The retail sector is under constant change, buffeted by challenger direct-to-consumer (DTC) brands, economic uncertainty, and shifts in consumer behaviour.
However, as Graeme Finneberg, country manager, UK, mediarithmics, outlines here, one thing is for sure: staying as you are and hoping for the best is not an option for any retailer that wants to ensure a long-term future.
It’s essential to be agile and constantly review existing strategies like price, location, marketing, product range, etc. to ensure they reflect the needs of today’s consumer. As part of this, it’s important for retailers to understand the worth of all the assets they own and how to make the most value from them. Yet many are unaware that one of their assets, their data, actually has the potential to be a totally new revenue stream. And perhaps it’s time to develop a whole new media strategy – where they are the media brand themselves.
To give you a hypothetical example, Sony could provide its CRM data to Curry’s to match to its own data. Curry’s would then be able to identify which of Sony’s customers are looking on its website for Sony products – or, indeed, for Panasonic products. In this way, Curry’s could provide unique insights into Sony’s customers, and send them hyper-relevant, personalised retargeting or email campaigns from Sony. They would do this by holding Sony’s creative assets and managing campaigns as a full-service offering.
We are already helping several retailers to set up the appropriate technology they need to do this and become the media brands of the future. They are confident in making the investment as they understand the huge value their data offers their suppliers and partners and, therefore, the big return it will create for them. Interestingly, we are also talking about this with DTC brands that are resellers of other brands as, while they tend to not have the scale that makes retailers so ripe for this opportunity, they often have a strong niche market. This can be appealing to relevant advertisers looking for new ways of reaching specific audiences, such as cyclists or pet owners.
What is making this a very real option today is the sophistication of the new generation of universal data marketing platforms, which can house all the data and pipe out the campaigns in real time.
However, it will take a big shift in mind set, as well as great tech, before more retailers take the plunge and embrace their new media role. In some ways, it’s not such a massive change as, after all, they are still doing what they do best – selling things. It’s just that the product is their data. Perhaps another way for retailers to view this new opportunity is as trade marketing on steroids! Whereas once suppliers used to pay for aisle endcaps, now they can pay for inventory. We call it ‘e-commerce 2.0’.
To set up their own media shops, retailers will need to invest not only in technology but also hire around three members staff to run the business initially – one to run the tech/campaigns; one to understand the data; and one to sell the campaigns. Hence there are set up costs, but the draw of the data for advertisers should mean reaping rewards fairly quickly.
This has massive potential for retailers, but it also gives advertisers an exciting new source of digital ad inventory with additional benefits like measurement and attribution – things that are often lacking in trade marketing; plus, all parties have the potential to forge stronger, more informed relationships. It truly is a win/win situation.
In 2018 the high street took a bit of a battering as reported by the BBC:
In the three months to September, there were 93,000 fewer jobs in retail in the UK compared with the same period the previous year, according to the Office for National Statistics.
Two years ago, the British Retail Consortium warned there could be up to 900,000 fewer jobs in retail over the next decade – an industry that’s the biggest employer in the private sector.
That prediction is now starting to play out in what’s been a turbulent year.
Stores are struggling to compete with their own online success.
“The problem for most big retailers is that they’ve signed up in the past, when it seemed like a good idea, on, say, 25 or 30-year leases. The one thing you can’t alter is your biggest single cost. The fact that you can’t get out of those leases is the ultimate killer blow,” says Sir Ian Cheshire, the former chief executive of B&Q who is now chairman of Debenhams.
With one in every five pounds being spent online we have to stop the online v instore battle and use technology to supplement the high street.
Continual discounting is even causing online stores such as ASOS to struggle too.
In the traditional approach to marketing, companies develop products or services and then implement strategies to help attract new customers to their business. (See also Traditional Marketing)
But times have changed. Today’s consumers drive a market, not just a business. Therefore, companies must tap into a market’s mood and provide what consumers want. This is where disruptive marketing takes its cue.
In truth, disruption is more a business model than a marketing approach. Most companies still tend to market through traditional means, which provide plenty of opportunities for rival companies to disrupt current messages. However, consumers have become stubbornly resilient to shifting messages, thanks to an increasingly crowded market. To combat this, a company’s product or service must innovate and and pay attention to consumers, delivering exactly what the market wants.
Disruptive low-cost advertising?
The moola rewards platform is a self-service web-based application that retailers use to reach students directly, offering deals and discounts to cover slack periods within the day or week.
Students discover offers and deals through a free to download app which uses geo-targeting to update as the student walks from street to street.
For the high street to compete with online it needs to work hard to rediscover itself. It can’t simply die and probably won’t. High street shopping is an event that people enjoy. It’s entertainment. With moola rewards, retailers can create an unlimited number of vouchers to cover as many events as the retailer can think of.
Location-based technology is opening up a world of opportunities for independent retailers including shops, bars, and restaurants on the high street. Geomarketing makes it possible for consumers to see your products and services at the point they want to buy them.
