IT Security Updates Issue 1

The ICO have fined BT for a 5 million customer email ‘spam’ campaign that was found not to have ‘customers’ consent’, the ICO have also fined Gloucestershire Police an eye-watering £80,000 after an horrendous email error resulted in abuse victims’ identities being circulated in an open email, Google Home’s latest flaw highlights the worrying reality of the IoT within a business environment and much, much more…

It’s good to talk, but not to spam… says ICO to BT

The ICO have been less than charitable towards BT after a recent ICO spam investigation found a charitable campaign breached customer consent rules. BT have been fined £77,000 by the Information Commissioner’s Officer after an investigation found the company sent nearly five million “nuisance emails to customers”. The ICO found that BT “did not have customers’ consent to send direct marketing emails.” The ICO investigation found that BT’s charitable initiative – BT My Donate –  resulted in 4.9 million emails being sent on behalf of ‘Stand up to Cancer’ and ‘Giving Tuesdays’.

ICO rebukes police email blunder which ‘outed’ abuse victims 

Gloucestershire Police have been fined £80,000 after the ICO found that the identities of abuse victims had been revealed in a bulk email disclosure. The mistake occurred when a police officer used the “To” field as oppose to the “BCC” field when copying email addresses into a sensitive email. By sending it via the ‘To’ field, the email addresses of all the victims were available to all recipients. The ICO noted that this was a “serious breach” and “one which was likely to cause substantial distress to vulnerable victims of abuse, many of whom were also legally entitled to lifelong anonymity.”

Google Home’s latest data leak highlights the flaws of IoT

As more and more businesses embrace the ‘power’ of the Internet of Things (IoT), Google Home’s latest ‘security breach’ highlights the flaws of IoT. Researchers for Tripwire Security, a security consultancy, found that a Home device’s physical location can be tracked and that Google’s live streaming functions can be hijacked – allowing cyber criminals to hijack Google IoT services within people’s homes and businesses. Google declined to comment on the news, but a spokesperson did comment on Google’s commitment to protecting customer data.

UK Government to invest in Cyber Skills Training

The Department for Culture, Media and Sport has announced the creation of the Cyber Skills Immediate Impact Fund to help identify and fund initiatives designed to support the UK Government’s National Cyber Security Programme – a scheme designed to expand on the government’s cyber security training schemes. The new funding will be launched in late 2018 to help promote greater cyber skills training in the UK. The funding is also designed to help close the skills shortage gap within the UK cyber security industry by helping to stream more qualified cyber security practitioners into the industry – thus helping SMEs, third sector and public-sector organisations provide greater cyber security protection.

Identify vulnerability within your IT setup by using this useful assessment

IT Governance provides SME leaders with a useful ‘vulnerability assessment’ framework – an easy to understand guideline designed to identify issues within your IT estate. The assessment provides a useful collection of resources that are designed to de-mystify the cyber security vulnerability of your IT setup by providing plain English support resources. The assessment evaluates the penetration testing context of your IT infrastructure and how you, as the company’s leadership, can better understand the real-world threats that could befall your company and how better IT security hygiene and investing in sound IT infrastructure could help protect your business.

Berkeley update its legendary ‘Top 10 Secure Computing Tips’

The University of California, Berkeley, has a long and illustrious history with California’s tech industry. As such, Berkeley’s top ten guide has long been ‘mandatory reading’ for SME owners looking for an easy-to-digest IT security resource they can share with less tech-informed employees. The resource is an internal student guide – but it has long been a core prerequisite IT security 101 resource. The latest updated and revised addition includes tips of security hygiene, malware prevention and the importance of keeping software updated. The guide also includes a new revision: “You are a target to hackers.” This stark warning highlights the centrality of cyber crime and cyber threats and the power of human agency in countering this endeavour through education.

Cyber Security “skill gap” widening as young people eschew IT in favour of less technical educational endeavours

The prestigious Roehampton Annual Computing Education report for 2018 has found that computing qualifications at A-Level and GCSE level are “patchy” across the UK; with less than 12% of students choosing an IT qualification at pre-14 level education whilst the number is even more worrying in the post-16 context sitting below 3%. This future failure of home-grown IT expertise poses a future skills gap, the report authors conclude, which could lead to a future IT security problem over the course of the next 25 years. This failure to embrace IT education isn’t merely a failure to meet the demands of the future workplace but a failure of comprehension in regard to a changing IT and cyber security environment.

Business Insurer reports that half of US businesses have suffered a cyber attack in the past 12 months

SMEs are taking cyber security a bit too lightly according to a major business insurance broker. Hiscox Insurance annual Small Business Cyber Security Risk Report has found that small steps could help to counter “ever-evolving threats of cyber-attacks,” but companies need to do more to protect themselves and their brands. The report found that 44% of SMEs experienced either direct hacking, indirect data breaches or ransomware attacks. These incidents, on average, cost micro businesses around $34,604 and SME’s around $1.05 million. Hiscox believes companies need to invest in cyber insurance to help provide a balance alongside suitable cyber security software and technology-based countering solutions. Doing small things, like buying the right cyber insurance, could help SMEs save hundreds of thousands of dollars in the long run.

Until next time …