EU General Data Protection Regulation_Cyber Major

Preparing for GDPR

Preparing for GDPR - What's the Deal on International Data Transfers?

I'm sure you've heard about it by now, but if not - the upcoming EU General Data Protection Regulation puts in place stringent new standards for ensuring adequate safeguards for most international transfers of personal data.

Basically, apart from in all the situations explained later in this article, you can only transfer personal data to other countries by legally protecting it - mainly through "model contractual clauses" issued by the EU Commission or using "binding corporate rules" with specific information requirements to lock into place adequate data protection standards when that data is processed in other countries.

Now, as alluded to earlier, these extra safeguards don't apply if you're transferring data to EEA countries (all the EU member states + Norway, Iceland and Liechtenstein). They don't apply either to a specific list of other countries which have been deemed to have "adequate" data protection laws and regulatory structures already in place by the EU Commission. These countries are: Andorra, Argentina, Canada, the Faroe Islands, Guernsey, the Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay.

The Spectre of a Potential Security Meltdown

Spectre. Meltdown. These phrases sound like the titles of bad B-Movie action films. But they’re very much real. They’re the name of two massive CPU exploits that were uncovered over the past week (the first week of January 2018). Both are the biggest threats to processing hardware we’ve seen in a long time.

At their heart, both attacks take advantage of the fact that processors execute instructions speculatively. All modern processors perform speculative execution to a greater or lesser extent. They'll assume that, for example, a given condition will be true and execute instructions accordingly. If it later turns out that the condition was false, the speculatively executed instructions are discarded as if they had no effect.

2 Factor Authentication is a Life-Saver

2 Factor Authentication. You’ve probably heard of it.

It’s being rolled out more and more aggressively across all sorts of devices, and implemented in all kinds of software.

It’s basically a way of having 2 sets of doors to your sensitive information with different ways of opening them.

It’s vital as a safeguard to prevent malicious hackers from gaining access to your vital data even if they’ve breached other security controls you had in place, such as a password.

Time and time again we’ve seen examples of this saving business’s bacon and preventing much bigger data breaches from occurring.

Just this past week, A Dutch security firm fell victim to a well-executed attack that allowed hackers to take control of its servers, and intercept clients' login credentials and confidential data.

The Devil Is in the Detail

No doubt you’ve heard about these things called “ransomware attacks” which have appeared all over the news every now and again.

Just this summer, the NHS came under mass attack from ransomware called “WannaCry” that locked doctors and other staff out of their computers, demanding a payment to unlock their vital working information.

As usual, the government did its thing and recommended everyone kept their operating systems up to date and install strong anti-malware programmes to prevent such a crippling attack from happening again.

So. You’ve been responsible and followed these guidelines. That means you’re safe, right?

Security experts urge hoteliers to prep for EU’s GDPR

As cyber-crime continues to expand at an exponential rate, hotels have to comply with new, aggressive regulations such as the EU GDPR to make sure the massive amounts of data they hold is properly protected.

The law coming into place on the 25th May 2018 forces organisations to properly keep track of and protect their data according to the wishes of their employees, clients and best practice guidelines.