Yorkshire Cyber Security Cluster Meeting Notes
Location: Virtual Webinar: YCSC 20.4: A New Way to Connect
Date: 8th April 2020
Thank you to everyone who attended our first ever webinar! We enjoyed an open discussion with our steering committee members for their experiences in the industry relating to COVID-19.
Our next Webinar on 22nd April will be more structured, including 1/2 presentations and a Q&A to conclude. 15 minutes both pre and prior for virtual networking. Sign up here
- The Yorkshire Cyber Security Cluster is a collaborative group of experts within the cyber security industry that are committed to reducing cyber crime in the Yorkshire region
- The cluster brings together SMEs, Governing bodies, Universities, Yorkshire Police and regional CISOs and those with a vested interest in cyber
- Collaboration, sharing of best practices and offer expert advice and guidance to one another and the local community
- Melanie Oldham: Chair of the YCSC and CEO of Bob’s Business
- Helen Goldthorpe: Associate Solicitor at Shulmans LLP (Knights PLC from 24th April)
- Gary Hibberd: Professor of Communicating Cyber at Cyberfort
- Caroline Kaye: Principal Consultant at CRK Consulting Limited
- Jason Newell: Director at Virtual DCS
- Michael Faulks: CTO and Co-founder at Ioetec Ltd
- Shahrzad Zargari: Course Leader for Cyber Security & Forensics @ Sheffield Hallam Uni
- GDPR remains in force.
ICO has been putting information online about what they want organisations to focus on. Security standards & home working – you need to consider the same standards as you would normally, the security should be appropriate. They think you should prioritise information security.
- If you already had some home workers, you will be more prepared, training just needs to be rolled out organisation-wide. Those who didn’t should focus on the biggest risks first.
- If you are a small organisation, who didn’t have anything in place or any home workers, ICO understands you have limited resources and are stretched. If you are a big organisation with some home workers already, they will be less lenient as these should already be in place.
ICO may not hold people to time scales if you have limited resources to deal with a breach, so you should do what you can to contain the breach as quickly as you can.
- Cybercriminals are not being lenient, they are on the rise, with 400% increase in phishing scams. Over 140 email campaigns using COVID-19 as an attack vector. Information security/ cybersecurity is needed now more than ever with people working from home.
- Organisations who have responded to this crisis have embedded organisational resilience and business continuity, those who have struggled are those who didn’t have a business continuity plan. Gary advised that everyone should draw up a 100-day plan to think about the next 100 days and how you are going to respond and then eventually, recover. If you have furloughed staff, you can still train and raise awareness with your staff.
- Organisations should look at their staff and risk assess them, is there anyone likely to leave, flight risks, insider threats. Even if people are furloughed, communication is key to maintaining the relationship with staff. Check admin rights, do people still need the access that they have? Bring these measures back to a bare minimum.
Organisations should contact standards providers and talk to them to ensure that they are going ahead with certifications. If you are having an audit, they will contact you prior to discuss your current situations to see before what you are dealing with and take this into consideration.
- Auditors will tell you to talk you through your processes, rather than testing the physical aspects, as these can’t be done currently. The physical aspects will be done at a later date.
Talk to staff about what devices they are using, the operating systems, firewalls, anti-virus. Encourage staff to change default WiFi passwords and other admin credentials. Keep staff trained while they are working from home or furloughed to protect organisations and staff.
Coronavirus Support – Facebook page. It offers free advice on business support for the pandemic and secure file sharing.
There has also been a big increase in Office 365 backup.
Virtual DCS help organisations with backup recovery.
GPS & video surveillance are being used to see if people are following the staying at home rules and seeing if we can relax the working from home rules. He has concerns that people using these resources to track our movements are not going to relax these systems once the pandemic is over. Drones are being used in beauty spots by the police, voice assistants are being used by people at home for boredom. Drones are being used in the US, patients are stood on balconies for drones to take their temperature.
Easy rules to follow:
- Go to work – if you’re there, do your work. Have a designated place to work
- Check what devices are authorised on your home router
- Remember social interaction (virtual) – people want that personal contact, contact those you work with
- When you use video conferencing, mute your microphone if you are not talking. Remember social etiquette.
Sheffield Hallam is ensuring that students degrees are impacted as little as possible by Coronavirus. Students don’t have access to specialist tolls with the university being closed. They have strong relationships with the industry to ensure that students have the skills for when they graduate. This situation has been a big learning curve for the university as students and teachers have had to move seminars online, some of which weren’t ready for this. First year students exam marks won’t be counted towards their degree, which may affect their placement as employers won’t know their current performance. Final year students have mostly finished their assignments.
Their main priority is the mental health of students and ensure they have access to help.