Yesterday morning, a meeting was held in Brussels between the European Privacy Guarantors with the aim of providing the results of the checks carried out at national level, but above all to decide on the moves to be made. At the Italian level, the task force that had already been set up to verify the information of WhatsApp users by Facebook will most likely be expanded. Recall in this regard that these are two platforms that belong to the same company, but despite this it was found in many cases that the exchange of data between WhatsApp and Facebook had been activated without the explicit consent of those concerned, involving even people who had never signed up to Facebook but had only registered their phone number on WhatsApp. Thus, the usual sore point remains: the lack of awareness of the conditions of use of these tools and the final and intermediate destination of what is poured into them on a daily basis. While waiting for the disbursement of sanctions (the GDPR will be enforceable next May 25) on the European table is already discussing the issue of the criteria to be applied: the prevailing line is to proceed all together, so that it is the European Union to assert its reasons. The only thing that remains to be established is whether the fines should be contested by Great Britain -country where Cambridge Analytica has its headquarters- or by Ireland -where instead Facebook’s European headquarters are located.

According to the declarations of Christopher Wylie, the Cambridge Analytica analyst who disclosed the wrongdoing, Italy would have been the only country to have worked with the British company and that probably a political party may have been favored thanks to the propaganda carried out through Facebook. Faced with such heavy declarations, intelligence and postal police checks were immediately triggered, from which so far at least five fake profiles created to spark debate or send messages on the “hot” topics of the election campaign, especially immigration, have emerged. Making real accusations at the moment is still early because according to analysts these profiles could even have been created to damage the party and further checks will be necessary to establish what kind of influence there has been on users and whether it could have been such as to influence the vote.

Sara Avanzi

Companies that hold and use EU citizens’ personal data must involve most departments in the process and ask themselves some basic questions about how and why personal data is collected and used, while also focusing on the value to their respective business functions. So, preparing for GDPR is not just an IT project, nor is it something that only privacy or security managers are interested in – collaboration will be a cornerstone of compliance. Let’s take a very simple example: marketers will need to work side-by-side with legal departments and IT departments to transparently manage customers’ personal data, and IT teams need to work with legal to review agreements in the supply chain, amending contracts where necessary.

• Leadership Team. These are the first stakeholders called upon; their support is critical as is the appointment of an executive leader for compliance activities. The leader will then lead a dedicated project team that must be accountable to the board and receive instructions from the top. If the business organization is particularly well-rounded, multiple GDPR teams may also be formed, one for each business unit, which will report to the leader.
• Legal Department. There must also be a legal figure who knows the GDPR by heart and is ready to advise the rest of the company throughout the preparatory process. The attorney or legal team will then be involved in practical compliance activities, for example reviewing legal agreements with third parties, especially if the company has owner-processor relationships.
• IT and software development. The IT department’s contribution is critical to the success of GDPR implementation: IT teams are charged, for example, with access controls to personal data and with “ensuring on an ongoing basis the confidentiality, integrity, availability and resilience of processing systems and services.”
• Product Management. These are the owners of the products that are used to collect the data, i.e., the software. The functionality of their programs must be balanced with requirements such as security and privacy. Product management personnel become increasingly relevant as GDPR compliance is projected on a long-term perspective.
• GDPR brings with it many changes that affect organizations’ marketing activities, especially in the area of digital marketing. There will be a need to review and update the privacy policies of websites. Companies also need to make sure that consent management is adequate and working in all markets. When it comes to marketing automation and CRM, organizations need to make sure tool and service providers are GDPR compliant and have data usage rights. To achieve this, companies need to train employees and make them aware of the implications GDPR will have on their operations, especially in the case of organizations with global marketing teams.
• Cybersecurity. The IT security manager clearly has one of the most important roles in preparing for GDPR. The Chief Information Security Officer (CISO) is the top-level decision maker for cyber security and has a pivotal function in protecting the enterprise from attacks that result in data loss. The CISO and the entire Information Security team should be deeply involved in shaping GDPR plans, given their centrality to some of the regulatory changes in data breaches and data privacy.

In this rather rich picture, it is to be expected that a small to medium-sized business will not have qualified personnel in-house in all the areas called upon to be GDPR compliant. Depending on what the company’s mission is, it may not have legal or IT directly in-house and therefore will have to outsource compliance to external consultants. So don’t be surprised if you have to opt for the services offered by external professionals, even better if they are teams specifically created to achieve the required compliance.

To be continued…

Sara Avanzi

Let’s be even clearer: this whole being compliant thing shouldn’t scare off small business owners who will have to implement a proportionally smaller set of measures than a large company (thank goodness!). So it makes sense for small business owners to follow the Know-Intervene-Maintain-Try rule.

