By Daniel Cooper for Engadget

Problematic transportation outfit Uber is thinking about a way to use your phone to determine if you’ve been drinking. A patent application was uncovered by CNN, entitled “Predicting user state using machine learning,” which outlines the general idea. Essentially, by watching how you behave day-to-day, the system can pick up when your behavior is normal (for you) or abnormal. That could be, for instance, how you use your phone, the angle at which you hold it, and even how you’re walking.

Obviously there are some common sense elements to this, too, especially if you’re requesting a ride in the small hours from a notorious night spot. The thinking is that drivers will be fed this information ahead of you boarding the vehicle to better prepare them for what’s coming. A cynical reading of the plans could mean that drivers choose not to pick up a ride from a drunk passenger to avoid trouble. That would likely mean they’re left fending for themselves or, worse still, choose to drive themselves instead.

Of course, patent applications are mostly the province of companies wealthy enough to devote such time to dreaming up new ideas. Wacky concepts and ideas are patented all the time in the hope that, in years to come, they prove to be both useful and profitable. There’s no indication that this system is going to pop up in Uber’s customer-facing app in the near future, although it certainly could do.

By Vicky Sidler for MyBroadband / Nick Saunders at Mimecast

When I say the word “bat”, what image comes to mind? A flying mammal? A cricket bat?

In English, they call this a “homograph”: when two or more words are spelled the same but don’t have the same meanings or origins.

In cyber-security, a homograph is a lot more sinister. It’s a term given to a type of impersonation attack where an email address or website URL looks legitimate but isn’t. It’s designed to trick people into clicking on malicious links or to fool them into transferring money or sharing sensitive information.

Recent research by Vanson Bourne and Mimecast found that more than 85% of respondents had seen impersonation fraud in the past 12 months, and 40% had seen an increase in this type of attack in the same period. In South Africa, 36% of respondents had seen an increase in impersonation fraud asking to make wire transactions, and 37% had seen an increase in impersonation fraud asking for confidential data.

Despite this growth, many organisations do not have a cyber resilience strategy in place to help them detect, prevent and recover from these types of attacks.

Easy to execute, hard to detect
Homograph attacks are difficult to detect – by both the user and regular email security systems.

To create these lookalike domains, attackers use non-Western character sets or special characters found in Greek, Cyrillic and Chinese, to display letters which, to the naked eye, look identical to the western alphabet. Mimecast.com, for example, looks like мімесаѕт.com in Cyrillic. According to one domain name checker, there are 117 possible Mimecast domains that can be misrepresented with just one character from a non-English alphabet.

These subtle changes are likely to go unnoticed by users. In South Africa, 31% of respondents were not confident that employees could spot and defend against impersonation attacks, which easily and often slip through an organisation’s security systems.

Some 21% of South African respondents were not confident that their organisation’s security defences could defend against impersonation fraud asking for confidential information, rising to 25% for fraud asking to make wire transactions – in line with global trends.

This is because the emails themselves don’t contain malware and the URLs often have legitimate (read: stolen) security certificates.

Is it me you’re looking for?
Website URLs aren’t the only avenues for impersonation attacks; email address impersonation is also on the rise.

These types of attacks are designed to trick users such as finance managers, executive assistants and HR representatives into transferring money or disclosing information that can be monetised by cybercriminals. The email appears to come from someone they trust – a C-suite executive or a third-party supplier that they regularly do business with – and therefore wouldn’t think twice about responding to.

South Africans reported that, in the past 12 months, cybercriminals have attempted to impersonate finance teams (24%), third-party vendors (20%), a member of the C-suite (7%), as well as HR, sales, operations, legal and marketing team members (between 5% and 8%).

Again, these emails do not contain malware, which means they can go undetected by most email security systems. Social engineering attacks such as these rely on our inability to spot anomalies in URLs and email addresses – and the fact that we believe we’re communicating with someone we know.

Know what to do
Cybercriminals have figured out that they can bypass security systems by switching from malware-laden attacks to malware-less impersonation attacks. Now, social engineering meets technical means to put us in the middle of the next evolution of cyber-attacks.

