Online Safety Awareness

🇷🇴 Understanding what happened in #Romania after a “black swan” result seemed to come out of nowhere, with pre-election polls failing to accurately gauge the elections results. “Networks of Influence: Decoding foreign meddling in Romania’s elections A collaborative investigation into disinformation campaigns and influence operations”: This analysis is the product of a collaborative investigation to substantiate independent research findings, showing how foreign actors actively exploit societal divisions and systemic vulnerabilities to influence electoral outcomes using the case of recent electoral results in Romania as a key example. The authors of this report are researchers & data experts. Andra-Lucia Martinescu and researchers have collected evidence and built an investigation into Romania's case, together with Osavul data team & Dmytro Plieshakov The investigation is a deep study of election interference in 2024, which brings insights into how to counter it. 🔹Using Osavul, an Al-powered information threat detection software, the report identifies 614 networks (webpages, websites, social media channels, accounts), predominantly Russian-affiliated, that amplified the Romanian candidate's profile and narratives across a vast ecosystem of social media platforms (i.e.: Telegram, Facebook, Twitter/X, etc-), spanning multiple continents and languages. 🔹This hybrid operation of election interference, methodically orchestrated to destabilise a NATO and European Union (EU) member state, is shown to extend beyond Romania & reflect a broader geopolitical agenda designed to fracture Euro-Atlantic cohesion, weaken regional resilience, and undermine support for continued war in Ukraine. 🔹The report states that the campaign of destabilisation may not be limited to Russian influence, snd that other foreign actors with similar capabilities and modus operandi (i.e.: China, Iran) are shown to have contributed, albeit in a limited manner, to the dissemination efforts. The authors are still analysing whether this amounts to coordinated actions. 🔹To contextualise the span and scope of this foreign-amplified influence and disinformation campaign, they underline it is crucial to understand pre-existing vulnerabilities, latent rifts and societal divisions that could be effectively weaponised. These qualitative findings complement a growing repository of journalistic investigations and research. It delves into the tactics employed, the vulnerabilities exploited, and the broader implications for European security. Interesting read to understand FIMI & the exploitation of social platform algorithms. 👉🏼 Read the investigation By Sorina Stallard, Alina Balatchi-Lupascu Mihai George Forlafu @Yan Kurtov, Dmytro Bilash Yevhen Popov

How Ransomware Almost Stole My Spotlight A few years ago, while on a routine business trip to Kuala Lumpur, I was giving a company presentation when I realised that my greatest risk was not forgetting my words but rather my digital security. Seated at a cramped desk in my hotel room, I rehearsed my presentation with my laptop connected to the hotel's public Wi-Fi, navigating each slide as though I had delivered it a thousand times. All my meticulous work resided solely on the notebook's hard drive. I was ignorant of the hidden dangers of that unsecured network. While setting up at the regional conference, a fellow speaker's laptop fell victim to a ransomware attack. Within minutes, their slides were sealed behind an encrypted vault. I watched the organisers frantically attempt to salvage the session, my heart pounding as I imagined the same disaster befalling me. Determined never to experience such anxiety again, I developed a speaker-specific cybersecurity routine based on simple daily habits. Pre-trip organisation Before every journey, I tidy and organise my laptop by backing up crucial data to a secure cloud vault and external storage, retaining only essential files, and removing any unused applications that have not been used for more than three months. Secure connections Whenever I use airport or hotel Wi-Fi, I first connect to a VPN so that every keystroke, file transfer and message remains encrypted. Strict wireless management I disable Bluetooth when I'm not using it and disable Wi-Fi auto-connect to prevent unauthorised networks or headsets from connecting. Multiple backups I keep copies of my slides in protected cloud storage as well as on a trusted thumb drive so that I never rely on a single source. Post-trip sanitisation After each trip, I forget all saved Wi-Fi networks, clear cached credentials, and either archive or delete files I no longer need while backing up the rest to both the cloud and an external hard drive. I know this sounds like a lot of work, but each habit is now as natural as my morning cup of tea. It may add minutes to my prep, but it saves me hours of panic and ensures no malware or ransomware ever steals the spotlight from my presentations. Over to you Which cyber-hygiene habit do you rely on most when presenting or travelling? Share your tip below and help us create a collective checklist so that every speaker can step into the spotlight with confidence. #alvinsratwork ✦ #ExecutiveDirector ✦ #cybersecurity ✦ #cyberhygiene ✦ #Cyberawareness ✦ #BusinessTechnologist ✦ #Cyberculture 

