Indelible Data teams clash in a messy Capture the Flag showdown!

Indelible Data have been back to paint balling again! This time with bigger teams and more bruises as Abbey Wright discovered. Team captains Jason McNicholas and Euan Henderson led their teams into battle where we took part in trying to capture the flag in three very thrilling terrains. Ultimately, Euan’s team did take the win …

When are user accounts actually admin accounts?

Under Cyber Essentials, there are various controls that are related to administrative accounts and their use, writes Cyber Security Technologist Tyson McGuirk. The scheme makes it very clear that user accounts and admin accounts should be separate and only used for their intended purpose. Admin accounts have access to additional permissions and services that would …

Hackers have developed Android APKs that can evade security software

Android Package Kit (APK) is the file format that the Android Operating Systems use to distribute and install apps, and therefore contains all the elements that an app needs to install correctly on your device, writes Cyber Security Technologist Euan Henderson. According to Zimperium, hackers are using APKs to bypass security measures using new compression …

The Electoral Commission failed Cyber Essentials certification ahead of major breach

The Electoral Commission has admitted failing Cyber Essentials at around the same time as it suffered a major security breach, writes Cyber Security Technologist Tyson McGuirk. In August 2021, names, addresses, and other personal information from the register was compromised in a suspected hack. This incident reflects the significance of the Cyber Essentials scheme as …

Should I include irregular devices and operating systems in Cyber Essentials?

The first step in a Cyber Essentials assessment is to determine what organisational data and organisational services are used in your business, writes Cyber Security Technician Tom Boughton. Common examples of organisational data are emails, documents, database data, or financial data, with common examples of organisational services being software applications, cloud applications, cloud services, and …

How will Windows Server 2012 EOL affect Cyber Essentials?

Windows Server 2012 and 2012 R2 have been among Microsoft’s most successful and widely used server Operating Systems since its release 11 years ago, writes Lead Assessor Jason McNicholas. Server 2012 and Server 2012 R2 will reach their end-of-life on 10th October 2023. This means that Microsoft will cease to provide security updates, bug fixes, …

PSNI Excel Data Breach – What are the lessons learned?

Access management controls and security awareness training could have helped prevent the Northern Ireland police data breach. Earlier this month, the Police Service of Northern Ireland (PSNI) confirmed a serious data leak  stemming from  a Freedom of Information request, writes Cyber Security Technician Thomas Boughton. The request led to an excel spreadsheet containing surnames and …

Vulnerability Scanning, Penetration Testing, and Cyber Essentials Plus – What’s the difference?

We are often asked to describe the differences between the different levels of technical assurance that we offer, writes Director Tony Wilson. In this blog we will focus on three different types of service and conclude with a hybrid service designed for companies with smaller budgets called a “Cyber Audit”: Cyber Essentials Plus Vulnerability Scanning …

Knots that bind – team building on Derwentwater

Glorious sunshine beat down on the Indelible Data staff as we battled it out on homemade rafts on Derwentwater during our latest team building event. Split into two teams led by Tom Boughton and Aidan Collins, there was quick decision making and problem solving needed to build rafts that floated. Rope knots learnt at cubs …

MOVEit breach – another good reason to achieve Cyber Essentials

Many UK organisations suffered data breaches when criminals exploited a vulnerability in Progress Software’s MOVEit file transfer app, but with the right patch management the impact could have been greatly reduced. Those with Cyber Essentials may have been at an advantage as the scheme helps organisations identify gaps in patch management through auditing of installed …