- Business Continuity Planning
- CISO
- Cyber Essentials
- Cyber Security
- Digital Forensics
- Disaster Recovery Planning
- eDisclosure
- GDPR
- Incident Response
- ISO 27001
- Network Security Testing
- PCI DSS
- PCI Forensic Investigation
- Penetration Testing
- Phishing
- Red Team Engagement
- Remote working
- Retained Forensics & Incident Response
- Social Engineering
- Virtual ISM
- VirtualCISO
- 12 pci dss requirements
- 27001:2013
- 2FA
- access control policies
- acquisition
- adequacy agreement
- adequacy decision
- adequacy ruling
- advice
- AI and cybersecurity
- AI cyber
- alan batey
- anxiety
- application testing
- Arcanum Group
- Artificial intelligence
- attack surface
- attack surface area
- automated vs manual cyber security
- BCP
- BCP checklist
- beg bounties
- beg bounty
- benefits of BYOD
- benefits of clear desk policy
- best automated cyber security solutions
- bitcoin
- black friday cybersecurity
- bounty hunter
- breach
- breaches
- Brexit
- Brexit GDPR
- bring your own device
- bring your own device remote work
- bug bounty
- business as usual
- business continuity
- business continuity consulting
- business continuity expert
- business continuity management
- business continuity plan
- business continuity plan checklist
- business continuity plan testing
- business continuity planning
- business continuity plans
- business continuity strategies
- BYOD
- Card Payments
- cardholder data
- case study
- categories
- Challenges for CISOs
- changes to gdpr
- Chief Information Security Officer
- CISO
- ciso cost
- CISO CV
- CISO recruitment
- CISO vacancies
- CISOs
- clear desk information security
- clear desk policy
- Colonial Pipeline
- compliance
- consultancy
- consultant
- coronavirus
- cost of a ciso
- courier cybersecurity
- covid-19
- CREST
- CREST accredited pen testing
- crest pen testing
- CREST Penetration Tester
- crest penetration testing
- cryptocurrencies
- cyber
- cyber attack
- cyber crime
- Cyber Defence
- Cyber Essentials
- cyber essentials certification
- cyber essentials compliance
- cyber essentials scheme
- Cyber Essentials UK Company
- Cyber Essentials UK Government Standard
- cyber essentials vs ISO 27001
- cyber human error
- cyber incident response
- cyber insurance
- cyber mature
- cyber monday
- cyber month
- Cyber Resilience
- cyber risk assessment
- cyber security
- cyber security 2020
- cyber security awareness month
- cyber security consultant
- cyber security north east
- cyber security services
- cyber shame
- cyber sustainability
- cyber threats
- cyberattack
- cyberattack university
- cybercrime
- cybercriminals
- cyberfest19
- cybersecurity
- cybersecurity 2022
- cybersecurity and mental health
- cybersecurity at home
- cybersecurity bill
- cybersecurity black friday
- cybersecurity consultant
- cybersecurity consultants
- cybersecurity human error
- cybersecurity in 2023
- cybersecurity in academia
- cybersecurity in colleges
- cybersecurity in delivery
- cybersecurity in education
- cybersecurity in museums
- cybersecurity in retail
- cybersecurity laws
- cybersecurity performance
- cybersecurity skills crisis
- cybersecurity skills gap
- cybersecurity strategy
- cybersecurity tips for home workers
- cybersecurity trends to expect in 2021
- dark web
- data breach
- data loss
- data protection
- Data Protection Act
- data protection cybersecurity
- data protection from home
- data protection in museums
- data protection legislation
- data protection officer
- data protection remote working
- data security
- data security post brexit
- data theft
- ddos attack
- Digital Forensics
- digital supply chain cybersecurity
- disaster recovery
- disaster recovery plan
- disaster recovery planning
- DPA
- DPA 2018
- DPO
- DR plan
- e-safety
- easyjet hack
- ecommerce
- ecommerce pci compliance
- eDisclosure
- eDiscovery
- electronically stored data
- employee care
- employee satisfaction
- ESI
- ethical hacking
- EU
- EU gdpr
- European Union
- external threats
- finagle's law
- fines
- framework
- gap analysis
- GDPR
- gdpr after brexit
- GDPR brexit
- GDPR consultants
- GDPR UK Brexit
- governance
- hack
- hacker
- hacking
- health
- help with business continuity planning
- hire a ciso
- home working
- House of Commons
- How can we be compliant in a cost-effective manner with the PCI DSS?
- how much does ISO 27001 cost
- how to protect against phishing emails
- human error
- hybrid workforce
- hybrid working
- IASME
- ICO
- importance of black friday
- importance of clear desk policy
- importance of cybersecurity
- Incident Management
- incident response
- Incident Response Plan
- incident response planning
- incident response solutions
- incident response team
- incident response training
- industries at risk of a data breach
- industries at risk of cyberattack
- industries at risk of phishing
- info-security
- Infomration Security Consultancy
- information security
- information security 2020
- information security awareness
- information security consultants
- information security management system
- information security management systems
- information security resource
- infosec
- infrastructure
- insider threat
- insider threats
- Internet of Things
- Internet of Things cybersecurity bill
- Internet security
- IoT
- IoT cybersecurity
- IoT devices
- IoT legislation
- IoT risk analysis
- IRP
- IS
- Is Zoom safe
- is Zoom secure
- ISM
- ISMS
- ISO
- ISO 27001
- ISO 27001 accreditation
- ISO 27001 certification
- iso 27001 checklist
- ISO 27001 compliance
- ISO 27001 consultancy
- ISO 27001 consultant
- ISO 27001 consultants
- ISO 27001 consultants accreditation
- ISO 27001 cybersecurity
- iso certification
- ISO standards
- ISO27001
- ISO27001 accreditation
- ISO27001 certification
- iso27001 compliance
- iso27001 consultancy
- ISO27001 consultancy services
- ISO27001 consultants
- iso27001 risk assessment
- ISO27001 risk assessments
- iso27001 stage 2 audit
- ISO27001:2022
- ISO27002
- iso27k
- ISO9001
- IT leaders
- law firms
- lead auditor certificate
- lead implementer
- learn about phishing
- leaving staff
- litigation
- logins
- magento 1
- magento 1 vulnerability
- magento 2
- magento 2 migration
- magento compliance
- magento PCI compliance
- Major Incident Manager
- malware
- Managed Security Service
- management of third party risk
- mental health awareness week
- mental health in cybersecurity
- Microsoft exchange hack
- MIM
- mobile app testing
- mobile application testing
- MSS
- multi-factor authentication
- museum cyberattack
- museum cybercrime
- NIS Directive
- ofsted
- online shopping
- OSCP
- overexposure to attack
- password
- password management
- patch management
- payment card industry compliance
- Payment Security
- PCI
- PCI Compliance
- pci diss
- PCI DSS
- pci dss 4.0
- PCI DSS compliance
- PCI DSS compliance checklist
- pci dss qsa
- PCI DSS QSA PCI consultants
- pci dss remote work
- pci dss v4
- PCI DSS v4.0
- PCI forensic investigation
- pci qsa
- PCI Security Standards Council
- pen test
- pen tester
- pen testing
- penetration test
- Penetration Testing
- pentest
- pentesting
- performance
- phishing
- phishing attack
- phishing attack statistics
- phishing attack techniques
- phishing attack vector
- phishing attacks
- phishing attacks in numbers
- phishing awareness
- phishing scam
- phishing scams
- phishing simulation
- phishing training
- pic dss compliance
- post and parcel cybersecurity
- pressure on CISOs
- project planning
- protect against phishing attacks
- public sector cybersecurity
- purple team
- QSA
- QSA PCI DSS
- quality management standards
- quality standards
- raising awareness of information security
- ransomware
- ransomware attack
- ransomware attacks
- recruit a CISO
- Red Team
- Relativity
- remote security
- remote work
- remote worker training
- remote working
- remote working consultancy
- remote working data protection
- remote working risk assessment
- remote working risk posture
- Remote working VPN
- Retained forensics
- Retained PFI
- risk analysis
- risk assessment
- risk assessment questionnaire
- risk assessments
- risk management
- risk mitigation
- risk posture
- risk register
- scammers
- secure home working
- security
- security and productivity
- Security breach
- security IT
- security testing
- SIRO
- smart devices
- smart doorbell
- social engineering
- social engineering attack
- social engineering simulation
- social engineering test
- social engineering testing
- social engineering tests
- social engineering training
- software updates
- solarwinds
- solarwinds orion
- SRM
- srm news
- staff turnover
- stakeholder investment
- stress
- stress for CISOs
- supply chain
- supply chain attack
- supply chain attacks
- supply chain audit
- supply chain cyber security
- supply chain cybersecurity
- supply chain risk assessment
- supply chain security
- tabletop exercise
- tabletop exercises
- Test and Exercise
- the undeclared war
- third party risk assessment
- third party risk assessments
- third party risk management
- threat
- threat mitigation
- Track and trace
- track and trace gdpr
- travel industry cybersecurity
- trust
- two factor authentication
- uk data protection
- UK Data Protection Bill
- UK DPA
- uk gdpr
- understanding risk posture
- university cyberattack
- university cybersecurity
- university ransomware
- us breach
- us cyberattack
- US federal cyberattack
- vCISO
- virtual CISO
- virtual ISM
- VirtualCISO
- VirtualISM
- vISM
- VPN
- VPN remote working
- VPN security
- VPNs
- vulnerability assessment
- vulnerability scan
- vulnerability scanning
- vulnerability testing
- WannaCry
- web app testing
- web application testing
- website testing
- what are the benefits of having an ISO 27001 consultant
- what does an effective penetration test consist of?
- what is penetration testing
- What's the difference between CISO and SIRO?
