Get Safe Online Week: Help Yourself And Others With These 20+1 Tips

Today the UK sees the start of the ninth annual Get Safe Online Week. The initiative is designed to raise awareness of all things ‘cyber’ in an effort to protect home users from the ever present online threats of fraud, identity theft, harassment and other equally serious issues.

During the week Get Safe Online will be issuing tips and advice on how to stay safe when using your computer, smartphone or other devices, as well as publishing new research on attitudes towards online crime and looking at the experiences of those who have fallen victim to the same.

In anticipation of what may be presented this week, we here at Security Watch hereby present our own quick tips which can help you beef your own security up in next to no time:

  1. Install security programs on all of your devices and keep them up to date at all times
  2. Never open email attachments if you are not 100% sure of who sent them and be careful even if you do.
  3. The same goes for clinking on links in emails, especially when the sender appears to be a trustworthy organisation such as your bank
  4. Maintain regular backups of all your data – you never know when disaster will strike
  5. Always update your operating system as soon as patches are released
  6. Think before you post anything on social networks – the information you give out can be used against you by thieves and online attackers. It could also get you into hot water if you say the wrong thing.
  7. Always create strong passwords and never share them with anyone under any circumstances
  8. Struggling to remember all of those passwords? Use a password manager and never be tempted to use the same login credentials across a number of sites
  9. Only connect to networks you can trust – public, insecure hotspots may allow an attacker to eavesdrop
  10. Always type web addresses into your browser instead of relying on links, especially for sites where you then have to enter data. Check your spelling and, for sites that ask for personal information, look for a padlock icon in the browser and a URL that begins with HTTPS rather than HTTP
  11. Only download new apps from the official stores such as Google Play and Apple’s App store – the apps found on third party sites may not be what they seem, or may contain nasty surprises
  12. Take advantage of two factor authentication where available to add an extra layer of security to all of your online accounts
  13. Secure you own network – make sure it is encrypted and hidden (not broadcasting its Service Set Identifier (SSID)) and that it is protected by a password (remember that many routers come with a widely known default username and password so change both if possible)
  14. Protect your kids – set up parental controls but remember there is never any substitute to taking a keen interest in what your children are doing online
  15. When shopping online always use a credit card where possible as it will offer a higher level of protection should anything go wrong
  16. Never leave mobile devices unattended and always protect them with a PIN number or passcode
  17. If you share a computer be extra careful about what you use it for and consider erasing your tracks when you have finished with it
  18. If you haven’t heard of Edward Snowden search now to find out what he has to say about government surveillance. Next, consider using a Virtual Private Network or a service such as TOR for all your future web surfing needs
  19. Get used to reading banking and credit card statements whenever they arrive – they can provide a heads up should someone have compromised your plastic or your identity
  20. Keep abreast of the latest security developments by staying on top of the news and adding some of the key industry websites to your reading list – many websites offer up lists of recommended security blogs and here are a couple to get you started – http://www.rasmussen.edu/degrees/technology/blog/top-cyber-security-blogshttp://www.securityinnovationeurope.com/blog/40-information-security-blogs-you-should-be-reading

And for those readers who are already doing all of the above (you’re an infosec professional, right?) here is a bonus tip:

  • 21. Sign up to Give01Day and help share your undoubted expertise with UK charities which could seriously benefit from your generous support.

Brain And The Next 28 Years Of Malware (Infographic)

Part of getting older is looking at the next generation and marveling at how easy they have things, or their lack of knowledge of key things we grew up with.

Take the record player for example, or even the cassette tape – my kids don’t know what either of those are, and my youngest hasn’t ever used a CD, having grown up entirely with those MP3 things, whatever they are.

Its the same case with computing. My older children remember installing games and programs from DVD but my little one doesn’t even have an optical drive on her desktop – its USB sticks and downloads for her.

The same thing cannot be said for malware though.

Us oldies did have it easier in many respects, even if those who came after us are blissfully unaware of the fact that viruses were in circulation long before Erwise, Mosaic and Netscape ushered us into a pre-NSA era of information overload on the new worldwide web.

