5 posts • joined 15 Oct 2018
Re: I know it's unlikely
Working in digital forensics a member of my team did this to a new grad. They then told him that it was his mobile phone interfering and that he should put his phone in airplane mode. The poor guy believed him and spent the next however long with his phone in airplane mode. Eventually they confessed to it. The 'victim' had a digital forensics degree. You'd have thought he know better.
I imagine this is the tip of the iceberg when it comes to unprotected information that the police and other authoritative bodies have squirrelled away. And by squirrelled away I mean under a desk, in a car etc. Not to mention all the private companies that have tonnes of data going back years. I imagine that when new laws pass or new systems come into existence the old ones aren't cleansed or data migrated properly, they're just hidden away. Out of sight, out of mind.
Cyber-crooks think small biz is easy prey. Here's a simple checklist to avoid becoming an easy victim
I've been involved in the aftermath of multiple cyber security incidents and they have nearly always originated from human error/poor judgement/lack of training.
An attack may take advantage of a weakness in a system but quite often that is exploited through some form of social engineering approach.
I firmly believe that as long as a company has some information security, one of the best things they can do is educate people. By having a clear strategy and ensuring people comply with policies (be that automated or manually checked) you close the door on a lot of possible attacks. By educating and raising awareness to all staff, you instil the 'what-if' thought process in people and that can be all it takes for someone to question a phishing phone call or flag an email that may be trying to get information. Early identification is key to these situations and prevents further infection. Teaching people how to handle the pushy telephone calls, how to spot emails that may have been spoofed is always part of my information security awareness training. I keep groups small so that you can engage with people instead of doing large blanket company wide sermons.
Then you have the infosec strategy in the background, ensuring that everything is protected properly from a systems and monitoring point of view.
Having had first hand experience of procurement processes within the policing sector for digital services and hardware, it always seemed to boil down to price as the biggest deciding factor regardless of the outcome. Officers were tied up pushing next on over expensive hardware that was sold as 'the answer' to digital forensics when if they had just outsourced the work to a supplier that had the capability to do the work correctly they would have had more funds.
Never heard any government body say they have enough funds. Or resources. Including anything NHS based. Not to take away from the people that do great work in these government funded services. The people on the ground all do great work IME.
I've been a long time Surface user and I think the products are great. People will have views on each and every operating system until the cows come home; there will never be one that everyone is happy with.
As an out of the box device, the Surface is very good. The build quality on them is excellent and while they aren't cheap I think they're worth it. I used one at my previous company (both 3 and 4) for a couple of years and never had a problem with either. I've run VMs on them as well and while the limiting factor was the lower spec of the machines (i5 and 8GB RAM) they did what they needed to do. Previously working in Digital Forensics, Incident Response and Cyber Security.