Information Security – some personal reflections

I have business interests in this zone, and I will go out of my way NOT to promote my interest blatantly in this discussion, should it continue … 3 scenarios that I’d like to share that I think demonstrate how easily we all can be in breach of common-sense when it comes to protecting our own information & that of our clients, suppliers & employers:

1981. I board a train in Kings Cross at around 7:30am. I’ve been to an awards dinner the night before & I’m on my way back to Leeds to present a proposal for the acquisition of a large computer system by a significant motor group based in Yorkshire later that morning.

The 1st Class carriage is packed & there is just one seat available, which I immediately claim & settle myself into thinking about skinning up on the salient features of what I’ll be saying in a board-room in 4 hours time. But I’ll have a breather and a cup of tea before I get into that.

The young chap opposite me is the first to draw weapons! He extracted a Computing mag from his case and started marking items of interest. After about 10 minutes he put it away & pulled out a Motor Trader magazine, which he similarly annotated & then put it away again. My interest was sparked! Who was this guy? We had the same 2 basic interests, Motor Trade & Computing.

After downing a cup of coffee & clearing the space in front of my very eyes, he opened his working documents and started doing what I would have been doing had I not stopped for a breather. He, without knowing, revealed to me the fact that he was the man that I was bidding against later that day and I had the opportunity to see everything that he was proposing to that same board meeting, just before me later that morning. I say “opportunity” because I’ve never revealed whether or not I read in detail what was before me.

As he left the board meeting that morning I passed him in the outer room as I was on my way in. The exchange of glances was telling to say the least.

2001. On my way to Glasgow to see business friends, I was travelling on The East Coast Line in the dining car. Remember those?

Two seats down from me was a lawyer on a mobile phone who was talking quite loudly to a partner or maybe a secretary on the matter of a writ that he was initiating against a software company in Scotland on behalf of another such company in Scotland for breach of copyright.

He was going out of his way not to mention names, client confidentiality being uppermost in his mind of course. What he didn’t keep confidential were product names, technology platforms, programming languages, the market sector concerned and the gist of what the complaint was.

Having retired from being chairman of a significant trade supplier in IT,
I was able to deduce the identity of both of the companies involved as they were both until recently my customers!

My action was to call both parties & advise them that their business was being discussed without decibel control on the train. I believe this had this the happy outcome that they both spoke the next day and settled their dispute without further action from the loud-mouthed lawyer. This in no way is meant to be a generalisation about the legal profession by the way.

May 2009. Joining a crowded train from Newcastle-Plymouth, 2 chaps of professional bearing were trying to get seats adjacent to each other, without success. In the dialogue that ensued it was clear that they were contractors to a defence project. One did get a seat in front of me & to my left and I was quickly able to ascertain what the defence project was. I could clearly read the name of the MOD key point of contact for this project. I made a point of NOT absorbing this information & immediately set about thinking of the stupidities of many of us when we’e travelling from the security perspective. If I was a foreign agent, what might I have done after that?