Business, Compliance, Cyber Security, Data Breach, Information Security, Risk Management, Security, Social Media

GDPR & Consent

GDPR and Consent (1)

The deadline for compliance with the General Data Protection Regulation (GDPR) is approaching fast: May 25th, 2018 is when enforcement will begin.

Be sure to read Centry’s GDPR Guide for a concise, easy-to-read breakdown of what GDPR is and important details of what you need to know about it.

For any questions or comments, feel free to contact us at info@centry.global or on any of our social media outlets. We’re here to help you!

 

Business, Data Breach, Information Security, Security

Orbitz Data Breach

pexels-photo-91217

If you made travel plans with Orbitz or Amex Travel between 2016 to 2017, you might want to keep a close eye on your card statements.

This week, the Expedia-owned travel planning company, Orbitz, announced that it had discovered a potential data breach that may have compromised information tied to 880,000 credit cards. Hackers may have been able to access consumer data submitted between Jan. 1, 2016 to June 22, 2016 on the company’s legacy platform.

Partner platform Amextravel.com was also affected, linked to purchases made between Jan. 1, 2016, and Dec. 22, 2017.

The compromised data includes names, dates of birth, postal and email addresses, gender, and payment card information of customers who submitted such information in those specified time periods. Orbitz stated that they do not yet have any “direct evidence” that this information was stolen, but it was certainly put at risk. The company has said that it has been notifying customers who may have been impacted by the breach, and it is offering a free year of credit monitoring to affected U.S. customers.

In a statement, Orbitz described working with a forensic investigation firm, cybersecurity experts, and law enforcement once the breach was discovered, on March 1st, in order to “eliminate and prevent unauthorized access to the platform.”

In the meantime, Orbitz has set up a website for US customers to find out more about the breach and whether their information may have been compromised. Individuals that enter their name and email address into the form requesting additional protection will be directed to a confirmation page and emailed a redemption code from orbitz@allclearid.com. Orbitz asserts that the AllClearID website will be the company’s primary platform for communication on the protective services they are offering.  

If you are worried about your information being compromised, ensure that you review payment card statements carefully and call your bank if there are any suspicious transactions. Similarly, be aware of phone calls or emails that offer identity theft protection – these may be phishing scams to steal your information while you’re vulnerable.

For more content like this, follow us on Twitter @CentryLTD!

Business, Compliance, Cyber Security, Data Breach, Geopolitics, Information Security, Risk Management, Security

The Question of Privacy in the Smart-Tech Life

pexels-photo-267394

Smart-technology, wearable or otherwise, is undoubtedly a luxurious convenience. With products ranging from Fitbit for keeping track of your health to voice-activated vehicle consoles to home improvement and more, the market for this tech is seemingly limitless.

So how does this compromise your privacy?

Josh Lifton, CEO of Crowd Supply, said in a TechRepublic article: “…we’re entering this world where everything is catalogued and everything is documented and companies and governments will be making decisions about you as an individual based on your data trail…”

The European Union answered this question by issuing the new General Data Protection Regulation (GDPR), which bolsters the rights of individual data privacy, ensuring people have the right to know how, when, and where their personal information is used.

While it might not always be a bad thing for organizations to collect information about you, it’s important that those details don’t fall into the wrong hands.

The main concern among security experts when it comes to smart devices like Amazon Echo and Google Home is the degree to which they’re listening. Obviously, they are listening for the voice-activated commands the user might say. But if you own Alexa and have ever had it interrupt you when you weren’t intentionally speaking to it, you might wonder about what else it’s listening to?

Recently, an array of Bluetooth flaws that affect Android, iOS, and Windows devices were discovered in millions of AI voice-activated assistants, including both the Amazon Echo and Google Home.

The Blueborne Exploit is the name that has been given to the attack that takes advantage of these vulnerabilities, allowing external entities to run malicious code, steal information, and otherwise assume control. What is more threatening about this is that it does not require targets to click any links or fall for any other phishing scams; it can just assume control. Moreso, once an attack seizes one bluetooth device on a network, they can infect any other devices on the same network.

While both companies have since released patches and issued automatic updates for their products, it certainly serves as a cautionary tale to be mindful of what you say and do around these devices.

Wearable smart watches like Fitbit and jogging apps on smartphones run into their own security issues, which readers may have observed recently in the news, after a heat map of jogging and cycling routes released by Strava identified dangerous details of US soldier in war zones in the Middle East.

Overall, as much as it can be a minor inconvenience to do so, it is important that users don’t blindly press ‘accept’ on privacy terms for these apps and gadgets, and instead take the time to review how their information is collected and used. Such insight could lead to foresight that would ensure turning the relevant devices off in situations where that is appropriate.

This article was written by Kristina Weber, Content Supervisor of Centry. For more content like this, follow @CentryLTD on Twitter!

Business, Cyber Security, Data Breach, Geopolitics, Information Security, Risk Management, Security

2018 World Economic Forum Highlights

davos_2018_2018125112752

Each year, world leaders, economic experts, industry leaders, celebrities, and other keynote speakers gather to meet in Davos, Switzerland for the annual World Economic Forum. The official program lasts for five days and features more than four hundred sessions, which center discussion around key issues of global relevance, such as globalization, markets, international conflict, environmental issues, etc.

As of today, January 26th, the 2018 forum just wrapped up.

With the immense volume of information, it can be difficult to get a handle on everything that was discussed. As such, we’ve put together some of the big bullet points here for your leisure:

  • India’s Prime Minister, Mr. Narendra Modi, listed his three greatest threats to civilization: terrorism, climate change, and reactionary backlash to globalization.
  • The German Chancellor, Ms. Angela Merkel, stated that global multilateralism has come under threat, as populist movements sweep through countries.
    • Upon this point, Mr. Emmanuel Macron, the President of France, voiced his enduring support for Europe, stating that France would not succeed without greater European success.
    • Although Brexit may come to mind on the point of Ms. Merkel’s statement of deteriorating multilateralism, the UK Prime Minister – Ms. Theresa May assured attendees of Davos that the United Kingdom would remain an advocate of global trade, with plans for bilateral deals with countries worldwide.
  • United States President, Mr. Donald Trump, discussed the state of the US economy, saying that “America First does not mean America alone,” in the context of the thought that as the United States grows, so too will the rest of the world.
  • Alibaba founder Jack Ma spoke about the IQ of love – a subject that we have discussed previously on Centry Blog.
  • The International Monetary Fund raised its forecasts for global crown in 2018 and 2019 to 3.9%, in the wake of the impact of the recent US tax reforms. These new estimates are 0.2 percentage points higher than the IMF’s previous projections in autumn of 2017.
  • Google CEO Sundar Pichai emphasized the importance of artificial intelligence, saying that despite the risks, the potential benefits of it could not be overlooked.
  • China’s three big movements for the future, as outlined by Mr. Liu He, will be: alleviating poverty, preventing major financial risks, and reducing pollution.

In light of the Davos forum, the WEF released this year’s risk report, outlining ten significant risks in terms of likelihood and impact. See Figure 1 below.

2018-01-24-124041378-Top-ten-risks
Figure 1. WEF 2018 Risk Report

It should be noted that within the top 5, just behind natural disasters, the threat of cyberattacks and data breaches pose a remarkable risk to individuals and organizations worldwide. For an additional perspective on the landscape of geopolitics on the cyber field, be sure to read our article on how Cyber is the New Cold War, written by Centry CTO Dave Ehman.

For more content like this, follow @CentryLTD and @CentryCyber on Twitter!