Hacker Gives Top Security Tips to Business
Truth is that shopping on the web is now just as safe as ordering goods over the telephone – just as long as you follow a few common sense rules.
The same even goes for business and enterprise – it’s just a shame that over the last few months even the big boys, including the Government have been caught napping.
So – what needs to be done?
Personal Online Security
- If you do order goods over the internet, make sure that the company you’re buying from uses a secure shopping server. You’ll know if it is a secure site if a padlock icon appears at the bottom of your browser window and/or the web address begins with or switches over to ‘https:’ as you’re transferred to a secure part of the site.
- If you’ve found a bargain on a site that you’ve never heard of before have a search around for reviews or find their contact number and postal address. It only takes a few minutes to give them a call and if they’re decent they won’t mind you asking them a few questions.
- Never send your bank or credit card details to anyone in an email. Banks and online stores will never ask you to do this as it is not a secure way of sending information.
- Don’t fall for official-looking emails asking you to send your financial details, you should never reply as you could become a victim of identity fraud.
The thing is that all of that should be common sense and enough to protect you coupled with using Norton or other antivirus software.
How Businesses can Avoid Getting Hacked
Now, with all the recent news of organisations as big as Sony and even GadgetyNews getting hacked and names such as Anonymous, LulzSec and AntiSec being spoken by non-techy types businesses need to get serious!
“Information security is a mess. … Companies don’t want to spend the time/money on computer security because they don’t think it matters,” said ex-Anonymous hacker, SparkyBlaze, in an exclusive interview with Cisco’s Jason Lackey.
When asked to give advice to organisations on how to best tackle their security SparkyBlaze offered these 14 tips:
- Deploy defence-in-depth
- Use a strict information security policy
- Have regular audits of your security by an outside firm
- Use IDS or IPS
- Teach your staff about information security
- Teach your staff about social engineering
- Keep your software and hardware up to date
- Watch security sites for news on computer security and learn what the new attacks are
- Let your sysadmins go to defcon ;D
- Get good sysadmins who understand security
- Encrypt your data (something like AES-256)
- Use spam filters
- Keep an eye on what information you are letting out into the public domain
- Use good physical security. What good is all the [security] software if someone could just walk in and take [your “secure” systems]?
Again, SparkyBlaze points out much that should be common sense to business but with the number of data breaches in recent months it seems that sense aint that common.
Have you got any nifty hints and tips? Please share your insights 🙂