What is an APT?

A lot of cyber security discussion lately is centred around the actions and identities of a range of Advanced Persistent Threats (APTs). You may have found yourself wondering just what these threats are, what differentiates them from the more bogstandard kinds of threat that you are used to and who they pose the most risk to.

What is an APT? Read More »

6TB Citrix Data Breach

Cloud computing and software company Citrix have recently been the victim of a major cyber attack, with attackers gaining access to what cyber security firm Resecurity claims is ‘at least 6 terabytes of sensitive data stored in the Citrix enterprise network, including e-mail correspondence, files in network shares and other services used for project management and procurement.’

6TB Citrix Data Breach Read More »

Storage in the Cloud: Part 2

In the previous part, we discussed what the Cloud—particularly when used for storage purposes—really is, and some security concerns that may arise from this better understanding. In this second part, we will run through some more points for ensuring that your file storage procedures are secure, and present an analogy to help you think about your processes.

Storage in the Cloud: Part 2 Read More »

Storage in the Cloud: Part 1

Remember back to when you were little, and you had just found out that Santa Claus wasn’t real, or the tooth fairy, or the Easter bunny (if you are only just learning this now, I apologise). Get ready to relive that experience today, because I am going to let you in on one of the tech. industry’s dirty secrets. Ready? Here goes: the Cloud doesn’t exist. I imagine I’ve just blown your socks off, so I’ll give you a moment to go pick them back up.

Storage in the Cloud: Part 1 Read More »

Information Classification

Information is power, as the famous saying goes. Information is the lifeblood of a business, as well as a tantalising target for an attacker. All businesses will find themselves dealing with different types of information, from things that they are happy to make public to things they would rather keep under wraps. How can you ensure that all such items are properly labelled, so that all employees (and anyone else who gets their hands on them) will know how to handle them? The answer is information classification.

Information Classification Read More »

The Principle of Least Privilege

One of the most fundamental tenets of information security is the Principle of Least Privilege. First formulated by Jerome Saltzer for a 1974 Communications of the ACM article, the Principle states that ‘every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.’ What does this mean for a business and its employees?

The Principle of Least Privilege Read More »

Offboarding Employees

It is a fact of business life that employees may, one day, cease to be a part of your organisation. There may be many reasons for this, and the separation may be more or less mutual; more or less amicable. The one thing that all separations have in common is the need for you to have policies and procedures to be in place that will ensure a smooth transition, without leaving yourself vulnerable.

Offboarding Employees Read More »

New BSIA Guidance Overview

The British Security Industry Association (BSIA), which claims to represent a membership ‘responsible for more than 70% of privately provided UK security products and services (by turnover)’, released in early January a document titled Cyber secure it – Best practice guidelines for connected security systems with the aim of ‘summaris[ing] current guidelines to minimise the exposure to digital sabotage of network connected equipment, software and systems used in electronic security systems.’ Here, we will give you a brief overview of the guidance.

New BSIA Guidance Overview Read More »

DNS Hijacking

You may be wondering what ‘DNS hijacking’ is, and how to secure your own company’s sites. Even if you are not in one of the industries currently being targeted, it is nonetheless important that you secure yourself regardless.

DNS Hijacking Read More »

Threats You Might Not Have Thought Of: Part 2

In the previous part of this series, which covers some of the weirder and wackier parts of your business that may nonetheless prove to be your Achilles’ heel when it comes to cyber attack, we discussed the threat posed by printers. This time, it’s the turn of something you probably even less likely to consider when assessing your level of vulnerability—your air con.

Threats You Might Not Have Thought Of: Part 2 Read More »

SMEs: Easy Pickings and Collateral Damage

If you work within, or even run your own, SME, it may be tempting to consider yourself protected from the risk of cyber attack by your size. If you only have a handful of customers, or turnover that measures in the hundreds of thousands rather than the millions, you may believe that attackers will simply pass you over in favour of larger, potentially more lucrative targets. This can leave you vulnerable for a couple of reasons, which we’ll talk about here.

SMEs: Easy Pickings and Collateral Damage Read More »

What are the Collections Breaches?

In January, security researcher Troy Hunt announced the addition of the ‘Collection #1’ set of compromised login credentials to his Have I Been Pwned (HIBP) service. HIBP allows users to search for their own email addresses and passwords in order to identify whether they have appeared in any major data breaches. This was followed shortly afterwards by coverage of ‘Collections #2–5’. Here we’ll explain why these collections are a big deal, and the steps you can take to protect yourself.

What are the Collections Breaches? Read More »

Scroll to Top