Regular password expiry is a common requirement in many security policies. However, in CESG's Password Guidance published in 2015, we explicitly advised against it. This article explains why we made this (for many) unexpected recommendation, and why we think it’s the right way forward. Let’s consider how we might limit the harm that comes from an attacker who knows a […]

Many businesses have implemented a Bring Your Own Device (BYOD), allowing employees to use personal laptops, tablets and smartphones to access company data and resources. Some businesses have gone further and implemented a Bring Your Own Application (BYOA) policy too, allowing employees to use their own applications. And now there’s Wear Your Own Device. WYOD […]

One of the ways I keep up with what is new and current thinking in the cyber security world when I am on the road is by listening to the “Through the Security Rabbit Hole” podcast. As I was listening to one of the recent presentations, I was considering what a cyber security strategy should look like. […]

The question asked by many a business is ‘Where do I find information about cybercrime and the threat it poses ?’ One good starting point is the CERT, the Government's Computer Emergency Response Team. In its own words it is described itself as: “Working with partners across industry, government and academia to enhance the UK’s cyber […]

Last weekend, the telecoms giant TalkTalk faced a huge crisis having been hacked by person or people unknown. News of the attack broke swiftly and was followed by a tsunami of interest and concern across social media. At the front of the messaging for the company was Baroness Dido Harding, who has since become a […]

Advanced persistent threat attacks can be traced as far back at the 1980s, with notable examples including The Cuckoo’s Egg, which documents the discovery and hunt for a hacker who had broken into Lawrence Berkeley National Laboratory. In this early example the hacker, Markus Hess, had been engaged for several years in selling the results […]

Trendy suits, smart offices and confidence  Every day of the week, educated professionals hand over huge sums of their hard earned cash to people they believe are highly respectable, only to discover at a later date the individual and their firm are far from legitimate, if they exist at all! Why are these ordinarily shrewd […]

The Sony hack, the USIS leak, the JP Morgan credit card leaks, the iCloud celebrity photo hacks – these are just a few of the big profile hacks that took place in 2014. If the last year has taught us anything, it’s that businesses will be punished for their online safety shortcomings, no matter how […]

In the past year, cyberattacks have littered our new feeds, displaying the high cost of a corporate hack. To tackle this top-of-mind IT issue we’ve reproduced, with the kind permission of Modis, an infographic explaining your business’s greatest threat and easy tips to begin planning a remedy.