The GDPR and Data Retention

Share this story

The GDPR is coming soon and its a game changer. One of the areas it looks at is how you store your data and it will be under scrutiny. Its important that your business knows and fully understands the regulations in their entirety.

Data Retention, in terms of a business, by definition is:

The continued storage of an organisation’s data for compliance or business reasons. In most cases, a business is retaining an individuals personal data.

 “Personal Data means any information relating to an identified or identifiable natural person (data subject). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.”

The retention of data has the following concerns:

  • Legal and privacy
  • Economics and need-to-know
  • Permissible means of storage, access and encryption

If you are a business that handles personal data, you need to be able to answer the following questions:

  • Do you know and understand the GDPR?
  • Who has the responsibility for dealing with the data?
  • What categories does the data store come under with regards to data protection?
  • Other than data protection laws, what other rules, codes or practices should be considered?
  • When should data be retained and when should it be deleted?
  • When would certain data be made exempt from the general deletion principles?

Article 5 of the GDPR, states:

  1. Personal data shall be:
    1. Processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
    2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’)
    3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
    4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
    5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)
    6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

In conclusion, from the above, it is not totally clear about the period of time you can retain data, but you need to have a Data Retention Policy, ensure the relevant people in your business know about it, and also have the relevant processes and documentation in place to show destruction of data.

You will also need to consider the purpose of the information that you hold. Securely delete information that is no longer needed and update, archive or securely delete information that goes out of date.

Find out more information about data retention from the ICO:

How many data exposure risks can you see in this picture?

Share this story


GDPR & Employees

Take a look at the below. Can you see a potential data breach?

Hopefully, you can see quite a few, from the paper in the waste bin, the open files on the desk, through to the person on the telephone who may be taking client notes and leaving them exposed.

When I talk to my clients and prospects,  I am still amazed at how many of them don’t know anything about the upcoming daata protection changes with the GDPR – the new data regulations that come into force on the 25th May and I explain to them that it is essential they know about the big changes in data protection.

People are aware of the DPA (Data Protection Act) but the GDPR is bigger and better to help protect a person’s digital existence online. If you don’t comply with the new regulations, the fines will be a lot more. Customers are trusting you with their data, and you need to make sure you look after it properly.

Currently, the maximum fine the ICO can charge is £500,000. When the GDPR comes into force the maximum fine is £17M or up to 4% of global company turnover,

As business owners, we should be aware of potential data breaches. Not just in the working environment but for employees that work remotely.

Employee Awareness

How many of your employees are aware of the data protection changes ahead? If you were to ask them what would they say?

You should try it. It could prove to be a valuable exercise.

Do they know that they can’t put a piece of paper in the bin that contains the name and address of a person? Do they leave files containing personal information sitting on their desk? Do you write people’s contact details in your diary or share other people’s business cards?

It’s simple things like that…

After the 25th May 2018, those actions could result in a  potential data breach.

The key thing to remember is:

  • Any organisation that records information about ‘people’ needs to know about the GDPR and having that knowledge is a necessity. It is a business owner and leadership’s responsibility to make sure that everyone in their organisation is aware of the new data protection regulations and good data privacy processes

What can you do ?

Know your data, know where it is and know what to do if there is a data breach.

How can you assure that your organisation is compliant with the new data protection regulations?

You can employ a Data Protection Officer (DPO) and for companies over 250 employees or companies that handle specific information, having a DPO is compulsory.


You and your employees can undertake a training program to further your understanding of what you, your organisation and your stakeholders should be doing to prepare to make sure you are compliant with the GDPR.

Seeking professional advice and using a structured training programme can give you total reassurance. You need to make sure you and the leadership understands the following:

  • The GDPR and who it will affect
  • Why the GDPR is important to you
  • Who is ‘responsible’ for complying to the new regulations and ensuring ongoing compliance
  • How long you can keep client information
  • If you have to review the new policy
  • If you need a Data Protection Officer
  • Why you need to record the data you are collecting including for what purpose they intend to use it
  • The recording processes of how you work with data and consideration that you have the right consent from each individual
  • Securing data, auditing data and privileged access to this data will also become mandatory
  • You will need to inform the relevant supervisory authority within 72 hours of your organisation becoming aware of a data breach
  • Discuss GDPR and IT, although data protection is a Business Issue, not an IT issue, IT plays an important part in the process.

