Call us now Email a specialist
+353 1 6420100 |
  • Resources
  • Blogs
  • News

    The Female Lead at Ward Solutions Ltd

    Written by Marta Smullen (Financial Controller in Ward Solutions Ltd)

    There are a lot of scientific articles out there on women in business. The advantages that women entrepreneurs have over men and the benefit of diversity in a workplace. I cannot possibly write an article that would be of a similar caliber, purely because I am not an expert in this field, I am an accountant, not a business coach or psychologist. I am, however, a woman in business and a member of the Ward Solutions Senior Leadership Team and over the last 10 years I have gained a lot of experience that I would like to share with you now.

    I will start with pointing out how important it is to find the right workplace. A workplace that will appreciate women, their strengths and capabilities and give them an opportunity to prove themselves. Look for a workplace that recognises the importance of diversity in all positions including leadership positions, when making decisions, whether day-to-day or long-term strategic decisions, a diversity of inputs ensures most bases are covered and all options are explored.

    I have worked with so many talented people, men and women, and a person’s knowledge, expertise and ability should be the most important factors. In a successful company, it is important to develop an environment where gender is irrelevant, yet at the same time, the diversity between men & women is respected.
    Women are particularly good at decisions making, we are solutions-based, we explore the possibilities, rather than focusing on problems. We have a lot to say (yes, some of us like to talk! – including myself) but if we are listened to, we prove that what we say is worth listening to.

    Recently, in a radio interview while driving to work, I listened to an interview with a businesswomen, I cannot remember who it was, but she said something that stuck with me ‘ It is not about making the right decision, it’s about making a decision, as often there is not such a thing as a right or wrong’. This is so true. When I joined the SLT team I realised how many decisions on daily basis need to be made, with no right or wrong answer to it… and to be honest I found that women are more likely to make those decisions faster, we stay focus, simply assess the pros and cons and come up with solutions, we are risk takers. And when there is no clear evidence of what should be done, we follow what we call WOMEN’s INTUITION (Yes! Women’s intuition exists! and as an accountant I would qualify it as an intangible asset! – 100% an asset )

    Women are good at networking. Those small chitchats in the canteen do help to build a strong working relationship. Women tend to ask their colleagues questions that a man would never ask. For sure, I know the names of most of my colleagues’ kids, their spouses, what they do. One might say its nosey, but I don’t agree, I think there is more to a person than a number and how would I know how best to approach a difficult situation with a colleague if I didn’t know who they are.

    Sometimes in society (although this is really changing for better recently) women are seen as the weaker ones (physically and emotionally). Well let me tell you… I have not met a man yet that could handle a difficult pregnancy and the pain of labour. There is a reason why nature assigned this task to women! The women that I have worked with to date have shown that we can be just as formidable and can handle just as much as men can.

    More and more companies are working towards diversity in the workplace. Once again, I would stress the importance of finding the right workplace. If you are women and you work in an environment where you feel underappreciated… Run as fast as you can and find a company that values, you and your expertise.

    I found it here in Ward.

    Facts about Ward Solutions Ltd
    At Ward Solutions 67% of our sales team and 40% of our Senior Leadership team are women contributing to a 29% female share of our overall workforce. This is good representation considering IT is traditionally a male dominated industry. Ward is very invested in promoting a diverse workforce and encourages women to join the team.
    Many young women worry about starting a family and how that will impact their career. While working for Ward Solutions, when I was pregnant, I got promoted to the position of finance manager. Straight after coming back from maternity leave, I was offered the position of Financial Controller and took over full responsibility for the finance function of the whole company despite the fact (as any parent would know ) small kids gets sick often and need a lot of your attention, but, as they say, women can multitask!


    To finish I wanted to add some motivational quotes, the below highlights what I think is an essence of good work ethic:

    “I never dreamed about success. I worked for it.”- Estee Lauder,
    It is all about hard work. Sometimes as women, we need to work harder but in the right company with the right people, hard work will be noticed!

    “Failure is not attached to outcome, but to not trying. This way, it is about answering to yourself.” – Sara Blakely
    The only person, who makes no mistakes, is the person who does nothing. I met those people, they didn’t get too far! so keep on trying, it will be worth it…!!!

    ‘Nothing is impossible, the word itself says I’m possible’- Audrey Hepburn
    Let us leave it at that, Audrey you said it all…


    If you’re interested in working at Ward Solutions, feel free to check out our careers page for open opportunities and keep up to date with our openings via LinkedIn


    Split Tunneling: Does it all lead to endpoint security?

    Written By; Eduardo Elvira

    When this pandemic started, back in February, we experienced an overwhelming change in how we live our lives. Consequently, I couldn’t help but contemplate how these changes would impact cybersecurity, especially remote working. I found myself re-thinking concepts like split tunneling, and different options for its configuration. While it seems all clients will have their own unique requirements, the same conclusion applied to all of them: “All roads leads to Endpoint Security”.

    Lets expand on this…

    In order to do that, I need to explain split tunneling: when a user is working from home, split tunneling allows us to specify which traffic goes out directly to internet and which traffic is tunneled back to the company. Different vendors have different “VPN agents” but they are becoming much more than Virtual Private Network (VPN) agents. For now, let’s just focus on that functionality. The agent makes use of windows routes to specify what destinations should be tunneled. All of this is usually done at the HQ firewall, allowing granular configurations based on users, departments etc. It provides great flexibility, allowing us to include even FQDNs addresses but, the major advantage is that it sanitizes the traffic which goes through the tunnel, using different security features that we have back at the office: Antivirus, Content Filtering, Sandboxing, IPS, SSL Inspection, etc.

