Training Archives - L2 Cyber Security Solutions Ltd.

Practical GDPR for Small Business Training

Liam — Mon, 30 Mar 2020 22:56:45 +0000

Practical GDPR for Small Business/Charity Training

L2 Cyber Security Solutions is delighted to be able to offer the following Practical Data Protection Training, in an online and in-person format.

Title: Practical GDPR for Small Business/Charity Training.

Learning objective:

The purpose of this programme is to equip the learner with the practical knowledge to implement policies and procedures in their organisation. They will also understand the requirements for record keeping.

Content of the Practical GDPR for Small Business/Charity Training:

There are three separate modules in this training:

1. Module 1 – The basic requirements

Quick question – do you need a Data Protection Officer (DPO)?
Interpreting the GDPR’s principles
Creating a simple Data Inventory
Establishing a Data Protection Policy

2. Module 2 – The crucial documentation

What needs to be included in a right-to-be-informed page
Producing procedures to handle an individual’s rights
Knowing the kind of records you need to keep

3. Module 3 – The stuff most people forget about

Understanding Data Processing Agreements
When it hits the fan – using a Data Breach handling procedure
Securing the business with an Information Security Policy

Duration:

Each Module is 60 minutes, including ample time for Questions and Answers

Audience:

Small Business Owners or Data Protection Administrators in small businesses and charities who need to put in place policies, procedures and records keeping for the GDPR in their organisation.

Delivery Format:

Online – Presentation, using Google Meet (or your own online platform of choice).
In-person – Interactive workshop over the selected duration.

Also Included:

A link to a softcopy of any slides will be provided during the session.
Link to additional free resources would be included too.
Certificates of attendance if required.

Pricing:

Please see our website for our current prices:

https://www.l2cybersecurity.com/prices/

Contact us:

info@L2CyberSecurity.com

Follow us on Social media:

Liam is available on LinkedIn, Mastodon and YouTube.

Follow L2 Cyber on LinkedIn.

The post Practical GDPR for Small Business Training appeared first on L2 Cyber Security Solutions Ltd..

A la carte Data Protection Training

Liam — Mon, 30 Mar 2020 22:54:36 +0000

À la carte Data Protection Training

Download these details

Make an enquiry

L2 Cyber Security Solutions is delighted to be able to offer the following À la carte Data Protection Training, in an online and in-person format.

Title: À la carte Data Protection Training.

Learning objective:

The purpose of this programme is to equip the learner with the knowledge and skill to identify their organisation’s obligations to protect the personal data of the individuals that they work for and with.

Our range of topics to choose from include:

The basics:

What is Personal Data and what do we mean by processing
Comprehending the terminology of the GDPR
Do you need a Data Protection Officer (DPO)?

The important items:

Interpreting the GDPR’s principles
Knowing the rights of the individual
Understanding the appropriate legal basis for processing (incl. consent)
Data Protection by design
How to identify and handle International Transfers
Establish what other documentation is required

Documentation and Procedures:

Handling Sensitive Personal Data appropriately
Creating a simple Data Inventory
Establishing a Data Protection Policy
What needs to be included in a right-to-be-informed document
Producing procedures to handle an individual’s rights
Knowing the kind of records you need to keep
Understanding Data Processing Agreements
When it hits the fan – using a Data Breach handling procedure
Securing the business with an Information Security Policy
When and How to conduct a Data Protection Impact Assessment
What is a Legitimate Interest Assessment and how should you carry it out
What if it all goes wrong – what can the Data Protection Commission do

Duration:

Each topic is approximately 20 minutes each, including time for Questions and Answers.

Audience:

Staff, contractors or volunteers who have no or limited knowledge of data protection and specifically the GDPR legislation. Also organisations who need to put in place policies, procedures and records keeping for the GDPR in their business.

Delivery Format:

Online – Presentation, using Google Meet (or your own online platform of choice).
In-person – Interactive workshop over the selected duration.

Also Included:

A link to a softcopy of any slides will be provided during the session.
Link to additional free resources would be included too.
Certificates of attendance if required.

