Password Management

Is Password Management software secure?

May 25th, 2017 Confidentiality, Secure Configuration James Gillies

As we move forward with our digital lives, complying with the need to “log into” just about anything we touch these days it becomes increasingly difficult to maintain a high degree of password hygiene. There are those incredibly disciplined people amongst us that can perform effective Password Management in their head, and then there are the rest of us that well, can’t. I have previously recommended…

Should I consider using a Password Manager?

May 11th, 2017 Confidentiality, Privacy, Secure Configuration James Gillies

Last week I gave some tips on methods to create a strong password, however these may not be suitable if you have a large number of passwords to manage. In this scenario making use of a Password Manager may be appropriate. Best practice would be to have a different and complex password for everything (such as a website) that you would log into. However, very…

How do I create a strong password?

May 4th, 2017 Confidentiality, Secure Configuration James Gillies

Follows are some tips on how you can create a a strong password. Some might be obvious, other not so… Your passwords belong to you, no-one else – don’t share your passwords! Regardless of complexity, don’t write your passwords down. (To this day I still see passwords on Post-IT notes and whiteboards!) The longer the password, the harder it is to crack, 8 characters should…

Are we exposed with unlocked USB ports?

Mar 30th, 2017 Confidentiality, Data Breach, Secure Configuration James Gillies

In my experience this is an area around which the Channel Islands have been generally slow to adopt a stronger security posture, and whilst the threats surrounding Data Leakage were as valid then as they are today, it is surprising that only 21% of UK businesses have a formal policy around what can be stored on removable/USB devices, a figure published in the Cyber Security…

reverse proxy

Why would our Organisation need a Reverse Proxy and Web Application Firewall?

Mar 2nd, 2017 Network Security, Secure Configuration James Gillies

As your business becomes more mature in its approach to Cyber Security you may have a business objective to expose certain web services to the internet, Microsoft Outlook Web Access and ActiveSync being examples. Although trivial to expose such services via standard perimeter firewall rules, it has become increasingly risky to do so without having extra layers of defence in place to protect business data…

encryption

Should we be re-considering implementing encryption in our organisation?

Feb 23rd, 2017 Compliance, Confidentiality, GDPR, Secure Configuration James Gillies

In today’s digital world data is considered to be the crown jewels and should be protected from those that might abuse it. The value to the business that data represents should be balanced against the risk of it being exposed. Traditionally viewed as a pure security issue, as data protection laws start to change this will become much more of a compliance issue. In simple…

IoT

Does the IoT = NextGen DDoS?

Last week witnessed a massive Distributed Denial of Service attack against Dyn.com, who provide DNS services to major websites. This had the effect of disrupting users of Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix. The ‘botnet’ that performed this DDoS attack was comprised of hacked IoT (Internet of Things) devices, partly comprised of Chinese-made digital video recorders and IP cameras. The devices had been compromised…

Passwords Manager

How can I better manage my passwords?

Passwords are a pain. Needed for everything these days, you are constantly asked to register on this or that website in order to obtain the information you require, resulting in a mountain of credentials which need protecting. Some people use the same password for everything, others use stronger passwords for ‘important’ things. Some people work out what a password should be based on a system…

Ransomware

What are some steps we can take against Ransomware?

Sep 25th, 2016 Data Breach, Secure Configuration James Gillies

More advanced than ever, Ransomware has evolved quicker in recent months than commercial technologies can keep up with and accounts for over $1.2B in damages to businesses, according to Cyber Security vendor, Sophos. “90% of breaches are from exploits, 90% of exploits are from known vulnerabilities and 66% of IT staff lack incident response skills.” High-level steps to take are as follows: Don’t click on…

Defence-In-Depth

How does defence-in-depth work for Cyber Security?

Sep 14th, 2016 Monitoring, Network Security, Secure Configuration James Gillies

Although Cyber Security can seem daunting, there are some fundamental security principles that will help define a good defensive posture. Without talking about particular technologies or processes we can keep it abstract to get the concept across, one of which is defence-in-depth. Your defences need to be layered. Constantinople is an example of a city that withstood attacks for 1,000 years due to its layered…

Gravityscan Badge