#ProjectThankYou – Police, Blue Lights, Armed Forces and Veterans Get Bulk 40% Fee Reductions for Cyber Sec Diplomas
The UK’s first business Academy for cyber and tech security has launched #ProjectThankYou in a bid to make the UK more cyber resilient.
The London-based Global Cyber Academy, the first in the UK to deliver formal accredited, online Diploma education to working-adult students, begins with its first cohort of UK-based students this October. The Academy will be providing a flat 40% course fee reduction for every single UK Blue Lights or Armed Forces application – including for veterans.
Chief Executive of the Global Cyber Academy, Richard Bingley, said:
“Money is tight for emergency workers, and our armed forces, and for the government too. Yet, the UK economy and infrastructure are now under industrial-scale threats from cyber-criminals and external state-backed harassment. We’ve got a duty as educators to step up and help.”
Mr Bingley added:
“There’s little point just educating a tiny fraction of the workforce. Our Academy is in a unique position to offer mass accredited education across our entire security and emergency-services base, and that’s exactly what we’re offering to do.
“The only way to stop industrial-level cyber crime is to introduce industrial-level education, particularly for those who are tasked to defend us. Our Academy is thankfully in a position to give something back and in our own way say a big ‘thank you’ to public servants who help look after us.”
The new Academy came up with the plan after trying to apply to be registered with the UK MOD’s Enhanced Learning Credits (ELCAS) scheme. This would have potentially enabled service personnel to access funding and earn advanced credits for studying the Academy’s programmes.
“But because our Academy was only formed earlier this year it did not qualify for ELCAS admission,” said Mr Bingley. “We didn’t hit the two-year operating rule”
“It was a bizarre situation, because certified police investigators, senior qualified academics and international book authors had written and filmed our course content Also, our Diploma programmes are issued by a UK-Ofqual-approved awarding body, therefore they go through tons of formal quality vetting. Yet we couldn’t reach in to our own natural audience. The situation within UK policing is similar where only a selected few receive funded cyber training. So, we all just said ‘forget it’, we set this thing up to help people, and help build a resilient society, and that’s exactly what we’re going to do!”
The Level 3 Diploma (online) in Cyber Security Management and Operations begins on October 9th 2018 and enrols monthly thereafter. Modules include: Threat and Risk; Network Architecture, Communications and Protocols; Mobile Data Risks and IoT; Investigations and Incident Response; Solutions: Future-Proofing your Business; EU GDPR and Data Security
The Level 4 Diploma (online) in Cyber Security begins on October 16th 2018 and enrols monthly thereafter. Modules include: Threat and Risk; Network Security and Data communications; Databases and Programming; Incident Response, Investigations and Forensics; Security Strategy Laws, Policies and Implementation; Banking and Finance (elective) or Cyber Wars (elective).
A Level 5 Diploma covering Cryptography is available from February 2019 which maps directly into a final year Cyber Security degree programme at a UK University.
#ProjectThankyou applicants receive a course fee discount of 40% on all Diploma applications up to January 31st 2019.
Delivery is self-paced and flexible with lots of videos, audio, exercises and real-world formal assessments. “Basically, wherever you are in the world, you can log on and learn,” Mr Bingley said. “We have students based in most of the world’s seven continents,” Bingley added. “Our WhatsApp student chat groups are keeping us awake at night!”
Academic support class workshops are run every other month in London and filmed for those who can’t personally attend. Industry network meetings with policy-makers and key recruiters are held each month in London.
Will students get a job at the end? A recent study of Chief Information Officers reported a “recruitment crisis” in cyber security. The UK economy now spends an estimated £7bn on cyber security. This figure is approaching £200bn globally. These stats are likely to grow even more exponentially now that EU GDPR is in force.
“Although no promises can be made, most public sector and business organisations are massively recruiting into cyber and information security roles. Existing security professionals need to be in an educational position to exploit this sea-change,” Mr Bingley said. “The validation of a formal cyber Diploma and close contact with recruiters is really going to help an individual’s market position, for sure.”
Mr Bingley added:
“These courses provide a pathway for the individual to stay relevant and upskill, and for our country to be much more cyber resilient. In difficult times, this surely is a win-win scenario.”
Further course details can be found at the Global Cyber Academy website: https://www.globalcyberacademy.com/
Any course bookings made via the website should put the code #ProjectThankyou into the application form
Veteran Labour MP Frank Field has quit the Party’s whip in the Parliamentary Labour Party.
Mr Field, a widely respected back-bencher, and former welfare minister in Tony Blair’s 1997 government, is expected to fight for his Birkenhead seat at the next general election as an Independent Labour candidate.
