tag:econsultancy.com,2008:/topics/security Latest Security content from Econsultancy 2017-01-11T14:46:00+00:00 tag:econsultancy.com,2008:BlogPost/68693 2017-01-11T14:46:00+00:00 2017-01-11T14:46:00+00:00 The importance of the blockchain: The second generation of the internet Nick Hammond <p>The profile of bitcoin (powered by a blockchain network) has often masked the <a href="https://www.businessesgrow.com/2016/07/20/blockchain-101/">rising importance and relevance of the underlying blockchain technology</a>, but this is changing rapidly.</p> <p>One perspective is that the blockchain is the ‘second generation of the internet’.</p> <p>According to an article <a href="http://raconteur.net/business/the-future-of-blockchain-in-8-charts">published on Raconteur</a>, ‘The first generation brought us the internet of information. The second generation, powered by blockchain, is bringing us the internet of value; a new, distributed platform that can help us reshape the world of business and transform the old order of human affairs for the better. But like the internet in the late-1980s and early-1990s, this is still early days.’<a href="http://raconteur.net/business/the-future-of-blockchain-in-8-charts?utm_source=pardot&amp;utm_campaign=wed50117&amp;utm_medium=email"><br></a></p> <p>The initial paper regarding bitcoin (and blockchain) entitled <a href="https://bitcoin.org/bitcoin.pdf">Bitcoin: A Peer-to-Peer Electronic Cash System (2008)</a> was authored by a mysterious individual, likely a pseudonym, going under the name of Satoshi Nakamoto.</p> <p>While the original paper was written with financial transactions in mind, blockchain has far wider potential. Time will tell, but it may be that Nakamoto’s paper will have ramifications on a par with Tim Berners-Lee’s innocuously titled 1989 paper <a href="http://info.cern.ch/Proposal.html">Information Management: A Proposal</a>.</p> <p><iframe src="https://www.youtube.com/embed/Gc2en3nHxA4?wmode=transparent" width="560" height="315"></iframe></p> <p>In December 2015, the UK government’s Chief Scientific Adviser, Sir Mark Waldport, stated in his report <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/492972/gs-16-1-distributed-ledger-technology.pdf">Distributed Ledger Technology: beyond blockchain</a>, that: ‘The technology [blockchain] offers the potential, according to the circumstances, for individual consumers to control access to personal records and to know who has accessed them.’  </p> <p>Canadian writers and researchers, Alex and Don Tapscott, authors of the recent book <a href="https://www.amazon.co.uk/d/Books/Blockchain-Revolution-Technology-Behind-Bitcoin-Changing-Business/1101980133">Blockchain Revolution</a>, believe that the blockchain goes way beyond the second coming of the internet. The pair, like so many others, stumbled across blockchain via the bitcoin association, quickly realising the genie is out of the bottle. </p> <p>Alex Tapscott observes, ‘With blockchain technology, a world of possibilities has opened and we now have a true peer-to-peer platform that enables personal economic empowerment. We can own our identities and our personal data; we can do transactions, creating and exchanging value without powerful intermediaries acting as the arbiters of money and information.’</p> <p>The blockchain, essentially a database and a giant network, known as a distributed ledger, records ownership and value, and allows anyone with access to view and take part. The asset database can be shared across a network of multiple sites, geographies or institutions. All participants within a network can have their own identical copy of the ledger. Any changes to the ledger are reflected in all copies, like a Google doc. </p> <p>The blockchain is currently having its biggest impact in financial services, with the largest changes caused by infrastructures using blockchain APIs, which are delivering in the areas of speed in data processing, transparency (amongst the right people) and security. </p> <p>But what does the blockchain mean for businesses outside of the financial sector? The answer lies in the areas of - privacy/information control, disintermediation, and business processes. </p> <p>As mentioned above, the blockchain offers consumers opportunity to achieve greater control over their information. This will impact on most organisations, as they increasingly rely on the acquisition and application of customer data.</p> <p>The importance of privacy is obviously a sensitive issue. One current solution for consumers is the selection of ephemeral applications like Snapchat and encrypted messaging, but the future might lie in the anonymity of blockchain technologies. </p> <p>Another change will affect business sectors where there are many intermediaries, for example travel and tourism. Here, the blockchain’s ability to simplify and speed up interactions, will likely lead to a process of dis-intermediation.</p> <p>Current examples of businesses and categories active in the blockchain include: Peer-to-peer payments (Abra, BTC Jam), <a href="https://econsultancy.com/blog/68612-how-the-internet-of-things-will-fundamentally-change-marketing/">internet of things</a> (Chimera-Inc, Filament), collaborative transport (La’Zooz, Arcade City) and online gaming (Auckur, SatoshiDice).</p> <p>As the number of applications that utilize blockchain technology increases, so will its relevance. Not only will we be selling products through the blockchain, but marketing companies that run off it as well.</p> tag:econsultancy.com,2008:BlogPost/68500 2016-11-08T14:39:57+00:00 2016-11-08T14:39:57+00:00 Will the Tesco Bank attack dent trust in startup banks? Patricio Robles <p>Like many banking upstarts, Tesco Bank is competing on experience, a largely digital focus and rates. Unlike most upstarts, it has the power of a huge non-banking brand behind it.</p> <p>While Tesco Bank is far from a banking behemoth, it has managed to build a profitable business with its customer base exceeding 7m.</p> <p>But now, all of its gains are threatened by "a systematic, sophisticated attack" that affected 40,000 of the banks 136,000 current accounts and led to money being taken from more than 20,000 of them.</p> <p>The Evening Standard called it "the most serious hack on the UK banking sector in recent history." </p> <p>In response, Tesco Bank has blocked online debit card payments and says that it will reimburse any losses from the apparent hack. "Customers are not at financial risk," Higgins has reassured customers.</p> <h3>A game-changer</h3> <p>While cybercrime targeting financial accounts has become commonplace, the Tesco Bank attack is noteworthy for a couple of reasons.</p> <p>First, while Tesco Bank is pointing out that relatively small amounts of money were taken from most accounts, the means by which a large number of accounts were apparently compromised is concerning. As the BBC <a href="http://www.bbc.com/news/business-37891742">explained</a>...</p> <blockquote> <p>...what is different is that it involves tens of thousands falling victim in a 24-hour period to what appears to be an automated process, rather than individuals clicking on links in phishing emails or having their details stolen after downloading malicious software.</p> <p>That could involve the attackers exploiting a vulnerability in the bank's website - or even gaining physical access to a branch and then the central systems.</p> </blockquote> <p>Second, customers are not happy with Tesco Bank's response. Affected customers reported difficulties in reaching customer service, and some who were able to reach customer service agents were apparently told that they would have to wait days for a resolution. </p> <blockquote class="twitter-tweet"> <p lang="en" dir="ltr"><a href="https://twitter.com/tescobankhelp">@tescobankhelp</a> <a href="https://twitter.com/TescoBankNews">@tescobanknews</a> My available balance has gone down by £700 without making a tx. I cannot get through by phone!!!