Blog

Posted May 04, 2018
Last year, Deloitte made a major slip up. Despite being billed as the world’s leading cybersecurity consultancy for five years in a row, it failed to follow basic advice on passwords, two-factor authentication, and email security. As a result, reporters were told that around 350 high-profile Deloitte clients were affected by a breach of over five million client emails.
Personal or professional, screw-ups happen to us all. What matters is admitting the fault and laying out a plan of action for the future. Unfortunately, Deloitte did its best to ignore the bull rampaging through its china shop, arguing it was “implementing its comprehensive security protocol and initiating an intensive and thorough review which included mobilizing a team of cyber-security and confidentiality experts”, whatever that means.
Seven months on, the news cycle has moved on from the event, but Deloitte is still stalking the land, providing “leading cybersecurity advice” to anyone who’ll listen. Fortunately, this episode covers how consumers can separate good advice from hot air, as well as how businesses can take simple steps to protect confidential information and prevent similar scandals from occurring. Interested? Have a listen.
 

Posted April 25, 2018
The biggest marketing coup I’ve ever seen is the ‘cloud’: somehow people were convinced that storing their data on somebody else’s computer was as benign as a ball of sky-fluff. That’s what the Swedish transport authority thought in 2015 when it outsourced all of its data to IBM. But after the agency’s head was dismissed and fined half a month’s salary in 2017, the reality of the matter came to light: IBM workers in the Czech Republic and Serbia had access to all the agency’s data without passing necessary security clearance. That meant that all sorts of data was up for grabs, including the personal information of fighter pilots, those on the police register, secret agency personnel, witness protection program participants, and the details of all government vehicles.
Quite a screw up, huh? During this episode we used the Swedish slip-up as a cautionary case against the cloud. It’s not that the cloud is a terrible idea – we also use it for certain tasks - but it needs to be approached with a critical mind-set. Ask yourself key questions: why do I need the cloud in the first place? Do these benefits outweigh the risk of using somebody else’s computer? If you think it is, look for some key indicators of trust, such as the cloud provider’s policy on encryption, their business model, and their reputation amongst consumers.
There are also some ways to take cloud security into your own hands. This includes the awesome Cryptomator, an app that seamlessly encrypts your cloud storage files (e.g. Dropbox files) as you work on them, and making your own cloud using a NAS. But if you want to really know how to navigate the cloud, have a listen to the podcast.

Credit to Rick Falkvinge at Private Internet Access, who helped publicise the story back in 2017.

Posted March 14, 2018
Think you’re too small to be hacked? Do you have “nothing to hide”? Well then, listen to this cautionary tale from our own experience.
One Thursday afternoon, whilst I was returning from the gym, Alex called me:  “Have you had a look at the website? I think we’ve been hacked”. My mind raced: How did they get in? What was compromised? Is any sensitive data at risk? I knew hacks happen to companies much larger than us, but we’re supposed to be a security company!

Scroll to top