DataSecurityExpert “Special” Exposé - If you have ever wondered what data leakage/exposure looks like, here is your chance to see, and it contains some funny stuff (e.g. adult toys and more)

Details

Category: Cyber Security (Personal)

This is like a Top Gear or Grand Tour, it is extra long and contains a lot of cool stuff!

WARNING: This article contains some mild adult words later on - no images of course.
Part one
This is actually part two; part one is https://www.datasecurityexpert.co.uk/articles/273-supply-chain-security-this-will-make-you-think-twice-about-shopping-online,-especially-at-adult-stores.html. Why am I exposing more this time? Simple; things have not improved at all and have maybe got worse. You will know from my writing, I am technically biased and firmly believe the United Kingdom is very vulnerable and is not improving fast enough security-wise. I have probably ten plus seriously shocking stories, however this one is not about a client nor employee, hence the part-exposure.

Let’s start off in 2015 with something rather trivial. I ordered two small books; one on ISO 27001 and one on PCI-DSS. They were purchased from a well-known, though not big, IT services firm which sells consulting services, books and training courses. The books arrived, I read them and forgot about everything. Not long after, I started working at Capgemini, which has no relation to this story.

Read more …

Physical red teaming and people posting too much on social media: we have seen kids flash their credit/debit cards but what about corporate IDs?

Details

Category: Cyber Security (Personal)

Crimsters (that's my word), innocent adults and innocent kids have a habit of posting all sorts online. From pictures of them smoking naughty things, posting their first ever credit or debit card, incriminating themselves to telling the world they are on holiday. Nothing surprises me.

In the last few months I have noticed something "new". People posting on LinkedIn to say they are joining or leaving a company. Not vastly exciting you may think. In the post is a high-resolution image of their company ID badge and more. I randomly spotted the image at the bottom of this piece on LinkedIn, from a non-Brazilian contact. It has her employee number to.

Read more …

Cyber security: the gap between rich (good security) and poor (not good security)

Details

Category: Cyber Security (Personal)

Normally we talk about the gap between rich and the poor in developing nations and within the United Kingdom at times - being a cyber security website as you can guess this article is not about class or education. I have been in info, information, data, IT, internet, network, computer, cyber security or whatever it was called at the time for fourteen years. Weirdly the private sector organisation I started off working at all those years ago as my first real job was better managed and secured than some you see today!

It had COPE (corporate owned personally enabled), web filtering, IDS (intrusion prevention detection), DLP (data loss prevention), email filtering, full disc encryption, privileged account management, security change approval board and more. This was before the words “cyber security” was even used and today I see large firms less secure than this private sector organisation. From finishing in 2006 I have worked at or consulted to many small-medium firms, very large firms and central government departments, and have seen so many hilarious things. Apart from me no one else was nosey enough to look around or ask hard questions. I would find flaws which had existed for years.

Read more …