The UK GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018 grant individuals significant control over how their personal data is processed, from rights relating to erasure (the ‘right to be forgotten’), data portability and objecting to automated …
Gamification is a phrase that’s been popping up a lot in the past few years. Essentially, it refers to the way learning materials incorporate game mechanics. By doing this, learners are no longer simply sitting and reading or listening to …
Human error is one of the biggest security threats that organisations face, but you wouldn’t know that based on the lack of resources dedicated to preventing it. According to Verizon’s 2022 Data Breaches Investigations Report, 82% of data breaches involved …
In the past few years, ransomware has become one of the biggest cyber security threats that organisations face. It was the second-leading cause of cyber attacks in 2021, according to research by IT Governance, with more than 400 publicly disclosed …
Vishing is a type of phishing scam that takes place over the phone. It attempts to con individuals into surrendering personal information such as passwords, card details and PINs, which can be used for identity theft.
For years, e-learning was considered a cost-effective but ultimately inferior way to receive training. Prospective trainees would gravitate towards online learning if they didn’t have the wherewithal to go to an in-person course, which often have limited dates and small …
BEC (business email compromise) scams are a type of phishing attack in which a fraudster impersonates a senior executive at an organisation. The threat of BEC attacks is something all organisations must address, with a 2021 GreatHorn report finding that …
Ryuk is a sophisticated ransomware strain that has been targeting high-profile organisations since 2018. Like other forms of ransomware, Ryuk encrypts data on an infected system, rendering the information inaccessible until the organisation makes a ransom payment to the attackers, …
Staff awareness training is an integral part of ISO 45001, the international standard for OH&S (occupational health and safety). Although you might associate health and safety risks with specific industries, such as manufacturing or construction, all organisations face challenges. They …
Social engineering is one of the oldest types of fraud in existence. In an information security context, it refers to the tactics that criminals use to trick people into handing over sensitive information or exposing their devices to malware. Criminals …