Please consider updating your browser. Some parts of the website may not function as intended.

3 Triggers for Conducting a DPIA

Here’s a funny thing – recital 84 of the EU’s GDPR legislation states “…where processing operations are likely to result in a high risk to the rights and freedoms of natural persons, the controller should be responsible for the carrying-out of a data protection impact assessment…”. Paragraph 1 of Article 35 says pretty much the […]

Personal Data Deletion Done the Right Way

personal data deletion

Are you managing personal data deletion correctly under the DPA and GDPR? Does everyone in your organisation know what to delete and when to delete? It might seem like an easy task but many still struggle with this. The deletion of 213,000 UK police records due to incorrectly flagged files for deletion is a good […]

4 Simple Security Testing KPIs

security testing kpis

Cyber security is a journey and not just a destination. In the ever-changing security landscape, regular testing and mitigation are required. To prevent testing efforts from feeling like a sinkhole on time and funding, mechanisms can be used to track the output of testing to show progress and motivate internal teams to improve their practices. […]

Risk & Compliance Predictions for 2021: A Not to Miss Webinar

If change is the only constant in cyber security, then what will the year ahead of us bring? How can we prepare for ever-evolving threats?   Register for the webinar: Risk & Compliance Predictions for 2021 The session will cover: The challenges of greater enforcement Ransomware and the next generation of threat vectors What boards […]

How to Mitigate DNS Hijacking

DNS Hyjacking

The term Domain Name System (DNS) hijacking unfortunately tends to be misused in the industry, which includes DNS poisoning for instance. In this blog post we will use the definition adopted by the UK National Cyber Security Centre (NCSC) that states “DNS hijacking refers to the unauthorised alteration of DNS entries in a zone file […]

Get WFH Cyber Security at the Forefront of Staff’s Minds

wfh cyber security

Is your staff is staying resilient with protecting company information assets now that Working from Home (WFH) is the ‘Now Normal’? Do you know if they are aware of the tactics that threat actors are using, and do they have cyber security front of mind? If you are unsure, you are not alone. Last year, […]

Vulnerability Scanning and Penetration Testing – Know the Difference

There are a variety of different ways to assess the security integrity of the systems that process, store, or transmit your information assets. But I find it odd that this far down the cyber security road, a lot of businesses still don’t understand the basic difference between Vulnerability Scanning and Penetration Testing. I know it […]

Breach Alert: SolarWinds Orion Network Backdoor Compromise

Backdoor Attack

Please be advised that SolarWinds has issued an urgent security advisory for their Orion Platform. It’s claimed that nation-state actors aggressively targeted at least two U.S. Government Agencies to include the US Department of Treasury and the National Telecommunications and Information Administration. Additionally, other global organisations in various industries ranging from telecoms, major retail chains […]

Risk Crew