04Jul

Best Service provides for Small Businesses

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

04Jul

Guide to HR adviser and Clients lessening

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

04Jul

The Pros of Outsourcing your HR Department

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

29Jun

Our strength Proper Business in your Path

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

18Jun

Consulting Project Prepare for a new job

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

10Jun

Building a new world for Your Business

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

08May

Essential Skill of Capabilities Assessment

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

12Apr

Best Background Check Services Assessments

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

22Jan

Essential Modernising our Talent Programme

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

20Jan

Developing the Proper Business Performance

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

17Jan

A Guide to HR Developing Performance Goals

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

15Jan

HR Adviser Performance Goals and Standards

There are full service engage company is to provide solution for employees needs training manage the entire HR department for companies. We offer comprehensive employment services such as assistance

02Apr

BYOD Security: Protect Your Company and Employees in 11 Steps

1. Install at least one good security product to protect every device

An antivirus product is still a very good choice to protect any system, be it yours or your employees’. Don’t forget to check not only other users’ reviews, but independent websites and expert opinions. You can use the guide provided in lesson 4 to choose the best solution for you and your budget.

Do you or your employees use a personal smartphone for work? Don’t forget to protect those devices as well. Set reliable passwords, use antivirus for smartphones (if possible), avoid connecting to public Wi-Fi hotspots and sending sensitive information via email or, worse, social media channels. If you want to go a step further, encryption is also a good idea.

2. Protect your system against advanced cyber criminal weapons

Do you use your personal laptop at work? Then, you need the best security defenses against cyber criminals.
Don’t forget that you have confidential data on your system, which is very important for your company. It’s also important for attackers.
To ensure strong protection of the systems involved in your business, make sure to use a software that includes:

  • a real-time Internet traffic scanner that looks for malicious activity
  • a malware removal to detect and remove any threat
  • an online scanning engine that checks traffic and analyses the sites you access.

3. Keep your software up-to-date

This point applies to every device that you may carry with you at work, mobile or otherwise.
For a computer, simply use a free tool that automatically updates all your vulnerable applications and installs the latest security patches.
For a smartphone device, don’t forget to enable the automatic updates for all your apps.

4. Check your programs and applications

Do you know the programs you have installed on your system?
Are you sure they don’t access your private data and share it online? 

Again, remember it’s not just personal information you have there, but highly sensitive data pertaining to your business that is often targeted by cyber criminals.

To make sure that your system is safe, regularly run system scans with security software programs mentioned at steps 1 and 2.

For your smartphone, use an app that performs reputation scanning to check what you share with others without knowing.

5. Don’t trust yourself, ask the experts

Cyber security experts were asked what employees can do to protect their devices in BYOD workplaces. Many of them questioned the employees’ attitude and their critical judgement ability towards information security.

You may not be able to employ such a specialist or even someone that can manage these devices, repair them, keep them in good shape and maybe even secure them, so it’s your responsibility to find the resources you need to ensure that every device is safe to use and doesn’t leak confidential business data to cyber criminal servers.

It’s a good idea to keep up to date with cyber security issues, read articles and interview with specialists who usually share their knowledge and offer actionable tips. Just as you’re doing right now! 🙂

You’d be amazed to see how impactful it can be to apply basic security measures to every device involved in your business. Once set up, this BYOD policy will be easy to maintain and improve upon.

6. Encrypt your files and your online traffic communication

Your laptop and your employees’ computers now contain sensitive information, maybe financial details and business secrets. Usually, this confidential information is targeted by cyber criminals, so they look to extract it to defraud you or sell it to interested parties.

For this reason, encryption methods are essential in our quest for security.

How do I encrypt my entire HD?

The easiest way to do this on Windows operating system is to use BitLocker encryption tool, which is already integrated into your operating system. For other operating systems, don’t forget to turn to lesson 8 for details and recommendations.

How do I encrypt my files?