In January of 1986 the first virus in history was created in Pakistan, as discovered by Mikko Hypponen:

Following that, more viruses soon appeared and, like Brain, were spread via floppy disk, another antiquity that many internet users today will never have seen nor heard of.

Those early viruses were nothing like the ones we see nowadays though.

Early malware was, at worst, disruptive (wiping drives) and, at times, humourous (remember the ambulance that also featured sound?) in nature. It was largely produced by what is now a poor stereotype for a hacker – kids in their bedrooms, who were learning coding and having a bit of ‘fun’ along the way.

Unfortunately, subsequent years have seen a huge shift in the way malware is developed, and in its intention, as seen in the infographic below:

Infographic - a history of malware

Modern malware, as you can see, is now the preserve of not one individual coder but large organised gangs. The intention of such malware has changed dramatically too. Mere mischief is a thing of the past – today’s viruses are all about generating huge profits for online criminals and for arguably far more nefarious purposes too when those behind them have affiliations to nation states.

In 2014 malware is still breathing strongly, 28 years after it first appeared. Floppy disk attacks are long gone but email and internet attacks are here to stay and seemingly lurking around every corner.

Sure, defences are much improved too, but the fact that malware keeps evolving just keeps on ramming home the point that security is a reactive rather than proactive industry.

As such, you can never be one step ahead of an attacker, only as best prepared as possible.

So what have you done to secure your personal devices, your employees’ machines and your business networks from not only malware but all the other threats that technological ‘advancement’ has brought?

Poor Password Habits Cost Businesses £261 Per Employee Per Year

Poor password habits are, on average, costing businesses £261 per employee each year as staff struggle to manage a growing number of login credentials.

According to new research from Centrify, an average sized business with 500 employees is losing £130,500 per year through lost productivity.

Respondents to the survey of 1,000 UK workers were asked to estimate how much time they spent each week in managing their passwords. the average loss of £261 per employee was then calculated by totting up how much time they said they spent on entering login details, trying to remember forgotten passwords and contacting administrators to reset passwords.

The survey did not assess the associated costs connected to poor password management but we can take a look at recent data breaches to gain an idea of how people and their security habits, or lack thereof, can be an important aspect for organisations of all sizes.

Barry Scott, EMEA chief technology officer at Centrify, said:

“In our new digital lifestyles, which see a blurring of the lines between personal and professional lives, we are constantly having to juggle multiple passwords for everything from email and mobile apps to online shopping and social media.

According to our survey, over a quarter of us now enter a password online more than 10 times a day, which could mean 3,500 to 4,000 times a year. This is becoming a real challenge for employers who need to manage security and privacy concerns and for employees who are costing their companies time and money.”

The survey discovered that 47% of respondents use their own devices for business purposes but just over one third of those questioned said they did not secure their own mobile tech with passwords at all, despite storing confidential and business critical information on them.

Worse yet, employees who did use passwords still engage in the same risky practices that security professionals have been warning about ever since time began:

  • Reusing the same password whenever possible
  • Continually cycling through a small list of passwords
  • Keeping a written record of all passwords
  • Concocting passwords based on personal data
  • Not using upper and lower case characters and ignoring symbols when making a new password

Such admissions are a concern, especially when you consider that over a quarter of the respondents said they had to enter 11 or more passwords a day, which may explain why 41% described forgetting a password for an online account as “very annoying” and a bigger aggravation than losing their keys (39 percent), finding their mobile phone battery was flat (37 percent) or receiving a spam email (31 percent).

Further insight into how non-security personnel view password management comes in the form of comments from respondents who complained about the hassle of managing their login credentials – 13 percent said they would rather spend an hour on hold on a customer service line, 12 percent would prefer to be stuck next to a crying baby on a flight, 17 percent would set their mobile ringtone to The Macarena for a year and 7 percent would choose root canal treatment over having to remember their passwords.

It is perhaps unsurprising to then learn that a third of all respondents admitted they had permanently lost access to an online account through forgetting a password.

If this sounds like you then you need a password manager and/or some good password tips. If you recognise such an attitude toward passwords among your employees then you may be in need of some security awareness training to help your staff understand how their actions can affect the business, as well as their own privacy and security.