Pricing:

Please see our website for our current prices:

https://www.l2cybersecurity.com/prices/

Contact us:

info@L2CyberSecurity.com

Follow us on Social media:

Liam is available on LinkedIn, Mastodon and YouTube.

Follow L2 Cyber on LinkedIn.

The post A la carte Data Protection Training appeared first on L2 Cyber Security Solutions Ltd..

Staff Data Protection Awareness Training

Liam — Mon, 30 Mar 2020 22:52:57 +0000

Staff Data Protection Awareness Training

Download these details

Make an enquiry

L2 Cyber Security Solutions is delighted to be able to offer the following Staff Data Protection Training, in an online and in-person format.

Title: Data Protection Awareness Training for staff.

Learning objective:

Content of the Staff Data Protection Awareness Training:

There are three separate modules in this training.

1. Module 1 – The basics

What is Personal Data and what do we mean by processing
Comprehending the terminology of the GDPR
Interpreting the GDPR’s principles

2. Module 2 – The important stuff

Knowing the rights of the individual
Understanding the appropriate legal basis for processing (incl. consent)
Data Protection by design

3. Module 3 – What do you need to put in place

Creating a simple Data Inventory
Establish what other documentation is required
What if it all goes wrong – what can the Data Protection Commission do

Duration:

Each module is 60 minutes, including ample time for Questions and Answers.

Audience:

Staff, contractors or volunteers who have no or limited knowledge of data protection and specifically the GDPR legislation.

Delivery Format:

Online – Presentation, using Google Meet (or your own online platform of choice).
In-person – Interactive workshop over the selected duration.

Also Included:

A link to a softcopy of any slides will be provided during the session.
Link to additional free resources would be included too.
Certificates of attendance if required.

Pricing:

Please see our website for our current prices:

https://www.l2cybersecurity.com/prices/

Contact us:

info@L2CyberSecurity.com

Follow us on Social media:

Liam is available on LinkedIn, Mastodon and YouTube.

Follow L2 Cyber on LinkedIn.

The post Staff Data Protection Awareness Training appeared first on L2 Cyber Security Solutions Ltd..

Board Management Data Protection Briefing

Liam — Mon, 30 Mar 2020 22:50:22 +0000

Board/Management Data Protection Briefing

Download these details

Make an enquiry

L2 Cyber Security Solutions is delighted to be able to offer the following Board/Management Briefing, in an online and in-person format.

Title: Data Protection Briefing for Boards or Management.

Learning objective:

The purpose of this programme is to equip the members of the board/management with the knowledge of their obligations for data protection, under the GDPR and have a strategy for addressing these in their organisation.

Content of the Board/Management Briefing:

Overview of case studies since GDPR came into force in Ireland
Quick question – do you need a Data Protection Officer (DPO)?
An introduction of the organisation’s obligations
Outline an implementation strategy for the organisation

Duration:

The briefing will take 45 minutes. There will be plenty of time for Questions and Answers.

Audience:

Board members or Senior Management of organisations that want to start the journey of implementing a data protection compliance regime.

Delivery Format:

Online – Presentation, using Google Meet (or your own online platform of choice).
In-person – Interactive workshop over the selected duration.

Also Included:

A link to a softcopy of any slides will be provided during the session.
Link to additional free resources would be included too.
Certificates of attendance if required.

Pricing:

Please see our website for our current prices:

https://www.l2cybersecurity.com/prices/

Contact us:

info@L2CyberSecurity.com

Follow us on Social media:

Liam is available on LinkedIn, Mastodon and YouTube.

Follow L2 Cyber on LinkedIn.

The post Board Management Data Protection Briefing appeared first on L2 Cyber Security Solutions Ltd..

A la carte Security Training

Liam — Mon, 30 Mar 2020 20:29:44 +0000

À la carte Security Training

Download these details

Make an enquiry

L2 Cyber Security Solutions is delighted to be able to offer the following À la carte Security Training, in an online and in-person format.

Title: À la carte Cyber Security Training.

Learning objective:

We can offer you tailor made training to make your staff aware of the types of threats that exist in your industry sector, and how they manifest themselves. By taking our training, your staff will be skilled to become another layer of protection against threats to your network.

