survey location data first to help boost business for small companies.

What Is Geospatial Data?

Geospacial data in the context of this article refers to augmenting a geographic map with other data specific to points on that map, thereby enabling the added value of observations, analysis, and planning. It was first used in 1854 by John Snow, who plotted each cholera death in London’s Soho on a map, and from the mapped points was able to isolate a specific water pump as the source of the disease, and thereby prove his theory that cholera came from contact with sewage-contaminated water rather than being airborne.

Budget

The announcement was made in Chancellor of the Exchequer, Philip Hammond’s latest budget.

The wider intention is that Geospatial Commission will draw on public and private sector expertise to develop a strategy for releasing more of the location data that is currently held by HM Land Registry, the Ordnance Survey, the British Geological Survey, the Valuation Office Agency, the UK Hydrographic Office and the Coal Authority.

The Commission will attempt to improve the links between and quality of the data held by the agencies and bring together and make it available to the public and private sector. The Commission will also aim to make more geospatial data available for free (without restriction), set regulations and policy for public geospatial data, hold the individual bodies to account for delivery against the geospatial strategy, and provide strategic leadership.

The first stage of the 2 year strategy is to find a way to give small businesses free access to OS MasterMap® data.

What Is OS MasterMap®?

The OS MasterMap® is the database that records every fixed feature of Great Britain larger than a few metres in one continuous digital map. The map has different layers e.g. the Greenspace Layer (showing accessible and non-accessible green-spaces in urban areas – used to improve health and environment initiatives), and the Topography layer (to help with decisions about assets, services, environmental risks, customers and operations).

How Will This Help?

Giving open access to OS MasterMap® (for small businesses first) will remove the legal barriers that currently limit the availability of other data e.g. foreign ownership of land, locations of parking spaces, house prices or business addresses. This will then give businesses access to the kind of data that is essential to understanding and tackling housing and transport challenges. More data about an area can make it easier to find land for house-building, and enable the development of services that improve vital infrastructure, and can help businesses to make better, more informed decisions about projects.

Opening up access to government-held geospatial data could, therefore, stimulate innovation in the wider economy, boost jobs and make savings, as well as transforming information delivery and citizen engagement.

Example From Housing

The UK is in the midst of a housing crisis, particularly in social housing. Decades of failure to build enough new homes means that the UK is struggling to accommodate its growing population. The relatively small number of homes that are being built are generally not suitable for first time or low-income buyers, or the rental market.

It is thought that geospatial data could be used to accurately, and remotely survey sites with information instantly available to virtually design houses bespoke to customer needs e.g. using prefabricated housing factories across the UK. The geospatial data could help quality factory built houses to be delivered right-first-time, on time and to budget.

What Does This Mean For Your Business?

Opening up the many layers of government data and linking it to highly detailed digital maps can give businesses, particularly those involved with housing and infrastructure, the knowledge and tools to innovate, save money, and find new business opportunities.

A boost for the housing market is good news for the economy, and if (as the government suggests) that the wider economy will get a boost from the work of and the investment in the new Geospatial Commission, then this is good news for all businesses.

Since small businesses account for 99.3% of all private sector businesses, and SMEs account for 60% of all private sector employment in the UK (FSB), opening up the OS MasterMap® to small businesses seems a sensible first move in the Commission’s strategy.

Tech Tip – Sort Outlook Deleted Items by Date Deleted

If you’ve ever accidentally deleted an e-mail and you can’t remember what day it was originally sent to you, and you need to track it down then this is the tip for you. Here’s how it works:

For Outlook:

  • Go to the deleted items folder
  • In the top ribbon bar, click on View tab then select View Settings
  • In the Advanced View Settings box, click on the Columns… button
  • Under Select Available columns from: choose the “Date / Time fields” drop down
  • Single click on “Modified” and select Add (to put it at the bottom of the list on the right hand side), click OK
  • Back at the first box, select “Sort…”. At the bottom drop the box down under Select Available Fields From and choose Date / Time Fields
  • At the top, drop the box down under Sort Items By and choose Modified. It should auto select “Descending”. If it doesn’t, choose it (so the most recent modified file is at the top)
  • Click on OK. Make sure your settings are now showing up and click on OK again
  • Your folder should automatically re-sort its self. If it doesn’t, just select the By Date sort option at the top of the email items header.

