tag:econsultancy.com,2008:/topics/security Latest Security content from Econsultancy 2017-11-07T15:24:00+00:00 tag:econsultancy.com,2008:BlogPost/69529 2017-11-07T15:24:00+00:00 2017-11-07T15:24:00+00:00 Could cryptojacking go legit and disrupt digital advertising? Patricio Robles <p>In cryptojacking, an attacker inserts malicious JavaScript code into a website. When a user visits the website, this code works to mine cryptocurrency like Bitcoin in the background without users ever knowing that their computers' processing power is being used to do so.</p> <p>Because processing power and the energy that fuels it are the biggest costs associated with cryptocurrency mining, cryptojacking is an increasingly attractive activity for cybercriminals. Since September, cryptojacking scripts have been found on a number of high-profile sites, <a href="https://www.theregister.co.uk/2017/10/10/cryptojacking/">including those operated by cable network Showtime and football star Ronaldo</a>.</p> <p>But while cryptojacking is almost wholly a criminal activity today, a growing number of observers are starting to ask whether cryptocurrency mining has the potential to solve two of the biggest challenges to the internet economy: consumer distaste of advertising and the rise of ad blockers.</p> <p>In simplest terms, here's how it would work: instead of seeing ads, users would pay publishers by allowing them to mine cryptocurrency through their browsers as they consume content on their sites.</p> <h3>The ultimate micropayment solution?</h3> <p>In effect, browser-based cryptocurrency mining could facilitate a no-touch micropayment model that functions entirely in the background and doesn't require any explicit action on the part of users. The more time they spend on a site, the more processing power they supply to a publisher for cryptocurrency mining, ensuring that their usage is correlated with their contribution.</p> <p>Obviously, there are numerous issues that would need to be addressed, including how to ensure that the mining scripts don't degrade performance.</p> <p>There's also the issue of whether or not cryptocurrency mining can be an adequate replacement for ad revenue. While Bitcoin and other cryptocurrencies have skyrocketed in value this year, they are still highly volatile and there's much debate about their long-term viability. If the value of cryptocurrencies plummets, it could kill the viability of the model.</p> <p>But after years of unrealized hype around micropayments, it's intriguing that cryptocurrency mining looks far more promising than the long list of <a href="https://econsultancy.com/blog/6765-can-paypal-crack-the-micropayment-mobile-payment-nuts">past micropayment attempts</a>.</p> <h3>The Google threat</h3> <p>Perhaps the biggest impediment to cryptocurrency mining as advertising alternative is the fact that the online advertising ecosystem is filled with powerful companies that have no interest in alternative revenue models that could diminish digital ads. These include major advertisers as well as dominant ad players like Google.</p> <p>In fact, Google <a href="https://www.bleepingcomputer.com/news/google/google-chrome-may-add-a-permission-to-stop-in-browser-cryptocurrency-miners/">is already exploring</a> adding a special browser permission to Google Chrome to deal with scripts that mine cryptocurrencies. While there's no reason to believe that this is motivated by anything other than a desire to protect users from cryptojacking, it nonetheless highlights the fact that Google, as the maker of one of the most popular browsers, theoretically could use its browser to defend its advertising business, something that <a href="https://econsultancy.com/blog/69150-google-contributor-what-you-need-to-know">some are already suggesting</a> it is doing as it prepares to roll out a built-in Chrome ad blocker.</p> <p>While one can only speculate about the potential for cryptocurrency mining to help support the digital content economy and provide an alternative to advertising, given the meteroic rise of cryptocurrencies in the face of years of skepticism, it seems appropriate to conclude that it's far too early to rule the possibility out.</p> tag:econsultancy.com,2008:BlogPost/69344 2017-09-28T10:00:00+01:00 2017-09-28T10:00:00+01:00 How to keep your brand safe in a programmatic world: A practical guide Ray Jenkin <p>Thought pieces and tips on tackling brand safety are often highly technical or go deep into the weeds on specific areas of brand safety technology, leaving those looking to make their first move a bit bewildered.</p> <p>This post provides advertisers and agencies with broad actionable steps they can take to start to define, implement and adjust protective measures, in light of both brand and business requirements.</p> <h3>1. Define your programmatic brand safety policy</h3> <p>A clear, unambiguous policy helps your vendor and agency partners execute brand safety measures more accurately and effectively. It is key to align your programmatic brand safety policy with your business goals, marketing goals, brand values and industry/sector considerations and then translate these into practical scenarios.</p> <p><img src="https://assets.econsultancy.com/images/0008/9236/safe.jpg" alt="" width="600"></p> <p>For example, having an airline appear alongside or in content linked to an aeroplane accident, terrorist attack or delay would not engender trust in the brand, but instead risk the brand's reputation through association and miscommunication.</p> <p>Understanding the tradeoffs of enforcing these policies and their impact on your marketing goals is vital. You’ve got to ask yourself if they are at odds, or if there is a compromise you are willing and able to make.</p> <p>When formulating and documenting your policy, ensure there is someone present with a good understanding of the programmatic buying landscape to provide input on the likely implications of enforcing a policy, on implementation, pricing and delivery of media.</p> <p>Don’t be scared to tweak it, learning as you go along; capturing updates will only reinforce your commitment. But be careful not to forget to share your policy with all your media delivery partners, especially with any amendments you may make – you and your partners should remain accountable.</p> <p>Additionally, strong communication, i.e. keeping your media delivery partners up-to-date, may prevent any costly misunderstandings.</p> <p>Lastly, in order to fully understand where success lies: when your brand is safe, find the right metrics to measure your policy. Calibrate the measurements with any historic data you may have, and be ready and willing to adjust based on guidance from agencies and vendors on industry benchmarks. For example, you may measure the percentage of blocked ads that fell into brand-sensitive categories.</p> <h3>2. Tips to help shape and enforce your policy</h3> <p>When shaping and enforcing your policy, consider your agency and/or vendor’s best practice and trade body memberships. Ask yourself, have the adtech vendors, programmatic trading partners and media owners you work with defined their own policies and frameworks to protect your brand? And are they audited and accredited by trade bodies such as JICWEBS in the UK and the Media Ratings Council (MRC) in the US?</p> <p>Additionally, to strengthen the implementation and enforcement of your policies, ensure any media partners are able to show how they will implement and enforce them, as well as comply with your metrics, measuring well against your standards. Having a holistic implementation and enforcement across a much wider audience will act as a testimony to your policy’s strength.