Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the world’s biggest phonebook courtesy of Facebook, Irish colleges are the latest ransomware victims, and emerging evidence that the Rule of 1% is starting to apply in cyber attacks. This week’s action: Disaster recovery – As the name suggests, think about how you will recover from a disaster like a ransomware attack.
Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the increasing concern that large firms have about their smaller suppliers, a survey that reminds us of the prevalence and cost of phishing emails, and the best defences against phishing emails and ransomware. This week’s action: Tag external emails so your staff are less likely to be fooled by a phishing email.
Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the link between your cybersecurity and your sales opportunities, a recent survey on cyber-crime from Bank of Ireland, and a reminder that cyber-criminals are not ordinary decent criminals. This week’s action: Prepare your people.
Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how insurance is only useful if you’ve got basic security measures in place, and the reasons why less than 20% of cybercrimes are reported. This week’s action: Have a Plan B.
Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the cost to Irish businesses of just one type of cybercrime in 2020, and how the increasing adoption of the cloud has increased the value of your passwords. This week’s action: Stop fooling yourself about passwords.
Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including some key insights from the DPC’s annual report, and an introduction to Cyber Essentials. This week’s action: Backups - Have them, test them, secure them
If you have followed my guide to cybersecurity basics for small businesses, you will have basic measures in place to defend against the most likely attacks. You then consider the next step in the cybersecurity ladder. Cyber Essentials may be that step. It is a set of requirements (split across five themes) that will help any business identify the appropriate technical security measures that should be put in place to protect against common cyber attacks.
Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including my guide to the basis of cybersecurity, insight into why small businesses are attacked, and stats on cyber insurance coverage. This week's action: Make sure your valuable data is protected by more than 8 characters.
it turns out that Little Red Riding Hood's village had an incident response plan.
I'm sure no-one in the village wanted to consider the idea of a wolf eating one of their kids. But they did consider the awful scenario. And they had a plan to recover from the incident.
It's risky for an organisation to rely on technology that is designed for home use. Laptops purchased in retail outlets are just one simple example of this risk. On the outside, they look the same as enterprise-grade laptops. But there can be important components missing on the inside.
All change involves risk. To mitigate the risk, we try to avoid change altogether, we go all in, or we plan to the nth degree. But there’s another way - Small bets. Small steps. Small spends. Small risks.
IT projects and other planned changes frequently fail - They exceed budgets, timelines, or fail to deliver the expected benefits. It may not be a technology problem. It may be a people problem. And there could be a very rational reason for this problem that should have been considered from the start.
Running a professional organisation using technology that is designed for the home is like playing golf with a shovel. From a distance, it all looks fine. But you don't need to get too close to realise things aren't going to go well when there's real competition on the course, or if the weather changes.
GDPR is seldom black-and-white. But it's not rocket science. If you have decided to work on your GDPR compliance in-house, there are a few things you need to get right from the start so you don't lose your sanity along the way.
If you choose to outsource your compliance work, you need to choose your outsourced partner carefully so you don't waste time or money. This article will help you learn from the mistakes of others and avoid the common pitfalls.
There are a number of ways to tackle your GDPR compliance work. Depending on your budget, timeline, and attitude, you could outsource it or do it in-house. This article may help you decide which option is best for you, along with suggestions on how to keep things on track.
If you are a business established in the EU, GDPR applies to any processing that you perform on the personal data of living individuals.
If your your clients are businesses, GDPR may still apply to you.
In this article, I go back to basics and talk about the key obligations of GDPR.
I recently attended a 2-day conference on data protection in Brussels.
While I will spare you the boring details, there are two key messages that could be of interest to real people who just want to be compliant.