dcsimg

So you’ve suffered a data breach? What to do next

It’s an announcement no information security specialist wants to make: the organisation has suffered a data breach. The breach is bad enough, but now everyone in the office is panicking. Some will grumble about how they’re going to miss deadlines, others will frantically wonder whether they’re responsible for the breach and a few will probably blame the InfoSec professional for not doing their job … [Read more...]

Are you ready for a data breach?

A new report has suggested that most SMEs (small and medium enterprises) don’t have anywhere near the estimated €102,000 it costs to respond to a data breach. InsuranceBee’s survey found that 83% of respondents had no money reserved to get back to normal following a cyber security incident, and 25% were unaware that that it would even cost money to put things right.   Breaches are … [Read more...]

Is it legal for organisations to request your date of birth?

When you sign up for an online service, you’re often asked to provide personal details. Usually, you won’t have a problem with this: an organisation obviously needs your name and email address to contact you. But when they start asking for seemingly unnecessary information, you might get concerned. Why do you need to give your date of birth when downloading a green paper? Or to create an account … [Read more...]

How effective are the GDPR’s rules on the age of consent?

If you’ve ever used an online service that requires age confirmation, you’re probably aware of how inadequate the restrictions usually are. All you’re asked to do is check a box or provide your date of birth. There’s no evidence required, and no one will follow up to make sure you were telling the truth.  Until recently, there were no signs that anybody was particularly bothered by these lax … [Read more...]

3 things you should do to prevent cyber attacks

Cyber attacks come in a variety of forms, each intended to exploit specific weaknesses in your organisation. As such, there’s no single way to stay secure.   There are countless things you can try, from following simple tips to making widespread changes, but discussing them all would probably leave you with more questions than answers. Instead, we’ve highlighted three things you must do to … [Read more...]

Why you should be worried about your partners’ GDPR compliance posture

The EU GDPR (General Data Protection Regulation) came into effect three months ago, and a lot of organisations are starting to feel happy about their compliance posture. They are less happy, however, with the practices of their suppliers and service providers.  Under the GDPR, organisations must ensure that personal information that they’ve obtained remains secure – even when it is shared with … [Read more...]

Two thirds of organisations aren’t GDPR-compliant

A survey has revealed that organisations across Europe still aren’t compliant with the EU GDPR (General Data Protection Regulation), even though the Regulation came into effect three months ago.  Only 34.5% of respondents to Deloitte’s study said they could demonstrate compliance with the GDPR. Another 32.7% hope to be ready by the end of 2018, and 11.7% said they are taking a ‘wait-and-see’ … [Read more...]

The GDPR: How to send sensitive information by email

Organisations always have to worry about the security of the information they send by email. You can never be certain who has access to your messages, and everyone has probably been guilty at least once of sending a message to the wrong person or accidentally hitting ‘reply all’.  Your misdelivered message might have only contained mundane chatter and left you feeling embarrassed. However, if your … [Read more...]

Majority of EU member states missed NIS Directive deadline

Critical service providers across Europe are in for a bumpy ride later this year, and they have their governments to thank. These organisations are subject to the NIS Directive (Directive on security of network and information systems), which each EU member state was required to transpose into national law by 9 May 2018.  However, we’re now three months past that deadline and only 11 nations have … [Read more...]

Meeting ISO 27001’s staff awareness training requirements

Staff awareness training is one of the most effective ways of preventing data breaches. That’s why it’s at the front and centre of ISO 27001, the international standard that describes best practice for an ISMS (information security management system).  The Standard recognises that, although technological defences are essential, their use is limited if employees make careless mistakes. There’s … [Read more...]