Benefits of a Virtual CISO

By | Blog, cybersecurity

With all the recent cyber breaches that have made the news these last few months; company confidential information is now becoming public news.  No longer are company’s assets an internal matter, they are being made available on the dark web for sale to the highest bidder. Companies are struggling to keep their assets up to date and adhere to all the security best practices, such as patching and last privilege access, even two-factor authentication, malicious attackers are finding easy routes into what was once a safe-haven. These attacks are not just for large corporates, but even small businesses are now being targeted, though automated scanning and exploitation. Pressure is now building, companies are now looking to ensure they are protected and that they aren’t the next one to make the news.  Accreditations such as Cyber Essentials and ISO 27001 can help a business ensure that that the foundations are put…

Read More

Why have a penetration test?

By | Blog, cybersecurity, penetration testing

Overview One of our main services that TeraByte offers is a penetration test, or pen-test.  A pen-test evaluates the security of a business by using the same tools and techniques that malicious attackers would.  By scanning the network and associated web applications, a security consultant can check the Operating System, network, services and other devices which have been found and then look for vulnerabilities which may then lead to compromise. A pen-test can be useful for a business as it helps them validate how efficient their security policies are and will also identify any weak areas, such as weak passwords, and/or the use of default credentials on systems. There are several ways that a pen-test can be performed, however typically its either through automated, manual or hybrid (the use of automation tools with manual verification and exploitation).  At the start of the process a security consultant will enumerate the environment…

Read More

GDPR: Double opt-in, Consent and right to be forgotten

By | Blog, gdpr

GDPR is fast approaching and according to the latest news, there’s still a high number of companies which are still none the wiser when it comes to what needs to be implemented, which cause a lot of pain should things go the wrong way. Following our series of GDPR related blog articles which you can find here: we’re continuing our efforts to help make people aware of what is up coming and what you need to do for your business. Double opt-in for email Email consent is just one of the many areas within GDPR, but for marketing teams this is a crucial area to be considered as they generally interact with clients more than the rest of the business, and due to this they have to make sure that all of their processes are fully compliant.  Under GDPR you are no longer able to add people to your mailing…

Read More

Phishing attacks: How to recognise and what to do

By | Blog, phishing

When it comes to Phishing attacks, there are a number of angles that cyber criminals use, the main ones being: email messages, websites, and phone calls which are all designed to steal your hard-earned money. Whether this is through tricking you into installing malicious software onto your computer or entering in bank information into a clone of a website, hoping to fool you into thinking it’s the real deal. However, simply asking you to download some software or enter your bank information won’t work the majority of time, so this is where social engineering comes into play.  Social engineering, if done well can convince you to install software or hand over your personal information, through well-crafted emails and websites.  The cyber criminals are replying on you to quickly glance at the links and websites and think yes that looks about right.  Sometimes they may even contact you by phone and…

Read More

The employee effect: Keeping your business secure

By | Blog, cybersecurity, databreach, gdpr, passwords, phishing

Keeping your business safe and secure, through the use of best practices, hardware appliances, various accreditations and Cyber Essentials is all well and good, and I hope more companies continue to do this, but it only takes the actions of a single employee to undo all that hard work that has been put in place. According to the Ponemon Institute’s 2017 Cost of Data Breach Study, it was found that after surveying over 400 businesses, over a quarter of all attacks are the results of negligent employees or contractor behaviour within the business. Media outlets are focussed on the more fancy and interesting attacks, such as the recent WannaCry outbreak.  However, the majority of times a data breach or cyber related incident is not down to an attack like this, but down to the end-user the employee.  These types of attacks tend to go unnoticed, and unreported. Through the use…

Read More

GDPR: Data Privacy Impact Assessments (DPIA)

By | Blog, gdpr

The GDPR is just around the corner and is starting to open the eyes of many businesses, albeit too late in some cases.  In fact as of writing “29% of UK businesses have not started preparing for GDPR”, time is running out and there’s lot of things to look into and implement before the deadline of 25th May 2018. One of the requirements that’s coming into effect is the use of Data Privacy Impact Assessments (DPIA). What is a Data Privacy Impact Assessment? The Data Privacy Impact Assessment, from next year will become a mandatory assessment for any business that processes data.  Currently called Privacy Impact Assessments, the ICO currently states that the PIA: “are an integral part of taking a privacy by design approach. Our code of practice explains the principles which form the basis for a PIA.” Will I need one? The DPIA are there to help businesses…

Read More

SIEM: How can it benefit your business

By | Blog

SIEM: What is it? To allow businesses stay one step ahead of cyber attacks and general incidents as well as being informed through the means of alerts, Security Information Event Monitoring (SIEM) systems are increasing year on year. SIEM are products that allow businesses to provide real-time monitoring and analysis of monitors devices within the business.  Devices such as desktops, laptops, switches, routers, firewalls can all be configured to send their data to the SIEM. Audit log data which is sent to the SIEM can be made up of, but not limited to: IP addresses, event types, memory, processes, ports etc. which are then processed and tagged to identify any issues. Using SIEM in your day-to-day running can help assist operation teams in identifying problems as soon as possible, allowing them to intervene quickly and either fix or cut-off any issues before they impact business. How does it work? SIEM…

Read More

Auditing and centralised logging

By | Blog

The securing of business information has, in the past, been placed way down the list of priorities when it comes to day-to-day running of the business. The actions of auditing systems have normally been reliant upon Windows event logs or the OS X / Linux audit logs, rarely were these looked at unless there were issues cropping up. Now as more and more businesses are suffering cyber attacks, or attacks from malicious users, the need for easy visibility of events is increasing.  But what do you do with all these events, ignore them? leave them until you need them? Alert on them? There are many options available to you. Logs play a critical part of any system, they allow the system administrators an insight into what systems are doing, as well as what happened after an event.  As soon as you have more than a handful of systems to manage,…

Read More

GDPR: Data Retention

By | Blog, gdpr

The clock is ticking and we’re now under the one year mark until the new data protection act is enforced. The General Data Protection Regulation (GDPR) requires that personal data is only stored for as long as necessary. The data retention criteria is defined in the regulation Rec.39; Art.5(1)(e), it states that: “Personal data must be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the data will be processed solely for archiving purposes in the public interest, or scientific, historical, or statistical purposes in accordance with Art.89(1) and subject to the implementation of appropriate safeguards.” What does this mean to you? What does this mean? No longer are you as a data controller or data processor allowed or expected to keep information in…

Read More

Top Tips for protecting your business against Ransomware

By | Blog, ransomware

With the recent cyber attacks that brought many businesses to its knees in over 150 countries, we’d like to try and help spread some knowledge on how you and your business can stay safe. What is Ransomware? As mentioned in this article, Dangers of Ransomware, Ransomware can come in several different guises.  However, the two main popular ones are the lockscreen, which lock your screen and you are denied access to your information until payment.  Or the Encryption (cryptoware) which encrypts all your data until payment. Both types of ransomware usually request payment in the form of Bitcoins, once received you are promised an unlock key to get all your information back. Should I pay up? If you are unlucky enough to become a victim of Ransomware, you should not pay to get your information back, in most cases you will not get your information back. Have you need infected…

Read More