Author: Luke Irwin

Organisations that adopted hybrid working during the pandemic have had to adjust many policies and processes, but one that they may have overlooked is their CIR (cyber incident response) plan. Before the pandemic, you could safely assume that most employees were based in the office and therefore a controlled environments. That made planning for disruptions comparatively straightforward: you knew where everyone was located, you had complete visibility over your threat landscape and you could communicate with everyone directly. But hybrid working complicates that. Although it comes with huge logistical and financial benefits – plus it makes employees happier – it

The post How to create a cyber incident response plan when you have a hybrid workforce appeared first on IT Governance UK Blog.

Cyber security is becoming an expensive endeavour for organisations – and in many cases, the costs are so high that they can’t deal with threats appropriately. In fact, a Kaspersky report has found that only half of organisations have a dedicated IT security team, and only one in five has the tools to monitor and respond to cyber security incidents. This is despite increased data protection requirements, with the introduction of the likes of the GDPR (General Data Protection Regulation), and a growing number of cyber attacks, many of which have sparked high-profile debates about the importance of an effective

The post How to manage the growing costs of cyber security appeared first on IT Governance UK Blog.

When employees were asked to work from home at the start of the COVID-19 pandemic, some people struggled to adapt. Isolated from colleagues and lacking the structure of office life, it felt like it would be a long, tiring wait until working life returned to normal. But in the year and a half since, we have come to accept that remote working is here to stay – although perhaps not quite as prescriptively as before. A report published by Microsoft Surface and YouGov found that 87% of organisations have adopted hybrid working, in which employees divide their work time between

The post The compliance challenges of hybrid working appeared first on IT Governance UK Blog.

Cloud computing has become an integral part of business, providing affordable and flexible options for organisations as they grow. But as Cloud services become more popular, they become increasingly lucrative targets for cyber criminals. If they’re not properly managed, they create a raft of vulnerabilities that can be exploited to great effect. This is particularly the case for MSPs (managed service providers), which often work with dozens, if not hundreds, of organisations. As a result, a single vulnerability could have far-reaching consequences. According to one report, a cyber attack on an MSP could result in $80 million (about £58 million)

The post Why MSPs must prioritise Cloud security appeared first on IT Governance UK Blog.

When it comes to the ideal post-pandemic work environment, employers and employees and have very different ideas. According to a Microsoft study, 73% of workers want to keep the flexible work arrangements created in response to COVID-19, and 67% want a return to in-person collaboration. The overlap in these figures suggests that there isn’t a clear divide between those who want to stay at home and those that want a return to the office. Rather, many people want a hybrid working option that gives them the benefits of both set ups. Depending on how hybrid working is implemented, this could

The post What are the cyber security challenges of hybrid working? appeared first on IT Governance UK Blog.

Who will you call when your organisation has been compromised? Having a cyber incident response team ready to go can save your organisation from disaster. There’s no escaping the threat of cyber security incidents. Criminals are constantly poised to exploit vulnerabilities, and employees use complex IT systems where mistakes are bound to happen. Investing in cyber defences can reduce those risks, but organisations need to be ready for threats they can’t prevent. A CIR (cyber incident response) plan does just that, outlining strategies for identifying and responding to security breaches. An effective plan can quickly stop disruption from turning into

The post How to build a cyber security incident response team (CSIRT) appeared first on IT Governance UK Blog.

As organisations prepare for what life looks like in a post-pandemic world, one of the many issues they’ll have to address is IT security for home workers. A remote workforce comes with myriad dangers, with employees relying on their home networks – and sometimes their own devices – to complete tasks. And you better hope they have technical skills, because should they experience any technical issues, there’s only so much your IT team can do to help. According to the Velocity Smart Technology Market Research Report 2021, 70% of remote workers said they had experienced IT problems during the pandemic,

The post The cyber security risks of working from home appeared first on IT Governance UK Blog.

