What is Penetration Testing?

Tony MasonPenetration Testing

Penetration testing, also known as ethical hacking, is a method of evaluating a computer system, network, or web application to identify potential vulnerabilities that could be exploited by cyber attackers. This process involves simulating real-world cyber attacks to uncover potential weaknesses in a system’s security defenses. Penetration testing aims to assess the security posture of an organisation’s IT infrastructure and … Read More

Email Security Risk Remains High

Tony MasonCyber Security, Data Protection, Email Security, Microsoft 365 Security

Almost every organisation reports experiencing email security incidents. Unfortunately, legacy approaches to technology and training can’t keep pace with evolving threats. A recent survey by Egress highlighted that cybersecurity leaders remain vulnerable to both inbound phishing attacks and outbound data loss and exfiltration.  This is making them question the effectiveness of traditional approaches to email security. 94% of the 500 … Read More

KnowBe4’s ‘Security Essentials for the UK’ Course is now NCSC Certified

Tony MasonCyber Security, Security Awareness & Phishing

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has announced that its Security Essentials for the United Kingdom course is now certified by the National Cyber Security Centre (NCSC). This coveted certification will lead to further security awareness training across the UK. NCSC Certification The NCSC’s certification programme is designed to assure high quality … Read More

Password Manager – The Good, The Bad & The Truth.

Tony MasonCyber Security, Data Protection, Password Management, Security Awareness & Phishing

As part of any security awareness training we cover passwords. We teach users how to choose secure passwords, with the right length and characters, pass phrases etc. However, the average person has to log on to over 170+ sites/services and usually only have 3 to 19 passwords. That means there are a lot of weak/shared passwords in use & some … Read More

5 Ways For Housing Associations to Level Up M365 Email Security

Tony MasonCyber Security, Data Protection, Email Security, Microsoft 365 Security, Security Awareness & Phishing

The newly published Email Security Risk Report reveals that 99% of Cybersecurity leaders are stressed about email security.  Plus 93% of organisations experiencing security incidents in the last 12 months.  It is easy to see why. For housing associations, the risk email poses to sensitive data is pervasive. They operate a complex infrastructure environment, and need to ensure employees are appropriately … Read More

Why you need Integrated Cloud Email Security (ICES)

Tony MasonEmail Security, Microsoft 365 Security, Security Awareness & Phishing

In their 2021 Market Guide for Email Security, industry analyst Gartner introduced the acronym ‘ICES’, which stands for integrated cloud email security. They also predicted that these platforms would make up 20% of anti-phishing solutions by 2025, up from 5% in 2021. You might also see the acronym ‘CAPES’ used to describe these platforms as well. This was coined by … Read More

Patch Management Explained: Best Practices & Benefits

Tony MasonCyber Security, Data Protection, Patch Management

All You Need To Know About Patch Management And Why Automated Patch Management Will Simplify Your Sysadmin’s Life – by ANDRA ANDRIOAIE. What is Patch Management? Patch management if the process of distributing and applying updates to software. These patches are frequently required to fix bugs in the software known as vulnerabilities. It entails the acquisition, review and deployment of … Read More

Zero Trust & ZTNA

Tony MasonCASB Cloud Application Security, Cyber Security, Data Protection, MFA, Web Security

Zero-Trust is a security framework of products or services that removes inherent trust from your organisation. Instead it requires strong, regular authentication/authorisation of all devices and users, together with context & policy adherence. Zero-Trust Network Access (ZTNA) is a term coined by Gartner. It uses the concept of ‘Zero Trust’ in the control of access to the company’s resources at … Read More

Vulnerability Scanning

Tony MasonAPI Security, Data Protection, Penetration Testing, Vulnerability Management & SIEM, Vulnerability Scanning

Why scanning more often could deliver surprising benefits you may not have considered. Can I just scan once per year, like with a penetration test? Penetration tests are uniquely effective in uncovering highly complex vulnerabilities in web applications: those which may require detailed human awareness and context in order to detect. However, whilst irreplaceable, penetration tests can also be relatively … Read More

Protect your Office 365 users & business against evasive phishing attacks.

Tony MasonData Protection, Email Monitoring, Microsoft 365 Security, Security Awareness & Phishing

One of the key challenges organisations are currently struggling with, or have seen, is an increase in Evasive Phishing. In addition, Impersonation Attacks and Business Email Compromise are also a problem.  All of these are getting past traditional gateway and perimeter security solutions. The sophistication of these attacks makes them increasingly successful in avoiding detection and fooling your employees.  This … Read More