Cyber Security in the Ether March Meetup
We talked about:
Homeworking, can we expect more businesses to make this permanent, and how do we protect against a threat landscape targeted at home workers?
- Most companies may find this a painful experience and write it off as a way of working.
- Countered by many people are enjoying working from home, will people pressure make it difficult to get them back in the office?
- Another benefit is that it has allowed the rollout of collaboration tools that weren’t getting the political traction to implement before, and everyone is loving them.
- Some are feeling more connected to colleagues not less, talking to people remotely who I wouldnt do in the office.
- The risk of more malware infections is higher, with unmanaged devices and people clicking links seeking some well needed humour.
- Need to continue to remind people to remain vigilant but in a gentle way, everyone has a lot on their plate right now, the wrong messaging would be ignored.
For someone starting out in the InfoSec field with a view to getting into Pentesting primarily, what certifications would you advise on?
- Comptia Security + and Network + were reccomended.
- Crest accreditied pen tester is a must have of Government work.
- There are lots of learning pathways on the NCSC website
- Experience was generally viewed as more valuable than certs. Taking part in bug bounty programms is a good way to build up experience, but isn’t very lucrative.
- A challenge can be not knowing what you don’t know, and budget for training in small conpanies is a challenge.
Password manager guidance - how would this be most useful to people?
- How best to educate people in using password managers? Do people read documents?
- Is there anything wrong with using password managers in your browsers, rather than a 3rd party? Probably not these days.
- Again NCSC guidance is good, do you need your own documentation? Point users at that instead?
- Find other ways of projecting the information, youtube videos for example.
Changing corporate policy to enable simpler work from home.
- Look at what the consequences are of the policy not being followed, compromise on the lesser risks and re-plan mitigation for the bigger risks.
- In all work environments its worth asking, what does good look like? and then asking what does great look like? Work out how to get from good to great.
- Mobile Device Management software works well for distributed workers, but it may be a bit late to be rolling out if you haven’t got it already.
- Virtual desktops are another good solution.
- There’s a real challenge that many people dont have computers at home anymore, getting corporate laptops to homes is an asset management nightmare.