Uncategorised

Cyber Security and GDPR – Are your Employees Prepared?

Training at ITCS – and a GDPR Quiz

In today’s connected world, personal data is being collected at an incredible rate.

The websites you use, the places you visit – even photos you take are all recorded, measured and leave a digital footprint – a footprint that is now referred to as the ‘oil of the digital era’, because of how much it now informs the way companies communicate with their customers and how it positively impacts customer experience. The five most valuable listed firms – Globally – are no longer Oil Companies, but Data Giants: Alphabet (Google’s parent company), Amazon, Apple, Facebook and Microsoft. Such dominance has prompted calls for the tech giants to be broken up, as Standard Oil was in the early 20th century.

Because personal data is so valuable, it’s also extremely vulnerable. This has led to consumers demanding to know how companies use and store their personal data. Essentially, consumers are not convinced that companies are doing enough to protect them. GDPR regulations attempt to harmonise data protection laws in the EU that are better suited to sensitive, valuable data in the digital age. By introducing a single law, the EU believes that it will bring better transparency to help support the rights of individuals and grow the digital economy.

While the GDPR deadline was back in May 2018, it has become clear that GDPR compliance certainly wasn’t a one-time investment project and remaining complaint in 2019 and beyond needs continued investment. 

See how well you know your GDPR ‘Stuff’ with this quiz!

Didn’t do so well? You should get in touch.

At ITCS, we have provided both general overview and specialised training and consultancy to address the new GDPR legislation for over a year.  We have experienced data security specialists who’s primary focus is keeping information secure, both from an IT point of view, but just as importantly, making sure our clients understand the obligations that this new legislation places on their board and staff.

We don’t just focus on technological solutions, but include staff as part of the solution.  We recommend security awareness training as well as ensuring that they have a good understanding about how they are expected to protect the information that they process.  We can train your staff in both information technology security awareness, how social engineering attacks work and how to protect themselves and the businesses they work for to reduce the likelihood of a successful attack.  We then work with senior staff to risk assess their processing activities, and identify how they could further secure their systems and processes, and finally train your staff in the safe processing and sharing of personal data.

Find out more by clicking here.

WebCyber Security and GDPR – Are your Employees Prepared?

Windows Hacks – 10 Keyboard Shortcuts to Help You Work Faster

Although it’s unlikely you’ll be able to memorise every single keyboard shortcut, they really can make you much faster whilst you work on a PC. Learning and using the ones that are most important to you is a great way to enhance your Windows 10 experience.

Compared to reaching for the mouse or navigating a menu, a single keyboard shortcut shaves a moment off your task. This might not seem like much, but add up all those saved moments over a week or a month, and you’re gaining a substantial chunk of time. That’s why it’s important to know as many shortcuts as possible for your operating system. Try a keyboard command a few times, and you’ll find out just how useful it can be.

You could even bookmark this page, and use it as a Go-To Tool whilst you learn!

WebWindows Hacks – 10 Keyboard Shortcuts to Help You Work Faster

4 Key Security Threats that Businesses Need to Prepare for in 2019

From high profile data breaches of companies like Facebook and British Airways, to mounting evidence surrounding Russian interference in the 2016 US election, it is safe to say that 2018 was a landmark year in terms of security vulnerabilities and emboldened cyber-criminals. So, with 2019 set to bring more technology advancements, what can you do to protect yourself, and what should your priorities be as a business?

The Information Security Forum – also known as the ISF – is a trustworthy source that senior security professionals and board members turn to for guidance on information security and risk management. They have identified 4 key security threats that businesses will be faced with this year – as well as tips for risk management. You can read the full report here.

Key threats for 2019 include:

1. Increased Sophistication of Cyber Crime

In 2017, high-profile incidents, such as the WannaCry ransomware attack, made file-encrypting malware internet enemy number one. 2018 actually saw a decrease in the number of Ransomware attacks, as many businesses invested in backup solutions that eased the impact of a ransomware attack – or even investing in high quality Endpoint Detection and Response (EDR) systems – which basically eliminate the risk altogether.  However, there are still many high-profile ransomware attacks happening, which is why this threat remains at the top of our list as a threat to business in 2019.

