News

This site uses cookies and similar technologies.

If you do not change browser settings, you agree to it. Learn more

I understand
You are here: News

At RedDrum, we always want to keep people up to date on what’s happening in our world. Whether it’s the latest industry news, innovative new technology being introduced to transform business process management or simply what RedDrum is up to, we feel it’s incredibly important to regularly communicate and engage with our client’s, partners and followers, so they feel just as much a part of the exciting things happening at RedDrum as we do.

Find out the latest from the RedDrum team below, or join us on Facebook, Twitter and Google+ - so you don't miss a thing!   

General Data Protection Regulation

Time Bomb
There is a time bomb ticking away, waiting to explode in May 2018. Whilst the immediate effects of the blast will have no over night effect, the long term consequences for SMEs, in the UK, could be catastrophic. Whilst GDPR primarily deals with data storage, processing etc. It is effectively the first ever piece of legislation, in modern history, that actually regulates how businesses operate. Its predecessor, which instigated the Data Protection Act, was an extremely onerous piece of legislation. However, because there was no real enforcement mechanism, it was almost universally ignored. Those who fell foul of it tended to be Public Authorities or marketing companies. Private businesses, who just went about their normal tasks, selling, providing services or making products, could easily ignore the legislation.

What is going to happen in May?
Well, we will all wake up, in just the same way, on the 26th May, 2018. The sun may even shine. For those that are running any kind of business, and I mean any, from that day forward, they will have to comply with the seven Principles of the GDPR and be able to demonstrate, that they do so. Whilst GDPR is concerned with Personal Identifiable Information (PII), in fact it is obsessed with it, employees have PII that is obviously required (processed) by the businesses that they work for. So, even if a firm operates in a business to business environment, where PII doesn’t feature, it will still have to comply with GDPR because of its employees.

Government Thinking
Now, as we all know, the Public Sector is a complete joke when it comes to operating as a business. It isn’t necessary for them to either obtain clients, provide a service or operate efficiently. In their wisdom, the Whitehall Mandarins think that all SMEs have been preparing for GDPR, with a Department of 5 or 6 people working on the implementation, for the last two years or so. This is because, in the Civil Service, there are thousands of employees and they can afford to work on matters that are not mission critical to their business. In fact, they don’t actually have a business, in the real sense of the word, so it doesn’t really matter, what they do.

SMEs in the UK
The vast, vast majority of SMEs in the UK do not employ people that are not contributing to the operation of the business. I have seen several firms, that have employed more than 100 staff, that haven’t had an HR Manager. The warning bells regarding GDPR have been ringing for a long time, yet they have gone unheard in many SMEs.

What to do, what to do.
Start now. The first thing is, not to panic. The IT industry is fantastic at reaping rewards, in time of crisis. A search in Google for GDPR will result in a whole load of Snake Oil software programs being offered to you. There is no ‘cure all’ software program for GDPR. The same search may even return legal firms, offering solutions. There is no ‘cure all ’legal solution. The solution has to come from within.

Every firm is different, with varying rules, operations, software/hardware deployments etc. Whilst external advice is obviously required, it is fundamental to understand exactly what the current state of play is, in a business, before bringing in outsiders. What is needed is top down management. Establish exactly what business processes are in each Department, in relation to client interaction, data access, storage etc. Collect all existing data notices. Confirm computer usage policies. Are they enforced? Do they exist? Map data storage. All of these things are best done internally, by the persons concerned. Impose strict time limits on any such exercise. Get your Managers to manage.

What advice/help is needed?
This is a difficult one because essentially there are three different areas, where assistance is required. It is possible to find an expert in one field that has no knowledge of the other two. Try to find someone that has an excellent grasp of at least two of the areas. If you do manage to locate a person that is competent and can advise on all three, sign them up for the long term.

GDPR
There are various certification schemes around that indicate competence within the GDPR environment. There is a Registered GDPR Practitioner qualification, various Information Security ones and, of course, Solicitors who have knowledge of the Data Protection Acts. Tread very carefully. Ask lots of questions. It is possible to understand the legal aspects of legislation without having a clue how the world of business or commerce operates. If at all possible, get someone with ‘real’ world experience and don’t pay by the hour. Reach a longer term agreement based on delivery.

