GDPR

This privacy-friendly employee monitoring software has your employees buy in to data protection

Data breaches, both internal and external, are on the rise, with no sign of stopping. Of thousands of companies surveyed, half have experienced breaches, mostly over the last three years, and nine of ten breaches occur not due to internal malfeasance or breaches to data protection companies, but rather due to employee errors giving bad…


Data breaches, both internal and external,are on the rise, with no sign of stopping. Of thousands of companies surveyed,half have experienced breaches, mostly over the last three years, and nine of ten breaches occur not due to internal malfeasance or breaches to data protection companies, but rather due toemployee errorsgiving bad actors inside access.

So rather than focus efforts on securing your network from external assaults, companies need to protect themselves from their own inattentive employees. While educating and training employees about potential threats is a good first step, it can only go so far. You need a more comprehensive solution. Unfortunately, the most effective solutions such as employee monitoring software might be seen by employees as breaching their privacy rights. These software track employees’ potentially suspicious or misguided activity; notify security teams instantly if a suspected breach has occurred; and give those teams the ability to instantly take over any workstation and cut off any potential data loss. Plus, the best software solutions analyze user behavior and predict insider threats. The software can even automatically act to block any dangerous activity that might lead to a data breach. In most cases you can step in and de-escalate problems before they become an actual security threat.

For most employee monitoring software companies, this is a blanket solution, with every employee treated as an equally potential threat and little regard is given to preserving privacy. But the industry-leading security service Teramind encourages its customers to eschew this us-versus-them mentality and transparently protect your employees from their worst impulses while also protecting their privacy from their own mistakes.

The Teramind dashboard: customers can create their own dashboard from a selection of dozens of widgets, based on their priorities or areas of particular concern.

The Teramind dashboard: customers can create their own dashboard from a selection of dozens of widgets, based on their priorities or areas of particular concern.(Image credit: Teramind)

Teramindis anISO2001:2013-certifiedcompany that aims to align its products with regulatory standards like CCPA,GDPRandHIPAA. And it has received acclaim from several tech sites for the effectiveness of its services, includingTechRadar.

interactive simulator, or sign up for afree trial.

A personalized protection plan

A sample list of behavioral policies and rules that can be created on Teramind. The solution comes with hundreds of pre-built rules to prevent common insider threats and data breaches. 

A sample list of behavioral policies and rules that can be created on Teramind. The solution comes with hundreds of pre-built rules to prevent common insider threats and data breaches. (Image credit: Teramind)

The solution comes with three pricing tiers and available as Cloud, On-Premise or Private Cloud deployment (such as AWS, Azure) making it suitable for SMEs to large enterprise customers.

Each of the three pricing levels o

Read More

Be the first to write a comment.

Leave a Reply

GDPR

This ransomware steals your data and threatens to report you for a GDPR violation

Cybercriminals are once again targeting unsecured MongoDB databases but this time they are threatening to report the owners of those database for GDPR violations if their ransom demands are not met.As reported by ZDNet, the hacker behind this new campaign has uploaded ransom notes on 22,900 MongoDB databases that were left exposed online without a…

Cybercriminals are once again targeting unsecured MongoDB databases but this time they are threatening to report the owners of those database for GDPR violations if their ransom demands are not met.

As reported by ZDNet, the hacker behind this new campaign has uploaded ransom notes on 22,900 MongoDB databases that were left exposed online without a password. They are using an automated script to scan for misconfigured MongoDB databases, wiping them and then demanding that a ransom of 0.015 bitcoin or around $140 be paid.

Victor Gevers at the Dutch Institute for Vulnerability Disclosure back in April.

  • EU report says GDPR still isn’t really working fully
  • Major data breach exposes database of 200 million users
  • MongoDB Cloud b

Read More

Continue Reading
GDPR

Sync.com review

Sync.com has been providing cloud storage services for a number of years now, and it’s going to appeal if you’re looking for something that’s simple, speedy and secure. As the name suggests, it syncs a single folder of data between your computers and the cloud.In a lot of respects, Sync.com is similar to Dropbox, though…

Sync.com has been providing cloud storage services for a number of years now, and it’s going to appeal if you’re looking for something that’s simple, speedy and secure. As the name suggests, it syncs a single folder of data between your computers and the cloud.

In a lot of respects, Sync.com is similar to Dropbox, though it doesn’t have quite as many features (such as the ability to sync files outside the main folder). What it does offer that Dropbox doesn’t have, however, is end-to-end encryption for maximum file security.

  • You can sign up for Sync.com here

Sync.com features

The core functionality of Sync.com is to keep a folder on your system in sync with the cloud and any other computers where you’ve got the client software installed. It’s all very simple to set up and use, though you could reasonably point out that Sync.com isn’t really offering anything you can’t get elsewhere from better-known services – ones that come with office apps, better mobile integration, and so on.

The platform supports versioning, so you can go back to older versions of files if you need to – and in a generous move from Sync.com, these older versions don’t count against your storage quota. Once you’re a paying customer, these older versions can be kept indefinitely, otherwise they’ll automatically be wiped after 30 days.

Basic file and folder sharing is supported on the Sync.com platform too, and there’s also support for advanced sharing controls with password protection and expiry dates on links. Mobile apps are available – with automatic photo and video uploading, should you need it – and if you sign up for a team account then you get provision for keeping your data compliant with standards like HIPAA, GDPR and PIPEDA.

