A little about Robertson ETOs. We are a relatively new company launched in Sept 2017 by Nicci and Jason Robertson. Nicci has an impressive sailing background and represented South Africa at the Mirror World Championships in Ireland and Canada. Nicci is an incredibly driven and motivated team player who does not stop until the goal is achieved. Prior to working in yachting, Nicci worked as a personal fitness instructor at one of West London’s prestigious private health clubs. Training professional sportsman, personalities and (her husband). Nicci is the driving force behind Robertson ETOs and certainly knows how to crack the whip and motivate everyone to reach their full potential and achieve their goals.
Jason comes from an IT background and worked in West London for 7 years as an IT consultant before he and I joined the yachting industry in 2008. Since then Jason has worked on some of the most technically advanced and impressive yachts as an ETO & AV/IT Officer. The past 9 years we’ve seen a magnificent growth in the size and technical spender onboard yachts. All from fully automated hidden TVs, complex lighting circuits and impressive AV/IT setups previously only found in corporate business headquarters.
This is where Robertson ETO’s aims to fill a gap in the market. We’ve experienced such a massive need for candidates to be thoroughly vetted and interviewed. Jason asks the tough technical questions (that Captains / Chief Engineers and other recruitment agencies often can’t). We only put forward the most suitable candidate for each role. Onboard yachts the complex AV / IT / electrical systems require no certifications to upgrade & maintain yet these same systems installed in shore side installations would require a licensed specialist to upgrade & maintain. Seeking a properly vetted ETO through Robertson ETOs will save the Captain, Chief Engineer, Owner and Guests much frustration in the long run. Robertson ETOs also aims to develop and encourage all our ETOs that are registered with us towards a fruitful and rewarding career as an ETO. We can recommend suitable training courses / certifications routes for AV / IT engineers and those wishing to obtain their ETO CoC.
Cyber Security – What it means & 6 principles to help make your network safer and more secure.
Awareness – being aware of your entire network, and what’s happening on it, is the first step in building a secure IT strategy for today’s threat environment. One could say awareness is the first component of cyber hygiene. After you know what’s on your network, you can begin to ensure all devices are configured to industry best practices, identify how many authorised and unauthorised software versions are installed, and who has administrative access to what. Awareness has many sides in cybersecurity, and we need to look at the concepts that link technology, information, and people. A network is only as secure as its weakest link — and most often, that link is not software or hardware; its people.
The most effective ways to improve your security are also the most basic. A few of these steps for example: secure login information with the strongest authentication tools, use caution when clicking on unfamiliar links and emails, be aware of your security settings on social media, and keep all your Internet-connected devices up to date. These steps may seem obvious, but so often, it is exactly these slip ups that put an entire network and its data at risk. Cyber security is an area where improved awareness and a real understanding of what works and what doesn’t, can make a big difference. Do consider these 6 principles for a securer and safer environment.
1: Inventory of authorised & unauthorised devices
This defines a baseline of what must be defended. Without an understanding of what devices and data are connected, they cannot be defended. The inventory process should be as comprehensive as possible, and scanners (both active and passive) that can detect devices are the place to start. After your vessel has been accurately inventoried, the next step is to prevent unauthorised devices from joining your network—this is where implementation of network level authentication excels (MAC address authentication).
2: Inventory of authorised & unauthorised software
The purpose of this principle is to ensure that only authorised software is allowed to run on a vessels network. While an inventory of software is important, application whitelisting is a crucial part of this process, as it limits the ability to run applications to only those which are explicitly approved. While not a silver bullet for defence, this principle is often considered one of the most effective at preventing and detecting cyberattacks. Implementing this principle requires your yacht to reconsider their policies and culture — no longer will crew & end users be able to install software whenever and wherever they like.
3: Secure configurations for hardware & software on mobile devices, laptops, workstations, & servers
By default, most systems are configured for ease-of-use and not necessarily security. In order to meet principle 3, yachts need to reconfigure their systems to a secure standard. Many yachts already have the technology necessary to securely configure systems, such as Microsoft® Active Directory Group Policy Objects.
4: Continuous vulnerability assessment & remediation
The goal of this principle is to understand and remove technical weaknesses that exist in a vessels IT system. Successful vessels implement patch management systems that cover both operating system and third-party application vulnerabilities. This allows for the automatic, ongoing, and proactive installation of updates to address software vulnerabilities. In addition to patch management systems, vessels should implement a commercial vulnerability management system (antivirus software /firewall / anti-malware software) to give themselves the ability to detect and remediate exploitable software weaknesses.
5: Controlled use of administrative privileges
Implementing this principle ensures that crew members have only the system rights, privileges, and permissions that they need in order to do their job — no more and no less than necessary. Unfortunately, for the sake of speed and convenience, many vessels allow crew to have local system or even domain administrator rights which are too generous and open the door for abuse, accidental or otherwise
Passwords are often difficult to remember especially with the added complexity rules and frequent changes required. An alternative may be to use a password manager which is secured with a complex password that is committed to memory. Your email inbox is generally the primary location where password resets are delivered. Email is thus highly recommended to be setup with a long complex password that is committed to memory.