DataSecurityExpert.Co.Uk - All Things Graeme Batsman

Chapter Author

Contact Graeme

Journalists, students, potential clients or anyone else email.......
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

Physical red teaming and people posting too much on social media: we have seen kids flash their credit/debit cards but what about corporate IDs?

Crimsters (that's my word), innocent adults and innocent kids have a habit of posting all sorts online. From pictures of them smoking naughty things, posting their first ever credit or debit card, incriminating themselves to telling the world they are on holiday. Nothing surprises me.

In the last few months I have noticed something "new". People posting on LinkedIn to say they are joining or leaving a company. Not vastly exciting you may think. In the post is a high-resolution image of their company ID badge and more. I randomly spotted the image at the bottom of this piece on LinkedIn, from a non-Brazilian contact. It has her employee number to.

Cyber Security Top Tips

QA Cyber Security Technical Consultant, Graeme Batsman, lists five top tips to help users stay safe online.

Patch patch patch
Ten years ago everyone would joke about core operating system security and though it is not perfect today the blame game has changed partly. Most infections start off by something (a human is of course behind it) exploiting add-ins or browsers; Opera, Firefox, Chrome etc. + PDF, Flash, Silverlight, Java more.

Set automatic updates, let the PC restart when it starts and pay even more attention to non-core operating system software (browsers above) and add-ins (add-ins above). To reduce the attack surface only install what you need, and review items installed from time to time, and remove what is rarely used.

Cyber security: the gap between rich (good security) and poor (not good security)

Normally we talk about the gap between rich and the poor in developing nations and within the United Kingdom at times - being a cyber security website as you can guess this article is not about class or education. I have been in info, information, data, IT, internet, network, computer, cyber security or whatever it was called at the time for fourteen years. Weirdly the private sector organisation I started off working at all those years ago as my first real job was better managed and secured than some you see today!

It had COPE (corporate owned personally enabled), web filtering, IDS (intrusion prevention detection), DLP (data loss prevention), email filtering, full disc encryption, privileged account management, security change approval board and more. This was before the words “cyber security” was even used and today I see large firms less secure than this private sector organisation. From finishing in 2006 I have worked at or consulted to many small-medium firms, very large firms and central government departments, and have seen so many hilarious things. Apart from me no one else was nosey enough to look around or ask hard questions. I would find flaws which had existed for years.