About Over 50 Articles Library
Content: Services - Computer
Computer Security No 55: Privacy Changes ahead in 2018
Corporate - Private Computer Security
Privacy Changes ahead in 2018 - prepare now or risk harsh penalties
Marianne Dunham, ABG Executive Advisor for Victoria and Tasmania, a seasoned barrister with tech knowledge and qualifications, a member of the Victorian Law Institute IP/IT Committee, brought to our attention the changes ahead affecting organisations from 2018.
Mandatory Data Breach Notification Australia - applies Feb 2018:
Origin: In March 2017, Shadow Brothers released several tools stolen from NSA onto the dark web.
* Data breach notification passed as the Privacy Amendment Act 2017 - Feb 2017 -
* Note there are exempted entities (Immigration Dept, enforcement bodies or individuals for which special secrecy provisions apply)
* If there is an eligible data breach - NOTIFY within 30 days unless complex investigations require more time
* Prepare a statement that includes the details and recommendations for the individuals affected
* Give OAIC a copy (Office of the Australian Information Commissioner)
General Data Protection Regulation Europe - applies 25 May 2018:
1. affects non-EU organisations (including Australian) if:
* they offer services or goods to individuals inside EU, even if no payment is required for them OR
* monitors the behaviour of EU individuals (analysis, profiling for predictive purposes)
2. More prescriptive than the Privacy Act
* examples: requires Data Protection Officers, The right to erasure of data if the individual requests, The right to portability when the individual wishes to move his/her data to another provider)
* Transfer of data ouside EU - Australia has not yet been determined to have an adequate level of data protection - appropriate safeguards are required
* Key requirements: Fines, Data Protection Officer, Supervisory Authority, Inventary, Breach notification, Security, Privacy Impact Assessment, Data Subject's rights, Sensitive Personal Information, Consent, Data Processors
KPMG provides a Privacy Management Framework at:
Find out more: - http://www.eugdpr.org/
(source: EUGDPR.org, KPMG; image source: galleryhip)
A directors and officers cheat sheet on D&O cyber insurance
CeBIT Sydney just finished today; many people in the industry say they have seen better shows in years past....
They sent participants an eBook entitled the Cautionary tales: cybersecurity and IoT. A few takings:
"There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again." Robert Mueller, former Director, FBI
"Typically DDoS attacks are targeted at individual sites. DNS is like a phone book: this is like someone is attacking the phone company and burning all the phone books at the same time." David Jones, Director of Sales Engineering, Dynatrace
(DDoS = distributed Denial of service attack; DNS = domain name server)
"78% of IT security professionals are either unsure about their capabilities or believe they lack the visibility and management required to secure new kinds of network-connected devices." Cisco Report: IoT System Security
(source: CeBIT; image source: The Australian)
Attacks to be aware of
Watching movies with subtitles
Researchers at Checkpoint discovered that vulnerabilities in most popular media player applications can be exploited by hackers by inserting malicious code in the subtitles.
It applies to:
VLC — Popular VideoLAN Media Player
Kodi (XBMC) — Open-Source Media Software
Popcorn Time — Software to watch Movies and TV shows instantly
Stremio — Video Streaming App for Videos, Movies, TV series and TV channels
To read more and learn where to download platform updates:
Dangers of SMS messages in mobile banking
The Cron malware gang (16 members) recently arrested in Russia infected over 1 million phones with a Banking Trojan. The malware was called CronBot.
The Russian hackers rented a “Tiny.z,” a piece of malware designed to attack checking accounts systems, for $2,000 a month in June 2016, and adapted it to target European banks in Britain, Germany, France, the United States, and Turkey, among other countries.
A cyber firm, ESET from Slovakia, highlighted the dangers of using SMS messages in mobile banking.
Windows operating systems (10, 7, 8) spying on us
Windows 10 does not allow users to disable automatic updates (including the telemetry diagnostic); in Windows 8 or 7, you could get rid of them.
Microsoft announced Microsoft Windows 10 version for China (which had banned Windows OS in 2014 on government computers). China will use the management feature to monitor and deploy updates as needed, manage telemetry, and use its own encrypted algorithms.
(image source: toonpool) (info sources: Check Point, digitaltrends )
Cyber Security & Privacy suite for Directors and Executives
ABG offers the Cyber suite of course modules:
* Cyber threats and defences Module - Tactical plans
* Directors and Officers Module - Strategy
* Risk Management Workshop for Cyber
* Cyber Crisis simulation
Send your enquiries to www.advisoryboardsgroup.com.au
NEW SERVICE OFFER from ABG and Conscious Governance:
Cybersecurity Governance Systems Review
To find out more: - http://consciousgovernance.com/cybersecurity-governance-systems-review
Ransomware discussion (Part 5)
The Ransomware discussion and ways to prevent or deal with it if it happens is in the fortnightly odd-numbers of the Newsletters (Corporate Security).
You are infected - what next?
1. Disconnect the infected computer from the network.
2. Determine the scope: make an inventory of what was infected.
3. Determine the strain
Ransomware strains differ in payments and what they encrypt. Sometimes however you may need to consult experts that can determine this.
The website www.bleepingcomputer.com is a good place to start.
4. Evaluate responses
You pretty much have 4 options
1. Restore from a recent backup
2. Decrypt your files using a 3rd party decryptor (this would only work in the limited case that the encryption key could be somehow determined)
3. Do nothing (lose your data)
4. Negotiate / Pay the ransom
It is important to understand your risks, deadlines you are facing before you choose an option. It is easy for experts to advise you NOT to pay, but when you are faced with a life and death scenario (which can easily happen if a hospital is hacked) the answer is not that straightforward....
To be continued in Newsletter #57.
Memories of jokes
Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au
© About Over 50s 2017 website by aml websites online