What to Pack in a Grab-Bag

One of the ways that you can prepare yourself for an emergency is to stock a grab-bag. That is, a bag containing a handful of supplies that could make all the difference in recovering after an emergency, whether it’s a natural disaster or hostile threat.  The idea is that you need only to take this single bag with you as you respond to a crisis, ensuring that you have what you need for immediate survival following the contingency.

The exact necessities that you pack will be impacted by your geographical location and the regional-specific risks therein, but here are a few ideas to get you started:

Information & Documentation

This should include your passport and/or visa, and any other important documents related to your identity. This is especially important if you are travelling abroad, particularly if the contingency requires you to leave the country. Even if it is for a home-emergency, being able to have at least a couple identifying documents will assist you in the recovery of other important documents after the fact.

Food & Water

A stock of high energy, non-perishable food items and as much water as you can feasibly carry.

Communications

A spare mobile phone with a charger.

Health & Safety

Basic first aid kit and any essential medications that you may require day-to-day.

Other

Some other items to include in your grab bag are money, a change of clothing, candles, matches, a flashlight/torch, and spare batteries.

Keep in mind that the general advised contents of this grab bag address the needs of the average individual whether they are at home or traveling. Family and/or group kits will vary, especially if there are pets involved. 

If you have any questions or would like expanded detail of this, please don’t hesitate to contact us at info@centry.global! Remember to subscribe for weekly updates on Centry Blog, and follow us on Twitter @CentryLTD for more content like this.

GDPR & Consent

GDPR and Consent (1)

The deadline for compliance with the General Data Protection Regulation (GDPR) is approaching fast: May 25th, 2018 is when enforcement will begin.

Be sure to read Centry’s GDPR Guide for a concise, easy-to-read breakdown of what GDPR is and important details of what you need to know about it.

For any questions or comments, feel free to contact us at info@centry.global or on any of our social media outlets. We’re here to help you!

 

Orbitz Data Breach

pexels-photo-91217

If you made travel plans with Orbitz or Amex Travel between 2016 to 2017, you might want to keep a close eye on your card statements.

This week, the Expedia-owned travel planning company, Orbitz, announced that it had discovered a potential data breach that may have compromised information tied to 880,000 credit cards. Hackers may have been able to access consumer data submitted between Jan. 1, 2016 to June 22, 2016 on the company’s legacy platform.

Partner platform Amextravel.com was also affected, linked to purchases made between Jan. 1, 2016, and Dec. 22, 2017.

The compromised data includes names, dates of birth, postal and email addresses, gender, and payment card information of customers who submitted such information in those specified time periods. Orbitz stated that they do not yet have any “direct evidence” that this information was stolen, but it was certainly put at risk. The company has said that it has been notifying customers who may have been impacted by the breach, and it is offering a free year of credit monitoring to affected U.S. customers.

In a statement, Orbitz described working with a forensic investigation firm, cybersecurity experts, and law enforcement once the breach was discovered, on March 1st, in order to “eliminate and prevent unauthorized access to the platform.”

In the meantime, Orbitz has set up a website for US customers to find out more about the breach and whether their information may have been compromised. Individuals that enter their name and email address into the form requesting additional protection will be directed to a confirmation page and emailed a redemption code from orbitz@allclearid.com. Orbitz asserts that the AllClearID website will be the company’s primary platform for communication on the protective services they are offering.  

If you are worried about your information being compromised, ensure that you review payment card statements carefully and call your bank if there are any suspicious transactions. Similarly, be aware of phone calls or emails that offer identity theft protection – these may be phishing scams to steal your information while you’re vulnerable.

For more content like this, follow us on Twitter @CentryLTD!

A Closer Look: Revived Corruption Charges Against Zuma

In a televised address, Mr. Shaun Abrahams, the national director of public prosecutions at the National Prosecuting Authority (NPA) in South Africa, announced that he would be reviving 16 charges against the former South African President, Mr. Jacob Zuma. These include 12 charges of fraud, one of racketeering, two of corruption, and one for money laundering.

jacob-zuma-4-620x434

The charges are related to an incident in the late 1990s, when Mr. Zuma allegedly accepted bribes during a $2.5 billion arms deal between the government and a French weapons supplier. He was indicted at the end of 2007 on a range of charges associated with the deal, but the NPA dropped them in 2009, thus clearing Mr. Zuma’s path to the presidency. Then, in Autumn 2017, while Mr. Zuma was still in office, South Africa’s Supreme Court of Appeal upheld a ruling to reinstate the charges, and condemned the 2009 decision to drop them.

In 2014, Mr. Zuma was accused of using tax payer money to pay for upgrades to his rural residence, including a swimming pool, amphitheatre, and cattle pen.

Mr. Zuma resigned from his post in February under considerable pressure from the ruling African National Congress (ANC) party. The ANC has since affirmed its confidence in the country’s criminal justice system, and cautioned that Mr. Zuma has the right to be presumed innocent until and if proven guilty.

