Saturday, June 3, 2023

Here’s how we can save urban life after coronavirus


The COVID-19 pandemic restrictions have reminded us of the vital role public space plays in supporting our physical and mental well-being. We need to move, to feel sunlight and fresh air, and to see, talk and even sing to other people.

Lockdowns and “social distancing” have limited our participation in public life and public space. As a result, cities around the world are reporting declines in health and well-being. We are seeing increases in depression, domestic violence, relationship breakdowns and divorces.

What about the well-being of our cities? Avoiding walking and public transport in favour of cars could kill cities.

The trajectory of the pandemic suggests physical distancing could remain in place for some time. The subtle “step and slide” that people ordinarily use to negotiate their way through crowded urban spaces has given way to the very blunt act of “stop and cross”, as people try to avoid one another on footpaths that are too narrow.

We need to act swiftly to retrofit our public spaces so they are both safe and support social activity. Our goal must be to avoid a long-term legacy where people fear cities and other people. This is where approaches known as temporary and tactical urbanism come in as a way to quickly reconfigure public spaces to create places that are both safe and social.

As COVID-19’s impacts on public life become more evident, so has the abundance of street space left vacant by the substantial drop in vehicle traffic. Recognising this opportunity, cities around the world have begun repurposing street spaces for people.

A global public space revolution?

Leading urban theorists, such as Jane Jacobs and Richard Sennett, have long argued that social interaction is the lifeblood of cities. The COVID-19 pandemic can be seen as an attack on urbanity itself.

But social/physical distancing should not preclude social interaction. Major cities around the world are responding by reclaiming street spaces for people to safely walk and cycle. They are acting quickly, because the need to increase public space for people is more urgent than ever.

How can this be done? After all, urban design proposals usually take months or years to realise. Tactical urbanism approaches overcome this by drawing on a palette of low-cost, widely available and flexible materials, objects and structures to quickly create new forms of public space.

In London, Berlin, Bogota, Philadelphia, Minneapolis, Vancouver, Mexico City and Milan, paint and traffic cones are being used to create bike lanes. In Dublin, parking spaces and loading bays are being reclaimed in the city centre to provide more space for pedestrians. At a national level, New Zealand has created a tactical urbanism fund for emergency bike lanes and footpath widening.

So what’s happening in Australia? Not much at present. Yet we face the same problems, prompting calls for urgent action to reclaim public space for walking and cycling.

Despite this, there has been little examination of locally specific design and implementation approaches that can rapidly deliver the urban spaces people need right now.

Making it happen

Temporary and tactical urbanism isn’t new to Australia. We’ve been doing it since the 1980s when Melbourne’s Swanston Street was transformed into a green oasis overnight. This helped to reimagine the city centre as a place designed for people, which shaped its long-term social and economic regeneration.

This, and other more recent projects, have proven temporary and tactical urbanism adds value beyond physical activity and social interaction. Successful schemes can increase the vitality of streets and neighbourhoods, engage local communities and enhance a local sense of place.

Social enterprises and community groups are well placed to deliver such projects, because of their enthusiasm, agility and local networks. Governments also have a crucial role in enabling other actors and maximising public benefits. Every weekday between midday and 2pm, the City of Melbourne temporarily closes Little Collins Street between Swanston and Elizabeth streets with a removable bollard, giving over the street to pedestrians – it’s that easy!

Our cities’ urban spaces are full of such potential for greater flexibility, experimentation and innovation. For example, on-street parking can easily be converted into spaces for socialising and outdoor dining. A vacant space can become an outdoor cinema.

Temporary or permanent?

The COVID-19 pandemic and its associated restrictions have created an epic social experiment on a global scale. We argue that urbanity itself is at stake. What will cities be without the social interactions that enable us to exchange ideas, opinions, values and knowledge?

Can we afford to go back to the cities designed for cars that we have spent decades reshaping for people? If we don’t act now, the social life of cities that sustains our economy, creativity and culture is at risk.

We need to counter the social impacts of COVID-19 by experimenting at the micro scale of public space. Temporary and tactical urbanism offers simple, low-cost and agile solutions. We should act quickly to make streets safe and sociable during this crisis. The long-term health of people and cities depends on it.

  • Jonathan Daly is a Researcher at the School of Architecture and Urban Design, RMIT University. This article was originally published on TheConversation.

The Covid lockdown forces a rethink of ‘screen time’


“How would we have coped before the internet?” is a quandary likely posed by someone you know.

Beyond being a whimsical hypothetical, this question is relevant at a time when the digital age is ridiculed as the end of social skills as we know them. COVID-19 has seen society pivot, almost overnight, from real-world interactions to the online space.

We have gone from mingling with colleagues, classmates and friends to being told to move our social interactions safely behind a webcam and sanitised keyboard. Internet providers and servers around the globe are being pushed to the limit as kitchen tables become boardrooms and laps become school desks.

Thus, it is cause to reframe our views on screen time – an activity that consumes, now more than ever, a significant proportion of our day.

COVID-19’s impact on screen time

With more than 90% of Australians having a smartphone, our often pilloried devices are now more essential to daily life than ever. As people fulfil their civic duty by staying home, platforms and internet providers are facing an unprecedented surge in online activity.

