Have we passed peak convenience?

Being involved in cyber-security can be quite depressing. So much of the time we see things that make life better for many people being spoiled by a few bad hats. I can't help feeling this is getting worse, and that our digital future will be more paranoid, more cautious, less global and considerably less convenient … Continue reading Have we passed peak convenience? →

GDPR consent update (not really)

I wrote to the ICO to ask them about this consent theory that's doing the rounds. [TL;DR - you can use Article 6.1(f) of GDPR to let you send postal direct mail and make phone calls to people who haven't consented.] ...and the ICO said: Dear Mr Rapp Thank you for your email of 18 … Continue reading GDPR consent update (not really) →

Back to the future

Everybody’s panicking about the GDPR. Rightly. And the main thing in the GDPR that’s causing the panic is the requirement for consent. The GDPR is really clear that consent must be explicit and unambiguous – you can’t rely on the consumer having read an obscure privacy section of your website, or ask them to give … Continue reading Back to the future →

Now pay attention

I will say this only once. Just because WannaCrypt turned out not to be the end of the world, and Microsoft unexpectedly released patches for unsupported operating systems, and Trump dropped the ball again, and there’s an election in the UK, and you’re bored with cynical marketing emails from IT companies, so you’ve moved on…it … Continue reading Now pay attention →

#WannaCrypt #NHSCyberAttacks : what comes next?

I was having a chat with a journalist over the weekend, talking about what the future looks like for cyber-security risk in the UK. Here’s a transcript: J: Where does it all go from here? BR: Lots of hot air from politicians. Nothing done for months. A massive deal for ATOS or someone to refresh … Continue reading #WannaCrypt #NHSCyberAttacks : what comes next? →

#nhscyberattack

Actually, it's more like #globalcyberattack. For those of you who are still hiding in their bunkers in case Trump nukes North Korea, the short version is that some crims have used a nasty bug in Windows to spread ransomware across the globe. It still had to get in via an email, and Microsoft patched the bug … Continue reading #nhscyberattack →

Kafka strikes again: GDPR requires consent, but you can’t ask for it

UPDATED 22nd of May 2018 This post has been getting a lot of traffic recently. I wrote it more than a year ago. Since then I've been working almost exclusively on GDPR implementation for clients and my understanding of the regulation has deepened. I'm going to leave the post as it was originally written below, but … Continue reading Kafka strikes again: GDPR requires consent, but you can’t ask for it →

Visitors – you just can’t trust them

Keeping your server in your office keeps your data safe, right? Just make sure the firewall is working and you’re golden. Because if it’s inside your physical perimeter, it’s protected, isn’t it? Well… It depends on your visitor policies. Your what? All that boring stuff to do with signing people in, showing them to meeting … Continue reading Visitors – you just can’t trust them →