SlideShare a Scribd company logo
1 of 18
Download to read offline
Protect yourself
from cyber attacks
The evolving
cyber risk landscape
Cyber risk is a continuously evolving threat.
For companies, it represents a challenging risk
to assess, with only a short catalogue of
historical experience available, and rapidly
changing patterns of information loss. Recent
trends show how the threat is adapting in
response to improved levels of security, and
reinforce the key principles of cyber insurance
risk management.
Trend of cyber loss processes
Contagious
Malware
Data
Exfiltration
Financial
theft
Denial of
services
Cloud
outage
What is phishing?
Phishing describes a type of social engineering where attackers influence users
to do 'the wrong thing', such as disclosing information or clicking a bad link.
Phishing can be conducted via a text message, social media, or by phone, but
these days most people use the term 'phishing’ to describe attacks that arrive by
email. Email is an ideal delivery method for phishing attacks as it can reach users
directly and hide amongst the huge number of benign emails that busy users
receive.
Aside from the theft of information, attacks can install malware (such as
ransomware), sabotage your systems, or steal money through fraud. You might
get caught up in a mass campaign (where the attacker is just looking to collect
some new passwords or make some easy money), or it could be the first step in
a targeted attack against your company, where the aim could be something
much more specific, like the theft of sensitive data.
Phishing
How does phishing work?
Phishing works because it exploits people's social instincts, such as being helpful
and efficient. Phishing attacks can be particularly powerful because these
instincts also make us good at our jobs, and shouldn't be discouraged.
Phishing involves bogus communications which ask for your personal or financial
details and may contain links to viruses and malware.
They often appear to be legitimate, which is what fools victims into clicking on
them. You’ll be asked for details to confirm an account (like Amazon, Microsoft,
HSBC, for example) and the scammer will harvest your details.
Phishing
Protection
How to protect yourself
Keep your secrets, secret. Post-it notes are for lunch appointments only. Don't share your
password or personal information online unless you are certain that you're dealing with a safe
platform or web site (the URL starts with HTTPS://)
Just don't click - Do not click links in emails. Even if you think you know who the email is from.
Also, don't download and install files.
Report anything suspicious – If the email contains suspicious instructions to disclose personal
information or to accept a “reward”, immediately contact your system administrator. Do not
access the given links and do not forward it, just report it.
Check email source - Most email providers are good at spotting malicious email, however if in
doubt check the email of the sender. If the email is a mix of random letters and number, or if it’s
spelled in a weird way, it is likely to be a scam – report it.
Always have a backup. If all else fails, having a backup of all your files ensure that you can be
back to normal in no time. The rule of thumb is that you should create a backup anytime you
make a change to your computer, such as adding a new program or changing settings, or at least
once per week and save it on a different type of storage.
How does
a phishing
email look
like?
Malware
What is malware?
Malware, or malicious software, is any program or file that is harmful to a
computer user. Malware includes computer viruses, worms, Trojan horses
and spyware. These malicious programs can perform a variety of functions,
including stealing, encrypting or deleting sensitive data, altering or
hijacking core computing functions and monitoring users' computer
activity without their permission.
Types of malware
Worm - malware that can self-replicate without a host program and typically spread
without any human interaction.
Trojan horse - malicious program that is designed to appear as a legitimate program.
Once activated following installation they execute their malicious functions.
Spyware - is a kind of malware that is designed to collect information and data on users
and observe their activity without users' knowledge.
Ransomware - designed to infect a user's system and encrypt the data. Cybercriminals
then demand a ransom payment from the victim in exchange for decrypting the
system's data.
Rootkit - is a type of malware designed to obtain administrator-level access to the
victim's system. Once installed, the program gives threat actors root or privileged access
to the system.
Trojan - is a malicious program that secretly creates a backdoor into an infected system
that allows attacker to remotely access it without alerting the user or the system's
security programs.
Malware
Rootkit exploit - Equifax data breach
In July 2017, credit reporting agency Equifax were the victims of a significant data breach which resulted in an estimated 143 million
U.S. records containing customer information being stolen by hackers. The breach also impacted other countries, with Equifax
admitting that 15.2 million records of British citizens and 8000 Canadians were stolen in the breach.
The intruders managed to gain access to the records using a vulnerability in the back-end website application. The vulnerability was