He was recently deselected by his own constituency party following a parliamentary vote where he supported upholding the 2016 Brexit referendum result.
Field’s supporters say that his constituency activists are now controlled by Momentum, a sizeable far-left grassroots organisation that generally supports Jeremy Corbyn’s leadership.
In a letter to the Party’s chief whip, Mr Field said that the Labour Party leadership was becoming a “force for anti-semitism in British politics.” The MP added: “The leadership is doing nothing substantive to address this erosion of our core values.”
Richard Bingley, Chairman of the UK New Security Alliance think-tank told The English Channel: “When we lift the bonnet, the UK Labour Party now has a significant problem with widespread anti-semitism. It is obviously welcome news that a senior MP has finally taken such a clear public stance, but others need to step up and find the courage to stand up against widespread racism and intolerance.”
Recent research tells us that some 68 percent of information systems workers are using their own smart phones, and 69 percent are bringing their own tablets to work (Forrester Annual Survey: 2017). Goodness knows what the stats must be for wider society!
Top mobile threats include enterprise-class spyware and malware, including zero-day exploits that we don’t yet know about. Mobile botnets on android devices are becoming increasingly identified. One such, ‘Viking Horde’, was revealed in Google Play-accessed-apps in 2016. ‘Ad and click’ malware can also give hackers an easy route into an internal company network. Starting out as annoying ‘adware’, attackers can then spread surveillance spyware across the entire botnet.
Richard Bingley, Chief Executive Officer of the Global Cyber Academy said:
“Apps shouldn’t be treated as a permanent fixture on your phone. Review your apps each week and delete the ones you don’t use or read bad things about. Err on the side of caution.
Richard Bingley added:
“Lots of apps are being removed or deleted by Google Play and Apple stores, but reasons aren’t usually given. This means that if an app is infected with malware, or secretly leaking data to a third party, then the end-user might not know about that if they have already downloaded it prior to it becoming blacklisted. The big tech companies don’t proactively tell existing users.”
Today our Global Cyber Academy launches #SixSteps to help you see if you’re being tracked or breached on your smartphone:
- Dial: *#21# – see whether your data, including SMS, are being forwarded to a third party
- Dial: *#62# – see if your calls are being automatically forwarded. If so, where your calls get forwarded to? If your calls are ‘forwarded’, don’t be too alarmed initially if you see that your calls are forwarded to a number you don’t recognise. (This number might be a separate voicemail box run by your network service provider. The digest message might say that your calls are forwarded to this number after 20 seconds, or so. Mobile service providers often provide separate voicemail gateways, including for those overseas on ‘roaming’.) But you should certainly double-check with your service provider. Some suspicious numbers of known scammers and criminals are published online at: unknownphone.com. If you recognize the number as your arch-enemy, call the police!
- Dial: ##002# – to stop your calls being automatically forwarded (to whoever!)
- Dial: *#06# – to locate your 15-digit International Mobile Equipment Identifier (IMEI) number. Write this down. If your phone gets lost or stolen, you can disable it (and even find it) with the network service provider (carrier). Or via a trusted online app including Google’s ‘Find My Device’ service
- Dial: ##4636## – to find detailed configuration about your phone including call redirects, current network, usage and location. Check ‘Usage Statistics’ and ‘App Count Usage Time’ to double-check your apps use and remove any apps that are suspicious (for example, you might not use them, but they show high-usage)
- Search for the hero inside yourself! If you still feel that there is something suspicious, after conducting these tests, please contact your network service provider. If they’re too busy to talk it through with you, or carry out further tests, it’s time to tear up the contract!
Further information: firstname.lastname@example.org
With the 2018 World Cup under way, and EU GDPR now in force, we’d like to share our students’ Top Ten mobile device prevention tips with our GCA readers. Our advice ends with our famous #30MinutesSelfie – book half an hour in your smartphone calendar, uninterrupted, with yourself, to make these safety measures happen!
Anti-Virus Software:Your smartphone is a computer because it has an operating system and a browser. Therefore, install antivirus software (or check out what the manufacture has already provided) and use this tool to scan for viruses at least on a monthly basis. Likewise, install and regularly check Anti-Spyware apps on your device. Enable security updates when requested; then your AV can scan for the very latest known malicious codes attacking smartphones. Do not enable suspicious looking AV updates: i.e., not ones from your vendor or those you have additionally subscribed to.