</p> <p>It important to keep in mind what technology is being used by your vendors and agencies to ensure brand safety as well. A plethora of brand safety technology is now available to provide you with transparency on where your ads are being seen.</p> <p>Consider owning this adtech vendor relationship yourself so you can control and monitor your brand safety with more standardisation across your media plan. And for companies undertaking the programmatic media buying on your behalf, ask for their internal human processes on areas such as inventory selection, black and whitelisting, audit processes and peer review.</p> <p>Don’t underestimate the human element in the implementation of technology – when used efficiently it will do nothing but benefit you.</p> <p>Whether you own the demand side platform (DSP) relationship or your vendor or agency does, be sure to understand what that company does to filter the inventory before it becomes available for buying. Question how they categorise their inventory and what measures are built into their buying platforms to ensure your policy can be implemented – consistency amongst all operations, inside and outside of your company, is key!</p> <p>You should therefore also ensure your vendors are able to provide you with ongoing reporting and data to help you evaluate implementation – this will allow you to make adjustments and benchmark your policies on all fronts.</p> <h3>3. Implement internal and external measures to enforce your brand safety</h3> <p>Appoint someone to be accountable for programmatic brand safety.</p> <p>This person should lead on the distribution, implementation and adjustment of your policy, keep up-to-date with industry best practice and technological developments, measure vendors and agencies on their ability to adhere to your policy and respond in a timely and efficient manner when there is an extraordinary event such as negative press, a world event or controversial issue.</p> <p>Having someone accountable for programmatic brand safety will provide clearer lines of communication on a day-to-day basis, allowing for speed-to-market on brand related issues and acting as an incentive for said person to be an advocate for best practice inside and outside of your company.  </p> <h3>In conclusion... </h3> <p>The devil is in the detail, but building a clear framework of what your brand stands for, what your goals are and in turn what your brand safety policy should reflect means you can find the right partner fit across all areas of your media activity.</p> <p>Furthermore, these partners will then have a clearer idea of how they need to be prepared to work with you both through process and technology.</p> <p><em>For more on this topic, see:</em></p> <ul> <li><a href="https://econsultancy.com/admin/blog_posts/69344-how-to-keep-your-brand-safe-in-a-programmatic-world-a-practical-guide/edit/"><em>The CMO's Guide to Programmatic</em></a></li> <li><a href="https://econsultancy.com/blog/65677-a-super-accessible-beginner-s-guide-to-programmatic-buying-and-rtb"><em>A super accessible beginner’s guide to programmatic buying and RTB</em></a></li> <li><a href="https://econsultancy.com/blog/68650-the-future-of-programmatic-2017-and-beyond"><em>The future of programmatic: 2017 and beyond</em></a></li> </ul> tag:econsultancy.com,2008:BlogPost/69254 2017-07-20T09:44:00+01:00 2017-07-20T09:44:00+01:00 Four key digital challenges for IT leaders in 2017 Nikki Gilliland <p>Based on a sample of more than 500 IT leaders, here are a few key charts from the research, highlighting the biggest hurdles IT professionals currently face.  </p> <h3>1. Threat of security breaches</h3> <p>While technical skill is still a given, the role of senior executive within IT departments has evolved into something much broader, requiring a deeper understanding of business objectives. This also means creating a bridge between technology and other areas of the business such as HR, finance, and marketing. </p> <p>This focus on the wider customer experience has also led to the concept of the ‘chief integration officer’ – someone who is able to influence the overall strategic vision of a business. Following on from this, it is clear that the challenges faced by IT leaders are much more complex than they once were.</p> <p>Now, the threat of security breaches and cyber-attacks is cited as a key concern by 41% of respondents – higher than any other area.</p> <p>Perhaps unsurprisingly, executives at organisations with annual revenues exceeding £150m are more likely than their peers at smaller organisations to reference security as a major challenge.</p> <p><img src="https://assets.econsultancy.com/images/0008/7501/Security_attacks.JPG" alt="" width="780" height="535"></p> <h3>2. Finding the right mix of skills</h3> <p>Interestingly, it is larger organisations that cite lower levels of confidence in their digital skills mix, with just 58% agreeing that they are well-positioned in this area compared to 61% of smaller organisations. </p> <p>Similarly, European organisations seem less confident than their American and APAC counterparts. Talent availability is seen as more of a challenge than in other regions, with availability of individuals with the right mix of skills being cited as a top-three internal problem by more than 34% of European respondents.</p> <p>This is also the case when it comes to culture, with 61% of European respondents describing their company culture as "innovative, adaptable and undertaking a ‘fail fast’ approach". When compared with 68% of respondents saying the same for North America and 75% in APAC, it’s clear that Europe is still playing catch up.</p> <p><img src="https://assets.econsultancy.com/images/0008/7504/Skills_and_culture.JPG" alt="" width="739" height="618"></p> <h3>3. Escaping silos</h3> <p>In terms of internal barriers, it appears the age-old problem of organisational structure remains the biggest. 42% of executives cited frustration with departmental silos and bureaucratic processes, while 41% expressed frustration over integrating legacy systems with new tools and technologies.</p> <p>This is even more the case for larger organisations in Europe, with 52% of European respondents citing bureaucracy as a top internal barrier.</p> <p>Interestingly, while support from senior management is less of a concern, a lack of shared vision relating to the meaning of digital transformation appears to be sustaining conflict. Again, this challenge is slightly more evident in Europe, tying in with the aforementioned struggles of skills and culture.</p> <p><img src="https://assets.econsultancy.com/images/0008/7506/Silos.JPG" alt="" width="780" height="541"></p> <h3>4. Keeping abreast of innovation</h3> <p>With IT executives now expected to help drive marketing strategy, keeping ahead of major technologies connected to innovation is another growing challenge – especially for larger organisations.</p> <p>46% of executives at larger companies are more inclined to feel pressure regarding tracking technology and innovation trends compared to 36% of smaller company peers. Interestingly, IT executives appear to be looking outside of their organisations to keep abreast of technological innovation. More than half of respondents say they exploit technology content sites and webcasts and webinars.