Australia’s National Broadband Network (NBN) has seen a daytime usage increase of 70-80%, compared to figures in February.

Demand for streaming sites across the globe has intensified, with Amazon and Netflix having to reduce video quality in some countries to handle the strain.

In March, Zoom knocked Facebook and Netflix down the Apple and Google mobile app store rankings in the US, as people sought video chat options.

Social media and video/online gaming are also flourishing.

If we’re to take anything away from the significant increase in screen time caused by this pandemic, it is that human connection in the digital age comes in many forms.

Think of screen time as calories

We must acknowledge the umbrella term “screen time” can denote both positive and negative interactions with technology.

Think of screen time as consuming calories. All humans require calories to function. This unit of energy provides nutritional information relating to the contents of a food item, such as chocolate bar, or a carrot.

Whereas both foods contain calories, we know the carrot is a healthier source. While professionals might offer advice about which provides the most beneficial nutrition, the individual should still have agency over what they consume.

Similarly, people should be able to choose to partake in online activities not normally deemed “productive” – but which may help them through their day. Like calories, screen time is about moderation, making responsible choices and exercising self-control.

Lockdown and locked screens

Just as there are good and bad calories, so too exist good and bad examples of screen time. It is therefore not helpful to use the overarching term “screen time” when discussing how technology use should be moderated.

An hour spent researching for an assignment is not tantamount to an hour spent watching cat videos, as the former is contributing to learning.

Also, an hour on social media chatting with friends is productive if it allows you to socialise at a time when important social interactions can’t otherwise take place (such as during lockdown). In this way, the current pandemic is not only helping shift our views on screen time – but has subtly rewritten them, too.

Screen time does not necessarily need to be objectively “beneficial”, nor does it need to have arbitrary time limits associated with it to prevent it from being detrimental.

Appropriate use is contextual. This fact should determine how parents, teachers and policymakers moderate its use, as opposed to mandating a certain number of hours per day, and not specifying how these hours should be spent.

We must steer clear of blanket statements when it comes to critiquing screen time. Our digital diets vary significantly, just as our real diets do. Consequently, screen time should be approached with a level of flexibility.

Fear fuels stigma

Some of the derision and concern associated with time spent on digital devices can be attributed to a fear of the new.

Swiss scientist Conrad Gessner was among the first to raise alarm over information overload, claiming an overabundance of data was “confusing and harmful” to the mind. If you’re not familiar with Gessner’s theory, it may be because he exclaimed it back in 1565, in response to the printing press.

Gessner’s warnings referred to the seemingly unmanageable flood of information unleashed by Johannes Gutenberg’s contraption. Fear of the new has permeated the debate on emerging technologies for generations.

And Gessner is not alone. From the New York Times warning in the late 1800s the telephone would invade our privacy, to concerns in the 1970s the rapid pacing of children’s shows such as Sesame Street led to distractibility – it is inherent human behaviour to be cautious about what we don’t fully understand.

Yet, many of these proclamations seem almost absurd in retrospect. What will later generations look back upon as statements fuelled by paranoia and fear, just because a new technology had disrupted the status quo?

  • Karl Sebire is a specialist researcher at the University of New England.

10 myth busters for SMB cybersecurity


Our newest Cybersecurity Series report Big Security in a Small Business World looks into how small to medium-sized organizations are embracing cybersecurity to grow their businesses.

We’re releasing this report during a challenging time in our lives. We know and understand SMBs across the world are facing unprecedented challenges in their operations. With all that you’re now faced with, how do you know what to focus on to stay secure? How do you protect your organization from attacks if you’re operating with fewer people?

In this report we explore and debunk 10 myths that exist around cybersecurity for smaller businesses. Spoiler alert: SMBs are more than holding their own.

The security industry has often been unjustly harsh towards small and medium businesses when it comes to recognizing how well you prioritize cybersecurity. This report – based on a survey of almost 500 SMBs (defined here as organizations with 250-499 employees) – reveals that not only do you take security very seriously, but that your innovative and entrepreneurial approach to security is also paying dividends.

It’s time to bust some myths about the way in which SMBs are using their cybersecurity resources. Here are some highlights of what the study revealed:

Myth: SMB leadership doesn’t take security and data privacy seriously.

With data taken from three survey questions about data privacy, cybersecurity awareness programs, and executive buy-in for security from the top, we prove this myth not to be the case. Executive leadership is informed and engaged.

Myth: SMBs face different threats than larger businesses.

We compared the types of attacks that SMBs and large enterprises reported they’ve experienced in the past year. We’ve also compared how much downtime (loss of business hours) the attacks caused. The results proved interesting. Many, such as ransomware, don’t discriminate by size of business. Threats affect organizations indiscriminately, no matter what their size.

Myth: Smaller businesses don’t test their incident response plans with drills/exercises.

Tabletop exercises and drills keep a team in fighting shape. The largest percentage (45%) of SMBs run exercises every six months. With leadership concerned about threats, and with threats affecting us all, organizations are regularly practicing incident response.