Cyber risks do not take a vacation. We can be more vulnerable to data compromise and identity theft when we travel. You are thinking how can this be the case? Business and pleasure travel remains strong. Many are on spring break or will be shortly. We know the risks of using public Wi-Fi at a coffee shop or hotel. Have you considered cyber risks for Wi-Fi on an airplane? This is a public network too. Airplane Wi-Fi is not encrypted. This means all travelers use the airplane Wi-Fi their web surfing, email activity/content, and passwords can be seen by others on the network. Risk concerns are: ➡️Data Interception ➡️Man-in-the Middle Attacks ➡️Malware ➡️Packet Sniffing So, what can business and pleasure travelers do to mitigate cyber risks when they need to keep connected on an airplane? Options are: 1)   VPN 2)   Antivirus software on your device 3)   Password Manager 4)   Don’t auto-connect to public networks 5)   Limit activity to non-sensitive data (avoid financial transactions) Happy Travels! #RiskManagement #Cybersecurity #DataPrivacy #Leaders Longview Leader Corporation

Does “clean beauty” still deserve to be a claim? For years, “clean,” “organic,” and “natural” sold trust, and products. Today, that trust is fading. Consumers demand safety, sustainability, and honesty, yet many “clean” labels feel like marketing, not a promise, want to know more? →The label is fuzzy. Terms like “clean,” “natural,” and “organic” aren’t clearly defined in cosmetics, unlike in food. This ambiguity leads to inconsistent use and consumer confusion. As a result, shoppers, especially GENZ, stop trusting labels and turn to ingredient lists, certifications, and traceability for proof. →Greenwashing and commercial damage: High-profile greenwashing calls-out and numerous examples in cosmetics have shown how misleading claims can backfire. When brands use environmental or “natural” language without meaningful backing, they risk losing consumer trust, and sometimes legal trouble. →Gen Z: demanding, skeptical, decisive: Recent research shows many in this cohort research products extensively, prioritize sustainability and are willing to pay more for verified ethical sourcing, but they are also unforgiving when claims lack proof. In short: Gen Z wants the values behind the label, not just the label itself. From marketing claim → to brand behavior: From one-off campaign → to ongoing accountability: From exclusive premium play → to core expectation: >>What this means for your brand?<< 1.-“Clean” cannot be a fuzzy slogan anymore. Brands that keep using the word as shorthand will be dismissed. Consumers want specific, verifiable claims, “sulfate-free” or “dermatologist tested” are clearer than “clean.” 2.-Proof is the new currency. Ingredient transparency, third-party certifications, batch-level traceability, lifecycle data for packaging, these are the assets that convert skeptical research into purchase intent. 3.-Story + data = emotional trust. Younger shoppers respond to emotional storytelling, but they confirm it with facts. A moving sustainability narrative must be paired with measurable commitments and accessible evidence. 4.-Design your proposition with precision. If you say “organic,” say which ingredients are organic and by which certifier. If you say “clean,” define the criteria, no PFAS? low allergen profile? cruelty-free? and show how you measure compliance. Final word, urgent and emotional. Gen Z won’t buy the story unless it’s built on truth. After years of greenwashing and empty promises, “clean” no longer convinces on its own. Brands must turn it from a tagline into a promise, precise, proven, and non-negotiable. Find my curated search of brands and get inspired for your next Hero. Featured Brands: Aleph Beauty Axiology BANILA CO Bubble Skincare Drunk Elephant Florence by Mills Goa Organics Henua Organics I DEW CARE InnBeauty Project Kjaer Weis Wildhood #beautybusiness #beautyprofessionals #cleanbeauty #genZ

