• PPP Management

Thursday Thoughts - 9th July

I can hardly believe that it is a fortnight since the last Thursday Thoughts. This week amongst the hacking news, apps to avoid and Microsoft patch releases you will find information the main Data Breaches that were experienced in UK in June.

The UK Information Commissioner has a new “Data protection and coronavirus information hub”.

In it you will find all the information they have on the latest scams, advice on exercising your rights in the pandemic and also targeted information for health and social care and schools. If you have a question about consent, contact tracing or exam scripts you will find it all in the one section.

There is also a thought piece from Mike Ouwerkerk’s article in InovationAUS where he discusses the need for a “human” solution to cyberbreaches rather than a “technical” one. There was much competition for the blog of the week spots and it is an eclectic mix this week featuring, staff motivation, data ownership, journalism and veg boxes… Enjoy!

My “Blogs of the week”

The HR Department - How to motivate your team when forced to freeze or cut their pay

Tim Turner - Backwards Momentum

Kiddy Cook - What's the point of a vegetable box

JOIC - Privacy and Journalism: How does it work?

Data protection and coronavirus information hub

The ICO have an information hub to help individuals and organisations navigate data protection during this unprecedented time. Top of the tree is “Collecting customer and visitor details for contact tracing”. But you will also find guidance whether you have concerns about how your data is being used or you have concerns about using other people's data. Topics this week include:

· Information rights and Coronavirus recovery

· Coronavirus and data protection if you are seriously unwell

· Coronavirus and personal data - what you need to know if you make a request during the pandemic

· Advice on the latest scams via their “Your data matters blog”

· Advice about misinformation relating to Coronavirus

· Contact tracing, Coronavirus recovery

· Health, social care organisations and coronavirus

· Data protection and working from home

· The ICO’s regulatory approach to Subject Access and FOI requests during coronavirus

· Exam script exemption and access to teacher assessments

· FOI and coronavirus

You can find all of this information here: https://ico.org.uk/global/data-protection-and-coronavirus-information-hub/


Social Engineering

One of the things cyber criminals do (as well as exploiting system vulnerabilities and hacking) is they target the organisation’s employees. This sort of attack happens when fraudsters manipulate people into performing certain actions and is known as Social Engineering. The IT Governance team have gathered together some interesting information on the most common social engineering attack techniques:

· Pretexting

· Baiting

· Quid pro quo

· Scareware

· Angling

The most common so far in July have been a new wave of fake COVID-19 tax rebates and WordPress admins being targeted by fake DNS updates. You can read more here: https://www.itgovernance.co.uk/blog/social-engineering-what-it-is-and-how-to-avoid-it

25 Apps to avoid

Google has removed more apps from the Play Store after a French cybersecurity firm found they had been stealing Facebook user data. Malware within the apps (which includes Wallpaper, Flashlight, Video maker, Pedometer, Solitaire and File Manager apps) collect the user’s Facebook logins through a fake authentication page. These apps were downloaded over 2.34 million times! If you have any doubt check if the app you downloaded is unavailable on the Google Play Store and manually uninstall them from your device. If you have entered your Facebook password into the app make sure to change your Facebook password immediately. You can read more here:

https://7news.com.au/technology/google-has-removed-25-more-apps-from-the-play-store-for-abusing-facebook-user-details-c-1152234

Cyber attacks and data breaches - June 2020

Worldwide in June 2020 there were 92 security incidents and at least 7,021,195,399 records breached according to IT Governance research. The largest individual contributor to this was KeepNet Labs who admitted that a third party exposed five billion records online. The headline UK breaches are:

· Patient files at Hockley GP surgery hacked (8,839)

· Avon’s UK website offline a week after suffering cyber attack

· Hacker leaks database of dark web service provider Daniel’s Hosting (10,876)

· Phishing scam targets German coronavirus task force (100+)

· UK electric firm Elexon hit by ransomware

· International IT firm Excis targeted by ransomware

· Babylon Health app lets patients see other people’s video consultations

· Just Eat customers’ details dumped in Cleveleys alley

· Inventory Hive website vulnerability exposes users’ personal data (100,000+)

· KeepNet Labs issues a statement about leak discovered by researcher (5 billion)

You can read the full details in the IT Governance blog https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-june-2020?utm_source=social&utm_medium=twitter


