Tuesdays Top Tips

April 13, 2020

An archive of JC Cyber Security's #TuesdaysTopTips

Tip #1 - You are a target to hackers.

Hackers are always on the look out for vulnerable systems to attack and cause a business to fall over. Don't ever say "It won't happen to me" or "I won't get hacked" because the chances are you will. In fact, last years statistics show that 64% of SME's were breached. If you think hackers won't attack because you're a small business, then you're wrong! We are all at risk and the consequences are high - to your

personal and financial well-being, and to your businesses standing and reputation. You MUST ensure that your systems are as secure as possible.


Tip #2 - Keep software up to date.

Installing software updates for your operating system and programs is CRITICAL . Always install the latest security updates for your devices:

•    Turn on Automatic Updates for your operating system.

•    Ensure all of your applications and programs are kept up to date. When an update is available, install it.

•    Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.

•    Make sure to keep browser plug-ins (Flash, Java, etc.) up to date.


Tip #3 - Avoid Phishing scams - beware of suspicious emails and phone calls.
Phishing scams are a constant threat - using various social engineering techniques, cyber criminals will attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information.

 

  • Phishing scams can be carried out by phone, text, or through social networking sites - but most commonly by email.
  • Be suspicious of any official looking email message or phone call that asks for personal or financial information.

 

Tip #4 - Practice good password management.

We all have too many passwords to manage - and it's easy to take short-cuts, like reusing the same password.  A password management program can help you to maintain strong unique passwords for all of your accounts.  These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically.


There are several online password management services that offer free versions, and one that we highly recommend is LastPass - a free application compatible with most, if not all, devices.


Here are some general password tips to keep in mind - if you choose to use LastPass, it will cover all these tips:

 

  • Use long passwords - 20 characters or more is recommended.
  • Use a strong mix of characters, and never use the same password for multiple sites.
  • Don't share your passwords and don't write them down (especially not on a post-it note attached to your monitor).
  • Update your passwords periodically, at least once every 6 months (90 days is better).

 

If you are interested in LastPass and would like some tips and guidance, feel free to contact us!


Tip #5 - Be careful what you click.
Avoid visiting unknown websites or downloading software from untrusted sources.  These sites often host malware that will automatically, and often silently, compromise your computer.


If attachments or links in the email are unexpected or suspicious for any reason, don't click on it. Especially during these unprecedented times, it is more vital that you are on the look out for suspicious emails. If you have any worries about suspicious emails, let us know and we can provide an email address for you to forward the email onto us so we can look into it. Moreover, if you have clicked on a link that you believe to be malicious give us a call and we can scan your machine for any malware.


Tip #6 - Never leave devices unattended
The physical security of your devices is just as important as their technical security.

  • If you need to leave your laptop, phone, or tablet for any length of time - lock it so no one else can use it.
  • If you keep sensitive information on a flash drive or external hard drive, make sure to encrypt these and lock it with a password. 
  • For desktop computers, shut-down the system when not in use - or lock your screen.

 


Tip #7 - Use mobile devices safely
Considering how much we rely on our mobile devices, and how susceptible they are to attack, you'll want to make sure you are protected:

  • Lock your device with a PIN or password - and never leave it unprotected in public.
  • Only install apps from trusted sources.
  • Keep your device's operating system updated.
  • Don't click on links or attachments from unsolicited emails or texts.
  • Avoid transmitting or storing personal information on the device.
  • Most handheld devices are capable of employing data encryption - consult your device's documentation for available options.
  • Use Apple's Find my iPhone or the Android Device Manager tools to help manage the impact of loss or theft.
  • Backup your data.

 


Tip #8 - Install Anti-Virus Protection

Only install an anti-virus program from a known and trusted source.  Keep virus definitions, engines and software up to date to ensure your anti-virus program remains effective.
Through our Protection Plan , we can take the worry of endpoint protection away by fully managing this service for you.


Every Tuesday a new tip will be added. By following these tips and remaining vigilant, you are doing your part to protect yourself and others.


Follow Us

Be the first to know

You might also like

DAST in DevOps: Why It Matters

October 14, 2024
DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations.  So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?

Why DAST Testing is Important

October 4, 2024
Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs.  This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.

The Evolution of Hacking

September 25, 2024
In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all.  In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.
More Posts
Share by: