WhatsApp has become one of the world’s largest messaging platforms. In fact, it’s the largest platform in Malaysia! The app is used by billions of people the world over and continues to grow even today.
Thus, it has become even more imperative that we take steps to make the platform more secure for ourselves. Here are a few simple measures you can take to make the platform that much more safe for you.
1. Take Control of Your Privacy
Did you know that you can control who is able to access and view your information? Everything from your profile picture to read receipts can be controlled from the app’s privacy settings. So, it’s pretty important that you review your settings on a regular basis to make sure everything is in order and up to date.
To access your settings, just launch your WhatsApp. Click on the hamburger menu (the three dots) on the top right; go to settings and head to account. In the account menu, you will see a menu for privacy. Here you can choose who can view your last seen, your profile picture, your status and even your about. Yes, WhatsApp has an about section. You even have the options to limit who can add you to groups. You’ll be able to choose from “Everyone”, “My Contacts” and “Nobody”.
2. Block Unwanted People
Ever since WhatsApp became a global phenomenon, we’ve had random people whom we don’t know adding us and sending us messages. Sometimes these messages can even be explicit pictures which no one asked for. While it’s impossible to not get messages from random people, you can block them if things get out of hand. Simply tap on the contact or long press the chat and you’ll get a few options, select block contact. You’ll also be provided with an option to report and block the contact.
3. Turn on Two Step Verification
Just like any other online account, WhatsApp has a two factor authentication option. For WhatsApp, this option allows you to keep prying eyes out of your account by requesting a one time pin when you log in.
Simply got to your account settings again, and head to the two step verification option and enable it.
4. Keep Track of your Account by requesting your account information
Did you know that you could request for your WhatsApp account information? Now, you do. It takes about 3 days from the day you submit your request. This option allows you to export a detailed report of your account information and settings. This includes your profile photo, group names and more.
All you have to do is head into you Account settings and click on the Request Account Info option and tap request report. In 3 days time, the information you requested will be sent to the email you have provided.
5. Turn off Read Receipts
Turning off those blue ticks will help you prevent people from tracking whether you’ve read their messages. This also allows you to dodge that person that’s been hounding you the past few weeks.
All you have to do is head into the Account settings and disable Read Receipts.
6. Delete and Report Spam
Many a time, the random messages we receive are usually people selling stuff or some Nigerian Prince with a fortune to giveaway. These unwanted spam and phishing messages pose a serious threat to your security. Once you realise that a chat is spam or a phishing message, make sure you delete and report the user to WhatsApp.
You can do this by tapping on the chat or group name, scroll all the way to the bottom and click on the Report option in red. You can also access this option when you click the three dots on the top right hand corner of your WhatsApp when your in the chat or by simply long pressing.
Once reported, WhatsApp receives the most recent messages sent to you by a reported user or group, as well as information on your recent interactions with the reported user.
While taking these steps are important, it is still best to remain vigilant and alert when you’re online. Even more so when you get random messages from unknowns. That said, don’t use privacy and security as an excuse to not keep in touch with your friends and family!
Earlier in April, Nintendo announced that it had experienced a security breach when it came to user Nintendo Accounts. The breach was initially pinpointed to those who had used their legacy Nintendo Network ID (NNID) to sign in to their Nintendo Switch. In their initial announcement, the company noted that there were about 160,000 accounts that were affected, but, now, weeks later, the number of accounts has nearly doubled to 300,000 accounts. Nintendo attributes this increase to the investigation that it has undertaken in light of the initial detection.
The issue came to light when an increasing number of users on the switch reported that their accounts were being used to make purchases that owners were not aware of. If you have a credit card or Paypal account linked to your Nintendo account, it would be prudent to check the transactions that have been done on the account in the past weeks. Users who have been compromised are also getting sign-in notifications from unknown devices via email.
You can help secure your Nintendo Account by enabling 2-Step Verification.
