Gillian Gilmour

A reminder that secure handling and destruction of printed data remains important, even in this "paperless" society. While printouts may seem "so last century" to digital natives, there are still many cases where paper documents contain sensitive PII/PHI and other confidential information. And the rarity of handling paper documents for some folks combined with hybrid work makes it important to reinforce best practices for their handling and disposal. https://lnkd.in/e9fHcmBM

Compliance doesn't have to be a painpoint! We've recently closed out and delivered a handful of ISO 27001 internal audits and vCISO support for ISO 27001 and the feedback is in! Below is an example of some awesome Trustpilot feedback from an awesome customer we helped get ready for their ISO 27001 audit. 👇🏼 Each business is a unique rubiks cube of challenges and opportunities. Getting to understand them in a finite amount of time to advise on the effectiveness and efficiency of security controls is an art as much as a science. At Steel FYI we pride ourselves in giving practical, friendly, and commercially-minded advice on how to achieve compliance and prevent material breach, without tying the business up in red-tape. If you want some support in making ISO 27001 work for your business, not the other way around, drop me a message 📨

20

Cyber Security and Resilience Bill is one of the main priorities in todays King’s speech. Digital identity and verification is highlighted as an important area in the speech. Working in collaboration with the Department of Science, Innovation and Technology (DSIT) #CyberLondon will play a crucial role in meeting some of these government priorities and making London a safer city in the world for businesses. Cyber London #kingsspeech #cyberhygiene #cyberessentials #cyberinsurance

46

5 Comments

I have been prophesying the importance of Cyber Essentials accreditation will become increasingly mandatory for businesses. Cyber Essentials is already a fundamental requirement when pitching for Government contracts. Why not book some time with me so I can show you what's involved by clicking here: https://lnkd.in/efwgnwpM C4 Secure's experts will guide you to success!! ##thisisnorthants ##strongertogether #cybertec #cyberessentials

2

The ICO have chosen not to fine the London Borough of Hackney for the October 2020 attack and data theft, as the fine will end up impacting the people they serve. Instead the ICO have issued a reprimand. The ICO could have enforced further cybersecurity improvements, or regular external audits, but have not done that. The ICO notification does contain some good detail on the attack (somewhat redacted), showing that an RDP service with no MFA was used to gain initial access. The 15 year old account used to access had the username "kiosk" and the password "kiosk".... From the InfoSecurity article: "In the October 2020 attack, threat actors infiltrated LBoH computer systems and accessed, encrypted and exfiltrated records containing personal data. This included highly sensitive information on residents’ racial or ethnic origin, religious beliefs, sexual orientation, health data, economic data and criminal offence data. In addition, personally identifiable information (PII) such as names and addresses were accessed in the attack, which was traced to the Pysa/Mespinoza ransomware group." "Stephen Bonner, Deputy Commissioner at the ICO, commented: “This was a clear and avoidable error from LBoH, one that has resulted in a mass loss of data and has had a severely detrimental impact on many residents.” https://lnkd.in/e7KnQAmM

2

2 Comments

Incident response top tips... ⚠ Stick to what you know. Speculating that it's an act of cyber war, squirrels, or DNS helps nobody. ⚠ Don't use someone else's misfortune as a sales tactic. It's tacky. ⚠ Test and verify any unofficial fixes or workarounds. Rushing things could cause more damage. ⚠ People will be under massive pressure to get things fixed. Give them time, space, and support. #BeKind #CyberSecurity #CrowdStrike

28

7 Comments

The UK NHS at risk of further attacks due to outdated IT systems, NCSC exec warns. The NHS is at risk of being targeted by cybercriminals again due to its outdated IT systems, according to an executive at the National Cyber Security Centre (NCSC). A recent attack resulted in thousands of appointments being postponed, highlighting the vulnerabilities of the NHS. This article points out that weaknesses in identifying vulnerabilities and a lack of basic security practices are to blame for the attack. Experts are calling for improved cybersecurity measures to protect the NHS from future attacks. #NHS #Cybersecurity #Healthcare

