In 2019, the ICO fined Marriott Hotels £99 million under the GDPR for not undertaking sufficient due diligence to secure its systems when it acquired Starwood Hotels Group. This resulted in 339 million unprotected guest records being exposed. Elizabeth Denham, Information Commissioner stated: “The GDPR makes it clear that organisations must be accountable for the […]
13
May
May
The Covid-19 pandemic made it imperative for organisations to conduct business remotely in order to stay competitive during the UK lockdown. Many have adjusted quickly, changing the way they deliver services, connect and communicate with employees in their new working from home (WFH) environment. HR policies may have been changed to allow for WFH but […]
01
May
May
Previously known as ‘privacy by design’, “data protection by design and default” has always been part of the UK Data Protection Law. But the key change is with the General Data Protection Regulation (GDPR) now making it a legal requirement. The GDPR requires you to put in place appropriate technical and organisational measures to implement […]
29
Apr
Apr
Social engineering can be summed up as hacking the human. Simply put it is the action of leveraging human frailty – our reaction to urgency, to compliance with perceived figures of authority, to taking information at face value – and using it against us as a way of eliciting information or performing unauthorised actions. Social […]
20
Apr
Apr
Whether you’re an existing Cyber Essentials or Cyber Essentials Plus certificate holder or not, you may be aware that the certification process is going through some changes – these are almost exclusively related to the accreditation process rather than the actual elements of the certification and framework – we’ll walk you through all of it. […]
08
Apr
Apr
CREST Penetration Testing If you are looking to book your next penetration test and your prime consideration is getting the cheapest and quickest one available, simply because you need to tick a box, then this blog piece isn’t for you. If, on the other hand, your main concern is gaining a comprehensive picture of the […]
30
Mar
Mar
In our recent webinar, ‘6 Things to do to Meet GDPR 3rd Country Requirements’, we provided information on how data privacy requirements may change and why organisations should prepare now. The webinar ended with a Q&A session with our data privacy and protection expert, Ursula Baye. In this post, we list the answers to those questions asked […]
16
Mar
Mar
So COVID-19 or the Corona Virus as it’s still commonly referred to is really beginning to bite now, our news media outlets are immersed in the subject 24/7 so I won’t burden you with yet more facts and figures. We won’t be trying to clumsily shoehorn a sales message into this piece. Instead, we thought […]
09
Mar
Mar
Many things that are important in getting ISO 27001 compliant but in this blog post, I’ve narrowed it down to just 4 key areas. Trust me. By focussing on these objectives, you will greatly simplify your journey. Make it relevant First things first. You need to make it relevant. People will be more supportive if […]
25
Feb
Feb
ISO 27001 Audits can be stressful for those involved as a lot riding on the audit’s outcome. This is especially true if it’s the organisation’s first audit and there’s a compelling commercial reason to achieve ISO 27001 certification. Brand identity may be negatively affected if the business doesn’t pass. In this article, we explore the […]