Do you just need to encrypt some important documents and maybe send them over the Internet? Then use 7Zip lightweight solution that can archive and password-protect your files, by using one of the best compression formats. Other options are also provided in lesson 8.

How do I encrypt my online traffic?

The easiest way to secure your Internet communication is to use a VPN, that is a Virtual Private Network, that can encrypt your Internet channel and keep your data safe from any intercepting attempts. The VPN solution is usually the best way for a remote worker to access the company’s internal database.

7. Keep your devices free of spyware

Spyware tools monitor your Internet traffic and your computer activity to retrieve private data from your system.

In case of an infection, your system is affected by multiple issues, like system slow-down, browser pop-ups, new toolbars and error messages.

And the problem becomes bigger when you have such malicious tools that target private data, like corporate data. To avoid problems, follow these general guidelines and ask your employees to follow them as well:

  • don’t open mails from unknown people and don’t reply;
  • the same is valid for direct messages in social media;
  • don’t publish too much personal information on social media accounts;
  • don’t download free software from sketchy websites.

8. Don’t become a victim of online scams

You may have installed the best tools in the world and are now protected from all sorts of online threats and cyber-criminal activities.
But defence tools are useless without proper security education and information. Hopefully, you’ve already read lesson 19 and found out what the most common online scams are, so you can protect yourself and your employees from them.

These types of threats usually come by social media platforms, even on LinkedIn, and by e-mail. They start with a catchy phrase line and they always target your money or your business data.

Knowing how these scams are delivered and how they unfold is key in being able to identify them and keep them from unleashing their malicious consequences.

9. Secure your online activities

How can you tell a legitimate website apart from one controlled by cyber criminals? How can you tell who to trust?

When using a device that contains private data that may affect a large number of people, you need to pay attention to your online actions.

Here are 5 shortcuts that can help you verify a piece of information, a company or any other source or service that you want to use for yourself or for your company:

  1. How did you get on that website? Is it really that safe? Check what other people say on Trustpilot to verify their legitimacy.
  2. Is it a legitimate and protected website? Do you see the encryption lock icon? Does the address start with https://? If you see that, it means that you are on a website where communication is encrypted.
  3. Are you using the latest browser version? Do you have the last security updates? Did you improve your browser settings as shown in lesson 9?
  4. Did you install a VPN solution on the laptop to protect your online traffic? Make this a habit.
  5. Do you always pay attention to the links you click and content your download? Make this a habit as well.

10. Backup your personal and business related information

Having a regular backup schedule is vital for a BYOD environment. It’s not a choice anymore.

The devices used in your company may contain valuable business information, which you don’t want to lose.

What if your system is held captive by ransomware threats that are designed to block your system and encrypt your data until a ransom is paid?

And the problem is that you cannot be sure they will provide the decryption key, even if you pay the required ransom.

And what if your system hard disk crashes after a while?

Not to mention the aggressive malware types that not only steal your information, but erase it afterwards as well.

Doing regular backups can ensure that your information is protected and that you can always rely on these backups to restore your data if something happens.

11. Protect your business and personal credentials

Our credentials are important, since they provide access not only to our personal accounts, but to the company’s database and online resources.

How do you keep them safe? How do you improve them?

Increase your system security by following these 5 essential rules:

  1. Make sure you have set a strong password to every personal and company account.
  2. Do not use the same passwords for private and business accounts. Even more, follow this simple rule: one account, one unique password.
  3. Too many accounts, too many passwords? Ok, let’s simplify this: use a good password manager, like Dashlane or LastPass, where you set a strong password to access the manager. Your online passwords are there and even if you change your system and browser, you can install a password manager on the new system and use your credentials.
  4. Don’t let the browser remember the credentials for you. Just don’t. The passwords are stored in plain text, they are never encrypted and could easily be retrieved by cyber criminals.
  5. Improve your access with double authentication. (Also, you can find more details in lesson 3.

Keep in mind that security is mandatory for any device used for both personal and business purposes, especially if they overlap. And this is not only limited to you, but should extend to your employees as well.

