Month: October 2017

Government Internet Safety Strategy Aims to Make UK the Safest Place to be Online

This week, the UK government’s Culture Secretary Karen Bradley announced the publication of a new green paper outlining the government’s Internet Safety Strategy, saying the aim is to make the UK the safest place to be online.

The Internet Safety Strategy outlines the awareness campaign that the government is taking to prevent cyber-bullying, trolling and the accessing of pornography by minors. The government has come under increasing pressure in recent years to take decisive action to curb the growing problem of online abuse and harm to minors from accessing age-inappropriate websites.

In a recent press release announcing the new Internet Safety Strategy, Bradley said “In the past year, almost one fifth of 12-15-year olds encountered something online that they ‘found worrying or nasty in some way’ and 64% of 13-17-year olds have seen images or videos offensive to a particular group.” The problem is not confined to minors. Adults too have been offended or upset by material they have viewed on social media sites, and the new strategy will also help to keep adults safe and protected online.

The aim of the new proposals is not censorship of the Internet – the UK government continues “to embrace the huge benefits and opportunities the Internet has brought for British citizens.” The aimof the government’s Internet Safety Strategy is simply to make the Internet a safer place and prevent harm to vulnerable people, especially children.

Bradley said, “Behaviour that is unacceptable in real life is unacceptable on a computer screen. We need an approach to the Internet that protects everyone without restricting growth and innovation in the digital economy.”

The Internet Safety Strategy tackles a range of online issues using several different methods – a combination of improved efforts to educate children and the public about online dangers and acceptable online conduct, social media advice, the promotion of safety features for parents to use to protect their children, and the use of Internet filtering in schools.

Some of the key elements in the Internet Safety Strategy are:

  • Developing a new social media code of practice to address bullying, intimidating, or humiliating online content
  • An industry-wide levy so social media companies and communication service providers contribute to raise awareness and counter internet harms​
  • The publication of an annual Internet safety transparency report detailing the progress made at reducing abusive and harmful content and conduct
  • Providing support for start-ups and tech companies to help them build safety features into their products and apps at the design stage
  • Compulsory new subjects in schools: Relationship education at the primary school level and relationship & sex education at secondary level
  • Encouraging social media companies to provide social media safety advice to parents and build that advice into their platforms
  • Promoting the use of social media and Internet safety features by parents
  • Changing the name of the UK Council for Child Internet Safety to the UK Council for Internet Safety, to show the safety of all Internet users is of concern

In the new green paper, the Keeping Children Safe in Education (KCSIE) guidance is highlighted. The guidance details the steps that schools and colleges in England should take to protect students and keep them safe online. The guidance was updated in September last year to include a new section on safeguarding children online. Schools were reminded of their responsibility to prevent children from accessing harmful and inappropriate website content, explaining Internet filtering in schools is a requirement. Solutions that allow Internet filtering in schools should block inappropriate content and also allow the monitoring of the attempted access of inappropriate material.

The use of similar controls by parents is being encouraged, first by making sure the options are available – the big four ISPs in the UK all offer Internet content filtering controls – and to improve education on the need to implement content filtering solutions to protect children at home.

Vicki Shotbolt, Chief Executive Officer at Parent Zone – an organization set up to provide expert information to families, schools and family professionals on the Internet safety – said, “It is encouraging to see the government proposing concrete steps to ensure that industry is doing everything they can to support families and make the Internet a place that contributes to children flourishing.”

WRC Upholds Decision to Terminate Employee for Accessing Porn at Work

A Social Community Partnership in Ireland that terminated an employee for accessing porn at work was sued for unfair dismissal; however, the Workplace Relations Commission (WRC) in Dublin upheld the decision of the company to terminate the employee, which was deemed to be the appropriate sanction under the circumstances.

The viewing of any pornographic material in the workplace is unacceptable, but for a Social Community Partnership that provides services to children and families, it is especially important to take action when employees access obscene material – In this case the webpages depicted rape, the abduction of girls, and non-consensual sex.

A statement released by the unnamed Social Community Partnership read, “[The worker’s] actions go against the grain of the organization, but has the potential to put at risk the company’s funding relationship with Government services.”

