Almost every day we hear reports of how inadequate data protection is in the UK for both individuals and businesses. We were all shocked at the scale of the recent phone hacking scandal, which led to the closure of the News of the World newspaper. Few people could imagine how easy it was for unscrupulous journalists and investigators to hack into the mobile phones of celebrities and innocent victims of crime.

Identity theft is a growing problem and computer systems that control vital services such as traffic lights and the national power grid are at risk of being taken offline by computer hackers.

Imagine the chaos in our Capital city if the London Underground suffered simultaneous signalling failure on all of its eleven lines. Workers would be unable to get to their offices, leaving their companies understaffed and losing valuable business, key workers such as nurses and firemen would be unable to reach their places of work putting people’s lives at risk. With so much depending on them you would imagine Transport for London (TFL) would ensure that its IT systems would be covered by the most sophisticated cyber defences possible and their staff would be fully trained and aware of the need to protect vital systems at all times.

Think again! Whilst watching a Channel 4 TV documentary Secrets of Pickpockets and Shoplifters shown in February 2013, Graeme Batsman, Security Director at ENCSEC was horrified at what he saw.

‘During the programme on a number of occasions a London Underground CCTV monitor was shown, pasted below the screen was a label on which was printed “TO LOG IN; USERNAME: SUPERVISOR. PASSWORD: PASSWORD”,’ said Graeme. ‘Two very basic errors that I wouldn’t expect a schoolboy or girl to make; a really weak password that anyone could guess or crack in no time at all, and even worse it was displayed for all to see. Anyone who could gain access to the building could simply go to the terminal enter the password and log in to sensitive systems.’



Graeme continued, ‘As an IT security specialist, I deal on a daily basis with the consequences of poor cyber security. It is not just about safeguarding systems from viruses and criminal hackers, it is an entire process, which covers every aspect of IT security, keeping one step ahead of the bad guy’s, constantly monitoring and upgrading protection and ensuring all staff members are fully trained and vigilant at all times.’