What Can Businesses Learn From The First GDPR Fines?

by Felicien | Mar 12, 2019 | Education

Less than a year ago, the European Union instituted the General Data Protection Regulation (GDPR) to protect customer rights to data privacy.
The regulation created quite a stir in May 2018 when it was enacted, and has recently created even more of a stir because the first fines for non-compliance have been levied. While the EU granted a short amnesty period to allow organizations to comply with the regulation, the fines definitely send a clear signal that the amnesty period is indeed over.
Companies are responsible for implementing GDPR-compliant data policies; complacency about the regulation will surely not win the day. No excuses — comply or be fined; the EU has definitely made good on its promise to staunchly defend citizen rights to privacy.
Thus far, there have been three notable penalties. One of the most visible is, of course, Google, which received a €50 million fine in France, courtesy of French data regulator CNIL (Commission Nationale de L’informatique). Google’s fault according to CNIL is the lack of transparency and unclear consent regarding advertisements.
In particular, Google did not have one clear source of information regarding how data is collected. Instead, the information was interspersed into various documents and websites, creating a nearly impossible task for the end user to be aware of how their personal data is actually being used.
The bottom line is that users must be able to make an informed choice about whether (or not) to consent to Google’s use of their data. The other important factor in the Google fine is that CNIL clearly sent a signal that Google can and will be regulated by every data privacy authority (DPA) within the European Union regarding the GDPR rules. Companies that were just focusing on the data privacy rules in their own country have definitely taken notice.
Google will inevitably appeal CNIL’s decision and organizations around the world are anxiously awaiting said outcome. If CNIL’s decision stands firm, companies will have to make changes in how they conduct similar online platforms. Simply said, the outcome could possibly create a profound change in the relationship between consumer and advertiser.
In Germany, a similar social media platform was fined €20,000 for a breach that compromised personal information like passwords and email addresses from more than 300,000 users. While this fine could have been much worse for the company, many industry experts state that the company was given a much lower penalty for how they handled the breach. The company’s saving grace was a proactive notification of both customers and the German GDPR data protection authorities.
This last example of a GDPR-levied fine definitely brings home the message of the lengths the EU will go to protect their citizens. In this case, an Austrian businessman was fined for placing a camera outside his business. The camera was not clearly identified as a CCTV camera, yet it was recording a public space outside his business.
Since GDPR began, the EU has received nearly 100,000 data privacy complaints from its citizens and over 40,000 data breach notifications from companies. Experts say these numbers are low because they are based on voluntary contributions from only 21 of the 28 EU member countries. The numbers therefore are actually much higher.
So far, the GDPR has reported levying 91 fines, with 60 of those fines levied by the German DPA alone. GDPR definitely changes the compliance risk for organizations across the world. Heftier and more numerous fines are expected to be handed out in 2019 as the EU moves into GDPR with full steam.
The United States was once the trailblazer of the world when it enacted the mandatory data breach notification laws and punishment sanctions for non-compliant businesses. Now, the U.S. Congress is closely following GDPR and may soon enact similar privacy considerations to rein in companies like Google, Facebook and others who offer free products and services at the expense of a user’s personal information. Congress understands that what a consumer discloses today can have far-reaching implications years later, and they are definitely watching the implementation of GDPR as Europe nears its first anniversary of enacting the law.

Are Hackers Targeting Managed Service Providers?

