Is your candidate real? North Korea scams
Is your candidate real? North Korea scams In May 2024, the U.S. Department of Justice unsealed charges against individuals involved in schemes where overseas IT workers, some linked to North Korea, posed as U.S. citizens to secure remote employment with over 300 American companies. These workers utilized stolen or borrowed identities to gain employment with […]
Using the NIST Cyber Security Framework (CSF) v2
Using the NIST Cyber Security Framework (CSF) v2 In this post, we’ll talk about using the NIST CSF v2, and show you that managing cyber security risk need not be like trying to juggle flaming chainsaws while riding a unicycle under the big top! We’ll explain how you can use the NIST CSF 2.0 to […]
Law Firms And Cyber Tech
Cyber security and law firms: Don’t just do it! The shiny allure of technology is so enticing, and the sales-siren’s call, “Just buy this thing and all your pain will go away” is almost irresistible. But for law firms, cyber security is rarely a problem that can be solved with technology alone. Legal practices handle […]
A long life with ISO 27001!
Happiness and a long life with 27001 We don’t just talk the ISO talk, we’ve walked the compliance walk and we’re ISO 27001-certified, so we know what it takes to implement and maintain a compliant ISMS. Our 27001 lead implementers and assessors have a wide range of certifications including PCI DSS QSA, ISO 27001, CISA, […]
TPSP AOCs save you money!
a tpsp WILL SAVE YOU MONEY! Protecting sensitive information has become a vital aspect of running any business, and one area that requires a high level of vigilance is payment security, especially for businesses that handle credit card (also known as cardholder) data. These businesses must adhere to the Payment Card Industry Data Security Standard […]
DotSec’s AOC saves you money!
DotSec’s AOC saves you money! Payment card information remains one of the most targeted forms of data. For Australian organisations that store, process or transmit cardholder data, PCI DSS compliance is essential — not simply as an annual requirement, but as a way to reduce risk and improve the security of systems that support payment […]
Hey nice business!
Hey, nice business! Lack of awareness has led some organisations to believe that ransomware and extortion attacks are uncommon. This in turn can lead to a perception that the level of business risk does not warrant expenditure on improving cybersecurity maturity. Consequently many organisations are poorly protected and open to compromise, and are unable to […]
Cyber insurance: A risky business
Cyber insurance. A risky business! As the frequency of cyber attacks increases and incident recovery becomes more expensive, it is important for businesses to have cyber insurance to reduce the potential losses associated with such events. In fact, such coverage is something we expect will become mandatory for all kinds of contracts and agreements in […]
It’s not what you know…
SOC and SIEM. It’s not what you know. (Actually, that’s exactly what it is!) Monitoring eCommerce sites for compromise DotSec knows that securing eCommerce sites properly can be tricky. Various best-practice guides to securing eCommerce software such as Magento do exist (see [1], [2] below) but despite the efforts of all concerned (including system owners, […]
Security for Australian law firms
2023 State of Cyber Maturity for Australian Law Firms The 2023 State of Cyber Maturity for Australian Law Firms survey invited legal professionals to share their approaches, motivations, decision making, and management towards cyber security. DotSec commissioned independent market research firm Momentum Intelligence to conduct the survey in collaboration with Lawyers Weekly. The survey was conducted on behalf […]