Posts tagged " email security "

Ethical hackers to boost NHS cyber-defences

November 28th, 2017 Posted by Uncategorized No Comment yet

The NHS is spending £20m to set up a security operations centre that will oversee the health service’s digital defences.

It will employ “ethical hackers” to look for weaknesses in health computer networks, not just react to breaches.

Such hackers use the same tactics seen in cyber-attacks to help organisations spot weak points.

In May, one-third of UK health trusts were hit by the WannaCry worm, which demanded cash to unlock infected PCs.

Essential step

In a statement, Dan Taylor, head of the data security centre at NHS Digital, said the centre would create and run a “near-real-time monitoring and alerting service that covers the whole health and care system”.

The centre would also help the NHS improve its “ability to anticipate future vulnerabilities while supporting health and care in remediating current known threats”, he said.

And operations centre guidance would complement the existing teams the NHS used to defend itself against cyber-threats.

NHS Digital, the IT arm of the health service, has issued an invitation to tender to find a partner to help run the project and advise it about the mix of expertise it required.

Kevin Beaumont, a security vulnerability manager, welcomed the plan to set up the centre.

“This is a really positive move,” he told the BBC.

Many private sector organisations already have similar central teams that use threat intelligence and analysis to keep networks secure.

“Having a function like this is essential in modern-day organisations,” Mr Beaumont said.

“In an event like WannaCry, the centre could help hospitals know where they are getting infected from in real time, which was a big issue at the time, organisations were unsure how they were being infected”.

In October, the UK’s National Audit Office said NHS trusts had been caught out by the WannaCry worm because they had failed to follow recommended cyber-security policies.

The NAO report said NHS trusts had not acted on critical alerts from NHS Digital or on warnings from 2014 that had urged users to patch or migrate away from vulnerable older software.

 

Thanks to the BBC for this story.

Privacy

How much do you value your privacy?

January 16th, 2017 Posted by Subjects, Voice No Comment yet

I’ve got nothing to hide, so why should I care?

This argument is commonly used in discussions regarding privacy. Colin J. Bennett, author of The Privacy Advocates, said that most people “go through their daily lives believing that surveillance processes are not directed at them, but at the miscreants and wrongdoers” and that “the dominant orientation is that mechanisms of surveillance are directed at others” despite “evidence that the monitoring of individual behaviour has become routine and everyday“.

 

Most of us do value our own personal security/privacy more than we think. “Imagine upon exiting your house one day you find a person searching through your wheelie bin painstakingly putting the shredded notes and documents back together. In response to your stunned silence they proclaim ‘you don’t have anything to worry about – there is no reason to hide, is there?”.

Of course, most likely you don’t have anything suspicious to hide, but do you really want them looking at your bank statement, seeing receipts for things you’ve bought, letters from your children’s school…even the number of wine bottles in your recycling might be embarrassing?!

Your technological life is no different – you might not be breaking state secrets online, but would you want someone reading your private texts or messages? The heartfelt message to a loved one, an angry text to a friend, something mean said on the spur of the moment? It is essentially the same as your offline life.

Have you considered encryption?

Unless you are very tech-savvy, the likelihood is you haven’t. Luckily, there are some very forward-thinking people and companies out there trying to make encryption the norm. The following apps are all downloadable free of charge.

  • Signal – is an encrypted instant messaging and voice calling application for Android and iOS. It uses the Internet to send one-to-one and group messages, which can include images and video messages, and make one-to-one voice calls.

 

  • ChatSecure – The app uses open-source, publicly auditable encryption libraries to keep your private business messages private. It’s really flexible, letting you choose between connecting via your existing Google account, or creating a new account on a public XMPP server. Users who want even stronger security can connect to ChatSecure from their own private server. And unlike with many rival apps, ChatSecure doesn’t require your phone number of any other personal data to get started.

 

  • Gliph is a secure messaging service that you can use on all of your computing devices. When you’re on the go, use the iOS or Android app on your smartphone. When you’re at the office, use the Gliph desktop app so you can send and receive messages using a mouse and keyboard. Another key feature is “Real Delete,” which lets you permanently delete a message from both the sending and receiving device, as well as the Gliph server, whenever you choose. You can also attach a pseudonym to your main account at any time, so you can use a screen name for personal chatting and switch back to your real name for professional communications.

 

  • Wickr is a secure messaging app that lets you set an “expiration date” for every message you send; just select a date and time for your media to expire, and it will automatically be deleted at that time. That way, you don’t have to worry about a third party inadvertently reading private communications that are left on a contact’s smartphone. Meanwhile, the app features end-to-end encryption for all messages, and it lets you remove metadata from individual messages, such as the time it was sent, as well as geo-location data. Another handy feature gives you the ability to completely clear away message files that have been manually deleted but still reside on your smartphone’s memory. Wickr also has standard messaging features, like the ability to chat with groups of up to 10 people at once.

 

 

 

passwords

Do you still keep passwords in a book?

November 30th, 2016 Posted by Uncategorized No Comment yet

passwords_strengthDespite all the advice out there…many people still keep their passwords in a book next to their computer.

An email account is the gateway into your business and personal life which sadly means it’s also a valuable target for hackers and cyber criminals. From social media logins to bank account information, the common email inbox can be exploited to leave all of your sensitive data open to compromise. So, perhaps it’s not surprising that attacks on email accounts are common. From complex spear-phishing to malicious documents to social engineering – hackers have never been better-equipped.

Ways to keep safe (they may seem obvious – but we bet many people reading this still only use one or two passwords for everything!):

Firstly, make sure you use a strong password that uses a combination of words, numbers, symbols, and both upper- and lower-case letters. Check your password strength. If the website you are signing up for offers a password strength analyzer, pay attention to it and take its advice.

passwords_worst

  • Never use the password you’ve picked for your email account at any online site: If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone will be reading your e-mail soon.
  • Avoid using the same password at multiple Web sites. It’s generally safe to re-use the same password at sites that do not store sensitive information about you (like a news Web site) provided you don’t use this same password at sites that are sensitive.
  • If you think you’ll have trouble remembering multiple passwords (most people do, unless they have a photographic memory) the most secure method for remembering your passwords is to create a list of every Web site for which you have a password and next to each one write your login name and a clue that has meaning only for you. If you forget your password, most Web sites will email it to you (assuming you can remember which email address you signed up with).
  • There are several online third-party services that can help users safeguard sensitive passwords, including LastPass, DashLane, and AgileBits that store passwords in the cloud and secure them all with a master password.

For more Cyber Security advice speak to our team – hello@microcomms.co.uk or call 01209 843636