The accessing of inappropriate material was discovered during a review of the computers used by receptionists at the Partnership. That review revealed pornographic material had been accessed on a reception computer on seven occasions between September 30th and November 26th, 2015. The material was accessed between 1.28pm and 16.40pm, and while multiple employees had access to the computer, on three of the occasions, the terminated employee was the only member of staff working in the reception area.

Once that was confirmed in May 2016, the employee’s contract was terminated for gross misconduct. The employee appealed the decision internally, claiming the allegations were incorrect. She denied accessing porn at work and claimed she was not the only person to have access to the computer. Two other receptionists were employed at the firm and could have accessed the material. When the appeal was rejected, the employee sued the firm for unfair dismissal.

An independent IT consultant was brought in to conduct a scan of the computer to confirm that a malware infection was not present, which could theoretically have been responsible for the sites being accessed. The woman maintained there was no evidence against her and popups could have explained the accessing of the material. She also said other employees could have accessed the computers in the reception area, which did not require the use of secure passwords.

The WRC ruled that, on the balance of probability, the employee did access pornographic material, and the decision to terminate the employee was correct. The woman has been unable to find further work in the field, despite her 18 years’ experience, due to the nature of her dismissal.

Employees Accessing Porn at Work Is a Widespread Problem

The accessing of pornography at work is widespread, global problem – and one that acceptable Internet usage policies do not prevent.

A 2013 report from the UK government found computers in parliament were used to make an average of 800 visits to pornographic websites per day – more than 300,000 attempts were made over the period of study.

A 2014 survey by Proven Men Ministries found nearly two third of men (63%) and one third of women (36%) admitted accessing pornography at work, while a 2015 poll conducted by The Sun newspaper in the UK found 15% of women in the UK watch pornography at work.

In the United States, a Harris Poll in 2011 found 3% of Americans watch porn at work, with an earlier study by The Nielsen Company placing the figure at around 28%.

While there is some variation between the studies, it is clear that the accessing of pornography at work is a widespread problem, responsible for a significant loss of productivity, the creation of a hostile work environment, and many HR issues.

Companies Can Easily Avoid Pornography-Related HR Issues

Even though acceptable Internet usage policies are developed, and employees have to confirm that those policies have been read and understood, many employees still access porn at work. Some employees simply disregard those policies, others mistakenly believe they will not be found out.

For the company, accessing porn at work causes major HR issues. Complaints are often made by other employees who have caught a glimpse of the material, a hostile work environment can develop, HR departments have to take disciplinary action, and recruit and train replacement employees – all of which are a drain on productivity and result in many lost man hours.

As this case shows, these incidents can result in bad publicity, potentially loss of funding, and legal costs from fighting lawsuits.

However, all of these problems are easy to avoid. Companies can simply block adult website content with a web filter. A web filter allows firms to enforce acceptable Internet usage policies and prevent obscene or otherwise inappropriate material from being accessed by employees.

The Social Community Partnership would have been able to avoid all the bad publicity and paying to fight the unfair dismissal claim if a web filtering solution been put in place to enforce acceptable Internet usage policies.

If you have yet to start filtering the Internet, and are not blocking pornography and other inappropriate material from being accessed in the workplace, contact TitanHQ today and ask about WebTitan – The leading web filtering solution for enterprises.

Dark Overlord Cyberattacks on Schools See Threats Escalate

The healthcare industry has been extensively targeted, and now Dark Overlord cyberattacks on schools have soared – The education sector is now being targeted.

The cyberattacks on healthcare institutions included threats to publish data. Those threats were often ignored, resulting in sensitive data being dumped online. While such data dumps are damaging to healthcare organizations and their patients, many attacked institutions followed the advice of the FBI and chose not to give in to the mafia-style extortion tactics.

The recent Dark Overlord cyberattacks on schools have been different. Educational institutions have not only been hacked and had sensitive data stolen, the hacking group has escalated its threats. Additionally, rather than just sending threats to the schools, parents of some of the children whose data were stolen have also been contacted by text. The aim is clear. To put pressure on schools to pay up.

