dcsimg

How cyber resilience can help you comply with the GDPR

Cyber resilience is an emerging approach to tackling the threat of data breaches and disruptions, combining elements of cyber security and business continuity management. It acknowledges that traditional approaches to cyber security are increasingly inadequate, with organisations unable to cope with the number of threats facing them. With cyber resilience, organisations don’t put all their … [Read more...]

How to document your information security policy

Information security policies play a vital role in organisational security. Getting your policy right will give you an excellent framework to build on, making sure that all your efforts follow a single goal. But if you get it wrong, you risk neglecting key issues and exposing yourself to data breaches. To make sure you get off on the right track, we’ve taken some advice from Alan Calder and … [Read more...]

Still struggling with the GDPR? Here’s how you can get started

The GDPR (General Data Protection Regulation) has been in effect for more than seven months now, but many organisations still aren’t fully compliant with its requirements, and some are still only just getting started.  That’s obviously not ideal, but the good news is that organisations that are still working towards compliance don’t need to feel as though they’ve left … [Read more...]

Dublin law firm scammed out of €97,000

A Dublin law firm transferred €97,000 to cyber criminals after its email systems were hacked, the Law Society of Ireland reports. The crooks intercepted emails about a mortgage redemption, altering one in which the client’s bank account details were listed. The misappropriated funds have since been withdrawn from the crooks’ account, and the law firm’s loss will be covered by its cyber … [Read more...]

What’s the difference between an ISO 27001 risk assessment and gap analysis?

The ISO 27001 implementation and review process centres upon the risk assessment and gap analysis process. These two pivotal steps provide you with the bulk of the information you need comply with the Standard, so it’s essential that you get them right. The problem is that the two processes are very similar, meaning organisations can easily confuse the two and jeopardise their compliance … [Read more...]

What’s the difference between an ISO 27001 risk assessment and gap analysis?

The ISO 27001 implementation and review process centres upon the risk assessment and gap analysis process. These two pivotal steps provide you with the bulk of the information you need comply with the Standard, so it’s essential that you get them right. The problem is that the two processes are very similar, meaning organisations can easily confuse the two and jeopardise their compliance … [Read more...]

78% of customers won’t go back to a breached organisation

A Ping Identity study has revealed that 78% of people would no longer use a retailer’s online site if it had suffered a data breach. The 2018 Consumer Survey, which polled more than 3,000 people across Europe and the US, also found that: 48% of people won’t sign up for an online service if the organisation has recently been breached;56% of people won’t accept an increased service fee in … [Read more...]

The GDPR: Why your organisation needs to conduct DPIAs

DPIAs (data protection impact assessments) help organisations identify, assess and mitigate privacy risks to data processing activities. They are particularly important when introducing new data processes, systems and technologies. They are also essential for demonstrating compliance with the GDPR (General Data Protection Regulation). When are DPIAs necessary? Article 35 of the GDPR … [Read more...]

Building a cyber incident response team

Organisations are starting to acknowledge that it’s impossible to completely remove the threat of data breaches. You might be able to repel most incidents, but it’s important to have a CIR (cyber incident response) plan for the threats you can’t prevent. Effective CIR management can help you detect breaches quicker and earlier, and develop a robust defence against attacks to potentially save … [Read more...]

A quick guide to the GDPR’s data breach notification requirements

One of the biggest talking points of the GDPR (General Data Protection Regulation) is its data breach notification requirements. The rules, which include a strict 72-hour deadline for reporting incidents, have caused many organisations to question how they could possibly comply, and many will be tempted to put off their duties and deal with data breaches if and when the time comes. But make no … [Read more...]