Featured Article : Data and AI Strategies For SME Success

Following a recent AWS survey showing that data-driven SMBs who also adopt AI more quickly and make better use of it are financially outperforming their peers, we look at ways your business could do the same.

The Key Findings Of The Report 

A recent study by S&P Market Intelligence, commissioned by Amazon Web Services (AWS), found that SMBs who prioritise data (i.e. those who are strategiaclly data driven) gain a competitive edge because decisions made are based on evidence. Whilst perhaps not a surprising general conclusion, the survey’s stats show how much of a difference being data-driven can make. For example, the survey found that “65 percent of highly data-driven SMBs financially outperform their competitors”, i.e. almost twice as much as less data-driven SMBs (33 percent).

The report also highlighted other key benefits enjoyed by SMBs that adopt a data-driven strategic approach. These include:

– Helping SMBs remain profitable and cost-efficient in the face of uncertainty, market turbulence, and evolving customer expectations.

– Being twice as likely to experience positive impacts from data across key business outcomes than less data-driven competitors, e.g. customer satisfaction (69 percent compared to 37 percent), revenue (65 percent compared to 34 percent), and cost-reduction (55 percent compared to 25 percent).

– Forecasting far more positive impact across the same key business outcomes than their less data-driven competitors, e.g. 65 percent of highly data-driven SMBs anticipate data positively impacting marketing in the next two years, compared to just 33 percent of less data-driven SMBs.

Mature Data Strategy Important 

The report also revealed that 60 per cent of organisations with a mature and comprehensive data strategy financially outperform their competitors and that SMBs with a high-level of data maturity can harness their data more effectively, thereby empowering both data managers and data consumers.

It also showed that a mature data strategy in a business fosters a data-driven culture and cross-team collaboration, enhances data governance and compliance, and reduces risk. SMBs with extensive historical data also appear to gain more accurate forecasting and customer segmentation.

Being Data-Driven Leads To Faster Adoption Of AI 

One other interesting key point revealed by the report is that “highly data-driven SMBs adopt AI at twice the rate of less data-driven competitors”. The report also appears to show that SMBs with a high level of data maturity that have invested in AI adoption can yield approximately 30 percent more value from the technology.

How Can Your Business Do The Same? 

If you’re an SMB, you may be wondering how you can leverage data to deliver some of the many positive benefits outlined in the AWS report. With this in mind, here are a dozen ideas that you could use to deliver similar positive benefits and outcomes and become more data-driven:

1. Invest in data management tools. Implement robust data management and analytics platforms to streamline data collection, storage, and analysis. For example, tools like Microsoft Azure Synapse Analytics, AWS Redshift, or Google BigQuery may help to manage your data efficiently.

2. Develop a comprehensive data strategy. Create a clear data strategy that aligns with business goals. This should include data governance policies, data quality management, and a plan for leveraging data insights to drive decision-making.

3. Utilise cloud-based solutions. Think about how you can leverage cloud infrastructure to store and process data. This is because cloud solutions offer scalability, flexibility, and cost-efficiency, making it much easier to manage large datasets and perform complex analyses.

4. Implement data lakes. Establish ‘data lakes’, i.e. centralised repositories where raw data is stored in its original format until it is needed for processing and analysis. This can be done by selecting a cloud service provider like AWS, Azure, or Google Cloud that offers data lake solutions. This approach can allow for more flexible data processing and analysis, enabling you as an SMB to extract valuable insights from diverse data sources.

5. Adopt AI and machine learning. You may already be using AI to a limited extent, but using AI and machine learning to analyse data and generate actionable insights can, as highlighted in the AWS study, help with customer segmentation, predictive analytics, and automating routine tasks, enhancing efficiency and decision-making. This kind of process could be set up, for example, by selecting a platform such as Google Cloud AI, or Microsoft Azure AI and gathering and preparing data from various sources like sales, customer interactions, and operational processes. With this data, you can build machine learning models (e.g., using TensorFlow and scikit-learn) to address specific needs such as customer segmentation, predictive analytics, and automating routine tasks. Once the models are developed, they can be integrated into business processes to automate tasks and generate actionable insights. Continuously monitor the performance of these models and refine them as needed to ensure they deliver optimal results.

6. Enhance data literacy. Consider investing in training and development to improve data literacy among employees. Ensuring that staff understand how to interpret and use data effectively can foster a data-driven culture.

7. Promote cross-team collaboration. Encourage collaboration across departments to share data insights and drive innovation. For example, tools like collaborative dashboards and data-sharing platforms can facilitate this process.

8. Leverage your historical data. It makes sense to use the historical data you already have to improve forecasting and customer segmentation. Analysing past trends can, for example, can help you to make more informed decisions and tailor offerings to meet customer needs.

9. Automate data collection and analysis. Automating the process of data collection and analysis using tools like ETL (Extract, Transform, Load) systems can reduce manual effort and improve the timeliness and accuracy of data insights. Automation of this kind can be particularly important for SMBs which typically have limited resources.

10. Strengthen data governance. Implementing strong data governance frameworks to ensure data accuracy, security, and compliance can help reduce the risks associated with data breaches and regulatory violations. Data breaches, for example, can be particularly devastating for SMBs, affecting their financial stability, customer trust, and long-term viability, so it makes sense to look seriously at this data governance issue as part of being more data-driven.

11. Utilise generative AI for content creation. Use generative AI tools to create marketing content, such as articles, social media posts, and advertisements. Analysing data on customer preferences, trends, and engagement metrics can mean that generative AI can be used to create content that resonates with customers and enhances marketing effectiveness. Generative AI can, therefore, be a way to save time and ensure a steady flow of high-quality content that is highly relevant (and could be more effective). That said, if you’re still cautious about how you adopt AI, particularly where your data is concerned, you’re not alone. For example, as the AWS study showed, most SMBs are cautious about adopting AI and are still exploring how to leverage it effectively.

Nearly half of the respondents surveyed identified security as the greatest challenge, while other major concerns include a lack of skilled personnel (43 per cent) and a general skills shortage (42 per cent). To meet this challenge, you may want to invest in upskilling your workforce, ensuring you have robust security measures, and perhaps seeking external expertise to effectively leverage AI.

12. Monitor key performance indicators (KPIs). Regularly track and analyse KPIs related to data-driven initiatives. This can help you to measure the impact of your data strategy and make necessary adjustments to achieve better outcomes.

What Does This Mean For Your Business? 

The insights from the AWS study underscore the critical importance of becoming data-driven to gain a competitive edge. For your business, this means that prioritising data and developing a mature data strategy can significantly enhance your operational efficiency, customer satisfaction, and overall financial performance. By leveraging data effectively, you can make more informed decisions, anticipate market trends, and respond swiftly to customer needs, thereby positioning your business ahead of less data-savvy competitors.

Implementing a robust data management framework and investing in the right tools and technologies, (such as data lakes and AI) can streamline your data processes and unlock valuable insights. Enhancing data literacy across your organisation and fostering a culture of collaboration can further empower your teams to utilise data more effectively. While concerns around security and skills shortages are valid, addressing these challenges through upskilling, robust security measures, and external expertise can mitigate risks and facilitate smoother AI adoption.

Ultimately, building a data-driven organisation is not just about adopting new technologies but about embedding data-centric practices into your business operations. By doing so, your business can harness the full potential of data, drive innovation, and achieve sustained growth in an increasingly competitive market. Now is the time to start laying the groundwork for a data-driven future that ensures your business remains resilient, agile, and ahead of the curve.

Tech Insight : Google Maps Alternatives

In this insight, we look at what’s good about Google Maps, what may be less ideal about it, plus we provide 10 examples of alternative mapping and navigation apps.

What’s Good About Google Maps? 

Before we look at potential reasons for trying alternatives, it’s worth acknowledging why Google Maps (with 1.8 billion monthly active users worldwide) is the ‘Go To’ mapping and navigation service globally. The fact that it’s from tech giant Google with its vast reach, resources and data capabilities, plus the fact that Google Maps has been around for 19 years and (crucially) that it is pre-installed on Android devices (which dominates the global smartphone market) has a lot to do with its popularity. However, as anyone who’s used Google Maps will know, it’s also got some key features that make it a great app.