The most important thing to keep in mind is to encourage them to educate themselves on cyber security matters as well. Not only will this help protect your business, but it will also help them be safe online and avoid dangers.

Giving cyber security the importance it deserves can help you ensure business continuity, gain and maintain clients’ trust and keep employees safe as well.
Courtesy of Heimdal Security

02Apr

4 main reasons why SMEs and SMBs fail after a major cyberattack

By , Contributor, CSO    http://flip.it/oBvGV4

However, not all companies are affected by malicious attacks in the same way. Did you know that small- to medium-size enterprises (SMEs) and small- to medium-size businesses (SMBs) face far greater threats, risks and challenges combating cyber attacks. In fact, 60% of SMBs who were victims of cyber attacks did not recover and shut down within 6 months. Why? What are the main reasons SMEs and SMBs fail to recover after a major cyber attack?  More importantly, what can they do about it to have a stronger defensive strategy?

1. Unable to afford crucial IT and IT staff

A robust IT department is critical for staying abreast of and implementing protections from the latest security threats. However, to be truly protected, companies have to purchase multiple security systems to guard key entry points. For a company that allows BYOD and is connected to different cloud services, this means the IT department has to protect 4 main security components; the user identity, the device used, the network they’re connected to and the cloud services they’re using. This normally leads to purchasing at least 4 different security platforms.

The challenge is not only in deploying multiple security systems, but also managing them and maintaining their daily operations. This demand also requires staffing. For SMEs and SMBs, sometimes the entire IT department is no bigger than 2-3 employees, whereas enterprise-level corporations’ budget can afford whole IT departments stacked with large security teams. This disparity in staff and proper IT often leaves SMEs and SMBS exposed and a lot more vulnerable to cyber attacks, and, worse, when they do happen unable to recover because they lack the technology and staff to do so.

2. Inability to provide ongoing cybersecurity training

Ongoing security education and threat awareness also play a role in why SMEs are an easy target, and later struggle after being hit by a cybersecurity attacks. Keeping in mind that cyber protection is developing as fast as malicious attacks do, it is important that staff are continuously trained and updated on current threats and the different ways to mitigate or respond to them.

For smaller enterprises with limited resources, this is not always an option as it requires sending staff to conferences, courses and other expensive educational training programs. Programs which are simply not cost-effective for smaller businesses.

This lack of cybersecurity training leaves SMEs and SMBs vulnerable as they don’t know the kind of threats they are looking for ahead of time, how to respond to them when they do hit, and are often totally blindsided on how to fix them. Frequently this leaves SMEs and SMBs helpless in the face of complicated security breaches—especially after being hit by malware or ransomware. According to the National Cyber Security Alliance, 60% of hacked SMEs and SMBs go out of business, because they simply don’t know the way forward.

3. Ransomware is much more devastating for SMEs and SMBs

Ransomware is a huge security problem for any size company. According to a quarterly report, 64% of malicious emails sent in Q3 2017 used ransomware. But many attacks don’t have to be as notorious as WannaCry or NotPetia to take an entire company down. Ransomware was the fastest growing threat in cyber security in 2017. Most ransomware attacks don’t have a happy ending—at least for the victim and typically end in favor of the attackers. For a big organization, that might be a hard blow to take, but still it will be a manageable one, while for an SMB or an SME, it will devastate any chance of getting back to regular operations.

While big companies have cyber insurance and the ability to pay the ransom, a small or medium size company may not be covered by insurance and have much smaller war chests from which to draw upon. Such a financial blow could mean a massive hit to a mid-size company or a fatal one to a small one.

4. A bad reputation can’t be ignored in the age of the internet

Companies serving customers have a responsibility to keep them safe. Keeping private information secure is an expectation, and in some cases, the law. So when personal information is compromised, customers rightly feel violated and often seek financial restitution through the courts. For SMEs, costly breaches can not only break a company’s bank, but lead to a media storm of bad press. Ultimately, a company’s failure to protect customers’ private information can and will live forever in the annals of the internet, bruising a company indefinitely. The news can also lead to current customers leaving and potential ones going elsewhere.

