back to article GCHQ: Ensure biz security by STOPPING everyone from TALKING

GCHQ is advising organisations to consider stripping staff of smartphones and memory sticks in order to make themselves less exposed to cyber attacks. The advice from the intelligence agency's CESG (Communications-Electronics Security Group) information assurance arm comes against a backdrop of increased concerns about the …

  1. malle-herbert Silver badge
    Big Brother

    "10 Steps to Cyber Security"

    But do these ten steps protect you from the spooks themselves ?

  2. Khaptain Silver badge

    Solution

    "Staff in general are the "weakest link in the security chain" and disgruntled employees and the mischief they can create are a particular threat, the spooks advise."

    I this is the case the why not immediately disband the entire GCHQ as it in itself presents the greatest risk to the country and it's people.

    1. Destroy All Monsters Silver badge

      Re: Solution

      Gassing office workers is also an acceptable solution. You need to discuss this with the union rep first though, wouldn't want to take any rash measures.

      1. Vladimir Plouzhnikov

        Re: Solution

        "wouldn't want to take any rash measures."

        I'm sure there are nerve agents available that will deal with the employees discretely, without any rash showing...

        1. 's water music Silver badge
          Headmaster

          Re: Solution

          I'm sure there are nerve agents available that will deal with the employees discretely

          Why do it discretely? Just do them all in one batch.

          1. Khaptain Silver badge

            Re: Solution

            "Why do it discretely? Just do them all in one batch."

            A good example of an optimised process and much quicker than simple attrition.

      2. FuzzyTheBear
        Happy

        Re: Solution

        Sounds like a BOFH job to me .. :)

        1. Anonymous Coward
          Anonymous Coward

          Re: Solution

          "Sounds like a BOFH job to me .. :)"

          hey, it's Friday tomorrow! :-)

  3. Anonymous Coward
    Anonymous Coward

    Eat your own dog food

    This advise might work for them.

    Bit difficult in the real world.

  4. RobHib
    Devil

    Ha! We'll see....

    I well remember suggesting this in my organization well over a decade ago and I was laughed at. (At the time thumb drives weren't around but floppies, Zip drives, email attachments and mobile phones were.)

    Even the management instantly balked at it such is their addiction to such devices. It'll be a brave organization that does. It might even stop it recruiting the top people when the fact's known.

    1. jbuk1

      Re: Ha! We'll see....

      " it recruiting the top people when the fact's known."

      Well they're hardly the top people if they are a liability are they?

    2. Anonymous Coward
      Anonymous Coward

      Re: Ha! We'll see....

      worked on a site a while ago (ok, a long time ago) where everything was as locked down as possible - not just O/S but hardware things, and standards that said no removable drives by default, and those that had them were encrypted media only, etc. - all worked fine. Multiple antivirus everywhere, and so on.

      Weak link in the security chain / fence? One day the Programme Director brought in a laptop from home because he liked it more than the one he'd been provided with the job, plugged it in to the LAN. We (support team) saw it, disabled the port, then went to tell him no. Response was to attempt to shoot messenger, threatening termination and so on unless we plugged his laptop in and got him access to the files he wanted.

  5. James 51 Silver badge

    All good points but as long as good security is seen as a cost and a source of friction it the comprises made are more likely to fall one way than the other.

  6. JeffUK

    Good to see el Reg living up to it's famed journalistic integrity... Reporting on what the telegraph said that GCHQ said, rather than bothering to read the report.

    On mobile phones, they ACTUALLY said :

    “Mobile working offers great business benefit but exposes the organisation to risks that will be challenging to manage. Mobile working extends the corporate security boundary to the user’s location. It is advisable for organisations to establish risk-based policies and procedures that cover all types of mobile devices and flexible working if they are to effectively manage the risks.”

    1. Artaxerxes
      Trollface

      Lets not let a little thing like facts get in the way of giving GCHQ a good kicking

  7. This post has been deleted by its author

  8. Artaxerxes

    No fucking shit its a security risk, so is cloud computing and I'd happily stop users using things like the Good app/BYOD but for some reason upper management are obsessed with the bastard concept, probably as it ultimately means more work for less pay from the users as they check emails in what should be downtime.

  9. John G Imrie Silver badge

    weakest link

    Staff in general are the "weakest link in the security chain" and disgruntled employees and the mischief they can create are a particular threat, the spooks advise.

    So not the CxO's who think security is for the little people then?

  10. amanfromMars 1 Silver badge

    Home Truths .....

    Is that the best that GCHQ can do nowadays ...... Stating the bleeding obvious long after the fact.

    Whenever are they going to grasp the export opportunity and exploit systems with 0day vulnerabilities and lead virtually invisibly and practically anonymously from the front with some ab fab fabless proaction and/or NEUKlearer HyperRadioProActive IT. Failure to do so will naturally result in them following and reacting to events with no more input to output than that which is supplied by fanatics and spectators.

    UKGBNI expect considerably more than just that abdication and perversion of duty.

    Get your FCUKing APT ACT together, GCHQ. You know you should and really want to. Anything else and you are someone else's plaything.

  11. davemcwish

    And this is new how ?

    Having worked in a large multi-national, there's nothing in here that new or be don't already do.

    Additionally, the document in question was published in May 2013. http://www.gchq.gov.uk/press_and_media/news_and_features/Documents/directors_IoD_article.pdf

  12. Rob Crawford

    Yeah no problem lads

    “Monitor all user activity", and make sure staff are aware that violations in acceptable use policies will lead to disciplinary action.

    Then mail us the logs (to save us breaking in)

    1. David Pollard

      Re: Yeah no problem lads

      “Monitor all user activity" is unquestionably one of the hallmarks of GCHQ's style.

  13. Anonymous Coward
    Anonymous Coward

    Staff! Staff?

    It's normally the big (old) bosses and section heads which are the worst, high phishing target but so important in their role they won't be fucking told about IT stuff.

    Staff, don't make me laugh.

  14. amanfromMars 1 Silver badge

    Official Secrets Act is a Right Bugger to Think to Enforce Nowadays

    The advice from the intelligence agency's CESG (Communications-Electronics Security Group) information assurance arm comes against a backdrop of increased concerns about the theft of intellectual property by cyber-spies.

    And one imagines the difficulty they may now have in protecting the paedophile rings at the top of government and security and police and justice circles. And then there's all that offshore money laundering that is so rife in the City too.

    Life's a bitch, aint it.

  15. Conundrum1885

    Just a thought

    Outsource the secure stuff to the Roswell Greys.

    Simplez!

    (cough its really hard to read a language when you don't understand a single word /cough)

  16. Anonymous Coward
    Anonymous Coward

    “Monitor all user activity"

    Good luck with that.

    My company (a US multinational) can't even provide a decent IT service on their budget let alone spend more spying on their "trusted" employees.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019