Security awareness seminar held at the Energus building, Lillyhall on 27th July 2010.
We will assist in planning of new corporate buildings to ensure nothing has been missed regarding physical security, access control and network design requirements. Once the building is complete, we will ensure that the staff are well trained to maintain the confidentiality, availability and integrity of the information within.
Get yourself a sense of security
Securing your IT - and reputatiion
Cumbrian firms urged to be better prepared for floods
News and Star
Keeping newsroom information safe
Submitted to UK Press Gazette
Cumbrians must prepare for wave of Cyber Crime
Lake District Messenger
Can your web site be trusted?
Lake District Messenger
Submitted to UK Press Gazette. December 2010
Journalists are notorious for their lack of interest in computers and all things technical - any IT manager knows this. There seems to be a yearning for the old days of typewriting copy, and throwing it downstairs to be bashed out and placed on paste boards. It would appear that there is a general consensus, especially amongst older reporters, that computers simply get in the way. It is for this reason that journalists are a prime target for the social engineering techniques (a form of confidence trickery combined with technical know-how) used by modern day hackers.
Picture the scene: a hacker phones in claiming to be from the IT department and asks for login details to help solve a problem reported earlier in the week. The social engineer is armed with colleagues' names and job titles to back up their story and reassure the victim that they are who they say they are.
If the reporter has a laissez-faire attitude to IT security then there is a strong possibility that sensitive information could be divulged. If, however, there were policies in place stating that no member of IT would ever ask for a password - and this was taught as part of an ongoing awareness program - the chances of this happening would be vastly reduced.
Dispel any notion that a hacker will just find is a bunch of old stories that have already been published. Consider the consequences of, for example, important contacts being removed or passed to a competitor. Once a hacker knows one password, think what else has become compromised because the same passwords are used for services such as PayPal or Online banking.
Journalists need to understand that their computer forms part of an intricate network within the head office and is only a heartbeat away from payroll and accounting systems. This is why IT managers have spent thousands, if not millions, of pounds on IT defence systems. Whatever happens, the bad guys must not gain access to a single computer within the confines of the security perimeter.
With this in mind, imagine that the deputy editor receives a phone call from the same hacker - this time wanting to speak with the editor urgently and claiming that today is the last day to renew their software contract. They claim the editor does this every three months. If it lapses, the price will double (tight timescales and price increases are popular weapons in the social engineer's arsenal). Unfortunately the editor is on holiday. The hacker already knew this because they are friend number 473 on Facebook (or a follower on twitter etc) - they even know the editor has gone to Antigua.
Again with no training, or a lax attitude, there is a good chance that the deputy editor would blindly enter keystrokes at the behest of the hacker that could be used to download remote access software. Now the hacker has a doorway into the network.
The finances of newspapers are at an all time low and a data security breach could mean that banks may no longer allow the use of credit /debit cards for taking payment of advertisements - this, together with a damaged reputation could very easily be the final fatal blow to the organisation.
Look around you - how many yellow sticky labels can be found on monitors or desk pin boards that contain sensitive information? How many non staff members have walked past these desks in the past month?
The News of the World listened to the voicemails of prominent Royals, politicians and VIPS simply because the default passwords had not been changed from 0000. This, if anything, should highlight how much we all need to raise our security awareness level.
A newspaper with its house in order improves the chances of the hacker quickly passing over them to find a less secure organisation. Every journalist must play their role in ensuring that their company is not the easy target.