Our range of topics to choose from include:

Scams and Malicious Software:

Catching social engineering tricks – 20 minutes
Spotting phishing, smishing and vishing – 40 mins
Overview of malicious software (AKA malware) – 20 mins
How to handle Ransomware – 30 mins

Protecting your online life:

Keeping young people safe – 20 mins
Staying safe on Social Media – 20 mins
How to handle a cyber incident – 30 mins

Best Practices:

Protecting online accounts (passwords and authentication) – 40 mins
Using mobile devices securely – 20 mins
Securing the office or home (including work-from-home environment) – 20 mins
How to implement a proper backup strategy – 20 mins
Why are updates/patches so important – 20 mins

Duration:

The duration for each topic is listed above, which includes time for Questions and Answers.

Audience:

Staff who have no knowledge of online risks or those who wish to improve their awareness of the ever changing cyber security aspects of the online world.

Delivery Format:

Online – Presentation, using Google Meet (or your own online platform of choice).
In-person – Interactive workshop over the selected duration.

Also Included:

A link to a softcopy of any slides will be provided during the session.
Link to additional free resources would be included too.
Certificates of attendance if required.

Pricing:

Please see our website for our current prices:

https://www.l2cybersecurity.com/prices/

Contact us:

info@L2CyberSecurity.com

Follow us on Social media:

Liam is available on LinkedIn, Mastodon and YouTube.

Follow L2 Cyber on LinkedIn.

The post A la carte Security Training appeared first on L2 Cyber Security Solutions Ltd..

Staff Security Awareness Training

Liam — Mon, 30 Mar 2020 20:07:13 +0000

Staff Security Awareness Training

Download these details

Make an enquiry

L2 Cyber Security Solutions is delighted to be able to offer the following Staff Security Training, in an online and in-person format.

Title: Cyber Security Awareness Training for staff.

Learning objective:

The purpose of this programme is to equip the learner with the knowledge and skill to identify many various threats when using the internet and know what steps to take to protect themselves from these threats.

Content of the Staff Security Awareness Training:

There are three separate Modules in this training. Some of the content could also apply to people's home life. If they learn to be safe in the office, they can apply this at home too.

1. Module 1 – Social engineering and dodgy emails

An in-depth look at how criminals use social engineering and then perpetrate various email scams. You will find out how to avoid falling victim to these tactics.

2. Module 2 – Protecting your online world

Learning simple and effective password and authentication practices, as well as how to stay safe when using Social Media.

3. Module 3 – Securing your IT and handling a cyber incident

Good practices for securing your IT assets (Backups, Updates and Wi-Fi setup). How to deal with a cyber security incident.

There will be lots of examples of the different types of scams that will target staff. There are short videos also included to show real world examples of hacking. There will also be plenty of tips and tricks on how to be safer and more secure online, including how to be careful with Social Media.

Duration:

Each module takes 60 minutes, including ample time for Questions and Answers.

A standard session covers modules 1 and 2 as a minimum (two hours).

Audience:

Staff who have no knowledge of online risks or those who wish to improve their awareness of the ever changing cyber security aspects of the online world.

Delivery Format:

Online – Presentation, using Google Meet (or your own online platform of choice).
In-person – Interactive workshop over the selected duration.

Also Included:

A link to a softcopy of any slides will be provided during the session.
Link to additional free resources would be included too.
Certificates of attendance if required.

Pricing:

Please see our website for our current prices:

https://www.l2cybersecurity.com/prices/

Contact us:

info@L2CyberSecurity.com

Follow us on Social media:

Liam is available on LinkedIn, Mastodon and YouTube.

Follow L2 Cyber on LinkedIn.

The post Staff Security Awareness Training appeared first on L2 Cyber Security Solutions Ltd..

Board Management Security Briefing

Liam — Mon, 30 Mar 2020 19:50:59 +0000

Board/Management Security Briefing

Download these details

Make an enquiry

L2 Cyber Security Solutions is delighted to be able to offer the following Board/Management Briefing, in an online and in-person format.

Title: Cyber Security Briefing for Boards or Management.

Briefing Objective:

The purpose of this programme is to equip the members of the board/management with the knowledge of the current cyber security threats that target their organisation’s activities and know what strategy they should take to protect the organisation.

