ISMS.online Weekly Roundup – 12th September 2019

Table of Contents

Welcome

Back to school isn’t just for the kids in this weeks edition of our Information and Cyber Security News Roundup. What does Brexit mean for data flows? Schools need to improve their cybersecurity measures and Google are exploiting loopholes.

The ISO 27001 Toolkit

Are ISO 27001 toolkits an asset or a liability? Should you be considering a document toolkit of your own, read our latest piece first.

Read the full article here.

ISO 27001:2013 Lead Implementer Courses

Are Lead Implementer courses the best way to achieve your ISO 27001 goals? To explore whats involved and what the alternatives may be, take a look at the information we have assembled.

Read the full article here.

SMO’s must “prepare for all scenarios” to maintain data flows when UK leaves the EU

The Information Commissioners Office (ICO) has posted an informative blog to raise the awareness of small and medium sized organisations to prepare for all occurances should the UK leave the European Union without any deal. 

Read the full article here.

Can sports clubs share their marketing database with sponsors?

Mark Hersey for LawInSport writes a very interesting piece investigating the unease from sports clubs about exchanging private information with promoters since the implementation of GDPR and whether this violates the law or not.

Read the full article here.

GDP-arrrrrrgggghhh! A no-deal Brexit: So what are you going to do with all that lovely data?

SA Mathieson, an analyst and journalist at The Register, has written this fascinating article that discusses, with the recently published Cabinet Office document on the possible effects of a Brexit no-deal, what are the implications on data flows between the UK, the EU and the remainder of the EEA?

Read the full article here.

AI brings brand new experience in recruiting, while data poses challenges

Yixuan Xie, a writer for Medill Reports, discusses how after the U.S. Department of Labor revealed that the unemployment rate is at nearly five-decade low, some employers are struggling to find skilled employees, and so have turned to artificial intelligence to improve the hiring process.

Read the full article here.

Google To Fix Malicious Invites Issue For 1 Billion Calendar Users

Davey Winder for Forbes has written this thought-provoking article on how back in 2017, two Black Hills Information Security researchers revealed how a vulnerability in the Google Calendar app left over a billion users open to a credential-stealing loophole, this has resulted in Gmail users being at the losing end of an advanced scam that uses malicious and unsolicited Google Calendar notifications to garner misplaced trust.

Read the full article here.

PDF reader software could be major security risk

Naked Security’s Danny Bradbury details how, last week in a blog post, Chief Policy and Industry Relations Officer for the private browser company Brave, Dr Johnny Ryan, accused Google Authorized Buyers of violating GDPR in this thought-provoking article.

Read the full article here.

‘Don’t sit on the fence’: UK regulator reiterates GDPR warning to ad tech companies

Time is running out for ad tech companies that still do not fully comply with GDPR after being given a six-month grace period by the DPA to solve any gaps in their strategies. With four months remaining, Digiday UK have published this brilliant article by Jessica Davies, on how the ICO’s chief of technology and policy has urged ad tech companies, that still rely on a legitimate interest, to move forward and communicate with regulators before penalties are given.

Read the full article here.

Looking at 4 major ways GDPR has altered the marketing landscape

In another look at GDPR Dominik Matyka reports on the few ways in which the legislation has changed the marketing landscape.

Read the full article here.

Why every business should consider ISO 27701 compliance for their vendors

Michael R Overly of CSO has written an informative piece on the recently released privacy extension to ISO 27001, designed in a bid to aid in further protection and controls for personal data.

Read the full article here.

Researchers reveal NetCAT vuln in Intel’s Xeon chips

Gareth Halfacree for bit-tech wrote this intriguing report about how researchers discovered that Intel’s server-centred processors enabled attackers to monitor allegedly safe traffic, including encrypted passwords, through cache attacks over the network.

Read the full article here.

HMRC faces legal fight for handing Britons’ data to US tax officials

HMRC is undergoing a legal battle after losing an appeal in France this July to prevent it from passing on the personal details of British citizens to tax officials in the United States. Kalyeena Makortoff, The Guardian’s banking correspondent, reports on the potential consequences for tens of thousands of ‘accidental Americans’, who left the US when they were months or years old, who risk having their British bank accounts frozen for failing to meet US tax criteria.

