I had just taken my seat on board, and the train had just cleared the tunnel just north of Euston station. As I was settling in to the journey I noticed something through the gap of the two seats in front, like a magpie drawn to a sparkling object, something had caught my eye. I have spent years conducting security assessments, checking system logs and databases for the presence of credit card data. During this time I have unwittingly developed the canny knack of quickly spotting a 16 digit primary account number of a credit card, along with a expiry date and the 3 digit security code. My eyes were drawn to the laptop screen of the passenger in front, which had a webpage fully on show, which displayed his typed in credit card details, including the 3 digit security code, which was not obfuscated. In my disbelief I considered taking a picture with my phone, but then thought better of this, as it crosses an ethical boundary in my view. But if a more unscrupulous person than I did take a picture, then they could use the captured credit card details to easily commit credit card fraud, namely use it to buy items online.
While still doing my best to mind my own business, an annoying ring tone sounded from the seat behind me, and Mike X announced his presence to the rest of the coach, with a booming “Hello Mike X”. He wasn't a relation to Malcolm X, I am using X to protect his real surname. We all learnt that Mike was quite the slick salesman, and how he was key to his company winning a £450K contract with a well known construction company. We also heard how he and his colleagues were going to provide the right kind of answers the construction company wanted to hear in their tender documentation, and that his company should not worry too much about details at this stage, unless it was something that was going to be clearly stipulated in the contract. Finally he told us all about his plans for the weekend, dinner with his wife on the Saturday, and golf with his chums on the Sunday.
I can't help but wonder whether this train carriage represents an average cross section on the level of security awareness in the UK in 2014? No wonder cyber criminals target the UK, they know its citizen's are information careless, and are a cash rich soft touch. Information Security awareness by the UK government and companies is either proving to be not be very effective, or people already understand it well enough and are choosing not to give a dam.