made public in March 2017, but Equifax were slow to fix the bug in their networks, highlighting the importance of maintaining the
latest security patches.
Denial of Services
A Denial of Service attack is a hacking technique to take down a site or
server by flooding that site or server with a lot of traffic so that the server
is unable to process all the requests in the real time and finally crash down.
This popular technique, the attacker floods the targeted machine with tons
of requests to overwhelm the resources, which, in turn, restrict the actual
requests from being fulfilled.
For DDoS attacks, hackers often deploy botnets or zombie computers which
have got one mission - to flood your system with request packets. With
each passing year, as the malware and types of hackers keep getting more
advanced, the size of DDoS attacks keep increasing.
DDoS attack
Denial of Service Attack - Swedish Transport System
Starting on October 11, 2017 DDoS attacks disrupted the Swedish Transport Administration which brought Sweden’s transportation
services to a standstill. The Transportation agency was forced to stop or delay trains during the attack and the traffic maps were
affected into the upcoming days.
The following day, the attacks on the Swedish Transportation System continued. On October 12, 2017, the DDoS attacks focused on the
website of the Swedish Transport Administration taking down both their online booking and travel planning services for trains, buses,
ferries, and tram transports
How does a potential threat look like?
GDPR
What is GDPR?
The General Data Protection Regulation (EU) 2016/679 ("GDPR") is
a regulation in EU law on data protection and privacy for all individuals
within the European Union (EU) and the European Economic Area (EEA). It
also addresses the export of personal data outside the EU and EEA areas.
The GDPR aims primarily to give control to individuals over their personal
data and to simplify the regulatory environment for international
business by unifying the regulation within the EU
GDPR
GDPR Responsibility & Accountability
To be able to demonstrate compliance with the GDPR, the data controller must implement
measures which meet the principles of data protection by design and by default. Data protection by
design and by default require data protection measures to be designed into the development of
business processes for products and services. Such measures include personal data, by the
controller, as soon as possible. It is the responsibility and the liability of the data controller to
implement effective measures and be able to demonstrate the compliance of processing activities
even if the processing is carried out by a data processor on behalf of the controller.
When data is collected, data subjects must be clearly informed about the extent of data collection,
the legal basis for processing of personal data, how long data is retained, if data is being transferred
to a third-party and/or outside the EU, and disclosure of any automated decision-making that is
made on a solely algorithmic basis. Data subjects must be provided with contact details for the data
controller and their designated data protection officer, where applicable. Data subjects must also be
informed of their privacy rights under the GDPR, including their right to revoke consent to data
processing at any time, their right to view their personal data and access an overview of how it is
being processed, their right to obtain a portable copy of the stored data, the right to erasure of data
under certain circumstances, the right to contest any automated decision-making that was made on
a solely algorithmic basis, and the right to file complaints with a Data Protection Authority.
GDPR
Data breaches
Under the GDPR, the data controller is under a legal obligation to notify the supervisory
authority without undue delay unless the breach is unlikely to result in a risk to the rights
and freedoms of the individuals. There is a maximum of 72 hours after becoming aware
of the data breach to make the report. Individuals have to be notified if adverse impact is
determined. In addition, the data processor will have to notify the controller without
undue delay after becoming aware of a personal data breach.
However, the notice to data subjects is not required if the data controller has
implemented appropriate technical and organisational protection measures that render
the personal data unintelligible to any person who is not authorised to access it, such as
encryption.
Emails containing sensitive data
To avoid accidentally sharing sensitive data please follow the steps below:
1. All emails containing personal data NEED TO BE FORWARED to the HR Department – hr@royalbluecatering.co.uk
2. Never redirect or forward emails containing personal to any members of the company aside from relevant authority -
such actions are in breach of Data Protection Act 2018 legislation (www.legislation.gov.uk/ukpga/2018/12/enacted).
Remember, personal information belongs to the data subject not you and you do not have permission to take risks with
their data
3.
4. Always double-check that you have the correct address before sending
5. Warn the recipient that the email contains confidential information so that they only open the document in a secure
environment - you can do this by putting the word "CONFIDENTIAL" either in the email header or the attachment's file
name
Thank you

