Halkyn Security Blog
Specialist Security & Risk Management Consultants

Posts in category Security Education and Awareness

North Wales Cyber Security Cluster – April 2016 Meeting

Cyber Security Cluster - April 2016

The North Wales Cyber Security Cluster is meeting on 21 April at Solvings Ltd, in Mold, Flintshire. Solvings provide a great location and the cluster is a wonderful opportunity to learn about cyber security. Access to cluster meetings is free and everyone is welcome. No prior knowledge is needed. There really are no stupid questions! Clusters […]

Read More

Business continuity – 5 things to consider this winter

Snow can disrupt your business.

In the northern hemisphere at least, winter is now upon us and this is time for all business owners to think about how well their business can cope if the weather turns bad. In the UK, we have had a succession of very bad winters and all size of organisations have suffered. In 2009, the […]

Read More

Security awareness training – value or not?

Security awareness training – value or not?

Last month (27 March), the security and cryptography expert Bruce Schneier posted an article on his blog about Security Awareness Training. Now, it should go without saying that Bruce Schneier is one of the leading lights in the IT Security world, he has written several very informative books which would always top our suggestions for […]

Read More

Office security checklist – Updated

Office security checklist – Updated

As part of our ongoing drive towards improving your security, We have updated our office security checklist to make it easier to use and clearer to follow. The 2013 version of the security checklist is now available to download. The idea behind the document remains the same: this is something you can print off and […]

Read More

Information Commissioner’s Office launch IT Security Guide for Small Businesses

Information Commissioner’s Office launch IT Security Guide for Small Businesses

Today the Information Commissioner’s Office (ICO) announced it had produced “A practical guide to IT Security” with the subheading that this is “Ideal for the small business.” At the time of writing, the ICO press release announcing the IT Security guide appears to be having trouble (what looks like an infinite redirect loop is in […]

Read More

Security Awareness Training – One of the few good security metrics

Security Awareness Training – One of the few good security metrics

Recently we discussed both the value and problems around developing security metrics as part of your organisations overall management strategy. One of the best metrics you can generate revolves around security training and staff awareness. It vastly outweighs the value of measuring additional activities like patching within 30 days or updating AV data bases. Properly […]

Read More

Personal Email + Work Activity = High Risk Situation

Personal Email + Work Activity = High Risk Situation

Almost everyone has a personal email address, to the point where you are probably more shocked to discover someone who doesnt rather than a person who has several. In recent years, as the internet has become more embedded in our daily life this has exploded and people now access their email on their phone, tablets, […]

Read More

Protecting your employees, executives and family

Protecting your employees, executives and family

Business are often excellent at cataloguing the importance and value of the physical assets they hold – such as product stock, machinery, company cars etc. Most are even quite good at identifying and valuing their intellectual assets – things like contact lists, patented processes and so on. Where almost every business falls down is realising the importance and value […]

Read More

Health worker breaches Data Protection Act, gets £1500 fine

Health worker breaches Data Protection Act, gets £1500 fine

Breaches of the Data Protection Act, almost commonplace in 2011, continue into the new year of 2012. As has often been the case, the incident reported this week has been another breach involving a health care worker gaining access to records on the centralised systems. Recently it was reported that the Information Commissioner was going […]

Read More

How do you measure the value of security?

How do you measure the value of security?

For lots of people and businesses of all sizes, security is viewed as something which is an unfortunate cost that simply has to be tolerated. In effect, this gives rise to a tendency to see it as burdensome and a “spend of last resort.” Sadly, few businesses will look to invest in their security and, […]

Read More

Security Policy – Essential first step

Security Policy – Essential first step

Security is important. Security underpins pretty much every activity you are engaged in – be it at work or at home. From a business perspective, security can be the difference between winning new contracts, keeping existing customers and simply making a profit. Despite this, there are still a large number of organisations that miss out […]

Read More

Testing for Insecure Passwords

Testing for Insecure Passwords

Despite recent popular opinion and some well publicised hacks involving them, passwords are not intrinsically weak. When used properly, they are a perfectly good, single factor, method of authentication. The important part of that phrase is “when used properly” and experience shows that the overwhelming majority of password compromises are as a result of users making poor […]

Read More

Public Key Encryption with GnuPG

Public Key Encryption with GnuPG

One of the most overlooked risks of using the internet is the fact that most of the time your data is as private as the writing on the back of a postcard. If someone wants to, and the data passes through their “hands” then they can read everything you have sent. A lot of the […]

Read More

Passwords and IT Security

Passwords and IT Security

Passwords are frequently thought of as an “outdated” method of security and numerous product vendors will tell you how they offer a much better solution that kind of works like magic. This is rarely the case and for 99% of applications, properly used passwords provide you with a perfectly suitable method of authenticating a user […]

Read More

Paypal Phishing Attacks

Paypal Phishing Attacks

Phishing is an on-going threat to most businesses and home users. It is safe to assume that there will be a constant stream of phishing emails sent to pretty much any email address imaginable. As a result of this, it is crucially important that you educate your staff and your family about what to look […]

Read More

Recent Tweets Recent Tweets