Blog2022-06-01T09:14:41+01:00

Cyber 321: 12th August 2022

August 12th, 2022|Categories: cybersecurity|Tags: , , , |

Cyber 3-2-1: Another ransomware attack on an Irish firm, how scammers are increasingly using SMS text messages to get us to part with our money, and how the departure of KBC and Ulster Bank from Ireland isn't helping the situation. This week’s action: Don’t trust that text message.

Cyber 321: 17th June 2022

June 17th, 2022|Categories: cybersecurity|Tags: , , , , , , |

Cyber 3-2-1: Ukraine’s responses to Russian cyber attacks remind us of the value of incident response preparation, DuckDuckGo may not be as privacy-centric as you might think, and why paying a ransom may only mean you’ll be paying one again (and sooner than you may think). This week’s action: Reduce the need for an incident response plan by writing one.

Cyber 321: 10th June 2022

June 10th, 2022|Categories: cybersecurity|Tags: , , , , |

Cyber 3-2-1: MFA might be worth Sweet FA, cybersecurity bootcamps might not get you a cybersecurity job, an Enduring Power of Attorney might teach us something about the advisors we trust, and crypto continues to provide plenty of reasons why TradFi is also MoreSecureFi. This week’s action: Remind staff that their password and MFA security code is just like their toothbrush.

If there’s no will, what’s the way?

June 8th, 2022|Categories: daily|Tags: , |

We all know we should write a will, to ensure our loved ones are taken care when we die. And yet few of us (including me) have gotten around to writing our will. Why don’t we always act in our own best interest?

Convenient vs Resilient

June 2nd, 2022|Categories: daily|Tags: , |

There’s some great technology out there that can make our lives so much easier and more convenient. But many of these also make our lives a little less reliable. Be mindful when you trade reliable for convenient.

You don’t need to know

June 1st, 2022|Categories: daily|Tags: , |

You don’t need to know about accounting rules or the law. That’s what your advisors are for. Why is it different when it comes to IT and cybersecurity?

The Cookie Obesity Problem

May 18th, 2022|Categories: Data protection|Tags: , |

Four years ago today, the GDPR (General Data Protection Regulation) came into effect. Depending on your perspective, it either marked the beginning of a new level of Cookie Consent Hell or the beginning of a new approach that now forces organisations to consider how they can achieve their business objectives while minimising the use of data about us. Four years on, I look at the use of cookies on one of my favourite sites, Formula1.com. 

It’s not me. It’s you.

May 16th, 2022|Categories: it service provider|Tags: , |

When I work with a client for the first time, I frequently encounter a fractious relationship between the client and their IT MSP (managed service provider). There are numerous symptoms to the issue. But, at its core, it usually comes down to a lack of trust between the client and the IT MSP. And it's not always the IT MSP's fault.

Inappropriate Security

May 10th, 2022|Categories: cybersecurity|Tags: |

Cybersecurity can feel like a blackhole of investment. There’s no end of technologies and vendors selling all kinds of solutions to the real, and perceived, risks. So, how do you know what appropriate security means for your organisation? That depends. But I can tell you what inappropriate looks like.

Cyber 321: 6th May 2022

May 6th, 2022|Categories: cybersecurity|Tags: , , , , , , , , , , , , , |

Cyber 3-2-1: Is the end of passwords in sight? Why is a bank warning us about taxis? Why worry about smart glasses? And why do bad guys love crypto wallets and Android devices? This week’s action: It’s time to do a health check on your Android devices.

Cyber 321: 1st April 2022

March 31st, 2022|Categories: cybersecurity|Tags: , , , , , , , , , , , , |

Cyber 3-2-1: The White House advises us all to act now to protect against cyberattacks. A HubSpot breach may have exposed the customer information of crypto firms. And why you should be using a password manager. This week’s action: When your staff are suspicious, make sure they can get a second opinion.

Cyber 321: 25th March 2022

March 25th, 2022|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: A UK law firm has been fined 98k for not having appropriate security controls to prevent a ransomware attack. A South African insurance firm’s password is no match for cyber attackers who gained access to the data of 54 million customers. And 75% of Irish consumers are concerned about security when they shop online, but only 4% of Irish SME’s have trained their staff in cybersecurity best practice. This week’s action: Don’t be the 96%: Train, test and support your staff.

Cyber 321: 18th March 2022

March 18th, 2022|Categories: cybersecurity|Tags: , , , , , |

Cyber 3-2-1: BNP Paribas blocks Russian staff from its global computer network, your website contact form could be the first step in a cyber attack, and the HSE is about to contact people who data was stolen in last year’s cyber attack. This week’s action: Remind staff that the first email is not the only one to look out for.

