Home Blog

Richard Bingley: A cyber war is on the way

Originally Published at Conservative Home

Richard Bingley is the CEO of the London-based Global Cyber Academy, an independent education organisation dedicated to making technology safer.

Iran’s government often causes incumbent American presidents a headache during election year, although Donald Trump seems immune to diplomatic migraines.  His decisive swoop to eliminate top Iranian general Qassem Soleimani will certainly provoke a response from Tehran. But it might not be in a format we expect or understand.

After all, this was not a clandestine attack by an American secret agency practicing stealth-like ‘plausible deniability’. Rather, it was a highly brazen and visceral public lashing by Trump’s White House.

Iran’s government views herself as being humiliated in her own backyard. Soleimani was viewed domestically as leader (now martyr) who rekindled the military power of Hizbollah in Lebanon and a man who was instrumental in helping Assad’s government in Syria – so far – to defeating Daesh (ISIS).

Yet even among her allies in Asia and The Gulf, Tehran is struggling to drum up much genuine sympathy for – if you believe western media hype – a cartel of uniformed gangsters who, seemingly, operated almost with a carte-blanche licence to kill beyond their own borders.

If any credit is to be had from this sorry episode, it is that the USA didn’t even bother with an ambiguous operation that could be batted away in the United Nations with suppressed smirks, nods and winks which follow ‘plausible deniability’ covert ops.

Tehran therefore has no dilemma to struggle with. Iran will tangibly respond. The only questions remaining are when and how.  This week’s symbolic missile attack of US troop bases in Iraq is highly unlikely to draw a line under this recent escalation from both sides.

Although numerically strong, Iran’s military rank-and-file will be acutely aware that it will, in all likelihood, produce a feeble, disjointed performance on any battlefield.  Moreover, such a bedraggling spectacle – of high-tech machinery pummeling the futile billows of religious-inspired rhetoric – will occur under the full spotlight of 24/7 satellite television and mass digital voyeurism.

Coupled with likely trade sanctions from some Gulf partners, then Russia and China, sitting on their hands, there can only be one short-term winner, if full-scale military confrontation broke out: the United States. Nevertheless, beneath her fighting rhetoric, Tehran’s boisterous government is often clever, agile, highly rational and practices – most of the time – a strong, survivalist, realpolitik.

For a prediction of what’s about to come, we should analyse the life of last week’s target: General Soleimani.
According to some defence journalists and journals, Soleimani was an expert exporter of asymmetric warfare; the types of lethal guerilla operations that can bring great humiliation, and even draw out precautionary fear and retreat, from larger military giants.

Soleimani’s speciality was hybrid and deniable covert operations, which terrorized opponents and sent an intimidating ‘signal’ or projection of power to Iran’s regional adversaries: principally Iraq’s fledgling government, Saudi Arabia, non-Shia of the Lebanon and, of course, Israel.

Hybrid means the mixing up of attack methods; allegedly in the general’s case, utilizing good old traditional ammonium nitrate fueled bombs that can liquidate an apartment block or garrison, but also increasingly deploying advanced technical capabilities: phone intercepts, target espionage and tracking, drone navigation, communications jamming, etc.

The second part of this modus operandi, technical sabotage, is likely to be Tehran’s principle chosen retaliation.
Tehran will know that President Trump is consistent only ever in his dramatic inconsistency. If a bombing campaign is launched against US or allied troops in the Middle East, Trump is likely to strike hard, possibly to the point of driving regime change.

Ringing in his ears will be two presidential scenarios. President Kennedy who noted, that his personal approval ratings rose despite the unsuccessful 1961 Bay of Pigs invasion to topple Fidel Castro. Voters like ‘tough’ and they like ‘action’.

Second, nice guy Jimmy Carter’s attempt to skillfully negotiate the way out of post-revolutionary Iran for seventy trapped US embassy officials in 1979. The debacle lasted 444 days.

Carter’s cerebral, plaintive, attempt failed dismally. Ronald Reagan nailed Carter for his dithering and hand-wringing weakness, to successfully defeat him in 1980, sending the esoteric one-termer back, figuratively, to his Peanut farm in Georgia.

Iran’s government knows all of this. Her President, Hassan Rouhani, was educated as a postgraduate at a Glasgow university and is deeply steeped in security and philosophical strategy. As such, Iran has perhaps one of the most finely tuned asymmetric warfare strategies out there. As with her partly successful nuclear enrichment negotiations with Barack Obama’s White House (and the EU), Tehran thinks that it knows exactly how far to push back at an adversary, or camouflage a glitch, without necessarily provoking a Washingtonian trigger-pull.

