Tuesday, 5 July 2016

GDPR and the New World Order

 GDPR and the New World Order



The GDPR (General Data Protection Regulations) is a new standard for data protection throughout the EU. It is designed to have a set standard. So countries can have assurance that the personal data will be managed in the same way no matter what country you’re in the EU.
With the UK going off on it merry way and currently using the Data Protection act, which was based on the original EU standard data protection regulations.
So this far No Change is needed until 2018 or the completion of Brexit.

The New World Order(The First Order)
                           
As the rest of the EU goes it own way. it
will be introducing the GDPR in May 2018
So, for the uk and the rest of the world in order to trade in services with the EU
It will become necessary to apply the GDPR or Have some form of
matching policies and regulations to be compliant with
the EU.
What does it mean to your business

Your business will continue as usual but to be competitive we will be necessary to adopt the GDPR as it will give your business a chance to be compliant with the new EU regulations even though we are out of the EU but need to continue to trade with it. There   may be changes you need to introduce to meet the regulations but if your using the Current DPA legislation it will be a few changes and take staff to be updated with the new rules.For other countries who wish to trade they will also need to have a reciprocal set of rules that match the GDPR. This will mean things like client information will need to be stored in a certain manor and the processing of the information will need to match too.         

Monday, 30 June 2014

Cyber Essentials scheme

AS of the 5th June 2014, HM Government have launched the Cyber Essentials Scheme. The Cyber Essentials is a new Government-backed and Industry supported scheme to guide organisations from the small SME to the Enterprise level company.

Cyber Essentials is designed to help businesses protect themselves by introducing controls to reduce the risk and protect from the most common Cyber Threats.
It focuses on basic Cyber hygiene and clarifies good practices that will help reduce the risk of contamination or being hacked.

 The Scheme offers Badges for certification Cyber Essentials and Cyber Essentials plus.

The Cyber Essentials requires companies to carry out a self assessment   

The Cyber Essentials Plus undergo Independent test to their systems carried out by certified bodies.

Both awards are intended to show businesses whatever size have reached a certain level of Cyber security which can give other Companies and Stakeholders, also Investors reassurance they take the Cyber Threat seriously.

At Northwest Cybersecurity we can assist and help your business through the process and get your business ready to go for certification. We will explain the information in the self assessment process for the non-techies and business without any tech support. 

Any questions contact Iain at Northwest Cybersecurity on Tel 07845164174or Info@northwestcybersecurity.co.uk

Thursday, 3 April 2014

Public Wi-Fi and Your Business

Public WI-FI and your Business.

Are you meeting your obligations about the WIFI you’re providing to your
customers?
With the demanding for wifi on the move there are requirements you
should be aware of to keep your business from being sued or you as a business
owner being arrest for breaking the law.
Depending on your setup for how you provide Free WI-FI to you customers will help prevent such issues. Free WI-FI is not just opening up your router to have no security settings on it and let anyone use it; this can lead to problems both for you and your customer.

To help minimize legal issues you should be aware of:   

A) DATA RETENTIONS (EC Directive) Regulations 2009.

These Regulations were enacted to implement an EU Directive into UK law, to assist with the prevention and detection of organised crime and terrorism by compelling communication service providers to retain certain communications information, including Internet USER Data.
The Regulation place an obligation on “public communications providers” to retain certain user data generated or process in the UK for 12 months from the data of the communication in question.  The definition of a”public communication provider” includes Public WIFI providers, however the Regulation only apply if they have been served a notice by the Secretary of State.
Note that the Secretary of State must serve the notice to all providers unless the data in question is already retained by another provider in the UK under these regulations.

B) Data Protection Obligation.

As with the Data Retention Regulations, Public WI-FI providers need to be aware of the Obligations under the Data Protections Act 1998 (DPA 1998). Because of user registration you will come under the DPA 1998, so storage and handling of this information much be secure and handled with care.
The DPA 1998 governs all use of personal data, including its storage and transmissions also you are required to register with the Information Commission.  If you fail to comply with the Data protection Act you can be liable to a fine up to £500,000.  

C) Digital Economy Act 2010 (DEA2010) Online copyright infringement.

This is designed to combat online copyright infringement as part of the Communication Act 2003 which makes “Internet Service Provider” (ISP’s) have the obligation to notify user of any infringement of copyright. Also ISP’s will apply other restrictions including reduction of speeds.
In 2012, OfCom revised the DEA 2012 which made WI-FI provider sit outside this due the cost to the provider as they would have less than 400,000 subscribers, so this would be one thing to look out for.