</p> <p>Lastly, the challenge to keep on top of innovation also extends to finding talent, with increasing importance in striking a balance between traditional technical knowledge and softer skills such as communication, co-operation and strategic thinking.</p> <p><img src="https://assets.econsultancy.com/images/0008/7508/Innovation.JPG" alt="" width="780" height="550"></p> <p><em><strong>Subscribers can download the full <a href="https://econsultancy.com/reports/2017-digital-trends-in-it/">2017 Digital Trends in IT Report</a>.</strong></em></p> tag:econsultancy.com,2008:BlogPost/69217 2017-06-29T17:14:00+01:00 2017-06-29T17:14:00+01:00 As WPP hit by cyberattack, brands need to pay more attention to agency security Patricio Robles <p>Like WannaCry, <a href="https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how">Petya</a> appears to be ransomware, as it encrypts files on infected computers and demands payment for access to be restored.</p> <h3>A very high-profile victim</h3> <p>One of the companies hit by Petya was the world's largest ad holding firm, WPP. In a statement, the company revealed that on June 27, "a number of WPP companies were affected by the ransomware attack that hit organisations around the world."</p> <p>WPP assured clients that it was working with its IT partners and law enforcement "to take all appropriate precautionary measures, restore services where they have been disrupted, and keep the impact on clients, partners and our people to a minimum."</p> <p><a href="http://www.adweek.com/agencies/wpp-cyberattack-serves-as-a-wake-up-call-to-agencies-and-cmos-alike/">According to</a> AdWeek, "staff at various offices left work early yesterday due to an inability to access their networks."</p> <p>In an internal memo, WPP chairman Sir Martin Sorrell tried to reassure staff that the cyberattack wasn't hurting the firm's business. "Many of you will have experienced significant disruption to your work. However, contrary to some press reports, WPP and its companies are still very much open for business," he told staff, adding that there was "no indication that either employee or client data has been compromised."</p> <h3>A new agency risk</h3> <p>Even if WPP emerges from this cyberattack with little more than a few nicks and scratches, the fact that it was affected at all by Petya should be of concern to brands that count agencies as some of their most important partners. After all, if a brand's agency is knocked offline, loses data or is otherwise compromised, it could affect clients in any number of ways, such as disruption to or delays of campaigns. </p> <p>As Michael Connolly, CEO of adtech firm Sonobi, <a href="http://adage.com/article/digital/wpp-ransomware-attack-smoke-screen/309614/">told AdAge</a>, "Any impact to an organization's infrastructure or operational ability...can have an impact on the ability to execute, particularly when data is involved." Data, of course, has become the lifeblood of digital advertising thanks in large part to the rise of programmatic.</p> <p>And there are a number of worst-case scenarios that could expose clients to even costlier crimes. For example, because agencies are privy to some of the most sensitive information of their clients, it's not inconceivable that agencies could be specifically targeted by groups who are aiming to extort or otherwise inflict damage on their clients by stealing, modifying or deleting client data.</p> <p>Seem far-fetched? Consider that this <a href="http://www.latimes.com/business/hollywood/la-fi-ct-hacking-disney-netflix-20170523-story.html">is exactly what is happening to Hollywood studios</a> on a now disturbingly frequent basis. Like brands, Hollywood studios rely heavily on third-parties, which out of necessity often have access to some of their most sensitive and valuable assets.</p> <h3>Agencies are ill-prepared</h3> <p>Unfortunately for brands, according to experts who spoke to AdWeek and AdAge, agencies are largely unprepared to deal with cyber threats like Petya. </p> <p>According to Tom Pageler, chief risk officer and chief information security officer at global information services provider Neustar, agencies are "probably doing the minimum versus other, more heavily regulated industries like financial services that deal with critical data."</p> <p>The news isn't all bad, however. "The industry realizes that they’re really not where they need to be," he stated, and in the the wake of the Petya attack, Pageler is already seeing signs that companies are trying to catch up. He predicts WPP specifically will soon announce the hiring of a big security vendor.</p> <p>But while agencies have a lot of work to do, brands must also recognize that they share with their partners responsibility for cybersecurity. They can't just demand that their agencies own the cybersecurity challenge. Instead, they need to better educate themselves, take an active role in establishing and enforcing data security policies that their agencies are required to adhere to, and take steps to ensure that they're not creating vulnerabilites themselves.</p> tag:econsultancy.com,2008:BlogPost/68867 2017-03-06T11:49:00+00:00 2017-03-06T11:49:00+00:00 Q&A: Direct Line’s MD on the marketing team of the future Nikki Gilliland <p><img src="https://assets.econsultancy.com/images/0008/4369/Mark_Evans.png" alt="" width="380" height="248"></p> <p>Here’s what he had to say.</p> <h4><strong><em>Econsultancy:</em> What are the main challenges you are facing today in regards to team structure? What keeps you up at night?</strong></h4> <p><em>Mark Evans:</em> The biggest challenge most marketing teams currently face in a fast-changing world is how to structure for success. At Direct Line Group we have very deliberately re-shaped the team in recent years to maintain our edge. The result is a cohesive team of specialists that fully understand the benefits of integration and embrace working across silos.</p> <p>Today more than ever, it’s crucial to have a shared sense of purpose and accountability in order to address marketing challenges. At Direct Line we have fused together teams to bridge typical divides: propositions and communications, customer management and customer experience, social and PR, insight and marketing effectiveness.</p> <p>As a consequence, the heads of each of these four broadened teams have really big strategic roles, which ensures that we can move at greater pace where we previously faced mobilisation and prioritisation issues, ultimately leading to a more dynamic and effective function overall.</p> <h4><strong><em>E:</em> How have you developed your marketing team to make it ready for the changing digital landscape?</strong></h4> <p><em>ME:</em> With the majority of our business happening on digital channels, we continue to invest heavily in ensuring everyone in our team (and the wider business) is digitally savvy. Within the marketing team, we’ve already made some significant changes to ensure digital runs through the heart of everything that we do.</p> <p>Consequently, we now run every campaign in a fully integrated way from the outset. An example of this was our recent Emergency Plumber campaign which stretched from traditional TV all the way through to a number of digital firsts.</p> <p><iframe src="https://www.youtube.com/embed/8MMYuGrROao?wmode=transparent" width="560" height="315"></iframe></p> <h4><strong><em>E:</em> How much as has your org chart changed in the past three years?