Halkyn Security Blog
Specialist Security & Risk Management Consultants

Posts by Taz Wake - Halkyn Security

Phishing attacks continue to evolve and spread malware

Phishing Email - note the detail attempting to give it an air of legitimacy.

As most internet users know, phishing attacks are very common. The term itself dates back to 1995 (e.g. AOHell) and social engineering (which is basically what phishing is) goes back as long as we have had societies. At a basic level, phishing is an attempt by a malicious party to get the recipient (victim) to […]

Read More

Staysure security breach leads to ICO Fine

Staysure insurance fined for failing to have any security policies.

The Information Commissioner’s Office announced on 24 Feb 2015 that it had levied a monetary penalty of £175,000 against the holiday insurance company Staysure. The fine came about as a result of Staysure suffering a security breach on their website which exposed more than 100,000 customer records and led to more than 5,000 customers having their credit […]

Read More

Retail security in an online world

Retail security threats - triangulation attack workflow.

The internet has been changing the world for decades now, and nowhere has this been more obvious than the retail sector. Internet access has opened up new markets, invented new businesses and allowed retailers to grow in ways never before imagined. However, along with this growth, the internet has also shown that retail security needs […]

Read More

Retail security, business protection, loss reduction

The retail sector remains vulnerable to cyber attacks

Retail security is in the news again as the British Retail Consortium (BRC) report that crime in this sector has reached a 10 year high. This reporting appears to indicate crime accounts for almost 0.2% of the total sector turnover. As reported by the BBC this includes the possibly obvious activities such as shoplifting, but […]

Read More

Data protection needs good physical security

Data protection needs good physical security

Data protection is frequently in the news as organisations more become aware of just how important it is to their business. Unfortunately all too often data protection measures focus on the technical aspects, overlooking the basic need for good physical security controls. Technical controls, such as encryption & access management are important for data protection […]

Read More

December DPA Breach Fines

Payday loan companies need to be aware of the DPA and PECR.

The run up to Christmas 2013 has shown that the Information Commissioners Office is still busy fining organisations and individuals for breaches of the Data Protection Act (DPA). In December two new civil monetary penalties were issued with a total of over £175,000. Both cases highlighted the value of being proactive and implementing good security […]

Read More

Business continuity – 5 things to consider this winter

Snow can disrupt your business.

In the northern hemisphere at least, winter is now upon us and this is time for all business owners to think about how well their business can cope if the weather turns bad. In the UK, we have had a succession of very bad winters and all size of organisations have suffered. In 2009, the […]

Read More

Twitter – Possible social engineering attack

Twitter - email headers

This evening I managed to end up getting my personal twitter account hijacked and malicious users were able to send out direct messages before I got at least some element of control back. First off, I want to apologise to anyone who got a strange DM from me, telling them to click on a suspicious […]

Read More

Physical Security – It still matters

Good physical security protects your information.

When it comes to security, there is an unfortunate tendency for organisations (large and small) to fall into the trap of treating their physical security as something separate or different from their information security needs. Despite physical security having a place in every international security standard (such as ISO 27001), ownership of physical risks often […]

Read More

Sensitive data should not go by fax!

Fax Machines - out of date and insecure

You may want to check your calendars again. Even though we are now well into the 21st century, it seems that some organisations are still sending sensitive data by fax machine – and not just the NHS (who were fined £55,000 for the inevitable breach). It seems banks, who really should know better, cant help […]

Read More

NHS Trust fined £200,000 following data disposal errors

NHS & Healthcare Security - Sensitive data needs proper protection.

Although it has a well structured, well run and reasonably well resourced security management service, the NHS still seems to struggle with some aspects of compliance with the Data Protection Act. As a result, another NHS trust has fallen foul of the Information Commissioner’s Office (ICO) and fined a significant amount of money. Based on […]

Read More

Governance failure costs £45,000

Telesales can be effective at promoting your business but you need good governance in place to make it work for you.

A breakdown of internal governance processes has led to the Information Commissioner’s Office (ICO) issuing a civil monetary penalty (fine) on Tameside Energy Services Ltd, a Manchester based company claiming to offer a range of energy improvements and making heavy use of cold-call sales tactics. Showing a growing tendency to fine private companies, the ICO reported […]

Read More

Passwords are not bad, just dont trust vendors

Passwords are not bad, just dont trust vendors

Passwords are in the news again, with yet another headline crying out for the death of the password and claiming that everyone should move to two factor authentication (2FA) for all their online activities. As with all these claims, it is worth looking at them in greater detail before we give up on of the […]

Read More

Security awareness training – value or not?

Security awareness training – value or not?

Last month (27 March), the security and cryptography expert Bruce Schneier posted an article on his blog about Security Awareness Training. Now, it should go without saying that Bruce Schneier is one of the leading lights in the IT Security world, he has written several very informative books which would always top our suggestions for […]

Read More

Pre-employment Security Screening – Reducing the workforce risk

pre-employment screening

It can be hard for a business to bring in new workers. The trusted insider poses a unique threat to any organisation – not only can the insider do you considerable harm but, for your business to function, you have to be able to trust your employees and let them get on with their job. […]

Read More

Recent Tweets Recent Tweets