Be cyber safe: the 10 laws of security
In arecent study the BBC asked a number of lawyers, accountants,digital agencies, research analysts, telecoms and tech firms what their viewswere on tech trends for 2016, and the number 1 concern was cyber crime. Ironic as they themselves werethe victim on New Year’s Eve 2015 in what was described as a "distributeddenial of service" attack on their website.
The last few months of2015 alone saw Lloyds Bank, T-Mobile & Talk Talk all hacked and client datastolen. No business is safe from the threat, big or small; in fact a smallbusiness study by the National Cyber Security Alliance found that 40% of allcyber attacks were directed at firms with fewer than 500 employees. In the UK theaverage cost for a business following a cyber attack is estimated at £71 perrecord*. With new EU regulations due to come into effect in 2018 thisfigure will only increase as businesses face fines for such data breaches - upto 4% of their annual turnover.
A lot has happened in theworld of technology these past 15 years so it is perhaps surprising to learnthese ‘10 Immutable Laws Of Security’ were written all the way back in 2000 asthey are still as true today as they were then and so well worth a revisit.
One thing that haschanged in that time, however, is the ability to buy insurance cover to protectagainst the effects of such a breach, most commonly known as cyber liability orbreach of privacy. Not only do these policies protect against the financiallosses most also provide additional support services that give access toprofessionals (e.g. forensic experts, legal & PR) to help limit the impacton businesses and more importantly their customers.
Formore information on getting protected visit https://www.bluefinprofessions.co.uk/other-expertise/cyber-liability/.
Revisiting the 10 laws of securityby Scott Culp
1. Never run,or even download, a program from an untrusted source
When you choose to run a program, you are making a decision to turn overcontrol of your computer to it and once a program is running, it can doanything, up to the limits of what you yourself can do on the computer.
2. If a thirdparty can alter the operating system on your computer, it's not your computeranymore
An operating system is just a series of binary code that, wheninterpreted by the processor, cause the computer to do certain things. If otherpeople who use the computer are permitted to change the binary code, it's"game over".
3. Restrict physicalaccess to your hardware
Keep domain controllers, database servers, and print/file servers in alocked room and when travelling with a laptop, ensure it is kept on your personat all times.
4. Never allow visitors to uploadprograms to your website
If you run a website, you need to limit what visitors can do. You shouldonly allow a program on your site if you wrote it yourself, or if you trust thedeveloper who did.
5. Strongsecurity is compromised by weak passwords
Choose a complex password which is a mix of upper- and lower-case letters,numbers and punctuation marks. Make it as long as possible, change it regularlyand never write it down.
6. An untrustworthy administratorcan negate every other security measure you've taken
Administrators can change the permissions on the computer, modify thesystem security policies, install malicious software, add bogus users, or doany of a million other things.
7. Encrypteddata is only as secure as the decryption key
No matter how strong the crypto algorithm is, the data is only as secureas the key that can decrypt it.
8. An out ofdate virus scanner is only marginally better than no virus scanner at all
A virus scanner can only scan for the viruses it knows about so it'svital that you keep your virus scanner's signature file up to date, as newviruses are created every day.
9. Absoluteanonymity isn't practical
Read the privacy statements on the websites you visit, and only dobusiness with ones whose practices you agree with.
10. Technologyis not a panacea
Technology can do some amazing things and it's tempting to believe thattechnology can deliver a risk-free world, if we just work hard enough. However,this is simply not realistic.
*Source: 2010 Annual Study: UK & US Cost of a DataBreach by Ponemon