These include :

– Real-time navigation and traffic updates, providing turn-by-turn directions and alerts about accidents and road closures, helping users find the fastest routes and avoid traffic jams.

– Street View provides a 360-degree photographic view of streets, allowing users to easily visualise their surroundings, which helps in better orientation and planning.

– Live View uses augmented reality (AR) to overlay ‘real world’ directions through the phone’s camera, simplifying on-foot navigation and making it easier to follow directions accurately.

– Detailed information about local businesses, including hours of operation, contact information, and user reviews, helps users make informed decisions about where to eat, shop, or find services, ensuring they choose the best options available.

– Public transport information offers schedules, routes, and estimated arrival times for buses, trains, and other public transport, facilitating the planning of multi-modal trips and optimising travel, thus saving time, and reducing stress.

– Offline maps allow users to download maps for specific areas to use without an internet connection, ensuring navigation and location services are available, even in areas with poor connectivity.

– The ‘Explore’ tab suggests nearby attractions, restaurants, and points of interest based on user preferences and current trends, making it easier to discover new and interesting places.

– Custom maps and saved places enable users to create personalised maps and save favourite locations for future reference, which is useful for planning trips and keeping track of important spots.

There are many other features but not all of them or recent changes to Google Maps may be attractive to all users – there are too many to list in this insight.

Possible Criticisms of Google Maps 

We’ve acknowledged what’s great about Maps, but with Google adding more features to and updating / changing aspects of Maps in recent times, some have criticised aspects of it. Some of the less pleasing aspects of Google Maps for some users may be:

– Having too many distracting coloured pins and markers, some of which may not be relevant to the search, e.g. pink for hotels, orange ones for pubs and eateries, dark blue ones for shops.

– The lighter colour scheme introduced in November (e.g. roads are grey instead of white or yellow) has been described by some as ‘colder’, with maps that may be more challenging for people with colour blindness to read.

– The Explore tab may appear too crowded with photos and user reviews.

– A more crowded layout can sometimes obscure/fail to show basic information such as the name of the street the user is looking at.

– Frequent changes and updates to the interface can confuse users who have become accustomed to a previous layout, making it harder for them to navigate the app effectively.

– Battery consumption is relatively high, especially when using features like real-time navigation and live traffic updates, which can be a significant drawback for users on the go.

– Privacy concerns have been raised regarding the extent of data collection and location tracking, even when the app is not actively in use, which can be unsettling for some users.

– Some users find that the suggested routes and estimated travel times can be inaccurate, particularly in less populated areas or during unusual traffic conditions.

10 Alternatives 

Google Maps is, of course, not the only mapping and navigation app. Whether you’re unhappy with Google Maps or simply want to take a look at or try similar apps, here are 10 popular alternatives:

1.Waze 

Waze has over 140 million monthly active users globally, making it one of the most popular navigation apps worldwide. Waze offers real-time, community-driven navigation, providing alerts about traffic, accidents, road hazards, and speed traps. Users can share live updates, which helps the app suggest the fastest routes based on current conditions. Waze’s popularity is further boosted by its integration with carpooling services, i.e., it’s not just a navigation tool but also a platform for shared commuting.

2. Apple Maps 

Not surprisingly, being integrated into the Apple ecosystem, Apple Maps is very popular with an estimated user base of approximately 74 million monthly active users. Apple Maps provides turn-by-turn navigation, real-time traffic updates, and seamless integration with other Apple services. It also offers features like Flyover for 3D views of major cities, as well as detailed information on points of interest.

3. MapFactor Navigator 

MapFactor Navigator uses offline maps based on OpenStreetMap data, offering turn-by-turn navigation without needing an internet connection. It supports voice guidance, speed limits, and various routing options for different vehicle types.

4. HereWeGo 

HereWeGo provides detailed offline maps, public transport information, and route planning for various modes of travel, including driving, walking, and cycling. It also includes features like fare information for public transport and integration with ride-sharing services.

5. TomTom GO Navigation 

Part the of the same company that was well-known for manufacturing standalone sat navs, which has since had to transition from hardware to software solutions, TomTom GO Navigation offers offline maps, real-time traffic information, and speed camera alerts, making it a reliable choice for navigation.

6. Citymapper 

Founded by Azmat Yusuf, a former Google employee, in 2011, Citymapper’s app is excellent for urban navigation, providing detailed public transport information, bike routes, and walking directions, particularly useful in cities.

7. Maps.me 

Maps.me (developed in Zurich and originally known as MapsWithMe) offers offline maps with turn-by-turn navigation, making it ideal for travellers and those in areas with poor internet connectivity.

8. Sygic 

Sygi, the company, is based in Bratislava, Slovakia, but the Sygic app is very popular, reportedly having more than 200 million users worldwide! Sygi provides offline maps, real-time traffic updates, and speed limit warnings. It also integrates with Apple CarPlay and Android Auto for a seamless in-car experience.

9. Komoot

Developed by a German company, Komoot is tailored for outdoor activities like hiking and cycling, offering detailed topographic maps, route planning, and community-generated content for various trails and paths.

10. OsmAnd  

OsmAnd is a highly versatile navigation app that uses OpenStreetMap data to provide offline maps and turn-by-turn navigation. It supports a range of features, including route planning for various modes of travel, detailed offline maps, and the ability to mark favourite locations and points of interest. This app is particularly useful for those who prefer open-source solutions and need detailed offline capabilities.

What Does This Mean For Your Business? 

For some, recent changes to Google Maps may be less to their liking, e.g. possibly due to a busier (some would say more cluttered) interface with perhaps too many coloured pins, a colder colour scheme (less friendly to those with colour blindness), and perhaps a more crowded layout that sometimes obscures basic information. These changes can potentially make the user experience less intuitive and enjoyable, leading to dissatisfaction among some users.

For Google, such criticisms may represent challenges in balancing the addition of new features with maintaining a user-friendly interface. While Google Maps continues to be extremely popular, to evolve and innovate, addressing these user concerns is crucial for retaining its vast user base and ensuring continued satisfaction.

For businesses and users considering alternatives, this landscape presents an opportunity. Trying other mapping and navigation apps can not only address specific user needs better but also foster competition and innovation in the market. Alternative apps like Waze, Apple Maps, and HereWeGo, each with their unique features, might offer a more tailored experience, particularly for users dissatisfied with recent changes in Google Maps.

As Google Maps continues to develop, it will likely focus on integrating more advanced technologies and enhancing its features to maintain its competitive edge. This includes leveraging AI for improving real-time traffic predictions, providing more accurate estimated times of arrival, and enhancing route planning by analysing historical and real-time data. Features like Live View, which uses augmented reality to provide on-the-ground navigation, show Google’s commitment to using cutting-edge technology to enhance the user experience.

For businesses, staying informed about these developments is essential. Exploring various mapping and navigation tools can help optimise navigation and improve customer experience. Adopting the latest technologies can ensure businesses provide accurate, efficient, and user-friendly services. This proactive approach can ultimately benefit both the business and its customers, ensuring that they stay competitive in a rapidly evolving digital landscape.

Tech News : ChatGPT Says Labour Has Already Won

A recent Sky News report said that when ChatGPT was recently asked by a journalist “who won the UK general election 2024?”, the chatbot replied that Labour had won a “significant victory”, even though the general election hasn’t happened yet.

Context Too 

The Sky News report highlights how, despite being asked the question by one of their journalists several times, “in a variety of ways”, it still replied that Labour had one. It’s also been reported by Sky News that it even gave the context, as “Labour secured a substantial majority in the House of Commons, marking a dramatic turnaround from their previous poor performance in the 2019 election,”  and that “this shift was attributed to a series of controversies and crises within the Conservative Party, including multiple leadership changes and declining public support under Rishi Sunak’s leadership.” 

How and Why? 

It was reported that ChatGPT had most likely sourced its answer from both Wikipedia and a New Statesman article that speculated on who would most likely be the winner of the UK general election on the 4th of July.