</p> — Christopher Mills (@chrismi1) <a href="https://twitter.com/chrismi1/status/795222803628883968">November 6, 2016</a> </blockquote> <p>Even though branchless banks like Tesco Bank pride themselves on the 24/7 access they provide customers via phone, web and mobile apps, this incident highlights the fact that otherwise sufficient support networks might not be adequate when crisis strikes.</p> <h3>A possible setback for upstart banks, but what about fintech?</h3> <p>Already, observers <a href="https://www.ft.com/content/5e5e6778-a4d1-11e6-8b69-02899e8bd9d1">like The Financial Times's Claer Barrett</a> are questioning whether the Tesco Bank attack will bolster trust in high street banks at the expense of startups.</p> <p>While she points out that major high street banks are also vulnerable to security breaches, and big banks are <a href="https://econsultancy.com/blog/68334-wells-fargo-scandal-shows-why-banks-are-vulnerable-to-fintech-startups">not immune to reputation-threatening scandals of their own</a>, this incident could create a perception problem for the Tesco Banks of the world.</p> <p>Given that <a href="https://econsultancy.com/blog/68240-78-of-mobile-banking-customers-are-satisfied-with-the-service-stats/">78% of mobile banking customers are satisfied with the service</a>, if big banks can convince consumers that they're more secure, or let the failures of their startup competitors do that for them, it could make it much more difficult for Tesco Bank and others to lure consumers with promises of better experiences, lower fees and/or higher rates.</p> <p>Whether the Tesco Bank attack has an impact beyond the banking sector remains to be seen. Some <a href="https://www.bloomberg.com/gadfly/articles/2016-11-07/tesco-bank-hack-will-be-warning-to-fintech-s-upstarts">suggest that</a> "the fallout will be felt across the wider fintech industry," but while security is an issue for all financial service providers, there's arguably less risk in other sectors that have been targeted by fintech startups.</p> <p>For example, fintech players focused exclusively on markets like lending face very different risks, and few markets are arguably as sensitive to security as banking.</p> <p>So while it's possible that the Tesco Bank incident will cause consumers to think twice about doing business with a young fintech company, the effects will probably remain most pronounced in the market for bank challengers.</p> tag:econsultancy.com,2008:BlogPost/67911 2016-06-14T14:22:59+01:00 2016-06-14T14:22:59+01:00 How often your website needs a security audit & what you need to check Bart Mroz <p>In fact, President Obama recently stated that <a href="https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know">hacking of U.S. businesses</a> is an increasing threat and provided information on how to better protect against attacks.</p> <p>Still, most companies conduct a security audit and backup only when they absolutely have to.</p> <p>Little do they know that hacking today is more present and sophisticated than ever, so website security testing is no longer an option, it is a necessity.</p> <p>The question of how often you should conduct a website security audit is vague.</p> <p>Ideally, you should download a security system that manages this for you and verifies your site’s safety automatically so that you do not have to worry about upkeep.</p> <p><em>Security</em></p> <p><img src="https://assets.econsultancy.com/images/0007/5873/security.jpg" alt="" width="558" height="458"></p> <p>Additionally, there are various security-related tasks you should keep in mind when taking preventive action to secure your website against malicious attacks.</p> <p>Here are a few ways to stay ahead:</p> <h3><strong>Regular scanning</strong></h3> <p>Check your website regularly and test all links to ensure identity thieves and hackers have not introduced malware into advertisements, graphics or other content provided by third parties.</p> <p>Unique pieces of malware were <a href="http://www.cnbc.com/2016/04/11/three-fourths-of-websites-are-at-risk-of-malware-study.html">up 36% last year</a> so you need to schedule monthly or even weekly scans.</p> <p>If a link has been compromised then your customers can be the target of bait links which lead to major problems that you do not want to be accountable for.</p> <h3><strong>Penetration testing</strong></h3> <p>If you store any type of valuable information such as customer contact information, transactional data or proprietary information, these are all high-value targets for hackers.</p> <p>Consider hiring cybersecurity consultants or ethical hackers to identify vulnerabilities in the code that basic software security programs alone cannot discover.</p> <p>Companies that did this in a study by WhiteHat Security saw a <a href="https://info.whitehatsec.com/rs/whitehatsecurity/images/2015-Stats-Report.pdf">decrease of 65% in vulnerabilities</a>. In today’s increasingly connected world, it is important to preemptively find weaknesses before hackers do.</p> <h3><strong>Integrating advanced security apps</strong></h3> <p>While you should never keep unnecessary customer data on the backend of your site, it is smart to utilize the right application scanning tools to help you identify vulnerabilities in your system.</p> <p>These should identify everything from <a href="https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29">Cross-Site Scripting (XSS)</a> to vulnerabilities inside debug code and leftover source code that could put your data and your customers’ confidential data at risk.</p> <p>There are advanced threat protection apps from security companies such as Symantec that you can use to check your website’s security; it runs through every aspect of your website without disrupting service so your users are still able to navigate smoothly.</p> <p>While running in the background, these programs periodically check to make sure that your site remains functional and intact.</p> <p>Some common security threats that your security app should be checking include:</p> <ul> <li>SQL Injection</li> <li>XSS (Cross-Site Scripting)</li> <li>File Disclosure</li> <li>Remote File Inclusion</li> <li>PHP/ASP Code Injection</li> <li>Directory Traversal</li> </ul> <h3><strong>Why go secure?</strong></h3> <p>Having a secure website can help you in many ways. Other than just giving you peace of mind, it will also make your customers feel much safer during their visits – which is especially true for ecommerce sites that are high risk. </p> <p>According to TNS Research, common customer concerns include:</p> <ul> <li>87% of online shoppers are concerned about credit card fraud</li> <li>85% of shoppers are concerned about identity theft</li> <li>83% are concerned about sharing personal information</li> <li>77% are concerned about spyware</li> </ul> <h3><strong>Don’t underestimate the dangers</strong></h3> <p>Many site owners believe that viruses usually hit personal computers so securing their websites is not a priority.</p> <p>However, having a site taken down by malicious activity can cost you thousands of dollars and large quantities of important data, not to mention lost sales and customer confidence.</p> <p>About <a href="http://www.scmagazine.com/whitehat-security-release-website-security-statistics-report/article/416402/">55% of retail sites</a> are “always vulnerable”, meaning that they are at serious risk of getting hacked by criminals. Maintaining normal and reasonable security is not expensive but getting hacked is.</p> <p>Regularly checking the security of your website with an audit is an essential part of operating a successful website that is safe from malicious threats.</p> <p>The dangers are interminable and the downfalls that can come from getting attacked can be very costly. If you haven’t already taken steps to increase your website’s security, now is the time.</p> <p>If done correctly, it will help protect both you and your customers from attacks.</p> <p>The time you save from preemptive measures is worth far more than the amount of time that you’ll invest to resolve a security threat when it occurs.