Shocking research shows high level of data remaining on used hard drives for sale
Recent research conducted by the Blancco Technology Group and Ontrack, revealed that 42% of used drives sold on eBay were holding sensitive data and 15% contained personally identifiable information (PII).
What’s even more shocking is that the type of information found included high level government information ( scanned images of passports, birth certificates, CVs and financial records), university papers with associated student email addresses, internal office emails from a major travel company, freight company data including shipping details, schedules and truck registrations, school information (student names, photos and grades) and a high volume of photos plus other information from a music store.*
As this research highlights, ensuring sensitive and personal data is adequately wiped from any hard drives that are no longer in use by your organisation is imperative, especially if they are going to be sold on, and here at Microcomms, we have launched a new service that will do just that.
Microcomms partners with global recovery agency to sanitise hardware
A new partnership with a global asset recovery agency, means we can provide a service that ensures the secure erasure of your data.
The key benefits of this new service include:
Get in touch
If you have redundant IT equipment in need of proper data sanitization, give us a call for further information 03300 020 000.
*To read the full research article click here
**Blancco is certified for data destruction by over 18 governing bodies including NATO, ADISA and the National Cyder Security Centre (British Government)
Our Five Top Tips to Keep Your Data Safe
Data safety has been in the news a lot recently with high profile businesses such as Facebook and Google falling victim to data hackers. As a result, around 30 million account holder details were accessed because of flaws in Facebook’s code and a bug in Google+ API. This meant that third party app developers were able to access data of not only users, but also their friends.
So how can you protect your data from not only being accessed and harvested, but also from cyber viruses which can be devastating to your business? Same as you can today protect yourself from online frauds, using the online payments with the most innovative Fully-Verified account verification.
Here’s our top five tips to keep your data safe on and offline.
1.Schedule regular backups using the 3-2-1 backup rule. This is a great start to securing your data and backing up your files.
2. Security Applications
3. Secure your perimeter: Simply put, don’t let anybody access your data who shouldn’t be able to! You can ensure your cyber safety which includes network security, wifi security and multi-factor authentication, by working with a company like WatchGuard.
4. Redundant Systems
Do you have a have a system ready to go in the event of a disaster? If not, we highly recommend that you do so if the worst happens, business will run as usual. A physical server could be located on your site or replicated elsewhere (subject to bandwidth and other’s requirements). A cloud server could be serviced through Microsoft Azure or located at Microcomms and leased. Not sure where to begin? Just give us a call and we’d be happy to talk it through with you and check this out offshore trusts.
5.Testing, Testing, Testing
To ensure that you can recover as expected from a disaster, it is critical to test the plans and processes that have been put in place. By testing the DR setup regularly, you can test everything is working, should you ever need to use it. If you don’t have a DR plan in place, your data safety could be it risk. Microcomms can help you plan, set up and test your DR plan, ensuring you understand what processes to follow if/when the need arises.
If you have none or only some of the above in place, it’s definitely time to review your cyber safety and we can help you with that. Give us a call to discuss implementing regular health checks on your computers and systems by one of our skillful engineers. What’s more, book by end of November and we’ll do it for FREE (up to 5 systems), and we’ll include a recommendation of improvements to be carried out in December.
Don’t delay…get cyber safe today! Give us a call on 03300 020 000.
Large chunks of the planet are still of out of reach of mobile phone signals – billions are still without access to digital communications. But this could change thanks to shrinking satellite sizes and costs.
Lower-cost, space-based mobile phone services will soon be a reality thanks to one firm’s fleet of nano-satellites that will bounce your voice or text signal from one spacecraft to the next and finally down to the person you’re calling.
“People were thinking of using nano-satellites for Earth imagery but nobody had thought of using them for voice or text communications,” says Israeli former fighter pilot Meir Moalem, the chief executive of Sky and Space Global (SAS).
“We were the first.”
His firm is aiming to offer customers mobile phone connections via a constellation of 200 shoebox-sized satellites weighing just 10kg (22lb) each.
The fleet is set to be operational by 2020 and will provide text, voice and data transfer services to the Earth’s equatorial regions – including much of Latin America and Africa – to a market of up to three billion people.