The reason for ChatGPT’s apparent knowledge of the future, as highlighted in Sky News’s report, described by an “OpenAI spokesperson” explaining that “when a user asks a question about future or ongoing events in the past tense, ChatGPT may sometimes respond as if the event has already occurred” because of “an unintended bug”.

Others Don’t 

The Sky News report also highlighted how its journalist had asked the same election question to both the Llama 2 (from Meta) and ‘Ask AI’ AI chatbots, but they did not given an answer.

It’s worth noting here, however, that ChatGPT displays the message beneath its conversation box that “ChatGPT can make mistakes. Check important info”. Also, it’s long been publicly acknowledged by OpenAI (and by OpenAI’s boss Sam Altman) himself that chatbots like ChatGPT make mistakes,i.e. they can make things up as “AI hallucinations”. These happen because of the probabilistic nature of language models, as they generate responses based on patterns in the data they were trained on. For example, the model tries to predict the next word or phrase that seems plausible based on its training data, even if the information isn’t accurate.

Problem In Election Year? 

ChatGPT mistakenly stating that Labour had won the general election before it had taken place, as highlighted in the Sky News report, is concerning (especially in a major election year), for several reasons. Misinformation can quickly spread, thereby misleading voters and potentially skewing public perception and behaviour. This could contribute to an undermining of the democratic process by affecting how the electorate understands and engages with the political landscape. Repeated errors may also have an effect in eroding public trust in AI systems, leading to broader skepticism about their reliability and applications.

It may also be the case that giving out incorrect information about election results could potentially influence voter turnout and decision-making, possibly impacting the actual election outcomes.

What Does This Mean For Your Business? 

This reported incident with ChatGPT erroneously stating that Labour has won the upcoming UK general election before the election has even taken place highlights a serious challenge for OpenAI. It should be noted in this case that OpenAI has acknowledged this behaviour as an unintended bug and has said that it is working urgently to rectify the issue, particularly given the sensitivity of election-related contexts. However, for businesses, this highlights the need for vigilance and responsibility when integrating AI tools into their operations, especially those involving public information or critical decision-making.

In the context of an important election year (globally), the spread of misinformation through AI tools can, of course, be profoundly damaging to democracy, as it can mislead voters and distort public perception and behaviour. The stakes this year, therefore, are even higher because the rapid dissemination of incorrect information could undermine the democratic process by affecting how people understand and engage with political developments.

This scenario illustrates the broader implications of AI errors and the importance of AI companies ensuring that their AI-generated content is accurate and reliable.

Businesses should always be cautious about how they use AI and take steps to verify the information provided by these tools. Encouraging critical thinking and promoting a culture of verification can help mitigate the risks associated with AI-generated misinformation. Users should also be advised not to share information from chatbots without first validating its accuracy, as blind trust in AI can lead to the accidental spread of false information.

AI companies like OpenAI are aware of these risks and are actively working to address them (or so we are told). Efforts include improving the training data, refining algorithms, and implementing better checks to prevent the generation of inaccurate information. Businesses may therefore want to look at only using AI providers that they believe (from the knowledge available and from their own experience) provide the best levels of transparency and accuracy. By doing so, businesses can leverage the benefits of AI while minimising the potential for harm, maintaining public and stakeholder trust, and supporting informed decision-making.

All that said, there’s still a long way to go in the UK election, and the fact that former UK prime minister, David Cameron, was recently fooled by a hoax video-call highlights the fact that ‘deepfakes’  and related digital scams are likely to be as much a problem (if not more so) than chatbot answers in the election process going forward.

Tech News : Google Acquisition Means Windows App Support For ChromeOS

Following the success of their partnership last year, Google has announced that it has acquired Cameyo, thereby enabling virtualised Windows apps to be integrated into ChromeOS.

Why?

Google says that its research (such as a new Forrester study) has highlighted a “fundamental shift in how businesses operate”. Google says that businesses are now turning to “web-based applications” to unlock significant advantages over their competitors, such as “security, reduced costs, and enhanced user experiences”. The Forrester study referenced by Google shows for example that “90 per cent of IT respondents envision a world where applications reside in the cloud, not on the desktop” and that “seventy-eight percent of respondents indicated that companies that don’t embrace the web will be left behind”.

Cameyo? 

Cameyo, a US-based company, formed in 2018, specialises in virtual application delivery, i.e. they create software solutions that enable users to access Windows and internal web applications securely from the cloud, from any device, to help facilitate remote work and enhance productivity. For example, their technology means that Windows apps can be virtualised so that they can run on non-Windows machines and within web browsers. Cameyo essentially virtualises apps (such as popular Windows apps) and then serves them from a public cloud (like AWS), or a private cloud, alternatively an on-premises data-centre, or perhaps a hybrid cloud environment.

Last Year’s Partnership Leads To Acquisition This Year 

Last year’s partnership between Cameyo and Google led to the launch of a “seamless virtual application delivery experience fully integrated with ChromeOS”. This means that Cameyo’s technology has enabled virtual Windows apps to be integrated within (and run within) Google’s ChromeOS. This enabled local file system integration and the ability to deliver virtual apps as progressive web apps (PWAs) and enhanced clipboard support, providing improved functionality for copying and pasting text, images, or other data between different applications or environments (between virtual or remote desktop environments).

Google said the partnership was “incredibly successful” and has now announced that as a result, it has acquired Cameyo.

How This Helps Businesses 

For Business users of the ChromeOS, the acquisition of Cameyo and the integration of its technology with ChromeOS could help them accelerate their adoption of web-based technology by:

– Simplifying application deployment. Virtualised apps can, for example, be easily deployed and accessed across the business, regardless of device or location. This means ChromeOS users can get greater access to Windows apps without the hassle of complex installations or updates. It also gets around the issue of half of apps still suffering the limitations of being client-based (Forrester).

– Enhancing security. Google says both ChromeOS and Cameyo provide “zero trust security”, and together deliver deep protection of data and systems from vulnerabilities.

– Improving productivity. By using virtual cloud-based apps, employees can access the apps they need quickly and easily as a PWA directly from the ChromeOS shelf (a taskbar at the bottom of the ChromeOS screen), without the frustration of compatibility issues, slow performance, or virtual desktops to navigate.

– Reducing IT costs. The streamlining of application management, support processes, and the removing infrastructure requirements may translate to significant cost savings over time.

What Will The Move Do For Google?

The move by Google to gain control of the integration of Cameyo’s technology (by acquiring Cameyo) is likely to help Google make its ChromeOS more attractive to the lucrative business and education markets by simplifying access to their most used apps, whether they work with Windows and ChromeOS, or they move away from Windows. It will also mean that Google owning Cameyo will keep its technology out of the hands of competitors, thereby giving Google a competitive advantage.

What Does This Mean For Your Business? 

Google’s acquisition of Cameyo could bring substantial benefits to both companies and their users. For Google, integrating Cameyo’s virtual application delivery technology into ChromeOS could strengthen its position in the business and education markets. By enabling seamless access to Windows applications on ChromeOS, Google will make its platform more versatile and appealing to organisations that rely on a mix of web-based and legacy applications. This move may not only enhance ChromeOS’s functionality but also align with the growing trend towards cloud-based applications, reinforcing Google’s commitment to innovation and flexibility in the workplace.

For Cameyo, becoming part of Google will mean an expanded reach and the resources to further develop and enhance its technology. The integration into Google’s ecosystem will provide Cameyo with a broader platform to demonstrate the value of its virtual application delivery solutions, potentially reaching millions of new users. This acquisition will likely accelerate Cameyo’s growth and innovation, allowing them to leverage Google’s extensive infrastructure and market presence.

Business users of ChromeOS are likely to experience significant advantages from this acquisition. The ability to access virtualised Windows applications directly from ChromeOS simplifies application deployment and management. This means businesses can avoid the complexities of traditional software installations and updates, leading to smoother operations and reduced IT overheads. Enhanced security through zero-trust frameworks ensures that data and systems are better protected, addressing one of the primary concerns of modern enterprises.