</p> <p>Most importantly, you’ll be able to sleep well at night knowing that your website is as secure as can be.</p> tag:econsultancy.com,2008:BlogPost/67718 2016-04-14T11:01:52+01:00 2016-04-14T11:01:52+01:00 Key trends in online identity verification (so everybody knows you're a dog) Danny Bluestone <h3>Using our ‘real’ identities online</h3> <p>Online anonymity is waning. A user’s digital behaviour never used to be closely connected across the web, nor did it connect to their offline lives.</p> <p>Technically, there were also fewer plug-and-play solutions like <a href="https://econsultancy.com/blog/61911-the-pros-and-cons-of-a-facebook-login-on-ecommerce-sites/">Facebook Connect</a>, which can follow and connect users’ activities across the Internet. </p> <p>The desire for anonymity hasn’t completely disappeared. But, as the social web has grown, people have become happier to use their ‘real’ identities online. Some social networks are even throwing their influential power behind ‘authentic’ identities to make their platforms more credible and secure.</p> <p>For instance, Twitter issues verified account status to key individuals and brands who are highly sought after. This helps users differentiate and validate if specific accounts are credible. </p> <p>Furthermore, the boundaries between social and commercial websites are blurring. Some users submit real-name <a href="https://econsultancy.com/blog/67117-analysing-amazon-s-palliative-approach-to-fake-reviews/">reviews on Amazon</a> and other ecommerce sites like Etsy, where authenticity can increase sales by generating confidence from customers. </p> <p><em>"<a href="https://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_you%27re_a_dog">On the internet, nobody knows you're a dog</a>"</em></p> <p><img src="https://assets.econsultancy.com/images/0007/3930/dog.jpg" alt="dog" width="500"></p> <h3>The rise of identity verification services</h3> <p>So, identifying people online – and confirming that information against their ‘real’ selves – is becoming increasingly important. </p> <p>Verification is required by a surprising amount of digital businesses: from purchasing products and applying for services, to social networking platforms, where users’ authenticity is built into the experience.</p> <p>It’s consequently no surprise that the technology behind identity verification services is constantly evolving, while balancing two critical, and often competing, factors: security and user experience.</p> <p>Last year alone ecommerce fraud <a title="rose by 19%" href="http://www.infosecurity-magazine.com/news/uk-online-banking-fraud-soars-64/" target="_blank">rose by 19%</a> and online banking losses soared by 64%, compared to 2015. High-profile <a href="https://www.marketingweek.com/2015/10/30/the-talktalk-hack-shows-why-every-brand-must-take-customer-data-seriously/">data breeches at TalkTalk</a> and Sony have made consumers more aware of the security threats.</p> <p>Yet users are still incredibly fickle. They will go elsewhere if the verification stage of a purchase or online account setup is too lengthy or rigid regarding which proofs of identification are acceptable. </p> <p><em>TalkTalk website</em></p> <p><img src="https://assets.econsultancy.com/images/0007/3932/Screen_Shot_2016-04-14_at_10.36.35.png" alt="talktalk" width="615"></p> <h3>Trends in verification solutions</h3> <p>Exposing more personal information about ourselves and revealing our true identities online opens up great opportunities and risks. Organisations must navigate (and mitigate) these for their users.</p> <p>Consequently, a number of solutions have emerged to validate who we are online.</p> <p><strong>Two-Step Verification</strong></p> <p>Creating a username and password to access specific websites is the most familiar online identity system. But, we’ve known it’s a broken process for years. </p> <p>It’s too difficult to create and manage unique, elaborate passwords for each online account we have. And even the idea that a ‘strong password’ can protect us is now a fantasy, with hackers regularly breaking into computer systems and releasing username and password data.</p> <p>Worse than this, plenty of us <a title="daisy-chain accounts" href="http://www.wired.com/2012/11/ff-mat-honan-password-hacker/all/" target="_blank">daisy-chain accounts</a> to our main email address; creating a single point of failure for hackers to exploit, gaining entry to countless more with ease. </p> <p>The most common solution is two-factor authentication: requesting knowledge (such as an alphanumerical ‘secret’) and possession (adding a physical level) for a user to verify themselves. Cash machines were the original implementation of this idea, requiring possession of a physical card and remembering a secret PIN. </p> <p>The trick is establishing a second, physical authenticator that is secure, but doesn’t inconvenience the user.</p> <p>For example, many companies have avoided the delay and cost of issuing unique physical tokens (such as a key fob, or card reader); instead, asking users to add a mobile contact number and enter unique codes sent via SMS. </p> <p><img src="https://assets.econsultancy.com/images/0007/3931/Screen_Shot_2016-04-14_at_10.27.47.png" alt="two step verification" width="615"></p> <p><strong>Biometric Verification</strong></p> <p>Biometric technology can streamline the second step in two-factor authentication. Fingerprint data is the clear favourite, as a particularly elegant solution for unlocking smartphones.</p> <p>Promoted by Apple and Samsung, it requires investment from device manufacturers to install the sensors and secure partners willing to use the channel for purchase, like PayPal. </p> <p>Concerns about storing such sensitive data has been addressed with both companies storing an encrypted mathematical model instead of the fingerprint images. But as a <a title="Mashable hack" href="http://mashable.com/2013/09/25/video-hack-apple-touch-id/#KhNkh0x3zZqo" target="_blank">Mashable hack</a> revealed, people leave copies of their fingerprints everywhere – and lifting a copy can be used to unlock devices. </p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3706/econsultancy-touchid3-blog-flyer.jpg" alt="" width="470" height="265"></p> <p><em>To set up Apple’s TouchID, users repeatedly tap the phone’s sensor so it can map a single fingerprint that will unlock the phone. </em></p> <p>Some businesses are even exploring more outlandish models. Amazon recently filed a patent application for <a title="payment by selfie" href="http://www.independent.co.uk/news/business/news/amazon-files-patent-to-offer-payment-with-a-selfie-a6931861.html" target="_blank">payment by selfie</a>.</p> <p>Preventing fraudsters using a photo to pose as another, the proposed system would involve its own two-step process. One photo would be taken to confirm identity. Users would be asked to subtly adjust their position, then a second photo would ensure their proximity to the device.</p> <p>MasterCard has already trialled facial recognition technology, ensuring users are actually there with a blink instead. 83% of those tested believed it felt secure.</p> <p>The company has even proposed <a title="heartbeat recognition" href="http://www.theverge.com/2016/2/23/11098540/mastercard-facial-recognition-heartbeat-security" target="_blank">heartbeat recognition</a> as an alternative, integrating sensors that can read people’s electrocardiogram, or the unique electrical signal their heart produces.</p> <p> <img src="https://assets.econsultancy.com/images/resized/0007/3695/econsultancy-mastercard-blog-flyer.jpg" alt="" width="470" height="267"></p> <p><em><a title="MasterCard's selfie pay system" href="http://newsroom.mastercard.com/latin-america/photos/mastercard-identity-check-selfie-pay-en-mobile-world-congress/" target="_blank">MasterCard’s selfie pay system</a> was available to test at Mobile World Congress, Barcelona. </em></p> <h3>National service verification</h3> <p>Demand for access to government services online is rising – but verification is particularly critical for national schemes.