Ignore Unknown Links:Never open strange texts or untrusted URL links: This applies equally to your own SMS as well as to emails and social media communications. Just like email and social media, SMS can also introduce unauthorised Spyware, ransomware and other malware into your phone. (Sometimes from a known contact whose phone or PC has become a ‘Zombie’.) Steganographic attacks (malware embedded in pictures, often of celebrities) are also a classic method of mobile device attack. Keep them near or lock them up: Your smartphone is the equivalent of your bank cards and house keys all rolled into one. It’s also a radio transmitter. Like any prized possession, either keep your smartphone with you, or switch your baby off and lock her safely away.
Don’t be too trusting:friends and family usually have your best interests at heart. But moments of incredible stupidity with smartphones have caused countless relationships and friendships to flounder. If she’s not locked up, keep your phone with you at all times. This discipline is also good for emergency planning. Because all manner of hazards – such as vicious scooter-thieves, terrorists and natural disasters – never let us plan ahead to avoid disaster.
Zero-Trust Apps: Only ever download an app if you trust the source. This does not mean trust the tech giants! Google Play and App Store, verify (somewhat) the source and security of apps before they list them for download. But literally millions are corrupted with bugs and malware. If an app asks for permissions to access personal information, think very carefully before providing it. Be aware that even if you switch of your Google locator, many other apps will locate you. Apps seeking permission to use your microphone can record you. Apps seeking permission to use your camera can film you. And apps seeking permission to access your camera roll can pinch your pictures. And some apps don’t even ask! They do default data pillage! Proactively remove apps on a monthly basis if they are unused.
Zero-Trust Wi-Fi:Like any public service, Wi-Fi Hotspots can be a great contributor to our own state of happiness and a key enabler if assisting humanity to abolish war, disease and …?! You get the point. But be very aware of the ‘other side of the coin’. Wi-Fi channels are free-flowing, radio waves that allow any Tom, Dick or Harriet (with a cheap bit of kit) to eavesdrop into your device, temporarily or permanently, depending on the tools they use.
Anonymous Browsing:Hackers often exploit you because they can read your browsing history and anticipate, or exploit, your weaknesses. Therefore, learn how to browse anonymously or privately with tools such as Tor, PGP, and VPNs. Sometimes browsing this way is a little bit slower and prevents you carrying out financial transactions, as your IP address might cause suspicion. However, you shouldn’t really be shopping or banking from an unprotected hotspot, should you?!
Location and Tracking:Bear in mind, that if you lose your phone, you might wish to locate it! This means that you probably will want your phone locator on at times when you feel you could lose your phone. You can also lock your phone remotely and immediately with any number of security tracker apps. Research the apps first from user forums and tech journals before trusting them enough to install.
Encrypt key data and files:Save and encrypt important files, and export them to a password protected, double-authenticated client or cloud. Also get into the habit of using end-to-end communications encryption. This means the hacker might know you’re online but they still can’t read your messages. Freely available VPN and encryption services such as CyberGhost can be a real party-pooper for malicious hackers. WhatsApp offers asymmetric end-to-end encryption. But if you lose your phone the SMS messages (if left unprotected) are left for all to read, screenshot and steal.
Regularly Transfer and Back-Up Data:to a separate device (probably a PC) that is itself sensibly protected. Then base that PC in a secure room, or a locked drawer. Don’t hide that PC’s password under any mouse mats, chairs, tables, or monitors! Spend ten minutes every month transferring your smartphone pics to your PC. Losing them, even by an accidental own-goal, can be upsetting.
Passwords and Double Authentication:many phones now have double-authentication opportunities. Use the latest tools – including biometrics – to double-lock your phone. Use a password manager and a file locker to separately lock all precious files. Use long nonsense phrases and symbols for passwords, not words and numbers. Also make password changes after any suspicious incident, or memory blind-spot. (Such as accidentally leaving it at the local pub overnight.) Change your passwords at least every month.
#30MinutesSelfie: Book a 30-minute calendar meeting each month. With yourself. No interruptions. ‘Me’ time. To enforce these ten steps.
Hope this helps!
“Game-Changer”: EU General Data Protection Regulation (EU GDPR) Education Launched by Global Cyber Academy and Qualifi:
The European Union’s General Data Protection Regulation (GDPR) introduces heavy fines for companies and organisations that lose data or don’t take sensible precautions, such as encrypting their customers’ personal data. Mirror legislation for personal data protection is being introduced into the UK due to the country’s planned exit from the European Union in 2019.
The EU GDPR is a statutory obligation upon data processors and entered into effect during May 2018.