by Felicien | Mar 12, 2019 | Education

 
When you think about it, it makes sense that hackers might target managed services providers (MSPs) — those organizations that are responsible for protecting the data and technology systems for hundreds or even thousands of other organizations. The Department of Homeland Security recently alerted MSPs to the potential activity from hostile actors who were targeting large organizations in a new way. These nation-state hackers were using managed service providers who provide outsourced website management and cloud functions to infiltrate a variety of companies. While any organization can potentially be vulnerable, MSPs often maintain an increased state of alert to ensure that any infiltrations are quickly discovered and remediated before the threat can expand.
How Cybercriminals Are Targeting Their Attacks
Managed service providers often maintain direct and unfettered access to client information, making them a key target for hackers. While perhaps not a daily occurrence, security breaches happen to organizations of all sizes — much more often than business leaders would like to admit. Attacks against a well-defended organization such as a managed services provider take an exceptional level of coordination, often perpetrated by high-powered, international hackers. These organizations often attempt to gain access to an MSP by using malware to steal administrative credentials before tunneling deeper into the infrastructure to gain access to additional machines and software. This business information is then packed out of the platforms, allowing hostile foreign actors to gain access to sensitive personal, financial and business information.
Are Managed Services Providers Safe?
Maintaining a secure infrastructure for your business is core for MSPs, as they have the dedicated and knowledgeable staff focused on protecting client and business information. While a compromise within a service provider can spread quickly if it is unnoticed, the active reporting and review by security professionals is likely to catch any infiltration before it becomes widespread. One of the key ways that managed services providers are being attacked is through APTs, or Advanced Persistent Threat malware. These sneaky programs are designed to gain deep access before they are noticed, but managed service providers have programs that trigger alerts for review by human security professionals to maintain a high level of security for your business at all times.
Maintaining adequate security measures as well as advanced backup and recovery mechanisms is one of the best ways to thwart these hackers before they are able to negatively impact your business or your customers. Local and cloud-based backup procedures, as well as proactive and quick recovery strategies, can mean the difference between losing access to your information for days or even weeks and being able to quickly restore full operations to your business.

Warning: Foreign Hackers Compromised Citrix Systems

by Felicien | Mar 11, 2019 | Education

Citrix said the FBI warned them on Wednesday, March 6th that hackers compromised its IT systems and stole “business documents.” Citrix doesn’t know precisely which documents the hackers obtained nor how they got in.
It’s suspected that this is a sophisticated cyber espionage campaign supported by a nation-state. The consequences of the Citrix security incident could affect a broader range of targets, as the company holds sensitive data for many companies, including critical infrastructures for governments and enterprises.
For more information click here. Feel free to contact us for assistance if you’re concerned about your IT security.

How To Limit What Others See From Your Browsing History

by Felicien | Mar 11, 2019 | Education

If you’re like most people, you’ve got valid concerns about your personal privacy while browsing the internet. After all, Facebook and other organizations with a huge online presence have recently been caught dropping the ball regarding protecting the privacy of their users, so it’s only natural to wonder if your privacy is being further compromised and how it’s being done, which leads us to the primary question: What measures can the average internet user take to help ensure that the details of their browsing histories are limited to anyone who may be keeping tabs?
Fortunately, you’re not helpless in this situation. However, if you’re like many current users, you may be already using the “Do Not Track“ option in your browser and possibly gaining a false sense of security by doing so. Unfortunately, all this option really does is convey to the websites you visit that you don’t want them to log your browsing history, but it doesn’t prevent them from doing so, and many completely ignore the request. In fact, this option will probably be removed in the near future.
Fortunately, your browser offers other ways to help ensure your privacy. Following are several browser-specific tips and tools designed to help keep your history safe from the prying eyes of cyberspace.
Firefox
Firefox’s privacy controls are found under the Privacy & Security tab in the Options menu. You can block third-party cookies from there, accessing Content Blocking and selecting Private Mode. You can also choose to have your cookies automatically erased each time you end your browsing session. Firefox also allows users to customize this option on a site-by-site basis under the Settings menu, which results in pop-prompt requesting permission the first time you access individual websites. You can also specify and limit the kinds of data that you allow the browser itself to collect and store, such as technical details about Firefox’s performance and various extensions you’ve installed on your computer.
Safari
If you’re running Safari, you’ll be glad to know that the browser already does some of the work for you when it comes to protecting your privacy — disabling third-party cookies is Safari’s default mode. It also gives you the option of blocking all cookies, but users often consider that a pain because it creates a situation where auto-login doesn’t work, and they must log in every time they visit their favorite sites, including email and social media. Like Firefox, Safari has a private browsing mode that deletes cookies and history once the browser has been closed.
You can also access Safari’s Manage Website Data tab to see what websites have already logged and to delete that data if you want. Under the Preferences setting, you can click Websites to control which apps and sites you want to allow to access your computer’s microphone and camera.
Chrome
Chrome provides users with the capability to adjust their privacy settings using Content Settings under the Advanced Settings option. You’ll be able to disable cookies here, but that will leave you with the inconvenience of losing auto-login. Some people find the extra layer of protection worth the hassle, but cookies aren’t really a major culprit when it comes to privacy breaches because regular cookies can’t be seen by apps or other websites.
Third party cookies, on the other hand, are those used by advertisers to track the overall browsing activity of users for the purpose of creating targeted ad campaigns. You can easily disable these in Chrome by simply switching the “block third-party cookies“ option to ON in the Content Settings permissions. You can also limit access to your location, camera, microphone, and USB devices.
Edge
Microsoft Edge functions as a part of Windows, and its user-friendly interface makes customizing privacy controls easy. Under the Privacy & Security tab in Settings, there are options allowing users to allow all cookies, disable all cookies, and disable only third-party cookies. Edge also offers a private browsing mode similar to those of the other browsers mentioned above. Under the Advanced tab in the Settings menu, you can access Manage Permissions to control who sees your location and can access your microphone or camera.
However, the browser options given here are just a part of a bigger, more complex picture when it comes to online privacy. Google still records user activity and even saves all of your search history. You can delete this by going to your My Activity page on Google, selecting Search History from its dropdown menu, and clicking on Delete. To stop it for good, you can access Activity Controls and turn off tracking for Web & App Activity. Google also saves all of your voice searches, but you can remove them by going to their Voice & Audio page and clicking on Manage Activity.
Some users opt to use a VPN when browsing the internet because it generates proxy IP addresses, so although activity is tracked, it can’t be traced back to the user. Others install various ad blockers for even more protection, and the super-vigilant often opt for the added security of using a private browser. No matter what your privacy concerns, there’s a workable cocktail of tools and strategies that can provide you with a customized solution.

