H2 Newsletter - More on Passwords and The New Normal

The National Cyber Security Centre have recently re-released a survey on passwords.?I have to say that there isn’t much there that is all that new.?Probably the biggest surprise is that so many out there simple don’t learn.?We’re seeing the same issues now that we see pretty much every year.?I like to recount the story of when I and an old friend of mine were contracted by a bank, which shall remain nameless, to go to their data centre and carry out a series of tests on their IT estate.?One of these tests was to run a password cracker over their servers and end points.?It won’t be too difficult to surmise that this data centre was in the Northwest as we cracked, I think it was, BECKHAM, on 52 different machines.?The Manager went nuts as you might expect and fired off some nasty emails.?The next day we cracked 52 BECKHAM1s.?You can lead a horse to water ………………….

But back to today.?NCSC have said that their survey showed:

·?????42% of Brits expect to lose money to online fraud.

·?????Breach analysis finds that 23.2 million victim accounts worldwide used 123456 as their password.

One of the big recommendations is that Brits are urged to identify and act to remedy, gaps in their security knowledge.?This is something that I am continually surprised by.?Cyber Awareness Training can be the single biggest and cheapest investment that SMEs can take, to help shore up their defences.?If your staff don’t know what they face, and what they should and should not be doing/looking out for, then you are asking for trouble.

Here are some of the most popular passwords they found in use:

Names Premier League teams Musicians Fictional characters

Ashley liverpool blink182 Superman

michael chelsea 50cent naruto

daniel arsenal eminem tigger

jessica manutd metallica pokemon

charlie everton slipknot batman

Just a bit miffed that Spurs don’t get a mention, but I’ll console myself by saying we have a classier bunch of supporters.?Seriously though, this isn’t rocket science and if any of your users have similar passwords, then you need to address your awareness training as a matter of urgency.

Now we’ve all heard of the new normal right??But what exactly is that??In my view what’s emerging is different things to different people.?There doesn’t seem to be any real agreement between any two companies in the SME space, where they agree.?Maybe broadly in some cases, but never quite the same.?I’ve blogged about this before but as time as moved on, it’s worth revisiting it.

There have been several surveys by HR consulting companies, suggesting that 60 to 70% of companies of all sizes are planning to adopt a hybrid model.?In the IT industry, particularly amongst IT consultancies, this model has been in use for many years and is well regarded, allowing the downsizing of office space and a lower cost base.

As organisations of all sizes move along the decision making process to start to seriously consider the recalibration of their operating model to adapt to the new normal, then there is a real need to re-evaluate their cyber security stance, involving policies, processes, people training and technical defences.

When COVID hit, many SMEs had to move very quickly to keep going, adopting remote working without the time or luxury of any real planning.?It was a knee jerk born of necessity and certainly not the way they would have liked to do it.?There are multiple cases of companies not having the necessary equipment, in terms of hardware, desktop, laptops etc, and allowing staff to work from home using their own home machines, connecting to both office and cloud-based systems, without any check on how those machines were configured, whether they were kept up to date with the latest patches, or whether they were used by other family members.?This situation is still happening today in some cases.

There is a very real situation developing, or perhaps already developed, in company's where they have moved to a different operating model, without fully understanding the implications, not least that their traditional network boundary no longer exists and that the boundary is individual laptops, desktops, tablets or phones, and each of these represents a threat to the whole.

Another issue is something else that I’ve blogged about before, which is staff working on the move from coffee shops, motorway service stations, even airports and railway stations.?

Nothing new there, it’s been ‘a thing’ for years now, but is it a safe thing to be doing??A recent survey suggests that a high proportion of the connections to unsecured Wi-Fi networks result in hacking incidents, often from working in coffee shops, restaurants, airports, and other public places. ?There are devices now on the market that help promote this mobile working.?Anyone heard of the Nighthawk M5 5G WiFi 6 Mobile Router, from Netgear??Looks a great bit of kit, essentially a mobile router allowing your staff to work from wherever they need to.?And I’m not against this, it’s a great boon to flexibility but such devices must be used sensibly and within certain rules.

Many of you will struggle with these changes, simply because you don’t have the inhouse skill set needed to deal with it.?And frankly neither do most local IT companies.?The defences you need to remain safe are becoming more complex and there is more than ever a need to understand risk management.

The full blogs on The New Normal and Coffee Shop culture can be found on my website.

H2 provides affordable and flexible one-off and ongoing data protection and cyber risk protection services.

To learn more about the services we provide please click here?https://www.hah2.co.uk/

Please feel free to give us a call or email

Alternatively, you can book a slot using our Calendly ink,?https://calendly.com/kevin_hah2

T: 0845 5443742

M: 07702 019060

E:?[email protected]

Trust H2 – Making sure your information is secure