“The central thrust is about all organisation’s having to safeguard and protect personal data, and, indeed get permission to hold and use such data in the first place,” said Richard Bingley, Chief Executive of the UK Global Cyber Academy, which runs EU GDPR courses.
Mr Bingley added: “It’s a game-changer. People’s personal data is hugely significant in terms of financial value and the personal safety of individuals. This regulation is about redressing the balance of power of data ownership back to the citizen. Organisations playing fast and loose with personal data will face tough sanctions.”
Qualifi have teamed up with the UK Global Cyber Academy to provide dedicated EU GDPR courses, and modules dedicated to EU GDPR and Data Security within their Level 2, 3 and 4 Cyber Security Diplomas.
See: qualifi-international.com and globalcyberacademy.com
Or email: EUGDPR@globalcyberacademy.com
EU GDPR impacts all companies and countries that trade with EU-based citizens, or hold data about them, profoundly. Regardless of whether such companies themselves are based within the EU. Within the EU, individual member states’ information commissioners (or equivalents) will enforce compliance.
According to UK Law Firm, Pinsent Masons:
“A two-tiered sanctions regime will apply. Breaches of some provisions by businesses, which law makers have deemed to be most important for data protection, could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater, being levied by data watchdogs. For other breaches, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, whichever is greater.
Important provisions on data security are contained under Articles 5 and 32 of the Regulation.
Article 5 sets out basic rules on personal data processing which only apply to data controllers, considered to be fundamental to data protection. One of those rules requires data controllers to ensure that personal data is “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”. This could involve deploying data encryption techniques, Data Loss Prevention Software, stronger authentication procedures, extra physical security layers, and regular review and monitoring of end-users, network traffic and security controls. Staff awareness and competency training will also be critical here for all data owners, custodians and users.
In contrast if data processors breach their statutory data security obligations, set out under Article 32, which requires them to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk” of their personal data processing, then the most they could be fined is up to €10m or 2% of global annual turnover.
Data controllers are also subject to the Article 32 obligations. It therefore appears open to national data protection authorities to fine data controllers for any data security failings under Article 5 or Article 32 (4).”
However don’t forget other important Data Protection laws:
Businesses and business people producing and handling customer data, including financial information, .
USA – Health Insurance Portability and Accountability Act Security Rule: (HIPAA): https://www.nist.gov/healthcare/security/hipaa-security-rule
USA – Security Breach Notification Laws: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx
Payment Card Industry Data Security Standard (PCI DSS): https://www.pcisecuritystandards.org/
Further details: www.globalcyberacademy.com or EUGDPR@globalcyberacademy.com
British security services were involved in the assault targeting websites hosting its flagship Amaq “news agency”, alongside allies in the EU, US and Canada.
Europol said Islamist group’s ability to broadcast and publicise terrorist material has been “compromised” by a mix of cooperation with internet service providers and cyber attacks.
Security services are also working to identify Isis administrators and radicalised individuals across Europe and beyond with the data retrieved.
In the third phase of an operation started in 2015, law enforcement agencies coordinated by the European Counter Terrorism Centre (ECTC) started a two-day “simultaneous multinational takedown” on Wednesday.
Isis servers were seized in the Netherlands, Canada and the US, while raids were conducted in Bulgaria, France and Romania as the UK targeted its domains.
European Counter Terrorism Centre:
“Designed as a central hub in the EU in the fight against terrorism, the ECTC focuses on:
- providing operational support upon a request from a EU Member State for investigations;
- tackling foreign fighters;
- sharing intelligence and expertise on terrorism financing (through the Terrorist Finance Tracking Programme and the Financial Intelligence Unit);
- online terrorist propaganda and extremism (through the EU Internet Referral Unit);
- illegal arms trafficking;
- International cooperation amongst counter-terrorism authorities”.
Charlie Winter, a senior research fellow at the International Centre for the Study of Radicalisation and Political Violence (ICSR) at King’s College London said permanent damage to the Amaq website could have a “substantial strategic impact”.
“The website was a living archive of Isis propaganda and there’s no equivalent,” he told The Independent. “Given that at this point in time the group is maniacally trying to curate its post-territorial legacy, it really could do with access to all of those materials.”
Increased detection and removal work by both governments and hacktivists has since pushed it into ever more obscure corners of the internet, with the Amaq website being taken down and reappearing on an almost daily basis even before Europol’s attack.
The head of GCHQ revealed that British spies have been disrupting Isis’ communication networks and propaganda earlier this month, hinting that it could be behind a glut of fake propaganda that unnerved the group last year.
The British government has also funded free artificial intelligence software that can detect the group’s videos and prevent them being uploaded to the internet.
