Information security management Posts

Monday September 8, 2014 at 12:56pm
The challenges of the owner manager and directors of SME’s throughout the UK seem to grow daily. There are ever more complex risk and compliance issues to deal with, whether it’s data protection, health and safety, data security or industry regulation, the requirements can be onerous.I find SME’s really struggle in their efforts to safeguard what is one of their key business assets - their data.Given no business owner would knowingly put a valuable asset at risk I wonder why th....
Tuesday August 5, 2014 at 8:39am
In March 2014 the European Parliament agreed at committee level to the EU Commission’s data protection reform. It appears that EU heads of state have committed to a timely adoption of these planned new laws. But what do they mean for business owners?There are three fundamental areas that businesses should now be aware of: One continent and one law. There will be one single framework law covering Data Protection that all member states must comply with. There will be a ‘one stop shop&....
Tuesday July 15, 2014 at 2:00pm
We live in an increasingly connected world. Devices are constantly being introduced to the market which make our lives easier and give us greater control over our environment, our communication habits and every day chores.Smart TV’s, WiFi controlled LED home lighting, Smart Fridges, driverless cars are all examples of what has been termed the Internet of Things. The internet is no longer restricted to desktops, phones and laptops. Technology is becoming more entwined with the physical worl....
Monday June 2, 2014 at 2:00pm
Following on from last months blog Heart bleed: how to protect your business and yourself I thought it relevant to touch on the topic of ‘password managers’. Even changing just one online site’s password can cause heartache, imagine having to change hundreds which could have been the case as a result of the recent heart bleed vulnerability. This is where password managers make online account management so much easier. Breaking news: ebay database servers compromised losing 145 ....
Thursday May 1, 2014 at 2:00pm
A major security vulnerability made the news recently called 'Heartbleed'. The bug means an attacker can access normally encrypted data without leaving a trace. With two thirds of internet sites using OpenSSL this is a serious threat and one business owners and individuals need to pay attention to.Heartbleed is a bug dating back to 2011 in some versions of OpenSSL - an open source implementation of encryption protocols that is widely used on the internet. These encryption protocols are there to ....
Wednesday April 9, 2014 at 10:00am
Free ‘WiFI’ here! We see the signs everywhere from McDonalds to restaurants, hotels and airport departure lounges. With some people addicted to having internet access on their laptop, tablet or smartphone the lure of free wi-fi is all too tempting. With so much of our lives conducted on these devices a wi-fi or mobile data connection is by many seen as essential, to check email, keep up on social media or even for internet banking. Others will choose to connect to these free wi-fi ho....
Thursday March 27, 2014 at 11:54am
We read nowadays of many organisations appearing in the national papers for amazing instances of data loss. Often these are household names such as high street banks and major hospitals.I get quizzed by many owner managers as to the spectacular failures of data management and how such instances occur. All too often when investigative action has taken place, the cause is often a lack of awareness or understanding of information security protocols. And not necessarily a technical failure.When I ex....
Tuesday March 4, 2014 at 10:00am
When considering information security for your business don’t overlook the importance of physical security. If an intruder can gain physical access to your building or facility no set of technical, administrative or other controls can provide adequate protection. Physical controls are in fact your first layer of security, and people are your last.There are various elements that make up physical security, from security pass keys, to locked doors and gates. CCTV os one technical physical con....
Thursday February 20, 2014 at 10:00am
Barclays Bank Plc was the latest organisation to see their data security called into question. A few weeks ago revelations were splashed all over the papers, with the details of apparently 2,000 customers handed to the Mail on Sunday. The Mail claimed another 27,000 records were available. Some reports suggest Barclays allege that the data was stolen, others intimate that a lack of security arrangements created the problem.If big banks can lose large volumes of data, through either negligence, t....
Tuesday January 21, 2014 at 10:00am
At the start of a new year it’s a time to look ahead, to be optimistic about the future and maybe to do some planning. Whilst it might not naturally be top of your list, it’s also a really good opportunity to think about the issues of data security in your business. With the information commissioner spotting breaches daily, key customers and tender documents requiring proof of data security then many businesses are choosing to work towards ISO27001 compliance. You may not feel that a....
Thursday January 16, 2014 at 10:00am
Many organisations today rely heavily on outsourced functions to enable them to supply services or to make sure they run efficiently. Small businesses will often outsource their payroll systems for example; they might use a mailing house or marketing agency to send out newsletters and direct mail. Larger organisations will often outsource data processing functions or software development. There is nothing really new in this practice. But as organisations outsource more critical business processe....
