Blog2022-01-27T13:05:54+00:00

Inappropriate Security

May 10th, 2022|Categories: cybersecurity|Tags: |

Cybersecurity can feel like a blackhole of investment. There’s no end of technologies and vendors selling all kinds of solutions to the real, and perceived, risks. So, how do you know what appropriate security means for your organisation? That depends. But I can tell you what inappropriate looks like. When is enough good enough? The answer is: It depends.

Cyber 321: 6th May 2022

May 6th, 2022|Categories: cybersecurity|Tags: , , , , , , , , , , , , , |

Cyber 3-2-1: Is the end of passwords in sight? Why is a bank warning us about taxis? Why worry about smart glasses? And why do bad guys love crypto wallets and Android devices? This week’s action: It’s time to do a health check on your Android devices.

Cyber 321: 22nd April 2022

April 22nd, 2022|Categories: cybersecurity|Tags: , , , , , , , , , , |

Cyber 3-2-1: DeFi enabled the perfect crime, CISA discovered cyber sabotage tools aimed at US energy sector, and a reminder that we need to keep all software up to date, not just Windows. This week’s action: Tell your staff about the brands the bad guys love.

Cyber 321: 1st April 2022

March 31st, 2022|Categories: cybersecurity|Tags: , , , , , , , , , , , , |

Cyber 3-2-1: The White House advises us all to act now to protect against cyberattacks. A HubSpot breach may have exposed the customer information of crypto firms. And why you should be using a password manager. This week’s action: When your staff are suspicious, make sure they can get a second opinion.

Cyber 321: 25th March 2022

March 25th, 2022|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: A UK law firm has been fined 98k for not having appropriate security controls to prevent a ransomware attack. A South African insurance firm’s password is no match for cyber attackers who gained access to the data of 54 million customers. And 75% of Irish consumers are concerned about security when they shop online, but only 4% of Irish SME’s have trained their staff in cybersecurity best practice. This week’s action: Don’t be the 96%: Train, test and support your staff.

Cyber 321: 18th March 2022

March 18th, 2022|Categories: cybersecurity|Tags: , , , , , |

Cyber 3-2-1: BNP Paribas blocks Russian staff from its global computer network, your website contact form could be the first step in a cyber attack, and the HSE is about to contact people who data was stolen in last year’s cyber attack. This week’s action: Remind staff that the first email is not the only one to look out for.

Cyber 321: 25th February 2022

February 25th, 2022|Categories: cybersecurity|Tags: , , , , , , , , , , , |

Cyber 3-2-1: Ireland’s NCSC issues an advisory, as warnings continue about the elevated threat of cyber attacks due to the ongoing crisis in Ukraine. Also this week, how blind faith in an IT system led to one of the largest miscarriages of justice in the UK, and why the phrase ‘Too big to fail’ may soon be joined by the phrase ‘Too big to understand’. This week’s action: Bí Ullamh: Consider the NCSC advisory’s recommendations.

Cyber 321: 28th January 2022

January 28th, 2022|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: ComReg has a plan to tackle volume of scam calls to Irish mobile users. Google’s trackers are being investigated in the US, while the Austrian Courts have ruled that Google Analytics contravenes GDPR. And the US Federal Reserve starts a discussion about digital currencies. This week’s action: Don’t answer that call

Cyber 321: 21st January 2022

January 21st, 2022|Categories: cybersecurity|Tags: , , , , , , , , , , |

Cyber 3-2-1: Could simulated phishing tests really make staff more likely to be fooled by a phishing email in the future? What the Russians have done to one of the world’s most successful ransomware gangs? What has ransomware and cryptocurrency got to do with North Korea? And what the hell is the metaverse anyway? This week’s action: Review your approach to phishing test simulations.

Cyber 321: 17th December 2021

December 17th, 2021|Categories: cybersecurity|Tags: , , , , , , , , |

Cyber 3-2-1: A report explains why the HSE attack was not sophisticated. The UK’s NCSC explains why the most severe computer vulnerability in years may have identified this week. And I ask why so little of your security budget is invested in improving your defences against more than 90% of attacks. This week’s action: Security is not just about technology. It’s about humans. Invest in your human defences.

Cyber 321: 3rd December 2021

December 3rd, 2021|Categories: cybersecurity|Tags: , , , , , , , , , , , , , , , |

Cyber 3-2-1: A Cyber Security Baseline Standard has just been published in Ireland, Bank of Ireland has been fined €24m for risks that never materialised, and. Ireland’s DPC tells us that If we have a complaint about a neighbour’s use of CCTV, we need to take it up with the courts. This week’s action: Review your Incident Response Plan.

Cyber 321: 19th November 2021

November 19th, 2021|Categories: cybersecurity|Tags: , , , , |

Cyber 3-2-1: In Cyber: Why BOI has made its customers a little less appealing to the bad guys, what the cost of complying with the current NIS directive is, what the new NIS 2 directive looks like, and why a Romanian city is nicknamed Hackerville. In Crypto: The Love / Hate saga continues. This week’s action: When it comes to payment processing, it takes two.

