The Security Innovation Europe Blog

Most people recognise that security is a problem in the digital age we live in. 

Your employees are reading the news, and learning about the latest exploits, from Heartbleed to Shellshock.

And a decent proportion of your employees will be concerned about security, too. They recognise that security is a problem — but that’s very different to knowing what to do to reduce the risk. Security awareness is all about not just making employees aware risks exist, but aware of what they need to be doing to minimise them. 

But how can that awareness be made organisation-wide?

If you’re like most people, you’ve probably already used WiFi today.

WiFi has become a fundamental part of our connectivity. Whether that’s when we’re in the office, and connected to the company’s network, or in a coffee shop, connected to a public one. 

The problem is that many people don’t think much about security when they connect to new networks, and the potential implications.

In today’s post I explain how to minimise two key risks when connecting to WiFi networks.

The recent Heartbleed bug that compromised two-thirds of all websites was a sharp reminder that businesses are vulnerable. The Federation of Small Businesses (FSB) reports that cybercrime costs the UK economy an estimated £27 billion a year.  Such attacks not only damage business growth but they also erode customer trust.

Despite the importance of securing both confidential customer and company data, many businesses continually fail to prevent breaches.

There is a wealth of information security knowledge available on the web, but it’s difficult to know where to start. To give you a hand, we have compiled a list of 40 top information security blogs that provide you with frequent, quality content covering a full range of security issues relevant to organisations worldwide.

Your organisation’s employees are using social media.

They’re using it at home.

They’re using it on the way to work.

They’re using it when they’re in the office (whether you’ve allowed them to or not). 

This means that your organisation needs to think very carefully about the risk social media poses to its security.

In today’s post I explain a few techniques for reducing that risk to your organisation.

What is social engineering?

Put simply, It’s the art of manipulating people into doing something. 

That something could be releasing passwords, bank account information, access to a server room, the mobile number of the CEO, or whole range of other actions that could stand to benefit a social engineer. 

In today’s post I explain some of the most common social engineering tactics, and why organisations should be concerned about them.

Protecting your customers’ cardholder data is extremely important.

Leaked data can result in numerous problems, ranging from criminal proceedings to government fines and huge damage to your organisation’s reputation. 

It seems every week we hear about another large organisation that has lost confidential customer data. 

In the US alone, since 2009, 30.1 million patients have been affected by health data breaches.

Earlier in August it was reported that a russian gang has hacked 1.2 billion username and password combinations, belonging to more than 500 million email addresses.

Back in March, eBay suffered a data breach which affected the majority of its 145 million members, requiring many to change passwords.

But why do these breaches keep happening? There’s a number of key reasons, and in today I share 5.

All companies that process credit or debit cards are required to be PCI compliant. 

But is ongoing compliance really important? Or is it a box that needs ticking each time you have an external assessment run? 

In today’s post I explain the importance of ongoing compliance with PCI DSS.

Security awareness training is all about making sure that employees understand that people try to deliberately attack, steal, damage or misuse an organisation’s systems and information, and that therefore everyone within an organisation needs to be aware of the risks, and work to protect the organisation. 

Awareness training also makes sure that employees are fully aware of the consequences of failing to protect the organisation from attackers. These consequences range from criminal penalties to economic damage to the company and the loss of employment.

Having decided to implement a security awareness training program, and confirmed that computer-based software should be a core component of your program, you need to decide which software to choose. 

In today’s post I explain the core training components you should look for in your security awareness training software.