Protecting your customer, client, beneficiaries or employee’s information is crucial to all organisations.

Here are some typical examples of how your staff could cause a data breach without realising:

  • Waste paper in the bin with personal details written on it
  • Stolen or lost mobile phones with customer or staff related information on
  • Stolen or lost laptop with customer or staff related information on
  • Documents left on show on desks
  • Stolen or lost USB sticks
  • Unlocked filing cabinets
  • Old data bases (Excel spreadsheets from tradeshows and so on)
  • Hard drives
  • Employees sharing customer data on their computers
  • Diaries thrown away once out of date
  • Bags or brief cases containing laptops or phones being lost or stolen
  • Phone numbers for cold calling
  • Directories
  • Unencrypted USB sticks, external hard drives or mobile devices
  • Cloud data stored in insecure applications or cloud services
  • Poor password control
  • Poor passwords
  • And this one may seem obvious, but we see this so often; usernames and passwords stuck on the front of the screen, in your diary, notebook or even stuck to your notice board in your office

Next time you are in an airport, in a café, on the train or in other public places – look out for some data breach hazards. Has someone left their laptop unattended, have they dropped a USB stick or left their mobile phone on the seat?

It is vital for me as a business owner to be completely up to date with all the GDPR developments. As experts in our industry, we are very aware, and have seen real life examples, of the catastrophic effect of a cyber crime or a data breach.

We can help you reduce the risk. Let me know if we can help, always happy to have a chat even just to advise.

Read more about the ICO and the GDPR  

The ICO, GDPR & Data Protection in Numbers

Share this story

Some interesting facts and statistics on the ICO for the last couple of years. Leading up to the GDPR implementation in the next few months time, the fines are going to increase and every business should be aware of whats upcoming.

The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

During 2016/2017 the ICO issued fines topping £3.5 million under the Data Protection Act and Privacy of Electronic Communication Regulations. (1)

The ICO dealt with a record 20,919 data-protection complaints and self-reported incidents across all sectors in that time span to 31st March, a rise of 14% on the previous 12 months. (2)

Data published by the ICO in May 2017 for 2016/17 revealed:

  • The ICO dealt with a record 20,919 data-protection complaints and self-reported incidents across all sectors in the year to 31st March, a rise of 14% on the previous 12 months
  • In 2016/17 the ICO was alerted to 2,565 breaches of data-protection law by the organisations involved, an increase of 31.5% on the year before
  • Of those breaches, 4% – approximately 103 cases – involved charities, making charities the sector with the joint fifth-highest proportion of self-reported incidents, alongside solicitors and policing
  • Charities were responsible for 4% of the self-reported data-protection incidents that were handled by the ICO in 2016/17
  • The health sector accounted for 41% of self-reported incidents, local government accounted for 11%, general business for 9% and education for 6%
  • The ICO finished dealing with 2,445 self-reported incidents in 2016/17 and handed out monetary penalties in 17% of cases
  • In 1,680 cases no action was required, in 638 cases the data controller was required to act and in 68 cases an improvement plan was agreed between the ICO and the data controller
  • In a statement, the ICO said it had become easier for organisations and the public to alert the regulator to concerns because of its new live chat services and online reporting tool for the public and new self-assessment tools for organisations

The ICO also published statistics about the number of issues it had dealt with in relation to marketing and nuisance calls across all sectors. It received 167,018 complaints about marketing that broke the Privacy and Electronic Communications Regulations 2003 and handed out a record 23 fines, totalling more than £1.92m, for what it called “a range of unlawful marketing activities”. (3)

Since January 2017 the ICO have kept us informed of the developments leading up to the new General Data Protection Regulation (GDPR) enforcement which is due on 25th May 2018.

