dcsimg

A compliance checklist for the 12 requirements of the PCI DSS

Any organisation that stores, processes or transmits payment card data must comply with the PCI DSS (Payment Card Industry Data Security Standard).  The Standard contains 12 requirements, which we’ll run through in this blog along with an overview of the steps you should complete to meet each one.   1. Install and maintain a firewall configuration to protect cardholder data Firewalls control … [Read more...]

How will a no-deal Brexit affect data transfers between Ireland and the UK?

With the UK once again on the precipice of Brexit, organisations across Ireland remain shackled by uncertainty. There is still no clear picture on what Brexit will look like, and fundamental issues, like whether the UK will strike a formal agreement with the EU before it leaves, are up in the air.  The prospect of a no-deal has increased since Boris Johnson became prime minister, but experts still … [Read more...]

5 common questions about SOC 2 compliance

Organisations that provide tech services and systems to third parties should be familiar with SOC (Service Organization Control) 2.  The framework is designed to ensure that relevant organisations – Cloud computing providers, Software as a Service companies, etc. – process information securely.  Service organisations are usually required to pass a SOC 2 audit in order to partner with or provide … [Read more...]

What to do when you’ve been infected with ransomware

Chances are, your organisation is going to have to contend with a ransomware attack in the near future. There were more than 850 million infections reported in 2018, and there are no signs of things slowing down.  Attacks can be a stressful time for organisations, with infections designed to scare recipients and grind your organisation’s productivity to a halt. Fortunately, we’re here to explain … [Read more...]

What is ISO 27001 and why should your organisation adopt it?

If you’re considering implementing ISO 27001, the international standard for information security, you’ve probably heard experts like us talk about the benefits.  But what exactly does the Standard do, and how does it help your organisation? This blog will answer both those questions.    What is ISO 27001?  ISO 27001 is the international standard that describes best practice for an ISMS … [Read more...]

Credit unions should be prepared for crimeware

We recently discussed why credit unions must conduct regular penetration tests. The bulk of that article covered the legal obligations for testing and the ways in which you can comply with those requirements.  However, we didn’t delve into the reason that penetration testing is essential – which we’ll put right here.    How penetration testing helps organisations  Penetration testing is … [Read more...]

Cyber attacks and data breaches in review: July 2019

July 2019 was one of the worst months ever from a cyber security perspective. With incidents like the massive breach at the Chinese tech supplier Orvibo and another leaked database filled with Evite customers’ personal details, the second half of the year began with a mammoth 2,226,042,039 breached records.  You can see a full breakdown of those breaches on our sister site, IT Governance UK. In … [Read more...]

How to become a data protection officer

As you might have expected, the GDPR (General Data Protection Regulation) has created a spike in demand for data protection and privacy experts. Organisations are desperate to hire people who can guide them towards regulatory compliance and avoid large fines.  For many organisations, this isn’t just a wish; they are legally required to find such a person and appoint them as a DPO (data protection … [Read more...]

The GDPR: Why you need to review your third-party service providers’ security

Organisations share personal data with third parties all the time, but can they be trusted?  The GDPR (General Data Protection Regulation) extended the scope of responsibility when it comes to data protection and privacy, so where does that leave you when it comes to security incidents caused by service providers?    How third-party relationships work under the GDPR Before we begin, let’s be … [Read more...]

How cyber insurance can help you manage information security risks

For years, organisations have been looking for ways to avoid the potentially catastrophic consequences of data breaches. They might have finally found the answer in the form of cyber insurance.  Like any insurance policy, cyber insurance helps cover the costs associated with relevant damages. This includes things like loss of productivity, assisting those affected by the breach and fixing … [Read more...]