How to improve Cybersecurity without spending money

Cybersecurity without spending money or breaking the bank

Cybersecurity without spending money is achievable for your company today.

A lot of companies struggle to improve Cybersecurity without breaking the bank. We have a few simple ideas that can really help you to find your Cybersecure Success without shelling out cash

For anyone who has been to our webinars to help businesses become more cyber secure, you will recognise how we divide up security themes. We discuss users, applications, devices, networks, and servers.

Cybersecurity without spending money principals users, applications, devices, networks, servers

It may surprise most people, but the hardest and potentially most costly part of cybersecurity is cultural change. This means getting users to do the right thing!

Many of our customers find the technical changes easy, although, they can be costly, depending on the level of confidence the client needs. But, it is almost always supported or undermined by user behaviour. Cybersecurity without spending money can be achieved readily and will help support your future goals.

If you are setting out on your cybersecurity journey, here are the top ideas that can help you significantly reduce the cost, as well as protect the investment of transforming your business:

Key ideas for transforming your business Cybersecurity without spending money

  • Talk about cybersecurity openly
  • Elect a head of cybersecurity
  • Highlight a key idea or cybersecurity principles at the start of every significant meeting
  • Casual and constant reminders not to click on email and SMS links
  • Make sure everyone is familiar with the free tools that can help your security
  • Ask your staff to take free cybersecurity tests online, to keep them informed
  • Ensure your staff know how to make complex passwords that they can remember
  • Check that no one sticks their password to their computer or saves them in a file
  • Ask staff not to use USB storage or removable media unless absolutely necessary

None of these ideas cost any money directly and all of them can be done today! Cybersecurity without spending money is viable and can be easy. You do not even require any technical skills, beyond a quick web search.

It is within the power of everyone in an organisation to be able to improve cybersecurity and very often the first steps come from simply discussing existing issues. You may want to set up regular internal workshops to share ideas on what can be improved. This will be supported by sharing research, memes, ideas, and best practice regularly.

Even if your company is looking at employing cybersecurity specialists, in-house or out-source; these principles will help you to reduce expenditure. In addition, a cyber security-aware company has been proved to reduce breaches by being vigilant, keeping sensitive data secure, thinking before acting, and making best practices their second nature.

Talk about cybersecurity openly

It may not seem like a big step, but just having conversations with colleagues about cybersecurity (1) gets people thinking, (2) gets staff excited, (3) flushes out ideas for improvement that may be really easy to implement.

Elect a head of cybersecurity

Ensure your staff has someone to talk to about their cybersecurity concerns. This person does not need to be qualified, or a technical expert. But, they are responsible for reporting concerns, helping to outline concerns and keep a log of risks that need addressing.

Highlight a key idea or cybersecurity principles at the start of every significant meeting

Just spending a few minutes at the start of every meeting can really help to bring cybersecurity to life and keep staff discussing key lessons. Keep it simple and use a message for each meeting. For example; a slide about not using free wifi. This can reduce the risk of having your password stolen. Or a simple image of a password stuck to a monitor.

Please feel free to download images from our resources to help you get started.

Casual and constant reminders not to click on email and SMS links

Following URLs and clicking on links is a sure way to eventually download malware. The best thing your staff can do is never to click on a link. Even if the link comes from what they believe to be an authoritative source. The risk of introducing malware, especially when it is a “limited time offer”, “emergency”, or “must click or miss out on a great deal”, is just too high. Always navigate to a site yourself or call the contact center of an organisation.

Make sure everyone is familiar with the free tools that can help your security

They say that nothing in life is free, but that’s just not always true! There are free and low-cost VPN, Anti-virus, password safe, spam protection tools available for download. Ask your head of security to spend an hour or two doing the research and recommend what everyone can use to keep them safer.

Ask your staff to take free cybersecurity tests online, to keep them informed

There are many free cybersecurity tests that your staff can take to keep them up to date and aware. We have our own online quiz to help you and your company improve cybersecurity performance.

Ensure your staff know how to make complex passwords that they can remember

Think about writing a memo to help guide staff to better passwords. Advise colleagues to use multiple words, mix in numbers and special characters. They can even invent a password formula that allows them to remember passwords for multiple sites.

