Make sure you have immutable backups of both local and cloud data (tip 3 of 8, in no specific order). #EightCyberSecurityTips

Make sure you have immutable backups of both local and cloud data (tip 3 of 8, in no specific order). #EightCyberSecurityTips

So what is an immutable backup?

According to good old Google “Immutable backups are data backups that cannot be altered, deleted, or modified after they are created. They provide a secure and reliable way to protect data against ransomware, accidental deletion, and other types of data loss”

The problem with a lot of data backups is they can be changed (or corrupted) after they have been created.

The cyber criminals know this all too well. So often, with a Ransomware attack, the criminals will wait several weeks before encrypting your data. This gives their Ransomware virus plenty of time to “corrupt” each backup device as it’s connected to the network, thereby destroying all chances of recovery from backups.

They know this increases the odds of you paying their ransom demand.

Backups should also take Full / Differential or Full / Incremental snapshots of your data. The reason behind this is sometimes you need to recover from an earlier point in time, not just the time of the last backup. A Full / Differential snapshot backup system allows for this, letting you recover data as it was days, weeks, or even months ago.

And don’t forget that you need to backup cloud data as well. Just because it’s being stored on a Microsoft or Google server in the cloud, doesn’t mean they are backing it up for you. If you read the small print in their T’s and C’s, you will find you need to take your own backups.

Cloud doesn’t mean it’s safe, cloud just means it’s on someone else’s computer / server. And it’s still your responsibility.

Chris

#TheAntiVirusGuy and

#TheDataBackupGuy and

#ThePasswordGuy 

—

A bit about me:

💻 Helping Entrepreneurs, the Self Employed, Sole Traders and Small Business Owners manage their online passwords and keep their computers virus free.

💻 Really good anti virus (SentinelOne £16 or ESET £4 or £8 per month) 

💻 Buzz Ambassador

#EightCyberSecurityTips (tip 2 of 8)

#EightCyberSecurityTips - Number two (in no particular order)

 

 

Use a Password Manager (but not the one in your web browser)

 

There are numerous advantages to using a password manager, rather than trying to manually manage your online passwords

 

🔐 No more trying to remember what the password is for a particular online account. Your password manager remembers it for you

 

🔐 You don’t have to struggle with trying to think up new passwords. Your password manager will generate LSD passwords for you (Long Strong and Different)

 

🔐 You never need to type in a password again, as your password manager will fill in the account usernames and passwords for you. Click, click and you are logged in

 

🔐 Protection from Phishing attacks. If the website is a Phishing site, then your password manager realises this, and doesn’t offer to autofill the password

 

🔐 Your password manager will warn you of breached passwords, weak passwords, and reused passwords. So it’s really easy fix the “security holes” in your passwords

 

🔐 You can also use a password manager for 2FA codes instead of a specific 2FA app. This is more convenient, but can in some cases be slightly less secure. But it’s often worth the trade off

 

 

Why do I keep on banging on about not using the password managers built into Chrome, Edge, Firefox, etc ???

 

The reason is, the browser based password managers are not secure. Any half decent cyber criminal will know exactly how to steal all your browser stored passwords in a matter of seconds.

 

They can download browser hacking tools from the internet (I tried one out and “stole” all my own passwords from three different browsers in less than twenty seconds). Or they can write a script to extract the URLs, usernames and passwords from each of your browsers, and send them back to their own remote server.

 

They can put the script on a Rubber Ducky if they have physical access to your computer, or if not they can use social engineering to trick you into downloading and running the script.

 

If you let your web browser store your passwords, you might as well be writing them on the front wall of your house in six foot high letters. Please please please don’t let web browsers store your passwords.

 

So which password manager should you use. My personal favourites are Bitwarden and 1Password. For personal use you can buy these direct from the manufacturers, or if you are a business I can supply you with the business plans (as I’m a UK reseller for both Bitwarden and 1Password).

Chris

#TheAntiVirusGuy and

#TheDataBackupGuy and

#ThePasswordGuy 

—

A bit about me:

💻 Helping Entrepreneurs, the Self Employed, Sole Traders and Small Business Owners manage their online passwords and keep their computers virus free.

💻 Really good anti virus (SentinelOne £16 or ESET £8 per month) 

💻 Buzz Ambassador 

#EightCyberSecurityTips (tip 1 of 8)

 #EightCyberSecurityTips Use 2FA / MFA everywhere

2 Factor Authentication or Multi Factor Authentication is a second or additional way of authenticating that you are allowed to access an online account.

Traditionally we have used a single method of authenticating to login to our accounts, usually a password. But there are several problems with a single authentication approach:

🔵 Humans are not very good at creating "good" passwords, they are usually far too easy to guess and are reused across multiple accounts.

🔵 The suppliers of these online accounts are not very careful with our passwords. They often store our passwords insecurely and then give them away to the cyber criminals in a data breach.

🔵 The cyber criminals are very good at cracking easy to guess passwords, or using phishing emails to fool us into giving them our passwords, or buying lists of breached passwords.


Not using 2FA is a bit like locking your front door, and then putting the key under the outside doormat.

With 2FA / MFA in addition to knowing the account password to login, you need a second way of authenticating. It's a bit like having two locks on your front door with different keys.

The most common 2FA method is to use an app on your mobile that generates a six digit PIN code, which changes every 30 seconds.

How does this help?

Well, now just having the account password is useless (and having just the ever changing PIN code is equally useless).

The cyber criminals or hackers need to crack, buy, steal your password, and have access to your mobile phone 2FA app, in order to login to your account. You have made it a lot harder for the criminals to get into your account.

2FA isn't infallible, there is a method called session hijacking that the cyber criminals can use, but it's much much safer than just using a password

Which accounts should you use 2FA on? Email is the main one. If a hacker can get access to your email, they can easily then break in to all your other accounts (that's a subject for another post). Anything with access to your money is another one to protect (eBay, PayPal, Amazon, etc). And social media accounts. The hackers love those as well, as they can then scam your friends.

What 2FA app should I use? My favourites are Google Authenticator, Microsoft Authenticator, or Bitwarden (a Password Manager) to store and generate the 2FA codes.

So, if you are not using 2FA / MFA you really should start using it straight away. It's an easy way to improve your security with no or minimal cost.

Chris

#TheAntiVirusGuy and

#TheDataBackupGuy and

#ThePasswordGuy 

—

A bit about me:

💻 Helping Entrepreneurs, the Self Employed, Sole Traders and Small Business Owners manage their online passwords and keep their computers virus free.

💻 Really good anti virus (SentinelOne £16 or ESET £4 or £8 per month) 

💻 Buzz Ambassador