Data protection affects almost everybody and everything that we do. From high-street and online shopping, banking, booking holidays, to tracking exercise activity. Whilst most of us are generally aware of the risks involved when sharing personal data, we may not fully grasp the potential impact of unauthorised access to our information. We may also not …
Cyber Essentials was introduced in 2014 by the UK Government in collaboration with the National Cyber Security Centre (NCSC). The aim of the scheme is to improve the baseline cyber security posture of small businesses. In essence it is a practical, no-frills approach to addressing the key areas of cyber security. The basic concept is …
Following the General Data Protection Regulation (GDPR) and many other similar privacy laws and regulations being introduced around the world, there has been an increasing need for a standard or certification that organisations can use to demonstrate compliance with data privacy best practice. ISO 27701, released in August of 2019, seeks to fill this gap. …
Cybersecurity is now a primary focus for companies and organisations of all types and sizes. Continuous change in technologies deployed to gain competitive advantage inevitably means a corresponding shift in cybersecurity trends. Phishing and ransomware attacks are increasingly with us and news reports of high-profile data breaches are becoming ever more the norm. As well …
What is Phishing? Phishing is a very common type of cyber-attack that everyone should learn about in order to protect themselves. Phishing attacks are where attackers send fraudulent communications that appear to come from a reputable source. It is typically done via email although other forms of messaging and social media are used, and can …
What is Cryptojacking? Cryptojacking is a type of cyber-attack where malware is covertly installed onto unsuspecting hosts so it can make use of the host’s processing power to mine cryptocurrency for the attacker. Cryptojacking isn’t attempting to cause damage to host systems or steal their data, but it is far from benign. It is a …
As with any programming language, JavaScript has fair its share of potential security exposures. Exploiting a JavaScript vulnerability can allow you to manipulate and steal data, redirect sessions and lots more. Whilst JavaScript is normally thought of as a client-side application, JavaScript security issues can also create problems on the server-side. Vulnerabilities in JavaScript Source …
A CDN is a type of overlay network that moves a website’s content closer to the end user in order to improve performance. Typical services offered by Internet overlay networks include edge caching, SSL offloading and edge routing. Internet overlay networks allow websites to benefit from third party infrastructure to improve performance and security. Instead …
The global COVID-19 pandemic dominated all aspects of life in 2020 and pushed the workers of the world to switch to remote working. This resulted in a major shake-up of IT and security practices to which businesses have had to quickly adapt. Security experts have reviewed some key aspects that shaped cybersecurity through the pandemic …
Received wisdom regarding email security says – don’t trust email. Email is an unauthenticated, unreliable messaging service. The general advice was, and still is, use strong passwords, block spammers, don’t trust unrecognised sources and verify requests even from trusted entities. Email hasn’t gone away and the stakes are ever higher as email has become an …
Fraudsters and criminals are exploiting genuine fears about COVID-19 in order to prey on members of the public. Older and vulnerable people who are isolated from their family and friends are especially at risk. The UK Government has urged people to remain on their guard following a rise in COVID-19 scams that seek to benefit …
Remote working and home working have been increasing gradually throughout the 21st century and, since the Covid-19 pandemic, remote working has become a fundamental requirement for many businesses. Some companies, especially ones which already practiced some degree of remote working, have moved relatively seamlessly to large scale remote working. Others, that did not embrace the …
Are you a Gmail user? When was the last time you took a look through the settings to make sure you are making the most of the security features? Beyond enabling 2FA (which you should now be doing on all online accounts), what can you do to make Gmail more secure? Well, Gmail has a …
Web application security is, or should be, high on the agenda for any web-based business. The very nature of the Internet exposes web sites to attack from any location on the planet potentially leading to a data breach. A data breach is a general term referring to unauthorised access of sensitive or confidential information and …
The proportion of smartphone use, and time spent online using a phone or tablet compared to a laptop or desktop PC continues to increase. That being the case you would think that the kind of security-aware practices adopted by laptop and desktop users more than a decade ago would also now be standard practice for …