2 minute read
Cyber Security
Recently I was at a conference when I was told about how even the most Cyber Security trained person can fall for a Cyber attack. Luckily in this case there was no impact.
This lady, from a major organisation was rushed, jumping off a plane, trying to get baggage and jet lagged. We have all been there. She was dealing with many issues on the emails coming in and then it happened. She clicked on a link.
Advertisement
It was only then she realised she had been caught and not only caught but caught on her own Phishing campaign (This is a friendly campaign to test staff on links that could be launch an internal attack.
This shows it can happen to anyone and will happen to you.
So, my first question is what is your plan when it happens?
• Do you know what you would do?
• Who you should or who you would go to for help?
• When you should inform your customers or other team members there had been a breach?
• How you would even know there has been a breach and what even constitutes a breach?
• When should you inform the ICO?
Over the next few TMV’s I will take you through some tips and techniques for this and other Cyber Security areas based on the following pillars:
• Identify
• Protect
• Detect
• Respond
• Recover
These 5 pillars are very common in the Cyber Security World.
In the meantime, think about what you might do if you were attacked and compare with the articles to come.
In addition, write to Richard (TMV Editor richard@cambridgetoastmaster.com) and ask questions which I will answer in the next edition. Let’s make it relevant to what you do.
In these articles I will also call out some of the latest breaches which may be of interest or might affect you directly.
This month the most important is Lastpass
Lastpass is a password manager and there has been major breach just before Christmas. If you use Lasspass you must take action to protect you and your customers, friends or team members.
The backup vault and code were stolen! The vault holds passwords and other data! Now the vault is encrypted but it is recognised that it may, just may be possible for the data to be accessed eventually.
My recommendation is that you immediately change your master password for a new password which should be 21 digits or over! This will generate a key change and re-encrypt your data.
The second thing is, I would systematically go through your credentials, within the vault, and update them with new passwords. Passwords should never be less than 12 digits.
To protect yourself from attacks
I will state in every article the main way to protect any access to any app or computer system is engage multi factor authentication. Look for the option in every app or system you have and engage it.
The second immediate action to take is to increase your password for your email systems to greater than 16 digits.
David Tinney
