This is a guide for you to help navigate Cyber Security covering the 6 questions we are asked the most by clients.
You can download helpful tips and guides.
PRAGMATIC SECURITY ADVICE. PRACTICAL HELP. KEEPING YOU SAFE
We know from our conversations that Cyber Security can seem like a really complicated topic to understand but if you take it step by step you can quickly become well informed.
SECURITY 101 – GUIDE AND DOWNLOADS
Our security 101 guide and downloads below will provide you with a great starting point for what you need to know.
Security 101: Q&A
A: Use a clever thing called ‘two-factor authentication’
People don’t keep passwords as securely as they should and so even having a strong password doesn’t completely protect you.
This social experiment, whilst amusing, explains why:
Using two-factor Authentication
But two-factor authentication helps to solve this problem.
Most well known internet companies already provide this as an option – from Gmail, Yahoo and PayPal to Facebook, Apple, Microsoft, Twitter and LinkedIn – and their numbers are growing daily.
“Two-factor authentication requires something you know, like a password,” explains Google’s anti-spam guru, Matt Cutts, “as well as ‘something you have’, like your phone.”
After you enter your password, you’ll get a second code sent to your phone (or you can use one of many widely available, free code generator apps), and only after you enter it correctly can you get into your account.
For more details on how to enable two factor authentication for your personal accounts here is a great website: https://www.turnon2fa.com.
To learn more about implementing two-factor authentication for your company or organisation and safeguard your customers’ data, please contact us.
A: Even the term ‘application security’ is often shortened to ‘app sec’. It’s rife!
Clear communication is one of the first steps towards robust security so we’ve created an ‘Insider’s Guide’ to common technical terms.
The Appsecco Application security translation guide has been created to help you.
Things change quickly, so if you can’t find what you need or have something to add please contact us and we’ll update the list.
A: We only use 10% of our brains. Sugar makes children hyperactive. Lightning never strikes twice. All true, right?
If you don’t believe us, or if you want to learn more about these non-application security myths, read more on Iflscience.
The same is true of application and website security, where believing in a myth can spell disaster for your organisation.
So here are some of the big myths:
- Using SSL makes your website secure
- No hackers or cyber criminals would bother to target us
- Open source software is insecure and enterprise software is secure
- Testing for QA is the same as testing for security
- Security worries only begin when a website or application goes live
- Macs are inherently secure
We have created an Appsecco Explanation Guide as to why these myths are not true together with what you can do to not fall foul of them.
A: Yes there are.
The Application Security Verification Standard from OWASP.org is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals and even consumers to define what a secure application is.
We have created this Appsecco Application Security Standards list to link to the standard along with more on developing securely.
A: Discovering that your website has been hacked is a horrible feeling. How did this happen? Why me? What do I do now?
Here is our checklist for what to do next:-
It may sound obvious, but, don’t panic!
Find a computer that is part of your network that hasn’t been hacked. Often it is through one of your computers that hackers get the information to get into your site. (If you are not sure if yours are secure, call us, or someone external that you can trust, and use one of their computers instead).
Using this, login to change your passwords for:
- your email account
- your domain control panel
- and your server
Then shut the website down.
Contact your domain registration company and set up a holding page for your website or application on a different server so your customers know you haven’t simply vanished!
Find the latest backups of your website files and folders including all user uploaded images and files as these can often be where attacks start from. Also examine your website database so that you can start to work out what may have caused the problem.
Make a list of the people who have access to the server and website files including usernames. You will also need to list the important files and data that will be required to setup a new site so that you are ready to get things up and running again as quickly as possible once things have been fixed.
Plan how you will communicate the problems you are having to your customers and staff and start contacting them accordingly so that you can limit any damage to your reputation and brand.
Call in a security professional to find out what allowed the hack to happen and what needs to be done to stop it happening again. It’s not enough just to use a backup version of the site as the vulnerability will still be there.
You can download this guide to keep.
If your organisation has been hacked, or you want to put safeguards in place to help avoid security breaches, please contact us.
Whether you have a specific requirement, a question you'd like answered or would just like an informal chat, contact us.Contact us today