Category: Insight

Net-Zero Building Certification  is a credential that identifies structures which have attained parity between the amount of energy they use and how much renewable energy they produce in twelve months’ time.

This guide will outline step by step what you need to know about obtaining and maintaining your own net-zero building certification.

 

Analyze Your Building’s Energy Performance

To get a certification for net-zero building, it is important that you evaluate how your building uses energy at present. To do this:

Initially, conduct an entire energy audit. This entails studying bills, examining systems and gauging energy flows.

During the audit, find out where power is wasted. Examples are; insulation that is not done well enough, air passing through gaps in the walls, outdated light bulbs among others.

You should also match the results of your study with what is required for certification. This will highlight areas that need better energy efficiency from you.

Make sure that the targets which you set in accordance with findings of audits are clear and measurable as well as based on requirements for certifications only. They must be both realistic and challenging.

This phase is very important in understanding the energy profile of your building and planning for it. 

 

Design a Strategy for Energy Efficiency

To create an effective energy efficiency strategy for your net-zero building, concentrate on four main areas:

 

1. Use Technologies That Save Energy – Replace inefficient appliances, lights and equipment with those that are energy efficient. Fixtures or controls should be installed so as to optimize the use of energy through lighting.

 

2. Improve Building Envelope – This can be achieved by enhancing insulation, sealing off air leaks and installing high-performance windows that reduce loss of heat to the outer environment.

 

3. Incorporate Renewable Sources of Energy – You may consider setting up solar panels, wind turbines or even geothermal systems onsite which will provide clean power for all your building needs.

 

4. Building Operations – Implement energy-saving practices such as adjusting HVAC schedules, promoting energy-conscious behavior, and regular equipment maintenance. Ensure building systems operate at peak efficiency.

The key is a multi-pronged approach targeting energy-intensive areas. A holistic strategy addressing all these aspects will maximize energy savings and progress towards net-zero.

 

Navigate the Certification Process

The certification process is the most important step after implementation of energy-saving measures and it requires some key steps that should be well prepared and paid attention to in detail.

 

Choose the right Certification Body

Research on different programs for certifying net-zero buildings then evaluate them so as to find one that best suits your type of construction, location and specific objectives. Some of the things you can consider include the reputation of the program, what it requires from applicants as well as cost implications associated with getting accredited under such a scheme.

 

Prepare Necessary Documentation

Gather and organize all the documentation required by the certification body, such as energy audits, building plans, energy data, and proof of implemented efficiency measures. Ensure they are complete and accurate.

 

Submit Your Application

After obtaining every required document, complete application forms provided by relevant authorities then send them back along with necessary attachments plus applicable charges within set time frames indicated in their guidelines.

 

Address Feedback and Adjust

Expect some inquiries or even demands for more clarifications from those who review applications for certifications. Whenever faced with such a situation, do necessary corrections either on structures of your establishment itself or supporting documents until everything meets required standards for awarding this status.

 

The key is to know these conditions well before starting anything else. Prepare adequately including making an application promptly while responding positively where necessary based on available information during each stage towards successful completion of the procedure.

 

Monitor and Maintain Certification

Obtaining net-zero certification is just the first step – consistent monitoring and adjustments are necessary to maintain that status. You need to:

 

• Set Up Continuous Monitoring – Establish a system for continuous monitoring of your building’s energy performance to ensure it meets the net-zero standards.

 

• Adjust Building Operations – Regularly adjust building operations based on monitoring data to optimize energy efficiency and maintain net-zero performance.

 

• Conduct Regular Audits – Conduct regular energy audits to identify any areas for improvement and ensure your building remains compliant with the certification standards.

 

• Renew Certification – Most net-zero building certifications require periodic renewal, typically every few years. Be sure to follow the renewal process and provide the necessary documentation.

 

Leverage Your Net-Zero Building Certification

Exhibit your commitment to sustainability in promotional activities. More so than just polishing up a corporate image, this puts others under pressure.

Involve tenants, staff and stakeholders in the process. Educate them about ways of saving energy and celebrate achievements together. To remain at net-zero levels calls for a combined endeavor which calls for appreciating each other’s efforts.

