BH Consultings guide to data classification
As information security professionals, we often face a challenge when trying to explain what we mean by ‘data classification’. So here’s my suggestion: let’s start by not calling it that. In my experience, the minute you call it that, people switch off. Our role should be to try to engage an audience, not scare them […]
Security roundup: April 2019
We round up interesting research and reporting about security and privacy from around the web. This month: healthy GDPR, gender rebalance, cookie walls crumble, telecom threats and incident response par excellence. A healthy approach to data protection Ireland’s Department of Health is now considering amendments to the Health Research Regulations, with data protection as one […]
Password-less future moves closer as Google takes FIDO2 for a walk
For years, many organisations – and their users – have struggled with the challenge of password management. The technology industry has toiled on this problem by trying to remove the need to remember passwords at all. Recent developments suggest we might finally be reaching a (finger) tipping point. At Mobile World Congress this year, Google […]
When is it fair to infer?
While the GDPR framework is robust in many respects, it struggles to provide adequate protection against the emerging risks associated with inferred data (sometimes called derived data, profiling data, or inferential data). Inferred data pose potentially significant risks in terms of privacy and/or discrimination, yet they would seem to receive the least protection of the […]
Five data protection tips from the DPC’s annual report
The first post-GDPR report from the Data Protection Commission makes for interesting reading. The data breach statistics understandably got plenty of coverage, but there were also many pointers for good data protection practice. I’ve identified five of them which I’ll outline in this blog. Between 25 May and 31 December 2018, the DPC recorded 3,542 […]
Security roundup: March 2019
We round up interesting research and reporting about security and privacy from around the web. This month: ransomware repercussions, reporting cybercrime, vulnerability volume, everyone’s noticing privacy, and feeling GDPR’s impact. Ransom vs ruin Hypothetical question: how long would your business hold out before paying to make a ransomware infection go away? For Apex Human Capital […]
Testing cybersecurity plans with table-top exercises
If a picture is worth a thousand words, and video is worth many multiples more, what value is an interactive experience that plants you firmly in the hot seat during a major security incident? Reading about cyberattacks or data breaches is useful, but it can’t replicate the visceral feeling of a table-top exercise. Variously called […]
More cod than phishing: email compromise is a bigger risk than you think
Phishing emails and social engineering attacks are a huge security risk. When we describe security incidents that involve criminals scamming individuals or businesses out of money, security professionals often use terms like “CEO fraud”, “fake boss scams”, or “impersonation fraud” and “business email compromise” interchangeably for convenience. But there’s a case for treating business email […]
AWS Cloud: Proactive Security and Forensic Readiness – part 5
Part 5: Incident Response in AWS In the event your organisation suffers a data breach or a security incident, it’s crucial to be prepared and conduct timely investigations. Preparation involves having a plan or playbook at hand, along with pre-provisioned tools to effectively respond to and mitigate the potential impact of security incidents. These response […]
Security roundup: February 2019
We round up interesting research and reporting about security and privacy from around the web. This month: security as a global business risk, insured vs protected, a 12-step programme, subject access requests made real, French fine for Google, and an imperfect getaway. Risks getting riskier Some top ten lists are not the kind you want […]