66% of EU Banks using US big tech cloud services forms risk

66% of EU Banks using US big tech cloud services forms risk

The European Commission is going after cloud computing, the online data storage business dominated by big American companies.
A draft bill seeks to address concerns about dependence on a small group of providers: chiefly Amazon Web Services, Google Cloud, IBM Cloud and Microsoft Azure.

The bill creates an oversight system designed “to preserving the Union’s financial system stability,”. Along with “monitoring of operational risks which may arise as a result of the financial system’s reliance on critical [outsourced services. It includes unrestricted rights to access and process all information deemed relevant, and also the “right to conduct audits and inspections,” and to issue “mandatory instructions.”.

In this package there are also measures to help digitalize the financial sector and modernize the EU’s rulebook for the online market. These include initiatives to harmonize companies’ online defences and regulate digital financial assets. The package also includes policy strategies on retail payments and capital markets.

Read more about this: https://www.politico.eu/article/eu-cloud-new-front-with-us-tech-giants/?

Security Awareness training is most effective when repeated every six months

Security Awareness training is most effective when repeated every six months

Awareness training in the field of cybersecurity and phishing must be repeated after approximately six months to ensure that employees continue to recognize phishing emails properly. This is evident from a study that was carried out by a number of German universities at an organization from the public sector. In Germany, public organizations are required to implement an information security management system (ISMS) to increase employee awareness of information security. The research focused on the question of how effective these awareness training courses will still be over time. To this end, it was periodically tested whether employees were able to recognize phishing emails.
The research showed that the participants were still perfectly capable of recognizing phishing emails after four months. That was no longer the case if the phishing training was six months or more ago, ZDNet writes.

Read more about this: https://www.zdnet.com/article/phishing-awareness-training-wears-off-after-a-few-months/?

Does Instagram invade your privacy using camera access?

Does Instagram invade your privacy by camera access?

Last Thursday in the Northern District of California, Brittany Conditi filed a class-action complaint against Instagram and its parent company Facebook for invasion of privacy alleging that Instagram accessed users’ smartphone cameras when not using features that would require camera access, despite the defendants’ representations to the contrary.

Specifically, the party who initiated the lawsuit averred that “Instagram is constantly accessing users’ smartphone camera feature while the app is open and monitors users without permission, i.e., when users are not interacting with Instagram’s camera feature.”

Conditi argued that Instagram has broken its promise with users, as it has no reason to access users’ cameras when they are not using the camera feature.

read more about this: https://www.docketalarm.com/cases/California_Northern_District_Court/3–20-cv-06534/Conditi_v._Instagram_LLC_et_al/1/

Halo and goodbye privacy?

Halo and goodbye privacy?

In August Halo was lanched by Amazon which is a new wearable device to compete with Apple Watch and Fitbit. The Halo device does not only allow customers to track things like exercise and sleep, as most fitness wearables, but can also track emotional changes by listening to the wearer’s tone of voice and can present a 3D body image with a body fat percentage. Also there is an option to upload the collection information to the largest electronic medical record companies which could potentially make it available to physicians. Halo has taken the step of putting control of the collected health data in the hands of the individual, not the company that manufactured the device. Currently, neither Amazon, nor Apple, nor any other retail fitness tracker is required by federal law to maintain any particular privacy standard, so it’s fixed in their terms of service which might change in the future (California residents may benefit, though, from the California Consumer Privacy Act.). Does this open the commerical opportunity for such wearable devices by exploiting the hole in legislation? Will it be available in Europe and how does this relate to the current downfall of the EU-US Privacy Shield and the GDPR?

read more about this: https://www.cnbc.com/2020/08/29/op-ed-amazon-halo-privacy-considerations.html