To celebrate the upcoming Cyber Scotland Week (22nd – 28th April 19) our ethical hacker has written this blog post about cyber security and why Hacking is on everyone’s mind right now.
Hacking and cybercrime is on everyone’s mind just now and we are all asking are we secure on the world wide web? Possibly not! Ask yourself this what are you doing to protect yourself?
As you know we have so many options to try securing your business and devices from the day to day internet nasties and there are so many hardware and software vendors who will help just do that. But, is this enough?
Well, not really – you must think a little more these days and think deeper and keep up to date on the latest security trends as well as keeping software updated and keeping hardware running, this gets tired quickly. We simply don’t have the time to keep up to date and it all becomes too much to think about. This unfortunately plays to the advantage of the cyber hacker and they may take advantage.
What can you do?
Try do the quick fixes – look for the simple things that are easy fix, why? Simply put that’s what a hacker would do! They will look for the least path of resistance and look to exploit if they can’t they do tend to move on
For example -: Don’t store password’s or sensitive documents on a publicly open folder on a web server. Ensure your folders and access permissions to file system objects (files and directories) are set correctly. Don’t leave Enumeration to chance. Have a look how easy it is to get information, try this, type the following in www.google.co.uk inurl:wp-config -intext:wp-config “‘DB_PASSWORD'” and you can see within seconds you have an array of Database passwords to WordPress database.
Patching, keep all your software updated, this is key!
Did you know that Microsoft are no longer going support for Windows 7 and is ending After January 14, 2020? Think – upgrade you should take simple precisions and upgrade. Don’t allow this to be the source of a hacker’s route in to your network.
Use 2FA (Two Factor Authentication). Don’t make easy to allow hackers to get passwords. Business have traditionally used strong authentication to secure access to resources remotely. There are several technology alternatives available today including One-Time Passwords (OTP), Public Key Infrastructure (PKI), biometrics and smart cards. This is a key area now and you should have 2FA in the business and your personal life.
What kind things should you look out for?
Phishing – It goes without saying avoiding phishing scams can be tricky, but we have three helpful tips that can help:
- Do not click on any links listed in an email message and do not open any attachments from untrusted sources
- Do not enter personal information in a pop-up screen
- If it appears to be a phishing email, simply report it and delete it
Social Engineering – Social engineering preys on qualities of human nature and with enough time, patience and tenacity will eventually exploit some weakness in the security of a business. These are our four common defenses that can help: Everyone that enters the building (contractors, business partners, vendors, employees) must show identification
- Passwords are never spoken over the phone
- Passwords are not to be left lying around
- Caller ID technology, used to display the caller number
- Invest in shredders, avoid dumpster diving
Get Expert Advice
We have just touched the surface of what you can do. But, if all this too much for you then it’s maybe time to call in help. Every company should be considering PEN testing these days. PEN or penetration testing is a way to evaluate security of a network/computer system and simulates an attack conducted by a malicious user.
There are many methods to evaluate the security of a network/computer system. But active analysis of the target and looks for
- Operational weaknesses
- Security issues are thoroughly assessed and presented
The UK public and small businesses are today being urged to start making every day safer as the latest online crime figures from Get Safe Online and Action Fraud reveal that a staggering £10.9 billion* was lost to the UK economy as a result of fraud, including cybercrime, in 2015/16.
Don’t let your business become the victim
Until next time, stay safe.
For more information about how you can protect your business from cyber threats please speak to us firstname.lastname@example.org or call 0800 668 1266
For find out more about Cyber Scotland Week and how you can get involved please visit https://cyberscotlandweek.scot/