Cyber security and cyber fraud. Look, there is no easy answer to this, albeit many pundits, commentators and politicians would have you believe there is. First of all, I’m a technologist, I love it. However, technology does not hold the key to the solution to this issue. The simplistic application of some ethereal technical solution is laughable. Politicians are especially prone to this quick fix approach, quite possibly because they surround themselves with self-publicising ‘experts’ who know who they’re talking to, but don’t know what they’re talking about.
I read a statement a couple of days ago by Ed Vaizey, Minister for Culture, Communications and Creative Industries, that companies should encrypt their data. Now that’s an excellent idea, but what are we encrypting here and how are we encrypting it? Is it the communication between the consumer and their browser and the server of the provider? Is it the storage volume of the data? Is this all data? All communication?
What is being asked for is in actual fact already carried out, especially the communication of data via the Internet through your browser. But who’s to say your computer has not been compromised because you’ve not updated it for six years? Or that you are completely secure, yet accessed a website in order to move your life savings by clicking a link on an email? Much of the information a fraudster would need can be found by rummaging through the bins, the only cyber element here is that fact that millions of people can be targeted.
Vaizey’s other bright idea was even more worrying, some form of Kite Mark (BS/ISO) in order to denote an organisation is ‘safe’. An organisation such as TalkTalk, with the processes and procedures would easily achieve such an approval. Sadly, if you listen carefully to what TalkTalk are saying, they did have a data breach, however, the data could not be used on it’s own. It can be used to fraudulently acquire funds in the same old-fashioned way. Conning someone into believing that they’re something they’re not.
Oh wait! That actually gets to my point. If someone calls you and offers you something which could be too good to be true, it probably is. Education and empowerment of individuals is money far better spent than on a distraction such as a Kite Mark. I’m old enough to remember the Green Cross Code and Klunk-Click Every Trip from the seventies. Perhaps it’s time we have more educational initiatives based around todays’ issues.
Where we’re not really geared for mass re-education programmes, we can help with the deployment of Unified Threat Management devices to mitigate your business users’ mistakes, coupled with excellent understanding of best practice for your users.