Digital cookies have become a ubiquitous tool in how websites identify visitors, understand their online behaviour, and make browsing more convenient for the user. Cookies are small text files which store data to identify your computer. Cookies aren't necessarily bad. They're useful for encryption, delivering webchats, improving marketing campaigns by personalising the content displayed, and many other digital services.

In what is being described as the most significant update to the scheme since it launched in 2014, the National Cyber Security Centre (NCSC) has announced that the technical controls for Cyber Essentials and Cyber Essentials Plus will be updated as of 24th January 2022. The change is to bring the scheme in-line with the evolving cyber security challenges that organisations now face, particularly around the adoption of cloud services and hybrid working.

Hackers are often associated with young adults who are constantly on their computers, staring at the screen full of codes and sitting in a dark room away from society. But don’t be fooled, hackers might just be some of the most intelligent people in today’s digital world; breaking into systems to test their abilities and expanding their knowledge to find new and innovative techniques- and strange as it may sound, not all of them want to steal your data.

Supplier due diligence is an action taken by an organisation to identify and understand the credibility and suitability of a prospective partner or vendor. Conducting supplier due diligence can help guide decision-making when choosing the right vendor, detect risks with potential suppliers and protect customer data in the process. It's also considered good business practice and can help mitigate future financial and reputational damage caused by a data breach.

Over the last two weeks, many have had flashbacks to 2012 when Heartbleed was released and everyone scrambled to fix broadly used OpenSSL. Due to their nature, some applications and services are so prolific that when a vulnerability is identified it causes massive issues for vendors and customers alike. The latest of this kind of issue is the Log4j vulnerability that has been dominating the press.

The most common application vulnerabilities will come as no surprise to cyber security experts. If we know about them, why do they persist?

No-one would lend or borrow money without expecting some form of agreement to be in place covering the term, the interest, the repayments and so on. Even lending the garden hose to a neighbour comes with an expectation of it being returned at some stage and being returned in the state that it was lent.

We’ve previously discussed what social engineering attacks are and what you can do to prevent them. Here, we’re going to review the reasons why threat actors persist with these types of attacks and why every single employee is potentially susceptible to a social engineering attack.

Threat actors are employing more advanced social engineering techniques with ever increasing frequency. All sectors are open to attacks with the financial and reputational losses being significant. Exploiting human nature is not new. The methods used by hackers are getting more sophisticated and they are becoming better at manipulating human behaviour. This guide to social engineering will help you.

‘Privacy by design’, or as it’s now known, ‘data protection by design and default’, refers to Article 25 of the UK GDPR. This principle makes it a legal obligation for controllers to implement organisational controls which ensure data protection issues are addressed at the design stage of any project. But what does the regulation mean when it refers to organisational controls?