What Is This Chromium Application That Just Appeared On My Computer?

by Felicien | Mar 11, 2019 | Education

Have you seen a new application — Chromium — suddenly appear on your computer? It’s likely that if you did not intentionally download it, the app is malware that should be removed immediately.

While Chromium is a legitimate product, hackers have been using it to deliver adware and potentially unwanted programs, redirect browsers to different websites and track Internet activity. The results of such unwanted software can range from minor irritation to serious privacy concerns, including identity theft.
What Is Chromium?
Chromium is an open-source browser application that was initially created by Google. Chromium is the source code for what became the Chrome browser. When Google released Chrome in 2008, it also released the Chromium code. The Chromium project is now managed by The Chromium Projects and is designed for developers to create a faster, more stable and safer form for web browsing.
Chrome itself still includes some of the Chromium source code along with proprietary features, such as automatic updates. Google owns and manages the product, which is by far the most popular browser worldwide, with 62.5 percent of the market share as of February 2019.
Why Is Chromium Popular with Hackers?
Because it’s an open-source product, Chromium is vulnerable to misuse. Browser hijackers are a type of malware that makes changes to a user’s browser settings without their knowledge or consent. Most users unintentionally download hijacking malware when clicking through online ads or when downloading or purchasing other software.
How Does Malware Chromium Work?
The malware Chromium app uses a virtual layer to push ads or redirect browsers to e-commerce websites. Other types can direct users to dangerous, malicious websites that can themselves contain infectious viruses and programs.
What’s worse is that the bad Chromium browsers track your browser activity and can grab browsing data, including personally identifying information, passwords and financial data such as credit card numbers and bank account numbers. The hackers then sell this information to third parties, who often use it illegally. This activity can mean privacy breaches, unwanted use of cards and accounts, and identity theft.
There are many different Chromium-based browser applications that are dubious, despite appearing to be legitimate. Usually, these apps claim to improve browsing speed and security and boast of having new features that other browsers lack. These claims lure users into a false sense of security and invite downloads that cause trouble. These questionable app names include BeagleBrowser, BrowserAir, Chedot, eFast, Fusion, MyBrowser, Olcinium, Qword, Torch and Tortuga, among others.
How Is Chromium Malware Installed?
Often, these rogue programs are part of the Custom or Advanced settings of an app. The most common victims of these unwanted applications are users who hastily download software and install it quickly without reviewing each step. To avoid these inadvertent downloads, it’s important to pay attention during download and installation steps. Be wary of any software that is bundled with other programs and never accept offers to install third-party programs.
How Do I Uninstall Rogue Chromium Browsers?
There are several step-by-step guides online to show how to remove the malware, do thorough scans of your computer for rogue files and registry keys, and clean and reset browsers. The steps are very specific to your operating system and browsers. Two good online guides are here and here.
Being aware of types of malware, how they infect your computer and what they do can help prevent you or your employees from the frustration, time and irritation of fake Chromium browsers.