Risk Crew Blog

Your source of expert insights on risk management, compliance and security.

Virtual CISO

View all Virtual CISO

Maximising Security and Efficiency with CISO-as-a-Service

19 August 2024

Many organisations are turning to implementing a CISO-as-a-Service option. The service is not only efficient, [...]

Unlocking the Potential: Exploring the Benefits of a vCISO

21 September 2021

There is no doubt that the number of qualified and available cyber security experts is [...]

Hiring a Virtual CISO Verses a Full Time CISO Comparison

13 July 2021

Most of us are aware that there is a huge gap of qualified cyber security [...]

Data Protection and Privacy

View all Data Protection and Privacy

PPI Principals of GDPR for Small Businesses: Navigating Data Protection

13 July 2023

“So, all we have to do to implement these 11 chapters containing 91 articles in [...]

3 Triggers for Conducting a DPIA

2 March 2021

Here’s a funny thing – recital 84 of the EU’s GDPR legislation states “…where processing [...]

Personal Data Deletion Done the Right Way

18 February 2021

Are you managing personal data deletion correctly under the DPA and GDPR? Does everyone in [...]

Data Protection Officer Questions – Answered by a DPO

20 July 2020

There are many questions about why a Data Protection Officer (DPO) is needed and what [...]

Data Protection by Design and Default Explained

1 May 2020

Previously known as ‘privacy by design’, “data protection by design and default” has always been [...]

When Must You Complete a Data Protection Impact Assessment?

2 January 2020

Data protection impact assessments (DPIAs) are a legal requirement for GDPR, to ensure people’s private [...]

Supply Chain Risk Management

View all Supply Chain Risk Management

MOVEit Attack – Security Tool Vendors Have Failed Us… AGAIN!

21 June 2023

2023 MOVEit Cyber Attack to Affect the Masses Yet again, here’s a prime example of [...]

Cyber Security Supply Chain Challenges in the Agrifood Sector

23 March 2023

Guest Contributor: Benjamin Turner, Former Chief Operating Officer, Agrimetrics Shortly after Russia’s invasion of Ukraine, [...]

Supply Chain Cyber Attacks & How to Prevent Them

20 February 2023

“There has been a 742% average annual increase in software supply chain attacks over the [...]

Cyber Supply Chain Risk Management – Should Penetration Testing be Required?

21 April 2021

Let us begin by describing how to approach Cyber Supply Chain Risk Management (C-SCRM) and [...]

Awareness Training

View all Awareness Training

Get WFH Cyber Security at the Forefront of Staff’s Minds

13 January 2021

Is your staff is staying resilient with protecting company information assets whilst Working from Home? [...]

What’s a Mature Security Awareness Programme?

3 February 2020

Good news. Bad news. The bad news is that cyber security threats to businesses are [...]

Malware and Ransomware

View all Malware and Ransomware

How a Ransomware Readiness Assessment Can Help Your Business Stay Safe

16 September 2022

Ransomware is a type of malware that encrypts files and then seeks payment in exchange [...]

What is Ransomware? Four Examples You Should Know About

1 March 2022

By now we all know the effect a Ransomware attack can have on an organisation. [...]

How to Outsmart the DarkSide Ransomware Group

7 February 2022

The DarkSide Ransomware Group is one of the many gangs that continue to rebrand themselves [...]

Protecting Your Organisation After a Ransomware Attack

28 July 2021

So, here is the scenario: you’re sitting at your desk working away and suddenly realise [...]

Information and Cyber Security

View all Information and Cyber Security

How Do You Conduct an Information Security Risk Assessment?

9 May 2022

Information security risk assessments are crucial for any businesses that deal with any sensitive information [...]

SaaS Security 101: Essential Strategies for Businesses

15 September 2021

Software companies have naturally embraced the cloud. It provides countless benefits for their clients, ranging [...]

As a nation, are we cyber security aware?

18 December 2019

In the following blog post, we are going to shine a spotlight on the general [...]

Incident Management

View all Incident Management

How to Submit a Data Breach Breach Compensation Claim

3 August 2023

What is a Data Breach Claim? “Someone stole my personal information and I want something [...]

How to Respond When Data Breaches Hit the Fan

19 July 2023

Not many companies anticipate being the focal point of a significant data breach incident. However, [...]

ISO 27001

View all ISO 27001

How to Implement a Clear Desk & Clear Screen Policy for Your Organisation

14 September 2023

You know that feeling when you walk into an office, and it looks like a [...]

