fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

Five Eyes governments, India, and Japan make new call for encryption backdoors

Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications.

The statement is the alliance’s latest effort to get tech companies to agree to encryption backdoors.

The Five Eyes alliance, comprised of the US, the UK, Canada, Australia, and New Zealand, have made similar calls to tech giants in 2018 and 2019, respectively.

Source: Five Eyes governments, India, and Japan make new call for encryption backdoors | ZDNet

France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers

France’s data regulator CNIL has issued some recommendations for French services that handle health data, as Mediapart first reported.

Those recommendations follow a landmark ruling by Europe’s top court in July. The ruling, dubbed Schrems II, struck down the EU-U.S. Data Privacy Shield. Under the Privacy Shield, companies could outsource data processing from the EU to the U.S. in bulk. Due to concerns over U.S. surveillance laws, that mechanism is no longer allowed.

The CNIL is going one step further by saying that services and companies that handle health data should also avoid doing business with American companies — it’s not just about processing European data in Europe. Once again, this is all about avoiding falling under U.S. regulation and rulings.

Source: France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers | TechCrunch

Commission presses Zoom for security assurances but continues to use platform

The European Commission is looking for further assurances from US video conferencing platform Zoom regarding the security of its technology, after concerns emerged earlier this year over the company’s privacy protocols.

The Commission “has asked Zoom for its latest security audit reports and additional information, particularly relating to its encryption controls,” Human Resources Commissioner Johannes Hahn said on Tuesday (6 October), in response to a written question from Italian MEP Mara Bizzotto.

Source: Commission presses Zoom for security assurances but continues to use platform – EURACTIV.com

The UK’s Department for Education ‘failed to protect children’s data’

A National Pupil Database held by the UK’s Department of Education had ‘no formal proactive oversight’ to protect children’s data, the Information Commissioner’s Office has found.

The ICO concluded in its compulsory audit this week that DfE had ‘no formal proactive oversight of any function of information governance’ relating to data for millions of children.

Source: The UK’s Department for Education ‘failed to protect children’s data’

Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

On October 1, 2020, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published an advisory that highlights the risk of potential U.S. sanctions law violations if U.S. individuals and businesses comply with ransomware payment demands.

OFAC’s advisory neither describes new penalties for ransomware payments nor expands existing law or provides new authority for imposing sanctions. Rather, in releasing its advisory in conjunction with a similar advisory from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), OFAC is sending a clear signal that making ransomware payments with a sanctions nexus threatens U.S. national security interests and that third-party service providers that facilitate ransomware payments on behalf of a victim must consider and ensure compliance with OFAC regulations.

Source: Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

FBI warns of risks of using wireless hotel networks

Wi-Fi networks in hotels typically favor guest convenience over strong security practices, says the FBI.

As the coronavirus pandemic and lockdown have forced a shift to remote work, many people are working not just from home but from public locations. The pitfall here is that a public location may not have the tight security measures required to protect sensitive data and other assets. That vulnerability holds true for libraries, coffee shops, and even hotels. In a new warning about hotel Wi-Fi, the FBI provides several tips on how to protect yourself when using such a public network.

Source: Wi-Fi security: FBI warns of risks of using wireless hotel networks – TechRepublic

The EU’s Timetable for Dismantling End-to-End Encryption

Lobbying of “lawful access” to end-to-end encrypted services has moved from the U.S. to the European Union—where advocates for anti-encryption laws hope to have a smoother ride.

The public signs of this shift in the EU—which until now has been largely supportive toward privacy-protecting technologies like end-to-end encryption—began in June with a speech by Ylva Johansson, the EU’s Commissioner for Home Affairs.

Source: Orders from the Top: The EU’s Timetable for Dismantling End-to-End Encryption

Half of All Organizations Experienced Cyber Security Incidents During the Remote Working Period

Study showed that 75% of IT decision-makers believed hybrid or remote working to be the future of the workplace, and most also believed that this has led to an increase in security incidents.

The “Securing the Future of Hybrid Working” report also found that phishing remained the most prevalent threat facing employees working remotely. While remote working was a predisposing factor for cyberattacks, most employees prefer hybrid working environments, with just 11% exclusively preferring office work.

The report recommended that businesses should adapt to their employees’ needs to guarantee the safety of the organizations’ systems.

Source: Half of All Organizations Experienced Cyber Security Incidents During the Remote Working Period – CPO Magazine

Half of Organizations Experienced Security Incidents While Working Remotely

As businesses try to deliver a seamless hybrid experience of work from home and office, Tessian’s Securing the Future of Hybrid Working report reveals the security risks they must overcome and the pressures on IT teams.

The majority of IT decision makers (82%) think that employees are at greater risk of phishing attacks when working remotely. Their concerns are valid; over three-quarters (78%) of employees said they received a phishing email while working on their personal laptop between March and July 2020, and 68% admitted to clicking a link or downloading an attachment within that email.

In fact, nearly half of companies surveyed experienced a data breach or security incident between March and July 2020, with half being caused by phishing attacks – making it the leading cause of security incidents during this period of remote working.

Source: Half of Organizations Experienced Security Incidents While Working Remotely, Reveals New Data – socPub

UK intelligence data ‘would be deleted’ in event of no-deal Brexit

British intelligence about terrorists and other serious criminals would have to be deleted from EU systems if the Brexit trade negotiations were to collapse, a former EU security commissioner has warned.

The UK would instantly become disconnected from a range of databases and systems such as the European Criminal Records Information System (ECRIS), which shares data about prior convictions across all EU countries.

Source: UK intelligence data ‘would be deleted’ in event of no-deal Brexit | UK news | The Guardian

>