Category: information

The Danger of Internet Connected Gadgets in Your Home

Some homes are now filled with dozens of appliances, devices and children’s toys which can be connected to Wi-Fi and some are useful while others are just for fun, but if they are not fully secure the consequences can be unpleasant .

Often set with a default password or no password, these devices can  provide an easy route for cyber attackers to get into your systems and look for confidential information.

The Internet of Things

The “Internet of Things” is a name for the adoption of Internet enabled devices in the home. The idea being that more and more household objects will communicate over the Internet. Common such items now include thermostats controlled by an APP, smoke alarms that phone you, toys that access Internet stories and music, the Alexa and Google Home devices that you can say instructions to and they use WI-FI to control other devices or find information or translate something. This also includes Internet-connected “wearable” devices, such as fitness bands which upload your GPS co-ordinates and telemetry to the Internet so you can access the data on your PC.

Many companies are working on more of these Internet of things devices.

These devices can give out information to interlopers that you may not consider e.g. the recent case of American Special Forces soldier wearing fitness bands and their location being broadcast on Google.  OOPS.

How to Make Your Connected Home More Secure

  • Secure the wireless network. Use the WPA2 protocol if your broadband router allows that option.
  • Give your Wi-Fi network an unusual name that doesn’t identify your address e.g. General Electric.
  • If guest access is enabled on the network – disable it.
  • If your router is capable of creating two separate WI-FI networks then use one for computer devices and a separate one for household gadgets.
  • Always use strong passwords that cannot possibly be guessed by anyone e.g. a string of random words.
  • Login name is often admin or administrator by default – If you are able to change the login name then change it to something that cannot be guessed.
  • Disable any remote access for gadgets. If you ever need it for allowing the supplier to fix a fault then you can re-enable it temporarily.

Some of these gadgets have appropriate Internet security and insist on strong passwords etc.  but others have little or no thought of security, so you must take care to plug any holes in security.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

What If Your Business Has a Data Breach

If your business suffers a data breach i.e. hackers access your system and steal confidential information then you have a lot to do to deal with the breach, communicate with all affected parties and put in place better security to prevent another breach.

How well you deal with the breach often affects the total cost and the level of damage to your business reputation.

These four steps can help:-

1. Investigate the Breach

  1. How did it happen?
  2. What was stolen?
  3. Can the hackers regain entry to your systems?

You’ll need to know exactly what information was lost in the data breach.

Less sensitive information includes  name, address. phone number etc. This can be used by scammers and cold callers but that information is readily available for most people through the phone directory, social media and  the Electoral register.

More sensitive information includes date of birth, name, financial details, payment card details.  Combined with the less sensitive information this can be used for identity fraud.

If the stolen data includes names with login and passwords then you need to act fast to warn people to change their passwords.

2. Determine the Possible Damage

Once you know what data has been stolen, you need to understand how this can affect people i.e how this data can be used by criminals. Will they likely sell the information to a competitor or to other scammers or ransom it back to you?

3. Communicate with All Interested Parties

You need to inform all affected parties ASAP.  This may be customers, partners, staff, suppliers etc. If the breach is serious then you should inform the Information Commissioners Office.  If relevant inform the Police.

4. Increase Your Security

Unless you have security experts, you may need to hire experts to assess your systems and see how security can be improved. Start enacting those improvements straightaway and of course close off whatever method the hackers used to get into your systems.

A data breach can be very serious and must be dealt with quickly and efficiently to minimise damage to your reputation.

 Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

Is Your PC Mining Bitcoins for Someone

Criminals keep finding new ways to take advantage of us. Bitcoins and other cyber currencies are constantly in the news and this has led to endless scam offers of untold wealth from Bitcoins and other cyber currencies. But there’s also a new way for criminals to take advantage of you.

The Creation of New Bitcoins

This is through a process called ‘mining’ and it applies to all cyber currencies.

Mining uses huge amounts of computer processing power to keep the blockchains consistent, complete and unalterable. The “blockchain” is how the records of the Bitcoins are stored. Mining becomes progressively more difficult as more Bitcoins are created over time – requiring more and more processing power.

Bitcoin has been in circulation for some years and effective mining requires super computers.

However, hackers get around this by commandeering processing power from large numbers of other people’s computers – possibly your computer.

The hackers infect your computer with malware that lets them download data to be processed and upload the results back to themselves. If you find your computer is always slow and seems to be busy doing something you haven’t asked it to do – this can mean your computer has been infected and is busy working for someone else.

The same hacking tool that allowed the Wannacry ransomware to wreak destruction in 2017 has also been used by hackers to take over people’s computers and use them for mining.

Another similar one is called Smominru and makes infected computers mine for the cyber currency Monero. It is thought that up to half a million computers have been taken over for this purpose.

