Blog2021-02-24T06:45:53+00:00

Cyber 321: 6th August 2021

August 6th, 2021|Categories: cybersecurity|Tags: , , , , , |

Cyber 3-2-1: How one business took 24 years to build and 24 hours to destroy, what the EU’s Agency for Cybersecurity has to say about supply chain attacks, why you should ask more questions about the security of your IT service providers, and why you should expect to be asked similar questions by your clients. This week’s action: Ask questions. Seek evidence.

Cyber 321: 30th July 2021

July 30th, 2021|Categories: cybersecurity|Tags: , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how ransomware is not just about backups, how Connecticut is incentivising firms to improve their cybersecurity defences, and why Human Intelligence still beats the tech. This week’s action: Hug your staff.

Cyber 321: 23rd July 2021

July 23rd, 2021|Categories: cybersecurity|Tags: , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why cybersecurity influences the valuation of a fintech, how cyber attackers are after your cryptocurrency, the steps recommended by NIST to reduce the risk of ransomware, the reward offered by the US government for information about cyberattackers and terrorists, and the ongoing problem of password reuse. This week’s action: Find out why passwords are like your toothbrush.

Cyber 321: 14th July 2021

July 14th, 2021|Categories: cybersecurity|Tags: , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action. This week, my focus is on firms that sell software or services to other organisations. You need to realise what the cybercriminals already know and what your prospects (and their regulators) are becoming increasingly concerned about: You are the perfect stepping stone into your clients’ computer systems and you could be the weakest link in your their cybersecurity defences. It was demonstrated in the WannaCry attack of 2017, the SolarWinds attack of 2020, and this month’s Kaseya attack that has impacted up to 1500 businesses. This week’s action: Recognise that your suppliers are a risk to you, and you are a risk to your clients.

Cyber 321: 2nd July 2021

July 2nd, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how multi-factor authentication is not foolproof, how ransomware negotiation is a growing cottage industry, how the EU and the US are hoping to share more information about cyber-attacks, how one gang laundered $500 million before being captured, and how 30 million Dell devices need an update. This week’s action: Verify links, app access and browser plugins

Cyber 321: 25th June 2021

June 25th, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why we’re all getting an increasing number of unsolicited calls these days, what we know about the HSE attackers, and why you may need to check the T&C’s of your insurance policies. This week’s action: If you don’t recognise the number, don’t answer the call.

Cyber 321: 18th June 2021

June 18th, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how a framework like NIST CSF or CIS Controls can turbo-charge your security efforts, how our teenagers are ending up with convictions for money laundering and supporting terrorism, and how the FBI fooled 800 criminals into telling them all about their drug deals and other criminal activities. This week’s action: Tell your family to protect their bank accounts.

Cyber 321: 11th June 2021

June 11th, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action. This week is dominated by the various findings of the Hiscox Cyber Readiness Report. For 50% of firms, could the cost of cybersecurity risk really be less than €3.5k per annum? In other news, the 5 key things the White House recommends you do to defend against ransomware, and the one thing they did not mention. And finally, why professional services firms are targeted by cyber criminals. This week’s action: Check my maths, and check your numbers.

Cyber 321: 4th June 2021

June 4th, 2021|Categories: cybersecurity|Tags: , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including a major fire at one of Europe’s largest cloud providers, a decision by AXA in France to no longer cover ransomware payments, the ongoing cost and impact of the HSE attack, and a spyware attack on Android phones that is currently circulating in Ireland. This week’s action: Get rid of data you no longer need.

Cyber 321: 14th May 2021

May 14th, 2021|Categories: cybersecurity|Tags: , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how one cyber attack on one firm had significant knock-on effects across the US East Coast, how another attack on another firm became Finland’s biggest criminal case in history, and what it feels like to be a victim of a cyber crime. This week’s action: Plan B Planning

Cyber 321: 7th May 2021

May 7th, 2021|Categories: cybersecurity|Tags: , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including BYOD may become Bring Your Own Disaster, fast vs slow when it comes to cloud adoption, and how paying the ransom is not a guarantee that you will get your data back. This week’s action: Ignore those voicemail email notifications.

Cyber 321: 30th APRIL 2021

April 30th, 2021|Categories: cybersecurity|Tags: , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why professional services firms are now ransomware’s #1 target, another survey confirming that remote working is here to stay, and why good is better than perfect when designing security controls. This week’s action: Remote Desktop Protocol (RDP): Search for it in your firm, and remove or protect it.

