Specialist Security & Risk Management Consultants

Retail security in an online world

Retail security threats - triangulation attack workflow.

The internet has been changing the world for decades now, and nowhere has this been more obvious than the retail sector. Internet access has opened up new markets, invented new businesses and allowed retailers to grow in ways never before imagined. However, along with this growth, the internet has also shown that retail security needs […]

ISO27001 Self Assessment Checklist hits record downloads

ISO27001 Self Assessment Checklist - Screenshot

The ever popular ISO27001 self assessment checklist is now being downloaded at around 1000 times a month. Since we published it in October 2013, there have been over 13000 copies downloaded and we have provided unprotected versions to over 900 different organisations and individuals. Hopefully this is a sign that security is being taken seriously […]

Retail security, business protection, loss reduction

The retail sector remains vulnerable to cyber attacks

Retail security is in the news again as the British Retail Consortium (BRC) report that crime in this sector has reached a 10 year high. This reporting appears to indicate crime accounts for almost 0.2% of the total sector turnover. As reported by the BBC this includes the possibly obvious activities such as shoplifting, but […]

Insider Threat – Apple Employee Jailed and Fined

Crime can result in jail for insiders

The insider threat is in the news again. On 8 December it was reported that ex-Apple employee, Paul Devine, had been sentenced to jail and a fine following a guilty plea on counts of wire fraud and money laundering . From the news reporting, this trusted insider was involved in providing Apple suppliers with confidential information […]

Employee Security – High risk terminations

Employee security: Layoffs are high risk situations.

Employee security really does matter. Your employees are the lifeblood of every organisation. You put a lot of effort into hiring new staff, you train them, you nurture them and in return you get a massive amount of value. However, like it nor not, there will come a point in time when even your best […]

Prison Service in NI Warned over Data Breach

Prison Service warned over data breach

The prison service in Northern Ireland has been warned by the ICO over another data breach. The ICO press release is available online: http://ico.org.uk/news/latest_news/2014/prison-service-warned-after-maze-records-sold-at-auction-18062014 This incident relates to the Prison Service auctioning off a cabinet containing records from the Maze prison. Interestingly, this breach took place in 2004, when the Northern Ireland Office was responsible, but nothing […]

Truecrypt encryption software still available for download

Truecrypt encryption software still available for download

It seems that Truecrypt is too popular a tool for people to give up on it and version 7.1a is still available for download. A website has sprung up at truecrypt.ch offering downloads of Truecrypt binaries and source code. The download site appears to have been set up by a Swiss national and provides links […]

Truecrypt encryption software ceases production

Without Truecrypt, selecting encryption software is a lot harder.

On 28 May 2014, the developers of the reasonably infamous encryption software Truecrypt apparently announced that the program was over and that the risk of security weaknesses meant people should stop using it. Since this announcement, the Truecrypt website at http://truecrypt.org now redirects to the Sourceforce page (http://truecrypt.sourceforge.net/) which reports that development ended in “5/2014″ following Microsoft […]

Physical security is important for data protection

Physical Security Assessment Form - Free Download

Physical security has always been a cornerstone of any Information Security program. As a topic, it is covered by every major security standard. Most have entire sections dedicated to physical security: ISO27001:2013 has A.11 “Physical and Environmental Controls“ The SoGP has CF3.3 “Sensitive Physical Information” and CF19 “Physical and Environmental Security” PCI-DSS Requirement 9 mandates […]

DPA Registration is important if you want to avoid a fine

DPA - follow the law or risk a fine

Here in the UK, the Data Protection Act (DPA) has been law for 14 years now (the act is dated 1998 and commenced in 2000). Despite this, there are some organisations who are not aware of their obligations to comply, even when it is clear they are handling data which would be protected under the […]

Security logs can save your systems and data

Security logs aren't interesting but they are very important.

It goes without saying that security logs are not the most interesting of topics. They are often viewed as a necessary evil, and in some instances they are even minimised to prevent storage or bandwidth issues. Both of these approaches are wrong. Boring or not, security logs are one of, if not the, the most […]

City of London Police – update

Mounted Officer - City of London Police. Photo by William Warby (http://www.flickr.com/photos/wwarby/)

As part of the cross-sector safety and security communications plan, the City of London police have announced today some significant changes being made to reinforce the ring of steel around the Square Mile. City of London Police: Ring of steel just got tougher New tactics, new tools and new technology will be launched in February […]

Data protection needs good physical security

Data protection needs good physical security

Data protection is frequently in the news as organisations more become aware of just how important it is to their business. Unfortunately all too often data protection measures focus on the technical aspects, overlooking the basic need for good physical security controls. Technical controls, such as encryption & access management are important for data protection […]

127.0.0.1 redirect causing wordpress connectivity problems.

Wordpress Redirecting to 127.0.0.1 on login

There seems to be a problem with either WordPress or one of its plugins that is redirecting the login script to a non-existent listener on local host (127.0.0.1). At the moment we have implemented a work-around, but any contributors may have difficulty logging in. A quick google search shows that this is happening to other […]

December DPA Breach Fines

Payday loan companies need to be aware of the DPA and PECR.

The run up to Christmas 2013 has shown that the Information Commissioners Office is still busy fining organisations and individuals for breaches of the Data Protection Act (DPA). In December two new civil monetary penalties were issued with a total of over £175,000. Both cases highlighted the value of being proactive and implementing good security […]

Recent Tweets Recent Tweets