Certifications are great assets for attracting green lessees or investors. Point out energy-saving measures and state-of-the-art technology used in the building.

You might want to consider sharing what you have learned during this sustainable journey with others within this industry because there could be still room left for more adoption of such practices. Tell your own story at different conferences through case studies or networking sessions – it can really change things up!

You didn’t work hard just to earn that certification then let everything else go down the drain. Use this opportunity wisely so as benefits can accrue not only to buildings but also stakeholders as well as the environment surrounding us because when promoted efficiently will have significant results in hand.

 

Address Challenges and Obstacles

Expect to have difficulties in getting net-zero certification due to financial limitations or getting stakeholders involved. Here’s how:

 

1.Overcome Financial Barriers – it is expensive to adopt strategies for achieving net-zero therefore seek alternative methods of funding such as incentives and rebates which can help offset initial costs.

 

2. Technical Hurdles – solve all the technical problems that may arise during the certification process like incorporating renewable energy sources into the system or optimizing building services.

 

3. Stakeholder Involvement – at every stage make sure there is buy-in from stakeholders by explaining benefits and addressing their concerns too.

 

4. Changing Regulations – always stay updated with changes in codes, standards or regulations governing construction industry then adjust your approach accordingly so as not lose track with compliance requirements.

With these steps one can get through gaining and keeping net zero building certifications thus showing commitment towards environmentalism within constructed areas.

 

Conclusion

However as you set off on this path towards a greener future, do not forget that keeping your Building Passport current is not just about checking boxes. It is an act of sustainable stewardship which involves continuous improvement.

Keep engaging team members, refreshing tactics used while being mindful about how well the structure functions overall. Let challenges be spring boards for greater achievement so that pride may accompany each new visa stamp.

Because in reality, every little stride counts towards saving our planet!

The post How Tech Can Help you Obtain a Building Passport: Net-Zero Building Certification Guide first appeared on IT Security Guru.

The post How Tech Can Help you Obtain a Building Passport: Net-Zero Building Certification Guide appeared first on IT Security Guru.

As more of our personal data is collected online, privacy concerns have increased. With a few clicks, we share intimate details about ourselves. However, most people are unaware of how widely their data spreads. Behind the scenes is an entire industry of data brokers that profits off of our digital footprints. Data brokers are businesses or individuals who collect and sell people’s personal information, including phone details and browsing behavior. In this post, we will look at how data brokers operate and some critical steps we can take to protect our personal information better.

Data Collection

Data brokers obtain data from many public and commercial sources. They can easily collect information through websites and applications without your knowledge by paying app developers to include SDKs (software development kits) inside their apps. 

Various permissions granted to apps, like access to contacts or location, can then be recorded by the data broker’s SDKs. They can also directly pay app owners to get the information without having to install the software kits. 

Another way of gathering information is through public records, such as voter registration, birth certificates, marriage licenses, census data, and divorce records. The Internet is also a rich source of information. Data brokers can collect personal details from things like the posts someone has made or interacted with on social platforms, quizzes they’ve completed online, contests they’ve entered virtually, or websites they’ve browsed.

Data Usage

Some main ways customer data is used include targeting online ads based on purchase history to make ads more relevant. Data brokers can tell advertisers what brands a person has bought and when they may need more, allowing timed ads. 

Customer data is also used for fraud detection, such as checking loan applications against background information from data brokers. This helps lenders validate information such as income and debts listed. 

Loan and insurance companies buy data to see a person’s debts, loans, payments, income, job history, and assets. People search sites also rely on information from data brokers to display names, addresses, ages, and other details when people search for someone. 

Privacy Protection

There are many ways of protecting your privacy online. 

1.Data Removal Services

Many reliable services can help in removing your information from data broker websites.  They scan the web for your information on sites like data brokers and search engines and then submit requests to have the data removed.

Make sure you choose the right service provider and go through user comments. Reliable companies like DeleteMe are backed by real testimonies; you can check DeleteMe reviews here.

2.Data Sharing and Data Privacy Tools 

You should also limit what you share online. Only share the minimum amount of information necessary, and avoid sharing sensitive information like address and phone number. You can also take advantage of tools like VPNs and secure browsers. A VPN hides your IP address and encrypts your connection, preventing internet tracking, which brokers rely on. Secure browsers block trackers and fingerprints, so your activity isn’t linked to you.

