Archive for August, 2017

Separation of duties (SoD) – also referred to as “Segregation of duties” – is a critical, yet often overlooked area of IT security. Essentially, the purpose of SoD is to help organisations protect themselves from fraudulent behaviour by ensuring that no single individual can act alone to subvert a critical process for their own personal gain. SoD is an area that comes under close scrutiny during compliance reviews, and will … Read more

The UK Government has announced a new data protection bill that is designed replace the forthcoming EU GDPR. The bill is essentially an update to the existing Data Protection Act (DPA), that was introduced in 1998. Why has the Government decided to make these changes? As of the 25th of May, 2018, the EU General Data Protection Regulation (GDPR) will come into effect, which sets out to “harmonize data privacy … Read more

SIEM (Security Information & Event Management) software is designed to assist organisations in detecting and reporting suspicious activity within their environment. SIEM solutions aggregate data in real-time from multiple sources within an IT environment and present the information via a single dashboard. SIEM solutions are useful; however, they also have many drawbacks. SIEM solutions can be complex Collecting the data and organising it into anything that you can derive real … Read more

According to data obtained by the BBC, “NHS hospital trusts in England reported 55 cyber-attacks in 2016” – 16 more attacks than in 2015. However, NHS Digital claims that this number doesn’t represent an increase in the actual number of attacks, but an increase in the number of reported attacks. Despite this claim, the information that came to the surface following the recent WannaCry attack gave us a clear indication … Read more

Understandably, organisations are feeling a growing sense of unease about forthcoming General Data Protection Regulation (GDPR). It introduces a number of important changes to the current Data Protection Directive (DPD), such as increased territorial scope, stricter consent laws, hefty fines, breach notifications, enhanced data subject rights and specific design requirements that focus on data privacy. Additionally, many organisations will be required to appoint a Data Protection Officer (DPO) to oversee … Read more

Audit changes to Group Policy to stay secure and provide continuity of IT services. Group Policy is a critical component of Windows Server Active Directory (AD). It can be used to manage the user and system configuration of servers and end-user devices, including registry settings, user environment setup, security, and software configuration. As a powerful tool that can help organizations standardize system configurations across their environment, it also comes with … Read more

According to Symantec’s 2016 Internet Security Threat Report, 43% of cyber-attacks target small businesses. In both the UK and US, small and medium-sized businesses (SMBs) account for approximately 99% of all businesses. To make matters worse, SMBs are usually less equipped to defend themselves against cyber-attacks due to the limited resources available to them. Additionally, cyber-attacks in the SMB sector are more likely to go unnoticed for longer periods of … Read more

Auditing file and folder accesses on Windows File Servers enables you to see whether any users are accessing or trying to access resources without authrization. A large proportion of organisations are not making the most of file server auditing, choosing to stick to native auditing processes which can be both time-consuming and complex. At Lepide, we recommend deploying a third-party solution (obviously…), such as LepideAuditor. With an increasingly mobile workforce … Read more

The most valuable data in your organization is likely to be held in Active Directory (AD), databases, and on file servers. We often pay a lot of attention to securing AD and databases but file servers should also be appropriately secured. Here are my top 10 tips for keeping file servers protected. 1. Physical security Don’t let somebody walk out the door with your file server. But server theft isn’t … Read more

According to the mid-year data breach report, published by the Identify Theft Resource center, the number of data breaches in the US have hit a 6 month record high of 791. Compared with figures from 2016, this represents a 29% jump in the number of reported breaches. Should this trend continue, it is estimated that the total number of breaches in 2017 could rise to a staggering 1,500. The ITRC … Read more

Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All Trademarks Acknowledged.