Read the full article here.

Are GDPR standards slipping already?

A good article here on Education Executive asks how GDPR is holding up since its implementation last year, looking at the recognition its gained and what organisations need to consider in order to maintain the required data regulations.

Read the full article here.

The preliminary draft of the NIST Privacy Framework is here!

NIST has released the draft of its new privacy framework, a new tool for improving privacy through enterprise risk management. This announcement comes from Naomi Lefkovitz on the NIST blog page.

Read the full article here.

Scheer unveils pledges on cybersecurity and data privacy, including new cabinet committee

Victoria Gibson for iPolitics reported that new proposals were made in a statement to the Montreal Chamber of Commerce by Conservative chief Andrew Scheer, regarding how cybersecurity has become a growing problem for the Canadian government as the risk of cybercrimes and attacks have risen in the past few years.

Read the full article here

Audit highlights schools’ cyber security shortcomings

 

The National Cyber Security Centre and technology provider for schools, the London Grid for Learning, released a report earlier this year after conducting cybersecurity audits of 432 schools across the UK. Mark Say, UKAuthority’s Managing Editor, has published this brilliant article detailing how most schools view the issue as important, but many need to take additional steps to enhance their plans.

Read the full article here

Four in five schools in the UK suffer security incident

CISOMAG released this captivating article on a recent cybersecurity audit discovered that four out of five UK schools experienced a security incident, such as phishing and ransomware attacks, causing schools to be a top target for attackers due to the enormous amount of sensitive information they hold.

Read the full article here

The EU’s search for tough cybersecurity standards

 

As part of Euractiv’s special report on establishing digital freedom in a busy world, Samuel Stolton’s fascinating article describes how, after appearing before MEPs last week in the Industry Committee of the European Parliament, ENISA’s new head, Juhan Lepassaar, hopes that the recently established EU cybersecurity framework could become the new worldwide norm.

Read the full article here

China issues new cybersecurity law to protect children

Latham and Watkins LLP, a blog for global privacy and security law, produced this fantastic post for JDSupra detailing on August 22, 2019, the Chinese Cyberspace Administration published a new child-related data privacy regulation, the Children’s Personal Information Cyber Protection Provisions. They continue to explore how and its effects within the People’s Republic of China when the regulation comes into force on October 1st.

Read the full article here

An inside job: The human factor of cybersecurity

 

New research from the Telstra 2019 Security Report has found that 89% of cybersecurity risks are now internal and that as a result of unintentional employee action, nearly half of businesses will experience at least one security incident each year. Find out more in this fascinating article by David Howell for IT Pro.

Read the full article here

Will DOD’s new cyber rules crush small business?

There are worries that companies will soon have to get cybersecurity certified to work with the U.S. Defense Department. The Cybersecurity Maturity Model Certification framework proposed could prevent the DOD’s attempts to utilize start-ups as the current qualification could potentially put constraints on resource for small companies and start-ups. Lauren C. Williams’ compelling article for FCW explains more.

Read the full article here

How to navigate critical data security and privacy policy challenges

 

With rising data growth, there are more security and privacy hurdles for organisations and leaders, as the average data breach is valued at nearly $4 million as well as possibly unfixable brand damage that goes with the mishandling of user data and privacy. Steve Black, a Cyberlaw Professor at the Houston University, has detailed in an article for HelpNetSecurity, how security experts can proactively address difficult safety and privacy policy issues.

Read the full article here

NY School District Cancels School After Cybersecurity Threat

 

Campus Security & Life Saftey correspondent Sherelle Black reported that a New York School District postponed their first day of school after hackers attempted to block and ransom the district’s network. However, the district’s cybersecurity monitoring service shut down the network before control of the system could be taken over. Parents were notified of the attack by email and the district decided to suspend classes as a security measure.

Read the full article here

Achieve your information security goals with us

ISMS Online Rating: 5 out of 5
Share This