Windows XP users face impending cyber threat

The ICO has warned businesses about the risks created by Microsoft’s withdrawal of Windows XP on 8 April 2014. The ICO  has reminded users that security updates will no longer be released to fix any security flaws found on the system putting  company systems and personal data stored on them at risk. This could become a serious problem for many UK companies  given UK software firm AppSense’s indication that around 77% of UK organisations are running XP somewhere in their IT estate.  Organisations should already be in the processes of migrating to supported operated systems or at least taking steps to mitigate  the live risks which are only set to increase as vulnerabilities are discovered. 

New cyber security guidelines released

The department for business, innovation & skills (BIS) has published new guidance for businesses on how to mitigate against  the risk of cyber attacks. The cyber essentials scheme identifies the security controls that organisations must have in place  within their IT systems to mitigate the risk from internet-based threats. Alongside the ‘cyber essentials’ guidelines is a proposed  new “assurance framework” which will allow businesses that meet specified basic standards of cyber security to obtain an  independent certification of compliance with those standards under the new scheme. The new guidance follows previous steps  the government has advised businesses to take to reduce their vulnerability to cyber attacks. 

EU Privacy laws set to change

The European Court of Justice has decided that EU law forcing mobile operators and internet service providers to store customer  data for up to two years is illegal. The decision forces a change to European privacy laws as the court held that current data  retention requirements interfered with the fundamental right to a private life in a “particularly serious manner”. The commission  will now have to amend or remove the legislation, which could take several years and will require parliament and national  government approval.

French companies at risk of cyber attack

Changes being made to employment laws in France will require any business with more than 50 employees to create an  accessible database for worker representatives containing information such as details of business assets, employee salaries and  forecasts outlining company strategy. The change increases the risks faced by companies in protecting confidential business  information from cyber attack as this will mark the first time that such a comprehensive central database of confidential  information will exist and be made widely available. Companies will need to ensure databases are sufficiently protected to  prevent stalking cyber thieves from stealing financially sensitive information.

China to work with EU on cybersecurity

The Chinese central government has announced that it plans to work closely with the EU on cybersecurity. The new direction was  contained in a recently published policy paper mapping out China’s priorities for its relationship with the EU for the next 5 to 10  years. China have promised to strengthen dialogue with Brussels on cybersecurity and to improve cooperation in fighting internet  crime and responses to cybersecurity threats. China has not issued specific policy papers for its other key trading partners such as  the US and Russia, highlighting the importance placed on the developing relationship aiming to combat cyber threat. 

Huge flaw in web security discovered

This week a flaw dubbed the “heartbleed bug” has been found in an encryption method used on more than 60% of all websites,  including Google, Amazon, Yahoo and Dropbox. The bug has potentially exposed web traffic, user data and stored content to cyber  criminals however so far there is no evidence that hackers have exploited the flaw. Whilst Google and Yahoo have made use of an  update released to repair the flaw, websites cannot necessarily see if a hacker has already used the vulnerability to access their  systems and concerns remain over whether keys guarding secret codes have been accessed. Security specialists are working to  find the hackers who still remain unknown. 

Google consolidate logins and privacy policies

Users of Gmail on iOS 7 (the latest iphone operating system) will now be automatically logged in to all of Google’s other online services  such as YouTube and Google+ by default. Previously, the various iOS apps by Google all had separate logins and privacy policies but  these have now been consolidated into a single policy. Google provided a customer service upgrade couching the updated privacy rules,  hidden away on their Gmail blog. This comes further to recent news that Google has paid a EUR 1 million (GBP 830,000) fine imposed by  Italy’s data protection watchdog over complaints that its Street View cars were not clearly recognisable.