3.Digital Footprint and Fine Print

Consider deleting unused apps and online apps. Be conscious of privacy settings on devices, apps, and social media profiles, and ensure they are adjusted to maximum privacy. Be wary of agreeing to privacy policies or terms of service without thoroughly reading them, especially the fine print. 

Endnote

While data brokers operate largely unseen, their impact on our digital lives is immense. Navigating today’s digital landscape requires vigilance. By staying informed and taking some precautions, we can navigate the digital landscape with greater confidence and control.

 

The post Data Brokers: What They Are and How to Safeguard Your Privacy first appeared on IT Security Guru.

The post Data Brokers: What They Are and How to Safeguard Your Privacy appeared first on IT Security Guru.

On this World Password Day, we should all pause and think about how we can adopt passkeys. Passkeys represent a significant industry shift in identity security, moving away from traditional credentials of usernames and passwords to a more secure “no knowledge” approach to authentication that is a vastly better user experience. As a form of passwordless authentication, passkeys aim to eliminate the inherent risk factors of traditional credentials.

 

Why not go further than “thinking and reading about passkeys?” Try passkeys! Here are the steps to set up a passkey in the Google Chrome browser on a Windows 11 laptop that is already enabled with Windows Hello Face Recognition:

 

Log on to your Google Account at myaccount.google.com using Chrome browser.

 

• On the left side of the window, click on Security.
• Under the “How you sign in to Google” section, click on Passkeys.
• Click the “Create a Passkey” button.
• Follow the prompts to verify your identity and “Save your Passkey”.
• Set the option to skip passwords when possible, in your security settings.
• Test your passkey by signing out and signing in again.

 

Passkeys can be created on these devices:

• A computer that runs Windows 10 or 11, macOS Ventura+, or ChromeOS 120
• A mobile device that runs at least iOS 16 or Android 9
• A modern browser such as Chrome v123.0 or Edge v123.0
• A hardware security key that supports the FIDO2 protocol (optional)

 

And remember, any use of biometrics and biometric data for fingerprint or face unlock remains on your device and is never shared with Google (in this example) or any website that accepts passkey.

 

In the spirit of World Password Day, now let’s delve into better password hygiene and password management practices. First, it’s time to do away with weak and reused passwords. Use complex passwords with>16 random characters or passphrases unique for every login. Since that can be onerous, using a password manager is optimal. Password managers can auto-generate and securely vault complex passwords. Plus, with a password manager, there is only one password you’ll have to remember: the one for your vault.

 

Passwords alone are woefully insufficient; you should always use multi-factor authentication (MFA). By combining multiple factors of authentication, you verify that the use of your credentials is really YOU. MFA is still considered a significant (albeit not a complete) deterrent for hackers attempting account takeover.

 

The post World Password Day 2024: Try Passkeys! first appeared on IT Security Guru.

The post World Password Day 2024: Try Passkeys! appeared first on IT Security Guru.

Search giant Google is currently undergoing one of its biggest algorithm updates in its history, sources are told.

The online search platform which manages more than 8 billion searches per day is doing a significant update to its internal systems which will impact how search queries will be shown, with attention to parasite websites, improved quality rankings and spam policies.

The core update as it is known has been processed for around 2 months, starting on 5th March 2024 and ending officially on 5th May 2024, which is shown on the Google Status Dashboard.

 

Why Does Google Update its Algorithms?

The search company typically updates their search algorithm every couple of months to increase the quality of search results for their users looking for products, services, information and everything in between. From checking the weather, to finding a nearby plumber or to answer questions and queries, Google remains the go to place for online search requests and is the search engine with the largest market share in most parts of the world.

Certain algorithm updates address particularly search issues, including mobile quality, site speed, trust and authority (E-E-A-T), spam and general quality. The updates are used to constantly improve the quality of search results on the web and those companies and websites that appear.

In many respects, Google uses algorithm updates to massively remove the poor quality, which is often manipulated by SEO (search engine optimisation) professionals using alternative and often unsavory techniques. 