Here are some measures organisations can implement to guard against these types of attacks:

  1. Education – when users know how social engineering and spoofing attacks work and then understand they shouldn’t click on links in emails, breach incidents can be drastically reduced. Users should be encouraged to physically type an address into a browser rather than click on a link in an email, even if it was supposedly sent by someone they know and trust. Education and awareness will always be the most important defence mechanisms.
  2. Protection – email security systems are getting better at stopping malware which enter the network through dodgy files and attachments, but few are effective against impersonation attacks. Organisations need a solution that can deep-scan all inbound emails and inspect for header anomalies, domain similarity, sender spoofing and the existence of keywords and suspicious impersonation emails. These can then be blocked, quarantined, or delivered as flagged to alert the receiver of potential risk.
  3. Resilience – having the right threat protection in place is just one part of a robust cyber resilience strategy. Organisations also need to be able to adapt their strategies to stay ahead of attacks, while having the durability to continue with business as usual in the event of an attack, and the recoverability to ensure data and emails are always accessible.
  4. Oversight – often, lax security on a third-party supplier’s side provides an entry point into an organisation’s network. Enterprises should continuously evaluate and manage the security and privacy policies of their suppliers and include security in their service level agreements. They should also perform on-site security assessments with new suppliers before sharing sensitive information.
  5. Visibility – organisations need to know who their vendors are and who has access to company information, and for what reasons. This is even more important now that the EU’s General Data Protection Regulation has come into force and will affect all South African organisations when the Protection of Personal Information Act is finalised.

Thirty-seven percent of South African organisations have suffered data loss because of email-based impersonation attacks in past 12 months. These organisations also reported reputational damage (34%), loss of customers (29%), direct financial loss (17%) and lost market position (19%).

Email continues to be the number one threat to organisations globally and accounts for 96% of all incidents that organisations face.

Clearly, there is an urgent need to work towards a higher standard of email security. Cyber-criminals have evolved their attack methods. It’s time the security strategies organisations use to protect their users and their businesses evolve as well.

Source: Martha Stewart

Monogrammed boxes
These elegant containers are perfect for jewelry, gift cards, and small items.

Materials:

  • Coloured card stock
  • Computer
  • Printer
  • Bone folder
  • Scissors
  • Straightedge
  • Glue stick
  • Heavy books

Instructions:

In a photo-editing program, create a 2-page document. On the first page, draw a picture box, and then import a box template, from a CD, centering it carefully on the page.

Draw a second picture box, and place it on the template where you want the letter to appear. Import letter from a CD, sizing it as desired.
Copy template and letter from first page, and paste onto second page in the same position.
Delete letter from first page; delete template from second page.
Print first page onto colored card stock. Flip card stock over, and print second page with letter on other side.
(For a white letter, draw a picture box on the second page larger than the template. Color in box, make the letter white, and print onto white card stock.)
Cut out along template’s outside edges.
Using a bone folder and a straightedge, score straight dotted lines. Score curved lines using a round plate as a guide. Fold along straight lines, and seal with a glue stick.
Let dry between heavy books. Fold along curved lines to close box.

Punch-out pizzazz
Whimsical iron-on shapes turn basic T-shirts and totes into one-of-a-kind gifts.

Materials:

  • Photo-editing program
  • Iron-on transfer paper
  • Paper punches or decorative scissors
  • Iron
  • T-shirts or tote bags

Instructions:

In a photo-editing program, import patterns.
Print onto iron-on transfer paper, following the manufacturer’s instructions. (For crisp printouts, use paper meant for dark fabric.)
Cut out shapes using paper punches or decorative-edge scissors.
Iron onto fabric, following the manufacturer’s instructions.

Memory DVD
Create a DVD full of memories for the favourite dad in your life.

Materials:

  • Blank DVDs
  • DVD labels
  • Digital images
  • Printer
  • Envelopes
  • Card stock
  • Ribbon

Instructions:
Share memories of your Dad by creating your own DVDs and DVD labels on a computer. Simply take one of your favorite pictures, and print the image on a sticky label designed to fit a DVD – it’s a small touch that makes the gift extra special. When packaging the DVDs, place them all into individual envelopes, and then take your chosen photographic image and print it on card stock to make a one-of-a-kind cover.

