Information Technology

Swept up in the ChatGPT craze like many others, a friend recently asked the generative AI platform who I was and to write up my personal profile.ChatGPT knew I was a journalist from Singapore who specializes in tech and that I was an old fart with more than 20 years of industry experience. Okay, it didn’t exactly say old fart, but it would have been accurate if it did.What ChatGPT didn’t get right was a bunch of pretty basic information that could easily have been found online. It shared incorrect dates of when I joined various media companies, even adding in publications I never wrote for. It listed incorrect job titles and gave me awards I never won.Interestingly, it pulled a list of articles I wrote from way back in 2018 and 2019 that were “particularly noteworthy and had a significant impact.” It didn’t explain how it assessed these for noteworthiness, but I personally didn’t think they were at all earth-shattering. What I thought would have made more sense were articles that generated a comparatively higher volume of shares or comments online, and trust me, some of the hate mail would have had a more significant impact than the ones the algorithm pulled. Also: The best AI chatbotsSo I would say my ChatGPT-powered profile is just about 25% accurate, though I wish this statement was true: “Eileen Yu is a respected and influential figure in Singapore’s media industry, known for her expertise in technology news and her commitment to journalistic excellence.” An old fart can indulge a little, can’t she?I suspect the inaccuracies are likely due to the lack of personal data ChatGPT was able to find online. Apart from the articles and commentaries I’ve written in the past, my online footprint is minimum. I’m not active on most social media platforms and intentionally so. I want to keep private information private as well as mitigate my online risk exposure.Call it a job hazard if you will, but my concerns about data security and privacy aren’t exactly unfounded. The less the internet knows, the harder it is to impersonate and the less there is to leak. Also: How to use Tor browser (and why you should)And with ChatGPT now driving even more interest in data, there should be deeper discussions about whether we need better safeguards in place.Cybersecurity threats and even breaches are now inevitable, and there are still too many that occur today due to unnecessary oversights. Old exploits are left unpatched and unused databases are left unsecured. Code changes are not properly tested before rollout and third-party suppliers are not properly audited for their security practices.More rigorous penalty framework neededIt begs the question of why companies today still aren’t doing what’s necessary to safeguard their customers’ data. Are there policies to ensure businesses collect only what they need? How often are companies assessed to ensure they meet basic security requirements? And when their negligence results in a breach, are penalties sufficiently severe to ensure such oversight never occurs again? Take the recent ruling on Eatigo International in Singapore, for instance, which found the restaurant booking platform had failed to implement reasonable security measures to protect a database that was breached. The affected system contained personal data of 2.76 million customers, with the details of 154 individuals surfacing on an online forum where they were offered for sale.In its ruling, the Personal Data Protection Commission (PDPC) said Eatigo had not put in place several safeguards, including not conducting a security review of the personal data held in the database. It also did not have a system in place to monitor the exfiltration of large data volumes and failed to maintain a personal data asset inventory or access logs. Furthermore, it was unable to establish how or when hackers gained access to the database. Also: These experts are racing to protect AI from hackers. Time is running out.For compromising the personal data of 2.76 million customers, including their names and passwords, Eatigo was fined a whopping… SG$62,400 ($46,942). That’s less than 3 cents for each affected customer. In determining the penalty, the Personal Data Protection Commission (PDPC) said it considered the organization’s financial situation, bearing in mind penalties should “avoid imposing a crushing burden or cause undue hardship” on the organization. The Commission did acknowledge a mere warning would be inappropriate in view of the “egregiousness” of the breach. I get that it’s pointless to impose penalties that will put a company out of business. However, there has to be at least some burden and due hardship, so organizations know there is a steep price to pay if they treat customer data so haphazardly. Exposing personal information can lead to potentially serious risks for customers. Identity theft, online harassment, and ransom demands, just to name a few. With consumers increasingly forced to give up personal data in exchange for access to products and services, businesses then should be compelled just as much to do what’s necessary to protect customer data and suffer the consequences when they fail to do so. Also: Best browsers for privacy and secure web browsingSingapore last October increased the maximum financial penalty the PDPC can impose to 10% of the company’s annual turnover if its annual turnover exceeds $10 million. This figure is $1 million for any other case.I would suggest regulations go further and apply a tiered penalty framework that increases if the compromised data is deemed to carry more severe risks to the victims. Health-related information, for instance, should be categorized under the topmost critical category, resulting in the highest financial penalty if this data is breached. Basic user profile information such as name and email can be tagged as Category 1, which carries the least — but not necessarily low — amount of financial penalty if breached. More personally identifiable information such as addresses, phone numbers, and dates of birth can fall under Category 2, with the corresponding higher penalty. A tiered system will push companies to put more thought into the types of data they make customers hand over just to access their services. More importantly, it will discourage businesses from collecting and storing more than is necessary. Also: The best VPN servicesThe Australian Information and Privacy Commissioner Angelene Falk, for one, has repeatedly underscored the need for organizations to take appropriate and proactive steps to protect against cyber threats. “This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed,” Falk said in a statement early this month. “As personal information becomes increasingly available to malicious actors through breaches, the likelihood of other attacks, such as targeted social engineering, impersonation fraud, and scams, can increase. Organizations need to be on the front foot and have robust controls, such as fraud detection processes, in place to minimize the risk of further harm to individuals.”Following a spate of large-scale data breaches that took place in 2022, the Australian government in November passed legislation to increase financial penalties for data privacy violators. Maximum fines for serious and repeated breaches were pushed from AU$2.22 million to AU$50 million or 30% of the company’s adjusted turnover for the relevant period. When businesses are recalcitrant, the most effective way to make them listen is to hit ’em where it hurts most — their pockets. And in this emerging era of AI where data shines even brighter in glistening gold, companies will be digging more fervently than ever. They should then be made to pay back in kind when they lose it. RELATED COVERAGE More

