The need for cyber-vigilance

The price of freedom is eternal vigilance

We’ve become so reliant upon technology: our phones, our laptops, our emails that when we suddenly can’t use them, we feel bereft. Adrift and rudderless in a sea of information that we can’t access because our servers are down.

We saw what happened in July  when a dodgy bit of software at CrowdStrike caused havoc amongst air passengers across Europe – my own daughter amongst them.

BMJ has experienced our own little issues this week, nothing as dramatic as the flight cancellations of course, but irritating all the same.

I don’t know whether it was someone clicking on an innocent-looking, but dodgy link in an email, an actual phishing scam, or just a dodgy piece of code that got through, but BMJ went offline, technically speaking, for four days last week.

Some of us were able to work remotely and access some emails via a circuitous route that offered a window into the inbox, but it was pretty clunky and I’m not convinced any of my replies to emails were received.

We also lost access to the main server which is why the October issue is a little late this month – the digital version will hot your inboxes tomorrow. There was, you may or may not have noticed, no e-newsletter or erudite blog last week.

We’re back, up and running, now, though, to use the old adage, we don’t know what we don’t know. If you sent something in by email to one of the team and you think it’s odd that we haven’t got back to you, by all means give us another try. It might be that we aren’t, in fact ignoring you, rather that we just didn’t get the original missive.

Cyber issues cause massive problems. At this year’s NMBS Conference in June IT expert Charlie Blakemore, CEO of Intercity Technology, lead a session on one of the biggest issues facing all businesses in 2024: cyber security. It was both fascinating and really worrying.

We all think that we’ll be fine. Despite knowing that the longer and more complicated you make your passwords the better, most of us are still using combinations of letters, numbers, cases and symbols that are relevant to us or the site we are using them for, for the b=very good reason that this makes them easy to remember.

Yes, there are password management tools that mean who you only need to remember one, but sometimes you just don’t want to be dealing with even that minimal level of faff.

And yet, as evidenced by the cautionary tale that Blakemore told in June, of the hundred-year-old logistics company Knights of Old which was taken down by a ransomware attack and never recovered, we need to get better at our cyber security.

What happened with BMJ last week was monumentally inconvenient, and caused a lot of people a shed load of out-of-hours work to try and rectify, but it could have been so much worse.

Check your security systems. Make sure there is a proper policy and procedures in place for employees, and regularly check that they are being adhered to. Send out test dodgy emails if necessary. Not to catch people out, but to highlight the dangers of getting lax with this issue. I know several people who are on their company’s naughty list because they keep getting caught out by this, but it works.

It’s one of the more irritating things about modern life, that the more we rely on easy-to-access technology, the harder we have to work to protect how we access it.