Safer Internet Day

By Myles Dacres

Next Tuesday is the 18th Safer Internet Day, a day which calls upon all stakeholders to join together to make the internet a safer and better place for all and especially for children and young people. At the very least, Safer Internet Day is a good hook on which to hang staff training and awareness.  Some may go further and run a host of activities throughout the week.

In the UK, the Safer Internet Centre focusses on internet safety for children and young people providing a range of resources and information for people aged from 3 to 19.  At the younger end of the spectrum, Smartie the Penguin gets a new tablet and runs into all sorts of bother, whilst at the older end, the emphasis is on handling inappropriate behaviour such as sexting.  A common theme across all of these resources is cyberbullying.  But the internet presents risks for people of all ages, young, old and those in between – both in the workplace and private lives.  Identity theft, online shopping fraud, phishing-style attacks, etc. etc. have the potential to affect all of us; employers, employees, and private individuals.

A week or so ago the French Data Protection Authority, the CNIL announced that it had fined a data controller and its data processor €150,000 and €75,000 respectively for inadequate security measures which left users of their online market place susceptible to personal data breaches through credential stuffing attacks – attacks when a malicious person uses lists of login credentials from previous attacks to access other websites.  This type of attack relies on the fact that website users often use the same password and username on different online services.  Users of the Chrome browser may have seen alerts popping up advising them that a particular user name and password combination is known in the public domain and available to attackers.  In credential stuffing attacks, the attacker uses computer programs to attempt multiple login requests across various sites for all the user name and password combinations on a particular list.  The message from the CNIL is clear – that controllers and processors are responsible for recognising this risk and mitigating against such attacks through multi-factor authentication for example when a website won’t accept a user name and password without another form of authentication such as an SMS code, a QR code reader or a YubiKey.

The Outsourced DPO remains staggered by the number of websites and online platforms that have terribly basic access controls.  Even platforms we’ve been reviewing in the PrivacyTech space have no email verification on sign-up and flaky-looking front-end security.

So, on Safer Internet Day, it would be useful to carve out some time to take stock of internet security risks for both staff and customers and to set in place a plan of action to upgrade anything that is not state-of-the-art.

In the recording above we discuss Safer Internet Day and how to promote the safe and positive use of digital technology within our organisations.

Philip Brining – Director (DPP), Oliver Rear – Support Desk Consultant and David Holmes – Senior Data Protection Consultant join together to discuss some of the topical issues in our first Lunchtime Takeaway Session of the month.

If you would like to join us on future sessions and tune-in live, contact [email protected]

For more information on Safer Internet Day visit https://www.saferinternetday.org/

Contact Us

Send us a Message









Data Protection Project
GDPR Gap Analysis/Audit/Review
Outsourced Privacy Officer/DPO
Support Desk
SAR Support
PCI DSS
ISO27001/27701
Cyber Maturity Assessment
NIS Regulations
Information Governance Documentation
DataWise System
Other

We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.


IMPORTANT INFORMATION

We have been advising those people who have contacted us that they should make a complaint to the Information Commissioner’s Office (ICO) using this link https://ico.org.uk/make-a-complaint/nuisance-calls-and-messages/spam-texts-and-nuisance-calls/.  It would be helpful to the ICO if you knew the number that called you, the date and time of the call and what the call seemed to be about.

You might also want to register your phone number with the telephone preference service (TPS), a national suppression service which should cut down calls of this nature as it is not lawful to make unsolicited direct marketing calls to numbers registered on the TPS.  You can register your number here https://www.tpsonline.org.uk/register.

We know that these kind of calls can be distressing and intrusive and you have our sympathy.  Please do not hesitate to contact us if you would like to discuss it with us otherwise we’d encourage you to report it to the ICO as notifying them of this kind of practice enables them to investigate and take enforcement action where necessary.  You can see the action that has been taken by the ICO here https://ico.org.uk/action-weve-taken/enforcement/.

Data Protection People Limited – March 2021