Sec Tec Blog

ISO 27001:2013 – It doesn’t have to be difficult

We’ve been working in and around ISO27001 quite a bit lately. Several new clients are working toward implementation, and it’s always interesting to see how differently organisations interpret and implement the standard. This has coincided with our own annual audit for both 27001 and 9001 (both passed, one observation for improvement, which is always welcome). Talking to the various clients, consultants and auditors involved, it seems that the same common mistakes are made time and again:

1. Rushed certification attempts

Patching is difficult

I’ve been asked lots recently about ransomware. Considering the recent news headlines this isn’t surprising. Infosec continues to be a reactive process for many firms; spending money preventing an incident that may or not happen, can be difficult to quantify, and competes for resources against aspects of the business with a more measurable ROI, is not going to sit well with everyone.

Groundbreaking cyber security research centre to open in Cardiff

In the continual fight to ensure the best possible level of protection for organisations’ IT infrastructure, many specialists like our own here at Sec-Tec strive to provide wide-ranging and proven services such as penetration testing and PSN health checks.

Now, there has been another big step forward for cyber security in the UK, in the form of the launch of a new research centre in Cardiff, said to be the first of its kind in Europe.

“Improving our resilience to cyber attacks”

Non-malware attacks ‘on the rise’ – but what can you do to protect against them?

Statistics are pointing to an increasing tendency towards attacks not involving the use of malware, which enables them to evade detection by traditional, file-based security platforms.

Almost two-thirds of security researchers in one poll cited by Network World said they had seen such attacks more often since the start of the year, and weren’t confident that traditional anti-virus software could tackle them.

It isn't only the largest UK firms facing risks to their IT security

While they are not findings of great surprise to our penetration testing professionals here at Sec-Tec, the results of a recent survey of UK IT and security managers – as described by Information Age – should make for interesting reading for many of those who may look to use our services to shore up their firm's current security practices.

Organisations concerned that complexity could undo their cyber security efforts

It seems that few businesses around the world are in any real doubt about the importance of cyber security, not least given one recent market report that indicated more than $1 trillion would be spent on it between 2017 and 2021. But could organisations remain highly vulnerable to rising cyber crime even in the light of such heavy expenditure?

Worries about glaring security gaps

What IT security measures should your firm keep using – and which ones should you retire?

The security of your organisation’s IT infrastructure should always be one of its uppermost priorities. However, the need to practise certain security measures not just now and then, but repeatedly on a consistent basis can lead you to continue using them long after they have ceased to be truly useful. Meanwhile, it can also be so easy to become jaded by the latest security headlines that you may overlook practices you need to adopt right now.

Software patches, passwords and employee training are all key frontiers

Organisations across the UK should heed the Government's list of cyber security threats

While there has been much talk in the news lately about security in general and other risks to the safety of our planet such as nuclear war and artificial intelligence, cyber security remains a particular concern for many of us. It should certainly be for many of the UK’s organisations that are failing to adopt the most up-to-date security measures, which can also include the penetration testing in which Sec-Tec enjoys an industry-leading reputation.

Is your firm taking the comprehensive approach to Wi-Fi security that it should be?

There’s no question that Wi-Fi technology has had a dramatically positive effect on the connectivity of our world. The simple ability to gain access to the Internet or even the corporate network in the absence of a physical network connection has brought remarkable convenience to many people’s lives as well as, of course, to many businesses’ operations.

However, it is the very wireless nature of Wi-Fi that can also make it vulnerable to security breaches potentially causing great damage to your organisation.

So, what can be done to boost Wi-Fi security?