Category: Information Privacy

UK Gov Cyber Essentials 10 Step Plan

This is a summary of the UK Government 10 step plan for Cyber Essentials, which is designed for organisations looking to protect themselves in cyberspace.

1.      Risk Management

Embed an appropriate risk management regime across the organisation. This should be supported by an empowered governance structure, which is actively supported by the board and senior managers. These should aim to ensure that all employees, contractors and suppliers are aware of the approach, how decisions are made, and any applicable risk boundaries.

2.      Secure Configuration

Identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. Develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities.

3.      Network Security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding. Your organisation’s networks may use of mobile or remote working, and cloud services, makes defining a fixed network boundary difficult.

4.      Managing User Privileges

All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed.

5.      User Education and Awareness

It’s important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well as helping to establish a security-conscious culture.

6.      Incident Management

Invest in establishing effective incident management policies and processes to help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.

7.      Malware Prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. The risk may be reduced by developing and implementing appropriate anti-malware policies as part of an overall ‘defence in depth’ approach.

8.      Monitoring

System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies.

9.      Removable Media Controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

10. Home and Mobile Working

Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers.

https://www.ncsc.gov.uk/guidance/10-steps-cyber-security has further information.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

Keep your personal information safe

Fraudsters are after your personal information including – full name, address and contact details, bank account numbers, logins and passwords for websites and Identification numbers such as passport details and driving licence.

Once they obtain your full name and other personal details, they can search official records, social media etc to piece together a fuller picture about you, with the intention of scamming you or even identity theft.

How To Stay Safe

  • Use multiple email addresses [link]
  • Use disposable email addresses (https://fightback.ninja/disposable-email-addresses/)
  • Use temporary email addresses [link]
  • Use the magic phone number if you don’t want to be contacted by phone, but a website insists you provide one [https://fightback.ninja/a-magic-phone-number-and-call-blocking]
  • Stop tracking cookies
  • Opt out whenever possible of Marketing emails etc.
  • Withhold data when you can or make something up if it is unimportant

Removing your personal information from the internet

There is a trade-off between having some information on the Internet about you so that prospective employers, old friends and others can find you and the problem of there being so much that criminals can use that information to con and steal from you. Also, it’s virtually impossible to remove all traces of your Internet activity.

  1. Restrict or Delete Social Media Accounts

Scammers seeking your information may start with your social media posts so make sure not to post anything personal or mention holiday dates etc. Simply deleting such accounts is safer.

  1. Close down Blogs and Blog Posts

Close or delete any blogs posts or the whole blog if it gives away personal information on you.

Personal blogs may contain intimate details about your daily life, family, jobs, health information and financial situation — which is information a fraudster could use to scam you or access your accounts. If you publish a blog, be mindful of the details you’re sharing.

  1. Websites, Chat Groups etc. With Your Information

If someone else has posted sensitive information about you on their website or blog, then you can contact the webmaster of the site and ask them to remove the information.

If a website refuses to remove your info, then you can send a legal request to Google and ask to have it removed.

  1. Phone APPS

Many APPS on your smartphone and tablet collect personal details such as your name, email address, spending habits, and geographical location. This information could be accessed by cybercriminals, leaked or stolen, and if it ends up in the hands of scammer, your finances could be at risk.

If you’re unsure whether an app is trustworthy, it’s a good idea to review the Terms of Use and Privacy Notice first to determine what info is collected, why it is collected, and how it may be secured, stored, and shared. You might also check some user reviews.

  1. Block Tracking Software

While browsing the web, you’ve probably noticed disclaimers about “cookies,” which is technology that tracks your web browsing habits. If you don’t want that information tracked and stored, then consider running security software that contains features to block online tracking. You should also understand the limitations of your browser and any do-not-track feature.

  1. Clean out your computer data

There’s a trove of personal information stored on your browser history, including the websites you visit (including financial institutions), passwords, and cached images and files. If a cybercriminal gains access to your device, they may be able to use that information. Regularly clear your browser history, delete cookies and install and use security software that includes online privacy features.

If you do all of the above then you will remove most of the data that anyone can find about you on the open Internet. There will always be data on government systems, retailers you buy from etc. but that is harder for any criminals to access.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Don’t Be Tracked Online So Easily

More and more websites, online services, social media sites, APPS etc want to track us – track what we buy, track where we go online, track any details about us they can get e.g. IP address, location etc.  because that data is valuable to them.

Sometimes they ask for permission to track us e.g. when you agree to their terms and condition, but often that’s not the case.

Is it all bad?

No.

For example, that tracking means the website can serve up adverts more to your liking rather than random ads, but many people don’t like that as it often takes the form of the same adverts following you from website to website.

How to Reduce Your Trackable Information

Reduce the level of information about you on the Internet to a necessary minimum and be aware that criminals can use whatever information they find against you.

  1. Email addresses

You can use multiple email addresses to separate your online activities e.g. use one email address for financial matters and one for social media and one for retail sites and one for unimportant websites.

You can also use disposable/ one time email addresses for any site you think will send you spam.

  1. Withhold your information or make stuff up where it’s not important e.g. misspell your name and give a fake birthdate
  2. If you’re not using any online accounts then delete them – you can always open a new one if needed
  3. Be careful of anything you publish on social media or that other people publish about you – e.g. pets names (possible passwords) or dates you’ll be away e.g. on holiday

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Startpage Search Engine Privacy

Startpage is a Dutch search engine company that highlights privacy as its key feature.

Startpage.com began as a web directory in 2002 then re-launched in 2009 as a search engine allowing users to obtain Google Search results while protecting their privacy by not storing personal information or search data and removing all trackers.

Since Startpage.com does not collect user data, it does not serve targeted advertising based on user data history. The company generates revenue from its search engine by providing contextual advertising based on the keyword used to perform a search.

Key Features

Startpage web search uses results from Google, for which the company pays Google.

  1. Startpage Does Not Keep Logs, so has no records of the IP addresses of its users, no tracking cookies or anything similar.
  2. Anonymous View Proxy

Startpage’s Anonymous View feature lets you view any site in a list of search results through a proxy, thus preventing the site you’re visiting from learning about your location, ISP, content stored in cookies, network settings and so on.

Fightback Ninja Signature

Information Rights Post Brexit

https://ico.org.uk/for-organisations/data-protection-at-the-end-of-the-transition-period/

The General Data Protection Regulation 2016/679 (GDPR) is a regulation in EU law on data protection and privacy across the European Union and the European Economic Area (EEA). It also covers issues regarding transfer of personal data to countries outside of outside the EU and EEA areas.

This has been UK law for years and although cumbersome at times, it has improved the safety of personal data generally.

Now the UK has left the EU, what happens?

The UK helped to draft the GDPR and is committed to maintaining at least the same levels of protection for its citizens.

The GDPR was converted into a piece of UK domestic law called UK-GDPR in early 2020 and came into effect when the UK left the EU in January 2021.

If you are a UK business or organisation that already complies with the GDPR and has no contacts or customers in the EEA, then there be nothing further you need to do currently.

If you are a UK business or organisation that receives personal data from contacts in the EEA, you need to take extra steps to ensure that the data can continue to flow.

If you are a UK business or organisation with an office, branch or other established presence in the EEA, or if you have customers in the EEA, you will need to comply with both UK and EU data protection regulations at the end of the transition period. You may need to designate a representative in the EEA.

For more detailed information go to https://ico.org.uk/for-organisations/data-protection-at-the-end-of-the-transition-period/

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature