HiddenText Ltd

NCSAM – National Cyber Security Awareness Month – Protect IT

/

, , , , ,

Following on from , this week as part of Cyber Security Awareness Month, we look at the final theme:

 

Protect IT

 

The main themes for this post will be:

  1. Patches and Updates
  2. Safety when out and about
  3. It’s yours, look after it

 

Patches and Updates

I bet you’re like me, you’ve been working on a document or at a critical part in a game, been stood on a stage or chairing a meeting and … bam … the screen goes blank only to be replaced with:

Why me?!

Windows Updates, Apple Mac updates … I’ve even been about to leave the house (late) for a train and my phone got an update! I mean c’mon people why me?

Well the good news it isn’t just you, it has happened to pretty much everyone.

The good news is that these updates are actually good news – seriously I do mean that! I know their timing isn’t the best, but they are pretty important.

What are they

I’m going to ask you to type something on your keyboard …

The Quick Brown Dog Jumped Over The Lazy Fox.

Did you put the dog and the fox the right way round?

Did you capitalise each word correctly?

Well writing code is a bit like that but longer (much longer) and much more complicated. The writers of the apps, websites and software that we use every day are mainly just like you and me … humans. And you know what? They make mistakes. Paul Ehrlich said it best in this quote:

So let’s say that a software developer makes a tiny mistake in one line of code for every million lines of code they write … that means that Windows 10 has 50 errors in it:

https://ostoday.org/windows/how-many-lines-of-code-in-windows-10.html

It means Google has quite a few big issues too !

So when one of these mistakes (a bug) is found, the developers fix it with more code and send out an update to everyone who uses the software to fix that bug.

Well that’s good isn’t it?

Absolutely! because it is the bugs in the software that criminals can use to find ways to get in to websites and computers!

And really, it’s as simple as that. If you get an update, you do need to do it. The issue is that it can break other things too, like older software and so some businesses don’t rush to do the updates until they are fully tested. During that time though, they are vulnerable to attack.

https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/software-updates-important/

My Advice

Home devices are usually absolutely fine to install the updates there and then. If you are using a device given to you by your company, then it is fair game that they are sending you the update after it has been tested and if you are unsure, speak to IT. If you are IT and you are reading this … good luck !!

Safety when you’re out and about

In this bit I want to cover two things … physical and digital. By physical I mean you … By digital I mean your device.

Physical

I travel quite a bit, commuting and longer trips away. One thing I would say most humans get wrong is OPSEC .. Operational Security … things that people can observe about you.

So let’s put it in context. Picture you are stood on a train and it 8am … it’s full. It’s rammed. You are eye to armpit. You look around you at the wall of heads and faces, the air pods wedged in the ears, the blank vacant stares of the people into their screens, catching up on Netflix and the footy from last night.

Or are they? Sometimes you get a glimpse of someone’s phone and their messages. Funny aren’t they. Sometimes you see their name badge and their company.

Think like a criminal

So take an iD badge. You get a name, you get a logo or better a company name. Quick lookup on LinkedIn, now you have a job title. Could you guess the email address I wonder? Subtle photo of their badge, I reckon you could make that badge and look like an employee yourself! In the land of Cyber Security, this is part of a thing called social engineering. It is a bit James Bond sounding and there is a lot more work goes into it, but you get the idea.

  • Name
  • Job Title
  • Company
  • Previous Companies
  • University Name
  • Course Titles
  • eMail address
  • Phone Number

How about the person on social media. So now you have their iD, you see that they interact with a close group of friends, you can guess a town/village from the stop they got on. So do a search on Facebook etc and see if you see them. Do they have any family connected? can you see a birthday? Husband, parents, grandparents? What does that give you?

  • Name
  • Location
  • Social Media profiles
  • Names of friends
  • Family names
  • Date of Birth
  • Mothers maiden name

You can see how valuable that would be for identity theft.

What about the train to London, the professional person with their laptop out, business papers on the table, opening emails, looking at Powerpoint slides taking calls. What did you get from them?

  • Name
  • eMail address format
  • Colleagues names
  • Company name
  • Project names
  • Sales Figures
  • Value of laptop indicates spend on staff
  • Software they use
  • What their clients buy from them
  • Link this to LinkedIn above too

My favourite is when they leave the laptop unlocked when they go to the loo … I mean c’mon, you’re just making it easy!

The Advice:

  1. Don’t be that person.
  2. Be aware of who is around you trying to ‘shoulder surf’ you.
  3. Your works laptop should have a privacy screen on it
  4. Headphones – take them off every now and again so you can hear what’s going on
  5. Imagine I am sat next to you or stood behind you!

Digital

So there you are .. on the train, in the coffee shop, at the conference or event … Hmmmm lovely free Wi Fi … !

Have you ever thought why we all get so excited at the prospect of free wifi, especially when you don;t even use the data up on your monthly tariff? Nope, neither do I! So, let’s get protecting you. The issue you have is that Free WiFi is essentially – someone else’s internet. You don’t know what’s going on with it, are they sat hoovering up all your data looking for something interesting. And that’s the point really – it’s the not knowing.

So don’t connect

Try tethering to your mobile phone if you have data on your plan and most importantly … a VPN.

A VPN is like a private tunnel access out to the internet with no-one digitally shoulder surfing you. I have only used commercial ones like CheckPoint so some, go find a decent VPN!

 

It’s yours, look after it

This is the final section for my NCSAM posts this year and I really wanted to change a context here so hear me out.

Pick up YOUR phone, not the mobile that your company gave you … yours. OK so in your phone you have a device worth somewhere between 100 pounds and 1000 pounds. It’s pretty amazing isn’t it … in that slimline shape, you have a touchscreen, a mini computer, a camera, a phone. It’s pretty cool isn’t it.

So look after it! Do your own risk analysis:

Don’ts

  • don’t put your phone in your back pocket and sit down (it’ll smash the screen or bend your phone).
  • don’t put your phone in your bra or top pocket then bend over to pick something up (like the toilet roll the kids left behind) your phone will fall out and onto the floor (or into the loo)
  • don’t leave it in your vehicle when you get out … even for a short time
  • don’t leave it in a cab or on the train … you will panic and the stress just isn’t worth it!
  • don’t install apps unless they are from your proper app store

Do’s

  • do install some kind of “Find my Phone” that you can check from a web browser in-case you can’t find it
  • do use anti-virus/anti-malware/anti-theft to protect your device
  • do use fingerprint or face recognition on your device as PIN numbers can be easily witnessed
  • do scan your device monthly for anti-virus/anti-malware etc
  • do monthly go through your apps and check what you no longer need
  • do use 6th sense when you get text messages from your banks etc. Your phone is a computer and criminals want access to it
  • do backup your phone to the cloud BUT have strong security on that cloud account

Think about when you are at home at night … look after your tech, lock it away, turn it off, hide it, protect it.

 

So that was the final NCSAM blog from me … Hope you found that useful and can use those simple tips to get you started this month.

Share your own tips below and see if you make the 4th blog I’m doing … Readers Tips !!

[gravityform id=”1″ title=”false” description=”false”]

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.