Grabbing my morning coffee, I log in to the Jisc Cyber Essentials Pervade portal and see I have 3 Cyber Essentials assessments to mark today https://www.jisc.ac.uk/cyber-essentials. That shouldn’t take me too long, if the applicants have been clear and detailed in their responses. I need to have a good understanding of their estate to award […]
Guest post by Tom S Academia lead – The Mail Check Team NCSC Active Cyber Defence Cyber security is improving in many areas, but the adoption of DMARC anti-spoofing is still too low. NCSC tools and tips gathered from around the community can help as this guest post from Tom S, Academia lead in NCSC’s Active […]
Categories
Ransomware in the Education Sector
Throughout 2020 we have seen different types of ransomware utilising various attack methods and operational techniques to infiltrate networks. The types seen include: RYUK, Ouroboros, Cryakl, rEvil, Mapo and Corona-lock. One common initial infection vector has been malware such as TrickBot (commonly seen within a triple threat vector alongside Emotet and RYUK). While infection via […]
Categories
Electronic Signatures
Electronic signatures, or e-signatures, are a means of signing documents in the same way that documents and agreements are signed using a written signature on hardcopy documents. Electronic signatures can come in any form that the parties to a contract agree on, but in general fall into three distinct categories. Simple e-signatures These are direct […]
Categories
Tips on Zoom safety
The Janet Computer Security Incident Response Team (CSIRT) would like to bring to your attention some recent reports in relation to Online Video Conferencing Platforms we have seen. Due to the restrictions related to Covid-19, the use of online video conferencing has seen a significant increase and understandably, organisations are trying to facilitate as many […]
Many organizations want to check that their suppliers and partners are managing information security risk, and possession of an ISO 27001 certificate is often the preferred way to evidence this. If you are reliant upon the assurances that an ISO certificate can provide, checking that the certificate is valid is an important but not particularly […]
Shortly after the recent attacks on TalkTalk the Culture, Media and Sport Committee decided to hold an inquiry into the circumstances surrounding the data breach, but also the wider implications for telecoms and internet service providers. This raised a number of issues around the premature speculation around the causes of the incident, cybersecurity within the telecoms industry, and the […]
The past week saw a number of breaches of usernames and passwords from well-known websites. People are prone to reuse passwords across personal and corporate accounts, and compromised social networking accounts can be used to conduct social engineering attacks. These incidents have the potential to impact on your own organisation but it can be difficult to […]
Categories
TalkTalk and Encryption
In the week since the TalkTalk breach there’s been commentary on encryption of data, particularly with their CEO’s comments that they were not legally required to encrypt data. Of course encrypting the storage of data at rest is a common sense control against a range of threats such as physical theft or loss of the […]
Yesterday UCISA published the Information Security Management Toolkit that provides guidance to higher education institutions wishing to establish systems to manage information security. Authors from across the sector contributed to the content including Andrew Cormack and myself from Jisc. Previous guidance from UCISA which mainly focused on the application of ISO/IEC 27002:2005 to Higher Education. This new […]