• Password guideline for general users

    News portals are filled with reports on compromised accounts. We know friends who have had their Facebook, Yahoo, and other accounts hacked and can no longer access making them exposed to their sensitive emails, and even allowing hackers to pose as someone else. While application developers do their best to ensure safety, the first basic […]

  • Our internal staff training approach

    Internal staff training is an important step for any organisation for improving efficiency, skillset and policy/security awareness. The ICO even has a checklist for small and medium sized organizations https://ico.org.uk/media/for-organisations/documents/1606/training-checklist.pdf In Sept 2017 we started a new approach to our staff training session and system. The approach we followed was Created a training group which […]

  • Quick guidelines to GDPR

    Synopsis As many of you may be aware the General Data Protection Regulation (GDPR) was adopted on 27th April 2016 and becomes enforceable from 25 May 2018. GDPR applies to you if you are a data controller or processor of personal information. We appreciate that many organisations might not have the resources to manage GDPR […]

  • Our first commercial penetration test

    We successfully completed our first commercial penetration test last week. Our client had already got its system tested by another security agency and after fixes were made they asked us to perform another test. We found around 10 issues overall across network, Apache/PHP settings, XSS, and more importantly priority issues like SQL injections. SQL injections […]

  • Equifax faces multibillion dollar class action lawsuit over not doing enough to protect data

    Equifax discovered the vulnerability in July, but choose to reveal it publicly more than a month later. During this time three senior executives sold about $1.8 million in stock. The company was also widely criticized for its customer service approach in the aftermath of the hack, with users not know what data was hacked. Data […]

  • What’s HTTPS, letsencrypt.org and does my website need this?

    HTTPS? what does it mean? HTTPS means Hypertext transfer protocol over Transport Layer Security (TLS) is an encryption protocol that provides security over computer network. It’s used to ensure that the communications between your website and end users are encrypted. You might have noticed that bank sites you visit always have https in the start […]

  • What’s keeping us busy these days? The “Debian 9” upgrade!

    Debian 9 OS was released a few months back, and we had been working on understanding the changes in the OS, including the various services, applications it had. We now have a good idea on what needs to be done to shift most of our projects to the new OS. We have also prepared a […]

  • £60,000 fine notice for not performing regular penetration test.

    A recent fine by Information Commissioner’s Office emphasises regular penetration testing by business of all sizes to protect customer data. An SME was fined £60,000 after personal data relating to over 26,000 customers was compromised by a cyber-attack in 2014. The ICO found that the organisation in question failure to identify weaknesses across its infrastructure […]

  • Myth: GDPR is an unnecessary burden on organisations?

    Read the latest from the Deputy Commissioner of Policy at ICO on the GDPR sapna security recommends that all businesses start looking at GDPR now rather than the last min. Contact us on 01737 887808 or [email protected] if you need help.