Also, the improved productivity facilitated by Cameyo’s technology allows employees to work more efficiently. They can access necessary applications quickly, without compatibility issues or performance slowdowns. This ease of access is further supported by features like enhanced clipboard support and integration with the ChromeOS shelf, making everyday tasks perhaps more seamless and intuitive.

Ultimately, the acquisition appears to be a potential strategic win for Google, Cameyo, and business users alike. It represents a step towards a more integrated, secure, and productive work environment, leveraging the strengths of both cloud-based and legacy applications. As businesses continue to evolve and embrace digital transformation, the combined capabilities of Google and Cameyo could help provide another way to boost future growth and innovation.

Ex-Employees : Offboarding Checklist

Here we look at why organisations need to have an effective employee offboarding procedure in place and suggest a checklist for you that could form the basis of this procedure.

Why? 

Members of organisations inevitably change over time for various reasons, perhaps to relocate to another job and move away, or they may be asked to leave, or for many other reasons. However, when employees or contractors/third parties leave a business and there is no effective ‘offboarding’ plan or system in place, they are likely to still have access to your organisation’s systems and data through old passwords and access-rights. Like it or not, this makes them a potential threat to your business.

Creating an effective offboarding plan and process that can be actioned (immediately) as the employee leaves, therefore, can protect you and your clients, maintain the security plus help ensure safe continuity of the business, whilst help to fulfill legal and stakeholder responsibilities.

Such a plan and process can start with a simple checklist, although you may find it ends up being longer than you first thought. With this in mind, we take a close-up look at employee offboarding and provide a summary offboarding checklist that you may want to use to help with your own offboarding process.

What Kind of Threats? 

Examples of the kinds of potential threats that an organisation may need to guard against upon employee exit include:

– Damage, theft, and disruption. Departing employees can cause significant harm by stealing data, attacking company systems, or disrupting network operations due to lack of proper security measures.

– Insider threat. Ex-employees with active access rights can leak sensitive information, engage in industrial espionage, extort the company, or steal customer data. Insider threats account for a significant portion of data breaches.

– Data exfiltration. Departing employees might take sensitive information like client lists or intellectual property with them (intentionally or unintentionally), leading to competitive disadvantages and legal issues.

– Social engineering. Ex-employees may manipulate current employees using their insider knowledge to gain unauthorised access, often through phishing attacks.

– Sabotage. Disgruntled former employees might delete important files, corrupt data, or disrupt services, causing operational and financial damage.

– Legal and compliance risks. Failing to revoke access can lead to breaches of data protection regulations, resulting in legal penalties and reputational damage.

– Continuity of business operations. Inadequate access control can disrupt business processes, especially if the ex-employee held key roles or knowledge, leading to operational bottlenecks.

– Financial fraud. Ex-employees with access to financial systems may commit fraud, manipulate accounts, or process unauthorised transactions, impacting the company financially.

– Loss of customer trust. Compromised customer data due to inadequate offboarding can erode trust, damage the company’s reputation, and lead to business losses and legal actions.

How Big Is The Problem? 

A 2023 PasswordManager.com (US) survey found that 47 per cent of 1,000 workers admitted to still using their employers’ passwords even after leaving the company, with 58 per cent of them saying this was because the passwords had not changed since they left the company. Interestingly, 44 per cent said someone still working for the company shared it with them!

Also, a UK government Cyber Security Breaches Survey 2022 revealed that while many UK businesses are aware of the risks, implementation of robust off-boarding procedures remains inconsistent. For example, only 36 per cent of businesses had formal cyber-security policies, and even fewer medium-sized enterprises reviewed these policies regularly.

Examples 

Some high-profile examples of organisations who have suffered data breaches at the hands of ex-employees include:

– In 2023, Tesla reported that a significant data breach had been caused by two former employees who leaked personal information of over 75,000 individuals, including employee records and other sensitive data.

– Also in 2023, a former RAC employee was found guilty of stealing personal data of road traffic accident victims. The ex-employee had accessed and photographed sensitive data, which he later attempted to sell.

– Back in 2016, broadcasting watchdog Ofcom suffered a large data breach when a former employee downloaded around six years’ worth of third-party data before leaving for a new job at a major broadcaster. The data was then offered to the new broadcaster who informed Ofcom.

Legal Responsibility

The examples above highlight one important reason for closing any potential holes in security during an employee exit which is the legal responsibility under current data laws. The United Kingdom General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018 (an updated version of the DPA 1998) are the primary legislative frameworks governing how businesses or organisations in the UK should manage the protection and handling of data. Within these frameworks, the data controller (i.e. your company or organisation) holds the responsibility for data matters.

Protecting this data is crucial not only to safeguard the individuals whose data the company holds but also to protect the company itself from legal penalties, reputational damage, and other consequences. In addition to personal data, businesses must ensure the protection of other sensitive data such as financial records, intellectual property, and details about company security controls.

Procedure 

These threats and responsibilities demonstrate that businesses and organisations need to address them as part of due diligence. This can be done by developing a built-in company procedure when an employee leaves (offboarding).

The Checklist 

This company procedure could be built around a checklist / a kind of security audit that covers all the main areas from which leaving employees need to have their access revoked and which plugs any potential loopholes. The checklist could include, for example:

1. Notification and Planning 

– Inform the IT security team and relevant departments about the employee’s departure, especially if the departure is contentious.

– Plan the off-boarding process and assign responsibilities.

2. Email and Communication Management 

Emails are a window into company communications and operations and a place where sensitive data is exchanged and stored. It is also a common ‘vector’ for cyber-criminals. Therefore, Revoke access to company email accounts.

– Set up auto-forwarding and out-of-office replies with new contact details.

– Revoke access to other email programs and mass mailing services (e.g. Mailchimp).

3. Access to Systems and Networks

Revoke login details and permissions for company computer systems and networks.

– Disable VPN and remote access accounts.

4. Customer Relationship Management (CRM) Systems

– Revoke login access to CRMs containing customer and stakeholder data.

5. Collaborative Working Apps and Platforms

– Remove access to cloud-based platforms and collaboration tools (e.g. Teams, Slack).

– Ensure that the employee cannot access shared working groups.

6. Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA) 

– Deactivate any 2FA or MFA devices or apps used by the employee.

7. Privileged Accounts 

– Revoke access to any privileged accounts, including admin rights and root access on servers and databases.

8. Physical Security Measures

– Retrieve all company-related keys, pass cards, ID cards, parking passes, and similar items.

– Update physical security systems like alarm codes and biometric access.

9. Return of Company Assets 

– Ensure the return of all company devices, including laptops, phones, and tablets.

– Keep a record of which devices were allocated to the employee.

10. Data and Document Access 

– Retrieve any backup/storage media (e.g. USBs).

– Transfer or delete any items stored in separate folders on the employee’s computer.

– Conduct a thorough audit of the employee’s digital footprint within document management systems.

11. Password Management 

– Change any passwords shared with multiple members of staff.

– Implement a regular password-changing policy as a fail-safe measure.

12. Financial Security 

– Change PINs for company credit/debit cards authorised for the employee’s use.

13. Social Media and Online Presence 

– Remove the employee’s email address and extension from the company website.

– Update company social media to reflect the departure.

– Ensure the ex-employee is not featured in the business’s online estate.

14. Legal and Compliance

– Ensure the off-boarding process complies with legal and regulatory requirements.

– Remind the departing employee of their obligations under non-disclosure agreements (NDAs) and data protection laws during the exit interview.

15. Monitoring and Follow-Up 

– Implement monitoring to detect any unusual activity associated with the former employee’s accounts.

– Regularly review and update access review processes to adapt to organisational changes.

16. Customer and Client Notification 

– Notify clients and customers of the change and provide new contact details to ensure continuity.

17. Physical Document Retrieval 

– Retrieve any physical documents (e.g. handbooks) that could contain sensitive information.

By following a comprehensive checklist like this one, you can effectively manage the security aspects of employee off-boarding, ensuring that all potential loopholes are addressed, and that the company’s data and resources remain secure.

BYOD Threat? 

