data protection Archives - Cybersecurity Without Insanity

Cyber 3-2-1: What have a €60,000 fine, a €100,000 fine, and Multi-Factor Authentication (MFA) got in common?

Cyber 3-2-1: What have a €60,000 fine, a €100,000 fine, and Multi-Factor Authentication (MFA) got in common? All is revealed in the 2022 Annual Report that has just been published by Ireland’s Data Protection Commission.

By Sam Glynn|2023-03-10T09:22:54+00:00March 10th, 2023|Categories: cybersecurity|Tags: accountability, assessment, cost of attacks, cyber321, data protection, dpc, gdpr, Multi-Factor Authentication, passwords, phishing, regulators, regulatory compliance, risk management, staff awareness|

Cyber 321: Destructive cyber attacks and an offer to ease my conscience.

Cyber 3-2-1: Another issue laiden down with news about recent cyber attacks, including against a UK financial advisory firm with some very interesting high-value clients. In response, the 5 steps you need to take right now to avoid the worst-case scenario of a ransomware attack. Plus an offer to ease my conscience.

By Sam Glynn|2023-03-08T14:59:49+00:00February 24th, 2023|Categories: cybersecurity|Tags: analogy, assessment, backups, cost of attacks, cyber321, data protection, incident response, mindset, payment fraud, phishing, ransomware, regulators, regulatory compliance, risk management, staff awareness|

IT Relationship Breakdown – Part 1: It’s not me. It’s them.

I frequently encounter a broken relationship between my client and their IT MSP (managed service provider). In this first of two articles, I discuss why these relationships break down.

By Sam Glynn|2023-02-20T09:51:34+00:00February 20th, 2023|Categories: cybersecurity|Tags: analogy, backups, business continuity, daily, data protection, managed service provider, ransomware, regulators, regulatory compliance, risk management, senior executives, supply chain risk, third party risk management|

Cyber 321: 6th January 2023

Cyber 3-2-1: Happy New Year. I know I’ve been talking a lot this week about how it’s not so happy for LastPass users, so I will not linger too much on that carnage for the moment. Instead, let’s talk about what Ukraine’s Cyber Police, the UK’s NCSC, and Ireland’s DPC have been up to while we’ve been eating too much chocolate.

By Sam Glynn|2023-01-06T08:08:41+00:00January 6th, 2023|Categories: cybersecurity|Tags: cyber321, data protection, LastPass, Multi-Factor Authentication, password manager, passwords, phishing, staff awareness, third party risk management|

Cyber 321: 16th December 2022

Cyber 3-2-1: An outsourced HR provider reports a breach 60 days after it was identified, the European Commission agrees a new directive to oblige service providers to do better, and what the data protection regulators can tell us about security.

By Sam Glynn|2022-12-15T12:18:48+00:00December 16th, 2022|Categories: cybersecurity|Tags: cost of attacks, cyber321, data protection, incident response, Multi-Factor Authentication, passwords, phishing, risk management, staff awareness|

Don’t forget about Anthony

How our colleague could be exposing the organisation to a data protection risk.

By SG|2022-12-15T09:07:02+00:00December 15th, 2022|Categories: cybersecurity|Tags: daily, data breach, data protection, staff awareness|

What a breach at the Teaching Council teaches us about email auto-forwarding?

Email auto-forwarding: What can we learn from a breach at the Teaching Council?

By SG|2022-12-14T07:16:06+00:00December 14th, 2022|Categories: cybersecurity|Tags: cost of attacks, daily, data breach, data protection, dpc, example, gdpr, Multi-Factor Authentication, payment fraud, phishing, staff awareness, supply chain risk|

You may not care about disk encryption. But your regulator does.

You may not care about disk encryption. But your regulator does. Read how many organisations put themselves (and their customers' personal data) at risk by not implementing this simple security measure.

By Sam Glynn|2022-12-13T17:15:50+00:00December 7th, 2022|Categories: cybersecurity|Tags: bank of ireland, cybersecurity, daily, data breach, data protection, dpc, encryption, example, gdpr, laptops|

Cyber 321: 23rd September 2022

Cyber 3-2-1: 58% of cyber incidents start with a phishing email. Plus: North Face, LastPass, and Uber: 3 breaches; many lessons. This week’s action: On the internet, we’re all Capricorns.

By Sam Glynn|2022-09-22T08:51:52+01:00September 23rd, 2022|Categories: cybersecurity|Tags: cost of attacks, cyber insurance, cyber321, data protection, Multi-Factor Authentication, passwords, payment fraud, phishing, ransomware, staff awareness, website|

Cyber 321: 22nd July 2022

Cyber 3-2-1: A ransom payment won’t prevent a data protection penalty, LinkedIn is the scammers’ favourite brand, and some of the latest lures used in phishing emails. This week’s action: It’s time for some cybersecurity refresher training.

By Sam Glynn|2022-07-22T09:23:18+01:00July 22nd, 2022|Categories: cybersecurity|Tags: cisco, cyber321, data protection, fortinet, ico, isc2, linkedin, Microsoft, phishing, ransomware, staff training, white house|