Thursday Thoughts - 6th August
Just after last week’s blog went to print Greater Manchester lost some of its “new” freedoms as the UK government imposed a localised lockdown. So it’s back to only socialising with just our family “bubble” until it is lifted.
For those who are now suddenly less able to go and socialise I’ve shared details of some upcoming webinars which may be of interest. The subjects are varied but all are free. You can choose from “The Nightime Economy”, “Furlough Fraud” or even “how to protect your organisation from email-borne threats”.
This coming week it is A level results day and the following thursday the GCSE results will be published. As we have had an exceptional year this year the next few weeks will be a difficult time for students, parents and schools. The exams will be awarded for the first time across the board solely based on teacher assessment. Students will be ranked against their peers and taking into account any mock exams and coursework. Some schools are bracing themselves for a raft of subject access requests. I have therefore shared the latest ICO guidance on exam scripts and releasing data to individuals especially if it may impact on another person (for example small cohorts).
As usual the blog contains an updated on the latest fines, breaches, risks and even a piece on cyber insurance. Finally as news of more redundancies are in the headlines on a daily basis I have shared the details of a local Redundancy Support group “Let’s Go Forward”.
My “Blogs of the week”
Maeri Howard - What Is Mailchimp?
Altrincham HQ - What The LinkedIn Social Selling Index Doesn’t Tell You
Update On Exam Scripts Exemptions And Access To Teacher Assessments
The ICO has released its guidance ahead of results week. This year will be very different because due to the coronavirus pandemic pupils did not be sit exams this year. Instead, teachers will be conducted pupil assessments, which the exam boards will use to award grades.
Because they have received a number of queries about whether the exam scripts exemption will still apply in these unusual circumstances the ICO has issued clarification. Yes, the exam scripts exemption still applies to the information used to award students’ grades therefore a request received before Thursday for information about grades, including the teacher assessments/rank orders does not need to be answered until 40 days after results day.
Requests made after results day should be treated as a subject access request and answered within one month. The exam script exemption does not apply in this case. Students do not have a right to get copies of their answers from mock exams or assignments used to assess their performance. Bur may be given their assessment grade and possibly their rank order. However, there are concerns that the disclosure of rank orders for a small cohort of students could reveal the rank of other students.
Schools and colleges may also choose to proactively provide students with their centre assessment grade and/or rank order information, regardless of whether they have received any subject access request(s). If they decide to take this step they need to be transparent, provide advance notification and consider what additional information and guidance they need to provide to explain the final calculated results. Where there are concerns that the disclosure of rank orders within a small cohort of students could reveal the rank orders of other students if the school should consider if it is more reasonable to disclose the information rather than withhold it. It may be appropriate to obtain consent from the other pupils to release the cohort information or the school may consider that it is reasonable to provide the detail without consent because they want to treat all students in a fair manner and release the rank order irrespective of the cohort size. You can read the complete guidance here: https://ico.org.uk/global/data-protection-and-coronavirus-information-hub/exam-script-exemption/
Capital One Fined for their Hack in 2019
Capital One has been fined $80million by the banking regulator for a hack that took place in 2019. The hack comprised the personal data of 106million credit card holders and applicants. The US Federal Reserve Board have also demanded that the company enhance its risk-management program and related cyber security/information security governance and controls. You can read more here: https://www.dailymail.co.uk/news/article-8600991/Capital-One-bank-fined-80million-significant-data-breach-2019.html
A reminder to keep your software updated
If you haven’t patched (or updated the software) your Wi-Fi-enabled devices for a while now is the time to do it. Some devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei are vulnerable to KrØØk attacks . You can read more here: https://www.bleepingcomputer.com/news/security/kr-k-attack-variants-impact-qualcomm-mediatek-wi-fi-chips/
Is Your Phone one of the 40% that Can be Taken Over Without You Knowing
Security vulnerabilities have also been found in a Digital Signal Processor (DSP) made by Qualcomm. This means that up to 40% of all smartphones could be taken over without the user knowing. It could then be used to spy on the user or create unremovable malware on the device. The vulnerable DSP chip "can be found in nearly every Android phone (including those made by Google, Samsung, LG, Xiaomi, and OnePlus). Fortunately Apple's iPhone line is not affected by the issues. You can read more here: https://www.bleepingcomputer.com/news/security/nearly-50-percent-of-all-smartphones-affected-by-qualcomm-snapdragon-bugs/
Blackbaud Ransomware attack
Many charities and associations who use Blackbaud as their relationship management system have been forced to contact their donors to let them know that there has been a “security incident” involving some of their personal data. While Blackbaud informed organisations that they had discovered and stopped a ransomware attack on their systems on 16 July some data was compromised. This includes name and contact information together with the amount of any donation. The charities and associations affected should be in contact with their donors to let them know what has happened.