In this particular core update from March 2024 to May 2024, Google speak about reducing spam and how the impact of this update should reduce overall spam by 40% across all their searches. Here is an excerpt from their blog announcement below:

 

 

What Google is Addressing in This Update?

Scaled Content

The use of AI and ChatGPT has made the process of writing and scaling content extremely fast for website owners. For those that used to spend months or years creating individual and unique content can now produce this in just a matter of hours. 

For Google this is creating a dramatic surge in new pages and websites to index, faster than Google can often process. But in this update, Google is trying to decipher between content that is unique and original with those that is AI generated, again rewarding those that have taken time to write something unique and not scaled their websites with poor quality using AI.

 

Site Reputation

Google thrives to reward companies with the most quality content that is created by legitimate authors and reputable individuals and websites.

This includes the use of third party content whereby tough-to-rank industries such as casinos and payday loans use trusted news or authoritative third party sites to produce long articles for the sake of gaming the rankings. This low quality content should thus be removed or majorly de-valued in the upcoming core update.

Additional authority measures may include having legitimate authors on guides and posts, dates it was created and clear references – to show trust and value to users. Websites in highly competitive industries such as health and finance that do not uphold these standards may find themselves on the wrong side of the algorithm update and suffering huge losses in rankings and traffic.

 

Expired Domain Abuse

The practice of purchasing old domain names for the sake of redirecting them to pass on search value is something that Google is addressing in this update.

Their blog explains that this process can mislead users into thinking that the content is part of an older website or brand which may not be the case – and is only used to pass on ranking value. In this update, using expired domains may now be considered as spam.

The algorithm update concludes on 5th May 2024 with dramatic shifts in search positions expected in the run up to this core update.

The post Google’s Core Update is ‘Biggest’ Algorithm Update in History first appeared on IT Security Guru.

The post Google’s Core Update is ‘Biggest’ Algorithm Update in History appeared first on IT Security Guru.

Running a business in today’s competitive landscape can be tough, especially if you want to expand internationally. Doing it alone can be overwhelming, which is why companies like Flyfish can be invaluable. They specialize in corporate payroll solutions and offer a range of financial solutions to support your growth. Choosing this service means gaining access to various financial automation tools designed to simplify your operations. 

From streamlining payroll processes to managing international transactions, Flyfish offers a comprehensive suite of services that have the potential to meet the needs of your enterprise. This company has a team of experts committed to understanding your unique business requirements and providing solutions that drive efficiency and success. With the help of this corporate payroll services provider, you can focus on growing your business and achieving your goals. Read this review to learn more about this company’s tools and features.

Forget About Long Signups

One common frustration with financial management platforms is the never-ending forms you have to fill out. Some are so cumbersome that people give up halfway through and seek alternatives. But with Flyfish, you won’t encounter this hassle. This corporate payroll service values your time and understands the importance of a quick and painless signup process.

The company streamlines the signup process by only asking for essential information in a concise form. As long as the details you provide are accurate, you’ll swiftly gain access to their range of services, including corporate payroll solutions. This essentially means that users do not need to worry about things like unnecessary paperwork. Needless to say, you will get access to the corporate payroll solutions soon after signing up and will be able to utilize them for your business needs in no time. 

Cutting Edge Features for your Enterprise

Don’t settle for just a corporate IBAN account when it comes to managing your business finances. While it’s undoubtedly beneficial, there’s more to consider, especially when it comes to payroll management. Flyfish is a corporate payroll services provider that understands this need and offers comprehensive solutions to meet your requirements.

What sets this company apart is its integration of multiple features into one platform, simplifying your experience. No more jumping between different platforms, which can be a hassle. Their platform is not only well-developed but also highly intuitive, with the latest security measures in place to keep your transactions and information secure. When you sign up with Flyfish, you can rest assured that your transactions are safe and your data is protected. Moreover, their dedicated team continuously works on enhancing features and security measures, ensuring you receive nothing but the best service. So, take advantage of the advanced features offered by this financial management service and streamline your payroll management with ease and peace of mind.