Make sure your computer is protected against these attacks through the use of anti-virus and anti-malware, take regular backups in case of data corruption or ransomware attacks.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

ISO27001 Information Security

ISO 27001, also known as IEC 27001 is an information security standard and is published by the International Organization for Standardization  and the International Electrotechnical Commission.

Most organizations have some information security controls, but these may not be sufficiently comprehensive in their coverage. An information security management system (ISMS) can remedy this situation.

It specifies a management system and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit.

ISO 27001 requires that management:

  • Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts
  • Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
  • Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis

The ISO 27001 certification, like other ISO management system certifications, usually involves a three-stage external audit process.

Stage 1 is a preliminary, informal review of the ISMS, for example checking the existence and completeness of key documentation such as the organization’s information security policy, Statement of Applicability and Risk Treatment Plan. This stage serves to familiarize the auditors with the organization and vice versa.

Stage 2 is a more detailed and formal compliance audit, independently testing the ISMS against the requirements specified in ISO/ 27001. The auditors will seek evidence to confirm that the management system has been properly designed and implemented, and is in fact in operation (for example by confirming that a security committee or similar management body meets regularly to oversee the ISMS). Certification audits are usually conducted by ISO 27001 Lead Auditors. Passing this stage results in the ISMS being certified compliant with ISO/ 27001.

Stage 3 is Ongoing and involves follow-up reviews or audits to confirm that the organization remains in compliance with the standard. Certification maintenance requires periodic re-assessment audits to confirm that the ISMS continues to operate as specified and intended. These should happen at least annually but (by agreement with management) are often conducted more frequently, particularly while the ISMS is still maturing.

For detailed information on ISO 27001 refer to https://www.itgovernance.co.uk/iso27001

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Trust Pilot Customer Reviews

https://uk.trustpilot.com

Trustpilot is an online review community founded in Denmark in 2007 by  Peter Holten Mühlmann.

The website has more than 32 million reviews of 179,000 businesses and 1,000,000 new reviews each month created by 45,000 reviewers each day. So you can see this is a serious business and also that there must be a huge need for unbiased reviews of businesses.

Trustpilot “believe that people’s voices should be heard, which is why we’re dedicated to helping everyone share their genuine experiences. We’re committed to being the most trusted online review community on the market. Genuine reviews written by consumers are published instantly without censoring, and businesses can see and reply to them”

TrustPilot say they have zero tolerance for fraud and investigate any reported misuse

How Does TrustPilot Make Money?

They offer a series of packages to businesses for a monthly subscription.

The key sales points for these are:-

  • Connect with your customers by collecting reviews
  • Automate a review collection process seamlessly into your customer journey.
  • Build trust on a platform for both businesses and customers
  • Gather feedback and interact with customers on an independent website consumers trust.
  • Showcase your reputation where it matters
  • Amplify your presence across all channels including search, social, paid, and offline media.

The four business plans are:-

Free Plan £ 0 PER MONTH Lite Plan £ 149 PER MONTH (PAID ANNUALLY) Pro Plan £ 349 PER MONTH (PAID ANNUALLY) Enterprise Plan  CONTACT TO GET A QUOTE
Collect & respond to Trustpilot reviews for free. Showcase reviews on your website & clearly demonstrate marketing ROI. Give your marketing & sales a significant boost with a wide range of customizable tools. Full access to Trustpilot Business with superior integrations, data protection & account management.

 

If you want to build trust for your company. Then Trust Pilot  may be able to help.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Facts About Data Breaches

Hackers break into company computer systems and steal confidential information. i.e. they make copies of it for their own purposes.

The hackers might then ransom the data back to the owner or sell it to a competitor or sell it to other scammers or  might make us of it in phishing scams i.e. to get more confidential information which they can then sell to fraudsters.

This is big business and usually it’s the customers of the hacked business that suffer.

We give our private and financial information to companies to do business with them but we expect they will do everything necessary to keep that data secure.

Many companies do have excellent data security but some fall short.

The cost to a company of a data breach can include:-

  1. Creation of contact databases
  2. Regulatory requirements
  3. External experts
  4. Postal costs
  5. Communications set-ups
  6. Audit services
  7. Helpdesk
  8. Legal expenditures
  9. Reimbursement for customers
  10. Cost of cleaning up data

Besides the material costs, there may be reputation damage.

Recent research shows:-

  • The average cost of a data breach is $3.62 million
  • The average global total cost per record stolen is $141 but there is huge variance across incidents.
  • Companies in South Africa and India have the highest chance of data breaches whereas companies in Germany and Canada have the lowest.
  • The mean time to identification of a data breach is 191 days
  • The faster the breach is recognised, then generally the lower the total cost
  • The increasing use of mobile platforms is increasing the chances of data breaches.

For information on how to recognise a cyber attack see https://fightbackonline.org/index.php/business/102-do-you-know-if-your-business-has-been-cyber-attacked

[facts taken from 2017 Cost of Data Breach Study]

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature