6 rules to avoid disaster: a practical guide to phishing and spear-phishing

A chain is only as strong as its weakest link. Are you that link? Hackers don’t come in through the firewall. They come in, most of the time, through a much easier route: the staff. How? By exploiting basic psychology, and being prepared to do a little research. The easiest way to get someone’s password … Continue reading 6 rules to avoid disaster: a practical guide to phishing and spear-phishing →

Where’s your data? A French magistrate may just have killed SafeHarbor.

If your company handles personal data, you’ve just been served a wake-up call by a Frenchman. Yves Bot, who serves as an Advocate General at the European Court of Justice, has just given an opinion – which is non-binding, but usually followed by the Court – to the effect that Facebook shouldn’t have stored an … Continue reading Where’s your data? A French magistrate may just have killed SafeHarbor. →

Why security awareness training is more important than firewall upgrades

Most people’s image of cyber-crime comes from the media. A slovenly teenager sits in a darkened room, typing frantically in front of a bank of screens. Cut to shirtsleeved workers, typing in equally frantic defence in front of their screens. At some point the hacker is “through the firewall” and has complete control. Shortly afterwards … Continue reading Why security awareness training is more important than firewall upgrades →

Non-exec? Are you asking the right questions?

A non-exec directorship might (unfairly) be seen as a sinecure – a reward for a career’s accomplishments – combining a comfortable stipend with a light workload and the occasional decent lunch. Once upon a time this might well have had some truth to it, but the winds of change have long blown through the boardroom, … Continue reading Non-exec? Are you asking the right questions? →

Why do we let large businesses behave so badly?

Virgin Media want me to let them use my home internet connection so they can provide free wi-fi to other Virgin customers who may be passing. Presumably, in time, they will also charge non-Virgin customers for the same privilege, so generating revenue from an infrastructure I paid them to install. The incentive for me is, … Continue reading Why do we let large businesses behave so badly? →

How much would you pay for privacy?

I’m a security consultant, and so a professional paranoiac. Most of the time I defend my personal information like a rabid pitbull. But I’m also a cyclist, and as a consequence I’m happy to share my location, heart rate, sleep patterns, step count, cycling habits, height, weight, body fat content and a whole range of … Continue reading How much would you pay for privacy? →