Monthly Archives: September 2021

National Cyber Security Month

Posted on by

October is National Cyber Month.
What is National Cyber Security Month?

National Cyber Security Week

Threats of Cyber Crime from Cyber Criminals continue to increase and we all need to be increasingly alert and focussed on the threats, the impact they could have on our lives AND the things we can do to minimise the risk to ourselves and our businesses.

Red spot on code

National Cyber Security Month 2021 has the overarching theme “Do your part. #BeCyberSmart” and looks to empower individuals and businesses to own their role in protecting their part of cyberspace.

If we all do our part then we will all benefit from a safer place to live and be in a safer place to do business. Not only that but we’ll also be denying the cybercriminals the space they need to extort, employ fraud and generate the money they lust after.

How can we contribute?

We can all look to implement stronger/better security practices such as not clicking links in emails, not opening emails from people we don’t know or even opening emails we weren’t expecting. We can install security software on our phones, our tablets and our computers. We can use stronger passwords, and make sure we use unique passwords for EVERY application.

Each week, National Cyber Security Month will have a different focus, starting with Week 1 – Be Cyber Smart

Week 1, Starting October 4 – Be Cyber Smart

log on box

Our lives are increasingly intertwined with the internet and the World Wide Web. Pretty much all personal and business information is stored on internet connected platforms.

From banking to social media, from email to SMS, from phone and video calling to watching TV and listening to music and beyond.

The internet simplifies some areas of our lives and makes it more complex in others but the one, overarching common factor, is the need for a strong level of security to keep our data safe.

That’s why Week 1 of National Cyber Security Week focuses on the best security practices and “cyber hygiene” to keep our data safe, owning our role in Cyber Security and starting with the basics. That includes using unique, strong, passwords and making sure that we use multi-factor authentication (2FA) where it’s available, preferably avoiding SMS (text Message) authentication where possible.

Week 2, Starting October 11 – Fight the Phish – Trust No One

Phishing attacks, where emails and text messages are sent containing web links encouraging you to click the link, visit a website set up by cyber criminals and enter your user names and passwords are still on the increase. Why are they on the increase? Because they work. People see an email that purports to come from their bank, HMRC, DVLA, Post Office, BT etc. and are given a warning claiming that the recipient needs to do something NOW or they will be locked out of their account, will be arrested, won’t have an order delivered …. or one of many other ruses. You click the link and either have malicious software sent to your computer without your knowledge and approval or give away user names and passwords to cyber criminals, enabling them to access your personal accounts and to steal from you.

The X-Files mantra of “Trust No one” applies here. Any email that contains a request for such information should always be approached with caution and, if you have even a small inkling of concern, then simply open your web browser and visit the website of the sender to check out the veracity of the email.

Week 3, Starting October 18 – Explore, Experience, Share

Week three focuses on the National Initiative for Cyber Security Education (NICE), inspiring and promoting the exploration of careers in the cybersecurity sector. Whether you are a student or a veteran or seeking a career change, this week is all about the exciting, ever changing, field of cyber security, a rapidly growing business sector with something for everyone

Week 4, Starting October 25 – Cybersecurity First

The last week of National Cybersecurity Month looks at making security a priority. Actually taking a Cyber Security First approach to designing and building new products, developing new software, creating new Apps.

Red spot on code

Make Cyber Security Training a key part of onboarding when taking on new employees (and, at the other end, making sure that technology rights are revoked when people leave organisations).

Ensure that your employees are equipped with the cyber secure tools that they need for their jobs. If you practice a BYOD (Bring Your Own Device) policy, allowing employees to use their own phones, tablets and computers then you need to ensure that the cyber security deployed is as strong as that on equipment that you provide.

Before buying new kit, or signing up to a new service, do your research, check the security. Is it secure enough? Can it be made more secure? Can it be remotely wiped? Who has control? All of these questions, properly answered, will ramp up your cyber security defences and help keep the cyber crims at bay

When you set up new equipment, that new phone, tablet or laptop, I know it’s exciting but please invoke the Cyber Security first, don’t leave it until last – it might be too late. Make sure default passwords are replaced with something secure and lock down those privacy settings.

Cyber Security MUST NOT be an afterthought. If it is, you could find yourself paying the price

And if you need some help, you can always ask me. I might not know the answer but I know people in the Cyber Security industry that I can put you in touch with. Email andy@enterprise-oms.co.uk, phone/message me 07966 547146, call 01793 238020 or message me on Social Media and we’ll get it sorted.

New Password Guidance from the National Cyber Security Centre

Posted on by

POSTED ON  BY ANDY POULTON

15 years ago Bill Gates, yes that Bill Gates, predicted the death of the password, presuming that a much more secure alternative method of securing data be adopted, But it hasn’t and passwords are still the default method of securing access to data and systems.

And, with the rapid rise of Cloud Services, Smartphones, tablets and much greater use of the world wide web passwords are seen as an easily-implemented, low-cost security method that users have become familiar, and comfortable with.

Logging On

However, with the sound advice of using a different password at every instance that requires a password has lead to “password overload”, more so when the instruction is to make then increasingly complex to reduce the chance of password theft or accounts being hacked. This has lead to a small range of different strategies to remembering passwords. From writing them down in a “little black book”, saving them on a spreadsheet or using a password Manager [with over 300 passwords, the latter is my choice]

However, a lot of people develop a strategy that is simply based on incrementation. HardPassword1, HardPassword2 etc. The danger being that in a data breach, once your strategy is uncovered it’s just a matter of time before hackers gain access to a range of your accounts.

Recent advice from the UK’s National Cyber Security Centre (NCSC, based in London and part of the UK’s Cyber Security HQ at GCHQ) has suggested making passwords up simply from three random words. Their advice is to be creative and use words that are memorable to you – but not words that can be easily associated with you, such as

  • Your children’s names
  • Favourite Sports team
  • Current partners’ name
  • Names of other family members
  • Pet’s name
  • Place of Birth
  • Favourite Holiday
  • Etc

So, that makes it harder to think of 3 random words but I’ve got an idea. And it’s based on geography. Before you run away thinking I’m going to suggest capital cities, rivers or mountain ranges stay with me. I suggest using some places that are close to your heart, but randomised -by using the navigation app/website What Three Words.

What Three Words is able to define a precise location, down to a 3 metre square. Simply visit the What Three Words website, or install their free app on your phone and navigate to your favourite place. Here’s one of mine (not used for any of my passwords so I’m giving nothing away)

St Catherine’s By The Sea in Map View and Google Earth View

Whether you use the Map View or Google Earth type view, you’ll see the map is overlaid by little squares.

Now, just click on a square and it will be identified by three unique words, so you could click on the entrance to the church, for example, or even a grave stone in the grave yard and What Three Words will give you a code that is unique to that square.

I’ve clicked on the church door and the unique code is remarking however stubble. You could make it harder by adding hyphens, or a different symbol and perhaps capitalising Remarking-However&Stubble for example.

Now all you have to do is either remember your password or use a decent Password Manager -and there are many to choose from, and I’ve written about them in the past.

And PLEASE, if this applies to to you – STOP USING PASSWORD or 12345678 and use one of the above instead

If you need any help, please, just ask. You can reach me by phone – 01793 238020 – email – andy@enterprise-oms.co.uk or just hunt me down on Social Media.