Find out the full details on the ICO’s ‘What’s new?

ICO fee and registration changes for 2018

As the countdown continues to the implementation of the GDPR taking effect in May this year, the ICO are notifying businesses about the change in fees. Under the current Data Protection Act (DPA), organisations that process personal information are required to notify with the ICO as data controllers (unless an exemption applies). This involves explaining what personal data they collect and what they do with it. They are also required to pay a notification fee, based on their size, of either £35 or £500.

Find out more about the new ICO fee changes here.

Cyber Security & Data Protection

Share this story

If we were to ask you to define cyber security, what would you say? You understand the concept but need to know more?

The definition of Cyberspace is an electronic medium of digital networks used to store, modify and communicate information. Cyberspace influences and makes a big impact on our lives, our businesses and services. You would assume that your personal information in cyberspace would be secure and protected. We are all aware that isn’t the case in reality.

The UK government are making on-going transformations to protect UK citizens and businesses. They have a mission to protect people from threat actors that use data for inappropriate, malicious and illegal purposes.

Cyber Security plays a massive part in the private and public sector. From national security, the fight against terrorism, crime or industrial devastation for example. Cybercrime is an everyday occurrence. The risks of storing data in Cyberspace are huge but necessary and protective security measures should be taken.

Being Secure Online in Business

Security threats build and the government need to step up their game.  They are attacking the problem but is it enough? It’s not solely just up to the government to sort the problem. It is the responsibility of companies and us as a country.

Cyber Security is a topic that we should educate ourselves about. Who and what are we dealing with when it comes to cyber security and data protection?

  • The cyber space pirates – this includes hacktivists groups and terrorists. Their resources, accessibility and capabilities are huge. They have the ability to cause carnage on computer networks. Targeting the government, the military, businesses and individuals
  • Cyber space crime is an extension of normal crime. The difference is, the pirates don’t need to be in the location of the crime to do the deed. It’s a crime that can be free, cheap and on a massive catastrophic scale
  • The heartless pirates can use software (malware) to demolish cyber infrastructure. This could be as simple as taking a website offline or just damaging infrastructure. A process known as CAN (Computer Network Attack)

Businesses have a responsibility to their customers to keep their data safe, as well as to shareholders and investors to remain competitive in a global marketplace.

The new GDPR due to come into force in May 2018 will help tackle the data protection issues. **Insert a link to your GDPR articles. You could make reference to some key points. The government are trying to build a country where people know that there data is protected and they can move forward with confidence to use the internet.

How are the government going to deal with cyber security and data protection?

  • Attacking the problem and the source
  • Making businesses realise their responsibilities when it comes to data protection
  • The government will educate organisations so they know how to protect the data
  • A realisation that so far, the government’s effort to deal with the issue has been insufficient
  • Efficient cyber security risk management is vital
  • There needs to be compliance or there will be a fine!
  • There will be a regular review of the challenges
  • The government will get a better understanding of cybercrime and deliver programmes
  • They should be aware of the constant threat changes
  • Cyber insurance policies should be available to an organisation to cover them against a range of cyber risks

How to Prepare for the GDPR

Share this story

Your first priority for preparation in terms of GDPR should be to educate yourself and ensure others in your organisation who has responsibility for data. It doesn’t matter about the size or legal entity of a business – we must all follow the same rules when it comes to handling data.

Don’t hesitate, assess, take action now and be ready.

Here are 10 considerations to help you prepare for the GDPR:

The GDPR is a law about Data Protection, based on a set of common-sense principles:

  • A “right to be forgotten”: When an individual no longer wants her/his data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted. This is about protecting the privacy of individuals, not about erasing past events or restricting freedom of the press
  • Easier access to your data: Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way. A right to data portabilitywill make it easier for individuals to transmit personal data between service providers
  • The right to know when your data has been hacked: Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate to the data subject all high risk breaches as soon as possible so that users can take appropriate measures
  • Data protection by design and by default: ‘Data protection by design’ and ‘Data protection by default’ is now essential elements in EU data protection rules. Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm – for example on social networks or mobile apps
  • Stronger enforcement of the rules: Data protection authorities will be able to fine companies who do not comply with EU rules up to 4% of their global annual turnover or £17,000,000 – whichever is more

Understand the definition of ‘personal data’.

