Security

Passwords provide the first line of defence against unauthorised access to your organization.

It is now more common each and every day to hear reports of website breaches and leaks of customer data, often attacked are indirect crack a weaker system to get into another normally more secure subsystem, the role that passwords play in securing an organization's network both internal and external is often underestimated and overlooked.

Convenience as the Enemy of Security
Even with a complex, easy to remember passphrase, we sometimes get tired of typing it in. Especially for accounts we need to access regularly. In these cases, many people will opt to allow their browser to save their passwords for specific websites.

The problem with this is two-fold.
Firstly, if someone is able to open your browser, revealing all of your saved passwords takes only three mouse clicks. If you are using some browsers, which sync your account information across all devices you use, (including auto-filling your passwords…) then gaining access to your browser on one system could potentially give someone access to ALL devices you have synced to that account.

Secondly, we are also faced with the dilemma that we need to use passwords in so many different places, that most people end up using the same password for multiple accounts. So even if you only allow the browser to store one of your passwords, chances are pretty good that you’ve used the same password for at least three other accounts.

Try to
Use a different password for each of your important accounts, like your email, SQL database, Root, administrator passwords and so on, even the ones for your online banking accounts. Re-using passwords is risky. If someone figures out your password for one account, that person could potentially gain access to your email systems, admin accounts and much more.

Weak passwords provide attackers with easy access to your computers and network, while strong passwords are considerably harder to crack, even with the password-cracking software that is available today. Password-cracking tools continue to improve, and the computers that are used to crack passwords are more powerful than ever. 

Common methods of password cracking

Password-cracking software uses one of three approaches:
  • Intelligent guessing,
  • Dictionary attacks,
  • and Brute-force automated attacks,
that try every possible combination of characters. Given enough time, the automated method can crack any password. However, strong passwords are much harder to crack than weak passwords. A secure computer has strong passwords for all user accounts.. A Weak Password:
  • Is no password at all
  • Contains your user name, real name, or company name
  • Contains a complete dictionary word. For example, Password is a weak password.
A Strong Password:
  • Is at least eight characters long
  • Does not contain your user name, real name, or company name
  • Does not contain a complete dictionary word
  • Is significantly different from previous passwords. Passwords that increment (Password 1, Password 2, Password 3 ...) are not strong

Using numbers, symbols and mix of upper and lower case letters in your password makes it harder for someone to guess your password. For example, an eight-character password with numbers, symbols and mixed-case letters is harder to guess because it has 30,000 times as many possible combinations than an eight-character password with only lower case letters. Contains characters from each of the following four group

Upper Case Letters A, B, C …
Lower Case Letters a, b, c …
Numerals 0, 1,2, 3, 4, 5, 6, 7, 8, 9
Symbols ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | \ : " ; ' < > ? , . /


Add an extra layer of security

Once you’ve created a password, you can add an extra layer of security by enabling 2-Step Verification. 2-Step Verification requires you to have access to your phone, as well as your username and password, when you sign in to your Google Account. This means that if someone steals or guesses your password, they still can't sign in to your account because they don't have your phone. Now you can protect yourself with something you know (your password) and something you have (your phone). Keep your passwords secure
Don't leave notes with your passwords to various sites on your computer or desk. People who walk by can easily steal this information and use it to compromise your account. If you decide to save your passwords in a file on your computer the use a trusted password manager may be a good solution.

Having a Secure password is good practice to follow, and can save you time, money, data and maybe your life?

on Saturday July 14 by Peter Atkin
Was this helpful?

Cybersecurity was pretty simple back in the 1990s. Anti-virus software and firewalls offered plenty of resources to combat attacks that were more annoying than dangerous, that world is gone.

 

Cybersecurity threats pose significant risks to businesses, particularly those that have poor security measures in place.

The vast majority of all breaches happen to small and medium-sized businesses, and most of the breaches could have been prevented with current technology.

If you are responsible for protecting your data and confidential information from hackers and other cyber threats, take the time to review these best practices. It could make the difference in guarding against potentially ruinous data theft or privacy invasions.

Security Awareness

Train your users - often! Teach them about data security, email attacks, and your policies and procedures. We offer training security and policy training.

Advanced Endpoint Detection & Response Protect your computer's data from malware, viruses and cyber attacks with advanced endpoint security. Today's latest technology (which replaces your outdated anti-virus solution) protects against file-less and script-based threats and can even rollback a ransomware attack.

Updates

Keep your firmware and software updated, we provide a “critical update” service via automation to protect your computers and servers from the latest known attacks.

Antivirus / Malware

Choose your software with care, not all that glitters is not gold, for our recommendations see here

Passwords

The stronger the passwords you use are, the more secure you will be against potential cyber attacks. we made a short introduction to strong passwords here:

Firewall

Make use of services and rules for both in and outside threats, most people only think about outside threats coming in but with communications today, IM, email, social media, USB the threat is just as likely to come from inside, assume the worst.

If you have a UTM (Unified ThreManagementmnt) device a good start is to deny sites based on content as well as know security risks.

Encryption

Whenever possible, the goal is to encrypt files at rest, in motion (think email) and especially on mobile devices.

Spam Email

Secure your email, the majority of attacks originate in/via your email, there are several steps to securing this medium, and they start at the domain level then work your way inwards, see here for more info on that.

Backup

I cannot stress this enough, Backup local. Backup to the cloud. Have an offine backup for each month of the year. Test your backups often, if your aren’t convinced your backups are working properly call us,

Multi-Factor Authentication

Utilize Multi-Factor Authentication whenever you can including on your network, banking websites, and even social media. It adds an additional layer of protection to ensure that even if your password does get stolen, your data stays protected.

Web Gateway Security

Internet security is a race against time. Cloud-based security detects web and email threats as they emerge on the internet, and blocks them on your network within seconds – before they reach the user.

Mobile Device Security

Today's cybercriminals attempt to steal data or access your network by way of your employees' phones and tablets. They're counting on you to neglect this piece of the puzzle. Mobile device security closes this gap.

Stay Current

Moving industry news can cover plenty of relevant topics, including online safety concerns. This is why you should always make sure that you follow industry trends and news. Stay informed about the latest incidents with malware and by doing so, it will be all the easier to take necessary measure to protect your business from cyber attacks.

Security Assessment

It's important to establish a baseline and close existing vulnerabilities. When was your last assessment?

call us Tel: +256-(0)414-533784 or email support at for more advice or help.

Dark Web Research

If you can, Knowing in real-time what passwords and accounts have been posted on the Dark Web will allow you to be proactive in preventing a data breach. We scan the Dark Web and take action to protect your business from stolen credentials that have been posted for sale.

SIEM/Log Management

(Security Incident & Event Management)
Uses big data engines to review all event and security logs from all covered devices to protect against advanced threats and to meet compliance requirements.

on Wednesday November 14 by Peter Atkin
Was this helpful?