DataSecurityExpert.co.uk - All Things Graeme Batsman

Service Offerings

Cyber security training
Product reviews
Blog or article writing
SME & UHNWI cyber security

View more details here or email me.

Chapter Author

"Chpt. 4: How to Defend"

Contact Graeme

Journalists, students or potential clients:
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

No AI Used Here

Don't overlook physical security!

Details: Category: Cyber Security (Personal)

QA Cyber Security Technical Consultant, Graeme Batsman, explains why poor physical security often leads to easier hostile reconnaissance or social engineering.

We often bang on about cyber security and its importance (rightly so!), but we should not overlook the importance of physical security. Would-be attackers will always look for weaknesses in the company or the supply chain, and that may/will include weaknesses in building security. This month I learnt this first-hand while teaching a large group of under 18s. Story below…

One of the exercises was ProRat. It is not brown or black as you may imagine – it is a Windows remote access trojan. The delegates install it and they can remotely control another Windows 10 PC. It has tonnes of functions which work assuming anti-malware is off and the TCP port is open. You simply download and run it, and the ‘attacker’ enters the local IP of the ‘defender’ and you hit connect.

Security on Office 365

Details: Category: Cyber Security (Personal)

QA Cyber Security Technical Consultant, Graeme Batsman, lists five tips to enhance security for Office 365 email.

Office365, other SaaS email services and other Clouds in general can be more secure than having it on-premise, however security is also dependent on an important factor… you the end user. You can spend £1,000 on a physical high security certified safe and set the PIN as 00000 or put a Post-it note near it with the PIN on, and hey presto the high security product or service is greatly weakened by a human being.

The admin account
Go back ten years and usernames were not email addresses but a letter followed by a few random numbers. Now everything is This email address is being protected from spambots. You need JavaScript enabled to view it. or initialsurname as login. This has made password cracking, guessing or phishing easier.

DataSecurityExpert “Special” Exposé - If you have ever wondered what data leakage/exposure looks like, here is your chance to see, and it contains some funny stuff (e.g. adult toys and more)

Details: Category: Cyber Security (Personal)

This is like a Top Gear or Grand Tour, it is extra long and contains a lot of cool stuff!

WARNING: This article contains some mild adult words later on - no images of course.
Part one
This is actually part two; part one is https://www.datasecurityexpert.co.uk/articles/273-supply-chain-security-this-will-make-you-think-twice-about-shopping-online,-especially-at-adult-stores.html. Why am I exposing more this time? Simple; things have not improved at all and have maybe got worse. You will know from my writing, I am technically biased and firmly believe the United Kingdom is very vulnerable and is not improving fast enough security-wise. I have probably ten plus seriously shocking stories, however this one is not about a client nor employee, hence the part-exposure.

Let’s start off in 2015 with something rather trivial. I ordered two small books; one on ISO 27001 and one on PCI-DSS. They were purchased from a well-known, though not big, IT services firm which sells consulting services, books and training courses. The books arrived, I read them and forgot about everything. Not long after, I started working at Capgemini, which has no relation to this story.