In addition to these and other myths, throughout the report are insights from those who are responsible for strategies and approaches to cybersecurity within their SMB. For example:

“As a small business, we need as much information from as few systems as possible to maximize efficiency. Our cloud-based security solution has proven to be a crucial system for operating our entire infrastructure. It’s not only important for securing the assets, it also provides instant access to machine information, user environments,
and reporting to assist with help desk troubleshooting. This eliminates the need for a separate software system. We’re constantly able to learn and adapt by operating this way.”Alan Zaccario, Vice President, Information Technology and Cybersecurity, New Castle Hotels and Resort.

Finally, we round out the report from where SMBs are to where they can go; specifically, the need to simplify security and guidance on maintaining security in the shift to a remote workforce.

Make security as simple as possible but no simpler has long been a guideline. But finding data to support the efficacy of fewer vendors has been hard to come by. In this study, the more vendors our SMB survey respondents used clearly translated into longer reported downtime from their most severe breach. This ranged from an average of four hours using one vendor, to an average of more than 17 hours using 50+ vendors. This is compelling data in support of the vendor consolidation trend.

A more pressing concern for many is adapting to a remote work posture. Taking into account this new reality, you need a strategy to secure offsite employees and devices while supporting the flexibility and responsiveness SMBs are known for. The concluding section of the report provides information for navigating these challenges within the context of what we now know about SMB security. This is practical guidance you can put in place immediately.

The nature of an SMB is that life inside your organization is exhilarating, meaningful, personal, and yes, oftentimes tough. This report puts the spotlight on what cybersecurity tactics are working for a surveyed sample of smaller businesses, and what impact they’re having on streamlining operations. Armed with this information, you can focus on what matters most – securing and growing your business.

To access the report, head to Big Security in a Small Business World.

How Apple and Google use your phone to fight Covid-19


On April 10, Apple and Google announced a coronavirus exposure notification system that will be built into their smartphone operating systems, iOS and Android. The system uses the ubiquitous Bluetooth short-range wireless communication technology.

There are dozens of apps being developed around the world that alert people if they’ve been exposed to a person who has tested positive for COVID-19. Many of them also report the identities of the exposed people to public health authorities, which has raised privacy concerns. Several other exposure notification projects, including PACT, BlueTrace and the Covid Watch project, take a similar privacy-protecting approach to Apple’s and Google’s initiative.

So how will the Apple-Google exposure notification system work? As researchers who study security and privacy of wireless communication, we have examined the companies’ plan and have assessed its effectiveness and privacy implications.

Recently, a study found that contact tracing can be effective in containing diseases such as COVID-19, if large parts of the population participate. Exposure notification schemes like the Apple-Google system aren’t true contact tracing systems because they don’t allow public health authorities to identify people who have been exposed to infected individuals. But digital exposure notification systems have a big advantage: They can be used by millions of people and rapidly warn those who have been exposed to quarantine themselves.

Bluetooth beacons

Because Bluetooth is supported on billions of devices, it seems like an obvious choice of technology for these systems. The protocol used for this is Bluetooth Low Energy, or Bluetooth LE for short. This variant is optimized for energy-efficient communication between small devices, which makes it a popular protocol for smartphones and wearables such as smartwatches.

Bluetooth LE communicates in two main ways. Two devices can communicate over the data channel with each other, such as a smartwatch synchronizing with a phone. Devices can also broadcast useful information to nearby devices over the advertising channel. For example, some devices regularly announce their presence to facilitate automatic connection.

To build an exposure notification app using Bluetooth LE, developers could assign everyone a permanent ID and make every phone broadcast it on an advertising channel. Then, they could build an app that receives the IDs so every phone would be able to keep a record of close encounters with other phones. But that would be a clear violation of privacy. Broadcasting any personally identifiable information via Bluetooth LE is a bad idea, because messages can be read by anyone in range.

Anonymous exchanges

To get around this problem, every phone broadcasts a long random number, which is changed frequently. Other devices receive these numbers and store them if they were sent from close proximity. By using long, unique, random numbers, no personal information is sent via Bluetooth LE.

Apple and Google follow this principle in their specification, but add some cryptography. First, every phone generates a unique tracing key that is kept confidentially on the phone. Every day, the tracing key generates a new daily tracing key. Though the tracing key could be used to identify the phone, the daily tracing key can’t be used to figure out the phone’s permanent tracing key. Then, every 10 to 20 minutes, the daily tracing key generates a new rolling proximity identifier, which looks just like a long random number. This is what gets broadcast to other devices via the Bluetooth advertising channel.

When someone tests positive for COVID-19, they can disclose a list of their daily tracing keys, usually from the previous 14 days. Everyone else’s phones use the disclosed keys to recreate the infected person’s rolling proximity identifiers. The phones then compare the COVID-19-positive identifiers with their own records of the identifiers they received from nearby phones. A match reveals a potential exposure to the virus, but it doesn’t identify the patient.

The Australian government’s COVIDSafe app warns about close encounters with people who are COVID-19-positive, but unlike the Apple-Google system, COVIDSafe reports the contacts to public health authorities. Florent Rols/SOPA Images/LightRocket via Getty Images

Most of the competing proposals use a similar approach. The principal difference is that Apple’s and Google’s operating system updates reach far more phones automatically than a single app can. Additionally, by proposing a cross-platform standard, Apple and Google allow existing apps to piggyback and use a common, compatible communication approach that could work across many apps.

