Dealing with data breaches to protect personal privacy
No. 11: Bringing you the news that matters in video privacy and security
A note from our Editor
Hi all,
This week's articles highlight the on-going fight to protect personal and sensitive data from breaches and exploitation. Google and Stanford have been analysing over 1bn malicious emails to evaluate why Gmail users get targeted so heavily by phishing scams, Minneapolis has added themselves to the growing number of countries and states that are banning facial recognition software, and Florida's water treatment facility was lucky to spot that it's industrial systems had been compromised by hackers before its water supply was poisoned.
The pandemic continues to raise wider technology concerns; the increased drive to digitise healthcare has spawned lots of new businesses, which are now coming under scrutiny for their data practices by the NHS, and other apps like the Lightshot screen sharing service have been shown to easily expose large volumes of personal data from their users by using predictable URL structures.
I have also included a link below to the latest advice from the EDPB (European Data Protection Board) for dealing with data breaches. As always, please let me know if you have any feedback on this newsletter or want to see any other topics covered.
Emma
News
NHS cannot trust most healthcare apps due to failure to meet their standards
As much as 80% of healthcare apps do not meet sufficient standards to cooperate with the NHS, according to a firm that represents several NHS trusts. This is reported to be because of insufficient awareness and upkeep of regulatory requirements, poor information and lack of security updates. Many tech companies are racing to leave a mark in the healthcare industry, but mistakes are still being made (Business Insider link).
Why are Gmail users the most targeted when it comes to malicious emails?
Research experts at Google and Stanford analysed more than 1.2 billion malicious emails for the likelihood of phishing and malware infiltrations. They cross-referenced them against demographic location, security reasons, prior attacks and device access, without compromising any personal data - instead of analysing individual data, they experimented with it as whole.
Minneapolis Police Department banned from using facial recognition software
Minneapolis joins the growing list of major cities that have banned facial recognition software use for their local police departments, including software by Clearview AI. The company sells access to facial images within a large database, many of which are scraped from social networks, to federal law enforcement, U.S. police departments and private companies. Clearview AI has also taken a hit in other countries, particularly Canada who have made all of its usage and practices illegal (IFSEC Global Link).
Even screenshots can leak your personal data
Skillbrains' app, Lightshot, has been in the spotlight for exposing personal data from its users. Millions of people who use the app to share their screenshots with friends and colleagues across social media platforms have been inadvertently making their personal information available online, through easily discoverable URLs.
Florida water supply under attack from hackers
A water treatment facility in Florida was remotely breached twice on the 5th February, after cyber criminals tried to poison the water supply by remotely increasing up the Sodium Hydroxide in the water supply. Daniel Kapellmann Zafra, manager of analysis at Mandiant Threat Intelligence, said that there has been a noticeable increase in cyber incidents by new hackers who wish to access and learn about industrial systems.
AI Snippet of the Week
Could existing drugs treat COVID? Apparently so, thanks to Machine Learning
"Making new drugs takes forever", and COVID-19 needs an effective and fast resolution to keep up with the rapid spread of the virus, particularly amongst the elderly. Repurposing existing drugs is a logical strategy, and Machine Learning could help speed up this process by identifying thousands of human differences within a large population quickly and cheaply.
Policy Updates
Practical Guidelines for Data breach reporting from the EU Data Protection Board
The European Data Protection Board (EDPB) is here to help when it comes to data breaches - they have issued practical and meticulous guidance on common security incidents to aid in the understanding of what a data breach is, and how to report it.
To subscribe to our fortnightly newsletter, please click here
Thanks for reading, if you have any suggestions for topics or content that you want to see covered in future please drop a note to: info@secureredact.co.uk