Archive for Author: Phillip Robinson

A common misconception is that the vast majority of cyber-attacks are instigated by malicious hackers who deliberately break in to your system to steal your data. While this does happen, the belief that all attacks happen this way undermines the very real threat posed by your very own staff. According to a report published by MacAfee, insiders were responsible for 43% of data loss. Should an organisation fail to acknowledge … Read more

According to a recent report by Bitglass, in 2016 there were 328 data healthcare data breaches reported in the US. That’s 60 more breaches than there were in 2015. An estimated 16.6 million US citizens were exposed as a result. The breaches were caused by various hacks, lost or stolen devices, and unauthorized disclosure of sensitive information. However, while the number of reported breaches are increasing, the overall number of … Read more

Privacy by design is a methodology that helps organisations develop projects where privacy and data protection are accounted for from the start. Privacy by design is not a requirement of the Data Protection Act, but has been included in the GDPR specification (Article 23). Instead of incorporating data security measures as an after-thought, privacy and data sharing policies should be developed during the early stages of a project. Doing so … Read more

Wonga, the British payday loan company, has fallen victim to a data breach affecting an estimated 270,000 customers. The stolen data includes names, addresses, phone numbers and bank account details – including the last four digits of customers’ bank cards. Shortly after the breach was discovered, Wonga began contacting customers and setup a dedicated help page and phone line to deal with inquiries. The firm said it was “urgently investigating … Read more

Any organisation that accepts and stores credit card details must comply with the PCI-DSS (Payment Card Industry Data Security Standard). The standard was introduced in an attempt to reduce the chances of credit card fraud. While most Active Directory implementations don’t store credit card details, they may still be subject to a PCI audit. Non-Compliance of PCI can lead to lawsuits, fines, insurance claims, and a subsequent loss of sales … Read more

There are three basic principles to consider when deciding how to provide access to sensitive data in a secure manner, namely: Confidentiality, Integrity, and Availability. These principals are collectively known as the CIA triad. Confidentiality The level of confidentiality will naturally determine the level of availability for certain data. Confidentiality is a question of how, and where, the data can be accessed. To ensure confidentiality, one must safeguard the data … Read more

As of May 2018, the General Data Protection Regulation (GPDR) will come into effect, which sets out to harmonise and strengthen data protection for individuals within the European Union. Under this new directive, appointing a DPO (Data Protection Officer) is a mandatory requirement for companies and organisations who either employ more than 250 people or require the storing and processing of public data. It’s is important to note that, the … Read more

For those who don’t know about GDPR, it stands for the General Data Protection Regulation, and is a new set of rules passed by the European Union which aim to reform the out-dated and inconsistent EU Data Protection Directive. The GPDR will come into effect from May 2018 and will be applicable across all 28 EU member states. However, for those of you that believe Brexit means you won’t be … Read more

With insider security threats on the rise, and the increasing strictness and regularity of compliance mandates, auditing critical IT systems on a regular basis is an important part of the IT team’s job. Effective auditing will help you to fix IT problems faster and give you a better understanding of what’s happening in your IT environment. We recently ran a survey, aimed mostly at System Administrators in the USA, to … Read more

July and August carried on the trend in 2016 of an increased amount of awareness and attention being placed on IT security threats – both from the inside and outside. It has emerged that external security breaches affected high profile organisations such as Amazon, HSBC and the UK railway network. But as the focus on defending against external breaches increases, can the same be said of internal threats? Here’s a … Read more

Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All Trademarks Acknowledged.