It seems that the modern world now revolves around the use of social media. You know the sort of thing we’re talking about – Twitter, Facebook, Snapchat, Instagram, Pinterest… the list goes on. And it’s likely that your charity will be making it’s presence felt on these platforms to rally supporters to the cause. But as an infosec professional it’s worth stopping to think about the information security aspects of these services. For an individual, it’s probably not a good idea to live your life online through these platforms but many do and mainly get by, despite often intentionally, or unintentionally, revealing their personal and innermost thoughts. For charities though it’s likely that a more measured response needs to be taken when using these platforms to promote their work. Whether you think these service are intrusive probably depends on your approach to social media. For some folks it’s all about the reputation. And for charities that’s something worth protecting.
Now we’re fully in shopping mode as we approach the season of goodwill to all men, it’s worth just taking a second look at the website you are just about to trust with your credit card details. It should go without saying that you’ll be looking for the ‘golden padlock’ but we more than most should understand what that means deep down in the depths of the web. Is that SSL certificate the real thing? Does it confer the trust we expect? Can we safely push the submit button?
Our data may be safe in transit – thanks to that SSL encryption – but what happens when it reaches its destination? Is it printed on an order form or processed securely end-to-end? And whether you’re buying goods from an online store or supporting your favourite charity with a donation, it’s important to balance risk with trust. But it’s also worth bearing in mind that establishing trust between two parties across the anonymity of the internet is a problem that infosec has wrestled with for years.
Going shopping? Perhaps at your local charity shop? The past few years have seen an increase in malware designed to infiltrate Point of Sale systems – otherwise known as tills – with the explicit purpose of harvesting payment card data processed by those devices. With many tills running on out-of-date software it’s going to get easier to for the bad guys to steal the card data. When’s the last time you patched your PoS systems?
Threat reports consistently highlight the types of business that are targeted by card fraudsters. It’s often been the leisure and hotel industry that feature highly in those lists and it would become a problem for charities if the high street charity shop was seen as an unsafe place to use your credit card.
It should be that business continuity is seen as part of the infosec role but so often the subtle differences between Disaster Recovery, Business Continuity, and Risk Management contribute to a blurring of the lines that can result in Business Continuity not appearing on anyone’s agenda.
Trying to get your trustees to think through this important threat to the organisation can often result in them identifying risks of biblical proportions which have little chance of occurring. If all you wanted to do was have them think about the simple issues maybe it’s time for a different tack? Why not invite some of your CSF colleagues along to share the experience of other charities and demonstrate their success. Look out too for the sessions that the CSF facilities with experts in the Business Continuity field.
There’s a lot talked about the weakest link when it comes to security and it should be no surprise that quite often that weakest link is you. Not specifically you, you understand, but each of us who ends up being the victim of a scam. And the exploit in this scenario is our own vulnerability and willingness to believe in other people. The scammers take advantage of this human trait with social engineering skills designed to lure us into making a wrong move. For the humanitarian charities dealing with people it can be difficult to adopt the cynical approach that might forewarn of a scam. For all of us education and awareness of scams and scammers can be invaluable.