Security Is My Middle Name

By Grant Burst CISSP, Head of Professional Services at Wick Hill Security is my middle name. Actually, it’s not – but why would I tell you my real name?...

By Grant Burst CISSP, Head of Professional Services at Wick Hill

Security is my middle name. Actually, it’s not – but why would I tell you my real name? My Mother’s maiden name is also knowledge that I have that I’m not going to tell you either. There are many bad people out there that want to know this information, along with pet names and favourite sports teams.

Why would they want this information? Simple! With this information I can take your identity!!!

“How could I get this information?”, I hear you ask. Well, that’s easy.

  1. Basic Social Engineering, I get to know you and show interest in what you have to say I’ll ask you about yourself and your interests. From where you live I could guess the team you support, or simply ask you who you support.
  2. I could look online, and get plenty of information if you use Facebook, you’ve possibly given me what I need straight away.
  3. I could use some the ancestry websites, by creating a bogus account I could look for your family details, which could include your date and place of birth.
  4. If I’m after random peoples details, I go all out and create a product-based web competition and ask you to create an account.
  5. If I’m specifically interested in you, perhaps I’ll try to get a key logger or a “bot” onto your system.

How do you protect yourself from the likes of the Bad me?

  1. Firstly, be careful about who you give information to.
  2. Check that the website you are on is a true and reputable website.
  3. Do not download programs from websites if you are not 100% certain of their integrity
  4. Be careful of offers that are too good to be true, believe me I’m never going to give you an iPad for your views on TV Programs.
  5. If possible, use 2FA to logon to systems to avoid key loggers.
  6. Ensure that your AV is up to date and configured correctly.
  7. Use a firewall that looks at the reputation of the website before allowing connection.
  8. Data Loss Protection, is normally used for company confidential information, however it can also protect personal sensitive data like DOBs and Names
  9. Encrypt your data and laptops, PCs or phones.

How can Wick Hill help you with this We offer a plethora of products that can help to protect you, your details and your family

  1. Firewalls: our firewall offerings from Barracuda, Check Point and WatchGuard cover the aspects of reputation, DLP, Application Control and AV at the border.
  2. Antivirus: Kaspersky and Threat Track protect your network or PCs.
  3. 2 Factor Authentication: Vasco and SafeNet may well protect you already if your bank issues you a token to connect to the website. These tokens can be physical or Software-based.
  4. Encryption: Becrypt and Check Point  offer the ability to encrypt your devices and ensure that if they are lost or stolen the data cannot be read.
  5. Wireless Networking: by incorporating the controller in the Access Point, Xirrus gives you the means to be able to control traffic before it hits the wired network.

“One of the advantages of being a Captain is being able to ask for advice without necessarily having to take it.” – James T Kirk

“…however with the right training you may not have to ask for the advice in the first place” – Grant Burst

Wick Hill are an Authorised Training Centre for the above products, we are happy to give certified and bespoke training to ensure your needs are covered. To find out more, visit our training site here: www.wickhill.com/training

Grant Burst is Head of Professional Services at Wick Hill, a value-added distributor specialising in secure infrastructure solutions. Grant been with Wick Hill since August 2005, and his responsibilities include end-user and reseller support, installations and consultancy, along with both pre- and post-sales project management. Grant’s career also includes long spells in engineering and support roles with Global Telcos and other IT companies, as well as freelance consultancy. He holds a wide range of vendor and technical certifications including CISSP, as well as being skilled in areas such as compliance, security management and network security in both gateway and endpoint scenarios  

In this article

Join the Conversation