No plan is perfect

The Apple-Google exposure notification system is very secure, but it’s no guarantee of either accuracy or privacy. The system could produce a large number of false positives because being within Bluetooth range of an infected person doesn’t necessarily mean the virus has been transmitted. And even if an app records only very strong signals as a proxy for close contact, it cannot know whether there was a wall, a window or a floor between the phones.

However unlikely, there are ways governments or hackers could track or identify people using the system. Bluetooth LE devices use an advertising address when broadcasting on an advertising channel. Though these addresses can be randomized to protect the identity of the sender, we demonstrated last year that it is theoretically possible to track devices for extended periods of time if the advertising message and advertising address are not changed in sync. To Apple’s and Google’s credit, they call for these to be changed synchronously.

But even if the advertising address and a coronavirus app’s rolling identifier are changed in sync, it may still be possible to track someone’s phone. If there isn’t a sufficiently large number of other devices nearby that also change their advertising addresses and rolling identifiers in sync – a process known as mixing – someone could still track individual devices. For example, if there is a single phone in a room, someone could keep track of it because it’s the only phone that could be broadcasting the random identifiers.

Another potential attack involves logging additional information along with the rolling identifiers. Even though the protocol does not send personal information or location data, receiving apps could record when and where they received keys from other phones. If this was done on a large scale – such as an app that systematically collects this extra information – it could be used to identify and track individuals. For example, if a supermarket recorded the exact date and time of incoming rolling proximity identifiers at its checkout lanes and combined that data with credit card swipes, store staff would have a reasonable chance of identifying which customers were COVID-19 positive.

And because Bluetooth LE advertising beacons use plain-text messages, it’s possible to send faked messages. This could be used to troll others by repeating known COVID-19-positive rolling proximity identifiers to many people, resulting in deliberate false positives.

Nevertheless, the Apple-Google system could be the key to alerting thousands of people who have been exposed to the coronavirus while protecting their identities, unlike contact tracing apps that report identifying information to central government or corporate databases.


  • Johannes Becker is Doctoral student in Electrical & Computer Engineering, Boston University. Additional reporting by David Starobinski, Professor of Electrical and Computer Engineering, Boston University. This article was originally published on TheConversation.


HPE delivers cloud experience with GreenLake Central


Hewlett Packard Enterprise (HPE) has announced that HPE GreenLake Central, unveiled in December 2019, is now generally available for HPE GreenLake customers. This advanced software platform provides customers with a consistent cloud experience for all their applications and data, through an online operations console that runs, manages and optimizes their entire hybrid cloud estate. In addition, HPE is introducing enhancements to its as-a-Service portfolio with support for data management and file storage, and an enhanced co-location offering through partnerships with Cohesity, Qumulo, and CyrusOne, respectively.

HPE GreenLake brings the modern cloud experience to customers’ applications, data and workloads in their locations in a self-serve, pay-per-use, scale up-and-down way and managed as-a-Service by HPE. This allows customers to free up capital, boost operational and financial flexibility and enable talent to accelerate what’s next for their business. HPE GreenLake is the market leading platform for delivering on-premises IT as-a-Service, and one of the fastest-growing businesses in HPE with more than 800 enterprise customers worldwide and over 500 partners selling today. HPE GreenLake’s unique metering, cost control, software IP, and backing from HPE Financial Services and HPE Pointnext Services provide a differentiated solution on top of HPE’s industry leading hardware portfolio that competitors cannot match.

HPE GreenLake Central is the only platform on the market which enables customers to:

  • Manage their entire hybrid estate, provisioning instances and redeploying resources in on-premises environments with the same speed and agility as off-premises.
  • Monitor and run off-premises costs and compliance in AWS, Microsoft Azure, and Google Cloud, as well as on-premises environments. The platform suggests ways to prioritize spend through integration with Azure Access Manager and AWS Access Manager.
  • Achieve better business outcomes for developers, IT operations, and line of business leaders with the platform’s unique insights and recommended actions for security, capacity, cost, compliance, and resource utilization across the hybrid estate.
  • Access their own consumption metrics and analytics in order to dynamically optimize the placement of workloads based on the factors most important to them – such as cost, governance, security, or interdependence with other systems.

“The transformation to digital healthcare is accelerating like never before. Our mission is to empower our clinicians with the right technological support and access to tools that they need in order to act fast, gain insights and deliver meaningful patient outcomes”, said Stella Ward, Chief Digital Officer at Canterbury District Health Board in New Zealand. “HPE GreenLake Central gives us a simple-to-use single point of access to dashboards and reports which help us ensure regulatory compliance in our hybrid estate as well as optimize our cloud spend so we can deliver new features and functionality to our staff much faster.”

Today, over 250 early adopter customers are using HPE GreenLake Central to drive their digital transformation initiatives and achieve better business outcomes.

“HPE GreenLake has gained universal appeal as it uniquely addresses what the market requires for in an ideal as-a-Service experience,” said Keith White, Senior Vice President and General Manager of HPE GreenLake. “With continued high demand for hybrid offerings from our customers, HPE GreenLake Central is an innovative leap forward that enables our customers to choose the cloud destination that makes the most sense based on cost, performance, governance and compliance. It gives developers and line of business decision-makers ways to create and innovate at the speed they need to compete in today’s market.”

