VSEC Blog: IT Security Channel News brought to you by Infinigate UK

With less than 100 days to go until the enforcement of the GDPR (General Data Protection Regulation) and the relevance of this blog post on a short time span, a certain level of panic may begin to consume those who have only just started to take this subject seriously.

So, you've been told that you need to destroy your prized contacts database unless you can prove that you have consent to process the personal data of those that you store. Maybe you can send out communication asking those contacts to re-consent... but how many would? And what about the problems which Honda incurred by doing this?

I am certain that there is likely to be nobody reading this blog who has never been to a trade fair or industry event. Huge gatherings of like-minded individuals, peers or even just the curious jostle past one another, between extravagant stands paid for vendors promoting their wares.

With May 2018 within touching distance, you may think it will soon be all over. The GDPR (General Data Protection Regulation) is taking its toll and fatigue around the topic has undoubtedly begun to set in. Yet, it is only just the beginning, as one door closes another door opens, to make way for the European Union’s ePrivacy regulation.

The GDPR (General Data Protection Regulation) is a complex beast, of which there seems to be an endless supply of regurgitated information online, in print and at various events. What is lacking however is practical information on how to handle its requirements operationally.

At the recent Consumer Electronics Show (CES) the Wi-Fi alliance announced WPA3; a new security certification which promises to address the weaknesses of WPA2 and adds a range of much needed enhancements to wireless security.

The industrial revolution of the 18th century was famously invoked by a step up in technology. Industries which had traditionally relied on work by hand started to embrace a new future of machine use to dramatically enhance output levels, efficiency and financial return.

Uber, the world's most famous disruptor of the taxi industry has never been short of controversy. Whether it be accusations of poor employment practices, sexual harassment at HQ or their never ending legal duels with various city councils, the workload for Uber’s public relations department is certainly colourful to say the least.

'The devil is in the detail' is a phrase which comes to mind when speaking about the GDPR (General Data Protection Regulation). The obvious topics surrounding the application of the regulation's articles have been extensively discussed, leaving behind those tricky and often overlooked details.

Wherever there exists a conversation about the GDPR (General Data Protection Regulation), you can guarantee a handful of infamous topics are covered. The scaremonger worthy administrative penalties, the notion of consent being the lawfulness to rule all others and the Lord Lucan of rights, the right to forgotten.

As the Internet continues to be an important part of our lives, it also becomes a more dangerous avenue for cybercrime. The risk increases as the massive online community’s use of the Internet becomes more rampant. And despite the public being aware of cybersecurity issues, anonymous online criminals are able find more victims and creative ways to commit Internet fraud with the use of Internet services or software programs with web access.

Much like the fable of the Emperor's New Clothes, there is much talk of the GDPR but little with any real substance. You have no doubt been told of the potential fines and heard of the right to be forgotten but how does the GDPR actually affect the IT security channel operationally? Rather than walking into 2018 wearing nothing, like the ill-fated Emperor in the tale. We interviewed Infinigate UK Sales Manager, Mike Tye, for his opinion on the operational challenges which he expects value-added resellers to witness as a result of the GDPR.

In the pursuit of writing about the practical application of the GDPR (General Data Protection Regulation) rather than reciting the contents of the freely available regulation document, I am writing this blog to answer a commonly asked question regarding the purchasing of marketing contact lists post May 2018.

If you haven’t heard of the GDPR (General Data Protection Regulation), quite frankly I am in envy of you. Never has there been an IT security topic so heavily covered by those who wish to show they are literate and can re-write what they have read. Astronomical fines, forbidden non-consensual communication and mighty data subjects wielding new found rights have all been covered repeatedly and tirelessly.

As far as titles go, this one will likely prove divisive. On one hand, there are a plethora of IT security solution and service providers who are keen and hungry for the opportunity to work with customers on their preparations for the GDPR. On the other, doubt is sowed by those who question the ability of anyone who claims to know anything about the GDPR, simply because there is nobody with experience in application of a regulation which yet to come into force.

Biometrics are definitely better than passwords when it comes to security, but they aren't fool-proof. Here are the three main reasons biometrics aren't secure.

Email is unwaveringly consistent in upholding the theory of equal opposites. On one hand, it has enabled businesses to flourish in the electronic age with cheap and easy communication thus making it the default method of message exchange, however on the other, that direct-to-user route has meant that it remains the number one infection vector of choice for malware and phishing attacks since the 90's.

Without much hesitation, I am certain that my experience of the past eighteen months has been similar to others. Attending and consuming countless GDPR focused conferences, webinars, panel discussions, blog posts and webinars in an effort to strengthen my own grasp of the topic and to trade suggestions on real-life application with peers. There is much to gain from such occasions.

Otherwise known as the measuring stick by which your some of your GDPR compliance will be assessed, the six core principles of the GDPR are the basic foundations upon which the regulation was constructed. Unquestionable and pure in nature, they are somewhat rarely acknowledged for one simple reason; five of the six have no real application in helping to peddling products and solutions.

It's almost six months until the implementation date of the European GDPR (General Data Protection Regulation) and the UK begins its journey toward the club's exit door. The release of the DPB (Data Protection Bill 2017) has confirmed the UK's position on how it plans to remain tied, yet distinct from its European neighbours.

The IT security industry, having grown each year since the dot-com bubble, is famously known as being a recession-proof investment. As more of our lives and our businesses grow to rely on the benefits of IT and the internet, so does the need to protect that reliance from any event which threatens it.

2017 may be remembered as the year of the botched cyber heist, when mass infections of ransomware variants embarrassed some of the world's largest and most famous organisations but earned their creators little more than notoriety. With mystery surrounding identity and motive, we may never get to the bottom of the full story but we may be able to draw some conclusions by following the money.

If the GDPR were a sea, it would be vast, confusing and in some places its shallow rocky geography would threaten metaphorical ships with disaster. Guidance for any would-be captain is plentiful; just searching for the term ‘GDPR’ in Google yields hundreds of thousands of results. From the basics of learning your portside and starboard to the more practical of how to protect your vessel from the supervisory authority’s arsenal, much is covered. That is with the exception of working with third-parties and most importantly, cross-border processing, something which is a normal aspect of business today, irrespective of size. This darker corner of the regulatory map is less often explored and must begin with identifying who is wearing the hat of the data controller and the data processor.

If there was a person in the world who didn’t know what ransomware was, they probably do now. On Friday the 12^th of May 2017, what was initially dismissed as an issue on NHS (National Health Service) England’s IT system quickly developed into a global incident involving computers, laptops and servers in 150 (and still counting) countries.

There is not much which sits higher in the priority list of information security professionals today than the GDPR (General Data Protection Regulation). Record high penalties versus sweeping changes in the practice of collecting and processing personal data have led some information security teams to focus on nothing else in the coming 12 months.