Amazon’s GDPR Penalty
Amazon has had a rough go of it this past week, as punitive measures came down from Luxembourg’s National Commission for Data Protection for an alleged violation of GDPR. A major case, the fine imposed is around $887 million, setting the high mark of fines so far under the European data security regulation. Amazon is… Read More
Scraping data from LinkedIn and an oil company’s breach
What does or does not constitute a data breach can sometimes be a little ambiguous. Data scraping qualifies as such to some, as it utilizes applications to gather, or ‘scrape’, publicly available data from websites. Is this a legitimate activity, or does it allow for more data than is publicly accessible to be taken? No… Read More
The gig economy has put corporate data at risk
Compounding the complexity of remote working, a recent rise in the gig economy is spreading enterprise data security issues even wider, as workers are brought in on a brief timeframe to fill specific roles and tasks. Unfortunately, this fleeting arrangement further increases the attack surface whereby hackers can breach the network, spreading workers outside the… Read More
New paradigm of gig workers creates new data security risks
By now, we have seen fairly frequently the numerous risks inherent in the new remote work paradigm. But cousin to this state of affairs is how a new “gig economy” work pattern is also creating risks and forcing companies to reshape data protection strategies. As an ad-hoc kind of policy, organizations are increasing the threat… Read More
When the Dark Side took down a pipeline with ransomware
Generally when you see “Darkside” trending on social media, it’s about something Star Wars related. Such was not the case recently, but rather a hacking group based in Russia that took down the Colonial Pipeline, one of the largest pipelines in the US, by compromising its management equipment. By now, the incident seems to have… Read More
Regulatory attention to data security
Effective regulatory attention to data security at the national level continues to elude us after all these years. For as long as a patchwork of state level and local standards has existed, industry experts have been calling for drastic improvement. According to Dark Reading, the aftermath of the SolarWinds hack may provide the best opportunity… Read More
Apple AirDrop security and best practices
A recent Apple event showcased the new AirDrop file sharing service, but a notable security flaw is drawing concern. With only a good Wi-Fi connection and two nearby Apple devices, AirDrop’s functionality can be exploited to allow access to the personal information of potentially 1.5 billion users. Email addresses and phone numbers at minimum are… Read More
Cybercrime does not discriminate across industries
No matter the industry, whether in finance, a ransomware breach of a Canadian construction company, or farming in Australia, the threats posed by compromised data is the same. The recommended preventative steps likewise cut across all sectors. Backing up data, implementing safeguards against phishing attacks and ransomware, and educating employees on best practices remain universally… Read More
Ransomware busts and the risks of password reuse
You can always depend on ransomware to make frequent data security headlines. Recent news from France details how members of the Egregor ransomware group, “suspected of initiating hundreds of ransomware attacks dating back to September 2020,” have been apprehended by a combined Franco-Ukrainian operation, specifically affiliates and others working for the group. Details of the… Read More
What data responsibilities do businesses have?
A recent lawsuit from Tesla shows the continued impact made by insider threats against a company’s cybersecurity structures. In this case, their target is a former employee accused of stealing proprietary codes and software files from the company’s systems. Apparently it only took days after starting his job for this employee to have sent thousands… Read More