0131 510 1234

Archive for category: Data Protection

Data Privacy Day 2019

Data Privacy Day 2019

Data privacy. Take a second to think about these two important words and what they mean. More than merely a buzzword for the new millennium, data privacy impacts all our lives in a connected world, especially in the workplace.

Since the implementation of GDPR, the stakes are much higher for organisations that don’t take data protection as seriously as they should. A recent example of a company falling foul of GDPR is Google, recently fined £44m by French data regulators CNIL for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”. Although Google hasn’t experienced a data breach – the charge is related to consent.

Why data protection matters

The workplace has been transformed in the past decade. We are all more connected digitally on social media apps such as LinkedIn, Facebook and Twitter. Online services such as banking apps, Netflix and Amazon store our financial details on cloud servers. Add a massive increase in computer savvy criminals to the mix and you have the ingredients for a perfect data privacy storm. Data privacy isn’t “someone else’s problem”, it’s everyone within the company’s responsibility to protect personal and company information.

Data breaches and loss of company information has far-reaching consequences for a business. Reputational and profit damage resulting from negative press, fines and increased IT costs after the event are examples of additional expenses incurred by most businesses after an information security incident. Research also indicates that a data breach can be fatal for many smaller organisations.

data privacy day 2019 - mid section image

Simple steps to improve data privacy

Information security is a complex beast, with a myriad of products and services on the market. As with most things, you get what you pay for and most vendors specialise in specific sectors or verticals. Let’s remove ourselves from product-specific advice for a moment and focus on strategic methods to improve organisational data privacy.

Increase user awareness

Providing user awareness training is one of the first steps organisations must take to improve information security. Although employees are the greatest strength of an organisation, they are also a target for hackers.

Make users aware of their responsibilities and teach basics such as the importance of choosing strong passwords to protect app and account logins. It is important to keep your team up to speed on the many dangers that abound in email phishing attacks. Phishing is the number one method used by criminals to extract user credentials, business-critical information and finance details from unsuspecting employees.

Use encryption

Encryption protects data at rest and in transit from being intercepted by scrambling the information, presenting a string of nonsensical characters when reading without a unique decryption key. Encryption is particularly useful when protecting mobile devices such as laptops, tablets and smartphones as well as external hard drives and USB drives – all of which are easily lost or stolen.

It is also worth noting that protecting mobile devices with a password or passcode should also be a priority, adding a further security step.

Use a VPN

When employees need to send data between branch sites or access information stored on the corporate network from outside the office, investing in a VPN solution is essential.

A VPN extends a private network across a public network such as the Internet, enabling users to send and receive data securely as if their devices were connected directly to the private network. Data travels through secure tunnels, and authentication methods such as security tokens are required by users to gain access to the VPN server.

Use a reputable password manager

We log in to more online services than ever before, increasing the need to maintain high levels of security. Official advice from the Government’s cybersecurity arm, NCSC advises using a different password for each unique online service you log into. The reason for this is to stop criminals compromising all your online accounts should they successfully crack the password to your Facebook account, for example.

So, how are you supposed to remember all these strong and unique passwords keeping your information secure? The simple answer is to look into a reputable password manager. There are many options on the market and by doing some research, you will find the best one to suit your specific needs. Most password managers can generate complex passwords as well as prompting you to change passwords it thinks are duplicated elsewhere or are considered weak. Most products also work on all devices and will offer a prompt to help when filling out a form on a mobile device – very useful!

Enable Multi-factor authentication

Multi-factor authentication (MFA) adds an additional security step to the login process. MFA consists of a combination of two of three things – something you know, something you have and something you are. For instance, when you withdraw cash from an ATM, you use your bank card (something you have) and you enter a PIN (something you know).

Adding an extra step at the login stage such as an authenticator app or asking the app to send a unique code via SMS, increases the protection of that particular account. MFA is easy to set up and administer and will, in most cases, protect the information held within the network or account.

Develop a robust data privacy strategy

Obviously, there are many more ways to increase information security within the organisation and the list above is by no means exhaustive. Applying a strict set of security policies and ensuring your employees are familiar with processes is a key information security strategy. If you haven’t already done so, achieving GDPR compliance and Cyber Essentials accreditation provide additional data protection credentials, which can benefit your organisation in many ways.

Thanks for taking the time to read this article on data privacy day, at Network ROI we are passionate about IT security, and the safe, secure operation of our clients’ networks is our top priority. We are Cyber Essentials Plus and IASME Gold accredited which means we help businesses improve their information security stance.

Please call us on 0131 510 3456 or email  to discuss your data privacy and information security strategy, we’d be delighted to help.

Investigation of a data theft

Investigation of a data theft

Lately, we’ve seen a lot of companies performing data security infrastructure audits.  This increase has been influenced partly by the recent GDPR legislation but also in part by a lack of trust in the protection offered against insider threats by traditional security controls which typically focus on external threats.

