Are 1 in 4 UK Businesses Unprepared for GDPR?

The GDPR (General Data Protection Regulation) will come into force in May 2018. However, recent research has indicated that nearly a quarter of UK businesses are completely unprepared for it.

The survey was conducted of senior IT decision makers at major UK companies by information management company Crown Records. In the survey, they found that as many as 44% of senior IT specialists believed the GDPR wouldn’t apply to them once the UK had left the European Union. A further 24% had already cancelled all preparations to comply with the regulation.

The GDPR is a far reaching EU regulation designed to unify and strengthen data protection laws across the European Union. Data protection regulations are designed to protect the personal information of individuals online. Through an extensive legal framework, the GDPR holds any business accountable for protecting personal information. By ensuring data isn’t kept indefinitely, it also enshrines the principle of ‘the right to be forgotten’, which is a key aspect for individuals maintaining their reputation online.

The GDPR will go into force by May 2018. Failure by any business, large or small, to follow these regulations will result in hefty fines and sanctions. Sanctions for noncompliance with the regulations include fines up to 4% of global turnover, which could be as high as 20 million euros.

The alarming level of confusion surrounding the GDPR seems to be largely caused by the UK’s currently confusing relationship with the European Union. The UK’s decision to leave the European Union has left many people under the impression that EU laws will no longer apply to them.

In the case of the GDPR, EU laws are definitely being retained. For starters, the GDPR is coming into force in 2018, before the UK will have fully withdrawn from the EU. The UK government has also expressed its intention to retain many EU regulations, including the GDPR. Furthermore, the UK’s Minister of State for Digital and Culture, Matthew Hancock, has confirmed that the UK is intending to continue with the GDPR even after it has left the EU. So, those 24% of businesses that have dropped their plans to comply with the General Data Protection Regulations will be running a serious risk of hefty fines.

With so many business leaders confused about the GDPR, it will be essential for the UK government to clearly clarify the legal situation. Otherwise, many businesses could face major sanctions.

7 Types of Malware and How They Attack Your Computer

Did you know that the first malware dates back to the 1970s, long before the internet even existed? Harmful computer codes and software were considered a prank in the early days of programming, but as our dependence on computers has grown, criminal attacks have become sophisticated and lucrative.

The term malware, short for ‘malicious software’, was first used by an early security researcher, Yisrael Radai, in the 1990s. It refers to any harmful program capable of controlling a computer, usually for the purpose of stealing sensitive information or destroying functionality. Destructive code can be hidden in any program, but today’s malware are most commonly delivered via the internet where criminals can conceal their identity more easily. Once hackers gain access to sensitive data, they use it for financial gain, or to destroy personal and professional reputation. At ReputationDefender, we help our clients safeguard their personal information with ongoing surveillance and privacy reporting. We also assist with removal and reputation rebuilding if you’ve already become a victim.

Antivirus and other software will protect against many types of malware, but hackers are constantly developing new programs and delivery techniques that will pass under the radar. Malware concealed in a harmless looking link can infect your computer almost immediately and be very difficult to get rid of.

Defining Malware

Today, there are so many different types of malware it’s hard to keep up with all the terms. These are seven of the most common malware and how they affect your computer.

  1. Viruses – just like a cold virus, a computer virus infects by reproducing, copying its source code until it can control the entire computer. This type of malware is delivered in a file attachment and it can also spread to other computers via corrupted files that you send. Today, viruses are frequently detected by antivirus software, so they are less common than they used to be.
  2. Worms – this is a ‘standalone malware’. Like a virus, a worm is self-propagating and can spread to other computers, but it infects networks rather than computer files.
  3. Trojans – like the famous story of the Trojan horse, this type of malware masquerades as a legitimate download, often an email attachment such as a routine form. Trojans don’t replicate themselves, but they do open a backdoor that will allow hackers to steal data from your computer.
  4. Ransomware – this type of malware will encrypt computer files so they are unreadable. Once the files are scrambled, the hackers will demand a ransom price in return for the key that can decrypt the data. This new type of malware has been on the rise over the past few years, with large scale attacks aimed at organisations that store a lot of valuable information, like hospitals and police networks.
  5. Spyware – this is a form of malware that will monitor your browsing activity and sometimes try to steal passwords. Spyware works similarly to adware, which is responsible for the annoying, but harmless, advertising that pops up on some websites or apps.
  6. Browser Hijackers – malware that will take over a browser, usually creating a new homepage and redirecting searches to pages you don’t want to visit.
  7. Rootkit – this is a term you’ve probably heard in relation to malware. A rootkit won’t actually harm your computer, but it will hide a virus or other malware from detection. Most major antivirus software now include rootkit removal.

