Fresh Security Blog

This week, the idea of tuning out the detail popped into my head while reviewing Microsoft 365 Conditional Access policies...

Dice with letters on showing the word GAME.

Fresh Thoughts #78: The Password Game

August 7, 2023

Cybersecurity isn't great with empathy. Choosing correct over compassionate. Here's how you explain this to cybersecurity pros...

Chess board about to be attacked by a cat

Fresh Thoughts #77: Three Days in the Desert

August 1, 2023

Whether you follow the teachings of Sun Tzu or Rage Against The Machine - we are told “know your enemy”...

Fresh Thoughts #76: How a Service Provider's Claims Made Me Go on a Diet

July 25, 2023

Personal training and security are about doing - not about talking and what could be done.

Fresh Thoughts #75: Your Policy is a Collection of Experiences

July 18, 2023

What decides your risk tolerance? Your risk assessment, policies, and processes? Or the actions of your staff?

Fresh Thoughts #74: We built Fresh Security on a Foundation of Sustainability

July 11, 2023

Once set, automation can sustain - until it's stopped. But people. People need breaks.

Grown up robot figure and child robot figure.

Fresh Thoughts #73: Deep Fakes - The End of the World is Nigh...

July 4, 2023

Are voice-based AI deep fakes real? The news say - Yes! ...but when you trace the origin of the story, the answer isn't clear.

Fresh Thoughts #72: Are We Under Attack From Voice AI Scams?

June 27, 2023

If you read the media, the answer will almost certainly be "Yes..." - but things are not quite as clear as they seem.

Fresh Thoughts #71: Responsible Disclosure

June 20, 2023

Even with the best testing in the world - there will be faults and security vulnerabilities. That's why we have responsible disclosure...

Fresh Thoughts #70: 250,000 False Positives?

June 13, 2023

Saying there are 250,000 security vulnerabilities means there are 250,000 ways that assist or enable a hacker to break into that business...

Fresh Thoughts #69: Bypassing Multi-Factor Authentication

June 6, 2023

Our blind spots are the risks we accept tacitly - because we don't know any different. One of those blindspots is likely how hackers are currently bypassing multi-factor authentication (MFA).

Fresh Thoughts #68: Do Nothing Until the Risk Becomes Unbearable

May 30, 2023

That wall is starting to feel like an unacceptable risk. Maybe it's time to schedule some preventative maintenance. Is it time for your executives to review the risks they currently accept in your IT systems?

Paper boats going in a line until they hit a drop.

Fresh Thoughts #67: Monitoring - Executive Needs

May 23, 2023

Last week I started a mini-series on automating audits. This week - how can monitoring help us understand what executives and IT administrators need from audits?

Fresh Thoughts #66: Automating Audit

May 16, 2023

For cybersecurity - the thinking of point-in-time audits and fixes is almost a decade out of date... "Microsoft's Patch Tuesday leads to Exploit Wednesday".

Fresh Thoughts #65: How to Spring Clean Your Data

May 9, 2023

Last week we looked at spring cleaning your network. This week - it's all about organising your business information.

Fresh Thoughts #64: How to Spring Clean Your Network

May 2, 2023

Spring is in the air. As most cybersecurity projects start by tidying an existing environment before making improvements - spring cleaning came to mind. This week - it's all about your network.

Fresh Thoughts #63: The Power of Experiences

April 25, 2023

"Please, can you pass me that soldering iron?". He picked up the wrong end. At that moment, I recognised the difference between book knowledge and experience...

Fresh Thoughts #62: Scattered Secrets: How Lockdowns Changed IT and the Way We Think About Security

April 18, 2023

The last vestiges of the pandemic are playing out, and returning to pre-pandemic policies. But one area I have already seen a substantial change is in business IT...

Fresh Thoughts #60: The Truth About Incident Response

April 4, 2023

Responding to cybersecurity incidents doesn't always get to the "truth", and that's why you must prepare beforehand...

Fresh Thoughts #59: What Do Soft Play Centres, Top Secret Government Bases and Your Supply Chain Have in Common?

March 28, 2023

Spending most of my time looking and thinking about security issues in customers' supply chains - I found an unconventional yet fitting comparison...

Fresh Thoughts #58: Vulnerability Scans or Pen Tests?

March 21, 2023

I was helping prepare a cyber insurance questionnaire, and a thorny question arose - What's the difference between a vulnerability scan and a penetration test?