Check that no one sticks their password to their computer or saves them in a file

Simply, anyone who can see your screen could log in as you. It may be convenient, but it makes identity theft far too easy!

Ask staff not to use USB storage or removable media unless absolutely necessary

Any removable storage media can easily hold malware. Removable devices let sensitive data get shared and even lost. Encourage staff to use secure servers for storing information so that a password is needed every time. It also helps when you have a backup solution in place to both protect and recover sensitive data.

If you would like to learn more about cybersecurity without spending money or would like to spend money with us to vastly improve your cybersecurity, feel free to make contact

Remote Working Transformation and Cyber Security

Remote Working, just how ready is your business? Are you Cyber Security aware?

With the world suffering lockdowns, infections, and a general inability to be in the same office, a lot of companies have adopted a desire for their staff to work remotely.

For some companies, this has even been adopted as their new normal way of working. However, is it really as simple as handing out laptops, headsets, and sending all your staff home?

What is the solution?

With modern Cyber Security, we must consider the impact of people’s roles and their need for access to customer, vendor, and staff privileged data. It could be that individuals spend as much as 100% of their working day accessing PII (Personally Identifiable Information), so how can we be sure that they are not being spied on, taking screenshots, or downloading databases to sell? Can we be sure that staff who need very limited access to data are only accessing it when they really need to? Are we sure that vendors and 3rd parties are not skimming information from databases to pass on to other customers? How about the people they live with?

There was a time in the not so distant past when we would use physical security to stop thieves from entering our companies. With key staff now distributed around the country, this is not so easy. Just because you trust an employee, does not mean you trust the person looking over their shoulder.

As with anything to do with Cyber Security, there is no single answer. For anyone who has worked with Cyber Security, it will be obvious that we cannot achieve 100% secure, but we find 100 different ways to be 1% secure. This means that we achieve 100% secure through a journey which requires a lot of steps.

We, at Zed Binary, find it easiest to consider this journey in 5 separate parts:

How do we get there?

  • Users – Are you sure you are only giving access to the right users?
  • Applications – Is there an infected or malicious application being used?
  • Devices – Are you allowing any device to access secure data?
  • Network – Are you sure your staff’s network is secure or that they use a VPN?
  • Servers – Do you think your servers only allow secure access and have great encryption?

For each of these areas of focus, you need to ask some fairly simple non-technical and some potentially more technical questions.

For example: “Can an unattended laptop be accessed by anyone else?”. Again, you may not be able to say for sure, but you can at least set a timeout for work machines to lock, or user sessions to expire. You may find that it is easier to restrict data access to certain physical locations.

Does one solution fit all?

Unfortunately, one solution will never quite fit all. Yes, there are tools, such as Cyber-Ark that go a long way towards improving compliance in a uniform way. However, you must consider the human factor.

The highest risk, according to NIST, is the “Insider Threat”. This means people that work for you deliberately or accidentally leaving the door open to Cyber Thieves.

You also need to be aware that way your company operates, what data you store, the measures for role based control, and how you identify staff all plays a key role into what restrictions you need to put in place. There is little point in spending millions of dollars to uplift an ageing Cyber Security framework, for a password to be left on social media.

How should we approach Cyber Security transformations?

Simply put, you can breakdown areas for consideration to the following:

  • Education – Train your staff to know what is a good secure way to behave.
  • Repetition – Keep repeating key messages in meetings, emails, blog posts, and desktops.
  • Products – Make screen filters, Cyber secure routers, VPNs, Virus protection, etc available to your staff.
  • Resources – Give access to Cyber Security slides for staff to add to the start of their presentations and meetings.
  • Culture – Change the culture of your organisation to become accepting of challenging others on their security.
  • Monitoring – Make sure you can test, see, and measure how well your efforts are being adopted.
  • Testing – Test everything, servers, network, etc. Make sure everything stays secure.

If this has been helpful, come and talk to us at https://ZedBinary.com/contact.php

Are your remote workers safe?

Since the start of the Covid-19 outbreak, companies have been, very sensibly, asking staff to work from home. Unfortunately, that is not the end of the story from a risk management perspective.