The latest wave Dark Overlord cyberattacks on schools have been spread across the country. Schools in Alabama, Iowa, Montana, and Texas have all been attacked in recent weeks. The attacks have followed a similar pattern to the attacks on healthcare organizations, Gorilla Glue, and Netflix. Sensitive data have been stolen, a payment was demanded, and a threat issued to publish the data online if the payment was not made.

Payment of a ransom does not guarantee data will not be released. The latest episode of Orange is the New Black was stolen and Netflix was threatened. A $50,000 ransom was paid, but the episode was still released – It was claimed this was for contacting the FBI.

The latest attacks have got more personal. The Dark Overlord cyberattacks on schools have seen parents of children sent personalized text messages threatening violence against their children. One of those messages included the address of the family with the message “your child is still so innocent. Don’t have anyone look outside.” The Des Moines Register reported that one parent responded to the message telling the sender of the messages to stop and was told, “we are just getting started.” Other text messages threatened to kill kids at the school resulting in the school closing for a day as a precaution.

In the case of the cyberattack on Johnston Community School District in Iowa, data was dumped online. TDO allegedly said the data would help child predators.

The attack on Montana’s Columbia Falls School district was accompanied by a 7-page letter, in which Sandy Hook was referenced. Threats were issued about publishing grades, sensitive behavioral reports, details of ‘shoddy student work’, nurse reports, and private health information. While various methods of payment were offered, a ransom payment of $150,000 was demanded in Bitcoin. In exchange, TDO said all stolen data would be deleted.

Similar attacks have occurred at Alabama’s Crenshaw County Schools District and Splendora School District in Texas. The escalation in the threats was reportedly in response to the FBI telling breach victims not to respond to the messages and not to pay the ransom demands.

While these Dark Overlord cyberattacks on schools follow a similar pattern to other attacks, there are notable differences, raising the prospect that some of the attacks were performed by other hackers piggybacking on the name.

Regardless of who is conducting the attacks, the message to schools – and all other organizations – is clear. Make sure your networks are well defended. Implement layered cybersecurity defenses, patch promptly, and consider using encryption for all stored data.

One of the ways that attacks can be blocked is by preventing end users from visiting websites where malware is downloaded or credentials are stolen. Malware and credentials give attackers the foothold they need to conduct their attacks. A web filtering solution will block access to these known malicious websites automatically. It is also essential to implement a spam filtering solution, as malware is commonly delivered via email. An effective spam filter will also prevent phishing emails from being delivered to end users.

If you want to improve the cybersecurity defenses at your educational institution, give the TitanHQ team a call today and enquire about implementing an improved spam and web filtering solutions. Help will be provided getting you set up for a free trial of TitanHQ’s award-winning email and web security solutions that can be protecting your network, devices, and end users in minutes.

How Acceptable Internet Usage Policies for Libraries Often Fail

Libraries are places of open learning where the Internet can be freely accessed. Acceptable internet usage policies for libraries are usually developed, but many libraries do not go as far as restricting access to certain types of Internet content. That means acceptable Internet usage policies for libraries can be easily abused. Library computers can be used for highly illegal activities and there is little to prevent minors from coming to harm.

The Importance of Free and Open Internet Access in Libraries

The provision of open access to the Internet in libraries is understandable. Libraries are places of learning where the public can gain access to information of all types. Even if information is highly controversial and causes offense to some individuals, that does not mean access to the information should be blocked.

When Charles Darwin published the Origin of Species it was hugely controversial, but it would be difficult to argue the book has no place in a library.  In order for people to understand and debate Darwin’s views, they need access to his book.

Access to the Internet is now provided in most libraries. For many individuals, libraries are the only places where the Internet can be accessed freely. Children especially may be unable to access the Internet at home and view important educational information without fear of reprisals – viewing information on LGBTI issues for example or information on sex education.

Many libraries, as places of open learning, are reluctant to place any restrictions on Internet access, instead acceptable internet usage policies for libraries are used to lay down the rules on the content that is permitted and prohibited.

Typical Acceptable Internet Usage Policies for Libraries

When acceptable internet usage policies for libraries are used, they usually state that while access to website content is not blocked, library computers should not be used to access illegal web content – content such as child pornography, which is illegal in all forms.

