If you have been following our blog for the past few weeks, you will know that we have been focusing on the well-known virtues of third-party managed IT security solutions, otherwise known as managed security services providers (MSSPs).Read Article
For anyone who works in IT or compliance, you will be more than aware that the year 2018, has been seen more than its fair share of new regulations and updates to industry standards. This year alone we have seen the introduction or update of:Read Article
It seems that every IT-related conversation involves some element of cloud today. From cloud-hosted email, to cloud-hosted file storage and even cloud-based telephony through the use of centrally hosted VoIP services.Read Article
I am sure that we can all agree that cloud hosted software or SaaS (Software as a Service) is generally more cost effective, more convenient and easier to maintain. But in the back of our minds, there is always a concern about security; and whether or not submitting to the cloud means losing control.Read Article
Businesses that fail to take the steps necessary to protect their data, information and digital infrastructure are far more likely to suffer a data breach. A breach has the potential to do lasting harm and may even place the very survival of a business at risk. Organizations would do well to seek out any resources that may allow them to benefit from enhanced levels of security. A few tips are often all that may be required to ensure small businesses are able to take the appropriate precautions in order to better protect themselves and their data.
Just a mere ten years ago, the job of an IT manager was to pack his or her server room with stacks of equipment, keep them blinking happily away and then build a huge wall of defences around it to keep the cyber riff-raff out. How simpler our lives seemed back then...Read Article
It is both curious and comical to me how certain topics surrounding the GDPR (General Data Protection Regulation) seem to generate more buzz than others, whether they are correct or not. Such as the topic of consent being the only form of lawful processing, the overriding right to be forgotten in any circumstance and the belief that all forms of outbound marketing have been confined to history.Read Article
The hospital and healthcare industry met quite a few challenges involving ransomware in the last year. Reports of malware infecting machines in medical facilities took over news channels. The reality even infiltrated popular culture when Grey’s Anatomy ran an episode where ransomware was an integral part of the storyline. We all laughed a little when the Chief of Surgery, Miranda Bailey, said she could afford 4,932 bitcoin without her knowing that the amount equated to $20 million. It became all too real for Grey-Sloan Memorial, and their example was a great depiction of what was really going on in the medical world.Read Article
The last week of June saw the release of yet another cybersecurity compliance standard aimed the UK's public sector departments. Not content with the strain placed on departments across the country by the GDPR (General Data Protection Regulation), The NCSC (National Cyber Security Centre) has developed a five domain standard, which all government organisations should be meeting or ideally surpassing.
Fraud is a major problem in modern-day businesses. It significantly hampers the progression of business and leads to loss of revenue. According to PriceWaterhouseCoopers’ evaluation reports, over half of all businesses today have in one way or another suffered fraud. In particular, 88 percent of companies within the United States have suffered fraud that led to subsequent declines in financial performance. This shows the detrimental effects of fraud.Read Article
Hot on the heels of The GDPR (General Data Protection Regulation), yet enforced just fifteen days before, the directive on security of network and information systems (NIS) has been created to achieve a high, common level of network and information systems security across the European Union.Read Article
Facebook has been in the news a lot lately, and the publicity hasn’t been the good kind. Reports that Cambridge Analytica – a British company that uses data mining and data analytics in providing consulting services to political campaigns – had accessed information about U.S. voters through their Facebook accounts created a firestorm. It also brought to the forefront the much broader issues of how all that “TMI” that we share on social media sites can end up in places and uses that we never intended or expected.Read Article
In the scramble of the final days leading up to the 25th of May 2018, Google crawl bots would have noticed universal updates taking place across the internet. Privacy policies for an unquantifiable number of organisations and companies were being adapted to fit the GDPR.Read Article
The 25th May 2018 has arrived and you as a data subject have been empowered with Europe's most ambitious and forward-thinking data protection regulation to date, the GDPR. As the ultimate steward of your personal data, you now have control over its use in most scenarios making data privacy a fundamental right. But what about instances where your personal data is available publicly? Is personal data fair game, once it is in the public domain?
It’s been almost a year since a zero-day ransomware attack called WannaCry infected hundreds of thousands of machines all over the world. Hackers encrypted files on infected computers and attempted to extort a ransom from their victims. Those infected with WannaCry were initially demanded to pay $300 in Bitcoin. Those affected were exploited by unpatched vulnerabilities in the Windows SMB service. Microsoft knew of the potential threat months before however, several businesses do not keep up on their patches which caused them to be an easy target for a WannaCry attack.Read Article
By now you have probably learned that the processing of personal data does not always require an act of consent. Whilst much of the internet is obsessing over consent, re-consent and double opt-in consent, you have correctly discovered that it is not the only way to legally process personal data.Read Article
Marketing automation solutions have come along way in the past five years. Once used for mass emailing, now expanded to include an array of interactivity features such as blogs, landing pages and pop-ups, all to enrich the process of inbound marketing. But as the GDPR (General Data Protection Regulation) enforcement data looms nigh, how ready are the likes of MailChimp? and what do you need to know as their data controller?
The new year has come and gone. Now that your company’s budget is on track, it’s time to start cleaning house (or your network) with IT initiatives that will protect your business from a malware attack and organize your data.Read Article
With the GDPR (General Data Protection Regulation) getting all the headlines in the past two years, it is hard to garner any attention on anything else. Yet for good reason, the GDPR is widely focused and will for some challenge the way they take their offering to market. However, there have been developments, both legislative and not, in the past two years which can present opportunities for VARs (Value-Added Resellers) and solution providers alike.Read Article
Like many an industry trend before, MSSP (Managed Security Service Provider) appears to be trending among IT teams and security practitioners alike; embracing the cloud and hosting technologies to relieve the burden of ownership and maintenance, retain security practices and benefit from subscription models of service.Read Article
Unfortunately, insecure passwords are not a thing of the past. As companies continue to grow, employees will use more and more applications that require a passcode. It’s time you enforce a new strategy to improve the security of your network.Read Article
With less than 100 days to go until the enforcement of the GDPR (General Data Protection Regulation) and the relevance of this blog post on a short time span, a certain level of panic may begin to consume those who have only just started to take this subject seriously.Read Article
If you are a security professional like me, you probably wind up speaking passionately about an attack vector, a cyber-incident or trends in information security from time-to-time. As such, you probably get approached to opine on a summary of what frightens you the most, and how to drive to sum navigable preventative steps.
So, you've been told that you need to destroy your prized contacts database unless you can prove that you have consent to process the personal data of those that you store. Maybe you can send out communication asking those contacts to re-consent... but how many would? And what about the problems which Honda incurred by doing this?