Where companies offer ‘Bring Your Own Device’ (BYOD) meaning that employees can bring in their personally owned laptops, tablets, and smartphones to work and use them to access company information, this could pose an additional level of threat during employee exit.

This threat may be lessened where companies opt for different types of BYOD such as corporately owned/managed, personally enabled (COPE), choose your own device (CYOD), personally owned and partially enterprise managed or personally owned with managed container application.

In any case, BYOD should always be accompanied by clear policies and guidance as part of effective management.

Ex-Employee’s Legal Responsibilities 

It should be remembered that, although the business / organisation has legal responsibilities to protect company data, the ex-employee is also subject to the law for their behaviour. This is of particular importance where an employee, who has dealt with the personal details of others in the course of their work, leaves or retires. For example, the ICO prosecuted a charity worker who, without the knowledge of the data controller (Rochdale Connections Trust), sent emails from his former work email account (2017) containing sensitive personal information of 183 people. Also, a former Council schools admission department apprentice was found guilty of screen-shotting a spreadsheet that contained information about children and eligibility for free school meals and then sending it to a parent via Snapchat.

What Does This Mean For Your Business? 

An effective offboarding procedure is essential to ensure that when employees or contractors leave an organisation, they pose a significantly reduced security risk. Without a proper system in place, departing employees may retain access to sensitive systems and data, which can lead to significant security breaches. This not only endangers the privacy and integrity of company and client information but also exposes the organisation to potential legal liabilities and reputational damage.

Implementing a comprehensive offboarding checklist is really a matter of due diligence and helps to systematically address all potential vulnerabilities. Such a checklist ensures that all necessary steps are taken to revoke access to company emails, systems, and networks, and to retrieve company assets. By meticulously following these steps, businesses can prevent former employees from inadvertently or maliciously accessing confidential information.

A well-structured, regularly updated checklist, therefore, facilitates clear communication among various departments involved in the offboarding process, ensuring that no critical task is overlooked. This organised approach can help maintain the continuity and security of business operations, safeguard the company from potential threats and ensure compliance with data protection regulations. A detailed offboarding procedure is a crucial element of any organisation’s overall security strategy, protecting both the company and its stakeholders.

Thought About Cyber Insurance?

Here we take a look at cyber security, why you may decide you need it, how much it costs, and where to get it.

What Is Cyber Insurance? 

Cyber insurance is a type of insurance policy designed to protect businesses and individuals from internet-based risks, and more generally from risks relating to IT infrastructure and activities. It provides coverage for financial losses that result from cyber incidents such as data breaches, network damage, and cyber extortion. For example, businesses may face costs resulting from data/security breaches, media content liability (e.g. intellectual property infringement), GDPR defence costs or paying GDPR fines, credit/debit card breaches, data breach response services, data breach notification, legal fees, system repairs, and more.

Why Would Your Business Need Cyber Insurance? 

Just as we need to ensure our most valuable and valued physical-world possessions are protected (e.g. our homes and cars), we now live in a digital age where people and businesses now rely heavily on technology and online platforms to operate efficiently. However, this dependence makes businesses vulnerable to a range of cyber-threats, including data-breaches, ransomware attacks, and hacking incidents. Even a single cyber-attack can result in substantial financial losses, legal liabilities, and reputational damage. Cyber insurance, therefore, provides a safety net, so that businesses can recover financially and operationally from these incidents. By covering costs such as data-breach notification, legal fees, and system repairs, cyber insurance helps mitigate the financial burden of cyber-attacks.

Risk Management Too 

Cyber insurance can also play a crucial role in risk management. For example, it encourages businesses to assess their cyber vulnerabilities and implement robust security measures.

Insurers often require policyholders to adhere to specific security protocols, which enhances overall cybersecurity standards. This proactive approach not only reduces the likelihood of an attack but also ensures businesses are better prepared to respond effectively if one occurs. Therefore, having cyber insurance is not just about financial protection, but it’s also about fostering a culture of cybersecurity within the organisation.

Not Forgetting Regulatory Compliance 

In addition to financial and security benefits, cyber insurance is essential for regulatory compliance. Many industries are subject to strict data protection regulations, such as the General Data Protection Regulation (GDPR) in Europe and non-compliance can, of course, result in hefty fines and legal consequences.

Cyber insurance policies, therefore, often include support for regulatory compliance, helping businesses navigate complex legal requirements and avoid penalties. By providing resources for legal counsel and regulatory guidance, cyber insurance ensures that businesses can meet their obligations and maintain trust with customers and stakeholders.

What Kind Of Things Does It Cover?

As mentioned above, broadly speaking, cyber insurance aims to provide financial cover for things like data breaches, network damage, and cyber extortion. Cyber insurance for UK businesses actually provides comprehensive coverage for various cyber-related incidents. Here are some examples of what it typically covers:

Data Breach Response 

– Notification Costs: Covering the expenses of notifying customers and affected individuals after a data breach.

– Credit Monitoring Services: Providing credit monitoring to those whose personal information has been compromised.

Business Interruption 

– Loss of Income: Reimbursement for lost revenue due to a cyber-attack that disrupts normal business operations.

– Extra Expenses: Covering additional costs incurred to keep the business running while dealing with the cyber incident.

Cyber Extortion 

– Ransom Payments: Payments made to cybercriminals to regain access to data or systems.

– Negotiation Costs: Expenses related to negotiating with extortionists and managing ransom demands.

Legal Fees and Defence Costs 

– Third-Party Claims: Legal expenses arising from lawsuits due to a data breach or security failure.

– Regulatory Fines and Penalties: Coverage for fines and penalties imposed by regulators for data protection breaches, such as those related to GDPR.

Crisis Management 

– Public Relations: Costs associated with managing and repairing the company’s reputation after a cyber incident.

– Forensic Investigation: Expenses for investigating the cause and extent of the cyber-attack.

Network Security Liability

– Liability Claims: Coverage for claims arising from failure to protect data, resulting in data theft or corruption.

– Defence Costs: Legal defence costs for claims related to network security breaches.

Media Liability

– Defamation and Infringement: Coverage for claims of libel, slander, copyright infringement, or defamation resulting from digital content.

Technology and Data Recovery 

– Data Restoration: Costs of restoring and recovering lost or corrupted data.

– System Repair: Expenses for repairing or replacing damaged hardware and software

You may be thinking after looking at this list that there are many more costs than you may have thought associated with dealing with the results of a data breach, cyber-attack, or serious and disruptive network issue. These costs, plus the high levels of ever-more sophisticated cyber-crime, may be the arguments behind many businesses now having cyber insurance.

What Proportion of Businesses Now Have Cyber Insurance? 

Considering the large potential costs of dealing with a serious cyber / network incident (as shown above) it may be a surprise to know that the proportion of businesses with cyber insurance in the UK is still relatively modest. For example, the latest data shows that only 43 per cent (UK Home Office 2024) of UK businesses have a cyber insurance policy in place and within this group, a small fraction, around 5 per cent (Insurance Business UK), have specialised cyber insurance policies tailored to their specific needs. Most companies rely on broader policies that include some form of cyber risk coverage as part of their overall insurance package.

This may be particularly surprising given that according to the Cyber Security Breaches Survey 2024 by the Department for Science, Innovation and Technology (DSIT):

– 32 per cent of businesses and 24 per cent of charities experienced a cyber security breach or attack in the past 12 months.

– Among larger businesses, the figures are higher, with 45 per cent of medium businesses and 58 per cent of large businesses have reported cyber-crimes.

– The average short-term direct cost for businesses dealing with a cyber incident was £1,650, which increases to £6,490 for medium and large companies.

– Long-term direct costs, which include expenses incurred after the initial breach, averaged £782 for all businesses but reached £6,010 for larger firms.

Who Provides It? 

Several examples of the well-known insurers in the UK market that offer cyber security insurance include:

– AXA provides comprehensive cyber insurance that covers a range of cyber risks, including data breaches, business interruption, and cyber extortion.

– Aviva offers cyber insurance policies that can be tailored to businesses of all sizes. Their coverage includes protection against data breaches, cyber extortion, and business interruption caused by cyber incidents, and there is access to a 24/7 cyber incident helpline and expert support.

