Security and Privacy in an isolated world

Author: Gary Hibberd

Date: 6th May 2020

Our second CyberNatter got off to a great start last week, with over twenty people attending, and discussing key issues of the day.

Of course this meant we were again discussing Covid-19 and the risks that remote working can bring, but the conversations were broader than this and included other topics, which at times divided opinion and had everyone thinking more deeply about the topics at hand.

Jason Newell, a Director at VirtualDCS, spoke about the support that he is providing to a Yorkshire based business forum, which is offering advice and guidance around Covid-19 and asked the group if they were involved in anything similar. While some people were a part of a formal group, it was clear that many were doing their best to support, informally, many other businesses.

So we were off to a great start, with everyone ready to sit back, contribute and discuss key topics of the day.

If you didn’t make it, here’s what you missed…

Remote working; What are the risks?

In an interview last week, Gary Hibberd (Professor of Communicating Cyber) was asked if working remotely had increased the risk of cybercrime or was it the same? Interestingly this was on the back of a poll, taken during that webinar where 25% of the attendees believe the risks were the same.

The CyberNatter attendees discussed the pros and cons of remote working, but largely agreed that anything decentralised ultimately becomes riskier. The lack of (central) control, the amount of devices now being used, and the disconnected nature of our world, means that cybercriminals have more devices and people to go after.

However it was agreed that while any risk, is still a risk, and that we are more open to the potential likelihood of attack, it is still manageable and there are still things we can do to protect ourselves. 

Simply by following security best practices, such as deploying antivirus, malware protection, router, VPN, encryption, MFA, strong passwords etc, will increase your protection. But the attendees all agreed that the best form of defence comes from developing good communication channels to ensure people are aware of the risks and steps they need to take to protect themselves.

The importance of staying secure at these times wasn’t lost on any of the attendees of CyberNatter and this quickly took us to our next topic.

Security and Privacy; What’s the difference?

Over recent weeks we’ve heard a lot of people asking about staying secure while working remotely, and if tools like Zoom are secure or not.  Gary made the case for the need to consider security and privacy as the opposite sides of the same coin.

Stuart Coulson, Director at HiddenText Ltd, stated that he didn’t think there was a difference, with Simon Fletcher, of Cyberfort agreeing that information security is all about Confidentiality, Integrity and Availability.

Stuart made the point that Security is about the ‘what’ of information, while Privacy is the ‘who’, and therefore they are not different, but are in fact the same thing but viewed from different directions.  It’s an interesting and important topic because asking “Is this secure?” is different from “Is this keeping my data private?”

The example given was of course Zoom’s much discussed security issues, which have only recently come to light. But they would wouldn’t they? They went from 10 million users per day to 200 million.  So security issues, and security concerns were bound to come to the fore. But they have done a lot to improve this situation over recent weeks.

But what about privacy?

While Zoom can now be configured to be more secure against attacks such as ‘Zoombombing’, their Privacy policy still doesn’t make it clear what they do with the data you share. Everything from who they will share your data with, to what they do with recordings of video conferences.

So… Are Zoom meetings secure? Yes… if set up correctly. 

Are Zoom meetings private? Not really… there’s still lots of questions around who can access the data.

Those on the CyberNatter discussed this point for some time, and we debated the pros and cons of looking at these topics separately and together, but it was clear (and great to hear) the passion and commitment by the attendees that we must address both topics.

We don’t think there’s a right or wrong answer to this question, but we do believe that BOTH security and privacy must be considered if you’re implementing a Security compliance programme. 

Conclusion

We were meant to discuss ‘Tools to stay secure’ and some of the best ideas we had, but we ran out of time! But that’s great because this is where we’ll pick things up next time. The CyberNatter isn’t a simple webinar with a clear start, middle and end. It’s professionals and people interested in the topics discussed, coming together to share insights and ideas.

We don’t want to be controversial for the sake of being controversial, but we do want people to challenge assumptions and ideas. If everyone agreed all the time, it would be an ‘echo chamber’, and we don’t want to hear an echo. No one learns, sitting in a cave talking to themselves.

We’re excited about the direction the CyberNatter is taking us and the ideas being shared. Do you have an opinion on Cyber? Do you have an insight into an area no one is talking about?

If you do then we want to hear it. Come to the next event and share.

Afterall, sharing is caring.