Our stories

Be careful who you trust

In a reverse social engineering attack, the victim is tricked into contacting the attacker. As a result, they trust the attacker, and are less likely to be suspicious if asked for information such as passwords. It works like this:
  • The attacker causes some damage to the victim’s device or makes it appear that there is a problem. This might ...

Growing your business? Rule of 3 and 10

Is your business in a period of rapid growth? You may need to reconsider your approach to many things, including your approach to security. The rule of 3 and 10 was observed by Hiroshi Mikitani (CEO of Rakuten): everything breaks when a company triples in size. That is, when it grows from one to three employees, again at 10 employees, ...

See it, Say it, Sorted

See it, Say it, Sorted has become embedded in the UK culture—at least, for anyone who has been on a train in the last few years. Although it is an uncomfortable phrase (something about the change from instruction to promise, and the not-quite-rhyme), it is easy to remember, and effective. Apparently, since the campaign started in 2016, the number of ...
pink neon sign saying exit

Can yesterday’s visitor get access today?

How are electronic guest passes to your workplace configured? This morning, one of our colleagues could get into a building (and into various rooms in that building) using yesterday’s guest pass—because they'd been given access less than 24 hours earlier. Once the 24-hour time limit was met, the pass no longer worked. There are potential security issues here. Another person ...
Cork board with pins and notes, one saying 'whodunnit?'

Whodunnit?

Recently, the Click and Protect team took part in one of the regular CSP Whodunnit events. These are intended to be entertaining evening events, but also to raise cyber security awareness. The idea is that the team role-play various characters (some of which may be suspects) in a cyber-crime. Attendees must collate clues and work out who is guilty of ...

Looking for a security manager?

Let’s suppose you’ve decided you need to hire someone to manage your cyber security for you. Perhaps you don’t need to hire a full time employee (hint: you could use our security manager as a service, for however many hours a week you need), but you do need someone. Let’s also suppose you have no security personnel in place at ...