Five data protection tips from the DPC’s annual report
The first post-GDPR report from the Data Protection Commission makes for interesting reading. The data breach statistics understandably got plenty of coverage, but there were also many pointers for good data protection practice. I’ve identified five of them which I’ll outline in this blog. Between 25 May and 31 December 2018, the DPC recorded 3,542 […]
Security roundup: March 2019
We round up interesting research and reporting about security and privacy from around the web. This month: ransomware repercussions, reporting cybercrime, vulnerability volume, everyone’s noticing privacy, and feeling GDPR’s impact. Ransom vs ruin Hypothetical question: how long would your business hold out before paying to make a ransomware infection go away? For Apex Human Capital […]
Testing cybersecurity plans with table-top exercises
If a picture is worth a thousand words, and video is worth many multiples more, what value is an interactive experience that plants you firmly in the hot seat during a major security incident? Reading about cyberattacks or data breaches is useful, but it can’t replicate the visceral feeling of a table-top exercise. Variously called […]
More cod than phishing: email compromise is a bigger risk than you think
Phishing emails and social engineering attacks are a huge security risk. When we describe security incidents that involve criminals scamming individuals or businesses out of money, security professionals often use terms like “CEO fraud”, “fake boss scams”, or “impersonation fraud” and “business email compromise” interchangeably for convenience. But there’s a case for treating business email […]
AWS Cloud: Proactive Security and Forensic Readiness – part 5
Part 5: Incident Response in AWS In the event your organisation suffers a data breach or a security incident, it’s crucial to be prepared and conduct timely investigations. Preparation involves having a plan or playbook at hand, along with pre-provisioned tools to effectively respond to and mitigate the potential impact of security incidents. These response […]
Security roundup: February 2019
We round up interesting research and reporting about security and privacy from around the web. This month: security as a global business risk, insured vs protected, a 12-step programme, subject access requests made real, French fine for Google, and an imperfect getaway. Risks getting riskier Some top ten lists are not the kind you want […]
Ireland’s cybersecurity watchdog publishes new guidance for businesses
Ireland’s National Cyber Security Centre has published guidance on cybersecurity for Irish businesses. It’s a welcome addition to the roster of material available to help organisations to develop or refine their security strategy. The team at BH Consulting has picked out key points from the guide, and added some more context and analysis. The report’s […]
No-deal Brexit and GDPR: here’s what you need to know
Business craves certainty and Brexit is currently giving us anything but. At the time of writing, it’s looking increasingly likely that Britain will leave the EU without a withdrawal agreement. This blog rounds up the latest developments on data protection after a no-deal Brexit. (Appropriately, we’re publishing on Data Protection Day, the international campaign to […]
Cybersecurity for startups
In the early days of a startup, it’s easy to get caught up in the buzz of building a new business. Keeping so many plates spinning – from fundraising and hiring to shipping product – can mean security sometimes falls off the priority list. But in the face of ever-rising volumes of data breaches and […]
Malware threats in 2019
It’s unlikely we’ll ever look back fondly to a time when ransomware would announce itself noisily. But at least victims knew they were under attack. Now, the signs are that malware’s adopting sneaky tactics to avoid detection. Fileless malware looks set to be a significant security threat in 2019, and that could be bad news […]