A delayed Thursday Thoughts in light of the sad news of the death of Her Majesty Queen Elizbeth II. Like many in the country and around the world I am greatly saddened by her passing and grateful for the many years of service she gave to us all. She set us all a shining example of dedication and consistency of purpose. My thoughts and prayers are with her family as they deal with their loss in the full media glare and to all those who grieve in private.
Thursday Thoughts – 9th September 2022
Last week was a time when many went back to work/school after summer holidays and will be the start of the next phase of their lives for many of the A-Level and B Tech cohort. For those turning on systems after a break or those moving away from home and setting up devices on new networks or sharing data with organisations there are many things to be aware of. As usual over the summer a there have been software updates, IT security incidents and new advice and guidance in the data governance world. With this in mind I thought this week’s Thursday Thoughts should concentrate on updates and issues that may have been missed this summer, the vulnerability of Apple products, automatic updates, physical security, location tracking and of course a return of the popular blog/vlog of the week.
Finally, I am absolutely delighted that our company PPP Management is sponsoring the Altrincham Football Reserves Team for this season and next. We believe that football has a transformative effect on lives teaching participants the benefits of teamwork, fitness, leadership and resilience. It is a pleasure to support AFC in it’s journey at this exciting time. We will be supporting the Club both on the pitch and off.
Video/Blog of the Week
Trace Dominguez: How Spam Texts Exploit Your Psychology
Altrincham HQ: 10 Twitter Features You Probably Aren’t Using
Apple MACs Are Not Invincible
I regularly encounter businesses who believe that Macs are invincible. THEY ARE NOT! According to recent surveys Mac users face similar computer viruses, worms and spam that PC users face - 1 in 10 Apple laptop users encountered malware (less than the 32% of PC users but still a significant number) and with ransom-ware 13% of Macs owners had experienced an attack (for PCs this figure was 9%).
Top tip whether it’s a PC or Mac you are using make sure you have a firewall and AV software and for heaven’s sake back everything up and keep that backup somewhere safe (i.e. not on the same site as the computer).
Don’t Forget Physical Security!
Thanks to Gabriel Freelander for a TikTok video showing how we need to consider the whole security situation and confirm that the mechanism you plan to use isn’t going to fail at the first hurdle. The video ( ) shows how a supposed super secure expensive cybersafe padlock can be opened in seconds - spring loaded locking pins. Whether it is padlocks, where you keep your passwords, who can read your screens safe or how you dispose of your confidential waste. Physical security needs to feature front and centre.
Update your Apple Products Now
Last month is a new vulnerability affecting most models of the iPhone, iPad and Mac was identified. The vulnerability is deep within the operating system and allows a potential hacker “full admin access on your device”. Experts advised users to secure their devices as soon as they can.
Automatic Updates
Automatic updates are a great way of making sure your software is up to date. However, it pays to check that the system is up to date every now and then. This is because even if you have turned on automatic updates sometimes it doesn’t happen. The main causes are when you have less than 50% battery or no wifi.
Do You Know Who Has Access to your Location?
Did you know you can choose which apps have access to your location and that you can turn Location Services and GPS on or off for individual apps. While some (find my phone) cant work without access to your location others (the camera and snapchat) really do not need to know exactly where you are down to the nearest 50m. With all the apps you have the option to prevent access (don’t allow), allow only when you are using the app, or make sure the app askes every time if it can use your location.
Some Google Ads Spread Malware
Not all Ads on Google are safe. As well as spreading malware is through malicious apps in app stores there is now a trend where Google ads are used to get victims to click on links that lead to malware-infested websites that infect their devices. Some scammers are even willing to pay for top-tier advertising on Google to trap unsuspecting users. So wat to do about it:
Avoid clicking on sponsored links or advertising whenever you search for something through Google. If you want to see something manually type in the web address.
If you think a link is unsafe you can hover over the link to get a preview of the destination.
Any website message that claims you have a virus is probably a scam.
Have a trusted antivirus program updated and running on all your devices.
Google Chrome Updates Required for Windows, macOS and Linux
Google Chrome has an update which we should all make sure we have downloaded. It fixes the vulnerability (CVE-2022-2852) which allows the system to be accessed remotely. Google has recommended that users of Chrome update their systems immediately. If you want to check you are up to date go to Chrome, find settings (usually via the 3 dots symbol) and then look at the “about chrome” tab and look for the message “Chrome is up to date” if not update it.