IT
Obviously, devising and implementing IT system based controls and a compliant regime is going to be a basic requirement of GDPR. If you have an in house IT Manager, Department or team, they could probably do it, with some advice from a Practitioner that understands IT systems. If you don’t have any in-house staff, work with a partner IT organisation that just fixes things, or even less than that, then you have a major problem. Compliance will be a rocky and expensive road.

Business Process
Essentially, GDPR is all about business process. How do you do what you do? Is it all documented and recorded? Are staff trained in what you do? Do customers know what you do and how you do it? What are the data policies? All of these things will need to be visited with a view to creating polices relating to data, data storage, data access etc. etc. etc. From May 28th on, the customer will be king in relation to their PII. They will be able to view, erase, amend, transfer or stop a business from using it. How will businesses cope with this?

It’s all about the Money
This is the killer. This is why all businesses should start making strenuous efforts to comply. Any breaches of GDPR have to be reported. The maximum fine is €20 Million. If a breach isn’t reported and is subsequently discovered, then the fine will be for both the breach and the failure to report. The Directors of a company are considered to be liable.

Various studies have been undertaken and the consensus is that GDPR is going to be a fantastic money spinner, for the Treasury. It will be a bit like putting speed cameras, at Silverstone, on race day. One study, which bases its predictions on previous offences under the existing legislation, predicts that the Banking sector will face fines of €4.7 Billion, in the three years following implementation of GDPR.

Tesco Bank recently suffered a major security breach, which it is estimated by experts, that had it occurred under GDPR, that they would have been fined €1.9 Billion. Even under the existing legislation, Flybe have just been fined £70,000 for an email marketing campaign, that broke the rules. Fines for what seem to be minor offences, start at around the £50,000 mark. How many firms have not lost a laptop or a phone? God alone knows what the fine will be for such a misdemeanor, in the new world of GDPR.

Advice
If you would like to discuss any aspect of this report, with the RedDrum GDPR team, then please call Paul or Mark on 03333 449797, who would be happy to talk to you. Neither of them will try and sell you any snake oil or magic potions!

Take Five day

Top Three Scams

Remote Access scams - occur when you receive a ‘cold call’ from a person claiming to be from a large computer company, external or internal IT department, or telecommunications company. They attempt to make you believe that your computer is faulty, at risk, or infected in an attempt to gain remote control access to your computer and steal information,  payment, or both.

CEO Payment Spoofing - can take place when fraudsters hack or spoof their emails to take on the identity of a Senior member of a company. Usually the accounts department will receive an egar email requesting to urgently set-up a new payment.

Invoice Scams - happen when a fraudster attempts to send a fake/spoof invoice (usually to a company’s account department) under the identity of a supplier or client requesting you to pay for goods or services, with a request the seems genuine.


Top Scam Protection Tips

Here’s some of the best practise for protecting yourself or your company from fraud and other scams.

Never disclose security details, such as your PIN or full banking password
genuine bank or organisation will never ask you for these in an email, on the phone or in writing.

Don’t be rushed or pressured into making a decision
Under no circumstances would a genuine bank or some other trusted organisation force you to make a financial transaction on the spot

Don’t assume an email or phone call is authentic
Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine.

Stay in control
Have the confidence to refuse unusual requests for personal or financial information.

Listen to your instincts
If something feels wrong then it is usually right to question it. 


Get More Information:

Read the RedDrum series of articles

https://takefive-stopfraud.org.uk/advice/

Take Five day

March 16th is Take Five Day, Take Five is a national campaign that offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud. This includes email deception and phone-based scams as well as online fraud – particularly where criminals impersonate trusted organisations.

Led by Financial Fraud Action UK Ltd. (FFA UK), it is being delivered with and through a range of partners in the UK payments industry, financial services firms, law enforcement agencies, telecommunication providers, commercial, public and third sector.

Banks and other financial service providers are always working hard to ensure they protect their customers – in the UK last year, their innovative systems stopped 70% of attempted fraud from happening.

For the 30% that didn’t get stopped. That cost the nation £755 million.

Clearly, something needs to be done, and we at RedDrum don’t believe this ‘thing’ has to be complicated. In fact, it can be as simple as encouraging people to take a moment to stop and think.

