Category: cyber security

Protection Against Data Breaches

Company data breaches can cause a lot of damage – financial and otherwise to customers and to the reputation of the business. Some companies never recover from a large scale data breach, so it is vitally important to protect your business against the possibility.

Data breaches happen through targeted attacks, theft, or even by accident.

Typically, a hacker gains access to an organisation’s private network and then can steal information on staff, customers and suppliers or research in progress, product data etc.

These attacks can be quick or take a lot of preparation and may take months or even longer to detect or in some cases are never detected.

How to Protect Against Data Breaches

  • Take all cyber security steps necessary – preferably with a qualified expert in charge
  • Insist on strong passwords across the organisation as weak passwords are the easiest way for hackers to gain entry to the systems.
  • Staff training. All staff who use the computers need to know how to recognise phishing attempts by email and by phone.
  • Robust security procedures can reduce the likelihood of human error or oversight.
  • Up to date security systems and updates – unpatched software leaves an open door to hackers.
  • Hackers sometimes gain access to larger company systems by first targeting smaller companies that are supplier to the larger company. Take precautions.
  • Frequent reviews of all security processes and systems is essential as new flaws turn up every day.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

 

How to Protect Your Domain Name

Your Internet domain name e.g. mybusiness.co.uk can be very valuable and a key part of your business. You may think it’s impossible for someone to take your domain name but it does happen and the scammers are clever in how they do it, leaving you with the difficult task of proving you are the rightful owner.

For a hacker to take your domain name, there are two basic methods:-

  1. They change your DNS configuration, to redirect traffic from your site to their site
  2. They modify your registration contact information, which gives them full control over your domain.

There is a database called WHOIS that keeps track of the owner’s details and contact person for every domain name as well as the name server data.

A hacker can also change the registration data in the WHOIS database. This then makes it difficult for you to prove that you are the rightful owner, not the hackers. The hacker may also move the domain registration to another registrar which makes it more difficult to get your domain name back.

Domain Locking

The best protection for your domain name is to have it locked. This is a service provided by the domain registrars and it stops unauthorized transfer of your domain name to another registrar.

Once your domain is locked, it will be almost impossible for the thieves to redirect your nameservers or transfer your domain name.

Only with authorization from you, will your registrar will unlock the domain when you need to make changes, and then it can be returned to locked status.

WHOIS Data Entry Protection

Every domain registrar must maintain a publicly viewable “WHOIS” database. For every registered domain, the database must contain personal contact information, including each domain owner’s street address, telephone number, and email address.

Most registrars offer a security feature called WHOIS protection which replaces your contact details with those of the registrar. This maintains your security.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Dublin’s Tram System Website Ransomed

The website for Dublin’s tram system (Luas) was hacked and the attacker demanded a ransom of just one bitcoin (worth about $4000).

The attacker wasn’t after money but to teach the authorities a lesson for ignoring her advice after warnings about weaknesses in their security.

“You are hacked,” the message read. “Some time ago I wrote that you have serious security holes.

You didn’t reply.

The next time someone talks to you, press the reply button.

You must pay one bitcoin in five days.

“Otherwise I will publish all data and send emails to your users.”

It then listed an address to send the bitcoin. The message was subsequently removed.

The company tweeted: “The Luas website was compromised this morning, and a malicious message was put on the home page. The website has been taken down by the IT company who manage it, and their technicians are working on it.

“We apologises to all Luas customers for the inconvenience,” Luas added on Twitter.

Luas carried 37.6 million people in 2017 and transports 100,000 passengers on average daily.

A ransomware attacker with a soul. Let’s hope the authorities take notice of the security weaknesses and don’t get caught out again.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

Google and Google+

Google has said that it found a software glitch in its Google+ social network in March 2018 that could have exposed the personal data of as many as half a million users, but decided not to tell the public until months later.

Google found the flaw in March during an extensive privacy and security review according to Ben Smith, Google vice president of engineering. An internal committee decided not to disclose the potential breach of Google+ because there wasn’t evidence of any misuse of the exposed data, which included names, email addresses, ages and occupations. The bug was immediately fixed at the time, he said.

The Federal Trade Commission, as the nation’s chief privacy watchdog, has the authority to investigate data breaches. The FTC can fine companies when they violate terms of a consent decree.

Google has said it plans to shut down Google+ for consumers (but leave it running for businesses) and introduce new privacy tools restricting how developers can use information on products ranging from email to file storage.

Google+ was never anywhere near as successful as Facebook and social media networks. Even so, many users still have a profile that has personal information on it. Google will shut it down over the coming months for consumers, but keep the version built for businesses open and operating.

The other changes Google is making include requiring apps to ask separately for each type of information they want from a user, such as access to calendars or address books. On Gmail, Google’s ubiquitous email service, only apps that improve email functionality will be allowed to request access.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Fraud Investigation

There are many private investigators, fraud protection businesses, cyber-crime specialists etc. who may be able to help if you are the victim of a fraud.  This is usually only for business fraud as few individuals have the resources to employ professionals in this field.

One such specialist business is Requite Solutions. Their website is at www.requitesolutions.com/

Requite say they are cybercrime, fraud prevention and investigation specialists – a London based consultancy service operating globally.

They employ senior fraud detectives, cybercrime investigators, and former armed surveillance operatives who have years of experience tackling cybercrime, money laundering, organised, and business crime.

They provide high quality penetration testing by CREST certified penetration testers. Our teams of experts work manually to find more of the issues that matter.

Asset Tracing & Recovery, Investigation, Hackers,Financial Investigation, Suspect profiling, Evidential packages, Recovery, Dispute resolution.

 Requite Say businesses should choose them because of the following:-

  • Criminals are exploiting the advances in technology. Every day both large and small organisations are falling victim to fraud and cyber attacks. If you have experienced fraud or a cyber attack, then you will understand the frustration, stress, and panic that often ensues.
  • We will gather crucial evidence, trace assets, absorb your stress, and assist with achieving a positive outcome through recovery of assets and/or prosecution.
  • Staff at your company are often the first line of defence and the importance of training, and continuing education is essential. We can deliver this training in a clear and concise manner.
  • Ensuring that you are adequately protected against fraud and cyber-attacks is paramount. Failures to address any impending threats could damage your brand and reputation and may result in significant financial losses that are not always recoverable.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

UK Cyber Force

The UK government announced the creation of a £250m cyber-force unit that will combat terrorist groups and domestic gangs.

The government is planning it to be an offensive cyber warfare unit in a bid to meet the online threat posed by Russia, North Korea, Iran and other countries active in cyber-attacks.

Experts will be recruited from the military, security services and industry for the project which will be set up by the Ministry of Defence and GCHQ.

In July 2019, a parliamentary committee warned that ministers are failing to get to grip with the shortage in cyber security experts despite the “potentially severe implications” for national security.

MPs and peers said the situation is of “serious concern”, but the Government response lacks “urgency”.

They warned that the WannaCry attack in May 2017, which hit the NHS, showed the need to protect critical national infrastructure  from cyber threats.

In July, a Government spokeswoman said: “We have a £1.9 billion National Cyber Security Strategy, opened the world-leading National Cyber Security Centre and continue to build on our cyber security knowledge, skills and capability.”

For obvious reasons, the UK’s cyber-attack capabilities are a secret, but are widely regarded to be very active.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature