remote work

The world’s second-biggest fashion retailer was today handed a monumental fine for violating the European Union’s General Data Protection Regulation (GDPR).

A German subsidiary of Hennes & Mauritz AB (H&M) was fined €35,258,707.95 by regulatory body the Hamburg Data Protection Authority (HmbBfDI) for excessive use of employee data. H&M employs around 126,000 people globally.

The fine imposed on H&M Hennes & Mauritz Online Shop A.B. & Co KG is the largest to be levied so far against a company for GDPR violations involving how employee data is handled.

“We are likely to see more pressure on employers to justify the handling of employee data as a result of today’s fine,” commented Jonathan Armstrong, partner at Cordery Legal Compliance.

HmbBfDI launched an investigation into H&M’s Service Center in Nuremberg after a 2019 data breach caused by a configuration error revealed how much data H&M Germany was collecting about the private lives of its employees.

The authority found that since at least 2014, H&M had been collecting and storing on its company network copious amounts of data concerning their employees’ holiday experiences, family issues, religious beliefs, and symptoms of illness and diagnoses.

The data was collected during one-to-one conversations between employees and their supervisors and during “welcome back talks” held between employees and team leaders after an absence from work. Some of the data was accessible by up to 50 other managers.

After evaluating 60GB of H&M data and reviewing witness evidence and the company’s internal procedures, HmbBfDI ruled that “the combination of collecting details about their private lives and the recording of their activities led to a particularly intensive encroachment on employees’ civil rights.”

H&M subsequently apologized to its employees. Today the company confirmed that financial compensation would be given to everyone employed at the impacted entity since May 2018, when GDPR became law.

News of the financial penalty comes as the Swedish multinational clothing company announced plans to close 250 of its stores globally. The company said the closures, scheduled to take place in 2021, are driven by customers’ showing a marked preference for shopping online.

The firm has 5,000 stores worldwide, 166 of which are currently closed due to restrictions put in place to slow the spread of COVID-19.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

 

News Source: https://www.infosecurity-magazine.com/

remote work

Microsoft’s Teams had a very busy September adding a host of new features. Now, the firm is looking to improve the performance of its Teams service as it continues in the battle to beat Zoom in the video conferencing space.

In an update detailing the features added in September, Microsoft explained how it was trying to improve Teams’ performance as a large proportion of the workforce continues to work from home.

Microsoft says it’s working to ensure businesses and schools “have a high-performance experience that scales across their devices and levels of internet connectivity.”

 

Performance improvements in Teams 

For times when there is limited network connectivity, Microsoft is working on enabling offline support in Teams so users can write messages offline and these can be automatically sent when connectivity is re-established. It’s already possible to run the desktop client on Windows and macOS in environments with limited bandwidth or without a network connection.

Meanwhile, Microsoft says it has boosted Teams’ desktop launch time on Windows and macOS by up to 30% and is making changes to video rendering. At the same time, Microsoft is optimizing battery life for Teams iOS users in a move aimed to help support Firstline Workers and those away from their desktops throughout the day. In addition, Microsoft says it’s optimizing the Android Teams app for low bandwidth environments.

New features to beat Zoom

The improvements to performance come hot on the heels of some major Teams feature updates during September as Microsoft looks to leapfrog Zoom in the videoconferencing space. For example, Teams Together Mode has seen the addition of Scenes, which will enable work colleagues to meet in a variety of settings including coffee shops, auditoriums and conference rooms.

This month, Microsoft Teams will launch breakout rooms allowing people to break off into smaller groups during a meeting or conference.

Other Teams features to rival Zoom include improvements to Teams on both iPhones and Android smartphones and the ability to see up to 49 participants on a call. In order to take advantage of this new view, Microsoft says users will need to turn on the multi-window meeting experience.

A lot of these capabilities are already available in Zoom, but Microsoft has integrated Teams features into the rest of its offerings.

For example, the new Advanced Communications offering really takes advantage of the IT giant’s other services, and it’s also announced more Microsoft 365 integrations coming soon.

Zoom lacks that integration, plus a lot of people still have concerns over its security—despite its best efforts to improve.