ISO 27001 Clauses 4-10: A Complete Guide

6 September 2023

ISO/IEC 27001 is an international standard for creating an information security management system (ISMS). It [...]

How to Prepare for an ISO 27001 Audit

9 August 2023

In the world of information security, there are many frameworks and countless guidelines. But among [...]

ISO 27001: Steps to Write a Statement of Applicability

25 July 2023

ISO 27001 Statement of Applicability A central component of becoming compliant with ISO 27001 is [...]

How Agrimetrics Successfully Attained ISO 27001 Certification | CASE STUDY

24 April 2023

About the Company Agrimetrics, founded in 2014, is a leading Agri-tech Centre dedicated to revolutionising [...]

ISO 27001 Penetration Testing Requirements – Risk Crew

13 January 2023

A common question that comes up when implementing ISO 27001 is: Should I include security [...]

ISO 27001 Information Security Tips to Jump the Hurdles of Compliance

23 August 2022

When looking to embark on achieving ISO 27001 Compliance, every organisation should know what challenges [...]

ISO 27001:2022 Update – What You Need to Know

17 August 2022

The revised version of ISO 27001 finally landed on 25 October 2022. It’s been almost [...]

ISO 42001 | AI

View all ISO 42001 | AI

Ideation to Execution: Building Your AI Governance Framework

7 January 2025

AI governance is the foundation of responsible AI usage. It’s a framework of policies, practices [...]

Get Ahead of the UK AI Regulation: Comply and Thrive

7 January 2025

As artificial intelligence continues to reshape the way we all work and how enterprises operate, [...]

AI Governance – Secure the Future by Embracing Responsible AI Practices

20 March 2024

AI in Simple Terms At its core, AI is simply software that can ‘think’, ‘learn’, [...]

Don’t Be Afraid of AI. Treat It Like an Insider Threat

19 June 2023

If artificial intelligence wants to be human so badly, let’s start treating it like one. [...]

SOC 2

View all SOC 2

Are You Getting Ready for a SOC 2 Audit? 5 Steps to Follow

4 July 2023

Thinking About Getting Your Cloud Platform SOC 2 Compliant? If your company handles sensitive data, [...]

Why Are SOC 2 Assessments Becoming More Popular in the UK and Europe?

8 September 2021

This is a guest article written by Ty Brush. The author’s views are entirely his [...]

12 Critical Policies for SOC 2 Compliance

6 July 2021

If you are considering getting your organisation SOC 2 compliant, this blog should be an [...]

How Long Does SOC 2 Compliance Take and How Can You Get Certified?

29 June 2021

It seems like a long project to reach SOC compliance, right? Well, not if you [...]

ISO 27001 vs SOC 2: Apples and Oranges

9 June 2021

What’s the difference between ISO 27001 verses SOC 2? Good question. SOC 2 is becoming [...]

NIS2

View all NIS2

NIS 2 Directive Timeline & Requirements to Minimise Risks

17 August 2023

NIS 2 is Changing It’s getting Risky out there… The protection of our networks and [...]

DORA

View all DORA

Essential Information | The DORA Regulation in the UK

24 October 2024

How does DORA apply in the UK? Although the Digital Operational Resilience Act (DORA) is [...]

DORA Compliance Checklist: Your Guide to Actionable Steps

24 October 2024

Achieving compliance with the Digital Operational Resilience Act (DORA) may seem challenging, but with the [...]

An Overview to DORA’s Regulatory Technical Standards (RTS)

24 October 2024

What is DORA and How Does it Differ from Existing Risk Management Frameworks? Well, DORA [...]

A Comprehensive Overview of the Digital Operational Resilience Act

16 April 2024

Trying to understand DORA? Think of it like this: The Digital Operational Resilience Act (DORA) [...]

Cyber Essentials

View all Cyber Essentials

Why Cyber Essentials is Not Just a Tick Box – Interview with Dr Emma Philpott

28 June 2021

As the question ‘why do I need a Cyber Essentials certification?’ continues to arise, Dr [...]

Going Beyond Cyber Essentials Plus Certification

19 August 2020

Once you have successfully attained Cyber Essentials Plus (CE+) certification and the celebrations are over, [...]

What Are the Benefits of Cyber Essentials Plus?

13 August 2020

Certifying to Cyber Essentials Plus Although many organisations pursue Cyber Essentials Plus (CE+) certification in [...]

Can I get Cyber Essentials Plus Certification Remotely?