As we observe Data Privacy Day, it's a good time to reflect on the importance of protecting our personal information in an increasingly digital world. Privacy is a fundamental human right, yet our personal data is more vulnerable than ever.   I believe businesses have an ethical responsibility to be transparent about how we collect, use, and secure customer data. People should have control over their digital identities. But unfortunately, we often tick boxes and accept dense terms of service without realizing how our data gets utilized behind the scenes.   The way I see it, stringent data protection regulations are important to safeguard individuals. But public awareness is just as critical. We must educate ourselves and our communities about potential data misuse, build dialogue around responsible data stewardship, and make conscientious choices around privacy as both consumers and business leaders.   The digital landscape is evolving rapidly. This Data Privacy Day, let’s reconsider how we can collectively foster an ethos of transparency, empowerment and trust in the data economy. Our right to privacy deserves nothing less. . . #DataPrivacyDay #DataProtection #PrivacyMatters #DigitalPrivacy

Yesterday my daughter made an observation that’s relevant to all mid-market CISOs. While speaking to her on voice call, my father-in-law struggled to switch the WhatsApp call to video to show their dog’s antics. He asked my mother-in-law to help. While on the call, my mother-in-law needed to transfer money via UPI to someone. So they had to cut the call - because my father-in-law needed to step in! My daughter came to me with this question: Two people. Same house. Same everyday things. Yet their skill levels are so different. Now, imagine this inside a company with hundreds or thousands of employees. - Some struggle to identify phishing emails - Some don’t understand the risk of weak passwords - Some click on malicious links without a second thought - Some approve payment requests based on text messages - Some download & install unauthorized software - Some share sensitive information over email without realizing - Some upload company secrets into ChatGPT for projects Yet, many CISOs run just 𝙤𝙣𝙚 𝙤𝙧 𝙩𝙬𝙤 cyber awareness simulations per year & think it’s enough. It’s not. Cyber awareness needs to be continuous, personalized & measurable. A strong cyber awareness program should: 𝟭) 𝗧𝗲𝘀𝘁 𝗲𝗺𝗽𝗹𝗼𝘆𝗲𝗲𝘀 𝘄𝗶𝘁𝗵 𝗿𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝗮𝘁𝘁𝗮𝗰𝗸 𝘀𝗰𝗲𝗻𝗮𝗿𝗶𝗼𝘀 Phishing, smishing, vishing, and deepfake attacks that mimic what attackers actually do. 𝟮) 𝗔𝗱𝗮𝗽𝘁 𝘁𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗯𝗮𝘀𝗲𝗱 𝗼𝗻 𝗶𝗻𝗱𝗶𝘃𝗶𝗱𝘂𝗮𝗹 𝘀𝗸𝗶𝗹𝗹 𝗹𝗲𝘃𝗲𝗹𝘀 A finance executive needs different training than a new intern. 𝟯) 𝗢𝗳𝗳𝗲𝗿 𝗲𝗻𝗴𝗮𝗴𝗶𝗻𝗴, 𝗶𝗻𝘁𝗲𝗿𝗮𝗰𝘁𝗶𝘃𝗲 𝘁𝗿𝗮𝗶𝗻𝗶𝗻𝗴 Gamification, role-based training, and bite-sized learning improve retention. 𝟰) 𝗧𝗿𝗮𝗰𝗸 𝗶𝗺𝗽𝗿𝗼𝘃𝗲𝗺𝗲𝗻𝘁𝘀 & 𝗿𝗶𝘀𝗸𝘆 𝗯𝗲𝗵𝗮𝘃𝗶𝗼𝗿 Identify employees who need extra training instead of treating everyone the same. 𝟱) 𝗥𝘂𝗻 𝗰𝗼𝗻𝘁𝗶𝗻𝘂𝗼𝘂𝘀 𝘀𝗶𝗺𝘂𝗹𝗮𝘁𝗶𝗼𝗻𝘀, 𝗻𝗼𝘁 𝗼𝗻𝗲-𝘁𝗶𝗺𝗲 𝗲𝘃𝗲𝗻𝘁𝘀 Cyber threats evolve daily; training should too. 𝟲) 𝗚𝗶𝘃𝗲 𝘁𝗵𝗲 𝗰𝘆𝗯𝗲𝗿 𝗮𝘄𝗮𝗿𝗲𝗻𝗲𝘀𝘀 𝗽𝗼𝘀𝘁𝘂𝗿𝗲 𝗮𝘁 𝘁𝗵𝗲 𝗰𝗹𝗶𝗰𝗸 𝗼𝗳 𝗮 𝗯𝘂𝘁𝘁𝗼𝗻 Department-wise reports of people & the potential learning gaps Awareness is not running a simulation & calling it a day. It's the actions & the next steps: - for improvement - knowing the awareness posture of everyone - for building a culture where employees become security assets If you’re a CISO evaluating solutions that train employees further based on their actual responses, DM me. My team works with a platform designed to make cyber awareness practical, engaging & effective. -- Hi, I’m Rajeev Mamidanna. I help mid-market CISOs strengthen their Cyber Immunity.

