News

Scam Phone Calls

Computer Culture Admin - Tuesday, July 17, 2018
HP
Virus phone scam being run from call centres in India

The scam always starts the same way: the phone rings at someone's home, and the caller – usually with an Indian accent – asks for the householder, quoting their name and address before saying "I'm calling for Microsoft. We've had a report from your internet service provider of serious virus problems from your computer."

Dire forecasts are made that if the problem is not solved, the computer will become unusable.

The puzzled owner is then directed to their computer and asked to open a program called "Windows Event Viewer". Its contents are, to the average user, worrying: they look like a long list of errors, some labelled "critical". "Yes, that's it," says the caller. "Now let me guide you through the steps to fixing it."

The computer owner is directed to a website and told to download a program that hands over remote control of the computer, and the caller "installs" various "fixes" for the problem. And then it's time to pay a fee: £185 for a "subscription" to the "preventative service".

The only catch: there was never anything wrong with the computer, the caller is not working for Microsoft or the internet service provider, and the owner has given a complete stranger access to every piece of data on their machine.This scam has been going on quietly since 2008 but has abruptly grown in scale this year, is being run from call centres based in Kolkata, by teams believed to have access to sales databases from computer and software companies.Often, the victims are inexperienced or elderly, convinced by the apparent authority of the callers and the worrying contents of the Event Viewer. In fact, such "errors" are not indicative of any problems.

Microsoft denies any connection with the companies that call people up offering these services.

When The Guardian newspaper in the UK contacted Microsoft about these scams, Microsoft said it was "currently investigating a series of instances in which the business practices of an organisation within the Microsoft Partner Network [that] have given rise to significant concerns from a number of sources. We take matters such as these extremely seriously and will take any action that is appropriate once our investigation is complete."

Information Technology Acronyms

Computer Culture Admin - Tuesday, July 17, 2018
Hacked
The computer industry seems to have a disproportionate number of acronyms and to the lay person it must sound like we are talking a foreign language.

To help we have listed some of the common ones below:


 AD  Administrative Domain
 AMOLED          Active-Matrix Organis Light-Emitting Diode
 API  Application Programming Interface
 CERT  Computer Emergency Response Team 
 DHCP  Dynamic Host Configuration Protocol
 DoS  Denial of Service
 HDD  Hard Disk Drive
 HDMI  High-Definition Multimedia Interface
 GUI  Graphical User Interface
 LAN  Local Area Network
 NAS  Network-Attached Storage
 OS  Operating System
 PCI  Peripheral Component Interconnect
 PCIe  PCI Express
 PoE  Power over Ethernet
 PPP  Point-to-Point Protocol
 PPPoE  PPP over Ethernet
 RAID  Redundant Array of Independent Disks
 SATA  Serial ATA
 SSD  Solid State Drive
 TCP/IP  Transmission Control Protocol/Internet Protocol
 VoIP  Voice ofver Internet Protocol
 WLAN  Wireless Local Area Network

If you would like further punishment, follow this link:
https://en.wikipedia.org/wiki/List_of_computing_and_IT_abbreviations

The Importance of Risk Management

Computer Culture Admin - Friday, June 22, 2018
HP We just learnt of a cyberattack in Chile where a bank’s servers and workstations were knocked out to cover the electronic theft of US$10 million dollars. This highlights the need to have a robust system in place to help reduce the risk of your network being compromised.

      • Identify and address security gaps
      • Secure mission-critical infrastructure
      • Enforce the principle of least privilege
      • Proactively monitor online premises
      • Foster a culture of cyber security
      • Create a proactive incident response strategy
Computer Culture can help you work through this process. Please contact us to discuss.

Computer Culture's Security Solutions

Computer Culture Admin - Friday, June 22, 2018
HP We have developed a process to assist clients to understand your current security level and how you can reduce the risk of cyber-attacks.