Content of the Board/Management Briefing:

Overview of current global cyber threats
An introduction to the specific risks faced by the organisation
Outline a remediation strategy for the organisation

Duration:

The briefing will take 40-50 minutes. There will then be plenty of time for Questions and Answers.

Delivery Format:

Online – Presentation, using Google Meet (or your own online platform of choice).
In-person – Interactive workshop over the selected duration.

Also Included:

A link to a softcopy of any slides will be provided during the session.
Link to additional free resources would be included too.
Certificates of attendance if required.

Pricing:

Please see our website for our current prices:

https://www.l2cybersecurity.com/prices/

Contact us:

info@L2CyberSecurity.com

Follow us on Social media:

Liam is available on LinkedIn, Mastodon and YouTube.

Follow L2 Cyber on LinkedIn.

The post Board Management Security Briefing appeared first on L2 Cyber Security Solutions Ltd..

GDPR fines are starting to come.

Liam — Wed, 28 Nov 2018 12:44:31 +0000

Shortly after I posted about the Austrian GDPR fine, another fine was issued by the regulatory authority in Portugal. Late last week the German regulatory authority imposed another fine on an App maker. So the GDPR fines are beginning to come. Let’s take a quick look at these three cases and then see what you can do.

Austrian surveillance cost €4.8K

Just to recap, a business owner had CCTV installed outside their premises. One camera was recording a large portion of the public footpath. This was judged to be too invasive and there was poor signage. The regulatory authority hit them with a modest €4,800 fine. The Austrian data protection authority had 36 other proceedings pending at that time.

Portuguese hospital with too many doctor’s accounts hit for €400K

An unnamed hospital in Portugal had 985 doctor’s accounts on it’s IT system and only 296 doctors on staff. It seems that non-Doctor types (e.g. psychologists and dietitians) used doctor accounts to access patient data. What is most troubling is that a doctor account has unrestricted access to every single patient’s data.

You might not think this is a big deal, but you’re dealing with sensitive personal data here. There should be some controls on access to it, including audit logs of any and all access made by authorised personnel.

The regulator has imposed a €400,000 fine on the hospital, which is appealing the judgement. The Portuguese Government have not yet fully implemented the GDPR, but the regulator is acting as if it was in place.

App maker who cooperated, still fined €20K

A German chat platform, knuddles.de had a breach in which 330,000 e-mail addresses (in German) and their account passwords were stolen by hackers. The passwords were in plain text (no hashing or encrypting was applied). It was the screw-up with the password that caused the fine. They hadn’t applied appropriate technical or organisational controls to protect the data.

The regulatory authority acknowledged that Knuddles were very proactive in reporting the breach and the subsequent follow up. They have implemented stronger security controls in a very short time. In consultation with the regulator they have more measures coming in due course.

The regulator also looked at the financial strength of the company in determining the fine, not wanting to place the business under any financial burden. So the fine was proportionate. I would hate to think what might have been the case if they hadn’t cooperated.

To avoid GDPR fines, budget now to prepare early in 2019

If your business hasn’t put in place any policies or procedures to address the requirements of the GDPR, you should look at addressing this soon. Most annual budgets will have been exhausted by now, so put in place a sensible sum for GDPR preparation work, early next year.

If you haven’t attended a GDPR awareness event, then seek one out or give us a call on 087-436-2675.
We are now offering Practical GDPR Training, which can give you virtually everything you need to be as compliant as possible. Being “100% GDPR compliant” is not something that can be stated presently, as there is no certification available to support such a declaration.
Or if you prefer to keep making money for your business and not be distracted, then we can do the work for you. Send us an e-mail to info@L2CyberSecurity.com and we’ll get in touch.

#GDPR

#SimpleGDPR

#SecuritySimplified

The post GDPR fines are starting to come. appeared first on L2 Cyber Security Solutions Ltd..

How to deal with Ransomware.