</strong></h4> <p><em>ME:</em> The evolution of the Direct Line marketing team has been extensive over the past three years. We have grown organically into a "full-service" marketing function incorporating accountability for social, PR, customer experience, and proposition development. Digital has also grown in prominence, not least as we have in-sourced some aspects of the model.</p> <p>More broadly though, we have invested in a progressive culture whereby the structure of the team itself becomes less relevant as we form more liquid cross-functional teams to attack specific challenges. For example, the creation, build and launch of the Shotgun brand which aims to save young drivers' lives was run as an agile process from the outset. </p> <h4><strong><em>E:</em> What skills do you look for when hiring senior team members and why?</strong></h4> <p><em>ME:</em> We are passionate about developing talent from within so the majority of our senior team members come up through promotion rather than being brought in from elsewhere. However, regardless of where our senior talent comes from, the core qualities that we look for are curiosity, collaboration and a desire to take personal accountability.</p> <p>Broadly, this translates into an ability to spot the gap, the conviction to go for it, and the emotional intelligence to do so in the right way.</p> <h4><strong><em>E:</em> Similarly, what skills do you think grads and young marketers should look to acquire?</strong></h4> <p><em>ME:</em> From my perspective, the key for graduates and young marketers is to be voracious to learn. At Direct Line we look to fast track learning by putting our grads through rotations to give them the broadest base of business knowledge.</p> <p>This was the process that I benefited from at Mars, moving through different functions, different operating units, and even different countries in the early years in order to maintain the steepest possible learning curve. It was a rude awakening working on a pet food production line for my second rotation but gave me a huge insight into leadership at a very early stage.</p> <p>To state the obvious, having exposure to several areas of the business provides perspective that translates into impact and gravitas. Ultimately if you aspire to move into bigger leadership roles, then you need to build the broadest possible foundations in order to survive inevitable personal earthquakes.</p> <h4><strong><em>E:</em> What is Direct Line’s approach to training and development? How does your team learn new skills and innovate?</strong></h4> <p><em>ME:</em> Training and development is a massive focus for us, again a legacy from spending a decade at Mars where personal development was very highly valued. We are committed to long-term development and so are constantly looking for new approaches.</p> <p>An example of this is that for the last three years every employee has had their own personal training budget (total training spend for the team divided by total FTE) to use as they see fit to improve themselves.</p> <p>This empowerment leads to greater personal ownership and as long as the money is spent in a way that is coherent with the individual's personal development plan then it leads to a better outcome for the individual and therefore also for the organisation.</p> <p><em><strong>Don't forget to sign up for <a href="http://www.marketingweeklive.co.uk/">Marketing Week Live</a> on March 8-9 in London.</strong></em></p> tag:econsultancy.com,2008:BlogPost/68693 2017-01-11T14:46:00+00:00 2017-01-11T14:46:00+00:00 The importance of the blockchain: The second generation of the internet Nick Hammond <p>The profile of bitcoin (powered by a blockchain network) has often masked the <a href="https://www.businessesgrow.com/2016/07/20/blockchain-101/">rising importance and relevance of the underlying blockchain technology</a>, but this is changing rapidly.</p> <p>One perspective is that the blockchain is the ‘second generation of the internet’.</p> <p>According to an article <a href="http://raconteur.net/business/the-future-of-blockchain-in-8-charts">published on Raconteur</a>, ‘The first generation brought us the internet of information. The second generation, powered by blockchain, is bringing us the internet of value; a new, distributed platform that can help us reshape the world of business and transform the old order of human affairs for the better. But like the internet in the late-1980s and early-1990s, this is still early days.’<a href="http://raconteur.net/business/the-future-of-blockchain-in-8-charts?utm_source=pardot&amp;utm_campaign=wed50117&amp;utm_medium=email"><br></a></p> <p>The initial paper regarding bitcoin (and blockchain) entitled <a href="https://bitcoin.org/bitcoin.pdf">Bitcoin: A Peer-to-Peer Electronic Cash System (2008)</a> was authored by a mysterious individual, likely a pseudonym, going under the name of Satoshi Nakamoto.</p> <p>While the original paper was written with financial transactions in mind, blockchain has far wider potential. Time will tell, but it may be that Nakamoto’s paper will have ramifications on a par with Tim Berners-Lee’s innocuously titled 1989 paper <a href="http://info.cern.ch/Proposal.html">Information Management: A Proposal</a>.</p> <p><iframe src="https://www.youtube.com/embed/Gc2en3nHxA4?wmode=transparent" width="560" height="315"></iframe></p> <p>In December 2015, the UK government’s Chief Scientific Adviser, Sir Mark Waldport, stated in his report <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/492972/gs-16-1-distributed-ledger-technology.pdf">Distributed Ledger Technology: beyond blockchain</a>, that: ‘The technology [blockchain] offers the potential, according to the circumstances, for individual consumers to control access to personal records and to know who has accessed them.’  </p> <p>Canadian writers and researchers, Alex and Don Tapscott, authors of the recent book <a href="https://www.amazon.co.uk/d/Books/Blockchain-Revolution-Technology-Behind-Bitcoin-Changing-Business/1101980133">Blockchain Revolution</a>, believe that the blockchain goes way beyond the second coming of the internet. The pair, like so many others, stumbled across blockchain via the bitcoin association, quickly realising the genie is out of the bottle. </p> <p>Alex Tapscott observes, ‘With blockchain technology, a world of possibilities has opened and we now have a true peer-to-peer platform that enables personal economic empowerment. We can own our identities and our personal data; we can do transactions, creating and exchanging value without powerful intermediaries acting as the arbiters of money and information.’</p> <p>The blockchain, essentially a database and a giant network, known as a distributed ledger, records ownership and value, and allows anyone with access to view and take part. The asset database can be shared across a network of multiple sites, geographies or institutions. All participants within a network can have their own identical copy of the ledger. Any changes to the ledger are reflected in all copies, like a Google doc. </p> <p>The blockchain is currently having its biggest impact in financial services, with the largest changes caused by infrastructures using blockchain APIs, which are delivering in the areas of speed in data processing, transparency (amongst the right people) and security. </p> <p>But what does the blockchain mean for businesses outside of the financial sector? The answer lies in the areas of - privacy/information control, disintermediation, and business processes. </p> <p>As mentioned above, the blockchain offers consumers opportunity to achieve greater control over their information. This will impact on most organisations, as they increasingly rely on the acquisition and application of customer data.