Management

The Situation: Repeated Failure of Internal Phishing Simulations Phishing simulations are a standard defensive control used by organisations to measure human vulnerability to cyber attacks. They help determine whether staff can recognise social-engineering threats before a real attacker exploits them. If a particular employee repeatedly clicks simulated phishing emails despite training, it represents a behavioural security risk that must

If you genuinely suspect a member of your own cyber security team is abusing company infrastructure to launch ransomware attacks against external victims, the situation must be handled extremely carefully. You are potentially dealing with: The goal is not to “catch them out” informally. The goal is to secure evidence, protect the company, and follow a legally

A phishing incident that causes real operational damage is understandably frustrating for any director. But employment law in England does not automatically allow dismissal simply because an employee clicked a malicious link, even if the consequences were serious. The key question in law is whether the employee’s conduct truly amounts to gross misconduct or negligence, and whether

Five days offline and £50,000 gone because one application missed a patch. Painful, but very common. Many companies only rethink their resilience after the first incident. The real question now is not simply “should we buy backups?” but what level of resilience gives the best return for the money. The good news is that modern backup and