I’ve said before that much of your risk is internal. Here’s another piece of evidence: a survey by Sailpoint found that 27% of US employees would sell their work password for as little as $150. But of course it goes further than that. If they’ll sell their password, what else will they do? Will they … Continue reading Some people would sell their grandmothers
Month: March 2016
Top 5 Business Continuity Mistakes
Business continuity planning is a big part of your overall risk management framework – or should be. But if you’ve decided that it’s part of “IT security” and you’ve left it to the IT department, here are the top 5 mistakes you’ve probably made. 1. Continuity is about the whole business There’s no point having … Continue reading Top 5 Business Continuity Mistakes
Friday security round-up
More credit card details stolen – Rosen Hotels have admitted that they’ve had active malware stealing credit cards inside their systems for 18 months. You’d think after all the other point-of-sale compromises in the last couple of years, retailers would have tried a bit harder to check if they were infected. Have you checked? Blackmail … Continue reading Friday security round-up
Let’s talk about encryption
Why are politicians sometimes such idiots? The French recently voted to criminalise bosses of tech firms who refused to decrypt user data when requested. Don’t worry, it’s not law yet, and likely won’t ever be, but you have to ask yourself how hard it is to understand how encryption works. The whole point of encryption … Continue reading Let’s talk about encryption
How do you destroy a business?
Say I’m out to get you. I might be a disgruntled employee, or a business rival. What’s my best way of taking your business down? Let’s assume I can gain access to your network – easy enough if I’m an employee, after all. I could leak all your confidential information to your competitors – or … Continue reading How do you destroy a business?
Is your network running slow?
Internet pages taking a while to load? Struggling to pick up your email? Corporate Dropbox downloads taking forever? Quick – reboot the router; shout at the IT department; buy more bandwidth… Or you could have a look at what’s going on inside your network. Here’s are the top 4 reasons we find customer networks going … Continue reading Is your network running slow?
A taste of things to come
Facebook are in trouble again. You remember how a case brought by Max Schrems, an Austrian student, ended up bringing down Safe Harbour – the scheme that allowed EU citizen data to be sent to the US for processing? Well, now Facebook is being investigated by the German anti-cartel authority. The headline is that they … Continue reading A taste of things to come
It’s in PCI-DSS – so why don’t you do it?
PCI-DSS is a pain in the backside. There: you think it, I said it. However, it's also got some good stuff that's not just useful for protecting card numbers, but general network security best practice. One example is the requirement that you change the default passwords and disable guest accounts on network devices. Sounds obvious, … Continue reading It’s in PCI-DSS – so why don’t you do it?
Snapchat phished, 10% of the world breached, good news for Apple, and more
Today’s instalment of doom and gloom from the cyber front-lines. So Snapchat, purveyor of self-destructing genital imagery, fell foul of phishing this week. Thankfully for the world’s teenagers, it wasn’t user data that was compromised (this time – remember the Snappening?) Instead some poor soul in their HR department was hit with the now hackneyed … Continue reading Snapchat phished, 10% of the world breached, good news for Apple, and more
And in other news…
Here’s today’s summary of all the security news that’s fit to print (and at least vaguely relevant to normal people). The ICO is preening over having effectively shut down a cold-calling firm that breached rules on automated calls. The fine? £350,000. The company’s reaction? Liquidation. Hmmm. So pop quiz: what will the ICO do the … Continue reading And in other news…