Organisations around the world designate October as Cybersecurity Awareness Month to help people understand security issues in a real and practical way. Every day this month, PrivCom will update this page with more resources on cybersecurity and how it supports privacy. Check back here or on our social media pages each and every day of October!
October 1: Not only is today the first day of Cybersecurity Awareness Month 2020, but it is also election day here in Bermuda! No matter who you vote for, privacy is a critical element to our democracy, enabling it to function through secret ballots and freedoms of assembly.
Earlier this year, the Office of the Information and Privacy Commissioner for Newfoundland and Labrador released a white paper analyzing issues related to modern voting machines and methods. You can read more here: "Internet Voting – Privacy and Security Risks".
October 2: Don't take the bait! In Bermuda, we know a lot about fishing - but in cybersecurity, you have to worry about "phishing". Phishing is when someone sends you a phony email, text message, or phone call, trying to trick you into providing information.
People joke now about how emails that claim to be from foreign royalty are filled with typos and errors - but in recent times, fraudsters very accurately imitate a company asking for your password or other details. To learn more about phishing, and especially how COVID-19 details are being used to trick people, see this guidance from the European Union Agency for Cybersecurity (ENISA)
October 3: We shop online more and more; do you know how to do so safely? The US-based National Cyber Security Alliance has developed these tips for Online Shopping.
October 4: Does cybersecurity for you and your family feel too complicated? The UK's National Cyber Security Centre has 6 "Top Tips" in their Cyber Aware guidance that will help you know where to start.
October 5: Someone's having a Monday, so we'll be focusing on cybersecurity for employees and businesses. This week we'll link to guidance for self-employed individuals, small- and medium-sized businesses, and large organisations.
Today's link: Since so many of us have been working from home, the Bermuda Cybersecurity Governance Board's guidance and tips from earlier this year will give you an overview of solutions for remote work.
October 6: Small- and medium-sized businesses often do not have personnel dedicated to cybersecurity issues. The UK's National Cyber Security Centre has created a five-step Small Business Guide to explain what to do first for cybersecurity.
October 7: For large organisations, the UK's National Cyber Security Centre also has a board toolkit and guidance on risk management and cloud security.
Bonus! Check out Walker's free PIPA series, starting today, with sessions on Oct. 7th, 14th, 21st, 28th, Nov. 4, and Nov. 10th (when Commissioner White will participate).
October 8: We are all using mobile devices more and more, especially for work. The European Union Agency for Cybersecurity (ENISA) created this tip sheet for businesses with employees using mobile devices.
October 9: "Young people are better at cybersecurity..." "New devices are automatically secure..." "My general liability insurance will cover that..." Do you believe any of these cybersecurity myths? The US-based National Cyber Security Alliance busts common misconceptions among small- and medium-sized businesses.
October 10: One of the most common things criminals will do now is to lock you out of your own computer using "Ransomware." The US-based National Cyber Security Alliance created this tip sheet to explain what ransomware is and how to avoid it.
October 11: One of the best ways to prepare yourself for a ransomware attack is to make sure you have back-ups of your files - that way you can restore them without having to pay up. But what is the best way to perform a back-up?
The US-based National Cyber Security Alliance has step-by-step instructions for Windows and Apple, and details on whether to use physical devices or online storage.
October 12: Would you know what to do if an account was hacked? The UK's National Cyber Security Centre suggests 8 steps to take to once you realise you have an issue, including changing passwords, notifying friends and family, and potentially involving the police.
October 13: What makes a good password? The US-based National Cyber Security Alliance advises that a password should actually be a "passphrase." The length of the phrase means a computer is unable to simply try random combinations to crack your code.
October 14: What makes a bad password? This blog post from the UK's National Cyber Security Centre explains that, among other factors, if it is a common or obvious word or used on multiple sites, a password is likely to be guessed or leaked.
October 15: Yesterday, the Bermuda Business Development Agency began its 2020 Virtual Tech Summit. The event is free to attend, and you can watch a recording of Commissioner White speaking on privacy and innovation as part of the "In Demand Sessions." For more details on the session and how to view it, see our blog post: "Commissioner White to Speak at 2020 Bermuda Tech Summit."
October 16: It's Friday, and for a lot of people, that makes it Game Night. Here are some tips for online gamers to keeps things fun - and safe, from the US-based National Cyber Security Alliance's "Stop. Think. Connect." awareness campaign.
October 17: Parents and caregivers may struggle to explain privacy issues to children. Here are some key points to use to raise "privacy-savvy kids," from the US-based National Cyber Security Alliance's "Stop. Think. Connect." awareness campaign.
October 18: Scammers often target seniors, trying to use new technology to confuse. The US-based National Cyber Security Alliance created these online safety tips for seniors to help you feel more confident in saying "No" to that suspicious message.
October 19: We use more "smart" or "always on" devices in our homes - do you know how to use them safely? The UK's National Cyber Security Centre suggests three steps to take with internet-connected cameras.
