dcsimg

5 common questions about SOC 2 compliance

Organisations that provide tech services and systems to third parties should be familiar with SOC (Service Organization Control) 2.  The framework is designed to ensure that relevant organisations – Cloud computing providers, Software as a Service companies, etc. – process information securely.  Service organisations are usually required to pass a SOC 2 audit in order to partner with or provide … [Read more...]

What to do when you’ve been infected with ransomware

Chances are, your organisation is going to have to contend with a ransomware attack in the near future. There were more than 850 million infections reported in 2018, and there are no signs of things slowing down.  Attacks can be a stressful time for organisations, with infections designed to scare recipients and grind your organisation’s productivity to a halt. Fortunately, we’re here to explain … [Read more...]

What is ISO 27001 and why should your organisation adopt it?

If you’re considering implementing ISO 27001, the international standard for information security, you’ve probably heard experts like us talk about the benefits.  But what exactly does the Standard do, and how does it help your organisation? This blog will answer both those questions.    What is ISO 27001?  ISO 27001 is the international standard that describes best practice for an ISMS … [Read more...]

Credit unions should be prepared for crimeware

We recently discussed why credit unions must conduct regular penetration tests. The bulk of that article covered the legal obligations for testing and the ways in which you can comply with those requirements.  However, we didn’t delve into the reason that penetration testing is essential – which we’ll put right here.    How penetration testing helps organisations  Penetration testing is … [Read more...]

Cyber attacks and data breaches in review: July 2019

July 2019 was one of the worst months ever from a cyber security perspective. With incidents like the massive breach at the Chinese tech supplier Orvibo and another leaked database filled with Evite customers’ personal details, the second half of the year began with a mammoth 2,226,042,039 breached records.  You can see a full breakdown of those breaches on our sister site, IT Governance UK. In … [Read more...]

How to become a data protection officer

As you might have expected, the GDPR (General Data Protection Regulation) has created a spike in demand for data protection and privacy experts. Organisations are desperate to hire people who can guide them towards regulatory compliance and avoid large fines.  For many organisations, this isn’t just a wish; they are legally required to find such a person and appoint them as a DPO (data protection … [Read more...]

The GDPR: Why you need to review your third-party service providers’ security

Organisations share personal data with third parties all the time, but can they be trusted?  The GDPR (General Data Protection Regulation) extended the scope of responsibility when it comes to data protection and privacy, so where does that leave you when it comes to security incidents caused by service providers?    How third-party relationships work under the GDPR Before we begin, let’s be … [Read more...]

How cyber insurance can help you manage information security risks

For years, organisations have been looking for ways to avoid the potentially catastrophic consequences of data breaches. They might have finally found the answer in the form of cyber insurance.  Like any insurance policy, cyber insurance helps cover the costs associated with relevant damages. This includes things like loss of productivity, assisting those affected by the breach and fixing … [Read more...]

Should you take a GDPR or DPO training course?

The introduction of the GDPR (General Data Protection Regulation) has led to a surge in interest in data protection training courses.  Education is particularly important for anyone taking on the responsibilities of the DPO (data protection officer), a position that’s become a formal requirement for many organisations.  But how should you pursue training? Should you enrol on a DPO training … [Read more...]

How the GDPR affects CCTV and workplace monitoring

Did you know that the GDPR (General Data Protection Regulation) doesn’t just apply to basic information like names and addresses, but also to information about people’s habits and movements?  This means that things like having CCTV and monitoring employees’ browsing activities are covered by the Regulation.  However, that doesn’t mean you can no longer put up cameras or track your employees; it … [Read more...]