dcsimg

Travelex falls victim to Sodinokibi ransomware attack

Travelex, a foreign exchange company with headquarters in London, has been hit by a ransomware attack, forcing it to shut down all computer systems across its 1,500 branches. Although the organisation said no personal data has been compromised, the criminal hackers behind the attack claimed to have acquired more than 5GB of personal data, including dates of birth, payment card information and … [Read more...]

ICO issues £500,000 fine to Dixons Carphone over data breach

Dixons Carphone, based in the UK, has been fined £500,000 (about €589,000) following a cyber attack that compromised the data of approximately 14 million people.   An investigation conducted by the UK’s ICO (Information Commissioner’s Office) found malware installed on 5,390 tills between July 2017 and April 2018.    Details of the breach The criminal hackers collected payment card … [Read more...]

GDPR compliance and managing personal data internationally

To enforce the Regulation outside the bounds of the EU, the GDPR has a number of elements designed to control how organisations within the EU are able to transfer personal data internationally.  The term “third countries” is not defined in the GDPR but comes from the EU’s primary treaties in order to refer to countries that are not party to those treaties. It is a common term in EU law and is … [Read more...]

What is an EnMS (energy management system) and why should we invest in one?

This pocket guide gives a practical but strategic overview for leadership teams of what an energy management system (EnMS) is and how implementing one can bring added value to an organisation. It is not a ‘how to’ book but explains why starting the ‘do’ is a good strategic decision.  Energy management is, in one sense, not so much about energy but rather the management of resources. This doesn’t … [Read more...]

Half of small businesses still aren’t GDPR compliant

It’s been more than 18 months since the GDPR (General Data Protection Regulation) took effect, and yet millions of small businesses across Europe have major compliance gaps, a study has found.  The GDPR Small Business Survey, which polled 716 organisations in Ireland, the UK, Spain and France, found that only 56% of organisations were confident that they obtained a lawful basis for processing … [Read more...]

Nine steps to successful ISO 27001 implementation

It may be something of a cliché but, for information security management system (ISMS) projects, it is certainly true to say that ‘well begun is half-way done’. The person charged with leading an ISO/IEC 27001:2013 ISMS project has to reduce something that looks potentially complex, difficult and expensive in terms of time and resources, to something that everyone believes can be achieved in the … [Read more...]

German hospital fined €105,000 for GDPR data breach

A hospital in Rhineland-Palatinate, Germany has been fined €105,000 by the State Commissioner for Data Protection and Freedom of Information Rhineland-Palatine (LfDI).  The fine was based on several breaches of the GDPR (General Data Protection Regulation) concerning patient admittances, resulting in patients receiving incorrect invoices, and exposing issues with the hospital’s patient privacy … [Read more...]

How can cyber security protect your organisation?

‘Cyber’ is a word we use all the time. But what does it mean? What are the implications for us as directors and general managers? Or as IT security managers and auditors?  ‘Cyber’ is thought to derive from the older term ‘cybernetics’ – based on electronic/mechanical control systems and the degree to which man-made and human worlds interact. Cybernetics is derived from the Greek word ‘kubernan’ – … [Read more...]

Cyber attacks and data breaches in review: November 2019

The numbers don’t tell the full story this month. There may have been 1.34 billion breached records disclosed, but almost all of them came from a single incident of ambiguous origin.  Likewise, there were an abnormally high number of incidents in which the organisation didn’t reveal the number of affected records, so it’s a hard month to define in terms of cyber security success.  What we are sure … [Read more...]

Q & A: The challenges for Data Protection Officers (DPOs)

Under the GDPR (General Data Protection Regulation), many organisations are required to appoint a DPO (data protection officer). Our recent webinar, ‘Challenges for data protection officers (DPOs)’, provided an introduction to the role and its requirements, covering the DPO’s responsibilities and the challenges they face. This was followed by a Q&A session with our GDPR expert Alice … [Read more...]