Take your pick
Things that cost money: Cyber security
Things that cost more money: Poor Cyber security
Outsourcing giant Capita today reported a net loss of £106.6 million ($135.6 million) for calendar 2023, with the costly cyberattack by criminals making a hefty dent in its annual financials. The total costs incurred due to the break-in, believed to be carried out by the Black Basta ransomware group in March last year, stand …
Also somewhat fucking annoying. I know it has to be done, I'm interested in security, I am, but when you have users that can barely remember their own home address that was used as their password its fucking painful. We want to put tighter security in but we also don't want to stop our users from working or making it so painful security wise that they give up using their issued kit.
Adopt a password keeper so people only need to know one password.
How users can create strong passwords and remember them, with their own formula! (example of one formula below)
Lets make a password we can write down on the desk and nobody can use -
Pick a number let's say 17 and we will always add 5 to whatever number we use, and lets always put a U in front of it
then lets pick a word - from something you look at every day, like a blue notepad, and write down bluenotepad, and always remove the Es and capitalize the second letter.
then pick a special character ! to always put before the last letter
so we write down 17bluenotepad, but the password is U22bLunotpa!d
Formulas can be simpler or harder, but are a good tool.
I don't' suggest people write down passwords, but if they know "one formula" for life, they can leave a clue (blue notepad on the screen with 17 on it) figure it out easier than remembering a complex password.
Different solutions for different people, but this has helped some of the staff I've had to coach.
This post has been deleted by its author
@edjimf
Good passwords are good! But cyber security for companies like Capita (or Equifax!) probably needs a bit more planning, and a bit more tech than the consideration of "passwords":
- documented design assumpions
- consideration of third party designs (I'm thinking about "The Cloud")
- network design
- applicatopn design
- database design
My own favourite password is "michealgoveforPMand#10"....but then I'm a retired AC!
so we write down 17bluenotepad, but the password is U22bLunotpa!dFormulas can be simpler or harder, but are a good tool
It's better than nothing but once two of your passwords leak the pattern is mostly obvious and your remaining passwords are weak. I've found it difficult to wean people off this kind of protocol because "it looks unguessable".
Then I'm afraid you don't really get 'security'.
If your users are incapable of using passwords then a password is not a suitable security control. You need to find another more suitable form of authentication or you need to implement other controls that provide the same level of risk reduction but are not authentication controls.
You might need to design a security system for users that are vulnerable or lack mental capacity (the very young and the very old) or who have additional needs (visual imparement, physical control issues). It still needs to be secure and their difficulties are your problems to work around.
Your security needs to suit the environment and the users. If you try to force users into using security controls that don't suit that's when you'll get post-its under desks, machines never locked, emails sent to personal addresses.
And if the managment aren't bought in you're screwed before you start.
Security is 90% psychology and 10% technology.
"...yet to deliver operational excellence...", "...create the right platform...", "...achieve out full potential...", "...Looking forwards...", "...leveraging our technology...".
I wonder how he talks to his wife? Or maybe he's run out of cliches by the time he gets home.
No I don't think so, Crapita are right up there (down there?) in the crapola stakes. Northgate might top them tbh.
Capita have a few large monopoly products with no easy escape route. It's often less hassle to keep big shitty suppliers than the replace them with another.
This post has been deleted by its author