- WhatApp
- Withdrawal agreement
- women in IT
- working from home securely
- zero day vulnerability
- zoom cyber security
- zoom hacks
- zoom security breach
- zoombombing
- View All
Unlock the Power of ISO 27001: Revive Your Stalled Project
Friday, March 8th, 2024Is your ISO 27001 implementation project gathering dust? Are deadlines slipping, resources stretched thin, and momentum waning? Don’t let your commitment to security standards stall! At SRM, we understand..
Ensure Continuity in Times of Crisis: Strengthen Your Business Resilience with BCP Test and Exercise
Thursday, March 7th, 2024Are you prepared to weather the storm when disaster strikes? Don’t wait until it’s too late. Invest in your business’s resilience with a comprehensive Business Continuity Planning (BCP) Test..
The British Library: what can businesses learn from the institution’s data disaster?
Tuesday, January 30th, 2024It’s one of the most significant UK cyberattacks in recent years, but what led to the British Library ransomware attack In October of last year, the UK’s national library..
What does it take to gain the trust of other organisations in 2024?
Tuesday, January 9th, 2024Collaborating in the business world is about more than a handshake… No business is an island. Working in harmony with supply chains, customers and even competitors is essential to..
Less than secure: ransomware continues to thrive in the UK
Monday, November 27th, 2023The latest British Library breach shows there is still much to be done when it comes to securing UK business data The British Library has confirmed that its personal..
Disaster recovery planning: looking beyond compliance to address real-world threats
Wednesday, September 20th, 2023If the Covid-19 pandemic taught us anything it’s that disasters DO happen. And processes within businesses can change at speed. Where once upon a time organisations had simply treated..
The relationship between risk management and sustainability
Friday, September 8th, 2023Both data protection and green initiatives should be high priorities for modern businesses, but how do they benefit each other? In recent years, the interconnection between risk management and..
Phishing is still the main attack method for hackers, according to new report
Thursday, August 24th, 2023A report from Cloudflare shows phishing emails remain the primary attack vector. Global cloud platform Cloudflare has published a new study, analysing 250 million malicious emails sent between..
The benefits of working with a CREST accredited Company
Friday, July 28th, 2023Tamar Everson, Senior Pen Tester at SRM’s parent company, Arcanum Information Security explains why regular penetration testing by a CREST accredited company is an essential part of any robust..
What is a ‘whole-of-society’ approach and why is it increasingly important in the fight against cybercrime?
Monday, July 10th, 2023Support from UK businesses has helped to remove over 235,000 scams, according to new figures. A new report from Active Cyber Defence (ACD) has highlighted the success of a..
Cybercrime is hitting household names hard: what should we take away from the latest breaches to hit BA, the BBC and others?
Friday, June 30th, 2023Some of the world’s biggest organisations have found themselves victim to malignant cybercrime British Airways, the BBC and Boots have been hit with an ultimatum from cybercrime group Clop,..
ISO 27001 & PCI DSS: a two-pronged approach to robust information security
Tuesday, June 13th, 2023Using both standards together helps your business manage risks and improve resilience ISO 27001 and PCI DSS are powerful tools for establishing and maintaining comprehensive, robust security practices. While..
What does effective cybersecurity in the retail sector look like?
Wednesday, May 31st, 2023Retail businesses have a unique set of cyberthreats that they must plan for In the past two decades, the way we use technology has changed exponentially, and one of..
Mental health in cybersecurity: here’s what you need to know in 2023
Saturday, May 20th, 2023The anxiety surrounding cybercrime can impact both businesses and their staff It’s clearer than ever that cybersecurity is one of the leading issues facing modern businesses in terms of..
AI and cybersecurity: should we be shaking in our cyber boots or are the risks being exaggerated?
Tuesday, May 2nd, 2023Artificial Intelligence is a huge cross-industry talking point right now. But how serious are the risks involved in protecting your data and securing systems? Technology is evolving at breakneck..
Hybrid working: how’s it going and where do organisations need to sharpen up?
Tuesday, April 25th, 2023Record numbers of businesses have made hybrid work the norm, but what impact is this having on how organisations operate? As technology has evolved, the demand for flexible and..
Case study: providing information security support to one of the UK’s leading medical and end-of-life care charities
Thursday, March 30th, 2023The charity sector may not be one that people often think about when it comes to information security risk. Yet it is just as important that a charity protects..
Alan Batey becomes PCI Qualified Security Assessor
Monday, March 20th, 2023We are pleased to announce that Security Risk Management’s Alan Batey is now a PCI Qualified Security Assessor. Alan, who is a vastly experienced Computer Forensic Analyst and former..
Not transitioned to PCI DSS 4.0 yet? Here’s why 2023 is the year to get up to date
Tuesday, March 14th, 2023It’s time to put PCI DSS 4.0 to the top of the to-do list Protecting customer data is essential for any business. But nowhere is it more important than..
A stark reminder that no matter how experienced you are, you always have to keep on your toes when scammers are about
Wednesday, March 1st, 2023If there’s one thing we must concede when talking about hackers, cybercriminals and fraudsters out in the world today, it’s that they are talented opportunists. I was reminded of..
Why the secret to effective disaster recovery is a proactive approach to being reactive
Monday, February 20th, 2023When the worst happens, preparedness and planning are essential Cybersecurity is an essential component to the long term success of any business, across any industry. As society as a..
Which industries are most at risk of cyberattack and why?
Monday, February 13th, 2023When it comes to protecting your data from attack, knowledge is power In recent years, cybersecurity has become one of the most important factors to consider for any business,..
5 common phishing attack techniques to watch out for right now
Friday, January 20th, 2023Cybercrime continues to hit the headlines, so it’s important that staff at every level of an organisation understand the risks and knows how to spot phishing attack techniques. We’re..
Cybersecurity in 2023: what you should expect
Friday, January 6th, 2023From the rise of AI to the increased importance of data defences, here’s everything you need to know about cybersecurity in 2023 Cybersecurity is no longer only something that..
Overexposure to attack and how your business can prevent it
Monday, November 28th, 2022An introduction to attack surface and how to minimise risk If you’ve ever stepped into a boxing ring or perhaps even played a game of dodgeball, you may have..
How to make your ISO27001 stage 2 audit a piece of cake
Tuesday, November 15th, 2022Getting to grips with an ISO27001 stage 2 audit Information security has become a crucial part of everyday life, as well as a critical consideration for the business community...
A QSA’s guide to making PCI compliance seamless and pain free for merchants
Thursday, October 27th, 2022As a respected and revered global security standard, PCI DSS requires that organisations take a rigorous approach to ensuring that cardholder data is stored, processed and transmitted safely. But..
Cyber Security Awareness Month: 5 reasons why organisations should be paying close attention
Monday, October 10th, 2022Now is the time to brush up your knowledge about the digital threats facing your business October is Cyber Security Awareness Month – a time for all businesses to..
Security Risk Management joins Arcanum Group
Wednesday, September 28th, 2022We are pleased to announce that leading UK consultancy, Arcanum Information Security, has acquired a controlling interest in SRM in a move will see the two businesses align at..
Why you need to keep your patch management on point
Wednesday, September 7th, 2022There are three things that are certain in life: death, taxes and software updates rearing their heads at the most inconvenient time! We all know that feeling of preparing..
Cybersecurity performance: how should a business be measuring the success of its cybersecurity activity?
Tuesday, August 30th, 2022Measuring your cybersecurity performance is key to protecting your vital business assets When it comes to business performance, knowledge is power. Performance elements which are actively monitored and measured..
The power of 2FA: value, requirements and mandating
Wednesday, August 24th, 2022Two Factor Authentication (or 2FA) is already a strong recommendation in many security frameworks. But could it soon become a requirement? Back in May of last year, US President..
How will TV shows like Channel 4’s The Undeclared War help raise awareness of cybersecurity issues?
Monday, July 25th, 2022The new TV drama takes cybercrime to the extreme, but what – if anything – can businesses learn from it? Starring Mark Rylance, Simon Pegg and Adrian Lester, The..
The cybersecurity skills crisis is set to get worse before it gets better. So, what can you do to keep your organisation secure?
Wednesday, July 13th, 2022Cybersecurity professionals are leaving their posts at a time when their skills are more critical than ever before. But why is this happening and what can organisations do about..
SRM renews ISO27001 certification (and why we bother!)
Friday, June 17th, 2022Having recently renewed our ISO27001 certification, we wanted to take this opportunity to explain why the globally recognised framework is so important to our own business and what it..
ISO27001:2022 is on its way. Here’s what you can expect
Tuesday, June 7th, 2022The globally recognised security standard is updating, and bringing a few key changes with it Since its last update in 2013, ISO27001 has become recognised around the world as..
Give the board of directors what they want: how to showcase the value of effective cybersecurity with hard evidence rather than horror stories
Wednesday, May 25th, 2022It’s a core tenet of responsible information security to avoid scaremongering – even though the stories of damaging hacks, data breaches and system meltdowns can be powerful indeed. Instead,..
Let’s talk about cybersecurity and mental health
Monday, May 9th, 2022Cybercrime is a huge threat to business assets and security, but it can also take its toll on our mental wellbeing The number of instances of cybercrime has risen..
PCI DSS V4.0 – what’s changed?
Tuesday, April 26th, 2022Get familiar with all the changes to this staple cybersecurity accreditation At the end of March 2022, PCI DSS released its latest update, bringing further security and guidance to..
The importance of supply chain risk assessment for your business growth
Tuesday, April 12th, 2022Stringent information security is key to cementing yourself as a brand that customers – and partners – can trust According to the UK government’s Cyber Security Breaches Survey 2021,..
How an IoT risk analysis can help to identify vulnerabilities and lead to improved resilience
Tuesday, March 15th, 2022The Internet of Things can provide freedom and flexibility to businesses across all industries, but effective data protection and identification of vulnerabilities is vital The term Internet of Things..