Personal Data means any information relating to an identified or identifiable natural person (a “data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. ~Article 4(1) of the EU GDPR 2016/679.

Read the New Data Protection Bill.

You can find the ‘The New Data Protection Bill: Our Planned Reforms’, on the government website. Insert the link that you already have, into the above title.

The New Data Protection Bill covers the following 4 topics:

  • The Digital Economy
  • Our Data Protection Reforms
  • Implementing the Reforms
  • Looking ahead

Seek legal advice if you are unsure.

This article offers insights and guidance about the GDPR. It is highly recommended that you seek your own legal advice in preparation for the big change.

If you have a Website

Data on a website can be anything from a simple enquiry form, an ecommerce/online sales website to online user accounts that have details saved. Make sure that your website is encrypted with an SSL certificate and that any data gathered is stored in a safe and secure environment once it reaches you.

Identify where your company is storing data, for example:

  • Your website
  • Telesales – do you store names and numbers for your agents to call?
  • Direct mail – do you have completed order forms stored away with contact details?
  • Customer service departments – calls taken from potential customers and those recorded details
  • Personal contact with people – the exchange of business cards from a tradeshow or exhibition

Prepare your staff and make them well aware of the changes that are coming. Make sure that they understand the principles of good data protection and that they don’t write down details of people on a piece of paper that could go astray, end up in the bin or taken home on computers or memory sticks where information could get stolen.

Evaluate your environment and how you document personal data – where did it come from, who have you shared it with? How will you audit the data? Review current policy notices and put a plan in place – procedures and timescales.

Be compliant, review your practices and make sure that, to the best of your ability, you look after the data as if it were your own. Make sure your organisation’s privacy policy of how you handle data is compliant with the new rules and is up to date.

Decide how you will be able to prove that your data is secured safely and how to seek consent moving forwards.

The General Data Protection Regulation will apply to all companies based in the EU and those with EU citizens as customers. It has an extraterritorial effect, so non-EU countries will also be affected. Even though the UK is planning to leave the EU, the UK will still need to comply with the GDPR.

Do you need to employ a Data Officer?

A data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. A DPO would be recommended for any organisation that processes or stores large amounts of personal data, whether for employees, individuals outside the organisation, or both. Seek advice as to whether your company should employ a DPO or make sure someone in the business has responsibility for Data Protection.

What have you done so far to prepare for the GDPR?

If you need help, support or just have a GDPR question you can call us 0203 319 3930 or drop me an email.

Last week….

GDPR and your Business

Next week…

Cyber security and data protection.

The GDPR and Your Business

Share this story

If you are a business that handles data, either as a processor or a controller, make sure you put the 25th May 2018 in your diary. Most businesses are.


A new data law coming, consider it to be the existing Data Protection Act… but on steroids. If you breach the new rules, or show that you haven’t got sufficient policies, procedures, training or protection in place, your business could be facing a significant fine.

Currently, the maximum fine the ICO (Information Commissioner’s Office) can issue is £0.5m. Larger fines of up to £17m (€20m) or 4% of global turnover will be allowed, enabling the ICO to respond in a proportionate manner to the most serious of data breaches.

What is the GDPR?

Just in case you weren’t aware, the EU General Data Protection Regulation (GDPR) is a new law about data protection. ‘information age’ revealed that 55% of small businesses are unfamiliar with the GDPR. If you have a business that handles data, take action now and be prepared.

