Cyber security: Are we the weak points?

Stephen France is an expert in technology change projects, working for Marbral Advisory in both the public and private sectors to deliver transformation and diminish data risk. In this article, he talks scammers, data as a commodity, and how we can all try to protect ourselves.

I recently used a booking website to reserve a hotel room for an upcoming trip. For confirmation purposes, I was asked for my mobile phone number. Twenty minutes later I received a text from an unknown number addressed to ‘Hi mum’, explaining that the unnamed sender had damaged their phone and was using a friend’s. This kind of trap is becoming all too common, and we must be savvy to navigate between the scams and genuine communications.

Spam is becoming harder to identify

My email spam folder is bursting with offers inviting me to part with personal details in exchange for free toolkits, or to ensure delivery of a package that I never ordered or advising me of unusual activity on one my email accounts. However, an increasing number of emails are reaching my inbox, and these are becoming harder to distinguish from genuine emails.

Aside from the obvious clues such as poor spelling and grammar, an ambiguous addressee or salutation, often the reply address is an easy give away. After all, why would an email from my bank require me to reply to some obscure email address?

Information is now the most valuable commodity on the planet

Never a day goes by without us hearing about another scam victim losing their savings.

Information is now the most valuable commodity on the planet and there are people who will go to any lengths to obtain it, usually for nefarious purposes, whether to blackmail organisations into parting with money, or to gain access to their systems to disrupt operations.

Large organisations will take the threats very seriously and go to great lengths to protect their computer systems and livelihoods. Smaller organisations may consider themselves at less risk. However, the situation in Ukraine has led to a significant increase in attacks on those countries supporting the war effort, and the purpose of those attacks is to cause disruption at any level to our normal lives.

Attacks on infrastructure such as electricity, gas, water, or logistics, are becoming more frequent.

Are our employees protected when working from home?

More and more of us are working from home and our employers may have provided equipment for us to use and this should be compliant with our employers’ security standards. However, we may be using our own devices to access our employers’ networks and services, and these may not be as secure. Since we also use these devices for our own purposes there may be an increased risk and we need to ensure we have taken steps to protect both ourselves and our employers from any risk.

Take a look at this short Cyber Security and Remote Working e-learning course for individuals or teams to assist.

Security, change and risk

Many organisations are in a constant state of change, implementing new projects and programmes and upgrading their systems and processes. Historically, security may have been low down on the list of priorities. Security now needs to be considered at every level when implementing change.

As part of any project, risk assessments need to be undertaken and steps taken to remove or reduce any risks identified.

We are the weak point

Hackers are looking for any weak points and often those weak points are us.

We can take simple steps to reduce risks. There’s no point in relying on systemic security solutions if we don’t lock our screens when not using them or leave sensitive information lying around or on a printer.

How many times do users write their passwords down and leave them under their keyboards or attached to a screen? Are your passwords easy to crack? Consider using a pass phrase instead of simple password. Don’t reuse the same passwords for different systems or websites and yes, it is difficult to remember multiple passwords but there are techniques that can be used to help you remember and secure online vaults for storage too.

It’s important to remember that security is not just someone else’s responsibility – it is everyone’s.

If you are about to embark on a change project or technology programme and need further information or guidance on conducting risk, data or GDPR assessments, please contact Stephen’s team at Marbral Advisory by email or visit the website.