Data Management and File Storage

Building on its robust portfolio of on-premises pay-per-use services1, HPE is introducing new HPE GreenLake converged data management and modern file storage service offerings with Cohesity and Qumulo, respectively.

The exponential growth in backup and unstructured data has made it increasingly difficult for enterprises to protect, manage, and gain insights from their data across hybrid and multi-cloud environments. HPE GreenLake with Cohesity allows businesses to leverage Cohesity’s enterprise-class converged data management platform together with HPE GreenLake’s flexible, pay-per-use consumption model2. This offering builds on the OEM partnership between HPE and Cohesity, allowing customers to eliminate mass data fragmentation, simplify management of data across locations, and do more with their data, so they can leverage it for business intelligence.

Organizations are also increasingly challenged to get value out of their data to drive business decisions, build products, and remain competitive. Qumulo’s hybrid file software enables active workloads to securely create, analyze, and collaborate with applications in the datacenter and in the cloud. Qumulo’s software, delivered through HPE GreenLake, enables data-driven innovations while containing costs. Qumulo’s built-in, real-time data analytics available through HPE GreenLake’s on-demand model, helps customers deliver results while significantly saving costs.

To access the Cohesity and Qumulo services, customers can work with HPE or HPE’s value-added partners to define the right solutions.

Co-location Facilities

HPE GreenLake with co-location offers the benefits of a public cloud experience while letting customers keep full control of the IT with the advantages of co-location. This relieves customers from the capital expenditures and the burden of running a datacenter in their own premises.

HPE first announced its partnership with CyrusOne in June 2019, addressing customers who wished to leverage an external datacenter facility for their HPE GreenLake applications. Building on this momentum, HPE and CyrusOne are now expanding their partnership to enable faster end-to-end service delivery and one place billing: HPE GreenLake is now delivered with the simplicity of a single contract, invoice, and point of contact with CyrusOne. Furthermore, the two companies are offering customers the option of co-location for any HPE GreenLake solution, hosted in any CyrusOne datacenter globally, giving customers additional geographic flexibility to meet the specific requirements of their business.

CyrusOne’s datacenter architecture offers services designed to support the diversity of client workloads regardless of scale or density, delivering capabilities previously only available to the largest cloud providers and Fortune 1000 companies.

To learn more about HPE GreenLake, visit

What is VPN or Virtual Private Network?

What is a VPN?

VPN Explained

A VPN or Virtual Private Network is technology designed to ensure privacy for businesses and users over an otherwise public network, such as unsecured WiFi. It allows remote sites, users or employees to connect over the internet securely and safely. For example, a remote employee working from home may need to access the company intranet (internal networks accessible only within the company) without exposing proprietary company information. Increasingly, consumers also turn to VPN to ensure their emails, browsing history, social media interactions, banking transactions and other online activities remain inaccessible to others.

How VPN Works

A VPN hides the IP address (a unique number assigned to every online machine) so the physical source of data sent cannot be identified. In addition, data sent over a virtual private network is scrambled or “encrypted” making the data unreadable other than by the intended recipient. It is often described as a “tunnel” that allows private and secure data transmission in an unsecured environment.

Uses of VPN

Virtual private networks are used routinely by businesses to ensure client communications and confidential company information are kept private. Here are some of the other uses:

1. Hide User Location

If the IP address is visible, so is the device and physical location. The IP address leads to that device and only that device. A VPN uses an alternative IP address that could be located anywhere in the world. This is useful it it is important to you that devices and locations are hidden. The device is visible to the VPN provider but no-one else.

2. Protect Devices

Portable devices such as laptops, tablets, and smart phones used on public WiFi may be vulnerable to hackers and cybercriminals. Using a VPN helps keep devices and any information stored on them private. This could help protect against identity theft.

3. Internet Activity

Users may want to keep their online searches and activity private. Web browsers and often the websites visited keep a history of which sites were visited and what pages were viewed. This knowledge can be used for multiple purposes. For example, targeted ads may be served that alert others to what users researched. A virtual private network prevents this from happening and ensures the websites visited remain secret.

4. Streaming Out of Area

A VPN may allow users to use streaming services outside designated areas. This can be useful when travelling abroad. If a streaming service does not offer streaming in the destination country, users on a virtual private network can choose an IP address in their home country.

5. Personal Privacy

Internet service providers asked to supply records of online activity for legal or commercial reasons are unable to do so if users have used a VPN. This means that business or personal data remains private. Some providers log activity, so this does not mean that users can break the law with impunity. Users suspected of criminal activity cannot invoke privacy laws in the same way as law-abiding citizens.

VPN Summary

A VPN keeps devices, information and browsing history private by hiding the source device IP address and encrypting transmitted data.


  1. Explain How VPN Works
  2. How does a VPN work?

Five steps to better security working from home


Many more people are working from home (WFH) than ever before. Now that we know it can work for so many people, I expect it will remain popular even after the current crisis is over.

The bad guys know this, and they’re sharpening their focus to take advantage of folks working from home perhaps for the first time.