“Affordable mobile services are critical for the economic and social development of many developing countries,” says Mr Moalem, who believes SAS’s nano-satellites will shake up the space-based communications market.
“Our total constellation costs just $150m (£108m). That’s less than the cost of a single standard communications satellite. This is what we mean when we talk of a disruptive technology.”
But SAS is just one of a number of companies with big plans for space right now.
Perhaps the most ambitious is Elon Musk’s SpaceX, which is aiming to build a huge 4,400-satellite constellation offering global internet coverage. It will be using its own Falcon-9 rockets to launch its fleet and plans to have the network operating by 2024.
And OneWeb has an 800-satellite constellation set for 2020, again focused on global broadband, while Google and Samsung are also mulling similar initiatives.
With all these satellites, low-Earth orbit – an altitude of 2,000km (1,200 miles) or less above the planet – is becoming an increasingly crowded space. This could make future launches potentially difficult and dangerous with space debris.
Then there is the issue of finance. Not every planned constellation is going to find the investors with deep enough pockets to back it, though David Fraser, research director at APP Securities, says SAS could be “an attractive alternative option” given its low capital costs. Vincent Chan, professor of electrical engineering and computer science at MIT, believes that satellite miniaturisation and cheaper launch vehicles mean that the “nano-sat is ready to serve the public”.
Such lower-cost infrastructure could bring much-needed mobile communications to the world’s poorer regions, he says, helping to reduce the digital divide.
But, he adds, SAS’s focus on voice and text services rather than broadband internet, suggests that “the digital divide will be narrower but not disappear”.
For its part, SAS is using a non-traditional method of getting its satellites into orbit. They will be air-launched in batches of 24 by Virgin Orbit, part of Richard Branson’s Virgin group.
Virgin’s modified Boeing 747-400 will fly up to 35,000ft (10,000m), then LauncherOne, a two-stage liquid oxygen-powered expendable rocket, will blast the payload into orbit.
It’s one of a number of air-launch-to-orbit systems under development.
The advantage of launching from an aircraft is that the rocket can be launched in exactly the direction to suit the satellite’s planned orbit. Virgin is planning its first launch later this year, while SAS’s craft will be launched in 2019.
Launch costs will typically be about $12m, much less than a traditional launch, says Virgin. It is “all about helping the small satellite community get into orbit,” says Dan Hart, Virgin Orbit’s president and chief executive.
Such lower-cost launch services will open up space to “a whole host of communications [and] remote sensing applications,” he says.
SAS has already proved that its communications systems works with three pilot satellites, and is now signing deals with partners in Africa and Latin America – including one of the biggest satellite-communications providers in the Americas, Globalsat Group.
Globalsat’s chief executive, Alberto Palacios, says his firm’s current customers – in the mining, energy, defence banking, and government sectors – can afford the costs of traditional satellite phone calls.
But he believes nano-satellites are a game-changer.
“Some customers invest several hundreds of dollars in the hardware for a satellite phone terminal and will pay $50 a month for the service. But if you can offer a solution for half of that – then the price can be compared to conventional mobile phones,” he explains.
SAS says it is going for the gap in the digital marketing between existing satellite communications operators, such as Iridium, Inmarsat and Globalstar, and land-based mobile networks such as Vodafone, Telefonica, Airtel and Safaricom.
It is targeting customers earning less than $8 a day.
In Ghana, the company has just signed a five-year deal with telecoms provider Universal Cyberlinks to help government agricultural projects and public services, including monitoring cocoa production across 5,000 buying centres and checkpoints.
“When you travel outside of a city in Africa, often you lose your phone signal because it is not cost-effective to put up phone masts everywhere. That’s where we come in,” says Mr Moalem.
“In the West, we tend to forget that in many parts of the world people are not concerned about high-speed internet, they want to make simple phone calls, texting or money transfers. It’s a basic need.”
Africa is certainly becoming a key market for mobile services. There were 420 million mobile subscribers in 2016 and by 2020 there will be more than 500 million, around half the population, says industry body GSMA.