While it’s true a dent in the company’s reputation is a hit for any size company, large organizations have more resources to handle a crisis. They often possess a large legal team to fight any battle in court, and PR firms to employ crisis communications. Small businesses are not always quite so lucky. Additionally, once hit with a security breach, many smaller operations lack the financial resources to hire a PR firm to handle the bad press, let alone employ a large legal team. Devoid of such resources, SMEs often succumb to bad press and can be bankrupted in court. Loss of private data could also lead to massive fines by authorities if HIPPA, CFPB, GDPR, or other regulations were breached in the attack. Such fines could be absorbed by a large company, but devastate a smaller organization.

What lies ahead for SMEs, SMBs and cyber security

SMEs and SMBs do have inherent advantages over larger companies. For example, their agility enables them to be flexible and adjust to changes quickly. They lack the red tape and complexities larger organizations have to overcome to get things done fast.

Keep in mind, an SME needs to seek solutions matching their size and needs, and not necessarily the same solutions used by a big organization. The fact that a Fortune 500 company chooses to work with a complex and expensive vendor doesn’t mean it is the best fit for an SME. It might just be the best for them, but not a good fit at all for a smaller operation. Smaller companies can crowdsource and be the first to use security collaboration tools, taking advantage of their cost-effectiveness.

Smaller companies with smaller IT teams can use and consider autonomous systems to help them not only detect but also mitigate security threats. The idea of a full protection solution doesn’t belong only to the top-tier companies and can be introduced and adopted by SMEs if they keep an open mind to the new wave of cyber security solutions emerging—and just in time we might add.

02Apr

Business Security Planning

IT, as well as online security, is vital for any business. The alternatives include; business interruption, legal penalties for compliance failure, impact on revenue, compromised reputation or, at worst, business failure.

At Seron Security, we take a systematic approach to security and the first place to start is to compile and implement an comprehensive business security plan.  This plan will be monitored, evaluated, and changed as your business needs dictate – or outside threats change.

SS PLAN PROCESS:

There are five steps to creating a goodyour security plan:

  • 1. Evaluate your business

We discuss you and your company’s skills and knowledge. Determine if you even need outside help. Identify assets and information that need to be protected, including hardware, software, documentation and data. Review the threats and risks. Make a prioritized list of items to protect.

  • 2. Plan a Solid Program and Process

Create processes and procedures for preventing, detecting and responding to security threats. Provide a framework for enforcing compliance, including staff policies. Identify who will be responsible for implementing and monitoring the plan on your side. Establish a timetable for implementation.

  • 3. Execute the Plan

Communicate with staff. Train where necessary. Solicit Feedback. Carry out the plan.

  • 4.  Constantly Monitor

We stay up to date on new threats as we become aware of them. We will update and modify the plan as changes occur in personal, hardware or software, external market conditions, etc. Carry out ongoing maintenance such as backups or anti malware software, insure software updates are current.

  • Repeat. Then Repeat Again.

Plan for a complete review and update three to  six months after you complete the initial plan or when your business goes through significant changes.

What to include

An effective security plan will include the following considerations. For smaller businesses, some may not be relevant or appropriate:

  • Management buy-in and commitment
  • External parties (customers, suppliers, vendors, partners, stakeholders)
  • Establish an Information Security Policy
  • Address Information Risk Management
  • Assign Responsibility for Information Assets
  • Information classification (internal, public domain, confidential)
  • New employee vetting
  • Non-disclosure agreements
  • Awareness and training
  • Secure areas and access control
  • IT equipment security
  • Operational procedures and responsibilities
  • New IT systems and upgrades
  • Malware protection
  • Back ups
  • Employees’ own devices – BYOD
  • Exchange of information (including third parties)
  • Does electronic and mobile commerce come into play
  • User monitoring processes and procedures
  • Access management
  • User responsibilities (including employment contracts)
  • Mobile and remote working
  • Network security management
  • Network encryption
  • Correct processing in applications to ensure data integrity
  • Security within development and support
  • Vulnerability management
  • Reporting issues and weaknesses
  • Incident management and escalation
  • IT security aspects of business continuity management
  • Compliance with legal requirements
  • Compliance with payment card industry standards PCI
  • Compliance with specific industry requirements (such as financial services, medical)
28Mar

Is MY personal data out there?

