Passwords

Passwords

PASSWORDS

They are a requirement of modern life on the internet. But what makes for a good password? how can you have a different password for each site? and what is 2FA?

We’ve cobbled together the best tips and tricks for managing your passwords and keeping your accounts safe.

Jump to: Good Passwords V Bad Passwords, Worst Password List, Check Password Strength, Reusing Passwords, Pwned Email, Don’t Remember Passwords, 2FA, USB Security Keys

Read more

Making Tax Digital

HMRC Making Tax Digital

In October 2018 HMRC made the first step in their changes to the UK tax system, opening pilot schemes for voluntary use of the new Making Tax Digital platform. From April 2019 companies that have a turnover above the VAT registration threshold will need to keep VAT records on approved digital systems, and file their VAT returns via that software. Read more

ICO fines Facebook £500,000 for breaches of data protection law

ICO

The ICO have issued a fine of £500,000 to Facebook in light of serious breaches of data protection law. This was the maximum fine that could be issued under the Data Protection Act that was in place at the time of the breaches, under GDPR the fines could have been considerably higher.

Facebook have been found to have processed the personal information of users unfairly, notably allowing developers access to personal information without sufficiently clear and informed consent. Access was even granted to users information who had not downloaded the app, but were friends of users who had.

Additionally, Facebook failed to make suitable checks on the apps and developers using their system. One developer was able to harvest the personal information of up to 87 million users worldwide, without their knowledge.

After the Cambridge Analytica story broke and the breach of data protection was identified, Facebook failed to manage the breached data, waiting almost 3 years before suspending some developers access to the system.

Links

Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data. A company of its size and expertise should have known better and it should have done better.

Elizabeth Denham
Information Commissioner
GDPR General Data Protection Regulation

General Data Protection Regulations

Data Protection Act 2018

The GDPR UK implementation and the UK Data Protection Act 2018 govern how organisations can process personally identifying information.

If your organisation needs to process personal information, it needs to be registered on the ICO database, and have a Data Protection Policy in place detailing the use of personal information.

Personal Information is any information that can identify an individual, such as employee names, customer id’s or CCTV footage.

If you need help assessing your GDPR compliance, contact us immediately for a GDPR review.

GDPR General Data Protection Regulation Logo

British Airways Data Breach

Security Feature

British Airways have said that about 380,000 card payments made on its website and mobile app between 10.58pm on 21st August and 9.45 on 5th September have been compromised.

Data Types

Personal and financial information of customers during that period were compromised, British Airways say that no travel details or passport information was taken.

What Happened?

The information from BA states that “This was a very sophisticated effort by criminal gangs” to obtain the information, they say that the encryption used by the airline was not compromised.

BA have notified the ICO and the NCA about the incident and are working with them to assess the best course of action.

From the information given, it appears likely that the information was stolen from it’s website processing mechanism, maybe a rogue snippet of code was added, possibly by a third party app, that allowed the information to be scraped off the page or app before being sent for processing.

What Should I Do?

British Airways have said they are in the process of contacting affected customers and have advised they contact their banks or card providers and follow their advice. They have said they will compensate any customers who have a financial loss as a result of the breach.

If you have used British Airways during the 15 day window, you should contact your bank or card issuer as a precaution and monitor your transactions for any suspicious activity.

BA have said that their systems are working normally and the breach should not have any impact on existing flight arrangements. If the ICO find that BA have been negligent of their data security, under the new GDPR laws they could face fines of up to £500 million.

Piggy-Back Scams

It’s likely that fraudsters will try to capitalise on this breach by sending out fake emails, texts, phone calls or messages via social media. As always they will be out to scam you, and you’re unlikely to be compensated if you fall for one of these piggy-back scams.

Always follow some simple precautions, if you receive emails or any other contact claiming to be from British Airways or your bank, check the authenticity of the sender and any information in it. Call a known trusted number for the sender to check the email is genuine before acting on it.

Encrypting Email & Attachments

Encrypted Email

There’s a growing awareness of the importance of keeping your information secure and many people are now looking at ways to protect their internet communications. With Google upping the standards on secure HTTP connections and the GDPR re-emphasising the importance of protecting information both in your care and during transport, attention has been turned to the insecure, ubiquitous, e-mail.

[bg_collapse view=”button-orange” color=”#4a4949″ icon=”arrow” expand_text=”Show Index” collapse_text=”Hide Index” ]History Of Email | Problems With Encryption | Entire Email Encryption | S/MIME | OpenPGP | Email Signing | Attachment/File Encryption | SEEOTI | STARTTLS | Secure Email | Bitmessage | End To End | [/bg_collapse]

Read more

Make sure you’ve had the right GDPR advice

GDPR General Data Protection Regulation

The GDPR regulations have been in force for one month now and it’s great to see so many organisations large and small taking on board the message that individuals personal information is a privilege to process and not a right. But for every exceptional measure we’re also seen some poorly put together privacy policies that fail to pass GDPR standards, either using inappropriate lawful bases, not declaring the use of their party processors, not notifying individuals of personal information obtained not directly from them, or just outright misuse of personal information. Read more