Cyber 321: 4th March 2022

March 4th, 2022|Categories: cybersecurity|Tags: , , , , , |

Cyber 3-2-1: Organisations worry about cyber attacks arising from Russia’s invasion of Ukraine, as the Conti Gang that attacked the HSE last year announces their support of the Russian attack, and then learns that it was not its smartest move. This week’s action: 3-2-1 Backup or 3-2-1 Over.

Cyber 321: 25th February 2022

February 25th, 2022|Categories: cybersecurity|Tags: , , , , , , , , , , , |

Cyber 3-2-1: Ireland’s NCSC issues an advisory, as warnings continue about the elevated threat of cyber attacks due to the ongoing crisis in Ukraine. Also this week, how blind faith in an IT system led to one of the largest miscarriages of justice in the UK, and why the phrase ‘Too big to fail’ may soon be joined by the phrase ‘Too big to understand’. This week’s action: Bí Ullamh: Consider the NCSC advisory’s recommendations.

Cyber 321: 28th January 2022

January 28th, 2022|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: ComReg has a plan to tackle volume of scam calls to Irish mobile users. Google’s trackers are being investigated in the US, while the Austrian Courts have ruled that Google Analytics contravenes GDPR. And the US Federal Reserve starts a discussion about digital currencies. This week’s action: Don’t answer that call

Cyber 321: 21st January 2022

January 21st, 2022|Categories: cybersecurity|Tags: , , , , , , , , , , |

Cyber 3-2-1: Could simulated phishing tests really make staff more likely to be fooled by a phishing email in the future? What the Russians have done to one of the world’s most successful ransomware gangs? What has ransomware and cryptocurrency got to do with North Korea? And what the hell is the metaverse anyway? This week’s action: Review your approach to phishing test simulations.

Cyber 321: 14th January 2022

January 14th, 2022|Categories: cybersecurity|Tags: , , , |

Cyber 3-2-1: How the bad guys get a hold of your password, why the US is so concerned about Huawei equipment, and why do large organisations have a CIO AND a CISO? This week's action: Double-check your two-factor authentication.

Cyber 321: 17th December 2021

December 17th, 2021|Categories: cybersecurity|Tags: , , , , , , , , |

Cyber 3-2-1: A report explains why the HSE attack was not sophisticated. The UK’s NCSC explains why the most severe computer vulnerability in years may have identified this week. And I ask why so little of your security budget is invested in improving your defences against more than 90% of attacks. This week’s action: Security is not just about technology. It’s about humans. Invest in your human defences.

Cyber 321: 3rd December 2021

December 3rd, 2021|Categories: cybersecurity|Tags: , , , , , , , , , , , , , , , |

Cyber 3-2-1: A Cyber Security Baseline Standard has just been published in Ireland, Bank of Ireland has been fined €24m for risks that never materialised, and. Ireland’s DPC tells us that If we have a complaint about a neighbour’s use of CCTV, we need to take it up with the courts. This week’s action: Review your Incident Response Plan.

Cyber 321: 19th November 2021

November 19th, 2021|Categories: cybersecurity|Tags: , , , , |

Cyber 3-2-1: In Cyber: Why BOI has made its customers a little less appealing to the bad guys, what the cost of complying with the current NIS directive is, what the new NIS 2 directive looks like, and why a Romanian city is nicknamed Hackerville. In Crypto: The Love / Hate saga continues. This week’s action: When it comes to payment processing, it takes two.

Cyber 321: 15th October 2021

October 15th, 2021|Categories: cybersecurity|Tags: , , , |

Cyber 3-2-1: The vast majority of large firms suffer because of cyber breaches in their supply chain, and yet the majority do not know what to ask their suppliers about cybersecurity. How Google and Microsoft are helping us all to be more cyber secure. And how 55 billion attacks are pointless because of one security measure. This week’s action: Keep privileged accounts for special occasions.

Cyber 321: 6th August 2021

August 6th, 2021|Categories: cybersecurity|Tags: , , , , , |

Cyber 3-2-1: How one business took 24 years to build and 24 hours to destroy, what the EU’s Agency for Cybersecurity has to say about supply chain attacks, why you should ask more questions about the security of your IT service providers, and why you should expect to be asked similar questions by your clients. This week’s action: Ask questions. Seek evidence.

Cyber 321: 23rd July 2021

July 23rd, 2021|Categories: cybersecurity|Tags: , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why cybersecurity influences the valuation of a fintech, how cyber attackers are after your cryptocurrency, the steps recommended by NIST to reduce the risk of ransomware, the reward offered by the US government for information about cyberattackers and terrorists, and the ongoing problem of password reuse. This week’s action: Find out why passwords are like your toothbrush.