One match next to the other and now also

Fresh Thoughts #57: Backup and Disaster Recovery Are Very Different Things

March 14, 2023

Working in the computer storage industry I learnt a valuable lesson - which many knowledgeable, technical people still don't recognise...

Fresh Thoughts #56: We Made a Mistake

March 7, 2023

Mistakes will happen. But how can you minimise the number of mistakes - and systematically learn from them when they occur?

Fresh Thoughts #55: A Great Security Experience

February 28, 2023

It's hard to see the value of security until it's needed. It can feel like a waste. But security is the cosiest feeling when the chips are down.

Fresh Thoughts #54: What Can a Stolen Handbag Teach Us About Threats?

February 21, 2023

The latest version of ISO 27001 has a new control - Threat Intelligence. What is it? And how can a recent theft help us understand more?

Fresh Thoughts #53: Asset Management - Done Differently

February 14, 2023

If you don't know what devices connect to your network, how can they be secured? Are they patched and configured correctly? Let's talk asset management.

Fresh Thoughts #52: Should You Pay a Ransom?

February 7, 2023

Ransomware payments - I thought I knew the answer. But researching the topic ready for this newsletter, I found a much more complicated situation.

Fresh Thoughts #51: Autumn/Winter Directory 2023

January 31, 2023

Next week it will be one year since I started writing Fresh Thoughts. Time to reflect on the stories we've covered in the past year...

Fresh Thoughts #50: The 10 Immutable Laws of Security Administration

January 24, 2023

This hard-to-find blog post from 2000 lays out ten fundamental truths of cyber security. 23 years on... it's still insightfully brilliant.

Fresh Thoughts #49: How Do You Respond? OODA

January 17, 2023

This is the model I use to respond to all types of cybersecurity and business situations... OODA.

Fresh Thoughts #48: Are Cyber Attacks "Uninsurable"?

January 10, 2023

The headlines say, "Cyber attacks set to become 'uninsurable', says Zurich chief"... But is this real or clickbait?

Fresh Thoughts #47: Situation Normal. The End of the World Is Nigh.

January 3, 2023

As is tradition the conclusion of the LastPass data breach was spun into "the end of the world is nigh" scaremongering. But what does it actually mean?

Fresh Thoughts #46: The People Perimeter

December 20, 2022

No amount of cybersecurity technology can provide perfect protection. At some point, your people will need to form a defensive perimeter...

Fresh Thoughts #45: Can ISO-27001 Solve Our Siloed Comms Problem?

December 13, 2022

ISO 27001 isn't just a security certification - it can also help your team communicate effectively.

Fresh Thoughts #44: Let Technology and People Play to Their Strengths

December 5, 2022

Do people and technology both have the same strengths in cybersecurity?

Fresh Thoughts #43: Who Do You Trust More - People or Tech?

November 29, 2022

It can be challenging to decide which is better... Buying more security tech or taking a human-centric approach? Here are some points you should consider...

Fresh Thoughts #42: My Security Is Like Swiss Cheese

November 22, 2022

Your security is like Swiss cheese. Is that an insult or a good thing?

Fresh Thoughts #41: Are You Ready to SOAR?

November 15, 2022

Are you ready to auto-magically respond to every other incident with SOAR... 🤔

Fresh Thoughts #40: Think Like a Hacker

November 8, 2022

What motivates a hacker to infect a computer? Let's use the recent EMOTET outbreak as an example...

Fresh Thoughts #39: The #1 Reason Cyber Insurers Don't Pay

November 1, 2022

Why do cyber insurers refuse claims? It turns out there's one main reason...

Person standing alone in a field of wheat

Fresh Thoughts #38: “You're on your own.”

October 25, 2022

Sandip Patel KC tells us - "The government and law enforcement are not going to save you from cybercrime."

Fresh Thoughts #37: What Does It Take to Get ISO27001:2022?

October 18, 2022

You're thinking about ISO 27001:2022… So what does it take to achieve the certification?

Fresh Thoughts #36: Get Security Certified! Why Should We?

October 11, 2022

Why do we do cybersecurity? It's a question we regularly ask at Fresh Security and the answers are pretty predictable...

Fresh Thoughts #35: Who Represents Your Business?

October 4, 2022

Every new Fresh Security customer receives a handwritten Thank You note. It's a small token saying - we appreciate your trust...

Fresh Thoughts #34: Are We Asking Too Much of IT Admins?

September 27, 2022

"When I started, it was common to have 6-9 months to figure out a new technology... Now my team has 2 days."