Your Latest IT News Update

Smartwatches – Spying on Kids

German Telecoms regulator the Federal Network Agency has banned the sale of smartwatches to children and asked parents to destroy any that they already have.

<More>

Your Keystrokes Being Tracked

A new study from Princeton University has suggested that your keystrokes, mouse movements, scrolling behaviour, and the entire contents of the pages you visit may be tracked and recorded by hundreds of companies.

<More>

57 Million Data Breach Concealed By Uber – Hackers Paid

It has been reported that Uber concealed a massive data breach from a hack involving the data of 57 million customers and drivers, and then paid the hackers $100,000 to delete the data and to keep quiet about it.

<More>

Prison Sentences Demanded For Unauthorised Data Usage

The Information Commissioner’s Office (ICO) has said that it backs the idea that anyone accessing personal data without a valid reason or without their employer’s knowledge is guilty of a criminal offence, should be prosecuted, and prison sentences should be an option.

<More>

New, Free Secret Browsing and Cyber Security Service

Quad9 is a new, free service that will allow users to keep their Internet browsing habits secret and their data safe from malicious websites, botnets, phishing attacks, and marketers.

<More>

Tech Tip – Face ID: Unlock Your Phone With Your Face

Although not the same as Apple’s Face ID system, Android devices come with an in-built Face ID feature to give you extra security and to enable you to unlock your device with your face. Here’s how to use it:

<More>

Smartwatches – Spying on Kids

German Telecoms regulator the Federal Network Agency has banned the sale of smartwatches to children and asked parents to destroy any that they already have.

Danger To Children – Spying and Tracking

The reason why the regulator has taken the step is over concerns that children wearing the watches could be, in theory, spied upon and tracked. These risks have been identified because the watches are internet-connected and are thought to be poorly secured e.g. no encryption of any transmitted data. This could mean that they could be hacked and taken over, and also the GPS tracking in the watches could be used by unauthorised persons to track the child.

Demographic

Smartwatches like the ones that have been banned in Germany are generally aimed at children aged between five and twelve, and this could be considered to be a demographic that is particularly vulnerable if data from the watches fell into the wrong hands.

App

Smartwatches have a Sim card, limited telephony function, and are linked to an app. Parents can use the app to access their child’s smartwatch, and thereby listen to what is happening in the child’s environment, and it has been reported that the German Federal Network Agency has evidence that parents have used this feature to listen to teachers in the classroom. This ‘unauthorised transmitting’ and the surrounding privacy concerns have led to schools being warned to be on the lookout for the watches.

Similar Case In Norway

This is not the first time that concerns have been raised about the security and privacy aspects of smartwatches. Back in October, the Norwegian Consumer Council (NCC) reported that some children’s watches had flaws such as transmitting and storing data without encryption. Among the dangers identified were concerns that watches could have been hacked using basic techniques and the (child) wearer could have been tracked, or made to appear to be in a different location.

Internet-Connected Gifts / Toys Fear

Only last week there were news reports that Consumer watchdog Which? identified toys such as Connect, the i-Que robot, Cloudpets and Toy-fi Teddy as having a security vulnerability because no authentication is required, and they could be linked with via Bluetooth.

Also in the US, back in July this year, the FBI issued an urgent announcement describing the vulnerability of internet-connected toys to such risks, explaining steps to take to minimise the threat. The main concern appeared to be that young children could tell their toys private information, thinking they’re speaking in confidence. This information could be intercepted via the toy, thereby putting the child and family at risk.