</p> <p><a title="CitizenSafe" href="https://www.citizensafe.co.uk/" target="_blank">CitizenSafe</a>, one of <a href="https://econsultancy.com/blog/65774-gov-uk-the-government-s-website-is-better-than-yours/">GOV.UK</a>’s certified identity verification providers commissioned a <a title="YouGov survey" href="http://digitalmarketingmagazine.co.uk/digital-marketing-news/govuk-verify-partner-citizensafe-launches-consumer-awareness-campaign-with-cyber-duck/3239" target="_blank">YouGov survey</a> that found 61% of full-time workers (and 64% students) believed online identity verification was the most convenient option for them. </p> <p>Hailed by the UN for providing the world’s best e-Government content, <a title="Estonia's service provision" href="http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/" target="_blank">Estonia’s service provision</a> rests on centralised unique personal identification codes, given at birth. Microchipped ID cards with this code enable users to sign things online and use a range of digital services from online banking to voting.</p> <p>But, such comprehensive nationalised schemes have faced concerns from privacy and civil liberties groups.</p> <p>Instead, countries like the UK and US are adopting a verification approach that checks who the user is against physical sources, such as passports, utility bills or drivers licence. These sources aren’t centrally stored, so no department or individual knows everything about you.</p> <p>Transitioning from public beta to live next month, <a title="GOV.UK Verify" href="https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify" target="_blank">GOV.UK Verify</a> is the UK’s solution to accessing national services easily (yet securely) online. GOV.UK certified a variety of identity verification companies, like CitizenSafe, to verify users’ identities on the Verify portal. </p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3704/govukverify2-blog-flyer.jpg" alt="" width="470" height="255"></p> <p><em><a title="GOV.UK Verify" href="https://identityassurance.blog.gov.uk/2016/04/06/new-certified-companies-now-connected-to-gov-uk-verify/" target="_blank">GOV.UK Verify</a> empowers you to choose from a range of certified companies to verify your identity. </em></p> <p>Users complete the online verification process just once to create an account they can use to quickly and easily access a multitude of government services, such as tax returns, benefits and allowances. </p> <p>Furthermore, two-factor authentication is used when users login to their online account, needing to enter a user ID and password as well as a code sent to a stored phone number.</p> <h3>New data storage solutions</h3> <p>Whatever identification solution is used, a critical question remains around how personal data is stored to safeguard it against hackers.</p> <p>Even if hackers can’t access your credit card details, obtaining your home address, date of birth, contact details and other personal data could give them enough to access, change or use a multitude of your online accounts, posing a serious risk.</p> <p>One of the recent solutions to overcome this issue is blockchain technology. Initially developed as a ledger for bitcoin transactions, blockchain is an incredibly secure distributed database where no single organisation (or individual) holds all information.</p> <p>Blocks of data are added sequentially, embedded using a ‘hash’ of the block just before it. CoinDesk explains how this acts as a <a title="digital version of a wax seal" href="http://www.coindesk.com/information/how-bitcoin-mining-works/" target="_blank">'digital version of a wax seal’</a>, confirming data is legitimate and hardening the chain against tampering and revision.</p> <h3>Summary</h3> <p>Connecting our digital services and activities with our ‘real’ offline identities has significant implications for our safety.</p> <p>Leveraging the myriad of new technologies and systems available, businesses have some choice and must balance the security of user data with providing a seamless service, or users will look elsewhere. </p> <p>Whatever approach you choose, communication with customers throughout their experience is the key. For instance, users may be reluctant to give you their mobile number during an <a href="https://econsultancy.com/blog/64385-how-to-attract-registrations-without-creating-a-barrier-to-checkout/">online sign-up</a> if you don’t explain that it’s for a two-step identity verification process that will protect their identities.</p> <p>Carefully considered communication, on the other hand, is likely to make users tolerate a slightly more elaborate on-boarding process in the interest of keeping their data safe.</p> tag:econsultancy.com,2008:BlogPost/67549 2016-02-23T00:04:00+00:00 2016-02-23T00:04:00+00:00 What are VPNs & why are they so important in Asia? Jeff Rajeck <ul> <li>Indonesia <a href="http://www.bbc.com/news/world-asia-35594617">recently banned 477 websites</a>, including Tumblr.</li> <li>China blocks Google, Facebook, Twitter, and many other Western sites using the 'Great Firewall of China'.</li> <li>And because of licensing issues, TV and movies which are widely available in North America and Europe are inaccessible in Asian countries. </li> </ul> <p><img src="https://assets.econsultancy.com/images/resized/0007/2096/great-firewall-blog-flyer.png" alt="" width="470" height="243"></p> <p>But, as with many things in Asia, where there is a will, there is a way around it.  And in this case, <strong>it's the virtual private network (VPN).</strong></p> <h3>What is a VPN?</h3> <p>A VPN is a way for people to connect to the internet which makes it look like their computer is somewhere other than the place it is.</p> <p>It was traditionally a way for employees to access their corporate network from home. The employee would log their home computer into a VPN and it would appear to other computers on the company network that it, too, was in the building.</p> <p>But recently it's become more popular with tech-savvy media hunters hungry for TV and movies which are not yet available in their home country.</p> <p>People all over Asia subscribe to VPN services and now enjoy Netflix like the Americans, BBC like the British, and live sports globally, wherever they are shown.</p> <p>And as more sites are being blocked by various Asian countries, it seems that web surfing and social media will also be a popular reason to sign up for a VPN service.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/2097/vpn-blog-flyer.png" alt="" width="470" height="307"></p> <h3>Are VPNs difficult to use?</h3> <p>For the uninitiated, using a VPN simply involves installing software on your computer, configuring your browser, or downloading an app.</p> <p>And once the VPN is set up, it's just a matter of paying a small subscription fee to the service and you are then, virtually, in the country of your choice.</p> <p>There are free options as well, though these are typically far less reliable.</p> <h3>How popular are VPNs?</h3> <p>It is difficult to say. Both providers and users have a vested interest in not letting anyone know what they are doing!</p> <p>GlobalWebIndex, a digital consumer research company, <a href="https://www.statista.com/chart/3719/share-of-internet-users-who-use-vpns/">published survey results in 2014</a> and found that usage widely varied from country to country.</p> <p>Western countries had low adoption of VPNs, with the US being typical at around 3%.</p> <p>In Asia, however, nearly one in five Chinese (19%) used a VPN and in Indonesia it was nearly one in four. There are also other reports which show much higher usage rates.</p> <p><img src="https://assets.econsultancy.com/images/0007/2098/VPNusers.PNG" alt="" width="455" height="474"></p> <p>And any search on 'VPNs in &lt;country&gt;' will reveal a lively discussion between local netizens on which VPN service offers the best rate for the fastest download speed and, almost inevitably, how well Netflix works on it.