Octree Observer

  • Password complexity? Ba!d34rD4sh*.

    by : Octree
    As if information security isn’t hard enough already to deter the cyber-criminal – hell bent on stealing our critical data, our bank and credit card details, our intellectual property and client information – it seems that to encourage users to apply some degree of complexity (or should that read common sense?) to their password selection is a whole different ball game altogether, despite the warnings.
    10 December 2012 0 Comments
  • SMEs take note: it’s not just big companies that get hit by Cyber Crime.

    by : Octree
    I wanted to share with you an article I came across recently written by a fellow Certified Security Professional, Corey Nachreiner of Watchguard, which was published in the UK’s Business Computing World. It reinforces everything I have been saying to small business owners, particularly those in the professional industries who have an awful lot more to lose than a few sales records. I’m pretty certain I don’t need to remind all of you of the potential penalties for Data Protection breaches (up to £500,000), as well as unlimited penalties imposed by your regulatory body. Yet few organisations seem to take these threats seriously. I had an accountant recently argue that most of the research carried out into threats, vulnerabilities and breach disclosure is pure hype and should not be heeded. I told him I let someone else do my books…………………
    4 December 2012 0 Comments
  • Once again a public sector organisation has fallen foul of the Information Commissioner.

    by : Octree

    Once again a public sector organisation has fallen foul of the Information Commissioner and received a hefty monetary penalty for Data Protection Act breaches.

    The UK regulator has fined Greater Manchester Police after officers were found to be regularly using unencrypted memory sticks to store personal data. The poor data security practices came to the ICO’s attention following the theft of a memory stick containing sensitive personal data from an officer’s home. The device, which also had no password protection, contained details of more than a thousand people with links to serious crime investigations. Despite similar security breaches in the past, the police force had not put restrictions on downloading information and staff were not sufficiently trained in data protection. The police force paid £120,000 because it took advantage of an early payment discount.

    17 October 2012 0 Comments
  • So just how does this phone hacking work?

    by : Octree
    I doubt there is anyone not shocked and saddened by the recent mobile phone “hacking” revelations. Yet it can hardly be called hacking, and does not take a rocket scientist to perpetrate this gross invasion of privacy.

    It certainly adds a new meaning to the journalistically descriptive name “hack”! There are certainly more deserving and colourful names, as I am pretty sure we can all debate. It is rather unfortunate that the acts of these few immoral individuals can affect so many lives, and not just those of the victims or their families. Spare a thought for the 200 employees who have lost their jobs as a result. How ironic the News of the World landing page declares the tabloid comic rag “The World’s Greatest Newspaper 1943 – 2011”. The employees may just have the last laugh though as they could enjoy a £70,000 compensation hand-out if their class action suit for wrongful dismissal goes ahead against News International.
    12 July 2012 0 Comments
  • The 10 biggest mistakes made when moving (or considering a move!) to the cloud

    by : Octree
    I wanted to share this with you all, courtesy of David Cartright at CloudPro, as further justification that “Cloud”, the current buzzword and trend, is not for everyone, and if not managed correctly will not deliver the economies of scale originally intended.
    16 May 2012 0 Comments
  • Business leaders need to take note quickly, and learn to recognize that information security risks are real risks to their success.

    by : Octree
    I read this article on SecurityWeek’s website, courtesy of its author Oliver-Christopher Rochford  a writer and Security Consultant from Germany. I found it so compellingly close to my real world experiences I wanted to share it accordingly. Clearly there is a place for security people despite their apparent “lack” of business sense. I mean what do we really know?
    2 May 2012 0 Comments
  • Social engineering is possibly the most effective hacking exploit we may face today – and possibly the easiest to perpetrate. Why?

    by : Octree
    Because it is human nature to want to help. This is an extract from a recent publication that I found illuminating, and essential for anyone concerned about such threats. Education, education, education.

    So, what is Social Engineering?

    Social engineering is the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password. The goal is always to gain the trust of one or more of your employees.
    4 April 2012 0 Comments
  • FSA Data Protection Compliance – Best Practices Review

    by : Octree
    I was recently commissioned, on behalf of a compliance adviser practice, to carry out an information security review of a 30 user financial services organisation located in the Midlands. Obviously fully aware of the likely penalties the FSA can administer, as well as the threat of the Information Commissioners Office imposing a fine of up to £500,000 for Data Protection breaches, the firm’s directors had taken a hugely responsible approach to this very serious matter.

    Despite already implementing a variety of security controls under the guidance of their IT service provider, it was considered important enough to perform a review to re-assure clients and stakeholders that they do take information security seriously – a philosophy that is often overlooked in favour of so called “higher priorities”.
    15 March 2012 0 Comments
  • Stolen NASA laptop had Space Station control codes… and no encryption for supervillains to crack!

    by : Octree
    I suspect this may be just about the highest profile incident of laptop security negligence we have experienced to date.
    5 March 2012 0 Comments
  • BT severs all ties with Cloud…. in parts of Hertfordshire anyway.

    by : Octree
    The small business (or maybe that should read “small minded”) cloud evangelists that I come across with alarming frequency cannot fail to admit that the heavy reliance on a monopolistic dinosaur of a broadband infrastructure does not really lend itself to cloud computing for everyone (please see a recent blog article below regarding cloud suitability).

    Only last week many businesses in Hertfordshire were left without voice and data services for a prolonged period following another attack on BT’s physical network. This time it was due to the attempted theft of communications cabling in Hatfield, South Hertfordshire.

    15 February 2012 0 Comments
Octree Cyber Essentials
Cyber security – don’t know where to start?
Talk to Octree, specialists in helping SMEs achieve Cyber Essentials status.
GDPR Survey

Recent Posts

Blog Categories

Blog Archive