Give01Day Launches, Pledges To Support And Secure UK Charities

BH Consulting is proud to announce its support of Give01Day, an initiative created to support charities as they grapple with the same security issues faced by the corporate world.

The campaign’s founder and CEO Amar Singh explains:

“Almost every charity is custodian of extremely sensitive personal information ranging from sex abuse and child abuse to health issues like cancer, mental illness and diabetes.

The problem is, in Cyberspace, most, if not all charities have this immensely personal and sensitive information exposed and often inadequately protected, making them an easy target for the cyber attacker.

One recent example is the British Pregnancy Advisory Service (BPAS), where an opportunist attacker stole sensitive information about couples and their pregnancy issues. The charity did not even know they had all this personal information and were fined £250,000 by the ICO.

We believe every charity desperately requires access to talented and skilled professionals like yourself. Why? Often charities either do not have the financial resources and the wherewithal to afford the wide range of professionals required to protect this treasure trove of personal data.

Join the cause now before another charity falls victim to a cyber dacoit who compromises them and their cause.”

The campaign, which has been in development for some time, finally received its official launch at IP EXPO on Wednesday 8 October.

Amar Singh

In a keynote speech at Excel London, Mr Singh and our own CEO, Brian Honan, gave an introduction to the initiative with a talk entitled “Preventing the Lethal Breach : The initiative supporting Charities in Cyberspace.”

Brian Honan

The pair outlined some of the issues faced by UK charities which face the same data handling regulations as companies, as well as fines of the same magnitude when things go wrong.

Highlighting the case of the British Pregnancy Advice Service, which was fined £200,000 by the Information Commissioner’s Office (ICO) following a March 2014 breach, Mr Singh explained the damage such a fine could do to a non-profit making organisation could be catastrophic.

At the time of that incident David Smith, the Deputy Commissioner and Director of Data Protection at the ICO touched upon the challenges faced by charities when he said:

“The British Pregnancy Advice Service didn’t realise their website was storing this information, didn’t realise how long it was being retained for and didn’t realise the website wasn’t being kept sufficiently secure.”

But of course, as Smith himself said, “ignorance is no excuse.”

That’s where the GiveADay campaign comes in – its mission is to support rather than merely help charities which may be lacking the required budget, experience or expertise in the field of information security.

Neira Jones

Following the keynote, the official launch later continued with key advisory board members Sarah Clarke, CISO at Aviva, and Neira Jones, Independent Advisor, both highlighting how the people element is key in protecting not only charities but businesses too.

Neira highlighted how the well-known breach at US retailer Target could ultimately be put down as human error rather than anything technical, due to the fact that the incursion began at a third party refrigeration company, highlighting a need for security awareness.

Sarah continued the theme with a series of slides which enforced her own point that people are the weak link in the security chain, utilising a slide to say:

“99% of breaches are made possible by human error, willful or ignorant bypassing of controls and individuals induced (willingly or otherwise) to share access or information that benefits criminals.”

Given how people are so often the weak link in the security chain, charities in particular could really see some benefit from some basic training as well as some exposure to security awareness, both of which could be provided by even those security pros who have very little time to offer.

Also in attendance at the afternoon sessions was Mark Green, Chief Information Security Officer at Cancer Research UK, who explained how charities can be harmed not only by fines when things go wrong, but also by reputational damage, saying that philanthropic donations can go elsewhere very quickly following bad press.

Given how many data breaches we are hearing about lately, with Kmart and Dairy Queen both being in the news in the last few days, Mark’s point shows why charities are especially vulnerable and why they need help from security practitioners who can offer a little more in terms of the time they can commit to really securing such noble operations.

With the help of an advisory board that also includes Edward Tucker, Head of Cyber Security at HRMC, David West of Miller West consulting, Brian Honan, Jason Waterman and Jason Shankaradasan of Badenoch & Clark, Give01Day plans to match charities with suitably skilled security professionals who have pledged to give up their time to help solve specific cyber issues.

Aided by media partners on the advisory board, including Twist&Shout’s Jim Shields and Eskenzi’s Neil Stinchcombe, as well as Information Security Buzz, the campaign has already seen over 100 professionals commit their support.

