Both the UK Data Protection Act 2018 and General Data Protection Regulation (GDPR) require organisations to document how they process and transfer personal data from one location to another. And it’s the first critical step in conducting a Data Protection Impact Assessment (DPIA) to identify and address the associated security risks in this process. Join […]
30
Mar
Mar
In our recent webinar, ‘6 Things to do to Meet GDPR 3rd Country Requirements’, we provided information on how data privacy requirements may change and why organisations should prepare now. The webinar ended with a Q&A session with our data privacy and protection expert, Ursula Baye. In this post, we list the answers to those questions asked […]
23
Mar
Mar
On top of everything else to contend with you also need to be especially vigilant to COVID-19 based phishing emails – we talked about phishing emails generally in a previous blog post “Why you should fear the spear” I’ll refrain from expressing fully the contempt that all decent thinking people must feel towards those wishing […]
16
Mar
Mar
So COVID-19 or the Corona Virus as it’s still commonly referred to is really beginning to bite now, our news media outlets are immersed in the subject 24/7 so I won’t burden you with yet more facts and figures. We won’t be trying to clumsily shoehorn a sales message into this piece. Instead, we thought […]
09
Mar
Mar
Many things that are important in getting ISO 27001 compliant but in this blog post, I’ve narrowed it down to just 4 key areas. Trust me. By focussing on these objectives, you will greatly simplify your journey. Make it relevant First things first. You need to make it relevant. People will be more supportive if […]
02
Mar
Mar
Are you considering conducting Red Team testing in 2020? Have you ever conducted one? It’s a New Year, maybe its time for a new approach – a more holistic approach to assessing your information security controls from the perspective of an adversary. But are you ready? Simply put, Red Team testing is a methodology for […]
25
Feb
Feb
ISO 27001 Audits can be stressful for those involved as a lot riding on the audit’s outcome. This is especially true if it’s the organisation’s first audit and there’s a compelling commercial reason to achieve ISO 27001 certification. Heads might roll if they don’t pass the audit. The ISO certification audit comes in two stages […]
17
Feb
Feb
In this post, you’ll learn why vishing is successful and what you can do to mitigate the risk of being vished. Vishing is a form of social engineering. Much like phishing, it can be used to manipulate people into giving away usernames, passwords and sometimes bank details. Vishing: Exploitation by voice commands Vishing is the […]
10
Feb
Feb
Sometimes we get in the mode of doing something out of procedure without a true understanding of why it’s important and the true benefit of the process. Such is the case with the DPIA (Data Protection Impact Assessments) which is pivotal to GDPR compliance. In general, conducting a DPIA will improve awareness in your organisation […]
03
Feb
Feb
Good news. Bad news. The bad news is that cyber security threats to businesses are increasing exponentially every day. But then, you already knew that. The good news is that the best defence against these ever-growing threats is already at work in your business – your staff. In 2019, 60% of the breaches that occurred […]