Most corporate networks are secured from the perspective of attempting to stop people in the outside world from accessing their secure data inside the building. This approach to network design relies heavily on a majority having a physical presence day-to-day inside the office, rather than accessing remotely.

Additionally, the systems that were installed to manage external logins and access, primarily for third party vendors, did not have the resources allocated to manage the sudden uptick in numbers of people requesting secure logins. Plus with a lot of offices all but empty, it provides a perfect opportunity for thieves to gain physical access to servers and on-premise networks. This has been shown by a number of security breaches in 2020 and 2021.

The big question is: “Has your company made provisions to harden your security?”. Have a look at the statistics below and ask yourself if you have properly assessed your Cybersecurity risk.

  1. 95% of cybersecurity breaches are caused by human error. (Cybint)
  2. The worldwide information security market is forecast to reach $170.4 billion in 2022. (Gartner)
  3. 88% of organizations worldwide experienced spear-phishing attempts in 2019. (Proofpoint)
  4. 68% of business leaders feel their cybersecurity risks are increasing. (Accenture)
  5. On average, only 5% of companies’ folders are properly protected. (Varonis)
  6. Data breaches exposed 36 billion records in the first half of 2020. (RiskBased)
  7. 86% of breaches were financially motivated and 10% were motivated by espionage. (Verizon)

Data sourced from https://www.varonis.com

These figures should make you aware that not only will there have already been an attempt to breach your cyber security at least once this year, but it may well have been successful and you might not even know about it!

If you want to discuss how to make it safer for your remote workers and even get tools to help prevent Cyber Crime happening within your organisation, please contact us to discuss further.

Are your staff your greatest Cyber Security risk?

If you are Cyber aware, you may have heard talk of the “Insider Risk”, if not, it’s a risk that some-one inside your company will be providing exposure to not just your secure data, but potentially that of your customers.

Not only can this harm your reputation and directly hurt the income of your business, but with hefty fines being issued around the world, has the potential to kill your company over night.

So, what are the element of the Insider Threat?

  • Negligence – when people in your company click links from spam emails or copy data to insecure drives, purely because they don’t know better.
  • Malicious – your disgruntled employee who is leaving for another job may also leave a backdoor open to be able to return, or even let others into your data. Worse still, that thumb drive they always have with them may just contain all your company data.
  • Infiltration – someone who pretends to be your employee and is handed or gains access to credentials, even though they do not work for you.

In a 2018 insider threat report whitepaper; it was determined that 53% of companies surveyed had confirmed insider attacks against their organization in the previous 12 months, with 27% saying insider attacks have become more frequent.

This means that your company has probably been subject to an attack and you may not even know about it!

Contact Zed Binary today to find out what measures you can put in place to prevent Cyber theft and protect your company’s future.

Is remote working the future or just a phase?

For so many people, remote working is something new, exciting and a total break from what we consider to be normal. For others, it’s a distraction from productivity and only a temporary measure.

For those in the IT world, we have been working remotely for decades and being on site, can be a useful way to keep in touch with people, but with a little effort can turn into a productivity super power.

Virtual Co-location can giver us the best of both worlds and use the latest productivity research to make collaboration not just as good as when we share the same building, but even more advanced in ways few people had even considered before the pandemic.

So what do you need and what does best practice dictate?

First of all, collaboration tools such as Teams, Jira and Trello can go a long way to enhance team working and track productivity. But this needs to be accompanied by an evolution of soft skills, such as:

  • Improved KPIs that track productivity over attendance
  • Regular coffee breaks with other team members to “shoot the breeze”
  • Free exchange of ideas to managers and peers
  • Moving to a success-oriented model
  • Above all making time to care for each other’s physical and mental health

It has been shown that booking up to an hour a day to just talk to your colleagues can actually increase productivity by up to 60%.

Spending as much as 10% of the working week planning, rather than just pushing hell for leather into delivery has been shown by large corporations to increase the odds of delivery success by as much as 20 times.

The bottom line is that not only is remote working a viable alternative to being in the office. It offers a huge array of benefits if done correctly. Not just a better work-life balance, but irradiating commute times, better business safety records, reduced cost to individuals and companies, just to name a few.