GiveADay

If you feel that you can pledge some time to help support UK charities, which hold data on 3 in 4 people, you can sign up to Give01Day at http://www.giveaday.co.uk.

Microsoft CEO: Women Working In IT Shouldn’t Ask For More Pay

Men and women – just in case you hadn’t noticed, I’d like to point out that they’re different.

Shocking news, I know, but that’s just the way it is and it ain’t gonna change this side of some pretty far out genetic experimentation, so get used to it already.

That said, the differences between the male and female of the species are just that. Differences. Neither sex is better than the other, though some folk still seem to think so. And, based on what I hear time and again, many of those people work in the IT industry.

More’s the pity.

Especially as IT is an industry which is heavily imbalanced in it’s representation of women and security, in particular, is an area in which suitable candidates are in extremely short supply.

But fear not, because men in positions of influence can make a real difference can’t they?

Not if their name is Satya Nadella it seems.

Nadella, CEO of Microsoft, well and truly put his foot in the proverbial on Thursday when he told a computing event for women that they shouldn’t ever ask for a pay rise and should, instead, simply put their trust in a male-dominated system to do the right thing and pay them what they are worth.

In response to a question over how women should broach the always uncomfortable task of requesting a raise he said:

“It’s not really about asking for the raise, but knowing and having faith that the system will actually give you the right raises as you go along.”

Furthermore, he suggested that not requesting a pay rise would actually top up a woman’s ‘karma bank,’ which would, by magic presumably, enhance her trustworthiness within the organisation and so lead to an enhanced level of responsibility.

Wow! Just wow.

Perhaps realising that he had inadvertently proven that if women are from Venus, men must be from planet Stupid, he later tweeted the following non-apology –

– which was later followed up with an email in which the honoured Nadella said:

“Toward the end of the interview, Maria asked me what advice I would offer women who are not comfortable asking for pay raises. I answered that question completely wrong. Without a doubt I wholeheartedly support programs at Microsoft and in the industry that bring more women into technology and close the pay gap. I believe men and women should get equal pay for equal work. And when it comes to career advice on getting a raise when you think it’s deserved, Maria’s advice was the right advice. If you think you deserve a raise, you should just ask.”

Nadella closed the email by saying he had ‘learned a valuable lesson’ but I, being cynical, cannot help but wonder what the lesson was – that gender pay equality is really rather desirable or that he has to be more careful about airing his opinions?

Whatever Nadella was thinking, it makes me feel uncomfortable on two counts.

Firstly, this is 2014 and we should have progressed far beyond these types of issues by now – some women in IT are as good as men, some better, and some worse, so discussions about differing pay levels based solely upon gender should be moot by now and it is a real shame that they are not.

Secondly, why are we, as an industry, even bringing attention to the sexes in the first place? IT isn’t a man’s world. IT isn’t a woman’s world. It’s just an industry crying out for good quality people and the sooner sexist viewpoints disappear, the sooner the available talent pool will grow.

And that has to be a good thing for everyone.

Just Given Up Your Eldest Child For Free WiFi? Perhaps I Can Interest You In This Tech Preview?

‘Ello guv’nor, I heard you sold your kid for WiFi. Perhaps I could interest you in another good deal? It’s called tech for privacy and I know you’re gonna luv it.

Having decided to pass on the logical numbering of the next rendition of Windows, Microsoft’s new operating system will be called Windows 10.

In a move many see as an attempt to put the memory of the not-so-popular Windows 8 behind it, the company is all steam ahead as it marches toward the inevitable retail release of its replacement.

In the meantime, however, early adopters can grab a technical preview to see how Redmond has accommodated Start button-loving fans of its arguably much better Windows 7.

Being one of the first people to get your hands on a new operating system may sound pretty cool but that will only be the case if you read the privacy policy first (something you should always do before installing new software).

Why?

Because Microsoft sharing the tech preview with you is a reciprocal agreement which sees your data travel back in the opposite direction.

Specifically, the Windows Insider Programme policy says,

“Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks. Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage.”

While the sheer volume of collectible data is staggering and far beyond what I for one would be happy to give up if I had a choice, it is standard fare these days, mores the pity.