Cyber 321: 14th July 2021

July 14th, 2021|Categories: cybersecurity|Tags: , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action. This week, my focus is on firms that sell software or services to other organisations. You need to realise what the cybercriminals already know and what your prospects (and their regulators) are becoming increasingly concerned about: You are the perfect stepping stone into your clients’ computer systems and you could be the weakest link in your their cybersecurity defences. It was demonstrated in the WannaCry attack of 2017, the SolarWinds attack of 2020, and this month’s Kaseya attack that has impacted up to 1500 businesses. This week’s action: Recognise that your suppliers are a risk to you, and you are a risk to your clients.

Cyber 321: 2nd July 2021

July 2nd, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how multi-factor authentication is not foolproof, how ransomware negotiation is a growing cottage industry, how the EU and the US are hoping to share more information about cyber-attacks, how one gang laundered $500 million before being captured, and how 30 million Dell devices need an update. This week’s action: Verify links, app access and browser plugins

Cyber 321: 25th June 2021

June 25th, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why we’re all getting an increasing number of unsolicited calls these days, what we know about the HSE attackers, and why you may need to check the T&C’s of your insurance policies. This week’s action: If you don’t recognise the number, don’t answer the call.

Cyber 321: 18th June 2021

June 18th, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how a framework like NIST CSF or CIS Controls can turbo-charge your security efforts, how our teenagers are ending up with convictions for money laundering and supporting terrorism, and how the FBI fooled 800 criminals into telling them all about their drug deals and other criminal activities. This week’s action: Tell your family to protect their bank accounts.

Cyber 321: 11th June 2021

June 11th, 2021|Categories: cybersecurity|Tags: , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action. This week is dominated by the various findings of the Hiscox Cyber Readiness Report. For 50% of firms, could the cost of cybersecurity risk really be less than €3.5k per annum? In other news, the 5 key things the White House recommends you do to defend against ransomware, and the one thing they did not mention. And finally, why professional services firms are targeted by cyber criminals. This week’s action: Check my maths, and check your numbers.

Cyber 321: 4th June 2021

June 4th, 2021|Categories: cybersecurity|Tags: , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including a major fire at one of Europe’s largest cloud providers, a decision by AXA in France to no longer cover ransomware payments, the ongoing cost and impact of the HSE attack, and a spyware attack on Android phones that is currently circulating in Ireland. This week’s action: Get rid of data you no longer need.

Cyber 321: 14th May 2021

May 14th, 2021|Categories: cybersecurity|Tags: , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how one cyber attack on one firm had significant knock-on effects across the US East Coast, how another attack on another firm became Finland’s biggest criminal case in history, and what it feels like to be a victim of a cyber crime. This week’s action: Plan B Planning

Cyber 321: 7th May 2021

May 7th, 2021|Categories: cybersecurity|Tags: , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including BYOD may become Bring Your Own Disaster, fast vs slow when it comes to cloud adoption, and how paying the ransom is not a guarantee that you will get your data back. This week’s action: Ignore those voicemail email notifications.

Cyber 321: 30th APRIL 2021

April 30th, 2021|Categories: cybersecurity|Tags: , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why professional services firms are now ransomware’s #1 target, another survey confirming that remote working is here to stay, and why good is better than perfect when designing security controls. This week’s action: Remote Desktop Protocol (RDP): Search for it in your firm, and remove or protect it.

Cyber 321: 23rd April 2021

April 23rd, 2021|Categories: cybersecurity|Tags: , , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including a risk and compliance firm suffers a cyber attack due to stolen credentials, why resistance is futile when it comes ISO27001, and you need to talk to your teenager about the facts of (online) life. This week’s action: Stop relying on passwords to protect your money, data and identity

Cyber 321: 15th April 2021

April 15th, 2021|Categories: cybersecurity|Tags: , , , , , , , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how some firms handle crisis PR when they are victims of an attack, and how the bad guys love the things we share online. This week’s action: Identify your buddies – The experts you will need if you are the victim of an attack.

Cyber 321: 8th April 2021

April 9th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the world’s biggest phonebook courtesy of Facebook, Irish colleges are the latest ransomware victims, and emerging evidence that the Rule of 1% is starting to apply in cyber attacks. This week’s action: Disaster recovery – As the name suggests, think about how you will recover from a disaster like a ransomware attack.

Cyber 321: 1st April 2021

April 1st, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the increasing concern that large firms have about their smaller suppliers, a survey that reminds us of the prevalence and cost of phishing emails, and the best defences against phishing emails and ransomware. This week’s action: Tag external emails so your staff are less likely to be fooled by a phishing email.

Cyber 321: 25th March 2021

March 25th, 2021|Categories: cybersecurity|Tags: , , , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the link between your cybersecurity and your sales opportunities, a recent survey on cyber-crime from Bank of Ireland, and a reminder that cyber-criminals are not ordinary decent criminals. This week’s action: Prepare your people.