If companies are to be successful in times of uncertainty, they need to adapt to better ways of working with enhanced remote security, better collaboration tools, and techniques, finding new ways to bring out the best in their people.

What this means is continuous improvement and relentless evolution of capability, or to risk extinction.

A simple way to be successful

“If you want to live a happy life, tie it to a goal, not to people or things”

– Albert Einstein 

I choose to believe that what Albert Einstein means by this is something that most project and delivery managers know to be true. Set a goal and it acts as a beacon in your life to drive you towards something.

It becomes what you wake up for every day, what drives you through the day and makes you smile when you get a little closer to achieving it. For anyone who has led a team towards a goal, they will tell you that sharing a clear vision of that goal is more effective than offering rewards, money, lunches, or other physical incentives; Of course, it never hurts to show kindness, to motivate and encourage, but without a clear, concise goal, the project will drift and determination will waver.

When you choose to make your happiness dependant on a person, you may be creating unrealistic expectations of them. You may even be charging them with a task that they haven’t agreed to, are not capable to deliver, or even may not always be in your life to live up to. The same, or similar can be said about placing your happiness on things. If they are stolen, or destroyed, should you then become unhappy?

It is a little known fact, but a fact all the same, that we are not only responsible for our happiness but choose to be happy. When we rely on circumstances, people, and objects to make us happy, we choose fleeting happiness. However, when we choose purpose and set a goal, we create a happiness that will last until its completion.

Setting a clear and achievable goal is enough to make ourselves and our teams happy, as well as our clients.

5 tips to keep you safe on Social Media

Think about all your social media posts over the last few years, is there anything that could give away key details about you that you wouldn’t want anyone to know?
How many banks, insurance companies, government agencies, and other highly secure groups ask for your address, mother’s maiden name as well as your date of birth, then use these details to identify you?
These key pieces of information can so easily be leaked publicly with very little understanding of what we have put out into the world and forgetting the impact on our actions as they accumulate.
It doesn’t even have to be on just one platform, your data accumulates between Facebook, Twitter, Youtube, Instagram, etc. All of this data is being trawled and linked together constantly by nefarious agencies who want to find out more about you and gain access to your private, personal information to profit in any way possible.
It is through all of the events in our lives that we accidentally give away small pieces of information, as in the example above, without realising that we have just given out the keys to our own personal kingdom.
Most people seem to think that posting a password publicly is the only way for people to get into our accounts, but it’s simply not true. It is estimated that access was illegally gained to at least 16 billion records in 2020. This means that any actions we take to improve our security can have a profound impact on the global figure of breaches as well as protecting us personally.

So, what actions can you take to protect your account?
1) Regularly check your social media for any personal information you are giving away, such as DOB, age, address, location, names of close relatives, or answers to your account recovery questions.
2) Think before posting any information. “It’s been such a lovely day at the Crookham road neighbourhood party” could just give away enough to hand over access to an account!
3) Look at what people are posting to you, or about you. Wishing you a happy birthday, or saying “I’m coming to visit you in Liverpool” is unnecessary information that you don’t need to give away. As people to remove posts as needed.
4) Check photos for information before uploading them.
5) Manage your privacy settings to stop social media sites from allowing your information to be trawled by search engines and offer your posts out to the public. Make sure you use the most limited form of access to your posts first and only open up to the world if you really mean to.

Embrace Success

Focus on Success

“Embrace success emotionally, deal with fear logically” How many people have worked on projects that just seemed to start going wrong no matter what they do? Well it actually comes down to this simple principal and it’s the psychological trick underlying ideas such as “the secret” as well as many other successful entrepreneurs philosophies. If you start a project with a phrase “if this fails I’m going to quit my job” (I know a few people will recognise which project this comes from!), you are painting a future where that outcome is all you can emotionally cling to and therefore it becomes inevitably belittling all efforts you make for success, in short, you become your own worst enemy! However, if you start your mission with a lovely clear vision and wake up every day feeling the glow of that vision coming to life, you will smash all the goals and fight all your own personal demons to make it come true.
This is why writing down risks with strategies to mitigate can be so important. It actually helps you to put the risks out of your mind and allows you to embrace the success that you so richly deserve .Keep a risk log, make your fears wither with plans to destroy them, but equally have a clear and understandable vision of success so that both you and your team feel inspired every time you see it!

