Data Protection – Everybody’s Business

Posted on November 10, 2011 by

All company directors have a responsibility for protecting information the company holds about their clients and their own personnel.  IT security has become an essential element of business operations and one in which your IT service provider needs to be involved!

This is why Motherboard teamed up with VigiTrust to organise a special seminar at the end of October.  Held under the auspices of the Ireland France Chamber of Commerce, the seminar was sponsored by two great names in IT security software – Sophos and Renaissance.

Speakers James Lyne (Sophos), Billy Hawkes (Data Protection Commissioner), Mathieu Gorge (VigiTrust) and Eoin Scott (Motherboard) with Cliona McGowan (IFCC)

The seminar was addressed by Mathieu Gorge (Chief Executive VigiTrust), Eoin Scott (Corporate Director Motherboard) and by James Lyne (Senior Technologist for Sophos) who flew in from London specially for the occasion.

Data Protection Commissioner Billy Hawkes addresses the seminar

The keynote speaker was Billy Hawkes (the Irish Data Protection Commissioner) and it is to his presentation that this blog will refer.  His main message to the gathering of over 60 company representatives was clear – the EU Charter of Fundemental Rights (in Article Eight) states that the protection of personal data is a right and everyone has the right to control the use of his/her personal data.
There are of course consequential obligations on the persons who control or process the data to ensure that these personal rights are respected.

It is worth noting the Data Protection Rules outlined by Billy Hawkes

  • Fair obtaining and processing (including getting consent)
  • Obtaining for specified purpose (only!)
  • No disclosure (unless this is compatible with the consent)
  • Hold data safe and secure
  • Keep it accurate and up-to-date
  • Ensure it is relevant and not excessive
  • Have a clear retention period
  • Allow right of access to person it concerns
  • Do not use for unsolicited direct marketing

Billy Hawkes stressed that unsolicited marketing by electronic means is a criminal offence.  The code of practice on data protection, breach notification guidance and data security guidance are all clearly displayed on www.dataprotection.ie .

Eoin Scott (Motherboard) exchanges views with Billy Hawkes

And if you are one of the companies outsourcing to the cloud, you must understand that ultimately you can outsource responsiblity for data security to the cloud provider but you cannot outsource your own accountability for your data.

There will be futher draft laws in 2012 (driven by work being done in the European Union) and these new laws will most likely be implemented in 2015.  The focus of these new laws (according to the EU VP responsible in this area Viviane Reding) will be on requirements to enhance legal certainty in the area of data protection.

Likely to be included are:

  • Mandatory requirements to report data security breaches
  • A ‘Right to be Forgotten’ where individuals can demand deletion
  • Fuller accountability for data transferred to third countries and for the right to privacy (Privacy Impact Assessments)
  • Better enforcement of these laws across wider jurisdictions

It is worth noting here also that Company Directors can be personally accountable for any compliance failures, or if they fail to adequately exercise ‘duty of care’.  And while many companies will point to insurance cover in this area, that cover only pays your legal representation and will not cover prosecution!

For further information on this seminar, please go to www.motherboard.ie/news.html .
If you want to talk about your data protection obligations, feel free to give me a call.

Posted in General Information | Tagged , , , , , , , , | Leave a comment

Open access to the internet for your employees – Bad for Business?

Posted on August 29, 2011 by

Can you really trust your employees with open access to the Internet, when it can
threaten your company’s web security?  While some employees are disciplined and can exhibit self-control, others can have little willpower and can take advantage of un-monitored Internet access in the workplace.

Statistics shared with me by our Internet and Web Security partners MX Sweep show that more than 75% of people have accidentally visited a pornographic website while at work. Surprisingly, 15% of people have actually visited those sites more than 10 times.

Accidental or not, visiting such sites during working time is a practice that most employers will want to discourage, because they pose a huge risk to their web security.

50% of your staff surf the web for personal purposes!

Along with these findings, it was also found that 50% of employees spend 10% of their
working time surfing the web for personal reasons. That’s 10% of your money
paying for their personal Internet viewing. One CEO of a major international company
had to settle out of court when it was discovered that all his Internet
activity at work was directed at pornographic websites.

