DataSecurityExpert.co.uk - All Things Graeme Batsman

Service Offerings

Cyber security training
Product reviews
Blog or article writing
SME & UHNWI cyber security

View more details here or email me.

Chapter Author

"Chpt. 4: How to Defend"

Contact Graeme

Journalists, students or potential clients:
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

No AI Used Here

Physical red teaming and people posting too much on social media: we have seen kids flash their credit/debit cards but what about corporate IDs?

Details: Category: Cyber Security (Personal)

Crimsters (that's my word), innocent adults and innocent kids have a habit of posting all sorts online. From pictures of them smoking naughty things, posting their first ever credit or debit card, incriminating themselves to telling the world they are on holiday. Nothing surprises me.

In the last few months I have noticed something "new". People posting on LinkedIn to say they are joining or leaving a company. Not vastly exciting you may think. In the post is a high-resolution image of their company ID badge and more. I randomly spotted the image at the bottom of this piece on LinkedIn, from a non-Brazilian contact. It has her employee number to.

Cyber security: the gap between rich (good security) and poor (not good security)

Details: Category: Cyber Security (Personal)

Normally we talk about the gap between rich and the poor in developing nations and within the United Kingdom at times - being a cyber security website as you can guess this article is not about class or education. I have been in info, information, data, IT, internet, network, computer, cyber security or whatever it was called at the time for fourteen years. Weirdly the private sector organisation I started off working at all those years ago as my first real job was better managed and secured than some you see today!

It had COPE (corporate owned personally enabled), web filtering, IDS (intrusion prevention detection), DLP (data loss prevention), email filtering, full disc encryption, privileged account management, security change approval board and more. This was before the words “cyber security” was even used and today I see large firms less secure than this private sector organisation. From finishing in 2006 I have worked at or consulted to many small-medium firms, very large firms and central government departments, and have seen so many hilarious things. Apart from me no one else was nosey enough to look around or ask hard questions. I would find flaws which had existed for years.

WhatsApp: does it’s end to end encryption implementation actually cut people out?

Details: Category: Cyber Security (Personal)

Firstly, I am a security and privacy freak with my personal security likely being better than what you would find at the British MoD. I try to avoid mass market services especially those owned by the big players and that includes WhatsApp. Occasionally I use it abroad while using a country SIM since it saves on high bills since it uses the internet not GSM which has high call charges while abroad. As soon as I am on the flight back, I uninstall it, remove its historically entry from the app store and remove left over files.

WhatsApp was once independent and then Facebook bought it up. Facebook, WhatsApp and other mass market services are typically free, and are funded by advertising or worse them selling on your data. WhatsApp has no advertising in it, so you have to wonder how they make money out of it. Their security spiel claims it offer end to end encryption by default and they cannot read your messages. It states the encryption is handled by the devices and they do not store messages once pushed to the end device. There is a short sentence about law enforcement access so obviously there is a way around it.