More Related Content

Similar to Cyber Security Training in Office Environment

Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
Joseph White MPA CPM
 

Similar to Cyber Security Training in Office Environment (20)

Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering students
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
 
Guest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGuest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptx
 
Information security
Information securityInformation security
Information security
 
Cyber Security Company.docx
Cyber Security Company.docxCyber Security Company.docx
Cyber Security Company.docx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
cyber crimes ppt computer vulnerability softeware testing
cyber crimes ppt computer vulnerability softeware testingcyber crimes ppt computer vulnerability softeware testing
cyber crimes ppt computer vulnerability softeware testing
 
CYBER-CRIME PRESENTATION with real-time examples
CYBER-CRIME PRESENTATION with real-time examplesCYBER-CRIME PRESENTATION with real-time examples
CYBER-CRIME PRESENTATION with real-time examples
 
CYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.pptCYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.ppt
 
CYBER CRIME PRESENTATION for Law Students for Semester four
CYBER CRIME PRESENTATION for Law Students for Semester fourCYBER CRIME PRESENTATION for Law Students for Semester four
CYBER CRIME PRESENTATION for Law Students for Semester four
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
 
THESIS-2(2)
THESIS-2(2)THESIS-2(2)
THESIS-2(2)
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.ppt
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
5 Cyber Security Threats That Small Businesses Face And How To Stop Them
5 Cyber Security Threats That Small Businesses Face And How To Stop Them5 Cyber Security Threats That Small Businesses Face And How To Stop Them
5 Cyber Security Threats That Small Businesses Face And How To Stop Them
 

Recently uploaded

Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
daisycvs
 
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot ReportFuture of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Dubai Multi Commodity Centre
 
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
nafizanafzal
 
Constitution of Company Article of Association
Constitution of Company Article of AssociationConstitution of Company Article of Association
Constitution of Company Article of Association
seri bangash
 
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di PasuruanObat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Jakarta Wa 085176963835 Apotek Jual Obat Cytotec Di Jakarta
 
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
prakheeshc
 

Recently uploaded (20)

Global Internal Audit Standards 2024.pdf
Global Internal Audit Standards 2024.pdfGlobal Internal Audit Standards 2024.pdf
Global Internal Audit Standards 2024.pdf
 
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
 
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot ReportFuture of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
 
HAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future ProspectsHAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future Prospects
 
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
 
How to refresh to be fit for the future world
How to refresh to be fit for the future worldHow to refresh to be fit for the future world
How to refresh to be fit for the future world
 
stock price prediction using machine learning
stock price prediction using machine learningstock price prediction using machine learning
stock price prediction using machine learning
 
wagamamaLab presentation @MIT 20240509 IRODORI
wagamamaLab presentation @MIT 20240509 IRODORIwagamamaLab presentation @MIT 20240509 IRODORI
wagamamaLab presentation @MIT 20240509 IRODORI
 
1Q24_EN hyundai capital 1q performance
1Q24_EN   hyundai capital 1q performance1Q24_EN   hyundai capital 1q performance
1Q24_EN hyundai capital 1q performance
 
MEANING AND CHARACTERISTICS OF TAXATION.
MEANING AND CHARACTERISTICS OF TAXATION.MEANING AND CHARACTERISTICS OF TAXATION.
MEANING AND CHARACTERISTICS OF TAXATION.
 
