Ready for GDPR?

In the global market most of us work in, the new EU General Data Protection Regulation (GDPR) that replaces the Data Protection Directive will impact everyone. This important site  outlines what is coming...are you ready? The site’s homepage includes a countdown clock to enforcement, 25 May 2018 is right around the corner.  The GDPR applies to organizations in the EU of course but also to all organizations, anywhere, that offer good or services to, or monitor the behavior of, EU subjects.  It applies to your organization, regardless of location, if you process or hold personal data of subjects in the European Union. 

Non-compliance is a serious matter, the fines can be substantial. All organizations need to be prepared for this change. The site linked to above has resources to help you learn more. 

October – National Cyber Security Awareness Month

ncsam National Cyber Security Awareness Month was created as a collaborative effort between government and industry to ensure everyone has the resources they need to stay safer and more secure online. This marks year 14!  The website has a wealth of resources from tip sheets to suggested social media posts and links to training and educational resources.  There is a great infographic here about how to get involved.  Each week of the month has a unique theme from online safety to protecting infrastructure from cyber threats.  The site is a great resource, visit to learn more. We're all responsible in keeping our personal, company, and client information safe, make sure you are well informed. Staysafeonline.org is a great place to start.

 

 

World Backup Day - Today AND Everyday

WBD logo
WBD logo

According to a 2016 survey  by Backblaze 24% of people have never done a backup and 25% only do so yearly!

To bring more awareness, March 31 is World Backup Day, chosen to be the day before April Fool’s Day to remind people, “don’t be an April Fool. Be prepared.”We know we should back up frequently, ideally daily, but it doesn’t hurt to have a day where we are thoughtful about all devices, all content, related to both work and our personal lives.While we may have automated backups at work, do you at home?Safeguard your photos, phones, tablets, financial documents – all important files. If you are one of the very prepared that does regular backups, do you also have a plan of action in case those backups are needed in the future?Have you tested it?

There’s something for all of us to think about on World Backup Day and according to the founder, Ismail Jadun, cake is also an acceptable method of celebrating, provided there is cake for all.So safeguard your data and then celebrate with cake!  Info can be found here. See more at Twitter: @WorldBackupDay .  While you're there, follow us: @Referentialinc. As they say, don't be an April fool, but do be prepared.

Phishing, Smishing, Vishing, Phaxing…..

Our whole team recently went through one of our regular security training sessions. We talked about a range of issues from physical securitysuch as laptop locks, door codes and so forth ,to various laws and regulations we need to be aware of. As our clients are international and in a wide range of industries there is a lot to be knowledgeable about! Some of our time was spent talking about phishing (email), smishing (text), vishing (phone), phaxing (fax)… all the variations cybercriminals are using to trick folks into giving them valuable personal or company information. Of course it’s much easier if someone hands over that valuable information than if the criminal has to break through variouslevels of security to try to find it on their own.   

The following article from BBC News, though about a year old, is an overview written in layman’s terms so good to share with those that may be less tech saavy. “Vishing and smishing: The rise of social engineering fraud”, by Marie Keyworth,   here.

There are plenty of resources with tips.  If you need a place to start consider this blog post titled: Safer Internet Day 2018: 70 Internet Safety Tips to Follow, here.   Be vigilant!  Stay safe!

Do you cover your webcam?

More and more people are choosing to cover the webcam on their laptop and other devices.  Last month the director of the FBI James Comey confirmed he uses tape to cover the camera on his computer.  “I think people ought to take responsibility for their own safety and security,” Comey proposed at a Center for Strategic and International Studies conference. Hackers can access these cameras through malware. All it takes is one wrong click.  Malware can contain code which might turn your camera on and save the feed.  Often they can even disable the camera's light so you don't even know it is recording!

Once you have decided covering that camera is the way to go you then need to figure out how.  Read this article from Slate where Jacob Brogan tests all sorts of sticky choices so we don't have to!  Here's a sample cover, below, where June Thomas uses washi tape.That's one of many options tested.  Read the article here.june-washi-jpg-crop-promo-xlarge2

Be Present

One of Referential’s operating principles is to ‘be present’.   That’s a short way to say give the task at hand your full attention. Don’t multitask in meetings, come prepared, and be on time. One necessary tool that can also be a distraction is the cell phone. They are required to do our work as several of our clients have security requiring multi phase authentication to access their necessary systems and data. We all have a variety of security apps on our phones, depending on which clients we work with. While a useful and necessary tool, we do try to minimize the distraction element of phones.   We haven’t done an outright, official ban of cell phones from meetings, brainstorming sessions, group training sessions, and so on; but they are certainly discouraged. Placing the phone on silent or vibrate isn’t enough to avoid distractions. Employees bringing their cell phones to meetings are tempted to read text messages and email. We have said that unless you’re using your phone for client system access or it’s an emergency put them away, there’s plenty of time to catch up with friends and news at lunch or breaks.

A recent study showed nearly half of all firms have official policies about cell phone use, does yours?

DOJ Virus got me

The Department of Justice or DOJ virus got me, even with great security software on my system. It uses spam emails, freeware, shareware and other sources. I have no idea what triggered it for me.  It locked the system completely, claimed  my  system was blocked because I had been doing illegal activities.  It had my IP address and even had used the webcam to take my photo and insert it into the fairly official looking screen.  There are different versions, claiming you have been using copyrighted content, visiting pornographic websites, or even spreading malware.  In my case it demanded $300 to unlock the PC, but the demand can range from $100-$450.   Of course the Department of Justice Virus is a scam as no institution would lock your PC and ask you to pay any fines in that manner.  Scam, hoax. ransomware. It was still there when I turned my PC off and on.  I couldn’t do anything but luckily there are lots of resources out on the web with instructions to remove the virus.  A big thank you to all the folks who have posted instructions for removal and for our resident IT guru who helped me.  Hopefully none of you get infected!