How to stay safe from cyber threats this holiday season

Welcome to this week’s Security Spotlight, where we shine a light on:  

• How to stay safe from seasonal scams and data breaches 

• How to protect your organisation by building a security-minded culture 

• Selecting the security controls you need without breaking the bank 

• Meeting DORA’s penetration testing requirements 

• Our free green papers on implementing ISO 27001 and how pen testing fits into your ISMS  

• Our upcoming webinar on the DPO role  

Updated blog | Cyber Threats During the Holidays: How to Stay Safe from Seasonal Scams and Data Breaches 

Cyber attacks, data breaches and online scams increase dramatically each festive season, especially as many staff are away and opportunistic criminals look to exploit online shoppers’ desire to bag a bargain. 

So, as the year draws to a close, we look into: 

• Three major data breaches from 2024. 

• Three threats facing your organisation this holiday season. 

• Tips on protecting your sensitive data. 

Read the full blog  

New blog | Protect Your Organisation by Building a Security-Minded Culture 

We all have a responsibility for security. However, to ensure that all staff apply the knowledge gained from staff awareness training, security should be embedded in your organisation’s culture. 

We explain: 

• What a security culture is 

• The difference between security culture and security awareness 

• The benefits of a strong security culture 

• What a good security culture looks like 

• How to build a strong security culture 

• How to test the strength of your security culture 

Read the full blog 

New Q&A | How to Select Effective Security Controls 

Are you looking to mitigate your information security risks but aren’t sure how to choose effective controls while staying on budget? 

Damian Garcia MSc, CRISC , our head of GRC consultancy, explains the importance of: 

• Risk-benefit analysis 

• Defence in depth 

• Leadership support and information security objectives 

• Control selection 

• Proportionality 

Read the full interview 

New blog | A Guide to Meeting the DORA Penetration Testing Requirements 

Penetration testing is a systematic process of probing for vulnerabilities in your systems. An experienced and qualified penetration tester can mimic the techniques used by criminals without causing damage. 

Like many laws, regulations and standards, DORA (the Digital Operational Resilience Act) mandates ‘digital operational resilience testing’. 

In this blog, we explain: 

• DORA: digital operational resilience testing 

• What is penetration testing? 

• DORA requirements for penetration testing 

• Penetration testing scope under DORA 

• Address your vulnerabilities 

Read the full blog 

Free green paper | Implementing an ISMS – The nine-step approach  

Good information security is about addressing the risks specific to your organisation without compromising your business objectives.  

So, take an approach that’s both strategic and operational.  

An ISMS – preferably aligned with ISO 27001 – takes a systematic approach to managing confidential information so that it remains secure.  

Learn our 9-step approach to implementation, which we’ve used to help 800+ organisations around the world achieve ISO 27001 compliance.  

Download now  

Free green paper | Penetration Testing and ISO 27001 – Securing your ISMS  

As part of your ISO 27001 risk assessment, you must identify security risks within your ISMS scope.  

This free green paper explains how you can do this through penetration testing.  

Download now  

Free webinar | The Critical Role of a DPO: Why Outsourcing is the Smart Choice  

Tuesday, 28 January 2025, 3:00 – 4:00 pm (GMT)  

As data protection regulations become more stringent, the DPO role under the GDPR is more critical than ever.  

This webinar, led by Loredana Tassone-MARY and Natalie Whitney , will explore:  

• The legal requirements for a DPO  

• The benefits of outsourcing the role  

• What you can expect from a DPO as a service, and how it can prove a cost-effective solution for maintaining robust data protection  

Register now  

Speak to an information security expert  

With 20+ years’ experience in information security, we understand risk management.  

Our experts have implemented information security programmes for hundreds of organisations across a multitude of industries in both the private and public sectors.  

New to the world of information security and need advice on how to get started?  

Or updating an existing information security programme?  

Our experts are here to help.  

Get in touch