— Nintendo of America (@NintendoAmerica) April 9, 2020
Nintendo of America tweeted for users to activate their two factor authentication (2FA) for logins out of the blue prior to the initial announcement. However, with the increase in the number of accounts being compromised, it is increasingly more evident that if you have a Nintendo Account, you’d best reset your password and activate 2FA. Otherwise, you’re risking unauthorised purchases via your linked credit card or Paypal account. In addition to unauthorised purchases, sensitive data such as date of birth and more can be viewed by bad actors.
Nintendo’s latest console, the Nintendo Switch, has put the company on the map again as a serious contender in the gaming console market with over 5 million consoles sold to date. The company is sticking to its guns saying that less than 1% of its users are affected. However, with investigations ongoing, users are advised to take precautions.
Working remotely or working from home has become a constant reality for businesses amid the current COVID-19 pandemic. However, with work from home, service providers and businesses are facing greater cybersecurity risk than ever before. To that end, Acronis has introduced a new product, Acronis Cyber Protect, to help service providers and businesses fortify their defenses and empower their workforce to continue being productive remotely.
Acronis Cyber Protect is a solution made for managed service providers to ensure that they have all their bases covered when it comes to keeping data and work infrastructure intact and secure. The new offering from Acronis allows managed service providers to cover all their bases and provide a complete service when it comes to securing their clients and enabling them to allowing the mobile workforce effectively.
The new offering can be boiled down to three main components: Anti-malware, Backup and Recovery, and Security and Management. Using the anti-malware services offered by Acronis, service providers are able to dynamically detect and prevent malware infections of devices. This includes data within up to date backups created with the Backup and Recovery services provided by the new offering. These backups are done automatically with next generation continuous data protection technology from Acronis. Providers are also able to provide remote support via the remote desktop service as well. Service providers are also provided a simple, unified console to manage all the relevant services.
The new Acronis Cyber Protect has been tested by German security institute, AV-Test. During the test, the new offering was subject to a set of rigourous tests to ensure that the offering was able to handle what it claimed to. Cyber Protect scored an impressive 100% detection rate with a 0% false positive.
Acronis Cyber Protect is available now via their official website. Interested parties are able to request a fully functional trial. The new product will be available at the same cost of Acronis Cyber Backup Cloud until July 31, 2020.
Sidestepping the first issue which sees Google and Apple aiming to implement their feature directly on a device’s operating system while the NHSX version requires a downloadable dedicated application, this article will focus on the issue of privacy arising from the second issue.
In essence, Apple and Google have insisted that if there is to be any collaboration between the NHSX and them for the purposes of contact tracing the storage of all data will have to be decentralised. The NHSX, on the other hand, is pushing for centralised storage of data.
What’s the difference?
Before deciding on one system or another, it’s best to understand the basics of the distinction between these systems.
A centralised system has a single storage point and controller of the data collected. The central controller of the data may grant access to other users but remains ultimately responsible for the system as a whole. A centralized system is relatively easy to set up and can be developed quickly. Such a system is very useful where continuous modifications to the parameters of the system are expected or where the use of the data needs to be adapted for different purposes.
In contrast, a decentralised system has multiple controllers of data all of whom collect and store copies of the data on their respective systems. This system allows for quicker access to data and less risk of downtime as a fault with one controller will not necessarily affect the others.
The third form known as a distributed system in which there is no single central owner at all and instead gives collective ownership and control to each user on the network is unlikely to be used by either party.
Each system has its advantages and disadvantages and to make a decision between a centralised and a decentralised system the NHS and the tech giants will need to take into consideration a range of issues including:-
The overall effectiveness of the technology;
The adaptability of the system to the shifting demands of research;
The cost of deployment and maintenance;
Whether or not the system is a security risk for the user;
Whether there are compliance concerns.
Why is a decentralised system so important?
Google and Apple have been clear that the reason for a proposed decentralised system is to avoid the risk of mass government surveillance presently or in the future. This is a genuine concern as the data being collected will be directly related to a user’s location and medical history. Although not absent from criticism, this position is the preferred option and has been supported by academics and numerous civil rights groups including the Electronic Frontier Foundation and the American Civil Liberties Union.