Moola Rewards is a student discount app that uses location-based technology to offer students discounts that are active and available right here, right now. By presenting deals that are around where the student is located, advertisers improve the chances of making a sale. Research conducted by Google shows that 61% of smartphone owners prefer to buy products from sites that offer customised content for their location.
What is Geomarketing?
Geomarketing is where location-based data is used in the presentation of marketing content to your target audience. The moola rewards student discount app presents deals and offers based on the student’s location on the high street. It presents the deals that are physically closest.
The retailer creates an account adding their logo, contact details, location information for each of their premises and vouchers. For a monthly fee of £9.99 + VAT they can publish an unlimited number of deals. Each voucher can be created for different times of the day and different days of the week.
Benefits of Geomarketing
Unlike other forms of online advertising where retailers bid for keywords with results presented in order of who paid most, geomarketing levels the playing field and increases relevance. In a nutshell geomarketing makes it easy to engage your audience with quality, relevant content that’s hyper-targeted to where they are now. It can Goemarketing help by encouraging students to shop in-store as opposed to online.
Students download the app and register their details including their university email which is verified to prove their student status.
Focus on The Right Deal
The moola rewards app utilises geomarketing to drive real customers to your business while simultaneously simplifying the advertising process. There’s no fiddling around with keywords which have to be shoehorned into a title and a brief description. Instead, it’s simply a case of offering a great deal using whatever language best describes it.
Drive Custom not Interest
The moola rewards app gives retailers the tools to drive custom by offering deals they can choose right here, right now. Start your trial now.
There are a lot of generalisations about students. The common stereotype is of a white, middle-class student from the UK aged 18-21 who are studying for an undergraduate degree, goes out all the time, drinks a lot and does not work.
But does this image bare any resemblance to any actual student?
Given there are currently 2.5 million students studying at over 165 Higher Education Institutions one or two might fit this stereotype, but, the student body is far more diverse than stereotypes would suggest.
International students in the UK
The UK is a leading provider of Higher Education on the international market. Currently, non-EU students contribute over £5 billion to the UK economy.
Half of this is from off-campus spending.
There are over 400,000 non-UK students studying in the UK from all over the world. 42% of international students are from Asia, 31% from the EU (non-UK), 9% from Africa, 6% from North America and 6% from the Middle East. Most international undergraduate students are from China whilst most international postgraduate students are from India.
Ethical and environmentally responsible
Students are an engaged part of society in the issues which affect people around the world. They have a strong sense of social responsibility and are increasingly environmental and ethical.
74% of students believe that ethics are very important, with a further 23% believing that they are somewhat important. 65% believe that it is very important to be environmentally friendly with another 32% believing it to be somewhat important.
Work, study and party
Students have largely unstructured days and spend a lot of time socialising. The average student claims that they spend 52% of their time studying (other research suggests that this number may be closer to 30%), 29% socialising, 15% engaging in extracurricular activities, clubs and societies and 5% working part-time.
Looking the part
For many students projecting the right image and identity is important. Students are more likely to relax at the happening venues, wear designer clothes (than second-hand clothes from charity shops) and have the latest gadgets and technology.
Students are also far more likely than other consumers to consider the brand image when choosing a mobile phone or whilst buying a computer or technology. You only need to enter a university library to see Apple computers scattered across many desks.
Deciding what to buy
Students are very savvy consumers. They are price sensitive and always looking for offers and promotions. Price is a very important factor for 83% of students.
66% of students use search engines prior to making a purchase online and 52% of students check out a number of online shops.
49% of students use review sites and 42% check out the brand or manufacturers website.
Only 20% of students use community or forum sites, and just 5% use social networks to inform their decisions.
Baked beans on toast or roast lamb for dinner?
There is a persevering image of students eating baked beans on toast or pasta because they can’t afford anything else. Though students are very aware of how much money they have and what they are spending it on, this image simply isn’t true. The average weekly spend by students is £185.
Fresh olives and calamari for dinner please
With an average weekly spend of £185 students don’t want to deprive themselves of the latest trends.
For instance, 51% of students have sky or digital TV at home.
Students’ don’t dress on the cheap either, spending between £120 and £200 per month on clothes. They tend to stay on top of the latest fashions, go out twice a week and have the latest technology.
The biggest expenditure for students is rent. Although this varies by location, on average it costs students around £4k per year outside London, or £5k in London.
Students spend a further £2k per year on Food and household goods.
This leaves students on average £2k to spend on personal items each year, and £1.2k on leisure activities.
The top financial priority for students is rent, followed by food, snacks, drinks (non-alcoholic) and then bills.
However, students are savvy consumers. They are 2.5 times as likely to be amongst the heaviest online consumers and non day-to-day purchases are made online, taking advantage of vouchers and offers.
They aren’t typically impulse buyers and are also price sensitive and know how much they have and what they are prepared to spend it on.
Harnessing free time
Students have largely unstructured days which allows them to spend a lot of time socialising. This generates a constant need for new topics of conversation and a strong word of mouth community.
When seeking opinions on new products friends are the favored and most trusted source.