Fresh Thoughts #33: The Show Must Go On

September 20, 2022

After every shock or atrocity, there is a time of recoil. This pause happens whether it's an event of world significance, a purely personal one...

Fresh Thoughts #32: The Queen's Wit

September 13, 2022

10 Minutes Read

My mum's Irish. And like many old societies, the Irish have strong opinions about death. If you've been to an Irish wake, you'll know...

Fresh Thoughts #31: The State of Cyber Insurance - September 2022

September 6, 2022

In March we made predictions about the cyber insurance industry. Were we right?

Fresh Thoughts #30: Spring/Summer Directory 2022

August 30, 2022

With 29 issues of Fresh Thoughts under our belts, it's time to pause and reflect. Here are the themes we have touched on...

motion blur of people walking in an underground station

Fresh Thoughts #29: Security Should Be Shaker, Not Silk

August 23, 2022

The minimal elegance of Shaker furniture doesn't always come to mind when thinking of security... but when security is done right, it should.

Fresh Thoughts #28: Resilience: What Are My Options?

August 16, 2022

There should never be a budget for unnecessary. But when spending gets tight - resilience can start to look increasingly unnecessary.

Fresh Thoughts #27: Resilience: Keeping the Lights On and the Business Moving

August 9, 2022

"Never say - redundant. It implies unnecessary. And there's no budget for unnecessary." I was told this 3 days into my cybersecurity career.

Fresh Thoughts #26: How to Right-Size Accountability

August 2, 2022

Being held accountable but having no control. It's one of the worst feelings I know. Unfortunately, it's all too common in cybersecurity...

Fresh Thoughts #25: The Revolutionary Advance of Three Random Words

July 26, 2022

Passwords have always been a problem. But in 2016, the NCSC rejected the legacy password rules and published a new, revolutionary idea...

Fresh Thoughts #24: The Evolution of Cybersecurity: Antivirus

July 19, 2022

"Cybersecurity tech is constantly changing". Erm… not in my experience. Most of the cybersecurity tech is evolutionary.

Fresh Thoughts #23: The Time a Teenage Girl Broke Her Back

July 13, 2022

In Incident Response, “doing anything” can sometimes make things much, much worse. And it always burns time. Did I ever tell you about the time when doing nothing meant a 13-year-old girl wasn’t paralysed for life?

Fresh Thoughts #22: Incident Response: What Most Companies Do & How To Respond

July 5, 2022

Once the shock of a data breach or ransomware attack subsides, everyone starts asking the question… What do most companies do in this position?

Fresh Thoughts #21: The "I've got a policy you can use..." Insult

June 28, 2022

Cybersecurity policies have a bad reputation. It's well deserved, but it doesn't have to be this way.

Fresh Thoughts #20: Brown M&Ms & Trusting Your Team

June 21, 2022

Van Halen's rider famously contained a clause requiring a bowl of M&Ms... but no brown ones. While easily dismissed as rockstars being picky - it was anything but.

Fresh Thoughts #19: Tiny Changes, Significant Impact & Board Briefing Packs

June 13, 2022

At Fresh Security, we help our customers make small, tiny changes to the way they work. But those tiny changes create significant impacts.

Fresh Thoughts #18: Policies, Plans and Bad Weather

June 7, 2022

In business, there's a plan. But unlike a boat with a rudder and propulsion, there isn't a mechanical way to translate the plan into action. In business, we use policies.

Fresh Thoughts #17: Foundations and First Principles

May 31, 2022

Cybersecurity doesn't need to be complicated. Here are 2 models to ask questions and find gaps.

Fresh Thoughts #16: Risk Is Part of Business & Why Certification Is Not the Goal

May 24, 2022

Here are the 4 ways to deal with the risk of business and everyday life... And why security certifications are a goal....

Fresh Thoughts #15: Vulnerability Zero Is A Terrible Idea & Consistent Secure Configuration

May 17, 2022

Vulnerability Zero is the idea that you should fix every vulnerability. Vulnerability Zero is a terrible idea. Here are seven reasons why...

Fresh Thoughts #14: The Emotional Rollercoaster of a Vulnerability Scan

May 10, 2022

Where else in life would you ask for a list of perceived flaws in excruciating detail? But that's precisely what a vulnerability scan is designed to do...

Fresh Thoughts #13: Communicating With Certifications & Fingerprinting Vulnerabilities

May 3, 2022

Some servers are like football supporters on a Saturday afternoon... And security certificates communicate information... quickly.

