Data security Posts

Tuesday August 5, 2014 at 8:39am
In March 2014 the European Parliament agreed at committee level to the EU Commission’s data protection reform. It appears that EU heads of state have committed to a timely adoption of these planned new laws. But what do they mean for business owners?There are three fundamental areas that businesses should now be aware of: One continent and one law. There will be one single framework law covering Data Protection that all member states must comply with. There will be a ‘one stop shop&....
Tuesday July 15, 2014 at 2:00pm
We live in an increasingly connected world. Devices are constantly being introduced to the market which make our lives easier and give us greater control over our environment, our communication habits and every day chores.Smart TV’s, WiFi controlled LED home lighting, Smart Fridges, driverless cars are all examples of what has been termed the Internet of Things. The internet is no longer restricted to desktops, phones and laptops. Technology is becoming more entwined with the physical worl....
Monday June 2, 2014 at 2:00pm
Following on from last months blog Heart bleed: how to protect your business and yourself I thought it relevant to touch on the topic of ‘password managers’. Even changing just one online site’s password can cause heartache, imagine having to change hundreds which could have been the case as a result of the recent heart bleed vulnerability. This is where password managers make online account management so much easier. Breaking news: ebay database servers compromised losing 145 ....
Thursday May 1, 2014 at 2:00pm
A major security vulnerability made the news recently called 'Heartbleed'. The bug means an attacker can access normally encrypted data without leaving a trace. With two thirds of internet sites using OpenSSL this is a serious threat and one business owners and individuals need to pay attention to.Heartbleed is a bug dating back to 2011 in some versions of OpenSSL - an open source implementation of encryption protocols that is widely used on the internet. These encryption protocols are there to ....
Wednesday April 9, 2014 at 10:00am
Free ‘WiFI’ here! We see the signs everywhere from McDonalds to restaurants, hotels and airport departure lounges. With some people addicted to having internet access on their laptop, tablet or smartphone the lure of free wi-fi is all too tempting. With so much of our lives conducted on these devices a wi-fi or mobile data connection is by many seen as essential, to check email, keep up on social media or even for internet banking. Others will choose to connect to these free wi-fi ho....
Thursday March 27, 2014 at 11:54am
We read nowadays of many organisations appearing in the national papers for amazing instances of data loss. Often these are household names such as high street banks and major hospitals.I get quizzed by many owner managers as to the spectacular failures of data management and how such instances occur. All too often when investigative action has taken place, the cause is often a lack of awareness or understanding of information security protocols. And not necessarily a technical failure.When I ex....
Tuesday March 4, 2014 at 10:00am
When considering information security for your business don’t overlook the importance of physical security. If an intruder can gain physical access to your building or facility no set of technical, administrative or other controls can provide adequate protection. Physical controls are in fact your first layer of security, and people are your last.There are various elements that make up physical security, from security pass keys, to locked doors and gates. CCTV os one technical physical con....
Thursday February 20, 2014 at 10:00am
Barclays Bank Plc was the latest organisation to see their data security called into question. A few weeks ago revelations were splashed all over the papers, with the details of apparently 2,000 customers handed to the Mail on Sunday. The Mail claimed another 27,000 records were available. Some reports suggest Barclays allege that the data was stolen, others intimate that a lack of security arrangements created the problem.If big banks can lose large volumes of data, through either negligence, t....
Tuesday January 21, 2014 at 10:00am
At the start of a new year it’s a time to look ahead, to be optimistic about the future and maybe to do some planning. Whilst it might not naturally be top of your list, it’s also a really good opportunity to think about the issues of data security in your business. With the information commissioner spotting breaches daily, key customers and tender documents requiring proof of data security then many businesses are choosing to work towards ISO27001 compliance. You may not feel that a....
Thursday December 5, 2013 at 10:00am
A “vulnerability” in the Microsoft’s operating system hit the headlines recently providing a useful reminder for all users of the Microsoft platform to check anti-virus and IT set up to minimise possible threats. The warning from Microsoft was that hackers might be able to exploit a “vulnerability” in its operating system to gain unauthorised access to affected PCs, laptops and servers. The attack arrives in the form of an email or web content which users are invite....
Tuesday November 5, 2013 at 10:00am
Wireless technologies have become more prevalent in recent years and it’s all too easy to hop onto a WiFi connection when you are out and about without really considering the dangers to your business. It’s very easy to forget the sensitivity of the information that you might be transmitting over these airwaves and who might be able to listen in.With a wireless network, computers connect to each other and network devices by transmitting data over the airwaves. You can do this via your....
Wednesday October 2, 2013 at 10:00am
Biometrics and access controlFor anyone responsible for information security within an organisation access control is often the biggest headache. In formal, ISO standard terms, access control is the ability to permit or deny the use of an object (a passive entity, i.e: a system or file) by a subject (an active entity, i.e: a person or process). Traditionally passwords and personal IDs or passes have been used as security measures to prevent either access or use of premises or data by unauthorise....