    Hold on.. but what happens with all the traffic that doesn’t go back through the tunnel? What if the user downloads malware that captures information and sends it to the C&C? What if the user receives a link with a phishing web, what if…. Well, that is the first consideration. We need to ensure that this traffic is protected, somehow. Let’s be more specific about some of the options we have:

    • Some endpoint security software could protect all that traffic that is not tunneled. This software could implement similar security functionalities as our Firewall back at the office. As you can guess, these are some of the other functionalities that the “Endpoints Agent” can now help with.

    • Web proxy technologies are perfect to protect web browsing from different security threats. Ok, but we are talking about remote users working from home – not a problem, let’s put the web proxy in the cloud!

    Different security vendors use their endpoint agents to send the internet traffic to their web proxies in the cloud, while company traffic is still tunneled through the VPN.

    In my opinion both options work well to solve current challenges we are facing, using one or the other will depend on the current infrastructure in place, and the cloud approach of the organization.
    Independent to the option you go for, visibility is key. With all users working remotely, security administrators need to have a clear idea of what is happening on the company computers, even if they are connected onsite or working from home. At the same time, we need to be able to respond to any breach and suspicious alerts, but EDR is a topic for a different day.

    You could be using either a management console on the cloud or providing visibility to the endpoint agents through the DMZ with an on-premise solution, but in either case, integrations with your company SIEM will be important.

    You might be thinking – those are two solutions for the main issue of having traffic going directly through the internet… but what if we tunneled all the traffic to the office, so we can use the company protections we already invested in, problem solved!! That is actually a valid solution, but unfortunately, not all companies will be able to implement it, mainly due to bandwidth limitations. All users internet traffic tunneled back through the company firewall will have an impact on the firewall performance and bandwidth of the internet line. Keep in mind that inbound traffic will increase, since tunneled traffic is first arriving through the external interface, firewall security checks, going back to internet, and back again to the remote users through the same port.

    What about using the secondary internet line (if available) to receive the remote users tunnel traffic, and the primary to send the traffic to internet? Personally, I’ve never seen it implemented, it is just an idea which came to me while writing this blog. We can still find a bottle neck in the main internet line, but I think it could be useful in some specific scenarios…some food for thought.

    We cannot forget the main purpose of the VPN client, it doesn’t matter if using SSLVPN (I like to call it TLSVPN now but anyway…) or IPSEC VPN, it is to protect and encrypt traffic. Both “protocols” are considered very secure, mainly because the ciphers they use are constantly evolving and improving. That means that they need to be configured properly, disabling the insecure ciphers etc.

    • If the VPN protocols are very secure there is not much risk to consider with our users working from home, right?

    If the VPN protocols are very secure there is not much risk with our users working from home, right? VPN protocols themselves are very secure and if configured properly and maintained, their risks are easily managed. Saying that, using laziness as an advantage, an experience bad actor would rather to avoid attacking the strong defenses and focus on identifying the weak points… in this case, the endpoint itself and his applications.

    No matter which angle I look at this for this topic, everything brings me back to the endpoint security and its visibility.

    At Ward Solutions we can help to maintain your VPN configuration securely and mitigate the risks. We can discuss the best options for your organization and provide the solutions not just for remote access but also for endpoint protection.

    As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:

    Contact your normal account manager for sales or
    Contact our orders department at
    Contact our service delivery office at
    Contact our Security Operations centre at
    Contact our Network Operation centre at
    Contact our finance department at



    Tips and Tricks for securing users as they use…

    Written By; Eoin Morrissey

    Many companies have gone through, or are planning to go through digital transformations to the cloud, and moving to Microsoft 365 (M365) is often a key part of the journey.
    Microsoft provides all the controls to effectively secure these environments, but these security controls are not always implemented, and in making the transition there is also a risk the solutions are not as secure as they can be.

    Some tips and tricks for securing users as they use M365, are as follows

    1. Multifactor Authentication
    Using multi-factor authentication is one of the easiest and most effective ways to increase the security of your company. When users log in, multi-factor authentication means they can type a code from their phone to get access to Microsoft 365. This can prevent hackers from taking over, even if they get the users password.

    2. Use dedicated admin accounts
    The administrative accounts you use to administer your Microsoft 365 environment are valuable targets for hackers and cyber criminals. Use admin accounts only for administration. Admins should have a separate user account for regular, non-administrative use and only use their administrative account when necessary to complete a task associated with their job function.

    3. Train your users
    As with any new tool, companies must adequately prepare and train their staff on usage of the tool. It is vital that this includes security awareness training in order to protect companies from things such as phishing. Phishing is a large attack vector for hacker’s today, for example:
    • 90% of security breaches are caused by Phishing
    • 30% of phishing messages get opened by targeted users

    4. Raise the level of protection against malware in mail
    Your Microsoft 365 environment includes protection against malware, but you can increase this protection by blocking attachments with file types that are commonly used for malware.

