Endouble speakers: Jakub (CTO and senior developer) and Gerard (Security specialist and web developer)
Cyber Security tips that every company should know about
Have you heard of internet. No? It’s the place with lots of funny images of cats. There is also other stuff there. Like information about your work, home, kids, spouses. Your whole personal and professional life is there. Oh, did we mention the bad guys? They want your company information. And this is the point where you should be afraid, very afraid.
The question is not if your website will be hacked, but when...
Do you think you are secure?
The system is as secure as the weakest link but we all think we are secure. Of course we are! Well, let's see...
Some security tips every company should know about:
The passwords we are usually using are either very easy (so we can remember them), or very difficult (so we have to write them down to remember). Cracking easy passwords is easier than you would think. Solutions?
- Use Passphrases (much easier to remember, as difficult to guess as typical passwords)
- Use a password manager.
And some common sense:
- Do not write them physically.
- Do not repeat them between websites.
- Beware how you share them.
- Use 2 Factor Authentication (if possible).
Examples of weak passwords:
- Welcome01 - takes about 1,5 hour to hack
- B#f6jW - (less than 8 characteristics) takes about 5 hours to hack
When a password has 9 characters, its takes at least 7 weeks to crack it. So, please change your password if it's less than 8 characters! Furthermore: Avoid pins shorter than 6 digits and avoid patterns.
The actual status of software is that it's full of security holes. What are the main vulnerabilities?
Microsoft windows 7 is the most vulnerable system, keep your devices updated!
Browsers are the main door for attackers, don't use Internet Explorer and keep your browser updated.
What will happen if you leave your computer a couple of minutes unattended? It takes a hacker 10 seconds to get remote access to a computer, so always lock your device when you go to the toilet!
Another useful tip: never take a picture of your keys. Those can be duplicated easily by 3D printing.
Anti-virus (can't) save you
Most people think they are safe because the use an antivirus programme. But antivirus cant save you, it's just a piece of software and crypting services make most antivirus techniques useless.
Jacub and Gerard don't discourage the use of antivirus programmes, but besides that, keep the following 'common sense' rules in mind:
- Don't open files you don't know
- Use only software from secure sources (apple source is more safe than google store)
- When you doubt about opening a file, don't open it
The importance of HTTPS
Almost all of us use WiFi to acces the internet, and we all know it's best to avoid unsecured networks. But what to do when the only way to access the internet by an unsecured network?
- Always visit https versions of the website because it encrypts information
- Always use vpn (virtual private network) when you enter a website (you create an extra gatekeeper to secure your information)
- It's most secure to combine https and vpn
The presentation ends with results of a brief reconnaissance of websites of all attendees. How secure are the attendees? It appears that no one passed the security test! A brief overview of the findings amongst 300 attendees:
- 94 websites are not using https (2 3rd of sites)
- 366 outdated or vulnerable software systems
- 104 workers full names are visible
- 168 workers emails are visible
- 4453 worker profiles are visible
You only need one weak link to be hacked so keep your security up to date!