Neil Douglas is an IT Security specialist from Network ROI, based in Edinburgh. He wrote numerous articles related to IT Security and was interviewed several times, among the others by BBC.

In this interview Neil will explain us how to create a secure password, how 2FA and OTP reinforce the security system and how to secure IoT devices to prevent cyber-attacks.


– Hi Neil, many thanks for your availability. You are an expert in data security, what made you get interested in IT Security in the first place?

A few years ago a customer got hacked and I saw the hacker live on the system in real-time. I watched him remove the anti-virus software before setting up a piece of test spamming software. This incident fascinated me and I wanted to know more about how criminals exploit computer networks.

– What are your recommendations and advice for creating a secure password? What does a strong password mean today?

A secure password should be a minimum of 12 characters in length and consist of numbers, symbols, capital letters and lower case letters and should consist of more than one dictionary word. A good password should be memorable without having to write it down and should not be used on more than one site. People are faced with multiple logins every day both in work and in their personal lives, so I would suggest investigating an encrypted password management platform such as LastPass or KeyPass.

A strong password today may not be a strong password in six months, so it is essential to change your password regularly to reduce the likelihood of becoming a victim of cybercrime. It is also important to only use a password once, they should never be recycled or re-used.

If you want to dig further and deeper in the matter, I suggest you to read this article.

– Do you think solutions such as a 2FA and OTP reinforce the security system?

I think smartcard access is a great solution in the current climate, this may change but for now it seems to work. Regarding 2FA and OTP I also think that these methods are effective and add an additional layer of security to protect sensitive information in a variety of different settings.

– Recently there was the biggest DDoS attack in the history. What are the risks related to IoT? How can we secure IoT devices and data collectors to prevent another cyber-attack?

In an ideal world, we would see every network device comply with strict security regulations. Security should be at the forefront of your mind when you choose IoT devices. You should also choose a device manufacturer that is committed to providing regular software updates to cover security holes within the device. Where possible, IoT devices should be isolated and their internet access controlled via a robust firewall policy.

To protect and secure IoT devices and data collection software, you should change your default passwords upon setup and follow the password guidance in the previous question. I would also state that it is becoming increasingly difficult to secure devices and systems, so the answers within this blog are purely precautionary and I cannot guarantee that following tips will stop a skilled and determined hacker.

– How to secure your data in the Cloud?

Firstly, I would suggest following the password security advice above. Next, I would suggest that users take advantage of the Cloud providers’ 2FA options. Then I would suggest protecting all sensitive data via a secondary layer of securitysuch as file encryption. Assume the Cloud provider will be hacked, at some stage, and therefore you should avoid saving sensitive files in the Cloud where possible to limit the chances of your data being compromised.

If you are concerned about Cloud security, you should review the security and incident management policies of your chosen provider prior to engaging with them.

– What was the most interesting or difficult case connected with a computer malware or hack on which you were working?

The most challenging security breach I’ve worked on recently involved a case of Cryptolocker Ransomware. This form of cybercrime has been around for a few years but has gained a lot of press recently. Ransomware can be particularly devastating to a business or individual if there are no recent backups in place. Luckily in the case I was involved in, we had a full backup and DR solution in place and we managed to get the client back up and running within hours.

Ransomware is becoming increasingly widespread, mainly due to its availability on the dark web as a product – Ransomware as a Service (RaaS). Bearing this in mind, it is important to be vigilant and think twice before opening suspicious looking emails or entering non-reputable websites.

– What are your biggest worries regarding the future of data security? Do you have any predictions regarding new challenges that can emerge in the future?

My biggest concern for the future of data security surrounds the human element. People are the weakest link in any network and as much as you try to educate everyone to recognise the dangers of cybercrime, there will always be a percentage who aren’t alert to the risks.

As far as future trends are concerned, I think that insider fraud and blackmail will continue to rise as the sums of money involved can prove tempting to the most vulnerable members of society. Imagine criminals recruiting students on campus and offering them money that could pay for their education and free them from debt and open a bank account from which they can funnel ill-gotten gains to organised gangs…