This covers:
      • Upgrading the security appliance
      • Securing the network (including the Wi-Fi)
      • Implementing device management
      • Ensuring there is a high level of end point threat protection
      • Adding email protection
      • Advising on how to improve data security
      • Ensuring there is regular patching
      • Putting a managed offsite backup in place
      • Helping with user education and rights management
    Please contact us to discuss.

Remote Workers

Computer Culture Admin - Thursday, June 21, 2018
Hacked
Data from Spark Lab shows over 70% of small-to-medium enterprises (SMEs) are providing their employees with access to business systems and tools to work remotely. While that means employees can, and will, spend more time away from the office, that’s not necessarily a bad thing for businesses.

Remote access has been recognised by SME owners as one of the key ways to further their business potential – not just allowing employees to be contactable via email, but providing full document sharing and information circulation for complete mobility.

This latest data comes from Spark Lab’s partner, Digital Journey, which discovered that of the 70% of SMEs that provide access to business systems remotely, document access and access to financial information has increased the most on previous years. One explanation for this growth is the rise of services like Office 365 and Xero.

Another recent Spark survey of business people found that 62% believe mobile technology will give NZ businesses the greatest technology edge in 2018. Spark business marketing head Sally Gordon says there’s clearly a trend towards collaboration and document sharing services, and the benefits for SMEs can be great. “Moving your applications and software to cloud-based platforms enables you to access and manage everything, anywhere with just an internet browser, as opposed to being confined to your computer’s hard drive.” “Cloud-based applications foster stronger collaboration across different workplaces, whether it be at home, in a café or between meetings. They also provide business continuity when moving offices or during an unplanned event like an earthquake.” “There are a lot of rewards on the social side of things too, with employees able to work flexibly to suit their family or other commitments.” 

Here are Spark Lab’s top tips to make your business more mobile:

- Set up your digital infrastructure so employees can work from anywhere, at any time.
 
- Set boundaries based on trust. Be clear about what’s expected of employees. For example, what hours do they need to be online and available?
 
- Don’t forget data. Employees working mobile may require more mobile data. Have measures in place to manage usage, such as mobile data caps or an unlimited data plan that removes the risk of going over.

- Stay secure. There are a few easy steps to keep your information secure while working remotely. Enabling 2-factor authentication is easy to do, and often free. It means a hacker would need more than your password to get in.

- Another really easy way to keep your data safe is by using an incognito or private browser. This stops your browsing history from being remembered, including your search history and auto-fill information.

Stop Google from Tracking You and Delete Your Personal Data

Computer Culture Admin - Tuesday, May 29, 2018
HP You probably know that websites keep track of how you're using them, and even the sites that don't require you to sign up with an account can keep a track of your preferences and behaviour using cookies. But the biggest networks, like Google, and Facebook, keep tracking you even when you're not signed in and follow you around the Internet to serve you with "relevant" advertising and content. And since most of us will have signed up for at least one of Google's many popular services, that's the company that has the most information. Not everyone is comfortable with the idea of one company knowing so much about them. If you're one of these people, read on to find out how to minimise Google's tracking online.

Disable Tracking
If you've noticed the same ads following you no matter which website you visit, it may be because Google is tracking you. Thankfully, Google makes it very easy to disable tracking. Go through these steps to protect your privacy.
1) Google has a page for advertisement settings. Visit it and sign in. https://adssettings.google.com/authenticated
2) Here you will see two columns, one for advertisements you'll see on Google's websites and one for the advertisements you'll be shown on the Web. Based on your data, Google will have estimated your gender, age, languages you speak and your interests. Scroll down to Opt-out settings and click Opt-out in both columns. You'll notice that the data above will be replaced by N/A.
3) Google's advertising cookie is still tracking you. To remove it, head to the Advertising cookie opt-out page and click Download the cookie opt-out plugin. This plugin is available for Chrome, Internet Explorer and Firefox. After downloading this plugin, Google will stop tracking your browsing activity.

