DataSecurityExpert.Co.Uk - All Things Graeme Batsman

Chapter Author

Contact Graeme

Journalists, students, potential clients or anyone else email.......
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

What website security headers are and why you cannot see mine

Details: Category: Cyber Security; Published: 10 October 2019

Last month I moved my website to a new server and rebuilt it from scratch along with: double username/passwords, double ninja firewalling, restricted TLS configuration, security headers, two factor authentication and a SaaS WAF (website application firewall), and more of course.

Many of us technical folk have seen and used SSL Labs by Qualys which gives me a “A” rating though it states I still have TLS 1.0 available which is incorrect. SSL Security Test by ImmuniWeb gives me a “A+” (if only I got this during school GCSE’s!) and states only TLS 1.2 + 1.3. Odd Qualys gets it wrong.

The technical security controls listed in paragraph one are known apart from security headers which are less known about and used. Headers are sent/set by: WAF, load balancer, web application, web server and other devices, and they are sent from the website to the end users’ browser.

Cyber Attacks - Most of them are not as high-tech as you'd think

Details: Category: Cyber Security

Hackers have a reputation for using complex technical means to gain unauthorised access to digital systems. However, low-tech (or even ‘no-tech’) attacks are far more common. In this article we explore the low-tech cyber security risks, and how individuals and companies can protect themselves.

Spam, ransomware, phishing, spear phishing and SQL injection are all known attacks which can, and do, breach company and individual security. However QA finds many people do not think about the physical element (what can be physically seen and heard). Firewalls, antimalware, two factor and authentication do not protect against someone over-hearing a conversation, or seeing a screen. It is often said “people are the weakest link”.

Loose lips sink ships
A QA cyber expert was on a flight from a London airport to another location in the United Kingdom, and observed someone unlock their phone, from three rows back on the plane. This was the pattern:

Cyber Security for everyone - what we all should know

Details: Category: Cyber Security

In May the security of the official Sussex’s wedding photographers was breached, and private photos were released. This highlighted that it’s not just large companies who can be the targets, and victims, of a cyber-attack. In this article we explore the cyber risks faced by smaller companies, and how they can protect themselves from the threat.

A photographer’s skills lie in capturing great moments which last forever, rather than data security. The unauthorised release of the Sussex wedding photos however showed it’s still important that they think about cyber security – and the harmful potential of a data breach of even a small company.

The paparazzi and cyber extortionists would love to steal un-released photos. While the rich and famous often have great physical and digital security, their supply chain represents a great opportunity for people looking to get hold of these photos. Many in that supply chain – whether they be photographers or others, may be smaller or independent companies without the means to invest in dedicated cyber-security resources.