In conclusion it would be necessary for you as a business providing Free Public WI-FI to publish a Policy and Terms & Conditions for the end user to sign up to which will help minimize your liability and make the end user aware of their responsibilities when using Public WI-FI.
And another thing is consider using a WI-FI provider other than just opening up your wireless network to you customers. WI-FI hotspot finders can be found on Mobile Phone company sites and through Searches on the internet.


If you’re not sure about using public WI-FI why not switch it off on your mobile and just use your Data minutes, this is more secure and you will be avoid WI-FI tracking software also consider switch off your GPS to hide your location when posting to social media websites.

Monday, 7 October 2013

GOOGBYE WINDOWS XP

Goodbye to XP

With the end of Microsoft support for Windows XP, it is the time to move. There are lots of reasons to Upgrade and it would be best to move to windows 7 or 8, hardware permitting.

Here are just 3 reasons 

Pt. 1 Security.

With all the patches over the 12 years of windows Xp, Windows 7 /8 have those all in place now and also enhanced the security of its Operating systems. The threats today are very different to what Windows Xp had to contend with, and the present threats are very complex and the people are now very different (hackers/thieves/companies/governments) are more developed and well equipped to exploit WinXP.

Pt. 2. Hardware.

The time has passed and 12 years on the technology like Wi-Fi and Bluetooth, WI Max, mobile broadband. USB 2.0 and 3.0. Windows Xp does not have the features people today expect and used today. The user experience is important and windows 7 and 8 have help to improve it for the users including touch screen and faster processors and that is for laptops to servers.

Pt. 3. People and Places.

In the years since the introduction of windows XP people and places have progressed to using windows 7 or 8 as the main OS for the personal computers. So when going to work and finding their company Operating System is 12 yr. old and in some cases older than their kids and grandkids the morale of a work force is bound to be affected and reduce productivity and compatibility with more recent software issues.  Also the windows Xp will not have the same features to be able to work with more recent browsers like Internet Explorer 10 or Google chrome which are designed to help enhance the user experience.

Desktop


So long and thanks for the experience.
Windows Xp was in its time a very good and stable operating system, but like all of us we age and the experience and knowledge we pass down to our kids to in some places kids have never used Windows Xp so did not have the privilege and pleasure, including the odd nightmare of using windows Xp.


So let us say a fond farewell to an old friend. 

Goodbye Windows Xp


Saturday, 6 April 2013

Telephone Scams


Would you be will to let anyone nosey around your computer and see all your files and change setting to your systems.

it is a common scam where you receive a call from someone claiming to be from Microsoft or a technical  support company. They say they have been notified by your Internet Service Provider stating you have a number of viruses or problems with you system, they ask you to log onto a page so you can let them take control of your PC or server. At this point you now have given over access to them to do what they want to your computer or network.
The main operating system they deal with is Microsoft windows and they are not too up to date as to start with Linux or Mac OS.

Once they have control they have you caught if u should it down your PC or network can be locked out to you or they can install a ransom ware program that will require you to make a payment  to release your PC.

Here are a few things to help you.

1.       Microsoft or Internet Service Provider will not call you with a problem to your PC. As they do not monitor PCs or networks. The only thing is they monitor your download limit if you have one.

2.       Ask who is you broadband supplier as it is not usual for broadband providers to call   about problems with PCs.
It will be OK to call your broadband provider about any calls you had received from them.

3.       DO NOT follow their instructions or let them access your systems.

4.       Always ask questions about what information they have on you.

5.       IF YOU CAN GET THEIR NUMBER AND ANY OTHER DETAILS.  PLEASE
       PASS IT TO THE POLICE FOR THEM TO FOLLOW UP.


They use remote access software, which a lot of legitimate technical support companies 
use everyday to repair and update networks and PCs.
  
This telephone scam is usually from the criminal scammer looking to extort money or information from the victim.

What I did to the scammers is to pretend to be so stupid and play along with them and as I progress through I ask more stupid questions and eventually have them so mad they normally hang up. 

Here is a clip which i found on the Youtube site of a savvy user messing with the scammers.     


This clips is courtesy of YouTube and thanks the Creator of the video. there are many more on the site.

So my final thoughts are if you receive a call claiming to be technical support from a computer company that you have not contacted it is probably a scammer call. so just HANG UP on them.