</p> <h3>What does this mean for brands?</h3> <p>It's quite clear that for publishers and media producers this means that country-based licensing agreements are being systematically breached by people all over the world.  </p> <p>Publishers need to either work on blocking VPN access to their content or find a way to deliver licensed content globally.  </p> <p>Netflix recently worked out an agreement with over 100 countries.</p> <p><strong>It's less clear, however, what it means for brands.  </strong></p> <p>For brands who are advertising on this 'leaky' media, VPNs are a mixed blessing. </p> <p>If the brand is international and offers its products fairly universally across the globe, then this is not necessarily a bad thing.  </p> <p>Its product is now being associated with media that is so valuable to people that they are willing to go to great lengths to consume it.</p> <p>But for brands who target its products regionally, having its ads viewed via a VPN can, at best, send mixed messages to consumers and, at worst, possibly make them feel ripped off in their home countries.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/2099/mcdonalds-dollar-menu-blog-flyer.jpg" alt="" width="470" height="460"></p> <h3>So what can brands do?</h3> <p>Start by just being aware that many people in Asian countries, and elsewhere, consume Western media like Westerners.  </p> <p>Then, when buying media, brands can ask questions about the number of consumers who are likely to be coming in through a VPN and their country of origin.</p> <p>If the brand is global or works with a global agency, then counterparts in the Asian countries may know what TV shows or Western sites are popular, yet unavailable, in the country.  </p> <p>There could be an opportunity for a brand to tell its story in a unique way to its 'forbidden' fans.</p> <p>For the most part, though, brands are just going to have to get used to this sort of random, global distribution of media.  </p> <p>Information, as they say, wants to be free and any attempt to keep your messaging contained to a particular geography will almost certainly not work.</p> tag:econsultancy.com,2008:BlogPost/67546 2016-02-18T13:19:00+00:00 2016-02-18T13:19:00+00:00 California hospital cyber hack shows importance of digital risk management Jeanmarie Tenuto <p>While ransomware is most commonly used to attack home computers and extort money in exchange for a key code, the persistent vulnerability of healthcare and growing boldness of cybercriminals is making for an increasingly high-risk environment for today’s healthcare organizations. </p> <h3>Webinar</h3> <p>We'll discuss this issue in more detail, but first allow me to draw your attention to our webinar on <a href="http://www.eventbrite.com/e/reputation-risk-reputation-management-social-media-in-healthcare-tickets-20934646090">Reputation &amp; Risk: Corporate Reputation &amp; Social Media in Healthcare</a> which takes place from midday-3pm EST today (Thursday 18 February).</p> <p>We will discuss these and other topics including Branding &amp; Social Media, Employment Law, Digital Media and Freedom of Speech, and Cyber Security.</p> <p>Go <a href="http://www.healthcaretechnicalsolutions.com/reputation/">here</a> for information or go <a href="http://www.eventbrite.com/e/reputation-risk-reputation-management-social-media-in-healthcare-tickets-20934646090">here</a> to register.</p> <h3>The impact</h3> <p>Staff at Hollywood Presbyterian Medical Center in Los Angeles have been left filling out forms by hand and completely unable to perform some procedures, including CT scans.</p> <p>Their patients have also been left to retrieve and deliver their own medical information to providers and many are being transported to other facilities for treatment.</p> <p>Patient data, emails, medical charts, imaging documents, and more are completely unavailable until the systems come back online, <a href="http://www.bbc.co.uk/news/technology-35584081">according to BBC News</a>. </p> <p>Right now, callers to the hospital are greeted by a voicemail message that informs patients their medical records have not been accessed by hackers. </p> <p>The hospital has also assured the community that patient care will not be impacted (despite complaints from patients.)</p> <p>Officials have not yet commented on the ransom, but CEO Allen Stefanek has declared a state of “internal emergency.”</p> <p>You can be assured that <a href="http://www.yelp.com/biz/hollywood-presbyterian-medical-center-los-angeles?sort_by=date_desc">this hospital's reviews</a> will soon reflect not only their vulnerability to a cyber attack, but also how it’s been handled by staff and administration. </p> <p><img src="https://assets.econsultancy.com/images/0007/2081/Hollywood_hospital_2.png" alt="" width="981" height="537"></p> <h3>The Lesson</h3> <p>We’re looking at two issues here:</p> <ul> <li>The risk Hollywood Presbyterian was operating under before the attack.</li> <li>How it is handling the situation now.</li> </ul> <p>Not much has been revealed about the details of the attack. We don’t know for sure how it started, the hospital’s history with cyberattacks, or if it had emergency plans in place.</p> <p>We don’t know whether they had a PR plan (it honestly seems like they didn’t) or whether they had their employees trained to manually look up and enter codes on patient charts and bills. </p> <p>What we do know, is what’s going on now. We know that the hospital has been down for over a week. We know that it has made no mention of the attack on its <a href="https://www.facebook.com/Hollywood-Presbyterian-Medical-Center-34204164029/">Facebook</a> or <a href="https://twitter.com/hollywoodpres">Twitter</a> accounts.</p> <p><img src="https://assets.econsultancy.com/images/0007/2082/Hollywood_Hospital.png" alt="" width="920" height="444"></p> <p>It appears that local news outlets seem to be the source of most information around the incident. </p> <p>We can’t tell what’s going on from the outside, but it very much appears as if this was yet another healthcare organization that ignored the reality of the healthcare environment we live and work in. </p> <p>Cyber security related issues are tremendous concerns for the healthcare sector.  </p> <p>Breaches in healthcare data are more than just IT concerns or PR damage control cases. They undermine patient trust and harm the provider’s goodwill, and consequently, their bottom line. </p> <p>When asked why hackers would target hospitals, the most common answer was ‘they are easy targets.’</p> <p>Hospitals in general, but community hospitals mostly, are grossly underinvested in security and the hackers can get access to health information, insurance and financial information, which has a high resale value.</p> <p>Even as healthcare organizations ramp up their technology to manage risks, there’s only so much that sophisticated tools and systems can do.</p> <p>People remain the biggest friend and the biggest foe to patient data security. In today’s digital media environment it's everyone’s duty to act responsibly and protect healthcare data.</p> <p>[<strong>Editor's Note 02/18/16: </strong>The Hollywood Presbyterian Medical Center <a href="http://www.nbcnews.com/tech/security/hollywood-presbyterian-medical-center-pays-hackers-17k-ransom-n520536">ended up paying around $17,000 as a ransom</a> to the hackers.]</p> tag:econsultancy.com,2008:BlogPost/67081 2015-10-22T16:01:43+01:00 2015-10-22T16:01:43+01:00 SSL certificates will soon be free for all websites Patricio Robles <p>While achieving a high level of security is an involved process that requires time and effort, one of the basics is about to get a lot less expensive.</p> <p>That's because this week, the Internet Security Research Group (ISRG), a non-profit organization with backing from companies like Mozilla, Cisco and Automattic, <a href="https://letsencrypt.org/2015/10/19/lets-encrypt-is-trusted.html">announced</a> that its automated and open certificate authority (CA) has received cross-signatures from IdenTrust.