As we draw nearer to the end of the year and we enter the last stretch to the GDPR compliance deadline, the UK has recently announced its own bill on data protection has entered Parliament for assessment. With two data protection regulations on the table though, which one are UK companies supposed to follow? Can they escape the scourge of the GDPR or will more requirements be added to their already full plate? Let’s take a closer look!
What is the UK Data Protection Bill?The first draft of the UK Data Protection Bill was made public on 14 September 2017, after it passed its second reading in the House of Lords. Its aim is to modernize data protection laws in the UK for the 21st century, give people more control over their data, and provide them with new rights to move or delete personal data. It will be replacing the now outdated Data Protection Act 1998.
Its stipulations align themselves to the EU’s…
Read more
How many of us have not at one time or another misplaced a USB drive? Or maybe forgotten it plugged into a computer after a presentation? It is after all just a small device and in the continued rush of our everyday lives, it is easy to overlook such details. What happens however when it’s a company USB thumb drive? And what if it just happens to have the security details of one of the world’s biggest airport hubs on it? That is how the nightmares of the 21st century begin.
A USB drive containing highly sensitive data pertaining to London’s International Heathrow Airport, was recently found plugged into a public library computer. The data on it, amounting to 2.5 GB of information, included maps with the location of every CCTV camera in the airport, routes and security protection measures for the Queen, Cabinet ministers and visiting foreign dignitaries. The files were all unencrypted. …
Read more
Apple officially launched macOS 10.13 dubbed High Sierra for public use on 25 September 2017. First announced at the Apple Worldwide Developers Conference(WWDC) 2017 keynote event in San Jose in June, the new version of the Mac and MacBook operating system, brought some significant under the hood changes as well as some improvements for both commercial and enterprise users. Along with refinements to apps such as Safari, Photos and Mail, High Sierra also received a serious security boost through the new 64-bit default Apple File System(APFS) that supports native encryption as well as new features that allow for the development of virtual reality(VR) and augmented reality(AR) content.
With High Sierra, Apple has shown it’s committed to bridging the gap between Macs and PCs and making their computers as common in the workplace as their Windows running counterparts. The proliferation…
Read more
With the EU General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, the clock is ticking for companies to implement its requirements and to ensure compliance is reached before the looming deadline. Designed to replace the Data Protection Directive 95/46/EC, the GDPR aims to standardize data privacy laws across Europe, to protect EU citizens’ data privacy and give them power over what happens to their data.
The GDPR puts the ball firmly in EU citizens’ court, creating a new set of priorities for companies with personal data privacy at its apex, essentially reshaping the way organizations approach data privacy and security. But what does that mean exactly, in practical terms? While the regulation is couched in many cases in general terms, there are a few requirements that are explicitly stated within it. Here are the most important five:
1. Data Protection…Read more
Nowadays, you will be hard-pressed to find a company that does not understand the importance of digital security. With departments ranging from distribution and logistics to marketing, engineering and design all relying on digital tools to gather information and perform their tasks, data has never been produced in such large quantities and at such speed. Such amounts of information coupled with ubiquitous internet is a match made in hacker heaven and with new breaches made public every day, security has moved up on businesses’ priority list, becoming a top concern.
However, a traditional security strategy, usually aimed at in-house IT infrastructure that includes firewalls, antivirus software and access control, is no longer a guarantee against breaches. Technology has given the work environment a degree of never before seen dynamism and flexibility. This inevitably means…
Read more
With the rise of BYOD and Mac-friendly business environments, the use of Macs in the work place is growing. As a Unix-based operating system, macOS is generally considered to be a more secure alternative to Windows that, as the predominant OS in enterprises, is the favorite target of hackers everywhere.
While it’s certainly true that Macs face fewer attacks than their Windows-running counterparts, the myth of its unbreakable OS makes companies less worried about their protection and in consequence, they invest less or no money at all into it. This, in turn makes Macs attractive marks for cybercriminals. After all, popular infiltration methods such as phishing, do not rely so much on breaking into an OS through vulnerabilities as on the ignorance of users. Without the proper security tools in place, these attacks can go undetected, potentially causing long term damage to companies’…
Read more
October has become one the busiest months for the Endpoint Protector team, as they pack up and head to some of the world’s biggest information technology events. This year, they will be heading for the first time to the Jamf Nation User Conference in the US and returning to it-sa in Germany and GITEX in Dubai.
Come find us at our booths and learn the details of Endpoint Protector’s latest product updates, join the live demos and Q&A sessions or talk to us one-on-one. Our Data Loss Prevention experts will be on hand to answer your most burning questions about DLP, MDM, USB encryption, Device Control and data at rest scanning and help you get on your way to securing your data against theft and leakage.
You can find more details about the events below!
1. GITEX Technology Week, 8-12 October 2017, Dubai World Trade CenterEndpoint Protector will be at GITEX for the 3rd time this year, together…
Read more
The NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, published June 2015 (updated January 2016), focuses on information shared by federal agencies with non-federal entities. With its implementation deadline, 31 December 2017, looming, governmental contractors and sub-contractors are running out of time to update their policies and reach compliance.
What is NIST 800-171 and who does it apply to?
Issued by the National Institute of Standards and Technology(NIST), the publication works as a guide for federal agencies to guarantee that Controlled Unclassified Information(CUI) is protected when processed, stored and used in non-federal information systems. This sort of data is often shared by the federal government with institutions and organizations that carry out the work of federal…
Read more
The enforcement of the EU General Data Protection Regulation (GDPR) is less than ten months away and companies across the EU and international businesses with European customers are already taking steps to achieve compliance. While some are still bewildered by its legal jargon, many tech companies and news outlets have come to the rescue providing extensive guides and infographics to help businesses understand what GDPR is, what its requirements mean for everyday company operations and how they can get started on the road to compliance. We, at Endpoint Protector, have also put together a handy guide and an informational video about GDPR compliance.
In short, the GDPR is the most notable change in data privacy regulation in Europe in the last 20 years and its purpose is to protect EU citizens’ private data, solidifying their right to demand that data controllers and processors delete,…
Read more
In its 2016 top 10 security predictions, Gartner warned that by 2020 shadow IT is likely to account for a third of successful attacks experienced by enterprises. A relatively new concept that has arisen in recent years as a consequence of mounting pressure on IT departments to deliver as well as outdated company policies, shadow IT has become an uneasy element most companies either knowingly tolerate or are unaware of.
What is Shadow IT?
Shadow IT refers to applications and digital solutions not expressly sanctioned by management, but widely used in certain departments or the entire company to minimize workloads, often for the sake of convenience or as communication and collaboration tools. Slack, Evernote, Google Docs, for example, can be in many cases considered shadow IT.
There are multiple factors that have led to the rise of shadow IT. One has been the introduction of BYOD and the…
Read more