Founder https://t.co/xkn8Dnlmni Leading Privacy at top tech companies. @duolingo @hudl Privacy blog: https://t.co/GDW4mJX7sR Podcast: https://t.co/duSIE08ANg . Views my own.
Jan 9, 2020 • 5 tweets • 2 min read
DSG Retail Limited (Currys/Dixons) has been given the maximum fine of £500k by the @ICOnews for having inappropriate security which led to its point-of-sale malware infection in 2017-18. ico.org.uk/about-the-ico/…@ICOnews ICO view:
DSG's network segregation was insufficient.
No local firewall on the POS terminals.
Inadequate patching.
No regular vuln scanning.
Poorly managed app whitelisting.
Ineffective logging and monitoring.
Out of date PoS software.
No support for POS point to point encryption
Jul 8, 2019 • 6 tweets • 2 min read
I can't overstate the significance of this #GDPR British Airways fine (1.5% of worldwide turnover / £183m) for anyone in security, privacy or senior management. You've got to get security right, with appropriate levels for your organisation, else the fines can be career changing.
Some factoids:
- GDPR fines (amongst other things) are for inappropriate security as opposed to getting breached. Breaches are a good pointer but are not themselves actionable. So organisations need to implement security that is appropriate for their size, means, risk and need.
Feb 21, 2019 • 16 tweets • 3 min read
Ooooh, a spearphishing email claiming to be from the CEO. Let's play this one out.
FROM: CEO's name
Address: info@[pakistanhostingcompany]
" Hi Carl,
I need you to perform a task for me
Let me know if you are available?
Thanks
[CEO's name]"