Constitution of Company Article of Association
Constitution of Company Article of AssociationConstitution of Company Article of Association
Constitution of Company Article of Association
 
Inside the Black Box of Venture Capital (VC)
Inside the Black Box of Venture Capital (VC)Inside the Black Box of Venture Capital (VC)
Inside the Black Box of Venture Capital (VC)
 
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di PasuruanObat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
 
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdfProgress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
 
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
 
Toyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & TransformationsToyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & Transformations
 
PitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for StartupsPitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for Startups
 
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In HarareTop^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdf
 
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
 

Cyber Security Training in Office Environment

  • 2. The evolving cyber risk landscape Cyber risk is a continuously evolving threat. For companies, it represents a challenging risk to assess, with only a short catalogue of historical experience available, and rapidly changing patterns of information loss. Recent trends show how the threat is adapting in response to improved levels of security, and reinforce the key principles of cyber insurance risk management.
  • 3. Trend of cyber loss processes Contagious Malware Data Exfiltration Financial theft Denial of services Cloud outage
  • 4. What is phishing? Phishing describes a type of social engineering where attackers influence users to do 'the wrong thing', such as disclosing information or clicking a bad link. Phishing can be conducted via a text message, social media, or by phone, but these days most people use the term 'phishing’ to describe attacks that arrive by email. Email is an ideal delivery method for phishing attacks as it can reach users directly and hide amongst the huge number of benign emails that busy users receive. Aside from the theft of information, attacks can install malware (such as ransomware), sabotage your systems, or steal money through fraud. You might get caught up in a mass campaign (where the attacker is just looking to collect some new passwords or make some easy money), or it could be the first step in a targeted attack against your company, where the aim could be something much more specific, like the theft of sensitive data. Phishing
  • 5. How does phishing work? Phishing works because it exploits people's social instincts, such as being helpful and efficient. Phishing attacks can be particularly powerful because these instincts also make us good at our jobs, and shouldn't be discouraged. Phishing involves bogus communications which ask for your personal or financial details and may contain links to viruses and malware. They often appear to be legitimate, which is what fools victims into clicking on them. You’ll be asked for details to confirm an account (like Amazon, Microsoft, HSBC, for example) and the scammer will harvest your details. Phishing
  • 6. Protection How to protect yourself Keep your secrets, secret. Post-it notes are for lunch appointments only. Don't share your password or personal information online unless you are certain that you're dealing with a safe platform or web site (the URL starts with HTTPS://) Just don't click - Do not click links in emails. Even if you think you know who the email is from. Also, don't download and install files. Report anything suspicious – If the email contains suspicious instructions to disclose personal information or to accept a “reward”, immediately contact your system administrator. Do not access the given links and do not forward it, just report it. Check email source - Most email providers are good at spotting malicious email, however if in doubt check the email of the sender. If the email is a mix of random letters and number, or if it’s spelled in a weird way, it is likely to be a scam – report it. Always have a backup. If all else fails, having a backup of all your files ensure that you can be back to normal in no time. The rule of thumb is that you should create a backup anytime you make a change to your computer, such as adding a new program or changing settings, or at least once per week and save it on a different type of storage.
  • 8. Malware What is malware? Malware, or malicious software, is any program or file that is harmful to a computer user. Malware includes computer viruses, worms, Trojan horses and spyware. These malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users' computer activity without their permission.
  • 9. Types of malware Worm - malware that can self-replicate without a host program and typically spread without any human interaction. Trojan horse - malicious program that is designed to appear as a legitimate program. Once activated following installation they execute their malicious functions. Spyware - is a kind of malware that is designed to collect information and data on users and observe their activity without users' knowledge. Ransomware - designed to infect a user's system and encrypt the data. Cybercriminals then demand a ransom payment from the victim in exchange for decrypting the system's data. Rootkit - is a type of malware designed to obtain administrator-level access to the victim's system. Once installed, the program gives threat actors root or privileged access to the system. Trojan - is a malicious program that secretly creates a backdoor into an infected system that allows attacker to remotely access it without alerting the user or the system's security programs. Malware