Mr. Abrahams said that there are “reasonable prospects of successful prosecution of Mr. Zuma on the charges listed in the indictment.”

This is but the latest in a series of reckonings against corruption in South Africa. Other avenues have included an impending judicial commission of inquiry into state capture. Implications in a 2016 watchdog report alleged that the Gupta family, billionaire friends of Mr. Zuma, used connections to him to win state contracts and influence cabinet appointments. State capture refers to a type of systemic political corruption, in which private interests significantly influence a state’s decision-making processes.

Additionally, there are at least three separate parliamentary inquiries into corruption at state-owned enterprises ongoing in Parliament. A spokesperson for the NPA said there are hundreds of files related to state capture across state-owned enterprises and provincial governments– asset forfeiture will be primarily used as the first step toward addressing corruption across the public sector.

Further reading on red flags associated with state-owned enterprises may be found here on Centry Blog.  

For more content like this, follow @CentryLTD on Twitter! If you have any questions or comments, feel free to reach us on any of our social media platforms.

The Question of Privacy in the Smart-Tech Life

pexels-photo-267394

Smart-technology, wearable or otherwise, is undoubtedly a luxurious convenience. With products ranging from Fitbit for keeping track of your health to voice-activated vehicle consoles to home improvement and more, the market for this tech is seemingly limitless.

So how does this compromise your privacy?

Josh Lifton, CEO of Crowd Supply, said in a TechRepublic article: “…we’re entering this world where everything is catalogued and everything is documented and companies and governments will be making decisions about you as an individual based on your data trail…”

The European Union answered this question by issuing the new General Data Protection Regulation (GDPR), which bolsters the rights of individual data privacy, ensuring people have the right to know how, when, and where their personal information is used.

While it might not always be a bad thing for organizations to collect information about you, it’s important that those details don’t fall into the wrong hands.

The main concern among security experts when it comes to smart devices like Amazon Echo and Google Home is the degree to which they’re listening. Obviously, they are listening for the voice-activated commands the user might say. But if you own Alexa and have ever had it interrupt you when you weren’t intentionally speaking to it, you might wonder about what else it’s listening to?

Recently, an array of Bluetooth flaws that affect Android, iOS, and Windows devices were discovered in millions of AI voice-activated assistants, including both the Amazon Echo and Google Home.

The Blueborne Exploit is the name that has been given to the attack that takes advantage of these vulnerabilities, allowing external entities to run malicious code, steal information, and otherwise assume control. What is more threatening about this is that it does not require targets to click any links or fall for any other phishing scams; it can just assume control. Moreso, once an attack seizes one bluetooth device on a network, they can infect any other devices on the same network.

While both companies have since released patches and issued automatic updates for their products, it certainly serves as a cautionary tale to be mindful of what you say and do around these devices.

Wearable smart watches like Fitbit and jogging apps on smartphones run into their own security issues, which readers may have observed recently in the news, after a heat map of jogging and cycling routes released by Strava identified dangerous details of US soldier in war zones in the Middle East.

Overall, as much as it can be a minor inconvenience to do so, it is important that users don’t blindly press ‘accept’ on privacy terms for these apps and gadgets, and instead take the time to review how their information is collected and used. Such insight could lead to foresight that would ensure turning the relevant devices off in situations where that is appropriate.

This article was written by Kristina Weber, Content Supervisor of Centry. For more content like this, follow @CentryLTD on Twitter!

2018 World Economic Forum Highlights

davos_2018_2018125112752

Each year, world leaders, economic experts, industry leaders, celebrities, and other keynote speakers gather to meet in Davos, Switzerland for the annual World Economic Forum. The official program lasts for five days and features more than four hundred sessions, which center discussion around key issues of global relevance, such as globalization, markets, international conflict, environmental issues, etc.

As of today, January 26th, the 2018 forum just wrapped up.

With the immense volume of information, it can be difficult to get a handle on everything that was discussed. As such, we’ve put together some of the big bullet points here for your leisure:

  • India’s Prime Minister, Mr. Narendra Modi, listed his three greatest threats to civilization: terrorism, climate change, and reactionary backlash to globalization.
  • The German Chancellor, Ms. Angela Merkel, stated that global multilateralism has come under threat, as populist movements sweep through countries.
    • Upon this point, Mr. Emmanuel Macron, the President of France, voiced his enduring support for Europe, stating that France would not succeed without greater European success.
    • Although Brexit may come to mind on the point of Ms. Merkel’s statement of deteriorating multilateralism, the UK Prime Minister – Ms. Theresa May assured attendees of Davos that the United Kingdom would remain an advocate of global trade, with plans for bilateral deals with countries worldwide.
  • United States President, Mr. Donald Trump, discussed the state of the US economy, saying that “America First does not mean America alone,” in the context of the thought that as the United States grows, so too will the rest of the world.
  • Alibaba founder Jack Ma spoke about the IQ of love – a subject that we have discussed previously on Centry Blog.
  • The International Monetary Fund raised its forecasts for global crown in 2018 and 2019 to 3.9%, in the wake of the impact of the recent US tax reforms. These new estimates are 0.2 percentage points higher than the IMF’s previous projections in autumn of 2017.
  • Google CEO Sundar Pichai emphasized the importance of artificial intelligence, saying that despite the risks, the potential benefits of it could not be overlooked.
  • China’s three big movements for the future, as outlined by Mr. Liu He, will be: alleviating poverty, preventing major financial risks, and reducing pollution.