A recent episode of The CyberWire podcast listed five steps to improving your security when working from home. I want to visit those, elaborate on why they’re important in the WFH environment, and, in at least one case, disagree a little.

The steps will be familiar to most.

1. Stay up to date

If you’ve been putting off getting your system as up to date as possible, do it now. This applies not just to Windows (or whatever operating system you’re using), but to the applications you use as well — especially those you use at work.

Your workplace may have strict, even automated policies that keep your equipment up to date — you never have to think about it. At home, it’s easy to let things slide.

If you brought company equipment home, it’s even more important, since those automated systems may or may not work when disconnected from your company’s network.

You don’t want to be the employee that allows malware (like, say, ransomware1) onto company property when it could have been easily prevented by keeping things up to date.

2. Use two-factor authentication

For every account that offers it, including accounts you use while working from home, enable two-factor authentication.

Again, bad guys target the stressed and overbusy employees of high profile (or high value) companies working from home for the first time. While we’re all being told over and over to pay attention to our personal hygiene, it’s very easy to overlook password hygiene in times of chaos and stress.

Two factor (or multi-factor) authentication is a strong layer of additional protection. Even if someone gets your password, they won’t be able to sign in, because they won’t have the additional factor (typically your phone, but often as simple as an alternate email address) that proves you are who you say you are.

3. Don’t reuse passwords

Make certain that every account you have — especially work-related accounts — has a different password. Make it long and strong, and use a password vault to keep track of them all.

When those bad guys happen across a password — either by successfully hacking you, or because it’s been exposed in a data breach — they use what’s called “credential stuffing” to try that password, along with your email address, at a wide variety of other online services. If you used that same password at the other services, bingo, you’ve been hacked again.

If that happened to be an account related to your work — which of course hackers would love for it to be so they could perhaps gain access to your company’s network or data — the repercussions could be significant.

I know many people pooh-pooh credential stuffing, but it does happen (the fact it has its own term should be a clue), and it’s a common way hackers take advantage of those of us who get lazy.

4. Avoid getting phished

I expect successful phishing to increase. Particularly as we work from home, it’s easy to be fooled by an email that looks like it came from your company, or even your boss. It’s particularly dangerous since you may not have the quick and easy resources at hand to verify the message is legitimate, such as walking over to and asking your boss if they really sent it.

As forced WFH continues, phishing attacks will focus on impersonating business scenarios in order to gain access to sensitive corporate credentials and information. Sadly, we all too often hear of data breaches — and, as I mentioned earlier, ransomware — traced to a single employee falling for an email they shouldn’t have.

Don’t be that employee.

5. Use a VPN

This recommendation took me a little by surprise, for two reasons.

First, for many companies it’s a requirement, not a suggestion. In order to connect to your company’s resources, you are required to connect through your company’s VPN. Without it, all you can do is work on your local machine, without the resources you might need from your corporate network.

Second, a VPN from home doesn’t protect you from much. Sure, if you have reason to distrust your ISP, or if there are other machines on your home network that you might not be able to trust, it could protect you from them, but those are rarely huge issues. We tend to recommend VPNs when you’re travelling for use at the coffee shop’s open Wi-Fi, or from a random location like a hotel. Working from home doesn’t have the same issues.

There’s certainly no harm using a VPN from home, assuming the performance and functionality is acceptable; it’s just not something I’d put on my shortlist.

Why use a VPN for remote employees?

VPN for remote employees

History of VPN

The idea of using VPN for remote employees is not new. VPN dates to 1996 when a Microsoft employee developed the peer-to-peer (or point-to-point) tunnelling protocol, also known as PPTP. PPTP was a way of creating secure network between users by encrypting data and forming a tunnel over a LAN (local area network) or WAN (wide area network). Since then, the use of VPN for remote employees has become commonplace.

VPN for Companies

In the early days, using VPN for remote employees was not the objective. Rather, large companies and organizations needed a private and secure way to share information between offices in different locations worldwide. Crucially, filesharing and access had to be as if employees were located in the same office. VPN made this possible.

VPN for Remote Employees

Telecommuting, working from home, remote work or having a flexible workplace is an employment arrangement that allows workers not to commute to the office.  In the late twentieth century telecommuting gained popularity but was seen by most employers as a privilege. It also had many limitations around security and access to information. In the twenty-first century working remotely is widely accepted with companies employing individuals all over the world without having to purchase or rent office space. Thanks to VPN technology, dispersed employees working wherever they please can be done without putting company data at risk. There are many business and employee benefits to using VPN.

Business Benefits of VPN

  • Company data may be shared easily anywhere in the world
  • Data and information are protected within the VPN environment
  • Provides online anonymity
  • Allows a physical presence in multiple locations
  • Eliminates need for office space
  • Seamless integration with other employees and offices

Personal Benefits of VPN

  • Work from home
  • Saves on commuting expenses
  • Eliminates commuting time
  • Allows more flexible hours
  • Can work when infectious without putting co-workers at risk
  • Easier to balance work and life commitments

VPN for Remote Employees Summary

Over the last several decades, the adoption of the internet as a business tool has permitted unparalleled rapid communication and transfer of data and information. Without the confines of surface mail, the speed at which business can be done has increased dramatically. Telecommuting and remote employment is accepted as normal and even desirable. However, the ease of information and data sharing on the internet brings its own challenges. Without suitable security in place, proprietary business information is vulnerable to hackers and cybercriminals. VPN for remote employees is the solution.