Too often, organisations fall into the trap of thinking that cyber security is only about preventing data breaches. Their budget is dedicated to anti-malware software, firewalls, staff awareness training and a host of other tools designed to prevent sensitive information falling into the wrong people’s hands. But what happens when those defences fail? It’s a question all organisations must ask themselves, because even the most resilient systems can be compromised. You can’t assume that an employee who has taken a training course will never make a mistake, or that a trusted third party won’t have a misconfigured database. Data breaches

The post Would you know if your organisation had suffered a data breach? appeared first on IT Governance UK Blog.

The UK data protection landscape is a lot more complex following Brexit. Many organisations are now subject to both the EU GDPR (General Data Protection Regulation) and the UK GDPR (General Data Protection). The UK version was born out of the EU GDPR, so you might think that there are only cosmetic differences and that minor actions are required to adjust your documentation and compliance practices. Unfortunately, it’s not that straightforward. If you haven’t done so already, you must ensure that your data protection policies and procedures account for both sets of requirements. In this blog, we look at some

The post Updating your data protection documentation following Brexit appeared first on IT Governance UK Blog.

If you’re a small business owner, cyber security might seem impossibly complicated and filled with endless pitfalls. There’s indeed a lot at stake – with ineffective security measures potentially threatening your productivity, your bank accounts, and your employees’ and third parties’ personal data. But fortunately, the path to effective security needn’t be difficult. In this blog, we explain you need to know about cyber security for small businesses. Why cyber security presents unique risks for SMEs The difficulties that small businesses face when addressing cyber risks can be separated into financial costs of the incident itself and the costs involved

The post Small business cyber security: the ultimate guide appeared first on IT Governance UK Blog.

If your marketing agency is under the impression that cyber security is strictly an IT issue, you should think again. Effective security is a company-wide commitment, and marketers play one of the most crucial roles. Consider how much personal data you collect; if that information is lost or stolen, it will severely damage your customer relationships. In fact, a Ping Identity survey found that 78% of people would stop using an organisation’s online services if it had experienced a breach. So, what should marketing agencies do to reduce the risk of cyber attacks and protect their reputation? Here are our

The post A guide to cyber security for marketing agencies appeared first on IT Governance UK Blog.

Denial-of-service (DoS) attacks are intended to shut down or severely disrupt an organisation’s systems. Unlike most cyber attacks, the goal isn’t to steal sensitive information but to frustrate the victim by knocking their website offline. The criminal hacker therefore doesn’t profit from the attack, but the loss of service can cost the victim up to £35,000. Why would an attacker be interested in doing this? Typically, it’s because they hold a grudge against the target – many DoS attacks are politically motivated – although some attacks are used to distract the victim as the attacker launches a more sophisticated attack

The post What is a DoS (denial-of-service) attack? appeared first on IT Governance UK Blog.

If there’s one certainty about cyber crime, it’s that criminals are always looking to acquire sensitive data. Whether you’re a small e-tailer with a handful of employees or a multinational, you must take steps to protect the valuable information you collect. In that regard, e-commerce is no different to a physical store that has CCTV cameras to monitor theft and security guards to catch shoplifters. But what is the cyber security equivalent, and what are the threats you need to look out for? We explain everything you need to know in this blog. What are the threats to e-commerce businesses?

The post A guide to cyber security for e-commerce businesses appeared first on IT Governance UK Blog.

No matter what size your organisation is, it will suffer a cyber attack sooner or later. There are simply too many malicious actors and too many vulnerabilities for you to identify. Unfortunately, SMEs often fall into the trap of believing that they are too small to be on cyber criminals’ radars. Why would they even think to target you? But criminal hackers target vulnerabilities rather than specific organisations. They look for weaknesses – whether it’s a flaw in a piece of software or an unprotected database containing sensitive information – and leverage it in whatever way they can. That’s why

The post Cyber security statistics for small organisations appeared first on IT Governance UK Blog.