The GDPR is a law about Data Protection, based on a set of common-sense principles:

  • The Right to be Informed
  • The Right of Access
  • The Right to Rectification and Right to Be Forgotten
  • The Right to Restrict processing
  • The Right to Object
  • The Right to Data Portability

We are doing it, you should be too.

Network & Security are registered with the ICO as a Data Processor for its clients. With out experience, Network & Security are ready to be compliant with upcoming changes in policy, procedures or any data protection regulations or laws. We understand the importance of these laws (and processes/procedures that come with it) and appreciate it’s not just how they affect the business but those that work within the company too.

Where can you find out more about the GDPR?

The UK government’s Department for Digital, Culture, Media & Sport has created a New Data Protection Bill: Our Planned Reforms.

In the Bill’s foreward, the RT Hon Matt Hancock MP, Minister of State for Digital explained the following:

  • A generation ago Parliament passed the Data Protection Act, since then, digital technology has transformed almost every aspect of people’s lives
  • It has brought huge advantages: social advantage, bringing the world closer together, and economic advantage, transforming our economy
  • For all its many benefits, there are also concerns. Parents worry that their children may be vulnerable online in ways they don’t understand
  • Customers worry what companies are doing with their data. Citizens worry that others might intrude on their privacy online
  • To protect people’s privacy, while allowing and encouraging the innovation that digital technology allows, they must balance freedom and responsibility online
  • The Data Protection Act has done that well, providing people with more control over how their personal information is used and limiting processing to the purpose for which it was collected, subject to various public interest exemptions
  • There are stronger protections in the UK than most, and the regulatory arrangements are often seen as the gold standard
  • While people should all be assured that data is well protected in the UK, change is needed. The technology, and society has changed
  • The Data Protection Bill, promised in the manifesto and announced in the Queen’s speech, will bring our data protection laws up to date
  • It will both support innovation by ensuring that scientists and businesses can continue to process data safely
  • It will ensure that people remain assured that their data is safe as they move into a future digital world based on a system with more accountability, but less bureaucracy
  • The Bill includes tougher rules on consent, rights to access, rights to move and rights to delete data
  • Enforcement will be enhanced, and the Information Commissioner given the right powers to ensure consumers are appropriately safeguarded
  • The Bill will also bring EU law into our domestic law. On 23 June 2016, the EU referendum took place and the people of the United Kingdom voted to leave the European Union
  • Until exit negotiations are concluded, the UK remains a full member of the European Union and all the rights and obligations of EU membership remain in force
  • During that period the government will continue to negotiate, implement and apply EU legislation. The outcome of these negotiations will determine what arrangements apply in relation to EU legislation in future once the UK has left the EU
  • Bringing EU law into our domestic law will ensure that the government help to prepare the UK for the future after they have left the EU
  • The EU General Data Protection Regulation (GDPR) and the Data Protection Law Enforcement Directive (DPLED) have been developed to allow people to be sure they are in control of their personal information while continuing to allow businesses to develop innovative digital services without the chilling effect of over-regulation
  • Implementation will be done in a way that as far as possible preserves the concepts of the Data Protection Act to ensure that the transition for all is as smooth as possible, while complying with the GDPR and DPLED in full
  • When it comes to law enforcement, the Bill will ensure that the data of victims, witnesses and suspects of crimes, are protected in the context of criminal investigations and law enforcement action
  • It will ensure that criminal justice agencies can continue to tackle crime and terrorism whilst protecting the data rights of those involved in criminal investigations or proceedings. Criminals and terrorists show no respect for international borders so the Bill will ensure that UK criminal justice agencies work effectively with counterparts in other countries
  • The Data Protection Bill will allow the UK to continue to set the gold standard on data protection. The UK already has the largest internet economy in the G20. This Bill will help maintain that position by giving consumers confidence that Britain’s data rules are fit for the digital age in which we live

The New Data Protection Bill: Our Planned Reforms covers the following 4 topics:

  1. The Digital Economy.
  2. Our Data Protection Reforms.
  3. Implementing the Reforms.
  4. Looking ahead.

Find out more about the New Data Protection Bill: Our Planned Reforms.

