Author Archives: robbie

Why foiling phishing attacks means much more than just punishing users for falling for them.

Advice from the NCSC: Some organisations put a lot of effort into training their staff to detect and evade phishing attacks. Some even punish them if they slip up. It’s easy to see why the user has been identified as … Continue reading

Posted in Uncategorized | Comments Off on Why foiling phishing attacks means much more than just punishing users for falling for them.

Cyber Essentials is changing – we have 10 months to adapt

The Government approved Cyber Essentials scheme includes five technical controls that help protect organisations from the majority of cyber attacks. A team of experts review the scheme at regular intervals to ensure it stays effective in the ever-evolving threat landscape. … Continue reading

Posted in Uncategorized | Comments Off on Cyber Essentials is changing – we have 10 months to adapt

Cyber Essentials v3.0

In the January 2022, the NCSC will introduce an updated set of requirements for the Cyber Essentials scheme (v3.0). This update is the biggest overhaul of the scheme’s technical controls since it was launched in 2014 and is in response to the … Continue reading

Posted in Uncategorized | Comments Off on Cyber Essentials v3.0

How to spot a phishing email

It claims that there is an important meeting, and contains a link for details.  The email may even use your name (so called ‘spear-phishing’).  However, the link provided leads to a fake website designed to capture your login details so … Continue reading

Posted in Email, General | Tagged | Comments Off on How to spot a phishing email

Ransomeware shuts local authority

Lincolnshire Council’s information systems were held to ransom on Tuesday, 26 Feb – for £1m to reinstate access.  The breach was caused by a member of the council clicking on a link within a spam email. So what can you … Continue reading

Posted in Uncategorized | Comments Off on Ransomeware shuts local authority

CESG Offer Password Security Tips

Unlike previous guidance, this doesn’t focus on trying to get ever more entropy into passwords.  Instead CESG are encouraging system designers and security architects to think more about where they’re requiring passwords, and what they’re trying to achieve with them. … Continue reading

Posted in Uncategorized | Comments Off on CESG Offer Password Security Tips

Protecting personal data in online services: learning from the mistakes of others

Unfortunately, there are many serious data loss incidents which could have been avoided or reduced in severity if simple good practice had been implemented.   The Office of the Information Commissioner has published guidance on the most significant threats to data … Continue reading

Posted in Uncategorized | Comments Off on Protecting personal data in online services: learning from the mistakes of others

‘Order Number 86514719983′ = malicious email

A large-scale malware distribution campaign targeting University staff and users is being reported.   Users might receive an email with the distinctive subject line ‘Order Number 86514719983′; the number seems to be random and many users are reporting many different numbers: If you … Continue reading

Posted in Email | Comments Off on ‘Order Number 86514719983′ = malicious email

Crypto Wars…

This is most certainly worth a listen : http://www.bbc.co.uk/programmes/b03xzyy5  

Comments Off on Crypto Wars…

Phishing Scam tricks GoogleDocs users

There are many ways to dupe people out of their login credentials… In the examples below,  what looks like an authentic email contains a link to an ‘important’ GoogleDoc: http://www.symantec.com/connect/blogs/google-docs-users-targeted-sophisticated-phishing-scam http://nakedsecurity.sophos.com/2012/05/30/phishing-with-help-from-google-docs/   Remember – don’t click on links in email! … Continue reading

Comments Off on Phishing Scam tricks GoogleDocs users