How will e-Discovery affect your business?

Mar 23rd, 2017 Compliance, Data Protection, GDPR, Privacy James Gillies

As GDPR enforcement approaches you should start to think about the ESI (Electronically Stored Information) held on your systems that could contain personal data. Whilst reviewing how data is being stored, processed, transferred, updated and protected you must also consider how to later perform e-Discovery on all of that data. Not unlike the proverbial see-saw, the more you lock something away the more difficult it…

If all is well, what should we be doing next?

Mar 16th, 2017 Information Risk Management James Gillies

It’s important to understand your security posture, through regular reporting mechanisms, notifications and completion of remediation tasks. But as with many things, Cyber Security is a journey not a destination. Whilst you should be aware of both negative and positive aspects of your security posture, there is always room to ask further questions. Discuss, debate and even argue as required to move forward with the…

Cloud

Review your cloud providers and the data they process for you

Mar 8th, 2017 Data Protection, GDPR James Gillies

Previously a buzz word and often tongue-in-cheek as another fad that would come and go, whether we like it or not, or are even aware of it Cloud computing is now being used by half of all UK businesses. Market research company Ipsos Mori reported last year that 66% of UK medium sized firms use cloud providers to host websites or email, or transfer or…

reverse proxy

Why would our Organisation need a Reverse Proxy and Web Application Firewall?

Mar 2nd, 2017 Network Security, Secure Configuration James Gillies

As your business becomes more mature in its approach to Cyber Security you may have a business objective to expose certain web services to the internet, Microsoft Outlook Web Access and ActiveSync being examples. Although trivial to expose such services via standard perimeter firewall rules, it has become increasingly risky to do so without having extra layers of defence in place to protect business data…

encryption

Should we be re-considering implementing encryption in our organisation?

Feb 23rd, 2017 Compliance, Confidentiality, GDPR, Secure Configuration James Gillies

In today’s digital world data is considered to be the crown jewels and should be protected from those that might abuse it. The value to the business that data represents should be balanced against the risk of it being exposed. Traditionally viewed as a pure security issue, as data protection laws start to change this will become much more of a compliance issue. In simple…

GDPR

Is the countdown to GDPR the new Y2K?

Feb 15th, 2017 Compliance, Data Protection, GDPR James Gillies

The countdown to the new millennium heard of horror stories predicted for planes falling out of the sky for failing to deal with the looming date of 31st December 1999. Working in a bank all night I witnessed the world transit through the different time zones, following the dawn. By the time we in the UK were in the early hours of the New Year…

vulnerable

How vulnerable is my business to a Cyber Attack today, and what about tomorrow?

If to be forewarned is to be forearmed then it makes sense in terms of defending against Cyber Threats to know exactly where your weaknesses are. As mentioned previously, 90% of exploits are from known vulnerabilities – so it’s a no-brainer for you as the data owner to know just how vulnerable your infrastructure is to a potential breach. Although operationally efficient, patching your servers…

This is a drill, repeat this is a drill!

Feb 2nd, 2017 Incident Response James Gillies

We’ve all been on the phone at some point when the fire alarms go off. “Excuse me, I’ll have to call you back…” is usually the response. Then, with minimum of fuss we would all quietly file out of the building, and congregate in a pre-designated area awaiting further instructions. After various checks were completed we would be informed that we were all present and…

Predictions

4 Cyber Threat predictions for 2017

As many predictions including my own in 2016 demonstrated, email as an attack vector is back with a bang as business everywhere were attacked through phishing emails, tricking people into opening malicious links and bogus attachments – often leading directly to a data breach. Spear Phishing targets specific individuals and business units, the recent US election highlighted an example of this. There was also a…

IoT

Does the IoT = NextGen DDoS?

Last week witnessed a massive Distributed Denial of Service attack against Dyn.com, who provide DNS services to major websites. This had the effect of disrupting users of Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix. The ‘botnet’ that performed this DDoS attack was comprised of hacked IoT (Internet of Things) devices, partly comprised of Chinese-made digital video recorders and IP cameras. The devices had been compromised…

Gravityscan Badge