</p> <p>The importance of privacy is obviously a sensitive issue. One current solution for consumers is the selection of ephemeral applications like Snapchat and encrypted messaging, but the future might lie in the anonymity of blockchain technologies. </p> <p>Another change will affect business sectors where there are many intermediaries, for example travel and tourism. Here, the blockchain’s ability to simplify and speed up interactions, will likely lead to a process of dis-intermediation.</p> <p>Current examples of businesses and categories active in the blockchain include: Peer-to-peer payments (Abra, BTC Jam), <a href="https://econsultancy.com/blog/68612-how-the-internet-of-things-will-fundamentally-change-marketing/">internet of things</a> (Chimera-Inc, Filament), collaborative transport (La’Zooz, Arcade City) and online gaming (Auckur, SatoshiDice).</p> <p>As the number of applications that utilize blockchain technology increases, so will its relevance. Not only will we be selling products through the blockchain, but marketing companies that run off it as well.</p> tag:econsultancy.com,2008:BlogPost/68500 2016-11-08T14:39:57+00:00 2016-11-08T14:39:57+00:00 Will the Tesco Bank attack dent trust in startup banks? Patricio Robles <p>Like many banking upstarts, Tesco Bank is competing on experience, a largely digital focus and rates. Unlike most upstarts, it has the power of a huge non-banking brand behind it.</p> <p>While Tesco Bank is far from a banking behemoth, it has managed to build a profitable business with its customer base exceeding 7m.</p> <p>But now, all of its gains are threatened by "a systematic, sophisticated attack" that affected 40,000 of the banks 136,000 current accounts and led to money being taken from more than 20,000 of them.</p> <p>The Evening Standard called it "the most serious hack on the UK banking sector in recent history." </p> <p>In response, Tesco Bank has blocked online debit card payments and says that it will reimburse any losses from the apparent hack. "Customers are not at financial risk," Higgins has reassured customers.</p> <h3>A game-changer</h3> <p>While cybercrime targeting financial accounts has become commonplace, the Tesco Bank attack is noteworthy for a couple of reasons.</p> <p>First, while Tesco Bank is pointing out that relatively small amounts of money were taken from most accounts, the means by which a large number of accounts were apparently compromised is concerning. As the BBC <a href="http://www.bbc.com/news/business-37891742">explained</a>...</p> <blockquote> <p>...what is different is that it involves tens of thousands falling victim in a 24-hour period to what appears to be an automated process, rather than individuals clicking on links in phishing emails or having their details stolen after downloading malicious software.</p> <p>That could involve the attackers exploiting a vulnerability in the bank's website - or even gaining physical access to a branch and then the central systems.</p> </blockquote> <p>Second, customers are not happy with Tesco Bank's response. Affected customers reported difficulties in reaching customer service, and some who were able to reach customer service agents were apparently told that they would have to wait days for a resolution. </p> <blockquote class="twitter-tweet"> <p lang="en" dir="ltr"><a href="https://twitter.com/tescobankhelp">@tescobankhelp</a> <a href="https://twitter.com/TescoBankNews">@tescobanknews</a> My available balance has gone down by £700 without making a tx. I cannot get through by phone!!!</p> — Christopher Mills (@chrismi1) <a href="https://twitter.com/chrismi1/status/795222803628883968">November 6, 2016</a> </blockquote> <p>Even though branchless banks like Tesco Bank pride themselves on the 24/7 access they provide customers via phone, web and mobile apps, this incident highlights the fact that otherwise sufficient support networks might not be adequate when crisis strikes.</p> <h3>A possible setback for upstart banks, but what about fintech?</h3> <p>Already, observers <a href="https://www.ft.com/content/5e5e6778-a4d1-11e6-8b69-02899e8bd9d1">like The Financial Times's Claer Barrett</a> are questioning whether the Tesco Bank attack will bolster trust in high street banks at the expense of startups.</p> <p>While she points out that major high street banks are also vulnerable to security breaches, and big banks are <a href="https://econsultancy.com/blog/68334-wells-fargo-scandal-shows-why-banks-are-vulnerable-to-fintech-startups">not immune to reputation-threatening scandals of their own</a>, this incident could create a perception problem for the Tesco Banks of the world.</p> <p>Given that <a href="https://econsultancy.com/blog/68240-78-of-mobile-banking-customers-are-satisfied-with-the-service-stats/">78% of mobile banking customers are satisfied with the service</a>, if big banks can convince consumers that they're more secure, or let the failures of their startup competitors do that for them, it could make it much more difficult for Tesco Bank and others to lure consumers with promises of better experiences, lower fees and/or higher rates.</p> <p>Whether the Tesco Bank attack has an impact beyond the banking sector remains to be seen. Some <a href="https://www.bloomberg.com/gadfly/articles/2016-11-07/tesco-bank-hack-will-be-warning-to-fintech-s-upstarts">suggest that</a> "the fallout will be felt across the wider fintech industry," but while security is an issue for all financial service providers, there's arguably less risk in other sectors that have been targeted by fintech startups.</p> <p>For example, fintech players focused exclusively on markets like lending face very different risks, and few markets are arguably as sensitive to security as banking.</p> <p>So while it's possible that the Tesco Bank incident will cause consumers to think twice about doing business with a young fintech company, the effects will probably remain most pronounced in the market for bank challengers.</p> tag:econsultancy.com,2008:BlogPost/67911 2016-06-14T14:22:59+01:00 2016-06-14T14:22:59+01:00 How often your website needs a security audit & what you need to check Bart Mroz <p>In fact, President Obama recently stated that <a href="https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know">hacking of U.S. businesses</a> is an increasing threat and provided information on how to better protect against attacks.</p> <p>Still, most companies conduct a security audit and backup only when they absolutely have to.</p> <p>Little do they know that hacking today is more present and sophisticated than ever, so website security testing is no longer an option, it is a necessity.</p> <p>The question of how often you should conduct a website security audit is vague.</p> <p>Ideally, you should download a security system that manages this for you and verifies your site’s safety automatically so that you do not have to worry about upkeep.</p> <p><em>Security</em></p> <p><img src="https://assets.econsultancy.com/images/0007/5873/security.jpg" alt="" width="558" height="458"></p> <p>Additionally, there are various security-related tasks you should keep in mind when taking preventive action to secure your website against malicious attacks.