Thursday, 3 January 2013


Threats for 2013
City of culture
With the year of 2013 being an important year to  this Legenderry city, it will be a year for businesses to be vigilant in their IT security and awareness of scammers and malicious attacks on companies IT systems and websites either to make money from scams and threats to companies.
Don’t let me scare you but it is like flying a fly to the world, that Legenderry is open to attacks from scammers and other forms of attacks, but if you are not prepared to be security aware you are FARE GAME to attack.

Targets
You and me and small businesses to multinationals, government departments and various organisations could be the targets for any Malware or other forms of attack on websites or systems. The criminal scammers will mainly target small and medium businesses due to being unaware of threats and have little education in information security and also naivety in anti virus will make it easier for them. 

Threats
Social engineering
Social engineering explained by Sophos 

Usually an email with link and attachment that could lure you into clicking on it and then the virus will be downloaded.


Malware which is software designed to corrupt or open systems to further attacked including stealing of data and vital information can be delivered by email and unwittingly staff could open them and release the malware on to company systems.

Dedicated Denial of Services

These are attacks on websites for large amounts of request for information ie, web page requests for millions of bot nets which overload the web page and causes it to crash. Possible target's could be Derry City Council site and the city of culture site and various others that could highlight the city.  

This type of attack is usually because of an issue with the company or government and carried out by crusaders hackers or military hackers.

Scams including Ransom ware

This can vary from fake sites looking to gather information for unethical mailing or business offer none existent services, or ransom ware is software downloaded to lock your device until you make a payment.   

Telephone Scammer
Contacting potential victims with a story about issues with their PC and getting them to log on and going to a site so that the scammer can access the victims PC to possibly getting their banking information.           



Keep up with the threats

Anti-virus is not the be all and end all of data security. 
The concept of Defence in Depth is securing your systems from the inside outwards to firewalls on the network and Internet facing end of you systems, also securing your desktops and Hard drives.

Updates of security software and other applications also patches for Operating Systems but if not required don’t up date.

Making the staff and management aware of threats and training in security awareness and policies is also an important factor too.
 
  
Once again I do hope all businesses in this Legenderry city prosper in the year of culture.

Monday, 26 November 2012

Email Security Your Business!


Email Security Your Business!


There various threats your business and one threat is to your emails, this doesn’t matter what ever system or device you are using at the time to check emails.
The threats are phishing , spam , email borne malware, discovery demand , acceptable use violations.

Phishing – emails sent to try and get you to give out your personal information like banking details    and password,  (Spear Phishing) emails personally directed to user and these may get through you filter and have a link to a bogus site.

Spam – clicking on spam can be costly as to links can be bogus and also cost you staff time in deleting spam mail all these can reduce productivity .
so as one says time is money .

Email Borne Malware – Emails attachment and links can be bearers of viruses and malware that can corrupt you operating system or network , this will need the user to become award of not clicking unsolicited email links.

Discovery Demand - Legislation request email a good example would be the emails of the Sun and news of the world group during the inquiry. This includes text messages too.
Civil and criminal investigations can bring penalties if u have not archived the email and data too.

Acceptable usage violations – staff using company emails for personal use and also using personal device to send company information, the latest example is the scandal within the CIA and the US Army Generals and mistresses love affairs. 

Gen Petraeus and Gen Allen both served in Tampa, Florida, home to US Central Command

Once you are aware of the threats you need to assess them to understand the risk the pose to the company.

How often have you stored your password for your office network  on your mobile and not used the mobile security to secure the phone also have u sent an email from your business account to with personal info in it, this will be archived by the company and may be used against you in disciplinary hearing .

BYOD is bring your own desktop/device, many people today are using their own devices to work on and these may not be up the security standard required by the company, causing a noncompliance issue.


Archiving – with selected software archiving can be done, and the storage of relevant emails can be important if any legal issues arise. Archive storage can be on-site or in the cloud for easy recovery, for disclosure if required.

Education
Staff and management must be aware of company policies and the law when using various devices within the company. Regular training and updates to staff will also aide compliance for certain legislation include DPA.

  
Social Media
The use of various social media sites to communicate with clients and piers should not be encouraged. It is best used for marketing and following trends, sending business messages to and from clients can end up in the public domain.
This can lead to loss of confidence in your ability to manage communication and understand privacy for clients.


Policies
Good questions to ask are.
Does the company have an email policy
Are staff aware of the acceptable use policy.
Do these policies cover staff and  BYOD devices ,Business Continuity plan.