We will be returning to this topic next week – ‘How to prepare for the GDPR’.

Finish It! | ActionCOACH Events

Share this story

Great Opportunity to get information from a Serial Entrepreneur with a great track record and experience !


Send mixed messages: Mozilla wants you to try its encrypted file sharing

Share this story

Interesting new Send service being tested by Firefox.
Businesses we deal with dislike this type, due to the lack of auditability, of sending service, but the industry is screaming out for a standard file share/sending type of service.

There are vendors available, of course, but different businesses use different vendors – perhaps its time to look at TLS on email and increase the storage space the receiving capacity of email in general.

Twenty-five Percent of Emails Deemed Unsafe – Dark Reading

Share this story

A short video from Mimecast showing, from their recent Security report, that they deem around 25% of emails to be unsafe. Not surprising, and I would have put this figure, personally, a lot higher than this, considering that, by a fair percentage, a popular attack vector for users is through email.

Even with education, anyone can make an error by clicking on a malicious link or file in an email.

Do you use a cloud filtering service ? There are clear benefits of doing so, even more so if your email is housed internal to your business.

“Petya” Ransomware Goes Global

Share this story

“Petya” Ransomware goes Global

There is a new strain of Ransomware from its original called Petya. Some sites out there are calling it completely new, NotPetya, and others see it is a variant and calling it PetWrap.

Whatever the case, the advice is always the same, look at how this is reportedly spreading, and put measures in place to mitigate as much as you possibly can.

According to many reports, the Ukraine has been badly hit, and it has been seen in several high profile UK business organisations.

Its also been confirmed that this Ransomware uses the Eternal Blue exploit, which was originally thought to have been developed by the US NSA as a digital weapon, and then subsequently leaked online by the hacker group known as Shadow Brokers.

Businesses who have not put measures in place such as disabling the SMB version 1 protocol (deprecated) or implemented the MS17-010 Microsoft Patch should do so now or as soon as possible. We believe this wont be the last exploit of this nature, and although simple measures such as black-holing the domain name used for the original Wannacry outbreak, and blocking known C&C servers, wont be effective and you could be fighting a reactive battle.

Businesses need to be robust in their security measures, have a solid response plan and be reactive as they can be to these modern threats otherwise these strains will continue to develop and proliferate. Don’t delay security patching.

What can you do ? Read the full article below – or contact us today.

Confirmed: Intel patches remote execution hole that’s been hidden in its…

Share this story

Intel have confirmed that a patch will be released that will fix a remote code execution vulnerability (discovered in March 2017) which has been in its processors since 2009. This vulnerability allows hackers exploiting the flaw to silently snoop on a vulnerable machine’s users, make changes to files and read them, install rootkits and other malware, and so on. This is possible across the network, or with local access. #ITSecurity

MilkyDoor Infests 200 Android Apps

Share this story

About 200 unique Android apps have been embedded with the MilkyDoor backdoor, which is built to attack an enterprise’s internal networks, private servers, and ultimately, corporate assets and data. #ITSecurity

Interpol Spots Thousands of C&C Servers Across Asean

Share this story

Officers found 8800 C&C servers across eight countries, responsible for financial malware, ransomware, Distributed Denial of Service (DDoS) attacks and spam. #ITSecurity #Ransomware


Share this story

Ransomware cybercriminals took in about $1 billion last year, based on money coming into Ransomware-related Bitcoin wallets. #Ransomware…

Share this story

The Top 5 Resources to Protect your Business Against the threat of Ransomware in 2017 #ITSecurity #Ransomware

The phishing craze that’s blindsiding users – Health Security Solutions

Share this story

Phishing for Homographs – fraudsters using Cyrillic characters to direct you to a site that doesn’t redirect – users beware. #ITSecurity – If you get an email from someone you don’t know, not expecting, or you are suspicious – simple answer is to type the URL in, don’t click !

