Do walls still have ears?

Back in 430 – 367BC it is believed that Dionysius of Syracuse was listening to people’s conversations without being in the room, he was actually some distance away from the unsuspecting individuals. By utilising a shaped cave between the associated rooms he was able to clearly hear conversations taking place and was able to gather information to not only better himself, but also protect him self. His answer to today’s system-monitoring software.

Over the centuries since, many societies have utilised this method with listening posts. There are examples today of such buildings, The Louvre in Paris and St Paul’s Cathedral in London. In Kent and other areas of the UK a similar principle was used in warfare, large concrete acoustic domes were used to catch sound during WW1 to detect troop movements.

From as early as 1620 the phrase “Walls have Ears” has been spoken or written in English indicating that conversation can easily be overheard.

During WWII the phrase was used very well in a campaign to discourage loose talk that could bring disastrous consequences to the war effort. It was targeted at civilians and service personnel alike in an effort to reduce gossip.

That was over 70 years ago, the thing is, have we learnt anything from this?

In today’s society and work place the advent of the electronic age in the 21st Century has made things easier for us humans to get on with our daily lives. We conduct our banking, ordering goods and services and communicating with our friends and colleagues online and over the telephone, whether it be mobile or landline. However, a number of us humans don’t take this kind of thing seriously enough to protect our information.

Ironically I had been to a cyber security conference in London and on the train back, two simple things happened within my eye and earshot.

  • A lady on the her mobile phone was obviously placing an order of some description, because I heard her name, account details, card expiry date and CVV code! Personally not something I would want anyone to hear, she had provided enough details for someone to note and potentially utilise for fraudulent use.
  • The gentleman sat next to me was using his laptop and was clearly working on a confidential document! Really, in a public place. I don’t think the business he worked for would want anyone outside of the business to see what he was working on.

Both individuals were clearly business people, you would think that security and awareness was part of there business structure, clearly if it was, they didn’t think about what they were doing, whether it was business or personal.

Today’s business environment does not just happen in the office, its mobile and people can actually see what you are doing outside of the office spaces, mobile devices make it easier to work on the go, meetings are common in public spaces, they happen in hotels, restaurants, cafes and many other venues.

People are curious and inquisitive things; me, I am a people watcher and it’s amazing what you can deduce from watching someone. Every business needs people, its one reason people should be top of the priorities list and included in the overall information security infrastructure.

Here in the UK, the government has endorsed a campaign for a basic Cyber Security standard in the SME and larger businesses as a precursor to some of the current international standards for security. This standard helps shape the way a business deals and secures information. Training is key to this and people trained in the work place can transfer that skill to their personal lives.

In answer to the original question, “do walls still have ears?” unfortunately yes they do, but they are more sophisticated and they are looking to take your information. Be the one to say no and make sure that you as an individual protect your information as best possible. If you are a business, make sure that your people are security aware, as they could be one of your lines of defence.

Cybersecurity month in the US

I was reading an article today about the basics of cybersecurity. Across the pond in the US, October is cybersecurity awareness month and they will be running a series of articles to encourage users of the Internet of things to be more aware of the associated risks on line.

So, I thought I would share this with those who wish to know more and help themselves to protect their personal information from potential scammers. The following link takes you to Tripwire an information security blog.

Happy reading and stay safe online 😃

Shot across the bow

If you have read my profile, you will see that I had 22 years in the Royal Navy, consequently I am still a little enclined to use Naval terms. Some of the looks I get from colleagues are a picture, but hey it makes the day interesting.

Spending time in the Royal Navy has taught me a few things about information security and auditing of classified information. Daily, weekly and monthly we had to account for publications and sign to say they were complete. We had to account for crypto tapes, yes I said tapes, how things have changed.

Anyway, it set my mind a thinking, there are various items that we use on a day to day basis, that most of us take for granted, one being the mobile phone. A non smartphone still has the capability of storing data, it may be text only, but they still contain information. A smartphone or tablet generally contains a at least 8 GB of data,that normally consists of contacts, documents, pictures, video and music. If you look at it from a criminals point of view, your device could be a gold mine.

When I conduct a security induction, I discuss information assets and what they are; as part of that discussion I ask the audience if they have PIN or passcode for security activated on their device. I can normally guarentee that one person in the audience does not.

When I ask if they log out of Facebook, log out of twitter, or any other social media that they use, you know what the answer is, it is a resounding no. I ask how many contacts do you have, majority have a at 50 or more, with full contact details. I ask if they bank online, yes is the answer, do you know your bank security verbatim, no is the answer, guess where they keep it!

This is my “shot across the bow” to our new comers, secure you mobile devices it's an opportunist target. If you can manage your own information security, then you should be able to look after anothers persons information.