Tehran’s retaliation will probably be in the form of escalating cyber attacks upon the USA, its infrastructure and its close allies. Namely, the UK, Saudi Arabia and Dubai Emirate, part of the UAE.


Because, even though the evidence of a cyber-attack stemming from Iran would be almost incontrovertible to insiders, general public audiences are still susceptible to claims that cyber space is too ambiguous. (Most of us are, thankfully, optimists, unless we see damning proof of something!)

Cyber-attacks are a little like taking a complicated fraud case before a jury. The evidence trail is often too difficult to prove, then the end result is perceivably not lethal. Thus, at present, few countries, if any, have gone to war over a cyber-attack.

However, let’s think back to form. Iran has the capability, in spades. In June 2017 MPs email accounts in the Houses of Parliament were successfully hacked. Initial suspicion fell upon Russia, China and North Korea’s infamous Lazarus cyber-crime group.

But after a four-month investigation, forensic investigators at GCHQ (the UK government’s signals intelligence agency) pointed HMG’s finger squarely at Tehran.

In 2005, Iran’s Islamic Revolutionary Guard established a cyber army, most notably attacking Chinese tech firm Baidu in 2009 and also Twitter. World-leading cyber analysts at the Israel Institute for National Security Studies ranked the IRG as the world’s fourth most powerful cyber army by 2013.

Moreover, if (for example) planned troop movements, or traffic planning systems, or hospital systems, power station systems, car GPS systems – many coordinated by automated and unchecked supervisory controls – are breached, then it simply is a fact of life that any decent cyber-attack upon a critical system will cause physical harm to citizens. And lots of us.

It’s worth recalling that North Korea’s cyber-attack using the WannaCry ransomware led to more than one thousand NHS operations being cancelled back in 2017.  Unlike Israelis or Iraqis, we Brits simply do not believe that a devastating cyber attack will happen to us. Nor do we fully understand what the impacts might be.

Therefore, time spent away from television news, updating our antivirus software, subscribing to VPNs, organizing data back-up and storage, and avoiding dodgy URL links that promise enthralling Instagram images, might be the best retaliation by the UK citizen to this unfolding, highly worrying, skirmish.

Boris’s Safer Streets

On December 12, 2019, Boris Johnson’s Conservatives Party was convincingly elected as the UK Government. Please find the attached link from their manifesto commitment to safer streets in the UK. Periodically, the UKNSA will be hosting events to review progress on these very important domestic security commitments.


UK PM Speech Promises Investment in Tech Security

My Lord Mayor, My Late Lord Mayor, Your Grace, My Lord Chancellor, Your Excellencies, My Lords, Aldermen, Sheriffs, Chief Commoner, ladies and gentlemen, this weekend our country came together to commemorate the centenary of the Armistice.

Gathering around memorials across the length and breadth of the land, people of every faith and background stopped and stood together to remember the sacrifice of a generation.

A sacrifice that touched almost every family and every community – including this one, when in 1915, the then Lord Mayor raised the “Bankers Battalion” of the Royal Fusiliers.

From the stories we have heard, to the names we have read, their memories live on engrained in our national consciousness. And will do so, rightly, for evermore.

We will remember them.

As we do so we should reflect with pride on the progress we have made in the last one hundred years, working together with our partners across the international community, to make the world a safer, better, place to live.

From the formation of NATO to the establishment of the United Nations, we have not just stood up to defend global security, we have forged the international partnerships that maintain it.

In the shadow of Mount Washington, with the world at war for the second time in a generation, the foundations for economic reconstruction were laid. And with the creation of the World Bank and the International Monetary Fund the basis for global economic cooperation was set.

As a global trading hub, the United Kingdom has always understood that our prosperity depends on the global rules we uphold and the partnerships we build.

From the world’s first insurance market to the creation of the biggest Islamic finance centre outside the Islamic world, we have not only driven the trade and investment that fuelled unprecedented growth, but helped to shape the institutions and governance that sustains it. Not least, right here in this great City of London.

When we look forward to the next century of progress, we know our security can only be upheld by collective endeavour. We know our prosperity can only be advanced by cooperation across borders. And we know our success as a nation depends not just on a strong economy at home, but our role in the world.

At this Banquet last year, I said we could not turn a blind eye to the threats we faced. That as open economies and free societies we needed to increase our collective resolve to tackle them – most pressingly those threats emanating from Russia.

The past year has tragically proven those threats to be ever more real – not least through the reckless use of a chemical weapon on our own streets by two agents of the Russian intelligence services.

But it has also proven our commitment to respond – exactly as I said we would.

Together with our allies, in response to the attack in Salisbury, we coordinated the largest ever collective expulsion of Russian intelligence officers, fundamentally degrading Russian intelligence capability for years to come. And our law enforcement agencies, through painstaking investigations and cooperation with our allies, produced the irrefutable evidence that enabled our Crown Prosecution Service to bring charges against those responsible.

