Rob Norris - Chief Technology Officer - Hero

Keeping our data safe throughout the pandemic


2 March 2021

As the Chief Technology Officer of Welsh Water, cyber security is one of my main areas of focus.

Businesses of all sizes and the data they hold are always at risk of being targeted by hackers – especially businesses as large as Welsh Water – and it’s hard to ignore that the prevalence of cyber-attacks has increased throughout the Covid pandemic.

With many workforces working remotely and with less stringent security requirements in place at home, hackers are continuing to look for flaws that will allow them to by-pass security systems. As anyone in Infosec will tell you, it’s often people, not systems who are the most vulnerable part of a business’ cyber-security.

One recent story in particular has caught my attention, not just because of how serious it was, but because of how just how close it is to the industry I work in.

I’m sure many of you will have seen a story recently in Florida, which involved a local water production facility being hacked. Due to poor password security, a hacker was able to remotely take control of the facility’s operational systems and adjust a chemical in the water to dangerous levels. Thankfully this change was spotted and reversed before anyone was harmed.

However, this event once again reiterates just how important cyber security is and why all employees have a role to play in keeping the company’s they work for protected.

With that in mind, here are three tips I think all employees can follow to be cyber secure.

  1. Use strong passwords. This is a really obvious but important tip to keep in mind. Strong passwords should contain a mix of letters, numbers and symbols and not be tied to personal details. Don’t set your password to the names of your children or your place of birth or your birthday. Strong passwords make it harder for hackers to gain access to your devices or systems using password cracking tools.
  2. Be vigilant of any emails you receive from external sources (especially close to weekends or public holidays). If you don’t recognise the sender of an email, do not click any links or download any attachments. Contact your IT team and they can check the email for any viruses or malware. Phishing attacks are often sent using emails and not being vigilant can result in a hacker having direct access to your data or systems, with big consequences.
  3. Avoid using USB devices to transfer data between different work devices. One way in which hackers will often try and breach company security systems is by infecting USB mass storage devices with malware. Once that USB device is plugged into a desktop, the malware will begin to run and this can bypass security firewalls.

The reason why USB devices are so effective at transporting malware is that they can look like legitimate company devices. It’s easy to brand them and, as a result, employees will often be less vigilant in checking with their IT teams if they should use them. So, please don’t use USB devices you don’t recognise and always speak to your IT team first before using one. There are often far better ways to transfer data.

Above are just three simple tips you can follow to help keep the company you work for safe. Please keep them in mind and always reach out to your IT teams if you spot any unusual activity, emails or devices. As the Florida cyber breach has shown, cyber attacks can pose a very real threat not just to business reputations but people’s safety too.

Diolch,

Rob Norris

Chief Technology Officer