    5. Protect against ransomware
    Ransomware restricts access to data by encrypting files or locking computer screens. It then attempts to extort money from victims by asking for “ransom,” usually in form of cryptocurrencies like Bitcoin, in exchange for access to data.
    You can protect against ransomware by creating one or more mail flow rules to block file extensions that are commonly used for ransomware, or to warn users who receive these attachments in email. A good starting point is to create two rules:
    • Warn users before opening Office file attachments that include macros. Ransomware can be hidden inside macros, so this will warn users to not open these files from people they do not know.
    • Block file types that could contain ransomware or other malicious code. You can start with a common list of known executables. If your company uses any of these executable types and you expect these to be sent in email, add these to the previous rule (warn users).

    6. Stop auto-forwarding for email
    Hackers who gain access to a user’s mailbox can ex-filtrate mail by configuring the mailbox to automatically forward email. This can happen even without the user’s awareness. You can prevent this from happening by configuring a mail flow rule.

    7. Protect your email from phishing attacks
    If you’ve configured one or more custom domains for your Microsoft 365 environment, you can configure targeted anti-phishing protection. ATP anti-phishing protection, can help protect your organization from malicious impersonation-based phishing attacks and other phishing attacks. If you haven’t configured a custom domain, you do not need to do this.
    We recommend that you get started with this protection by creating a policy to protect your most important users and your custom domain.

    8. Protect against malicious attachments and files with ATP Safe Attachments
    People regularly send, receive, and share attachments, such as documents, presentations, spreadsheets, and more. It’s not always easy to tell whether an attachment is safe or malicious just by looking at an email message. Office 365 Advanced Threat Protection includes ATP Safe Attachment protection, but this protection is not turned on by default. We recommend that you create a new rule to begin using this protection. This protection extends to files in SharePoint, OneDrive, and Microsoft Teams.


    As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:

    Contact your normal account manager for sales or
    Contact our orders department at
    Contact our service delivery office at
    Contact our Security Operations centre at
    Contact our Network Operation centre at
    Contact our finance department at


    Microsoft Teams is not just fire and forget, do…

    Written By; Richard Eyres

    In the current environment, with so many people working from home, the value of a collaborative videoconferencing tool such as Microsoft Teams has never been greater. Microsoft Teams adoption is exploding with 500,000 organizational users, 13 million active daily users, and 19 million weekly active users. The ability to continue communicating and in a (virtually) face to face manner has been a major factor in the success of so many businesses quickly transitioning to new working practices. As always though, there are security concerns that need to be addressed and correctly configured to ensure that these communications are not being broadcast outside of your organisation either through accidental misconfiguration or by a malicious bad actor. Here are 3 potential security threats and some simple steps that can be taken to counteract these threats.

    1. Teams Bombing
    Teams bombing is when a person who is not intentionally invited to the teams call joins the call. This has been more common with some other popular videoconferencing services but could potentially happen with Teams also if the meeting link is shared publicly. A simple method to prevent this is to implement the “Lobby” feature within teams. With this feature, all users outside of the organisation who are joining the call need to be admitted to the call by a user within the organisation. This of course, still relies on employees only admitting users that are expected on the call which brings us to our next threat…

    2. Security Awareness (or lack thereof)
    As with any new tool, organisations must adequately prepare and train their staff on usage of the tool. It is vital that this includes security awareness training. For many organisations, Teams is a new communications channel which inherently brings new communications risks and old risks but through a new medium, such as phishing and vishing (video phishing).
    Vishing is when a bad actor uses verbal communication to impersonate a reputable company. The aim is to manipulate individuals into revealing financial or personal information, or into providing unlawful access to their corporate networks. Simple steps can help to mitigate this threat such as defining acceptable usage policies and providing targeted security awareness training (e.g. check who you are admitting from the Lobby).

    3. Internal Data Sprawl
    With the advent of GDPR and other similar data protection regulations, organisations have become much more conscious of unnecessary data duplication and having full visibility of what data is being stored and where it is being stored. With Teams allowing for easy sharing of files and data, users may be tempted to share files on Teams which will then remain stored in that Teams channel and this may contravene the organisation’s GDPR policies and procedures. This can be exacerbated further by users creating their own Teams or Channels that may be used for a single use or may be duplicates and may then be forgotten about but contain files. This sprawl can contravene policies, regulations and may increase the threat profile for the organisation. Sharing links to files rather than the files themselves is a simple and effective way to prevent this sprawl.
    Training, refresher sessions on regulations, policies and procedures and tighter permissions on creation of Teams and Channels and file sharing can all be used to battle this threat.


    As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:

    Contact your normal account manager for sales or
    Contact our orders department at
    Contact our service delivery office at
    Contact our Security Operations centre at
    Contact our Network Operation centre at
    Contact our finance department at


    COVID19 and Cyber Security Analogies

    Written By; Pat Larkin CEO Ward Solutions

    In cyber security the healthcare analogy has been apt and used widely for over 25 years. In both sectors we use terms like “virus”, “isolation”, “outbreak”, “remediation”, “anti-virus”, “mitigation”, “payload”, “immunity”, “self-healing” for different circumstances with very similar characteristics in public health and Information Technology. Its timely and useful to look at the analogies between the outbreak, impact and mitigation of COVID19 and its application to Information Technology and Cyber and vice versa.