Monday December 16, 2013 at 10:00am
With a global focus on data security it’s hardly surprising to see more and more businesses insisting that suppliers comply with rigorous information management controls. For many small businesses the request for completion of a data security questionnaire may seem an onerous task, but when it could mean the difference between winning (or keeping) a lucrative contract it’s one that has to be undertaken, and undertaken well. Having been practicing in compliance management systems for ....
Thursday December 5, 2013 at 10:00am
A “vulnerability” in the Microsoft’s operating system hit the headlines recently providing a useful reminder for all users of the Microsoft platform to check anti-virus and IT set up to minimise possible threats. The warning from Microsoft was that hackers might be able to exploit a “vulnerability” in its operating system to gain unauthorised access to affected PCs, laptops and servers. The attack arrives in the form of an email or web content which users are invite....
Tuesday November 5, 2013 at 10:00am
Wireless technologies have become more prevalent in recent years and it’s all too easy to hop onto a WiFi connection when you are out and about without really considering the dangers to your business. It’s very easy to forget the sensitivity of the information that you might be transmitting over these airwaves and who might be able to listen in.With a wireless network, computers connect to each other and network devices by transmitting data over the airwaves. You can do this via your....
Tuesday October 29, 2013 at 9:00am
At last the new information security standard - ISO27001: 2013 has been published in the UK by British Standards. This was a much awaited Standard, as the previous version, the 2005 model, was starting to show its age. So what has changed? The new Standard now has ten headings, with some more business focused issues such as; ‘Organizational Context and Stakeholders’, ‘Leadership’, ‘Resources’, ‘Communication and Awareness’ and ‘Objective Sett....
Wednesday October 2, 2013 at 10:00am
Biometrics and access controlFor anyone responsible for information security within an organisation access control is often the biggest headache. In formal, ISO standard terms, access control is the ability to permit or deny the use of an object (a passive entity, i.e: a system or file) by a subject (an active entity, i.e: a person or process). Traditionally passwords and personal IDs or passes have been used as security measures to prevent either access or use of premises or data by unauthorise....
Wednesday August 14, 2013 at 12:02pm
We read with amazement but little surprise more stories of major data breaches and loss within the public sector. Recently the Serious Fraud Office (SFO) announced on its website that it had lost 32,000 pieces of data pertaining to a major case review. Amazing the SFO had the temerity to praise itself – announcing that this data loss only amounted to a tiny percentage of the entire archive for this case. Yet the fact remains that they have lost this data - and cannot account for it.I found....
Tuesday July 30, 2013 at 10:00am
There’s one major problem with the internet enabled life we all live and that is we are not only connected to friends, colleagues and ‘the good guys’ online, we can also be connected, often unintentionally to ‘the bad guys’ too. Here are just a few of the pitfalls for the regular internet, email and web enabled software user.Spammers Don’t open unexpected emails from non-contacts. If an email brings news that seems too good to be true, then it probably is! If ....
Wednesday July 17, 2013 at 10:00am
We can all become complacent that our e-mail accounts are safe, and that we won’t be the ones to be ‘hacked’. But this is precisely what happened to me last week.An old business BT internet account that had been hardly used for several years got hacked by an individual with an apparent Australian domain. My account was taken over and spam e-mail sent to all my old addresses within this account - as if from me advertising some page on benefits claimants in the UK.It could have b....
Tuesday June 18, 2013 at 9:00am
Many SME’s rely heavily on their ‘e-commerce’ websites to drive their business models. Indeed traditional forms of sales and marketing can be ‘semi-redundant’ with today’s fast, on-line search functions and retrieval methods. In the digital age business continuity is all about having robust IT systems and secure online operations. However, SME’s appear to be somewhat behind the game in considering the ‘risks’ associated with their online acti....
Tuesday June 4, 2013 at 9:00am
The art of password cracking has advanced further in recent years than it has in the previous decades combined. At the same time the bad practice of password reuse has increased. According to figures 6.5 is the average number of passwords for a web user, despite maintaining an average of 25 separate accounts. Over 100 million real word passwords have been leaked over the past year. These leaks have enabled hackers to build-up ever increasing passwords tables. They can realise the techniques peop....
Tuesday April 30, 2013 at 9:52am
Security breaches US online deals website LivingSocial has been the target of hackers and user details have been comprised. They emailed all registered users with a message that explained the issues: “LivingSocial recently experienced a security breach on our computer systems that resulted in unauthorised access to some customer data from our servers. We are actively working with the authorities to investigate this issue. The information accessed includes names, email addresses, the date o....