Custom treats container
Take holiday photo cards to the next level: paste an image on a small container and fill it with your Dad’s favourite treats.

Materials:

  • Small box
  • Red nontoxic acrylic paint
  • Paintbrush
  • Pencil
  • Card stock
  • Scalloping shears
  • Photograph
  • Craft glue
  • Scissors
  • Glassine
  • Favourite snacks (such as sweets, biltong and nuts)

Instructions:
Coat a small box, outside and in, with red nontoxic acrylic paint; let dry. Trace the box top onto card stock.
Draw a circle about 1/2 inch larger around the traced circle; cut out with scalloping shears. Repeat to make a second circle.
Print or photocopy a photograph, adjusting the color, if desired. Trace the box top onto the picture; cut out. Use craft glue to affix the photo to one of the scalloped red circles; let dry.
Affix that circle to the top of the box and the other circle to the bottom using craft glue. Line bottom of the box with glassine.
Fill with your Dad’s favourite snacks.

Caxton Central / Southern Courier

The National Union of Mineworkers (NUM) is planning a total electricity shut down on Thursday 14 June to protest against the 0% salary increases of Eskom employees. Here’s what you need to know.

South Africans might experience a day of no power because of strike action set to take place against Eskom for not increasing the salaries of their workers this year.

1. Eskom announced 0% salary increases for their staff
In January this year, troubled state utility company Eskom appointed a new board of directors to help resolve their leadership crisis. President Cyril Ramaphosa appointed former Finance Minister Pravin Gordhan as Public Enterprises Minister in February to be in charge of state enterprises like Eskom. This week the power utility announced a 0% increase in wages and earmarked 10 000 jobs to be slashed.

Allan Gray has pointed out the real problem at Eskom – a productivity meltdown. In 2003 #Eskom employed 32,000 people. Today that number stands at around 47600, up almost 50%. Eskom’s electricity production is roughly the same as it was in 2003. So 50% more people, a massive wage bill and the same amount of output.

2. NUM released a statement calling for a national shutdown
NUM released a statement saying that they were “disgusted by the brutal arrogance shown by the black majority led by Eskom”. They called for a national shutdown of electricity supply. The action is set to occur on national, regional and branch level. NUM and National Union of Metalworkers of South Africa (NUMSA) held a joint briefing earlier today to this effect.

3. NUM launched a response to Eskom in a series of tweets
One of the questions raised was “why should workers’ pay for the sins of management? It’s a fact that Eskom managers drove the SOE to the brink of financial ruin through rampant looting, corruption and mismanagement.” They said Eskom senior managers are responsible for the financial crisis at the SOE – “if jobs are to be cut they should start by cutting down the BLOATED executive which is made up of approx 500 people!”.

4. Eskom has contingency measures against Thursday’s strike
Eskom released a statement that they have measures in place to mitigate against the planned industrial action. They assured people that they will ensure the security of power supply should the strike happen.

5. People have taken to their social media to respond to the announcement
There’s been a generally mixed response to the Eskom announcement with some people claiming it is wrong to not increase the staff salaries in the wake of VAT increases and rising petrol prices. Others, however, believe Eskom workers have unrealistic demands.

By Linda Ensor for TimesLive

Treasury estimates that the total debt that could fall under the debt extinguishment proposals made in the National Credit Amendment Bill proposed by Parliament’s trade and industry committee could range between R13.2bn and R20.7bn.

Banks and retailers would be the most heavily affected by the proposed scrapping of debt‚ Treasury said in a presentation to Parliament’s trade and industry committee on Tuesday during public hearings on the proposals.

The committee has proposed amendments to the National Credit Act‚ which include writing off the debt of those earning below R7‚500 month and who fall within the threshold of realisable assets.

According to research by consultancy firm Eighty20‚ about 56% of the credit active market of about 18-million has an income of R7‚500 a month or less.

“Based on the income estimates approximately 9-million borrowers could potentially meet the eligibility criteria for debt intervention as per the draft bill‚” the organisation said in a presentation to the committee.

“In total borrowers that could qualify for debt review hold over 16-million loans. 29% of these loans (4‚7-million) are three months or more in arrears belonging to borrowers who could qualify for debt intervention. The total outstanding balance on these loans is around R20‚7bn.”

The Black Sash said in its presentation that the debt relief proposals would provide much-needed assistance to social grant beneficiaries who are prey to loan sharks.

The Black Sash has been at the forefront of exposing the vulnerability of social grant beneficiaries to unlawful deductions and the predations of loan sharks. The organisation welcomed the R7‚500 income threshold as this would cover many social grant recipients.

Black Sash national advocacy manager Hoodah Abrahams-Fayker noted that the Easypay bank account – a joint operation between Grindrod Bank and Net1 subsidiary Moneyline – had fuelled indebtedness “as many loan sharks use this card to provide loans often with no affordability tests‚ no proper avenues of recourse‚ no administrative justice and no debt counselling.

“Grant beneficiaries are trapped in a vicious cycle using debt to pay for food and basic living needs. Overindebtedness is a social and economic challenge with far-reaching consequences for vulnerable social grant recipients (who) can become easy prey for moneylenders as they are receiving a guaranteed monthly income from the state.”

Treasury noted in its presentation that there were currently gaps in the protection of the overly indebted. For example‚ there were weaknesses in the insolvency framework as sequestration did not work for those with no income and no assets. The debt review system only worked for those earning more than R7‚500 per month.

Treasury proposed that the debt review system be improved for those with some income. This could be completed “relatively quickly”. However‚ a mechanism was needed for those with no income. A revision of the Insolvency Act was under way but could take some time to finalise.

The Department of Justice and Constitutional Development also made technical suggestions to improve the proposed National Credit Amendment Bill.

By Sibongile Khumalo for Fin24

Government welcomed the signing of a three-year multi-term Public Service wage agreement, although it exceeded the 2018 Medium Term Expenditure Framework by R30bn.

According to the Department of Public Service and Administration, the R110bn provision for the salary adjustments for the period from 2018/19 to 2020/21 was made in the 2018 Medium Term Expenditure Framework (MTEF).

“The 2018 salary agreement exceeds this amount by R30 Billion over the Medium Term Expenditure Framework,” the department said in a statement.

“This then calls for cost containment measures to ensure that the wage bill remains within the existing compensation ceilings,” it added.

The Public Service Coordinating Bargaining Council (PSCBC) last week said 65.74% of trade unions had agreed to salary adjustments and improvements on conditions of service in the sector for three years, from 2018/19 to 2020/21.

For 2018/19 level 1-7 workers agreed to a 5.5% CPI linked increase, plus a 1.5% , the pay would then be hiked by a CPI related rate for the next two year, with an additional 1%.

Government said the agreement was reached after “a long and difficult negotiations process”.

Employees in the level 8-10 scale would get a CPI rate plus 1% for the current year, followed by 0.5% for the next years, while those in the level 11-12 bracket would receive an increment of 0.5% for this year on top of the CPI. The highest grade will only get a CIP rate for the following year.

Also included, is that the housing allowance of R1 200.00, which would be increased annually by the average CPI of the preceding financial year on an annual basis.

The country’s bulging public wage bill has been a major source of challenge raised by international lenders and rating agencies.

“As government we are glad that we have reached another multi-term agreement,” said Minister of Public Service and Administration Ayanda Dlodlo.

She stressed that the negotiations took place amid growing concerns over the escalating public service wage bill and a contracting economy, which pose serious challenges to the already strained government fiscal purse.

“The agreement proves that it is possible for both parties to reach an amicable agreement that puts the stability of the country and service delivery first.”

The adjustments will be effected on the 1st of July of each year.

Discussions reached a deadlock earlier this week, with the Public Servants Association (PSA) demanding a 12% wage increase across the board. Government offered a 7% increase for lower level workers, 6.5% for mid-level employees and 6% for senior managers.

Unions had started tabling demands in September 2017.