October 20: The "Internet of Things" includes all the internet-connected devices you use - even cars, refrigerators, or light bulbs. See these tips on how to manage these devices from the US' Cybersecurity & Infrastructure Agency (CISA).
October 21: Join us from 5:00-6:00pm for a discussion of privacy and cybersecurity, moderated by Commissioner White: "Two Sides of the Same Coin? Exploring the Intersection Between Security and Privacy."
October 22: Join us from 1:00-4:00pm today when Commissioner White and a panel from Deloitte Bermuda discuss the latest in cybersecurity and privacy, hosted by the Association of Chartered Certified Accountants (ACCA). To learn more or register, follow this link.
October 23: Would you like a recommendation for a free cybersecurity tool? How about 26 free tools? The US-based National Cyber Security Alliance put together a list of free online security check-ups and tools that you can use to test for computer viruses and spyware.
October 24: Do you know what cyber insurance covers? And, does not cover? The UK National Cyber Security Centre created this guide with considerations about cyber insurance.
October 25: How do you describe online security in three easy steps? The US Consumer Financial Protection Bureau says lock up, beware red flags, and share with care!
October 26: We’ve talked about passwords, but what does it mean to have multi-factor login? This guide from Canada's Get Cyber Safe explains.
October 27: Why is it important to protect your phone number, and how do you do so? See tips in this blog from the US-based National Cyber Security Alliance.
October 28: Want to keep getting tips after October is over? The US-based National Cyber Security Alliance has a monthly newsletter. (PS: Be sure to read their privacy notice!)
October 29: Ripped from today’s headlines! Bermuda Police Service offer tips on how to tell if a message is authentic.
October 30: We've learned a lot this month. Are you familiar with all of the European Union Agency for Cybersecurity (ENISA)'s top threats for 2020?
Happy Cybersecurity Awareness Month!
To reach out to the Office of the Privacy Commissioner, please visit our Contact Us page.
Press Background:
Rights and responsibilities relating to data privacy are set out in the Personal Information Protection Act 2016 (PIPA). Bermuda's PIPA received Royal Assent on 27 July 2016. Sections relating to the appointment of the Privacy Commissioner were enacted on 2 December 2016, including the creation of the Office as well as those duties and powers relevant to its operation in the period leading up to the implementation of the whole Act. The Commissioner works to facilitate the advancement of consequential amendments to other Acts in order to harmonise them with PIPA.
The Office of the Privacy Commissioner for Bermuda (PrivCom) is an independent supervisory authority established in accordance with the Personal Information Protection Act 2016 (PIPA).
The mandate of the Privacy Commissioner is to regulate the use of personal information by organisations in a manner which recognizes both the need to protect the rights of individuals in relation to their personal information and the need for organisations to use personal information for legitimate purposes, among other duties.
The Privacy Commissioner's powers and responsibilities include monitoring the processing of personal information by both private- and public-sector organisations, investigating compliance with PIPA, issue guidance and recommendations, liaise with other enforcement agencies, and advise on policies and legislation that affect privacy. PrivCom's mission is also to raise awareness and educate the public about privacy risks and to protect people’s rights and freedoms when their personal data is used. The general powers of the Privacy Commissioner are outlined in Article 29 of PIPA.
Alexander White (Privacy Commissioner) was appointed by His Excellency the Governor, after consultation with the Premier and Opposition Leader, to take office on 20 January 2020.
Privacy is the right of an individual to be left alone and in control of information about oneself. In addition to the protections in PIPA, the right to privacy or private life is enshrined in the United Nations' Universal Declaration of Human Rights (Article 12) and the European Convention of Human Rights (Article 8).
"Personal information" or data is a defined term in PIPA that means any information about an an identified or identifiable individual. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. "Sensitive personal information" is a defined term in PIPA that includes information relating to such aspects as place of origin, race, colour, sex, sexual life, health, disabilities, religious beliefs, and biometric and genetic information. (Note: This is not a complete list.)
"Use" of personal information is a defined term in PIPA that means "carrying out any operation on personal information, including collecting, obtaining, recording, holding, storing, organising, adapting, altering, retrieving, transferring, consulting, disclosing, disseminating or otherwise making available, combining, blocking, erasing or destroying it."
"Security" is addressed in section 13 of PIPA: "An organisation shall protect personal information that it holds with appropriate safeguards against risk, including loss; unauthorised access, destruction, use, modification or disclosure; or any other misuse. Such safeguards shall be proportional to the likelihood and severity of the harm ... the sensitivity of the personal information ... and the context in which it is held." Section 14 addresses breaches of security and reporting to PrivCom.
About Cybersecurity Awareness Month: Celebrated worldwide in the month of October, this month serves as an opportunity for security professionals to raise awareness about cybersecurity. For more perspectives from both sides of the pond, see the dedicated pages for the United States (Stay Safe Online) and European Union (ENISA).