dcsimg

Things to consider when processing biometric data

Biometric data is being used in countless systems these days. If you’ve ever used your fingerprint scan to unlock your phone or facial recognition software, then your biometric data is being processed.  But like any form of data, biometrics – i.e. information relating to individual’s physical, physiological or behavioural characteristics – are potentially accessible by malicious sources, and the … [Read more...]

3 challenges when securing ISO 27001 approval from the board

So you’ve decided that it’s in your organisation’s best interest to adopt ISO 27001, the international standard for information security. Good decision. Now you just need to convince the board to give you the financial backing and resources to implement the Standard.  That’s not as hard it once was, given how highly publicised data breaches now are. But you might still struggle to persuade senior … [Read more...]

How Ireland’s Credit Unions can meet their penetration testing requirements

Credit unions in Ireland are required to conduct a penetration test once a year, and send the results to the Central Bank of Ireland for review.  According to a report published by the Bank last year, credit unions are getting better at doing this. But for those that are still unsure how to complete this process or simply want to get better at it, this blog explains everything you need to know … [Read more...]

What do SMEs need to do to comply with the PCI DSS?

Organisations that accept card payments are responsible for the security of customers’ payment information and must comply with the PCI DSS (Payment Card Industry Data Security Standard). The PCI DSS is a set of tools and measures to help you protect payment card data. It applies to all organisations that transmit, process or store such information, but SMEs (small and medium-sized organisations) … [Read more...]

Why you should be concerned about employees using social media at work

There’s a time and a place for browsing social media, and for some of us that’s ‘all the time’ and ‘anywhere’. It doesn’t matter if you’re posting a quick Tweet, jumping to attention when you receive an IM or idly refreshing Facebook for updates; nothing can keep us in the real world for long.  And although employers have long since lost the battle to prevent staff glancing at their Facebook … [Read more...]

The GDPR: How to respond to data subject access requests

The introduction of the GDPR (General Data Protection Regulation) requires all organisations within its scope to give data subjects the right to review the personal data being held on them.  Individuals can make this request by submitting a DSAR (data subject access request), which organisations must respond to by providing:  Confirmation that the individual’s data is being processed.  Access to … [Read more...]

How to implement an ISMS aligned with ISO 27001

The rise of cyber attacks and data privacy concerns has information security a top priority for organisations. Many have chosen to mitigate the risk by implementing an ISMS (information security management system).  An ISMS is a system of processes, documents, technology and people that helps organisations manage, monitor and improve their information security in one place.  ISO 27001 is the … [Read more...]

List of data breaches and cyber attacks by region: May 2019

You might have noted that data breaches happen a lot. We post about incidents as often as we can, but it’s practically impossible to keep up.  That’s why we’ve decided to start compiling a monthly list of incidents from stories reported around the globe.  In our inaugural list, we look back at May 2019, in which there were at least 79 reported data breaches.  If we’ve missed anything, let us know … [Read more...]

The GDPR: When do you need to seek consent?

One of the most misunderstood aspects of the GDPR (General Data Protection Regulation) is its consent requirements. Many people believe that organisations must get consent to process personal data, but that’s not true. Consent is only one of the six lawful grounds you can seek, and it’s generally regarded as the least preferable option. Where possible, you should seek one of the following … [Read more...]

What we’ve learned about the GDPR in its first year

This time last year, organisations were scrambling to meet the compliance deadline for the GDPR (General Data Protection Regulation), people’s inboxes were flooded with last-minute pleas for consent and social media was rammed with GDPR memes.  Twelve months later and the commotion surrounding the Regulation has calmed, but its impact remains. In this blog, we look at the effects the GDPR has had … [Read more...]