We still have our work cut out to increase awareness of the message around the insider threat. Research indicates less than 10% of businesses feel safe from threats within their network. Also, more than 40% of UK companies surveyed felt privileged users (management, system administrators, network administrators, et al.) pose a significant threat to their data security. The times are changing – but not fast enough!

Case Study – How Zonefox protects networks from the inside

That’s why a UK-based engineering firm engaged ZoneFox – so they could gain visibility into whether or not their existing security posture was working effectively and securing their highly valuable IP.

Check out the full case study here and discover how ZoneFox was able to identify what their existing toolkit couldn’t, by providing 360 visibility into activities around their data and alerting on risky behaviours in real time.

How big a risk is the Insider Threat to your organisation?

How big a risk is the Insider Threat to your organisation?

Meet Team ZoneFox at Infosec 2018 to halt the insider threat in its tracks!

With the recent release of ZoneFox 4.0, the ZoneFox Team will be out in force at Infosec 2018 to showcase our enhanced insider threat detection platform.

InfoSec 2018 is the must-attend show for any security professional. Attending this year? Then head to stand R80 to discover how ZoneFox can mitigate business risk and help you protect business-critical data 24/7.

From identifying anomalous user behaviour, alerting on incorrect access permissions to unauthorised software installs or removable device use – speak to the experts at InfoSec and find out how ZoneFox technology can bring light to the often dark areas of data security.

You can expect to see on the day:

  • Live demo showing threat hunting in action.
  • Witness the advantages and developments of ZoneFox AI
  • Discover all about their latest launch, ZoneFox V4.0, including a number of product enhancements.
  • Understand how to defend against threats, prepare for compliance, and help address the rise of the insider within your organisation.
  • Have the opportunity to ask questions about the product, and how it relates to your industry from the experts.

We know it’s a busy event, so pick a slot and we’ll be ready for you – we’ll be on stand R80. Don’t miss out –

Book your slot now.

Not registered – you still have time – you can sign up for Infosec 2018 here

Not attending but still want to see the award-winning ZoneFox Insider threat detection platform in action? Then we will come to you – book a meeting with us today.

10 things the Mobile Guardian MDM does for schools

10 things the Mobile Guardian MDM does for schools

A powerful, cloud-based MDM solution that’s engineered for schools.

Because of the exponential growth in the use of information technology, schools are incorporating mobile devices into their curriculums, to prepare students for their future employment. Worldwide, schools are implementing digital pedagogies with either shared mobile devices, dedicated 1:1 schemes or BYOD.

However, a mobile learning strategy presents numerous challenges. Schools need a means to manage, monitor and maintain a host of mobile devices, protect students from harmful online content, and ensure that their devices are secure.

Perhaps you are looking for a Mobile Device Manager (MDM) for the first time, or perhaps your current application is limiting your mobile learning strategy. Selecting the right MDM is critical to your school’s success in this field.

Mobile Guardian is a cloud-based MDM solution that offers unparalleled control and visibility. Designed to simplify MDM for schools, the feature-rich product makes managing an unlimited number of devices as easy as possible, regardless of operating system.

Here are ten ways the Mobile Guardian MDM can help your school.

1. Manage ALL your devices

We know it’s a pain to invest in and manage multiple solutions to monitor different devices. Wouldn’t it be great if you had a dashboard that let you manage everything? Our multi-OS MDM lets you manage Chromebooks, Android, iOS and macOS devices from a single dashboard. You’ll finally have a centralised view of all school devices.

2. A one-stop shop

Tired of paying for several MDM, web filtering and classroom management solutions? Mobile Guardian offers powerful MDM controls, robust web filtering and easy-to-use classroom controls, neatly rolled into one powerful solution.

3. Protect 1:1 devices, no matter where they are

Our robust off-campus filtering means that you can protect student devices whether they’re at school, at home, or even on a field trip. Rest assured, that wherever the device goes, Mobile Guardian’s state-of-the-art protection goes with it.

4. Fast enrolment

Remotely enrol thousands of devices with a few simple clicks. We’ve integrated with Apple School Manager, Active Directory and G Suite OU’s. You won’t have to waste time collecting devices and manually enrolling them. We also provide various enrolment options. Find one that suits your needs and start planning how you’ll spend all that extra time.

5. Easy-to-use tools for teachers and parents

We like to think of an educational ecosystem that exists between schools, teachers, parents and of course students. That’s why we’ve developed cloud-based, classroom management tools to empower teachers in the classroom. There’s also a parent dashboard with controls that help parents encourage healthy smartphone habits when their children are at home.

6. Control from the cloud

Enrol devices, install and manage apps, wipe devices and reset device passwords without ever having to leave your desk. You’ll be able to do it all, at the touch of a button and you’ll no longer have to walk from class to class to manually reset passwords.

