Cyber Bytes banner RPC law

Cyber Bytes - Issue 12

21 April 2020. Published by Richard Breavington, Partner and Christopher Ashton, Associate and Rachel Ford, Associate

Welcome to Cyber_Bytes, our bi-weekly roundup of key developments in cyber, tech and evolving risks.

ICO issues guidance on flexibility of its approach during COVID-19

Last week, the ICO published a document setting out its approach during COVID-19. The document should provide some comfort to businesses. It acknowledges that the current crisis may impact on the time taken to report personal data breaches to the ICO and that the ICO will take an empathetic and proportionate approach. The document also confirms that the ICO expects to conduct fewer investigations, focusing its attention on the more serious incidents, and that it will take into account whether an incident has arisen due to difficulties resulting from COVID-19 when deciding whether to take enforcement action.  

For the full published document, please click here.

ICO issues warning over COVID-19 nuisance marketing 

The ICO has issued a warning about businesses using COVID-19 to contact vulnerable people using nuisance calls, unsolicited emails and spam texts. The warning states that the ICO has seen an increase in complaints about nuisance marketing and confirms that the ICO is prioritising such cases. 

For full article, please click here.

Email security and cyber resilience

Mimecast has conducted a global survey to further understanding of the current most persuasive types of emails threats, how security professionals perceive them and what they are doing to combat them. Some interesting results of the survey are that of the businesses surveyed: 94% experienced phishing attacks; 54% experienced a ransomware attack; and 88% experienced email-based spoofing of business partners or vendors. 

To download the report published by Mimecast summarising the results, please click here.

Static passwords are a big cyber security risk

A report has indicated that cyberattacks are largely being carried out using weak, default or stolen log in credentials, with around 80 percent of security breaches involving compromised credentials in the last year. It is said that static passwords are no longer enough, since they lack the ability to verify whether the user accessing data is authentic or not. The report stresses that multi factor authentication is an important security tool, with the need to move away from static passwords. 

For the full article, please click here.

Zoom credentials database found on dark web

A database containing 2,300 Zoom video credentials have been located in a dark web forum. The credentials included a mixture of emails, passwords, meeting IDs, names, PIN codes and host keys. The risks with unauthorised third parties gaining access to these credentials is not just access to confidential meetings. In addition, social engineering could be attempted via Zoom. The development is one of the many impacts we are seeing whilst employees work from home and interact digitally. 

For the full article, please click here.

ICO's video conferencing guidance

The ICO has issued advice about how to safely roll out the latest video conferencing technology. The advice lists the key questions that businesses should ask when implementing video conferencing technology. It also references the risk of the 'live chat feature' in a video conference being used to spread phishing messages. 

For full article, please click here.

Cyber security in connected cars

Leading independent consumer body Which? has published a report indicating security flaws in Ford and Volkswagen cars, said to put motorists' personal data and safety at risk. The consumer body has raised concerns around the lack of regulation for tech in the motor industry, which it says has led to a lack of cyber security.

For the full article, please click here.