1

Security isn't just about confidentiality. The other side to controlling access to information is enabling access to information. Today I engaged with with a local business whose customers' weren't receiving their quotes because of the security controls they put in place. Whilst well intentioned, it wasn't done well and their emails were being dropped. If you're implementing new security controls, please think about the business impact. Design your controls to support and enable your people and your customers, not fight them. And if you're configuring your email to avoid your team and your customers being targeted by spoofed emails and cyber scams, take a moment configure your domain correctly and save yourself from damaged relationships and lost business opportunities. You can check your domain settings here for free: https://lnkd.in/eca6RXdM #emailsecurity #dns #peoplefirst

12

5 Comments

Have you heard of Quishing? Quishing is a form of phishing which uses QR codes to lure targets to criminal websites! CyberScotland has just released this new blog giving great advice - https://lnkd.in/d54kzAQE How do you currently test if the QR code you are scanning is safe? #qrcodes #scams #cybersecurity #securityeverywhere

30

18 Comments

Feeling great after having my Certified Information Systems Security Professional (CISSP) license renewed for another three years today after re-assessment from (ISC)². I’ve now signed up for ISSMP. Does anyone have any tips or pointers for the learning path or exam? #CISSP #CyberSecurity #InformationSecurity #ISSMP #CertificationRenewal #SecurityLeadership #CyberSecurityProfessional #ISC2 #SecurityManagement #CareerGrowth #ContinuousLearning #ProfessionalDevelopment #TechLeadership #CyberSecurityStrategy

20

4 Comments

Not sure if our politicians are aware that their devices can be compromised. We should be advising them to take adequate precautions to ensure that their phones and laptops are secure. With the threat of a possible vote of no confidence the confidentiality and integrity of their communications are of paramount importance. The UK National Cyber Security Center has provided some guidance that is also applicable in our context. A summary of the content is provided below with a link to the webpage and a link to the Loop story that prompted this post (In the comments section). Summary of UK National Cyber Security Center Guidance " Are you a high-risk individual? If your job involves handling sensitive information, like being in politics, journalism, academia, or the legal sector, you might be a target for cyber attacks!  Recently, there have been several attacks on high-risk individuals in the UK, leading to stolen and published sensitive info, which can harm reputations. Stay safe with these tips: 1. Use strong passwords 2. Enable two-step verification on your accounts 3. Install updates on your devices 4. Review your social media settings and messaging app usage Ahead of the UK General Election, it's crucial for election candidates and officials to boost their cyber defenses. The NCSC offers individual cyber defense services to help protect you. They provide two opt-in services: Account Registration and Personal Internet Protection. If you believe you are at risk, contact NCSC at [email protected] with your full name and a short business case to sign up. The NCSC will never ask for personal info directly or via a web form. Remember, if you receive a suspicious email, don't click any links or reply until you're sure it's genuine. Report it to your IT support. If you think you've been hacked, don't panic! Report it to your security team—they're there to help." Stay secure and protect your personal and work-related information! (Picture courtesy of Loop PNG)  #CyberSecurity #StaySafeOnline #HighRiskProtection

27

6 Comments

STORM Guidance contributed to this comprehensive report, worth a read: https://lnkd.in/euinaiQ5

3

Cyber Essentials is a Government-backed scheme that focuses on helping organisations protect themselves against the most common online threats. If you’re a supplier planning on bidding for UK government contracts involving handling certain sensitive and personal information, it's a mandatory requirement. However, even if you are not planning on working as a government supplier, the Cyber Essentials certification aims to provide businesses with a baseline of cybersecurity controls. At Lucid, we can help you to put the controls and measures in place that will allow you to secure cyber essentials certification, and maintain it in the future. To find out more or to discuss how we can help, please feel free to drop me a message or get in touch with our team at lucidgrp.co.uk #LucidGroup #CyberEssentials #CyberSecurity #TechSupport