The next step is to pair your phone with Windows, a process that differs between an iPhone and an Android device. iPhoneTo pair your iPhone in Windows 10, go to Settings > Devices > Bluetooth & other devices and click Add Bluetooth or other device. Select Bluetooth, and your computer will search for nearby devices.The iPhone pairing process is basically the same in Windows 11. Go to Settings > Bluetooth & devices on your computer and click the Add device button. Select Bluetooth from the popup window.Android To pair your Android phone with Windows 10, go to Settings > Devices > Bluetooth & other devices on your PC and click Add Bluetooth or other device. Select Bluetooth, and your computer will search for nearby devices. On your Android phone, go to Settings and look for a category called Connections or Connected Devices. Tap the button for Pair new device.Also: How to link your Android phone to your Windows 11 PCThe name of your Android phone should then appear in the list. Click its name to start the pairing. A PIN pops up. Tap OK on your phone and Connect on your PC to connect the two. Your phone appears in the list of items paired with your PC.To pair your Android device with Windows 11, go to Settings > Bluetooth & devices on your PC, click Add device, and select Bluetooth. On your Android phone, go to Settings and then Connections or Connected Devices. Also: How to uninstall Windows 11 on your PC Tap the button for Pair new device. Select your Android phone in the list to pair it with your PC. After the PIN pops up, tap OK on your phone and Connect on your PC to pair the two.  More

Jason Cipriani/ZDNET Apple on Monday released software updates for its hardware lineup. The updates include new features, such as new emojis, along with overall performance improvements and bug fixes. More specifically, Apple released iOS 16.4, iPadOS 16.4, MacOS 13.3, WatchOS 9.4, tvOS 16.4, and HomePod software version 16.4.  Perhaps most importantly, there’s a long list […] More

Sakorn Sukkasemsakorn/Getty Images I get this question a lot: Should I use a password manager? The answer is simple… yes. But no matter how often I give that advice, many ignore it and continue using their browser’s built-in password manager. I get that, as using the browser password manager is convenient and doesn’t require that […] More

Believing they will not encounter cybersecurity incidents, small and midsize businesses (SMBs) do not see a need for cyber insurance. Among 39% of SMBs in Singapore that are not considering or remain undecided about getting protection against cyber risks, half say it is because they are unlikely to experience cybersecurity or cybercrime issues. Another 54% say they do not store sensitive or personal data online and, hence, do not see a need for cyber insurance. These findings were from a study commissioned by insurer QBE Insurance Group in Singapore and conducted by Creative Way Consultants, which polled 416 decision-makers from local SMBs. The annual survey was carried out last quarter. Amid the apparent lack of enthusiasm for cyber insurance, though, 97% said they were aware of potential cyber risks to their business. Some 21% expressed concerns about data protection and security, with 38% admitting to being affected by cyber incidents last year, up from 26% in 2021. About 9% of respondents said they operated without any process or insurance against cyber risks, the study found. Digital transformation, though, remained of great interest, with 66% of SMBs embarking on digitalisation efforts over the past year. Another 34% said they would continue to invest in digital technologies to reach more customers, while 32% would do so to grow their business and 32% would digitalise for higher productivity. With their smaller pockets, it should come as no surprise that 29% of SMBs cited high cost of investment as a barrier in their digitalisation efforts. Some 27% pointed to a lack of financing, while 24% pointed to a lack of digital skills as a barrier. A further 23% saw potential business disruptions as a barrier, while 21% highlighted complexities in digital technologies. Another 21% saw the need to ensure data protection and security as a barrier to digital transformation. SMBs are hot targets of cybercrimes in Singapore, where these businesses account for the bulk of victims impacted by ransomware attacks. In particular, SMBs from sectors such as manufacturing and IT accounted for the bulk of reported ransomware cases in 2021. According to a study last year by Coleman Parkes, Singapore enterprises had to deal with 54 cybersecurity incidents on average each day, with 39% managing 50 to 200 such incidents a day. Some 62% said they were struggling to keep up with the evolving threat landscape. A report from Trend Micro last week estimated that Asia-Pacific experienced the most ransomware attacks last year, with 38.06% of such attacks targeted at the region. Some 18.9% of ransomware victims in Asia-Pacific chose to pay up, compared to the global average of 10% and 11.1% in Europe, which had the lowest ransomware payment rate. Of 14 billion threats it blocked in Asia last year, Trend Micro said more than 1 billion were in Singapore alone. Mobile security issues ranked the highest in Asia. RELATED COVERAGE More