Tuesday April 9, 2013 at 9:00am
Whether you run PCs or Apple Macs in your business you will want to ensure that your IT security is up to scratch. Follow these simple tips to avoid the most obvious pitfalls. Quick IT Security Tips If you don't understand a warning message, say no and consult your IT support. It's easier to go back and say yes if you need to than be sorry and have to rebuild your machine. Certificates: If you don't understand a website certificate message, say no and consult your IT support team. It is easier....
Tuesday February 12, 2013 at 9:00am
It is a constant battle of cat and mouse to stay safe and secure online. Most users are now aware of the dangers but there’s yet another security issue for us all to worry about. Anyone who roams with their laptop, uses hotspots or guest wireless networks needs to read the following. A while ago there was a Firefox (3rd party internet browser) extension that could easily hijack a strangers’ Facebook account sharing the same WiFi network, like a hotspot or guest wireless network. To q....
Tuesday January 29, 2013 at 9:00am
Nearly all organisations have to deal with employee contract terminations at some time, whether that’s through an agreed mutual parting of the ways, an end of a fixed term contract, because of redundancy or for disciplinary reasons. Most of the management focus in each case tends to be on human resources processes, legal procedures and the like, to ensure there is no breach of employment legislation.Good HR Managers will conduct exit interviews and record details of the employee’s ob....
Tuesday December 18, 2012 at 9:00am
Gone are the days when the word ‘password’ or code ‘0000’ provided adequate security for your online activities. But are you aware of the latest techniques that you should be using to keep you and your customer’s personal information safe and provide a secure environment for your business activities? My colleague Martin Giles provided these invaluable pointers to one of our Information Security Management clients and I thought they were worth sharing with our b....
Tuesday November 20, 2012 at 9:00am
Whilst recently working in the City of London with a Lloyd’s Broker one of their senior Directors alerted me to a real risk that many business owners are probably not even aware of. This Director with over thirty years’ experience within the City, advised that many organisations were now operating potentially with little or no cover - in respect of their ‘e-commerce’ or similar online activities. It was explained that standard insurance products are unlikely to pay o....
Tuesday September 4, 2012 at 10:00am
This guide is designed to cut through some of the misunderstanding that users and organisations have about email security. Email security involves the maintenance of the basic information security management ideas: Integrity - ensuring that your message has not had unauthorised alteration Confidentiality - ensuring that no unauthorised person (or process) has viewed the content Accountability - being able to prove who wrote the email Availability - ensuring that the email can be sent/receive....
Tuesday August 7, 2012 at 10:00am
Cyber crime seems to be constantly in the headlines what with M15 warnings of cyber attacks a few weeks ago and the Commons Select Committee report on intelligence and security suggesting we need to ramp up our active defence strategy, you might be forgiven for thinking that the challenges your business faces to fight cyber crime are insurmountable.  Not so. It seems GCHQ and the intelligence services believe that 80 per cent of all cyber threats are easily eliminated by everyone following ....
Tuesday July 24, 2012 at 10:00am
The Information Commissioner’s Office has published a new PDF document entitled A Practical Guide to IT Security. Although the ICO has produced a variety of these helpful publications, this is a timely ‘aide memoire’ for SME’s throughout the UK, who need to start taking IT security and information security management more seriously.  The Data Protection Act 1998 under the 7th Principle requires that ‘appropriate technical and organisational measures shall ....
Thursday July 5, 2012 at 7:11pm
It was reported recently that UK businesses are facing ‘astonishing’ levels of cyber-attack. In a speech, Jonathan Evans of intelligence agency MI5 warned that internet vulnerabilities are being exploited by criminals with the attacks representing a threat to the integrity of any information held by an organisation.Companies are reporting higher numbers of attacks on their systems over the past three years and the vast majority of companies believe the number of cyber attacks will in....
Tuesday July 3, 2012 at 2:31pm
Vetting of new staff within many smaller to medium sized businesses is often seen as unimportant and unnecessary. The clarion cry all too often goes ‘we know this guy or girl – no problem’.I recently visited a company within the print industry where they had just appointed a Production Director. This individual had come from a major PLC and the MD of the company in question was delighted to have him on board. However, when I arrived this Director’s desk had been recently ....
Monday June 11, 2012 at 11:48am
Businesses across the UK are being called upon to consider how they handle information in a secure and legally acceptable way. When you read about Government departments ‘losing’ personal records (Fresh data loss embarrassment for Govt) and learn about a rogue employees at Virgin Atlantic leaking details to the paparazzi of celebrity travel plans (Virgin Atlantic investigates celebrity flights leak) it’s easy to see what can happen when information is not securely handled.As da....

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here