Expert(s):
Data Privacy Consultantfeature_status*/ ?>
Bridewell Consulting

Comments Dotted : 3
April 02, 2020

Industry Leaders And Cybersecurity Experts Insight On Marriott International Data Breach
Technical defence is still paramount, and in particular, regular penetration testing is vital.
With the sheer volume of data breaches in recent time, we’re at risk of becoming numb to the danger these attacks pose. All organisations, including Marriott International, must take steps to protect their systems and ultimately customer data. This means taking basic steps such as putting in place regular security assessments, a strong patching and password policy, and enforcement of multi-factor authentication on every public facing system. These are not silver bullets but can go a long way.....Read More
With the sheer volume of data breaches in recent time, we’re at risk of becoming numb to the danger these attacks pose. All organisations, including Marriott International, must take steps to protect their systems and ultimately customer data. This means taking basic steps such as putting in place regular security assessments, a strong patching and password policy, and enforcement of multi-factor authentication on every public facing system. These are not silver bullets but can go a long way to improving security. Technical defence is still paramount, and in particular, regular penetration testing is vital. But it is also just as important to test employee awareness. Employees will always be the weakest link but with the right education can be an organisation’s biggest asset in terms of defence. Such employee awareness training can also be measured by regular phishing or red team assessments.  Read Less
February 21, 2020

Personal Details Of 10.6M MGM Hotel Guests Posted On A Hacking Forum – Cybersecurity Experts React
Such employee awareness training can also be measured by regular phishing or red team assessments.
We are in danger of becoming numb to data breaches, due to the frequency and scale they are being reported. All organizations must take steps to protect their systems and ultimately customer data. This means taking basic steps such as putting in place regular security assessments, a strong patching and password policy, and enforcement of multi-factor authentication on every public-facing system. These are not silver bullets but can go a long way to improving security. At this stage, it’s not .....Read More
We are in danger of becoming numb to data breaches, due to the frequency and scale they are being reported. All organizations must take steps to protect their systems and ultimately customer data. This means taking basic steps such as putting in place regular security assessments, a strong patching and password policy, and enforcement of multi-factor authentication on every public-facing system. These are not silver bullets but can go a long way to improving security. At this stage, it’s not clear how the hacker managed to gain access to MGM’s cloud server. However, technical defense is still paramount, and in particular, regular penetration testing is vital. It’s also just as important to test employee awareness. Employees will always be the weakest link but with the right education can be an organization’s biggest asset in terms of defense. Such employee awareness training can also be measured by regular phishing or red team assessments.  Read Less
January 09, 2020

Response Comment: Travelex Foreign Currency Website STILL Down After 4 Days Following Cyber Attack
Travelex has certain obligations as a controller under Data Protection legislation.
Following the Travelex ransomware attack, the company made the decision to take down its website, yet customers have not been directly informed if their personal data has been compromised. There are also conflicting reports on whether customer data has been lost. Travelex has certain obligations as a controller under Data Protection legislation. One of which is to report personal data breaches to the supervisory authority. It is important, however, to ascertain to whom the data belongs.....Read More
Following the Travelex ransomware attack, the company made the decision to take down its website, yet customers have not been directly informed if their personal data has been compromised. There are also conflicting reports on whether customer data has been lost. Travelex has certain obligations as a controller under Data Protection legislation. One of which is to report personal data breaches to the supervisory authority. It is important, however, to ascertain to whom the data belongs and where it is being processed, so as to determine the jurisdiction. It may be that the breach is covered by the General Data Protection Regulation (GDPR); if so, Travelex will need to assess if the breach needs to be reported to the supervisory authority and do so within 72 hours but also to the National Cyber Security Centre (NCSC). Travelex must also evaluate the likelihood of the breach resulting in a high risk to the rights and freedoms of the customers and inform them without “undue delay”. When assessing a risk to the rights and freedoms, it is important to focus on the potential negative consequences for the individual. This must be based on how serious or substantial they are and how likely they are to happen. Helpfully, when reporting a personal data breach to the UK’s regulator, the Information Commissioner’s Office (ICO), they will offer advice about whether the individuals involved need to be informed. There have also been reports that Travelex was recently warned about vulnerabilities in its virtual private network (VPN) servers. This may also have implications for the company as the GDPR imposes other obligations to implement appropriate technical and operational measures to ensure a level of security appropriate to the risk. This will include such things as regular penetration tests to check for such vulnerabilities.  Read Less