In response to the activities of the GRU in Europe, through the cooperation of western security agencies, the Dutch government were able to prevent and expose Russian attempts to penetrate and undermine the Organisation for the Prohibition of Chemical Weapons.

In these actions, we have seen the impact of international unity and a collective response to these threats.

We have shown that while the challenge is real, so is the collective resolve of likeminded partners to defend our values, our democracies, and our people.

But, as I also said a year ago, this is not the relationship with Russia we want.

We remain open to a different relationship – one where Russia desists from these attacks that undermine international treaties and international security, and its actions that undermine the territorial integrity of its neighbours – and instead acts together with us to fulfil the common responsibilities we share as permanent members of the UN Security Council. And we hope that the Russian state chooses to take this path. If it does, we will respond in kind.

We will continue to show our willingness to act, as a community of nations, to stand up for the rules around the world.

When the Syrian Regime used chemical weapons on its people again in April, we took military action, together with France and America, reinforcing the global norm against the use of such abhorrent weapons.

As part of a global coalition, we have continued to degrade Daesh in Syria and Iraq to roll-back their so-called caliphate.

And as we seek to protect and advance our common security, it is vital that we and our partners in the international community demonstrate our common adherence to the rule of law.

We have seen this most recently in the terrible murder of Jamal Khashoggi. And as the Foreign Secretary made clear again in his visit to Riyadh today, there must be a transparent and credible investigation and those responsible must be held to account.

And because we know that instability or the erosion of global rules in any part of the world damages our collective security, the UK will continue to increase the depth of our global security partnerships.

We continue to increase our security co-operation in Asia, undertaking our first land exercises with Japan and deploying three Royal Navy ships to work alongside America, Canada, Australia, New Zealand, and Japan to enforce sanctions against the DPRK and reinforce the maritime security on which all trading nations depend.

And today I am proud to be able to announce the naming of HMS London – one of our eight planned Type 26 Frigates.

As she upholds global stability, she will also bear the name of this great centre of trade and finance, reminding us all of the critical link between global stability and global prosperity.

Just as we must work together to uphold those rules that govern our collective security, we must also show leadership in upholding and shaping the rules that govern the global economy.

We are in a time of unprecedented interconnectedness.

And each barrier to trade that has been taken down has brought tangible benefits to everyday lives. For example, before the elimination of quotas for textiles and clothing under the World Trade Organisation in 2005, British consumers were paying a third more for clothes.

But for nations to open up their markets to others, they need the confidence that everyone will play by the same rules. And today this global system is under real stress.

A damaging trade war with spiralling tariffs is in no-one’s interests. But we must be honest in identifying problems and do more to work together to fix them.

So we need an ambitious and urgent process for reform of the World Trade Organisation.

This includes increasing transparency so countries can see whether rules and commitments are really being honoured – whether on the declaration of subsidies or respect for intellectual property rights. And updating dispute settlement processes to ensure they operate fairly and efficiently.

It also includes promoting trade in services and digital, not just physical goods.

For while services now account for 65 percent of global GDP, recent trade negotiations to deliver more ambitious trade in services have stalled.

And while companies like Amazon and Alibaba have changed the nature of consumer behaviour, the World Trade Organisation has been struggling to remove barriers to e-commerce trade for almost two decades.

So these reforms must ensure the rules themselves remain relevant to the modern economy.

But even as we work to bring the rules up to date, we need to go further.

For we are now living through the most extraordinary technological transformation.

A time when flows of data account for a higher proportion of growth than trade in physical goods.

When Artificial Intelligence could almost double the value of the global digital economy to $23 trillion by 2025.

And when it could increase global GDP by 14 per cent by 2030.

In this new context, our standing in the world – and our ability to retain our position as a global economic hub – will depend not only on the steps we take to innovate at home, but crucially also on the role we play in shaping the rules that will define this new era.

So I am determined that we will lead the way.

At home we will continue to pursue our modern Industrial Strategy: matching the innovation of our world-class scientists and entrepreneurs with growing public investment in research and development and a regulatory environment designed to encourage, not stifle change.

Internationally we will build on our role as an innovator in technology policy and cyber security, and a trusted economic hub between East and West, to position the UK as a pivotal innovation-driven digital economy with global reach and ambitions.

Our new Centre for Data Ethics and Innovation will work with partners across the world to advise on the rules and best practice needed to build the best, most trusted, most innovative AI and data ecosystem in the world. An ecosystem that will help build the foundation of public support for the tech economy that is so critical to its future success.

