Monitoring

How much should we be monitoring our systems and users?

Aug 17th, 2016 Monitoring James Gillies

As company networks have evolved and become more complex, so has the “logging”. This means the results and reports from devices and applications all over the network, each pouring out with endless amounts of data, need to be interpreted into meaningful information. However, logging and monitoring are two different things. If you can’t detect an issue you can’t deal with it. Some of the largest…

Smartphones

We trust our staff, so why do we need to protect their smartphones?

Aug 10th, 2016 Data Breach, Home and Mobile Working James Gillies

Ubiquitous and permanently connected to the internet, smartphones are here to stay. As devices that talk to everything all of the time, they access corporate data more easily whilst boundaries to the company network blur or even disappear. Imagine: Joe from Accounts procures his new iPhone as part of his renewed contract and one of the first things he does after restoring the backup of…

Application Whitelisting, friend or foe?

Aug 3rd, 2016 Malware, Secure Configuration James Gillies

Before we go any further, let’s ask another question: Why would we need application whitelisting? Legacy controls such as Anti-Virus have become less effective at stopping the latest threats, user permissions may not be locked down, meaning users can “run anything”. Often companies build systems which must never be changed, or are very seldom updated due to the types of business-critical information they must process;…

Hacker in hood with laptop initiating cyber attack.

Should we plan for a Cyber Attack?

The bad guys are getting smarter. With all the best will in the world and all the tools at your disposal an incident is inevitable. Planning properly for such a Cyber Attack and putting in place contingency plans is a critical area of Cyber Security that is often ignored. The Cyber Security Breaches Survey 2016 reported that only 10% of UK business overall have a…

Cyber Security Awareness

Should we train our staff more on Cyber Security Awareness?

Jul 20th, 2016 User Education and Awareness James Gillies

Your users are the last line of defence and in almost all cases will make the difference between suffering a data security breach or not. As with disasters that can make the media, human error plays a major part during an incident. Users are the weakest link in the security chain, but if not empowered to make the right choice when they need to respond,…

Cyber Security Business Awareness

Is there a contradiction of business awareness and attitudes towards Cyber Security?

Jul 13th, 2016 Information Risk Management James Gillies

You are the boss of your organisation. Are you getting updates about Cyber Security within your business? Or possibly more importantly, are you asking for them? e.g What problems are we having that might be affecting our security posture and exposing my company? Is our Anti-Virus up to date? Are our backups OK and have they been tested recently? When were our firewall rules last…

Encrypt, Encryption

Do we need to encrypt our data if we are not a finance company?

Jul 6th, 2016 Compliance, Secure Configuration James Gillies

Recent years have demonstrated great efforts made by organisations to encrypt any data that needs to physically leave the building where it is normally stored – the “data at rest” is made unreadable to any person or entity that is not authorised to read that data. Traditionally it is patient and finance data that have been the focus, typically stored or used on a mobile…

Woman Working From Home On Laptop

Working from home: blessing or burden?

Jun 29th, 2016 Home and Mobile Working James Gillies

Depending on your point of view being able to “work from home” can be either a blessing or a burden. The same can be said for organisations who decide to permit home and mobile working. Over time this dilemma becomes compounded by the number of users who need (or demand!) access to an ever-increasing amount of business-line applications and resources whilst outside of the office….

Least Privilege Access

Should we be looking at managing Least Privilege Access on our company networks?

Jun 17th, 2016 Secure Configuration James Gillies

If you need to ask that question, then the answer is yes! When a user is working on their computer they have certain rights and permissions to access files and run programs. Ideally those rights and permissions should conform to a model of Least Privilege Access. Least Privilege Access is a concept where users working on the network are able to do their job and…

Only amateurs attack machines; professionals target people.

Bruce Schneier
Gravityscan Badge