How to track down your personal data (Data Mapping)

One of the early stages to prepare for the General Data Protection Regulation (GDPR) is identifying the Personal Data you process; this blog provides a framework to build a Personal Data Inventory. An inventory is not a requirement of the GDPR, but it is a good way to build up a picture of the personal… Read More

The SMEs guide to the General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) will replace the Data Protection Act (DPA) in May 2018. The headline-grabbing impact of the GDPR are the fines; up to €20m or 4% of global turnover (whichever is the higher) depending on the scale of the issue you have with personal data. But it also presents OPPORTUNITIES; to improve… Read More

Why keeping information secure is much more than an IT issue

When I ask business owners what they are doing to keep their business information secure, the vast majority say it is an IT issue and I should talk to their IT team or the company used to maintain their IT systems. But what about dealing with risks from your staff, lack of adequate physical security or keeping… Read More

Is that the drip, drip, drip of your data?

It may seem obvious, but some businesses don’t appreciate that securing information means you need to know what you have and where it gets stored. Not so long ago you knew that information stored electronically would be held on servers within your building(s), at a secure data centre or on backups held by a trusted… Read More

Self-assessment tool to help SMEs with Data Protection

The Information Commissions Office has launched a self-assessment tool to help small and medium-sized enterprises (SMEs) assess their compliance with the Data Protection Act and the key obligations for processing their customers’ or clients’ personal information. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that… Read More

Cyber insurance cover – check the small print

The insurance industry has responded to increasing cyber threats to client details, business strategy, financial details, intellectual property, passwords and employee information by offering cyber insurance to supplement existing insurance arrangements. The market is still evolving, but it typically covers hacking, computer system failure and recovery, and business interruption. Businesses of all sizes may view this… Read More

Will the publishing of UK cyber crime statistics be the wake-up call to take action?

2.5 million reported incidents of cyber crime £16 billion losses from cyber crime Credit card details selling for as little as $5 The Office of National Statistics is now including cyber crime in crime statistics.  The crimes are those falling under the Computer Misuse Act. The largest number are due to devices infected by a virus.… Read More

Information Security – don’t forget about paper

Over the past few weeks, I have been talking to a lot of small businesses about Information Security. Every time I get a reaction along the lines of ‘it’s an IT issue’. That is part of it, but information exists in different formats and media, and anything sensitive needs protecting. What you need is a good… Read More

What is Acceptable?

Every organization needs an Acceptable Use Policy (AUP) to define how their employees are expected to use IT facilities and handle information, and the consequences of not following the rules. In 2010 research claimed that the majority of traffic to NSFW sites occurred during working hours, productivity for more than a third of employees suffered as… Read More

Check before you send

A few weeks after we found out that personal details of world leaders were accidentally emailed to organisers of the Asian Cup there is a story about Project Bookend. This is, allegedly, secret research by the Bank of England on the financial shocks that could hit Britain if there is a vote to leave the European… Read More