Indeed, 71% of students list word of mouth as a key way that they find out about new products and trends, followed by TV for 54% of people. Outdoor is also a key player, especially Adshels and transport media, as in many cities students use public transport.
On average students use 2.6 loyalty cards on a regular basis and 86% of students say that loyalty cards make them more likely to use a product or service.
Students are also less demanding about the benefits and rewards which are offered by loyalty cards due to inexperience. However, students are more likely to be concerned about having their data collected and abused.
Loyalty cards have a strong penetration amongst students. 54% of students have a Tesco Clubcard, and 51% have a Boots Advantage Card. 96% of students who have a Tesco Clubcard or Boots Advantage Card use it on a monthly basis. In fact 89% of loyalty cards held by students are used on a monthly basis.
However, loyalty cards aren’t necessarily driving behavior. Students are most likely to have and use a loyalty card because they were going to use the service anyway, and the card offers appropriate points or discounts.
Advertising your products and services online is easier said done. With a plethora of social media and other advertising platforms such as Google Ads. you would think that it would be easy. The problem is that nothing is easy. For a small business with a limited budget where the business is run by one or two members of staff who take on every role, it’s difficult to be great at everything.
Art of Low-Cost Advertising Ideas
Startup businesses, in particular, find this difficult as there are so many ways that a limited budget can be spent, and potentially wasted, if you don’t keep your wits about you.
Also, many of the advertising opportunities that you find may require a lot of your time to even understand what they are offering. If you aren’t a marketing expert you can easily end up looking out from the bottom of a big hole.
A typical scenario is that you decide to start with a website, and you maybe know someone who can knock this together for you for at mates rates. It’s a great start. You have a website, but you need some slight amendments to add new images or change service descriptions etc.
You go round this loop a few times and suddenly you find the changes aren’t being implemented as quickly as you’d like. You’ve become a burden. So now you’re stuck in limbo with a website that isn’t up to date. Putting that to one side for a moment, you decide to press on marketing your business by advertising on Facebook or through
Google Ads if you can afford it. Or you choose a free option such as writing blog posts or articles.
Monitoring your paid advertising or writing and posting ultra interesting content takes time, which is that could be spent focusing on other aspects of your business.
What you need is an easy to use website builder so that you can create and maintain your own web content. You need to be able to maintain your site from your mobile phone and choose from a variety of components such as image and video galleries with the ability to promote events and vouchers.
Having a social media presence is great if you have an audience that stretches beyond your friends and family. Having the capability to advertise to a specific demographic such as students using geo-targeting could be a dream come true.
Having the capability to advertise directly to students and target your audience in a few clicks will enable you to find more shoppers, sell more stuff, advertise smarter and become a bigger brand.
With advertising, you have the capability to create and maintain your own website and advertise directly to students through a mobile app for less than a tenner per month.
Caroo will be exhibiting at Tech Show North this year.
Your old road is rapidly agin’. Please get out of the new one if you can’t lend your hand, for the times they are a-changin’ — Bob Dylan, 1964
To be fair to the gravelly throated folk scamp, no-one could have predicted just how much the times were to a-change in the ensuing 50 plus years. All facets of life have changed drastically in the last 20, ten, even five years, especially the world of work.
As younger generations start entering the world of employment, the ways in which they gather and share information is dictating how they navigate the potential minefield of finding work. So why should they have to fill out a tedious CV and hand it out left right and centre just because it’s what we’ve always done? Nuts to that, it doesn’t make sense.
Let’s get rid of the CV. I mean, just look at the acronym itself – CV – curriculum vitae; Latin. A dead language. Thank you for your service, we’ve had a good run but pack your things and move on.
It’s strange that we as a society only cling on to a couple of select norms, while being ruthless in how we change with other things. Look at the Yellow Pages; it used to be as thick as a log, but now resembles a pamphlet because we all realised that Google is faster, more convenient, more accurate.
The high street used to bustling and fit to burst because it was the only place you could pick up whatever your heart desired, but then eBay, Amazon et al came along and decimated the competition by having a greater range of products, for cheaper, all able to be conveniently ordered from your armchair. Now granted, the Yellow Pages and the high street are still there, but they’re no longer the de facto way of doing things, more an alternative option.
Why can’t we treat CVs the same way?
Chances are, you’ve come across someone else’s CV, whether you’ve been hiring, passed one on to a colleague who is hiring, or helped a friend write one. Now raise your hands if you found the process of looking over other CVs a rewarding and engaging task that helped you get a feel for a person’s personality…
…no, put your hand down and stop lying.
No-one likes writing them, no-one likes reading them. They’re just a boring plodding procession where we try to curb our own personalities in order to put across a version of ourselves that we think would be ‘acceptable’ in the workplace. How many companies have been disappointed when these on-paper superstars are far different in reality and, more importantly, how many people have gone into roles trying to live up to their ‘CV self’ and ended up miserable and stifled at work? Even worse, imagine the amount of times where a company and candidate have been an absolute one-in-a-million perfect fit, but because the candidate’s CV wasn’t exemplary they were bluntly cast aside into the literal and figurative waste paper bin.
