DataSecurityExpert.Co.Uk - All Things Graeme Batsman

Chapter Author

Contact Graeme

Journalists, students, potential clients or anyone else email.......
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

Need a low cost environmentally friendly shredder with high entropy? Introducing the DIN level 3-5 gerbil shredder!

Details: Category: Blog; Published: 24 August 2020

Office365/Microsoft365 Email Security

Details: Category: Cyber Security Guide; Published: 03 August 2020

With every man, woman and his/her dog using Office365 for email, it appears it is an invasion plan! This translates into many central government departments including the Ministry of Defence + National Cyber Security Centre, councils, schools, constabularies and FTSE 100s. It takes away backup, patching, maintenance and elements of security. As with all cloud services, security comes down to the one who configures it and it is not perfect out of the box. Email is the core communication method and can be used to reset passwords plus pull off a lot more attack types.

The admin account
Go back ten years and usernames were not email addresses but a letter followed by a few random numbers. Now everything is This email address is being protected from spambots. You need JavaScript enabled to view it. or initialsurname as a login. This has made password cracking, guessing and phishing easier.

The admin account should not be the Head of ITs general email address but something different so it cannot be guessed easily. I.e. do not set the admin account as This email address is being protected from spambots. You need JavaScript enabled to view it. but rather something like This email address is being protected from spambots. You need JavaScript enabled to view it. or more random to make it harder to guess. Look at general password policies to.

Shadow IT during Covid-19: Do not let your employees decide which apps and tools to use

Details: Category: Cyber Security; Published: 01 June 2020

If you don't take control, your remote-working teams may be putting your IT infrastructure at risk of hacking or loss of data. Take these simple steps to ensure your company's assets and confidential information remain secure.

Even during the best of times, employees, especially the geekier ones, will use their own geeky SaaS services – some of which the average cybersecurity bod has never heard of, let alone seen before. Since teams are mostly working at home, there is no physical visibility and a reduced virtual monitoring – some people may for instance be doing everything on Office365 email or OneDrive without using a VPN, which is still not ideal. Unregulated use of SaaS services can very quickly mean you lose 100% control of your data as well as storage jurisdictions.