More disconcerting though are these two following entries:

“We may collect information about your device and applications and use it for purposes such as determining or improving compatibility” and “use voice input features like speech-to-text, we may collect voice information and use it for purposes such as improving speech processing.”

and

“If you open a file, we may collect information about the file, the application used to open the file, and how long it takes any use [of] it for purposes such as improving performance, or [if you] enter text, we may collect typed characters, we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features.”

Did that sink in?

If not read it again and you will see that signing up for the Windows 10 preview will see you giving Microsoft permission to both record your voice and, specifically what you say, and to collect everything you type on your keyboard.

In other words, you will be voluntarily installing voice and keyloggers onto any system running this version of Windows.

Ouch!

There is no word on whether the privacy policy will be similarly worded when bundled with the final version and I suspect, and hope, that it won’t – I’d like to think that Microsoft is merely gathering so much data to help it make improvements to the new operating system before its retail release.

But there are no guarantees of anything these days, especially where technology is concerned and, likewise it seems, in the realm of data gathering.

So, my advice, is to research Windows 10 thoroughly upon its general release and to check out its privacy policy in its entirety before letting it anywhere near any of your devices.

Alas, most people will not do so though. After all, the latest tech is often so enticing that people will do the craziest things to get on the bandwagon.

Is It Worth Sacrificing Privacy For A Bit Of Geeky Self-Quackery?

Wearable tech. It’s all the rage don’t you know.

From glassholes (not you Neira, you’re cool) to joggers with glorified digital watches, people everywhere are getting excited about the next big thing in what I would describe as self-eroding privacy.

Whilst Google Glass owners may be in short supply, possibly put off by the cost, the number of people owning health and fitness gizmos seems to be on the rise, aided and abetted by other cool-to-have devices such as the newly released iPhone chunky that can help tap into all that data.

In some ways I can see why the ability to monitor fitness metrics could be quite enticing, allowing users to set their own goals and to motivate themselves through self-stretching of targets or via competition with others.

That said however, some performance measurements can lead to disappointment if you start getting into e-competition with other people who may have published their own results online, either intentionally or inadvertently (yes lads, two minutes of moderate exertion is pretty lame, or at least that’s what she said).

And that’s the problem you see – some health, wellness and fitness data should remain private from your family and even the lads or ladies down the pub. And I’m not just talking about the obvious faux pas linked to above either – other data really shouldn’t be common knowledge in my opinion, or at least not so common that it appears on the web.

Comparing heartbeats and other metrics at the gym could be a good thing but sharing such data with a mechanism that is easily scoured and mined by who knows who is not so good is it? I mean, would you want your insurance company to know that you are a 30-year-old with the fitness level of a pensioner? It’s ok, I know it’s not your fault, it’s all that sitting at a desk and the pizzas, well, they’re just too nice. But what would an underwriter think? Higher premiums perhaps? I don’t see why not.

After all, who are you sharing that data with? Do you even know? Has the app developer made it clear during the signup and installation routine? Did you even bother reading all that gumpf when you downloaded it?

Does the app developer have a social networking aspect where you can share and compare data? Who has access to what? Is the data made public such as in the example above where ‘performance’ data appeared in Google search results? Are data-storing websites secure? Does your smartwatch company sell your data to third parties or share it with them?

So many questions, all of which could have a huge impact on your privacy.

And just what benefits are you getting any way?

Is your health improving? Will a wearable make you fitter? Surely self-motivation is key, not technology.

And what does your doctor make of all this data you are producing about your health? Not much, to be honest. In fact a new survey of physicians here in the UK highlights a potential problem with the new army of high-tech health buffs – many are self-diagnosing but they’re not very good at it.

In fact, less than 5% of doctors thought that health apps and websites offered any kind of value as patients start taking it upon themselves to figure out their own health and fitness routines or even research their own perceived medical conditions.

Heaven forbid that someone would take the advice of a watch over their GP but I guess its happening already and will only become more commonplace in the future.

In case you haven’t guessed already, I don’t like wearable tech. It’s too invasive by nature and the data it produces is arguably not secure or private enough by default, nevermind should someone ever decide to target it. And it’s usefulness? For some people such devices could be invaluable in enhancing their training routines but then I would guess such people would probably do ok without it anyway. For everyone else? What do you think?