Vulnerability Discovered – Why You Shouldn’t Use WhatsApp and Telegram on the Web

According to the Israeli security firm Check Point, even encrypted messenger apps like WhatsApp and Telegram can be penetrated by malware. Just this month, spokesperson Doros Hadjizenonos announced the firm had discovered a weakness in the web versions of these apps. The vulnerability allowed hackers to send a contaminated photo capable of infecting the entire account upon opening. Both companies have reacted immediately to patch the problem and users who have downloaded the latest version should be protected. However, security experts are still advising that high-risk individuals stick to the mobile version of WhatsApp and Telegram.

Encrypted Apps are the Secure Choice

Privacy and reputation go hand in hand. ReputationDefender clients include individuals and businesses working to build a positive web profile. A few personal details or a private message made public can quickly undo months of effort. With over 1 billion users, WhatsApp is the go-to messenger app and the announcement of ‘end-to-end encryption’ last year made it one of the more secure choices as well. A unique encryption key means no one but the intended receiver can unlock and read the message, not even WhatsApp itself. Meanwhile, the lesser known Telegram has been offering ‘Secret Chats’ that rely on a similar encryption key for several years.

What Went Wrong?

Unfortunately, in this case encryption created its own unique problem. Since the sender’s content was scrambled before upload, the app wasn’t always able to identify contaminated files. Hackers could conceal HTML code in a harmless-looking image and send it to an unsuspecting user. Opening the message in a web application would allow the malware to run immediately on the user’s browser, giving hackers access to the entire account: personal contacts, messages, images… everything.

Hadjizenonos has assured users that WhatsApp and Telegram both responded quickly and responsibly to Check Point’s warning. The input validation process has been improved to identify and block files containing malware on both web and mobile versions. As always, it’s important to download the latest updates immediately, since these often contain fixes for weaknesses and vulnerabilities that have just been discovered.

What’s Different with Web Apps?

The larger lesson is that the mobile versions of WhatsApp and Telegram are more secure than the web-based versions. Web apps use JavaScript which will input new code and overwrite functionality immediately. Mobile apps don’t support this ‘just-in-time’ compiling; changes much be downloaded and configured before installation. This means users are better protected from the type of vulnerability spotted by Check Point.

Although this particular risk has been eliminated, it won’t prevent hackers from discovering a new access point in the future. If your WhatsApp account contains data that could hurt you if it were made public, it’s best to avoid messaging on the web. Stick to mobile, where there’s an extra layer of security.

Victims of Revenge Porn Need More Privacy

Revenge porn, publicly posting explicit photos after a break-up, is a troubling online phenomenon that appeared about five years ago. Worryingly it is becoming increasingly prevalent and affecting growing numbers of men and women. A recent UK law took steps to address the issue, clearly making it a crime to post images or video without the subject’s consent; however the bill lacks important protections for victims’ privacy and identity. This is a concern for us at ReputationDefender since anyone coming forward to report a violation can find their online reputation damaged even further with articles and posts related to the trial.

Defining the offense

Calling revenge porn a sexual offense would give victims anonymity for life; however the Home Office recently rejected this definition, saying that even though “victims can in some circumstances feel violated,” lack of actual “contact” or “gratification” makes the offense “malicious” rather than “sexual”.

Dr. Clare McGlynn, a professor of law at Durham University, disagrees with this assessment. She believes that even though the crime is “image-based” it is still a form of “sexual exploitation” and therefore warrants the same level of victim protection as other forms of “sexual abuse.” According to McGlynn, the law’s focus on perpetrator intent rather than the consequences for victims detracts from its purpose. Many subjects of revenge pornography face real psychological damage not to mention the harm done to their career and future relationships.

Revenge porn prosecution rates are low

Unfortunately, lack of automatic anonymity for victims has had a significant effect on the number of cases that are prosecuted under the new law. Revenge pornography became a specific crime in the UK as of April 2015 and by December of that year, 1,160 cases had been reported to the police, including three cases where victims were children of eleven years old. However 61 percent of the accusations resulted in no action being taken, either because of insufficient evidence or because the subject of the photos chose not to pursue prosecution. Only 11 percent resulted in an actual conviction.

Maria Miller, one of the MP’s who pushed for a law dealing with revenge porn, says this is directly related to anonymity. “Too often victims say they can’t face the prospect of their case coming to court,” she says.

The majority of people believe victims deserve anonymity

There is a lot of public support McGlynn and Miller’s position on this issue according to a new poll from ICM. Of the 2,048 people questioned, 75 percent believed that victims of revenge porn should be given the same protections as victims of other sexually related crimes. Among women, the numbers were slightly higher at 77 percent while only 72 percent of men were in agreement. Unfortunately, as long as the Home Office’s decision stands, public opinion won’t help victims of revenge porn who feel they may face more harassment for coming forward. If you are facing this situation and are concerned about the risks of disclosure, contact our privacy experts at ReputationDefender.