‘More Than Half’ of UK Businesses have STILL not addressed GDPR

‘More Than Half’ of UK Businesses have STILL not addressed GDPR

It has now been over four months since the General Data Protection Regulation (GDPR) came into force on May 25th, unifying the different levels of data protection across the EU and tackling the issue of exporting data outside the EU. With its main focus being to prevent the collection of unnecessary data on individuals (and to protect what data is collected and maintain the subjects’ rights to privacy), much was made at the time on the impact this would have on business, and many man-hours were spent on ensuring that enterprises across the EU were compliant with the new rules.

gdpr compliance and IT

So what has the impact been, in real terms? At the time there were many horror stories and concerns being raised about the unintended harmful effects that GDPR could have on small businesses. The fear was that as they have smaller IT resources, small businesses would find it harder to ensure they were compliant in time, and that they would therefore be disproportionately likely to face fines, and also disproportionately affected by the amounts of money involved.

the effect of GDPR on small business

Well, the good news is that so far there haven’t been any massive issues. The bigger social media players like Facebook and Google saw the inevitable complaints being sent to the EU Commission, but other than that things appear to be moving smoothly.

data protection IT audit

Although whether this will remain the case is hard to tell. In the run-up to the GDPR’s coming into force, IT security firm ESET surveyed over 27,000 companies, and found that more than half of them hadn’t performed an internal audit to see whether they were compliant.

Fortunately, and presumably anticipating this very state of affairs, Data Protection Regulators have shown leniency so far in order to give people time to catch up, but it seems likely that this state of affairs will be subject to change as time goes on. So the lesson is that while it’s still not too late to ensure that you are compliant with the new regulation, it may very well be soon.

BREXIT of cause makes no difference to compliance. GDPR came into effect before the UK leaves the European Union, which means that UK businesses needed to prove their GDPR compliance before, on and after the 25th of May. In addition, the GDPR rules apply to ANY business that handles personally identifiable information of EU Citizens, regardless of where they are located.

If your company are one of the many thousands who have yet to address GDPR contact 39 Degress today by calling 01279 800039 and speak directly to a Data security expert about your requirements in further detail. Alternatively, fill in our online contact form and visit our website here.

Bugs & Hackers – Top Targets in 2015

It’s estimated that 96% of all corporations have been hacked – and the list includes a surprising number of well-known names. Here’s our round-up of famous firms (and faces) who have been targeted by the career cybercriminals this year:

 

British Airways, Merseyside Police, Wirral Council, The Conservative Party, Crimestoppers (and 300 others) – all forced offline by just one hacker, Ian Sullivan, who was sentenced to eight months in jail this year for his wild spree of cyberchaos.

British Gas – even with tight security, cybercriminals can still find a way in. Over 2000 customers had personal details published online by hackers earlier this year.

JD Wetherspoon – it was recently revealed that a case of hacking led to data theft at the popular pub chain.

Washington State Department of Correction – resulting in the early release of prisoners!

V-Tech – even toymakers aren’t immune. Hackers stole data on 200,000 preschoolers in this sting.

The US Prison Service – the information from 70 million phone calls from inmates went astray, and a lot of it ended up in the hands of journalists.

CIA – Their director  John Brennan discovered hackers had broken into his private email account.

FBI – The CIA hackers also managed to get into a law enforcement portal here.

Donald Trump – Some people might admire their cheek – hackers fed malware into the wannabee US President’s hotel chain and stole all kinds of credit card data.

Patreon – Crowdfunding is big business and don’t the hackers know it. Patreon’s whole database was breached – and made public – by hackers this year.

Ashley Madison – 37 million patrons of the cheater’s website  were mortified to find their data had been exposed. You can only imagine the hackers feeling as if they had the moral high ground here!

Hacking Team – Ironically, this Italian security and surveillance company had its whole network breached and posted online by – yes – hackers.

CVS – The huge US pharmacy chain was hit by hackers who are thought to have got in through its photo-processing website.

TalkTalk – several times, and most famously by teenagers…

T-Mobile – …a similar problem was experienced by TalkTalk’s  fellow telecoms giant…

Carphone Warehouse – …and the attack on this cellphone retailer was UK’s biggest breach of 2015. 2.4million customers had data stolen, including 90,000 cases of encrypted credit card data theft.

 

… and finally…

someone tried to pay Raspberry Pi to spread malware; very sensibly the Pi’s response to that was a huge cyber-raspberry…

Cybersecurity over the Festive Season: Ten Top Tips

If you’re looking forward to the Christmas holidays, the hackers are too. And while you’re relaxing or on the work from home tick-over roster, they’re rubbing their hands in glee at what is considered a cyber version of open season: there is usually a sharp rise in hacker attacks around Christmas and New Year when there’s a lot going on elsewhere.