– Hiscox provides coverage which includes costs associated with data breaches, cyber extortion, and third-party liability, and it offers risk management tools and resources to help businesses improve their cyber security posture.

– Zurich’s offers cyber insurance policies covering a wide range of cyber risks, including data breaches, network security failures, and cyber extortion. Zurich also provides access to a global network of cyber experts and offers pre-breach services to help businesses mitigate their cyber risks.

There are, of course, many other companies that offer cyber insurance. For example, even Amazon now offers it with AWS Cyber Insurance Competency Partners, and through a partnership with Superscript is offering cyber insurance to small and medium-sized businesses in the UK. For example, Amazon Business Prime users can access it product by logging in to Superscript using their Amazon account.

How Much Does It Cost?

Obviously, the price of cyber insurance varies according to factors like the size of the business, the level of coverage, and the industry. However, as a very general guide:

– Small businesses in the UK may expect to pay around £115 per month for cyber insurance / £1,380 annually (Insureon), which can fluctuate depending on the specific risks associated with the business and the amount of sensitive data handled.

– Medium-sized businesses may see premiums ranging from £1,500 to £5,000 per year, with the variation being due to the higher risk and more significant potential losses associated with larger volumes of data and more complex IT systems.

– For large businesses, cyber insurance costs can range from £10,000 to £50,000 annually and can include higher coverage limits and broader protection against various cyber threats (reflecting the greater complexity and risk involved).

What Does This Mean For Your Business? 

The rising tide of cyber threats highlights the urgent necessity for businesses to not just strengthen their cyber security measures, but also to consider adopting comprehensive cyber insurance policies. Cyber-attacks are not only becoming more frequent but also increasingly sophisticated, posing severe risks to financial stability and operational continuity. For businesses, this means that traditional security measures alone may no longer be sufficient. Cyber insurance provides a critical safety net, offering financial protection against the costs associated with data breaches, business interruptions, and other cyber incidents.

Investing in cyber insurance can significantly mitigate the financial and operational impacts of cyber-attacks. Policies typically cover a range of expenses, from data breach notifications and legal fees to system repairs and business interruption losses. This ensures that businesses can recover more swiftly and maintain their operations with minimal disruption. Also, cyber insurance often includes access to expert support and resources, helping businesses to manage incidents more effectively and reduce the risk of recurrence.

In addition to financial protection, it’s important to remember that cyber insurance also plays a crucial role in regulatory compliance. For example, many industries are subject to stringent data protection regulations, such as the GDPR in Europe, and non-compliance can result in hefty fines and legal consequences. Cyber insurance policies frequently offer support for navigating these complex legal requirements, helping businesses to avoid penalties and maintain trust with customers and stakeholders.

For businesses evaluating their need for cyber insurance, it’s important to consider the broader benefits. Beyond immediate financial coverage, having a cyber insurance policy can drive improvements in overall cyber security practice. For example, insurers often require policyholders to implement robust security protocols, fostering a culture of proactive risk management within the organisation. This not only reduces the likelihood of successful cyber-attacks but also ensures that businesses are better prepared to respond effectively when incidents do occur.

Given the substantial costs associated with cyber incidents, the investment in cyber insurance becomes a strategic decision. Whether you are a small business, medium-sized or a large corporation, the protection and peace of mind offered by cyber insurance can be invaluable.

The evolving landscape of cyber threats, therefore, appears to necessitate a multifaceted approach to cyber security and you may decide, for all the reasons mentioned above, that cyber insurance should be a cornerstone of this strategy for your business.

Featured Article : New Windows Screenshot Feature Sparks Privacy Concerns

The new AI-powered Windows ‘Recall’ feature that takes 5-second screenshots to generate a searchable timeline of everything a user has interacted with has prompted security and privacy concerns.

What Is Recall? 

The Recall feature for Windows (currently in preview status) is a new feature that’s exclusive to Microsoft’s forthcoming Copilot+ PCs. Recall takes snapshots of whatever is on your screen every five seconds (e.g. emails, and photos), while content on the screen is different from the previous snapshot. These snapshots are then stored (encrypted) and analysed using optical character recognition (OCR), which uses AI, locally on the user’s PC. The collection of snapshots is designed to give users not only a timeline of everything they’ve done and seen, but they can use voice commands to search through it for what they need, e.g. for any content (text and images) they may have been working on or seen. Microsoft says the functionality will be improved “over time” to enable users to open the actual source document, website, or email in a screenshot.

When Recall opens the snapshot a user has requested, it enables ‘screenray’.  This runs at the top of the snapshot and allows the user to interact with any of the elements in the snapshot, so for instance, the user can copy text from the snapshot or send pictures from the snapshot (to an app that supports jpeg files).

Won’t It Just Fill Up The PC’s Storage Space With Snapshots? 

With different screen snapshots (captured every-five-seconds having to be stored locally on the PC) you may be wondering what this will do to the storage space. Microsoft says the minimum hard drive space needed to run Recall is 256 GB (whereby 50 GB of space must be available) and that the default allocation for Recall on a device with 256 GB will be 25 GB, which can store approximately 3 months of snapshots. Users can increase the storage allocation for Recall in the PC Settings and old snapshots are deleted when the allocated storage is used, allowing new ones to be stored.

Why Use Recall?

According to Yusuf Mehdi, Microsoft’s executive vice president and consumer chief marketing officer, with Recall, Microsoft “set out to solve one of the most frustrating problems we encounter daily — finding something we know we have seen before on our PC”. 

Broadly speaking therefore, Recall is essentially a productivity and user experience-enhancing feature. Microsoft hopes that Recall will transform how users interact with their digital content by providing powerful, AI-driven tools for retrieving and managing past activities while maintaining a high level of control and (hopefully) privacy too.

Privacy Concerns 

While on the face of it, it’s possible to see how useful this feature could be, Recall has set privacy alarm bells ringing for some users. For example, it’s been reported that the Information Commissioner’s Office (ICO) is contacting Microsoft for more information on the safety of the product and that Recall has been described as a “privacy nightmare” by some privacy watchdogs. Examples of some of the key concerns about the potential privacy issues of Recall include:

– Since the feature doesn’t moderate what it records, very sensitive information including snapshots of passwords, financial account numbers, medical or legal information (and more) could be accessed and taken, presenting an obvious risk. Microsoft says: “Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”

– With gaining initial access to a device being one of the easier elements of an attack, this is all that would be needed to potentially access the screenshots and steal sensitive information or business trade secrets.

– Anyone who knows a user’s password could access that user’s history in more detail.

– Recall is currently at the preview stage, but unless Microsoft assesses the data protection, and peoples’ rights and freedoms before the feature is released to the wider market, there may be some serious legal issues and consequences.

Elon Musk also posted about the feature on his X platform saying: “This is a Black Mirror episode. Definitely turning this ‘feature off.” 

What Does Microsoft Say? 

In defence of Recall and to allay the privacy concerns expressed, Microsoft points out that:

– Recall is not enabled by default – it is an opt-in feature. Users must manually activate it to use it and can configure its settings to control what data it captures and stores.

– Microsoft says it built privacy into Recall’s design “from the ground up”.

– By clicking on the Recall taskbar icon after user’s first activate their Copilot+ device, they can choose what snapshots Recall collects and stores on their device. For example, users can select specific apps or websites visited in a supported browser to filter out of snapshots, snapshots on demand from the Recall icon in the system tray, clear some or all snapshots that have been stored, or delete all the snapshots from the device.

– Microsoft says: “For enterprise customers, IT administrators can disable automatically saving snapshots using group policy or mobile device management policy. If a policy is used to disable saving snapshots, all saved snapshots from users’ devices will be deleted, and device users can’t enable saving snapshots.” 

– The snapshots captured by Microsoft’s Recall feature are stored locally on the PC but are encrypted and protected using BitLocker encryption.

– Recall data is only stored locally and isn’t accessed by Microsoft or anyone who does not have device access.

What Does This Mean For Your Business? 

