Thursday Thoughts - 13th May 2021
This week it was the turn of the National Cyber Security Centre (the NCSC) to hold their annual conference (#CYBERUK21). On line of course. The content has been made available on YouTube and there is much in there for everyone; whether it is the stats and strategic comment from the Home Secretary, advice and guidance for schools and businesses or the provision of information about the solar winds attack for the geeks amongst us. I have included a link to the channel. Also this week at national level the draft online safety bill was published (announced in the Queens Speech).
There’s great news of funding for the UK based Caretech Company Birdie and promising details from Eleanor Duhs of real possibilities for a UK adequacy decision and other political solutions to be found for data transfers. Gmail and AdTech are in the news this week with an article from Rowenna Fielding asking how private Gmail is and news of the difference that the iOS 14.5 update has started to make to the tracking of users.
As usual I include a news section which includes details of a cyber-attack on a pipeline in the US, the closing down of a child pornography ring and of course the latest fines and the.
Blogs and Videos of the Week
Liz Vega – BBC 5 Live – The importance of digital skills and the latest scams
Alex McCann - 7 Guaranteed Ways To Improve Your Social Media Marketing
NCSC Annual Conference - #CYBERUK21
The NCSC’s annual conference was held this week. For those unable to attend the link to their YouTube channel provides a wealth of information. The Home Secretary’s address highlighted the desire for the UK to be a “responsible cyber power” and also the real costs to UK businesses of breaches and attacks which are estimated at £1Bn last year. Sadly 2 out of every 5 businesses have suffered either a breach or an attack in the last 12 months. For schools and colleges there is 2 informative sessions one of which “Ransomware risk to schools and how to prevent it” is particularly topical following the Gloucestershire schools hack earlier this year. For the geeks amongst us there is a raft of advice guidance and discussion and I was interested to watch the “Oh that was clever” session which discusses the details of the SolarWinds attack. How they got in, what they did and in particular the victimology. While the size of the breach was huge a vast number of potential victims were ignored with specific organisations targeted and other users were used as a pivot to attack a particular target. You will find the videos here: https://www.youtube.com/channel/UCyAPLAtCSeL1s85YMY8ULnw/featured
Also launched on day two of the conference a new online Cyber Essentials Readiness Tool provides tailored advice in preparation for Cyber Essentials certification. https://getreadyforcyberessentials.iasme.co.uk/questions/
How Private Is Gmail
While most of us are aware of how cookies and Google search activities track us on line. This article in the guardian discusses how Gmail also collects large amounts of data about us. According to Gmail’s “privacy label” those that grant iOS Gmail app permission agree to share their approximate location, user ID and data about the ads they have viewed online with advertisers. Although Google stopped scanning email content to tailor ads in 2017 it started to show shopping ads in Gmail last year and still scans emails to facilitate so-called smart features such as the ability to add holiday bookings or deliveries straight to your calendar. Thus as Rowenna Fielding says in the article “every way you interact with your Gmail account can be monitored, such as the dates and times you email at, who you are talking to, and topics you choose to email about”. You can read the full article here: https://www.theguardian.com/technology/2021/may/09/how-private-is-your-gmail-and-should-you-switch?CMP=Share_iOSApp_Other
With Apple iOS 14.5 You Can Stop Apps From Tracking You
When Apple released their latest iOS 14.5 at the end of April it included the much-advertised ability to stop apps from tracking your activity for targeting purposes. Data is emerging that shows this feature is incredibly popular. The new update means that when a user opens, downloads, or updates an app for the first time once iOS 14.5 is in place they have to opt in to letting that app track them. According to analytics firms almost everyone is saying "no thanks" at this stage and only 4% American iOS users accepted. This is seen as a gamechanger for the AdTech industry.
UK-based Caretech Company Birdie Secures $11.5M in funding
The UK-based Caretech Company Birdie (https://www.birdie.care/) has secured $11.5M in funding. The company provides digital tools intended to reduce admin costs and make it easier to manage the care being provided to individuals. In a sector that is often under resourced it is good to see a company helping to do away with paper-based records and allow care givers real-time visibility to support the vulnerable. You can read more here: https://techcrunch.com/2021/05/11/elderly-caretech-platform-birdie-gets-11-5m-series-a-led-by-index/?guccounter=1
EU-UK and The Flow Of Personal Data
The seminar at the Centre for European Legal Studies at the University of Cambridge this week featured a seminar about the EU-UK Trade and Cooperation Agreement and the free flow of data from Eleanor Duhs from Fieldfisher. Methods of protecting data when you are sharing it in the international forum and the political solutions being offered in the Trade and Cooperation Agreement are discussed in depth. There are real possibilities for the UK adequacy decision to take shape and political solutions to be found to take this forward. I’ll be watching closely. You will find the video of the talk here: https://www.youtube.com/watch?v=Ch9-wE2hyS8
Draft Online Safety Bill Published
The draft Online Safety Bill was published on the Gov.uk website on 12 may. It was featured in the Queen’s speech and in to establish a new regulatory framework to tackle harmful content online and an expanded role for OFCOM. You can read the bill here: https://www.gov.uk/government/publications/draft-online-safety-bill
Dutch political party fined €7500
A province level political party in the Netherlands has been fined for failure to report a data breach. The breach occurred after e-mails were sent CC, rather than BCC. Because the e-mail contained information that could be viewed as “political preference” one recipient complained and the DPA found insufficient care had been taken.
Locatefamily fined €525000
The website publishes information including addresses & phone numbers, often without their knowledge. Of concern to the authorities is that individuals who want to have their details removed from the site cannot do so easily because Locatefamily does not have an Eu representative. The website was fined for failure to have an EU representative in the EU and have been instructed to appoint one.
US Fuel Pipeline Suffers Cyber Attack
The US has declared an emergency in 17 States after one of their largest pipelines companies was attacked with Darkside ransomware. 5,500 miles of fuel pipeline between Houston and New York were shut down. The company “Colonial Pipeline” are said to be working in partnership with third-party cybersecurity experts, law enforcement, and other federal agencies to restore pipeline operations quickly and safely. They have a plan to return to normal service in an incremental process.
International Child Pornography Network Taken Down
German police have taken down the darknet child pornography network “Boystown”. Which had over 400,000 members and allowed users to communicate with others including the sharing of graphic images and videos including “serious sexual abuse of toddlers”, the statement said. Three people have been arrested including administrators and key users of the platform who provided advice to members on how to avoid being discovered.
EU DPA prohibits Facebook from processing WhatsApp data
Blogs of the Week
Liz Vega - The prevalence of scams affecting the younger population
BBC 5 Live this week featured Elizabeth Vega on “wake up to money”. A really interesting discussion of the importance of digital skills and how the latest scams are affecting younger users more than other age groups. Super advice from Elizabeth on the importance of making your home network safe and the things to watch out for; urgency, intrigue, something that plays on our fear of missing out or our good nature. The programme continues with a session where listeners share stories of the latest scams that they have seen/experienced (particularly post office and bank frauds). You can listen to the programme here https://www.bbc.co.uk/sounds/play/m000vxvb
Alex McCann - 7 Guaranteed Ways To Improve Your Social Media Marketing
Alex is always generous with his advice and this update on his “Ways To Improve Your Social Media Marketing” is no different. As always there are actionable tips like investing in your content, engaging with others on a human level and putting the time in. It’s good to see Alex’s blogs back on his website if you want to see what doesn’t work he has also posted 7 Guaranteed Ways That You Won’t Improve Your Social Media Marketing! The link to his blog is here: https://altrinchamhq.co.uk/category/blog/