Of all the deepfake harms that my research has uncovered, this is one of the scenarios I most feared would proliferate. That fear is now being realised. Back in 2020, my “Automating Image Abuse” investigation into a deepfake Telegram bot and accompanying community revealed several disturbing findings: 1. Radical accessibility to tools for creating deepfakes led to a huge increase in the amount of non-consensual deepfake pornography being created. 2. Unlike the first wave of non-consensual deepfake pornography that mostly targeted female celebrities, the vast majority of victims were everyday women. 66% of users self-reported targeting women they knew in real life. 3. The most disturbing finding of all: I discovered many of the victims were clearly teenage girls and young children, the first of its kind to be reported. Children are now growing up in a world where having one picture of themselves online is enough to be targeted in deepfake pornography, whether that's in bullying at school or by an older offender. The Automating Image Abuse report led to international legislation in countries including Italy and India, as well as informing provisions in the UK's online safety bill. However, there is no way to hide the sobering fact that deepfake pornography tools continue to grow in popularity and what is shared online is only the tip of the iceberg compared to what is being created privately. We must do better. https://lnkd.in/exzvEeVq #ai #deepfakes #onlinesafety

I don’t think people understand how important the psychology of decision-making under pressure impacts the success of cybersecurity awareness training. Let me explain how… First, Stress Impacts Decision-Making. Under pressure, people are more likely to make impulsive decisions rather than carefully considered ones. To proof this theory to my audience, I use an activity during my workshops where I trick them to attempt to answer a question under pressure. For the first few minutes,because I put them on a time pressure, they keep shouting different plausible answers at me until someone reads my question again to see that the question itself, is WRONG. This is exactly what the bad guys do! Most awareness training focuses on teaching employees “what to do” in ideal scenarios but doesn’t prepare them for high-stress situations. Secondly, we forget that human decision-making is influenced by cognitive biases like authority bias (trusting an email because it appears to come from a superior) or urgency bias (responding quickly to avoid perceived consequences). Our trainings today rarely addresses these psychological biases, leaving people vulnerable to well-crafted deception attacks. Thirdly, Multitasking and Distraction Increase Risk! People often make cybersecurity decisions while multitasking or in a state of distraction, which training rarely accounts for. This 4th point is very important- Emotional Manipulation by Attackers Cybercriminals exploit human emotions like fear, greed, curiosity, and even empathy. For example, a phishing email may create a sense of urgency by threatening account suspension or appeal to empathy by posing as a charity. Awareness trainings rarely teaches employees how to recognize and resist emotional manipulation tactics. In 2025, I challenge you to do better! Make sure your trainings go beyond technical instructions and focus on emotional awareness, and practical habits that people can apply in real-world situations. Go past the technical tips and tricks, address the psychology issues. Its people (not robots) we are trying to shape for goodness sake!…tap into their humanity more than the bad guys can! #cybersecurity #informationsecurity #psychology

