Four essential digital security steps for your business
ThinkBlog’s ‘Securing your business’ series has highlighted the some of the biggest cases of digital information breaches. But...
In June this year, British parliament’s email system was hacked. You might have thought, or hoped, that the bastion of democracy was a fortress in terms of cybersecurity. But if MPs and Lords can be got to, where does that leave the rest of us?
Hackers can roam the internet and probe at a network knowing that, with sheer persistence, they’ll eventually find a way into someone’s private world. It’s potentially a bigger payday for them if they hit an enterprise, but private individuals remain common targets. Individuals can be easy pickings, given the lower levels of defence they likely use.
Most enterprises are aware of the basic security measures they need to implement. Domestic users tend to be less aware. Given that the enterprise is made up of ordinary people, there’s an overlap when non-security-aware individuals bring their own online practices and habits into the office, or onto their company devices.
A parliamentary spokesman said of the cyberattack on Westminster that the 90 hacked email accounts were protected by weak passwords. A less-than-robust approach to protection was also a common characteristic to emerge in the aftermath of the WannaCry ransomware attack.
Ransomware has ramped up in recent years. The National Cyber Security Centre reports a threefold increase in ransomware variants in the first half of 2016, compared to the whole of 2015. How do these attackers get in? They must gain entry before they can make their demands, and this is where the enterprise and the individual are most at risk.
Enter phishing, a technique where attackers entice their targets into responding to seemingly alluring messages, via email, text or instant messaging. The Imperva Incapsula web app security centre offers two phishing attack examples:
It’s clear that the entry-level skill for all users of any type of computer, and any other connected device, is to get nimble with passwords. Many people make light of such advice. This is partly due to the tedium of the password-creation process. You often receive annoying prompts when setting up a new password. “Use a capital letter” or “Insert both symbols and numbers”. The problem is that such requirements generate easily forgotten passwords.
For this reason, lots of us tend to go for easy-to-remember passwords. Unfortunately, this approach creates an even bigger problem. Easy passwords are simple for hackers to crack. This hacker’s advice on password protection is well worth following.
The more obscure you can make your passwords – with no connection to your birthday, middle name, address, place of birth or any other personal fact that a dedicated hacker can glean from another source – the more difficult they are to crack. Hackers are less inclined to spend time on a complicated challenge when they can far more easily penetrate a poorly supported line of defence.
Here are five reliable and simple practices that can minimise risk for both individuals and companies:
You may be lucky. One day when you receive an email from the most obscure offshore republic in the world, telling you in the worst grammar possible that you’ve got £5 million locked in an account from an unknown benefactor, it just might be true. On the other hand, it might not.