GDPR

Keeping your business fully compliant and secure during the delay phase

The UK is in the delay phase of the pandemic, with schools closed and employees asked to work from home where possible. So, how do businesses remain data compliant and cyber secure with staff working remotely, some for the first time?Firstly, rate the risks that remote working poses through a quick risk and security audit,…

The UK is in the delay phase of the pandemic, with schools closed and employees asked to work from home where possible. So, how do businesses remain data compliant and cyber secure with staff working remotely, some for the first time?

Firstly, rate the risks that remote working poses through a quick risk and security audit, which can be done whether employees are already working from home or not.

email as their main source of communications leaves them more vulnerable to phishing and social engineering attacks.

Identify and rate these risks on your most important assets and agree the best approach to deal with them. Getting key stakeholders from all areas of the business involved in these conversations is key as different areas of the business will have unique perspectives, based on their data, systems and way of working. Then, start implementing effective security measures starting with data protection.

  • Here’s our list of the best antivirus services on the market
  • Working from home: the mouse, monitor, keyboard and router you need
  • Here’s our choice of the best VPN services of 2020

Preventing a data leak

Legal and regulatory data protection and compliance worldwide is more stringent than ever, and the mishandling of i

Read More

Be the first to write a comment.

Leave a Reply

GDPR

This ransomware steals your data and threatens to report you for a GDPR violation

Cybercriminals are once again targeting unsecured MongoDB databases but this time they are threatening to report the owners of those database for GDPR violations if their ransom demands are not met.As reported by ZDNet, the hacker behind this new campaign has uploaded ransom notes on 22,900 MongoDB databases that were left exposed online without a…

Cybercriminals are once again targeting unsecured MongoDB databases but this time they are threatening to report the owners of those database for GDPR violations if their ransom demands are not met.

As reported by ZDNet, the hacker behind this new campaign has uploaded ransom notes on 22,900 MongoDB databases that were left exposed online without a password. They are using an automated script to scan for misconfigured MongoDB databases, wiping them and then demanding that a ransom of 0.015 bitcoin or around $140 be paid.

Victor Gevers at the Dutch Institute for Vulnerability Disclosure back in April.

  • EU report says GDPR still isn’t really working fully
  • Major data breach exposes database of 200 million users
  • MongoDB Cloud b

Read More

Continue Reading
GDPR

Sync.com review

Sync.com has been providing cloud storage services for a number of years now, and it’s going to appeal if you’re looking for something that’s simple, speedy and secure. As the name suggests, it syncs a single folder of data between your computers and the cloud.In a lot of respects, Sync.com is similar to Dropbox, though…

Sync.com has been providing cloud storage services for a number of years now, and it’s going to appeal if you’re looking for something that’s simple, speedy and secure. As the name suggests, it syncs a single folder of data between your computers and the cloud.

In a lot of respects, Sync.com is similar to Dropbox, though it doesn’t have quite as many features (such as the ability to sync files outside the main folder). What it does offer that Dropbox doesn’t have, however, is end-to-end encryption for maximum file security.

  • You can sign up for Sync.com here

Sync.com features

The core functionality of Sync.com is to keep a folder on your system in sync with the cloud and any other computers where you’ve got the client software installed. It’s all very simple to set up and use, though you could reasonably point out that Sync.com isn’t really offering anything you can’t get elsewhere from better-known services – ones that come with office apps, better mobile integration, and so on.

The platform supports versioning, so you can go back to older versions of files if you need to – and in a generous move from Sync.com, these older versions don’t count against your storage quota. Once you’re a paying customer, these older versions can be kept indefinitely, otherwise they’ll automatically be wiped after 30 days.

Basic file and folder sharing is supported on the Sync.com platform too, and there’s also support for advanced sharing controls with password protection and expiry dates on links. Mobile apps are available – with automatic photo and video uploading, should you need it – and if you sign up for a team account then you get provision for keeping your data compliant with standards like HIPAA, GDPR and PIPEDA.

Actually, one of Sync.com’s features is its lack of features: a focus on the core functionality that matters, keeping your data secure, private and well-managed between multiple computers (and multiple users, if needed). If that appeals, and you want several terabytes of space for not much money per month, it’s worth checking out.

Sync.com

(Image credit: Future)

Sync.com interface

Installing Sync.com on Windows or macOS is a relatively painless exercise, and the application places a folder on your hard drive – anything dropped in here then syncs to the cloud and to any other computers where you’ve got the software installed. Network drives and external drives can’t be included, nor can files and folders outside of your main Sync.com folder, so the software is a little bit limited in that way.