Plenty of Personalized Solutions on Offer

Opting for a corporate payroll solutions provider like Flyfish opens up a world of personalized financial services. One of the primary benefits you’ll immediately notice is access to their online IBAN account. These accounts are indispensable for ensuring timely payments. Besides this account, the corporate payroll provider also has a trained team of financial experts, ready to offer prompt and valuable support in navigating financial transactions. This personalized assistance is particularly beneficial for newcomers to the business scene, providing the guidance needed to navigate the complexities of finance.

It is also worth mentioning that Flyfish’s IBAN accounts offer top-notch security, allowing users to conduct transactions securely both locally and internationally. This flexibility empowers you to expand your operations, seamlessly transfer funds to clients and employees and accept payments in various currencies Needless to say, this company’s personalized financial solutions pave the way for smooth and secure transactions, regardless of your business’s size or industry.

Precise Financial and Payroll Management

Achieving precision in financial management is where Flyfish truly shines. Surprisingly, many businesses still rely on manual processes for these crucial tasks, mistakenly believing it’s the best approach. However, manual methods often introduce unnecessary complexity and can lead to significant losses. That’s where automation steps in, and this company excels in facilitating this transition. Whether you’re seeking payroll management solutions or automated solutions to take care of your finances, Flyfish has you covered. With their expertise, you can bid farewell to concerns about things like employee benefits, salary payments and whatnot.

By embracing automation with Flyfish, you’ll ensure that all financial tasks are executed promptly and accurately, freeing up valuable resources for other essential aspects of your business operations. By choosing this company’s corporate payroll solutions, you can say goodbye to manual headaches and hello to streamlined financial management with precision.

Final Thoughts

To wrap up this Flyfish review, it’s clear that this company provides essential services to streamline payroll management for businesses. Their solutions are straightforward to implement, and once integrated, you’ll witness a significant boost in your enterprise’s overall efficiency. 

 

The post Flyfish Review – How Reliable are this Company’s Payroll Management Solutions? first appeared on IT Security Guru.

The post Flyfish Review – How Reliable are this Company’s Payroll Management Solutions? appeared first on IT Security Guru.

Generative AI (GenAI) is a top player changing the internet’s landscape. Infiltrating various markets, it presents new and enhanced risks to this landscape. At the same time, the possibilities enamor many people. 

However, that doesn’t mean just as many don’t remain wary of it. One of the primary markets touched by the evolving GenAI is cybersecurity. 

Cybersecurity Threats from Generative AI

Cybersecurity has long been one of the most important aspects to pay attention to. Stay informed about the many risks, especially regarding the information about you that’s available online. Start by protecting yourself by removing your information from the internet.

Still, with GenAI, there are increased threats to consider. GenAI is able to create more sophisticated cyberattacks. The risks might not be new, but they’re enhanced:

• Malware Attacks: Generative AI can create more sophisticated malware attacks. Since the software can process information at lightning speed, it can evaluate a site. It then creates malware that escapes the conventional detection methods and targets specific weaknesses.
• Data Breaches: The base of AI is that it collects information online to generate content. Unsurprisingly, hackers can use it to illegally collect confidential information, like financial and personal data.
• Phishing Attacks: AI aims to make it sound as human as possible. As such, it can perfectly generate bulk phishing content. It targets hundreds to thousands of people with unique messages and fake content. GenAI creates convincing images, so it can even create phony product listings for scams.

The Evolving Cybersecurity Landscape

With the evolution of GenAI, cybersecurity measures must also adapt to keep up. GenAI is even becoming prevalent in software development, so implementing protective measures is essential. Companies enforcing employee awareness training take the first step to protecting critical data. Another crucial step is improving the security framework. 

The Zero Trust Framework is a significant combatant against AI. It requires human input each time you access accounts. Technological solutions, like Risk-Adaptive Protection and Data Loss Prevention, are also essential. 

The Future of Cybersecurity and AI

The thing about Generative AI is just as hackers can use it, so can companies. The cybersecurity market is estimated to be worth around $182.84 billion in 2024, and GenAI plays a significant part in boosting it. Implementing it as part of your cybersecurity means it can analyze patterns and implement effective measures against attacks.

Proactive threat detection is one of GenAI’s primary benefits. Companies no longer have to react to data breaches, scams, and hacks. Instead, it stops the attack attempt in its tracks before it gets the chance to damage your servers.