Ex-Spy Chief Warns Over Child Tracking, Offers Little Advice. Says Government Snooping No Concern. Impressed?

The increased use of mobile phone tracking technology is not helping to keep children safer, according to former spy chief Sir John Scarlett, who says that GPS may actually put them at greater risk.

The ex-head of MI6 said:

“You’ve got to know what your children are doing, it’s very difficult to know exactly what they’re doing in particular when they’re on a tablet or something they’ve got and you’ve got to have some kind of idea.

They are extremely vulnerable, everybody is, to a whole range of things. Clearly when they’re young children they’re particularly vulnerable to predators.”

And by predators Sir John was obviously referring to the sort every parent worries about rather than the more pervasive sort Mr Snowden has recently warned us about.

That said Scarlett, perhaps predictably, suggested that people in general should be worried about snooping, but not from the government. No sir. It’s the terrorists and criminals we have to worry about.

Speaking before a speech at the Headmasters’ and Headmistresses’ Conference (HMC) annual meeting in Newport, south Wales, Sir John suggested that abuse of tracking devices and too much self-disclosure online were a far greater risk to personal security than anything the state may be up to.

Echoing my own personal view that technological advancement has gotten too far ahead of the appropriate security considerations, he said that the tech environment changes rapidly and that later generations are becoming increasingly relaxed about tracking and the sharing of data online.

Sir John warned that there is no such thing as “absolute protection” against a determined attacker but the public could protect themselves to a great extent by using passwords and other methods to thwart 80% of intrusions (source please Mr Scarlett), though he failed to mention that the key to good password security is complexity and uniqueness which is something a huge number of users still fail to grasp.

It’s the younger generation and trackable devices that concern the ex-spy chief the most though with him saying:

“Personally what worries me most are the tracking devices. The way in which locational apps, for example, are now quite freely available. Of course, you can start off by consciously giving out information about yourself and once you’ve done that you’ve lost control of it. There is a need for everyone to be aware that once information is shared online, for example through using a search engine, it can be used by different firms.”

Sir John added that the “best advice” for parents is to teach their children some common sense; to be aware of the type of information they give out online and to also be aware of the way in which they express themselves.

He also highlighted how people of a certain age have become far more relaxed about the tech they’ve grown up with, suggesting that those aged 30 and under were far more likely to share more than they ought to, despite being more savvy than their elders.

While I think Sir John’s ideas are sound, his advice is rather wishy-washy in my opinion and not overly helpful. That said, I hope that any parent who reads his comments will be prompted to go away and consider what exactly their children are up to, who they are talking with online and what information they are sharing, especially with people they don’t already know on a personal basis – there really is no substitute for a little parental responsibility imho.

As for his comments about government snooping and his assertion that the UK is “a law-based state operating very tightly within a legal framework and a cultural environment and that is where your protection must lie,” I’ll leave you to make your own minds up as to their relative accuracy and merit.

Security As A Product Feature: Bank Customers Get Savvy

In years gone by customers often chose one bank and stayed with it for life. Certainly when I was younger, it was traditional to go with the same bank as your parents, or the one that was nearest to where you lived (especially important for me as I lived in a village that was many miles from any town).

Add to those factors the fact that changing banks was always a bit awkward in terms of rerouting salary payments and cancelling and then starting up direct debits, etc., and you can see why some financial institutions may have become a bit complacent about retaining their customers.

Now, according to new research from Ping Identity, the age of the internet may have started to shift attitudes among consumers though, with only 28.7% of those surveyed saying that they felt “very loyal” to their current banking provider.

What is far more interesting however is the fact that 36.1% said they would switch banks if a competitor offered easier access to online banking services, as long as security measures were as robust as those they were already used to.

This may be due in part to other survey findings which show that eighty-one and a half percent of bank customers use online banking despite the fact that less than 1-in-4 of them actually thought that access to their accounts was “very secure”. This comes against a backdrop of 4-in-5 customers saying that secure online access is in fact “very important” to them.