We need to rethink how we sell ourselves. You hear stories all the time about someone who hid their CV in a tray of donuts, or posted it on a billboard, or who glued their CV to the back of a goat and sent it to cause havoc in an office. These are all well and good, but if you’re needing bribery, a substantial advertising budget or pure unbridled anarchy to get someone just to read the damn thing then surely this shows how ineffective CVs really are.
We are all going increasingly mobile, we all know this, and this is the way our employment profiles should go. A 2017 report by Return Path showed that email usage alone was up to 55% against desktop, up from 29% in 2012 — an increase of 26% in just five years. If we switch focus to video content, a report from Word Stream tells us that over half of all video content is viewed on mobile, with more than 500 million hours of video content watched on YouTube per day.
Switch focus again to online marketing and you find the following (via Word Stream):
51% of marketing professionals worldwide name video as the type of content with the best ROI.
Marketers who use video grow revenue 49% faster than non-video users.
64% of consumers make a purchase after watching branded social videos (via tubularinsights).
59% of executives agree that if both text and video are available on the same topic, they are more likely to choose video.
Social video generates 12 times more shares than text and images combined.
Views on branded video content have increased 258% on Facebook and 99% on YouTube as of June 2017 (via tubularinsights)
So when you think of your CV as a form of advertising, why on earth are we still messing about with a single sheet of A4 paper? The evidence is clear, the future is video.
Not only would video job applications allow candidates to succinctly project their personality, but it will also save hiring managers and recruiters a boat-load of time, never mind help save the environment. Granted, they famously reckon the average recruiter only spends six seconds looking at a CV before moving on, but imagine how much you can get into six seconds of video? Hooking them straight away with visuals is far easier than with Times New Roman 11pt. on white A4.
Let’s change it up, consign the CV to the history books like all other relics.
You’ve seen these data breaches in the news and you’re worried it could be you next. With all the talk of GDPR you’re worried a fine could put you out of business. Time to bring in an ethical hacker so they can perform a security or penetration test.
These are some of the feelings we heard from some of our SME clients. When they started, security was always something they would think about later and, well, now it’s later. They may have had clients insisting on seeing a penetration test report or maybe they want to make sure they find and fix vulnerabilities before they’re discovered by a malicious attacker. We’re aware it is often confusing and it’s very difficult to find information on costs and types of security tests so in this post, we’ve tried to be a bit more transparent to help you decide what type of test you need.
Keep in mind, this is something that even people working in cyber security can’t always agree on. These are our definitions of each test type and they should cover every style of test, although other companies may have slightly different names.
Also keep in mind that there are two main reasons to have a security test – one is to understand whether your company is safe from hackers, and the other is to understand whether your product is secure. This may influence which type of security test you’re after.
Let’s start with the basics. A vulnerability scan is performed using tools to detect known vulnerabilities and, other than the initial configuration, requires very little user interaction. At the very minimum, we recommend most companies perform periodic vulnerability scans. By running the same tools an attacker will, you’ll be able to find and fix any vulnerabilities before they’re found by low skilled attackers – think the classic “15 year old in the bedroom”. Don’t make the mistake of thinking that because a vulnerability is easily found, it won’t be high risk. Vulnerabilities such as SQL injection, Cross Site Scripting or Heartbleed are easy to detect with automated scanning.
Our recommendation: Perform these yourself if there is zero budget for security but be aware a lot of these tools require experience to run and even more experience to filter out false positives. Put in the effort to learn the tools if needed as any vulnerability found by these tools can be found by anyone. If you have managed to put aside budget for security, consider finding a trusted security consultancy to perform these scans but make sure they deliver reports with an attempt to remove false positives and recommendations on how vulnerabilities can be fixed.
Cost: Usually based on number of hosts, applications or IP addresses. Most small or medium companies can expect to pay between £250 and £700 per month. If you choose to do this yourself, keep in mind you’ll likely need to buy licenses for scanning tools although many free tools exist.
Time: You can expect to have results same day or within 5 business days depending on number of hosts to scan and how many results need to be verified.
A vulnerability assessment differs from a vulnerability scan in that it is more manual and requires some amount of security expertise. In a vulnerability assessment, a tester will look for as many security vulnerabilities as possible in a given application or network and report them based on severity. Often automated scanning tools will be used, however these will be to augment the manual testing, rather than being the test itself. In a vulnerability assessment, the focus is on identifying issues that aren’t normally found by tools rather than exploiting them and/or understanding the actual business risk. A vulnerability assessment may also be limited in remediation recommendations – think “user input should be output encoded” rather than a recommendation more tailored to the application.
Our recommendation: If possible, have someone in the team that can perform vulnerability assessments. This can be part of the QA team or a developer that is particularly interested in security. If a third party needs to be brought in, look for companies with experience in security testing and good recommendations.
Cost: A vulnerability assessment is usually between £500 and £800 per day if performed by a third party.
Time: It can vary vastly depending on the size of the application or infrastructure but a basic web application would be two or three days plus a day for reporting.
