Category: General

For BusinessGeneral

GoodSync GDPR Compliance Progress Statement

on April 30, 2018

Introduction

In 2016, the EU adopted General Data Protection Regulation (“GDPR”). The GDPR is now recognized as law across the EU. GDPR enforcement begins on 25th May 2018.

Our Commitment

Siber Systems Inc. (‘we’ or ‘us’ or ‘our’) are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding both personal and business product lines of our GoodSync product family, related technical services and supporting programs (e.g., payment processing/license management and online technical support portal) to meet the demands of the GDPR.

GDPR Compliance Completion Checklist

We have identified that the only technical item remaining to be implemented for full compliance with GDPR is the gathering of the consent from European users prior to collecting, transferring and storing their data on a server in the United States of America. We are committed to being in full compliance with GDPR by the May 25 deadline.

Information Audit

We have identified that we DO NOT store any sensitive personal data as it is defined by GDPR. We only store the minimum of non-sensitive personal data that is required to conduct business (e.g., perform sufficient authentication within the product or to process a payment).

We have identified what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed, as well as GDPR compliance of downstream data processors.

How We are Preparing for the GDPR

Siber Systems Inc. already have a consistent level of data protection and security across our organization, however it is our aim to be fully compliant with the GDPR by 25th May 2018. Our preparations include but are not limited to:

  • Revising policies & procedures
  • Training employees
  • Revising of privacy polices
  • Obtaining user consent in DGPR-compliance manner
  • Revising direct marketing procedures
  • Performing data protection impact assessments for each of the products and services
  • Obtaining Processor Agreements with downstream processors (e. Payment Processing)
  • Assuring rights of data subjects to obtain a copy of personal data, to correct that data and to request deletion of certain types of data.
  • Introduction of GDPR-specific e-mail contact address: gdpr@siber.com

Please contact us if you have any questions or concerns about the rights of you or your employees. You can respond to this email or contact us at gdpr@siber.com .

 

 

Data BackupFor BusinessGeneral

The 411 on Ransomware

on July 17, 2017

In light of last month’s cyberattack that originated in and quickly spread ransomware across several countries including the United States, you may be wondering – what exactly is ransomware, what’s the likelihood you’ll be affected, and how can it be prevented?

What is Ransomware?

Ransomware is an increasingly popular form of malicious cryptography that infiltrates computer systems, encrypts as much data as possible, and keeps it as a hostage until the victim pays the demanded ransom for the decryption password. The ransom is most often demanded in the form of a digital currency known as “Bitcoin.”

How does it spread?

The attack typically manifests through email phishing campaigns. Once the victim clicks on the link or opens the attachment, the computer becomes infected, encrypting or “locking” the victim out of their files. According to Malwarebytes, roughly 60% of malware payloads in Q1 2017 were ransomware. Other forms of ransomware, however, can travel between computers without user interaction. The “WannaCry” attack being a prime example.

NotPetya, the name given to the ransomware strain first detected in Ukraine, affected computers by using vulnerabilities in the NSA hacking tool known as EternalBlue. By entering Windows-operated machines with unpatched security, the malicious software stole passwords in an attempt to gain administrator access over the entire network. Forced updates then led to mass infection and the encryption of hard drives. It’s worthwhile to note, however, that researchers and academics are now saying the attack was most likely engineered to damage IT systems rather than extort funds.

Who does it affect?

Ransomware affects individuals, as well as companies and organizations – big and small. According to Cybersecurity Ventures, they predict the cost of ransomware damage this year to exceed $5 billion, up from $325 million in 2015.

Since the majority of ransomware occurs through phishing email attacks, perpetrators count on three things:

  1. Action – you’ll click on the link or download the attachment (either out of curiosity or unintentionally). One wrong click is all it takes
  2. Poor cyber hygiene – lack of measures including email authentication, intrusion prevention software, and web browser protection.
  3. Lack of backups – failure to regularly and routinely backup data, especially business-critical data or highly sensitive personal/customer oriented data.

What can I do?

  1. Backup, backup, backup. Ensure you don’t lose valuable data (and potentially customers) by having to choose between satisfying the demands of your attackers or losing your data forever…or in some cases – both. You can back up critical data using a service such as GoodSync Connect File Transfer Protocol (GSTP) which allows for your backup to go over an encrypted secure channel that ransomware attacks cannot infect, ensuring your backups are secure from even the most advanced ransomware of today. Remember to make sure your mission-critical data is always backed up outside of the ransomware proven infection range. Do not rely on the system security to prevent these attacks; we all seen those fail time and time again. Modern data backup strategy must be flexible enough to mitigate all risks listed below. Such a strategy must include multiple copies of mission-critical data made on geographically dispersed storage mediums, as well as a variety of automation options to match the specifics of each given destination. Below is a table which summarizes suggested backup strategies based on the most likely causes of data loss in today’s dynamic environment.GS_ransomware
  2. Establish a business continuity plan in an effort to successfully recognize, advert, and minimize risks.
  3. Ensure your security software is up-to-date. Click here to see PC Magazine’s top 2017 recommendations.
  4. Educate yourself, your employees, and your colleagues on safe online practices. With the increase of BYOD work environments, it’s important to mitigate risk through clear policies and protocols, particularly when it comes to the creation and use of passwords. Password Managers such as RoboForm help remove the burden and greatly increase security for both individuals and businesses.

Regardless of motive, ransomware is a real and active threat and it does not discriminate. As 2017 progresses, ransomware will undoubtedly evolve, presenting new variants and tactics.  Whether as an individual, business, or organization, ensure you’re taking the proper precautions, removing the incentive for cybercriminals and mitigating losses. And remember, GoodSync allows businesses to completely customize a backup strategy for each given environment by combining the world’s most advanced data backup options with the variety of backup destinations in an easy to use interface. By combining multiple data backup destination options with flexible automation modes, GoodSync can mitigate the entire spectrum of data loss threats, including ransomware.

 

1 2