Cyber 321: 18th March 2021

March 18th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how insurance is only useful if you’ve got basic security measures in place, and the reasons why less than 20% of cybercrimes are reported. This week’s action: Have a Plan B.

Cyber 321: 11th March 2021

March 11th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including the cost to Irish businesses of just one type of cybercrime in 2020, and how the increasing adoption of the cloud has increased the value of your passwords. This week’s action: Stop fooling yourself about passwords.

Cyber 321: 4th March 2021

March 4th, 2021|Categories: cybersecurity|Tags: |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including some key insights from the DPC’s annual report, and an introduction to Cyber Essentials. This week’s action: Backups - Have them, test them, secure them

Cyber Essentials

March 1st, 2021|Categories: cybersecurity|Tags: , , , |

If you have followed my guide to cybersecurity basics for small businesses, you will have basic measures in place to defend against the most likely attacks. You then consider the next step in the cybersecurity ladder. Cyber Essentials may be that step. It is a set of requirements (split across five themes) that will help any business identify the appropriate technical security measures that should be put in place to protect against common cyber attacks.

Cyber 321: 25th February 2021

February 25th, 2021|Categories: cybersecurity|Tags: , |

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including my guide to the basis of cybersecurity, insight into why small businesses are attacked, and stats on cyber insurance coverage. This week's action: Make sure your valuable data is protected by more than 8 characters.

Small bets

May 10th, 2020|Categories: approach, change, risk|

All change involves risk. To mitigate the risk, we try to avoid change altogether, we go all in, or we plan to the nth degree. But there’s another way - Small bets. Small steps. Small spends. Small risks.

There’s always one

October 11th, 2019|Categories: change, mindset|

IT projects and other planned changes frequently fail - They exceed budgets, timelines, or fail to deliver the expected benefits. It may not be a technology problem. It may be a people problem. And there could be a very rational reason for this problem that should have been considered from the start.

Playing golf with a shovel

September 2nd, 2019|Categories: approach, cybersecurity, it service provider, risk|Tags: |

Running a professional organisation using technology that is designed for the home is like playing golf with a shovel. From a distance, it all looks fine. But you don't need to get too close to realise things aren't going to go well when there's real competition on the course, or if the weather changes.

Staff are not just for Christmas

August 12th, 2019|Categories: scale, sustain|

Recruiting more staff is one way to ease the pains of a growing business. But staff are not just for Christmas so before you take on this expense, make sure you know the true cost first.

The 12 steps that regulated firms are taking to go from unsure to secure

February 28th, 2019|Categories: approach, change, cybersecurity, strategy|

When IT is your responsibility but not your primary area of expertise, it can be difficult to figure out how to gain the IT capabilities that you want while ensuring you have the IT security that you need. My roadmap, containing 12 steps across 4 phases that I call the W4 Methodology, can help you work through the process in a pragmatic and sane way.

Cybersecurity: Top Tips

January 10th, 2019|Categories: cybersecurity|Tags: |

Alongside my work helping businesses to prepare for GDPR, I continue to help businesses improve their cybersecurity.

I recently wrote an article for the Kildare Chamber of Commerce's quarterly magazine that provided focused actionable advice to individuals and businesses. You can download my tips here.

Becoming compliant with GDPR: Outsource or in-house?

October 25th, 2018|Categories: GDPR|Tags: |

There are a number of ways to tackle your GDPR compliance work. Depending on your budget, timeline, and attitude, you could outsource it or do it in-house. This article may help you decide which option is best for you, along with suggestions on how to keep things on track.

I run a business: What has GDPR got to do with me?

October 19th, 2018|Categories: GDPR|Tags: |

If you are a business established in the EU, GDPR applies to any processing that you perform on the personal data of living individuals. If your your clients are businesses, GDPR may still apply to you. In this article, I go back to basics and talk about the key obligations of GDPR.

Why data protection is important

December 5th, 2017|Categories: GDPR|Tags: |

GDPR is a growing concern for businesses. As we hear every day, there are potentially big fines for non-compliance.

But today, I want to talk about why data protection is important even if there were no fines or sanctions.

Put aside about your job and your business for a moment.

Think about this as an individual.

Is GDPR the new Y2K Millennium Bug?

October 6th, 2017|Categories: GDPR|Tags: |

The current fear-mongering about GDPR has a lot of similarities with what happened for the 'Millennium Bug' (Y2K).

But, don't be fooled. GDPR is real, it is coming, and you need to be ready.

Where do you start with GDPR?

September 30th, 2017|Categories: GDPR|Tags: |

GDPR is a pain in the ass

As an individual, I believe GDPR is a good thing. But as a business owner, I know it's a headache.

So, I'll just focus on specific steps you can take to start complying with GDPR.

Go to Top