</p> <p>What does that mean in non-techie terms? SSL certificates issued by <a href="https://letsencrypt.org/">Let's Encrypt</a> will be trusted by all major browsers.</p> <p>That's noteworthy news because Let's Encrypt offers SSL certificates at no cost. So starting in November, businesses will have a way of securing their websites using SSL without spending any money on a certificate, which can cost upwards of hundreds of dollars a year in some cases.</p> <h3>HTTPS everywhere</h3> <p>According to the ISRG: "Vital personal and business information is flowing over the Internet more frequently than ever, and it’s time to encrypt all of it.</p> <p>"That’s why we created Let’s Encrypt, and we’re excited to be one big step closer to bringing secure connections to every corner of the Web."</p> <p>The ISRG is not the only organization pushing to drive greater adoption of SSL.</p> <p>Last year, Google called for "HTTPS everywhere" at its Google I/O conference and even announced that it <a href="https://econsultancy.com/blog/65304-google-confirms-https-as-a-new-ranking-signal-what-are-the-implications/">added HTTPS as a ranking signal</a>...</p> <blockquote> <p>...over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal.</p> <p>For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS.</p> <p>But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web. </p> </blockquote> <p>Google's encouragement almost certainly helped convince some to use HTTPS, but there are a number of reasons many websites still don't employ it.</p> <p>For instance, many small businesses with limited access to technical know-how are less likely to understand how to acquire and install an SSL certificate.</p> <p>But cost is also a barrier, and with a free option that works with all major browsers, it's possible that we'll see hosting companies and makers of server management software integrate with Let's Encrypt to make certificate acquisition and installation practically painless.</p> <h3>Free SSL certificates won't always be the best option</h3> <p>While Let's Encrypt could very well be a game-changer in driving adoption of HTTPS – a small but important first step in promoting <a href="https://econsultancy.com/blog/5302-ten-common-sense-data-security-tips">data security</a> – companies will want to keep in mind that its free certificates won't always be the best option for all websites.</p> <p>Let's Encrypt certificates provide domain validation but there is no verification of the organization behind a domain.</p> <p>The most expensive SSL certificates frequently provide Extended Validation (EV), which involves verifying the organization behind a website.</p> <p>When these certificates are used, web browsers highlight the organization's name in a green address bar. </p> <p><img src="https://assets.econsultancy.com/images/0006/8199/ssl.png" alt="" width="434" height="44"></p> <p>For companies operating certain kinds of websites, such as those that involve ecommerce and financial transactions, this level of validation and browser highlighting of trust is often desirable.</p> <p>But for many websites, Let’s Encrypt's free certificates should be a fine option and their availability will leave companies with little excuse for not securing their websites using HTTPS.</p> tag:econsultancy.com,2008:BlogPost/65962 2015-01-13T14:00:00+00:00 2015-01-13T14:00:00+00:00 A negative SEO case study: how to spot an attack & fix it David Moth <p>It can be seen as a reaction to Google’s success in clamping down on dodgy linkbuilding – it’s now more difficult for spammers to game the system in their own favour so they have to attack the competition instead.</p> <p>One of the contributors to the search trends article was Nick Fettiplace, SEO director at <a href="http://www.jellyfish.co.uk/">Jellyfish</a>, an agency that was subject to a <a href="https://econsultancy.com/blog/65932-what-is-negative-seo-and-how-can-you-protect-your-website/">negative SEO</a> attack last year.</p> <p>They’ve been kind enough to share the data relating to the attack, which was presumably undertaken by one of its competitors.</p> <p>I should point out here that Jellyfish doesn't know who was behind it and isn’t trying to point the finger of blame at anyone in particular.</p> <p><img src="https://assets.econsultancy.com/images/0005/8081/blame.jpg" alt="" width="450" height="233"></p> <p>So, how did it go down?</p> <h3>Evidence of a negative SEO attack</h3> <p>This graph shows how Jellyfish’s search rankings were trending in 2014 in relation to several comparative SEO agencies.</p> <p>The decline towards the end of the timeline occurred when Google implemented <a href="https://econsultancy.com/blog/65621-penguin-3-0-what-s-it-all-about/">the Penguin 3.0 update</a> which sought to penalise low quality backlinks.</p> <p><a href="https://assets.econsultancy.com/images/0005/8078/Jellyfish_rankings.png"><img src="https://assets.econsultancy.com/images/0005/8078/Jellyfish_rankings.png" alt="" width="1009" height="413"></a></p> <p>The agency’s senior SEO manager, Jonathan Verrall, said that he typically checks for changes in the site’s link profile every week, so they were able to quickly diagnose the problem.</p> <p>Closer analysis of the company’s backlink profile shows that there was a sudden spike of links in October and then again in November.</p> <p><img src="https://assets.econsultancy.com/images/0005/8079/Screen_Shot_2015-01-12_at_16.03.11.png" alt="" width="880" height="183"></p> <p>Data pulled from Cognitive SEO shows that from the beginning of August through to October there was hardly any suspect link activity, but in October there was a sudden spike with more than 1,700 new links that were seen as unnatural or suspect.</p> <p>Obviously this kind of action is going to ring alarm bells with Google and is likely to lead to a ranking penalty.</p> <p><a href="https://assets.econsultancy.com/images/0005/8076/cognitive_SEO.png"><img src="https://assets.econsultancy.com/images/0005/8076/cognitive_SEO.png" alt="" width="1070" height="314"></a></p> <h3>Where were the links hosted?</h3> <p>Analysis of the suspect links showed that they had been posted as comments on thousands of websites.</p> <p>This is a tactic known as ‘comment spamming’, whereby the guilty party uses spamming software to quickly post thousands of links in the comments section on blogging sites.</p> <p>Econsultancy is often the target of these kind of comment spamming campaigns, though our spam filter usually keeps them at bay.</p> <p>That said, before we upgraded our filter last year these comments would often slip through and in my early days at Econsultancy I was naïve enough to wonder why high profile agencies would resort to such flagrant and obviously spammy tactics.</p> <h3>What was the target?</h3> <p>Cognitive SEO’s backlink tool showed that the attack was primarily aimed at Jellyfish’s SEO training page.</p> <p><a href="https://assets.econsultancy.com/images/0005/8080/Screen_Shot_2015-01-12_at_16.05.27.png"><img src="https://assets.econsultancy.com/images/0005/8080/Screen_Shot_2015-01-12_at_16.05.27.png" alt="" width="1011" height="269"></a></p> <p>All the links used exact match anchor text for ‘SEO training’ which, coupled with the fact that the landing page had been optimised to within an inch of its life (quite legitimately, and as one would expect from an SEO agency), meant that Google rightly thought something was afoot.</p> <p>Consequently the agency was penalised and began to lose visibility in search rankings.</p> <h3>Backlink removal</h3> <p>Verrall used several different site and web crawling tools to make sure he had identified all the dodgy backlinks, then set about the long-winded process of asking sites to remove them.</p> <p>He said that the amount of effort involved with getting links removed depends on the type of website. Webmasters at link farms, such as link directories, article directories and blog networks, tend to ask for removal payments. </p> <p>But thankfully Verrall says that these types of sites are generally a thing of the past. However...