Writing and Blog
A collection of my writing, musings, and opinion pieces. Please check back for updates!
Ross is available for technical and other writing.
Should you be interested, please get in touch!
Although its been around for a while, Privacy by Design and by Default has really come to the fore in Article 25 of the GDPR. This concept puts forward that if you are designing a process, technology, or any other item in a business, it should be designed to be secure and private by default.
For the remainder of 2019, I am running a promotion on my popular “Introduction to Data Privacy” workshop – a workshop designed to upskill all staff in a company on what Data Privacy is. A while back I wrote an article on why education is important, this workshop facilitates that and so much more!
A vital part of any Data Protection strategy is that of an incident response plan and policy. Your incident response policy dictates what your company does in the event that there is an incident within the business involving data, and the incident response plan details who is responsible for what function during an incident, and how to perform any actions that need to take place.
Everybody needs to know about Data Protection and Privacy, particularly the C-suite and senior management. My Data Protection Brunch series is just the thing to up-skill yourself and your leadership team. These informal brunch meetings take place around the country and detail the ins and outs of Data Protection for your business.
Recently, a bank in South Africa (FNB) drew the ire of the security and privacy communities when they disabled the use of password managers on their online banking system – resulting in people having to remember much shorter and less secure passwords as opposed to highly secure passwords generated in password managers. From their press releases, it would seem that their intention was to disable the saving of passwords in a browser, which inadvertently disabled the use of password managers too. They have since retracted the code that disabled this so that password managers can remain in use, while issuing a stern warning against saving your passwords in a browser.
A trend I’ve seen is that executives and staff outside of the security and privacy space often refer to any event involving IT security as a “breach”, not only is this incorrect, it’s a dangerous word to be throwing around with some serious consequences. In this article, I’ll be looking at four main terms, those of events, threats, incidents and breaches, as well as the differences between them and why a distinction is vitally important.
On a couple of occasions I’ve mentioned the importance of Standard Operating Procedures and how they can benefit both your business and your privacy exercises. In today’s article, I’m going to show you just how easy it is to get started in mapping these out.
As a small business, it’s easy to fall into the trap of not documenting your privacy related efforts and activities. We get caught up in the day-to-day running of things and documentation is really the last thing on our mind. It is, however, vital to your efforts – because if anything goes wrong, you’ll need to show proof of what you have done to protect data.
While I normally discuss matters of data protection and privacy, another topic I’m hugely passionate about is management – particularly new managers being promoted from specialist roles. When the same happened to me many years ago, it took a long time for me to learn the skills needed in order to effectively lead.
If you are like me, and you spend a fair amount of time on Facebook, you would have been inundated in the last couple of days with photos of your aged friends - courtesy of the FaceApp app once again going viral with a new filter. With equal voracity, it seems that...