Fresh Thoughts #12: Lies. Statistics. Risk Transfer & Cyber Insurance.

April 26, 2022

Are you a hacker - by mistake? And watching an insurance underwriter decide if they will take on risk reminded me recently of being a new manager...

Fresh Thoughts #11: Risk Assessment Mistakes & Do You Need More Security?

April 19, 2022

The biggest mistake I made on my first risk assessment? It was too detailed. I documented every possible way...

Fresh Thoughts #10: Risk is Not Unique & A Rotten Analogy

April 12, 2022

For some reason, cybersecurity folks seem to think they have a unique view of risk. But any business owner, investor or accountant knows - there are many types of risks we see...

Fresh Thoughts #9: Keeping on Top of Common Threats & Wasted Training?

April 5, 2022

Why use security awareness training when 90% is forgotten within 1 week? Security awareness training is about creating triggers. To cause people to "feel something isn't quite right".

radio antenna on a hill side picking up signals

Fresh Thoughts #8: Seeing Signals & Why Some Bugs are Unpatchable

March 29, 2022

Security awareness training teaches your team how to spot the signals used in scams. Once they see it...

Fresh Thoughts #7: The State of Cybersecurity Sales in 2022

March 22, 2022

Cybersecurity conferences are feeling nostalgic. Like it's 2010... but for some reason, no one is talking about the solution to ransomware. So we are...

Fresh Thoughts #6.5: Trust is Earned (Sometimes)

March 18, 2022

Trust should be simple. Trust is doing what you say you will - over time. Unless you're in cybersecurity, then...

Fresh Thoughts #6: Please. No More Security Soundbites

March 15, 2022

When you distil an idea too much, all meaning is lost. Security soundbites are contradictory and confusing. Time for a new project...

Fresh Thoughts #5: Password Managers Are Becoming Collateral Damage

March 8, 2022

Password managers are fundamental to better security practices. But since Christmas, LastPass and Chrome have been working to block each other. Why?

Fresh Thoughts #4: The Price of Cyber Insurance & Know Your Perimeter

March 1, 2022

The eye-watering price of cyber insurance renewals may be coming as a surprise... Let's have a look at why it's happening.

Fresh Thoughts #3: When Cyber Threats Are “Imminent” What Do You Do?

February 22, 2022

Doom! Doom! I say. What should you actually do when a cyber attack is imminent?

Fresh Thoughts #2: Zero Trust & Leading Indicators

February 15, 2022

Zero Trust is everywhere... but is it just another buzzword? And the trouble with looking at the wrong indicators.

Fresh Thoughts #1: Trouble Ahead for Cyber Essentials?

February 7, 2022

Are the new Cyber Essentials v3 cloud requirements possible for small & mid-sized businesses? Let's discuss.

Why is IT Asset Inventory Management Critical?

January 18, 2022

IT asset inventory management is one of the foremost security control measures. It increases the company's accountability and protects its assets.

Why it’s important to track what hardware you use?

December 13, 2021

You need to know what to protect before you can start creating cybersecurity processes and procedures.

How To Stop Hackers Getting In Your Business

November 11, 2021

Over the last two months, four businesses have approached me for support in managing their security breaches...

Planning meeting with group around a table looking at a woman working with post it notes on a whiteboard.

Top 10 Cyber Security Frameworks

October 11, 2021

An overview of the Top 10 cyber security frameworks - covering the UK's Cyber Essentials, CIS Security framework, ISO27001, NIST's Cybersecurity Framework and more.

It’s 2021 and We Still Don’t Know How to Give Password Advice

August 20, 2021

It’s 2021 and we still don’t know how to give password advice. If you look for password advice in 2021, you will get 2 very different sets of guidance.

Say What We're Not...

June 11, 2021

This Fresh Security Founder Friday we explore that sometimes it is easier to define what Fresh Security is not than what we are...

When Hackers Leak Data: Trik Spam Botnet, 2018

May 20, 2021

In June 2018, a threat intelligence analyst from Vertek Corporation unearthed a huge database. It contained 43 million email addresses. The analyst discovered the leak on a server of what’s known as the Trik spam botnet.

Account Takeovers Follow LinkedIn Data Breach, 2012 & 2016

April 14, 2021

On June 6th, 2012, LinkedIn responded to a seemingly harmless data breach that had occurred the day before...