Disable Search History
While that stops the direct tracking, Google is still gathering a lot of information about your behaviour. Whether you're using Gmail, or YouTube or Google itself to search for things, you're giving the company a clear trail of browsing data. The good news is that you can stop it from doing so easily. This is how:
1) Head to Google's account history page and sign in. https://myaccount.google.com/activitycontrols
2) You will see four large cards (Things that you search for, Places you've been, Your YouTube searches, and Things that you've watched on YouTube). Each one of these will have a Pause button near the bottom-right and a Manage Activity link on the bottom-left.
3) Click Pause on all four tiles. This will stop Google from recording your personal data.
4) To remove the data that Google has already recorded, for each tile, click the Manage Activity link, then select the items, and click on "Delete Activity by" to delete by date.

For Android, iOS Users
If a smartphone or tablet is your preferred device for browsing the Web, you can take a quick peek in its settings to disable tracking. On Android, head to Settings > Accounts & Sync > Google > Ads (on some devices, Google may appear in the Settings app itself). Now make sure that there is a check-mark next to Opt out of interest-based ads. On iOS, go to Settings > Privacy > Advertising and turn on Limit Ad Tracking. This will stop websites that serve advertisements from tracking your browsing activity.

The Cost of Cybercrime

Computer Culture Admin - Monday, May 28, 2018
Hacked
In 2017 one million Kiwis lost $177M to cybercrime. This will be significantly higher in 2018.

According to Norton by Symantec findings for 2017, nearly half of all New Zealanders have or know someone who has been impacted by an online security threat. Of those who have ever been a victim of cyber crime, 56% have been affected in the past year. “People’s actions revealed a dangerous disconnect,” Symantec director of consumer business, Mark Gorrie, said. “Despite a steady stream of cyber crime sprees reported by media, too many people appear to feel invincible and skip taking even basic precautions to protect themselves. This disconnect highlights the need for consumer digital safety and the urgency for consumers to get back to basics when it comes to doing their part to prevent cyber crime.” The report, which spanned 20 countries, found that 978 million people were affected by cyber crime in 2017. Specific to New Zealand, millennials were the most common victims of cyber crime during the past 12 months. Despite the availability of device protection technologies such as fingerprint ID, pattern matching and facial recognition, nearly half of millennials don’t have any security measures on their devices. “They were also the most likely age group to share their passwords – half of all millennials have shared their smartphone passwords,” Gorrie explained. Password sharing is “rife” in New Zealand with 51% of Kiwis sharing passwords for at least one online account with others.

Behaviours
Despite 86% of New Zealanders believing cyber crime should be treated as a criminal act, 16% believe stealing information online is not as bad as stealing property in “real life”. Furthermore, 40% of Kiwis believe it’s sometimes acceptable to engage in “morally questionable online behaviour” in certain instances such as reading someone else’s emails without their consent (22%), sharing things they know are untrue on social media (14%) and putting software on someone’s machine to spy on them (12%). Of interest to the channel, people’s level of trust affects their behaviour when it comes to security. “Kiwis who reported gaining trust in themselves and their security software were more likely to apply security updates when prompted,” Gorrie added. “Kiwis were also more likely to gain trust in security software providers if they received a scam email which was flagged as such.” However, Gorrie said they are not as trusting of some institutions and organisations. Over the past year New Zealanders lost trust in the ability of credit report companies that gather information without user consent (39%), social media platforms (37%) and the government (33%) to manage their data and personal information.

The findings follow news that data breach notification is widely expected to become mandatory in New Zealand, positioning the channel as subject matter experts across the country. As part of changes to the Privacy Act now being drafted by the Ministry of Justice, Privacy Commissioner John Edwards has recommended fines of up to $100,000 in the case of an individual and up to $1 million in the case of a body corporate being breached.

Credit to Reseller News and James Henderson for this article.

General Data Protection Regulation (GDPR)

Computer Culture Admin - Friday, May 18, 2018
HP
New EU legislation, the General Data Protection Regulation (GDPR) will be in place soon and it will be the biggest shake-up of data privacy laws since the birth of the web. Privacy and data protection may not seem important to countries outside the EU, however the new rules will impact on any international organisation handling personal data of anyone residing in the European Union.