Cyber 321: 15th October 2021

October 15th, 2021|Categories: cybersecurity|Tags: , , , |

Cyber 3-2-1: The vast majority of large firms suffer because of cyber breaches in their supply chain, and yet the majority do not know what to ask their suppliers about cybersecurity. How Google and Microsoft are helping us all to be more cyber secure. And how 55 billion attacks are pointless because of one security measure. This week’s action: Keep privileged accounts for special occasions.

Cyber 321: 6th August 2021

August 6th, 2021|Categories: cybersecurity|Tags: , , , , , |

Cyber 3-2-1: How one business took 24 years to build and 24 hours to destroy, what the EU’s Agency for Cybersecurity has to say about supply chain attacks, why you should ask more questions about the security of your IT service providers, and why you should expect to be asked similar questions by your clients. This week’s action: Ask questions. Seek evidence.

Cyber 321: 30th July 2021

July 30th, 2021|Categories: cybersecurity|Tags: , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how ransomware is not just about backups, how Connecticut is incentivising firms to improve their cybersecurity defences, and why Human Intelligence still beats the tech. This week’s action: Hug your staff.

Cyber 321: 23rd July 2021

July 23rd, 2021|Categories: cybersecurity|Tags: , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why cybersecurity influences the valuation of a fintech, how cyber attackers are after your cryptocurrency, the steps recommended by NIST to reduce the risk of ransomware, the reward offered by the US government for information about cyberattackers and terrorists, and the ongoing problem of password reuse. This week’s action: Find out why passwords are like your toothbrush.

Cyber 321: 14th July 2021

July 14th, 2021|Categories: cybersecurity|Tags: , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action. This week, my focus is on firms that sell software or services to other organisations. You need to realise what the cybercriminals already know and what your prospects (and their regulators) are becoming increasingly concerned about: You are the perfect stepping stone into your clients’ computer systems and you could be the weakest link in your their cybersecurity defences. It was demonstrated in the WannaCry attack of 2017, the SolarWinds attack of 2020, and this month’s Kaseya attack that has impacted up to 1500 businesses. This week’s action: Recognise that your suppliers are a risk to you, and you are a risk to your clients.

Cyber 321: 2nd July 2021

July 2nd, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how multi-factor authentication is not foolproof, how ransomware negotiation is a growing cottage industry, how the EU and the US are hoping to share more information about cyber-attacks, how one gang laundered $500 million before being captured, and how 30 million Dell devices need an update. This week’s action: Verify links, app access and browser plugins

Cyber 321: 25th June 2021

June 25th, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why we’re all getting an increasing number of unsolicited calls these days, what we know about the HSE attackers, and why you may need to check the T&C’s of your insurance policies. This week’s action: If you don’t recognise the number, don’t answer the call.

Cyber 321: 18th June 2021

June 18th, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how a framework like NIST CSF or CIS Controls can turbo-charge your security efforts, how our teenagers are ending up with convictions for money laundering and supporting terrorism, and how the FBI fooled 800 criminals into telling them all about their drug deals and other criminal activities. This week’s action: Tell your family to protect their bank accounts.

Cyber 321: 11th June 2021

June 11th, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action. This week is dominated by the various findings of the Hiscox Cyber Readiness Report. For 50% of firms, could the cost of cybersecurity risk really be less than €3.5k per annum? In other news, the 5 key things the White House recommends you do to defend against ransomware, and the one thing they did not mention. And finally, why professional services firms are targeted by cyber criminals. This week’s action: Check my maths, and check your numbers.

Cyber 321: 4th June 2021

June 4th, 2021|Categories: cybersecurity|Tags: , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including a major fire at one of Europe’s largest cloud providers, a decision by AXA in France to no longer cover ransomware payments, the ongoing cost and impact of the HSE attack, and a spyware attack on Android phones that is currently circulating in Ireland. This week’s action: Get rid of data you no longer need.

Cyber 321: 14th May 2021

May 14th, 2021|Categories: cybersecurity|Tags: , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how one cyber attack on one firm had significant knock-on effects across the US East Coast, how another attack on another firm became Finland’s biggest criminal case in history, and what it feels like to be a victim of a cyber crime. This week’s action: Plan B Planning

Cyber 321: 7th May 2021

May 7th, 2021|Categories: cybersecurity|Tags: , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including BYOD may become Bring Your Own Disaster, fast vs slow when it comes to cloud adoption, and how paying the ransom is not a guarantee that you will get your data back. This week’s action: Ignore those voicemail email notifications.

Cyber 321: 30th APRIL 2021

April 30th, 2021|Categories: cybersecurity|Tags: , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why professional services firms are now ransomware’s #1 target, another survey confirming that remote working is here to stay, and why good is better than perfect when designing security controls. This week’s action: Remote Desktop Protocol (RDP): Search for it in your firm, and remove or protect it.

