We asked a Bulletproof expert ‘Can you cheat Cyber Essentials?’ along with other hotly debated compliance questions, to see what he really thinks. Read what he has to say or watch the video. This is part of our Candid Chats series, where we ask the awkward questions.
Many businesses still think of cyber security as an IT function - it’s one of the most enduring myths we face in the industry. This is bad news. Cyber security is not just an IT problem: it is a business problem. Cyber security is risk, and risk is a business issue. Cyber is so much more than a collection of IT controls, yet it’s an uphill battle to get it seen as anything else.
Despite the GDPR routinely (and wrongly) being seen as an encumbrance, many of its requirements make sense for sound business and management reasons. For example, the requirement to maintain Records of Processing Activities (RoPA) under Article 30 can reduce time needed from business analysts when scoping projects. Data Protection Impact Assessments (DPIAs), reduce time misspent on projects which are not appropriate, legally viable, or necessary.
Ultimately, you’ll reduce the risk of data breaches over time when you implement and maintain an effective information security management system.
The business risk of a cyber attack is never going away, as cyber criminals continue to develop more innovative ways to access your data. At the same time, organisations have increasing compliance burdens placed on them, such as ISO 27001, Cyber Essentials, and ad hoc information security requirements. This means businesses are under more pressure than ever to set a strong security strategy and, crucially, stick to it.
This blog is based on insight from our 2023 State of Cyber Security report. This month sees GDPR celebrate its 5th birthday, and during that time it’s stayed more-or-less the same. With unchanging rules and half a decade of time to get data protection things in order, you might think that the need for GDPR consultancy is dwindling. However, as we showed in our 2023 State of Cyber Security report, that’s sadly not the case.
Cyber Essentials, often just called CE, has been around for nearly a whole decade, and it’s still as popular as ever. The trick to its endurance is the yearly changes that keep it relevant. IASME, the governing body who work with the National Cyber Security Centre (NCSC) to maintain the standard, typically update Cyber Essentials every April, give or take a month, and 2023 is no different.
Being untraceable, untouchable, and ungovernable is a key part of the myth and mystique of ‘hackers’. Sure enough, the ability to hide has always been a central part of the hackers’ MO in both the physical and digital world. At Bulletproof, we’re no strangers to the insidious nature of hackers.
Security often feels like an uphill battle. Let’s say your organisation has done the basics – you’ve got Cyber Essentials certification, and also started regular penetration testing. Firstly, congratulations – you’re well on your way to stopping the majority of opportunistic attacks. But after the pen test comes the report, and for business who aren’t prepared, a whole new problem emerges: how do you tackle the remediations effectively?
Every business that collects personal data via a website, app, or even via the phone/post will find that they need the skills and expertise of a Data Protection Officer at some point to ensure safe and confidential data processing. But what is a DPO exactly? Do you really need one? And what if you don’t want to hire someone full time? Read on to find out more about the roles and responsibilities of the DPO and when to hire one to secure your data.
