Data breaches can result in dire financial repercussions for any organisation that has to deal with sensitive data, whether that be personally identifiable information (PII), personal health information (PHI), payment details, or other similar data. Depending on the number of records compromised, the costs range anywhere from tens of thousands to hundreds of millions of dollars.

The latest Ponemon study, sponsored by IBM and released in July 2018, calculates the full cost of “mega breaches” (involving more than 1 million lost records) to be $350 million. This figure takes into account the more evident cyber incident expenses such as those for technical investigation, customer breach notification and credit monitoring, regulatory fines and litigation services, among many others. The organisation would also have to cover the cost of investing additional resources into network security improvements.

In this blog, we’ve covered many of the ins and outs of BYOD (bring your own device), including the pros and cons. In reality, much of the discussion is no longer about whether employees should be allowed to connect to company networks with their own devices, BYOD is simply becoming the standard way of operating.

A study published in 2016 suggested that 59% of businesses allow BYOD, and things have certainly moved along in the intervening years. The only remaining point of discussion is BYOD cybersecurity. In this post, we give you eight top tips to help ensure BYOD does not pose a threat to your business.

With the onset of new technologies, most organisations have come to rely heavily on their IT practices and systems to ensure that operations are carried out with utmost efficiency. But how do corporate executives and business owners know that their IT system is effectively contributing to the company's business objectives?

The careful consideration given to the acquisition of software assets or the upgrade of IT infrastructure is justified. However, less attention is devoted to evaluating if these investments are actually providing a positive return for the company. Perhaps more important than ascertaining whether IT resources are properly leveraged, is to ensure that the enterprise's IT systems are reliable and secure enough to maintain the integrity of the company's data and information assets. 

It is easy to follow the mistaken belief that beefing up security at your business involves buying expensive hardware and software or hiring a top-rated security consultant to step in and make major changes. In fact, it is possible to make solid security progress by simply following good practice, and by tightening protection where needed.

Making these essential improvements is important for businesses of all sizes. In 2016, the Federation of Small Businesses found that the UK’s small businesses are collectively attacked over 7 million times a year, costing up to £5.26 billion. In this article, we cover some of the most effective ways to improve resilience against these attacks without spending an arm and a leg.

The challenges of actively managing information security are growing, and every business, regardless of size, should pro-actively protect their systems and the data held within. But how do customers know that your information security practices are fit for purpose?

Even the best intentions do not guarantee sound security practices for businesses. The only way for customers to judge the internal processes of your business is by checking for accreditation such as ISO 27001. In fact, 71% of respondents to a 2016 survey by IT Governance Ltd said that they had fielded a question about ISO 27001 accreditation.

DDoS attacks are typically designed to inundate servers and entire networks by consuming computing resources through large volumes of traffic, connections, or requests. And so, because cloud infrastructures are assumed to be backed by a large assemblage of such resources, many people believe their servers are less susceptible to these types of attacks if they’re hosted in the cloud. But that’s not entirely true.

If your servers are hosted in a multitenant environment along with a bunch of other servers belonging to other organisations (which is usually the case in a public cloud), your servers could be at risk of collateral damage. If those other servers (note: not yours) are bombarded by a DDoS attack and your cloud service provider (CSP) attempts to absorb the attack, your own servers, which share the same underlying infrastructure with those other servers, could also suffer.

Love it or hate it, IT departments cannot prevent users from engaging with Wi-Fi networks; the convenience factor is simply too high. The IT security risks are real, however, whether your users are roaming – or using Wi-Fi where you have some control over internet security, such as the office space. It is also an evolving threat, with the gold standard of Wi-Fi security, WPA2, losing its shine. In this article, we discuss the next generation of Wi-Fi security, WPA3, and the measures you should currently be taking to boost your company’s Wi-Fi security.

With the losses associated to cybercrime expected to hit around $6 trillion by 2021, security has become a top priority of many businesses. These companies diligently implement compliance initiatives in hopes that they can ensure security within their organisations. But here’s the thing: achieving compliance doesn’t necessarily mean that your business is fundamentally secure.

Last year, Verizon published a report that revealed a major eye-opener regarding compliance. According to that report, 45% of PCI DSS certified customers needed remediation. Meaning that these businesses still needed to improve their security controls in order to be considered secure as per PCI DSS.

It’s important to note that these businesses actually already passed a previous compliance audit. In fact, they were certified to be fully PCI DSS compliant. In other words, they had already spent a considerable amount of time, attention, and money establishing IT security controls that met PCI DSS requirements.

The cyber threat landscape continues to evolve and in order to maximise your cyber security budgets and position resources where they are most needed, you need to know what threats are most likely to make an impact in the near future. To help you, we’ve put together a list of what we believe are going to be the top 4 cyber threats in the UK. 

Let’s say you’ve already invested a fortune on network security. How do you determine that investment’s effectiveness in preventing a data leak or withstanding a deliberate cyber attack? Your best option would be to conduct a penetration test or pen test.