Takeaways from the British Mensa Security Drama

Posted by:

Sometimes, you hear of security issues that baffle the mind. Worse they could have been easily avoided, and also handled much better in the security incident aftermath.

February saw a security issue that fits nicely into this camp, and it continues to rage on this week. Ironically, it involves one of the branches of an international organization most of us would consider full of smarts: Mensa. 

The British branch of Mensa, the society for people in the UK with high ...

Read More →
0

Remember Online Scams Target Businesses Too

Posted by:

It’s online scam a go-go out there. It seems that no one is safe. Not the widower looking for love; not the person looking for information on covid, not the home user who accidentally visits an infected site, not the worker bee who clicks on a dodgy email link. 

Today’s focus seems to be personal scams – those targeting the individual – but that doesn’t mean that the bad guys have taken their eye off the corporate ...

Read More →
0

2020 Holiday Infosecurity advice for the people in your life

Posted by:

Sure, if you are reading this post, it’s pretty likely that you are into information security. Perhaps you even do it as a job. And if that is the case, there is something we all have in common – helping out family members, friends and neighbors with their computer, device and internet dramas.

And now, we find ourselves in early December, and that means we have important holidays just around the corner:  Christmas, Hanukkah, New Year’s eve….

And ...

Read More →
0

Information Security Policies: Knowing Who and How to Trust

Posted by:

After reading my previous post, you may think that greedy/evil/incompetent co-workers are a few steps away from causing data-breach related havoc. And that feeling in the pit of your stomach is the realisation that it might be your own actions (or indeed lack thereof) may have played a part.

When it comes to insider threat, we have to acknowledge that we all sit somewhere along the spectrum. Not only that, but the more senior we are and ...

Read More →
0

Are Your IT Security Insides Troubling You?

Posted by:

This post is going to ask you to take a seat and consider something you’ve probably suspected but didn’t want to admit: The biggest security threat to your company’s data might not come from those hoodie-wearing hackers but from the people within the company; your smiling, innocent-looking colleagues.

Yes, it’s time to talk about insider threats.

Insiders are people who have access to your IT systems. It could be a network login, VPN access, usernames and ...

Read More →
0

Making Vendor Risk Management Part of Your Security Strategy

Posted by:

When we think of Vendor Risk Management (VRM), there’s usually a policy or a procedure, possibly even a process to follow – and for good reason. The consistent approach that effective VRM gives you should lead to lower financial and strategic risks, increased admin efficiencies, reduced costs and quicker onboarding of suppliers.

A painful lessons this year has taught businesses is that they are only as resilient as the vendors they rely on. A promise is only ...

Read More →
0

How the pandemic changed everything and nothing

Posted by:

This is a quick look back over the last six months or so: what’s changed in the world of work and cybersecurity and how businesses have responded. I wasn’t sure how to title this post. I don’t think words like ‘review’, ‘lessons learned’ or ‘takeaways’ really do the scale of the situation, but ‘What the …. just happened?’ seems a bit strong.

That being said, from my research and conversations with people in the companies that have ...

Read More →
0

NIST Privacy Framework – Your Foundation for Future Privacy Compliance

Posted by:

In preparing to write an article about the NIST Privacy Framework I asked some friends who work in infosec and data protection for their thoughts. With few exceptions the conversation went:

“Oh, you mean the NIST CyberSecurity Framework.”

“No, the Privacy Framework”, I’d reply.

“I’m pretty sure it’s Cybersecurity.”

“I’ll send you a link.”

It’s not surprising that it’s gone under the ...

Read More →
0

Are You in the Dark About Visibility?

Posted by:

 

You can’t have good posture without good visibility. This is not a phrase I’ve picked up during those hours of internet yoga classes during lockdown; try saying that in a real life yoga class and you’ll get some very funny looks indeed. But it does describe the core of an effective cybersecurity strategy.

Your ‘Security Posture’ is a combination of factors:

  •       Your awareness of current and changing cybersecurity threats.
  • Read More →
    0

TBG Data Breaches Part 2: It’s not (necessarily) your fault

Posted by:

Last time I discussed the ‘Did they really do that?!’ kind of data breach, the one where you can’t quite see how an organization could manage to have that much data exposed that openly for that long. We all laugh, but as the news clearly demonstrates, it could happen to any company of any size with seemingly any budget.

Malicious actors, however, aren’t just sitting around waiting for the latest instance of an accidental data splurge. They’re ...

Read More →
0
Page 1 of 12 12345...»
})
SEC Cybersecurity Exams