The debate into leaving backdoors in all forms of digital communications took another twist this week, surprisingly in favour of the individual.
As reported by the BBC the European Parliament committee is proposing that end-to-end encryption be enforced. This would be used to protect sensitive personal data from hacking and government surveillance.
This of course goes against some of the language recently used by the UK Conservative Party during their recent election campaign where they sated that tech firms should provide the authorities “access to information as required”, but added that they didn’t wish to weaken encryption.
With Brexit negotiations underway and considering that this is just a proposal at the EU level I would confidently predict that we will not see this implemented in the UK, leaving the government to set their own policy. Cyber security experts have said that If they fulfil their election pledge overall it would be worse for individual’s computer security.
We will continue to watch with interest on how this story continues to evolve.
Employees are a company’s greatest asset, but also its greatest security risk, stated TechRepublic, as they listed out ten ways to get people to care about cybersecurity.
It’s widely known that individuals are the largest security vulnerability in a business, either at a malicious or accidental level, yet to date many still see it as the responsibility of their IT department, as opposed to their own.
Within this list were such suggestions as “Awareness training when taking on new employees”, “Create cybersecurity culture advocates” and to “Offer continuous training”, all of which are solid, well considered and valuable advice. It was the one at the end of that list that particularly caught my eye – “Reward Employees”.
They sensibly suggest that any employee who discoverers and mitigates a cyber threat should receive some form of acknowledgement. They stopped short at making suggestions but it wouldn’t be too difficult for a company to determine a suitable reward for the eagle-eyed office worker who prevented a malware attack taking hold. I personally prefer this ‘carrot’ approach to cyber security as opposed the more prevalent ‘stick’.
If you do a quick web search on GDPR, the forthcoming new legislation on data protection, many articles will be focusing on how the clock is ticking louder and louder as we approach the May 2018 deadline of it coming into force. But Forbes magazine decided to take a slightly different approach.
They talked at length how although meeting the requirements for GDPR is an undoubted challenge, there are also many opportunities to uncovered. They also point out how it will assist in the reduction of the so called ‘insider threat’, where an employee purposefully disrupts a business’s data, and also how the path of data can also be tracked and traced, leading to greater visibility and governance.
Their biggest highlighted opportunity of GDPR compliance was ‘customers’ and how as hacks, breaches and cybercrime become almost common that customers will begin to lose patience with businesses who do not protect their data. They go as far to suggest that they may even punish companies that break their trust, whether that be via lawsuits or lost sales.
But can GDPR be ‘guaranteed’ if there are known backdoors in products and services? Time will tell.
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.