Security newsround: April 2018
We round up reporting and research from across the web about the latest security news. This month: privacy palaver at Facebook, a cyberattack with explosive intent, securing the IoT, sportswear maker uncovers data breach, and authorities arrest an alleged cybercrime mastermind. Facebook shook by reverberations and revelations The worlds of privacy and security collided last […]
Ransomware reminders force focus on prevention and planning
Ransomware reared its ugly head again recently, with some stark reminders that it’s still a serious business risk. A household name suffered what seemed a major infection, while it emerged that many victims never get their data back. Last week, Boeing narrowly avoided a tailspin after a senior engineer alerted colleagues of a WannaCry infection. […]
Here’s how to get the most from a cybersecurity assessment
Would your organisation pass a cybersecurity assessment? Not one of 200 UK NHS trusts did, after the Department of Health checked them following the WannaCry ransomware outbreak. The NHS trusts’ complexity meant the assessments set a high bar. But for many SMEs, the assessments identify opportunities to improve, rather than obstacles to overcome. They show […]
Teach staff to steer clear of phishing hooks with awareness training
One of the most important steps for improving security is to understand where you’re starting from first. That covers technical questions like what systems you run or where you store data. Then there’s the all-important human factor: how much do the organisation’s people know about security risks like phishing and malware? Research repeatedly tells us […]
AWS Cloud: Proactive Security and Forensic Readiness – part 3
Part 3: Data protection in AWS This is the third in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to protecting data within AWS. Data protection has become all the rage for organisations that are processing personal data of individuals in […]
GDPRubbish: seven common data protection myths debunked
I have been evangelising about GDPR for almost two years, professionally and personally. It’s a powerful piece of legislation designed to empower citizens of Europe and to deter the inappropriate information management practices of the past. It aims to rebalance a data subject’s control over information with the organisation’s need to maximise use and profit […]
Security newsround: March 2018
We round up reporting and research from across the web about the latest security news. This month: cryptomining attacks increase, data breaches rise in Ireland, the business cost of ransomware revealed, UK local authorities come under attack from cybercriminals, NotPetya blame laid at Russia’s door, and automated security makes inroads. Tales from the crypto A […]
Business benefits for ISO 27001 certification, and five steps to making it work
Whether you want to reassure a board – or yourself – that your security programme is operating optimally, the ISO 27001 Information Security Standard gives you that confidence. Here are some business-focused benefits to becoming certified, and some tips for making that process run smoothly and successfully. Choosing to get certified First, let’s address a […]
AWS Cloud: Proactive Security and Forensic Readiness – part 2
Part 2: Infrastructure-level protection in AWS This is the second in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to protecting your virtual infrastructure within AWS. Protecting any computing infrastructure requires a layered or defence-in-depth approach. The layers are typically divided […]
Security newsround: February 2018
We round up reporting and research from across the web about the latest security news. This month: coinjacking for cryptocurrency, CEO fraud takings, Google gets into security, a hefty fine for data breach, and social engineering the CIA. They got the jack Irish Government websites were among 4,200 portals around the world infected with ‘coinjacking’ […]