Vetting your supply chain: the benefits of third party risk assessments for business resilience
Tuesday, March 8th, 2022A digital spring clean via third party risk assessments is a great way to ensure your organisation’s defences are up to scratch across your entire supply chain Spring is..
How the Cyber Essentials scheme is changing to accommodate new working practices
Tuesday, February 15th, 2022The Cyber Essentials scheme is getting a new look, in order to support modern organisations and stay ahead of the ever-shifting threat of cybercrime. This overhaul of the technical..
The UK government has released its first cybersecurity strategy: here’s what you need to know
Monday, February 7th, 2022A cybersecurity strategy to protect against the growing threat of digital warfare In a bid to improve the resilience of the public sector’s digital estate, the UK government has..
Social engineering: what is it and why is it the weapon of choice for so many cybercriminals
Thursday, January 27th, 2022Why is social engineering proving so effective when it comes to pulling off a data breach? And how can social engineering testing help? Cybercrime hit an all-time high during..
The security threats that should be grabbing your attention for 2022
Tuesday, January 18th, 2022There is no doubt that cybersecurity threats are on the rise. As organisations’ dependence on digital technologies and software programs continues to grow, the threat surface area for criminals..
Here’s how you can keep your organisation safe and secure throughout the festive season
Tuesday, December 21st, 2021For organisations serving all industry sectors, the festive season offers a prime opportunity to capitalise on growing web traffic. With more people shopping online than ever before – and..
The UK has introduced a new Internet of Things cybersecurity bill: here’s what your organisation needs to know
Wednesday, December 15th, 2021The Product Security and Telecommunications Infrastructure (PSTI) bill is the latest piece of legislation to hit the sector. It promises great things when enhancing the security of the ever..
The role of automation in online payment security?
Thursday, December 9th, 2021Even before the COVID-19 pandemic forced businesses to move transactions online and adopt contactless payments to reduce the spread of the virus, cash was in decline. In 2019, 7.4..
Should we be concerned about where the UK GDPR is heading?
Thursday, November 18th, 2021The ICO has expressed “strong concerns” about proposed changes to the data protection regulations Changes to GDPR are on the horizon, thanks to a government consultation introducing proposed changes..
How remote working impacts your organisation’s information security and why ISO27001 is a good starting point for a robust ISMS
Wednesday, October 27th, 2021If maintaining data security and achieving compliance with the UK’s legal and regulatory frameworks was a challenge pre-pandemic, that challenge just got a whole lot greater. That is because..
Mastering the balancing act of security and productivity
Thursday, October 21st, 2021Cybersecurity helps keep your business running smoothly, but it can also eat into your time and effort if it isn’t tailored to your organisation’s needs As technology evolves and..
An introduction to security testing
Friday, October 15th, 2021What is security testing? Security testing is a broad term, referring to the process of checking that a system, network or software is up to scratch and robust in..
Why you need an incident response plan for your hybrid workforce and how to implement one
Wednesday, October 6th, 2021Anyone who has ever tried to crack a joke on a video conferencing call or by email knows that communicating with colleagues via the Internet is very different to..
5 tips for successful digital supply chains
Friday, September 24th, 2021Supply chains have become more complex, digital and tech-reliant over the last 10 years. And the pandemic has server to accelerate that trend. Ensuring that a smooth and seamless..
Why should you be looking for a CREST penetration tester?
Thursday, September 16th, 2021Penetration testing plays an essential role in every modern business’s cybersecurity efforts. But not all pen tests are created equally. As most people familiar with the basics of cybersecurity..
What are the benefits of tabletop exercises for organisations looking to improve their risk posture?
Thursday, September 9th, 2021Planning for the unexpected is critical when it comes to ensuring your organisation has what it takes to survive over the long-term. No road to success is entirely smooth,..
How much does ISO 27001 cost?
Tuesday, August 31st, 2021It’s a simple question asked by many organisations hoping to gain this internationally recognised accreditation: How much does ISO27001 cost? And while arriving at a figure is never quite..
Cybersecurity in museums: it’s not just art and artefacts that are valuable to thieves today
Wednesday, August 25th, 2021Like the artworks on display, museum data is a highly valuable commodity which is making institutions a hot target for cybercriminals Like so many organisations around the world, museums..
SRM retains ISO 9001 certification for quality management systems
Friday, August 20th, 2021Even auditors feel the pressure to impress when they get audited! Although it’s part of our consultants’ remit to live and breathe audits and compliance, it never stops being..
Handling the issue of human error
Thursday, August 12th, 2021Effective training, education and business continuity planning is more important than ever Discussions around cybersecurity often focus intensely on the pitfalls of software and tech, but as Cybint reports,..
Cyber insurance in a hard market: how to mitigate the risks
Friday, August 6th, 2021Would you want to be the provider of insurance cover for a low-lying house in the middle of a flood plain during a period of heavy rain? How about..
The growing problem of supply chain attacks. Where to start with your defences
Saturday, July 31st, 2021The Kaseya breach is a sober reminder of the importance of cybersecurity across the whole supply chain As a remote management software provider to thousands of IT support firms,..
What does the EU adequacy ruling really mean and what now for UK GDPR?
Thursday, July 29th, 2021The EU has given us a qualified “yes”, ruling on 28th June 2021 that personal data can move freely between the UK and the European Economic Area (EEA) without..
Does my ecommerce website need to be PCI compliant?
Tuesday, July 27th, 2021Through the ups and downs of the last year, it may have been hard to keep focused on PCI compliance. It might have felt like just another hoop to..
Repositioning the penetration test: prioritising performance insights over tolerable risk
Friday, July 23rd, 2021Today, penetration testing is a staple of good cybersecurity practice. Born from the ethical hacking industry of the late 90s, penetration testing is used by organisations of all sizes..
Turning your remote workers from the weakest link into the strongest
Thursday, July 15th, 2021We are all now probably familiar with the concept that, when it comes to technology in general and cyber security in particular, humans are the weakest link. But this..
Shaping up your organisation’s security with Cyber Essentials certification
Sunday, July 4th, 2021To everyone who used the Covid lockdowns to learn a new language, redecorate their home or train for a marathon, we salute you. But the reality is that many..
Ransomware attacks: to pay or not to pay, that is the question
Wednesday, June 30th, 2021Earlier this month the world’s largest meat supplier, JBS, paid a ransom equivalent to nearly £8 million. This follows the payment of over £3 million by Colonial Pipeline in..
Cyber Essentials vs ISO 27001: here’s what you need to know
Monday, June 21st, 2021Sometimes in business, simply doing the right thing isn’t enough; there are times an organisation needs to prove its credentials to the world. This is certainly the case when..
Is it time organisations stopped ignoring the need for additional information security resource?
Monday, June 14th, 2021Since the world came to a standstill in the Spring of 2020, thousands of organisations around the UK have found themselves in something of a holding pattern. There’s nothing..
How to alleviate stress for CISOs
Thursday, May 27th, 2021High pressure environments are nothing new for C-suite executives. There are always decisions to be made, the stakes are always high, and the future aspirations of an organisation often..
How has the Covid pandemic changed business continuity strategies?
Thursday, May 20th, 2021Back in the days before national lockdowns and compulsory face masks, when the word Covid was only common vernacular for virologists, Business Continuity Plans (BCPs) were typically quite different...
Colonial Pipeline ransomware attack highlights the value of supply chain resilience
Wednesday, May 12th, 2021Earlier in the Spring we wrote an article explaining why Supply chains are the single greatest risk to cyber security, covering some of the many challenges that arise when..
Vulnerability scan vs penetration test: which is right for your business
Sunday, May 9th, 2021SRM Senior Penetration Tester, Dean Moulden, explains why a combination of automated scanning tools and manual testing is the most efficient and effective way of assessing where a business’s..
An Introduction to ISO27001 Risk Assessments
Wednesday, May 5th, 2021ISO27001 risk assessments: knowledge is power when it comes to protecting your organisation from cybercrime Protecting your business from a cybersecurity breach requires a lot of vigilance on your..
5 key challenges being faced by CISOs right now
Friday, April 23rd, 2021It is one of the toughest jobs in the business world today: no wonder finding top class individuals to fill the role of Chief Information Security Officer (CISO) has..
Zoombombing: is video calling still a threat to business information security?
Tuesday, April 13th, 2021If you had never heard of “Zoombombing” until last year, there is a reason for that. It was only recognised by the Oxford English Dictionary for the first time..
How to solve a problem like beg bounties
Friday, April 9th, 2021Scamming and scheming is nothing new in cybersecurity. As hackers find their victims wising up to one tactic or technique, they are always driven to innovate and adapt in..
One year on: has the UK mastered the art of remote working?
Wednesday, March 31st, 2021It is a year since the imposition of the first UK lockdown and remote working is still considered to be the new normal for an estimated 60 per cent..
The great Microsoft exchange hack: A penetration tester’s guide
Wednesday, March 17th, 2021Senior Penetration Tester, Dean Moulden outlines the details of Microsoft’s high-profile hack and provides his advice on remediation and prevention. The recent disclosure of several Microsoft Exchange Zero-Day exploits..
Speed vs security: how the issues around raising the contactless payments limit demonstrate that it is a fine balance
Monday, March 15th, 2021The FCA’s proposal to increase the limit on contactless cards to £100 is in its consultation stage, giving decision makers time to reflect on what we really want from..
Supply chains are the single greatest risk to cyber security
Wednesday, March 3rd, 2021You could be a service provider, supplier, vendor, distributor or retailer but regardless of your role, you are almost certainly in a mutually beneficial relationship with other businesses. This..
The pros and cons of BYOD for your business
Friday, February 26th, 2021Employees in many industries and sectors are increasingly using their own devices for work in 2021. But is this the way forward? SRM consultant, Claire Greathead, takes a closer..
