Ransomware is affecting increasing numbers of organisations, causing the UK to be the second most attacked country globally (in 2020) for ransomware attacks. Which is costing UK businesses a total of £365 million for the year. It’s a huge figure. What can you do to reduce that figure? The answer to that question is, protect […]
Are your IoT devices secure? Internet of things (IoT) devices have seen year on year increases in business and personal use because they are usually beneficial in being convenient and easy to use. IoT devices are used for various purposes, from making smart homes to implementing a business’s security system. As with all internet connected […]
Risk Crew, the elite group of information security governance, risk & compliance experts, and the forerunners in the design & delivery of innovative & effective solutions, is proud to announce an addition to the GRC portfolio of services: SOC 2! What is SOC 2? SOC 2 is a type of audit that ensures the organisation […]
Let us begin by describing how to approach Cyber Supply Chain Risk Management (C-SCRM) and the risks your vendors pose to you. Then we will discuss if you should require them to show evidence that penetration testing was conducted and what remediations were taken. C-SCRM in a nutshell For simplicity let us split suppliers into […]
What is a SOC? The difference between SOC 1, 2 and 3 is quite important assuming that you know what SOC is. Most people will have heard of a SOC audit report, but for those who do not understand what SOC stands for, let us start from the beginning. SOC is the acronym for System […]
additionally, Last update: 25 January 2022 Web applications are an essential component of any modern business. They can help convey the company vision, advertise services and deliver content to customers. Regardless of their use, they are a necessity to make oneself or a business known to the world. However, as beneficial as they can be […]
Why else should you attend the webinar? You’ll not only receive expert insight into triggers and mistakes to avoid but will have the opportunity to ask your pressing questions surrounding the DPIA tool – which is the key to DPA and GDPR compliance. What else will be covered on DPIAs? The 4 objectives for […]
Here’s a funny thing – recital 84 of the EU’s GDPR legislation states “…where processing operations are likely to result in a high risk to the rights and freedoms of natural persons, the controller should be responsible for the carrying-out of a data protection impact assessment…”. Paragraph 1 of Article 35 says pretty much the […]
Are you managing personal data deletion correctly under the DPA and GDPR? Does everyone in your organisation know what to delete and when to delete? It might seem like an easy task but many still struggle with this. The deletion of 213,000 UK police records due to incorrectly flagged files for deletion is a good […]
Cyber security is a journey and not just a destination. In the ever-changing security landscape, regular testing and mitigation are required. To prevent testing efforts from feeling like a sinkhole in time and funding, KPIs can be used to track the output of testing to show progress and motivate internal teams to improve their practices. […]