    1.. A stitch in time saves 9
    COVID19 has been described as a “game changer”, “a once in 100 years pandemic”. The emergence of such a pandemic has been a mathematical certainty predicted by a number of sage people in healthcare, technology, academia and public policy over the last 30 years or more, not least Bill Gates in his TED talk in 2015 The only unknown was how or when it would occur and its exact nature. The impact of COVID19 to date has been huge not just in terms of the number of people who have been or are likely to be infected, or die, but also the downstream economic and societal impacts in responding to COVID19, containing its spread. This is where the most relevant analogy can be drawn. Like cyber security there has been lots of indicators and warnings – SARS, MARS, Ebola, WANNACRY, NotPetya. There is certain knowledge that these outbreaks will occur. There is knowledge from previous outbreaks and from current societal trends, globalisation, mass transport and air travel, population densities, digital transformation and dependency as to its potential impact. This wired article from 2018 is very informative as the near pandemic nature and impact of NotPetya. . Once an outbreak occurs there is limited time to contain it. If it is not contained it spreads to pandemic levels, with mass impact. Despite all of that society and its leaders and C Suites deem that the investment in upfront resources to detect and rapidly manage such an outbreak need not be put in place or allowed to deteriorate on their watch. This limits the time, capability and effectiveness to respond and prolongs the duration and impact of the event once it occurs. Also when resources are not in situ, it leads to aggravated competition for resources where lots of organisations or countries are effected.

    Call to Action: It’s not “if” but “when” – so make the upfront investment now for a security risk assessment and security strategy to put in places the resources to identify, protect, detect, respond and recover. Put in place the management, maintenance and governance regimes to sustain this system such as ISO27001.

    2. Competition for resources and investment
    Healthcare, IT budgets and thus cyber security budgets has been stretched for as long as I can remember. Seasonal trolley crisis, expanding waiting lists for both lifesaving and non-acute procedures. Balancing the economics and ethics of providing expensive treatments for niche diseases or prolonging life vs quality of life and the greater good has always been fraught. Competing demand for investment in business, housing, healthcare, education, policing leads to underinvestment in all – particularly if tax cuts are on top of the political agenda. In technology CFO’s often view IT as a cost (and thus cyber security is the ultimate cost!) instead of viewing it as a critical service that enables digital transformation of business. Minimising the cost of cyber security vs the need to invest appropriately to secure the digital channel have waged for as long as I have worked in the technology sector. Similarly, to the macroeconomic tax cut argument if the approach to cyber security is met by the relentless push for profits through cost management then investment in these areas will usually not be what is required. This means that you will not be ready when the inevitable occurs. The cost of containment and cleanup is usually far greater than the costs if this original investment is made. In a lot of cases your organisation doesn’t survive longer than 6 months, post a serious cyber security incident.

    Call to action: Be brave, make the case for IT and Cyber Security in a rational and data driven way. Use tools like an Organisational Risk Assessment or a Cyber Maturity Assessment to build your business case. Find the balance of resources to secure and sustain the systems that sustain your organisation. Digital is now a critical infrastructure and channel for virtually all nation states and organisations. Outsource cyber security skills and services allowing you to concentrate on core business.

    3. Intelligence and data means effective response
    As COVID19 spreads – the latest country to be infected has the advantage of learning via the World Health Organisation (WHO) or through multi-lateral collaboration and knowledge sharing the symptoms, the at risk populations, the containment and treatments that are more effective, the restoration to “normalisation” protocols that work etc. Through intelligence sharing, collaboration, coordination through organisations such as the WHO and correct use of this intelligence each subsequent regional outbreak should have less impact or duration than previous one. Prevention or treatment strategies can be developed in parallel again with collaboration and information sharing. Similarly, in Technology and Cyber the provision and correct us of high quality intelligence should help downstream organisation prevent or minimise the impact of a cyber-event on their organisation. Coordination and collaboration should similarly lead to the rapid development and normalisation of prevention or immunity strategies.

    Call to action: Subscribe to, use and contribute to appropriate and actionable intelligence sources. Integrate intelligence with your automation. Agitate and contribute towards creation of the “WHO” of cyber. If you are a cyber-player or a cyber-dependent join an industry cluster organisation such as cyber Ireland

    4. Inventory, diagnostics and testing
    If you can’t measure the problems then you don’t know if it needs fixing, what you need to do to fix it. In the absence of prevention (immunisation) We have seen the race for rapid and accurate testing in order to contain the COVID19 problem and apply the fix of isolation (and treatment if needed) to the infected, to stop further spread. With limited testing capacity, decisions need to be made as to who to test – symptomatic people only or symptomatic people plus those in recent contact with same and perhaps sampling of higher risk populations. If and when a prevention is available then presumably it will need to be rolled out on a prioritised basis to those at highest risk – healthcare workers, immuno-compromised individuals etc. Knowing who these groups are is important to direct limited prevention or treatment resources. The use data and analytics by the healthcare sector to measure and validate COVID19 status and impact of remediation is also notable. Similarly, in IT and Cyber prevention is not 100% effective. Therefore, excellent diagnostics and testing allows inventory of resources at risk, the rapid assessment of what or whom is vulnerable, the prioristised treatment or mitigation of at risk resources, the early detection of an outbreak, the ability to measure containment effectiveness and restoration to normal health and immunity.

