The ‘consent or pay’ model, essentially offers a choice between pay with your data, or pay with your money. Meta became the most notable company to use this tactic and were immediately met with questions as to how they could justify such an arrangement, and more importantly, how they could do so lawfully.

Now, you’re probably thinking, "Does this even apply to my business?" Great question. DORA covers a wide range of entities in the financial ecosystem, including but not limited to: If you’re in or serve the financial sector, chances are DORA has its eye on you. But don’t panic yet; we’ll talk about how to figure out if it’s actually relevant to your operations.

The best way to solve this issue is to provide training that is interesting, interactive, and engaging. A great example would be the Defense.com videos offered. They provide a fun, informative and. with the inclusion of exams, interactive way to train staff on cyber security. Even just informal quiz sheets could help staff retain the information and put it into practice when the situation arises.

It’s vital to remember there are steps that must be taken to ensure that the breach doesn’t become worse. Also, don’t be afraid to speak to your Data Protection Officer, Team Lead etc. The sooner a breach is reported the quicker it can be dealt with.

First, I want to make sure we’re all on the same page. Special category data is personal data that is considered sensitive and requires additional safeguards when processed, as it can have a significant impact on an individual's life.

In the first of our blog series on international data protection, I’m taking a look at how companies can ensure compliance with notice and consent requirements in the USA, China, and Canada. In a world where digital footprints are as common as physical ones, the governance of personal data has become a pressing issue.

You may be asking, “why are they changing the questions?” Well, the threat landscape is always changing, so the way we react to those threats needs to change too. This is the only way to make sure that your business stays secure, in addition to it bringing the scheme up-to-date with current security practices. Cyber Essentials will still continue to focus on the five key technical controls which are the best first line of defence against a potential threat.

Certifications are a great way for customers to get confidence that the company they’re trusting with their cyber security is up to the job. So, when the Cyber Advisor scheme was launched, we thought it was a great opportunity to invest in our staff. In this Q&A blog we’ll look at what a Cyber Advisor is, what it means for your business, and what it means to our staff – as we talk to Bulletproof’s first Cyber Advisor, Jemma Aldridge.

This is a Bulletproof Tech Talk article: original research from our red team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. This blog looks at obfuscating Linux Symbols using dl_iterate_phdr with callbacks. It represents original security research from the Bulletproof Red Team.

This is a Bulletproof Tech Talk article: research from our penetration testing team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. In the complex landscape of Active Directory, ensuring secure and appropriate access is a constant challenge. Recently another "ESC" technique has been released which is known as ESC13.