Information Security Policies: Knowing Who and How to Trust

Posted by:

After reading my previous post, you may think that greedy/evil/incompetent co-workers are a few steps away from causing data-breach related havoc. And that feeling in the pit of your stomach is the realisation that it might be your own actions (or indeed lack thereof) may have played a part.

When it comes to insider threat, we have to acknowledge that we all sit somewhere along the spectrum. Not only that, but the more senior we are and ...

Read More →
0

Are Your IT Security Insides Troubling You?

Posted by:

This post is going to ask you to take a seat and consider something you’ve probably suspected but didn’t want to admit: The biggest security threat to your company’s data might not come from those hoodie-wearing hackers but from the people within the company; your smiling, innocent-looking colleagues.

Yes, it’s time to talk about insider threats.

Insiders are people who have access to your IT systems. It could be a network login, VPN access, usernames and ...

Read More →
0

Making Vendor Risk Management Part of Your Security Strategy

Posted by:

When we think of Vendor Risk Management (VRM), there’s usually a policy or a procedure, possibly even a process to follow – and for good reason. The consistent approach that effective VRM gives you should lead to lower financial and strategic risks, increased admin efficiencies, reduced costs and quicker onboarding of suppliers.

A painful lessons this year has taught businesses is that they are only as resilient as the vendors they rely on. A promise is only ...

Read More →
0

How the pandemic changed everything and nothing

Posted by:

This is a quick look back over the last six months or so: what’s changed in the world of work and cybersecurity and how businesses have responded. I wasn’t sure how to title this post. I don’t think words like ‘review’, ‘lessons learned’ or ‘takeaways’ really do the scale of the situation, but ‘What the …. just happened?’ seems a bit strong.

That being said, from my research and conversations with people in the companies that have ...

Read More →
0

NIST Privacy Framework – Your Foundation for Future Privacy Compliance

Posted by:

In preparing to write an article about the NIST Privacy Framework I asked some friends who work in infosec and data protection for their thoughts. With few exceptions the conversation went:

“Oh, you mean the NIST CyberSecurity Framework.”

“No, the Privacy Framework”, I’d reply.

“I’m pretty sure it’s Cybersecurity.”

“I’ll send you a link.”

It’s not surprising that it’s gone under the ...

Read More →
0

Are You in the Dark About Visibility?

Posted by:

 

You can’t have good posture without good visibility. This is not a phrase I’ve picked up during those hours of internet yoga classes during lockdown; try saying that in a real life yoga class and you’ll get some very funny looks indeed. But it does describe the core of an effective cybersecurity strategy.

Your ‘Security Posture’ is a combination of factors:

  •       Your awareness of current and changing cybersecurity threats.
  • Read More →
    0

TBG Data Breaches Part 2: It’s not (necessarily) your fault

Posted by:

Last time I discussed the ‘Did they really do that?!’ kind of data breach, the one where you can’t quite see how an organization could manage to have that much data exposed that openly for that long. We all laugh, but as the news clearly demonstrates, it could happen to any company of any size with seemingly any budget.

Malicious actors, however, aren’t just sitting around waiting for the latest instance of an accidental data splurge. They’re ...

Read More →
0

Why bother hacking when firms keep leaving the doors wide open?

Posted by:

If your company suffered a data breach, wouldn’t it be at least a bit comforting if you knew it was because an army of criminal geniuses had spent months trying to penetrate your fortress-like defences?

Imagine the effort they must have gone through. They’ve tried every form of phishing, spearphishing, smishing, vishing and whaling. They’ve sent fake printer and HVAC engineers to try to penetrate the data centers. They’ve tried to get their spies recruited to ...

Read More →
0

Zoom: How to Avoid Cyber Security Video Conferencing Pitfalls

Posted by:

There has been quite a trend in recent years of companies going from zeroes to heroes to villains in a short space of time: think Uber and WeWork. 

Unsustained growth can pose problems, particularly if you do not take cybersecurity seriously. 

Enter Zoom. Its fast growth caught the attention of bad actors and security researchers alike. Here are just a few of the recent security issues that have been raised. 

Read More →
0

Phishing is a Popular Hobby for Coronavirus Scammers

Posted by:

In these strange times, increasing numbers of us are confined to the home with little but our concerns for neighbours and loved ones, and hopefully some work, to keep us going. But those with an entrepreneurial spirit and complete moral bankruptcy really are going all out to make sure that their criminal chums or their state-level paymasters profit from this crisis at the expense of the rest of us.

This pandemic really does provide a golden opportunity ...

Read More →
0
Page 1 of 12 12345...»
})
SEC Cybersecurity Exams