Microsoft Releases Urgent Windows Update

Microsoft released software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions. It is unusual to see patches released before the monthly 'Patch Tuesday Updates'. Both flaws reside in the Windows Codecs Library which is an easy attack vector. You can read more here: https://thehackernews.com/2020/07/windows-security-update.html

https://www.bleepingcomputer.com/news/security/almost-300-windows-10-executables-vulnerable-to-dll-hijacking/

Democracy under threat from ‘pandemic of misinformation’

On 29th June the UK House of Lords made a stark warning to the UK Government to act immediately to deal with a ‘pandemic of misinformation’. They believe it to be a threat to our democracy and way of life. The stark warning comes in a report published today by the Committee on Democracy and Digital Technologies. You can view the select committee video report here: https://www.parliament.uk/business/committees/committees-a-z/lords-select/democ-digital-committee/news-parliament-2019/committee-publishes-report/

One to watch

Microsoft announced plans for a new “free-to-use” which will uncover evidence of sabotage such as rootkits and intrusive malware. The details of Project Freta can be found in the following hacker news article: https://thehackernews.com/2020/07/microsoft-linux-forensics-rootkit.html

The hacker that threatens you with the ICO

Tech Radar reported this week that cybercriminals are targeting unsecured MongoDB databases with an added twist. They threaten to report the database owner for GDPR violations if their ransom demands are not met! You can read the full article (link below) but if you receive a message that threatens to contact "the General Data Protection Regulation, GDPR" you can safely assume it isn’t a legitimate threat as they don’t know who the supervisory authorities are. https://www.techradar.com/news/this-ransomware-steals-your-data-and-threatens-to-report-you-for-a-gdpr-violation

Do we rely solely on tech for cyber problems?

Mike Ouwerkerk’s article in InovationAUS discusses the push to implement technical solutions for problems that are largely related to the behaviour of people. He asks if the major issue is the behaviour of people, how do technical solutions address the problem. What organisations need to do is to “make people aware of how they are being targeted, motivate them to change their behaviour, and embed cyber security awareness into the culture of the organisation.” You can read Mike’s article here: https://www.innovationaus.com/do-we-rely-solely-on-tech-for-cyber-problems/


Blogs of the week

The HR Department (Trafford and Warrington) - How to motivate your team when forced to freeze or cut their pay

Sadly, we are hearing of lots of companies who are having to take difficult decisions in order to stay in business. Many business owners are under pressure financially and are seeking alternatives to redundancy. One way to help turn around your business is to look after your staff. If they are productive and engaged at work, everyone will thrive. This excellent blog from HR department comes at exactly the right time. There are many ways that you can boost employee morale and motivation without increasing pay. https://www.hrdept.co.uk/trafford-and-warrington/blog/how-to-motivate-your-team-when-forced-to-freeze-or-cut-their-pay

Tim Turner (2040 Information Law Blog) - Backwards Momentum

This blog piece is about a possible standoff between the Momentum political movement and its former chair. It is a real insight into the power of personal data and offers insight and analysis of the possible GDPR issues when a member-driven organisation doesn't seem to be able to speak to its own members because it isn't the data controller. You can read the blog here: https://2040infolawblog.com/2020/07/06/backwards-momentum/

Kiddy Cook - What's the point of a vegetable box

Like many during the COVID pandemic I have subscribed to a veg box scheme. I love the fact that I am supporting the local farmers and have enjoyed the challenge of cooking some of the more “unusual” items in my box. The blog by Nikki Geddes is relevant to us adults just as much as to our children. Veggie boxes are so much more than a box of veg. They introduce us to seasonal produce, make us cook from scratch and allow us to support small scale farmers as well as reducing food miles, come unwrapped (and often muddy) in a cardboard box which can be reused or recycled. You can read the full blog here: https://www.kiddycook.co.uk/blog/latest-news/2020/07/02/whats-the-point-of-a-vegetable-box/

JOIC - Privacy and Journalism: How does it work?

The Jersey Information Commissioner’s blog explored the duty of care a journalist has both their contributors and viewers.It covers the issues a journalist needs to deal with when it comes to protecting people, property and data.Including the need to protect the source of the data.You can read the blog here: https://www.jerseyoic.org/blogs/privacy-and-journalism-how-does-it-work/

3 views

Contact Us 

Got a query? Get in touch with us 

Find Out More 

Learn more about what we can do for you

  • Twitter Clean
  • Blogger Clean
  • LinkedIn Clean

​© The Copper Room, Deva Centre, Trinity Way, Manchester, M3 7BG Telephone 0161 608 0000. Registered in England and Wales 8719380.