The threat of phishing attacks in numbers
Thursday, February 18th, 2021Phishing attacks can strike any organisation at any time. They involve links, emails or other communications which appear genuine but are, in fact, an effort to gain access to..
Clear Desk Policy: A simple but effective way to maintain information security
Friday, February 12th, 2021The way you leave your desk at the end of the day can make a significant difference to your data protection. SRM’s Claire Greathead explains why. One of the..
GDPR after Brexit: where do we go from here?
Monday, February 8th, 2021Over the last few years there has been uncertainty about exactly how the UK would forge a new relationship with Europe post-Brexit. Amidst this uncertainty there was, however, always..
Why a CISO is the hardest role to recruit for
Wednesday, January 27th, 2021The importance of a competent Chief Information Security Officer to an organisation is only growing. But with few senior professionals in the marketplace holding the relevant skills and experience,..
The Courier, Express and Parcel industry is booming. But cyber security must grow alongside revenues. Here’s why
Wednesday, January 20th, 2021The headline figures for the Courier, Express and Parcel (CEP) sector in 2020 are nothing short of impressive. In fact, with an estimated 23% year-on-year growth (UK) in an..
The top cybersecurity trends to expect in 2021
Monday, January 11th, 2021After a year in which many industries were forced to pivot to a digital model, what does 2021 have in store from a cyber perspective? 2020 was certainly a..
Data breach successfully targets US treasury and commerce departments
Wednesday, December 16th, 2020The attack may have allowed a foreign power to monitor government communications In news broken by Reuters, it was announced earlier this week that US treasury and commerce departments..
The transition period is nearly over: what does Brexit mean for GDPR?
Tuesday, December 15th, 2020GDPR. Brexit. What do businesses need to know? In a year where the world appears to have been turned upside down, businesses can be forgiven for temporarily pushing thoughts..
Betrayed by your own doorbell: what’s the cost of convenient home gadgets to your information security?
Wednesday, December 2nd, 2020Here’s how IoT devices like the smart doorbell can act as entry points for cyber criminals, and how to safeguard the data security of remote workers It may be..
What is a DDoS attack and why should you be prepared for one this month?
Thursday, November 19th, 2020As we approach Black Friday and Cyber Monday, there is good news…and bad news. First the good news. Retailers are preparing for some pretty intense activity around Friday 27th..
The increased importance of cybersecurity this Black Friday
Thursday, November 12th, 2020As we approach the busiest shopping weekend of the year, it’s never been more important to provide consumers with a secure, safe way to purchase online. Black Friday typically..
Remote working: maintaining PCI DSS compliance in the age of online shopping
Wednesday, October 21st, 2020When you first embarked on your Payment Card Industry (PCI) Data Security Standard (DSS) compliance journey, did you ever imagine you would be where you are now? With large..
Cyber shame: how to avoid the stigma of being a victim
Tuesday, October 20th, 2020When is a crime ever considered to be the fault of the victim? And when is the victim punished and fined for having been the target of someone else’s..
What are the benefits of having an ISO 27001 consultant?
Monday, October 12th, 2020ISO 27001 accreditation is a big plus for any organisation, and a qualified consultant can help you achieve it. No one likes a show-off. In fact, in the UK..
The perfect storm created by Covid-19: why the education sector needs to shift its cyber security focus
Friday, October 9th, 2020As if the education sector did not have enough to worry about, the Covid-19 pandemic has created a perfect storm for hackers. So, alongside the logistical challenges of the..
A cure for insomnia – and other benefits of a Managed Security Service
Tuesday, October 6th, 2020Organisations around the UK are reporting the new-found benefits of remote working – both for employee wellbeing and business overheads. But for risk owners the challenges presented by a..
NCSC issues cybersecurity alert after rise in attacks on UK schools and universities
Friday, September 18th, 2020The academic sector is on high alert following a surge of online attacks against educational establishments The National Cyber Security Centre has stated that it is increasing its support..
Building B2B relationships on confidence: why ISO 27001 accreditation is more important than ever
Thursday, September 17th, 2020You’ve fallen and broken your leg. As you lie there, three strangers offer to help. One has received basic first aid training; the next has had some experience in..
Everything you need to know about CREST penetration testing
Tuesday, September 8th, 2020A thorough CREST penetration test from a provider you can trust is an invaluable asset when it comes to protecting your business’s data. In the cybersecurity industry, CREST accreditation..
How well do you really understand your risk posture?
Thursday, August 27th, 2020With the huge increase in remote working in recent months, new opportunities have opened up to cyber criminals. Organisations of all sectors and sizes are under threat and it..
How to protect your data from cybercrime when working from home
Tuesday, August 25th, 2020Recent events have caused a seismic shift to the way businesses work. Those that have been able to transition to remote working have, in the most part, done so..
How to protect against phishing emails wherever your team may be
Friday, August 14th, 2020There’s nothing new about scams designed to infiltrate work emails. But with more staff working in isolation, away from our IT and IS teams, it’s never been more important..
PCI DSS compliance checklist: getting to grips with the 12 PCI DSS requirements?
Friday, August 7th, 2020PCI compliance is essential for businesses that are required to maintain payment security and protect customer data. But what exactly is involved in the 12 PCI DSS requirements? As..
How to implement Track and Trace safely without compromising your data security
Friday, July 31st, 2020The further easing of lockdown restrictions this month has allowed many face-to-face businesses like hospitality, retail and leisure to re-open under controlled conditions. This means that after the hiatus..
What is a VPN and why is it more important than ever right now?
Thursday, July 23rd, 2020While remote working has been on the rise for several years, the COVID-19 pandemic has opened the floodgates to home-based office work. While businesses, in the most part, adjusted..
What is the main difference between vulnerability scanning and penetration testing?
Monday, July 13th, 2020They are two key tools in the fight against cybersecurity breaches, but what separates vulnerability scanning and penetration testing? Penetration testing and vulnerability scanning are two key security services..
If your cyber security policy is still a blank sheet of paper, it’s time to think about preparing an ISO 27001 checklist
Monday, July 6th, 2020The protection of data is vital for businesses in 2020, and achieving ISO 27001 accreditation represents a seal of approval for any organisation prepared to put in the hard..
What is the difference between a disaster recovery plan and a business continuity plan?
Tuesday, June 30th, 2020Both a disaster recovery plan and a business continuity plan are critical elements of good security. But how do they differ? One of the most common queries we receive..
What happens with GDPR after Brexit?
Monday, June 22nd, 2020A lot has happened in the past few months, but the implications of Brexit remain a key concern for businesses – especially those processing data across borders. You’d be..
What’s the difference between CISO and SIRO? Everything you need to know
Tuesday, June 9th, 2020Acronyms. You either love them or you hate them. In the world of business it’s hard to keep away from acronyms for long. When time means money it’s often..
Why is the travel industry such a popular target for hackers?
Tuesday, June 2nd, 2020As EasyJet becomes the latest high profile business to announce a data breach, it would be easy to think that the travel industry is a particularly popular target for..
6 common challenges to data protection caused by remote working
Wednesday, May 20th, 2020As businesses continue to adjust to life in lockdown, cybersecurity has never been more important Due to the current situation regarding the coronavirus and Government lockdown rules, businesses across..
How can we be compliant in a cost-effective manner with the PCI DSS?
Wednesday, May 13th, 2020Achieving PCI compliance is vital for all businesses that accept card payments, but what’s the best way to get started when you are trying to keep costs down in..
COVID-19, e-commerce and the importance of security awareness
Tuesday, May 5th, 2020How has the coronavirus changed e-commerce businesses? It would be fair to say that COVID-19 has turned many aspects of everyday life upside down. Even before the Prime Minister..
Support for Magento 1 is set to end in just over a month. What does this mean for your business?
Wednesday, April 29th, 2020Businesses using Magento 1 have a decision to make before June. Here are the options and the Magento PCI compliance implications to be aware of. First released to the..
“Can someone hack your computer with Zoom?” and other questions your team are asking right now
Monday, April 20th, 2020Working remotely comes with its own set of security concerns, and it’s important to get familiar with them now to avoid an incident. The spread of COVID-19 has caused..
What does an effective penetration test consist of?
Wednesday, April 8th, 2020It’s one of the most reliable techniques for improving data protection, but what does an effective penetration test consist of? There’s no doubt that we’re living in uncertain times,..
6 cybersecurity tips for home workers during COVID-19
Thursday, April 2nd, 2020Cybercriminals feed off uncertainty, which means they have plenty of opportunity in today’s climate. So how can you ensure your data is safety during the coronavirus crisis? Here are..
What needs to be included in a business continuity plan checklist?
Wednesday, March 25th, 2020A few months ago, a global pandemic with the capacity to bring the world to a standstill was almost unthinkable. Yet, here we are. Those with high-level business continuity..
Still trying to take care of business? We’re with you all the way
Wednesday, March 25th, 2020I hope that you have now settled into your new working routine. Although it might not be business as usual for the foreseeable future, the importance of your information..
5 questions you should be asking to ensure your business is taking information security seriously
Friday, February 28th, 2020Who is responsible for information security within your organisation? The simple answer is: everyone. While this may seem like a simplistic response, it is crucial that every organisation understands..
Insider threats costing businesses $11.45 million globally, according to new research
Tuesday, February 25th, 2020A recent study looking at companies across key regions, concluded that the risk of insider threats has risen dramatically within organisations. Cybercrimes, data breaches, viruses and malware – all..
What to do when a staff member leaves
Monday, February 10th, 2020Staff turnover is one of the leading causes of data loss, so make sure you have a plan of action in place. As any business owner knows, data loss..