While a more relaxed approach to Internet access at work does promote a better atmosphere, most managers would argue that social networking websites and IM chatting at work doesn’t matter as long as the work is done and delivered. But sometimes unrestricted web access can have an impact on web security!

With cyber criminals now taking advantage of social networks to spread viruses, the debate on content filtering in the workplace has heated up.

Try to ensure you keep employee trust while content filtering

It is known that complete bans and censorship can have a negative impact on employee morale, so you need to tread carefully when you are considering a content filtering policy for your company’s web security.

The ideal solution - a flexible content management system

The ideal solution is a flexible content filtering system that can have specific controls on various types of content, and when they can be accessed.  This will permit you to put a complete block on malicious pornography websites while at the same time allowing IM’s on secure networks to proceed and also allowing access to social media at designated break times.

For further information on flexible content filtering please don’t hesitate to give me a call.  Between Motherboard and MX Sweep we would be delighted to give you any information and advice in this regard.

Posted in IT Support Services | Leave a comment

Things may not be as gloomy as you think!

Posted on November 10, 2010 by

Interesting video produced for IBEC by Cool Avenue:

Some Highlights from the Video:

•     There are 960 Foreign Companies based here including:

•     8 of the Top 10 Pharmaceutical Companies

•     15 of the Top 25 Medical Devices Companies

•     8 of the Top 10 Technology Companies

•     Total US Investment in Ireland is greater than Brazil, Russia India & China Combined

•     We are the 4th Largest Exporter of Beef in the World

•     We make 15% of the World’s Infant Formula

•     10 of the World’s Top Selling Drugs are made here

•     We are 2nd Largest Exporter of Medical Devices in Europe

•     Half of the World’s Fleet Aircraft are Managed from Ireland

•     And we’re 1st for the Availability of Skilled Labour

So, yes, things are difficult and we are looking at a nasty budget! But that doesn’t mean that the fundementals are not sound! If we had focussed on these strenghts rather than on fuelling domestic construction maybe we would now be better off! Hindsight is a wonderful thing!

Posted in General Information | Leave a comment

Malware still a Big Problem in emails

Posted on October 28, 2010 by

We are still finding a huge amount of email attempts to introduce malware to our clients’ systems.  The usual culprits are still there, with false DHL and UPS delivery emails asking people to open links that will probably bring malware into their systems.

So the continuing Motherboard advice remains: If you didn’t specifically request the mail, and the sender is not known to you – then don’t open it.  If it looks to good to be true – it probably is too good to be true!

Recent false request not actually from AIB

Even the old favourite – ‘your’ Bank requesting your details because they’ve ‘upgraded their security solution’ is still doing the rounds.  On the right you will see a screen grab of one that we recently received. Remember the advice of your bank: They will never ever ask you to send them your login/password details in an email – so don’t do it!

Posted in IT Related Material | 2 Comments

Building Information Modelling (BIM) replaces Computer Aided Design (CAD)

Posted on October 21, 2010 by

Interesting to note yesterday that there has been an interesting step change in the way companies use ICT for the design and build of various structures today.

Almost unnoticed in Ireland, most first-world countries have now switched from the older CAD process to the latest process known as BIM – or Building Information Modelling!  In the US, over 50% of design/build projects are said to be carried out using BIM.

Traditional CAD was known to focus on the production of drawings, was very much 2 dimensional and suffered from problems when trying to ensure multi-programme coordination.

Typical display of BIM Modelling

BIM changes the whole game by introducing a process for developing design and construction documentation, virtual building analysis, programming and costing information.  It is a digital represention of the physical characteristics of a facility or infrastructure.

BIM is dramatically changing the way the construction industry works around the world – but in Ireland we are way behind the rest of the first-world countries.  Instead of embracing the new process, those that should be ensuring that it is being rolled out with architectural practices and structural engineers are still only talking about whether it might be a good idea or not!