2

Cyber Essentials is a Government-backed scheme that focuses on helping organisations protect themselves against the most common online threats. If you're a supplier planning on bidding for UK government contracts involving handling certain sensitive and personal information, it's a mandatory requirement. However, even if you are not planning on working as a government supplier, the Cyber Essentials certification aims to provide businesses with a baseline of cybersecurity controls. At Lucid, we can help you to put the controls and measures in place that will allow you to secure cyber essentials certification, and maintain it in the future. To find out more or to discuss how we can help, please feel free to drop me a message or get in touch with our team at lucidgrp.co.uk #LucidGroup #CyberEssentials #CyberSecurity #TechSupport

3

Questions for NIS Compliance interest... We are helping many organisations with  NIS compliance work and have an interest in other organisations' experiences. Vibert Ltd advises NIS and NIS2 compliance as an ex- NIS Regulator and have many common findings. What do you experience? NIS and NIS2 are driving cyber/resilience improvements across many industries. Some are responding faster than others. Which industries are slowest and how can we all help them better? NIS2 will be a tidal wave starting in 2024 with addition of thousands of organisations, many new sectors, and accountabilities of Essential and Important entities. NIS V1.2.x UK may also do similar in future..... How will CAs and CSIRTs manage this mega wave? Our typical services may comprise, for example: NIS Advisory to CxOs/Boards/Senior Staff and NRO/DNROs etc. on NIS importance. NIS Advisory to OES for Inspection Readiness walk arounds and workshops. NIS Advisory to OES as Dummy Inspections. NIS Advisory regards Regulatory Enforcement. Teams calls with Seniors. Other possibilities.. Suggestions? Our NIS visits offered typically discuss topics like : - The Inspection Schedule across each phase. Interactions with Regulator during Inspections. Site visits: Where, how, and what is looked for. Each day of an Inspection. CAF discussions. Typical topics of an Inspection. What to prepare and how to present. What will be the outcome of each day and each phase. Who will attend from the Regulator and the OES. What will be asked and what won’t be said. Timelines. Outcomes. Information Notices and Fines. How to be best prepared. Etc. What topics are we missing? As an Ex-OFGEM NIS Inspector, we offer customers a unique insight into NIS Inspection preparedness that teams might find a useful differentiator. Some Consultants add us into their CAF programmes, just for a handful of days, which gives them a strong sales boost. We currently assist several OES in preparation for NIS Inspections. We trained many of the other Competent Authorities Inspectors in “our way” as we were leading UK (and probably EU) in NIS Inspections. E.g. OFGEM, ICO, DfT, CAA, HSE, DWI, etc. Suggested USPs… :- "Ex-NIS Regulator Principal Inspector Advisor"!!.. "Led the UKs 1st NIS Inspections"... "Developed the UKs NIS Inspection and Enforcement Programmes".... "Trains NIS Inspectors"... "Covers IT, OT, Cyber, Physical Security, Process, GRC, etc.".... !! We look forward to hearing from Operators and from Consultancies so we can develop the right SOW and Proposal for all our needs. How can we all help to assist more compliance as it will benefit society as a whole. Cevn Vibert CITP CEng FIET FInstMC FBCS 27kLA GICSP Global Director NIS Advisory and OT Industrial Security. [email protected] Vibert Ltd. www.vibert.ltd.uk #QuestionForGroup

6

Thanks to those who reached out to organize one-on-one discussions regarding their data protection challenges. We have a spare 1-hour slot next week for anyone interested in some free Data Protection advice from our subject matter experts at Trust Hogen. 🔒💡 #DataProtection #Cybersecurity #ExpertAdvice [email protected]

12

The Economic Crime and Corporate Transparency Act (ECCTA), like many recent global legislative initiatives, is driving increased business transparency and accountability. While this is UK legislation, it offers several important takeaways for individuals and businesses operating in other countries.

1