Writing and Blog

A collection of my writing, musings, and opinion pieces. Please check back for updates!

Hire Ross

Ross is available for technical and other writing.

Should you be interested, please get in touch!

What is Multi-factor Authentication (MFA)?

Multi-factor authentication, or MFA, is a way to log in to your services requiring at least two different types of authentication. This is much more secure than simply using a password, as someone would need to know what your second (or third) factor is, and have access to it in order to log in. MFA is divided into three broad categories, and when used will combine at least two of the categories.

read more

Privacy-in-a-Box Solution

Getting a compliance programme off the ground can be a daunting task. Executives and staff are already spread thin with day-to-day work, starting compliance efforts internally means that additional time must be made – time away from revenue generating activities. If you still need to research what needs to be done and how to do it, it just becomes unreasonable!

read more

Just how much does a data incident cost?

While POPIA and GDPR come to the fore when it comes to fines and risks related to data protection, it’s important that we don’t forget that they are not the only financial impact an incident will have. Recently, I’ve been advising on a few incidents as well as chatting to some InfoSec counterparts in the UK about their experiences, and the costs involved in any sort of incident are staggering.

read more

Hacks, Phishing, Zero-Days – What’s the difference?

Something I’ve found in a number of my clients that have had cyber security incidents is that a blanket phrase of “we got hacked” seems to get thrown around a lot. Much like the word “breach” is dangerous to use prematurely, “hacked” also has a number of connotations to it. In some cases, I find that the phrase is used to abdicate responsibilities by making it appear that there was nothing that could be done in order to avoid the hack – which is often not the case.

read more

Training your Information Officer

In an ideal world, your Information Officer (or Data Protection Officer under GDPR) comes from a legal background and is familiar with privacy regulation and other related laws. In reality though, particularly for SMEs, this is rarely the case.

read more

Processing European Data in South Africa

Within the context of GDPR, there are a number of restrictions on how one may process data outside of the European Union (EU) or European Economic Area (EEA). One mechanism for moving past these restrictions is when the European Commission judges a foreign nation’s privacy law as “adequate”.

read more

Upcoming Public Events – Oct / Nov

Throughout the year there are a number of public events hosted by Ross G Saunders Consulting and our partners, the following events are approaching for late October and November.

read more

Privacy by Design in SOPs

In past articles, I’ve mentioned Privacy by Design and Standard Operating Procedures. In this post, I will chat about the importance of combining them. GDPR, Europe’s privacy regulation, mandates the need for Privacy by Design and Default. While no set guideline exists in the regulation, there are a number of questions you can ask as part of your SOP design.

read more