Navigating the SWIFT Customer Security Programme: Tips for Compliance and Certification
Ah, the SWIFT Customer Security Programme, or CSP for short. It’s the financial world’s equivalent of a secret society initiation – you have to prove you’re worthy to join the club. While it might not involve ancient rituals or hooded figures, the CSP can be a daunting maze of security requirements. In the ever-evolving landscape […]
Why Red Teaming is Critical for Cybersecurity: Lessons Learned from Real-World Attack Simulations
Organisations have a continuing problem in a world where technology is everywhere, changing our lives and interactions; updating their defences against bad actors who exploit the ever-evolving tech ecosystem. To fully realise the potential of the digital age, cybersecurity must be integrated into every aspect of modern life. Cybersecurity, rather than being a separate notion, […]
How does PCI DSS v4.0 affect an entities website compliance?
PCI DSS is not a new thing, in fact, it has been around since December 2004. As with any security programme it has been regularly updated to ensure it is fit for purpose in the modern day. It’s due another major change moving from its current iteration (3.2.1) to Version 4.0. The latest version is […]
ChatGPT: An Overview of Potential Security Vulnerabilities
ChatGPT is on everybody’s lips. LinkedIn is awash with posts. It’s a hot topic. Depending on what you read, it’s going to improve the world, put us all out of jobs and/or send a T800 to 1984 to kill Sarah Connor. We thought we would jump on the bandwagon and ask it a question of […]
Social Engineering: Smishing & Vishing
On Thursday, 24th November 2022 the Met Police lifted the media embargo to report on the largest fraud case because of social engineering. It has been reported that £48M has been taken collectively, with one victim reportedly losing £3m. Sky News’ report can be read here: UK’s Biggest Fraud Sting Takes Down Phone Bank Scam that […]
PCI DSS version 4.0 Release Schedule
The PCI SSC has announced that PCI DSS version 4.0 is scheduled for publication at the end of March 2022. A number of our QSA clients have been longing for a peek at the draft version, however I’ve signed my life away under a non-disclosure agreement with the PCI SSC so I’m still obligated to […]
WFH or returning to the office – one clear requirement
WFH OR RETURN TO THE OFFICE – ONE CLEAR REQUIREMENT The pandemic has caused a huge shift in the way we work. But as the UK continues to lift its Covid measures, whether your staff remain at home, come back to a desk-bound role, or mix and match dependent on need, space and […]
Redundant QSAs: Working Smart, Side-Stepping the Rabbit Hole & Streamlining
Are your QSAs wasting your time (and money)? Your QSA shouldn’t just be ensuring you are PCI DSS compliant. They should be side-stepping the potential rabbit hole, creating a value-added service, and making their roles (sort of) redundant. The result? Control reduction (does 240 to 21 sound acceptable?) The benefit? You save money, time and […]
We (nearly) got Phished: How Staff Complacency & Misconceptions are your BIGGEST Threat
Don’t be fooled – long gone are the days where phishing scams were clumsy, clunky, and oddly written, suggesting that you transfer money or claim your free prize. Now, the oh-so-sophisticated scams make us feel safe and looked after. They often gently request an update of information and, seemingly, nothing more. However, we are still […]
Recruit-A-Criminal!
We’re currently recruiting within the business, it’s a positive sign, it means that we are growing and able to take on even more clients. We’re hoping that the new recruit will add a new dimension to us by introducing their own thoughts and experiences. This is what we hope. Hope. I hate “hope”. Hope isn’t […]