Amber Rudd, the second highest profile woman in English politics, resigned as Home Secretary yesterday evening. This morning she was swiftly replaced by fellow Cabinet member, Sajid Javid.
Rudd, a talented and likeable MP, often looked stretched at Marsham Street. (Who wouldn’t?) Too deep cuts into policing, fused with the seemingly intractable disaster of UK immigration management systems, have sunk the political career of a woman who, despite her lack of flamboyance, is a competent figurehead.
In our humble assessment, Rudd would have equally flourished outside of Westminster’s increasingly polarised corridors of power.
Urgent tweets, from outside of the Vote Leave side of the Conservative Party, demanded that the PM brings in a firm Brexiteer to sure up a clean EU exit.
Surely what is needed is the very best individual to come in and grip the Home Office? Alongside the Department of Health, it’s a department where, when things go wrong, it can mean the difference between life and death.
Well over a decade ago, Dr John Reid, an exemplary Home Secretary, admitted to the country that the Home Office, through decades of poor documention and sprawling (mis)management, was “not fit for purpose”.
He was not including MI5, who report into the Home Office, within this view.
With the swift reemergence of a new Cold War, cyber attacks hitting UK business hard, ISIS’s murderous campaign in full throttle, and violent crime soaring, now is definitely not the time to play politics with our Home Office.
The public has voted for Brexit. The government and opposition has committed to it. The Foreign Office has a Brexit Foreign Secretary and the government has a pro ‘Brexit Secretary’ and International Trade team.
We wish our new Home Secretary Sajid Javid well during his time at Marsham Street. If his team succeed, then we all benefit.
The world’s independent watchdog, which works to prohibit the use of chemical weapons, will report its findings next week into the attempt to assassinate a former Russian intelligence officer and his daughter, recently in Britain.
The UK Government formally requested “technical assistance” from the Organisation for the Prohibition of Chemical Weapons to identify toxins used. The OPCW reported that they collected samples on the 14 and 21 March, in a statement made today by its Director General (4 April).
The Independent international team also took “biomedical samples from these two victims, as well as from a third individual, a police officer reportedly exposed to a toxic chemical.” These samples were sealed and taken to an OPCW laboratory on 23 March.
Richard Bingley, Advisory Board Chairman at the UK New Security Alliance (UKNSA) said:
“The OPCW will report their findings next week to the UK. But, quite correctly, the UK Government has asked for the maximum possible transparency to apply. Therefore it is likely that most other global leaders will learn this independent body’s findings very soon.”
Alongside the OPCW’s independent inquiry, UK police and government agencies are conducting their own investigations.
“The next few weeks are likely to be at least as diplomatically turbulent as those just passed,” Bingley predicted.
The UK New Security Alliance is launched at the Houses of Parliament on 13 June 2018. Senior level politicians and security sector leaders will address security concerns for a selected audience of business operators and public sector officials.
“The aim is to build up awareness and our economic resilience to major security threats,” added Bingley. “We urge all those interested to get involved in this initiative.”
Qualifi and UK Global Cyber Academy Issue Education and Guidance on Impending European Union General Data Protection Regulation (GDPR)
The EU GDPR is a statutory obligation upon organisations and their data processors and comes in to effect on 25 May 2018. It impacts all companies and countries that trade with EU-based citizens, or hold data about them, regardless of whether such companies themselves are based within the EU.
Qualifi has recently accredited Level 2,3 and 4 Cyber Security Diplomas designed by experts at the UKSP Global Cyber Academy based in London. Each Diploma contains dedicated data security and GDPR compliance modules.
Richard Bingley, Chief Executive at the UKSP Global Cyber Academy said:
“Breaches of some provisions by businesses, which law makers have deemed to be most important for data protection, could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater, being levied by data watchdogs. For other breaches, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, whichever is greater.”
The relevant provisions on data security are contained under Articles 5 and 32 of the Regulation.
Article 5 sets out basic rules on personal data processing which only apply to data controllers, considered to be fundamental to data protection. One of those rules requires data controllers to ensure that personal data is “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”.
In contrast, under Article 32, if data processors do breach their statutory data security obligations, but did take appropriate technical and organisational counter-measures, such as risk assessments and encryption, then the most they could be fined is up to €10m or 2% of global annual turnover.
Data controllers are also subject to the Article 32 obligations. It therefore appears open to national data protection authorities to fine data controllers for any data security failings under Article 5 or Article 32.
Further details and a guide to EU GDPR for potential students: email@example.com
Advisory Council Member, New Security Alliance, London