15 July 2020

Many organisations have sought to achieve Cyber Essentials Plus (CE+) certification remotely (as opposed to [...]

Cyber Essentials Plus – Your Burning Questions Answered

1 July 2020

In our recent webinar, Achieving Cyber Essentials Plus, Nick Roberts and Taras Sachok provided valuable [...]

Are You Considering the Cyber Essentials Framework?

4 June 2020

If you’re considering gaining formal certification to Cyber Essentials Plus (CE+)…good for you! Complying with the security requirements [...]

Penetration Testing

View all Penetration Testing

How to Prepare for a Penetration Test

10 January 2025

It is an undeniable fact that all applications and infrastructures are essentially in need of [...]

Mobile Banking Apps: The Risks, Threats and Solutions

24 May 2024

Mobile banking apps have become the new normal for millions of people around the world, [...]

Cloud Technology Risks – The Cloudy Truth

20 May 2024

Navigating the Treacherous Landscape of Security Risks In today’s fast-paced digital world, the adoption of [...]

What is Open-Source Intelligence? How to Get Started

25 August 2023

Imagine a world intricately woven with connections, where information flows like a meandering river of [...]

Importance of Black Box Testing for Your Cyber Security Defence

7 July 2023

In a world where the digital landscape keeps changing, how can we effectively protect our [...]

External Penetration Testing and How to Do It

5 July 2023

What is External Penetration Testing External penetration testing also known as external network penetration testing [...]

How Much Does Penetration Testing Cost | Risk Crew

1 June 2023

Penetration testing, also known as ethical hacking or white-hat hacking, is like putting on a [...]

What are the Different Types of Penetration Testing?

20 May 2022

If you’re considering a penetration test to identify and fix vulnerabilities within your business, you [...]

Red Team Testing

View all Red Team Testing

Why a Red Team Security Assessment is Crucial for Every Business

2 June 2023

In today’s digital age, businesses are more vulnerable than ever to cyber-attacks. As a result, [...]

7 Key Benefits of Red Team Testing for Your Organisation

23 March 2023

In an information or cyber security context, a Red Team is a group of ethical [...]

Red Team Vs Blue Team – A Comprehensive Guide

11 May 2022

With the ever-increasing threat of data breaches for many organisations, testing your security systems is [...]

Should You Conduct Red Team Testing Without a Blue Team?

7 December 2021

We often hear the question: “Should we perform Red Team Testing without a Blue Team?” [...]

Clearing the Confusion: Red Team vs Penetration Test

22 November 2021

More than often when organisations are directed by the board to deploy a Red Team [...]

Try Red Team Testing to Improve ROI

7 October 2021

Typically, ROI is seen as money spent vs money received to see if the investment [...]

Top 8 Metrics to Collect During a Red Team Test

7 October 2020

Why should we collect metrics in a red team test? Metrics are a valuable way [...]

Ready for Red Teaming?

2 March 2020

Are you considering conducting Red Team testing? Have you ever conducted one? Maybe it’s time [...]

Social Engineering

View all Social Engineering

10 Social Engineering Attacks You Need to Know

13 April 2022

Simply put — social engineering works. Ask any Threat Actor in the business. Social engineering [...]

How to Spot a Phishing Attack

31 March 2022

Yes. We know. A lot has been written on how to spot phishing attacks over [...]

Social Engineering Techniques – Hacking Human Behaviour | Risk Crew

14 February 2022

Social engineering is a term used for a wide variety of activities used by threat [...]

Top 5 Signs of Social Engineering Attacks

18 November 2020

What are the Signs of a Social Engineering Attack and How Can You Prevent Them? [...]

Don’t be Vulnerable to Vishing – Identify and Mitigate Risk

17 February 2020

In this post, you’ll learn why vishing is successful and what you can do to [...]

Why you should deploy Simulated Social Engineering Testing against your workforce

28 November 2019

Social Engineering can be summed up as ‘hacking the human’. Traditional malicious hacking attacks a [...]

Spear Phishing – Why you should “Fear the Spear”

11 November 2019

SPEAR PHISHING, WHALING, BUSINESS EMAIL COMPROMISE AND CEO FRAUD IS ON THE RISE AND COSTING [...]

Security Vulnerabilities

View all Security Vulnerabilities

Let’s Chat

Whether you are just starting out with you GRC or have not begun, our experts are here to answer your questions.

Guide

Guide

Case study

Risk Crew Blog

Let’s Chat