If you are attacked, what’s my worst nightmare?
I am worried, and I need to know that I offered my help to those that I’m most worried about.
This is not a sales pitch. It’s a way to ease my conscience.
Why am I worried?
As I write this in February 2023, on the island of Ireland alone, we have heard about the significant disruptions caused by cyber attacks on Munster Technological University, Virgin Media, and Lagan Specialist Contracting Group.
I am assuming there are many others which are not being publicly reported.
I am not particularly worried about these victims – I assume they are large enough to be able to call in the big guns and they probably had reasonable security in place to reduce the impact anyway.
Who am I worried about?
I’m worried about smaller organisations, especially those with access to information that needs to be kept confidential.
Information that could cause significant harm to individuals if it was ever made public.
Individuals who are probably already vulnerable.
When I say ‘harm’, I don’t mean potential financial loss.
I mean the emotional distress to a vulnerable individual when they believe that their most private information could become public knowledge.
Information such as:
- Medical histories or reports
- Psychological assessments
- Counselling notes
From a selfish perspective, I am concerned that this type of information about me, my family, or my friends could become public knowledge and I have no control over reducing this risk.
[Updated in April 2023: Unfortunately, news has emerged about a cyber attack on an organisation that “manages data for around 140 charities and non-profit organisations”, including “highly sensitive and personal information” relating to victims of abuse.]
Why am I worried?
You’ve heard of ransomware. And you know that you need secure backups to reduce the impact of such an attack.
But backups won’t prevent the cyber attackers stealing your data and threatening to make it public unless you pay the ransom.
And even if you pay the ransom, do you really believe they will keep their promise?
It is almost a foregone conclusion that if you suffer a ransomware attack today, all of the data that you have access to will be stolen by the attackers.
So what can you do?
I’d love every organisation that handles this type of sensitive information to improve all of their security defences so they can reduce the risk of an attack succeeding.
But right now, faced with this rampant threat, this will take too long.
Instead, I need every one of these organisations to focus on these 5 steps:
- Imagine your organisation has been the victim of an attack, and the criminals have told you they stole your data.
- Imagine being able to say the following: “I know we were attacked and it’s a complete mess. But at least they didn’t get their hands on [X].”
- Identify what your [X] is.
- Identify what you can do RIGHT NOW to make it more difficult for the criminals to get their hands on [X].
- Whatever actions you identify in step 4, complete these actions RIGHT NOW.
And what will I do?
I will help any organisation with the type of sensitive data that I mentioned earlier, but doesn’t know how to get through these 5 steps.
If you (or someone in your network) works in such an organisation, I’m here and it won’t cost a penny (dime? cent?).
How will I help?
- We will meet for up to 1 hour (over Zoom or MS Teams) and work through these 5 steps together.
- By the end of the hour, I guarantee that there will be a clear action plan.
- If not, we will meet for another hour.
- And again.
- And again.
- Until we have a plan.
Why will I do this?
This is not a sales pitch.
This is an attempt to ease my conscience.
I want to know that I did everything that I could have done to help these organisations reduce the most destructive impact of these attacks on people who may already be in a vulnerable state.
How can we get started?
If you (or someone in your network) could benefit from my help, email me at firstname.lastname@example.org now and we can get moving on this.
It may only cost an hour and it may save a lot of emotional distress.
The small print
I also need to make a living, so:
- This offer is restricted to organisations that handle the type of sensitive information that I mentioned earlier (aka ‘special category data’ in GDPR)
- I also need to make a living so I have to limit this to 1 organisation per week.
- I’ll allocate my time on a first-come, first-served basis. I will operate a wait / cancellation list if demand exceeds supply.
- I will pause or end this service offering if I think there is a better way for me to help.