-
·
Sharing Sensitive Files Securely
The way sensitive files travel through organisations rarely attracts much attention until something goes wrong. Most exposure isn’t the result of a deliberate attack or a dramatic failure rather, it’s the accumulated result of working habits that feel unremarkable in the moment. An attachment sent for convenience, a sharing link left active after the project…
-
·
Identity and Access Management
Access to systems and information naturally accumulates over time. Employees move between roles, suppliers are onboarded for projects, permissions are extended to meet operational requirements and not revisited. Each individual decision is usually reasonable in context, the difficulty is that the cumulative result, across an organisation and over time, is often an access environment that…
-
·
Governance and Control in Microsoft Teams Environments
Microsoft Teams environments usually grow faster than governance around them. That is not really a criticism so much as a reflection of how these platforms are adopted in practice. A tool introduced to improve communication quickly becomes the place where files are stored, meetings are held, suppliers are invited in, and projects are coordinated. The…
-
·
Data Handling and Sharing
Data is handled constantly, often without much conscious thought. Files sent by email, documents saved to shared drives, information passed on in a conversation or a screenshot. Most of the time this happens without consequence. But the habits formed around routine data handling determine what happens when something goes wrong, or when data ends up…
-
·
Recognising and Responding to a Security Incident
Security incidents happen. They happen to organisations with mature security programmes, experienced teams, and robust controls. The measure of a security posture is not only how well it prevents incidents but how effectively it responds when prevention falls short. Knowing what to do in the first moments after something goes wrong matters. Delayed or poorly…
-
·
Account Security and Recovery
Most security guidance focuses on protecting accounts from being accessed by others. Less attention is placed upon what happens when you lose access yourself or when an attacker uses your own account recovery process against you. Account lockout is a more common experience than many people expect, and the recovery process, when not set up…
-
·
Working Securely When Travelling
Travel introduces a specific set of security risks that don’t exist, or exist in a more controlled form, in a normal working environment. You’re operating on unfamiliar networks, in public spaces, with devices that may be subject to inspection at borders, in locations where the people around you are unknown. The controls that protect you…
-
·
Why Backups Matter
Backups are one of the most consistently undervalued aspects of everyday security. Most people understand in principle that they should back their data up. Far fewer do so reliably, and fewer still have ever tested whether their backup actually works. The practical reality of not having a working backup becomes clear very quickly when something…
-
·
Phishing and Social Engineering
Most successful attacks don’t begin with sophisticated technical exploits. They begin with a message (an email, a text, a phone call), designed to make someone do something they wouldn’t otherwise do. Phishing and social engineering remain among the most effective methods available to attackers precisely because they target human judgement rather than technical defences. The…
-
·
Secure Authentication: Passwords, MFA and Passkeys
Passwords are still one of the most common ways systems are accessed, and one of the most common ways they’re compromised. Increasingly, they are also no longer the preferred option where stronger alternatives are available. Guidance from the National Cyber Security Centre and National Institute of Standards and Technology has shifted accordingly. Passkeys are now…
