Chapter Author
Contact Graeme
Journalists, students, potential clients or anyone else, email.......
graeme@datasecurityexpert.co.uk
Something private to say?
PGP public key
graeme@datasecurityexpert.co.uk
Something private to say?
PGP public key
Why not controlling your business data is a bad idea, part two - five years later things have not changed drastically
- Details
- Category: Cyber Security (Personal)
It is all good securing the corporate issued laptop, if you do at all, and then pay little attention to remote services like OWA (Outlook Web Access), Office365 (<), OneDrive (cloud file storage) or the web based DMS (document management system). It is likely your laptop will have FDE (full disc encryption) and maybe, just maybe USB storage devices blocked which makes it a little harder to leak data by mistake or on-purpose.
Post 2010 the concept of the four walls of a company or the boundaries of its physical firewall have slowly (or now rapidly) been degrading. In the old days all we used was a Outlook client and a shared folder which meant you needed to be on-site or with a VPN-laptop to get to your data. The days of client software are reducing and everything now is browser based, more specifically cloud based which is hosted in someone else’s data centre.
Cyber security buzzwords: we will be bulletproof if we buy this shiny new box (insert words: AI, ML, Cloud, SIEM, Next-Gen, Blockchain, Zero Trust, Quantum, Disruptive, EDR, EPP, MDR, Threat Intel & APT to make it even better!)
- Details
- Category: Cyber Security (Personal)
This article covers two things:
- Do these products even work?
- If they do work, will/do people even bother or know how to configure them to the maximum?
Over the years and still to this date I have seen examples of both. Before I go into the personal examples, let’s talk about two massive buzzwords this year, AI (artificial intelligence) and ML (machine learning). I am not here to say they do not work but these are newish technologies and they are still in their infancy thus time will improve them.
What website security headers are and why you cannot see mine
- Details
- Category: Cyber Security (Personal)
Many of us technical folk have seen and used SSL Labs by Qualys which gives me a “A” rating though it states I still have TLS 1.0 available which is incorrect. SSL Security Test by ImmuniWeb gives me a “A+” (if only I got this during school GCSE’s!) and states only TLS 1.2 + 1.3. Odd Qualys gets it wrong.
The technical security controls listed in paragraph one are known apart from security headers which are less known about and used. Headers are sent/set by: WAF, load balancer, web application, web server and other devices, and they are sent from the website to the end users’ browser.
Page 11 of 58