Hacker Brags About Data Breach: Canva (2019)

February 11, 2021

On the 24th of May 2019, the Australian design platform Canva intercepted an attack as it was happening, but 139 million accounts were breached. Strangely, the hackers "gnosticplayers" bragged to the media and claimed responsibility within hours of being intercepted. But why?

Top cybersecurity threats and challenges of 2021 - Tonya Hall Show

December 17, 2020

15 Minutes Read

Fresh Security CEO - Jason Hart - stopped by the Tonya Hall Show for an end-of-year review and to share some ideas for 2021...

Competitive advantage of a red paper plane

Cyber security is a cost of doing business

November 6, 2020

Is security strategic or just a cost of doing business? While many talk about "investing in security", the reality is...

Jason Hart - Fresh Security CEO - speaking on a Webinar

Is it marketing or a data leak?

November 3, 2020

Your company's data is all over the internet... is that marketing? Or is it a data leak? Jason Hart shares his opinion.

Where Do Data Companies Draw The Line? Verifications.io Data Breach, 2019

October 8, 2020

On 25 February 2019 security consultant Bob Diachenko discovered an enormous database of emails and other personal information. Diachenko found that it contained 763 million records...

When Your Contact’s Address Book Gets Hacked: Covve (db8151dd) Data Breach, 2020

October 6, 2020

For near on 5 months, it was a complete mystery. 23 million email addresses and other personal details were leaked online. Then, in May 2020, Covve, a contacts app, discovered that the security on their platform had been compromised.

Fresh Security Monthly Update - October 2020

October 5, 2020

For Fresh Security update for October 2020. We had the idea for Fresh Security almost exactly 12 months ago...

Are You At Risk of An Account Takeover? Onliner Spambot

October 1, 2020

Could highly visible people in your company have fallen victim to a spambot? Given that spambots have targeted billions over the years...

Illustration of a digital fingerprint made up of ones and zeros, slowly disintegrating into a pile of data.

Is Our Digital Footprint in Safe Hands? Part 2: Apollo Breach 2018

August 11, 2020

Continuing from our last blog, we're looking at another huge data breach of a data enrichment company, this time dating back to May 2018...

Is Our Digital Footprint in Safe Hands? Part I: People Data Labs (PDL) Breach 2019

July 30, 2020

Businesses that collect and sell data are, unsurprisingly, extremely juicy targets for phishing scammers and identity thieves...

stereotypical image of a hacker working in a dark room at night not showing their face

How Do Hackers Hack?

July 16, 2020

How Do Hackers Hack? In 3 simple steps. Find out as much information about you as possible. Find a weakness. Exploit the vulnerability and get in. Nothing has changed...

Keeping Grandma Out of Trouble With GDPR - Tonya Hall Show

June 30, 2020

Fresh Security CEO Jason Hart stopped in to chat with Tonya Hall about GDPR on her show, The Tonya Hall Show.

one bird standing on a phone line away from a larger group

Another Month, Another Way to Make Life Easier…

May 31, 2020

One of the greatest things we receive from the Fresh Security community is feedback. Lists of problems...

Fresh Security customer story from Clifton High School - education cybersecurity case study.

Customer Story: Clifton High School

May 1, 2020

Clifton High School was an early Fresh Security customer. In this customer story, James Webber explains how the school uses Fresh Security. As curriculum lead for digital learning...

Sat at a desk preparing the March 2020 Fresh Security community update

Fresh Security is Moving Faster 🏃

March 20, 2020

March 2020 update: At Fresh Security, we are a remote-first company, so we have felt little impact. But we are seeing many of our customers and friends adapting...

Prepare to be Shocked - Behind the Repairer Podcast - Episode 2

March 7, 2020

15 Minutes Read

When Fresh Security's customer Fix Auto told us they were launching a new podcast, we jumped at the chance to help them out. Hear what Jason Hart - Fresh Security CEO - spoke about...

#FridayFeedback: 2 Things I Didn't Know on Monday

February 7, 2020

With the soft launch of Fresh Security on Wednesday, this week has been focussed on marketing and communicating our values...

Fresh Security case study from Fix Auto.

Customer Story: Fix Auto

February 5, 2020

Fresh Security customer reference and case study by Fix Auto UK. Covering why they chose to use Fresh Security...

Our community is awesome!

January 31, 2020

The Fresh Security community are awesome and has referred 100 businesses. More details in the Fresh Security January 2020 newsletter.

Don't call me "user"

December 3, 2019

Have you noticed that the only people who call their customers ‘users’ are drug dealers and people who work in IT?

Time to Cut the Jargon

November 19, 2019