And we will use our influence in organisations like the Internet Governance Forum, meeting in Paris this week, to establish global norms for free and open development of these technologies.

Because this is not just about economics.

It goes to the heart of who we are and the kind of society we want to build.

Being an open democracy means standing up for our values and freedoms whilst protecting intellectual property and safeguarding against those who would abuse or misuse the access to information that technology brings.

So the global rules and norms we need are those that ensure these transformative technologies develop in line with our values and secure the trust of our citizens

And the UK will be at the centre of this global agenda.

So it is clear that both our security and prosperity will depend on the strength of the relationships we build right across the world.

This begins with our long-standing partners with whom we share the same values – including the transatlantic alliance that is the bedrock of our security and prosperity.

And, of course, it includes the new relationship we will forge with our European allies as we leave the European Union.

The negotiations for our departure are now in the endgame. And we are working extremely hard, through the night, to make progress on the remaining issues in the Withdrawal Agreement, which are significant.

Both sides want to reach an agreement.

But what we are negotiating is immensely difficult.

I do not shy away from that.

The Brexit talks are not about me or my personal fortunes. They are about the national interest – and that means making what I believe to be the right choices, not the easy ones.

Overwhelmingly, the British people want us to get on with delivering Brexit, and I am determined to deliver for them.

I want them to know that I will not compromise on what people voted for in the referendum.

This will not be an agreement at any cost.

Any deal must ensure we take back control of our laws, borders and money. It must secure the ability to strike new trade deals around the world.

And it must also be a deal that protects jobs, our security and our precious Union.

We will have a new relationship with the EU when we have left. But it will still be a close one.

We will still be neighbours, championing the same values of freedom, democracy and the rule of law, underpinned by a rules-based global order.

But as we leave the EU, it is also an opportunity to raise our horizons towards the rest of the world.

Because the economic and demographic balance of the global economy is shifting. And technology is collapsing the distances between markets.

That is why this summer I visited Africa, where I set out a new partnership of shared interest, including using our international development budget to help enable the private sector to deliver the jobs and investment Africa needs.

Such a partnership will not just be in Africa’s interests but also in our own national self-interest. And this is entirely right. For if African countries are able to attract the investment they need, there will be significant global economic opportunities. And they will also be able to mitigate the risks of conflict, instability and mass migration.

And as we look at the coming decades, it is clear our relationships with the high-growth, high-innovation economies of Asia will be increasingly important – not only to our growth, but also to the shape of the global system in the face of technological transformation.

So we will significantly step-up our partnership with Asia, and do so with the confidence of knowing we have an offer they want, just as they have an offer we want.

We are doing so already – as many of you will know better than me.

Trade with China is at record levels. And we are gaining increased access to China’s market and looking to expand our co-operation on services.

We have taken significant steps to deepen our strategic relationship with Japan, collaborating on the Grand Challenges we have both identified as being critical to the future of our economies.

Now we will do more to help British business connect with new opportunities, including as we build a new partnership with the Association of South East Asian Nations.

We will work to secure ambitious trade deals when we leave the EU, including potentially embracing the opportunity to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership.

We will use our aid budget to work with the private sector to improve regional economic co-operation, trade and connectivity – ensuring this is done in line with international standards across the region.

And we will base this long-term partnership on our shared strengths in innovation.

Because from the UK-Republic of Korea FinTech Bridge to our co-operation with Singapore on cyber security capacity building, this is a region that is home to some of the most advanced, tech-friendly and open economies in the world with huge demand for British innovation, design and quality. And it is a natural partner for the UK in shaping the rules of the future global economy in a way that can support a new era of innovation.

Given the scale of the opportunity, I am pleased to announce that the destination of my first trade mission post-Brexit will be to Asia Pacific next spring.

For I will do everything I can as Prime Minister to accelerate the progress we are making in strengthening relationships across this region.

So tonight, here in this great Guildhall that stands as testament to the pioneering trade and innovation of our forefathers, let us look forward to the future we want to build for our country.

And let us do so with confidence.

Confident that we can secure our place in the world as a global economic hub and once again help write the global rules of the future as we have in the past.

Confident that in this very room we have the unique strengths and ingenuity to forge a global future for our country that is every bit as exciting as anything that has come before.

And confident, that in doing so, together, we can secure our future prosperity, now and for generations to come.

#ProjectThankYou – Police, Blue Lights, Armed Forces and Veterans Get Bulk 40% Fee Reductions for Cyber Sec Diplomas

The UK’s first business Academy for cyber and tech security has launched #ProjectThankYou in a bid to make the UK more cyber resilient.

The London-based Global Cyber Academy, the first in the UK to deliver formal accredited, online Diploma education to working-adult students, begins with its first cohort of UK-based students this October. The Academy will be providing a flat 40% course fee reduction for every single UK Blue Lights or Armed Forces application – including for veterans.

