Policies News, Articles and Updates

The curse of the ex-employee - A horror story

Some departing employees have no loyalties to their previous employer, so it is imperative that deprovisioning employees' corporate access on their last day is an absolute priority.

How to build a stronger culture of security

Organisations should create an environment where people feel comfortable discussing data security. If you can create a culture that values the importance of IT security, it can help minimise internal threats.

Self-inflicted ransomware: Is your data hostage to uncontrolled encryption?

Employees have to choose between leaving data unprotected, disrupting their work to use the company encryption tool, or protecting data on their own; once an employee encrypts a file on their own, the company has no control.

Data disaster! What are your IP priorities? Ensuring staff are equipped

It is vital to ensure that employees are aware of and educated about a company's implemented security policy, know the best practice means of transmission and storage of corporate data, and have the tools they need to do their jobs.

Enterprise security budgets slashed by a third; is spend appropriate?

Enterprises seem to be getting the message, at last, that security posture cannot be measured by pocket depth as budgets get cut by a third.

Beyond prevention. How and when to use endpoint detection and response

Nicolas Capitoni says anaged Endpoint Detection and Response (EDR) is so valuable because it empowers organisations to cost effectively find and isolate compromised endpoints before any real damage is done.

ISPs underestimate value of security, core demand for 71% of enterprises

There is a disconnect between how much enterprises care about Internet security and what service providers think these customers value according to a new survey by the Internet Society (IS).

Ensure security employees quit without taking passwords, encryption keys

Departing employees is an issue not often considered as potentially affecting a company's cyber-security. However, an employee can potentially eave while maliciously keeping sensitive data including passwords, key codes, etc.

How to combat Business Email Compromise

Oliver Fay examines the rise of Business Email Compromise (BEC) and describes a series of measures that even the smallest companies can put in place to help better protect themselves against BEC.

Cracking the GDPR compliance conundrum in local government

Before you start looking at GDPR you need to understand what PII data you have, where it is, who has access, who it is shared with, and ultimately, how you can best manage it according to GDPR requirements says Julian Cook.

Managing data security in a multi-cloud environment: control & compliance

As organisations continue to embrace the benefits offered by diverse multi-cloud environments, it's essential that they're aware of how best to achieve both compliance and control says Peter Galvin.

Saudi Arabia strives to improve its cyber-readiness: Potomac assessment

In the face of external and domestic cyber-security threats, Saudi Arabia is taking significant steps to achieve cyber-readiness, but is being restrained by shortages of appropriately skilled Saudi-labour says Potomac Institute.

If you could break into your company systems, what would you do?

Privileged access - not people - is the true insider threat says David Higgins. Securing privileged accounts should be on-going with continuous evaluation and adjustments to improve security as the threat landscape changes.

US Kasperky ban draws Kremlin rebuke, raises concerns among users

The US government's decision to ban Kaspersky Lab security software raised concerns from users over their own Kaspersky purchases and drew a sharp rebuke from the Kremlin about anti-competitive practices

Shipping organisations get code of practice for tackling cyber threats

Department for Transport launches new Cyber Security code of practice for ships as "Cyber-security ... threatens the reliability and performance of a shipping sector that carries 95 percent of our trade [so] has to be taken seriously."

The steps you must take to keep malware right outside your organisation

Creating policies that prevent users from exposing the company to threats while maintaining business continuity takes the maximum amount of risk off the table says Sam Hutton.

What UK SMEs need from the National Cyber Security Centre - Education

Joe Siegrist shares ideas on how the government could help SMEs train their staff to protect their assets.

Employees playing Facebook quizzes could put their employers at risk

Paul Bischoff explains that companies should educate their employees on the importance of Facebook privacy and other data-gathering apps that can potentially compromise both personal and company security.

Russia may ban government officials from using Google and WhatsApp

Russian government moves to implement partial ban on foreign technology which is seen as a threat to national security.

Putting people at the heart of your IT policy: Five tips to get it right

IT security policies must evolve to embrace sensible policies for bring-your-own-device (BYOD), says Chris Mayers.

Ensuring your security policy works

Alex Vovk explains how to leverage security policy and ensure it's performing correctly to prevent a data breach.

Macro malware epidemic returns

The return of a decade-old attack vector, the malicious macro, requires a granular, policy-based approach to managing email at the gateway, says Greg Sim.

Keep your friends close... but your insiders closer

A well-defined security programme focused around the company's most critical data, combining technology and education powered by metrics, will help businesses reduce insider risk levels says Neil Thacker.

Russia updates its IT security strategy in reaction to current tensions

Russia says it is revising its policies to help prevent information warfare, identity-theft and cyber-fraud.

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

Cyber risk management: A boardroom issue

Having comprehensive cyber risk policies that are not followed can be as detrimental as not having a policy at all says Peter Given.Good who advises that good risk-insurance will demand appropriate procedures are both in place and implemented.