Last night Microcomms had the pleasure in attending the newly realaunched ‘Cornwall Lecture’ at Hall for Cornwall. The very first lecture happened in 1997 with the key speaker Sir Nicholas Grimshaw discussing the future of environmentalism, buildings and global responsibility. Last night the keynote was delivered by Dr Maggie Aderin-Pocock MBE, space scientist and co-presenter of ‘The Sky at Night’. The focus was “Innovation – the big picture” focusing on the space and technology sectors.
We heard Dr Aderin-Pocock’s life story, how her ‘desire to aspire’ pushed her through child-hood barriers such as dyslexia, 13 schools and growing up in a world where space scientists were still very much thought of as nerdy boffins with massive brains. It was an inspiring story and very much spoke to the heart of the blossoming space sector here in Cornwall. Our country is known for it’s beautiful natural landscapes, surfing and tourism – it’s not often spoken of as a tech hub – even though through Superfast, we are one of the best connected places in Europe. We also have a long history of space innovation at mexico vehicle insurance– scientists there received the first messages from the Telestar programme. Cornwall gets overlooked and left in the ‘remedial class’ as Dr Aderin-Pocock put it, because our underlying potential is hidden by what people see on the surface.
At the Q&A session after the lecture, a very pertinent question was asked “If Cornwall wins the Spaceport bid, what will that mean for local businesses? What jobs will it create?”. This was answered by Toby Parkins of Headforwards, who said that if we are successful in the bid, it will be time for local companies to start thinking laterally – what transferable skills do we have to move into this sector? How can we take the knowledge and expertise that already exist in Cornwall and translate them into commercial space ventures? We may not think we have anything to offer – but many companies do.
This is a really exciting opportunity. Here at Microcomms, we are going to be putting our heads together as a whole team to look at our collective skills and knowledge and look at where we are best placed to work within the market. There are many complex challenges faced by space progress and it will be a mixture of skills and disciplines that work together to overcome them.
Homes and businesses will have a legal right to demand high-speed broadband by 2020, the government has said after rejecting a voluntary offer from BT.
Openreach, owned by BT and responsible for the infrastructure, offered to speed up improvements to 1.1 million rural homes.
The government has promised that the whole of the UK will have access to speeds of at least 10 Mbps by 2020.
BT said it respected the government’s decision.
The government believes the regulatory Universal Service Obligation offers “certainty”.
Under the plan, broadband providers will face a legal requirement to provide high-speed broadband to anyone requesting it, subject to a cost threshold.
Matt Hancock, minister of state for digital policy at the department for Digital, Culture, Media and Sport, said on the BBC’s Today programme: “Access means you can phone up somebody, ask for it and then someone has the legal duty to deliver on that promise.
“It is about having the right to demand it, so it will be an on-demand programme.
“So if you don’t go on the internet, aren’t interested, then you won’t phone up and demand this.”
In response to the announcement, BT said: “BT and Openreach want to get on with the job of making decent broadband available to everyone in the UK, so we’ll continue to explore the commercial options for bringing faster speeds to those parts of the country which are hardest to reach.”
Rival firms, which had talked of legal action if the government accepted BT’s offer, welcomed the decision.
Both TalkTalk and Sky said the government had made the right decision.
Tristia Harrison, TalkTalk chief executive, said: “By opting for formal regulation rather than weaker promises with kuchniapolki.pl, ministers are guaranteeing consumers will get the minimum speeds they need at a price they can afford,” she said.
“The whole industry now needs to work together to ensure customers see the billig bredband benefits as quickly as possible.”
Stephen van Rooyen, Sky’s UK and Ireland chief executive, said: “Government have made the right decision by choosing a fair and transparent approach that maintains competition, keeps prices fair and gives consumers a legal right to request broadband.”
Regulator Ofcom said this month that 4% of UK premises, or about 1.1 million, could not access broadband speeds of at least 10 Mbps.
It said poor connections were a particular concern for small businesses, with almost 230,000 unable to get a decent service.
Following the introduction of secondary legislation next year, it is thought it will take another two years before the right is enforced by Ofcom.