Cyber 321: 23rd April 2021

April 23rd, 2021|Categories: cybersecurity|Tags: , , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including a risk and compliance firm suffers a cyber attack due to stolen credentials, why resistance is futile when it comes ISO27001, and you need to talk to your teenager about the facts of (online) life. This week’s action: Stop relying on passwords to protect your money, data and identity

Cyber 321: 15th April 2021

April 15th, 2021|Categories: cybersecurity|Tags: , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how some firms handle crisis PR when they are victims of an attack, and how the bad guys love the things we share online. This week’s action: Identify your buddies – The experts you will need if you are the victim of an attack.

Cyber 321: 8th April 2021

April 9th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the world’s biggest phonebook courtesy of Facebook, Irish colleges are the latest ransomware victims, and emerging evidence that the Rule of 1% is starting to apply in cyber attacks. This week’s action: Disaster recovery – As the name suggests, think about how you will recover from a disaster like a ransomware attack.

Cyber 321: 1st April 2021

April 1st, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the increasing concern that large firms have about their smaller suppliers, a survey that reminds us of the prevalence and cost of phishing emails, and the best defences against phishing emails and ransomware. This week’s action: Tag external emails so your staff are less likely to be fooled by a phishing email.

Cyber 321: 25th March 2021

March 25th, 2021|Categories: cybersecurity|Tags: , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the link between your cybersecurity and your sales opportunities, a recent survey on cyber-crime from Bank of Ireland, and a reminder that cyber-criminals are not ordinary decent criminals. This week’s action: Prepare your people.

Cyber 321: 18th March 2021

March 18th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how insurance is only useful if you’ve got basic security measures in place, and the reasons why less than 20% of cybercrimes are reported. This week’s action: Have a Plan B.

Cyber 321: 11th March 2021

March 11th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the cost to Irish businesses of just one type of cybercrime in 2020, and how the increasing adoption of the cloud has increased the value of your passwords. This week’s action: Stop fooling yourself about passwords.

Cyber 321: 4th March 2021

March 4th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including some key insights from the DPC’s annual report, and an introduction to Cyber Essentials. This week’s action: Backups - Have them, test them, secure them

Cyber Essentials

March 1st, 2021|Categories: cybersecurity|Tags: , , , |

If you have followed my guide to cybersecurity basics for small businesses, you will have basic measures in place to defend against the most likely attacks. You then consider the next step in the cybersecurity ladder. Cyber Essentials may be that step. It is a set of requirements (split across five themes) that will help any business identify the appropriate technical security measures that should be put in place to protect against common cyber attacks.

Cyber 321: 25th February 2021

February 25th, 2021|Categories: cybersecurity|Tags: , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including my guide to the basis of cybersecurity, insight into why small businesses are attacked, and stats on cyber insurance coverage. This week's action: Make sure your valuable data is protected by more than 8 characters.

Small bets

May 10th, 2020|Categories: approach, change, risk|

All change involves risk. To mitigate the risk, we try to avoid change altogether, we go all in, or we plan to the nth degree. But there’s another way - Small bets. Small steps. Small spends. Small risks.

There’s always one

October 11th, 2019|Categories: change, mindset|

IT projects and other planned changes frequently fail - They exceed budgets, timelines, or fail to deliver the expected benefits. It may not be a technology problem. It may be a people problem. And there could be a very rational reason for this problem that should have been considered from the start.

The 12 steps that regulated firms are taking to go from unsure to secure

February 28th, 2019|Categories: approach, change, cybersecurity, strategy|

When IT is your responsibility but not your primary area of expertise, it can be difficult to figure out how to gain the IT capabilities that you want while ensuring you have the IT security that you need. My roadmap, containing 12 steps across 4 phases that I call the W4 Methodology, can help you work through the process in a pragmatic and sane way.

Cybersecurity: Top Tips

January 10th, 2019|Categories: cybersecurity|Tags: |

Alongside my work helping businesses to prepare for GDPR, I continue to help businesses improve their cybersecurity.

I recently wrote an article for the Kildare Chamber of Commerce's quarterly magazine that provided focused actionable advice to individuals and businesses. You can download my tips here.

I run a business: What has GDPR got to do with me?

October 19th, 2018|Categories: GDPR|Tags: |

If you are a business established in the EU, GDPR applies to any processing that you perform on the personal data of living individuals. If your your clients are businesses, GDPR may still apply to you. In this article, I go back to basics and talk about the key obligations of GDPR.

Why data protection is important

December 5th, 2017|Categories: GDPR|Tags: |

GDPR is a growing concern for businesses. As we hear every day, there are potentially big fines for non-compliance.

But today, I want to talk about why data protection is important even if there were no fines or sanctions.

Put aside about your job and your business for a moment.

Think about this as an individual.

Where do you start with GDPR?

September 30th, 2017|Categories: GDPR|Tags: |

GDPR is a pain in the ass

As an individual, I believe GDPR is a good thing. But as a business owner, I know it's a headache.

So, I'll just focus on specific steps you can take to start complying with GDPR.

Go to Top