</p> <p>Here are a few ways to stay ahead:</p> <h3><strong>Regular scanning</strong></h3> <p>Check your website regularly and test all links to ensure identity thieves and hackers have not introduced malware into advertisements, graphics or other content provided by third parties.</p> <p>Unique pieces of malware were <a href="http://www.cnbc.com/2016/04/11/three-fourths-of-websites-are-at-risk-of-malware-study.html">up 36% last year</a> so you need to schedule monthly or even weekly scans.</p> <p>If a link has been compromised then your customers can be the target of bait links which lead to major problems that you do not want to be accountable for.</p> <h3><strong>Penetration testing</strong></h3> <p>If you store any type of valuable information such as customer contact information, transactional data or proprietary information, these are all high-value targets for hackers.</p> <p>Consider hiring cybersecurity consultants or ethical hackers to identify vulnerabilities in the code that basic software security programs alone cannot discover.</p> <p>Companies that did this in a study by WhiteHat Security saw a <a href="https://info.whitehatsec.com/rs/whitehatsecurity/images/2015-Stats-Report.pdf">decrease of 65% in vulnerabilities</a>. In today’s increasingly connected world, it is important to preemptively find weaknesses before hackers do.</p> <h3><strong>Integrating advanced security apps</strong></h3> <p>While you should never keep unnecessary customer data on the backend of your site, it is smart to utilize the right application scanning tools to help you identify vulnerabilities in your system.</p> <p>These should identify everything from <a href="https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29">Cross-Site Scripting (XSS)</a> to vulnerabilities inside debug code and leftover source code that could put your data and your customers’ confidential data at risk.</p> <p>There are advanced threat protection apps from security companies such as Symantec that you can use to check your website’s security; it runs through every aspect of your website without disrupting service so your users are still able to navigate smoothly.</p> <p>While running in the background, these programs periodically check to make sure that your site remains functional and intact.</p> <p>Some common security threats that your security app should be checking include:</p> <ul> <li>SQL Injection</li> <li>XSS (Cross-Site Scripting)</li> <li>File Disclosure</li> <li>Remote File Inclusion</li> <li>PHP/ASP Code Injection</li> <li>Directory Traversal</li> </ul> <h3><strong>Why go secure?</strong></h3> <p>Having a secure website can help you in many ways. Other than just giving you peace of mind, it will also make your customers feel much safer during their visits – which is especially true for ecommerce sites that are high risk. </p> <p>According to TNS Research, common customer concerns include:</p> <ul> <li>87% of online shoppers are concerned about credit card fraud</li> <li>85% of shoppers are concerned about identity theft</li> <li>83% are concerned about sharing personal information</li> <li>77% are concerned about spyware</li> </ul> <h3><strong>Don’t underestimate the dangers</strong></h3> <p>Many site owners believe that viruses usually hit personal computers so securing their websites is not a priority.</p> <p>However, having a site taken down by malicious activity can cost you thousands of dollars and large quantities of important data, not to mention lost sales and customer confidence.</p> <p>About <a href="http://www.scmagazine.com/whitehat-security-release-website-security-statistics-report/article/416402/">55% of retail sites</a> are “always vulnerable”, meaning that they are at serious risk of getting hacked by criminals. Maintaining normal and reasonable security is not expensive but getting hacked is.</p> <p>Regularly checking the security of your website with an audit is an essential part of operating a successful website that is safe from malicious threats.</p> <p>The dangers are interminable and the downfalls that can come from getting attacked can be very costly. If you haven’t already taken steps to increase your website’s security, now is the time.</p> <p>If done correctly, it will help protect both you and your customers from attacks.</p> <p>The time you save from preemptive measures is worth far more than the amount of time that you’ll invest to resolve a security threat when it occurs.</p> <p>Most importantly, you’ll be able to sleep well at night knowing that your website is as secure as can be.</p> tag:econsultancy.com,2008:BlogPost/67718 2016-04-14T11:01:52+01:00 2016-04-14T11:01:52+01:00 Key trends in online identity verification (so everybody knows you're a dog) Danny Bluestone <h3>Using our ‘real’ identities online</h3> <p>Online anonymity is waning. A user’s digital behaviour never used to be closely connected across the web, nor did it connect to their offline lives.</p> <p>Technically, there were also fewer plug-and-play solutions like <a href="https://econsultancy.com/blog/61911-the-pros-and-cons-of-a-facebook-login-on-ecommerce-sites/">Facebook Connect</a>, which can follow and connect users’ activities across the Internet. </p> <p>The desire for anonymity hasn’t completely disappeared. But, as the social web has grown, people have become happier to use their ‘real’ identities online. Some social networks are even throwing their influential power behind ‘authentic’ identities to make their platforms more credible and secure.</p> <p>For instance, Twitter issues verified account status to key individuals and brands who are highly sought after. This helps users differentiate and validate if specific accounts are credible. </p> <p>Furthermore, the boundaries between social and commercial websites are blurring. Some users submit real-name <a href="https://econsultancy.com/blog/67117-analysing-amazon-s-palliative-approach-to-fake-reviews/">reviews on Amazon</a> and other ecommerce sites like Etsy, where authenticity can increase sales by generating confidence from customers. </p> <p><em>"<a href="https://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_you%27re_a_dog">On the internet, nobody knows you're a dog</a>"</em></p> <p><img src="https://assets.econsultancy.com/images/0007/3930/dog.jpg" alt="dog" width="500"></p> <h3>The rise of identity verification services</h3> <p>So, identifying people online – and confirming that information against their ‘real’ selves – is becoming increasingly important. </p> <p>Verification is required by a surprising amount of digital businesses: from purchasing products and applying for services, to social networking platforms, where users’ authenticity is built into the experience.</p> <p>It’s consequently no surprise that the technology behind identity verification services is constantly evolving, while balancing two critical, and often competing, factors: security and user experience.</p> <p>Last year alone ecommerce fraud <a title="rose by 19%" href="http://www.infosecurity-magazine.com/news/uk-online-banking-fraud-soars-64/" target="_blank">rose by 19%</a> and online banking losses soared by 64%, compared to 2015. High-profile <a href="https://www.marketingweek.com/2015/10/30/the-talktalk-hack-shows-why-every-brand-must-take-customer-data-seriously/">data breeches at TalkTalk</a> and Sony have made consumers more aware of the security threats.