It can generate complex and unique passwords and boost your encryption software. GenAI never sleeps, so it can constantly guard your system and servers against cybercriminals. For that reason, it’s also an ultimate defense tool.

Preparing for the Evolving Threat Landscape

Generative AI isn’t good or bad; it’s all about how an individual or company uses it. Yes, there are enhanced risks in the cybersecurity landscape due to it. However, it’s also the company’s top way of implementing a better defense against cybercriminals. 

Keep an eye on the latest AI and cybersecurity developments. You’re able to leverage this technology to benefit your company if you know the latest threat.

 

The post What Lies Ahead for Cybersecurity in the Era of Generative AI? first appeared on IT Security Guru.

The post What Lies Ahead for Cybersecurity in the Era of Generative AI? appeared first on IT Security Guru.

The Digital Operational Resilience Act (Regulation (EU) 2022/2554) was born from a realisation that businesses, particularly those in financial services, rely increasingly on Information and Communications Technology (ICT) and digital means to operate. The result of this digitalisation is predominantly to bring speed, ease of use and innovative services to customers, yet it also introduces the risk of cyber attacks or incidents that could lead to data breaches, downtime and financial losses. Any disruption to financial services in turn has a knock-on effect to other businesses, potentially negatively impacting whole economies.

The introduction of DORA marks a pivotal advancement in EU financial regulation, addressing a significant gap in operational risk management. Prior to DORA, financial institutions primarily relied on compliance-driven capital allocation to prove they were mitigating operational risks, but this alone did not prove a suitable level of operational resilience.

However, with the implementation of DORA, stringent guidelines will be enforced that mandate the establishment of robust protection, detection, containment, recovery and repair mechanisms against ICT-related incidents. DORA explicitly addresses ICT risk, delineating regulations concerning ICT risk management, incident reporting, operational resilience testing and monitoring of ICT third-party risks. Recognising the potential of ICT incidents and operational vulnerabilities to undermine the stability of the entire financial system, DORA emphasises the necessity of comprehensive risk management beyond traditional capital adequacy measures.

DORA takes effect in January 2025. It applies to banks, investment firms, insurance companies, payment service providers and any other organisation engaged in financial services. DORA requires organisations to adhere to specific guidelines for safeguarding, detection, containment, recovery and repair capabilities in response to ICT related threats and incidents.

How can organisations of all sizes effectively strengthen their security posture and set a foundation for complying with DORA?

Start With PAM

Privileged Access Management (PAM) is the discipline in which people, processes and technology are combined to give organisations visibility over who is accessing which critical systems, accounts or administrative functions, and what they are doing while they’re there. By choosing a PAM solution that thoroughly considers the four main pillars of DORA, organisations can not only get ahead of compliance, but protect themselves more effectively.

ICT Risk Management

DORA requires a robust risk-management framework, meaning organisations must create a strategy based on risk tolerance, addressing the identification and prevention of risks and demonstrating the capability to respond to risks. One way that organisations can take more control over their ICT risk management is by identifying and preventing risks with dark web monitoring which can highlight threats to the organisation and act as an early warning system. Dark web monitoring scans employees’ saved passwords or PAM vaults for passwords that have been exposed on the dark web, immediately alerting users and administrators to any actions required to protect the organisation.

Digital Operation Resilience Testing

DORA highlights the importance of assessing the resilience of third-party ICT service providers. Therefore, look for technology partners that operate world-class security, such as a zero-knowledge and zero-trust architecture. For security partners in particular, choose ones that can demonstrate that they conduct extensive internal and external testing, including penetration testing – and ensure they’re transparent with vulnerability reporting.  

Management of Third-Party ICT Service Providers

DORA requires financial entities to assess the resilience of their third-party ICT service providers and ensure compliance with DORA requirements. Organisations must monitor technology providers’ risk throughout the relationship. Look for partners that meet critical standards like SOC 2 compliance and ISO 27001 certification, plus industry or regional-specific standards like GDPR, HIPAA or PCI-DSS.

Reporting

As with many compliance regulations, DORA mandates companies use a standardised methodology for incident reporting and classification. A PAM solution that supports customised reporting and integration with other cybersecurity technologies, like a third party SIEM solution, will help ensure alignment with any preferred reporting methodology. Be sure the organisation admins are able to monitor and report the access permissions of privileged accounts across the entire organisation.

