Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Safety and Protection. Show all posts
Technology
Cloud Protection Cloud Servicing CSI Data Safety and Protection NSA Technology

CSI/NSA Joint Best Practices for Cloud Security

 

The NSA and CISA have released a set of five cybersecurity bulletins to help make cloud environments safer. These bulletins share important tips for keeping cloud systems secure, which are used a lot by businesses. 

Cloud services are popular because they let companies use servers, storage, and apps without having to worry about managing all the complicated tech stuff themselves. This has made life easier for businesses big and small, allowing them to focus on what they do best while relying on the reliability and flexibility of cloud platforms. 

What is cool is that many companies now offer both regular software you install on your own computers and cloud versions that they manage for you. This means businesses have choices and do not have to deal with all the headaches of managing software themselves. 

The partnership between NSA and CISA shows how important it is to keep cloud systems safe, especially now that more and more businesses are using them for remote work and digital upgrades. These bulletins give organizations practical advice on how to stay safe from online threats and keep their data secure. 

By sharing these joint tips, NSA and CISA want to make sure that businesses have the right tools and knowledge to protect themselves against cyber attacks as they use cloud services. It is like giving them a guidebook to navigate the sometimes tricky world of cybersecurity. 

CSI/NSA Joint Best Practices for Cloud Security 

1. Use Secure Cloud Identity and Access Management Practices 

To keep your cloud systems safe, it's crucial to manage who can access them and how they do it. Follow these tips: 

Enable Multi-Factor Authentication (MFA): Make it harder for unauthorized users to get in by requiring more than just a password. 

Securely Store Credentials: Keep your login information safe and away from prying eyes. Partition Privileges: Limit what each person can do in the cloud to minimize the risk of someone doing something they shouldn't. 

2. Use Secure Cloud Key Management Practices

When it comes to managing encryption keys in the cloud, it's important to do it right.  Here's how: 

Understand Shared Security Responsibilities: Know who is responsible for what when it comes to keeping encryption keys safe. 

Configure Key Management Solutions (KMS) Securely: Set up your encryption key systems in a way that is safe and secure. 

3. Implement Network Segmentation and Encryption in Cloud Environments 

To protect your data as it moves around in the cloud, follow these steps: 

Encrypt Data in Transit: Keep your data safe as it travels between different parts of the cloud. 

Segment Your Cloud Services: Keep different parts of your cloud separate from each other to stop them from talking when they should not. 

4. Secure Data in the Cloud 

When storing data in the cloud, make sure it stays safe with these practices: 

Encrypt Data at Rest: Keep your data safe even when it is sitting around doing nothing. 

Control Access to Data: Only let the right people get to your data,and keep everyone else out. 

Backup and Recovery Plans: Have a plan in place to get your data back if something goes wrong. 

5. Mitigate Risks from Managed Service Providers in Cloud Environments 

When working with outside companies to manage your cloud, take these steps to stay safe: 

Secure Corporate Accounts Used by MSPs: Make sure the accounts used by managed service providers are as secure as your own. 

Audit MSP Activities: Keep an eye on what the managed service providers are doing in your cloud to catch any suspicious activity. 

Negotiate Agreements Carefully: When working with MSPs, make sure your agreements include provisions for keeping your data safe. 

By following these joint best practices from CSI and NSA, you can better protect your cloud systems and keep your data safe from cyber threats.
Read more »
User Security
Cyber Security Data Privacy Rule Data Safety and Protection ICO Security Guidelines User Security

ICO Publishes New Guidelines for Employee Surveillance at Work

 

The ICO issued its guidelines alongside research on employee monitoring that it commissioned. Before conducting any workplace tracking, companies should examine their legal obligations under the Data Protection Act as well as their employees' rights. 

According to its findings, 19% of respondents feel they have been tracked by their employers, with 70% believing it would be "intrusive" if their employers monitored them. Some employees told the ICO that working for a company that monitored them would put them off, with less than one in five stating they would feel confident taking a new job if they knew they would be monitored. 

The ICO claims that the guidance provides "clear direction" on how employee monitoring can be carried out ethically and legally. It is directed at both private and public sector companies. It outlines a company's legal obligations and offers best practises guidance. 

The ICO's research shows how concerned employees are regarding their privacy at home when it comes to employee monitoring, Emily Keaney, deputy commissioner for regulatory policy at the ICO stated.

“As the data protection regulator, we want to remind organisations that business interests must never be prioritised over the privacy of their workers,” she explained. “Transparency and fairness are key to building trust and it is crucial that organisations get this right from the start to create a positive environment where workers feel comfortable and respected.” 

Workers privacy at risk 

While data protection law does not forbid monitoring, the ICO urges businesses in across all sectors to recall their "legal obligations" to their employees' rights, stressing that such monitoring must be "proportionate" as stated in its guidance: If we think that people's privacy is in danger, we will act, Keaney warned.

The ICO defines monitoring in its guidelines as keeping track of calls, texts, and keystrokes as well as taking screenshots, webcam recordings, and audio recordings. Additionally, it states that using specific software to track activities and using biometric data to measure attendance and timekeeping are both examples of employee monitoring. 

It advises organisations to take a number of steps before introducing worker monitoring if they wish to do so. Employees must be informed of the "nature, extent, and reasons" of any monitoring, and employers must have a "lawful basis" (such as consent) for processing employee data. 

The regulator also makes reference to the requirement for data protection impact assessments for any monitoring activity, which is not always supported by the Data Protection and Digital Information Act, the UK's GDPR replacement bill that is now being debated in the House of Commons. 

More than 1,000 UK citizens were surveyed by the ICO regarding their views and experiences with employee monitoring. 78% of respondents thought that recording audio and video was the most intrusive action an employer could take, while 83% thought that monitoring personal devices was the most intrusive action. 

According to Antonio Fletcher, head of employment at the legal firm Whitehead Monckton, employees' privacy concerns are growing, especially in light of the widespread usage of webcams and other video. In addition, he mentioned that if employees are working remotely, audio recordings might be used for surveillance and might record private conversations with children and adults.
Read more »
Subscribe to: Posts (Atom)