Securing your on-line doors and windows

Most homes and businesses have physical security controls including strong locks on doors and windows, a security alarm and CCTV that will deter a thief from attempting to break-in, make a robbery attempt fail or subsequent arrest inevitable. In the UK if a criminal is caught committing a robbery the sentence is from 12 months to life depending on the circumstances.

Theft of customer information, personal details and trade secrets are just three of the key areas in which cyber-crime is increasing, and in many cases, the crime will go unnoticed until the information is used to commit a real-world crime. […]

Information Security

Is it Security Awareness or Training

Earlier today someone suggested that security awareness training should be delivered in a similar manner to the green cross code as the desired outcome for both activities is the same.

As a child I was a proud member of the tufty club, which taught kids from the 1960’s and early 1970’s the dangers of playing near and crossing roads. In the mid 70’s the first version of the Green Cross code was published consisting of a step by step procedure to assist pedestrians cross the road safely. Rather than squirrel and other woodland creatures the code had a superhero called the Green Cross Code man who appeared in adverts from 1975 until until 1990. […]

Evaluating the potential cost of a cyber-attack

Organisations are becoming much more aware of the threat of cyber crime, but many are still finding it difficult to translate this threat into real business terms.  The potential impact of a successful cyber-attack on your business’s bottom line is not that easy to define, because attacks could range from a “drive-by” denial of service attack through to the targeted theft of intellectual property.  […]

The Threat Within

Christmas is an expensive time of the year and with the recession and lack of pay rises in many companies, a lot of people are starting to feel the pinch. This presents a potential security threat to a company as people who are struggling may be tempted to look for other ways to raise extra money. Company data may become at risk of disclosure, such as a call centre worker selling customer information to a competitor to give them a competitive advantage or knowledge of when a re-occurring contract may come to an end. Malicious damage could be caused to systems and data or a delay could be caused to a project, which would benefit a competitor. Alternatively an employee may become frustrated with their situation and blame the company which may also lead to malicious damage being caused. The last consideration is that it may not be a sole employee who is looking to steal or cause malicious damage but there may be multiple people involved. […]

How Cyber Essentials helps against attacks and vulnerabilities

Whilst many companies, and in particular SMEs, have historically not recognised the requirement for investment in maintaining robust IT security measures, the following statistics make worrying reading:

  • Earlier this year, the PwC Information Security Breaches Survey 2014 highlighted the fact that the cost of a breach to an organisation has almost doubled since the previous year. The average cost to a large organisation for the worst level of security breach is between £600k and £1.15m (up from £450 to £850k a year ago). The average cost to a small business for its worst security breach is between £65k and £115k (up from £35 to £65k a year ago)
  • During the last year significant global brands have been impacted by Information security attacks. These include Ebay, Target, Sony, Evernote and WordPress; and
  • According to the RSA monthly fraud reports the UK is the 4th most attacked country by volume after the United States, China and the Netherlands.

In response to this growing threat, the UK Government, in consultation with industry, launched the Cyber Essentials IT security standard in June 2014. […]

ISO27001 Working for your business

ISO/IEC27001:2013 is the international standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).

As the fear of security issues increases in business, customers are looking for reassurance from companies who are likewise seeking reassurance from their suppliers that information security is being managed to ensure protection of their data. For many companies the solution to responding to these concerns is alignment with ISO27001.

This article covers some of the key points we have found that will make ISO27001 work for your business. […]

Data leakage, this time its personal

On almost a daily basis the media share stories of confidential information being disposed of in park bins, laptops being found in taxis and passwords being published on the internet. While this is undoubtedly concerning, the findings from a global security study on data leakage have revealed that the data loss resulting from employee behaviour poses a much more extensive threat than many IT professionals believe. […]

Management Buy-in for ISO27001 Implementation

Overcome obstacles for Management Buy-In for Information Security

For any security plan to be effective, the co-operation of staff at all levels is essential. Achieving this is easier said than done, with other priorities and lack of communication often proving to be stubborn obstacles.

To ensure staff buy-in, management must be seen to fully support an information security plan and this can be a tough obstacle to overcome. Finding the best way to justify a security plan in the face of objections can be a challenge, but being prepared with the facts about the risks and benefits will be a big advantage. […]

Advanced Persistent Threats (APTs)

The term ‘APT’ usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. It is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information. […]