Halkyn Security Blog
Specialist Security & Risk Management Consultants

Posts tagged Information Security

Encryption – it is your responsibility

Encryption – it is your responsibility

Encryption is important. This has always been well known, and with the recent revelations about PRISM and related Government monitoring of communications, people have become understandably more interested in the topic. However, keep in mind the fact that doing encryption wrong is worse than not doing it. In recent years it has become more and […]

Read More

Sensitive data should not go by fax!

Fax Machines - out of date and insecure

You may want to check your calendars again. Even though we are now well into the 21st century, it seems that some organisations are still sending sensitive data by fax machine – and not just the NHS (who were fined £55,000 for the inevitable breach). It seems banks, who really should know better, cant help […]

Read More

Fax machines – not suitable for sensitive data

Fax Machines - out of date and insecure

It seems some technologies are hard to get rid of and it seems that people are still using fax machines to send data despite them being slow, cumbersome, unreliable and, most importantly, insecure. As it is 2013, it should go without saying that fax machines are not an appropriate mechanism to send anything sensitive and […]

Read More

Lack of Laptop Encryption costs City Council £150,000

The Information Commissioner’s Office (ICO) has announced today that it has fined Glasgow City Council £150,000 following the loss of two laptops because neither had any encryption software applied. The fine follows an incident where two laptops were stolen from Council offices during refurbishment. To complicate matters, the Council had already been made aware of […]

Read More

Passwords are not bad, just dont trust vendors

Passwords are not bad, just dont trust vendors

Passwords are in the news again, with yet another headline crying out for the death of the password and claiming that everyone should move to two factor authentication (2FA) for all their online activities. As with all these claims, it is worth looking at them in greater detail before we give up on of the […]

Read More

4 steps for schools to improve their information security

4 steps for schools to improve their information security
Read More

Another lack of encryption leads to a Data Protection Act Fine

NHS & Healthcare Security - Sensitive data needs proper protection.

On Friday, 15 Feb 13, the Information Commissioner’s Office (ICO) announced that the UK Nursing and Midwifery Council (NMC) had been fined £150,000 for a breach of the data protection act. (It is worth bearing in mind that the NMC has recently raised the registration fees for Nurses to £100 per year) It seems that […]

Read More

Mandatory Reporting of Data Security Breaches

It has been announced that the European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, is looking to bring in mandatory reporting of information security breaches, at least within some industry sectors. In an interesting press release titled “EU Cybersecurity plan to protect open internet and online freedom […]

Read More

Cash in Transit – Still a security risk

Cash in Transit – Still a security risk

In the news today there was a report about a cash delivery being attacked in Brentwood, London, which involved three masked attackers stunning the security guard with a Taser and trying to get access to the cash being delivered. (As reported here) Robberies like this have been quite rare recently, down to a combination of […]

Read More

ICO fines text spammers nearly £500,000

ICO fines text spammers nearly £500,000

Last week the ICO reported that the directors of a company heavily engaged in spam texting (sending unsolicited commercial messages to people via their mobile / cellular phone) have been fined significant sums of money – this is the first action from the ICO using new powers granted in January 2012. This was an investigation […]

Read More

Bad Security – Taking Risks and Not Realising It

Bad Security – Taking Risks and Not Realising It

Another fine has been issued by the Information Commissioner’s Office (ICO) and, again, it is the result of something that could easily have been prevented if a bit of time and money had been spent in advance. On Thursday, 22 Nov 12, the ICO reported levying a £60,000 Civil Monetary Penalty (fine) on Plymouth City […]

Read More

Security is the cheaper option – stop avoiding it.

Security is the cheaper option – stop avoiding it.

Another Data Protection Act fine (civil monetary penalty) was announced yesterday (25 Oct 12), and again it is largely the result of risk management mistakes meaning that a cheap preventative measure was ignored and, instead, a fairly hefty fine has been paid. The fine came as a result of a solicitor acting on behalf of […]

Read More

ICO claims private sector leads the way on Data Protection Act compliance

ICO claims private sector leads the way on Data Protection Act compliance

Interestingly, a report from the ICO published yesterday has stated that the private sector appears to be more compliant with the requirements of the Data Protection Act than public sector bodies. The ICO press release reports the findings of a series of audits the Office has carried out between Feb 2010 and Jul 2012, on both […]

Read More

Secure Data Disposal – not really…

Secure Data Disposal – not really…

Continuing the unfortunate trend of public sector organisations falling foul of the Data Protection Act, we have another example of the ICO levying a large fine on a council. Today the UK Information Commissioner’s Office (ICO) announced that the Scottish Borders Council has been fined £250,000 for allowing the improper disposal of personal data. As […]

Read More

NHS Security Breaches Continue

NHS Security Breaches Continue

Given the level of fines (“Civil Monetary Penalties”) the Information Commissioner’s Office levied against the NHS in June, you would be forgiven in thinking that the Health Service would have exerted considerable effort to preventing any further fines. However, this doesnt seem to be the case. Since we last discussed this, the NHS has been […]

Read More

Recent Tweets Recent Tweets