Liam — Fri, 28 Sep 2018 14:01:57 +0000

I want to come back to this topic on how to deal with Ransomware. This is because I keep meeting business people in the training that I deliver who, either know of somebody or have themselves, suffered a Ransomware incident. I have previously talked about how Ransomware can infect your machine. It can be by dodgy looking e-mails or legitimate looking e-mails. The variety is endless, but it is generally all down to somebody clicking a link or opening an attachment. I’ve got an entire commandment dealing with e-mails and how you should handle them.

What I’ve talked about above, is all prevention. However that doesn’t help you if you are staring at a monitor with a ransom demand on it. Let me give you a couple of examples of recently reported Ransomware incidents and how they were handled.

Bristol Airport recovers from Ransomware Incident

On the weekend of the 15th and 16th September, Bristol Airport suffered a Ransomware incident. This incident took their flight information screens off-line for much of the weekend. Luckily no other safety or flight systems were affected.

How did the authorities at Bristol Airport deal with Ransomware? They re-built the systems and restored backups. They did not pay the Ransom.

Scottish Brewery suffered a Ransomware incident from a job application.

In the last couple of weeks, the Arran Brewery in Scotland had all of it’s systems affected by Ransomware. They had been running a recruitment campaign, advertising for a role via their own website. The evil doers took that ad and posted it to some international recruitment websites. The brewery then started receiving several e-mails a day from interested candidates from all over the world. In among those e-mails the bad guys slipped in one with Ransomware. The CV got opened and their files got scrambled. Not only were their live files affected, but their recent backups were too. These were stored online, attached to their network. Their most recent offline backups were 90 days old.

How did the brewery deal with Ransomware? They also re-built their systems and restored what backups they had. In this case though, they did consider paying the (GBP) £9,600 ransom. They came to the determination that the value of the data they lost (90 days of sales data) was less than the cost of the Ransom demand. They also took into consideration that paying the Ransom does not guarantee they would get back their data.

The brewery then did something really sensible. They have kept a copy of the scrambled data.

Help may be available from the good guys.

There is a not-for-profit, freely available service called No More Ransom (https://www.nomoreransom.org). This is run by various Law Enforcement and Cyber Security firms around the world. They are constantly working on cracking the codes for the different Ransomware variants and enabling people to recover their data for free.

So the Arran Brewery is holding onto the scrambled data in the hope that someday they will be able to unscramble it.

So how should you deal with Ransomware?

Prevention is always better than a cure.

The first thing is to make sure you get your staff some security awareness training. This is something that I deliver. Details of the complete training is available here. We can do customised training to suit your organisation too. Call me on 087-436-2675 or e-mail on info@L2CyberSecurity.com to discuss your requirements.

Then ensure that you have your systems updated/patched regularly, have security appliances like Firewalls in place, Anti-Virus is generally helpful against malicious software and also you shouldn’t insert strange USB devices into your computers.

Finally, you should have a good data backup system in place. This can be a very simple set-up or more complicated depending on your business needs. Again, I offer advice and support on backup strategies and business continuity planning. I also have a commandment about backups.

That’s it! With all of the above in place, in the very unlikely event that you do subsequently suffer a Ransomware incident, you will be able to recover from it.

What if it would cost me less to pay the ransom?

This is a genuine struggle for a business owner, particularly small businesses. Recovering systems from a ransomware incident takes time, which costs money, and the business may be unable to operate while recovery is ongoing, so is not generating revenue. A good business continuity plan, should reduce such risks.

If you are tempted to pay, I just have two things I want you to consider:

There is no guarantee that you will get your data back. Figures vary wildly from 50% to 100% failure to recover data. If you pay and don’t get your data back, you will then have to pay the full cost of recovery anyway.
You are funding organised crime. You are paying criminals who not only do cyber crime, but human trafficking, drugs, weapons, etc. People think I am being jokey or have my tongue in cheek when I refer to Evil Doers. I’m not. This is an accurate description of these people. They! Are! Evil!

If you pay once, then the bad guys reckon you might pay again, so you will be a bigger target. My advice to deal with Ransomware is to implement preventative measures (call me on 087-436-2675 or e-mail info@L2CyberSecurity.com to have a no obligation chat) and never pay these evil doers.

What else do you need to consider?

