Advice

DNS Hijacking

You may be wondering what ‘DNS hijacking’ is, and how to secure your own company’s sites. Even if you are not in one of the industries currently being targeted, it is nonetheless important that you secure yourself regardless.

DNS Hijacking Read More »

Threats You Might Not Have Thought Of: Part 2

In the previous part of this series, which covers some of the weirder and wackier parts of your business that may nonetheless prove to be your Achilles’ heel when it comes to cyber attack, we discussed the threat posed by printers. This time, it’s the turn of something you probably even less likely to consider when assessing your level of vulnerability—your air con.

Threats You Might Not Have Thought Of: Part 2 Read More »

SMEs: Easy Pickings and Collateral Damage

If you work within, or even run your own, SME, it may be tempting to consider yourself protected from the risk of cyber attack by your size. If you only have a handful of customers, or turnover that measures in the hundreds of thousands rather than the millions, you may believe that attackers will simply pass you over in favour of larger, potentially more lucrative targets. This can leave you vulnerable for a couple of reasons, which we’ll talk about here.

SMEs: Easy Pickings and Collateral Damage Read More »

What are the Collections Breaches?

In January, security researcher Troy Hunt announced the addition of the ‘Collection #1’ set of compromised login credentials to his Have I Been Pwned (HIBP) service. HIBP allows users to search for their own email addresses and passwords in order to identify whether they have appeared in any major data breaches. This was followed shortly afterwards by coverage of ‘Collections #2–5’. Here we’ll explain why these collections are a big deal, and the steps you can take to protect yourself.

What are the Collections Breaches? Read More »

Authenticate Smarter, Not Harder: Part 4

In the first part of this series, we decried the overreliance on passwords for authentication. In the second, we discussed the full range of means at one’s disposal. In the third, we described the advantages of using multiple means in conjunction with one another. In this fourth and final part, we detail how, when no other option is presented, one can use single-factor, password-based authentication (PBA) at its most securely.

Authenticate Smarter, Not Harder: Part 4 Read More »

Authenticate Smarter, Not Harder: Part 3

In the first part of this series, we held an intervention over the widespread use of passwords, complete with the ever-widening list of arduous hoops to jump through that are imposed on users in the name of security. In the second, we revealed just how expansive the field of authentication methods really is, but with the caveat that no single method is without its flaws. In this third part, the gold standard of authentication—multi-factor authentication (MFA)—is presented.

Authenticate Smarter, Not Harder: Part 3 Read More »

Authenticate Smarter, Not Harder: Part 2

In the previous part of this series, we discussed the many shortcoming of passwords as a means of authentication—the process of verifying that a given person is someone you want to be able to do something, such as use a piece of software, log in to an online account or access an area of a building. In this part, a range of authentication alternatives to passwords will be presented, along with their pros and cons.

Authenticate Smarter, Not Harder: Part 2 Read More »

Authenticate Smarter, Not Harder: Part 1

Passwords are ubiquitous and have been for decades, despite repeated predications over the years of their impending death. They have remained popular for a range of reasons, primarily their simplicity and familiarity, backed up by how widespread technological support for them has traditionally been. As a result, the status quo is often not challenged, despite expert consensus that passwords are—well—a bit naff.

Authenticate Smarter, Not Harder: Part 1 Read More »

Supply Chain Security: Part 3

In the first part of this series, we covered the threat posed to your business by attacks on your supply chain. In the second, we detailed a number of ways of properly vetting potential suppliers, both obvious and non-obvious. In this third and final part of this series, we will detail a range of tactics you can use to protect yourself in the event of an upstream company being compromised.

Supply Chain Security: Part 3 Read More »

Supply Chain Security: Part 2

In the first part of this series, we explained how you are ‘only as secure as the company you keep’ and detailed the threat posed by supply chain attacks such as the 2017 NotPetya attack and contemporary activities of Magecart cybercriminal groups. However, for most people, using a supply chain is not optional. Here, we will go through ways of vetting your supply chain.

Supply Chain Security: Part 2 Read More »

Supply Chain Security: Part 1

You are only as secure as the company you keep, and in the modern technological ecosystem the company a company keeps is increasingly becoming a crowd. Particularly in the retail industry, but by no means exclusive to them, companies ‘rely on armies of third-party services to boost engagement and optimize the customer experience on their websites’.

Supply Chain Security: Part 1 Read More »

Who Are Magecart?

You may have heard talk about a shadowy entity called ‘Magecart’. You may know that whatever or whoever this ‘Magecart’ is, it’s not good, but you may have other questions: who or what are they, what do they do, and how can you defend against them? This article shall attempt to answer those questions.

Who Are Magecart? Read More »

Scroll to Top