  1. Virtual Private Networks: How They Work And Why You Might Need One
  2. VPN’s for Remote Workers: A Beginners Guide for 2019

Unemployment claims don’t capture full impact of Covid


As the coronavirus pandemic continues to grow, few Americans have been left untouched. Even those lucky enough to stay healthy are facing economic uncertainty or, in many cases, financial ruin.

More than 26 million people have filed for unemployment insurance over the past five weeks, a spike unmatched by anything recorded in U.S. labor data.

Unlike the more gradual layoffs and furloughs of previous recessions, widespread COVID-19 outbreaks have forced cities and states to suddenly shut down public gatherings—and with them, the lifeblood of multiple industries.

For University of Chicago economist Dan Black, the speed of the current economic shutdown is what makes the future so cloudy.

A leading labor expert at the Harris School of Public Policy, Black explained why unemployment claims don’t fully capture the grim economic picture; which industries might be hit hardest; and what factors he’ll be watching.

How do you project the economic future, given the absence of historical precedents?

That’s the problem. You’d like to be able to have data that says: “We’ve been here before.”

In the Great Recession, we could go back to the Great Depression. But we haven’t ever had an unemployment rate ramp up the way it’s ramped up here. It’s been unbelievably fast. Before, things were just humming.

Unemployment was low. And we just told people to go home. We’ve never basically caused our own recession by telling people to go home. Figuring out what the impact will be is going to be quite difficult.

I’m confident that we’ll have a recovery. What I’m not confident about is whether it’ll be a long, slow recovery like it was coming out of 2008, when we had to reallocate labor.

Or is this going to be the sort of thing that, once we get to the end of this, the firms that have laid off people—Macy’s, the restaurants—all send notices back to their employees to return? In the latter scenario, we could come out of the recession very quickly.

Part of it is going to depend on how successful we are at keeping these establishments viable. The small restauranteur is going to find this very, very hard to do.

Even a lot of larger restaurants will find this hard to do. A lot of places we think of as big companies are actually owned by franchisees. They’re the ones who will be responsible for capital costs.

Are there specific industries that seem especially vulnerable?

Part of the current paradox is, you’re trying to flatten the curve of the pandemic. What that means economically is, you’re pushing it out into the future. That lengthens the time the recession is going on.

The longer places stay out of business, the harder it’s going to be for them to get back into business. This could accelerate the decline of businesses that were not particularly healthy. We are in an era where retail is on the decline, so maybe this recession is going to accelerate that.

I haven’t seen a recession like this, where we just send people home—and with good reason. I’m not saying we shouldn’t have done it.

But it does make the economic recovery highly unusual. It’s just unprecedented. You don’t know how businesses are going to behave. Are companies going to be very conservative in rehiring, or are they going to be aggressive?

What measures do you think the government should take to help businesses stay in place?

The stimulus packages have looked pretty interesting.

They are trying to give loans that they’ll convert to grants to keep employment up. But usually, when you have a recession and you see businesses failing, in some sense, you want them to fail. It’s a way of getting rid of the weaker establishments.

Here, you could be making great money, and now, we’ve just turned down the spigot.

What happens when people run out of unemployment benefits?

Well, we get six months. In six months, if we’re still on partial lockdown—we may not all go back to work simultaneously—I’m sure Congress will, particularly in an election year, strive to give relief to people suffering.

The problem is, unemployment insurance isn’t necessarily the solution for everyone. Some people don’t qualify. They don’t work enough. They don’t work in a covered sector. People who are graduating are looking for jobs.

There aren’t any. But they aren’t eligible for unemployment insurance because most of them haven’t been employed in a formal sense. So, those people are just missing the benefits. It’s going to be hard on people.

Is there a measure or statistic that captures the impact on those people better than unemployment filings?

I think the best measure is the employment-to-population ratio. You could look at the number of employed people and divide by the population, or adjust and divide by the number of people aged 18 to 66.

That’s often a better statistic than unemployment anyway, because unemployment doesn’t capture discouraged workers. If you’re not looking for a job, we don’t count you as unemployed.

Suppose next March, the economy has only partially opened up. There may be a large percentage of 2020 graduates who have simply quit looking. Maybe they’re thinking about going to graduate school.

Are there useful comparisons from the past, even if the scenarios are different?

We’ve never seen anything quite like this. This is very unique in the economic history of the United States, and in the world.

During the Spanish Flu of 1918, there were cities that implemented what we know think of as social distancing. The trouble with that era is, we had lousy economic statistics. We weren’t out sampling people.

You could look at GDP and things like that, but we didn’t have the modern statistical apparatus that really developed in the U.S. during the late 1940s and 1950s. Because of that, it’s hard to say, ‘Well, we can learn from what San Francisco did relative to what Pittsburgh did.’

We did engage in attempts to limit the spread of the Spanish Flu. Maybe that would be informative. But that’s over 100 years ago. The world was very different then.

What are you going to watch for in the coming weeks and months?

