Cybata

11/10/2024

We are excited to be exhibiting in the companies.

We help organisations become data safe and cyber safe organisations so they are both sustainable and can protect the data of those they employ and serve.

In the case of The Terrorism (Protection of Premises) Bill, previously known as Martyn’s Law, we can help organisations assess their digital defences, operating practices and policies and procedures because that’s what we do, throughout every year.

We focus on what we do best to ensure organisations can be confident they understand how to detect (digital surveillance), appropriately protect data that might be of use to terrorists and to ensure appropriate (digital) polices and procedures back up these areas. Of course, we support this work through educating teams about the digital world we both love and work in so we understand the context of the threats we face.

Visit our website if you’d like to contact us. www.cybata.co.uk .

murray

Meet Cybata at The South Wales Business Expo, 14th November 2024, Cardiff City Stadium

More info: https://zokit.co.uk/expo?utm_campaign=meetedgar&utm_medium=social&utm_source=meetedgar.com

04/05/2022

How do you keep track of all your passwords?


Do you write them all down in a special book?
Perhaps you save them to your browser?
Or do you just use the same password for every account so you never forget it?

⚠️Doing ANY of the above is setting yourself up to be hacked.

Using a password manager, like LastPass and others, is the best way to keep track of your passwords.

✅You can keep track of all your passwords in one place (every account you use should have a unique, strong password)
✅It’ll save time as you can ‘auto-login’ to your accounts
✅It’s the most secure way to store passwords- no more writing them down on bits of paper!
✅All you need to remember is the ‘master password’ for your password manager account

Do you use a password manager like LastPass? If not, would you now consider using one?

27/04/2022

Trust.

What is an organisation without...
-Trust from their employees?
-Trust from their customers/those they support?
-Trust in their organisation to do the right thing?

A data breach can totally destroy trust.

This week we heard 2000+ health workers have been affected by a data breach, including their personal details (see article here: https://www.belfasttelegraph.co.uk/sunday-life/news/investigation-launched-as-2000-health-workers-caught-up-in-data-breach-41581207.html).

Support measures have been put in place to try and restore the confidence and ease fears of those affected.

Data breaches like this occur far too often, but can easily be avoided with...
✅Good quality training
✅Adequate cyber security
✅Lawful data protection practices

With these key measures in place, we're positive that instances like this will become far less common in the health sector, however, we fear it's going to take a long time!

Would being part of a data breach impact your trust in an organisation? Would your opinion on an organisation change if they suffered a data breach?

More than 2,000 health workers are at the centre of a data breach over the disclosure of their personal details, Sunday Life can reveal.

13/04/2022

To work with the NHS, Health & Social Care organisations must submit a DSP (Data Security and Protection) Toolkit assessment.
It’s a matter of keeping or losing your NHS contract.

The DSP Toolkit assessment means:

-Demonstrating your compliance with the law
-Providing evidence of your best practices
-Ensuring you don’t breach your NHS contract

Preparing for your DSP Toolkit assessment is more effective with the help of a specialist:

Understand the questions.
Understand how to respond.
Understand how to improve.

Then, you’ll be better prepared for your formal submission (30 June 2022) 💪

Need help? Head to the Cybata website→ https://cybata.co.uk/nhs-dsp-toolkit-help-guidance/

11/04/2022

If you or anybody you know uses Mailchimp, take a look at this...

A successful social engineering attack on Mailchimp employees has resulted in:

-Employee credentials being compromised
-Access to 319 Mailchimp accounts
-Staged phishing emails targeting crypto companies and other organisations

❗️Mailchimp is recommending that ALL customers enable two-factor authentication to secure their accounts from cyber-attacks.

See the full article here: https://www.theverge.com/2022/4/4/23010317/hackers-mailchimp-trezor-cryptocurrency-phishing

31/03/2022

What cyber security challenges are healthcare organisations facing today?

How can these organisations manage risks and protect their data?

As technology continues to grow and develop, so does the risk for cyber-attacks, and for healthcare organisations that handle personal data across their IT systems, there are specific cyber vulnerabilities that are becoming increasingly evident.

From third parties and human error, to state actors and proxy data, the points of vulnerability for healthcare organisations are growing, and shouldn't be ignored. It's crucial that these organisations review their current processes and procedures, engage in good training, and look at how they can better secure their data 🔒

✅This article is a must-read if you work in the healthcare sector: https://globaldatahub.taylorwessing.com/article/more-health-data-more-risk.

25/03/2022

A £98,000 fine?! 😵

This just goes to show that the ICO (the Information Commissioner's Office) DO NOT hesitate to impose swift financial penalties when organisations fail to properly secure their data!

I only hope cases like this encourage other organisations to put adequate cyber security and data protection measures in place to avoid suffering huge reputational and financial damage, which this organisation undoubtedly will.

Around 972,000 files were encrypted during the cyber-attack, with 60 bundles shared on the dark web.

23/02/2022

What comes to mind when you think about GDPR?🔒

Since 2018, when GDPR became enforceable in law, too many organisations heard only two things;
❗️“We need to put a Privacy Notice on our website”
and
❗️ “We need to go and get Consent from our clients to be able to talk with them”

3 years on, we all too often find Consent is overused as a lawful basis in many organisations and Privacy Notices remain too generic in nature - they should be more specific, reflecting the actual processing that affects the target Data Subjects.

An organisation that relies on generic Privacy Notices, and believes that they therefore have the appropriate lawful basis for processing personal data, are missing the fundamental requirements of GDPR🔒

So what does GDPR actually mean for your organisation? Through interactive training, our team can help strengthen the knowledge and understanding of your entire senior team on the principles of these regulations and give you the power to make good business decisions in this important area.

You'll learn that GDPR is so much more than Privacy Notices and asking for Consent💡

21/02/2022

Credit Suisse denies wrongdoing after big banking data leak

Data on more than 18,000 bank accounts, holding more than $100bn (£73.6bn), was leaked to German newspaper Süddeutsche Zeitung by a whistleblower. It includes personal, shared and corporate accounts, as well as those opened as far back as the 1940s.

Additionally, "they have found evidence Credit Suisse accounts had been used by clients involved in serious crimes such as money laundering or drug trafficking."

So controversial question... is this a positive data breach given the findings?

An investigation identifies thousands of foreign customers who stashed their money at the bank.

16/02/2022

What do charities, sports and healthcare organisations have in common?🤔

Besides providing care and supporting peoples’ wellbeing, these organisations can also be ‘data-complex’.

The data-complexity of an organisation can be distinguished by a number of factors;

🔒The number of Data Subjects (the people you collect and process data from).
🔒The type of Data Subjects (for example, collecting childrens’ data increases complexity).
🔒The amount of data you collect for each Data Subject.
🔒The type of data you collect (‘special category data’ including things like medical data and information about sex/sexual orientation or about disabilities, increases complexity).
🔒The means by which you collect and process data (on paper or electronically). The more sources of data you have, the more data-complex your organisation becomes.

Since charities, sports and healthcare organisations collect and process a variety of personal data (contact information, health records, financial information) from a range of different types of Data Subjects (volunteers, athletes, patients, children, members of staff, contractors etc), their level of complexity is increased.

Why does data-complexity matter? Some organisations are more data-complex than others, and as such, more resources and investment is required to become GDPR compliant. With the right skills and sector knowledge, it's possible to determine within a short period of time how complex an organisation is likely to be. Armed with this knowledge, organisations can plan their next steps accordingly.

We know data-complexity can sound, well, complex! But there is help available, specifically designed for your sector.

💡Get in touch to find out how Cybata can support your charity, sport or healthcare organisation: https://cybata.co.uk/contact/.