Monthly Archives: February 2014

Treasury Solicitor’s Department falls foul of Data Protection Act

Security for UK legal professionals

You can read the story here

In summary, Whitehall’s largest legal department, the Treasury Solicitor’s Department iStock_000014878772Medium(TSol) has breached the DPA four times between 2011 and 2012. These breaches were not system glitches, hackers or any kind of technical failure. They were the result of human error and a failure in process. this may be due to a lack of awareness or possibly a training issue.

Processes will now have to be totally overhauled, as staff learn exactly what they are required to do when handling information. This can happen to any organisation of course but the ramifications in legal matters are very serious.

The ICO found that in three of the cases, papers relating to various pieces of litigation were sent out to the claimants’ solicitors, while still containing the personal information of third parties that should have been redacted. In the fourth case, a bundle of case papers…

View original post 124 more words

Phishing email claims to be from SRA…

Beware of all phishing. Spear phishing is more precise and aimed a little more this looks to be a more sophisticated standard phish.

Security for UK legal professionals

We have just heard about an email circulating legal practices which claims to be from the SRA. Apparently, it looks quite convincing but in actual fact it is a phishing email that could be damaging or contain malware or virus. We have not seen this email but as phishing emails are very common, we wanted to raise awareness that this is a potential threat.

If you are in any doubt, contact the SRA but do not click on any links or open any documents attached without being totally convinced of its authenticity.

The email in question will be from xx@sra.org and not xx@sra.org.uk (ie no UK on the end).

SRA response:  www.sra.org.uk/sra/news/scam-email-sra.page

Please share this information.

phishing

View original post

Geography Lesson – a Cyber attack has no geography

stick_figure_pointing_north_america_image_500_clrThis morning’s security news bought the usual slew of stories on new products, advice and data breaches. One data breach that caught my eye was Maryland University. For reasons that will become clear I will be watching this unfold.

Maryland University has in the last few days suffered a massive data breach that has been characterised as a cyber attack. Normally I am wary of taking this at face value for the simple reason that language around security can sometimes be sloppy and someone using login credentials that that shouldn’t gets labelled as a cyber attack or hack. It is unhelpful and allows people to drift into the dangerous thought arena of ‘someone else’s problem, probably IT’…

This one is different because the university maintains it has excellent security and this this is unlike other breaches…

“Unlike some recent high-profile data breaches elsewhere, this university’s data breach did not occur as a result of a faulty preventative system or an IT mistake” said Brian Voss, the university’s vice president of information technology and chief information officer

 

The story is here if you would like to read it.

We will post any further developments that come to  light.

Image courtesy of freedigitalphotos.net

 

 

 

Why every day is Data Protection Day

Excerpt from Outsource Magazine article.

Hopefully it won’t have escaped your attention that the 28th of January marked EU Data Protection Day, also known as Data Privacy Day. This awareness-raising event has moved out of the EU in real terms and activities relating to both protection and privacy happen globally.

Link to the full article here

Sunday Times – Mike Gillespie on SME Cyber Security

Excerpt from The Sunday Times dated 16th February 2014

Small firms can be targeted for their clients’ data as well, said Mike Gillespie, director
of cyber research at the Security Institute, the industry body. “Look at the number of
small businesses that are suppliers or subcontractors to government and big business,”
he said.

 

Read the article in full here

Appy Valentine’s Day? Or the Valentine’s Day Mobile Massacre?

ID-100103981It’s that time of year when thoughts turn to love,romance and cupid firing his arrows at unsuspecting victims. (That may have come out wrong) It is also the time of year when the volume of threats to the security of computers and mobile devices rapidly increases, as we are offered new and exciting e-methods of wooing a would-be mate.

Malware and privacy violations are rife in these Valentine or romance styled apps and though many people are familiar with the old phishing emails that purported to show you who was in love with you if you would just click the link or open the file, it still goes on and some people are still caught out.

Nowadays mobile app stores are awash with apps that will frame your photos in a suitably cupid-ey frame, or offer your lover romance-filled quotes. We need to be hyper-vigilant when downloading any apps of course, but with the misty eyed romance comes additional danger. Some apps demand access to your email, texts, location, calendar and even phone calls. So the best outcome might be unwanted advertising the worst outcome could mean it basically taking control of your device. Always check the permissions, even on paid for apps. If you think it seems reasonable for a wallpaper app to need to know your location and have access to your contacts then go ahead, if you don’t, then maybe you should reconsider if this is what you want on our phone or device. Some apps that do these things are also available from Google Play, so you really need to keep your wits about you. Of course this advice applies to any time of of year, not specifically Valentine’s Day.

According to Bitdefender researchers, Valentine related scams are growing and a 10% rise on a single day was recorded in January. Of course, singling out one day from a period can make a trend look more volatile, but even if the overall trend for the period is half this, it is still a worrying uplift. If you BYOD or the device you use to e-woo is ever connected to your employers network (with or without their permission, we know what you are like…) then this has the potential to cause a lot of trouble. 

Online scams are still alive and well as we mentioned earlier. Be wary of sites offering roses, designer jewelry and other wooing weapons at massively discounted prices. If it feels too good to be true, then it probably is. Apart from  your loved one of course…

Happy Valentines Day, Security Lovers

ID-10069384

images courtesy of freedigitalphotos.net