Be aware of leaking personal information

Words by Gary Hibberd of Agenci Information Security Words by Gary Hibberd of Agenci Information Security

It’s been a busy week here at the Agenci, so I thought I’d finish the week with a light-hearted look at something I experienced earlier this week.

Gary Hibberd

Gary Hibberd

Let me start by asking… are you looking for a new job? Maybe you’re looking for a new business idea or inspiration?  Are you looking to see what projects people in your area are involved in? How about the state of someone’s relationship? Or are you (like me) just plain nosey?

If you answered yes to any of the above then I’m here to help you out. You may be thinking the best place to find out all these things is on FaceBook and of course you’d be right (which is a topic for another blog) but on this occasion the place I would suggest going to find out all of these things and more, is your local coffee house. Costa, Starbucks, Coffee Republic or any other such establishment is the place to be seen and (over)heard!

Last year in Britain, £730 million was spent on coffee and Britain consumes 500g of coffee per person, per year. That’s a lot of money and a lot of coffee, but more importantly it’s a lot of time spent in coffee shops.

Go to any one of these establishments and you’ll see people holding business meetings, taking a short break from the office or meeting friends or loved ones. Free newspapers, books and even free WiFi is often in place to encourage us to stay for a while longer and spend some of that £730 million in their shop.

30 Minutes in a coffee shop

Today I was waiting for a colleague to arrive for a meeting so I suggested meeting outside our local coffee shop in the centre of Leeds. I arrived a little early so thought I would grab myself a quick drink, so in I went and ordered myself a "Venti, triple-shot non-fat, sugar-free, cinnamon dolche latte, with whip" (you should try it.. it’s not fattening either). 

Whilst the woman behind the counter was figuring out what the hell I had asked for I pondered my surroundings and located a seat somewhere in the middle of the café to take my drink.  Once sat down I couldn’t help but over hear the conversation at the table next to me (they really should leave more room between tables). 

"So in short Nev, the idea of my business is to approach several law firms in the area and take someone like you in there to audit their accounts. Making sure they’re complying with the Solicitors Account rules. Obviously I’m not head hunting you because I know you’re happy at (company name) but if you were interested, would you think you’d be interested?"

I didn’t get the response from 'Nev' as his answer was drowned out by the lady on the 'comfy' sofa in front of me was on the phone complaining about something she had ordered which hadn't arrived. "My address? Yes it’s (Address). Name is (Name).  No I won’t be in tomorrow as I’m at work all day. You’ll have to leave it with the neighbour at number 45." 

It was then that her place was taken up by three gentlemen deep in conversation with laptop in hand. Opening the laptop the three peered at the presentation on the screen and began discussing how the building industry was in decline in the area but a regeneration of a key complex would certainly put things back on track. I switched my attention from listening to 'Nev' and his job-offer, the lady on the sofa to the three men several times.

Some of the slides they used were very interesting and had I any interest in it I’m sure I would have focused more time on them. But I lazily switched my attention to those three groups around me and to the others in the coffee lounge.

I really didn't have time to run any port scans or use a little tool I have to check how many of the laptops using the free WiFi were protected as I had to go. But I have a sneaky suspicion if I had more time, then not only could I have done a little physical eavesdropping but I could have picked up a lot more by probing their devices too.

Conclusion

The problem is that the majority of people don't think this way but instead believe they live in a personal ‘bubble’ where information and confirmation is not shared outside 2 feet from where they are sitting. This isn’t the case. 

In actual fact the vast majority of people 'leak' information continually throughout the day. From holding meetings in public places to discussing deals in lifts or on the bus the vast majority of people seem to have an amazing disregard for privacy. Yet mention that FaceBook is about to make their FaceBook conversations public and the world is up in arms! There is something clearly wrong here.

I often tell people that I'm involved in Information Security and they jump to the conclusion that it’s all about Computers. It's not. It’s about people. Security is a business problem which means it’s a people problem.

If you think having a Firewall or antivirus installed in your business is enough to keep you protected from the risk of losing valuable information then you’re wrong. You and your staff are most likely the biggest security risk within your business.

Lesson for the day: Marlon Brando once said "Privacy is not something that I'm merely entitled to, it's an absolute prerequisite." I'm sure most of us would agree with this, but if we want privacy then we need to protect it and be aware of how we can lose it.

The word 'Privacy' is derived from the latin 'Privitas' which means ‘Separated from the rest’ so if you want to have 'Privacy' then make sure the conversations you have are indeed 'Separated from the rest (of us)'. Because if you don’t, then I and many people like me will be listening…

Gary Hibberd is a director at Agenci Information Security
www.theagenci.com