    Call to action: Invest in your inventory of critical information assets and risk classifications. Use Risk Assessments, Vulnerability Management, Penetration testing to determine at risk systems, for targeted application of prevention or mitigation to highly vulnerable, high impact resources first and on a prioritised based thereafter. Use diagnostics such as SIEM IPS/IDS to detect outbreaks as soon as possible. Back this up with effective incident response capabilities to reduce your exposure time, isolate outbreaks and minimise your time to recovery. Use automation and AI to help manage your workload

    5. For all bugs, fixes, earlier is better and cheaper
    In healthcare and IT – we all know the data – a patient or a network starts with a niggle pain, temperature or some indicator, which if it remains unaddressed end up with a far costlier impact and treatment plan with far poorer outcomes. We have seen COVID patients presenting late to A&E with acute symptoms needing prolonged ICU and ventilator care. We have seen patients with symptoms not being detected early enough and becoming super-spreaders as a result of prolonged contact and exposure to other parties. We have seen late diagnosis or interventions resulting in poorer outcomes in terms of recovery. Similarly, in technology, bugs or misconfigurations typically cost 6 times more to fix during deployment or implementation than had they been identified and fixed during the design phase. Too many times Ward’s penetration testing team have been asked to penetration test a system in the final weeks before go live or just on go live, having had no involvement in the system earlier in the lifecycle. Usually the issues found are of such magnitude and volume that it jepordises the customer’s go live timetable, resulting in a flurry of costly fix and a sub-optimal go live decision based on risk profile.

    Call to action: Get security involved as part of your project team right at the earliest point possible in your SDLC. Change your philosophy from Systems Development Lifecycle (SDLC) to SSDLC (secure systems development lifecycle) or SecDevOps from DevOps. Perform secure design reviews and design stage, security test and validate throughout the lifecycle both pre and post production. Adopt frameworks and principle such as security by design, privacy by design and OWASP top 10 etc.

    6. A risk based approach
    Accepting that 100% prevention of COVID19 or Cyber Security incidents is not possible right now, and nobody has infinite budgets, we cannot shut down society, the economy or your digital infrastructure – then we need to move to a “risk based approach”. It’s a number game based on a systemic approach to risk assessment and risk mitigation planning getting to the point of “an acceptable level of risk”. This risk based approach is guiding our public health response to COVID and our policies. People might argue that our public health approach is too risk averse and does not balance the other factors such as economic risks, mental health risks, health risks from lack of normal healthcare activities in terms of management of other diseases and symptoms etc. and needs to be rebalanced. Similarly, this approach should guide our approach to Information and Cyber security. It is not possible to have 0 risk. It is possible to balance and weigh actual risk and determine acceptable risks to your organisation backed up by data, testing and good risk mitigation strategies addressing people, process and technologies risks and controls.

    Call to action: Adopt a systemic risk based approach to cyber security continuously re-balanced by acceptable levels of risk with workable controls. Consider starting with something like an organisation risk assessment and the implementation of an appropriate ISMS such as ISO27001

    7. Necessity is the mother of invention
    The response to COVID19 in the healthcare sector has seen incredible innovation and transformation. A&E queues have disappeared overnight. A sector fraught with industrial relation tensions, public v private tensions and difficult working practices has united and delivered an incredible response of heroism and output to stem the COVID19 crisis. Pharmaceutical, life science companies, sector frontline workers, academic and research communities and volunteer’s groups have all coalesced to produce open source ventilators, tests and possible vaccines at a point where perhaps traditional approaches, cost structures, regulation and decision making shackles have been removed by a common goal to address the COVID crisis, save lives and find a cure/vaccine. In the technology sector COVID19 has been attributed with driving organisation to implement 2 years worth of laboring digital transformation in 2 months based on necessity and survival. Businesses are transforming their business models, routes to market and even product, service and manufacturing strategies. Gin companies and producing sanitising gels, blind companies are producing medical PPE, traditional event companies are producing virtual events.

    In Cyber Security we like to think of our sector and ourselves as young, hip, innovators. However, for years, in net terms the cyber security sector has been losing the battle to cyber-crime and nation states in terms of volumes on incidents, breaches, data and revenue lost, security costs mounting etc. Has the sector perhaps become a slave to similar legacy strategies and ways of doing business, tied up in a compliance based, male, pale and stale world of risk aversion, risk management, conservatism and restrictive working and business practices. Imagine what is possible in the Cyber Security sector and what benefits to our customers would be if we adopted the medical sector approach to innovation to COVD19?

    Call to action: The Cyber Security Sector needs to increase the levels of innovation and collaboration focused on protection of society and customers first rather than protection of intellectual property and legacy business models, driven by the same sort of urge that medical sector has experienced to try and win the battle against COVID19 and cybercrime for the good of society.

    As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:

    Contact your normal account manager for sales or
    Contact our orders department at
    Contact our service delivery office at
    Contact our Security Operations centre at
    Contact our Network Operation centre at
    Contact our finance department at



    Is COVID-19 pandemic an end of privacy?

