If you have customers then you are effected by General Data Protection Regulation (GDPR) . We have posted previously on various aspects of GDPR. But if you, like many, are still struggling to understand GDPR then we have uncovered a free course that will help. Over at Futurelearn, University College London have put together a course called Introduction to GDPR: General Data Protection Regulation
FutureLearn is a digital education platform that was created back in 2012 by The Open University. They partner with various learning institutions, including many UK Universities. UCL, University College London, was founded in 1826 and is among the worlds top universities.
Understand what the GDPR means for you as data subject, controller or processor.
On 25 May 2018, the General Data Protection Regulation (GDPR), aiming to improve data protection for individuals across the EU, became directly applicable. Now, organisations need to be compliant with the new rules and should act immediately.
By developing good knowledge of the GDPR and understanding how it affects you, you will learn about the first steps for making your organisation compliant and can immediately start taking them. You will explore data subjects’ rights, data controllers’ and processors’ obligations, and enforcement and compliance notions in the context of the Regulation.
You can find the course here and sign up yourself or sign up your staff members. If you’d like to speak to us regarding the IT aspects of GDPR then please contact us here at Nimbus CS.
No matter how strong and secure your password, it is not enough by itself to secure important online accounts. Passwords can be stolen through phishing attacks, discovered by social engineering, or otherwise compromised in many different ways. That’s why Multi-Factor Authentication (MFA) is important.
What is MFA?
MFA – also known as two-factor authentication (2FA), or two-step verification – is an extra layer of security which works by asking users for an extra piece of information (or factor) before allowing them access to their account. There are a range of different options for the extra ‘piece of information’ that services ask for from users, ranging from answering pre-set security questions and providing an access code from an app on their smartphone to using a hardware security key.
Multi-factor authentication is built into most modern cloud services – including file storage, email, social media, collaboration tools, and financial services – and should form a part of your cyber security plan.
Why you need MFA
Criminals have become very good at stealing passwords, and have a long list of tools at their disposal to help them do just that. Using a separate, strong and secure password for each of the services you and your team access will protect against some types of attack, but not all. Not to mention that users now have so many accounts that it is impossible for them to use different passwords for everything without some kind of help – and even the best password managers are still protected by, you guessed it, a password.
Using MFA brings a lot of extra security with relatively little pain for users and, usually, with no expense for your company or organisation (Google, Microsoft and others provide MFA applications for free).
Which ‘factor’ is best?
There are many different MFA systems, with different applications asking for any of the following:
– a code generated by a smartphone app
– secret passwords sent by email to a registered address
– a time-specific password the user receives through their mobile phone number.
All have their advantages and drawbacks, and which you use will depend on the service you are securing and the needs of your users. However, it is wise to avoid any that rely on security questions or extra passwords that users can remember – since these are really no different from any other password.
Let’s work it out
Correctly configuring MFA, and cyber security in general, can be a complex and worrying area. If you feel in need of a helping hand to secure your organisation’s data, contact our computer support professionals today.
Given the amount of sensitive information that businesses store on their personal computers, their intranets and on shared file services such as the cloud, it is more important than ever to ensure that your business takes cybersecurity seriously. Hackers and other cybercriminals can make vast sums of money by stealing and selling your information, or through other techniques such as ransomware, and these crimes are unfortunately becoming increasingly common. However, protection from cybercrime doesn’t just mean secure firewalls and encryption; you must also consider the physical actions of your employees. Our experts suggest a few tips on how the everyday behaviour of your staff can help to increase your security.
1. Lock away all hardware when not in use
While many companies spend thousands on digital forms of cybersecurity, all of this is worthless if a criminal can just pick up your hardware and walk off with it. While it may not always be practical to steal a desktop computer, it could be incredibly easy to snatch a small USB drive or an external hard drive. Any sensitive information contained on smaller drives should always be secured safely when not in use.
2. Always log off
One or two-step verification for secure areas of your intranet or cloud services can really help to improve security, but it means nothing if your employees are constantly logged into the system, even when away from their desk. Ensure that staff always log out when finished with their computer, and discuss automatic log out systems with your computer support team if possible.
3. Is printing really necessary?
It’s common for employees to need to access many different secure and sensitive documents to complete their tasks, but all the digital security and barriers to entry are rendered useless if employees print out this information and then don’t keep it secure. Often, printing is not necessary and is just done out of habit; if you really must print any sensitive information, ensure that it is kept secure at all times and subsequently disposed of appropriately.
At Nimbus CS, we are aware of the necessity for complete cybersecurity, and incorporate it into our comprehensive IT support packages. For more information about our services and how we can provide you with computer solutions, please contact us.
Like any responsible company, you’ll have taken time to consider how you protect your IT systems against common forms of cyber-attack. But, what if a criminal could simply ring up, email, or text one of your staff and find out everything they wanted to know? Well, that’s not as far-fetched as it sounds.
Hook, line, and sinker – digitally, of course.
Phishing is a term for criminal attempts to gain access to confidential information by posing as a trustworthy person or organisation. The more well known, successful, and trusted an organisation, the more likely criminals are to impersonate it; that’s why some of the most common phishing attacks pose as banks, or Government departments. When practised against businesses, phishing emails are more likely to pose as suppliers, companies you trade with, or trusted advisers. Either way, the criminal’s aim is to trick you or your staff into revealing information to them in the belief that they are who they are pretending to be.
Vishing and Smishing are the same concept but using Voice (phonecalls – Vishing) or SMS (text messaging – SMiShing). They follow the same principles and have the same aim: to con your staff into disclosing confidential data.
Protecting your business
Protecting against phishing attacks is an essential element of your organisation’s cyber security strategy, but it is important to be realistic. The criminals who carry out phishing attacks are incredibly skilled at what they do. Targeting the most vulnerable in your company, and pushing just the right buttons, is all part of the scammer’s art, and it is simply not possible to prevent all phishing attacks.
Instead, the approach recommended by the National Cyber Security Centre is to support and empower your team to understand the most common phishing (and vishing, and smishing) attacks, while providing a blame-free way for them to report problems, even if they have already clicked an email, or disclosed something they shouldn’t have. At the same time, it’s worth looking into high-quality business IT support to ensure that your systems are set up so that as few phishing attacks as possible reach your staff’s inboxes in the first place.