Chief Executive of the Global Cyber Academy, Richard Bingley, said:

“Money is tight for emergency workers, and our armed forces, and for the government too. Yet, the UK economy and infrastructure are now under industrial-scale threats from cyber-criminals and external state-backed harassment. We’ve got a duty as educators to step up and help.”

Mr Bingley added: 

“There’s little point just educating a tiny fraction of the workforce. Our Academy is in a unique position to offer mass accredited education across our entire security and emergency-services base, and that’s exactly what we’re offering to do. 

“The only way to stop industrial-level cyber crime is to introduce industrial-level education, particularly for those who are tasked to defend us. Our Academy is thankfully in a position to give something back and in our own way say a big ‘thank you’ to public servants who help look after us.”

The new Academy came up with the plan after trying to apply to be registered with the UK MOD’s Enhanced Learning Credits (ELCAS) scheme. This would have potentially enabled service personnel to access funding and earn advanced credits for studying the Academy’s programmes. 

“But because our Academy was only formed earlier this year it did not qualify for ELCAS admission,” said Mr Bingley. “We didn’t hit the two-year operating rule” 

“It was a bizarre situation, because certified police investigators, senior qualified academics and international book authors had written and filmed our course content Also, our Diploma programmes are issued by a UK-Ofqual-approved awarding body, therefore they go through tons of formal quality vetting. Yet we couldn’t reach in to our own natural audience. The situation within UK policing is similar where only a selected few receive funded cyber training. So, we all just said ‘forget it’, we set this thing up to help people, and help build a resilient society, and that’s exactly what we’re going to do!”

The Level 3 Diploma (online) in Cyber Security Management and Operations begins on October 9th 2018 and enrols monthly thereafter. Modules include: Threat and Risk; Network Architecture, Communications and Protocols; Mobile Data Risks and IoT; Investigations and Incident Response; Solutions: Future-Proofing your Business; EU GDPR and Data Security 

The Level 4 Diploma (online) in Cyber Security begins on October 16th 2018 and enrols monthly thereafter. Modules include: Threat and Risk; Network Security and Data communications; Databases and Programming; Incident Response, Investigations and Forensics; Security Strategy Laws, Policies and Implementation; Banking and Finance (elective) or Cyber Wars (elective).

A Level 5 Diploma covering Cryptography is available from February 2019 which maps directly into a final year Cyber Security degree programme at a UK University. 

#ProjectThankyou applicants receive a course fee discount of 40% on all Diploma applications up to January 31st 2019.  

Delivery is self-paced and flexible with lots of videos, audio, exercises and real-world formal assessments. “Basically, wherever you are in the world, you can log on and learn,” Mr Bingley said. “We have students based in most of the world’s seven continents,” Bingley added. “Our WhatsApp student chat groups are keeping us awake at night!”

Academic support class workshops are run every other month in London and filmed for those who can’t personally attend. Industry network meetings with policy-makers and key recruiters are held each month in London. 

Will students get a job at the end? A recent study of Chief Information Officers reported a “recruitment crisis” in cyber security. The UK economy now spends an estimated £7bn on cyber security. This figure is approaching £200bn globally. These stats are likely to grow even more exponentially now that EU GDPR is in force. 

“Although no promises can be made, most public sector and business organisations are massively recruiting into cyber and information security roles. Existing security professionals need to be in an educational position to exploit this sea-change,” Mr Bingley said. “The validation of a formal cyber Diploma and close contact with recruiters is really going to help an individual’s market position, for sure.”

Mr Bingley added: 

“These courses provide a pathway for the individual to stay relevant and upskill, and for our country to be much more cyber resilient. In difficult times, this surely is a win-win scenario.” 

Further course details can be found at the Global Cyber Academy website: https://www.globalcyberacademy.com/ 

Any course bookings made via the website should put the code #ProjectThankyou into the application form 

Are You Being Tracked? The Right Buttons to Push for Smartphone Security

Recent research tells us that some 68 percent of information systems workers are using their own smart phones, and 69 percent are bringing their own tablets to work (Forrester Annual Survey: 2017). Goodness knows what the stats must be for wider society!

Top mobile threats include enterprise-class spyware and malware, including zero-day exploits that we don’t yet know about. Mobile botnets on android devices are becoming increasingly identified. One such, ‘Viking Horde’, was revealed in Google Play-accessed-apps in 2016. ‘Ad and click’ malware can also give hackers an easy route into an internal company network. Starting out as annoying ‘adware’, attackers can then spread surveillance spyware across the entire botnet. 

