The importance of cyber security: Part three

Understanding the basics of cyber security can help you increase your company’s defences against viruses and hackers.

In our last instalment on cyber security, we will focus on social media, multi-factor authentication and how to keep those all-important passwords protected.

So, what should you know?

Social Media

Situation: Hackers have gained access to your Twitter account. Your company is posting some controversial comments and your followers are not very happy (or laughing at your expense).

Solution: Delete the offending comments, change your passwords and follow the steps below to maintain tight control over your social media account’s security.

Mitigating the risk: So, your account was protected, however, it may not have been enough. So, what should you consider? 

Use a different passphrase/password for each account.

  • Use a passphrase over a password when you can. The more variety in characters, the better. For example, if your password is ‘Donald123’ you have a mixture of capital letters, lower-case letters and numbers. Unfortunately, the example we just gave you will still be easy to guess from a hacker’s point of view, which leads us to our next point.
  • Never use consecutive numbers, make the password longer than eight letters, and have a mixture of characters. A better version of the above password is ‘I’mDonAldDucks’password!forGooGle61’. This may be harder to remember, however, a strong password is key to keeping all your accounts secure.

Remembering all your new, long (yet secure) passwords can be difficult. A password manager (for example, Lastpass) can help you store and protect all your passwords by requiring one secure key to access everything.

Multi-factor authentication (MFA)

MFA requires the user to submit several pieces of information that can fall into any one of these categories: knowledge (something they know), possession (something they have), and/or inherence (something they are). Hackers will have to know your password and a specific token deriving from a physical or virtual device. Two-factor authentication (also known as 2FA) is a type of multi-factor authentication and is used to confirm a user's claimed identity by utilising a combination of two different components.

Examples of MFA tools

Authy or Yubico are good examples of MFA, to gain access you will need to plug both tools into your computer, plus, you will need to know the answers to a variety of questions that are personal to you. An example of an everyday utility that requests you to do this is your online banking account; your bank will ask you for your password, a passcode, and in some cases, your bank will ask for further authentication and have you copy a secret code from an authentication device given to you by your bank.

Physical tokens, a method that PayPal uses, is another form of MFA. For example, a simple short message service (SMS) is sent to the number your account is registered with to verify the person accessing the account.

Make sure that all your accounts are protected with a strong password. By implementing MFA you decrease the chances of encountering hackers. Additionally, always use ‘https’ websites to access your personal accounts. If there is no sign of a valid Secure Sockets Layer (SSL) certificate to access the page (as shown below), do not use the service as the website may not be secure.

Remember, this is just a basic overview on cyber security. The solutions you see here are not guaranteed to work. Each situation is different and if for any reason you believe your company will be a target of an attack, you should hire an information security firm to do a risk assessment and mitigate the risks in a professional way.  

This has been the last instalment in our series covering Cybersecurity. Our first instalment covered methods to mitigating risk in the event of a virus via a phishing site, a fake email or a risky site and our second instalment covered ransomware and the case of the lost laptop. 

Written on in Business Insights
Senior Devops Engineer & Junior Python Developer