Windows XP users face impending cyber threat
The ICO has warned businesses about the risks created by Microsoft’s withdrawal of Windows XP on 8 April 2014. The ICO has reminded users that security updates will no longer be released to fix any security flaws found on the system putting company systems and personal data stored on them at risk. This could become a serious problem for many UK companies given UK software firm AppSense’s indication that around 77% of UK organisations are running XP somewhere in their IT estate. Organisations should already be in the processes of migrating to supported operated systems or at least taking steps to mitigate the live risks which are only set to increase as vulnerabilities are discovered.
New cyber security guidelines released
The department for business, innovation & skills (BIS) has published new guidance for businesses on how to mitigate against the risk of cyber attacks. The cyber essentials scheme identifies the security controls that organisations must have in place within their IT systems to mitigate the risk from internet-based threats. Alongside the ‘cyber essentials’ guidelines is a proposed new “assurance framework” which will allow businesses that meet specified basic standards of cyber security to obtain an independent certification of compliance with those standards under the new scheme. The new guidance follows previous steps the government has advised businesses to take to reduce their vulnerability to cyber attacks.
EU Privacy laws set to change
The European Court of Justice has decided that EU law forcing mobile operators and internet service providers to store customer data for up to two years is illegal. The decision forces a change to European privacy laws as the court held that current data retention requirements interfered with the fundamental right to a private life in a “particularly serious manner”. The commission will now have to amend or remove the legislation, which could take several years and will require parliament and national government approval.
French companies at risk of cyber attack
Changes being made to employment laws in France will require any business with more than 50 employees to create an accessible database for worker representatives containing information such as details of business assets, employee salaries and forecasts outlining company strategy. The change increases the risks faced by companies in protecting confidential business information from cyber attack as this will mark the first time that such a comprehensive central database of confidential information will exist and be made widely available. Companies will need to ensure databases are sufficiently protected to prevent stalking cyber thieves from stealing financially sensitive information.
China to work with EU on cybersecurity
The Chinese central government has announced that it plans to work closely with the EU on cybersecurity. The new direction was contained in a recently published policy paper mapping out China’s priorities for its relationship with the EU for the next 5 to 10 years. China have promised to strengthen dialogue with Brussels on cybersecurity and to improve cooperation in fighting internet crime and responses to cybersecurity threats. China has not issued specific policy papers for its other key trading partners such as the US and Russia, highlighting the importance placed on the developing relationship aiming to combat cyber threat.
Huge flaw in web security discovered
This week a flaw dubbed the “heartbleed bug” has been found in an encryption method used on more than 60% of all websites, including Google, Amazon, Yahoo and Dropbox. The bug has potentially exposed web traffic, user data and stored content to cyber criminals however so far there is no evidence that hackers have exploited the flaw. Whilst Google and Yahoo have made use of an update released to repair the flaw, websites cannot necessarily see if a hacker has already used the vulnerability to access their systems and concerns remain over whether keys guarding secret codes have been accessed. Security specialists are working to find the hackers who still remain unknown.
Google consolidate logins and privacy policies
Users of Gmail on iOS 7 (the latest iphone operating system) will now be automatically logged in to all of Google’s other online services such as YouTube and Google+ by default. Previously, the various iOS apps by Google all had separate logins and privacy policies but these have now been consolidated into a single policy. Google provided a customer service upgrade couching the updated privacy rules, hidden away on their Gmail blog. This comes further to recent news that Google has paid a EUR 1 million (GBP 830,000) fine imposed by Italy’s data protection watchdog over complaints that its Street View cars were not clearly recognisable.