Here we are in October, and the very important subject of cyber security gets it’s time to shine for a full 31 days! I’m very happy that over the next 4 weeks, many organisations will be educating and promoting a subject that affects everyone, whether you own a computer or not. I just hope that the momentum continues in the proceeding months, as to me, this subject is cultural, not just timeboxed so it can be forgotten when November comes. It is a way of thinking and behaving, not the buzzword of the day and it shouldn’t be treated as such.\n\nDelegate received this quite alarming letter!!\n\nFollowing what happened at the Conservative Party conference, where an insecure app was procured that potentially leaked delegate data, including phone numbers of MPs, I would also like to offer some advice to ANYONE who is looking to develop or procure software that is available publicly. Take security seriously, don’t just say it after you have been breached. The conference app required only an email to authenticate (i.e. no password, they must hate password rules more than I do). This, in a time where we have moved towards pushing 2 factor authentication as the baseline standard because of attacks including:\n\nBrute-force, where thousands of password attempts are tried per second to crack an account\n\nCredential Stuffing, where credentials are swiped from a hack lists and tried in other websites due to users reusing their passwords\n\nIf you aren’t protecting accounts with even a password, then there is basically zero security. Okay, one may need to know the email address in this case, but email cannot be thought of as secret as they are distributed, and are easy to guess when you know the organisation a person works for.\n\nThe company that produced the app, CrowdComms actually offers a password-enabled, secure version at a premium, so why this wasn’t procured is something only they and the Conservative Party can explain. IF it was a question of money, security is something that you shouldn’t cut back on as you are basically inviting malicious hackers to successfully probe your system and cause real damage.\n\nWayback Machine (Page Taken Down): CrowdComms An Apology to the Conservative Party and Its Conference Attendees\n\nDeveloper CrowdComms Issues "Unreserved apology" for Security Flaw in Tory Conference App\n\nMy advice moving forward is this:\n\nTake security seriously\n\nPay for security\n\nEnsure that applications are developed to Secure Coding Practices\n\nIf you are procuring software, ensure that it is verified by people knowledgeable in cyber security\n\nIf it’s on the internet, lock down your ports, 80 and 443 is all that you need for standard operation\n\nAlso, never ever do the following, as sharing passwords is extremely dangerous and opens you up to very real security vulnerabilities. How can you trace the source of a breach if you don't have a handle on who controls an account, let alone one owned by an MP!\n\nOne MP not fully understanding the security implications of sharing passwords\n\nAs always, it’s a jungle out there. Please remain vigilant, and most importantly, stay safe. Si.