Why do organisations need a security culture? Isn’t software enough?

How many times have you heard people making excuses about “computer errors”? It’s the go-to response when payments are missed, astronomical bank charges are requested and files mysteriously go bump in the night. But the reality is, computers don’t make mistakes – they do exactly what we tell them to do. Humans, on the other hand? We’re always the weakest link – too much stress, a few drinks after hours and rushing to make it out the door by 5pm can all make people scatty.

According to a 2019 survey conducted by Censuswide, 89% of surveyed organisations in the UK said they had suffered some kind of security breach – of which a staggering 63% had been down to user error.

That’s why the phrase “you’re only human” exists. We’re not super infallible beings; we slip up from time to time. And when we do, the consequences can be dire. Embedding security culture into your organisation is all about minimising those mistakes and providing humans with a framework that helps them make good decisions.

Creating a culture of security

All cultures need time to grow. It’s not something that’s going to happen overnight, but if you invest in the right tools and lead by example, you’ll soon be able to transform your organisation and create a secure, panic free environment.

1. Willingness to change

Successful organisations understand the importance of responding to what’s going on in the world and aren’t afraid of new technology.

2. Strong leadership

If staff see their managers sharing passwords, the message is that it’s ok to be lax about security. A solid security culture starts at the top and should be embedded in everything you do.

3. Celebrating success

For people to invest their time and effort, they need to see that it’s worthwhile. Good cyber security companies will be able to provide you with reports about suspicious activity and potential breaches. Sharing these with staff will help them understand they’re making a difference.

4. Return on investment

Cyber security services are all about lowering vulnerabilities and protecting data, but not all offerings are created equal. Selecting the right provider will enable you to show stakeholders you’re spending money wisely.

GDPR – ICO Takes Action Against Organisations That Have Failed To Pay New Data Protection Fee

GDPR – ICO Takes Action Against Organisations That Have Failed To Pay New Data Protection Fee

ensure your business is GDPR compliant

The General Data Protection Regulation (GDPR) only came into force 5 months ago, on 25th May 2018, and already the ICO have begun taking action against organisations.

Last month, the Information Commissioner’s Office (ICO) announced that it is taking formal action against 34 organisations under the GDPR, for failing to pay the new data protection fee for 2018. These organisations, that include financial services, recruitment companies and NHS bodies, could face a fine of up to £4,000 should they fail to pay the fee.

A data protection fee is the annual cost that companies must pay to the ICO, and this fee varies between £40 and £2,900 per year. This was also the case under the Data Protection Act 1998. Where organisations that collect and handle personal data had to pay an annual registration fee to the ICO.

Under the General Data Protection Regulation, the yearly fee you pay depends on the size of your organisation. Micro-organisations will pay an annual fee of £40, SMEs (small and medium-sized organisations) will pay a £60 fee, while large organisations will pay £2,900 for the year.

The notices of intent to the 34 organisations were sent last month, and these organisations had 21 days to respond with payment. If they pay the fee, action from the ICO will stop. Failure to pay the fee will result in a fine, which will range between £400 and £4,000, and again, this will depend on the size of your business.


How Ghost Can Help?

If you’re worried about how GDPR will affect your business, you can get in contact with Ghost. Ghost are experienced GDPR experts, and have partnered with our friends at IT Governance to provide GDPR Consultancy, Assessment and Compliance services to local businesses in Essex, Hertfordshire and Cambridgeshire.

Take the first steps towards GDPR compliancy by contacting 39 Degress on 01279 800039 and speaking directly with one of our data protection experts. You can find out more about our GDPR Consultancy services by visiting our GDPR page.

Facebook Security Breach: October 2018

Facebook Security Breach:
October 2018


On Tuesday 25th September 2018, Facebook was the victim of a cyber-attack, which has affected over 30 million Facebook users. This attack is the worst security breach that Facebook has been the victim of, with the hackers successfully accessing the personal data of 29 million Facebook accounts.

Facebook has launched an investigation into this cyber-attack, after discovering that the attackers had obtained tokens from the system, which allows them to request certain information from the platform.

The hackers have accessed a range of information from these users, including their personal information and contact details. For around 15 million users, the attackers obtained their usernames and contact details, and this includes their phone numbers and email addresses.

For the other 14 million Facebook accounts, the hackers accessed the above information, as well as their gender, language, relationship status, religion, hometown, current city, birthdate, education and more.

Facebook users can check whether they have been affected by the attack by visiting their Help Centre. Victims should also have received a message from Facebook themselves, informing whether you are 1 of the 30 million, and explaining which information may have been accessed.


Cyber Security for your business

Here at 39 Degress, we believe that cyber security is paramount for running a business. If large organisations are vulnerable to security breaches, it’s important that you are protected from cybercrime.

With our Cyber Security services, we’ll help protect your business against the latest ransomware, malware, hackers and other threats, and ensure that you avoid becoming the victim of cybercrime. Ghost will also ensure that your business-critical data is secure and that your business complies with ISO27001 and GDPR regulations.

Our Cyber Security services include PEN testing, anti-virus and anti-malware, 2-factor authentication, email security and even Certified Cyber Security training for your workforce. To find out more about how Ghost can help improve your cyber security capabilities, call our team today on 01279 800039 and speak directly with one of our experts, who can help you prevent a cybercrime from occurring. You can also find out more by visiting our Managed Cyber Security services page.