Google has admitted that its Home speakers recorded users at all times, even when they hadn't said "wake words" such as "OK Google," due to a security error earlier this year.
COVID-19 has completely changed our world from six months ago, as we continue to battle the grave health implications, face extended stay at home orders, and grapple with the insurmountable ramifications on our economy. The pandemic has also forever changed the cyber threat landscape, with our workforce becoming more dispersed, and potentially more vulnerable, than ever as organizations switch out of the confines of their offices and move entire data streams to their laptops and home offices. On top of this, Salesforce has announced it is ending its Data Recovery service on July 31st, which is putting all of the data protection responsibilities, and the dire consequences that comes along with it, on the backs of the customer.
The EDPB’s FAQs resolve some open questions, such as whether there will be a grace period for companies relying on Privacy Shield, but raise other questions, such as what “supplementary measures” companies need to put in place to use Standard Contractual Clauses and Binding Corporate Rules.
In the wake of the Court of Justice of the European Union’s Schrems II judgment, on July 23, 2020, the European Data Protection Board (EDPB) adopted a Frequently Asked Questions document to “provide initial clarification and give preliminary guidance to stakeholders on the use of legal instruments for the transfer of personal data to third countries, including the U.S.” The EDPB stated that the document will be updated, and further guidance provided, as it continues to examine and consider the judgment. The six-page FAQs provides the following guidance.
With a myriad of employees and contractors given ubiquitous access to business data, one thing is clear; identity has become the new security perimeter. Ensuring ERP data security, privacy, and compliance can no longer rely solely on network threat monitoring but requires using a layered identity defense to limit access to and within mission-critical applications.
From a security perspective, we also tend to look at IoT in the wrong way. With every new device, we assume the technology will be vulnerable with a very high risk of compromise. The reality is that most IoT devices have a very low risk individually, but their functionality is what leaves them susceptible.
There is a trade-off between technology innovation and security. The adoption of emerging technologies like 5G will fuel the proliferation of Internet of Things (IoT) which are often built with basic security controls, creating a larger attack surface. At the same time, reliance on data means that data breaches can cause greater damage.
New research has found that while most consumers are taking necessary security precautions to protect their online accounts, businesses may not be doing enough to protect their information – inadvertently driving sales to competitors that can.
Two-fifths (40%) of consumers hold business leaders personally responsible for ransomware attacks businesses suffer, according to global research from Veritas Technologies.
Recently, data tokenization has proved to be a successful protection method for securing sensitive information and all instances of personal data. This is because it allows information to retain its analytical value, while ensuring that it meets regulatory requirements.