#100securedays Recap 16

“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.” – Stephane Nappo

Recap of week 16 of #100securedays-

Day 75: Question the source if you feel something looks strange. Don’t trust anything/everything you see online.

Day 76: Attackers flood the server with spoofed ICMP packets sent from a huge set of source IPs. The result of this attack is the exhaustion of server resources and failure to process requests. Security tools now help detect & prevent ICMP flood attacks from affecting your network.

Day 77: Enable the two-step verification feature in your Whatsapp account: Settings-Account-Two-Step Verification. If your number is lost or your phone gets hacked, then this feature will really help secure your account from any malicious activity.

Day 78: Ping floods are when attackers flood the server with spoofed ping packets from a huge set of source IPs. So an attacker takes down a victim’s computer by sending continuous ICMP echo request. This attack is an evolution of the ICMP flood. Set your firewall or router to ignore the preventable ping packets from the internet.

Day 79: Instagram is a platform where you get to share your posts with your family, friends and also the world. The more secure you are the better and it is best recommended to keep your account private. We also know that public accounts help you with more followers, engagement etc; which is okay if you want to create your own brand. If you notice any unusual activity in your account, report/block immediately and if necessary delete your account.

If you would like to speak to our security consultants on best practices to keep your business secure, please contact us to discuss your unique requirements.

#100securedays Recap Week 15

“My message for companies that think they haven’t been attacked is: You are not looking hard enough.”

Day 70: If your system looks like this, you need to clean it up asap. Hackers scan PCs and websites with a type of malware and this leads to data leakage, identity theft and more sorts of breaches. Clean your systems, delete files and software you have not been using. #100securedays

Day 71: You can accidentally click on anything. From phishing scams to malicious pop-up ads, run a scan just to be certain you are secure. #100securedays

Day 72: Attackers exploit weaknesses in the Transmission Control Protocol (TCP) connection three-way handshake, which is the communication process between the client, the host, and the server. Attackers send SYN packets to the aimed server as a spoofed message until the table memory connection of the server is exhausted causing the entire service to shut down. #100securedays

Day 73: You might be working in a start up or a SMB or just starting off by yourself, this is a very healthy routine to follow. Scan your systems, remove things you don’t need or want in your devices, follow recommendations you find from trusted sources. You can also follow us on our social channels for more security tips. #100securedays

Day 74: The User Datagram Protocol (UDP) DoS attack will flood various ports at random, leading the host server to report back with an Internet Control Message Protocol (ICMP) packet. Without an early threat detection and traffic profiling system, it’s impossible to know if they’re there. Which means you will only know about it if your website crashes. #100securedays

If you would like to speak to our security consultants on best practices to keep your business secure, please contact us to discuss your unique requirements.

#100securedays Recap Week 14

“One person’s “paranoia” is another person’s engineering redundancy”. – Marcus J. Ranum

Recap of Week 14-

Day 66: Read your e-mails carefully, from e-mail addresses to content in the e-mail. Some platforms also give you access to what browsers and devices have accessed it. You can also activate two-factor authentication which is highly recommended by security experts.

Day 67: Back them up on an encrypted external drive or even a google drive should be fine. Make sure your files are password protected all the time. It might be an additional step but it is so worth it.

Day 68: Make sure you use a different password for all your e-mail accounts. By hacking one account, this gives clues to the hacker to hack another account of yours. Use a different password and avoid yourself from being compromised in any way.

Day 69: Best Practice: If you don’t want to risk it, avoid it! Third party stores may have what you want but are they secure? Having a security software that can offer malware protection will help secure your device.

If you would like to speak to our security consultants on best practices to keep your business secure, please contact us to discuss your unique requirements.

#100securedays Recap of Week 13

“Cybercriminals can use personal details, such as your favorite color, the last four digits of your credit card, and your email addresses to make educated guesses about your sign in credentials.” – Larry Alton

Last week’s recap-

Day 61: Downloading a new app on your phone is nothing unusual but if the app asks for any sensitive information, do not give them access to it. Your privacy matters! #100securedays

Day 62: Yes, turn them both off if you aren’t using them or if you are near anyone you find suspicious. This minimizes your exposure to real threats. #100securedays

Day 63: This automatic download can happen in the form of attachments or images. Disable this on your outlook or Gmail or any other e-mail provider you are currently on. If you don’t know how to do this, contact your IT support. #100securedays

Day 64: You may think you don’t have sensitive data on your phone but you might be wrong. A hacker can find his way around anything he wants, be it sensitive or personal. Encrypt your phone data, better safe than sorry! #100securedays

Day 65: Cybercriminals who create fake profiles have ulterior motives. They post fake offers, promising something to the customer or providing fake details on behalf of the business. Do not accept anyone that you feel look suspicious. Double-check the account if you have to confirm the profile. Stay safe & secure! #100securedays

If you would like to speak to our security consultants on best practices to keep your business secure, please contact us to discuss your unique requirements.

#100securedays recap of Week 12!