A Penetration (or pen) Test is often confused with a Vulnerability Assessment but often a vulnerability assessment will be performed at the same time as a penetration test. A big difference is that a good penetration tester will focus on vulnerabilities that can be exploited and aim to prove some actual attack. For example, a penetration tester may want to show they have managed to get access to a database and dump passwords, show they have gained Domain Admin access or even show how several vulnerabilities were chained together to perform an attack.
A penetration test may also discover some weaknesses that might exist even if they could not necessarily be exploited due to the limited scope or time (this might include Denial of Service vulnerabilities or vulnerabilities in third party components). This level of security understanding can only be gained with an experienced penetration tester.
A penetration test is very tightly scoped (i.e. only specific hosts/applications are allowed to be attacked) and there is very rarely a requirement to evade detection. In fact, it’s often common for a penetration tester to ask for valid credentials or access so as to have full coverage in the assessment.
Recommendation: Bring in a third party consultancy to perform penetration testing as often it requires specialist knowledge and someone not involved with development/deployment. This should be done annually or whenever a large change occurs although be aware that a penetration test is a snapshot in time. Just because an application isn’t vulnerable today, it doesn’t mean new attacks won’t be present tomorrow.
We recommend looking for companies with good reputations and although it’s good to use accreditations to figure out which companies are legitimate, don’t forget the smaller shops when accredited companies aren’t a requirement (for some organisations such as government work, they are). These companies are often smaller and therefore cheaper. Unfortunately we’ve seen several cases where a company is selected as they are accredited, only to have a junior consultant perform the test.
Cost: A penetration test can cost as much as £1300 per day. Digital Interruption has significantly lower prices (due to our size, we’ve avoided expensive accreditations and large sales teams) and fixed price packages. We only use senior consultants and experienced ethical hackers.
Time: Like with a vulnerability assessment, a penetration test will take longer with more complex applications or infrastructure. Expect around 5 days including reporting but may be as much as several weeks for multiple applications and complex networks.
A Red Team attempts to simulate a real word attacker in order to perform some specific goal or action. This could be accessing sensitive data, having an ATM spit out money or viewing the CEO’s emails.
Because these engagements tend to be longer and more complex than a Penetration Test, it is only recommended for companies that already have a security budget and only after they have performed regular vulnerability scans and penetration testing. One of the biggest differences between a penetration test and red team is the scope; in a red team the scope is almost completely open (with obvious legal restrictions).
One question we’re often asked is; if we have penetration tests, do we need a red team exercise? Really, this depends. Although penetration tests can help companies secure their applications and infrastructure, there will always be zero days (a new vulnerability), an employee that clicks a phishing email or someone with access to the building that can plug in a malicious device. A Red Team learns what attacks are being used in the wild and attempts to mimic them to gain access to a target company. This type of test highlights where any weaknesses may be.
Another reason to perform a red team test is to test the capabilities of the blue team. As a red team will focus on staying undetected, it is a good way to see what can be found by the internal security or network team. This means it’s critical that only those that need to know about the red team exercise are informed. If you’ve ever said or heard “be careful, a red team exercise is happening this week”, it’s likely it’s not and instead it’s a penetration test.
Recommendation: A red team needs to be performed by an external company or if internal, a completely separate team, that has experience running red team exercises. As a red team needs to emulate real world adversaries, it is important that the team has knowledge of these attacks and tools.
Cost: A red team engagement can cost tens of thousands of pounds.
Time: A red team exercise may take many months as moving too quickly could cause the team to be detected. It may also require development of zero days, creation of new tools that or time to understand the environment once access is attained.
Hopefully you now have a better idea of what type of test is most relevant to you. Get in contact if you’re worried about your security and we will put together a no obligation scope.
This week I gave the introductory talk at the Techs and the City event about mental health. I have a lot of experience in this area and have deep concerns about how mental health is handled, both generally in the tech industry, but specifically in cybersecurity.
The reception to all the talks was amazing, I was asked to turn mine into a blog post. This is the post. This is not just my experience but a call to action, so if you have the time please read to the end.
Over my career I have worked with many people. I have worked with many people because I have never had a permanent job. I have always been a contractor.
I have worked in film where mental health and addiction is glamorised and romanticised, security where it is accepted (but only if you’re l33t enough) and tech where it’s rife.
I have worked in business transformation where I have observed how sick organisations with toxic cultures destroy people. I have worked in the Mental Health Trust where I saw the true impact of this first hand and that there is nothing romantic or glamorous about people in crisis.
I have lost friends and family to suicide.
I have literally grown up with mental illness. My mother has battled mental illness since she was 14. This is most of her life and all of mine. She is a PhD. She is angry. She has a right to be angry. She became ill at a time when it was stigmatised. She wasn’t able to work, she lost her place in society and had to fight to get it back.
This brilliant cartoon by Posy Simmonds was published in the Guardian in 1984. In over 30 years it looks like little has changed in how society responds to suffering.
Society needs to do better.
