Security Guidance News, Articles and Updates

How to minimise the risks of LinkedIn - the hacker's research tool

Staff need ongoing training in defending against the latest threats - which currently includes LinkedIn says Andrew Tang, service director, security at MTI Technology

Four security questions to ask when moving to the cloud

Security is a reasonable concern when considering moving your IT services to the cloud, but four key questions can help you assess the risk, says Chris Pace.

Prison escape via mobile phone highlights social engineering vulnerability

A prison escape with a fake release note, from a fake website, set up via mobile phone, demonstrates yet again that people are our biggest security vulnerability says Fotis Gagadis.

Supplier risk: The tip of the iceberg

You need to delve deeper into the risks in your supply chain to really know what your exposure is says Nick Ford.

Grinch vulnerability could hit Linux systems

Security researchers uncover 'grinch' vulnerability that could affect all Linux systems

Change passwords? People can't be bothered, survey shows

Two thirds of users still using the same password across multiple accounts says survey.

Avoid security breaches during reorganis​ation and mergers

Paul Bonner advises companies merging to take the best security practice from each component company, and not impose the practices of the dominant player - or resistance is likely.

Establishing habits of a highly effective security professional

Preparation and organisation can enable effective security for one man SOCs or small teams explains Joe Schreiber.

Security awareness training should 'change how people think'

Security awareness training must be high on the agenda of best practice when companies fight off cyber threats, experts concluded at the SC Congress London.

Apple's iOS encryption claims 'are false'

The strength of Apple's email encryption is called into question by independent security research firm NESO Labs.

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

SC Congress London: Bottom-up security awareness has C-level benefits

A stellar panel of infosec experts told a packed audience at SC Congress London on Thursday that security awareness can play an integral role in educating C-suite on threats coming from inside and outside the company.

PCI compliance: The slow road to progress

PCI DSS 3.0 may be on the horizon, but a new study suggests that companies are not only slow in updating, but also approaching compliance in the wrong way.

One in four UK office workers don't know what phishing is

The ignorance of most UK office workers about phishing, one of the most lethal forms of cyber threat, has been revealed in a new study.

2014: "DDoS attacks can only get worse"

Leading security consultant says DDoS attacks remediation more complex than many would observe.

Security guidance issued by GCHQ

CESG, the Information Security Arm of GCHQ, has released new security guidance for more than ten different end user devices to ensure they are configured and used in the most efficient way compatible with meeting security demands.