Looking Back to Move Forward

Welcome to the Retrospective – your summary of this week's top news in #cybersecurity. Stay informed and ahead of the curve with this concise and informative roundup, designed to keep you up to speed with all the latest developments shaping the industry. 

If you are a C-Suite executive, technology expert, cybersecurity specialist, compliance professional or simply interested in staying secure online, Retrospective has got you covered.

Subscribe to receive updates straight to your inbox.

Today's article is 1,301 words long, a 6-minute read.

FTC Fines BetterHelp $7.8M for Sharing Health Data

The Federal Trade Commission is pursuing banning the online counselling service BetterHelp from sharing consumer health data, including sensitive struggles about mental health challenges, with advertisers. According to the government agency, the Teledoc-owned company must also pay $7.8 million for deceiving users after promising to keep all personal information private from third parties like Facebook and Snapchat.

Given that the FTC have no jurisdiction over HIPAA violations, the penalty results from deceptive practices related to the app's collection, utilisation, retention and distribution of records. More specifically, they are fining the California-based platform for statements that conversations would remain confidential between the patient and an assigned therapist.

The organisation allegedly gave a junior marketing analyst carte blanche to decide what to upload for social media targeting. Very often, we forget that it's the actions of each and one of us matter and not what's buried in an online privacy policy. Transparency is the foundation for building trust. Regardless of our position, one severe mistake can impact the reputation of the business and its stakeholders at large.

This new development is a pity, particularly given the surge in demand for these digital services since the pandemic began. For players competing in this space, it should be a cautionary tale of the importance of living up to promises. Hopefully, this setback will not discourage people from utilising these options as an alternative to traditional psychosocial care. In places with stigmas, web-based interactions have been a valuable resource for those who might otherwise be reluctant to seek help.

Link to article: https://buff.ly/3YIFpr8 

Remote Workforce Security Review by ICT Solutions

It is intriguing to see how everything has become digitised. This evolution has, over time, enabled the transition towards more hybrid ways of doing business. As we moved from one step to another, malicious actors began taking advantage of vulnerabilities that started showing up.

Now that working from home is the norm for most of us, it presents new attack vectors that criminals can exploit (like unsecured home networks and personal devices). The problem is that most companies must figure out where to look, what to implement and how to educate employees on the best practices to keep systems safe.

Following a very positive response, I am resharing our Remote Workforce Security Review that we developed at ICT Solutions. This valuable tool is designed for both business and technical audiences to help them assess their readiness for a potential data breach.

I encourage you to try it. Once completed, you'll get a score that gauges your #cybersecurity posture and download a checklist of what is needed to close your most critical gaps. After you share your details with us, our team will showcase how your organisation can take the right step towards increasing resilience.

Last Wednesday, I heard this quote: "The best time to plant a tree was 20 years ago. The second best time is today." This reasoning is applicable in this situation because reflecting on the present or past helps you advance to a brighter future.

Link to tool: https://buff.ly/3IUP2Yi

TikTok Faces Scrutiny Amid Cybersecurity Concerns

The famous saying, "three strikes and you're out," seems to apply in the case of TikTok. In direct response to concerns about #cybersecurity, the White House has issued an ultimatum, giving agencies less than 30 days to uninstall the app from phones and other systems.

On Tuesday, the House Foreign Affairs Committee is set to vote on a bill that would give President Joe Biden the authority to ban the social media platform across the United States. If this goes through by policymakers, it could be the straw that breaks the camel's back.

This domino effect of concerns is now spreading around the globe. At the end of the day... If America sneezes, the rest of the world catches a cold. For example, the Canadian government joined the European Commission in announcing plans to prohibit the app on federal devices. This directive came to the fore following claims about foreign interference by Beijing in the 2019 and 2021 general elections.

Now that ByteDance is under fire, what's next? Opponents of a complete prohibition argue that such an action would infringe upon the free speech rights protected by the First Amendment, affecting millions of Americans. They assert that such a decision would be unconstitutional.

On the other hand, those favouring this move say that the threats are too significant to ignore. As I see it, the sensible path forward is to have much more oversight and regulation. However, this should also apply to the rest of big tech without cherry-picking companies.

Link to article: https://buff.ly/3EH4966

Royal Mail Services Restored After Ransomware Attack

Were you expecting a package from overseas that got delayed? You might receive it soon because the Royal Mail restored all their services following last month's ransomware attack. United Kingdom's postal giant can begin processing international exports again after weeks of disruption that left them at a standstill — unable to send out parcels.

The main culprit? Russia-linked LockBit hackers stepped forward to take credit for the mayhem, demanding a hefty sum of £65,000,000 as ransom. Moreover, the ransomware gang claimed they breached 40 organisations worldwide in February. Ion Group, a Dublin-based software company, was one of them. It is still unclear if they sorted the issue.

Royal Mail can breathe a sigh of relief since a recent data dump on a dark web leak site revealed no compromise of sensitive customer or financial information. However, these stories serve as a reminder of the importance of regularly updating #cybersecurity protocols.

Technology is only half the equation. Most companies often overlook the importance of their human firewall. Even with the best systems in place, a single click can open the floodgates. So, it's crucial to educate employees about how to stay vigilant and avoid falling victim to cybercriminals. Do you have the right tools not to fall prey to these threats?

Link to 1st article: https://buff.ly/3IoPoHr

Link to 2nd article: https://buff.ly/3SFPJZJ

Tesla to Disable External Security Cameras in Europe

If you live in Europe, say "cheese". Tesla will roll out a software update to its cars in the European Union to disable all external security cameras by default. This move comes in response to regulatory pushback, prompting the vehicle manufacturer to modify its configurations due to privacy fears.

This change of heart is coming into play following an investigation by the Dutch data protection watchdog, which also carried the risk of a fine. In the new release, the "Sentry Mode" will start warning pedestrians of its activation, requiring approval from the owners before filming.

I am intrigued by this development because the automaker will no longer bear any legal responsibility for improper footage, leaving the user open to potential liability. This recent decision raises the question: Do drivers understand the full implications of the risks when opting in?

The main takeaway from this situation is that while the company took an innovative approach to prevent theft and vandalism appeared effective, it also had unintended consequences that raised legitimate concerns about safeguarding personal data.

As more and more devices become interconnected, strong #cybersecurity measures to protect against potential threats are essential. Furthermore, when launching a service offering, one must carefully consider the pros and cons to avoid backlash down the road (pun intended).

Link to article: https://buff.ly/3md2hvG