My Regular Cyber Security Round-up will be posted on Saturday this week as I am traveling on Friday.
I write blog posts and articles for three sites, Smart Thinking, CyberAwake and Octagon Technology, on cyber security and technology related subjects – although sometimes the links are a bit tenuous…
Because It’s Friday – IT and Cyber Security support powered by of course… coffee
One of the times I can be at my most creative is when I am away – routine matters do not interrupt my flow – but that raises a couple of cyber security issues, that as CISO I have to address.
Equipment
I do travel with my laptop – as evident in the photo above – so I need to pay attention to the cybersecurity risks that poses.
I only save and access my information via SharePoint or OneDrive and I always right hand click and “Free Up Space” to clear the actual files from my laptop. (Although there is an issue with this now – read this.)
My laptop is authenticated against my Octagon Technology user account, (not my administrator account), so my authorisation across the Octagon systems is managed. My laptop has Windows Hello face and fingerprint biometrics and my PIN and passwords are complicated, MFA (even though it some issues), is active everywhere and of course the whole C: drive is encrypted.
On top of all that, I have Advanced Threat Protection software installed – this is policy at Octagon and the compliance with this policy is monitored and enforced.
And of course everything is backed up.
Privacy
The Country Club where I am staying has got really good internet, so working from here is no issue. The view from the balcony, where I am working, is also great, as you can see from the image above. The problem is that I have not had eyes on the Country Club’s or it’s Parent Company’s security policy or set-up, nor have I had a chance to verify that that policy is actually working. I have seen a privacy policy when I logged onto the internet service, however that internet connection is being provided by a third party – see my previous comments. Then there is the question of wireless isolation – is it enabled? Now I have tools to check for some of these things, but to use them is illegal so I don’t.
So what do you and I do when we are in this situation?
The answer is to use a virtual private network, normally just referred to as a VPN. In short this provides me with a private tunnel to the resources on the internet I want to use, through the internet connection the Country Club, coffee shop, third party, etc provides. Some places (such as McDonald’s do not allow the use on VPNs on their networks – so I do not use them for work – that is where the internet connection on my phone comes into play.
Is it paranoia? No just a security policy that the team at Octagon Technology can prove to the clients and suppliers so they know we take the best possible care of ours and their cyber security.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading and Resources
Who broke OneDrive – own up Microsoft, we want a name! – A cyber security management issue
Between Timbuktu and Timid – A quick look at Multi-factor Authentication (MFA)
Advanced Threat Protection – Octagon Technology
IT Monitoring – Octagon Technology
Wireless security the Issues – Wikipedia
Virtual private network – Wikipedia
Cyber Awake | Train Your Team To Protect Against Cyber Attacks
Photo © Clive Catton www.clivecatton.co.uk