Still, the European position is split with the seven governments supporting the project known as the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) which proposes a centralised repository of data and a growing following for the Decentralised Privacy-Preserving Proximity Tracing (DP-3T) advocating a decentralised system.
The NHS itself may not be intent on surveillance however being publicly funded draws immediate speculation to its government links. In addition, both the NHS and the UK government have had a poor record of handling large scale IT projects such as the failed £11bn National Programme for IT, scrapped in 2011 and the plans for a paperless NHS by 2018 which could not even take off.
What about the NHS position?
Unfortunately, the focus on privacy risks coupled with the NHS’s bad track record in the field of technology projects have detracted from the core issue at hand – What does the NHS need right now to curb the spread of the Covid-19 virus?
Ross Anderson, an advisor to the NHS on its contact tracing application highlighted the problem with a decentralised system:-
“…on the systems front, decentralised systems are all very nice in theory but are a complete pain in practice as they’re too hard to update. We’re still using Internet infrastructure from 30 years ago (BGP, DNS, SMTP…) because it’s just too hard to change… Relying on cryptography tends to make things even more complex, fragile and hard to change. In the pandemic, the public health folks may have to tweak all sorts of parameters weekly or even daily. You can’t do that with apps on 169 different types of phone and with peer-to-peer communications.”
The Covid-19 virus took approximately 2 months to infect 100,000 UK residents and the spread has shown few signs of a slowing infection rate. Time is critical in this situation and correspondingly, flexibility in adapting to the constantly changing nature of the infection is a necessity. Decentralised systems do not allow for rapid evolution.
In addition, we should consider that unlike centralised systems, decentralised systems are often unencrypted. While trying to prevent a government from carrying out surveillance, the Google and Apple system may inadvertently open itself up to more security problems than expected. In fact, they have themselves admitted this risk stating that nothing is “unhackable”.
As a second consideration, the API that Google and Apple will release will likely have strict limitations on the type of data that may be collected. For example, the NHS would not be able to gather a list of every person a user has been in contact with based on user proximity. Instead, it will utilise a more manual version of contact tracing involving sending every phone in the system a list of other phones that have been reported as contagious, and asking the user whether they have “seen this user” Such a system relies heavily on user verification which is often incorrect or simply disregarded.
Key location data which may be used for developing population flow maps and anticipating the further spread of the virus will likely not be made available under Google and Apple’s current proposal. It is also important to note that data from contact tracing could be used beyond the scope of curbing the spread of the virus i.e. for decisions on directing the flow of emergency aid, development of temporary healthcare facilities, deployment of healthcare equipment and personnel.
What has been going on elsewhere?
Contrasting the UK’s situation, the Asian experience, having less stringent data protection regulations, have taken remarkably different approaches to Europe in general.
Hong Kong, for example, introduced the mandatory use of an electronic wristband connected to a smartphone application to enforce quarantine for arrivals from overseas. Users refusing to adopt this requirement are refused entry into the country.
South Korea won praise for both tracking and publishing data relating to affected person’s travel routes and affected areas, the data being collected through the government’s application as well as numerous independent applications. Residents also receive numerous location-based emergency messages and are not allowed to opt-out of this function.
China’s measures, which have come under considerable question, see a private entity collaboration through the Alipay Health Code. Citizens are given a ‘traffic light’ status that determines the restrictions that will be imposed on them. Although the exact basis for determining a person’s status is not known the status has widespread application including restriction of access to certain public facilities and payment systems.
Privacy concerns of these measures aside, all these countries have seen a considerable reduction in the spread of the Covid-19 virus. While it would be premature to suggest that this is solely attributable to the contact tracing measures implemented there is no doubt that the quick and extensive deployment of the technology has contributed to the battle against the virus’ spread which begs the question:
Is privacy getting in the way?
In 1890, Brandais and Wallace, pioneers of modern day privacy wrote:-
“…To determine in advance of experience the exact line at which the dignity and convenience of the individual must yield to the demands of the public welfare or of private justice would be a difficult task…”
The UK and indeed Europe are at this juncture and need to decide on the cost of the compromise as the death toll and infection rate continue to increase. History reminds us that the greatest privacy and surveillance violations occurred when the world was focused on a raging war and in fact it is times like this that we must be most vigilant about rights.
