Writing and Blog
A collection of my writing, musings, and opinion pieces. Please check back for updates!
Ross is available for technical and other writing.
Should you be interested, please get in touch!
Multi-factor authentication, or MFA, is a way to log in to your services requiring at least two different types of authentication. This is much more secure than simply using a password, as someone would need to know what your second (or third) factor is, and have access to it in order to log in. MFA is divided into three broad categories, and when used will combine at least two of the categories.
Getting a compliance programme off the ground can be a daunting task. Executives and staff are already spread thin with day-to-day work, starting compliance efforts internally means that additional time must be made – time away from revenue generating activities. If you still need to research what needs to be done and how to do it, it just becomes unreasonable!
Three terms that are thrown around a lot in the space I consult in are data protection, data privacy, and information security. When speaking to a consultant like myself or a specialist in any of these fields, it may be confusing as to how they relate to one another.
It’s been a crazy year, with many developments in the privacy and security spaces. We’ve seen an upswing in phishing attacks and hacks, along with a heightened awareness of the risks out there. With that in mind, a number of new and updated offerings are available from Ross G Saunders Consulting.
While POPIA and GDPR come to the fore when it comes to fines and risks related to data protection, it’s important that we don’t forget that they are not the only financial impact an incident will have. Recently, I’ve been advising on a few incidents as well as chatting to some InfoSec counterparts in the UK about their experiences, and the costs involved in any sort of incident are staggering.
Something I’ve found in a number of my clients that have had cyber security incidents is that a blanket phrase of “we got hacked” seems to get thrown around a lot. Much like the word “breach” is dangerous to use prematurely, “hacked” also has a number of connotations to it. In some cases, I find that the phrase is used to abdicate responsibilities by making it appear that there was nothing that could be done in order to avoid the hack – which is often not the case.
In an ideal world, your Information Officer (or Data Protection Officer under GDPR) comes from a legal background and is familiar with privacy regulation and other related laws. In reality though, particularly for SMEs, this is rarely the case.
Within the context of GDPR, there are a number of restrictions on how one may process data outside of the European Union (EU) or European Economic Area (EEA). One mechanism for moving past these restrictions is when the European Commission judges a foreign nation’s privacy law as “adequate”.
Throughout the year there are a number of public events hosted by Ross G Saunders Consulting and our partners, the following events are approaching for late October and November.
In past articles, I’ve mentioned Privacy by Design and Standard Operating Procedures. In this post, I will chat about the importance of combining them. GDPR, Europe’s privacy regulation, mandates the need for Privacy by Design and Default. While no set guideline exists in the regulation, there are a number of questions you can ask as part of your SOP design.