The extraterritorial scope of the GDPR means that some New Zealand organisations and businesses need to review their internal data processing procedures, or risk hefty fines for non-compliance. European data protection authorities will have the power to impose fines of up to €20 million or 4% of annual worldwide turnover (whichever is higher) for any breach of the GDPR. The GDPR can also result in civil liability. Any person who has suffered damage as a result of a breach of the GDPR has the right to receive compensation from the data controller or the data processor. 

Step 1: Who needs to comply?
The GDPR is fitted with a broad territorial scope – meaning it is affecting businesses outside the EU.

EU-based entities
Any processing of personal data in the context of a branch or subsidiary in the EU must comply with the GDPR. That is the case even if the actual processing itself takes place outside the European Union. Providers of outsourced services such as IT or admin services or cloud storage will be caught by this provision.

Example
Kiwi Ltd is offering an international money transfer service to customers worldwide. All customer data is processed and stored on a cloud storage facility hosted in the United States. Kiwi Ltd offers the service to its European customers through a German subsidiary.

Non-EU based entities processing data of individuals within the EU
All businesses with customers in the European Union or businesses that merely monitor the behaviours of individuals who live in the EU must abide by the new EU data protection standards. These businesses must ensure that they comply with the GDPR; irrespective of their physical location. The game changer here is that even businesses without a physical presence in the EU may have to comply with the new rules if they:
  • sell goods or services to a person who lives in the EU; or
  • monitor the behaviour of a person who lives in the EU.
The critical factor is the location of the individual (data subject) not the location of the data processor or data controller.

Example for monitoring behaviour of EU residents
NZ Ltd (without an EU subsidiary or branch) is selling apparel online to Australian and New Zealand customers. It is considering expanding its operations to the European market. To that end, NZ Ltd uses web analytic tools to determine how many people from each European country visit the NZ Ltd website and what they are interested in. NZ Ltd would need to comply with the GDPR because any form of web profiling or tracking, whether through cookies or otherwise, will fall into the ambit of the GDPR. The direct consequence of this is that businesses can no longer go “forum shopping” for the lowest data protection standards in the EU. Uncertainty exists as to how these privacy standards will be enforced in practice against an entity outside the EU, especially if they have no assets in the EU. However, there is a reputational element at play as well. Businesses that want to succeed in the European market must therefore ensure that they comply with the GDPR. The bigger sting may result from potential civil liability which would be (unlike fines) enforceable in New Zealand as a money judgment.

Step 2: What personal data is being collected and processed?
Personal data is broadly defined in the GDPR. Personal data is any information relating to a person who can be identified either directly or indirectly. Personal data may relate to a person’s private, professional, or public life. It can be anything from a name, a photo, an email address, employment details, interactions on social media, medical records, or an IP address. Even a dynamic IP address can be personal data (C-582/14 2016 Breyer v Federal Republic of Germany).

A person may be indirectly identifiable if identification is made possible through combining different pieces of information that by themselves alone would not reveal the identity of the person.

The GDPR does not apply to personal data that has been anonymised so that an individual can no longer be identified from the information itself. However, pseudonymised data that is retracable may be considered as personal data on individuals which are indirectly identifiable.

Step 3: How is personal data collected?
Businesses need to have a close look at how they collect personal data. Data may be collected from many sources: A person may have provided it voluntarily for “free” services such as search engine services or social networks. Personal data may also be captured automatically through cookies, web analytics, and sensors.
The GDPR approaches consent more restrictively. Consent must be “freely given, specific, informed and unambiguous”. Silence, pre-ticked boxes or inactivity is not a form of valid consent.
Consent must be specific to distinct purposes for handling personal data. Consent should cover all intended processing activities.
Particular conditions are imposed in the case of children online and for sensitive personal information.

Step 4: Why is personal data processed?
Businesses need to be clear about the legal ground or grounds for which they process personal data.
The GDPR prohibits the processing of personal data unless there are legal grounds to do so. In other words just because a business can process personal data does not mean it is also legally entitled to do so.