As well as these exciting new features, the Teams improvements will certainly be welcome, since some users have complained about performance issues when using the video conferencing service. If Microsoft can combine solid performance with a feature rich and integrated service, Teams has a serious chance of beating Zoom.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

 

News Source: https://www.forbes.com/

remote work

Ransomware gangs are performing wide-ranging internet scans to find vulnerable systems and then accelerating attacks to just minutes to capitalize on COVID-19, Microsoft has warned.

Corporate VP of customer security and trust, Tom Burt, revealed the findings in a blog post introducing the firm’s Digital Defense Report yesterday.

He claimed that threat actors have “rapidly increased sophistication” over the past year, with ransomware the number one reason for Microsoft incident response between October 2019 and July 2020.

“Attackers have exploited the COVID-19 crisis to reduce their dwell time within a victim’s system — compromising, exfiltrating data and, in some cases, ransoming quickly — apparently believing that there would be an increased willingness to pay as a result of the outbreak. In some instances, cyber-criminals went from initial entry to ransoming the entire network in under 45 minutes,” Burt explained.

“At the same time, we also see that human-operated ransomware gangs are performing massive, wide-ranging sweeps of the internet, searching for vulnerable entry points, as they ‘bank’ access – waiting for a time that is advantageous to their purpose.”

Attackers have also become more sophisticated in performing reconnaissance on high-value targets, so that they appear to know when certain factors like holidays will reduce the victim organization’s chances of patching, or otherwise hardening their networks.

They’re also aware of how billing cycles operate in certain industries, and thus when specific targets may be more willing to pay, Burt claimed.

In total, Microsoft blocked over 13 billion malicious and suspicious emails in 2019, over one billion of which contained phishing URLs. Phishing now comprises over 70% of attacks, although the volume of COVID-related threats has dropped significantly from a peak in March, it said.

This isn’t the only threat to home workers: Microsoft said it also saw an increase in brute force attacks on enterprise accounts in the first half of the year and urged widespread use of multi-factor authentication (MFA).

Burt said nation-state actors have also been changing their tactics of late, shifting targets to healthcare providers and vaccine researchers, public policy think tanks and NGOs. Although each group has their preferred techniques, reconnaissance, credential harvesting, malware and virtual private network (VPN) exploits were most common over the past year, said Burt.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

 

News Source: https://www.infosecurity-magazine.com/

remote work

The way cybersecurity awareness training is conducted in organizations has a huge bearing on employees’ subsequent security outlook and behaviours, according to a new report from Osterman Research.

The researchers discovered that users who found security training “very interesting” were over 13-times more likely to make “fundamental changes” to how they think about security compared to those who considered the training “boring.”

The survey of 1000 US everyday employees, IT managers and decision-makers also found that the quantity of security awareness training given makes a major difference, with the ability of staff to spot and deal with security threats such as phishing and business email compromise improving as more training is provided.

Encouragingly, it appears as though organizations are set to place much greater emphasis on security awareness training going forward, with around 45% of employees surveyed expecting to spend 15 minutes or more per month in training by mid-2021, a substantial rise from 26% in 2020. In addition, this type of training was regarded as just as important as technology in dealing with security threats by respondents.

Despite this, the authors said that although organizations generally want to establish a strong cybersecurity culture, IT, security and business leaders are not effectively conveying that idea to a large proportion of their employees, with senior IT and business management much more enthusiastic about security awareness training than non-management employees.

Overall, the report noted that “security and IT leaders, their staff members, and business leaders are largely onboard with the idea that developing a strong cybersecurity culture is important; everyday employees, however, are much less convinced about the importance of doing so, indicating that the goal of developing a robust security culture has not yet been achieved in most organizations.”

Lisa Plaggemier, chief strategist at MediaPRO, which co-sponsored the research, added: “Security awareness training doesn’t do anyone any good if they sleep through it. You can deliver the best security advice in the world, but if no one is listening, you might as well be talking to a brick wall.

“Good security awareness training should get and keep your attention. That’s what it means to be engaging.”

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

 

News Source: https://www.infosecurity-magazine.com/

remote work

IT leaders have suffered significantly higher numbers of data breaches as a result of outbound email in the last 12 months.