Actually, one of Sync.com’s features is its lack of features: a focus on the core functionality that matters, keeping your data secure, private and well-managed between multiple computers (and multiple users, if needed). If that appeals, and you want several terabytes of space for not much money per month, it’s worth checking out.

Sync.com

(Image credit: Future)

Sync.com interface

Installing Sync.com on Windows or macOS is a relatively painless exercise, and the application places a folder on your hard drive – anything dropped in here then syncs to the cloud and to any other computers where you’ve got the software installed. Network drives and external drives can’t be included, nor can files and folders outside of your main Sync.com folder, so the software is a little bit limited in that way.

The web interface is slick and easy to use, and offers another way of getting your files up to the cloud. If you prefer, you

Read More

Continue Reading
GDPR

New DIFC Law expected to bring enhanced governance and transparency obligations

The new Dubai International Financial Centre (DIFC) Data Protection Law (DPL) 2020 law, coming into effect from July 1, is expected to bring enhanced governance and transparency obligations.Even though the law comes into force from July, businesses to which the law applies will have a grace period of three months, until October 1, 2020, giving…

The new Dubai International Financial Centre (DIFC) Data Protection Law (DPL) 2020 law, coming into effect from July 1, is expected to bring enhanced governance and transparency obligations.

Even though the law comes into force from July, businesses to which the law applies will have a grace period of three months, until October 1, 2020, giving organisations just a few months to make necessary changes required to bring compliance frameworks into line with the new law.

The new Data Protection Law replaces Data Protection Law DIFC Law No 1 of 2007, which was already one of the most advanced in the region, places Dubai and DIFC at the forefront of data protection in the region and enabling the financial hub to enhance the Centre’s data protection practices related to global data, security and privacy best practice.

It is now more important than ever for companies to have a data management strategy to ensure data compliance is taking place within an organisation – both from an operational and cultural perspective.

By encouraging data responsibility and implementing the latest data management tools, businesses can do their bit in preparing themselves for DPL 2020.

The new DPL 2020 law will actively benefit companies in a range of ways. Not only will it manage data effectively and ensure data compliance, but it will also increase companywide efficiency; provide a competitive advantage and protection against malware attacks.

The new DIFC Law reflects many of the requirements of the EU’s General Data Protection Regulation (GDPR) seen by many as the ‘gold standard’ for data protection compliance.

“From our previous experience in preparing for the GDPR coming into force, we recommend that organisations should start planning now. In particular, organisations should prioritise fact gathering and other time-intensive tasks such as contract remediation,” Kellie Blyth, head of Data and Technology at Baker McKenzie, said.

However, she said that there are some key differences between the GDPR and new DIFC Law, which organisations should be aware of.

“The new DIFC Law requires Controllers and Processors to appoint a DPO [data protection officer] if they carry out high-risk processing activities on a systematic or regular basis or if required to do so by the Commissioner.

“If a Controller or Processor is not required to appoint a DPO, the organisation must allocate responsibility within its organisation for oversight and compliance with its data protection obligations under the new DIFC Law (or any other applicable data protection law),” she said.

Time to act

The DPO must reside in the UAE, Blyth said unless the DPO is employed within the organisation’s group and performs a similar function for the group on an international basis.

Blyth urged organisations in the DIFC to move swiftly to review their current data processing practices and to identify where their existing data protection policies and procedures will need to be updated to reflect the requirements of the new law.

 “An important difference between the new DIFC Law and the GDPR is that DPOs are required to conduct an annual assessme

Read More

Continue Reading
GDPR

Parrot slams DJI drone data security during Anafi USA launch

Parrot has used the launch of its new Anafi USA commercial drone to criticize the data security practices of its main rival DJI, which makes popular drones like the DJI Mavic Air 2.The French drone maker has worked with the US Army to develop the Parrot Anafi USA, which is an expensive commercial drone designed…

Parrot has used the launch of its new Anafi USA commercial drone to criticize the data security practices of its main rival DJI, which makes popular drones like the DJI Mavic Air 2.

The French drone maker has worked with the US Army to develop the Parrot Anafi USA, which is an expensive commercial drone designed mainly for first responders, firefighters, search-and-rescue teams and security agencies.

And while the Anafi USA is interesting technologically – the rugged drone features 32x optical zoom and a FLIR thermal camera – it wasn’t the main headline from a launch that gave equal emphasis to criticizing its main rival, the Chinese drone maker DJI.

Talking about Parrot drones in general, Henri Seydoux (CEO of Parrot Drones), emphasized that its products are all GDPR compliant, which means that “no data without the user consent is sent to any place, to any server anywhere”. He added: “The data is yours. And we follow completely the rules. Even more important, Parrot is the technology company who writes the drone software.”

This is where the launch became really interesting, as Henri Seydoux went from cloaked digs at its rival to calling out DJI specifically for not only lacking equivalent data security, but suppressing data leaks and even changing data leak methods once they’ve been detected. 

“Our software is available to any questions, to any customer that asks us questions about the functionalities of the software. All the functionalities of the software are described and documented and can be shown to the user,’ he said. “And I don’t believe it’s the case for DJI drones. It’s very questionable how much or what exactly does the software from DJI drones.” This

Read More

Continue Reading