Working from Home? Don’t Forget Information Security.

working remotely information security

So COVID-19 or the Corona Virus as it’s still commonly referred to is really beginning to bite now, our news media outlets are immersed in the subject 24/7 so I won’t burden you with yet more facts and figures. We won’t be trying to clumsily shoehorn a sales message into this piece. Instead, we thought […]

Will ISO 27701 be the new certification trend for GDPR?

ISO 27701 GDPR

The General Data Protection Regulation (GDPR) may have come into force in 2018 but 2019 was the dominating year for it. Last year, we saw companies put more effort into not only achieving GDPR compliance but into actively maintaining it. This is harder to do than it might seem — as just one mistake can result in a […]

What can we learn from 2019 data breaches

2019 breaches

We thought we would start 2020 by looking backwards. Specifically looking back at the biggest data breaches of 2019, seeing how many records were breached, getting a broad understanding of the nature of the attacks and then looking forward to seeing how we can learn lessons and protect our data assets better in the future. […]

As a nation, are we cyber security aware?

In the following blog post, we are going to shine a spotlight on the general cyber threat landscape in the UK, examine the most prevalent forms of attack and look at the detrimental implications these attacks have on organisations. After reading this post, we hope you’ll be able to see where your company figures in […]

Why you should deploy Simulated Social Engineering Testing against your workforce

Why you should deploy Simulated Social Engineering Testing against your workforce

Social Engineering can be summed up as ‘hacking the human’. Traditional malicious hacking attacks a digital instance of an organisation (i.e. website, network or system) and attempts to gain unauthorised access or cause harm by exploiting a vulnerability. Social engineering instead focuses on a person and attempts to exploit human frailties by coercing or tricking […]

Why human error is the top threat to cyber security

Employee error still reigns as the number one threat for data breaches even with modern day security solutions. The numbers don’t lie, with anywhere from 70 – 80% of all breaches being attributed to staff. Yet many organisations do not have a mature information & cyber security awareness programme in place. As we mentioned in […]

Red Team Testing – not just a Penetration Test in a posh hat

Penetration Testing is not Red Team Testing

The term Red Team Testing has been around for a while, its origins are from the military, wherein simple terms, team A (the Blue Team) would be tasked with defending a specified zone and team B (the Red Team) would be tasked with attacking it. Thus, highlighting deficiencies in both the Blue Team and Red […]

Why Information Security Awareness Training is Important

a young male using the eRiskology Information Security Awareness elearning portal

Good information security awareness training can turn your workforce into the strongest line of defence instead of the ‘weakest link’.  Around 70 – 80% of all breaches can be attributed to the human element, yet companies often focus their resource of software-based security solutions. Where do we start? If you haven’t already found our post […]

What’s the difference between Information Security and Cyber Security?

“Ah you want the Security Department, this is the Department of Security” I saw a headline the other day, the basic premise of which was suggesting that IT should take full responsibility for cyber security, removing the onus of it from users, thus allowing creatives to be more, well, creative. To be honest, I didn’t […]

Risk Crew