The Pros and Cons of KYC for Businesses
Friday, January 24th, 2020Is Know your Customer (KYC) the data protection solution that businesses have been searching for? The digital transformation of the UK business scene has been something of a whirlwind..
What can we expect from cyber security in 2020?
Thursday, January 16th, 2020A new year brings new threats and new ways to defend yourself The 2010s saw cyber security move to the forefront of UK business concerns. As technology has continued..
Who should be appointed as DPO? And 5 other questions you need to be asking within your business
Monday, December 23rd, 2019We don’t always appreciate awkward questions; they can make us feel uncomfortable. But if there is a possibility that you are leaving your business vulnerable to cyber attack, you..
An expert eye and an objective view: why get external support with your Business Continuity Planning
Thursday, December 19th, 2019Complacency is one of the biggest threats to a business. Whether it’s being happy to coast along and do the bare minimum to turn a profit, neglecting to provide..
Are your team the greatest threat to your information security?
Friday, December 13th, 2019Did you know that internal errors account for more security breaches than direct attacks from external hackers, according to recent research Today, big breaches are big news. From Fortnite..
5 ways to check if you need a VirtualCISO™ in your business
Friday, November 29th, 2019Chief Information Security Officers (CISOs) are hard to find and even harder to keep. In fact, the global shortage of experienced CISOs means that there are few who can..
How ISO 27001 can bring new opportunities to a business
Thursday, November 7th, 2019ISO 27001 certification brings considerable value to a business, in a number of ways. Not only does it provide an excellent framework for good information security practice, it also..
Raising awareness of Information Security in the workplace
Friday, October 25th, 2019We all know that the national speed limit on a motorway is 70 mph and understand the potential consequences of exceeding it. So, why does almost everyone admit to..
ISO 27001 accreditation – what is the difference between consultancy engagement and accreditation engagement?
Thursday, October 17th, 2019What does the process of ISO27001 accreditation have in common with learning to drive? More than you might think. Both are concerned with safety and whether you meet a..
Human or automated security solutions: which should your organisation use to combat cyber threats?
Wednesday, October 16th, 2019A few years ago – two and a half thousand, to be precise – the Chinese general, writer and philosopher Sun Tzu wrote: ‘To know your enemy, you must..
Are you taking note of the Facebook encryption debate?
Tuesday, October 8th, 2019At first glance you may think the current discussion surrounding Facebook’s new plans won’t have much of a bearing on your business. But here’s why you should consider looking..
Tech corner: discovering the Dell Sonicwall Zero Day Vulnerability
Monday, September 23rd, 2019Here’s a little insight into the Zero Day Vulnerability we discovered back in November 2018 As in every penetration test, we thoroughly analysed each host and service found...
SRM make the Dell SonicWall Hall of Fame
Monday, September 23rd, 2019SRM acknowledged by Dell Sonicwall for identification of Zero Day Vulnerability One of the things that people outside of the cyber security community may not be aware of is..
Finagle’s Law and the importance of business continuity plan testing
Thursday, September 19th, 2019When it comes to Business Continuity Plan testing, we should all consider Finagle’s Law. Similar to Murphy’s Law, Finagle’s agrees that anything that can go wrong will go wrong...
Cyberfest 2019: you don’t have to play the victim
Tuesday, September 10th, 2019The second annual Cyberfest is a great opportunity for the North East cyber community to come together, share best practice and generally make some noise about information security. I’m..
Katie McMillan: on achieving ISO 27001 and QSA qualifications and the challenges facing women in IT
Monday, September 9th, 2019Katie McMillan stands out in the world of Information Security. Not only does she represent one of the growing number of women working in the sector, she also gained..
So, you want to work in cyber security?
Wednesday, August 21st, 2019There are no stereotypes in cyber security. But what is an information security consultant, what do they do and why might you want to be one?
The top 3 sectors embracing the ISO 27001 framework as their biggest weapon against a security breach
Tuesday, July 30th, 2019These days, you don’t have to look very far to find the latest data breach story to hit the news. At the same time, we are also seeing more..
Phishing attacks and the perks of purple teaming
Monday, July 1st, 2019Cyber criminals are like magicians; they rely of sleight of hand. Like theatrical entertainers, they misdirect so that the trick occurs when the audience least expects it. So while..
The evolution of cyber crime
Friday, June 21st, 2019Ever since Charles Darwin introduced the theory of evolution in 1859 we have been aware of the continual process of change in the natural world. Things are no different..
Pen testing: putting a price on peace of mind
Monday, June 10th, 2019When it comes to securing appropriate budgets for pen testing, the key thing is not cost, but value. Yet there is sometimes an uncomfortable dichotomy between what people want..
What’s up with WhatsApp?
Wednesday, May 15th, 2019Despite its end-to-end encryption, WhatsApp was found to be vulnerable to a precisely targeted attack earlier this month. But as the news emerges, we should not necessarily focus on..
PR: how a well-managed data breach can help limit the impact on your reputation
Tuesday, April 2nd, 2019We have all seen the headlines about data breaches. They make for uncomfortable reading. Even more uncomfortable, however, is the fact that it’s often through these sensational headlines that..
What is a vulnerability assessment and how should you use it?
Friday, March 29th, 2019If your business is a house, with all that you hold precious contained inside it, then a vulnerability assessment is the regular checking of doors and windows to ensure..
A reactive mindset is today’s biggest threat to data security
Tuesday, March 26th, 2019What constitutes a cyber-mature organisation? Here’s a clue: it has nothing to do with size or age, sector or niche specialism, whether it is online or has a physical..
It’s not a Dark Art: how we demystify cyber security
Friday, March 15th, 2019It’s easy to see why many people think cyber security is a mysterious Dark Art. After all, it has a language of its own, full of acronyms, jargon and..
Virtual CISO: too good to be true?
Tuesday, March 5th, 2019There are some things in life that are simply too good to be true: miracle diets, offers of millions from Nigerian princes and free lunches to name but a..
PCI DSS compliance is like car maintenance: it’s not just an annual event
Friday, March 1st, 2019PCI DSS compliance is like car maintenance; to ensure your vehicle remains roadworthy throughout the year you need to practise an ongoing programme of routine repairs, regular servicing and..
eDisclosure: getting best value in a big data world
Tuesday, February 26th, 2019By Gerard Thompson Law firms have had to do some serious evolving when it comes to eDisclosure. The reason for this is driven by necessity. For, although the use..
eDisclosure Managed Service: a case study
Tuesday, February 26th, 2019Case background SRM was recently involved in an eDisclosure litigation case involving two large companies in the service industry. Engaged by one of the legal teams, the case involved..
Putting 2019 into sharp focus – the benefits a fresh set of eyes brings to information security
Tuesday, February 19th, 2019For many, 2019 started off in a state of partial blindness. GDPR took up so much attention that some of the other aspects of their organisation’s information security has..
Digital Forensics: detectives of the digital age and the issue of Access Control Policies
Monday, February 11th, 2019Sherlock Holmes could identify the state of mind, occupation and personal history of those he met by observing miniscule detail, drawing insight into crimes from information overlooked by others...
ISO 27001 – Top 5 challenges to becoming certified
Tuesday, February 5th, 2019By Katie McMillan – Senior Information Security Consultant “Life is more fun when you treat its challenges in creative ways” – Bill Gates There is nothing more frustrating..
Don’t be complacent because GDPR has yet to show its teeth
Tuesday, December 18th, 2018When the General Data Protection Regulation (GDPR) was first discussed, there were headline figures about the size of fines. Where fines levied by the Information Commissioners Office (ICO) under..
Free live webinar: 5 signs you need a new QSA
Wednesday, October 31st, 20185 signs you need a new QSA – Thursday 22nd November 3pm – 3.45pm (GMT) In this free live webinar Paul Brennecker and Laura Chatton will be discussing the..
5 signs you need a new QSA
Wednesday, October 31st, 2018PCI DSS compliance is no longer an annual project. New requirements this year are ensuring that businesses are monitoring their compliance on a continuous basis. So, is your QSA..
Why is a Business Continuity Plan important?
Tuesday, October 9th, 2018Why is a Business Continuity Plan important? It’s simple: because a business’ ability to recover from a cyber breach hinges on its ability to react quickly. Since the enactment..
Pen testing: why businesses need to be proactive not reactive ahead of the peak retail period
Wednesday, October 3rd, 2018A breach at any time of the year is bad for business. But with the highest volume of sales – both retail and online – occurring between Black Friday..
Why get ISO27001 certification?
Tuesday, September 25th, 2018We are sometimes asked the question, why get ISO27001 certification? The answer is that the ISO standard, and ISO 27001 compliance in particular, demonstrates that your organisation takes information..
Protecting your cyber soul
Friday, September 7th, 2018By Tom Fairfax, Managing Director If you were asked to sell your soul to a stranger…. what price would you ask? The ancient Egyptians believed that a person’s soul had..
Why the prioritisation of breach identification and containment are crucial elements of every cyber defence strategy
Tuesday, September 4th, 2018One of the most significant elements of the current cyber threat landscape is the amount of time it takes to actually detect and contain a breach. In a study..
Schools are being targeted by cyber criminals: 6 ways to shore up online defences
Friday, August 31st, 2018In 2017 the Independent Schools’ Bursars Association (ISBA), which supports over 1,000 senior management staff in schools, stated that cyberattacks in schools can no longer be considered ‘isolated incidents’...
GDPR and data security in the gambling industry
Tuesday, August 21st, 2018This article first appeared in the Q3 edition of Casino & Gaming International (CGi ) and appears here with their kind permission. As the implications of the General Data..
Pen testing: seeing both the wood and the trees
Tuesday, July 24th, 2018If recent well-documented breaches tell us anything it is that even organisations with large budgets and skilled cyber security teams can miss something. In spite of their best efforts,..