  • 10. Rootkit exploit - Equifax data breach In July 2017, credit reporting agency Equifax were the victims of a significant data breach which resulted in an estimated 143 million U.S. records containing customer information being stolen by hackers. The breach also impacted other countries, with Equifax admitting that 15.2 million records of British citizens and 8000 Canadians were stolen in the breach. The intruders managed to gain access to the records using a vulnerability in the back-end website application. The vulnerability was made public in March 2017, but Equifax were slow to fix the bug in their networks, highlighting the importance of maintaining the latest security patches.
  • 11. Denial of Services A Denial of Service attack is a hacking technique to take down a site or server by flooding that site or server with a lot of traffic so that the server is unable to process all the requests in the real time and finally crash down. This popular technique, the attacker floods the targeted machine with tons of requests to overwhelm the resources, which, in turn, restrict the actual requests from being fulfilled. For DDoS attacks, hackers often deploy botnets or zombie computers which have got one mission - to flood your system with request packets. With each passing year, as the malware and types of hackers keep getting more advanced, the size of DDoS attacks keep increasing. DDoS attack
  • 12. Denial of Service Attack - Swedish Transport System Starting on October 11, 2017 DDoS attacks disrupted the Swedish Transport Administration which brought Sweden’s transportation services to a standstill. The Transportation agency was forced to stop or delay trains during the attack and the traffic maps were affected into the upcoming days. The following day, the attacks on the Swedish Transportation System continued. On October 12, 2017, the DDoS attacks focused on the website of the Swedish Transport Administration taking down both their online booking and travel planning services for trains, buses, ferries, and tram transports
  • 13. How does a potential threat look like?
  • 14. GDPR What is GDPR? The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU
  • 15. GDPR GDPR Responsibility & Accountability To be able to demonstrate compliance with the GDPR, the data controller must implement measures which meet the principles of data protection by design and by default. Data protection by design and by default require data protection measures to be designed into the development of business processes for products and services. Such measures include personal data, by the controller, as soon as possible. It is the responsibility and the liability of the data controller to implement effective measures and be able to demonstrate the compliance of processing activities even if the processing is carried out by a data processor on behalf of the controller. When data is collected, data subjects must be clearly informed about the extent of data collection, the legal basis for processing of personal data, how long data is retained, if data is being transferred to a third-party and/or outside the EU, and disclosure of any automated decision-making that is made on a solely algorithmic basis. Data subjects must be provided with contact details for the data controller and their designated data protection officer, where applicable. Data subjects must also be informed of their privacy rights under the GDPR, including their right to revoke consent to data processing at any time, their right to view their personal data and access an overview of how it is being processed, their right to obtain a portable copy of the stored data, the right to erasure of data under certain circumstances, the right to contest any automated decision-making that was made on a solely algorithmic basis, and the right to file complaints with a Data Protection Authority.
  • 16. GDPR Data breaches Under the GDPR, the data controller is under a legal obligation to notify the supervisory authority without undue delay unless the breach is unlikely to result in a risk to the rights and freedoms of the individuals. There is a maximum of 72 hours after becoming aware of the data breach to make the report. Individuals have to be notified if adverse impact is determined. In addition, the data processor will have to notify the controller without undue delay after becoming aware of a personal data breach. However, the notice to data subjects is not required if the data controller has implemented appropriate technical and organisational protection measures that render the personal data unintelligible to any person who is not authorised to access it, such as encryption.
  • 17. Emails containing sensitive data To avoid accidentally sharing sensitive data please follow the steps below: 1. All emails containing personal data NEED TO BE FORWARED to the HR Department – hr@royalbluecatering.co.uk 2. Never redirect or forward emails containing personal to any members of the company aside from relevant authority - such actions are in breach of Data Protection Act 2018 legislation (www.legislation.gov.uk/ukpga/2018/12/enacted). Remember, personal information belongs to the data subject not you and you do not have permission to take risks with their data 3. 4. Always double-check that you have the correct address before sending 5. Warn the recipient that the email contains confidential information so that they only open the document in a secure environment - you can do this by putting the word "CONFIDENTIAL" either in the email header or the attachment's file name