Category Archives: Information Risk and Technology

The Ascentor guide to a cyber safe summer holiday

Summer cyber security

 

 

 

 

 

 

 

 

 

“We’re all going on a summer holiday, no more logins for a week or two…”

Well, not exactly. The holiday season is about to get in full swing, but many of us will be traveling with the same devices we use at home and work – with all the associated security risks.

Using your devices with hotel or airport Wi-Fi? Taking your mobile to the beach? Posting your holiday plans on social media?

What could possibly go wrong? Continue reading “The Ascentor guide to a cyber safe summer holiday” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

The OT and IT debate – is our critical infrastructure safe?

Power station critical national infrastructure

 

 

 

 

 

 

 

 

Back in 2011, GE coined the phrase “the Industrial Internet”. They were referring to how the gap between the operational technology (OT) that controls our critical infrastructure facilities and traditional enterprise information technology (IT) is closing. In the quest for smarter enterprise data, we are connecting our OT to our IT. Smart as that may seem, there can be unintended consequences – rather than a controlled ‘coming together’, it can be more of a fatal collision if the associated risks are ignored.

Seven years on, OT and IT are becoming more and more connected every day. Yet, there seems to be a level of denial that such connectivity exists. This can mean that critical cyber security controls are being ignored – a dangerous place to be. Continue reading “The OT and IT debate – is our critical infrastructure safe?” »

Share

What can you do when a patch goes wrong?

 

 

 

 

 

 

 

 

Your systems are updating… and new patches are being installed. In theory, your security is being updated to optimum performance levels – or is it?

In our work as cyber security advisors (including as accredited Cyber Essentials (CE) and Cyber Essentials Plus (CE+) assessors), we carry out a range of technical tests to determine if clients’ systems are adequate to protect them from the vast majority of low level cyber threats. One of these tests covers patch management – a patch being a piece of software designed to update a computer program or its supporting data.

Although meant to fix security vulnerabilities and other bugs, patching can sometimes introduce new problems or, in worst case scenarios, server failure. Whether you are a large organisation or a small or medium enterprise (SME), this can be damaging. So, to help you do what you can to prevent patching problems, we share some of our experiences and offer some prevention tips. Continue reading “What can you do when a patch goes wrong?” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

BIM, Security and the Building Lifecycle

Building Information Modelling, London skyline

 

 

 

 

 

 

 

 

 

In our previous articles on Building Information Modelling (BIM) we have explained how information security should be part of implementing BIM for construction projects.

In this latest article we look at how the risks to information on construction and refurbishment projects change over the course of the building lifecycle, and what measures can be put in place to manage those risks. Continue reading “BIM, Security and the Building Lifecycle” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

How to manage Building Information Modelling (BIM) implementation – Part 2 of 2

Building Information Management (BIM) image

 

 

 

 

 

 

 

 

In our first article on Building Information Modelling (BIM), we looked at what BIM is and the types of data at risk in building projects. We discussed the threat to digital information and why cyber security needs to be an integral part of construction and refurbishment projects.

In part two we look at the process itself – how to manage BIM implementation and why managing the risks to building information doesn’t stop at the end of the build. Continue reading “How to manage Building Information Modelling (BIM) implementation – Part 2 of 2” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

An introduction to Building Information Modelling (BIM) – Part 1 of 2

Building Information Modelling

 

 

 

 

 

 

 

 

If you run your own construction business or manage large building projects, you will know about the many professions and trades that need to come together to contribute to a modern building or refurbishment. But does information risk and cyber security come into your thinking? If not, it should.

Such projects require detailed information to be transferred between partners such as designers and architects at the planning stage, followed by the construction teams.  A variety of software tools are available to support this process such as 3D modelling packages, CAD software and project management tools.

All of this generates large volumes of data that must be accurate and which has to get to the right people on time. What’s more, it has to be safe from threats – and remain that way. Continue reading “An introduction to Building Information Modelling (BIM) – Part 1 of 2” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Ransomware – Back up or Pay up – Top Tips for SMEs

Ransomware

 

 

 

 

 

 

 

 

Part 2 in a series of blogs on ransomware. In the first blog we covered some basic cyber hygiene as well as providing 6 top tips for single home computer backups. This second blog takes it up a level and is aimed at Small and Medium Enterprises (SMEs).

Ransomware is the installation you really don’t want – it’ll encrypt your files and you’ll be blackmailed in to paying a ransom for the recovery key. What’s more, it’s a fast growing menace. New data from Intel Security shows a 24 per cent increase in this kind of malware in the first quarter of 2016 alone.

By restricting the ability of systems to operate, ransomware has the capacity to cause long-term damage to the reputation and profitability of any business. However, due to their size, SMEs don’t always have the resources to counter the damage that an attack can cause. We hope that, by following these six tips, SMEs will be better prepared to prevent attacks or respond with confidence, should the worst happen. Continue reading “Ransomware – Back up or Pay up – Top Tips for SMEs” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

Passwords? It’s enough to give you a headache

Password headache

 

 

 

 

 

 

 

 

 

Life was so much easier when all we had to remember was a 4 figure PIN to get money from the cashpoint machine. Nowadays we need passwords for almost everything we do online and most people have many accounts and registrations that require passwords, which we are meant to remember – it’s enough to give you a headache.

We are told by every budding security geek that our passwords need to be strong or complex, that they should be at least so many characters long, that we shouldn’t re-use them, that we shouldn’t write them down, that we should change them regularly, that we should… STOP – rewind that last bit… We are now being told we don’t have to change passwords regularly – HOORAH! Continue reading “Passwords? It’s enough to give you a headache” »

avatar

Bert Curtin

Senior Information Assurance Consultant at Ascentor

More Posts

Share

Preparing for the NIS Directive – a new cyber security baseline for Europe

New EU Cyber Security Regulations

 

 

 

 

 

 

 

 

In December of 2015, European Union (EU) law makers reached a draft agreement on new cyber security regulations after nearly two years of negotiations. The Network and Information Security (NIS) Directive will increase co-operation between member states and lay down cyber security obligations for operators of Essential Services and Digital Service Providers (DSPs).

The NIS Directive will require qualifying organisations to implement appropriate security measures to protect their networks and data against cyber security incidents and to report serious breaches to regulators. It will certainly affect companies in the UK, barring an EU exit in the summer referendum. Continue reading “Preparing for the NIS Directive – a new cyber security baseline for Europe” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

IA15: Public trust in networks and data depends on security

IA15 UK Government's Cyber Security and Information Assurance event

 

 

 

 

 

 

 

Ascentor’s Steve Penny and Paul Trethewey attended the IA15 event in London on the 9th and 10th November where Ascentor was also an event sponsor. Hosted by GCHQ, it was HM Government’s principal event for briefing the UK’s information security leaders. In a year that has seen bigger and more frequent security breaches, the event focused on a topic at the core of Ascentor’s work – the implementation of effective cyber security in our public services.

This high level event drew a number of prominent speakers from government, academia and industry. We were expecting to hear high calibre and thought provoking debates, and that’s exactly what we got, starting with the opening keynote address by Matthew Hancock, Minister for the Cabinet Office and Paymaster General.  Continue reading “IA15: Public trust in networks and data depends on security” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share