How to Prevent a Cyber ‘Meltdown’

Cyber-security researchers recently announced the discovery of two major security flaws that could allow hackers to bypass regular security measures and obtain normally inaccessible data. They’re called Meltdown and Spectre, and they’re both caused by design flaws found in nearly all modern processors. Hackers can exploit these vulnerabilities to access all of the data found in personal computers, servers, cloud computing services and mobile devices.

As Meltdown and Spectre are both caused by design flaws, experts believe that they will be harder to fix than traditional security exploits. Additionally, software patches that have already been released to help address the vulnerabilities can cause computer systems to slow down significantly, which may impact their ability to perform regular tasks. Here are some key details about each flaw:

  • Meltdown: This flaw can be used to break down the security barriers between a device’s applications and operating system in order to access the device’s data.
  • Spectre: This flaw can be used to break down the security barriers between a device’s different applications and access sensitive data like passwords, photos and documents—even if those applications adhere to regular security checks.

When Meltdown and Spectre were originally discovered in 2017, researchers immediately reported them to major hardware and software companies so work on security fixes could begin without alerting hackers. As a result, services and applications offered by companies like Microsoft, Google, Apple and Amazon have already been updated to help defend against the flaws. However, your organisation should not rely solely on a software patch to protect against these vulnerabilities. Here are some steps you can take to protect your computer systems and devices from Meltdown and Spectre:

  • Update all of your devices immediately, and check for new updates regularly.
  • Contact any cloud service providers and third-party suppliers you use to ensure that they are protected against Meltdown and Spectre. Cloud services and computer servers are especially vulnerable to the exploits, as they often host multiple customers on a single device.
  • Install antivirus and firewall systems to protect against regular malware. Researchers believe that hackers need to gain access to a device in order to exploit Meltdown or Spectre, so keeping your devices free of malware can help prevent data theft.

For additional guidance on how to protect your organisation from cyber-security threats, contact Direct Insurance Corporate Risks today.

email: info@direct-ins.co.uk 

website: www.dicr.co.uk

Call: 01277 844 360

Is your business PECR ready?

For well over a year, the General Data Protection Regulation (GDPR) has dominated headlines for how it’ll create a marked shift in the way that business can digitally interact with customers and prospects. However, there is another law concerning electronic communications that is also getting a major overhaul that may have escaped your attention, the Privacy and Electronic Communications Regulations (PECR).

The PECR has existed since 2003 and is getting a major overhaul to supplement the GDPR and update electronic marketing rules. Think of the GDPR as the overarching data protection law, while the PECR applies those principles to electronic communications, such as email, cookies and texts. The new PECR introduces rules to simplify cookies, ban unsolicited electronic communications if users haven’t given their consent and incorporate the GDPR’s two-tiered fine structure.

EU lawmakers intend for proposed PECR changes to take effect on 25 May, the same as the GDPR, but there’s significant doubt as to whether they will make that deadline. These PECR changes are still in draft form, but you should still prepare for compliance starting 25 May.

One of PECR’s biggest proposed changes is making all forms of electronic marketing reliant on opt-in consent. Like the GDPR, this means pre-ticked boxes will not suffice. This will even apply to business-to-business communications, as under the GDPR, you need a lawful basis to process ‘personal data’, which is any information that can be used to identify an individual. This means that, john.smith@abcbusiness.com would classify as personal data that requires John’s consent before you can market to him through email, even though it’s a business address.

But, this doesn’t sound the death knell for electronic marketing—it just changes it. Instead of inaccurate marketing email blasts that blandly ask for consent, gain consent under the new rules by providing prospects with a piece of relevant, useful content that incentivises them to tick that box. Other PECR- and GDPR-compliant electronic marketing strategies include obtaining double opt-in consent from prospects and ramping up your social media advertising.

For more information on the new PECR rules and how you can comply, read the EU’s press release and stay updated on the ICO’s page.

To learn more about the services we supply and how we can help your business with risk management and compliance simply visit our website at www.dicr.co.uk or get in touch via email info@direct-ins.co.uk.