Can you explain: Social Media + Urgency + Seniority = (£35,000)?

The explanation is simple but could be worrying for companies that aren’t managing risks to their business. The cyber threat to UK legal sector report has details about a £35,000 loss to a mid-sized law firm with a multi-million pound turnover from a phishing attack. A combination of social media posts from a senior partner… Read More

WADIFF Consulting help St Giles Trust get ISO27001 certification

St Giles Trust is a charity that helps ex-offenders and disadvantaged people to move their lives forward. Security requirements to obtain funding, and the expectations of partners, meant that ISO27001 certification to cover their six offices was becoming a ‘must have’ for the Trust. Where WADIFF Consulting make a difference Practical knowledge of implementing and… Read More

Don’t panic – stopping apps from accessing your emails

If you give an App access to your emails (and other data) it should come as no surprise that they use the access. And sometimes that could mean humans reading emails contents, and possibly not for the expected reason.  Here are ways to check who has access to your data in Google and Microsoft.com and… Read More

#GDPR – number of complaints in the first month

IAPP has published details about the number of complaints received by different data protection authorities (DPAs) in the first month after the GDPR started to be enforced. It isn’t a full picture as there are no details from Croatia, Cyprus, Finland, Germany, Greece, Hungary, Italy, Latvia, Lithuania, Luxembourg, Poland, Portugal and Spain. The accuracy and consistency of… Read More

You have decided you need ISO27001 certification – what happens now?

ISO27001 is the international standard for Information Security, and there are several reasons for deciding that certification is a business requirement. For some companies, it becomes a requirement to get shortlisted for new work. For others, it can be a way for management to ensure good security practices are in places as they grow or… Read More

Password protecting your Word, Excel, PowerPoint and PDF files #MSOffice

A discussion about security measures with an SME I have been working with highlighted the need to provide some tips on how to protect files. They wanted to add passwords but were not sure of the best way to do this. So here is the way to do it in MS Office applications for Office365.… Read More

How to track down your personal data (Data Mapping)

One of the early stages to prepare for the General Data Protection Regulation (GDPR) is identifying the Personal Data you process; this blog provides a framework to build a Personal Data Inventory. An inventory is not a requirement of the GDPR, but it is a good way to build up a picture of the personal… Read More

Legitimate Interests – 3 part test

Legitimate interests (LI) is one of the lawful basis for processing personal data. The ICO say it is appropriate “where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”. The three parts to the test to identify a LI have been… Read More

Accountability and Governance – Documentation #GDPR #DPB

Details of documentation requirements for Accountability and Governance under the GDPR and Data Protection Bill are on the ICO website. A mind map has been created to act as a quick reference. Click on the image to view the full-size mind map. You can use the Checklist on the ICO website page to track what… Read More

It was bound to happen…was it a problem?

  Along with death and taxes, one of the things that will happen to almost everyone in the UK is losing access to a vital lifeline, aka your mobile phone. And when that happens, are you going to be in for a frantic four-hour session to get back to normal, or will it be relatively easy. … Read More