ZDNET A while ago I wrote a piece on the best way to ensure your privacy with a web browser. A part of that advice was to use the Tor browser. In simplest terms, you cannot get more privacy and security from a web browser than when using Tor.  Also: The best browsers for privacy […] More

Getty Images/Tim Robberts As an avid tech user, I’m normally juggling multiple iPhones and several Android smartphones simultaneously. Despite managing so many devices, I find them highly reliable. The stability of PCs, laptops, smartphones, and tablets today is significantly better than it was a decade ago. In fact, I can’t recall the last time one […] More

Despite the number of high profile data breaches in recent years, Singapore employees apparently are scratching their heads over what it means to have a security culture. Just one third of IT decision makers in the Asian nation understood what constituted having a “security culture”, while 53% of employees admitted to never coming across the term, according to research commissioned by security training provider KnowBe4. Conducted by YouGov over a fortnight last December, the online survey polled 1,009 office workers and 214 IT decision makers in Singapore. Some 15% of IT decision makers also had never heard of security culture. Amongst 85% of those who recognised it, 73% knew what it actually meant.And amongst the senior IT executives who understood what it meant, 6% did not believe their organisation needed a security culture. Another 14% said their organisation had such practices in place, but did not know how to successfully attain a security culture.Asked to define what it meant, 79% of IT decision makers who knew the term pointed to an awareness of security issues, while 71% described it as recognition that security was a shared responsibility across the organisation. Another 57% pointed to compliance with security polices and 47% described as having security embedded into the corporate culture. Amongst employees, 30% noted that their organisation had not communicated about security culture and 53% had never heard of the term. Some 30% said their company had discussed security culture, though, a lower 23% said they were clear about what it meant and their role.Another 23% of employees expressed reluctance in approaching their IT team with security-related questions, with 17% describing it as a hassle to do so. KnowBe5’s Asia-Pacific security awareness advocate Jacqueline Jayne said: “How employees perceive their role is a critical factor in sustaining or endangering the security of the organisation… What they learn and how they incorporate into everyday behaviours and attitudes is completely transferable into their personal lives and will protect their own data.””The phrase ‘security culture’ is beginning to find its way into the lexicon of IT leaders, but there is a problem–IT decision makers have vastly different definitions of security culture, which makes it almost impossible to measure and work towards,” Jayne said. Citing her company’s definition of security culture as “ideas, customs, and social behaviours that influence an organisation’s security”, she added that having a standard definition better enabled discussions around it. “We all know that if you do not measure something, that something does not exist.”The findings come amidst calls from the Singapore government for its citizens to take responsibility for their own cyber hygiene, so they can better safeguard their devices and not end up putting entire systems at risk. The government in October set up a task force to develop policies and capabilities to combat ransomware attacks, a growing concern for local businesses, and laid out its cyber defence strategy to help individuals arm up on cyber awareness.Singapore saw a 25.2% climb in scams and cybercrimes last year, hitting 33,669 in reported cases, up from 26,886 in 2021. Scams accounted for the bulk, cheating victims of SG$660.7 million ($501.9 million), a 4.5% increase from SG$632 million in 2021. Phishing, e-commerce, and investment scams were amongst the top five most common tactics used against victims, making up 82.5% of the top 10 types of scams last year. Phishing cases topped the list, with 7,097 reported cases in 2022, up 41.3% from 2021. RELATED COVERAGE More