Cyber Insurance could help your business with it’s recovery if you are the victim of a cyber-attack but sadly, it will not prevent a breach happening in the first place. Organisations need to ensure they have basic cyber security defences in place before taking out insurance. These defences are explained in the NCSCs Cyber Essentials scheme. Before you purchase cyber insurance the NCSC suggest you ask the following questions:
1. What existing cyber security defences do we already have in place?
2. How do we bring expertise together to assess a policy?
3. Do we fully understand the potential impacts of a cyber incident?
4. What does the cyber insurance policy cover (or not cover)?
5. What cyber security services are included in the policy, and do we need them?
6. Does the policy include support during (or after) a cyber security incident?
7. What must be in place to claim against (or renew) our cyber insurance policy?
You can read more here: https://www.ncsc.gov.uk/news/experts-first-advice-on-cyber-insurance
I don’t usually feature Facebook groups in my blog but as there are more and more who are facing redundancy in these difficult times I wanted to share the details of a local group. “Let’s Go Forward” is a community of people affected by redundancy and the challenges of long-term job seeking. They share experiences and help each other find the confidence, services and support needed to take the next step. You can find the group here https://www.facebook.com/letsgoforwardevent/ or get more information from email@example.com.
The Night Time Economy Webinar - 13th August
The Altrincham and Sale Chamber of Commerce have arranged a Zoominar on Thursday 13th August at 10am With Angela Stone from Albex Residential Property Management Ltd and Zac Mottram Manager of The Green Rooms entitled “The Night Time Economy, – The Creative Solution To A Town’s Successful Regeneration!!”. They will discuss role the night time economy has played in the recent successful regeneration of Altrincham town centre and provide an overview of Altrincham’s bar/restaurant community and their part in Altrincham’s success. You can book a place by emailing firstname.lastname@example.org, members and non members are welcome.
Furlough Fraud Webinar - 20th August
For those concerned about recent headlines on furlough fraud and the news that the government and HMRC have started to investigate some businesses and individuals and “claw back” some of the money inappropriately claimed (in one case £495,000 was fraudulently claimed). Rachel Fletcher, Partner and Head Of Crime at Slater Heelis LLP Solicitors will be presenting a webinar on the topic for the Altrincham and Sale Chamber of Commence on Thursday 20th August, 10am on zoom. The presentation will include the Finance Act 2020 , details of entitlement procedures, the specific evidence required about staff who have been furloughed. You can book a place by emailing email@example.com, members and non members are welcome.
Email is the Number One Security Risk - 20th August
The increased use of email during the COVID-19 pandemic has introduced a greater risk of accidental and intentional data leakage. According to new data from the ICO the top security threat for UK organisations is misdirected emails - over two-thirds (68%) of employees recently admitted to sending work emails in error. The Data Protection World Forum have a live webinar to discuss the email-borne threats that organisations face, why and how people put sensitive data at risk, and how machine learning can prevent email data breaches and protect shared data. The webinar is on August 25, 2020 at 2:00 PM British Summer Time. You can book on with this link: https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=sub&eventid=2507180&sessionid=1&key=51EBD342B01EF4C6D38FDD28CEAEC176®Tag=&sourcepage=register
The Rise of Virtual Care
The Data Protection World Forum held a webinar this week on the topic of embedding privacy and data protection into virtual care technologies. The speakers discussed cloud platforms, telehealth and remote monitoring solutions. The trends being seen in virtual care trends and what that means for providers and patients. The opportunities for reshaping care delivery and how to embed privacy and data protection in technologies into these systems. If you want to view the webinar you can find out by emailing firstname.lastname@example.org.
Blogs of the week
Maeri Howard - What Is Mailchimp?
This week I decided I wanted to know more about Mail Chimp - the email marketing service that allows people to send email newsletters, invitations, reminders and more, to lists of subscribers. Maeri has a great blog piece on what you can use Mailchimp For, how much it costs (unless you have 2000 subscribers it is free) and even has a video that explains how to use it. You can find the piece here: https://maerihoward.com/project/mailchimp/
Altrincham HQ - What The LinkedIn Social Selling Index Doesn’t Tell You
Alex explains why his Linked In training sessions start with looking at your Social Selling Index. If you’ve never heard of SSI or have no idea of how to find out your score then Alex’s blog post takes you through it all in an easy to understand way. So whether you are treating the SSI score as the end goal rather than business as the end goal or have no idea what a SSI score is there is something in this blog for you. You can find it here: https://altrinchamhq.co.uk/what-the-linkedin-social-selling-index-doesnt-tell-you/