Passwords are the weakest link in digital security. They can be guessed, captured by hackers logging keystrokes, or stolen by social engineering techniques. Additionally, individuals are often guilty of writing them down or using passwords that are easy to remember.
For businesses, this is bad news. Unauthorised users exploit the weak protection afforded by passwords to gain access to company data and systems. Whether it is personal data, intellectual property (IP), or research and development, all data has a value. This is what makes it an attractive target for cybercriminals.
Despite the clear benefits of secure email, organisations and individuals continue to send unencrypted emails around the world, risking their digital security and email privacy.
Relying on unencrypted email is the digital equivalent of sending a postcard in the mail. Before landing in your recipient’s inbox, regular email travels through servers all over the world. Anyone who intercepts this communication can read the content.
Law firms, healthcare professionals, and social services need to ensure email privacy to preserve their clients’ confidentiality. Organisations and businesses of all sizes need to protect their data and intellectual property, as well as that of their clients and employees. Individuals should also never send any information via regular email that they would not be willing to share publicly. Read more
Failure to implement basic Wi-Fi security practices is leaving organisations vulnerable to digital security threats, yet there are simple steps you can take to increase your protection.
Separating guest Wi-Fi access
Free guest Wi-Fi is no longer a perk, but an expectation. Whether customers are visiting the bank or barber, their local coffee shop, museum, or department store, they expect to be able to find an internet connection. The same is true for business meetings. If clients or business partners visit, it is very likely they will want to be able to access their emails, calendars, and cloud-based files from your offices.
Allowing anyone from outside your organisation to access your company’s private Wi-Fi is risky. Not only could viruses and malware reach your network from guests’ infected devices, it could also provide a hacker with a route in to your company’s vital information and systems. As Wi-Fi becomes more powerful, it broadcasts further. Someone who has accessed your Wi-Fi previously could automatically connect to your network weeks or months later, without even being in your building. Read more
In the rush to take advantage of the many benefits of cloud storage, organisations are failing to consider the legality and security of these solutions. Dropbox, OneDrive, BT Cloud, and Google Drive are used every day by millions of individuals and organisations around the world. However, entrusting the same third-party cloud storage provider with your holiday photos and your company’s intellectual property is often unwise. If you haven’t already, it is essential to stop and think about which platform is right for your data.
Organisations must know exactly where their data will be physically stored.
One reason for this is because some data, such as personally identifiable information (originating from inside the EU), is subject to EU laws governing its storage and processing.
With the imminent arrival of the EU’s General Data Protection Regulations (GDPR) it has never been more important for your organisation to remain compliant when storing and transferring data. The regulations specify that personal data can only be transferred outside of the EU in compliance with the conditions for transfer. Fines for companies in breach of GDPR will be up to €20m or 4% of the organisations global annual turnover (whichever is greater). Getting this wrong could have serious and irrevocable consequences. Read more
Serious Bluetooth vulnerabilities, affecting Android, Linux, Windows, and iOS users, were announced this September. Discovered earlier in the year, the public announcement was postponed to provide vendors time to introduce security patches for their software.
The 8 identified vulnerabilities have been collectively named BlueBorne due to the nature of these attacks happening ‘over the air’ as opposed to over the internet. Blueborne allows attackers to take control of devices that have Bluetooth enabled and run malicious code without the knowledge of the device’s owner. Worryingly, a hacker only needs to exploit one device to penetrate further into a network or spread to other devices. Read more
Proposed new European regulations seek to place an unprecedented onus on online platforms to detect copyright infringements.
The move comes as part of wider consultations on the EU’s Digital Single Market strategy.
What is being proposed?
Article 13 of the proposed directive on copyright in the Digital Single Market addresses the use of protected content by online services. Should the regulations go ahead, online service providers, which host and make large amounts of user-uploaded work available, will have greater responsibility for monitoring and filtering this content. This would affect ISPs, social media sites, and other hosting and sharing platforms. Read more
The Payment Systems Regulator (PSR) has announced an industry-wide action plan to tackle push payment scams.
Push payment scams are the second biggest cause of payment fraud in the UK, claiming £100m from 19,000 people between January and June this year alone. The consequences can be devastating for individuals and businesses alike. So far, financial organisations, including banks, PayPal, and WorldPay, have returned just £25m to victims of these scams. Read more
Removing the Barriers to Two-Factor Authentication
It shouldn’t come as a surprise that passwords are the weakest security for authentication. Organisations cannot afford to rely on passwords alone as their primary method for verifying user access to their crucial systems and data.
In the quest for greater protection from ever-increasing threats, digital security hasn’t always been centred around the needs and convenience of the individual user. It is often a hindrance for users to remember complex passwords that conform to specific conditions, or to change their password every three months. Read more