Cyber insurance may be null and void without ‘due care’
Tuesday, July 17th, 2018There is a worrying trend in the world of cyber safety. Many companies believe that cyber insurance will protect against any damage associated with a breach. It is vital..
Retained Forensics & Incident Response Service: how planning for the worst can add value to your business
Tuesday, July 10th, 2018By Paul Brennecker, Principal Security Consultant and Lead QSA Paul Brennecker gave a presentation at PCI London on 5th July 2018 and this article first appeared in that event’s..
The Industrial Revolution v4.1: with increased opportunity comes increased vulnerability
Tuesday, July 3rd, 2018If history teaches us one thing it is that there is no going back. It started with the First Industrial Revolution which used water and steam power to mechanise..
How phishing scams are getting schools into deep water
Tuesday, June 26th, 2018While many schools are concerned about the advent of the General Data Protection Regulation (GDPR) and what it means for the collection and holding of data, permissions and consent,..
Incident Response & Forensic Expertise Webinar – Would your business survive a cyber-attack or security breach?
Tuesday, June 19th, 2018As organisations endeavour to be as proactive as possible to protect themselves from a cyber attack or security incident, do you have access to the correct Incident Response expertise..
Wondering where DPA and GDPR overlap? The Yahoo! ruling by ICO can provide some clarity
Tuesday, June 19th, 2018A recent investigation by the Information Commissioner’s Office (ICO) highlights an interesting aspect of the current system. Although the ruling against Yahoo! was announced on 12th June 2018, three..
The GDPR compliance fallacy
Friday, June 8th, 2018There is a curious irony that the enactment of the General Data Protection Regulation (GDPR), drawn up to protect the rights of individuals and their right to online privacy,..
The A to E of cyber maturity
Tuesday, June 5th, 2018In a recent report, the Philippine government’s Department of Information and Communications Technology (created in 2016) outlined a scale of cyber resilience based on an A to E grading..
eDisclosure: some real life examples of the benefits of a Managed Service
Tuesday, May 29th, 2018eDisclosure Services (sometimes known as eDiscovery) is a complex process. With automated tools available some opt to manage these in-house but, unless highly skilled and experienced personnel are involved..
The key to GDPR is common sense
Thursday, May 24th, 2018by Tom Fairfax, Managing Director It is not often that EU-wide legislation is likened to a children’s story. Consider, however, the story of Goldilocks and the three bears. When..
How PCI compliance puts you on course for GDPR
Tuesday, May 22nd, 2018For a long time the General Data Protection Regulation has been looming on the horizon but in just a few short days it will arrive; a permanent aspect of..
Webinar Wednesday 30th May 3pm: Incident Response & Forensic Expertise – would your business survive a cyber attack or security breach?
Tuesday, May 15th, 2018Register for the free SRM Incident Response and Forensic Expertise webinar here. As organisations endeavour to be as proactive as possible to protect themselves from a cyber attack or..
Business Continuity – what we can all learn from the NHS response to WannaCry
Tuesday, May 15th, 2018To be truly resilient against potential attacks, it is not enough to simply look at patching the last one, but to anticipate the next. When commenting on the news..
Three stages to building a robust defence against external threats
Friday, April 27th, 2018The news has been full of concerns that foreign powers are using state-sponsored hacking as a means to undermine the infrastructure of foreign powers. While it is irresponsible to..
Cyber resilience: it’s a board level issue
Friday, April 20th, 2018The problem with cyber resilience is in the name. When it comes to managing the risk posed by potential hackers and the requirement for robust testing and defence protocols,..
How attack is the best form of defence when it comes to protecting against the rising trend in phishing and social engineering attacks
Monday, April 16th, 2018The recent April 2018 Trustwave Global Security Report reveals new global trends in the world of cyber hacking; most notably a move away from smaller high volume point-of-sale (POS)..
PCI DSS: With charities gearing up for contactless payments what could possibly go wrong?
Thursday, March 29th, 2018More than 40 organisations, including McMillan Cancer, the NSPCC, the RNLI and the Church of England, have introduced technology which means that donations can be made with a quick..
eDisclosure webinar: seven reasons why your firm should consider a managed service
Wednesday, March 28th, 2018SRM is hosting a free eDisclosure webinar on Wednesday 18th April at 3pm. We find ourselves in an ever changing eDisclosure landscape. Join us for our upcoming webinar during..
Penetration testing: man vs machine
Friday, March 16th, 2018We already know that the concept of thinking like a potential hacker is the basis of penetration testing. But merely thinking like a hacker is not enough. We must..
GDPR: 10 key issues facing UK higher education
Tuesday, March 13th, 2018The world of higher education is about to be turned on its head. This is due to the imminent enactment of the General Data Protection Regulation (GDPR) which will..
How does GDPR differ from the UK Data Protection Bill (DPB)?
Friday, March 2nd, 2018Discussions with clients in recent months have revealed that there is some confusion over the General Data Protection Regulation (GDPR) and the new UK Data Protection Bill (DPB) which..
GDPR: 10 key issues facing UK retailers
Wednesday, February 28th, 2018The law regarding personal data will change on 25th May 2018 when the EU General Data Protection Regulation (GDPR) comes into effect. Replacing the UK Data Protection Act 1998,..
The NIS Directive: who does it apply to and what will it mean?
Wednesday, February 21st, 2018May 2018 is a big month for cyber security. Not only will the EU General Data Protection Regulation (GDPR) come into effect but a new UK Data Protection Act..
Free live webinar: GDPR – the roles of manual and automated penetration testing
Tuesday, February 20th, 201815:00 – 15:45 Thursday 8th March 2018 Have you tested to check your GDPR compliance? A key aspect of GDPR compliance is demonstrating that your systems are secure. Penetration..
Cyber Security Breaches Survey 2018 – shows that size matters and that numbers never lie
Friday, February 16th, 2018As with any statistical report, the numbers in the Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2018 provide a dizzying variety of analytical options. However,..
Coinhive attacks and how to prepare for the (almost) inevitable
Wednesday, February 14th, 2018This week’s report that more than 5,000 websites, including that of the Information Commissioner’s Office (ICO) have been hacked, shows that it really can happen to anyone. Other affected..
GDPR compliance: key issues facing law firms
Monday, February 12th, 2018GDPR compliance: key issues facing law firms Only 25 per cent of law firms consider themselves to be compliant with the forthcoming EU General Data Protection Regulation (GDPR) which..
Penetration testing: if prevention is to be an achievable goal we cannot rely on static defences
Thursday, January 25th, 2018SRM is at the PCI London event in London on 25th January, presenting on The Synergy Between Automated and Manual Penetration Testing. How a responsive Test and Exercise strategy..
GDPR: the world will not stand still on 25th May 2018
Wednesday, January 24th, 2018The 25th May 2018 is not an end date. Far from it. It marks the beginning of a new era in data protection but one that will continue to..
Are you ready for GDPR?
Wednesday, January 24th, 2018It is one thing knowing that the General Data Protection Regulation (GDPR) is coming and that compliance is mandatory from 25th May 2018. It is quite another to know exactly..
GDPR: a question of confidence
Thursday, January 18th, 2018In a recent interview with SC Media, Amazon Web Services (AWS) Chief Information Security Officer (CISO) Stephen Schmidt explains how his organisation is set up for full General Data..
Gibson & Co launches eDisclosure service
Friday, January 12th, 2018(left to right: Mark Nordstrom (SRM), Jane Gibson, James Hopper (SRM), Toby Gibson, Tom Fairfax (SRM), Alan Batey (SRM) (Press release 11/01/18) Leading North East litigation practice Gibson &..
The global growth of the eDisclosure market
Wednesday, January 10th, 2018The global eDisclosure market is forecast to rise from $6,000 million in 2016 to $13,000 million by 2023. Law firms across the world are therefore increasingly looking to develop..
Shipping news: how to manage a ransomware attack
Wednesday, December 13th, 2017Disproving the idea that there is no such thing as bad publicity, the shipping company Clarksons is doing its level best to limit the PR damage caused by a..
What is the password?
Monday, December 11th, 2017By Gerard Thompson, Information Security Consultant With over 3,500 MPs, lords and staff, being a computer security administrator in the Houses of Parliament must be a stressful job. They..
Law practices are prime targets for criminals
Thursday, December 7th, 2017PWC’s 25th Annual Law Firms Survey found that 73 per cent of respondents had suffered a security incident in 2016. These ranged from insider threats to the phishing of..
GDPR has been developed to protect us from breaches like Uber
Wednesday, November 29th, 2017The term ‘reputational apocalypse’ has been used about the recent news of the Uber data breach cover-up. It’s no exaggeration. 57 million sets of customer and driver data were..
UK research highlights the lack of Chief Data Officers at C-suite level
Wednesday, November 22nd, 2017Research by the data science and marketing services company Profusion has revealed that UK businesses are falling behind their European counterparts. The report highlights the lack of Chief Data..
Women in IT
Tuesday, November 21st, 2017SRM’s GDPR specialist Melanie Taylor explains some of the challenges faced by women trying to get into the world of IT ‘I don’t understand why a woman with a..
After GDPR, what will happen to ICO notification fees?
Tuesday, November 21st, 2017When the General Data Protection Regulation (GDPR) comes into effect in May next year it will not require organisations to notify the ICO about what data they hold or..
eDisclosure: the issues facing law firms and solicitors
Tuesday, October 24th, 2017by Alan Batey Information Security Consultant and Forensic Investigator In today’s world, evidence in legal cases is sourced from the vast quantities of Electronically Stored Information (ESI) that exists..
Can Decision Cycles help us maintain the initiative in cyberspace?
Tuesday, October 24th, 2017As our world gets increasingly complex we must choose the levers we use to influence it with care. One way to look at this is through the lens of..