Wednesday August 28, 2013 at 10:00am
The focus many of our previous blogs has been on the threats posed by the cyber world, to the information held by companies and organisations (see Cyber attacks blogs). In this blog we discuss the physical threats to the security of the data you hold and suggest some methods of control.Where do the physical threats to your data security come from?Threats to physical security come in many forms i.e: natural disasters, emergency situations and man-made threats. In order to implement appropriate an....
Wednesday August 14, 2013 at 12:02pm
We read with amazement but little surprise more stories of major data breaches and loss within the public sector. Recently the Serious Fraud Office (SFO) announced on its website that it had lost 32,000 pieces of data pertaining to a major case review. Amazing the SFO had the temerity to praise itself – announcing that this data loss only amounted to a tiny percentage of the entire archive for this case. Yet the fact remains that they have lost this data - and cannot account for it.I found....
Tuesday July 30, 2013 at 10:00am
There’s one major problem with the internet enabled life we all live and that is we are not only connected to friends, colleagues and ‘the good guys’ online, we can also be connected, often unintentionally to ‘the bad guys’ too. Here are just a few of the pitfalls for the regular internet, email and web enabled software user.Spammers Don’t open unexpected emails from non-contacts. If an email brings news that seems too good to be true, then it probably is! If ....
Wednesday July 17, 2013 at 10:00am
We can all become complacent that our e-mail accounts are safe, and that we won’t be the ones to be ‘hacked’. But this is precisely what happened to me last week.An old business BT internet account that had been hardly used for several years got hacked by an individual with an apparent Australian domain. My account was taken over and spam e-mail sent to all my old addresses within this account - as if from me advertising some page on benefits claimants in the UK.It could have b....
Tuesday June 4, 2013 at 9:00am
The art of password cracking has advanced further in recent years than it has in the previous decades combined. At the same time the bad practice of password reuse has increased. According to figures 6.5 is the average number of passwords for a web user, despite maintaining an average of 25 separate accounts. Over 100 million real word passwords have been leaked over the past year. These leaks have enabled hackers to build-up ever increasing passwords tables. They can realise the techniques peop....
Friday May 10, 2013 at 9:00am
All too often I visit organisations where a member of staff has either been disciplined or left the business - where it turns out that data was compromised by unauthorised or un-restricted access by a user that did not require this privilege.When I conduct reviews as to how these breaches occur, I tend to find two common issues: 1) no access rights policy in place and 2) no formal authorisation process to ensure that the new starter has the appropriate access relevant to their role in the organi....
Tuesday April 30, 2013 at 9:52am
Security breaches US online deals website LivingSocial has been the target of hackers and user details have been comprised. They emailed all registered users with a message that explained the issues: “LivingSocial recently experienced a security breach on our computer systems that resulted in unauthorised access to some customer data from our servers. We are actively working with the authorities to investigate this issue. The information accessed includes names, email addresses, the date o....
Tuesday April 9, 2013 at 9:00am
Whether you run PCs or Apple Macs in your business you will want to ensure that your IT security is up to scratch. Follow these simple tips to avoid the most obvious pitfalls. Quick IT Security Tips If you don't understand a warning message, say no and consult your IT support. It's easier to go back and say yes if you need to than be sorry and have to rebuild your machine. Certificates: If you don't understand a website certificate message, say no and consult your IT support team. It is easier....
Tuesday February 12, 2013 at 9:00am
It is a constant battle of cat and mouse to stay safe and secure online. Most users are now aware of the dangers but there’s yet another security issue for us all to worry about. Anyone who roams with their laptop, uses hotspots or guest wireless networks needs to read the following. A while ago there was a Firefox (3rd party internet browser) extension that could easily hijack a strangers’ Facebook account sharing the same WiFi network, like a hotspot or guest wireless network. To q....
Tuesday January 29, 2013 at 9:00am
Nearly all organisations have to deal with employee contract terminations at some time, whether that’s through an agreed mutual parting of the ways, an end of a fixed term contract, because of redundancy or for disciplinary reasons. Most of the management focus in each case tends to be on human resources processes, legal procedures and the like, to ensure there is no breach of employment legislation.Good HR Managers will conduct exit interviews and record details of the employee’s ob....
Tuesday December 18, 2012 at 9:00am
Gone are the days when the word ‘password’ or code ‘0000’ provided adequate security for your online activities. But are you aware of the latest techniques that you should be using to keep you and your customer’s personal information safe and provide a secure environment for your business activities? My colleague Martin Giles provided these invaluable pointers to one of our Information Security Management clients and I thought they were worth sharing with our b....
Tuesday September 4, 2012 at 10:00am
This guide is designed to cut through some of the misunderstanding that users and organisations have about email security. Email security involves the maintenance of the basic information security management ideas: Integrity - ensuring that your message has not had unauthorised alteration Confidentiality - ensuring that no unauthorised person (or process) has viewed the content Accountability - being able to prove who wrote the email Availability - ensuring that the email can be sent/receive....
Thursday August 2, 2012 at 10:00am
During the Olympic period many staff will be working away from the office or their usual place of work, attempting to watch Team GB compete with the best of them. If you can afford to provide this flexibility for your staff I’m sure they will appreciate it.However, there are some important information and data security issues to be considered before you give the go ahead for home or remote working. These points might be a useful starting point: A domestic dwelling may not be the most appro....

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here