Cyber 321: 23rd April 2021

April 23rd, 2021|Categories: cybersecurity|Tags: , , , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including a risk and compliance firm suffers a cyber attack due to stolen credentials, why resistance is futile when it comes ISO27001, and you need to talk to your teenager about the facts of (online) life. This week’s action: Stop relying on passwords to protect your money, data and identity

Cyber 321: 15th April 2021

April 15th, 2021|Categories: cybersecurity|Tags: , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how some firms handle crisis PR when they are victims of an attack, and how the bad guys love the things we share online. This week’s action: Identify your buddies – The experts you will need if you are the victim of an attack.

Cyber 321: 8th April 2021

April 9th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the world’s biggest phonebook courtesy of Facebook, Irish colleges are the latest ransomware victims, and emerging evidence that the Rule of 1% is starting to apply in cyber attacks. This week’s action: Disaster recovery – As the name suggests, think about how you will recover from a disaster like a ransomware attack.

Cyber 321: 1st April 2021

April 1st, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the increasing concern that large firms have about their smaller suppliers, a survey that reminds us of the prevalence and cost of phishing emails, and the best defences against phishing emails and ransomware. This week’s action: Tag external emails so your staff are less likely to be fooled by a phishing email.

Cyber 321: 25th March 2021

March 25th, 2021|Categories: cybersecurity|Tags: , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the link between your cybersecurity and your sales opportunities, a recent survey on cyber-crime from Bank of Ireland, and a reminder that cyber-criminals are not ordinary decent criminals. This week’s action: Prepare your people.

Cyber 321: 18th March 2021

March 18th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how insurance is only useful if you’ve got basic security measures in place, and the reasons why less than 20% of cybercrimes are reported. This week’s action: Have a Plan B.

Cyber 321: 11th March 2021

March 11th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the cost to Irish businesses of just one type of cybercrime in 2020, and how the increasing adoption of the cloud has increased the value of your passwords. This week’s action: Stop fooling yourself about passwords.

Cyber 321: 4th March 2021

March 4th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including some key insights from the DPC’s annual report, and an introduction to Cyber Essentials. This week’s action: Backups - Have them, test them, secure them

Cyber Essentials

March 1st, 2021|Categories: cybersecurity|Tags: , , , |

If you have followed my guide to cybersecurity basics for small businesses, you will have basic measures in place to defend against the most likely attacks. You then consider the next step in the cybersecurity ladder. Cyber Essentials may be that step. It is a set of requirements (split across five themes) that will help any business identify the appropriate technical security measures that should be put in place to protect against common cyber attacks.

Cyber 321: 25th February 2021

February 25th, 2021|Categories: cybersecurity|Tags: , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including my guide to the basis of cybersecurity, insight into why small businesses are attacked, and stats on cyber insurance coverage. This week's action: Make sure your valuable data is protected by more than 8 characters.

Small bets

May 10th, 2020|Categories: approach, change, risk|

All change involves risk. To mitigate the risk, we try to avoid change altogether, we go all in, or we plan to the nth degree. But there’s another way - Small bets. Small steps. Small spends. Small risks.

There’s always one

October 11th, 2019|Categories: change, mindset|

IT projects and other planned changes frequently fail - They exceed budgets, timelines, or fail to deliver the expected benefits. It may not be a technology problem. It may be a people problem. And there could be a very rational reason for this problem that should have been considered from the start.

The 12 steps that regulated firms are taking to go from unsure to secure

February 28th, 2019|Categories: approach, change, cybersecurity, strategy|

When IT is your responsibility but not your primary area of expertise, it can be difficult to figure out how to gain the IT capabilities that you want while ensuring you have the IT security that you need. My roadmap, containing 12 steps across 4 phases that I call the W4 Methodology, can help you work through the process in a pragmatic and sane way.

Cybersecurity: Top Tips

January 10th, 2019|Categories: cybersecurity|Tags: |

Alongside my work helping businesses to prepare for GDPR, I continue to help businesses improve their cybersecurity.

I recently wrote an article for the Kildare Chamber of Commerce's quarterly magazine that provided focused actionable advice to individuals and businesses. You can download my tips here.

I run a business: What has GDPR got to do with me?

October 19th, 2018|Categories: GDPR|Tags: |

If you are a business established in the EU, GDPR applies to any processing that you perform on the personal data of living individuals. If your your clients are businesses, GDPR may still apply to you. In this article, I go back to basics and talk about the key obligations of GDPR.

Why data protection is important

December 5th, 2017|Categories: GDPR|Tags: |

GDPR is a growing concern for businesses. As we hear every day, there are potentially big fines for non-compliance.

But today, I want to talk about why data protection is important even if there were no fines or sanctions.

Put aside about your job and your business for a moment.

Think about this as an individual.

Where do you start with GDPR?

September 30th, 2017|Categories: GDPR|Tags: |

GDPR is a pain in the ass

As an individual, I believe GDPR is a good thing. But as a business owner, I know it's a headache.

So, I'll just focus on specific steps you can take to start complying with GDPR.

Go to Top