So …. are you still using USB storage devices ?


This was a question my friend asked me last week as it turned out his company suddenly wanted to block them from being used and he could not understand why and was in fact rather annoyed. After I had sat down and explained to him the risks of USB devices, I thought this would make a great post for the blog

What are USB storage devices?

They can range from a flash drive to a hard drive in a box, this post will concentrate on the small flash drives but equally applies to the other devices .

Flash drives have become so popular because they use little power, have no fragile moving parts are small, light and cheap. Data stored on flash drives is impervious to mechanical shock, magnetic fields, scratches and dust. These properties make them great for transporting data from place to place and keeping the data readily at hand.

I remember when the first flash drives were just 8 MB  but they have since massively increased to 516 GB or even 1 TB. A 64 GB for example already holds a massive amount of information (Examples can be seen here

So what risks ?

These devices as mentioned are small and can contain a vast amount of data, so look out for the following risks

They can easily be lost or stolen which can lead to an accidental of data

They can be used by malicious insiders at a company to easily extract a large amount of confidential company information.

They can bypass most of the network security controls (such as the firewall, proxy, mail security gateway etc)  and accidentally (or maliciously) introduce malware onto your computer. This is particularly relevant if a USB device is shared between work devices and home (which probably has far less security than at work)


The first risk applies to everyone from home user to a company employee. Using an encrypted USB device will help if the device is lost (as long as you have used a strong password .. more on this in a future post)

I usually advise a company that does not want to block USB devices to at least only allow approved company encrypted devices to be plugged into a device and to block any other makes of USB devices.

Blocking USB devices is the best and most cost-effective way to stop company data loss via these devices. They also give an additional benefit of preventing the  third risk of introducing malware

One question I get from company bosses is the third risk does not really apply to their company as they have anti-virus. It may come as some surprise to you that anti-virus is not 100% effective and does not always pick up the latest malware. (

My recommendations

If you are a company ..block the devices and use a cloud business service (OneDrive, Dropbox, Google Drive)  to store company data (more on this in a later post). Allow only a few exceptions which must use a company approved and monitored device

For home use, by all means, use an encrypted USB device but be aware it can be lost so make sure that you have a backup of your data elsewhere.

Online counterfeiting – part 2

This post follows on from part one which is here



Your company has realized that actually online counterfeiting is an issue, so what next  ? Well the next step could be go and grab some data and see how large or small the problem actually is.

Getting the data

Let’s take a scenario ..your company sells a product that is being counterfeited and sold online a global eCommerce site. You want to get a list of the sellers of the counterfeited goods to give to your legal team

Right so there are a couple of ways to do this

  • Get a human to sit down once a week, log on to the ecommerce site , search the site for your brands and copy and paste the results into say an excel file
  • Use an automated system to regularly do the above

The first option is going to work if you have the human resources or there are only a few sellers and adverts. However I would argue the second option works better if you have many sellers with many adverts, you do not need extra resources but it also has some extra benefits.

The automated system

First you need what is known as a web scraper. These come in many shapes and sizes from DIY programming  to ‘data as a service’ which is outsourced web scraping from which data is delivered to you. There are a number potential issues to be aware of running a web scraper in-house which we will go into in a later article.Whatever type of web scraper  you take it should be easy to automatically schedule daily or weekly to search for the latest adverts.

Before we move to the next part there are a couple of things to highlight. The web scraper compared to a human has the ability to scale across many sites and eCommerce platforms and collect the data in an organised format. 

Next you need is somewhere to store these results. It could be an excel sheet that you send somewhere in your company each week but I would suggest something a little smarter .. data analysis

Data Analysis

Essentially all this means is put your data into a database and run analytics across the data. This has many advantages , some of which are listed below

  • You keep all the historical stuff. You can get a timeline of when a particular seller is putting adverts online. Are they regularly putting up adverts or are they waiting for a particular high season , or were they just a one off seller
  • You can see hotspots of adverts. Is a particular time of the year more important than another
  • Who are you top sellers of counterfeiters ? These may be the ones to send to Legal as high priority
  • You easily get metrics over the full amount of data in the database . How many counterfeits were taken off the market this year ?
  • Collect intelligence for identifying sellers. Are counterfeited being products sold a certain percentage lower than the official price compared to say someone selling second –hand ?