PCI SSC Europe Community Meeting: free one to one meetings with PCI DSS industry thought leaders
Sunday, October 22nd, 2017Delegates at the PCI SSC Europe Community Meeting in Barcelona this week will have a lot on their minds. Changes to compliance, the security of customer payment card data,..
What is Red Team engagement?
Friday, October 20th, 2017By Andrew Linn, Principal Consultant The news this year has been full of high profile hacks on large organisations. These have included viral and ransomware attacks which have brought..
eDiscovery and eDisclosure: why, what, how and who?
Wednesday, October 18th, 2017For many years the terms eDiscovery and eDisclosure have been used interchangeably. The general rule was that eDiscovery was a US term while eDisclosure was more commonly used in..
Win a free day’s consultancy: October offer to celebrate National Cyber Security Awareness Month (NCSAM)
Saturday, October 7th, 2017Security Risk Management is offering a free day’s consultancy in support of National Cyber Security Awareness Month. October may, for many, be associated with the ghouls and ghosts of..
PCI – Europe Community Meeting Barcelona 24 – 26 October 2017
Saturday, October 7th, 2017James Hopper and Paul Brennecker of SRM will be attending the Europe Community Meeting in Barcelona 24th – 26th October. Organised by the Payment Card Industry Security Standards Council..
Client files on home computers must be encrypted
Tuesday, September 26th, 2017Barrister fined by ICO for data protection breach A recent ruling by the Information Commissioner’s Office highlights the responsibility of professionals to safeguard client data held on their home..
It’s not a question of if, but when
Wednesday, September 20th, 2017Why board level commitment is a vital part of cyber defence It is difficult to defend against an attacker who only needs to succeed once. Security systems might defend..
Today: new UK Data Protection Bill published
Thursday, September 14th, 2017The new UK Data Protection Bill, published today, will come into force next May. As part of the multi-million pound National Cyber Security Strategy, the new legislation will effectively..
The Equifax breach and how it impacts the UK
Tuesday, September 12th, 2017Cyberattacks do not recognise national boundaries, as the latest breach concerning the US credit rating firm Equifax proves. So although the company has now reported the breach of 143..
University CISOs face tough challenges in the next academic year
Thursday, September 7th, 2017University Chief Information Security Officers (CISOs) have had a tough time lately. According to information acquired under the Freedom of Information Act by The Times newspaper, some of the..
US statistics warn of new trends in cybercrime: how a retained PFI can mitigate the risks
Tuesday, August 29th, 2017Statistics provide useful evidence of the trends developing within the world of information security. Figures compiled from reported attacks in the United States for July 2017 give us a..
Government 2017 cyber security health check reveals many FTSE 350 companies are not prepared
Monday, August 21st, 2017Monday’s Government survey of Britain’s FTSE 350 companies has revealed some worrying statistics. The report analyses how the boards of the UK’s largest businesses deal with cyber security and..
How poor data-stripping can expose organisations to Spear Phishing attacks
Friday, August 18th, 2017A survey for the BBC has discovered that poor data-stripping on websites leaves information in place which provides valuable intelligence for Spear Phishing attackers. By not removing key metadata,..
How US internet giants are tackling the issue of GDPR compliance
Tuesday, August 15th, 2017It is rare that anyone ever feels much sympathy towards the behemoths of the internet, Facebook and Google. But spare a thought for these giants when it comes to..
GoT2: What the Game of Thrones HBO ransom reveals about White Hat Hackers
Friday, August 11th, 2017As Game of Thrones fans watch the unfolding drama in Westeros on their TV screens, corporations around the world are equally riveted by the now public battle for HBO’s..
Security by Design.. a little thought can save a great deal of expense!
Tuesday, August 8th, 2017Security consultants talk about “Security by design” … and to be fair, most of us believe in it! The trouble is that to much of society, it is at..
Summer holidays: don’t take your eye of the PCI DSS ball
Monday, August 7th, 2017The summer months are traditionally a time when hard-working people take a break. Those left in the office can end up feeling over-stretched or less-motivated than normal. But it..
Game of Thrones: data theft and pen testing
Wednesday, August 2nd, 2017‘Hi to all mankind’. Thus began the email sent to journalists by hackers who have reportedly stolen 1.5TB of files and videos from entertainment giant HBO. What has made..
Network intrusions are on the increase: time to engage a Retained Forensics specialist
Monday, July 31st, 2017This month Visa has reported an increase in the number of network intrusions involving service providers. It also reports increases in re-breaches of merchant payment environments and skimming incidents..
Time running out for GDPR compliance
Friday, July 28th, 2017Time is running out for UK businesses. By 25th May 2018 every business, charity and organisation needs to be ready for the General Data Protection Regulation (GDPR). Because from..
What does GDPR mean to SMEs?
Monday, July 24th, 2017by Melanie Taylor, Information Security Consultant “With less than a year to the deadline for compliance with the General Data Protection Regulation, all companies should have assessed what they..
Not all publicity is good, especially when it comes to data breaches
Wednesday, July 19th, 2017While most businesses are pleased to receive free publicity, spare a thought for Berkshire-based Boomerang Videos. Not only did the firm’s website suffer a cyber attack in 2014, but..
The new Data Protection Bill and GDPR
Friday, July 14th, 2017It’s official. It was widely expected that the EU data protection rules contained within the General Data Protection Regulation (GDPR) would be implemented by the UK, regardless of the..
NotPetya – does society need to start thinking differently?
Monday, July 10th, 2017By Tom Fairfax Talking to a well-respected and hitherto successful businessman at an event recently, he mentioned the NotPetya malware attack and then dismissed it as “another one of..
Phishing and GDPR compliance
Tuesday, June 20th, 2017By Paul Brennecker, Principal Consultant, CISM | PCI QSA | PCI PFI | PCIP There is a saying that a chain is only as strong as its weakest link. This,..
Emerging Trend: Persistent JavaScript Ecommerce Malware
Friday, May 26th, 2017Our analysts report another trend that Administrators should be aware of. This is a JavaScript-based eCommerce malware that enables the malware to re-infect websites automatically upon incomplete removal. It has..
Ransomware – Could it be you?….
Sunday, May 14th, 2017Complacency has always been the enemy of safety; in today’s world, we are all vulnerable! The digital (cyber) environment may sometimes be opaque and difficult to understand, but it..
No breach too small – the ICO takes action against charities
Friday, May 5th, 2017In December 2016 the Information Commissioner’s Office (ICO) fined a historical society £400 after a laptop containing personal data was stolen while a member of staff was working away..
Data protection – the gap widens across the Atlantic
Monday, April 24th, 2017Data protection is a global issue. Yet it is being approached in very different ways on either side of the Atlantic. While Europe and Britain will embrace the more..
A data breach damages more than your reputation
Thursday, April 20th, 2017Being known as the source of the largest data breach in history is probably not how Yahoo would like to be remembered. The reputations of eBay, Linkedin, MySpace, Talk..
How to protect your business from account data compromise (ADC)
Thursday, April 13th, 2017The fact is that all too often the first someone knows that their system has been breached is when they receive a call from their acquiring bank. Someone has..
Does Open Source Code make programs more vulnerable?
Tuesday, April 11th, 2017By Paul Brennecker, Senior Information Security Consultant & Principal QSA There is something of the Tim Berners-Lee about open source software. Unlike proprietary software, where the code is a jealously..
Prevention and cure: working out an information security budget
Wednesday, April 5th, 2017The Chancellor recently announced a £425 million government investment in the NHS over the next three years. While pundits speculate on what this will actually mean for our vital..
Does outsourcing card processing make you PCI compliant?
Tuesday, March 28th, 2017By Paul Brennecker, Senior Information Security Consultant & Principal QSA The Payment Card Industry Data Security Standard (PCI DSS) lists a number of myths relating to PCI compliance. One of..
Who’d want to be a University CISO?
Thursday, March 16th, 2017Spare a thought for the University CISO: ‘As a group, CISOs live on a knife’s edge and do not sleep very well. They know that a breach is inevitable.’..
The uncertainty of Brexit, the certainty of GDPR and the responsibilities of the CISO
Thursday, March 9th, 2017As Britain navigates its way through the choppy waters of Brexit, there is a great deal of uncertainty about exactly what form our new relationship with Europe will take...
QSA: new face in cyber crime investigation
Tuesday, March 7th, 2017There is a new face at the forefront of investigating cybercrime in the UK. Newcastle-based Security Risk Management has achieved another success for its SRM Academy Programme. With over..
The technology gap which leaves organisations vulnerable to attack
Monday, March 6th, 2017While all of us are aware of the need to protect our organisation’s technology from potential threats and security breaches, few are fully aware of the gaps that exist..
If Brexit means Brexit, what does GDPR mean?
Friday, March 3rd, 2017Politicians do tend to favour soundbites and Theresa May is no exception. So when she said that “Brexit means Brexit” some nodded their heads as if this simple statement..
Calling in the Red Team: going above and beyond the vulnerability scan and penetration test
Wednesday, March 1st, 2017By Kane Cutler In the world of information security which is riddled with acronyms, the deceptively simple ‘Red Team’ may take a little explaining. Breaking down the initial letters..
The flaw in the plan: business continuity management
Friday, February 24th, 2017When is a plan not a plan? When it is an out-of-date plan. The latest research from the industry-respected Ponemon Institute, reveals that 26 per cent of IT and..
GDPR: the impatient tiger
Wednesday, February 22nd, 2017General Data Protection Regulation (GDPR) is an impatient tiger. That is, it has many more teeth and much less patience than its predecessor, the comparative kitten that is..
Do not wait until it’s too late – engage a PFI company now!
Friday, February 3rd, 2017‘Do not wait until it’s too late – engage a PFI company now!’ That is the advice given by Jeremy King, International Director, PCI Security Standards Council in his closing..
