Threat actors are employing more advanced social engineering techniques with ever increasing frequency. All sectors are open to attacks with the financial and reputational losses being significant. Exploiting human nature is not new. The methods used by hackers are getting more sophisticated and they are becoming better at manipulating human behaviour. This guide to social engineering will help you.
‘Privacy by design’, or as it’s now known, ‘data protection by design and default’, refers to Article 25 of the UK GDPR. This principle makes it a legal obligation for controllers to implement organisational controls which ensure data protection issues are addressed at the design stage of any project. But what does the regulation mean when it refers to organisational controls?
Following on from Brexit, the UK received a positive adequacy decision on its personal data security standards by the EU. Building on this, the UK’s Information Commissioner's Office (ICO) has opened a consultation period to introduce its new International Data Transfer Agreement (IDTA). The European Commission has also issued a draft update addressing the same thing. So what triggered this new work? It’s all in response to the work done by privacy activist Max Schrems.
Our team of penetration testers arguably have the most interesting and exciting roles within the business, or perhaps, in the world. From robbing banks to breaking and entering, pen testing isn’t your typical desk job. So we’ve asked them to share some of their most interesting stories to really give you career envy! Let’s see what we can find out about a day in the life of a pen tester.
A 2019 report by Ofcom shows that 50% of ten-year olds own mobile phones. While viewing of video-on-demand (with YouTube as firm favourite), has doubled in the last five years among children. Platforms like TikTok are rapidly growing in popularity. Sadly, more and more children are being exposed to hateful, violent and disturbing contents on these platforms.
If we told you that certifying with Cyber Essentials was a simple but effective way to protect yourself from up to 80% of common cyber attack methods, wouldn’t that alone be enough to convince you it’s worth it? The Cyber Essentials scheme is a Government backed certification standard that enforces 5 key technical controls. By following these controls, you create an essential security baseline to protect your business from everyday cyber threats.
All of us take our personal security very seriously – after all, when was the last time you left your house without locking your front door? Sadly the same can’t be said for the care we take about our personal data – both our own, and that of other people. But personal data is an integral and unignorable fact of life, and we need to ensure we’re taking care of it in both our personal and professional lives.
EU representation isn’t a new thing – it’s a core component of the GDPR – but it has become something that UK companies need to be aware of post Brexit. Up until 31st December 2020, UK companies didn’t need to worry about having an EU representative, as the UK was a part of the EU. Now things have changed, and many UK businesses need to find an EU data representative in order to maintain compliance with EU GDPR.
Penetration testing is the cornerstone of any cyber security strategy, yet enterprises often don’t get an optimal outcome from their pen test engagements. In this blog I’ll be looking at the three main reasons behind this, and also suggesting an alternative way of working that could vastly improve security outcomes whilst also increasing business value.
In order to understand how to report a data breach, we first have to know what a data breach actually is. Under the GDPR, a personal data breach is “the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.” This covers a wide range of scenarios, some of which might be surprising. The following would all be considered as data breaches under the GDPR.
