Jun 3rd, 2019
Cyber Security Basics
The digital industry has always been filled with concerns about security. This has only become more pressing as the industry has become a major driver of the economy. So many businesses rely on the internet for their functionality. Though the industry has developed better systems for preventing attacks and improving the response times there are still basics about cyber security that every business should be aware of.
Hackers rarely target a company specifically. More often than not an attack is part of a bulk operation. So it’s less about you, and more about your company having intellectual property which is not protected with the right security parameters. This could be improperly set restrictions on file uploads, this could be poorly secured servers, this can also be social engineering. So let’s look at some of these basics:
Servers should have only a couple people able to access them in any manner. They should have as few ports open as possible, and should have monitoring tools watching them notifying you of suspicious activities.
AWS and other Policies
Cloud storage systems including S3 buckets require access policies. This need to be kept secure limiting access to these files. Particularly if they contain any valuable information. If they can be, all files which reside on remote systems should be deleted if they’re not actually needed for long term use. If the files aren’t there, no one can steal them.
Most companies don’t realize that their biggest weakness is the people who work for the company. If you get phone calls from your IT team asking questions or requesting passwords and you’re not fully aware of who they are or why they need that information you could be the victim of social engineering. This could be a tactic to gain access to your system to hold you for ransom.
Code Requires Updates
All code - particularly open source - is always changing and therefore getting security updates. If your code projects are not being actively updated then you’re running the risk of having a website or web application that has known security vulnerabilities. This can leave you susceptible to hacking attempts, virus uploads and worse. Your digital team should be updating your code on a regular basis, and sometimes this requires modifying the code in order to make it compatible.
If you’re running a web application and have not been doing updates or had a security scan done in recent months we’re happy to chat with you about why it’s incredibly important.