As we move forward with our digital lives, complying with the need to “log into” just about anything we touch these days it becomes increasingly difficult to maintain a high degree of password hygiene. There are those incredibly disciplined people amongst us that can perform effective Password Management in their head, and then there are the rest of us that well, can’t. I have previously recommended…
Security Through Maturity
How's your posture?Last week I gave some tips on methods to create a strong password, however these may not be suitable if you have a large number of passwords to manage. In this scenario making use of a Password Manager may be appropriate. Best practice would be to have a different and complex password for everything (such as a website) that you would log into. However, very…
Follows are some tips on how you can create a a strong password. Some might be obvious, other not so… Your passwords belong to you, no-one else – don’t share your passwords! Regardless of complexity, don’t write your passwords down. (To this day I still see passwords on Post-IT notes and whiteboards!) The longer the password, the harder it is to crack, 8 characters should…
In my experience this is an area around which the Channel Islands have been generally slow to adopt a stronger security posture, and whilst the threats surrounding Data Leakage were as valid then as they are today, it is surprising that only 21% of UK businesses have a formal policy around what can be stored on removable/USB devices, a figure published in the Cyber Security…
As your business becomes more mature in its approach to Cyber Security you may have a business objective to expose certain web services to the internet, Microsoft Outlook Web Access and ActiveSync being examples. Although trivial to expose such services via standard perimeter firewall rules, it has become increasingly risky to do so without having extra layers of defence in place to protect business data…
In today’s digital world data is considered to be the crown jewels and should be protected from those that might abuse it. The value to the business that data represents should be balanced against the risk of it being exposed. Traditionally viewed as a pure security issue, as data protection laws start to change this will become much more of a compliance issue. In simple…
Last week witnessed a massive Distributed Denial of Service attack against Dyn.com, who provide DNS services to major websites. This had the effect of disrupting users of Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix. The ‘botnet’ that performed this DDoS attack was comprised of hacked IoT (Internet of Things) devices, partly comprised of Chinese-made digital video recorders and IP cameras. The devices had been compromised…
Passwords are a pain. Needed for everything these days, you are constantly asked to register on this or that website in order to obtain the information you require, resulting in a mountain of credentials which need protecting. Some people use the same password for everything, others use stronger passwords for ‘important’ things. Some people work out what a password should be based on a system…
More advanced than ever, Ransomware has evolved quicker in recent months than commercial technologies can keep up with and accounts for over $1.2B in damages to businesses, according to Cyber Security vendor, Sophos. “90% of breaches are from exploits, 90% of exploits are from known vulnerabilities and 66% of IT staff lack incident response skills.” High-level steps to take are as follows: Don’t click on…
Although Cyber Security can seem daunting, there are some fundamental security principles that will help define a good defensive posture. Without talking about particular technologies or processes we can keep it abstract to get the concept across, one of which is defence-in-depth. Your defences need to be layered. Constantinople is an example of a city that withstood attacks for 1,000 years due to its layered…