Training employees on cybersecurity isn’t just a box to tick—it’s a mindset shift that turns the workforce into the first line of defense, especially as human error remains the most common entry point for digital threats. Cybersecurity training for employees is essential in today’s threat landscape, where phishing, ransomware, and social engineering continue to evolve. Educating staff with real-world examples increases vigilance and improves response time to suspicious activity. Training should be dynamic, incorporating feedback and updated regularly to reflect new risks. Clear communication of security protocols, combined with practical simulations, empowers employees to act confidently. This not only protects company data but also builds a culture of shared responsibility, reducing the likelihood of breaches caused by negligence or lack of awareness. #CyberSecurity #DigitalTransformation #EmployeeTraining #ITSecurity

#SDAIA issues rules for appointing a personal data protection officer. 𝗦𝗮𝘂𝗱𝗶 𝗗𝗮𝘁𝗮 𝗮𝗻𝗱 𝗔𝗿𝘁𝗶𝗳𝗶𝗰𝗶𝗮𝗹 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘁𝘆 (SDAIA | سدايا) has released a document outlining the rules for appointing a personal data protection officer (#DPO), as part of its guidance for the 𝗣𝗲𝗿𝘀𝗼𝗻𝗮𝗹 𝗗𝗮𝘁𝗮 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗟𝗮𝘄 (𝗣𝗗𝗣𝗟). The new #PDPL was approved last year and is expected to come into force on September 14th. The #DPO guidelines are the latest of a series of rules and regulations that have been published by SDAIA this year, and follow a period of public consultation previously announced in July. Last week the authority opened a public consultation for the standard contractual terms for the transfer of personal data, for data transfers outside of the country. Last month SDAIA launched a public awareness campaign for the PDPL and the rights of individuals under it. The campaign also set out to educate the public about the importance of protecting their personal data, personal data disclosure, and the obligations of organisations collecting personal data in Saudi Arabia. The DPO guidelines published this week provide insights into cases that necessitate the appointment of a DPO and outlines the DPO's responsibilities, including: 👉 Supervising the enforcement of the PDPL's provisions and regulations 👉 Overseeing and monitoring procedures governed by PDPL 👉 Processing requests pertaining to personal data 👉 Compliance with the PDPL . DPOs are designated as the main point of contact with SDAIA, for executing its directives and guidelines concerning the enforcement of PDPL. View the new DPO guidelines from SDAIA: https://lnkd.in/dR28fYvH (Arabic PDF) https://lnkd.in/d79Pz9aW (English PDF) See the SPA story on the DPO guidelines: https://lnkd.in/d2ueZGjC See last week's post on data transfer contracts https://lnkd.in/dHJbDVBb See my post on SDAIA's PDPL public awareness campaign https://lnkd.in/dF5tEy4b 𝘞𝘢𝘯𝘵 𝘵𝘰 𝘴𝘦𝘦 𝘈𝘓𝘓 𝘮𝘺 𝘧𝘶𝘵𝘶𝘳𝘦 𝘱𝘰𝘴𝘵𝘴? 𝘊𝘭𝘪𝘤𝘬 🔔 𝘰𝘯 𝘮𝘺 𝘱𝘳𝘰𝘧𝘪𝘭𝘦 𝘱𝘢𝘨𝘦. Want to receive my weekly news digest straight to your inbox every Thursday morning? https://lnkd.in/dij4qFi5 Trying to position your tech venture as a leader in its space? That's what I do! https://lnkd.in/dwQ5JMtm #MiddleEastAINews [ 𝘪𝘮𝘢𝘨𝘦 𝘤𝘳𝘦𝘥𝘪𝘵: 𝘊𝘢𝘳𝘳𝘪𝘯𝘨𝘵𝘰𝘯 𝘔𝘢𝘭𝘪𝘯 𝘷𝘪𝘢 𝘔𝘶𝘴𝘢𝘷𝘪𝘳 ] [ 100% 𝘏𝘶𝘮𝘢𝘯 𝘤𝘳𝘦𝘢𝘵𝘦𝘥 𝘵𝘦𝘹𝘵 | 𝘈𝘐 𝘪𝘮𝘢𝘨𝘦 𝘷𝘪𝘢 𝘔𝘶𝘴𝘢𝘷𝘪𝘳 ]