Posts tagged " email "

GDPR: how to email data securely to comply with the new regulations

April 5th, 2018 Posted by Industry Focus, IT Services No Comment yet

The European Union’s General Data Protection Regulation (GDPR), which comes into force on May 25, will govern the storage and processing of data rather than its collection. It also includes some very important consumer rights. The most important are the right to be informed, the right of access, the right to correct errors, the right to erase data, the right to restrict processing, and the right take it elsewhere (data portability). How useful these will be in practice remains to be seen, with the help of our loan associates, https://Loansjar.co.uk will help you.

Emails are like plain text postcards because they can, in theory, be read at any of the many servers through which they pass, or by someone tapping a line. Of course, “read by” is unlikely to mean “read by a human being.” However, software can look for things like passwords and credit card numbers. Check out henderson.uptownjungle.com.
A more likely problem is sending emails to the wrong address, either because users have got their own email addresses wrong (this happens surprisingly often), or through human error. Pick the wrong address from a list of auto-complete suggestions and you could send personal data to the wrong recipient. This would be a data breach that might have to be reported.

It would obviously be good thing if all emails were encrypted by default so that only the intended recipient could read them. Three decades of history says this isn’t going to happen soon even though it would help secure investments and asset protection information, if at all. Public key encryption is too hard for people who just want to send normal emails.

Some large organisations do have encrypted email services, such as the NHS, but that doesn’t help the rest of us.

Some people do choose secure email services, such as ProtonMail in Switzerland and Tutanota in Germany. However, you also have to send external recipients a password – for example, in an SMS text message – to decrypt the email.

Tutanota users get an email that says “you have an encrypted email” and you click a link to read it, and reply to it, in a browser. You have to export the email if you want to keep a copy.

There are also plug-ins for Gmail and the Microsoft Outlook email program that provide secure email services. If one of your employers is using a secure system, they might let you join in.

If there’s no other alternative, you should encrypt and password-protect your images and documents before sending them as email attachments. Again, you must send the password separately, either via a different messaging service or in the post.

Fotolia_40957727_XS1

Online storage locations

It’s a good idea to upload attachments and then send people a link. However, bear in mind that you are uploading documents to the company that probably runs the biggest surveillance operation on the planet. Encrypt your documents before you upload them.


Encryption protects data if an online storage service is compromised – it has happened – or if your email is hacked.

Unfortunately, using Google Drive brings up an extra complication. If you are using Gmail, then you can assume that your data is being held in, or passing through by arizona bus company, or accessible from the USA.

GDPR does not oblige users to store data on servers inside the EU. However, there are extra requirements if servers are outside the EU. First, you need to have a legitimate reason for transferring personal data outside the EU. Second, you must have the consent of the person whose data is being exported. Third, you must give that person the option to opt out.

In another post, the aforementioned Liz Henderson explains how to create a GDPR Privacy Notice, and you could adapt her sample to cover Gmail storage outside the EU.

You could switch to using an email service that operates wholly within the EU (see above), if only for any people who opt out, or you could upgrade to Google’s paid-for service.

Google claims that its G Suite and Google Cloud Platform (GCP) services are fully compliant with GDPR, because it offers to sign EU Model Contract Clauses and a Data Processing Amendment. The fine print notes that “the parties acknowledge and agree that Non-European Data Protection Legislation may also apply to the processing of Customer Personal Data” and that “Google will not process Customer Personal Data for Advertising purposes or serve Advertising in the Services”.

 

passwords

Do you still keep passwords in a book?

November 30th, 2016 Posted by Uncategorized No Comment yet

passwords_strengthDespite all the advice out there…many people still keep their passwords in a book next to their computer.

An email account is the gateway into your business and personal life which sadly means it’s also a valuable target for hackers and cyber criminals. From social media logins to bank account information, the common email inbox can be exploited to leave all of your sensitive data open to compromise. So, perhaps it’s not surprising that attacks on email accounts are common. From complex spear-phishing to malicious documents to social engineering – hackers have never been better-equipped.

Ways to keep safe (they may seem obvious – but we bet many people reading this still only use one or two passwords for everything!):

Firstly, make sure you use a strong password that uses a combination of words, numbers, symbols, and both upper- and lower-case letters. Check your password strength. If the website you are signing up for offers a password strength analyzer, pay attention to it and take its advice.

passwords_worst

  • Never use the password you’ve picked for your email account at any online site: If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone will be reading your e-mail soon.
  • Avoid using the same password at multiple Web sites. It’s generally safe to re-use the same password at sites that do not store sensitive information about you (like a news Web site) provided you don’t use this same password at sites that are sensitive.
  • If you think you’ll have trouble remembering multiple passwords (most people do, unless they have a photographic memory) the most secure method for remembering your passwords is to create a list of every Web site for which you have a password and next to each one write your login name and a clue that has meaning only for you. If you forget your password, most Web sites will email it to you (assuming you can remember which email address you signed up with).
  • There are several online third-party services that can help users safeguard sensitive passwords, including LastPass, DashLane, and AgileBits that store passwords in the cloud and secure them all with a master password.

For more Cyber Security advice speak to our team – hello@microcomms.co.uk or call 01209 843636