By viewing DORA compliance through a privileged access management lens, organisations will ultimately be able to prove oversight over who has access to what sensitive data and systems, with visibility into what they do while logged in to them. This will help them meet a majority of the requirements put forth by the new regulations and equip organisations to better identify, respond to, report on and prevent risks – now and into the future. 

 

The post Tackling DORA Compliance With a Focus on PAM first appeared on IT Security Guru.

The post Tackling DORA Compliance With a Focus on PAM appeared first on IT Security Guru.

Anyone who spends time online these days will either interact directly with deepfakes or come across discussions about them – as they are fast becoming an urgent matter for people to understand and lawmakers to control.

While photo-editing and video-editing software has been around for many years now, advancements in AI (artificial intelligence) technology can manipulate face-swap images to make them look more real than ever using machine learning.

Named for the ‘deep learning’ technologies and ‘fake’ images they produce, deepfakes can be photos, videos, or audio recordings that reproduce someone’s visual and/or verbal likeness, manipulating it to appear as though they are saying or doing something that never really happened.

As the technology improves and the digital alterations become less obvious to the untrained eye, it’s important for people to understand the problems these synthetic images can cause and the potential legal consequences. 

 

Why are deepfakes bad?

While deepfake technology isn’t all bad, as it can be used for entertainment or educational purposes, it can also be implemented maliciously to spread misinformation or to use someone’s image in certain ways without their consent.

With deepfake content often going viral online, the damage is usually done before the content can be identified as fake and taken down, which can mislead millions of people and damage the reputations of those whose images are digitally altered.

Misinformation about politicians or celebrities, or misrepresentations of their image, can be harmful to the individuals on a personal level and to society on a wider level, as believable deepfakes can cause extreme controversies.

Not only can deepfakes be used to create ‘fake news’ or ‘cyberbully’ individuals online, but one of the largest concerns about the way this technology is being used is the creation of non-consensual explicit images – or ‘deepfake pornography’.

The generation of non-consensual pornography that superimposes the face of one person – whether they’re a public figure or not – onto the body of another person engaging in sexual acts is becoming a big problem for online platforms.

 

Are deepfakes against the law?

With so much concern over how this technology might be misused and ongoing conversations about the ethics of creating deepfakes, you may be wondering: are deepfakes illegal?

While deepfakes in general are not against the law and the technology is widely available, the ways they are used and the specific content of the deepfake images may be illegal under different UK laws.

For example, deepfakes can impersonate someone’s face or voice for fraudulent purposes, such as defamation or blackmail, which is especially worrying for public figures like celebrities and politicians. 

In these cases, the person whose image is being used may be able to take those producing and circulating the deepfakes to court on charges relating to privacy or data protection infringement, or libel/slander. 

Additionally, deepfake pornography has now been criminalised in the UK under the Online Safety Act (2023). So, when it comes to AI-generated pornography using the likeness of real people, non-consensual explicit deepfakes are always illegal in the UK.

This means it will be easier for anyone who generates and shares such content to be prosecuted and potentially face prison time, even if they didn’t realise that non-consensual ‘deepfake porn’ is now against the law in the UK.

The post What is a Deepfake? first appeared on IT Security Guru.

The post What is a Deepfake? appeared first on IT Security Guru.

Recently 23andMe, the popular DNA testing service, made a startling admission: hackers had gained unauthorised access to the personal data of 6.9 million users, specifically their ‘DNA Relatives’ data.

This kind of high-profile breach made headlines globally, and naturally highlights the need for stringent security measures when handling organisational data – especially the type of sensitive genetic information that 23andMe is responsible for. Further, although the hacker appears to have to use a tactic known as credential stuffing to access 23andMe’s customer accounts, it does pose wider questions to organisations, IT managers and security experts about the security measures that are used more generally to keep organisational and consumer data safe from threat actors? With a key question for many organisations today surrounding that of where and how they host their data – especially when you consider 23andMe’s data has reportedly been stored solely on cloud servers?

