Kindus 100 Posts and Counting
This is the 100th blog post on Kindus.co.uk, rest assured that none are AI generated but instead reflect the analysis and opinions of people who understand computer security. We have tried to stay away from a ‘bug of the week’ approach but keep to helpful and informative advice.
This is as good a place as any to highlight some interesting places to start reading.
Artificial Intelligence has recently (2023) become a hot potato news story. It has been used to create copious content quickly and easily although the copyright implications are often ignored. The relatively good quality grammar and spelling produced by AI makes it harder to spot scams and phishing requests. News sites are generating unreliable articles to fill up their pages. The purpose of these sites (beyond vanity) is unclear but they could host malware or be used to exploit advertising revenue. AI might be used to generate fake reviews on shopping portals. Amazon certainly has used AI to detect possible sources of fake reviews (commonly used to boost product ratings).
COVID highlighted many of the security issues involved with working from home. Few organisations are able to provide a complete, locked down set of equipment and connecting devices to access corporate systems remotely. Most will rely on at least some privately bought or administered equipment. This is unlikely to have gone through the same purchasing scrutiny and may have been acquired with cost rather than security in mind. Other risks from home working are smart speaker devices and eavesdropping on confidential meetings. Any risks can be mitigated by training to raise use awareness of the issues.
The flip side of using personal devices for home working is to allow them to be used within the office. Keeping the same tablet or phone for use inside and outside the office can facilitate work but brings risks or restrictions depending on who retains ultimate control on administration of these devices. Carrying several devices each with the same function but different purposes is not ideal and can result in use of the wrong device for the wrong purpose. This affected the UK government where ministers used compromised private phones for official messaging. A Mobile Device Management policy should restrict what data or systems is accessible from which devices. The UK government has relevant policies for example concerning WhatsApp but has failed to make ministers constantly tow the line.
Much can be done to minimise the damage from real or potential security threats. Any suspect activity should be reported. Any attempt to buy off the perpetrator or hide the evidence will not guarantee that the truth will eventually come out. A policy of openness with customers and associates is usually the best approach if something does go wrong. Threats are not necessarily external as employees might be unwittingly manipulated to disclose confidential data. The consequence of compromised passwords can be reduced by a zero trust approach and investigating options that either avoid passwords or use additional means to verify access to an account.
A significant proportion of cyber security issues are related to social rather than machine factors. User training and security awareness at all roles within an organisation will reinforce security. At Kindus we provide technical solutions together with training regimes to optimise data security.