• Know: means they should be clear about the principles of the GDPR and where their company (and their processing) stands with respect to GDPR requirements.
• Intervene: means to implement the necessary actions, in relation to their own situation. A first and basic activity to be done will be to adjust the privacy policy according to the principles of the new regulation and, not least, to do a minimum of training to their employees on the rules of the GDPR and the company procedures to be compliant.
• Maintain: as mentioned earlier, the GDPR requires more than just fulfilling bureaucratic burdens (drafting new documents, etc.), it requires protecting the data being processed. So in addition to “preaching well,” it will be necessary to “rocket just as well”: owners will need to ensure that procedures are followed and that any new business developments are designed from the outset in compliance with the GDPR. A simple example: our small business hires a new employee; whatever his or her job description he or she will need to be made aware of the rules to be followed and the tools to do so right away.
• Prove: it means that the owner (including the small one) at any time it is necessary will have to be able to document that he/she has followed the above rules and that he/she is processing other people’s personal data in compliance with the new regulation.

Sara Avanzi

Most organizations have implemented comprehensive cyber security and data protection technical measures, but there is no shortage of new breaches day in and day out to the detriment of millions of users. Increasingly “sophisticated” attacks are being carried out by hackers who have learned to evade even the most daring defense systems. It’s no exaggeration to think that every organization must operate under the assumption that its IT infrastructure is constantly under attack and has potentially already been compromised in a variety of ways. Not to mention that the timeframe for breach notification under the GDPR is just 72 hours according to a well-established practice. Therefore, it is necessary for organizations to have technology solutions that can provide visibility across the entire network to detect and identify the extent of a compromise and enable a quick and effective response. It is essential that organizations continue to invest in threat prediction and prevention, including focusing on acquiring advanced 24/7 incident detection and response capabilities.

By equipping yourself with the right people, processes and technology controls, you can best protect your business from accidental or malicious data breaches. By implementing a remediation roadmap and protecting all personal data, you can reduce the likelihood and potential negative effects of a data breach. The penalties for not complying with the GDPR are well known, but it’s still not very clear that a data breach has far-reaching consequences in the form of revenue shrinkage, image damage, reduced productivity, and so on.

In all of this picture, one thing you need to be well aware of is that cyber security is moving at breakneck speed to keep up with hackers who are constantly developing new tactics to breach defenses. Cyber security is essentially about predicting and preventing breaches, detecting those that do occur and reacting intelligently to minimize their impact. In concrete terms, it’s about combining human skills with dedicated software, elements that go to improve each other: behind every attack there is a person and for this reason even at the base of the defense you need people able to thinklike a hacker would, reactto situations the way technology can’t, and educateautomated technology to make it smarter and smarter.

Sara Avanzi

The latest news that comes from the smart world concerns one of the basic services associated with the house, delight but then cross of its users: we are talking about the heating system, which these periods makes us breathe a sigh of relief when we cross the threshold of the house … but will instead have a breathtaking effect in a few weeks with the arrival of the bill. To introduce in our country the novelty in question is Nest: American startup founded in 2010 and acquired after four years by Google for more than three billion dollars. In the last six years, Nest has reached 190 countries around the world with its solutions, and its main markets are 10, in addition to the United States. The product presented by Nest is a real thermostat with an elegant design and obviously connected to the Internet in addition to the boiler: thanks to the presence of sensors, this thermostat has the ability to receive day after day movements and habits associated with the ideal temperature of the tenants of the house, in addition to weather conditions learned in digital format. The processing of all this information allows the device to program itself, calibrating more efficiently the moment of switching on and off the boiler or air conditioning system. And we could not miss the ability to “monitor” the operation of the thermostat remotely via app! It is estimated that the reduction of consumption through the application of this device can even reach 20% (with variations that depend on the characteristics of the house).

Not only thermostats. Nest is also presenting itself to the Italian public with two other smart products: indoor and outdoor cameras. Also associated with remote control, they allow you to have an eye – high definition – constantly pointed at your home and have the ability to launch alarms/notifications in case of particular problems as well as being equipped with night vision and microphone and speaker. The recordings from these cameras allow you to go back in time up to 30 days.

However, the Nest Protect smoke and carbon monoxide detector, which sends voice alerts and notifications to your smartphone in the event of a problem, is not yet available.

Aesthetically similar to its predecessors, with the unmistakable red and gray colors, the interface of the new FRITZ!Box 7560 model is characterized by a port for the analog phone, 4 gigabit LAN ports and a USB 2.0 socket (on the side) thanks to which it will be possible to connect hard disks, printers and other network devices. There is also a DSL socket in addition to the power supply. As with the 7490 model, the latest addition features WiFi AC and N support, dual band frequency as well as PBX, VoIP telephony, voicemail and fax functions, Dect support for up to 6 phones, 3G/4G dongle to take advantage of the home phone connection. In terms of performance, the new FRITZ!Box 7560 is capable of transmitting data over the home network with fast wireless LAN on both 5 GHz and 2.4 GHz frequencies simultaneously. Smartphones and tablets equipped with Wireless AC technology can take advantage of transfer speeds of up to 866 Mbit/s on the 5 GHz band; for the 2.4 GHz band, there are three antennas that guarantee speeds of up to 450 Mbit/s throughout the coverage area.

The 7560 model also features the classic FRITZ!OS, an operating system with parental control function, firewall, guest network access, VPN and which also allows remote management via smartphone app.