Mark Grindey, CEO, Zeus Cloud explains that one way that organisations can mitigate similar risks is by implementing on-premises and hybrid cloud solutions. He covers how these technologies can play a vital role in safeguarding organisational data – such as 23andMe’s important genetic data – and shares insights about the key steps organisations can take to be more secure.

Achieving direct control of data

In 23andMe’s case, its compromised ‘DNA Relatives’ data holds immense value and is extremely sensitive. This is because it enables individuals to connect with potential relatives based on shared genetic information.  However, this kind of valuable data often becomes a target for cybercriminals, who are seeking to exploit it for various purposes: including identity theft, fraud, and other nefarious activities. Therefore, to protect this type of information, organisations need to implement robust security measures that ensure the confidentiality, integrity, and availability of the data.

 On-premises solutions enables part of this protection to take place effectively and involves hosting data and applications within an organisation’s own physical infrastructure. This approach gives organisations direct control over their data and allows them to implement rigorous security protocols. For instance, by keeping genetic data on-site, an organisation like 23andMe is able to secure it behind multiple layers of firewalls and intrusion detection systems, reducing the risk of external breaches. Additionally, access to this data can be restricted to authorised personnel only, minimising the potential for internal data leaks.

Another school of thought that is worth considering, for many organisations, is to use hybrid cloud solutions. This approach combines the advantages of on-premises and cloud-based services. Organisations can use public or private clouds appropriately to store non-sensitive data while keeping sensitive information – like genetic information in 23andMe’s case – on-premises. This method provides organisations the flexibility to scale resources and accommodate fluctuating user demand, while still maintaining strict data control. When set up and configured correctly – using encrypted connections and robust authentication mechanisms – hybrid cloud solutions ensure that secure data transmission between the on-premises and cloud environments takes place.

Steps Towards Preventing Data Breaches

While implementing on-premises and hybrid cloud solutions can significantly reduce the risk of data breaches and unauthorised access to data, there are several other crucial steps and techniques that organisations can take and make use of to secure and protect data from breaches.

Obvious as it may seem to many in the industry, today it is vital to encrypt data during the storage and transmission thereof. This renders compromised data meaningless to unauthorised users, even if threat actors manage to gain access to it. Implementing multi-factor authentication is vital too. It strengthens access controls and adds an extra layer of security. Users trying to access data should, effectively, be required to provide multiple forms of verification, such as passwords, biometrics, or smart cards to access their data genetic data. In 23andMe’s case, while they do offer this approach to their users, perhaps the use thereof should be made to be mandatory given their recent breach?

Aside from this, it is recommended that organisations conduct frequent security audits to identify vulnerabilities and ensure compliance with industry standards and best practices. This involves testing the effectiveness of security protocols and promptly addressing any discrepancies.

Finally, no robust security framework is complete without equipping employees with proper training and awareness about their responsibilities towards securing data and protecting it. Regular security awareness programmes help staff understand their roles and responsibilities in protecting data.

Even though 23andMe claims that it exceeds industry data protection standards and has achieved three different ISO certifications to demonstrate the strength of its security program, and that it actively routinely monitors and audits its systems, an incident like this, along with the PR and media attention that it has gained, will undoubtedly have caused its team to evaluate all of its security parameters including the further training of its team in order to ensure this doesn’t occur in future.

Conclusion

23andMe’s recent data breach serves as a wake-up call for organisations handling data, especially sensitive genetic information provided by consumers. This kind of incident will have naturally caused it to reconsider its security policies and approach towards securing organisational and customer data. Today, as other organisations consider their approach towards security and protecting data, many will review where and how their data is stored, managed and accessed.

This is especially true of banks, telcos, insurance companies and many other kinds of firms. On-premises and hybrid cloud solutions provide powerful and effective options here too. They enable organisations to fortify their security measures and protect against potential data breaches.

The combination of direct control over data provided, along with tools and tactics like encryption, multi-factor authentication, security audits, and employee training creates a comprehensive defence against unauthorised access of organisational data. All of which the likes of 23andMe, along with many other organisations, will be considering and prioritising as they strive to adopt more robust security measures that ensure the privacy and integrity of organisational, and consumer, data.

The post 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies first appeared on IT Security Guru.

The post 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies appeared first on IT Security Guru.