DPaaS Newsletter Data Protection as a Service Newsletter From CSP, Your Trusted Security Partner
Facebook doesn't know where users' data goes due to its 'open border' system Daily Mail | Alex Hammer
NEWSLETTER HIGHLIGHTS Facebook User Data
Leaked documents have recently revealed that social media giant Facebook are failing to keep track of its somewhat 3-billion users’ personal data. In an internal document obtained by Motherboard, privacy engineers for the site, pointed out flaws in the site's data
University of Essex Data Breach - 400 students
management system, admitting they were at a loss as to where its users' data goes. The leak was revealed after the Facebook came under-fire for collecting unwitting users' personal information for
Industry Update - Consumer protections against malicious apps
purposes including targeted advertising. If you think that your systems may be compromising users’ data, here are our top tips for improving the privacy of these systems: A Data Use Agreement (“DUA”) - should be reviewed and
Contact Us www.csp.partners
appropriately assigned to all 3rd party vendors who need the governing of specific data between two parties. DUA’s establish who is permitted to use and receive a unique data set, along with
info@csp.partners
the allowable uses and disclosures of the data by the recipient. CSP can help with drawing these agreements up and reviewing
0113 532 3763
them as part of our DPaaS services. Build a strong Security Policy - with clear roles and responsibilities of all employees. By defining roles and understanding which roles can access your business data. User escalation privileges needs to
26 Whitehall Rd East, Leeds, LS12 1BE
be monitored, so if any employee tries to access data which is above their role, you can be aware of this and stop them from accessing. APRIL, 2022
@CyberSecPartner @CyberSecurityPartners CYBER SECURITY PARTNERS
CSP advice continued... Privacy Impact Assessments (PIA) - is an impact assessment conducted to determine the impact that a new technology project, initiatives or proposed programs and policies might have on the privacy of individuals. It sets out recommendations for managing, or eliminating that impact. This should be conducted whenever a system/policy has significant chances which will protect end users, by demonstrating due diligence and compliance with privacy best practices. CSP can produce PIA reports on any critical business solutions to reduce the risks associated with data privacy.
University of Essex: Data breach exposes 400 students' info Echo News | Lewis Adams Students from University of Essex are seeking legal advice after a major data breach, which led to the release of personal information. The email message, from a facilities management delivery partner of the university requested payment for repairs to a broken door on a campus accommodation block contained a spreadsheet full of information on residents, including student IDs, dates of birth and contact details – relating to 412 individuals in total. To improve your security posture when it comes to 3rd party vendors, we would suggest the following is a great place to start, to help your understanding of where the weakest part is in your supply chain: ·Stronger Access Control - Access control is allowing information to be given on a need to-know basis. Businesses should frequently be assessing the RBAC (role-based access control) model, which should be adopted, particularly when your systems are accessed by 3rd parties. You should adopt the principal of least privilege. Many third-party data breach (like this one) occurs because the third-party are allowed more access than needed to do their jobs. This is why you should consider investing in a robust role-based access control. ·Data handling training - when handling sensitive data, it is vital that the process is not rushed. Any 3rd party vendors should be formally introduced into this process and included, as this should be an acceptance of agreement that they will abide with, and staff should be regularly trained on the importance of data handling. CSP's DPaaS Information Handling Training can provide assistance on creating a strong training guide, which can be passed onto whomever will need this.
Industry Update Tougher consumer protections against malicious apps A new report on the threats in app stores published on the 4th May by the National Cyber Security Centre (NCSC), shows people’s data and money are at risk due to the increase of fraudulent apps. These contain malicious malware created by cyber criminals or poorly developed apps that can be compromised by hackers exploiting weaknesses in software. To provide an increase in protection for consumers, the government is launching a call for views from the tech industry. Under new proposals, app stores for and other smart devices could be asked to commit to a new code of practice setting out baseline security and privacy requirements. The proposed code would require stores to have a vulnerability reporting process for each app so flaws can be found and fixed quicker. They would need to share more security and privacy information in an accessible way including why an app needs access to users’ contacts and location. Cyber Security Minister Julia Lopez said: “No app should put our money and data at risk. That’s why the Government is taking action to ensure app stores and developers raise their security standards and better protect UK consumers in the digital age.” APRIL, 2022
CYBER SECURITY PARTNERS