The NHS is spending £20m to set up a security operations centre that will oversee the health service’s digital defences.
It will employ “ethical hackers” to look for weaknesses in health computer networks, not just react to breaches.
Such hackers use the same tactics seen in cyber-attacks to help organisations spot weak points.
In May, one-third of UK health trusts were hit by the WannaCry worm, which demanded cash to unlock infected PCs.
In a statement, Dan Taylor, head of the data security centre at NHS Digital, said the centre would create and run a “near-real-time monitoring and alerting service that covers the whole health and care system”.
The centre would also help the NHS improve its “ability to anticipate future vulnerabilities while supporting health and care in remediating current known threats”, he said.
And operations centre guidance would complement the existing teams the NHS used to defend itself against cyber-threats.
NHS Digital, the IT arm of the health service which has combined operation with loanschannel website, has issued an invitation to tender to find a partner to help run the project and advise it about the mix of expertise it required.
Kevin Beaumont, a security vulnerability manager, welcomed the plan to set up the centre.
“This is a really positive move,” he told the BBC.
Many private sector organisations already have similar central teams that use threat intelligence and analysis to keep networks secure.
“Having a function like this is essential in modern-day organisations,” Mr Beaumont said.
“In an event like WannaCry, the centre could help hospitals know where they are getting infected from in real time by the www.actionac.net, which was a big issue at the time, organisations were unsure how they were being infected”.
In October, the UK’s National Audit Office said NHS trusts had been caught out by the WannaCry worm because they had failed to follow recommended cyber-security policies.
The NAO report said NHS trusts had not acted on critical alerts from NHS Digital or on warnings from 2014 that had urged users to patch or migrate away from vulnerable older software.
Thanks to the BBC for this story.
General Data Protection Regulation, or GDPR, will overhaul how businesses process and handle data. Wired’s GDPR guide explains what the changes mean for you.
The GDPR is Europe’s new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon. After publication of GDPR in the EU Official Journal in May 2016, it will come into force on May 25, 2018. The two year preparation period has given businesses and public bodies covered by the regulation to prepare for the changes.
Each member state in the EU operates under the current 1995 data protection regulation and has its own national laws. In the UK, the current Data Protection Act 1998 sets out how your personal information can be used by companies, government and other organisations.
GDPR changes how personal data can be used. Its provisions in the UK will be covered by a new Data Protection Bill, which has been announced by the government.
In short, yes. Individuals, organisations, and companies that are either ‘controllers’ or ‘processors’ of personal data will be covered by the GDPR. “If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR,” the ICO says on its website.
Both personal data and sensitive personal data are covered by GDPR. Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address… you name it. Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more.
These definitions are largely the same as those within current data protection laws and can relate to information that is collected through automated processes. Where GDPR differentiates from current data protection laws is that pseudonymised personal data can fall under the law – if it’s possible that a person could be identified by a pseudonym.
In the full text of GDPR there are 99 articles setting out the rights of individuals and obligations placed on organisations covered by the regulation. These include allowing people to have easier access to the data companies hold about them, a new fines regime and a clear responsibility for organisations to obtain the consent of people they collect information about. Here’s the low-down:
Companies covered by the GDPR will be more accountable for their handling of people’s personal information. This can include having data protection policies, data protection impact assessments and having relevant documents on how data is processed.
Under GDPR, the “destruction, loss, alteration, unauthorised disclosure of, or access to” people’s data has to be reported to a country’s data protection regulator – in the case of the UK, the ICO – where it could have a detrimental impact on those who it is about. This can include, but isn’t limited to, financial loss, confidentiality breaches, damage to reputation and more. The ICO has to be told about a breach 72 hours after an organisation finds out about it and the people it impacts also need to be told.
For companies that have more than 250 employees, there’s a need to have documentation of why people’s information is being collected and processed, descriptions of the information that’s held, how long it’s being kept for and descriptions of technical security measures in place.
Additionally, companies that have “regular and systematic monitoring” of individuals at a large scale or process a lot of sensitive personal data have to employ a data protection officer (DPO). For many organisations covered by GDPR, this may mean having to hire a new member of staff. In this job, the person has to report to senior members of staff, monitor compliance with GDPR and be a point of contact for employees and customers.