In light of the Davos forum, the WEF released this year’s risk report, outlining ten significant risks in terms of likelihood and impact. See Figure 1 below.

It should be noted that within the top 5, just behind natural disasters, the threat of cyberattacks and data breaches pose a remarkable risk to individuals and organizations worldwide. For an additional perspective on the landscape of geopolitics on the cyber field, be sure to read our article on how Cyber is the New Cold War, written by Centry CTO Dave Ehman.

For more content like this, follow @CentryLTD and @CentryCyber on Twitter!

Centry’s GDPR Guide

europe-3220208_960_720

What is GDPR?

The General Data Protection Regulation (GDPR) is a broad set of rights and principles, enacted into law by the European Union to ensure the protection and use of personal data pertaining to EU residents. These regulations are extensive, featuring 173 recitals, 99 articles, and 160 pages, and they will be enforced with teeth.

When will it be implemented?

The EU enacted GDPR on May 24th, 2016 and enforcement of it will begin on May 25th, 2018. Companies that are not compliant with the regulations by May 25th, 2018, and experience a breach of personal data, can expect to face steep fines, i.e. up to 4% of global revenue or 20 million Euro (whichever is higher)!

What does it affect?

  • Any organization that stores or processes personal information about EU subjects, including non-EU entities.
  • Any company that has a presence in an EU country, either by offering goods and services to or monitoring the behaviour of EU citizens.
  • If a company does not have a physical presence in the EU, but processes the data of EU subjects, it will still be subject to GDPR.
  • Large companies
  • Small-medium enterprises are affected if they conduct data processing that impacts the rights and freedoms of data subjects, or if it includes non-occasional sensitive personal data.

Data, Processes, & People

Data refers to any information that your business uses, processes, stores, or needs. Some things you would expect to see on this list are:

  • Customer data
  • Employee information (current & former)
  • Orders
  • Inventory
  • Financial Information
  • Documentation

But there are other things that you may not expect to qualify, such as: vendor lists, certifications, access to resources and credentials, physical access, unstructured [big] data, logs, etc.

Personal data includes any information relating to an identified or identifiable natural person. An identifiable person is one whose identity can be determined either directly or indirectly by reference to an identifier. Keep in mind there is a difference between personal data and sensitive personal data, where the latter corresponds to anything relevant to religious beliefs, sexuality, etc.  Sensitive personal data is protected to higher standards, and breaches are subject to larger penalties.

Processes refer to those that are critical to the business, such as:

  • Customer communications
  • Metrics
  • Relationships
  • Reputation
  • Social Media
  • Supply Chain & Materials
  • Industrial Controls
  • Power/Cooling
  • Physical Access & Trade Secrets

Finally, consider the people who are responsible for business operations, and what they have access to. For example, evaluate the following:

  • Current and former employees
  • Executives
  • Contractors
  • Partners
  • Suppliers
  • Customers and Potential Customers
  • Other

What are the goals of GDPR?

GDPR asserts that the protection of data privacy is a fundamental right. These regulations will give control back to the citizens and residents of the EU over their personal data. Furthermore, they will simplify the regulatory environment for international business, by unifying regulations across the EU.

Key Elements

  • Transparency for data subjects – meaning the people whose data is collected should be able to find out what the data is collected for, its purpose, who has access to the data, and how long the data lives in the system. Furthermore, they should be able to verify, correct, export, move, and erase their data as easily as it was provided in the first place.
  • Privacy by design, which minimizes data collection and retention, whilst gaining consent from customers.
    • This includes having a valid basis for processing personal data – it should answer the question of why the data is being processed, and what right does the company have.
    • Consent must be clear, precise, and understandable. It cannot be pre-set. It should also be just as easy to cancel the consent as it was to grant it to begin with.
  • Data Protection Impact Assessments (DPIA)
    • For certain data, companies will have to evaluate the risks to privacy (in advance).
  • Right to erasure and to be forgotten
    • Citizens have the right to request that companies erase personal data and inform them how long they will store the data.
  • Extraterritoriality – GDPR applies even if a company does not have a physical presence in the EU, but collects data about EU subjects.
  • Breach notification requirements to both data authorities and persons affect
  • Steep fines for non-compliance

Centry can help!

For any questions or comments, contact us at info@centry.global or @CentryCyber on Twitter!

This article was written by Dave Ehman and Kristina Weber of Centry LTD.