6 rules to avoid disaster: a practical guide to phishing and spear-phishing

A chain is only as strong as its weakest link. Are you that link? Hackers don’t come in through the firewall. They come in, most of the time, through a much easier route: the staff. How? By exploiting basic psychology, and being prepared to do a little research. The easiest way to get someone’s password … Continue reading 6 rules to avoid disaster: a practical guide to phishing and spear-phishing

Why security awareness training is more important than firewall upgrades

Most people’s image of cyber-crime comes from the media. A slovenly teenager sits in a darkened room, typing frantically in front of a bank of screens. Cut to shirtsleeved workers, typing in equally frantic defence in front of their screens. At some point the hacker is “through the firewall” and has complete control. Shortly afterwards … Continue reading Why security awareness training is more important than firewall upgrades

Non-exec? Are you asking the right questions?

A non-exec directorship might (unfairly) be seen as a sinecure – a reward for a career’s accomplishments – combining a comfortable stipend with a light workload and the occasional decent lunch. Once upon a time this might well have had some truth to it, but the winds of change have long blown through the boardroom, … Continue reading Non-exec? Are you asking the right questions?

What a year it’s been – review of IT security 2014

By rights, 2015 should be the year of cyber security. After all, 2014 was the year of cyber-security failure. Just consider some of the highlights: Target Michaels JP Morgan Sony Pictures Viator Home Depot Goodwill Nieman Marcus US Postal Service iCloud (if none of the others mean anything to you, this one will. Just think … Continue reading What a year it’s been – review of IT security 2014