All parts of the system could be out-sourced, in-sourced or a combination of the two. It just depends on the resources you have and of course budget 

The next post will look at how to build a system and the potential costs 

Hacking then phishing – kicking a person when they’re down!

Today we’re going to highlight two issues for the price of one. Not bad for a Monday!

Firstly we have the recent admission by British Airways that criminals had hacked their website and personal details – including bank card numbers – of about 380,000 customers had been compromised. To add insult to injury, it took them 15 days to realise then warn customers so they can take action, by which time a huge amount of fraudulent transactions could have been conducted by the criminals and whoever they sold the card data to. If only they had an effective Security Operations Centre like other multi-national (really should) have!

Secondly, the fact that BA contacted their customers by email – and the possibility of this being exploited by other criminal groups – was debated by my fellow security professionals last week, so I thought I’d check my spam folder in my personal email account. Imagine my surprise when I spotted the attached message! It took a few moments but we found a few indicators of a phishing email (“return to” address was very suspicious, suspicious hyperlinks not going to BA website, minor grammatical errors in text, the promise of two freeplane tickets being unrealistic for half a million customers, etc.).

Would you have spotted it?

So there we have it, a quick and simple introduction into how one criminal group can quickly jump on the bandwagon and exploit another criminal group’s actions, praying on people easily exploited as they’re placed under pressure dealing with the first problem. Talk about kicking a person when they’re down!


Crisis Management – not just for huge corporations (Part 2)

In the last article I introduced the concept of crisis management and suggested a process, now we will take a look at how those principles and the process can be applied to a much smaller organisation or even a sole trader. Let’s look again at the RACER process introduced in Part 1.

Principles – think about what could go wrong that could develop into a crisis, in the context of the business in question. Don’t limit it to what could go wrong within the business (e.g. a big error by employee or yourself, something really important breaking or being stolen), consider the external environment which is out of your control, but could negatively impact your business or livelihood (e.g. natural disaster, market crash, Brexit (sigh), power cut). In other words, what keeps you awake at night? Have a think about it, consider ‘what-if’ scenarios and what a ‘bad day at the office’ might look like, and document them.

Structure – let’s say you’re a lone trader. OK, in some respects there’s the answer; it’s just you. But is that really the case? Can anyone else help you out in your moment(s) of need when things go a bit awry? Having someone with you who is emotionally detached from the incident to help with some tasks (probably coordinating activities, possibly helping with communication) and add the impartial voice of reason will definitely help in tense moments. Identify them, warn them, talk it through with them.

Process – have one. There are lots out there but they all share common components (like a beginning to kick it off, a middle bit where stuff happens, and end bit to recover and move on). I had to pick one, so I went with the RACER model, with RACER being an acronym comprising:

  • Report – the incident, event, crisis. I would also say this covers ‘detect’ that something is wrong
  • Assess – evaluate the nature of incident and severity (including potential severity)
  • Convene – the most suitable crisis management team (yes, it might just be a couple of you, but it’s still a team)
  • Execute – agree objectives, make decisions and take action
  • Resolve – close the incident, review and learn lessons

Clearly there’s lot more behind the process above, and I could write volumes on the topic, but this is just a taster and there’s a fair chunk of it that’s self-explanatory. Besides, we’re always on standby to help you in this area, so drop us a line and we’ll see how we may be able to support you.

Practice – finally! The Kast part, but arguably the most important part if you want to take this topic seriously. I’m sure there are many large organisations who are the proud owners of fantastic crisis management plans that are sat gathering dust on shelves waiting for the ‘in case of emergency break glass’ (or hit ‘print’) moment. Are you going to do conduct a large scale exercise with actors on the phones, emails sent to you describing dramas, scenarios played out in real-time? No, of course not. In a similar vein to your earlier conversation with your trusted family member or friend who with come to your aid when you need it (back in the structure bit), grab a strong coffee, beer or wine and go back to your what-if scenarios and see how you might apply the plan. 

OK, the above is hardly the most robust preparation, but I’d argue that it’s better than nothing, and would go some way to having a degree of preparedness with not too much effort. If you need more information about this, just drop us a line. If you need a checklist for topics to be discussed the first time you meet to work through the crisis, we can tailor one for your needs which serves as the “when things go wrong print this document and follow the steps” file. I can tell you from personal experience, sitting on you bum with your fingers crossed (or thumbs crossed, as is their wont in Germany and Switzerland) is not an effective means of building resilience in any size of organisation. Escalate early (preferably before an incident becomes a crisis), scrape a team together (even if it’s just one extra pair of hands), and follow the (a) process. Any process. Just have one you’re comfort with and you’ll be in good shape.