</p> <p>Yet users are still incredibly fickle. They will go elsewhere if the verification stage of a purchase or online account setup is too lengthy or rigid regarding which proofs of identification are acceptable. </p> <p><em>TalkTalk website</em></p> <p><img src="https://assets.econsultancy.com/images/0007/3932/Screen_Shot_2016-04-14_at_10.36.35.png" alt="talktalk" width="615"></p> <h3>Trends in verification solutions</h3> <p>Exposing more personal information about ourselves and revealing our true identities online opens up great opportunities and risks. Organisations must navigate (and mitigate) these for their users.</p> <p>Consequently, a number of solutions have emerged to validate who we are online.</p> <p><strong>Two-Step Verification</strong></p> <p>Creating a username and password to access specific websites is the most familiar online identity system. But, we’ve known it’s a broken process for years. </p> <p>It’s too difficult to create and manage unique, elaborate passwords for each online account we have. And even the idea that a ‘strong password’ can protect us is now a fantasy, with hackers regularly breaking into computer systems and releasing username and password data.</p> <p>Worse than this, plenty of us <a title="daisy-chain accounts" href="http://www.wired.com/2012/11/ff-mat-honan-password-hacker/all/" target="_blank">daisy-chain accounts</a> to our main email address; creating a single point of failure for hackers to exploit, gaining entry to countless more with ease. </p> <p>The most common solution is two-factor authentication: requesting knowledge (such as an alphanumerical ‘secret’) and possession (adding a physical level) for a user to verify themselves. Cash machines were the original implementation of this idea, requiring possession of a physical card and remembering a secret PIN. </p> <p>The trick is establishing a second, physical authenticator that is secure, but doesn’t inconvenience the user.</p> <p>For example, many companies have avoided the delay and cost of issuing unique physical tokens (such as a key fob, or card reader); instead, asking users to add a mobile contact number and enter unique codes sent via SMS. </p> <p><img src="https://assets.econsultancy.com/images/0007/3931/Screen_Shot_2016-04-14_at_10.27.47.png" alt="two step verification" width="615"></p> <p><strong>Biometric Verification</strong></p> <p>Biometric technology can streamline the second step in two-factor authentication. Fingerprint data is the clear favourite, as a particularly elegant solution for unlocking smartphones.</p> <p>Promoted by Apple and Samsung, it requires investment from device manufacturers to install the sensors and secure partners willing to use the channel for purchase, like PayPal. </p> <p>Concerns about storing such sensitive data has been addressed with both companies storing an encrypted mathematical model instead of the fingerprint images. But as a <a title="Mashable hack" href="http://mashable.com/2013/09/25/video-hack-apple-touch-id/#KhNkh0x3zZqo" target="_blank">Mashable hack</a> revealed, people leave copies of their fingerprints everywhere – and lifting a copy can be used to unlock devices. </p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3706/econsultancy-touchid3-blog-flyer.jpg" alt="" width="470" height="265"></p> <p><em>To set up Apple’s TouchID, users repeatedly tap the phone’s sensor so it can map a single fingerprint that will unlock the phone. </em></p> <p>Some businesses are even exploring more outlandish models. Amazon recently filed a patent application for <a title="payment by selfie" href="http://www.independent.co.uk/news/business/news/amazon-files-patent-to-offer-payment-with-a-selfie-a6931861.html" target="_blank">payment by selfie</a>.</p> <p>Preventing fraudsters using a photo to pose as another, the proposed system would involve its own two-step process. One photo would be taken to confirm identity. Users would be asked to subtly adjust their position, then a second photo would ensure their proximity to the device.</p> <p>MasterCard has already trialled facial recognition technology, ensuring users are actually there with a blink instead. 83% of those tested believed it felt secure.</p> <p>The company has even proposed <a title="heartbeat recognition" href="http://www.theverge.com/2016/2/23/11098540/mastercard-facial-recognition-heartbeat-security" target="_blank">heartbeat recognition</a> as an alternative, integrating sensors that can read people’s electrocardiogram, or the unique electrical signal their heart produces.</p> <p> <img src="https://assets.econsultancy.com/images/resized/0007/3695/econsultancy-mastercard-blog-flyer.jpg" alt="" width="470" height="267"></p> <p><em><a title="MasterCard's selfie pay system" href="http://newsroom.mastercard.com/latin-america/photos/mastercard-identity-check-selfie-pay-en-mobile-world-congress/" target="_blank">MasterCard’s selfie pay system</a> was available to test at Mobile World Congress, Barcelona. </em></p> <h3>National service verification</h3> <p>Demand for access to government services online is rising – but verification is particularly critical for national schemes.</p> <p><a title="CitizenSafe" href="https://www.citizensafe.co.uk/" target="_blank">CitizenSafe</a>, one of <a href="https://econsultancy.com/blog/65774-gov-uk-the-government-s-website-is-better-than-yours/">GOV.UK</a>’s certified identity verification providers commissioned a <a title="YouGov survey" href="http://digitalmarketingmagazine.co.uk/digital-marketing-news/govuk-verify-partner-citizensafe-launches-consumer-awareness-campaign-with-cyber-duck/3239" target="_blank">YouGov survey</a> that found 61% of full-time workers (and 64% students) believed online identity verification was the most convenient option for them. </p> <p>Hailed by the UN for providing the world’s best e-Government content, <a title="Estonia's service provision" href="http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/" target="_blank">Estonia’s service provision</a> rests on centralised unique personal identification codes, given at birth. Microchipped ID cards with this code enable users to sign things online and use a range of digital services from online banking to voting.</p> <p>But, such comprehensive nationalised schemes have faced concerns from privacy and civil liberties groups.</p> <p>Instead, countries like the UK and US are adopting a verification approach that checks who the user is against physical sources, such as passports, utility bills or drivers licence. These sources aren’t centrally stored, so no department or individual knows everything about you.</p> <p>Transitioning from public beta to live next month, <a title="GOV.UK Verify" href="https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify" target="_blank">GOV.UK Verify</a> is the UK’s solution to accessing national services easily (yet securely) online. GOV.UK certified a variety of identity verification companies, like CitizenSafe, to verify users’ identities on the Verify portal. </p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3704/govukverify2-blog-flyer.jpg" alt="" width="470" height="255"></p> <p><em><a title="GOV.UK Verify" href="https://identityassurance.blog.gov.uk/2016/04/06/new-certified-companies-now-connected-to-gov-uk-verify/" target="_blank">GOV.UK Verify</a> empowers you to choose from a range of certified companies to verify your identity. </em></p> <p>Users complete the online verification process just once to create an account they can use to quickly and easily access a multitude of government services, such as tax returns, benefits and allowances. </p> <p>Furthermore, two-factor authentication is used when users login to their online account, needing to enter a user ID and password as well as a code sent to a stored phone number.