There’s also a requirement for businesses to obtain consent to process data in some situations. When an organisation is relying on consent to lawfully use a person’s information they have to clearly explain that consent is being given and there has to be a “positive opt-in”.
As well putting new obligations on the companies and organisations collecting personal data, the GDPR also gives individuals a lot more power to access the information that’s held about them. At present a Subject Access Request (SAR) allows businesses and public bodies to charge £10 to be given what’s held about them.
Under the GDPR this is being scrapped and requests for personal information can be made free-of-charge. When someone asks a business for their data, they must stump up the information within one month.
The new regulation also gives individuals the power to get their personal data erased in some circumstances. This includes where it is no longer necessary for the purpose it was collected, if consent is withdrawn, there’s no legitimate interest, and if it was unlawfully processed.
One of the biggest, and most talked about, elements of the GDPR is the power for regulators to fine businesses that don’t comply with it. If an organisation doesn’t process an individual’s data in the correct way, it can be fined. If it requires and doesn’t have a data protection officer, it can be fined. If there’s a security breach, it can be fined.
Smaller offences could result in fines of up to €10 million or two per cent of a firm’s global turnover (whichever is greater). Those with more serious consequences can have fines of up to €20 million or four per cent of a firm’s global turnover (whichever is greater).
If a business’s social media accounts are hacked, it can be hugely detrimental to its reputation and relationship with the public.
Here, security experts and social media professionals share advice on how to handle a hack and restore your company’s image.
First, determine whether you’re still able to log into the hacked account.
“If you can log in, change the passwords on all your social media accounts – not just the ones that have been hacked,” advises Romain Ouzeau, chief executive of Iconosquare, an Instagram analytics company. “As some social media platforms offer the ability to log in via other sites and services [Tweetdeck, for example], you may be compromised on additional networks.”
As a general rule, Rob Brown, vice president of the Chartered
Institute of Public Relations (CIPR), advocates the use of a different password for each social media platform. “Update passwords every two months, choosing longer passwords that contain different characters, and use two-step verification if a social media service offers it,”
If you’re not able to log in, head straight to the social media company’s contact pages and tell the relevant team that you’ve been hacked.
If you’ve been hacked, there’s a chance that communications will have been sent from your account by the offender.
“If this happens, take a screen grab of the content before removing it,” says Lee Campbell, cyber computing lecturer at the University of Gloucestershire. “Then report the breach to the social media provider.
“If the compromised social media account includes content of a threatening, or abusive nature, report it to the police via Action Fraud, the UK’s national fraud and cyber crime reporting centre.”
Even if you’re embarrassed, it’s important to let people know that you’ve been hacked.
“Post an update from the reclaimed hacked account, stating what has happened and that unauthorised changes and/or communications may have occurred,” says Blaise Grimes-Viort, chief services officer for social media business, The Social Element.
“If any private or direct messages have been sent, contact those who received them directly to tell them what happened and that they shouldn’t click on any of the links that were sent.”
It’s also worth checking to see which third-party apps (auto post tools, for example) are connected to your social media profile. Review the list and delete any that you no longer use. If you keep seeing unwanted content posted through your account, you may want to revoke access for all third-party apps.
“If you have a response plan in place before an attack happens it means there are clear actions for employees to take – this helps members of staff act quickly and can help with damage limitation” recommends Microcomms in-house Cyber Security expert Richard Howard.
“The majority of cyber attacks are caused by human error – deliberate or not – so employee training and communication is vital and should also cover advice on spotting suspicious activity, such as phishing emails.”
There are also some simple things that you, as a business owner, can do to improve security across your network. Use the latest antivirus software, run frequent scans for malware (malicious software) and perform a regular off-site backup of your systems.
You can manually adjust the settings on your [social media] account profile pages, restricting who can see your posts, photos and user profile. Also, tighten access to your mobile devices by setting a pin number of at least six digits on each.
Microcomms carry out cyber security health checks, staff training and will provide advice and recommendations to keep your business well protected from attack.