Password Manager – The Good, The Bad & The Truth.

Tony MasonCyber Security, Data Protection, Password Management, Security Awareness & Phishing

As part of any security awareness training we cover passwords. We teach users how to choose secure passwords, with the right length and characters, pass phrases etc. However, the average person has to log on to over 170+ sites/services and usually only have 3 to 19 passwords. That means there are a lot of weak/shared passwords in use & some … Read More

5 Ways For Housing Associations to Level Up M365 Email Security

Tony MasonCyber Security, Data Protection, Email Security, Microsoft 365 Security, Security Awareness & Phishing

The newly published Email Security Risk Report reveals that 99% of Cybersecurity leaders are stressed about email security.  Plus 93% of organisations experiencing security incidents in the last 12 months.  It is easy to see why. For housing associations, the risk email poses to sensitive data is pervasive. They operate a complex infrastructure environment, and need to ensure employees are appropriately … Read More

Why you need Integrated Cloud Email Security (ICES)

Tony MasonEmail Security, Microsoft 365 Security, Security Awareness & Phishing

In their 2021 Market Guide for Email Security, industry analyst Gartner introduced the acronym ‘ICES’, which stands for integrated cloud email security. They also predicted that these platforms would make up 20% of anti-phishing solutions by 2025, up from 5% in 2021. You might also see the acronym ‘CAPES’ used to describe these platforms as well. This was coined by … Read More

Patch Management Explained: Best Practices & Benefits

Tony MasonCyber Security, Data Protection, Patch Management

All You Need To Know About Patch Management And Why Automated Patch Management Will Simplify Your Sysadmin’s Life – by ANDRA ANDRIOAIE. What is Patch Management? Patch management if the process of distributing and applying updates to software. These patches are frequently required to fix bugs in the software known as vulnerabilities. It entails the acquisition, review and deployment of … Read More

Zero Trust & ZTNA

Tony MasonCASB Cloud Application Security, Cyber Security, Data Protection, MFA, Web Security

Zero-Trust is a security framework of products or services that removes inherent trust from your organisation. Instead it requires strong, regular authentication/authorisation of all devices and users, together with context & policy adherence. Zero-Trust Network Access (ZTNA) is a term coined by Gartner. It uses the concept of ‘Zero Trust’ in the control of access to the company’s resources at … Read More

Vulnerability Scanning

Tony MasonAPI Security, Data Protection, Penetration Testing, Vulnerability Management & SIEM, Vulnerability Scanning

Why scanning more often could deliver surprising benefits you may not have considered. Can I just scan once per year, like with a penetration test? Penetration tests are uniquely effective in uncovering highly complex vulnerabilities in web applications: those which may require detailed human awareness and context in order to detect. However, whilst irreplaceable, penetration tests can also be relatively … Read More

Protect your Office 365 users & business against evasive phishing attacks.

Tony MasonData Protection, Email Monitoring, Microsoft 365 Security, Security Awareness & Phishing

One of the key challenges organisations are currently struggling with, or have seen, is an increase in Evasive Phishing. In addition, Impersonation Attacks and Business Email Compromise are also a problem.  All of these are getting past traditional gateway and perimeter security solutions. The sophistication of these attacks makes them increasingly successful in avoiding detection and fooling your employees.  This … Read More

Data BackUp – Is Your Microsoft 365 Data Safe & Secured?

Tony MasonData Backup, Microsoft 365 Security

With the increased adoption of Microsoft 365, many organisations assume that data backup is included in Microsoft 365.  As a platform, it is secure. However, your data isn’t backed up in a way that you would require.  Microsoft will not cover any data loss caused by your own internal errors. Nor from malicious actions, ransomware or any other cybercrime event.  Microsoft … Read More

Cybersecurity Awareness Month

Tony MasonSecurity Awareness & Phishing

October is Cybersecurity Awareness Month, which is now in its 18th year. Its primary focus continues to help raise awareness about the importance of cybersecurity, ensuring everyone has the resources they need to be safer and more secure online.    The Themes this year are: Be Cyber Smart Fight The Phish Explore, Experience, Share (Cybersecurity Career Awareness Week) Cybersecurity First KnowBe4 … Read More

UBA vs UEBA and SIEM

Tony MasonVulnerability Management & SIEM

What is UEBA? What is the difference between UBA vs UEBA and how does it fit in with SIEM? User and Entity Behaviour Analytics (UEBA) focuses on analysing activity. Specifically user behaviour, device usage, and security events ­within your network environment.  It helps companies detect potential insider threats and compromised accounts. The concept has been around for some time. It … Read More