</p> <blockquote> <p>...if you are looking to get links changed or removed from established websites who treasure their readership, they tend to be very accommodating and will change backlinks quite happily.</p> </blockquote> <p>We get link removal requests fairly regularly at Econsultancy and in general we ignore them as it’s often clear that the person making the request is the guilty party (I'm not suggesting that's the case with Jellyfish).</p> <p>Our old content director Chris Lake wrote an interesting article discussing <a href="https://econsultancy.com/blog/62564-three-reasons-why-publishers-hate-living-in-a-post-penguin-post-panda-world">the various link removal requests we receive</a> and explaining why they’re such a pain in the behind.</p> <p>It took Jellyfish three days to get through the first round of emails to webmasters, which were followed up with a second round of emails to those that didn’t respond.</p> <p>If any sites still failed to respond to the request or refused to remove the link then Jellyfish was forced to upload them to the Google Disavow tool.</p> <p>However, disavowing links can bring its own problems, as Google likes to see that you’ve made a conscious effort to remove the offending links.</p> <p>According to Verrall:</p> <blockquote> <p>It’s also good to keep a log of the removal progress within your disavow file by using the comment functionality.</p> <p>We typically keep track of the removal process in a cloud based spreadsheet which we reference within the disavow file just in case a member of the Web spam team manually reviews our efforts.</p> </blockquote> <h3>The road to recovery</h3> <p>All the dodgy links have now been removed or disavowed, but the recovery process isn’t a quick fix.</p> <p>Though the attack was swiftly identified and fixed, Verrall said he will need to wait until the next Penguin update to see if the site has fully recovered.</p> tag:econsultancy.com,2008:BlogPost/65876 2014-12-09T13:35:00+00:00 2014-12-09T13:35:00+00:00 How the sharing economy will develop in 2015 David Moth <p>And I previously wrote a post looking at <a href="https://econsultancy.com/blog/65870-five-startups-disrupting-the-life-sciences-industry">five interesting startups that are impacting life sciences</a>.</p> <p>At Le Web today Jeremiah Owyang hosted a panel that discussed the extent to which the sharing economy is revolutionising established industries.</p> <p>Sharing startups have raised more than $8bn in funding, with most of it going to transportation companies.</p> <p><em><strong>Jeremiah Owyang's <a href="http://www.web-strategist.com/blog/">Collaborative Honeycomb</a> (click to enlarge)</strong></em></p> <p><a href="https://assets.econsultancy.com/images/0005/7301/jeremiah_s_diagram.jpg"><img src="https://assets.econsultancy.com/images/resized/0005/7301/jeremiah_s_diagram-blog-flyer.jpg" alt="" width="470" height="654"></a></p> <p>One of the beneficiaries of this investment is Lyft, which was represented on the panel by David Estrada.</p> <p>He was joined by Olivier Grémillon, the managing director of Airbnb in Europe and Africa, and Frédéric Mazzella, the founder and CEO of BlaBlaCar.</p> <p>Owyang began by giving his five predictions for the sharing economy in 2015:</p> <ol> <li>There will be new sharing startups in every business sector. Funding and execution will dictate the winners.</li> <li>Mature platforms will launch APIs resulting in more growth and analytics.</li> <li>There will be a global debate about user safety, privacy and sharing of data.</li> <li>Crowd demands startups share value with people, leading to more open source movements.</li> <li>Governments and corporations realise they have to get involved, so sharing goes mainstream.</li> </ol> <p>And here are some of the highlights from the panel session. For more on this topic read our posts on <a href="https://econsultancy.com/blog/65149-nine-user-experience-lessons-travel-sites-can-learn-from-airbnb">nine user experience lessons travel sites can learn from Airbnb</a> and <a href="https://econsultancy.com/blog/63186-the-sharing-economy-40-peer-to-peer-start-ups">40+ peer-to-peer startups in the sharing economy</a>.</p> <h3>What has caused the massive growth in the sharing economy?</h3> <p><strong>Frédéric Mazzella</strong></p> <p>The internet and smartphones have allowed us to share resources that are expensive to use, such as cars.</p> <p>The Ford Model T was created in 1908, a company likes ours would probably have launched in 1909 if the technology was around.</p> <p><strong>Olivier Grémillon</strong></p> <p>The recession definitely played a role in the growth we’ve seen. It was a catalyst for new services to emerge.</p> <p>But the tech aspect is also true. Through a cellphone or laptop it’s very easy to book a house or villa wherever you want in the world. And it’s the same with other services.</p> <p>In our case it’s as easy to book an apartment in the street next door as it is on the other side of the world because all transactions are done in your own currency.</p> <p>It’s also the case that people want more sustainability, to build more connections with other people, and to generate revenue from the assets they already have.</p> <p><a href="https://assets.econsultancy.com/images/0005/7306/Screen_Shot_2014-12-09_at_12.34.10.png"><img src="https://assets.econsultancy.com/images/resized/0005/7306/screen_shot_2014-12-09_at_12.34.10-blog-flyer.png" alt="" width="470" height="260"></a></p> <h3>How do you balance a global strategy with catering to localised markets and cultures?</h3> <p><strong>Frédéric Mazzella</strong></p> <p>It’s a case of having two complementary strategies. You need a global strategy so your product is generic enough to be scalable, but you have to keep a part that is adaptable to local cultures and economies.</p> <p>We want to build a brand that can expand anywhere but there are certain blocks that can be tailored to local markets.</p> <p><strong>David Estrada</strong></p> <p>Our service is hyperlocal as different situations present themselves in each city.</p> <p>San Francisco is perfect for us as it’s only seven-square miles and densely populated. There are very few garages or parking spots, and people tend to be quite social and are often looking for extra work.</p> <p>In comparison a city like Houston is a very different market. Car ownership there is high, gas is cheap, and there are more parking spaces than they know what to do with.</p> <p>So it’s not as easy for us to establish a presence in that type of city.</p> <p>If we want to launch in Paris, for example, we need to do a lot of work to understand the market, make sure we have enough drivers to satisfy demand and take account of regulations.</p> <h3>Privacy and safety are key concerns with the sharing economy. How can we make sure the public are happy with how these startups operate?</h3> <p><strong>Olivier Grémillon</strong></p> <p>The amazing thing is how few problems actually occur. At Airbnb when we look at the number of cases where something happens (e.g. breakage or property damage) it’s really small.</p> <p>In fact we recently increased our claims liability to $1m, as it doesn’t cost much to offer this service because not much actually happens. </p> <p><a href="https://assets.econsultancy.com/images/0005/7307/Screen_Shot_2014-12-09_at_12.34.20.png"><img src="https://assets.econsultancy.com/images/resized/0005/7307/screen_shot_2014-12-09_at_12.34.20-blog-flyer.png" alt="" width="470" height="218"></a></p> <h3>What about the information that you have on people? How do you enable privacy?</h3> <p><strong>Frédéric Mazzella</strong></p> <p>Maybe you just don’t use the data at all. It’s used for analytics, but nothing else.</p> <p>I think the culture of the company is very important. Our pool of people roughly doubles ever year, so if you want to keep the right culture you need to write it down.</p> <p>When we had 60 staff [BlaBlaCar now has around 200) we all gathered in a room and asked what values we have, what makes it so special to work here, and how do we make sure new people have the same spirit and culture.