GDPR: A Cloud with a Silver Lining

Are there four letters presently capable of generating greater fear and anxiety for organisations around the world than GDPR?

The majority of conversations surrounding its imminent arrival strike a tone similar to the way citizens were prepared for nuclear Armageddon during the Cold War. With so much attention focused on potential doomsday scenarios, are we ignoring the positive aspects?

Reducing the cost of storing data

Before the digital era, organisations had a finite capacity for data storage. When the filing cabinet looked fit to burst, it was time to purge the documents that were no longer relevant or useful. As businesses transitioned from hard copies to digital copies, that element of housekeeping was often left behind, perhaps proving there’s truth to the saying, out of sight, out of mind.

The Usual Suspects? Nation State Cyber Attacks

Nation state sponsored cyber-attacks are growing in frequency, reach, and sophistication.

Within the previous year alone, a successful attack targeted the World Anti-Doping Agency, releasing the medical records of Olympic athletes from around the world. State sponsored hacking is also assumed to have played a role in the outcome of the US 2016 election, leading the US government to release a report detailing indicators of Russian involvement.

While countries have been conducting stealth attacks against each other for centuries, the digital era means these attacks can now be achieved remotely with technology.

Data Protection and Outsourcing

Outsourcing tasks and responsibilities is commonplace for many businesses today. Everything from administration and HR, to bookkeeping and IT can be outsourced to a third party, allowing you to focus fully on the core competencies of your business.

While this usually brings about benefits in terms of efficiency and cost, it can also cause serious problems and risks if the issue of data access is not properly considered.

Data: When is it personal?

Data protection is not fundamentally a data issue, but a human rights issue. As such, data protection legislations always relate to processing personal information.

To understand your legal data protection obligations, it is necessary to understand what is considered personal data. This is an area that can cause confusion. An individual’s name? That’s certainly personal information. But what about an email address? Or a photograph? Or an ID number that, when combined with other information you hold, could be used to identify someone?

A Personal Data Breach Story

Our director, Colin Tankard, recently identified a personal data breach in action when buying a new car.

In the process of buying the car, Colin received poor service from a main dealer and when he complained about this, he didn’t receive a response.

He did receive an email from the car manufacturer’s marketing team inviting him to complete an online survey about his experience and, like many surveys, offered the chance to be entered into a competition.

How Can You Protect Your Business Against Malware?

Ransomware, viruses, and malware. No business wants to find themselves victim of a cyber-attack. Often these malicious pieces of software enter the network via a backdoor attack, allowing cybercriminals to break into the infrastructure without being discovered.

Once inside the network, they can lay quiet for weeks or months before activating, making them even harder to detect. All the while it is moving around your network, seeking to find super-user credentials, elevate its privileges, and access vital data.

So how can you stop something you don’t even know about?

How to make your email secure

Cybercriminals are intercepting emails between companies and their clients, deceiving customers out of life-changing sums of money and severely damaging the reputation of the organisation.

Targeted companies range from solicitors and conveyancers, to builders and traders.

In January this year, a charity worker buying his first home had his £67,000 life savings stolen after fraudsters hacked into emails sent between him and his conveyancing solicitor. Last year a London couple transferred over £25,000 to a fraudster posing as their builder after receiving a genuine-looking invoice, for an amount they were expecting, from a copycat email address.

Secure Data Storage in a Cloud-Based Era

Is there an asset more valuable than your company’s data?

The need to keep off-site back-ups, seamlessly collaborate with others, and access data from any location has led to vast amounts of critical data being stored in third-party cloud-based services.

Your confidential data is such as Word documents, PDFs, spreadsheets, emails, contact lists and databases.

With hundreds of thousands of businesses placing these documents in cloud-based services like Dropbox or Microsoft One Drive, is it worth asking how secure they are?

Who is the biggest risk to your company’s Cyber Security?

When an employee doesn’t care about cyber security

It doesn’t matter how thorough a business’ protective measures are, employees remain one of the biggest risks to an organisation’s digital security.

In some cases, it is not that employees don’t care about digital security, but that they don’t fully understand it.

An experiment in London’s financial district proved just how much of a risk employees can be to their organisations. CDs were handed out to commuters by employees of an IT skills company and told the disk contained a special Valentines’ Day promotion. In reality, the CDs contained code which notified the IT company how many of the recipients tried to open the CD. Despite clear warnings on the packaging about the dangers of installing third-party software and acting in breach of company acceptable-use policies, several city workers proceeded to run the disk. A major retail bank and two global insurers were among the organisations whose employees fell for the stunt.

When Familiarity Breeds Complacency – How to Identify Authentic Emails

For many, a daily routine exists from the moment they sit at a desktop or take their first swipe of a tablet. It involves identifying important emails in your inbox and disregarding the spam. In most instances, this is a tedious yet simple task. We click on emails from contacts we know, or from organsiation we trust, and delete those we have no interest in. We look for the familiar and discard the unknown. It is a routine that drains time but a system that in the past has kept us reasonably safe from hackers. Repetitive yet necessary.