Data Privacy, Compliance & Risk Monthly Round-Up
ISMS.online
Protect and grow your business with the leading ISO 27001 and compliance solution. ISO27001, ISO27701, GDPR, SOC2 + more
November has been busy with governance, risk, and compliance news, so this month's newsletter is bursting with the latest essential headlines, helpful content, reports and insights to keep you up to date.
Read on to learn more about these stories, access handy resources, and more.
Latest Blogs?
Phil Muncaster examines the CRA in detail, including what it covers, which types of businesses it will apply to, what organisations impacted by the legislation need to do, and how ISO 27001 provides best practices to help businesses comply.
The Cyber Security Act makes cybersecurity a national priority, introducing new standards for smart devices, ransomware reporting, and critical infrastructure protections. Phil Muncaster dives into the Act's far-reaching impact and what businesses can do to stay ahead.
The ISO 45001 standard provides a framework for businesses to build, maintain, and improve an effective occupational health and safety management system (OH&S management system). Christie Rae examines the standard's structure, requirements, and benefits.
Danny Bradbury 's latest blog explores the Marriott data breaches, the FTC settlement enabling consumer data deletion requests, and how businesses can prepare for growing data deletion requirements with a robust data governance strategy.
An October report from Forescout identified 14 new firmware flaws in DrayTek routers. In his latest blog, Phil Muncaster discusses these vulnerabilities and explains why organisations need to get serious about protecting their routers.
The NCSC warned of a China-linked botnet compromising over 260,000 devices globally. Nicholas Fearn highlights the threat and steps organisations can take to defend against botnet attacks.
Latest News?
Google Schedules Mandated MFA For All Cloud Users
Google has announced it will implement mandatory multi-factor authentication for all cloud users beginning next year. > Read more
Russia plotting to use AI to enhance cyber-attacks against UK, minister will warn
On Monday, Pat McFadden will tell a Nato conference that Russia could knock out the UK's electricity grid. > Read more
Privacy update: Getting ready for IPP 3A
The Privacy Amendment Bill will introduce a new Information Privacy Principle 3A (IPP 3A), which will take effect on June 1, 2025, and bring additional privacy requirements. >read more
Ripple effect: the devastating impact of data breaches
The ICO Commissioner, John Edwards, issued a stark warning about the devastating human impact of data breaches, stating that organisations must take greater responsibility in protecting individuals. >read more
Microsoft SharePoint RCE bug exploited to breach corporate network
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. >read more
Microlise Confirms Data Breach as Ransomware Group Steps Forward
The SafePay ransomware group claims to have stolen over 1 terabyte of data from vehicle tracking solutions provider Microlise >read more
New York fines Geico $9.8 million over data breach
The New York Attorney General's office has fined car insurance company Geico $9.75 million for hacks that obtained personal information on 116,000 drivers in the state. >read more
Free Resources??
NEW Podcast: Introducing our Podcast, Phishing For Trouble
Our brand-new podcast dives into high-profile cybersecurity and compliance incidents. It brings together industry-leading experts in this 10-part series to break down what went wrong, uncover critical lessons, and share practical tips to help businesses stay secure and resilient.> Listen Now
Smarter Integrations and Powerful New Features Are Here
Streamline your compliance journey with our latest integrations and feature updates! From seamless connections with tools like JIRA and Slack to powerful new enhancements designed to simplify workflows and supercharge your ISMS, we're delivering smarter, faster solutions to meet your evolving needs. >Speak To An Expert Now
Upcoming Webinar: Navigating DORA Compliance with ISO 27001- A Roadmap to Digital Resilience
The Digital Operational Resilience Act (DORA) is reshaping financial sector compliance, introducing strict requirements for ICT risk, incident response, and third-party management. Discover how ISO 27001 can provide a streamlined, practical approach to meeting these challenges and building resilient digital operations. > Join Live On Thursday
Your Compliance Success Story Starts Here
If you're looking to start your journey to better information security and data privacy management, we can help.?
Our ISMS SaaS platform enables a simple, secure and sustainable approach to information management with ISO 27001, SOC 2, NIST and over 100 other frameworks.?Unlock your competitive advantage today.?
Follow us on social media.