Don’t forget that if the data that gets scrambled contains personal data, then you have a data breach on your hands, which may be notifiable under the new Data Protection Act 2018 which incorporates the General Data Protection Regulation (GDPR). I’ve a short video here:

Finally, if you do suffer a Ransomware incident, a crime has been committed, so please report it to local Law Enforcement. They may not be able to do much about it, but it needs to be reported for statistical purposes if nothing else. If it can be shown that Cyber crime is as big a problem, as I know it to be, then the more reports to Law Enforcement will mean they will get more resources to be able to tackle it’s root cause.

#LetsBeCarefulOutThere and #StaySafe

#SecuritySimplified #GDPR

The post How to deal with Ransomware. appeared first on L2 Cyber Security Solutions Ltd..

Review of my 2017 predictions.

Liam — Thu, 28 Dec 2017 15:02:53 +0000

I don’t see many people who make predictions for the coming year actually come back to review what they predicted. I’m not one of those though, so here is my review. I’ve included the original text below in blue, but the full article for my 2017 predictions is here.

1. Ransomware levels will plateau, but constantly change

This might be an easy one to get right. Ransomware is already embedded in over 90%+ of all phishing e-mails, so there’s hardly any further room to keep growing. We’ve already started to see the way it is changing though. As was reported earlier this month, you could get your files unlocked if you infected two friends with this Ransomware rather than paying money over to the hackers.

I haven’t seen the stats yet, but I suspect Ransomware is still as big a problem as it was 12 months ago. And as noted, the evil doers have started using new methods to get money out of people by hijacking the victims computer processing power to mine crypto-currencies (i.e. create new currency for them). We also had the scary prospect of Ransomware worms thanks to WannaCry and Petya/NotPetya. So I’m going to say I got this one right.

2. Smart Device Botnets will target the big service providers

We’ve seen record breaking botnets created this year by poorly designed and poorly secured smart devices (also referred to as IoT, e.g.- internet connected cameras, digital video records, internet routers, etc.). I suspect the evil doers are building a massive army, much bigger than anything we have seen to date. I believe that they will then carry out a coordinated attack on one of the big service providers (e.g.- Google, Amazon or Microsoft). The attack won’t be fully successful, but will have caused sufficient disruption to make smart device security a focus for all manufacturers of such devices, as insecure devices will be banned from accessing the web.

This was a miss. While attacks did take place, there was nothing on the scale that we saw in 2016.

3. There will be an even bigger data leak than 2016’s revelation of the Yahoo! world record leak

Yahoo! has really had a bad year, setting a world record, having already had an even bigger world record. I believe bigger leaks have already happened and will be revealed next year. I reckon the bad guys are already combing through the data, cracking passwords and will then create tools that will take the IDs and passwords they have and try these against other services (e-mail, social media, etc.) to generate a list of compromised accounts, which are extremely valuable on the dark net.

I got this one right. It was Yahoo! that did it again, with over 3 billion records breached.

4. Russia will be accused of interfering in elections occurring across Europe

Russia has shown form this year, interfering with the US Presidential Election. With elections happening in the bigger European Countries (Germany, France and The Netherlands) in 2017, I would not be very surprised to discover that the Russian state hackers tried to influence the results of these.

While the German and Dutch elections were not outwardly (at least) subject to the same issues as affected the US elections, there was an incident during the French elections which looks likely to be an attempt to influence the voters. A dump of campaign documents including emails and accounting records for Emmanuel Macron’s campaign was released just before a moratorium on communications came into effect. So I’ll take a partial on this one.

5. More Irish people will be protecting themselves from Cyber Threats

I’ll be a bit selfish with this one as I will be the one helping these people to protect themselves. People knowing how to stay safe on-line will be the least likely to be affected by a Cyber Threat.

While I did protect more Irish people in 2017 by educating them, it wasn’t as many as I would have liked. So, again I will take a partial on this one. A little something called the GDPR became more important to people so, in conjunction with Molly O’Neill, we created training and awareness programmes for businesses.

Results for my 2017 predictions

2 correct, 2 partials and 1 incorrect. Not too bad. I may give this another go for 2018.

The post Review of my 2017 predictions. appeared first on L2 Cyber Security Solutions Ltd..