“IoT without security = Internet of Threats” – Stephane Nappo

Last week’s recap-

Day 56: 75% of Internet mail is now spam and businesses with 24 users or less receive around 600 spam messages per month. Tips- Do not click on any links or download or open attachments that come from spam. Also, disable the automatic download of HTML graphics in your mails. #100securedays

Day 57: We use our laptops on a daily basis. You don’t have to be a celebrity or a politician to fall victim to a webcam hack. We’ve seen the news! Baby monitors, smartphones, laptops, and smart TVs have been hacked to spy on people around the world. #100securedays

Day 58: How many times have you come across this kind of news updates? The truth is, as tempting as the news looks, you are just one click away from a malware attack. Stay aware and avoid all of these tricks. #100securedays

Day 59: This is the best practice! Set up another e-mail account with a different password. Also, be aware of your surroundings when giving out your email address. #100securedays

Day 60: Logging into your PC as an admin is riskier than logging in as a standard user for routine stuff like web browsing. An admin log-in makes your system more vulnerable. #100securedays

If you would like to speak to our security consultants on best practices to keep your business secure, please contact us to discuss your unique requirements.

Addressing Endpoint Security Challenges in 2020

What is  Endpoint Security?

Endpoint security is the process of securing devices that are connected to the enterprise network. These end user devices vary from mobile, laptops, desktop PCS and hardware such as servers in a data center. Encryption of data on endpoints helps protect against data leaks and loss.

Here’s how we can help you with endpoint security.

Why is Endpoint Security Important?

Every device can be an entry point for threats and if it is connected to the network that can lead to a larger catastrophe. Now that companies have adopted BYOD practices and work from home schemes or remote/mobile employees, the enterprise network security perimeter has dissolved.

With the number of breaches that have taken place over the last two years, this should be a wakeup call for businesses to prioritize security.

In 2017, 77% of attacks on endpoint devices involved fileless malware and exploits.

Hackers have increasingly started using fileless malware in attacks because malware running in memory is a lot harder to detect and stop than malware installed on systems.

What is fileless malware?

Attackers do not install software on a victim’s machine instead, tools that are built-in to windows are hijacked and used to carry out attacks. This means that discovering fileless attacks are very challenging.

Next generation attacks like ransomware and advance phishing are increasing every year, these attacks require next-generation security controls that can stop and control these advanced attacks than traditional security solutions that are no longer adequate.

Cybercriminals have incredible resources available to them. As organisations turn to the latest artificial intelligence and cognitive solutions to help defend against cybercriminal techniques, cybercriminals will use variant of those technologies to augment their own strategies.

In 56% of those ransomware attacks, the attack affected more than 5% of their endpoints.

Emails are the most persistent endpoint security vulnerabilities. Hackers use this platform to take advantage of employees’ cybersecurity ignorance.

We are going to end this blog with some stats over here:

• 92.4% of malware is delivered via email, according to the Verizon 2018 Data Breach Investigations Report.
• According to Trend Micro, phishing constitutes 87% of high-risk email threats in 2018.
• 15.5% of malicious emails disguise themselves as a bill according to the  2019 Symantec Internet Security Threat Report (ISTR).

90% of all breaches are caused due to some type of Human Error.

What is your security goal for your endpoints in 2020?

We do not want to preach about security but we want every individual in a business to practice it. If you would like to speak to our subject matter experts for further advice, call us: 1800 903 552 or e-mail us.

 

#100securedays Week 11 Recap!

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” – Stephane Nappo

Last week’s Recap-

Day 51: Make sure your card is with you in a safe place at all times. If you are paying for your meal or buying something for yourself ensure your card is not out of sight. #100securedays

Day 52:

Ensure that DNS servers are up to date on all patches and running the latest version of the name server software. Implement complex passwords and multi-factor authentication for DNS administrator credentials to prevent unauthorized changes. #100securedays

Day 53: 

Never write your pin down anywhere and keep it in a secure and encrypted location. When entering your PIN, always cover the keypad. #100securedays

Day 54:

The benefit of a DMZ (De-Militarised Zone) is that your external-facing servers, resources, and services are placed so that they are accessible from the Internet. However, the remainder of the interior computer network remains unreachable from the outside. This provides extra security because it restricts hackers from being able to directly access internal servers and information. #100securedays

Day 55:

It’s always healthy to remove applications you haven’t been using at all or for a long time. Some apps can cause a security risk & invasion of privacy. Another reason for deleting them is that you have extra storage space. #100securedays

If you would like to speak to our security consultants on best practices to keep your business secure, please contact us to discuss your unique requirements.

#100securedays Week 10

“Information security is one of the few spots in the business where you can be involved in almost every part of the business.”

Here’s last week’s recap of #100securedays:

Day 46: Make sure you keep a note of all your sensitive information, encrypt that information safely in a secure place. This will be easier to report it if it’s lost/stolen. #100securedays

Day 47: According to 2018 Verizon Data Breach Report- Misdelivery accounts for around 62% of human error data breaches in healthcare. Double-check every e-mail address before sending any e-mails out. #100securedays

Day 48: Encryption protects a user if their system is lost/stolen. This is the best way to protect any sensitive information in a device. #100securedays

Day 49: Monitor/proxy DNS traffic to ensure DNS is being used as intended. Also, ensure that DNS servers are up to date on all patches and running the latest version of the name server software. #100securedays

Day 50: Following a clean desk policy is one of the simplest ways to improve compliance of privacy laws. To safeguard your company’s sensitive information a clean desk policy and a clear screen policy work hand in hand. This not only helps in basic privacy but also security principles and increases your productivity. #100securedays

If you would like to speak to our security consultants on best practices to keep your business secure, please contact us to discuss your unique requirements.