How to Prepare:

John Zorabedian, author of Sophos NakedSecurity Blog – suggests that preventing ransomware attacks can be as simple as getting the basics of cyber security right. Back up your files regularly,  train and retrain employees in your business (we can help with that if you need). Use a password manager and never reuse passwords. Keep up to date with operating system patches and app or software updates. Change the default administrator passwords on things like home routers, modems, and network-attached storage servers.

2.Legislation Falling Behind 

ClickDimensions-GDPRBoth regional and national legislators are struggling to keep pace with the fast-paced developments in Cyber-security. They are set to fall even further behind in 2019, with most current legislation in place being years behind the technological curve. At the same time, as businesses cry out for more regulation, sweeping changes get made with tight deadlines that don’t allow adequate time for organisations to attain compliance. The ISF identifies how national regulations will also provide a hindrance: “legislation by its nature is government and regulator driven, resulting in a move towards national regulation at a time when cross border collaboration is needed. Organisations will struggle to keep abreast of such developments which may also impact business models which many have taken for granted”.

What Can I do?

Unfortunately, this one is mostly down to government and regulation. Without doubt, there remains much to be done and it requires the collaboration between governments, private initiatives, the academic sector, and of course, users.

3. Smart Devices will Challenge Data Integrity

Picture+for+ArticleAs the world enters a new era of technology, businesses are implementing smart devices enthusiastically in an effort to impact their business. This is a huge positive; however, many users won’t realise that these devices are often insecure by design, and therefore offer many opportunities for attackers. These types of attacks are on the rise; in 2018, SophosLabs saw significant growth in the volume of attacks targeting IoT devices. One of the reasons for this is that it’s challenging to detect a device is affected until something goes horribly wrong.

There will also be an increasing lack of transparency – vague terms and conditions will allow organisations to use personal data in ways customers did not intend. This will prove problematic for business, as it’ll become less clear to pinpoint what information is leaving their networks or what is being secretly captured and transmitted by devices such as smartphones or conference phones. To add insult to injury, when breaches occur, organisations will be held liable by regulators and customers for inadequate data protection.

The Fix:

Again, the main advice for preventing these types of attacks is to focus on mastering the basics. Make sure all devices are kept updated, and continually updating passwords. A new device that’s being introduced as a replacement for old devices makes it increasingly easy to forget about every connected device on your network. But old devices may carry old security protocols, forgotten passwords, and a whole host of other threats to your networks.

Each device is a potential weak point that has to be secured. So, if there are old access points that you no longer use, you’ll want to thoroughly disconnect them from the network – even going as far as doing a factory reset on the gadget.

4. Supply Chain Assurance Myths

Supply chains are a vital component of any B2B or B2C organisation. They are integral to the smooth running of a business, with valuable – and often sensitive – business information being shared with trusted suppliers. It’s important to remember that when this information is shared, direct control over your data is lost. This year, many organisations will realise that gaining traditional reassurance of their supply chain security is a lost cause. Businesses that continue to focus on assuring supply chain security with approaches such as self-certified audit and assurance, may preserve the illusion of security in the short term, but will inevitably discover that the security foundations they believed to be in place were lacking. Even the smallest supplier, or the slightest supply chain disruption, can have serious impacts on your business. Brand management and brand reputation are subject to the successful security of your supply chain; both are constantly at stake.

What to do:

Refocus on managing key data and understanding where and how it has been shared across multiple channels and boundaries, irrespective of supply chain provider. The best method is to implement a supply chain information risk assurance process, which is focused on information shared with upstream suppliers. This can be done by using supply chain maps to follow the information. Such an upstream information-sharing assessment tracks what is being shared with the suppliers’ suppliers and beyond. The results draw attention to significant concentrations of information, triggering the implementation of additional controls on your suppliers and can mitigate risks.

In Summary:

The unfortunate reality of today’s complex digital marketplace is that it is impossible to prevent every security compromise beforehand, and that no matter how much you prepare, there are still risks. However, being proactive now also means you, and your business will be better able to react rapidly and intelligently when something does happen.

For more information, guidance, and support on making sure your infrastructure is as secure as possible, get in touch with one of our engineers.

email header

Web4 Key Security Threats that Businesses Need to Prepare for in 2019