However, a premise is in order: currently the Windows 10 operating system (and previously Windows 8, 7, Vista and XP) has a preinstalled antivirus program called Windows Defender. Questo antivirus entra in funzione fin dal primo avvio di Windows 10 proteggendo il computer da possibili minacce e aggiornandosi automaticamente grazie a Windows Update. The question that arises is whether this antivirus is enough to protect your PC. Despite the fact that Microsoft’s antivirus has definitely improved over the years, it is still to be considered as a basic protection for users who daily use the internet very little and only to visit safe and authoritative sites. For those who use the computer for more than one task, namely downloading programs or visiting sites that are not entirely safe (for example those that offer free streaming), we also recommend installing another antivirus.

Below is a ranking compiled by PCMagon a sample of 46 antivirus software (free antivirus is not included in this sample). From this sample, ten antivirus software were found to have the highest standards of effectiveness and to have several features such as the ability to scan -scheduled or on-demand- files in order to counteract malware access. PCMag’s analysis is based on tests conducted by five laboratories and their reports: Virus Bulletin, Simon Edwards Labs, AV-Test Institute, MRG-Effitas and AV-Comparatives. PCMag itself, however, wanted to independently test the products in question while referring to the results of the labs just mentioned.

1. McAfee AntiVirus Plus (2017)
2. Webroot SecureAnywhere AntiVirus
3. Bitdefender Antivirus Plus 2017
4. Symantec Norton AntiVirus Basic
5. Kaspersky Anti-Virus (2017)
6. Avast Pro Antivirus 2016
7. Emsisoft Anti-Malware 11.0
8. ESET NOD32 Antivirus 10
9. F-Secure Anti-Virus (2017)
10. Trend Micro Antivirus+ Security (2017)

We are pleased to note that this top ten also includes two products well known to the staff of IT solution, namely the antivirus protection provided by the Russian Kaspersky Lab (which even obtains the highest scores if we consider only the tests conducted by independent laboratories) and the American ESET which has demonstrated to have a very performing product especially in terms of compatibility and good functioning of the operating systems present in the computers.

Cybersecurity firm Karspersky Lab helps us better understand this phenomenon by analyzing trends over the past year. A first worrying fact is represented by the increase in the last quarter of the year of online financial crimes compared to the corresponding period of 2015: the holidays were particularly attractive to cyber criminals since more users make online purchases at this time of year. Karspersky Lab’s survey found a 22.49% increase in users attacked compared to 2015 with a peak recorded on Cyber Monday (Nov. 28). In this regard, Karspersky Lab’s experts advise you to keep an eye on your accounts if you have used credit cards to make online purchases in the mentioned period: usually cyber criminals do not start withdrawing money from stolen cards immediately after the theft but wait for several weeks or even months before collecting.

Another rather alarming aspect of the survey conducted is that more than half (52%) of the affected users failed to regain their stolen money or, at best, only recovered a portion of it. However, this figure is susceptible to fluctuation because a large proportion of victims do not report these scams. The average value of these attacks is $476, but with peaks on the considered sample quite high, even over $5,000 (one in 10 respondents). Among victims of online financial crimes, 81% said they conduct financial transactions online and 44% store transactions pertaining to their finances on their devices.

Cyber criminals have much to rub their hands on: the ground on which to launch their attacks is very fertile taking into account that of all people surveyed only 60% protect their devices with security solutions. The question then arises as to why delicate operations such as money transactions are not taken care of? Many users have justified this with the belief that the money lost is later refunded…by whom? In fact, almost half of the respondents believe they can get a refund from the bank. The reality is quite different and brings us back to the alarming figure of 52% of users who have been victims of online financial crimes and have not seen their money returned.

Ok don’t take the refund issue lightly, but how is it possible to solve the problem upstream? Cyber criminals are constantly looking for new ways to scam Internet users and they do it through malware, phishing or other means: you can fight them with ad-hoc software dedicated to protect user identity and sensitive data from the hands of cyber criminals. Karspersky Lab itself reminds us that among the functionalities of its products it is possible to find “Safe Money”, a technological suite for financial security aimed at protecting financial operations carried out online by users. An added value as well as a confirmation for the Russian company that strengthens its leading position in the field of IT security (results certified by numerous independent tests).

Smau Padua: 30-31 March;

Smau Bologna: June 8-9;

Smau Berlin: June 15 (international event);

Smau Milano: 25-25-26 October (international event);

Smau Napoli 14-15 dicembre.

Contextually to the announcement of the 2017 stages, the CALL4STARTUP has been opened: Smau gives the opportunity to a selection of startups, spin-offs and innovative realities to participate in the exhibition for free by putting up for grabs exhibition spaces and pre-prepared stands with customized graphics, just answer the following criteria:

• to be promoters of a b2b product or service;
• be a promoter of a market-ready product or service;
• innovative content of the promoted product or service.

The opportunities offered by Smau do not end here: the selected startups will also have the opportunity to present their ideas to an audience of venture capitalists, entrepreneurs, institutions and managers, make 90-second pitches and participate in the networking moment that will be held at the end of the event to promote knowledge between demand and supply of innovation. In addition, the three most promising ideas will receive the “Lamarck Prize” with the opportunity to participate for free in the international edition in Berlin.