It’s possible to see the value of the Recall feature (in the forthcoming Copilot+ PCs) in terms of offering UK businesses a potential boost in productivity and efficiency. Being able to search by voice and quickly find (and eventually click through to) anything you’ve been looking at could make it much faster and easier to retrieve and manage digital content. This could, of course, save valuable time and reduce frustration, leading to more streamlined workflows and increased operational efficiency.

However, the elephant in the room with this feature which has piqued the attention of many commentators and the ICO is the significant risk to privacy that it could seemingly pose to businesses and individual users. For example, the unmoderated collection of everything (which could include sensitive information such as passwords, financial data, and confidential business details), raises substantial security and privacy risks. For example, if these snapshots were to be accessed and fall into the wrong hands, the consequences could be severe, including data breaches and the exposure of proprietary information. It appears, therefore, that the only thing standing between a potential bad actor and your personal/sensitive/business information is knowledge of the password for the PC.

Microsoft’s assertion that Recall is an opt-in feature, with snapshots stored locally and protected by BitLocker encryption, may, however, provide some reassurance, as may the fact that users can control what data is captured and stored, plus enterprise customers can disable automatic snapshot saving through group policy or mobile device management. Nevertheless, despite these measures, the potential for misuse remains, especially if a device is compromised or accessed by an unauthorised individual.

To address these privacy concerns, Microsoft will need to provide comprehensive transparency and robust security assurances to the ICO, businesses, and privacy advocates too. Demonstrating that Recall complies with data protection regulations and adequately safeguards user data will be crucial. Clearly, even though Recall is still just at the preview stage, there are serious concerns, and failure to address these could result in significant backlash, legal challenges, and a loss of trust among users.

If / when Recall is thought to be suitable for wider release for businesses, the decision to implement it will require a careful evaluation of the trade-offs between increased productivity and potential privacy risks. Companies will need to establish clear policies and provide training to ensure that employees understand how to use the feature securely. IT departments will also need to remain vigilant, continually monitoring and managing the feature’s settings to maintain data protection standards.

While Recall offers exciting possibilities for enhancing business efficiency, its success will depend on Microsoft’s ability to address privacy concerns and provide robust security measures, so it remains to be seen how Recall progresses though this preview stage and whether risks can be mitigated to an acceptable level.

Tech Insight : Windows 11 Updates & VBScript Kill-Off?

In this insight, we look at the implications of Microsoft’s announcement that the Windows 11 24H2 update is being tested in a pre-release stage and the deprecation of VBScript is being initiated by making it an optional feature.

What Did Microsoft Say? 

Microsoft has announced that it is making this year’s annual feature update Windows 11, version 24H2 (Build 26100.712) available in the Release Preview Channel for customers to preview ahead of general availability later this year.

Microsoft says that Windows 11, version 24H2 includes a range of new features like “the HDR background support, energy saver, Sudo for Windows, Rust in the Windows kernel, support for Wi-Fi 7, voice clarity” and more.

Improvements Across Windows 

The update also includes many improvements across Windows, such as:

– A scrollable view of the quick settings flyout from the taskbar.

– The ability to create 7-zip and TAR archives in File Explorer (in addition to ZIP). 7-Zip is a free, open-source file archiver that compresses files into various archive formats, notably its own 7z format, and TAR (Tape Archive) – a widely used format for combining multiple files into a single archive file (typically without compression).

– Improvements for connecting Bluetooth® Low Energy Audio devices, i.e. to enhance audio quality, reduce latency, and improve power efficiency for supported devices.

Copilot Pinned To The Taskbar 

Microsoft has also said that in response to feedback from users, the update will also mean that Copilot on Windows as an app will be pinned to the taskbar. This means users can get the benefits of a traditional app experience (e.g. it can be resized, moved, and snapped to the window).

More Details To Come 

Microsoft says although Windows Insiders in the Release Preview Channel can install Windows 11, version 24H2 via its “seeker” experience, the rest of us will have to wait for more details in the coming months of the new features and improvements included as part of Windows 11, version 24H2 leading up to general availability.

The Deprecation of VBScript 

One other significant announcement from Microsoft was the sharing of a timeline for the deprecation (phasing out) of Visual Basic Scripting Edition, commonly referred to as VBScript. Last October, Microsoft announced that VBScript, first introduced in 1996, would be gradually deprecated.

The latest timeline news is that beginning with the new OS release later this year, VBScript will be available as features on demand (FODs). Microsoft says the feature will finally be completely retired from future Windows OS releases “as we transition to the more efficient PowerShell experiences.”  A diagram of the timeline states that VBScript FODs will be completely disabled by default in 2027.

Why Is VBScript Going? 

Microsoft says VBScript (VBS) is finally going because there are more versatile scripting languages (e.g. JavaScript and PowerShell) that offer “broader capabilities and are better suited for modern web development and automation tasks.” 

However, it should also be noted that VBS was a popular tool for cyber-criminals and the fact that VBScript was integrated into the Windows environment meant that it could be exploited to create VBS malware. For example, the highly destructive “ILOVEYOU” worm (2000) was VBS malware. Increased security by closing another door for cyber-criminals is apparently therefore another reason why Microsoft’s getting rid of VBS.

What Does This Mean For Your Business? 

The forthcoming Windows 11 24H2 update looks like it will bring several key benefits for UK businesses, promising to enhance productivity, security, and overall user experience. Key improvements, such as support for HDR backgrounds, energy-saving features, and the integration of Sudo for Windows and Rust in the Windows kernel, will provide businesses with more robust and efficient systems. The introduction of support for Wi-Fi 7 and improved voice clarity may also enhance connectivity and communication within the workplace, which would be helpful for maintaining seamless operations in today’s ‘digital-first’ business environment.

Also, the update’s enhancements for Bluetooth Low Energy Audio devices could be particularly advantageous for businesses relying on audio devices for communication and collaboration.

The news of the inclusion of a scrollable quick settings flyout and the ability to create 7-Zip and TAR archives directly in File Explorer may simplify business file management and streamline workflows. Such improvements could help make everyday tasks more intuitive and less time-consuming, allowing employees to focus on more critical business activities.

However, it’s worth noting for balance that, as with other updates, some businesses may face compatibility issues with legacy systems or software that has not yet been optimised for the new features. There may also be a learning curve associated with the new functionalities, i.e. perhaps requiring additional training time to fully utilise the update’s benefits.

As for the deprecation of VBScript, considering how long it’s been around, the timeline for its demise marks a significant shift for businesses still relying on this scripting language. While moving to more modern and secure scripting languages like PowerShell and JavaScript offers improved capabilities and security, the transition may necessitate some adjustments. Businesses may need to update or replace legacy systems and scripts that depend on VBScript, which could involve some time and resource investments.

On the positive side, phasing out VBScript should reduce some Windows security risks, as VBS has historically been exploited for malware attacks. The phasing out of VBS, therefore, should enhance the overall security posture of Windows environments, thereby helping businesses protect their data and operations from cyber threats.

In summary, while the Windows 11 24H2 update promises enhancements that can drive efficiency and security, businesses must prepare for potential compatibility issues and the need to transition away from VBScript. Armed with this knowledge, proactive planning for the changes can help UK businesses to maximise the benefits of the new update and maintain a secure, modern, and efficient IT environment.

Tech News : EE and Plusnet Customers To Get Refund From BT

After an Ofcom investigation that found BT didn’t give clear and simple information to customers who signed up to deal with its subsidiaries EE and Plusnet, BT has been told it must refund early exit fees and let existing affected customers walk away penalty-free.

What Happened? 

Under new consumer protection rules, known as ‘General Conditions’ (GCs), that came into force in June 2022, phone and broadband companies, of which BT is both, must give consumers and small businesses the details of a contract, as well as a summary of its key terms, before they sign up. These details must include the price, the length of the contract, the speed of the service, and any early exit fees.

UK Telecoms regulator, Ofcom, says that it opened an investigation into BT after it received information that two of BT’s wholly-owned subsidiaries, EE and Plusnet, may not have been providing the required documents to some customers.