Jason Goode, Managing Director – EMEA, at Ping Identity said of the findings:

“These findings should send chills up the spines of retail banks. Loyalty is dead, and if banks can’t prove to customers that their online experience is not only convenient, but also secure, then they’ll lose out to a competitor that is. Customers seem to believe there has to be a trade-off between security and convenience when it comes to accessing confidential information online – it’s either one, or the other. However, that shouldn’t be the case – customers should be able to have their cake and eat it.”

The findings of the survey were further reinforced by answers given by those customers who did not use online banking – two thirds of them stated they had security concerns whilst 11.9% said the registration process took too long and 9.2% kind of said the same thing when declaring that they didn’t have time to set up online banking for their account.

So what can banks, and other organisations, learn from such a study?

I think the key takeaway here is that customers are far more savvy than they ever were before. A combination of publicity (think recent data breaches and naked celebrity photos) as well as (hopefully) increased levels of security awareness gained through workplace programs, means that the average user now has security on their mind more than ever before.

Sure, there is a long way to go in terms of educating people about all the risks they can face on the web, or even in the privacy of their own soon-to-be-interconnected home, but it is a start that everyone in the security industry at least should welcome.

Whether businesses welcome a more savvy consumer is of course another matter – banks and companies in other industries would be wise to embrace security and bake it into everything they do, not just because it lessens the risk to their users and their own balance sheet and branding, but because those same users will increasingly demand it and factor it into their purchasing decisions.

Security now appears to be gaining traction as a product feature that consumers care about.

Long may that continue.

GiveADay: Charities Set To Benefit From Generous, Skilled Security Professionals

Up to 100 IT and data security professionals, including C-level executives, have signed up to GiveADay, a non-profit organisation which looks to help charities with their IT, security and data privacy needs.

Charities such as Cancer Research, Great Ormond Street Hospital and Future First have already signed up ahead of the scheme’s official launch which will take place on October 9 at the IP EXPO Europe event being held at the ExCel convention centre in London.

GiveADay, founded by Amar Singh and Hemang Patel, has been inviting a wide range of professionals to offer their services for some time now, via social media, and has already built up an impressive collection of volunteers that reads like a who’s who of infosec.

Some of the stars who have already offered their time and expertise, covering areas such as security awareness and data security guidance, include:

  • our very own Brian Honan
  • independent advisor, international speaker and PCI expert Neira Jones
  • Aviva CISO Sarah Clarke
  • Edward Tucker, head of cyber security at HMRC
  • David West, MD at Miller West Consulting
  • Jim Shields, Twist & Shout Communications
  • Eskenzi PR director Neil Stinchcombe
  • Badenock & Clark principal consultants Jason Waterman and Jason Shankaradasan

Following the official launch, GiveADay will be looking for more professionals to register their interest in contributing to its cause and will match the skills made available to it with the specific needs of the charities it is in contact with.

GiveADay CEO Amar Singh said:

“Charities are in a particularly vulnerable position – they hold a lot of sensitive data on both their services users and their donors. In addition, they are still subject to the same fines from the ICO as any other company and are subject to far more rigorous requirements to report a breach. The requirement to report breaches to the ICO results in disproportionate fines to the ’Third’ sector plus the stigma of adverse publicity that can severely impact on operations and fundraising ability. We want to support charities to protect the vast quantities of sensitive data they hold with professional advice and training”

With UK charities holding personal and sensitive data on around 3 in 4 people, the challenges they face are immense and comparable with those experienced by other organisations within the corporate sector. With the help of GiveADay, charities will be better equipped to deal with the increasing demands they must face at a time when data security is very much in the news.

GiveADay’s mission has already been met with much enthusiasm by the charity sector with Martyn Croft, co-founder of the Charities Security Forum (CSF) saying:

“For GiveADay to facilitate easy access to freely given expertise in this way is a fantastic opportunity for all charities to further enhance the information security so essential in their work.”

Speaking for Cancer Research UK, CISO Mark Green said:

“Trust is vital to charities and GiveADay will provide valuable support for them to do the right job, get the basics right and continue achieving their goals.”

If you have some spare time and wish to lend your IT or security skills to GiveADay, or are able to sponsor the movement, please get in touch with Amar Singh at info @ giveaday.co.uk.