Importance of IT Strategy to build your business

In this article I aim to help you understand the importance of a good IT strategy, how it can save your business time, money and improve growth.

When was the last time your business approached your IT vendor, function or department and asked them to deliver something that seemed quite simple? How shocked were you when they said 1) How long it would take 2) The cost and 3) When you received it, how your expectations had been missed from what you’d originally envisioned?

Well these are all things that a good IT strategy can address. Healthy modern IT should be consistent/repeatable, dependable and give the business visibility. This means regular meetings to demonstrate and take feedback, a good collaborative working relationship, a welcoming attitude to change and great communication with everyone’s expectations being managed.

Even without taking into account the additional complexities of regulated industries, this seems like a bit of a pipe dream to some companies and can be a real challenge to achieve. That’s because your strategy needs to be built with strong leadership, working alongside all of the owners in your company to ensure a mutual vision can not just be built, but also maintained. There are three key ways to move towards a clear vision for IT:

1) Collaborate and publish an IT Strategy that will move you to a fundamentally better way of working

2) Dictate where the company is going and build a new team to deliver this new approach, cherry picking people and projects for the best results and success

3) Deliver small changes to your IT teams with little improvements as you go

There is no right answer that fits every company and each place that we have delivered fundamental strategic change has needed its own subtle slants on how best it can be done, however, there is always a similar approach. First, get to know the key stakeholders, then learn the processes, play back the good, bad and ugly, then step away and build the vision that everyone wants to see, finally create and deliver a roadmap to get from where things are to where they should be.

It may sound simple, but there are always changes, challenges and egos involved! Which create their own problems. Plus in the course of walking the path from business requirements to IT delivery, you will always find voices that for a number of reasons have been silences. So to ensure a good ability to continually improve, it is imperative to implement systems to gain continuous feedback from business and IT staff alike. Visibility and monitoring of solutions and their delivery is essential to ensuring the health of solutions that support our companies. We can also then adjust and adapt without needing to return to square one every single time.

We also find there are a lot of intrenched bad practices that slow down deliveries, such as slow HR capabilities (due to legal, process, technical and other constraints rarely to do with HR itself as an entity), Vendor management delaying passing work to and collaborating with third parties (eg Tender processes and backup vendors), Legal agreement sign off and many other factors that can stop what should be a quick delivery from even starting, let alone being delivered in a timely manner.

Your strategy needs to give you Visibility of all the successes and pains, Adaptability to be better every time you deliver, Simplicity for everyone to understand the process, Organisation that tells everyone exactly what their roles are without overlap and conflict and Focus on Success to ensure everyone is aiming for the same goals.

This is, of course, easier said than done, particularly when companies are haemorrhaging money on Software Asset Management and Licensing, Vendor delays, Hiring contractors to meet demands and manual tasks that could be automated, to name a few examples of the financial black holes that can be avoided.

Your strategy can deliver you and your teams from all this pain and should set high level goals for the coming periods (be it quarterly, annually or for the decade if you’re really organised!). If you want to know more, book some time and we will discuss the options you have; but like any successful approach, start small and build confidence!

Block Chain made easy

Blockchain – the latest voodoo to be cast in the IT realm with many not even understanding what it is and most not understanding the problem it tries to address.

As simply put as possible: Blockchain is a public database with private information shared between peers with a record of transactions, audit trail, and authentication of users.

Can it be made easy to understand?

Well, let’s try, starting with … What was the original problem?

Essentially the issue was how could a currency be created without a bank. This creates a number of requirements … Basically: It must have a common understanding to have a value, there must also be a common ledger and record of transactions as well as mechanisms for people to spend. For transactions to be recorded, it would need a peer-to-peer infrastructure.

Okay, so – in order to transfer money from one person to another, we need a record of how much money they have.

Great – let’s give users a “wallet” that is available from anywhere. We then need to be able to send messages to transfer currency from one wallet to another.

Okay, now we’re cooking with gas! – but how do I know that the payment really came from User A? Shouldn’t we have some kind of signature?

Now that we have a private key in the wallet, the user can sign stuff and it can’t possibly be from anyone else. Though, we need to put better security around the payment, don’t we?