Personal Data – Exam Results and School Records
In the UK it is generally accepted that once a child reaches 13 they are old enough to make decisions about their personal data. In practice this means 13 is the age at which an organisation such as a school needs the pupil’s permission and not their parent’s to provide data. This can include exam results, school reports and other materials a parent may want access to. Depending on the type of school they may as parents be able to access the child’s Educational Record but not all Academies and Private Schools have to comply with such a request.
ICO Freedom of Information Act Enforcement
In a new approach to Freedom of Information enforcement (and for the first time in 7 years) the ICO has issued enforcement notices against two public authorities for delayed responses to FOI requests. This is being seen as a shot across the bows of public authorities some of whom have a woeful response rate when it comes to providing a timely response in more than 50% of cases. The ICO have issued notices against the Department for International Trade (DIT) and the Department for Business, Energy and Industrial Strategy (BEIS). You can read more here:
Training
There are some amazing and innovative ways of engaging with your staff in data protection. The trick is to get a balance between the traditional and the innovative.
New Cyber Security Training package from the NCSC
The NCSC has just launched a free e-learning training package called 'Staying Safe Online: Top Tips for Staff'. IT is simple discussing why cyber security is important and how attacks happen (in just 30 mins) and then covers four key areas:
defending yourself against phishing
using strong passwords
securing your devices
reporting incidents
you can access it here: https://www.ncsc.gov.uk/training/v4/Top+tips/Web+package/content/index.html#/
New Data Protection Training Music Videos
Yes this is a thing! If after training you are still getting data breaches or you worry your staff are just going through the motions then there are other ways to deliver setting specific training. The latest of these are Rachel Tobac’s new “Social Proof” Security Music & Spoken Security Awareness Training Videos. Following on from the success of her “passwords sea shanty”, which I still cannot get out of my head, she has released a series of videos and songs to make security concepts catchy. The musical version is however not compulsory so there are versions without music for teams looking for more “traditional” training. You can read more about the videos here: https://edition.cnn.com/2022/09/01/tech/infosec-music-videos/index.html
News
Meta Fined 400 Million Euros
The Irish Data Protection Commission fined Instagram €405 million for violating children's privacy (the publication of email addresses and phone numbers of minors). The company has responded that this fine relates to “old settings that we updated over a year ago”. That however it does not get away from the fact that under previous settings the accounts were not automatically set to private. This meant people the individuals did not know could see their posts and adults could message teens who don’t follow them.
Meta Responsible Innovation Team Disbanded
Meta has disbanded it’s “Responsible Innovation team” as the company cuts costs following the news that Facebook is falling behind TikTok in the popularity stakes. Facebook is struggling to maintain its position as one of the “Top 10 apps” in the App Store. Recently the number of Facebook users stagnated whilst “dwell time” on TikTok is increasing. Disbanding the team who were responsible for reviewing potential concerns about products and features has lead many to question whether responsible product design will become a thing of the past.
National Cyber Security Centre Cyber Advisor scheme
The NCSC are developing A “Cyber Advisor scheme” that will offer assured cyber security consultancy services to small organisations, helping them to achieve a minimum standard of cyber security based on the Cyber Essentials five technical controls. It is possible for businesses who are interested in becoming and advisor to apply for one of the 100 free Cyber Advisor assessments. You will find more here. https://www.ncsc.gov.uk/information/cyber-advisor
Video and Blog of the Week
Trace Dominguez: How Spam Texts Exploit Your Psychology
This is a great video from Trace which features Rachel Tobac on why social engineering is better than hacking. Explaining why we are getting more scam texts and messages. It turns out that social engineering is the most important weapon in the cyber criminal arsenal. https://www.youtube.com/watch?v=2T51loN1f-M
Altrincham HQ: 10 Twitter Features You Probably Aren’t Using
Every day is a learning day when I read Alex’s blog. This one didn’t disappoint. Alex recognises that many businesses have moved from Twitter either to LinkedIn or Facebook/Inst etc. Because he uses it all the time he is able to share some of the features that many of us would find useful like Twitter lists, circles and newsletters. https://www.altrinchamhq.co.uk/10-twitter-features-you-probably-arent-using/