Security 101

Cyber security can seem like a really complicated topic to understand but if you take it step by step you can quickly become well informed.

Our security 101 guide below will provide you with a great starting point for what you need to know.

Q&A

A. Use a clever thing called ‘two-factor authentication’.

People don’t keep passwords as securely as they should (as you can see from this video) and so even having a strong password doesn’t completely protect you.

But two-factor authentication helps to solve this problem.

Most well known internet companies already provide this as an option – from Gmail, Yahoo and PayPal to Facebook, Apple, Microsoft, Twitter and LinkedIn – and their numbers are growing daily.

Two-factor authentication requires something you know, like a password,” explains Google’s anti-spam guru, Matt Cutts, “as well as ‘something you have’, like your phone.

After you enter your password, you’ll get a second code sent to your phone (or you can use one of many widely available, free code generator apps), and only after you enter it correctly can you get into your account.

For more details on how to enable two factor authentication for your personal accounts there’s a great website here.

To learn more about implementing two-factor authentication for your company or organisation and safeguard your customers’ data, please contact us.

A: Even the term ‘application security’ is often shortened to ‘app sec’. It’s rife!

Clear communication is one of the first steps towards robust security so we’ve created an ‘Insider’s Guide’ to common technical terms here. (Things change quickly, so if you can’t find what you need or have something to add please contact us and we’ll update the list!)

A: We only use 10% of our brains. Sugar makes children hyperactive. Lightning never strikes twice. All true, right?

Wrong! If you don’t believe us, or if you want to learn more about these non-application security myths, click here.

The same is true of application and website security, where believing in a myth can spell disaster for your organisation.

So here are some of the big myths:

  • Using SSL makes your website secure
  • No hackers or cyber criminals would bother to target us
  • Open source software is insecure and enterprise software is secure
  • Testing for QA is the same as testing for security
  • Security worries only begin when a website or application goes live
  • Macs are inherently secure

Click here for an explanation of why they aren’t true together with what you can do to not fall foul of them.

A: Yes there are.

The Application Security Verification Standard from OWASP is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, and even consumers to define what a secure application is. We have a handy to link to the standard and some more information on developing securely here.

A: Discovering that your website has been hacked is a horrible feeling. How did this happen? Why me? What do I do now?

Here is our checklist for what to do next:-

It may sound obvious, but, don’t panic!

Step 1.
Find a computer that is part of your network that hasn’t been hacked. Often it is through one of your computers that hackers get the information to get into your site. (If you are not sure if yours are secure, call us, or someone external that you can trust, and use one of their computers instead).

Using this, login to change your passwords for:

  • your email account
  • your domain control panel
  • and your server

Then shut the website down.

Step 2.
Contact your domain registration company and set up a holding page for your website or application on a different server so your customers know you haven’t simply vanished!

Step 3.
Find the latest backups of your website files and folders including all user uploaded images and files as these can often be where attacks start from. Also examine your website database so that you can start to work out what may have caused the problem.

Step 4.
Make a list of the people who have access to the server and website files including usernames. You will also need to list the important files and data that will be required to setup a new site so that you are ready to get things up and running again as quickly as possible once things have been fixed.

Step 5.
Plan how you will communicate the problems you are having to your customers and staff and start contacting them accordingly so that you can limit any damage to your reputation and brand.

Step 6.
Call in a security professional to find out what allowed the hack to happen and what needs to be done to stop it happening again. It’s not enough just to use a backup version of the site as the vulnerability will still be there.

If your organisation has been hacked, or you want to put safeguards in place to help avoid security breaches, please contact us.

Related content you may find useful
Application security terms explained - Appsecco Application Security Translations
Application security videos - Appsecco Security Videos
Common security myths - Appsecco Common Security Myths
Application security standards - Appsecco Security Standards

 

Contact us

If you’d like to learn more about security no matter what level you feel you are at or if you aren’t sure where to begin, contact us for a friendly chat.

Whether you have a specific requirement, a question you'd like answered or would just like an informal chat, contact us.

Contact us today
Twitter Twitter icon Facebook Facebook icon Pinterest Pinterest icon LinkedIn Link to LinkedIn.com