Source: Supermarket & Retailer 

The National Assembly officially passed the new National Minimum Wage (NMW) Bill at the end of May – nearly a full month after it was due to come into effect.

The bill sets a minimum wage of R20 per ordinary hour worked. This wage will be reviewed within 18 months of the commencement of the NMW Act and will be adjusted within two years of the commencement of the Act. Assuming a 45-hour week this equates to R3,900 per month.

While the minimum wage cannot be waived, and will take precedence over a contrary provision of a contract of employment, there is now the looming question among many South Africans on how the executive will manage the implementation of the bill.

According to a new commentary note published by VDMA Attorneys, the Department of Labour responded to this question in May by stating that, if and when the bill is passed, additional resources will be required to ensure that employers comply with the minimum standards.

However, it noted that, as it stands, the department does not have sufficient resources to assign labour inspectors to visit every workplace.

“The director general of the department has outlined a number of strategies to support compliance with the National Minimum Wage,” said VDMA.

“As the first port of call, they expect workers and unions to come forward and inform the department of non-compliance.

“There is also an obligation on the employers to ensure that they comply. Another initiative is what the department calls ‘blitz inspections’, which is an effort to focus on areas which are infamous for non-compliance with labour regulations. The department will issue compliance orders to those who do not conform to the National Minimum Wage,” it said.

It adds that the NMW will also be incorporated into the Basic Conditions of Employment Amendment Bill, which it also extends the jurisdiction of the Commission for Conciliation, Mediation and Arbitration (CCMA).

“Labour inspectors now have the power to refer disputes relating to non-compliance to the to the CCMA and to appear at the CCMA in these disputes,” it said.

“The CCMA will have the power to make a compliance order issued by an inspector, an arbitration award, which award will carry the same weight as an order issued from the Labour Court.”

By Douglas Karr for MarTech 

When it comes to analysing the beliefs and purchasing habits of different consumer groups, marketers tend to overlook dads. Many assume that men who are dads have similar habits to those who aren’t dads, or they use outdated stereotypes of fathers when crafting their messaging.

However, today’s fathers have well-defined beliefs about their roles, distinct purchasing behaviors, and are digitally savvy.

Key amongst these findings is the impact of fatherhood on purchase behavior and brand affinity:

  • 44% of fathers changed food/beverage/grocery brands
  • 42% of fathers changed household cleaning products
  • 36% of fathers changed personal care products
  • 27% of fathers changed financial products

In honour of Father’s Day, MDG Advertising has created a new infographic that shows which behaviours and statistics brands should consider when developing products and services geared toward dads:

  • Dads do not like how they are portrayed
  • Dads see fatherhood as important and rewarding
  • Many dads don’t think they devote enough time to fatherhood
  • Dads make important—and different—purchase decisions
  • Digital and mobile are essential for younger dads

The infographic

By Harry Pettit for MailOnline 

An ’embarrassing’ leak shows the European Union has fallen short of its own data protection laws.

The European Commission’s website has published 700 records, including the names, addresses and mobile numbers of conference attendees, according to a report.

Officials in Brussels admitted the authority that designed the rules is not itself compliant with the General Data Protection Regulation (GDPR).

The Commission has previously warned that those who breach these rules, which came into force last week, could face millions in fines.

Following the leak, a spokesperson said the authority was exempt from GDPR laws for ‘legal reasons’.

Officials in Brussels will follow a similar set of new laws that ‘mirror’ those laid out in GDPR.

These rules will not enter force until autumn, according to the Telegraph.

The spokesperson added that the Commission is ‘taking and will continue to take all the necessary steps to comply’.

GDPR aims to strengthen and unify data protection for all individuals within the EU, which means cracking down on how companies use and sell user data.

Under GDPR, companies are required to report data breaches within 72 hours, as well as allow customers to export their data and delete it.

Companies scrambled to comply with the rules before they were ratified on May 25 with the Commission threatening hefty fines for those who breached them.

The bureaucracy’s website exposed 700 records that include people’s names, professions, and even some postcodes and addresses.

Officials in Brussels admitted the authority that designed the rules is not itself compliant with the General Data Protection Regulation. GDPR aims to strengthen and unify data protection for all individuals within the EU.

