Digital Health’s latest round-up of cyber security news covers new guidelines from the National Cyber Security Centre on internet-connected toys, and rumours that Facebook is in the market for a cyber security acquisition. 

NCSC sets guidelines on internet-connected toys

The National Cyber Security Centre (NCSC) has published new guidelines for manufacturers of internet-connected gadgets and toys to ensure that products are built with proper security measures.

The new Code of Practice also urges retailers to only stock products that are secure by design and meet the new government-mandated guidelines.

It comes following a number of well-publicised stories concerning internet-connected Barbie dolls and other kids’ toys that were found to be easily hackable, allowing potential hackers to access toys’ built-in cameras and microphones.

Cyber-attack board game bags award

A cyber-attack simulation board game created by insurance firm Chubb has won a prize at the 2018 GamiCon awards in Chicago.

Hacksagon! was developed by Chubb’s European cyber security team and tasks players with defending a fictional company from cyber-attacks, by role-playing through scenarios demonstrating how a cyber security incident might occur, and the type of responses required.

Kyle Bryant, Chubb’s cyber underwriting manager for Europe, Eurasia & Africa, said: “Cyber risk is an incredibly important issue for businesses to understand but there remains confusion or a lack of understanding within some firms about how best to deal with these threats.

“Hacksagon! is a way to understand cyber risk and start a conversation about how a business needs to respond.”

Eurostar hit by hacking attempt

Eurostar has asked customers to reset their login details following an attempted cyber-attack on user accounts.

The hacking attempt is reported to have taken place between 15 and 19 October. The rail firm had previously claimed via Twitter that passwords had been reset due to maintenance work.

Eurostar has not said whether any attempts were successful, however it told the BBC that payment details had not been affected.

Facebook in the market for cyber security smarts

Facebook is said to be eyeing up the cyber security market ahead of a possible acquisition.

Citing reports from The Information, the Verge states that Facebook is looking to purchase a cyber security company by the end of the year, as it attempts to win back favour in the public eye.

The rumoured acquisition comes after Facebook revealed that some 30 million user accounts were compromised by hackers in September this year, who exploited a bug in the website’s ‘view as’ feature.

The social media company remains in the doghouse following 2018’s infamous Cambridge Analytica scandal.

Heathrow Airport fined £120,000 for USB blunder

Heathrow Airport Limited (HAL) has been fined £120,000 by the Information Commissioner’s Office (ICO) after a member of the public found a USB stick containing employee information.

The memory stick was discovered on 16 October, after it was lost by an airport employee. After accusing the memory stick at a public library, ia member of the public discovered 76 folders and over 1,000 files that were not encrypted or password-protected.

While only a small amount of the data contained on the USB stick was sensitive in nature, of particular concern was a training video that exposed the names, dates of birth, passport numbers of 10 individuals, as well as details of around 50 personnel from HAL’s aviation security team.

A subsequent investigation by the ICO revealed that only two per cent of the 6,500-strong workforce had been trained in data protection.