How to build a cybersecurity strategy for startups

How to build a cybersecurity strategy for startups

For some startups security is the last priority on a very long list of priorities. It seems like such a daunting task, one that will only cost money, take up time, and slow down the business. But the reality is that security is an important factor in any startupโ€™s success. Many customers will ask for…

Read more
ISO 27001 vs SOC 2 - Which is better for your organisation?

ISO 27001 vs SOC 2 – Which is better for your organisation?

โ€œDo you have ISO 27001 certification?โ€, โ€œWe only do business with organisations who have SOC2 accreditationโ€. As a startup you may be asked questions just like this frequently by customers, auditors, regulators, the board, and many others. But, if there is a choice of ISO 27001 vs SOC 2, which one should you be pursuing?…

Read more
Encryption of data in use: A new standard in data protection

Encryption of data in use: A new standard in data protection

Cybersecurity best practice states that organisations should incorporate encryption into their cybersecurity practices in order to protect user data. However, traditional encryption technology has only provided coverage for data when it is in transit or at rest, and there have been limited tools available for encryption of data in use. The lack of encryption of…

Read more
What is HIPAA Compliance for Startups

What is HIPAA Compliance for Startups?

Any startup who works with a United States healthcare organisation of any kind must demonstrate HIPAA compliance. HIPAA, the Health Insurance Portability and Accountability Act set out in US law in 1996 requires anyone who touches the protected health information of users to appropriately protect the privacy and security of this data. Done properly, demonstrating…

Read more
Benefits of ISO 27001: Why you need a cybersecurity framework

Benefits of ISO 27001: Why you need a cybersecurity framework

As a start up or small business owner, youโ€™ll be asked again and again about your information security certifications. One of the most internationally recognised certifications is the ISO 27001 information security certification which requires the creation of an information security management system (ISMS). While you may pursue certification in order to please potential customers,…

Read more
How to prevent software supply chain attacks

Are you the weakest link? How to prevent software supply chain attacks

The increasing prevalence of software supply chain attacks has grabbed headlines and industry attention alike. Where headlines may focus on victims (especially when there are high profile victims), within the cybersecurity industry the focus may be on the consequences of the attack for the supplier at the centre, and what this could mean for other…

Read more
Poor Password Security is Everyone's Problem

Poor Password Security is Everyone’s Problem

Isnโ€™t it great to be able to have all the information you could possibly need for any car journey at your fingertips? And even better to get rewards for using the car? But sadly, nothing ever comes for free as customers of General Motors discovered recently. Once again mainstream media headlines have been consumed with news of…

Read more
Every day is Data Protection Day. How can you protect your data from attack?

Every day is Data Protection Day. How can you protect your data from attack?

Data protection is one of the central pillars of cybersecurity, everything we do in the profession is to protect data before it is attacked. So for us, every day is Data Protection Day. For many organisations, data protection feels like a daunting task. It requires investment of both time and resources, and it never ends.…

Read more
Never Trust, Always Verify: The Benefits of Zero Trust Security Model

Never Trust, Always Verify: The Benefits of Zero Trust Security Model

Zero trust is one of the most celebrated concepts in cybersecurity right now. The basic tenet of zero trust architecture is – trust nothing, always authenticate in order to protect the network. We explore what is a zero trust security model, the benefits of adopting it, and how to implement a zero trust architecture in…

Read more
Take Your SSDLC Forward With STRIDE Threat Modelling

STRIDE Threat Modelling: Six Steps to a Secure Application

Todayโ€™s cyber attackers are becoming ever more inventive in the way they achieve big bang cyber attacks, using tactics such as hacking suppliers in order to gain access to their customers, or compromising vulnerabilities inside an applicationโ€™s code in order to attack an organisation.  As a result, developers need to be more threat conscious than…

Read more
Staying Safe: 9 Cybersecurity Tips for Startups

Stay Safe and Protected: 9 Cybersecurity Tips for Startups

As startups and small businesses know well, small doesnโ€™t mean insignificant. Size doesnโ€™t matter when you are intent on making an impact on your field. Growth is the name of the game, and you will do everything you can to maintain an upwards trajectory. Including looking for cybersecurity tips for startups, because you know that…

Read more