Monthly Archives: November 2017

Understanding the GDPR

The European Union’s Parliament approved and adopted the General Data Protection Regulation (GDPR) in April 2016. This regulation will take effect after a two-year transitional period, meaning it will be fully enforced on May 25, 2018. At this time, if organizations are non-compliant, they will face hefty fines. There is a tiered approach to these fines; however, at a maximum an organization can be charged 4% of annual global turnover or 20 million euros ($23,554,200).

The GDPR applies to all organizations that process and hold the personal information of EU residents, regardless of the company’s location. To exemplify, the regulation pertains to all organizations located within the EU, as well as organizations that are located outside of the EU that offer good, services, or observe the behavior of EU citizens. These rules also apply to both controllers and processors of information, meaning that the cloud and other technologies are not exempt from the GDPR.

If information can be used to identify a person, directly or indirectly, it is protected under the GDPR. This includes but is not limited to names, email addresses, financials, medical data, and computer IPs.

Steps to take to prepare for the GDPR:

  1. Perform a compliance audit against the GDPR legal framework to identify where gaps exist, then work to remediate these shortcomings.
  2. Classify the personal data your organization possesses that is protected by the GDPR and implement the appropriate security measures. This includes understanding what information you have, where it came from, who it is shared with, and who has access to it.
  3. Appoint a data protection officer for your organization.
  4. Document all processes and keep a record for the Data Protection Association (DPA) in the country or countries your organization conducts business.
  5. Make sure the appropriate contracts are in place to protect your organization and ensure that the businesses you engage with are employing the same security measures.

Infringements of the GDPR include:

  • Not having sufficient customer consent to process personal information.
  • Not having records in order.
  • Violating the “Privacy by Design” and “Privacy by Default” concepts.
  • Failing to notify the data subject and the supervising authority about a breach or incident.
  • Not conducting an impact assessment.

Altogether, the GDPR is the most important change to data privacy regulations in decades. It is intended to make organizations more secure and accountable to their data subjects during all stages of their interactions. For more questions or to implement GDPR standards in your organization, please CONTACT US.


In the recent years, most developed countries are investing significantly in cyber defence & attack capabilities. The NHS is now spending £20m to set up a security operations centre that will oversee the health service's digital defences.

Among others, NHS will employ "ethical hackers" to look for weaknesses in health computer networks, not just react to breaches – Such hackers use the same tactics seen in cyber-attacks to help organisations spot weak points.

UPDATES: The UK's Information Commissioner's Office states that organisations must take "appropriate" security measures to protect personal data and consider notifying the individuals concerned if there is a breach.

In May, one-third of UK health trusts were hit by the WannaCry worm, which demanded cash to unlock infected PCs.

In a statement, Dan Taylor, head of the data security centre at NHS Digital, said the centre would create and run a "near-real-time monitoring and alerting service that covers the whole health and care system".

The centre would also help the NHS improve its "ability to anticipate future vulnerabilities while supporting health and care in remediating current known threats", he said.

And operations centre guidance would complement the existing teams the NHS used to defend itself against cyber-threats.

NHS Digital, the IT arm of the health service, has issued an invitation to tender to find a partner to help run the project and advise it about the mix of expertise it required.
Kevin Beaumont, a security vulnerability manager, welcomed the plan to set up the centre –  "This is a really positive move," he said.

Many private sector organisations already have similar central teams that use threat intelligence and analysis to keep networks secure.

"Having a function like this is essential in modern-day organisations," Mr Beaumont said.

"In an event like WannaCry, the centre could help hospitals know where they are getting infected from in real time, which was a big issue at the time, organisations were unsure how they were being infected".

In October, the UK's National Audit Office said NHS trusts had been caught out by the WannaCry worm because they had failed to follow recommended cyber-security policies.

The NAO report said NHS trusts had not acted on critical alerts from NHS Digital or on warnings from 2014 that had urged users to patch or migrate away from vulnerable older software.

Why the government isn’t a fan of commercial encryption

Federal governments and major technology firms are arguing for or against encryption, respectively. But why?

Due to recent political turmoil and devastating events overseas, the topic of end-to-end encryption has reentered public discussion. At the center of the debate, you have federal governments and major technology firms, each arguing for or against encryption.

Holiday Security Best Practices

The fourth, holiday quarter is the most critical revenue driver for retail businesses, as consumers purchase gifts for their family and friends. However, the increased spending and transfers of personally identifiable information provides an ideal opportunity for an attacker to steal user credentials, payment information, and consumer goods.

Whether you are traveling, using your mobile device, or shopping in-store, COMPASS recommends that you take the following precautions to protect your sensitive information this holiday season:

  • Create an email address specifically for any shopping sites to limit the likelihood of your information being compromised if one of your online retailers experiences a data breach.
  • Be wary of apps that impersonate well-known retailers. Red flags to look out for are misspelled words in the description and recent creation dates.
  • Do not use untrusted or unknown Wi-Fi hotspots, especially to make online purchases.
  • Make sure the websites you are on are secure. Look for HTTPS rather than HTTP in the address bar.
  • Designate a single card for any credit transactions to monitor suspicious activity.

For more holiday security best practices, download our Holiday Security Guide and follow the tips in the upcoming weeks to protect your information from being compromised.



Mataifa mengi yameendelea kuwekeza katika sekta ya TEHAMA ili kurahisisha huduma mbali mbali kwa jamii za mataifa husika – Ikiwa ni pamoja na mawasiliano, huduma za Afya, kifedha na hata usafirishaji ambapo TEHAMA imekua ikitumika kwa kiwango cha juu zaidi tofauti na miaka iliyopita.

UPDATE:Apple has addressed a glitch that caused some iPhones to unexpectedly start auto-correcting the letter "i" to a capital "A" and a question mark.

Kuwepo na Kinacho tambulika kama “Internet of things (IoT)” ambapo kimsingi ni kila kitu kitakua kimeunganishwa kwenye mtandao kunapelekea kuendelea kukua kwa uhalifu mtandao ambapo madhara yake yanategemewa kua makubwa zaidi ya ilivyo zoeleka.

Katika kipindi cha mwaka 2016/2017 Tumeshuhudia matukio kadhaa ya kihalifu mtandao ambapo mataifa mengi yamejikuta katika hasara kubwa kutokana na mashambulizi mtandao.

NEWS UPDATE:A group of researchers and private industry experts, along with DHS officials, remotely hacked a Boeing 757 airplane owned by the DHS that was parked at the airport in Atlantic City, New Jersey.

Mategemeo ni kwamba, 2018 – Mashambulizi mtandao yatakua na athari zaidi kutokana na vitu vingi kuunganishwa kwenye mtandao.

Nikizungumza katika vikao vya viongozi wa TEHAMA vilivyo kamilika nilipata kuainisha mashambulizi mbali mbali ya kimtandao kuanzia katika sekta za kifedha, kielimu, Afya, Serikali mbali mbali na hata katika vyombo vya usafiri ambapo magari aina ya “Jeep” pamoja na “Volkswagen” ni miongoni mwa wahanga wakubwa ma uhalifu mtandao.

Aidha, Nili aninisha mambo ya msingi tuliyo kubaliana mapema mwaka huu na kuingiza katika machapisho juu ya namna ya kukabiliana na aina mbali mbali ya matukio ambayo yamejitokeza zaidi kwa kipindi cha mwaka 2016 – 2017.

ALERT:Europol boss, Rob Wainright has warned that Ransomware attacks now number as many as 4000 per day, with cybercrime operations large and sophisticated enough to threaten critical infrastructure.