CyberSecurityInTheEther

Cyber Security in the Ether March Meetup

We talked about:

Homeworking, can we expect more businesses to make this permanent, and how do we protect against a threat landscape targeted at home workers?

• Most companies may find this a painful experience and write it off as a way of working.
• Countered by many people are enjoying working from home, will people pressure make it difficult to get them back in the office?
• Another benefit is that it has allowed the rollout of collaboration tools that weren’t getting the political traction to implement before, and everyone is loving them.
• Some are feeling more connected to colleagues not less, talking to people remotely who I wouldnt do in the office.
• The risk of more malware infections is higher, with unmanaged devices and people clicking links seeking some well needed humour.
• Need to continue to remind people to remain vigilant but in a gentle way, everyone has a lot on their plate right now, the wrong messaging would be ignored.

For someone starting out in the InfoSec field with a view to getting into Pentesting primarily, what certifications would you advise on?

• Comptia Security + and Network + were reccomended.
• Crest accreditied pen tester is a must have of Government work.
• There are lots of learning pathways on the NCSC website
• Experience was generally viewed as more valuable than certs. Taking part in bug bounty programms is a good way to build up experience, but isn’t very lucrative.
• A challenge can be not knowing what you don’t know, and budget for training in small conpanies is a challenge.

Password manager guidance - how would this be most useful to people?

• How best to educate people in using password managers? Do people read documents?
• Is there anything wrong with using password managers in your browsers, rather than a 3rd party? Probably not these days.
• Again NCSC guidance is good, do you need your own documentation? Point users at that instead?
• Find other ways of projecting the information, youtube videos for example.

Changing corporate policy to enable simpler work from home.

• Look at what the consequences are of the policy not being followed, compromise on the lesser risks and re-plan mitigation for the bigger risks.
• In all work environments its worth asking, what does good look like? and then asking what does great look like? Work out how to get from good to great.
• Mobile Device Management software works well for distributed workers, but it may be a bit late to be rolling out if you haven’t got it already.
• Virtual desktops are another good solution.
• There’s a real challenge that many people dont have computers at home anymore, getting corporate laptops to homes is an asset management nightmare.