dcsimg

How does the GDPR affect sole traders?

Almost all EU-based organisations are affected by the GDPR (General Data Protection Regulation), from sole traders to multinationals.  But even though the GDPR unifies data protection rules across Europe, not all businesses will face the same problems. We’ve covered many of the issues you’re likely to face, but this blog focuses on the way sole traders should approach their compliance … [Read more...]

Your employees are your biggest cyber security threat

Anti-virus software, firewalls, data encryption – these are go-to security solutions for most organisations.  The problem with that? They are each designed to stop cyber criminals accessing your systems but are of little help when it comes to your biggest security weakness – human error.  Studies repeatedly show that organisations are more likely to be breached from an employee misplacing, … [Read more...]

How EU organisations’ GDPR requirements will change in a no-deal Brexit scenario

We’re now, once again, on the precipice Brexit, and as the deadline nears, you’ll see more stories appear about how EU-based organisations will be affected by the UK’s departure from the EU.  European organisations with ties to the UK are particularly concerned about the ramifications of the GDPR (General Data Protection Regulation). With the UK’s EU status up in the air, organisations must … [Read more...]

3 advantages of BYOD policies

Technological innovation has revolutionised business. Things like Cloud computing and the rise of remote working have made our jobs more flexible than ever, but it’s not only home workers who reap the benefits, as the rise of BYOD (bring your own device) policies has shown.  If you’re not familiar with the term, it refers to organisations allowing or requesting employees to use their personal … [Read more...]

ISO 27701: the new international standard for data privacy

There’s a new standard for data privacy – ISO 27701. It’s the first document in the ISO 27000 series dedicated to privacy, explaining how organisations can create a PIMS (privacy information management systems) and meet best practices outlined in regulations such as the GDPR (General Data Protection Regulation).  Its controls will be very familiar to those who have adopted ISO 27001, the … [Read more...]

Demonstrate your PCI DSS compliance with by completing an SAQ

Organisations that accept card payments are responsible for the security of customers’ payment information and must comply with the PCI DSS (Payment Card Industry Data Security Standard).  Compliance will be a lengthy process for some, but organisations that handle fewer than six million transactions annually can speed up the process by completing an SAQ (self-assessment questionnaire).  There … [Read more...]

5 steps to an effective ISO 27001 risk assessment

Risk assessments are one of the most important parts of an organisation’s ISO 27001 implementation project.  The process can be tricky, but this blog simplifies the process by breaking it down into five easy-to-follow steps.   1.Establish a risk management framework One of the key elements is having conditions for performing a risk assessment – e.g. annually and whenever there is a … [Read more...]

How CISMP can help you build a successful career in information security

There are plenty of reasons a career in information security might appeal: it’s rewarding, there’s huge demand for skilled professionals and it pays well.  Plus, you don’t need to study for years and get a degree to enter the industry. All you need to get started is a CISMP (Certificate in Information Security Management Principles).   What is CISMP? CISMP provides a broad introduction to … [Read more...]

How to write an information security policy – with template example

Information security policies are arguably the most important part of an organisation’s defences, as the biggest threat you face comes from employees.  Whether they’re making honest mistakes, ignoring instructions or acting maliciously, employees are always liable to compromise information. Technological defences can help mitigate the damage, but these must be accompanied by effective information … [Read more...]

Cyber attacks and data breaches in review: August 2019

A glance at the numbers this month suggests that cyber criminals, like the rest of us, enjoy their summer holidays. The 114,686,290 breached records is infinitesimal compared to last month’s total and about 10% of the monthly average. However, the figure comes from 95 incidents, which is the biggest total we’ve tracked this year. Plenty of those breaches occurred in Europe, so let’s delve into a … [Read more...]