Data/Cyber/Cloud Security, Privacy, Website Security, Data Encryption, Malware/Viruses, Open Source Intelligence, Cyber Defence, Data Breaches
What prompted me to write this you may wonder? Last month, before going to the Highlands + Islands with a friend I went away in England for a week and visited a tourist attraction. The 450-year-old attraction had the standard track and trace method which caused me to laugh.


Super safe, that is so reassuring to hear.


Surely “Super safe” means you can afford an SSL (TLS) certificate for £5/year? Yes, you can argue Let’s Encrypt and another does the same thing, however would you prefer a Lada or a Jaguar?

Moving on… does the word “secure” even exist? Perhaps in the Oxford English Dictionary but not in the real world. Let’s look at four different examples:

Protective services detail
The president of the United States has an insane security detail compared to what the prime minister or queen gets. In India there is X, Y, Z & Z+ security detail categories - there and in other developing countries security details are more for status symbols than security!

In India and the United States such measures have failed before. Take a sniper hundreds of metres away and it will be hard to stop the sniper taking out the target. In some cases, there has been an insider, think of Indira Gandhi.

Covid-secure measures
Hand sanitiser on entry, face masks/face shields on waiting staff, limited numbers, two metre gaps between tables and plastic pop-up banner plastic screens between tables.

Is it not possible for an infected sneeze to go 201 centimetres or the same sneeze to move around a two feet plastic screen, or face shield?

There is one jokey explanation for all these rules, including the rule of six. Each night Westminster transmits a message from a CNC (command and control server) to tell the virus the latest attack rules!

Forts and castles
A little over a decade ago I visited Daulatabad Fort which is near Aurangabad, Maharashtra (365 kms from Mumbai). It has great defences including: an outer wall, a moat, anti-elephant ramming doors, hidden rifles, mazes, multiple buildings within the complex and areas to pour hot liquids on invading enemies.


Taken by me pre-2010.

It’s defences in its heyday were amazing and the story goes the way it fell was through a brown paper envelope, a.k.a: bribe to get in the outer gate.

Cyber security for email
A company has Office365 with ATP (Advanced Threat Protection) and all elements have been gone through with a fine-tooth comb twice. Everything has been tweaked and two factor authentication is on all email accounts.

A email user gets a phishing email which they fall for and hand over their username + password through a website. Moments later the criminals phones them, posing as the service desk asking for the OTP (one time passcode) which comes through SMS.

Boom the defences are busted though with the right training and ninja defences it may have been possible to stop this attack.

What am I getting at?
Just because a website or business say it is Covid-secure or cyber-secure, it does not mean you’re bullet proof. Security is about levels and the levels should vary by organisation. A hairdresser will have different Covid “controls” and cyber controls to a local café. Even with great measures in place, it does not mean staff will follow all of them.

Very rarely am I impressed by the cyber security controls of a company. The last time was in 2019 and it was a defence contractor with: disc encryption, smart card to login to Windows account, application whitelisting, blocked USB ports and enforced VPN.

The equivalent of “Covid-secure” would likely look like everything above with each diner in a greenhouse which was steamed cleaned after each visit. Higher safety but slower and pricey to setup.