Given that it reduces hugely the waste associated with a design/build project under the old CAD process, and given that it also will reduce the time taken on a project because it allows all stakeholders to plan and understand their inputs in advance, it should be aggressively promoted with associated training and incentives.  And yet there is none of that in evidence as yet.

Motherboard is proud to be a member of the Construction IT Alliance (CITA Ireland) Enterprise Innovation Network, which is campaigning for the introduction of promotions and incentives to get Irish firms to implement BIM in their construction projects.

When you consider that BIM should bring something like a 58% Return on Investment in 12 months, it is really a no-brainer to get BIM if you have anything to do with the design or build in the construction industry.

Talk to Motherboard if you would like more information on this subject – we try to help!

Posted in IT Related Material | Leave a comment

Disaster Recovery – Don’t Believe You Have IT Covered!

Posted on October 13, 2010 by

Any company that has suffered loss of their premises and IT infrastructure due to fire or flooding (for example) will no doubt think that the loss of the premises is the most costly loss – at least at first.  But premises are insured and, in the grand scheme of things, relatively easily replaced.   The unfortunate truth is that too many companies learn only when it’s too late that if they lose their IT systems and data – and can’t get them back – the company can be permanently lost too!

 

It is '70s technology you know!

 

Many organisations believe themselves to be protected from disaster by tape or online back-up – believing one of these processes to be enough to allow recovery of their systems.  However, it is not often realised that both tape and online back-up systems usually only back-up the raw data, not the full system information.  They also take many hours or days to run and they are dependent on being restored to the same hardware.  If you ask any IT specialist whether it is easy to accomplish a full restore from such back-ups, he or she will quickly tell you that this is a situation they would never wish to encounter!  It is really very difficult, very time consuming, and very costly.

Appropriate disaster prevention measures are vital for the survival of any organisation. It is surprising how few organisations actually test their IT disaster recovery policies.  Just about every organisation has at some stage performed a fire drill for their people and their premises – but not for their IT infrastructure.  One of the main reasons given is that the ‘fire drill’ is difficult, complex and takes a very long time to run from data backups.  But it is worth thinking about the fact that if it is too difficult in a test situation, it could be a major problem in a real emergency!

 

Run a fire-drill before you have the 'fire'

 

For those of you who have an interest in Disaster Recovery, the best suggestion that can be made is to run that ‘fire drill’ as soon as possible.  If you can get back up and running in even a few hours, with minimal data loss –congratulations.  You have a robust IT disaster recovery plan.  If not, then it may be time for a new plan!

There are a number of companies in the Irish IT space that specialise in DR solutions – and some even offer a managed solution providing all the DR cover you may need.  Don’t waste time and perhaps suffer the ultimate fate.  Talk to them now!

Posted in Disaster Recovery | Leave a comment

Disaster Recovery – Prevention is Better than Cure!

Posted on October 8, 2010 by

Many of us take for granted the information that appears on our computer screens at the touch of a button – and most of the time we can count on our computers to faithfully produce that information day-in and day-out without any problems.

Great when they are working!

We all host more and more of our information electronically rather than on paper.  Such electronic data can include databases of member details, accounting systems with up-to the-minute receipts and payments information, and of course all of our financial information.

In many companies associated with what is normally termed the ‘professional’ sectors (such as accountants, insurance brokers, solicitors, architects and so on) where there are strict rules relating to professional and ethical conduct, there is an increasing pressure on companies to meet compliance requirements.  You are expected to have a robust method of protecting electronic data, and if you don’t do so this may raise the question of liability in relation to any data lost in the case of an IT disaster. Thankfully, most of the time we can count on our computers to faithfully produce this information at a touch of a keyboard.  But sometimes we can’t!  From time to time our server crashes or our desktop suddenly goes blank – and that disaster scenario rears its ugly head!

Where is my work gone?

What do we do if our IT systems die? How long can we afford to be without these systems? How much data can we really afford to lose? What happens if a lot of your data is irretrievable?

For the continuation of this blog, see my second post ‘Don’t Believe You Have It Covered!’

Posted in Disaster Recovery | Leave a comment