Yes, data protection matters to you too

It's been a big week for security news. Parliamentary email hacked, UK politician logon credentials circulating for sale, a massive (paper) data breach at the NHS, another massive ransomware outbreak, Boomerang Video fined... Wait, what? Who the hell are Boomerang Video? Boomerang are a small video-game rental operation. Their website was hacked in 2014 and … Continue reading Yes, data protection matters to you too

The importance of governance – a dozen good questions you should ask your Board

Information security is a Board issue. Not everyone seems to appreciate this, and one of the more disheartening aspects of my day job is how hard it is to get senior execs to take the time to have security awareness training and engage with security policy. Why is it a Board issue? Firstly because directors … Continue reading The importance of governance – a dozen good questions you should ask your Board

Friday security round-up

More credit card details stolen – Rosen Hotels have admitted that they’ve had active malware stealing credit cards inside their systems for 18 months. You’d think after all the other point-of-sale compromises in the last couple of years, retailers would have tried a bit harder to check if they were infected. Have you checked? Blackmail … Continue reading Friday security round-up

It’s in PCI-DSS – so why don’t you do it?

PCI-DSS is a pain in the backside. There: you think it, I said it. However, it's also got some good stuff that's not just useful for protecting card numbers, but general network security best practice. One example is the requirement that you change the default passwords and disable guest accounts on network devices. Sounds obvious, … Continue reading It’s in PCI-DSS – so why don’t you do it?

Roll up! Roll up! It’s a security round-up!

Apologies for the infrequency of recent updates. I’ve been busy – understanding the GDPR, doing some speaking engagements and (hush!) actually working for a living. So, without further ado, here’s what’s going on right now: Theresa May is trying to push the Snoopers Charter (aka the Investigatory Powers Bill) through Parliament despite plenty of expert … Continue reading Roll up! Roll up! It’s a security round-up!