Changes to the Issuer Identification Number (IIN) standard
Wednesday, February 1st, 2017The numbers on payment cards are going to become longer. This is because of changes which are being made to the international standard (ISO/IEC 7812) under which Issuer Identification..
What is an Incident Response Plan?
Wednesday, January 25th, 2017Information security breaches can and do happen, even to the best prepared organisations. Every year, companies that have demonstrated ongoing PCI DSS compliance will still fall victim to an..
Hot water and PCI compliance
Wednesday, January 18th, 2017There are a lot of online registers for reputable tradesmen. Many of these provide contact details for reliable plumbers in any given area, together with ratings and personal recommendations...
What is the difference between a penetration test and a vulnerability scan?
Thursday, December 29th, 2016Penetration testing and vulnerability scanning are sometimes confused. After all, they sound as if they might do a similar job. But there are important differences. Also known as..
A Cautionary Christmas Tale
Tuesday, December 13th, 2016‘Twas the night before Christmas, and all through the house, Not an iPad was stirring, nor PC or Mouse; The shopping had been done on the internet..
Grey Monday and the importance of the penetration test
Monday, November 28th, 2016How a correctly-scoped penetration test will future-proof your organisation from real world cyber attacks. In the aftermath of Black Friday comes Grey Monday. The day of reckoning. Because although..
The Internet of Things and how your doorbell might just be attacking Amazon
Thursday, October 27th, 2016We hear a lot about the Internet of Things (IoT) on the web nowadays and the TV is full of adverts for Central heating systems that you can control..
How a CISO can exert influence at board level
Friday, October 21st, 2016Mike Tyson once said, “Everyone has a plan until they get punched in the mouth.” As he is perhaps best remembered for his infamous ear-biting antics, he is unlikely..
The buck stops here: advice for the new CISO on campus
Wednesday, October 19th, 2016As Universities return for the beginning of a new academic year, never has the role of Chief Information Security Officers (CISO) been more important. Some will be continuing an..
VirtualCISO: the philosophy of product development
Friday, September 30th, 2016The Dalai Lama said: ‘When you talk, you are only repeating what you already know. But if you listen, you may learn something new’. It is, of course, doubtful..
Multi Factor Authentication – why is this something that is so commonly misunderstood?
Friday, September 16th, 2016“The single biggest problem in communication is the illusion that it has taken place.” said George Bernard Shaw. This can be true in so many aspects of life and unfortunately,..
Promoting and Protecting your Identity on social media
Thursday, June 9th, 2016How much control is too much when it comes to social media? Organisations spend millions on their marketing campaigns in the hope and expectation of raising brand awareness and..
If the UK votes to leave the EU, will we still have to comply with GDPR?
Monday, June 6th, 2016The 23rd June referendum is fast approaching and it is getting increasingly difficult to get simple answers to simple questions. As we think about how we will vote, just..
The Unreliability of Technology
Monday, June 6th, 2016“Technology is so unreliable” is a phrase you often hear following something going wrong at a critical moment. One of the greatest misconceptions is that our day to day..
Up to £1,500 available to Scottish SMEs to develop Cyber Resilience
Wednesday, May 25th, 2016Businesses in Scotland can receive up to £1,500 to help develop their cyber security as part of a Cyber Resilience Programme. The Digital Scotland Business Excellence Partnership (DSBEP) has..
Home grown talent makes SRM European leader in cyber security
Wednesday, May 25th, 2016Newcastle-based Security Risk management (SRM) Ltd is addressing the national shortage of top level qualified cyber security consultants by employing individuals with potential and then providing training in house...
EU Cyber Security Directive on Essential Services
Wednesday, May 25th, 2016Whatever the result of the EU Referendum, there are some aspects of our relationship with Europe that are unlikely to change, as long as we continue to engage in..
What are the common failure points of repeat info-security assessments?
Friday, May 13th, 2016Maintaining Compliance with any Information Security Standard is often a long and winding journey. You never quite know what is over the horizon or around the bend, so what..
Cyber Security Accountability Does Pay
Wednesday, May 11th, 2016Cybercrime in 2015 was nothing short of epic. No one could have anticipated headline news stories such as Sony Pictures Entertainment hacked by a group allegedly sponsored by North..
The Digital Economy
Thursday, May 5th, 2016Decentralized cryptocurrencies and Dark Web cartels challenge the effectiveness of legislation, jurisdiction and law enforcement. This poses the question, when the economy is becoming more and more dependent on..
PCI DSS Version 3.2 is released today – so what has made it through to the final cut?
Thursday, April 28th, 2016The eagerly anticipated update to the global Payment Card Industry Data Security Standard (PCI DSS) has been released today, Thursday April 28th 2016. This update to the standard has..
The Emerging Market of Cyber-crime as a Service
Wednesday, April 27th, 2016One of the greatest misconceptions about cyber-crime is that you need to be a computer geek to be a cyber-criminal. The truth is the cyber-crime industry is starting to..
Navigating the minefield of info-security compliance
Friday, April 22nd, 2016A company trying to navigate the minefield of info-security compliance may think of it as a daunting task. On one side is PCI DSS and Data Protection while on..
The reputational benefits of being a Cyber Essentials UK company
Tuesday, April 19th, 2016Gaining Cyber Essentials certification protects a business’ reputation as well as its cash flow. With over £50 billion in annual online retail sales in the UK, it is becoming..
The real risk of ransomware
Wednesday, April 13th, 2016“We do not negotiate with terrorists” is a patriotic statement used by many countries. Does this notion still hold when you risk losing your data? The short answer is..
PCI DSS, Vulnerability Scans and the Trouble with SSL
Monday, April 11th, 2016With the PCI Council set to release version 3.2 of the PCI DSS imminently, the subject of migration away from weak session encryption protocols is becoming a hot topic...
The Dark Web
Wednesday, April 6th, 2016Search Engines like Google and Safari only have access to about 4% of the information on the web. The other 96% is what is referred to as the Deep..
Does Bitcoin threaten economic and business security?
Wednesday, March 30th, 2016Bitcoin is arguably the biggest shift in digital enterprise since the beginning of E-commerce – and has proved to have the potential to make even bigger changes to our..
Who are the cyber criminals – hackers or attackers?
Tuesday, March 8th, 2016There was a time – back in the halcyon days of the 1990s – when cyber criminals and cyber security was so much simpler. At that time, anti-virus software..
PCI DSS is a useful tool in GDPR compliance
Monday, March 7th, 2016By Paul Brennecker, Principal QSA, PCI PFI, PCIP The countdown to European-wide data protection is on. But while some businesses will be anxious about how to ensure compliance with..
The penetration test – a test of faith?
Friday, February 26th, 2016By Kane Cutler, PCI QSA, Tiger QSTM, CEH Although statistics show that skydiving is a relatively safe pastime, things do sometimes go wrong. Since 2004 653 people have lost..
Learning to love the new EU cyber security regulations
Tuesday, February 16th, 20162015 ended on a bombshell of legislative changes creating an air of unwelcome uncertainty for businesses. Yet, they need not be a cause for concern. The announcement of the..
Children’s web usage increases
Friday, February 12th, 2016by Michelle Ali Time spent online exceeds time spent watching TV -2016 Statistics on Children’s use of the Web The year 2015 was described by the research agency Childwise..
PCI Breach Trend Report September 2015 – January 2016
Friday, January 29th, 2016The period September 2015 – January 2016 is covered in this issue of SRM’s breach trend report which looks at businesses that had a requirement for a PFI investigation...
PCI Breach Trend Report June – August 2015
Friday, January 29th, 2016The period June – August 2015 is covered in this issue of SRM’s breach trend report which looks at businesses that had a requirement for a PFI investigation. The..
PBX fraud costing millions
Thursday, January 28th, 2016In spite of awareness of the enormous financial implications of PBX fraud since 2013, cases continue to come to light. Police force cyber crime teams have recently been dealing..
Landmark US legal case to make cybersecurity specialists accountable
Tuesday, January 26th, 2016In a landmark case, Affinity Gaming is seeking $100,000 in damages from its cybersecurity provider Trustwave over how the company allegedly handled a data security breach which cost the casino..
Kane Cutler: youngest PFI in the world
Wednesday, January 13th, 2016Newcastle-based Kane Cutler becomes youngest cybercrime expert drafted into exclusive Payment Card Industry investigation team Newcastle-based Kane Cutler has been accepted by the Payment Card Industry Security Standards Council..
Ransomware
Monday, January 11th, 2016As with any black hat related activity, innovations are always emerging to circumvent security and exploit vulnerabilities. Older forms of ransomware was mostly kept by specific groups of hackers that..
Cyber Security health tips for the New Year
Wednesday, January 6th, 2016As New Year resolutions go, enhancing personal cyber security may not be as high on people’s lists as that resolution to take out a new gym membership or embark..
LinkedIn phishing scams
Wednesday, December 23rd, 2015By Chris Ince, Information Security Consultant, Security Risk Management Ltd LinkedIn recruiting scams are not a new threat to most. Many users of the professional network face this ever..
Understanding the role of Chief Information Security Officer (CISO)
Thursday, December 17th, 2015Making a case for the VirtualCISO Few company directors have a deep knowledge of corporate law, or a detailed understanding of investment planning or tax implications. They employ offsite..
GDPR and the strengthening of individual data protection rights
Thursday, December 10th, 2015By Chris Ince, Information Security Consultant “The processing of personal data should be designed to serve mankind.” (Council of the European Union, 2015) On 8th December the European Parliament, Council..
The Weatherspoons Breach – and why you should ensure historic personal data is secured
Monday, December 7th, 2015By Paul Brennecker, PCI QSA, PCI PFI, PCIP, Principal QSA, Security Risk Management Ltd Last week we saw another significant breach of over 650,000 records of customers’ data from..