</p> <h3>New data storage solutions</h3> <p>Whatever identification solution is used, a critical question remains around how personal data is stored to safeguard it against hackers.</p> <p>Even if hackers can’t access your credit card details, obtaining your home address, date of birth, contact details and other personal data could give them enough to access, change or use a multitude of your online accounts, posing a serious risk.</p> <p>One of the recent solutions to overcome this issue is blockchain technology. Initially developed as a ledger for bitcoin transactions, blockchain is an incredibly secure distributed database where no single organisation (or individual) holds all information.</p> <p>Blocks of data are added sequentially, embedded using a ‘hash’ of the block just before it. CoinDesk explains how this acts as a <a title="digital version of a wax seal" href="http://www.coindesk.com/information/how-bitcoin-mining-works/" target="_blank">'digital version of a wax seal’</a>, confirming data is legitimate and hardening the chain against tampering and revision.</p> <h3>Summary</h3> <p>Connecting our digital services and activities with our ‘real’ offline identities has significant implications for our safety.</p> <p>Leveraging the myriad of new technologies and systems available, businesses have some choice and must balance the security of user data with providing a seamless service, or users will look elsewhere. </p> <p>Whatever approach you choose, communication with customers throughout their experience is the key. For instance, users may be reluctant to give you their mobile number during an <a href="https://econsultancy.com/blog/64385-how-to-attract-registrations-without-creating-a-barrier-to-checkout/">online sign-up</a> if you don’t explain that it’s for a two-step identity verification process that will protect their identities.</p> <p>Carefully considered communication, on the other hand, is likely to make users tolerate a slightly more elaborate on-boarding process in the interest of keeping their data safe.</p> tag:econsultancy.com,2008:BlogPost/67549 2016-02-23T00:04:00+00:00 2016-02-23T00:04:00+00:00 What are VPNs & why are they so important in Asia? Jeff Rajeck <ul> <li>Indonesia <a href="http://www.bbc.com/news/world-asia-35594617">recently banned 477 websites</a>, including Tumblr.</li> <li>China blocks Google, Facebook, Twitter, and many other Western sites using the 'Great Firewall of China'.</li> <li>And because of licensing issues, TV and movies which are widely available in North America and Europe are inaccessible in Asian countries. </li> </ul> <p><img src="https://assets.econsultancy.com/images/resized/0007/2096/great-firewall-blog-flyer.png" alt="" width="470" height="243"></p> <p>But, as with many things in Asia, where there is a will, there is a way around it.  And in this case, <strong>it's the virtual private network (VPN).</strong></p> <h3>What is a VPN?</h3> <p>A VPN is a way for people to connect to the internet which makes it look like their computer is somewhere other than the place it is.</p> <p>It was traditionally a way for employees to access their corporate network from home. The employee would log their home computer into a VPN and it would appear to other computers on the company network that it, too, was in the building.</p> <p>But recently it's become more popular with tech-savvy media hunters hungry for TV and movies which are not yet available in their home country.</p> <p>People all over Asia subscribe to VPN services and now enjoy Netflix like the Americans, BBC like the British, and live sports globally, wherever they are shown.</p> <p>And as more sites are being blocked by various Asian countries, it seems that web surfing and social media will also be a popular reason to sign up for a VPN service.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/2097/vpn-blog-flyer.png" alt="" width="470" height="307"></p> <h3>Are VPNs difficult to use?</h3> <p>For the uninitiated, using a VPN simply involves installing software on your computer, configuring your browser, or downloading an app.</p> <p>And once the VPN is set up, it's just a matter of paying a small subscription fee to the service and you are then, virtually, in the country of your choice.</p> <p>There are free options as well, though these are typically far less reliable.</p> <h3>How popular are VPNs?</h3> <p>It is difficult to say. Both providers and users have a vested interest in not letting anyone know what they are doing!</p> <p>GlobalWebIndex, a digital consumer research company, <a href="https://www.statista.com/chart/3719/share-of-internet-users-who-use-vpns/">published survey results in 2014</a> and found that usage widely varied from country to country.</p> <p>Western countries had low adoption of VPNs, with the US being typical at around 3%.</p> <p>In Asia, however, nearly one in five Chinese (19%) used a VPN and in Indonesia it was nearly one in four. There are also other reports which show much higher usage rates.</p> <p><img src="https://assets.econsultancy.com/images/0007/2098/VPNusers.PNG" alt="" width="455" height="474"></p> <p>And any search on 'VPNs in &lt;country&gt;' will reveal a lively discussion between local netizens on which VPN service offers the best rate for the fastest download speed and, almost inevitably, how well Netflix works on it.</p> <h3>What does this mean for brands?</h3> <p>It's quite clear that for publishers and media producers this means that country-based licensing agreements are being systematically breached by people all over the world.  </p> <p>Publishers need to either work on blocking VPN access to their content or find a way to deliver licensed content globally.  </p> <p>Netflix recently worked out an agreement with over 100 countries.</p> <p><strong>It's less clear, however, what it means for brands.  </strong></p> <p>For brands who are advertising on this 'leaky' media, VPNs are a mixed blessing. </p> <p>If the brand is international and offers its products fairly universally across the globe, then this is not necessarily a bad thing.  </p> <p>Its product is now being associated with media that is so valuable to people that they are willing to go to great lengths to consume it.</p> <p>But for brands who target its products regionally, having its ads viewed via a VPN can, at best, send mixed messages to consumers and, at worst, possibly make them feel ripped off in their home countries.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/2099/mcdonalds-dollar-menu-blog-flyer.jpg" alt="" width="470" height="460"></p> <h3>So what can brands do?</h3> <p>Start by just being aware that many people in Asian countries, and elsewhere, consume Western media like Westerners.  </p> <p>Then, when buying media, brands can ask questions about the number of consumers who are likely to be coming in through a VPN and their country of origin.</p> <p>If the brand is global or works with a global agency, then counterparts in the Asian countries may know what TV shows or Western sites are popular, yet unavailable, in the country.  </p> <p>There could be an opportunity for a brand to tell its story in a unique way to its 'forbidden' fans.</p> <p>For the most part, though, brands are just going to have to get used to this sort of random, global distribution of media.  </p> <p>Information, as they say, wants to be free and any attempt to keep your messaging contained to a particular geography will almost certainly not work.</p>