There are many conditions we need to consider when discussing mental health. Developmental conditions such as Autism, neurological conditions such as ADHD, anxiety disorders such as OCD and conditions like addiction.
I have ADHD. It can be like having a super power.
It gives me (a lot of) energy, drive, stubbornness an over inflated sense of justice, analytical thinking (I question EVERYTHING and have no intention of following the rules) a frighteningly good memory (obsessive) and a high IQ (though also dyslexia, so if its written down you may have zero idea what I’m trying to say).
But this isn’t the ugly side of the condition. And let’s not hide from this. Mental Health can be ugly. The ugly side effects me and by proxy the people around me. Without medication it is unmanageable and it is devastating.
It affects my ability to sleep. My body will be collapsing, but I still wont be able to switch off. It will literally turn off the part of my brain that says I am hungry and make me gag constantly. My lowest BMI was less than 16. Waiting for treatment in the UK literally nearly killed me, because despite what some doctors think, ADHD doesn’t just go away when you turn 18.
I have had several times in my life where I’ve been genuinely worried I’ll be sectioned for anorexia when all I needed was Ritalin.
I’ve constantly had to prove my condition. Even to doctors.
It makes me frustrated, distracted, noise sensitive, light sensitive, obsessive and tactless. It makes me angry. It makes me heckle, it makes me rude, it makes me flit between subjects and loose focus easily. None of which I am remotely aware of without my medication.
The irony that my company is called Digital Interruption is not lost on me.
We have a running joke about how we settle disputes at Digital Interruption.
But when your’ mental health is messing with your brain, it really can feel like you’re stood in a hole with one arm tied to your body, while the whole world; doctors, colleagues, managers, HR, family, friends, are hitting you with a sack of rocks.
I can only get over the blockers to get to the super powers of my neurological condition with the right environmental conditions. Otherwise the blockers just take over. I have been able do this because I’ve always been a contractor so I’m judged on outputs and can set my own rules.
I am successful because I was a contractor so I was judged on outputs and could set my own rules.
Now Jay and I run Digital Interruption we want other people to be able to have permanent, safe and stable jobs and still be the best they can be. We want to empower them. We want them to be celebrated for their output. We want them to set their own rules.
We don’t want to make them stand in a hole and hit them with a sack filled with rocks.
We have made a conscious decision to not just encourage mental health but to defend it.
In our varied careers we have worked with people who are on the Autism Spectrum, have Asperger’s, ADHD, OCD, Bi Polar, are agoraphobic or have anxiety disorders to name a few. All of these people have been talented. All of them have contributed. Some have needed support. Others have given support. Some once needed it and now are paying it forward.
We all need to pay it forward.
We are a small company but our ethics carry us. As we grow this gets harder because we have to resource our work, but our resources have names. They have families. And they have lives.
And Digital Interruption is just that. Interruptive. We are a disruptive business model founded on ethics. We don’t bully and bullshit our customers and we don’t bully and bullshit our people.
Where others hire juniors we hire seniors*. Where they push their people to 100% util we offer unlimited holiday. Where they suggest on site, we recommend remote.
But policies mean nothing if you don’t implement and enforce them. Mental health first aiders are useless if your managers and HR teams are not educated, or worse bullies. Bad managers and bad HR teams make you less secure. Disgruntled and desperate staff are a risk to your business.
We’re a consultancy, which means we have to work with clients. Responding to clients often means sending consultants on site all over the country. But this can lead to burn out, which really effects mental health. If you constantly take people away from their family, their friends, their support networks and routines, and dump them in a Premier Inn in Slough you will break them.
Work should be safe. Constant and last minute onsite scheduling of consultants is irresponsible.
To protect against this as much as we can, Digital Interruption have some clear policies but where we don’t have a policy, as we grow we have made pledges.
1. Personal Days – we will continue our policy of unlimited personal days, so no one has to call in sick. This means time off work, not time at work doing personal things.
If you need a personal day you can have it. We respect your privacy.
2. No forced (or manipulated) on site work – if someone doesn’t want to work on client site or in the office they can work remote. We can balance this with the right mix of consultants and encourage clients to opt for remote jobs.
3. Realistic utility – we will keep our utility at an average of 75%. 25% will be set aside for research, training and admin. This will be spread across the year.
We are small and we cant turn work away, but Jay and I both know all too well what burn out feels like.
4. Flexible working – where we can we will be flexible. This means flexible, not just shifting peoples start and finish times. If this means working odd hours, or working in shorter bursts we will do everything we can to enable this. We will try to offer day night reversal if needed, especially if we have colleagues observing ramadan.
We offer part time to our consultants.
5. Horizontal structure with no bosses – we will keep our structure flat and respect everyone who works with us. The word boss is not relevant, not used and never will be. No one has power over another person. We are not resources and we are not profit margins, we are colleagues and we are people.
And there are things you can do too.
1. Don’t promote bad managers – just because someone was first in the door, or they’ve been with you a long time doesn’t mean they can manage people. It can better to create a more senior technician or consultant role to promote and empower rather than to elbow the wrong people in to management positions.
