Data Security (Inc. Data Loss Prevention), Cyber Security, Privacy, Website Security, Email Security, Malware/Viruses, Open Source Intelligence, Cyber Security/Product Training

Service Offerings

  • Cyber security training
  • Product reviews
  • Blog or article writing
  • Cyber security consulting for SME & HNWI
View more details here or email me.

Chapter Author

Contact Graeme

Journalists, students, potential clients or anyone else, email.......
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

No AI Used Here

There's more to Cyber Security than Pen Testing!

Details
Category: Cyber Security (Personal)
QA Cyber Security Technical Consultant, Graeme Batsman, looks at Intrinsic vs. Extrinsic Project and Programme Management.

Over the last few years I have worked on different accounts from massive corporations to central government departments. Sadly, I have seen all sorts of amusing situations, for those of you that think poor security as amusing. One thing in common across most organisations, when it comes to poor security isn't necessarily the employee's lack of experience but more to do with poor management or you guessed it…. Something which makes the world go around….cash.

Numerous in house or externally managed projects/programmes get little/no security oversight let alone a Pen Test. A project/programme will have an overall Manager/Director, various leads and resources. Think about it, if a programme with a budget of tens of millions has 100 full time staff for three years, can't it afford 1-2 full time security resources? Unfortunately more often than not, this isn't the case resulting in the security versus project team staffing ration to be poor.

Read more …

Don't overlook physical security!

Details
Category: Cyber Security (Personal)
QA Cyber Security Technical Consultant, Graeme Batsman, explains why poor physical security often leads to easier hostile reconnaissance or social engineering.

We often bang on about cyber security and its importance (rightly so!), but we should not overlook the importance of physical security. Would-be attackers will always look for weaknesses in the company or the supply chain, and that may/will include weaknesses in building security. This month I learnt this first-hand while teaching a large group of under 18s. Story below…

One of the exercises was ProRat. It is not brown or black as you may imagine – it is a Windows remote access trojan. The delegates install it and they can remotely control another Windows 10 PC. It has tonnes of functions which work assuming anti-malware is off and the TCP port is open. You simply download and run it, and the ‘attacker’ enters the local IP of the ‘defender’ and you hit connect.

Read more …

Security on Office 365

Details
Category: Cyber Security (Personal)
QA Cyber Security Technical Consultant, Graeme Batsman, lists five tips to enhance security for Office 365 email.

Office365, other SaaS email services and other Clouds in general can be more secure than having it on-premise, however security is also dependent on an important factor… you the end user. You can spend £1,000 on a physical high security certified safe and set the PIN as 00000 or put a Post-it note near it with the PIN on, and hey presto the high security product or service is greatly weakened by a human being.

The admin account
Go back ten years and usernames were not email addresses but a letter followed by a few random numbers. Now everything is This email address is being protected from spambots. You need JavaScript enabled to view it. or initialsurname as login. This has made password cracking, guessing or phishing easier.

Read more …

Page 16 of 60