Top 3 Areas Many Fail in an ISO 27001 Audit

ISO 27001 Audits can be stressful for those involved as a lot riding on the audit’s outcome. This is especially true if it’s the organisation’s first audit and there’s a compelling commercial reason to achieve ISO 27001 certification. Heads might roll if they don’t pass the audit. The ISO certification audit comes in two stages […]

Don’t be Vulnerable to Vishing – Identify and Mitigate Risk

Vishing

In this post, you’ll learn why vishing is successful and what you can do to mitigate the risk of being vished. Vishing is a form of social engineering. Much like phishing, it can be used to manipulate people into giving away usernames, passwords and sometimes bank details. Vishing: Exploitation by voice commands Vishing is the […]

When Should You Conduct a DPIA?

DPIA

Sometimes we get in the mode of doing something out of procedure without a true understanding of why it’s important and the true benefit of the process. Such is the case with the DPIA (Data Protection Impact Assessments) which is pivotal to GDPR compliance. In general, conducting a DPIA will improve awareness in your organisation […]

What’s a Mature Security Awareness Programme?

Security Awareness Programme

Good news. Bad news. The bad news is that cyber security threats to businesses are increasing exponentially every day. But then, you already knew that. The good news is that the best defence against these ever-growing threats is already at work in your business – your staff. In 2019, 60% of the breaches that occurred […]

How to Stay Compliant with the GDPR After Brexit

GDPR Brexit No Deal

With Brexit-no-deal staring us in the face, the big question for the future is what happens next? The UK Government has stated its’ plans to keep the GDPR regulation “as-is” after it has left the Union; therefore companies are advised to maintain compliance with both the GDPR and the UK DPA 2018 even if they […]

2020 Trends that will Dominate Data Privacy

2019 brought a great deal of focus on data privacy; not to mention the variety of new government regulations. With cyber-attacks on the rise not only in size but in sophistication and cost, data privacy remains a very relevant topic. And attacks aren’t going away – an increase of 72% in the average cost of […]

Will ISO 27701 be the new certification trend for GDPR?

ISO 27701 GDPR

The General Data Protection Regulation (GDPR) may have come into force in 2018 but 2019 was the dominating year for it. Last year, we saw companies put more effort into not only achieving GDPR compliance but into actively maintaining it. This is harder to do than it might seem — as just one mistake can result in a […]

What can we learn from 2019 data breaches

2019 breaches

We thought we would start 2020 by looking backwards. Specifically looking back at the biggest data breaches of 2019, seeing how many records were breached, getting a broad understanding of the nature of the attacks and then looking forward to seeing how we can learn lessons and protect our data assets better in the future. […]

Risk Crew Wishes You a Breach Free 2020

Looking back to 2019 and forward to 2020 If our Principal Consultant, Richard Hollis, had his Google Location Services on this year (he hasn’t of course, he’s not that mad!) it would throw up an image similar to what it would look like if you gave a kitten a ball of wool and it started […]

As a nation, are we cyber security aware?

In the following blog post, we are going to shine a spotlight on the general cyber threat landscape in the UK, examine the most prevalent forms of attack and look at the detrimental implications these attacks have on organisations. After reading this post, we hope you’ll be able to see where your company figures in […]

Do NOT follow this link or you will be banned from the site!