If your organisation is subject to the GDPR (General Data Protection Regulation), you must create and distribute a privacy notice.  This document ensures that individuals are aware of the way their personal data is processed, helping them understand what data is being collected, why and how it’s being used, and how …

Last month, the European Commission adopted new recommendations to help organisations transfer personal data across the world with greater security. Notably, organisations are now encouraged to incorporate risk-based assessments for personal data transfers that are centred on real-world experience rather …

Throughout the pandemic, cyber criminals have been exploiting people’s uncertainty to conduct a variety of attacks, and although we are (hopefully) reaching the end of this turmoil, attackers remain as prolific as ever. That was demonstrated again this month when …

“How can we avoid cyber attacks?” That’s the question every organisation is asking as the threat of cyber crime continues to spiral. It’s easy to point to solutions like anti-malware software or encrypting sensitive information, but as we explain in …

Organisations that accept card payments are responsible for the security of customers’ payment information and must comply with the PCI DSS (Payment Card Industry Data Security Standard). The PCI DSS is a set of requirements that helps organisations protect payment card …

Earlier this month, Apache Pizza confirmed that it had suffered a data breach affecting customers’ names, addresses, contact details and encrypted passwords. In some cases, people’s passwords were also breached. The incident sparked concerns that the attackers would use the …

Those getting started in the information security industry might be wondering why experts are telling them to implement an ISMS. We’re here to explain. An ISMS (information security management system) is essential for any organisation that’s serious about security. It’s …