We are very lucky to live and work in idyllic surroundings in the Channel Islands, but as more and more cybersecurity issues threaten our shores, we can never be 100% safe from the world of cybercrime.
With their eyes firmly focused on helping Channel Islands businesses reduce the risk of cyberattacks or data breaches, JT’s security experts bring their wealth of experience to bear by staying one step ahead of the hackers and ‘phishers’. Our team helps ensure our customers have both good governance and a risk management strategy is in place.
Here, we meet the JT team at the forefront of cybersecurity and ask them to answer the questions most frequently asked by large-scale organisations and their own friends and family.
The advice is often very similar: think about your vulnerability; review your security, be it personal or corporate; and, where you need to, take expert advice.
• Meet Marcel “I’ve worked in IT since 1981, primarily within large public sector organisations. I first became interested in information security in 2006 and qualified as a Certified Information Security Manager (CISM) by 2009. My main area of expertise is in governance, risk and compliance. I like nothing more than analysing and improving business strategies.”
• Meet David “I have spent more than 35 years working in IT. I started out as an electronics engineer, working on the second IBM XT PC in the UK, still with an American plug on it. Back then, my work was mostly with banks and governments on their security needs, before ‘cyber’ became a thing. Even though the landscape has changed drastically, I still enjoy working with customers to understand the risk and finding the simplest way to mitigate it.”
• Meet John “My career in IT began over 25 years ago, with the past 10 years being dominated by cybersecurity. I hold various accreditations, including Certified Ethical Hacker, Certified Forensic Investigator and Cisco Cyber Security Specialist, and I’m soon to complete an MsC in cybersecurity. My specialism is very much focused around the offensive (attack) side of security and understanding the hacking side. This gives us and our customers an added advantage when working in an advisory role in helping businesses to secure themselves.”
Pictured left to right: David Salisbury, John Bridge and Marcel Le Claire
Q: What do you think are the biggest risks to businesses and individuals here in the Channel Islands?
Marcel: It’s simple: people. Businesses can implement the best security platforms available but, without any employee training, they are opening the channels unintentionally from the inside, perhaps via a phishing link or through an unknown USB. Harmless actions can trigger off hidden processes on a network that will bypass most of the security and can cause huge problems to the business. Now, with GDPR in place, these actions can result in a data breach, leading to the possibility of fines – though often it’s the reputational damage that is far costlier.
David: Because we have such low crime rates in the Channel Islands, we feel safe, But hackers can be located anywhere in the world – and us feeling insignificant on a global scale is becoming our weakness. What many don’t realise is that there are highly organised businesses across the world hacking on an industrial scale and that for a hacker in China or Eastern Europe, getting hold of your eBay or Facebook account is worth a year’s salary.
Q: How can I more effectively manage my multitude of passwords?
Marcel: You’ve heard it all before, but don’t use the same password for every site and don’t ever write them down or add them to a notepad on your phone. Use a reliable password manager – such as Norton Password Manager or LastPass – to store passwords and use autocomplete for web forms. Focus on making your single password for your password manager very difficult for someone to guess, but easy for you to remember using a variety of capitals and characters.
Q: We hear a lot about patching but is it that important?
David: A patch is a set of changes to a computer or application programme, designed to fix, update or improve its use and security. Patches are categorised by their urgency. Some patches and feature packs contain only enhancements and new features, but the critical and security patches are correcting issues that have been discovered that could make you vulnerable. A 2015 Verizon report found that 70% of attacks exploited known vulnerabilities that had patches already available but hadn’t been updated. So yes, it is important – and if you get an update notification, make sure you do it.
Q: Are ‘open’ public Wi-Fi networks safe?
John: We’ve all been there… You’re travelling and in a public area (hotel, airport, etc) and need to check your emails, WhatsApp or Facebook. You search for a Wi-Fi network and there’s one that doesn’t need a password, so you connect to it. The problem is that this connection is not encrypted and, worse still, it may not actually be a genuine wireless access point but a hacker pretending to be one.
If the latter is the case, they can forward on the connections to the internet so that you think it’s genuine but they can capture everything (user names, passwords, bank or credit card details) before forwarding on the information. We call this a man-in-the-middle attack. Our advice would be to download and install a VPN client, which will encrypt your connection between your device and any other VPN termination point. This will hide the traffic to anything or anyone in between.
Q: What’s the biggest risk to personal data?
Marcel: Again, human error. In Guernsey alone, 40 personal data breaches were reported to the Office of the Data Protection Authority (ODPA) in the two months up to 22 April 2019, with almost all (35) occurring due to human error. Encourage all employees to send documents as links rather than attaching to emails. This will prevent an attachment with an email sent incorrectly to an external recipient from being opened.
Think about disabling autocomplete in your email system, so you always have to explicitly type in the whole email address. A large proportion of incidents happen due to incorrect disclosure being sent in error by email or posted to the wrong person. Investing in training for your team regardless of size, roles or industry will save you time and money and protect your reputation in the long run.
Q: John, you’re a qualified Ethical Hacker – but what’s ethical about hacking?
John: To really be able to secure a business, you need to understand how hackers think and work. It is a very fast-moving world with new attacks being released daily. Understanding how others think and work helps us as a business stay ahead of the curve, offer products, services and advice that will help to educate our customers and islanders about the next wave of cybertrends hitting our shores, and provide products to support them against this.
Q: What one piece of advice would you give to islanders/individuals to help protect them?
David: Turn on the free two-factor authentication on all your email accounts. I have seen so many friends and businesses have their complete digital life taken over by hackers getting into their email and then resetting the passwords on other accounts to spread their control. It can take weeks to get your digital life back and stop those dubious links being sent to your network from your account.
Marcel: Be aware of your data privacy and what you yourself can do. We each have a digital profile containing sensitive data such as our shopping history, likes, current location and web browsing history. Some of these profiles have over 3,000 data points about a single individual. Be wary about giving up these details – next time you are asked to give away an extra bit of personal information to get a bigger discount on a purchase, think twice about the lasting digital footprint you are creating.
John: For business owners, large or small, invest your time, not just your money, in security. Over the years, I have seen hundreds of thousands of pounds of technology bought to make a company ‘secure’ and then left on the shelf or not configured properly because it’s ‘difficult’. A simple strategic review of how best to use existing solutions, controls or processes, along with team training and education, can remove risks and often save money, and be easier to implement whilst keeping your business and teams secure.
David, Marcel and John are just three people in JT’s rapidly growing specialist team, who are ready to help our customers and support their businesses with the right products to protect them today and in future. Our work with them makes their job easier. It’s a partnership; we help you understand your risks, identify vulnerabilities and provide solutions. Our team will help you establish and maintain an effective response to cyber issues.
FIND OUT MORE
For more information, go to www.jtglobal.com/security
or contact the team to have a free cyber score card analysis of your business.
Tel: 01534 882345
Email: business.solutions@jtglobal.com
www.jtglobal.com
• This advertising feature was first published in the July/August edition of Businesslife magazine