Richard Bingley, Chief Executive Officer of the Global Cyber Academy said:

“Apps shouldn’t be treated as a permanent fixture on your phone. Review your apps each week and delete the ones you don’t use or read bad things about. Err on the side of caution.  

Richard Bingley added:

“Lots of apps are being removed or deleted by Google Play and Apple stores, but reasons aren’t usually given. This means that if an app is infected with malware, or secretly leaking data to a third party, then the end-user might not know about that if they have already downloaded it prior to it becoming blacklisted. The big tech companies don’t proactively tell existing users.” 

Today our Global Cyber Academy launches #SixSteps to help you see if you’re being tracked or breached on your smartphone:

  1. Dial: *#21# – see whether your data, including SMS, are being forwarded to a third party
  2. Dial: *#62# – see if your calls are being automatically forwarded. If so, where your calls get forwarded to? If your calls are ‘forwarded’, don’t be too alarmed initially if you see that your calls are forwarded to a number you don’t recognise. (This number might be a separate voicemail box run by your network service provider. The digest message might say that your calls are forwarded to this number after 20 seconds, or so. Mobile service providers often provide separate voicemail gateways, including for those overseas on ‘roaming’.) But you should certainly double-check with your service provider. Some suspicious numbers of known scammers and criminals are published online at: unknownphone.com. If you recognize the number as your arch-enemy, call the police!
  3. Dial: ##002# – to stop your calls being automatically forwarded (to whoever!)
  4. Dial: *#06# – to locate your 15-digit International Mobile Equipment Identifier (IMEI) number. Write this down. If your phone gets lost or stolen, you can disable it (and even find it) with the network service provider (carrier). Or via a trusted online app including Google’s ‘Find My Device’ service
  5. Dial: ##4636## – to find detailed configuration about your phone including call redirects, current network, usage and location. Check ‘Usage Statistics’ and ‘App Count Usage Time’ to double-check your apps use and remove any apps that are suspicious (for example, you might not use them, but they show high-usage)
  6. Search for the hero inside yourself! If you still feel that there is something suspicious, after conducting these tests, please contact your network service provider. If they’re too busy to talk it through with you, or carry out further tests, it’s time to tear up the contract!

Further information: enquiries@globalcyberacademy.com

Twitter: @GlobalCAcademy

#30MinutesSelfie – Our Top Ten steps to keep your mobile devices more secure

With the 2018 World Cup under way, and EU GDPR now in force, we’d like to share our students’ Top Ten mobile device prevention tips with our GCA readers. Our advice ends with our famous #30MinutesSelfie – book half an hour in your smartphone calendar, uninterrupted, with yourself, to make these safety measures happen!

Anti-Virus Software:Your smartphone is a computer because it has an operating system and a browser. Therefore, install antivirus software (or check out what the manufacture has already provided) and use this tool to scan for viruses at least on a monthly basis. Likewise, install and regularly check Anti-Spyware apps on your device. Enable security updates when requested; then your AV can scan for the very latest known malicious codes attacking smartphones. Do not enable suspicious looking AV updates: i.e., not ones from your vendor or those you have additionally subscribed to.

Ignore Unknown Links:Never open strange texts or untrusted URL links: This applies equally to your own SMS as well as to emails and social media communications. Just like email and social media, SMS can also introduce unauthorised Spyware, ransomware and other malware into your phone. (Sometimes from a known contact whose phone or PC has become a ‘Zombie’.) Steganographic attacks (malware embedded in pictures, often of celebrities) are also a classic method of mobile device attack. Keep them near or lock them up: Your smartphone is the equivalent of your bank cards and house keys all rolled into one. It’s also a radio transmitter. Like any prized possession, either keep your smartphone with you, or switch your baby off and lock her safely away.

Don’t be too trusting:friends and family usually have your best interests at heart. But moments of incredible stupidity with smartphones have caused countless relationships and friendships to flounder. If she’s not locked up, keep your phone with you at all times. This discipline is also good for emergency planning. Because all manner of hazards – such as vicious scooter-thieves, terrorists and natural disasters – never let us plan ahead to avoid disaster.

Zero-Trust Apps: Only ever download an app if you trust the source. This does not mean trust the tech giants! Google Play and App Store, verify (somewhat) the source and security of apps before they list them for download. But literally millions are corrupted with bugs and malware. If an app asks for permissions to access personal information, think very carefully before providing it. Be aware that even if you switch of your Google locator, many other apps will locate you. Apps seeking permission to use your microphone can record you. Apps seeking permission to use your camera can film you. And apps seeking permission to access your camera roll can pinch your pictures. And some apps don’t even ask! They do default data pillage! Proactively remove apps on a monthly basis if they are unused.