Not everyone has the right skills and demeanor to manage others.
2. Enforce good policies – review your polices. Make sure they are communicated across the organisation. Make sure they are enforced.
And mostly, review your reporting policies. If you don’t have the facility for anonymous reporting ask your self why. Reporting any abuse including mental health abuses is frightening. Bullying and harassment lead to breakdowns in Mental Health. The very action of putting an identity to a report may make it impossible for someone to do.
Make reporting easy.
3. Ask your staff – if you’re not talking to your people about their health and well-being you should be. They will tell you what they need if you ask them.
Consider an anonymous survey. Do you know how many people in your organisation are living with mental health issues. Do you know if the environment and culture you are fostering is adding to a breakdown in mental health.
Is your employee turn over high?
There are platform such as Report+Support by Culture Shift that offer anonymous reporting, direct help and instant guidance in to users in complete confidence.It’s currently being rolled out across a number of universities. I’m very proud to be their DPO.
If you are a larger business, look in to platforms that facilitate this.
4. Trust, not toys – a game of Ping-Pong never helped my ADHD and Nerf guns and drones whizzing around my head make it worse. Working from home on the other hand can be a god send if I’m struggling to concentrate.
Be mindful that not everyone likes rewards such as social events. Drinking in the office and pressure to attend after work drinks or social activities can make things like anxiety and avoiding self-medication or addition triggers worse.
5. Don’t buy in bad practices – understand who you buy your services from. Don’t use, companies who don’t respect their people.
There are responsible and ethical vendors out there, find them. Ask them for their policies, check on platforms like glass door to see what their people say about them. If you know people who work for there or who used to work there ask them.
If you have someone coming to your site at 9am on a Monday morning ask the scheduler where they are coming from. Are they being asked to travel on a Sunday or get up at 4am on a Monday morning? How often are they required to do this? Have you been up-sold on-site because it costs more?
If a company doesn’t treat its people well you don’t want to hire them. Not just because it’s a bad thing to do, but because you don’t want tired, burned out and resentful people poking around with your tech.
*We’ve been asked to clarify why we don’t currently hire juniors. At the moment we’re too small to dedicate the time and resources to provide the mentorship juniors deserve. We believe this would put them under additional pressure and/or stress to perform above their current skills set.
Digital Interruption is lucky enough to have a penetration testing team which consists of experienced hackers and penetration testers.
This means we often have the pleasure of experimenting with attacks and demonstrating weaknesses that might otherwise only be seen as theoretical attacks. One great example of this is TEMPEST – also known as Van Eck Phreaking. In this blog post, we’ll see TEMPEST in action and try and help you understand whether this is an attack you should worry about.
What is TEMPEST?
First, some background. TEMPEST is an attack that has been known about as early as the 70’s and brought to public attention by Wim van Eck in the mid 80’s. TEMPEST is a technique an attacker can use to remotely spy on electronic devices using equipment to pick up side-band electromagnetic transmissions. This effectively means it’s possible to recover data about what the device is doing based on things such as the unintentional transmissions that most electronic devices will emit when in use. The reason why these transmissions exist is due to the nature of electromagnetism; as electricity (i.e. data) travels along a wire, it will emit a magnetic field. If this can be picked it and analysed, it may be possible to recover information about the data being processed.
Is it practical?
TEMPEST could be a security issue as almost every organisations uses many electronic devices that process data. This list would include things such as computers, tablets, phone and even monitors and keyboards. Each of these devices could be vulnerable to being spied on remotely. In the past these “side channel” attacks have been used to recover encryption keys, exfiltrate data from an air gapped network and view images displayed on screens.
To understand this attack, we wanted to see it in action and understand what the limitations were. Once we had this information, we’d be better able to advise our clients.
During our testing with TempestSDR, we were able to pick up and view an LCD monitor’s display from a few inches away. This may not sound like much but this is with off the shelf hardware (we used a HackRF SDR) that costs less than £300.
As can be seen above, it was possible to view the LCD display remotely, however there were two main limitations. The first being image clarity. With the image we recovered, it was possible to make a guess as to which web page was visited or application was used but it was not possible to read text or make out details. The second limitation was due to range. With our equipment, it was only possible to recover an image from about an inch away from the display. Together, this would make this type of attack impractical for many situations however it is likely that both limitations could be slightly improved with better hardware.
Should you be worried about this type of attack? Well, like a lot of things in security – it depends. In our opinion, most companies should not worry too much about this type of attack. There are often easier ways to view an employee’s screens or for an attacker to gain the information they’re after.
Where we see this attack being useful is when highly classified or sensitive data is being processed. As it was not possible to view a crisp image, an attacker would also be required to spy on a device that had a UI that made it easy to determine which specific actions were performed. A candidate that comes to mind for this type of attack is electronic voting systems. Outside of this, although the attack is novel, it’s unlikely to be the way an organsation is compromised. We’ll continue this research to try and understand whether it is easier to recover keystrokes from touchscreen keyboards due to the way each key is highlighted on touch.