The records, some of which featured the private information of Britons, were collected during EU meetings and conferences and stored on data spreadsheets.

Tech website Indivigital found the documents are among thousands hosted by the website Europa.eu that are freely accessible online.

Many of them could be found by simply searching for the document on Google.

This leak would constitute a breach of GDPR rules were the blunder committed by other organisations or businesses.

What is GDPR?

The General Data Protection Regulation is an EU-wide law that cam into force on May 25 2018.

It gives greater power to regulators to penalise companies who mishandle personal data or are not transparent about how their business uses it.

For consumers, it brings new powers that require firms to obtain clear consent from users before processing their data.

It also grants users a right to easily access the data collected from them and transparency on how it is being used.

Everyday users have to do very little to comply with GDPR – it’s more targeted at big online businesses.

Under the new rules, any company that controls or processes the data of EU citizens must adhere to the GDPR guidelines.

This ends territorial-based accountability used by some firms not based in the EU to previously avoid sanction.

The law also states that notification of a data breach must occur within 72 hours of being first discovered, increasing transparency around leaks.

The weight of fines able to be issued has also increased under GDPR.

Regulators will be able to issue penalties equivalent of up to four per cent of annual global turnover or 20 million euro (£17.5 million) – whichever is greater.

For tech giants such as Google and Facebook, this could mean the risk of fines running into the hundreds of millions.

Fines for such a breach can reach up to £17.5 million ($23 million) or four per cent of global turnover – whichever is largest.

Jon Baines, a data protection expert at law firm Mishcon de Reya, described the ‘irony’ of the EU’s admission.

‘Although the information disclosed here does not appear to be particularly sensitive, it does raise questions about the general level of compliance, and whether any further inadvertent disclosures have been made,’ he told the Telegraph.

Steve Gailey, security expert at database security firm Exabeam, added that the exposure ‘is embarrassing for the EU, coming hot on the heels of GDPR’.

Reserve Bank trials blockchain successfully

By Hanna Ziady for Business Live 

Payments between SA’s banks, averaging R350-billion daily, can be settled using blockchain technology, tests demonstrate.

“Project Khokha”, whose results the Reserve Bank announced on Tuesday, successfully trialled interbank settlements using distributed ledger technology (DLT), of which blockchain, the mainstay of cryptocurrencies such as bitcoin, is one type.

Distributed ledgers use independent computers to record, share and synchronise transactions in online ledgers, without the need for an independent third party to verify those transactions. DLT could “fundamentally change the financial sector, making it more efficient, resilient and reliable”, according to the World Bank. In the long term, it could usurp a large portion of the work performed by trusted intermediaries such as banks and clearing houses.

DLT developments

Central banks around the world, meanwhile, are grappling with the implications of financial technology (‘fintech’) for financial markets and their supervisory roles in those markets. That Project Khokha has been a success puts the Bank at the cutting edge of developments in DLT, alongside the likes of the Bank of Canada and Singapore’s central bank.

The trial was designed, built and executed in three months. Key role-players included the Bank’s fintech unit, established in August 2017, and SA’s six biggest banks, as well as newcomer Discovery Bank.

The results show that the typical daily volume of SA’s payments system, averaging R350bn, could be processed on a distributed ledger in less than two hours with full confidentiality of transactions.

This has considerable implications for future applications of blockchain technology in SA. Future “blockchain experiments” might involve other central banks on cross-border payments, said Bank governor Lesetja Kganyago.

The Bank had “pushed the envelop in a number of ways” on the project, said Peter Munnings, technical lead of enterprise delivery at New York-based ConsenSys, a blockchain software technology firm and the Bank’s technology partner.

“There are many issues to consider before the decision to take a DLT-based system into production can be taken,” the Bank said.

“Some of these issues relate to the practicalities of implementation, but also to legal and regulatory factors, and to the broader economic impact.”

One of the objectives of Project Khokha was to better understand how the South African Multiple Option Settlement (SAMOS) system would integrate with a DLT system. SAMOS is the current interbank settlement system provided by the Bank, allowing banks to settle their obligations in real-time.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top