Zero-Trust Wi-Fi:Like any public service, Wi-Fi Hotspots can be a great contributor to our own state of happiness and a key enabler if assisting humanity to abolish war, disease and …?! You get the point. But be very aware of the ‘other side of the coin’. Wi-Fi channels are free-flowing, radio waves that allow any Tom, Dick or Harriet (with a cheap bit of kit) to eavesdrop into your device, temporarily or permanently, depending on the tools they use.

Anonymous Browsing:Hackers often exploit you because they can read your browsing history and anticipate, or exploit, your weaknesses. Therefore, learn how to browse anonymously or privately with tools such as Tor, PGP, and VPNs. Sometimes browsing this way is a little bit slower and prevents you carrying out financial transactions, as your IP address might cause suspicion. However, you shouldn’t really be shopping or banking from an unprotected hotspot, should you?!

Location and Tracking:Bear in mind, that if you lose your phone, you might wish to locate it! This means that you probably will want your phone locator on at times when you feel you could lose your phone. You can also lock your phone remotely and immediately with any number of security tracker apps. Research the apps first from user forums and tech journals before trusting them enough to install.

Encrypt key data and files:Save and encrypt important files, and export them to a password protected, double-authenticated client or cloud. Also get into the habit of using end-to-end communications encryption. This means the hacker might know you’re online but they still can’t read your messages. Freely available VPN and encryption services such as CyberGhost can be a real party-pooper for malicious hackers. WhatsApp offers asymmetric end-to-end encryption. But if you lose your phone the SMS messages (if left unprotected) are left for all to read, screenshot and steal.

Regularly Transfer and Back-Up Data:to a separate device (probably a PC) that is itself sensibly protected. Then base that PC in a secure room, or a locked drawer. Don’t hide that PC’s password under any mouse mats, chairs, tables, or monitors! Spend ten minutes every month transferring your smartphone pics to your PC. Losing them, even by an accidental own-goal, can be upsetting.

Passwords and Double Authentication:many phones now have double-authentication opportunities. Use the latest tools – including biometrics – to double-lock your phone. Use a password manager and a file locker to separately lock all precious files. Use long nonsense phrases and symbols for passwords, not words and numbers. Also make password changes after any suspicious incident, or memory blind-spot. (Such as accidentally leaving it at the local pub overnight.) Change your passwords at least every month.

#30MinutesSelfie: Book a 30-minute calendar meeting each month. With yourself. No interruptions. ‘Me’ time. To enforce these ten steps.

Hope this helps!


“Game-Changer”: EU General Data Protection Regulation (EU GDPR) Education Launched by Global Cyber Academy and Qualifi:

The European Union’s General Data Protection Regulation (GDPR) introduces heavy fines for companies and organisations that lose data or don’t take sensible precautions, such as encrypting their customers’ personal data. Mirror legislation for personal data protection is being introduced into the UK due to the country’s planned exit from the European Union in 2019.

The EU GDPR is a statutory obligation upon data processors and entered into effect during May 2018.

“The central thrust is about all organisation’s having to safeguard and protect personal data, and, indeed get permission to hold and use such data in the first place,” said Richard Bingley, Chief Executive of the UK Global Cyber Academy, which runs EU GDPR courses.

Mr Bingley added: “It’s a game-changer. People’s personal data is hugely significant in terms of financial value and the personal safety of individuals. This regulation is about redressing the balance of power of data ownership back to the citizen. Organisations playing fast and loose with personal data will face tough sanctions.”

Qualifi have teamed up with the UK Global Cyber Academy to provide dedicated EU GDPR courses, and modules dedicated to EU GDPR and Data Security within their Level 2, 3 and 4 Cyber Security Diplomas.

See: qualifi-international.com  and  globalcyberacademy.com

Or email: EUGDPR@globalcyberacademy.com

EU GDPR impacts all companies and countries that trade with EU-based citizens, or hold data about them, profoundly. Regardless of whether such companies themselves are based within the EU. Within the EU, individual member states’ information commissioners (or equivalents) will enforce compliance.

According to UK Law Firm, Pinsent Masons:

“A two-tiered sanctions regime will apply. Breaches of some provisions by businesses, which law makers have deemed to be most important for data protection, could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater, being levied by data watchdogs. For other breaches, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, whichever is greater.

Important provisions on data security are contained under Articles 5 and 32 of the Regulation.

Article 5 sets out basic rules on personal data processing which only apply to data controllers, considered to be fundamental to data protection. One of those rules requires data controllers to ensure that personal data is “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”. This could involve deploying data encryption techniques, Data Loss Prevention Software, stronger authentication procedures, extra physical security layers, and regular review and monitoring of end-users, network traffic and security controls. Staff awareness and competency training will also be critical here for all data owners, custodians and users.

