Resources

Manchester United are allegedly being held to ransom for millions of pounds by cybercriminals who have crippled the club’s systems. United have brought in a team of technical experts to contain the potentially ‘disastrous’ attack that was launched more than a week ago. T the hackers allegedly still have United […]

A good deal of Friday and yesterday was spent trying to unravel dataflows and network topography to determine the scope of a customer’s cardholder data environment (CDE).  Three interesting channels are currently under scrutiny but today’s job is to get to the bottom of an e-commerce website white labelled by […]

I love it when both of my professional worlds come together.  It should happen more often than it does, but to date it is a rarity.  That’s possibly because the PCI DSS work is managed by a totally different team with different skills than the data protection compliance management work.  […]

Many patients of a large psychotherapy clinic in Finland have been contacted individually by a blackmailer, after their data was stolen. In what has been described as a “highly unusual ransomware case”, a hacker is demanding money directly from patients after an electronics patient record system in Finland was hacked. […]

With increasing numbers of staff working from home, along with new cloud and remote access services being stood-up faster than every before, now is the time to verify that your corporate data is secure.

To guide our clients through the varied risks of remote working, we maintain a dedicated team of NCSC certified security consultants.

As a PCI QSA we frequently see both merchants and service providers that are failing to adequately validate their supplier chain’s compliance with the PCI DSS. In this resource, we look at how a merchant can verify the compliance status of their service providers, by systematically analysing an Attestation of Compliance document.