Legal grounds for processing of personal data include:
  • To perform a contract;
  • The individual concerned has given consent;
  • The data controller has a legitimate interest;
  • Statutory obligation to collect and retain information (eg, employers);
  • To perform the lawful function of a public authority; or
  • For the protection of vital interests of that person.
Personal data must be handled for specified and explicit purposes. During the life cycle of data, the personal data cannot be further processed in ways that are incompatible with the initial purposes for which the data was collected.
For instance, personal data that has been collected to perform a sale of goods contract cannot later be used for marketing, unless the person has specifically agreed to receiving promotional offers.
The GDPR does not provide for an intra-group privilege. Instead each group subsidiary will be accountable for its own data protection standards. This also means that intra group data transfers must be justified by law.
Example
Kiwi Holding Ltd is employing Swedish staff through its Swedish subsidiary. However, the actual payments of salaries to the Swedish staff comes from Kiwi Holding. There is – by default – no right for the Swedish subsidiary to transfer employee data to Kiwi Holding Ltd. Express consent is required from each Swedish employee for the intra-group data transfer to be legal.

Conclusion
The GDPR has introduced extended liability and increased penalties. With this in mind, companies should be particularly careful when handling personal data of Europeans. Businesses need to review their internal data policies and procedures that address privacy and data protection, including their IT policy, HR policy, outsourcing procedures, and any policy affecting data subjects in the European Union. GDPR compliance is not a one-off task. It is an ongoing process. Relevant policies should therefore continuously be monitored, reviewed, and most importantly communicated to staff. Bianca Mueller bianca@lawdownunder.com practises as a New Zealand barrister and solicitor and a German lawyer. She is the founder of the technology law firm LawDownUnder which focuses on European transnational and commercial relationships with New Zealand and Australia.

Why are privacy standards high in Europe?
The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. The European understanding of privacy is deeply rooted in human dignity and autonomy. It implies that each person can control and draw the line between their public and private sphere. The basic idea is that people should be able to control personal data about them also called “informational self-determination”. This means that individuals have a right to determine when, how, and for what purpose personal information about them is being held and used.

Charitable Cause

Computer Culture Admin - Thursday, May 17, 2018
Devices for Underprivileged Families

Hacked Since 2016, Computer Culture has worked in conjunction with the McPhail Foundation Charitable Trust to provide computers and laptops to low decile schools and underprivileged families in the canterbury region.

The Trust was registered in 2003 and over the past 15 years has donated hundreds of computers to students and schools.


Typically, the recipient will be a child under the age of 18 who currently does not have access to a computer and whose education will benefit from this exposure.

The suitable family must meet the below criteria:
• The family must have a child at the school
• The selected child will not currently have access to a computer at home
• The child will benefit from having access to this technology
• The family will look after the computer
• The family will undertake not to sell the system for personal gain

Due to the changing needs the Trust is moving to provide laptops and tablets in preference to desktop computers.

The Trust relies on donated hardware; however it funds the purchase of hardware to upgrade the device to ensure it has a decent size hard drive, enough memory and a good battery.

As a consequence, the trust is always looking for kind souls to make a small donation so that this good work can continue. If you are interested in donating to this cause you can do so or find out more through the following ways:

Household Battery Recycling

Computer Culture Admin - Wednesday, May 16, 2018
HP
Help keep our environment clean. Recycle your old household batteries.

Piko Wholefoods offer a collection bin to send your old batteries away to a suitable country for recycling. There is a small charge per battery to cover the costs of shipping these overseas.

Costs are as follow:
80 cents for D batteries
40 cents for C batteries
30 cents for 9 volt batteries
20 cents for AA batteries
10 cents for AAA batteries
10 cents for button batteries

You can also recycle your old cellphone batteries too. There is no charge for these.

Piko Wholefoods is located at:
229 Kilmore Street Christchurch
corner Kilmore / Barbadoes Streets

Back to Top