7. Adopt the mobile strategy that you actually want

Don’t let your MDM pigeon-hole you into a mobile learning strategy that is no longer suitable or makes no financial sense. Perhaps it can only handle one type of device or prevents you from trialling new learning methods. With our flexibility you can invest in different device types and implement 1:1, BYOD, shared devices or even a combination of all three. Plus it’s easy to switch from a current MDM provider to Mobile Guardian.

8. Always honour your AUP

Once restrictions are set, wherever the device is and whether it’s using school WiFi, public internet or mobile data, the device will always comply with your AUP. The apps, websites and content you choose to restrict,  will stay off-limits, with no exceptions.

9. Curb device theft

Significantly reduce the numbers of devices that go walkabout. Track lost or stolen devices and set up alerts to lock, shut down or wipe a device when it comes online. Use our platform to help recover your devices and keep your fleet safe.

10. All the information you need, when you need it

We’re big into customisation. You can set up Mobile Guardian to deliver the exact information you need. Customise your dashboard and configure alerts and reports to keep you updated on your own terms.

Facebook, Cambridge Analytica & Data Protection

Facebook, Cambridge Analytica & Data Protection

A massive data privacy row erupted in the press this week as Facebook was found to have sold personal data belonging to more than 50 million people to Cambridge Analytica.

Why does Facebook harvest your data?

Facebook is by far the largest social media platform, with 2.2 billion monthly active users. Reaching such a massive amount of people requires an enormous amount of resource including technology, power, buildings and an army of people to deliver the uninterrupted Facebook experience many of us enjoy.

Facebook uses the information we enter into the platform to help advertisers deliver carefully targeted ads to users. These ads create the income to maintain the Facebook infrastructure and to keep shareholders happy.

Here’s a crude example: you are mad about dogs and own a pug. You like the Cute Pugs Facebook page, are a member of your local Hugs for Pugs Facebook group and have visited the website of an online pet supply store. The store owner knows (from their Facebook pixel) you are a pug fanatic and can now schedule pug accessory ads to appear on your timeline.

Facebook also has your name, date of birth, address, email address and most probably a lot of similar information that belongs to your friends and family. Every time you check into a store, restaurant or tourist attraction, Facebook stores that data. Whether you realise it or not, you are leaving a trail of data wherever you go – and that extends to shopping with loyalty cards and filling up your car at the pumps with your bank card.

What have Facebook and Cambridge Analytica done wrong?

Facebook invited users to fill out the ‘This is your Digital Life” personality quiz, developed by Cambridge University researcher, Dr Aleksander Kogan.

The app collected information from 270,000 people that completed the quiz as well as harvesting data belonging to their family and friends, affecting an estimated 50 million people. Cambridge Analytica bought the data and used it to profile American voters, enabling them to send targeted campaign material on behalf of Donald Trump’s election campaign.

Two things will happen as a result of this scandal.

1 – We will all have a clearer understanding of the value of data
2 – An increased awareness of the need to protect personal data

Facebook shares fell 2.6% when news of the scandal broke, wiping an estimated $60 billion off the stock value of the company. Governments around the world are concerned that similar events could impact their political process are demanding apologies and reassurance from Facebook CEO, Mark Zuckerberg – who’s failure to respond swiftly has drawn criticism. Facebook users are also taking action with the hashtag #DeleteFacebook gathering momentum. Ironically, many are decamping to WhatsApp and Instagram – also owned by Facebook, D’oh.

The need to protect personal data is something we talk about often, albeit from a business owners perspective. We’ve spent much of the last twelve months discussing the new data protection legislation, the GDPR which comes into effect in a few weeks.

The difference with this case is the scale. Talk Talk and other high profile companies have suffered significant data breaches that only affect their customers. More than a quarter of the world’s population use Facebook every month, a massive amount.

How to protect personal data on Facebook or any other social media platform

If you want to restrict the number of ads that appear on your timeline, install adblocking software. There are many adblocking apps on the Internet, but as always, you should tread carefully. We would recommend against installing potentially invasive browser extensions as many of these have security vulnerabilities. We definitely wouldn’t recommend installing such apps on a business PC.

Another tip is to limit the number of pages, topics and other general stuff you like on Facebook. Much of the data mined in the Cambridge Analytica case was personality based, and this type of data is like gold dust to online advertisers. You can also limit the amount of information your browser is gathering and sending to social media sites by browsing the web in private or incognito mode.

Don’t post things that you want to keep private on social media. If you enter personal information on social media, protect your account with a secure password and adjust the privacy settings to ensure no-one outside of your immediate network of friends, family and colleagues can see your posts.

Social media sites have lengthy terms and conditions – which many of us don’t read. Facebook has updated theirs to prevent this type of data disaster happening in future, but when a platform has access to so much personal information, it is only a matter of time before another situation occurs.

Network ROI is a Managed Service Provider specialising in network security and data protection. We are always ready to talk about information security, visit if you want to know more.