Webroot antivirus mistakenly flags Windows as malware

Share this story

Rough day for users running Windows and trying to use Facebook if you use Webroot…. #ITSecurity

The Human Factor: Technology Changes Faster Than Humans

Share this story

Although we all realise it, how technology is advancing more than human nature, its an interesting article on how human nature is responsible for around 95% of Security Incidents #ITSecurity

SMSVova Spyware Hiding in ‘System Update’ App Ejected From Google Play…

Share this story

SMSVova hides inside a bogus app called System Update and is sent commands by attackers via inbound SMS messages to carry out functions such as setting and changing passwords for the spyware and retrieving location data. #ITSecurity

Three apologises after network problems – BBC News

Share this story

Although its a network issue and users have been told to ignore SMS messages from unknown senders – is this to do with the recent data breach they suffered ? #ITSecurity

How Marketers Can Help Protect Their Firms From a Cybersecurity Attack

Share this story

How Marketers Can Help Protect Their Firms From a Cybersecurity Attack #ITSecurity

Commodity Ransomware Is Here

Share this story

With “Philadelphia,” a slick ransomware-as-a-service interface that enables almost anyone to launch a sophisticated ransomware campaign, suddenly, deploying ransomware is easy as ordering a pizza. The criminal developers behind Philadelphia even had the heart to offer a “mercy” feature should a victim plead for access to ransomed family photos of lost family and friends.
Welcome to the new world of commodity malware! #beRansomaware #ITSecurity

7 dangerous subject lines to watch for and ways to avoid email scams

Share this story

A large proportion of attacks by hackers are email borne. Users should be educated to, as much as they can do, determine if the email is legitimate. Ask simple questions, am I expecting it, is it asking me to open a link or download something. If in doubt – contact your #ITSecurity department.

Malvertising on iOS pushes eyebrow-raising VPN app – Malwarebytes Labs

Share this story

There is a preconceived idea that malvertising mostly affects the Windows platform. This is a short article that shows an emerging scareware campaign that runs on Apple iOS which pushes a VPN APP. #ITSecurity

7 Ways Hackers Target Your Employees

Share this story

This is a great article detailing a number of different ways that hackers target your employees. Realistically its on all levels and there is no bar for an attacker #ITSecurity

Latest phishing tactics: infected PDFs, bogus friend requests, fake HR…

Share this story

There’s good and bad news on the phishing front #ITSecurity

The 6 Riskiest Social Media Habits to Avoid at Work

Share this story

Social media is a popular gateway for hackers to access corporate networks, and employee behavior is driving the trend.

GDPR consent guidance

Share this story

The Information Commissioners Office is looking for active feedback on its draft guidance for GPDR Information Commissioner’s Office (ICO) #GPDR

TeamViewer stopped working? Let me guess, your ISP is TalkTalk…

Share this story

Just in case you were wondering why #Teamviewer is no longer working.

Virus Bulletin :: Why the SHA-1 collision means you should stop using…

Share this story

Interesting read #ITSecurity

Preinstalled Malware Targeting Mobile Users | Check Point Blog

Share this story

Top 5 Free Intrusion Detection Tools for Enterprise Network

Share this story

Resetting Local Account Passwords

Share this story

A simple Powershell script to assist in resetting local Computer account passwords remotely. #ITSecurity

February 2017: The Month in Ransomware

Share this story

A look at Feb 2017 and the Ransomware effect #ITSecurity #beRansomAware

1.37bn records from somewhere to leak on Monday

Share this story

Get ready to change your password soon ! #ITSecurity #DataBreach

Got an OpenBSD Web server? Better patch it

Share this story

OpenBSD and two of its SSL libraries need patches against a pair of denial-of-service bugs that can crash Web-facing servers.

David Beckham calls in police over hacked emails

Share this story

Beckileaks……. #ITSecurity #beRansomaware

Trump’s cybersecurity strategy kinda makes sense, so why delay?

