You have decided you need ISO27001 certification – what happens now?

ISO27001 is the international standard for Information Security, and there are several reasons for deciding that certification is a business requirement. For some companies, it becomes a requirement to get shortlisted for new work. For others, it can be a way for management to ensure good security practices are in places as they grow or… Read More

Why keeping information secure is much more than an IT issue

When I ask business owners what they are doing to keep their business information secure, the vast majority say it is an IT issue and I should talk to their IT team or the company used to maintain their IT systems. But what about dealing with risks from your staff, lack of adequate physical security or keeping… Read More

Cyber insurance cover – check the small print

The insurance industry has responded to increasing cyber threats to client details, business strategy, financial details, intellectual property, passwords and employee information by offering cyber insurance to supplement existing insurance arrangements. The market is still evolving, but it typically covers hacking, computer system failure and recovery, and business interruption. Businesses of all sizes may view this… Read More

Data encryption

Sensitive information needs protecting from unauthorised access. Paper records such as staff details can be locked away. Information held electronically needs to be encrypted, the device it is held on may also need to be encrypted to provide another layer of security. For encryption to work, the key used to encrypt the data has to be secret… Read More

Sharing some information is the price for having ‘free’ anti-virus software

Protecting your business and personal information is a fundamental part of information security. If you pay to use software or a cloud-based service, there is no reason for any information to be passed on. The only exception is to a valid law enforcement agency in your country if they have justifiable grounds to believe laws… Read More

US OPM incident – details of 4 million people may have been compromised

Details of 4 million current and former US government employees may have been compromised by a hack found in April 2015. US law enforcement officials are saying this was done by the same Chinese hackers that attacked an insurance company, using a ‘zero-day’ vulnerability that allowed them access. The implication, for me, is that the data… Read More