I fear that the pandemic will produce a really regressive burden. It’s going to hit low-skilled workers the hardest.

I think most high-skilled people can sort of limp through using Zoom and other media to carry out their business.

If I were to pick an industry that could get very hard hit by this, retail is already kind of a weak sector because of the huge growth in online shopping. I’m going to watch for unemployment in those sorts of sectors. Restaurants and movie theaters—you’ve really got to worry about what’s going to happen to these sorts of entities.

I’ll be curious to see what this does to online retailing. Places like Walmart and Target are already getting into online retailing because it’s way cheaper. It’s very expensive to run a store.

You also start to hope we start making more investments in public health. Maybe we’ll see more efforts to prepare hospitals for the next pandemic. There will be a next one—we just don’t know what it is.

  • Jack Wang is News Officer for the Social Sciences and Arts & Humanities at the University of Chicago.

Medical drones could help beat the Covid crisis


The COVID-19 pandemic is, by necessity, leading to a flurry of innovation. And now drones are taking their turn in the limelight.

In a recent announcement, the UK government said that unmanned aerial vehicles (UAVs) could be ferrying vital personal protective equipment (PPE) from the English mainland to NHS staff on the Isle of Wight as soon as early May. The Windracers Ultra fixed-wing drones, which can transport 100kg for over 600 miles, should be able to make the crossing in ten to 15 minutes.

This is just one example of the radical technological change that is being nodded through to help meet the unprecedented challenge of COVID-19.

The usefulness of drones to the medical sector has been clear for several years, and many well-funded start-ups have been trialling services globally.

In developed countries, where road infrastructure is good, airspace regulation is strict, and health services have well-established logistics networks, companies have struggled to get much traction. The company Matternet’s trial in Switzerland was a rare success – ferrying medical lab samples between hospitals in Lugano aboard multi-rotor drones – though even that has had teething troubles.

Instead, most of the innovation has taken place in developing countries – where the need is more acute, and the barriers more surmountable – with Zipline making progress in several African countries. The company’s service uses fixed-wing drones to drop packages, including blood, to rural areas with poor roads.

So this new trial marks a welcome departure for the UK.

At Nesta, we’ve been exploring the future of drones in the UK for the past two-and-a-half years. We’ve also looked into a number of hypothetical uses for drones – coincidentally, including the transport of medical items across the Solent, the body of water between mainland Britain and the Isle of Wight.

What we found suggests that this trial is likely to have positive implications that last beyond the coronavirus crisis. Not only will it perform a valuable public service now, but it will also help dismantle some of the barriers that lie in the path of wider drone adoption.

Getting technical

In a 2018 report, we found that there is already some enthusiasm for public service drone use. But there are three broad problems that need to be worked through before they become commonplace.

The first is technical, involving the development of safe, long-distance flight (or “beyond visual line of sight” in industry lingo), autonomous piloting and precision flight. These rest on developing and improving communications networks and low-altitude air traffic management.

The government’s industrial strategy project, the Future Flight Challenge, includes over £100 million of public money for research and development into drones and other aerospace technologies.

But long distance drone flights across the Solent will be a great test case that builds a track record, helps generate data and boosts confidence in the technology. The government’s recently announced funding for other coronavirus-related programmes, including for drones, should help generate further innovation in the field.

Collaboration is key

The second issue is the lack of alignment. There are many drone companies with innovative ideas. In our 2018 survey of the industry, we found over 700 in the UK – and there would be many more now. There are also organisations that are trying them out, construction companies and infrastructure owners, in particular.

But in our research, and in subsequent workshops we held with innovators and potential customers in 2019, we found that people who should be talking to each other often aren’t. Government and regulation have been moving slowly, without learning lessons from industry. Technology developers aren’t involving end users, such as local councils or NHS hospitals, in their research and development. And in turn, those potential users often aren’t taking the risk of paying for pilot drone programmes.

But there is movement in the right direction. The Civil Aviation Authority’s innovation team has transformed the regulator’s approach over the past two years. It has set up an initiative to help firms with innovative ideas navigate the complex rules around safety and gain the permissions they need.

And this trial drone service will be a welcome addition, creating tangible evidence of how a drone service can benefit the NHS and forge links between the NHS, drone companies and regulators.

Public support

And then there’s the public. Does the public actually want drones? For what purposes? And operated by whom?

When we investigated this, we found strong support for the public service use of drones, and more suspicion around commercial or hobbyist use. But public opinion is still forming, which is hardly surprising as drones are not widely used and most people have not yet had to think about them.

But that will change as drones become more widespread. And the questions that will arise are not ones with right or wrong answers; they’re about values and priorities. The drone industry needs to engage with the public on this, not in a superficial way but to learn from them as much as educate them about the potential benefits.

The NHS trial won’t hurt. In fact, having a real-world case study like this might make these conversations less abstract. But the extraordinary circumstances of the coronavirus pandemic – during which the public has enthusiastically embraced economic and public health measures more extreme than any in living history – isn’t representative of normal times. And drones operating in city centres, rather than over the sea, are far more likely to cause controversy.

For now, however, we need to move fast. Engaging the public and finding out what they really think will need to come later, when the fierce urgency of the crisis is over and we can all take a more dispassionate view of the future.