Acceptable Internet usage policies for libraries often reference the Children’s Internet Protection Act (CIPA), which requires schools and libraries to implement controls to prevent the accessing of imagery that could be harmful to minors – pornography, child abuse, child pornography, and other potentially harmful imagery. However, schools and libraries are only required to comply with CIPA if they receive certain state or government funding. Many libraries would be reluctant to block adult pornography, because it is not illegal and would not do so if they are not required to do so by CIPA.

While acceptable internet usage policies for libraries are important for laying down the rules, not all library patrons read those policies or adhere to them.  The policies will do nothing to prevent illegal content from being accessed and minors will not be prevented from accessing potentially harmful images.

Where Acceptable Internet Usage Policies for Libraries Fail

There have been numerous complaints made by members of the public in recent years of cases of patrons using library computers to access pornography, in full view of other library patrons. The past few days have seen another example covered by the media of where the use of acceptable internet usage policies for libraries has failed.

The latest compliant was made about College Terrace Library in Palo Alto, CA. The library has an acceptable Internet usage policy but does not filter the Internet in any way.  The policy states “Libraries and librarians should not deny or limit access to electronic information because of its allegedly controversial content or because of the librarian’s personal beliefs or fear of confrontation.”

The complaint in question, which has led to a police investigation, concerns the actions of one of the library’s patrons, who was seen accessing images of child pornography on a library computer in full view of other patrons. That individual’s actions were illegal and contravened library AUPs, yet it was still possible for that information to be accessed.

Free and Open Internet Access in Libraries, With Certain Restrictions?

The incident shows how the decision not to impose any restrictions on Internet access has potential to cause harm to library patrons, many of whom will be minors. Acceptable internet usage policies for libraries can be ineffective; however, the use of Internet filtering software can solve this problem.

The purpose of Internet filtering software in libraries is not to limit free speech, or even police Internet as such. The aim is to protect minors and to prevent extremely harmful illegal content from being accessed by some individuals to protect all library patrons.

The American Library Association (ALA) is against filtering of Internet content in libraries. The ALA even filed a lawsuit claiming CIPA was unconstitutional and violated the first amendment rights of consumers. The ALA argued that the Internet was a public forum, and as such required strict scrutiny, but that Internet filtering technology would result in overblocking of website content. A lower court agreed, but the case was taken to the Supreme Court which ruled that public-forum principles were not applicable as the Internet is not a traditional public forum. The Court also ruled that even if there was overblocking of website content, librarians could easily disable the filtering for certain individuals or unblock sites that had been caught by the filters and that this would result in only a minimum burden on librarians. The Supreme Court also ruled that CIPA was constitutional.

While the use of Internet filters used to result in overblocking of content, today that is less of an issue. Categorization of websites is now far better and more reliable. Internet filtering software has improved considerably in the past 15 years.

Why a Content Filter for Libraries Should be Implemented

Libraries are places of learning and should provide open access to the Internet, but they are not places where it should be possible to view child pornography. Libraries have a responsibility to protect patrons from viewing such material, and other harmful website content such as phishing websites.

They should also be using content filters to prevent the downloading of malware and ransomware. In January this year, libraries in St. Louis had their computers taken out of action as the result of a ransomware download. That attack not only prevented Internet access for days, but it took out the system used to log borrowed and returned books. Patrons of 16 libraries in Missouri were prevented from borrowing books. The library had to wipe its system and rebuild it from scratch, a process that took weeks.

Provided content filtering software is used wisely, and mechanisms are introduced to allow the content filter to be lifted on sites that are not illegal or do not contravene acceptable internet usage policies for libraries, they should be applied to ensure that illegal website content cannot be accessed, systems are protected, and patrons are prevented from coming to harm.

Internet content filters can be used to block sites known to host illegal content such as images of child abuse and child pornography, and sites that have been shown to be used for phishing or to deliver malware. Blacklists for these sites are maintained by several organizations.

Internet content filtering ensures the public are prevented from engaging in illegal activity and are protected from phishing attacks. Those controls to not contravene Americans’ first amendment rights.

If you are a librarian and are interested in blocking illegal content but keeping Internet access open, or if you wish to apply for grants, funding, or discounts and must comply with CIPA, contact TitanHQ today to find out more about your Internet content filtering options.