Cyber attacks and data breaches in review: April 2020

Despite organisations across the globe being forced to shut down to combat coronavirus, there were still 216,141,421 breached records in April – demonstrating that cyber criminals can thrive under any circumstance. The true scale of the threat is probably even larger, given that many businesses operating with limited resources would have a much harder time detecting a security incident. As always, … [Read more...]

Is your organisation PCI DSS-compliant during the coronavirus pandemic?

Many of us have adapted well to working from home during the coronavirus pandemic, but employees responsible for handling payment card transactions won’t have had such an easy time. That’s because they’re required to perform their jobs in line with the PCI DSS (Payment Card Industry Data Security Standard), which contains a set of requirements on the technologies and processes that are used when … [Read more...]

The data protection DOs and DON’Ts during the COVID-19 crisis

You’ve no doubt come across dozens of articles advising you on how to cope during the COVID-19 crisis. However, it’s not only the physical and mental wellbeing of your staff that you need to look after but also your organisation’s ability to prevent security incidents. With employees working from home and no longer subject to the security protections that the office provides, it can be hard to … [Read more...]

A quick guide to the GDPR’s articles and recitals

There is such a breadth of information online about the GDPR (General Data Protection Regulation) that it can be daunting to find even basic clarifications on its rules and requirements. With this blog, we hope to simplify things, providing quick explanations of the GDPR’s core concepts. For those who want to learn more about each topic, we have links to articles where we’ve discussed the issue in … [Read more...]

What are the security risks of Cloud computing?

Cloud services are an integral part of modern business, with as many as 94% of organisations using it for at least some part of their operations. The reliance on Cloud services will soar in the coming weeks and months, as employees work from home where possible in the fight against the 2019 novel coronavirus pandemic. Separated from the office and local hard drives, employees will be able to use … [Read more...]

What’s the difference between information security and cyber security?

Are you confused about the terms ‘information security’ and ‘cyber security’, and why some people use them interchangeably? You’re not alone, as many discussions on data protection and cyber crime overlook the nuances that define the industry. We aim to correct that here, providing a simple explanation of both terms and how they fit into your organisation. What is information security? Information … [Read more...]

ICO issues £500,000 fine to Dixons Carphone over data breach

Dixons Carphone, based in the UK, has been fined £500,000 (about €589,000) following a cyber attack that compromised the data of approximately 14 million people.   An investigation conducted by the UK’s ICO (Information Commissioner’s Office) found malware installed on 5,390 tills between July 2017 and April 2018.    Details of the breach The criminal hackers collected payment card … [Read more...]

Nine steps to successful ISO 27001 implementation

It may be something of a cliché but, for information security management system (ISMS) projects, it is certainly true to say that ‘well begun is half-way done’. The person charged with leading an ISO/IEC 27001:2013 ISMS project has to reduce something that looks potentially complex, difficult and expensive in terms of time and resources, to something that everyone believes can be achieved in the … [Read more...]

Cyber attacks and data breaches in review: November 2019

The numbers don’t tell the full story this month. There may have been 1.34 billion breached records disclosed, but almost all of them came from a single incident of ambiguous origin.  Likewise, there were an abnormally high number of incidents in which the organisation didn’t reveal the number of affected records, so it’s a hard month to define in terms of cyber security success.  What we are sure … [Read more...]

Q & A: The challenges for Data Protection Officers (DPOs)

Under the GDPR (General Data Protection Regulation), many organisations are required to appoint a DPO (data protection officer). Our recent webinar, ‘Challenges for data protection officers (DPOs)’, provided an introduction to the role and its requirements, covering the DPO’s responsibilities and the challenges they face. This was followed by a Q&A session with our GDPR expert Alice … [Read more...]