</p> <p>We came out with 10 values that we use to define ourselves.</p> <p><strong>David Estrada</strong></p> <p>Trust and safety have to be at the heart of your service. We’re offering platforms for people to come together.</p> <p>This is a very competitive marketplace with a low barrier to entry. You have to provide people with safety and privacy or they’ll go elsewhere.</p> <p>At Lyft we know the origin and destination of all rides, so we have to put tight controls on who can access that information and limit access to people who really need to see that data.</p> <h3>Do you have a message for government leaders on regulating the sharing economy?</h3> <p><strong>Frédéric Mazzella</strong></p> <p>From our perspective the first thing to remark is that people are sharing cars, they’re not making profit. </p> <p>Our users simply share the costs, so it’s just like they’re sharing the cost with friends and family members. They’re not offering a professional service.</p> <p><a href="https://assets.econsultancy.com/images/0005/7308/Screen_Shot_2014-12-09_at_12.34.34.png"><img src="https://assets.econsultancy.com/images/resized/0005/7308/screen_shot_2014-12-09_at_12.34.34-blog-flyer.png" alt="" width="470" height="292"></a></p> <p>The sharing economy is a new way of interacting with each other, for the next generation it will just be normal.</p> <p><strong>Olivier Grémillon</strong></p> <p>We’re so new there are no laws to regulate what we’re doing.</p> <p>It’s normal that there’s a reaction to a new phenomenon, but I think we’re past the point where governments think they have to try to regulate us.</p> <p>As long as you explain what you do, how it will remove some costs for the users, how more people can visit some wonderful cities, then it will be fine.</p> <p>In some cases it does need to be regulated as you need things to be fair and clear, and it’s normal that this creates some debate, but it’s a healthy debate.</p> <p><strong>David Estrada</strong></p> <p>Governments don’t have a framework for what we do. </p> <p>They have regulations for taxis that are aimed at trying to create a safe environment and they want to do the same for us.</p> <p>We need to change the mindset and show them that we can create the same level of trust and safety with no level of regulation from the government whatsoever.</p> <p>We already take on background checks and all of the costs. </p> <p>Let us take on the burden and let individuals deal with one another directly without the government always being the intermediary.</p> tag:econsultancy.com,2008:BlogPost/65367 2014-08-27T16:24:00+01:00 2014-08-27T16:24:00+01:00 Three’s a crowd: how first-party data builds customer relationships Rachel Serpa <h2>Multiple devices</h2> <p>In a time when consumers would sit down at their desks in front of their computers and dial-in to the internet, third-party cookies functioned to give marketers a fairly thorough picture of consumers’ web browsing habits.</p> <p>But consumers today don’t 'log online,' they live online. According to Mary Meeker’s 2014 Internet Trends report, on average, people in the US spend over seven hours each day looking at screens - that includes 103 minutes in front of computers, 151 minutes using smartphones and 43 minutes with tablets (Quartz).</p> <p>As if Google searches and browsing behaviors weren’t limiting enough, cookies only function across individual devices. Businesses still depending on third parties for customer insights are left with an increasingly fragmented view of their customers, making it impossible to build cohesive, end-to-end customer journeys. </p> <p><strong>Go from third</strong><strong> to first</strong><strong>:</strong> Stop relying on cookies and start capturing consumer identity via <a href="https://econsultancy.com/blog/11051-21-ways-online-retailers-can-improve-customer-retention-rates">site registration</a>.</p> <p>Giving visitors the option to login to your site or app gives your brand first-party, permission-based access to customer data, enabling you to <a href="https://econsultancy.com/blog/65027-repaving-the-customer-journey-preparing-for-the-future-of-multichannel">tie all on-site, cross-channel activities to a single user identity</a> and create cohesive customer journeys across devices. Establishing consumer identity also solves the growing issue of shared devices.</p> <h2>Data privacy</h2> <p>Yes, third-party cookies track consumer search and browsing behaviors across the web. But that’s not even the worst part. Many consumers don’t even know that they are being watched or that their data is being bought and sold.</p> <p>And those that do know have made it clear they don’t approve: 65% of consumers delete their cookies, and 39% have changed their browser settings to block them altogether (MediaPost).</p> <p>As more consumers catch-on about cookies, third parties are taking even more invasive approaches to get their hands on user data. Canvas Fingerprinting, which essentially attaches hidden number identifiers to user devices and is extremely difficult to disable, is just one example of emerging 3rd party practices.</p> <p><img style="float: right;" src="https://assets.econsultancy.com/images/resized/0005/2002/privacy_seal-blog-half.png" alt="" width="300" height="196"></p> <p><strong>Go from third</strong><strong> to first:</strong> Earn your customers’ trust by openly informing them of the data points you are looking to collect, as well as how this information will be used and that you will never sell it to third parties.</p> <p>Don’t ask for all desired data points the moment a consumer visits your site; adopt a progressive profiling approach that enables you to gather a greater depth and variety of information over time. Not only does this improve consumer relationships, but it also increases the accuracy of the data you collect.</p> <h2>Relevant experiences</h2> <p>Think about it: if someone were to try to characterize you based on your browsing history, what would you look like? Does searching for “Louis Vuitton” make you rich? Probably not. Does clicking on an ad featuring a cute baby make you a mother? Or even a woman, for that matter? Not necessarily.</p> <p>The truth is that most third party profiles have consumers all wrong. Particularly with the rise of mobile and shared devices, arbitrary ad clicks and search queries are hardly a reliable means of consumer identification. </p> <p>This then begs the question, how can you have a relationship with a customer if you don’t even know who she is? With a recent Responsys study revealing that 34% of consumers say they have “broken up” with a brand due to receiving poor, disruptive or irrelevant marketing messages, the answer is, you simply can’t.</p> <p><strong>Go from third</strong><strong> to first</strong><strong>:</strong> <a href="https://econsultancy.com/blog/64684-will-you-survive-the-logged-in-user-revolution#i.1lw8hl381fcneu">Prompting users to sign-in to your site or app</a> using an existing social media account makes consumer identity verification seamless, especially via mobile device, while giving your brand permission-based access to social data points including favorite brands, activities, relationship status and more.</p> <p><img style="vertical-align: middle;" src="https://assets.econsultancy.com/images/resized/0005/2003/journeys-blog-full.png" alt="" width="615" height="403"></p> <p>However, even identity-related data is difficult to manage without a single view of consumers across channels. Put a robust master database in place than can consolidate insights across your marketing channels to give you a complete, real-time picture of your customer base.</p> <p>Third party data and collection techniques are deeply embedded in many businesses today. Extracting these practices from your marketing efforts will take diligence, but it’s a necessary transformation for brands looking to establish 1:1 relationships with their customers. Three’s a crowd.</p>