According to research by Egress, 93% of 538 IT leaders surveyed reported a breach in the past year due to an email error, with 70% of those believing remote working increases the risk of sensitive data being put at risk from outbound email data breaches.

Egress CEO Tony Pepper said the problem is only going to get worse with increased remote working and higher email volumes, which create prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle.

“Instead, organizations need intelligent technologies, like machine learning, to create a contextual understanding of individual users that spots errors such as wrong recipients, incorrect file attachments or responses to phishing emails, and alerts the user before they make a mistake,” he said.

The most common breach types were replying to spear-phishing emails (80%), emails sent to the wrong recipients (80%) and sending the incorrect file attachment (80%).

Speaking to Infosecurity, Egress VP of corporate marketing Dan Hoy, said businesses reported an increase in outbound emails since lockdown, “and more emails mean more risk.” He called this a numbers game which has increased risk as remote workers are more susceptible and likely to make mistakes the more they are removed from security and IT teams.

According to the research, 76% of breaches were caused by “intentional exfiltration.” Hoy confirmed this is a combination of employees innocently trying to do their job and not cause harm by sending files to webmail accounts, but this does increase risk “and you cannot ignore the malicious intent.”

This is where better technology could better resolve the problem, he said, as current technology (such as static rule-based data loss prevention) does not catch these issues and problems increase. “Technology needs to shoulder more of the burden,” Hoy added

Furthermore, almost two-thirds (62%) of businesses rely on people to identify outbound email data breaches, whilst 24% of IT leaders said the employee who sent the email would disclose their error. In terms of action taken, 46% of respondents said the employee who caused a breach was given a formal warning, while legal action was taken in 28% of cases. In 27% of serious breach cases, respondents said the employee responsible was fired.

Hoy pointed to the 62% statistic and the fact that we are “still reliant on people to self-report incidents” and called outbound email errors combined with remote workers as a “perfect storm.” Regarding employees being reprimanded, he said it is an interesting debate as to where responsibility lies.

Pepper said: “Relying on tired, stressed employees to notice a mistake and then report themselves or a colleague when a breach happens is unrealistic, especially given the repercussions they will face. With all the factors at play in people-led data breach reporting, we often find organizations are experiencing 10-times the number of incidents than they are aware of.

“It’s imperative that we build a culture where workers are supported and protected against outbound email breach risk with technology that adapts to the pressures they face and stops them from making simple mistakes in the first place. As workers get used to more regular remote working and reliance on email continues to grow, organizations need to step up to safeguard both employees and data from rising breach risks.”

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

remote work

A large proportion of employees are using their own devices to access data belonging to their company, according to a new study by Trend Micro.

Researchers found that 39% of workers use personal smartphones, tablets, and laptops to access corporate data, often via services and applications hosted in the cloud.

The Head in the Clouds study, which surveyed more than 13,000 remote workers globally, found that many of the personal devices used to access company data were not as secure as their corporate equivalents.

A further finding of the study was that more than half (52%) of global remote workers have IoT devices connected to their home network, with 10% using lesser-known brands.

Since home networks typically offer security protection that is inferior to that which a business can afford to implement, researchers expressed concern that attackers could access home networks, then use unprotected personal devices as a stepping stone into the corporate networks they’re connected to.

Getting access to personal devices may not present much of a challenge to threat actors, given that over one-third (36%) of remote workers surveyed did not have basic password protection on all personal devices.

“The fact that so many remote workers use personal devices for accessing corporate data and services suggests that there may be a lack of awareness about the security risks associated with this,” commented cyberpsychology expert Dr. Linda K. Kaye.

“Tailored cybersecurity training which recognizes the diversity of different users and their levels of awareness and attitudes around risks would be beneficial to help mitigate any security threats which may derive from these issues.”

The research also revealed that 70% of global remote workers connect corporate laptops to the home network, opening up the possibility for malware infections to be brought from the home into the office.

“IoT has empowered simple devices with computing and connectivity, but not necessarily adequate security capabilities,” said Bharat Mistry, principal security strategist at Trend Micro.

“This threat is amplified as an age of mass remote work blurs the lines between private and company devices, putting both personal and business data in the firing line.”

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

remote work

The COVID-19 pandemic – and the lockdowns that followed last spring – wrought changes across IT operations and strategy as businesses and employees adjusted to a new environment. But what changes were made, and which ones are likely to last?

