Password-less future moves closer as Google takes FIDO2 for a walk

For years, many organisations – and their users – have struggled with the challenge of password management. The technology industry has toiled on this problem by trying to remove the need to remember passwords at all. Recent developments suggest we might finally be reaching a (finger) tipping point. At Mobile World Congress this year, Google […]

When is it fair to infer?

While the GDPR framework is robust in many respects, it struggles to provide adequate protection against the emerging risks associated with inferred data (sometimes called derived data, profiling data, or inferential data). Inferred data pose potentially significant risks in terms of privacy and/or discrimination, yet they would seem to receive the least protection of the […]

Five data protection tips from the DPC’s annual report

The first post-GDPR report from the Data Protection Commission makes for interesting reading. The data breach statistics understandably got plenty of coverage, but there were also many pointers for good data protection practice. I’ve identified five of them which I’ll outline in this blog. Between 25 May and 31 December 2018, the DPC recorded 3,542 […]

Security roundup: March 2019

We round up interesting research and reporting about security and privacy from around the web. This month: ransomware repercussions, reporting cybercrime, vulnerability volume, everyone’s noticing privacy, and feeling GDPR’s impact. Ransom vs ruin Hypothetical question: how long would your business hold out before paying to make a ransomware infection go away? For Apex Human Capital […]

Testing cybersecurity plans with table-top exercises

If a picture is worth a thousand words, and video is worth many multiples more, what value is an interactive experience that plants you firmly in the hot seat during a major security incident? Reading about cyberattacks or data breaches is useful, but it can’t replicate the visceral feeling of a table-top exercise. Variously called […]

More cod than phishing: email compromise is a bigger risk than you think

Phishing emails and social engineering attacks are a huge security risk. When we describe security incidents that involve criminals scamming individuals or businesses out of money, security professionals often use terms like “CEO fraud”, “fake boss scams”, or “impersonation fraud” and “business email compromise” interchangeably for convenience. But there’s a case for treating business email […]

AWS Cloud: Proactive Security and Forensic Readiness – part 5

Part 5: Incident Response in AWS In the event your organisation suffers a data breach or a security incident, it’s crucial to be prepared and conduct timely investigations. Preparation involves having a plan or playbook at hand, along with pre-provisioned tools to effectively respond to and mitigate the potential impact of security incidents. These response […]

Security roundup: February 2019

We round up interesting research and reporting about security and privacy from around the web. This month: security as a global business risk, insured vs protected, a 12-step programme, subject access requests made real, French fine for Google, and an imperfect getaway. Risks getting riskier Some top ten lists are not the kind you want […]

Ireland’s cybersecurity watchdog publishes new guidance for businesses

Ireland’s National Cyber Security Centre has published guidance on cybersecurity for Irish businesses. It’s a welcome addition to the roster of material available to help organisations to develop or refine their security strategy. The team at BH Consulting has picked out key points from the guide, and added some more context and analysis. The report’s […]

No-deal Brexit and GDPR: here’s what you need to know

Business craves certainty and Brexit is currently giving us anything but. At the time of writing, it’s looking increasingly likely that Britain will leave the EU without a withdrawal agreement. This blog rounds up the latest developments on data protection after a no-deal Brexit. (Appropriately, we’re publishing on Data Protection Day, the international campaign to […]