Here are a few ideas to help ward off the opportunists this Christmas:

  • Most hacks begin with an email or SMS, with a link or a document that once opened, lets in malware. If you don’t trust something – bin it.
  • Businesses considering an IT refresh in 2016 take notice – it’s a good idea to buy devices that allow you to reinstall the operating system as this is what the miscreants like to target.
  • Passwords – you’ve heard it before and we’ll tell you again – make them complex, keep them secret, change them regularly. If you have very sensitive data, it is well worth ensuring that this is protected on a higher level: not just by the usual username and password method.
  • A hacker might be able to use a USB stick to instal malware. Guard your device and encrypt your hard drive to help deter anyone cheeky enough to make a physical attack.
  • Being tracked is a burden of the modern age, but you can use a browser with a private mode. Again, it isn’t watertight but its scrutiny might not be as focused as that of others.
  • Encryption is great but even this is not watertight any more – try for encryption that is known to be tough, like Advanced Encryption Standard (AES).
  • If you use physical, USB recovery keys, lock them up somewhere safe and certainly never clip tem to your key-ring!
  • There’s no end to the “inventive” ways a hacker can upload their grubby codes – as several big brands and areas of the public sector will tell you. Be aware that they can insert code into web forms and embedded adverts.
  • As we said earlier, the hackers are constantly developing ways of getting into anything to spread chaos or steal data. So update your virus checker and operating system on a regular basis – do this before checking emails or visiting any kind of financial website.
  • If in doubt about anything regarding cybersecurity – ask the experts. We are here to help and we would rather arrest a problem in its tracks than see you try something that doesn’t work and have to give you that bad news that you have lost your data – or worse.

 

Savvy Security for Smartphone Addicts

Smartphones – they’re like part of the human body, aren’t they? Part everyday communication tool, part business asset, part entertainment centre, part comfort blanket,  they’ve become so ubiquitous as to be indispensable.

But you have to unplug yourself, put it down and leave it alone sometimes… and that’s where your phone or tablet can be lost or stolen, any old random can gain access to your personal and business data, and the problems can start. Did you know that technically, if you leave your smartphone unattended and unlocked, it’s a breach of data security laws if someone gets in – on their part and on yours?

The easiest way to deter thieves (and general nosey-parkers) is to set a lock operated by a PIN, password or fingerprint scanner.

Device-specific locking mechanisms can be set up relatively easily with a timeout period, pattern and code to suit your needs. Here are the inroads:

  • On an iPhone: Go to Settings > General > Passcode Lock.
  • On Android: Go to Settings > Location & Security > Set up Screen Lock. Timeout setup can be arranged by going to Settings then Display.
  • On a BlackBerry: Go to Options > Security Options > General Settings > Password.
  • On a Windows Phone7: Go to Settings then Lock & Wallpaper and take it from there.

A word about letting your fingers do the locking…

Fingerprint ID is good but not totally foolproof. It isn’t proven that fingerprints are totally unique and it’s believed that family members can share aspects of particular patterns and combinations (we personally know cases of a mother and son, and of fraternal twins, who can open the same iPad fingerprint scanner). As we get older, too, the skin of our fingerprints loses elasticity and the patterns become harder to identify – in extreme cases this can erase the fingerprints totally.

And be aware that if you use a join-the-dots swipe pattern to lock your phone, a very determined thief may be able to trace the pattern by smudges your finger leaves on the screen when you use that lock method.

IT Security – Try This!

Lesson of the day from Ghost has been to keep an eye on your IT security, and in particular, to make sure your password is up to scratch.

As a special treat, we’ve found  a site that will put your password through its paces.

https://howsecureismypassword.net/

Tap in your password and see how long it would take for a hacker to discover it. You will either be cheerful (465 million years) or absolutely horrified (52 seconds).

How good is yours? Let us know!

IT Security In Your Pocket

If you’re anything like us, your mobile device is so important to you that it’s a part of the business and a part of the family – heck, it’s practically part of the body.

So in that case, security is an unavoidable issue.  Here are a few handy hints to keep your phone safe and protected:

  • If you think you’ve been hacked, seek advice from the network provided as soon as you can.
  • Lock it with a password and keep that password secret: it’s amazing how many people leave their device open or store their passwords on their phones!
  • Password power: a strong password is an asset so take a look at our post www.ghostservices.net/would-your-password-pass-the-test/ for some advice on setting the best password.
  • Take updates when they are offered: most phone and tablet manufacturers regularly circulate these and they invariably involve security updates.
  • Apps from people or sources you don’t know or trust can be dangerous – so be careful what you download. This includes links from banks too.
  • Unsecured public wi-fi, such as  that offered by McDonalds and other cafes, is great for casual surfing but not for anything that would involve your email or financial details.
  • Don’t shop over the internet on a public network on your device either: even if the providers say it’s secure, the hackers are always one step ahead.

 

 

Would Your Password Pass The Test?

It’s always a good idea to have a strong password – it’s an important weapon in the war against hackers and will help to protect you from malicious software. This is because it’s the initial defence mechanism regarding access to your computer.

So how do you make sure you have a strong password? It’s pretty straightforward – remember these simple rules:

  • It should be at least eight characters in length.
  • It should contain uppercase characters.
  • It should contain lowercase characters.
  • It should contain numbers.
  • It should contain symbols – basically, any keyboard character that is not a letter, number or space.
  • It should not contain a complete word.
  • It should not contain your name, user name or company name.
  • It should not be the same as any other, or former, passwords of yours.

Now all you have to do is remember it – we’d be interested to hear how everyone keeps a handle on their passwords. Drop us a line if you have a particular way of remembering!