So far, so good. But while we do this, we need to ensure that the payload is unique to prevent re-spending the same currency.

Also, we have already said that this will not be stored on a server, so we need to know who has been involved in handing this package from one end of the internet to the other. In fact, instead of just handing one transaction, surely we should gather some of the transactions together into a block? While we are at it, let’s make sure the wallets are accessible on lots of nodes around the internet, that way, we don’t need to worry about (1) if the user can get to their wallet, ie. high availability or (2) that the wallet is anywhere vulnerable.

Ah, now that’s a bit better. However, this block will need to be passed between several peers in order to tell User B about User A’s payment. There are risks around malicious as well as accidental change on the way through that have not really been addressed.

Okay, so imagine this block is going to be replicated several times. We already have the encrypted and signed payloads and the block has a header so that you know what is detailed in the block as well as that it is unique.

In practice, what happens is that validators each check the validity of the block and when they have confirmed, tell everyone else that it is valid. This will mean that depending on where you view this cloud from, changes how valid you consider the block to be, but over time, this improves …

This is where it gets quite technical. We use an algorithm in order to determine the validity of the block and what are called “miners” to calculate that validity. We also pay the miners in order to make a fair system that prioritises the costly computational effort.

So now we understand why we’re doing things in this way, let’s have a look at the process of what we’re doing:

  1. Start with a client, a wallet that contains keypairs, and some unspent currency
  2. You create a new transaction spending some of your unspent currency. Sign it with your private key. Your client will store a copy of it
  3. Your client starts to broadcast the new transaction through the Network
  4. Every client that receives your transaction checks whether the signature is okay, whether there are any errors, and whether you are trying to perform a double-spend. If your transaction fails any of the criteria, it is ignored by the client entirely
  5. All the clients that know about your transaction follow a similar route of broadcasting as you did.
  6. Eventually your transaction reaches some mining pools and the recipients of the transactions. The latter will see the new transaction in their wallets and store a copy of it indefinitely, but it will appear as 0 confirmations. The mining pools will see it as a new transaction and will include it in every block they try to create. They will store a local copy of the temporary blocks and give out the corresponding work to solve to their miners.
  7. The miners don’t know anything about your transaction. Their job is to crunch numbers, not to check for block validity, as that’s a task for the pool.
  8. Eventually your transaction is included in a block that gets solved. It gets broadcasted proudly through the network and everyone keeps a note of it from now on to know if some new transaction conflicts with it in a double-spend attempt. Now your transaction has 1 confirmations.
  9. The block creation process continues, and as more and more blocks build on the block your transaction gets included, it gains more confirmations. Eventually reaching 6 and more confirmations, it is considered fully confirmed.
  10. The transaction finishes its life cycle once it is spent by another transaction, meaning that its outputs can be forgotten from the “unspent” memory and disregarded for any other attempts to spend them. It will, however, remain in the blockchain for as long as people will keep track of the full chain.

Interestingly, this is not just a method of publicly maintaining private transactions, it can apply to any information, such as legal agreements or contracts.

However, before you rush out and start building your own Bitcoin or blockchain project, there are considerations about race conditions within the transaction network. It is worth learning the full story first, but this is a basic overview that demonstrates the elegance of the blockchain as a solution, as well as how wildly misunderstood it can become.

But it doesn’t stop there!

In addition to passing data, currency, and contracts, you can also have self-executing code – which transforms this into quite an incredible and complex organic mechanism that is continuously validated and secure. This changes blockchain into an online computer with the ability to be accessed from anywhere in the world. The fundamental concepts underlying blockchain will enable a revolution in computing. If harnessed through the right networks, with the right code, it could enable a revolution in how we perceive public and private data. If properly aligned to business processes and governance, it could enable the ability to run a de-centralised insurance company, bank, or effectively replace any type of business/institution that usually acts as an intermediary, without a human having to lift a finger.

“A blockchain is a magic computer that anyone can upload programs to and leave the programs to self-execute, where the current and all previous states of every program are always publicly visible, and which carries a very strong crypto economically secured guarantee that programs running on the chain will continue to execute in exactly the way that the blockchain protocol specifies.” — Vitalik Buterin