dcsimg

ISO 50001: What you need to know about energy management systems

All organisations are looking to gain a competitive advantage. One way of doing this is to use resources more efficiently; after all, less consumption equals lower costs and higher profits.   Of course, responsible energy consumption has proven easier said than done over the years, even with growing public and government interest in pollution.  The fact is organisations need electricity and, in … [Read more...]

Is your CRM (customer relationship management) system GDPR compliant?

Organisations that use a CRM (customer relationship management) system will have plenty of experience handling large volumes of personal data, which can be both a good and bad thing when it comes to the GDPR (General Data Protection Regulation).  On the one hand, they’ll be familiar with the importance of keeping information such as names, email addresses and dates of birth secure, and updating or … [Read more...]

Worried about data breaches? Check out our 8-step incident response guide

The key to a successful cyber security strategy is preparation. If you have a plan for how to manage data breaches and other disruptions, you can get to work on remediation immediately.  And what’s more, everyone in your organisation knows their roles. There’ll be no one wandering around unsure what to do as a crisis unfolds.  Instead, people will turn to management, who can relay instructions and … [Read more...]

Microsoft is the most frequently impersonated brand in phishing scams

With hundreds of millions of phishing emails sent each day, we are all familiar with dodgy messages supposedly from a service we use telling us that we need to urgently address some “suspicious activity”.  In fact, we probably receive more phony security alerts than real ones. It’s getting to the point where many of us see an email from our most trusted brands and assume that it’s a scam.  This is … [Read more...]

How to identify and respond to cyber threats

“How can we avoid cyber attacks?” That’s the question every organisation is asking as the threat of cyber crime continues to spiral.  It’s easy to point to solutions like anti-malware software or encrypting sensitive information, but as we explain in this blog, things are rarely that simple.  That’s because threats come in many forms, and it takes a holistic approach to deal with them … [Read more...]

Why a cyber security culture is essential for your organisation to succeed

Do your employees complain about having to take information security training courses? Are they still practising poor data protection practices?  If so, you have a poor cyber security culture and are liable to suffer a data breach sooner rather than later.  Lax practices in the workplace mean it’s not just cyber criminals you should be concerned about but also breaches caused … [Read more...]

ISO 27001 qualifications: Lead Auditor or Lead Implementer?

If you’re new to ISO 27001, the international standard for information security management, you might be finding it difficult to choose a training course that suits your needs.  A problem many people have is deciding between a lead auditor and a lead implementer training course.  What’s the difference between the two? It really is as obvious as it sounds: an implementer implements an ISMS … [Read more...]

The evolution of ITIL: How the framework has reshaped IT service management

A new version of ITIL® was released this year, providing more nuanced and practical guidance on ITSM (IT service management).  Although ITIL 4 is markedly different from its predecessors, each iteration shares the same essential framework, concept and knowledge. Let’s take a look at how ITIL has evolved and what the latest version contains.    A brief history of ITIL ITIL was developed by the … [Read more...]

3 reasons you should give your DPO specialist training

Organisations that appoint a DPO (data protection officer) will have a significantly different approach to information security than those that don’t.  The person who fills the position is responsible for monitoring the organisation’s data protection practices and helping staff understand their regulatory requirements, amongst other things.  Under the GDPR (General Data Protection Regulation), … [Read more...]

7 ways your organisation can suffer a data breach

Organisations of all sizes are waking up to the threat of data breaches. But don’t be fooled into focusing on the prospect of a hacker breaking into your systems. There are many other ways that your organisation can be compromised.  Let’s take a look at seven of the biggest cyber security threats you should be concerned about.   1. Employee error Data breaches aren’t always malicious attacks. … [Read more...]