Crisis Management – not just for huge corporations (Part 1)

Since time immemorial we have seen the devastating effects of major disasters and other uncontrolled events, coupled with eye-watering estimations of the financial costs of their remediation. Union Carbide’s tragic accident in Bhopal resulted in 1,000s of deaths and a loss of over $500 million. More recently, UBS’s “Rogue Trader” cost them over $2 billion, and the total bill for BP’s Deepwater Horizon catastrophe will be at least an order of magnitude more, estimated at a whopping $35 billion. Accordingly, the term ‘crisis management’ will be a stranger to very few people, and it would be remiss of any large organisation not to have a crisis management plan of some sorts (though I would question if they are all (1) fit-for-purpose, and (2) practiced).

That’s all very well for the large conglomerates with access to buckets of resources, but where does that leave the likes of me as a lone trader or running a small family business, I hear you cry? Well, my answer is simple … if you do the same it’s madness, it would be a massive waste of resources which you just don’t have. However, in my opinion by applying the same principles, picking out a few elements of a good crisis management plan and doing a bit of light-touch preparation you can develop and implement a half-decent plan with minimal effort that might just tip the balance in your favour when things start to turn south without warning.

So what constitutes a crisis management plan? Well, ask 20 professionals and you’ll get at least 30 opinions, and I’m not going to pretend that what I’ll cover is the textbook answer, but given that our principle at SLB is simplicity what I’ll briefly demonstrate here is good enough for this article.

In essence, an effective crisis management plan contains the following core components:

  • Principles – the purpose of the plan (e.g. minimise risks to life, limit damage to the environment, preserve the company’s reputation…), recognition of the types of crises it may cover, perhaps guidance on when to trigger the plan (i.e. when an incident or event becomes a crisis)
  • Structure – composition of the crisis management organisation (e.g. a crisis management team with designated leader, communicator, coordinator, log keeper, functional experts, etc.)
  • Process – the steps to be taken in a crisis (or preferably before a crisis materialises)
  • Practice – exercise the plan and the crisis management organisation

The challenge then is how can this be applied to small businesses or individuals? Let’s keep this simple (that’s what we do, right?!), so in Part 2 of this article we’ll start very small and only build on it if we need to.

Online counterfeiting – Part 1

Most of my work is in the cybersecurity field but I have been recently brought into more and more projects involving online counterfeiting

What is online counterfeiting?

Almost anything can be counterfeited and the internet provides a great way for the counterfeiters to get a global market. Online selling has been incredibly successful for a number of legitimate companies so it will come as no surprise this is the same for counterfeiters

Mostly you hear about the high end luxury brands having the biggest problems, but there are in fact there are many more lucrative markets such as medicines and chemical products which could potentially harm human health.

How big a problem is it ?

It will come as no great surprise that counterfeiting is a vast, successful and global business which increasingly operates online.

An April 2016 report issued by the Organisation for Economic Cooperation and Development (OECD) and the EU Intellectual Property Office estimates in 2013 the value of counterfeited goods rose to $461 billion, or 2.5% of the value of global trade.

How do online counterfeiters operate ?

The main online counterfeiting industry business model is to set up fake sites usually on free hosting platforms (see for a list

If a brand owner asks for a takedown then it is very easy (and cost effective !) to set up a brand new fake site again.

I have noticed a number of counterfeiters use Ecommerce platforms such as ebay and Amazon to sell fake branded chemical products to consumers (e.g rodent, insect killer ) and in fact Apple claimed that 90 percent of genuine Apple products sold on e-commerce giant Amazon are counterfeit – leading them to sue Amazon supplier Mobile Star in October 2016

in a couple of projects the counterfeiters had compromised the online adverts delivery system to drive traffic away from the legitimate branded sites to the fake site and had quickly picked up expiring brand domains which the company had let expire

 A big change I have seen however is the move away from the sites concept above and to facilitate sales through social media, instant messaging tools (Telegram, Whatsapp and WeChat). In fact this blog receives a number of comments advertising suspected counterfetiting sites ( all blocked thanks to the antispam tools !! )


Next post will look at what can a company do about monitoring for counterfeiting of their products