Many people may already know the dos and don’ts of financial fraud - that no-one should ever ask them for their PIN or full password, or ever make them feel pressured into deciding. The trouble is, in the heat of the moment, it’s easy to forget this.

After all, trusting people on their word is something everyone tends to do instinctively. If someone says they’re from your bank or from the police, why wouldn’t you believe them?


Get More Information:

Read the RedDrum series of articles

https://takefive-stopfraud.org.uk/advice/

RedDrum to the rescue

RedDrum engineers have been pleased to assist a leading local food producer, whose systems had been compromised by Russian hackers. Unfortunately, some damage had already been done before RedDrum were involved. Prevention is definitely better (and much less disruptive and expensive!) than cure. See the comprehensive and free RedDrum guide to Cybercrime prevention. https://www.reddrum.co.uk/cyber

Neighbourhood Alert Scam

Even the systems that have been set up to warn of cybercrimes, are themselves subject to attack. The Neighbourhood Alert System, has recently been the subject of a phising attack (phising? see https://www.reddrum.co.uk/cyber/current-cybercrimes-spearphishing). It has been forced to issue an email to all subscribers warning of a phishing attack, purporting to come from the Neighbourhood Alert system. Cybercrime has no limits.

UEFA Women's Champions League final

UEFA Women's Champions League final

RedDrum engineers, in conjunction with their colleagues at Cardiff City FC, are currently preparing the stadium, in accordance with UEFA requirements, for the forthcoming Champion’s League Final, on June 1st, 2017.

This is the second time that RedDrum have had the chance to work at such a prestigious event, following the Super Cup match in 2014, between Real Madrid and Seville. On that occasion, RedDrum were thrilled to receive a message of congratulations, from Oliver Lopez, Events Operations Coordinator, at UEFA.

‘I wanted to say a big thank you for the cooperation and the help you provided us during the entire event, as well as for the preparation.

On our side, all went really smoothly and we had absolutely no complaints from any of the population we provided services to, with no downtime at all.

So I want to pass on the congratulations, as it’s also your success.

Thanks a lot again, and I hope we will work again together some day.

I wish you all the best for your next challenges.’

Of course, RedDrum engineers are well versed in managing sports events, for their clients, with Cardiff City, Newport Gwent Dragons, Newport Rugby RFC and Newport County all entrusting their IT management, support and security, to RedDrum.

Page 1 of 3
Ikaros Solar

WElink

Founded in 2007, the WElink Group is a specialised renewable energy company with extensive experience of solar project development and the design…
Gwyn George Partnership

Gwyn George Partnership

Gwyn George Partnership (GGP) are a well-known Welsh law firm who offer their services throughout Wales, across their four different locations. One…
Caradog Hotel Group

Caradog Hotel Group

Another area of expertise that RedDrum IT has is creating IT business management solutions for hotel groups. Since we began working with Caradog…
Cardiff City Football Club

Cardiff City Football Club

Cardiff City FC is perhaps one of RedDrum’s most well known clients. Certainly, Cardiff City FC is one of the most famous clubs in Wales, but they…
Fraud and Cybercrime

Fraud and Cybercrime

Article 5 - Manage the Threats to your Business Introduction Having worked with and advised many, many clients, across a wide range of Public and…
Fraud and Cybercrime

Fraud and Cybercrime

Article 3 - Current Cybercrimes - SpearPhishingIntroduction In the 1960’s criminals were much more visible. They would dress up in balaclavas, carry…
Dragons Rugby

Dragons Rugby

Although we have no favourite clients, The Dragons are definitely a great organisation to work with. Their belief in what we do, and their…
Fraud and Cybercrime

Fraud and Cybercrime

Article 4 – Current Cybercrimes - RansomwareIntroduction Fortunately, for most of us that live in Western liberal democracies, the threat of being…
Alun Griffiths

Alun Griffiths Contractors

When we started working with Alun Griffiths, one of the largest privately owned civil engineering contractors in the country, we were keen to find…
Fraud and Cybercrime

Fraud and Cybercrime

Article 1 - Required TerminologyIntroductionAccording to Symantec, there were over 1 million web based attacks, against people, per day, in 2015.…
Fraud and Cybercrime

Fraud and Cybercrime

Article 2 - Technical Requirements of a Computer NetworkIntroduction The problem that most businesses face is that they do not have access to…