The best protection against TEMPEST attacks is to block the signal. This can be done by placing highly sensitive equipment in Faraday cages so signals can not escape. In our experiments, lower quality equipment tended to be “noisier” and so easier to pick up transmissions and so more “premium” equipment may help protect against this attack.
Data Exfiltration with Tempest
Another interesting use of TEMPEST is data exfiltration. In our experiments we were able to implant malware that would blink the monitor black and white. This would cause as AM signal to be generated as the display displayed each colour. By monitoring the change in amplitude of the captured signal, it was possible to convert the black and white flashes back into a stream of bits. Although this is a slow process, it was possible to successfully transmit our test string. It is likely possible to improve this technique by encoding bits differently. For example, a more complex modulation scheme could encode several bits in a single frequency allowing many more bits to be transmitted in one time.
Using a cheap RTLSDR (a cost of roughly £15) we were able to recover data at several inches. We believe this can be improved and will be a future research task.
If you’re interested in our research, keep an eye on our research blog or get in contact if you’re interested in our offensive or defensive security services.
M247 will be exhibiting at Tech Show North this year.
We are witnessing an unprecedented rate of adoption of Cloud Communication services. Projections estimate there will be over 7 million users in the UK by 2022*, more than doubling the market in 5 years.
But why are businesses so eager to make the move to Cloud Communication services and how can you scope out if VoIP technology is right for you?
In part this is due to the ease of deployment, access, upgrading and affordable monthly costs cloud services enable. Cloud Communications service like SIP Trunks, Hosted Telephony or Call Recording are delivered over VoIP (Voice over Internet Protocol) technology.
Compared to conventional telephone services, VoIP technology can lower your telephone bill significantly, quickly enabling use of different services to improve and future proof your business needs and user experiences.
Choosing the telephony system that is right for your business is a big step, but finding a Cloud Communications provider that is going to meet your company’s needs and provide quality support is just as important.
Here are 6 key points to consider when choosing a voice solution for your business;
1. Hosted vs Onsite Solutions
Both hosted and onsite telephony solutions use a Private Branch Exchange (PBX), this is the brains of a telephony system, both solutions offer unique advantages. A hosted solution is ideal for businesses with no pre-existing or has an aging PBX . Moving to a cloud solution negates high investment costs and monthly maintenance contracts. Your service provider provides, maintains and upgrades the PBX for you. Businesses can quickly and easily scale as needed and access new features at any time. All this whilst removing the need to purchase equipment. Alternatively, while an onsite system provides more control on your telecoms infrastructure, it requires a greater initial investment and on-going maintenance, it can age quickly and if new features are required a new PBX needs to be purchased along with maintenance contracts and if you have multiple sites you could potentially require a PBX for each site.
It is good to examine the total cost of ownership (TOC) for each system to discover which one is best suited for your business. A hosted telephony system requires low initial investment and no monthly maintenance costs. Alternatively, an onsite system requires high initial investment and ongoing monthly maintenance costs of PBX and line rental.
3. Quality of Service
Contrary to popular belief VoIP technology doesn’t require copious amount of bandwidth, it does however need to operate over an uncontended internet connection. Slow internet connectivity is the number one cause of poor voice quality and dropped calls, and can have serious implications on business communications. Best practice is to use your connectivity provider as your voice carrier, this ensures voice data is prioritised in real time. Should issues occur there is only one proverbial ‘Throat to Choke’. No calling different service providers all blaming each other for poor service. M247 is the UK’s fastest growing Internet connectivity and infrastructure provider that provides robust connectivity for your business growth. Great connectivity provides a great Cloud Communication experience. Our connectivity and voice solutions ensure that business calls are not hindered by poor connectivity as we can apply quality of service free of charge.
Growing businesses must be able to scale up or down quickly on an ‘as-needed-basis’ with services that can flex with your business needs without paying heavy prices. Onsite PBX often means costly upfront investments to add additional services. So before signing up, make sure this box has been ticked, and if you’re looking to make the move to multi-national, check your service provider has international capability, very few do!
Businesses can take advantage of Cloud Communication features that enable excellent security. Features such as controlling voice access by username and password, restricting the types of calls allowed on the network and centralizing administration can act as first measures for security. It also includes remote proactive 24/7 monitoring systems detecting unusual calling patterns and user behaviour, to protect your business and costs. This is something that doesn’t come as standard with an onsite solution.
6. Great Customer Service
Look for a supplier that provides hassle-free deployment, great reliability with near-zero downtime and excellent fix times. Check their customer support, as well as how easy it is to get in touch if you have trouble with your Cloud Voice solutions.
M247’s M-Communicate products and services can empower your business through increased flexibility, scalability and efficiency, with excellent pricing and service as a standard. Flexible Hosted Voice solutions with M247 starts from less than £7 a month, are fully flexible and won’t restrict your business. You can choose the level of service and features to suit each individual needs.
Find out more about our M-Communicate solutions. Call 0800 066 2739 and speak to our knowledgeable and helpful experts today.