Today we’re joined once again by UKFast security expert Sean. What are the most prevalent threats to your business right now? And what are Sean’s top tips for staying cyber-secure this month?
Let’s find out.
There’s been a few high-level security vulnerabilities reported this past month. These serve as a poignant reminder that updating and patching your infrastructure is absolutely essential, and that third-party software can pose a risk for any size of business.
ZombieLoad: One month ago, Intel published details about its MDS vulnerability – named ‘ZombieLoad‘, as your processor resurrects your private browsing history and other sensitive data. The vulnerability threatened almost every computer with Intel chips dating back to 2011. This was, and potentially is, a massive threat to infrastructure across the world.
In the weeks since then, vendors, developers and manufactures have issued updates to mitigate the risk of being affected by ZombieLoad. So, ensure you’ve checked all your infrastructure has been updated and is protected against this vulnerability.
LabCorp’s data breach: LabCorp and a number of other organisations have fallen victim to third-party data breaches recently. LabCorp declared that 7.7 million patients had their personal and financial data stolen by hackers. The cybercriminals were targeting the third-party vendor which processes payments for LabCorp and other companies.
This really highlights the need to check the security of your entire supply chain. It also shows the real problems that third-parties can present for those not aware of the risk.
So, in light of these recent threats, here are some tips to help you stay cyber-secure this month.
Understanding the vulnerabilities that your infrastructure is prone to and monitoring these weak points is my number-one piece of advice right now. Stay vigilant and monitor the news from your providers about any vulnerabilities that come to light.
Once you form the habit of being aware and up-to-date about the potential vulnerabilities in your infrastructure, keeping it updated and patched becomes easy and boosts your overall security, meaning you’re more likely to be protected from common SQL injection attacks and other threats which target your vulnerabilities.
Using your work email for things like LinkedIn, Facebook, or to try and get another free trial of Netflix is not secure.
As demonstrated by the likes of LabCorp, third-party software can pose a huge security risk. If your details are stolen from a third-party database, hackers now have your work email and a way into your entire organisation. Not only does this put your personal data at risk, but everyone you work with – that’s not a reputation you want around the office.
This is a common tip but can’t be stressed enough. So many people still use weak passwords due to out-of-date advice on needing to change your password regularly. Updating your passwords every few months is now proven to force individuals to use easier-to-remember, simple passwords.
Recent research has shown that any 8-character length password can be cracked within 2.5 hours. As password cracking tools and the hardware required evolve, this will expand to 9-character length and so on. By choosing a lengthy, complex password, you can be assured that no tool will be able to crack it within the next billion years (at the current level of technology)!
If you have trouble generating complex passwords, download a password manager onto your phone. This generates a password and stores them securely. Another technique is to take four or five random words linked together and come up with a method of remembering them easily. Throw some numbers and symbols on the end for good measure and you’ll have an extremely secure password. With helpful tools like this, there are no excuses for using ‘password123’.
To get even more great security tips from Sean, check out his last blog here.
Don’t leave your business wide open for cybercriminals. Get to know which vulnerabilities exist in your infrastructure and how to fix them before they’re exploited.