Sometimes, and I’m as guilty as anyone else at this, security is preached and practiced on a daily basis. Update your software; turn on your firewall; install all Operating System upgrades; don’t install strange files; check that emails are genuine. Whilst this is all well and good, there is a large element that remains forgotten – the very bottom and most basic of instructions in the technical web of ‘do and do not’. I recently attended a conference where the realities of these seemed to show and prove to me that even the most technically-minded forensic examiner needs a reminder every once in a while.
Sitting in a middle row and watching the conference, a small number of police officers sat in front of me. They were discussing a live case amongst themselves, well within earshot of me who, with no colleagues also attending due to court dates, could not help but overhear. I was curious at this fact – why would any digital inspector of any institution or business discuss a live case outside of their place of work? Confidentiality and non-disclosure agreements usually govern this area, but discussing these facts in a crowded room was a total game changer.
This alone would, in my own eyes, be bad enough; but it gets worse. The laptops they had open, connected to the internet via a ‘free’, open-security network, were easy for me to see, sitting just behind them. Internal police emails on one and even an item of evidence were on display as they discussed the case. This reminded me of that one crucial element of security – it doesn’t matter how strong your digital countermeasures are if there is someone sitting behind you, or from the window across the street, who can see your screen or whiteboards on the wall.
Ultimately, it all comes down to common-sense approaches to confidentiality and security; if someone can see over your shoulder don’t open a client’s document. If someone within earshot is not part of your team or organisation, could the business conversation wait until later?
Finally, I leave you with the consequences of the information I had seen and overheard – a name, and a small shred of evidence against the person. It did not reveal if the male or female was guilty or innocent, only that they were being investigated for the crime; a more malicious person could, with very little amount of work, use this information to their advantage. Innocent people could have their reputation destroyed, guilty people could escape justice, or national newspapers could be fed information that could blow open an otherwise solid case.
We should all, and most especially those in the police force, take more care about the oldest methods of security and confidentiality and apply them to the cyber-world in the exact same way.
For more tips about keeping your confidential information secure, head over to the Cyber Security & Fraud section of our blog to see our latest posts.