The web interface is slick and easy to use, and offers another way of getting your files up to the cloud. If you prefer, you

Read More

Continue Reading
GDPR

New DIFC Law expected to bring enhanced governance and transparency obligations

The new Dubai International Financial Centre (DIFC) Data Protection Law (DPL) 2020 law, coming into effect from July 1, is expected to bring enhanced governance and transparency obligations.Even though the law comes into force from July, businesses to which the law applies will have a grace period of three months, until October 1, 2020, giving…

The new Dubai International Financial Centre (DIFC) Data Protection Law (DPL) 2020 law, coming into effect from July 1, is expected to bring enhanced governance and transparency obligations.

Even though the law comes into force from July, businesses to which the law applies will have a grace period of three months, until October 1, 2020, giving organisations just a few months to make necessary changes required to bring compliance frameworks into line with the new law.

The new Data Protection Law replaces Data Protection Law DIFC Law No 1 of 2007, which was already one of the most advanced in the region, places Dubai and DIFC at the forefront of data protection in the region and enabling the financial hub to enhance the Centre’s data protection practices related to global data, security and privacy best practice.

It is now more important than ever for companies to have a data management strategy to ensure data compliance is taking place within an organisation – both from an operational and cultural perspective.

By encouraging data responsibility and implementing the latest data management tools, businesses can do their bit in preparing themselves for DPL 2020.

The new DPL 2020 law will actively benefit companies in a range of ways. Not only will it manage data effectively and ensure data compliance, but it will also increase companywide efficiency; provide a competitive advantage and protection against malware attacks.

The new DIFC Law reflects many of the requirements of the EU’s General Data Protection Regulation (GDPR) seen by many as the ‘gold standard’ for data protection compliance.

“From our previous experience in preparing for the GDPR coming into force, we recommend that organisations should start planning now. In particular, organisations should prioritise fact gathering and other time-intensive tasks such as contract remediation,” Kellie Blyth, head of Data and Technology at Baker McKenzie, said.

However, she said that there are some key differences between the GDPR and new DIFC Law, which organisations should be aware of.

“The new DIFC Law requires Controllers and Processors to appoint a DPO [data protection officer] if they carry out high-risk processing activities on a systematic or regular basis or if required to do so by the Commissioner.

“If a Controller or Processor is not required to appoint a DPO, the organisation must allocate responsibility within its organisation for oversight and compliance with its data protection obligations under the new DIFC Law (or any other applicable data protection law),” she said.

Time to act

The DPO must reside in the UAE, Blyth said unless the DPO is employed within the organisation’s group and performs a similar function for the group on an international basis.

Blyth urged organisations in the DIFC to move swiftly to review their current data processing practices and to identify where their existing data protection policies and procedures will need to be updated to reflect the requirements of the new law.

 “An important difference between the new DIFC Law and the GDPR is that DPOs are required to conduct an annual assessme

Read More

Continue Reading
GDPR

Parrot slams DJI drone data security during Anafi USA launch

Parrot has used the launch of its new Anafi USA commercial drone to criticize the data security practices of its main rival DJI, which makes popular drones like the DJI Mavic Air 2.The French drone maker has worked with the US Army to develop the Parrot Anafi USA, which is an expensive commercial drone designed…

Parrot has used the launch of its new Anafi USA commercial drone to criticize the data security practices of its main rival DJI, which makes popular drones like the DJI Mavic Air 2.

The French drone maker has worked with the US Army to develop the Parrot Anafi USA, which is an expensive commercial drone designed mainly for first responders, firefighters, search-and-rescue teams and security agencies.

And while the Anafi USA is interesting technologically – the rugged drone features 32x optical zoom and a FLIR thermal camera – it wasn’t the main headline from a launch that gave equal emphasis to criticizing its main rival, the Chinese drone maker DJI.

Talking about Parrot drones in general, Henri Seydoux (CEO of Parrot Drones), emphasized that its products are all GDPR compliant, which means that “no data without the user consent is sent to any place, to any server anywhere”. He added: “The data is yours. And we follow completely the rules. Even more important, Parrot is the technology company who writes the drone software.”

This is where the launch became really interesting, as Henri Seydoux went from cloaked digs at its rival to calling out DJI specifically for not only lacking equivalent data security, but suppressing data leaks and even changing data leak methods once they’ve been detected. 

“Our software is available to any questions, to any customer that asks us questions about the functionalities of the software. All the functionalities of the software are described and documented and can be shown to the user,’ he said. “And I don’t believe it’s the case for DJI drones. It’s very questionable how much or what exactly does the software from DJI drones.” This

Read More

Continue Reading