For some startups security is the last priority on a very long list of priorities. It seems like such a daunting task, one that will only cost money, take up time, and slow down the business. But the reality is that security is an important factor in any startup’s success. Many customers will ask for…
“Do you have ISO 27001 certification?”, “We only do business with organisations who have SOC2 accreditation”. As a startup you may be asked questions just like this frequently by customers, auditors, regulators, the board, and many others. But, if there is a choice of ISO 27001 vs SOC 2, which one should you be pursuing?…
Cybersecurity best practice states that organisations should incorporate encryption into their cybersecurity practices in order to protect user data. However, traditional encryption technology has only provided coverage for data when it is in transit or at rest, and there have been limited tools available for encryption of data in use. The lack of encryption of…
Any startup who works with a United States healthcare organisation of any kind must demonstrate HIPAA compliance. HIPAA, the Health Insurance Portability and Accountability Act set out in US law in 1996 requires anyone who touches the protected health information of users to appropriately protect the privacy and security of this data. Done properly, demonstrating…
As a start up or small business owner, you’ll be asked again and again about your information security certifications. One of the most internationally recognised certifications is the ISO 27001 information security certification which requires the creation of an information security management system (ISMS). While you may pursue certification in order to please potential customers,…
The increasing prevalence of software supply chain attacks has grabbed headlines and industry attention alike. Where headlines may focus on victims (especially when there are high profile victims), within the cybersecurity industry the focus may be on the consequences of the attack for the supplier at the centre, and what this could mean for other…
Isn’t it great to be able to have all the information you could possibly need for any car journey at your fingertips? And even better to get rewards for using the car? But sadly, nothing ever comes for free as customers of General Motors discovered recently. Once again mainstream media headlines have been consumed with news of…
Your business is up and running. Your first product is ready for release. But wait, have you verified its security with external penetration testing? Fast forward a year, and you are happily getting on with day to day business. Business is growing, new systems are coming online, upgrades are being made to your product. But…
Data protection is one of the central pillars of cybersecurity, everything we do in the profession is to protect data before it is attacked. So for us, every day is Data Protection Day. For many organisations, data protection feels like a daunting task. It requires investment of both time and resources, and it never ends.…
Zero trust is one of the most celebrated concepts in cybersecurity right now. The basic tenet of zero trust architecture is – trust nothing, always authenticate in order to protect the network. We explore what is a zero trust security model, the benefits of adopting it, and how to implement a zero trust architecture in…
