Alex Barker – Cyberlight Security

Posted June 25, 2018

When was the last time you sent critical financial information on the back of a postcard? Hopefully, the answer is never… or at least “once, in 1962, but I learned my lesson.” It’s an intuitively stupid idea. So why is it then, that we still trust email with so much sensitive information? They’re equivalent to each other, in security terms. Allow me to explain.

Firstly, there are so many email providers that even if yours offers protection through encryption, emails are often sent unencrypted because the recipient provider doesn’t support it. Don’t believe me? Google stated in 2014 that between 40% and 50% of all emails exchanged between Gmail and other providers were sent insecurely. This is often the great failing of ‘zero-knowledge’ providers, like Protonmail, that market their privacy credentials: the moment I email anyone who’s not on a secure service, all that protection goes out the window. The message is sent naked. What’s more, major providers, like Gmail, water down their encryption so they can also read your emails. All the better to serve ads to you, my dear.

The Sony hack of 2014 is a great example of how these issues can converge into one mammoth problem for you and your business. Of everything leaked, the emails were the most memorable: a media feeding frenzy and PR disaster encircled Sony as business secrets and dirty laundry were aired for all to see. If you’d like to avoid Sony’s fate, we have some solutions for you. Just listen to the podcast.

Posted June 09, 2018

Have you heard of the attention economy? That ugly outgrowth of sensational reporting that prizes generating clicks over generating discussion? Unfortunately, the security world is no stranger to such tactics. Each year, we're seeing an increasing number of vulnerabilities with their own logos, catchy names, and disclosures that look more like press releases. It's security meets Buzzfeed.

Just as people are now avoiding mainstream media for their own sanity, the public will start to tune out security news if all the industry focuses on is doomsday moments. That's a shame, given that mundane, but highly useful fundamentals like passphrases, encryption, and phishing training are still often neglected.

After yet another of these chicken little moments from the security press, Phil and I discuss what you can do to cut through the noise and find quality information. Check it out.

Posted May 04, 2018

Last year, Deloitte made a major slip up. Despite being billed as the world’s leading cybersecurity consultancy for five years in a row, it failed to follow basic advice on passwords, two-factor authentication, and email security. As a result, reporters were told that around 350 high-profile Deloitte clients were affected by a breach of over five million client emails.

Personal or professional, screw-ups happen to us all. What matters is admitting the fault and laying out a plan of action for the future. Unfortunately, Deloitte did its best to ignore the bull rampaging through its china shop, arguing it was “implementing its comprehensive security protocol and initiating an intensive and thorough review which included mobilizing a team of cyber-security and confidentiality experts”, whatever that means.

Seven months on, the news cycle has moved on from the event, but Deloitte is still stalking the land, providing “leading cybersecurity advice” to anyone who’ll listen. Fortunately, this episode covers how consumers can separate good advice from hot air, as well as how businesses can take simple steps to protect confidential information and prevent similar scandals from occurring. Interested? Have a listen.