Spiceworks Ziff Davis, a B2B tech marketplace, polled 1,073 IT buyers in North America and Europe in June and July 2020 to find out. The results in its 2021 State of IT report, released today, show that the pandemic-fueled transformation will continue, affecting both planning and budgets for the long term.

The survey shows that 76% of businesses envision long-term IT changes, with more than half planning to retain flexible work policies (such as remote work); 64% of companies enabled remote work in 2020 due to the pandemic.

 

How IT budgets will change

IT budgets at 46% of companies are expected to remain flat in 2021, while 33% expect to increase spending and 17% expect budget declines – essentially double the 8% who had expected budgets to decline this year when surveyed in 2019. (The remaining 4% did not know if their budgets would change in 2021.) Overall, budgets are expected to decline, with the size of the cuts surpassing spending increases by 33%.

European and North America firms had the same percentage expecting increases (33%), but North American firms were more likely to expect declines than European ones, 21% vs. 12%. The largest companies were more likely to expect budget cuts (24%) and less likely to expect increases (28%) than the average.

Hardware spending will remain the biggest component of IT budgets but will decline as part of a shift from the data center to the cloud and managed services. Hardware spending was already dropping, from 35% in 2019 to an expected 31% in 2021. Cloud and hosted services’ share of IT budgets are moving in the opposite direction, from 21% last year to an expected 24% in 2021. Software budgets are expected to stay flat at 29% compared to 2020. Enterprises will spend more on cloud (27%) than the average, and less on hardware (25%) and software (26%) than the average.

The top areas of investment will be in bread-and-butter IT areas, essentially modernizing work processes. For example, 36% plan to improve IT operations and systems performance; 33% expect to improve security and governance; 32% plan to deploy standardized tools to connect employees; 30% plan to provide training aids to remote employees; and 27% want to refine their disaster recovery plans to accommodate additional scenarios.

Investments in emerging and cutting-edge technologies will drop significantly, as the focus changes to more immediate, proven needs. Efforts on digital transformation will increase at 44% of firms, but “digital transformation” in this context means adopting digital technologies for highly analog processes – adopting proven technology systems– not bringing in cutting-edge innovations.

The technology innovation trends that IT buyers do expect to adopt are mainly long-standing ones:

A third of planned increases in 2021 IT budgets are influenced by the pandemic, particularly involving communications tools, infrastructure, and security. For companies expecting to increase budgets, upgrading outdated IT infrastructure, getting IT projects done more quickly, addressing security concerns, addressing changes brought by the pandemic, and supporting remote work are major drivers for 2021.

 

How IT’s focus shifted as the pandemic unfolded

In March 2020, during the height of the adjustments required as COVID-19 related lockdowns became common, these tech areas got more attention from IT buyers: video conferencing, VDI, firewalls, network monitoring, communications systems, and collaboration tools.

And in May and June, a holding pattern developed, with no new strong drivers of IT attention.

The focus shifted dramatically to security by June, after the initial efforts to respond to the crisis were in place. Endpoint device security is the top security-related concern for remote-work efforts, cited by 55% of respondents.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

News Source: https://www.computerworld.com/

logo

Today story can be said is the most astonishing and remarkable but ultimately foolish way you will ever heard of saving money on IT. A hint before you go on – it involves millions of dollars and a $10 router.

Read more

If you are still using QuickTime on your Windows, it is recommended you uninstalled them and switch to another player as soon as you can. Even the US government has issued a warning for all users to uninstall it from their Windows based computer.

Read more

An exploit for a recently patched Adobe Flash Player vulnerability has been added to the Angler exploit kit and it has been used by cybercriminals to deliver the file-encrypting ransomware known as TeslaCrypt.

The French security researcher who uses the online moniker “Kafeine” reported last week that an exploit for a Flash Player heap buffer overflow vulnerability (CVE-2015-8446) patched by Adobe on December 8 had been added to Angler. This flaw, reported by an anonymous researcher via the Zero Day Initiative (ZDI), was one of the 77 security issues resolved by Adobe with the release of Flash Player 20.0.0.228 and 20.0.0.235.

Read more