In contrast if data processors breach their statutory data security obligations, set out under Article 32, which requires them to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk” of their personal data processing, then the most they could be fined is up to €10m or 2% of global annual turnover.

Data controllers are also subject to the Article 32 obligations. It therefore appears open to national data protection authorities to fine data controllers for any data security failings under Article 5 or Article 32 (4).”

However don’t forget other important Data Protection laws:

Businesses and business people producing and handling customer data, including financial information, .

USA – Health Insurance Portability and Accountability Act Security Rule: (HIPAA): https://www.nist.gov/healthcare/security/hipaa-security-rule

USA – Security Breach Notification Laws: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx

Payment Card Industry Data Security Standard (PCI DSS): https://www.pcisecuritystandards.org/

Further details: www.globalcyberacademy.com or EUGDPR@globalcyberacademy.com

Europol: Islamist Groups Hit by Counter Terrorist Campaigns

British security services were involved in the assault targeting websites hosting its flagship Amaq “news agency”, alongside allies in the EU, US and Canada.

Europol said Islamist group’s ability to broadcast and publicise terrorist material has been “compromised” by a mix of cooperation with internet service providers and cyber attacks.

Security services are also working to identify Isis administrators and radicalised individuals across Europe and beyond with the data retrieved.

In the third phase of an operation started in 2015, law enforcement agencies coordinated by the European Counter Terrorism Centre (ECTC) started a two-day “simultaneous multinational takedown” on Wednesday.

Isis servers were seized in the Netherlands, Canada and the US, while raids were conducted in Bulgaria, France and Romania as the UK targeted its domains.

European Counter Terrorism Centre:

“Designed as a central hub in the EU in the fight against terrorism, the ECTC focuses on:

  • providing operational support upon a request from a EU Member State for investigations;
  • tackling foreign fighters;
  • sharing intelligence and expertise on terrorism financing (through the Terrorist Finance Tracking Programme and the Financial Intelligence Unit);
  • online terrorist propaganda and extremism (through the EU Internet Referral Unit);
  • illegal arms trafficking;
  • International cooperation amongst counter-terrorism authorities”.


Charlie Winter, a senior research fellow at the International Centre for the Study of Radicalisation and Political Violence (ICSR) at King’s College London said permanent damage to the Amaq website could have a “substantial strategic impact”.

“The website was a living archive of Isis propaganda and there’s no equivalent,” he told The Independent. “Given that at this point in time the group is maniacally trying to curate its post-territorial legacy, it really could do with access to all of those materials.”

Increased detection and removal work by both governments and hacktivists has since pushed it into ever more obscure corners of the internet, with the Amaq website being taken down and reappearing on an almost daily basis even before Europol’s attack.

The head of GCHQ revealed that British spies have been disrupting Isis’ communication networks and propaganda earlier this month, hinting that it could be behind a glut of fake propaganda that unnerved the group last year.

The British government has also funded free artificial intelligence software that can detect the group’s videos and prevent them being uploaded to the internet.

Opinion: Amber Rudd Resigns. Javid Enters Home Office

Amber Rudd, the second highest profile woman in English politics, resigned as Home Secretary yesterday evening. This morning she was swiftly replaced by fellow Cabinet member, Sajid Javid.

Rudd, a talented and likeable MP, often looked stretched at Marsham Street. (Who wouldn’t?) Too deep cuts into policing, fused with the seemingly intractable disaster of UK immigration management systems, have sunk the political career of a woman who, despite her lack of flamboyance, is a competent figurehead.

In our humble assessment, Rudd would have equally flourished outside of Westminster’s increasingly polarised corridors of power.

Urgent tweets, from outside of the Vote Leave side of the Conservative Party, demanded that the PM brings in a firm Brexiteer to sure up a clean EU exit.


Surely what is needed is the very best individual to come in and grip the Home Office? Alongside the Department of Health, it’s a department where, when things go wrong, it can mean the difference between life and death.

Well over a decade ago, Dr John Reid, an exemplary Home Secretary, admitted to the country that the Home Office, through decades of poor documention and sprawling (mis)management, was “not fit for purpose”.

He was not including MI5, who report into the Home Office, within this view.

With the swift reemergence of a new Cold War, cyber attacks hitting UK business hard, ISIS’s murderous campaign in full throttle, and violent crime soaring, now is definitely not the time to play politics with our Home Office.

The public has voted for Brexit. The government and opposition has committed to it. The Foreign Office has a Brexit Foreign Secretary and the government has a pro ‘Brexit Secretary’ and International Trade team.

We wish our new Home Secretary Sajid Javid well during his time at Marsham Street. If his team succeed, then we all benefit.

- Advertisement -