Share this story

Worrying and puzzling, indeed. But here’s what’s got computer security experts scratching their heads: why did Donald postpone signing a new cybersecurity executive order. #ITSecurity

Share this story

Top resources in the fight against Ransomware

Share this story

Want to know the best practices to secure your business against Ransomware ? #Ransomware #ITSecurity

Share this story

Want to make sure your Business is Prepared against the Ransomware threat in 2017 ? Download our Free Top 5 Guide for areas you should be reviewing. #ITSecurity #Ransomware

2017, Year of the Business Ransomware ?

Share this story

A few thoughts and musings on my thoughts on the direction of Ransomware in 2017, based on what I have read, learnt, tested etc etc.

  1. Ransomware will continue to evolve over 2017, but its reported that it will plateau. The threats are growing more complex in nature, but the delivery methods still remain, in the main, over email and web activity by the business users.
  2. The primary source of infection, at the moment, is through your users through Web and Email. Its important to continually educate users on safe browsing and, where appropriate, implement controls to mitigate attack vectors such as email delivery. Listen out for red flags from users, complaining that their systems are running slow etc.
  3. Its expected that Ransomware will make a shift towards the mobile platform in 2017. The mobile estate is huge, billions of devices, giving the Threat Actors a large base to attack and hold to ransom. This can particularly affect Businesses with poor or no BYOD or MDM platforms for management and control. Businesses that have a large reliance on their mobile estate, Ransomware could prove a significant risk for the Business.
  4. With the advent of GPDR, there could be a rise in naming and shaming of organisations that have been compromised by Malware or Ransomware. As an example the compromise on the San Francisco Public Transportation system. Although MUNI didn’t pay the ransom, everyone knew about it.
  5. More Businesses will be targeted in the coming year. Hackers will switch tactics and focus efforts on businesses. Once inside a Business, Ransomware can seek out larger value targets such as file stores, databases and eventually Sharepoint.
  6. Ransomware will be increasingly harder to detect. Its already designed to be silent, run as a background task and generally start and work under the radar.
  7. We have been reading reports of a shift in design of Ransomware, so that it can effectively operate offline, standalone. This has benefits for the criminals in that it does not require a command and control connection and can infect standalone machines not connected to the Internet.

According to a recent survey reported by Tripwire, only 34 percent of IT professionals claim that they are “confident” that their companies could recover from a ransomware attack. This is concerning for a number of reasons: chief among which are the facts that ransomware is an increasingly common form of theft, and ransomware is increasingly being used to target organisations rather than individuals.

Why have cyber criminals begun to target organisations in their ransomware attacks? This trend is really the result of a risk vs. benefit analysis: organisations are often willing and able to make much larger ransom payments, and they are often only slightly more prepared to defend against an attack than individual users.

According to estimates, as few as 3% of organisations actually end up paying ransomware fees when they are attacked. However, virtually are organisations suffer in some way or another when they are faced with a ransomware infections: this could mean paying an IT expert to disarm the attack, permanently losing valuable data, or, of course, paying the ransom.

Despite its recent rise to prominence, surveys also show that ransomware is not the number one cyber security concern for most businesses: that title belongs to phishing attacks. As has been pointed out by a number of experts, phishing attacks are, in many (but not all) cases, the weakness that is subsequently exploited in order to initiate a ransomware attack. However, malicious adware and compromised websites are other common ports of entry for ransomware software.

In order to protect your organisation from the potential threat of ransomware, a multifaceted security approach that encompasses both prevention and response is a necessity.

Is your organisation prepared for a ransomware attack? Do you have measures in place to minimise the threat? Do you know how you would respond if you were attacked? If you answered no to any of these questions, visit Network & Security online today to learn more about what you can do to stay safe.


The 5 Best Practices to Protect Your Business from the Ransomware…

Share this story

Ransomware will impact your Business – ensure you are protected.

Is antivirus getting worse?

Share this story

I think its well known that AV programs are generally worsening in their ability to detect known and new threats. #ITSecurity


Share this story

Be prepared for Ransomware – download your Free Guide today.