    Written By; Ivica Stipovic

    In this article, I will outline some potential impacts of the current Covid-19 pandemic on privacy.
    There are two interesting provisions that the Irish Data Protection Commission formulated on the following link:

    1. “Data protection law does not stand in the way of the provision of healthcare and the management of public health issues; nevertheless there are important considerations which should be taken into account when handling personal data in these contexts, particularly health and other sensitive data.”
    2. “In circumstances where organisations are acting on the guidance or directions of public health authorities, or other relevant authorities, it is likely that Article 9(2)(i) GDPR and Section 53 of the Data Protection Act 2018 will permit the processing of personal data, including health data, once suitable safeguards are implemented”

    Thus, the above provisions seem to make perfect sense – if the science (epidemiology, mass health data analytics, etc.) have established that measuring body temperature, keeping social distance and tracking the movement of citizens can help contain the current Covid-19 pandemic, then it is only logical to implement those measures. After all, is human health not the most important priority, even if it assumes processing of personal data that would be considered excessive under “normal” circumstances?
    It is also reasonable to believe that these surveillance measures should be enforced only to a justifiable extent, while the pandemic continues to threaten society.

    However, this intention raises a few important questions – under what circumstances will these measures be kept in place? Who will decide when the threat is decreased sufficiently to relax these measures? Who are the “…other relevant authorities” from the above provision? Will those authorities be scientific advisories, governments, cybersecurity experts, economic analysts…?
    It is becoming obvious that the definitive date when we can proclaim the world “Covid-19 free zone” will be very difficult to determine. There are different challenges across the globe. In some countries, political establishments seem to overpower scientific advisories. Some countries are facing higher mortality rates than others. Some cultures accept the mandatory behavior imposed by government easier than others.

    Democratic values of Western cultures that guarantee protection of personal data (or at least try to do so) could be undermined. Future initiatives and laws might use the threat of a returning pandemic as a justification to fortify the extensive personal surveillance over an indefinite period of time.
    These laws might have strong foundations in scientific evidence that Covid-19 behaves as a seasonal flu virus, therefore, it will continue coming in the waves every year. Will such a situation justify violation of privacy over a long period of time, and if so, will this setup be sustainable?

    And even more importantly – are we ready to give up privacy protection if scientific evidence indicates that extensive surveillance is a way to protect peoples’ lives?


    As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:

    Contact your normal account manager for sales or
    Contact our orders department at
    Contact our service delivery office at
    Contact our Security Operations centre at
    Contact our Network Operation centre at
    Contact our finance department at


    Happy 2nd Birthday GDPR!

    Happy 2nd Birthday GDPR!

    Written By; Ciara Fitzgerald & Declan Timmons

    The GDPR is two years in force on 25th May 2018 and a very happy birthday to it! It’s debatable as to whether it has been as noisy as any other two year old but it certainly has had some impact on businesses.
    In the months leading up to the GDPR coming into force, businesses were worried about the potentially heavy GDPR compliance burden, and the level of fines that could be levied.

    Mitigating Data Protection Risk under the GDPR and complying with obligations
    One of the core data privacy drivers for the introduction of the GDPR on May 25th 2018 was the requirement to encourage organisations to take responsibility for the security of the personal data shared with them in the course of their business activities. This was intended to have a positive effect on data subject’s willingness to embrace the digital economy and drive secure online transactions. This followed a period where huge breaches of personal data were being exposed on almost a daily basis. These data breaches often resulted in considerable risks to the data privacy of the data subjects whose personal data was exposed. It is not entirely clear if this objective has been achieved (or can ever be fully achieved) however businesses have (and are still) taking steps to make sure that they are complying with their GDPR obligations and minimising their risk.

    While data protection is not a new concept, pre-GPDR, there were seldom any consequences for organisations who did not comply with their responsibilities under the Data Protection Acts. As most organisations will know, under the GDPR there are a number of sanctions that can be imposed by the DPC including:
    • Issuing warnings and reprimands;
    • Imposing a temporary or permanent ban on data processing;
    • Ordering the rectification, restriction or erasure of data, and;
    • Suspending data transfers to third countries.

    However, the sanctions that created the greatest risk for organisations were the significant fines that can be imposed under the GDPR – a maximum of €20 million or 4% of annual global turnover.
    All personal data processing activities present an inherent risk to business but there are ways to mitigate that risk. The severity of that risk is heavily dependent on the volume of records involved and the type of personal data processed. This data is processed and stored on various systems. To comply with article 32 of the GDPR, a risk assessment of these systems should include consideration of the data processed or stored on the specific system. The result of this risk assessment will be to implement mitigating controls to reduce these risks. By carrying out this risk assessment, an organisation is demonstrating that it has applied technical and organisational controls that are appropriate to the risk.

    The Personal Data Records of Processing activities (ROP) is core to demonstrating an organisations compliance with GDPR. Every business must fully understand and document every business process or activity which generates a personal data record. Without this as a foundation, an organisation’s understanding of the extent of its data processing activities is limited and the controls assigned to protect that data is ad-hoc at best. A business certainly could not trace a specific mitigating control back to an individual personal data processing business activity. Therefore it could not apply controls that are appropriate to the risk.