Digital transformation is no longer a thing of the future. In this increasingly digital marketplace, data is the key strategic asset for businesses to remain agile and effective.
To do so, more and more organisations are launching various digital transformation initiatives such as data analytics, machine learning, robotics, and artificial intelligence to boost their business’ returns and efficiency. Such efforts are already seeing measurable returns, according to 58% of C-Level executives in Malaysia in a study by Workday in partnership with IDC Asia Pacific[1].
Investing in the right technologies is crucial, and one area that businesses should look into is co-location and hybrid cloud computing.
The Competitive Edge of Hybrid Cloud Computing
With all the buzz surrounding cloud computing today, public cloud services have become a popular option among organisations. More businesses are migrating their services and application development to the cloud to take advantage of its cost efficiency, flexibility, scalability, and collaboration efficiency.
However, some local organisations may still be reluctant to migrate to the cloud. Among the key challenges that hinder them from adopting cloud in their day-to-day business operations include lack of awareness of the cost benefits and the cloud migration process as well as cyber security issues.
Cyber security is also an issue if the organisation’s applications use highly confidential data that can’t be stored off-premise. Public cloud services also have their fair share of concerns, such as performance, control, regulatory, compliance, and security threats. The existence of legacy monolith apps or systems may also prevent an organisation from making the migration.
To address these challenges, many organisations are adopting hybrid cloud computing. In essence, a hybrid cloud is a computing environment that combines both public and private cloud. Part of the organisation’s IT capabilities and data are moved to the cloud (public) while certain elements remain hosted in a single-tenant environment (private).
Migrating to a full cloud environment without proper planning has its risks and pitfalls. A hybrid cloud model allows an organisation to streamline its day-to-day functionality without interrupting its core services. Hybrid cloud computing also offers a degree of flexibility and scalability since businesses can take advantage of the computing power of a public cloud when necessary while keeping essential business functions securely separated.
Furthermore, the computing workload of an organisation’s day-to-day operations will usually fluctuate depending on demand, making massive capital expenditures to handle short-term resource spikes costly and ineffective. Hybrid cloud computing with a direct connection to a global cloud service providers (CSP) would allow organisations to offload to a public cloud when required, so organisations only have to pay for the additional storage and compute resources they have ‘rented’ temporarily.
Selecting the Right Hybrid Cloud Deployment
The adoption of hybrid cloud technology has become increasingly important, however choosing the right data centre is also vital for any business strategy. Organisations need data centres that provide comprehensive global points of presence and connectivity. AIMS Data Centre, a leading cloud infrastructure services provider in Malaysia, offers direct access to multiple global CSPs. Instead of multiple connections, a single connection is all that is required to connect to global CSPs, simplifying IT infrastructure management. The connection also bypasses the public Internet, which enables better latency and enhanced security & consistency when accessing cloud services.
By co-locating with AIMS, businesses can be linked to its dynamic ecosystem for faster, more optimised performance. As one of the most interconnected data centres in the region, AIMS Data Centre can help to accelerate your company’s digital transformation and deliver greater value to customers and stakeholders.
Improving Business Efficiency Through Interconnected Data Centres
In the past, businesses had to allocate resources to maintain a server room with its own specialist team to manage and maintain individual servers. Today, businesses can greatly reduce their operational expenditures by co-locating in dedicated interconnected data centres, which are instrumental in connecting, supporting, and safeguarding an international business network thanks to their larger bandwidth and capability to connect to multiple transit providers.
As the point of connection for local and international Internet Service Providers as well as content providers, a business co-locating at AIMS Data Centre will enjoy direct peering privileges, which means optimised traffic and services at a lower cost.
Data centres like AIMS also offer a host of benefits that organisations may not have the time and resources to set up, such as specialised cooling containment technology, customisable rack solutions, uninterruptible power supply systems, and 24/7 round-the-clock security, monitoring, and support. This means an organisation’s IT team can focus on their core business and maximise its potential, while AIMS takes care of the rest.
