Luke Irwin, Author at IT Governance UK Blog

Catches of the month: Phishing scams for August 2020

Luke Irwin 7th August 2020 Uncategorised

In our latest round-up of phishing scams, we look at how criminal hackers infiltrated Twitter and sent tweets from dozens of compromised accounts. We also explain how fraudsters impersonated Google Cloud Platform in a PDF download scam, and issue a …

[Continue Reading...]

Does remote working affect the cost of a data breach?

Luke Irwin 5th August 2020 Uncategorised

Since the start of the COVID-19 pandemic, experts have warned that the switch to remote working would negatively affect organisations’ ability to detect and contain security incidents. Of course, many employers didn’t have a choice. Government guidelines in the UK …

[Continue Reading...]

List of data breaches and cyber attacks in July 2020 – 77 million records breached

Luke Irwin 3rd August 2020 Monthly Data Breaches and Cyber Attacks

After mammoth amounts of personal data were leaked in May and June, we’ve seen a reversion to the mean this month. By our count, 77,775,496 records were leaked in 86 incidents. This includes the Twitter hack on 130 people, including …

[Continue Reading...]

Universities across the UK and North America confirm cyber attack

Luke Irwin 28th July 2020 Uncategorised

A software supplier used by some of the UK’s biggest universities has confirmed that it suffered a cyber attack in May. Blackbaud, which provides education administration, fundraising and financial management software, was infected with ransomware, giving cyber criminals access to …

[Continue Reading...]

ISO 27001: The 14 control sets of Annex A explained

Luke Irwin 27th July 2020 ISO 27001

ISO 27001 is the international standard that describes best practice for an ISMS (information security management system). The Standard takes a risk-based approach to information security. This requires organisations to identify information security risks and select appropriate controls to tackle …

[Continue Reading...]

Fraudster tried to steal football club’s £1 million transfer fee

Luke Irwin 23rd July 2020 Uncategorised

An unnamed Premier League team nearly faced disaster this season when a cyber criminal attempted to steal a £1 million transfer fee. The fraudster hacked the email account of the club’s managing director during a transfer negotiation, and was trying …

[Continue Reading...]

GDPR data transfer rules: what you need to know

Luke Irwin 22nd July 2020 Data Protection, EU GDPR

If you’re transferring data outside of the EEA, the GDPR (General Data Protection Regulation) imposes some restrictions. These apply to all data transfers, no matter the size of the transfer or how often you carry them out. So how do you …

[Continue Reading...]

Celebrity Twitter accounts hacked in coordinated cyber attack

Luke Irwin 16th July 2020 Uncategorised

UPDATE: Twitter has released new details about this attack, including that it was the result of spear phishing. Two weeks ago, the Twitter accounts of several high-profile figures, including Microsoft’s co-founder Bill Gates and Tesla CEO Elon Musk, were hacked …

[Continue Reading...]

How to document PCI DSS-compliant policies and procedures

Luke Irwin 15th July 2020 PCI DSS

Technology can only do so much to protect an organisation from data breaches. That’s why Requirement 12 of the PCI DSS (Payment Card Industry Data Security Standard) instructs organisations to implement policies and procedures to help staff manage risks. Employees …

[Continue Reading...]

World Economic Forum outlines three steps for cyber security success

Luke Irwin 8th July 2020 Uncategorised

Digital technologies are evolving so rapidly that vulnerabilities emerge faster than they can be secured. As such, it’s getting harder to prevent data breaches and criminals have their choice of weaknesses to exploit. This is the opinion of the WEC …

[Continue Reading...]

Luke Irwin Archive