On a weekly basis there are now articles regarding a big brand company which has been hacked, these usually relate to what data has been lost, how they are notifying those affected and what they are going to be doing to prevent this from happening again.
So how do you prevent it from happening in the first place?
From experience I can see that if a hacker wants to get details from somewhere they will take the easiest target, the ‘Low Hanging Fruit’ as they say, in ensuring your company has some basic security principles in place can help mitigate this.
So how do you ensure you are not the ‘Low Hanging Fruit’
Simple measures can be taken within your environment to help secure it. As a basic level you should be meeting the following guide - CyberEssentials Requirements
This sets out some advice regarding Firewalls, User access control, Passwords, Malware protection and Patch management.
Once you have met the standards given within this document you should be looking to increase the security standards within your organisation. The most effective we have found is the use of education, once educated your staff will be able to react to the threats quicker and reduce the risks to your company.
Our colleague Tom Colvin from Conseal Security wrote a blog post a few months back called How Random. He suggests that humans are quite ‘random’ in their thought processes and actions – complicated perhaps. By contrast computers are well, not ‘random’. It stands to reason then that humans should be able to generate passwords that are harder to crack, but actually it is easier to guess a human password than a machine-generated password.
When choosing passwords, humans it would seem have a habit of gravitating towards dictionary based words, which are more guessable – especially when the most common starting letter in English language is ‘T’ which is invariably followed by a vowel. In fact, Tom’s blog post suggests that for an 8-character password chosen from an "alphabet" of 94 characters, you'll most likely guess the password within 218 attempts. By contrast, an 8-character random computer-generated password is 23 thousand million times harder to guess.
Read Tom’s full post here - it’s full of other useful facts and stats. Now, I know this is an old routine, but feel free to share any horror stories – are you still seeing password post-it notes on PC screens? When you’re speaking to customers, what password advice are you sharing? What software are you recommending to keep devices and content secure? Are you investigating device security as a potential managed service line?