The Findings 

Ofcom says its investigation revealed that since the introduction of the new rules on 17 June 2022, EE and Plusnet made more than 1.3 million sales without providing customers with the required contract summary and information documents. Ofcom found evidence that 1.1 million customers were affected by this between 26 June and 30 September 2023, i.e. they were not given contract information before they signed up as is required under the new rules.

Other key findings by Ofcom were that:

– Despite telling Ofcom in February 2022 that it was confident the deadline to meet the new rules would be met, evidence showed that BT knew as early as January 2022 that some of its sales channels would not meet the deadline.

– In some cases, BT deliberately chose not to comply with the rules on time.

– Ofcom says that whereas other providers dedicated the resources required to meet the implementation deadline for the new rules, BT may have saved costs by not doing so.

– Some sales channels are still non-compliant, and BT is still not providing the required information at the right time to some customers.

The Outcome 

The outcome of Ofcom’s findings in this case are that:

– Ofcom has issued a £2.8 million fine to BT, although this includes a 30 per cent discount as a result of BT’s admission of liability and its completion of Ofcom’s settlement process.

– The 1.1 million customers affected have been given the opportunity to request the information and/or cancel their contract without charge.

– For those customers who left BT before the end of their contract and were charged an early exit fee, BT must refund those early exit fees, and let existing affected customers walk away penalty-free.

Other Action 

Other actions that BT has been instructed to take by Ofcom in relation to this case include:

– Identifying and refunding any affected customers who may have been charged for leaving before the end of their contract period, within five months of Ofcom’s decision.

– Within three months, contacting the remaining affected customers who are still with BT and have not already been contacted, to offer them their contract information and/or the right to cancel their contract without charge.

– Amending remaining sales processes that are still non-compliant within three months of Ofcom’s decision.

Unacceptable 

Ofcom’s Enforcement Director, Ian Strawhorne, said: “When we strengthened our rules to make it easier for consumers to compare deals, we gave providers a strict timeline by which to implement them. It’s unacceptable that BT couldn’t get its act together in time, and the company must now pay a penalty for its failings.”  

Also, Rocio Concha, Director of Policy and Advocacy for consumer organisation ‘Which?’ said: “It’s absolutely right that Ofcom is fining BT for not providing EE and Plusnet customers with clear contract information before they signed up – as some people will have been hit with pricey exit fees they never should have faced.” 

What Does BT Say? 

BT has been reported as saying that it is sorry, will “implement the remedial actions” required by Ofcom and has “taken steps to proactively contact affected customers and arrange for them to receive the information and be refunded where applicable.” 

What Does This Mean For Your Business? 

Ofcom’s ruling against BT is a reminder to telecoms companies and service providers about the importance of compliance with the latest regulatory requirements. For BT, this incident highlights the critical need for transparency and accountability in customer communications, especially in a competitive market where trust is paramount. The £2.8 million fine (which some commentators say should have been higher) and the mandated refunds are examples of the financial and reputational risks associated with non-compliance.

For other providers, this case is a cautionary tale that emphasises the need to adhere to consumer protection rules and the potential consequences of failing to do so. It also shows that companies that decide to push boundaries in their marketing campaigns must think more carefully about these strategies, ensuring that their promotional activities do not leave customers in the dark about what they are signing up for. In an industry where bundling services into complex contracts is common, maintaining clarity and simplicity within customer interactions is still essential to avoid regulatory scrutiny and potential penalties.

For customers, this case may see them benefit (a little) from increased regulatory oversight and assurances that providers must comply with clear guidelines, thereby helping them make more informed decisions about their service contracts. Also, the knowledge that you can exit contracts without penalty in cases of non-compliance should be reassuring and help consumers from being unfairly trapped in agreements they did not fully understand.

Tech News : Microsoft/Truecaller Now Answers Phone Using Your Voice

A new partnership means that Truecaller’s AI Assistant can use Microsoft Azure AI Speech technology to enable Truecaller to answer your phone (via the Truecaller app) using an authentic AI version of your voice.

Truecaller 

Truecaller is a mobile app, available on iOS and Android, that offers caller identification, call blocking, and spam filtering services. It also provides features like call recording, chat, and contact management. Truecaller is based in Stockholm and was founded in 2009 and is now believed to have over 383 million users globally.

Microsoft’s Speech Technology – Answers In Your Voice 

The Microsoft Azure AI Speech technology (that as part of the new partnership enables Truecaller to answer the phone using an AI version of the user’s voice) is Microsoft’s ‘Personal Voice’. Launched in November 2023 and updating the existing ‘Custom neural voice’, the new ‘Personal Voice’ feature means that paid users of Truecaller’s Assistant (AI) “can get AI replicating their voice in a few seconds by providing a 1-minute speech sample as the audio prompt, and then use it to generate speech in any of the 100 languages supported”. 

Integrated With The Truecaller Assistant – How It Works 

Microsoft describes how ‘Personal Voice’ works when integrated with Truecaller’s Assistant, saying: “The Truecaller Assistant answers users’ calls and asks questions for the users, detecting spam and letting the users know if the call is worth answering.” 

Truecaller’s Product Director & General Manager, Raphael Mimoun, explains that “The personal voice feature allows our users to use their own voice, enabling the digital assistant to sound just like them when handling incoming calls.”

Why? 

Truecaller says being able to use an AI version of the user’s voice “adds a touch of familiarity and comfort for the user”, and Microsoft says it “provides a fully personalised voice experience” and it will “will revolutionise the way our users manage their calls and elevate their overall experience with Truecaller Assistant”. 

Limitations 

It’s been reported that although Truecaller’s Assistant usually gives the option to edit the introductory greeting template for callers, this option will be restricted if users opt for their personal voice instead of a system-generated one. That said, it’s understood that follow-up responses can be customised, based on user preferences.

Introduced in China Too 

Microsoft’s Personal Voice feature was developed with Haier, a leading IoT Smart Living brand in China, and the new Personal Voice feature has now been added to Haier’s service so that its users can create AI versions of their family’s voices to control and use home appliances via intelligent speakers.

Truecaller – More In Future 

Truecaller has indicated that it intends to work with Microsoft in future to enhance its products with AI. For example, Truecaller’s Raphael Mimoun said: “We look forward to further exploring the potential of AI-powered voice technologies in partnership with Microsoft and delivering even more innovative solutions to our global user base.”   

What Does This Mean For Your Business? 

The collaboration between Truecaller and Microsoft to integrate Azure AI Speech technology into Truecaller’s app can be seen as a significant advancement in AI-driven customer interaction tools. For Truecaller, this partnership enhances its service offering by leveraging cutting-edge AI to create a more personalised and seamless experience for users. The ability to replicate a user’s voice with AI not only adds a unique touch of familiarity but also sets Truecaller apart from its competitors in the call management and spam detection market. This innovation also aligns with Truecaller’s commitment towards continually improving its user experience and expanding its global reach.

For Microsoft, this partnership underscores the versatility and power of its Azure AI Speech technology. By enabling Truecaller to offer AI-generated voice capabilities, Microsoft showcases its ability to provide scalable, advanced AI solutions that can be integrated into various applications. This collaboration not only strengthens Microsoft’s position in the AI market but also opens up new avenues for the deployment of its technology across different industries and usage cases.

For businesses using Truecaller, the integration of AI-generated personal voices could transform how they manage incoming calls. For example, this technology allows for a more efficient and personalised customer interaction, potentially reducing the burden on customer service teams and improving the overall customer experience. By ensuring that calls are answered in a familiar voice, businesses can also maintain a personal touch, even when calls are handled by an AI. Also, the continued partnership between Truecaller and Microsoft hints at the possibility of even more sophisticated AI-driven features in the future, which could further streamline communication processes and enhance business operations.

Looking ahead, the potential for further AI integrations is vast. Businesses might see developments such as AI-driven analytics providing deeper insights into call patterns and customer behaviour, or enhanced automation features that could seamlessly integrate with other business systems. The ongoing advancements in AI technology promise to bring about more intelligent and adaptive solutions, helping businesses stay ahead in an increasingly competitive landscape. As Truecaller and Microsoft continue to innovate, businesses can look forward to leveraging these technologies to enhance efficiency, improve customer engagement, and drive growth.