    The ROP should be used as the organisation’s central reference points when dealing with GDPR compliance, understanding the personal data in scope, protecting that personal data, providing evidence for accountability, and ability to demonstrate compliance on an ongoing basis.
    In addition to the ROP there are requirements to create and maintain a range of data protection policies and procedures and to ensure all staff are aware of their responsibilities in relation to personal data.
    Under the GDPR, a nominated Data Protection Officer (DPO) is required by public bodies and within certain organisations whose core activities involve the large scale processing of personal data. Recently there is a growing trend to outsource DPO responsibility within organisations. Often these organisations find it difficult to attract the required experience across technology, data protection and information security that is vital to delivering effective data protection compliance and mitigating data protection risk.

    To date, the fines imposed by the European regulators have not been as headline catching as anticipated. 2019 was really the first year where the international community saw the GDPR enforcement machine churn out fines. In January, Garante (the Italian regulator) imposed a fine of €27.8million on TIM (an Italian telecommunications company) for multiple breaches of the GDPR. This was swiftly followed by CNIL (France’s regulator) imposing the largest GDPR fine to date (€50million) on Google for a lack of transparency and failure to provide users with understandable information on its processing operations and a lack of a legal basis for processing personal data for advertising purposes.

    The summer months saw the ICO (the UK regulator) proposing to fine British Airways in the amount of £183.9 million and Marriott International in the amount of £99 million. The ICO has delayed the actual enforcement of both of these fines. The latter part of the year saw Austrian Post being fined €18 million for creating profiles of 3 million citizens documenting their personal preferences, addresses, political interests and other information which it then sold to third parties.

    In the latter half of the year, the Berlin Commissioner for Data Protection and Freedom of information fined a real estate company €14.5 million for breaches in respect of data retention and the German Federal Commissioner for Data Protection and Freedom of Information imposed a fine of €9.55million on a Telecoms company for failing to take appropriate technical and organisational measures to protection personal data (anyone could access customer information by calling the helpline and giving the name and date of birth of a customer).

    The Data Protection Commission (the DPC) has been the focus of increased scrutiny as the regulator for a significant proportion of the “big tech” companies. There has been some commentary of the lack of fines being issued by the DPC but it has very recently issued its first two fines for breaches of the GDPR – both of them issued to Tusla (the Child and Family Agency). The first fine was reported to be in the amount of €75,000 but the amount of the second fine has not yet been announced. Both were in respect of wrongful disclosure of personal data. In addition, the DPC published that it has completed its inquiry into a data breach sustained by Twitter in November 2018 and has sent a draft report to Whatsapp Ireland in respect of its sharing of information of Facebook and compliance with articles 12 to 14 in that respect.

    These are only a flavour of the fines European Regulators have imposed for breaches of the GDPR but they show fines being imposed for a broad spectrum of breaches. It was well publicised that the fines proposed by the ICO arose from external cyber criminality flagging to companies that it is essential to have appropriately robust cybersecurity systems in place to minimise the risk of being fined. In addition, the fines imposed by the Austrian German and Irish regulators show the importance of having strong and effective policies and procedures in place and following those policies in order to protect personal data.

    The future of the GDPR
    It must be borne in mind that the GDPR is still only a toddler and for a law of this depth and breadth, it will take another few years to bed in fully. What is clear is that there is still a lot of “growing” to be done by the GDPR – in terms of its maturity within companies and within their processes and in terms of its use and enforcement by European regulators. The rest of 2020 will see the decision by the European Court of Justice into Shrems II case (on the transfers of personal data from the EU to US) and (presumably) the ramping up of enforcement action by the Irish Data Protection Commission now that it has issued its first GDPR fines. It is essential that companies do not let their initial fervour to ensure that they are GDPR compliant lapse. It is as important now as it was on 25th May 2018 that companies abide by their data protection obligations both to protect data subjects’ rights and to protect their businesses.

    Ward Solutions can help to maintain your Data Protection compliance. We provide, on an ‘as a service’ basis, certified, knowledgeable and experienced Data Protection Officers to help you fulfil the role of DPO in your organisation. Many organisations of varying size across all sectors are moving to this cost effective model to fulfil their Data Protection compliance requirements

    Ward Solutions can also assist in improving your overall Information Security posture in a cost effective manner through our “CISO as a service”. We supply a dedicated senior Information Security consultant to work with your organisation to deliver all the responsibilities of a CISO. This service can be delivered for a specific set of tasks, a specific timeframe or on an ongoing retained (but not necessarily full-time) basis.

    As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:
    Contact your normal account manager for sales or
    Contact our orders department at
    Contact our service delivery office at
    Contact our Security Operations centre at
    Contact our Network Operation centre at
    Contact our finance department at

    Ward Support Team


    Tusla has become the first organisation fined for GDPR…

    The child and family agency, Tusla, has become the first organisation in the Republic of Ireland to be fined for a breach of the General Data Protection Regulation (GDPR).
    The agency was fined €75,000 arising out of an investigation into three cases where information about children was wrongly disclosed to unauthorised parties.
    State bodies can be fined up to €1 million for breaches of the data rules, and multinationals can be fined up to €20 million, or four per cent of their previous year’s turnover.

    During the COVID-19 pandemic organisations were required to quickly move their staff to a remote working model. In normal circumstances, remote working would add considerable data protection risks. The urgency of the recent move to this model in a sometimes ad-hoc and unplanned manner has increased these risks even further. Coupled with this there is evidence of a global increase in fraud and hacking activities in the past weeks. It is clear that the compliance requirements of GDPR continue regardless of the current crisis. This is evident in the move to introduce the first GDPR fine in Ireland.