What Does This Mean For Your Business?

Many tech and security commentators agree that a lot more care needs to be taken by manufacturers of Internet-connected / smart toys, gifts, and other home and business products to make sure that they are secure when they are sold, and that any information they do transmit is encrypted.

It is very worrying that, children particularly, may be at risk now due to vulnerabilities in smart toys. There have been many occasions in recent years when concerns about the security / privacy vulnerabilities in IoT / smart products have been publicly expressed and reported. The truth is that the extent of the current vulnerabilities are unknown because the devices are so widely distributed globally, and many organisations tend not to include them in risk assessments for devices, code, data, and infrastructure. Home / domestic users have no real way of ascertaining the risks that smart / IoT devices pose, probably until it’s too late.

It has also been noted by many commentators that not only is it difficult for businesses, including manufacturers of smart products, to ascertain whether all their hardware, software, and service partners are maintaining effective IoT security, but there is also still no universal, certifiable standard for IoT security.

For businesses, it’s a case of conducting an audit and risk assessment for known IoT devices that are used in the business. One basic security measure is to make sure that any default username and passwords in these devices are changed as soon as possible. For home users of smart products, who don’t run checks and audits, it appears that others (as in the case of the German Federal Network Agency) need to step in on their behalf and force the manufacturers to take security risks seriously.

Your Keystrokes Being Tracked

A new study from Princeton University has suggested that your keystrokes, mouse movements, scrolling behaviour, and the entire contents of the pages you visit may be tracked and recorded by hundreds of companies.

What??

The study revealed that no fewer than 480 websites of the world’s top 50,000 sites are known to have used a technique known as ‘session replay’, which, although designed to allow companies to gain an understanding of how customers use websites, also records an alarming amount of potentially dangerous information.

The researchers found that companies are now tracking users individually, sometimes by name.

The Software

The session replay software offered by seven firms, and detected in the study was FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar and Yandex.

The research showed that companies using the software (on 492 sites) were sharing information about individuals with one or more of the seven replay companies, and that the percentage of sites giving information to the software companies was likely higher, because the software companies only track just a sample and not the total of visits to a website.

Companies Using The Software

As indicated in the research, some companies believed to be using session replay software include the Telegraph website, Samsung, Reuters, Home Depot (US retailer) and CBS News.

What’s The Risk?

As pointed out by the researchers, this kind of software is like someone looking over your shoulder, and that the extent of the data collected may far exceed user expectations, without any visual indication to the website visitor that such monitoring is taking place.

Security commentators have noted that among the general browsing data collected by these third-party replay scripts, they are also capable of collecting some very sensitive and personal information e.g. medical conditions and credit card details. Depending on how this data is transmitted and stored (where and how securely?) this could expose people to risks such as identity theft and online scams.

The research also raised the question of whether state-sponsored surveillance is being carried out with session replay software, when it was noted that Yandex (one of the session replay software companies) is also Russia’s largest search engine.

What Does This Mean For Your Business?

Creeping surveillance and monitoring for multiple purposes is now part of our daily lives and includes e.g. CCTV, monitoring / surveillance of behaviour and Internet use at work, tracking via our mobile phones, EPOS / supermarket recording of our purchases, storage of our browsing history as part of the Investigatory Powers Bill / ‘Snooper’s Charter’, social media monitoring, and government attempts to gain back-doors into and stop end-to-end-encryption of popular platforms like WhatsApp.

Keystroke monitoring in itself is nothing new, but the difference now is that cyber-crime is at a high, data protection has become a more public issue with data breach reports in new regulations on the way in (GDPR), and the fact that the latest session replay software is capable of recording so much detail including our most sensitive data and interests.

For businesses, session replay software could be an asset in understanding more about customers and making marketing more effective and efficient. As consumers, we could be forgiven for having cause for concern, and with things like ad-blockers only capable of filtering out only some replay scripts, we remain somewhat vulnerable to the risks that they may pose.