    GDPR compliance is a requirement for organisations in terms of managing their data protection risk and demonstrably showing their customers, staff, and partners that you take their data protection seriously. To comply with the accountability compliance requirement of GDPR this aspiration must be supported by documentary evidence to prove this is the case. Under GDPR a nominated Data Protection Officer (DPO) is required by public bodies and in certain organisations whose core activities involve the large scale processing of personal data.

    Ward Solutions can help to maintain your Data Protection compliance in these unusual times. We provide, on an ‘as a service’ basis, a Data Protection Officer to help you fulfill the role of DPO in your organisation. Many organisations or varying size are moving to this cost effective model to fulfill their Data Protection compliance requirements

    Ward Solutions can also assist in improving your overall Information Security posture in a cost effective manner through our “CISO as a service”. We supply a dedicated senior consultant strategic information security professional to work with your organisation to deliver all the responsibilities of a CISO. This service can be delivered for a specific set of tasks, a specific time frame or on an ongoing retained (but not necessarily full-time) basis.

    As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:

    Contact your normal account manager for sales or
    Contact our orders department at
    Contact our service delivery office at
    Contact our Security Operations centre at
    Contact our Network Operation centre at
    Contact our finance department at


    Forensics & Incident Response

    Zoom Password Breach during the Covid-19 Crisis

    As organisations continue to develop and expand their remote working capabilities following the extension of restrictions during the Covid-19 crisis, threats to remote meeting facilities are on the increase. In particular, platforms such as Zoom have seen an increase in targeting by malicious actors, with a number of incidents being reported over the past weeks. Some notable incidents reported included:

    – Zoom Bombing of home-based classes which have reportedly lead to Singapore’s Ministry of Education to ban the use of Zoom for these purposes.
    – Google reportedly banning Zoom from its employees’ laptops, stating that they did not feel the service met their security standards.
    – In particular, earlier this week, there were reports made of more than 500,000 Zoom accounts having been listed on the dark web for possible sale.

    In relation to the reported password breach it is recommended that you should change your administrator passwords immediately. You could also check if the email accounts associated with your zoom service have previously been compromised using the haveIbeenpawned website.
    As with any cloud-based service, organisations using Zoom are advised to review the security controls that they currently have in place for the service, and ensure that the controls implemented are sufficient to limit the potential for compromise.

    Password Policy
    Zoom provides a number of controls for administrators to manage accounts and user access. Organisations should ensure that the administration and management of Zoom user accounts is compliant with their existing password policies and access control requirements. This may include:
    – Use of complex passwords
    – Password rotation (enforced password expiry)
    – Restriction on the re-use of passwords
    – Enabling of 2FA, where possible
    – User account time-out after a period of inactivity
    – Restrictions on use of sign-in via web-mail or other social media platforms such as using Gmail or Facebook credentials to log in – in particular users should be instructed to not re-use existing passwords which they may use for accessing other social media services

    Organisations should ensure that users are fully aware of their password policies, and are provided with sufficient training to manage their Zoom accounts securely.
    Where an organisation may feel that the controls currently configured on the Zoom service are weak, it is recommended they enable the additional required access controls, and instruct users to change their passwords as soon as possible.

    Acceptable Use
    Most organisations have an acceptable use policy or user security manual in place which instructs users on the appropriate use of company systems and services, such as email, IM, web-browsing, etc. Organisations should ensure that controls regarding the use of meeting conferencing services such as Zoom be included in any policies for acceptable use. Organisations should give consideration to the following:
    – File sharing – this should be restricted and/or disabled in line with organisation requirements.
    – Video and conference recording –be aware of who recordings are potentially made available to. Where recordings are set to public, these can subsequently be available to anyone with a valid link, including third party participants. Users should be made aware of any personal data and data handling requirements when utilising this facility.
    – Screensharing – users should be made aware of potential issues around screensharing where confidential and/or personal data may be inadvertently displayed to persons who are not authorised to view the data. This should be restricted in line with organisation requirements.
    – Remote control – where a user grants this permission, they may be giving a third party access to internal organisational resources, and/or confidential data as they are allowing another user to have remote control of their system.

    The security controls put in place should always adhere to the principle of security by default. Organisations are recommended to disable or restrict all controls that are not required for their users to carry out their daily working activities, and where features are required, ensure users are:
    – Made aware of the organisational policies regarding the use of the services
    – Provided with sufficient training on the use of the services so that they can operate the service securely

    How Can Ward Help?
    Ward can assist you with assessing and identifying potential risks introduced with the move to cloud-based services, such as Zoom including a review the security hardening of your account to ensure that sufficient controls are in place. If you feel a move to another cloud, based portal such as Microsoft Teams is appropriate we can assist in securely implementing your Teams environment.
    A number of criminals have taken advantage of the fact that staff are now required to work remotely. In this new environment is important that staff are aware of these cyber threats. Ward have considerable experience of providing security awareness training and security policy development services which can help give organisations and their employees the confidence to securely continue their work in this time of change to remote working practices.

    As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:

    Contact your normal account manager for sales or
    Contact our orders department at
    Contact our service delivery office at
    Contact our Security Operations centre at
    Contact our Network Operation centre at
    Contact our finance department at

    Ward Support Team