Do you have accounts at any of the sites that have been compromised?

Enter your email address at Have I Been Pwned? to find out.

Then change your password, get 2 Factor Authentication, and call us!

Full Disclosure: Here is my report:

Oh no — pwned!

Pwned on 15 breached sites and found 3 pastes

Breaches you were pwned in

A “breach” is an incident where a site’s data has been illegally accessed by hackers and then released publicly. Review the types of data that were compromised (email addresses, passwords, credit cards etc.) and take appropriate action, such as changing passwords.


2,844 Separate Data Breaches(unverified): In February 2018, a massive collection of almost 3,000 alleged data breaches was found online. Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been seen. Each file contained both an email address and plain text password and were consequently loaded as a single “unverified” data breach.

Compromised data: Email addresses, Passwords

Adobe logo Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

Compromised data: Email addresses, Password hints, Passwords, Usernames

Anti Public Combo List logo Anti Public Combo List (unverified): In December 2016, a huge list of email address and password pairs appeared in a “combo list” referred to as “Anti Public”. The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for “credential stuffing”, that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I been pwned.

Compromised data: Email addresses, Passwords

B2B USA Businesses logo B2B USA Businesses (unverified): In mid-2017, a spam list of over 105 million individuals in corporate America was discovered online. Referred to as “B2B USA Businesses”, the list categorised email addresses by employer, providing information on individuals’ job titles plus their work phone numbers and physical addresses. Read more about spam lists in HIBP.

Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses

Dropbox logo

Dropbox: In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed may be at risk. A large volume of data totalling over 68 million records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, half of them bcrypt).

Compromised data: Email addresses, Passwords

Dungeons & Dragons Online: In April 2013, the interactive video game Dungeons & Dragons Online suffered a data breach that exposed almost 1.6M players’ accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity

Exploit.In (unverified): In late 2016, a huge list of email address and password pairs appeared in a “combo list” referred to as “Exploit.In”. The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for “credential stuffing”, that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I been pwned.

Compromised data: Email addresses, Passwords

GeekedIn: In August 2016, the technology recruitment site GeekedIn left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles, including over 1 million members’ email addresses. Full details on the incident (including how impacted members can see their leaked data) are covered in the blog post on 8 million GitHub profiles were leaked from GeekedIn’s MongoDB – here’s how to see yours.

Compromised data: Email addresses, Geographic locations, Names, Professional skills, Usernames, Years of professional experience

LinkedIn: In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

Compromised data: Email addresses, Passwords

Lord of the Rings Online: In August 2013, the interactive video game Lord of the Rings Online suffered a data breach that exposed over 1.1M players’ accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity

Onliner Spambot (spam list): In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.

Compromised data: Email addresses, Passwords

ReverbNation: In January 2014, the online service for assisting musicians to build their careers ReverbNation suffered a data breach which wasn’t identified until September the following year. The breach contained over 7 million accounts with unique email addresses and salted SHA1 passwords.

Compromised data: Email addresses, Passwords

River City Media Spam List (spam list): In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation. Once de-duplicated, there were 393 million unique email addresses within the exposed data.

Compromised data: Email addresses, IP addresses, Names, Physical addresses

Trillian: In December 2015, the instant messaging application Trillian suffered a data breach. The breach became known in July 2016 and exposed various personal data attributes including names, email addresses and passwords stored as salted MD5 hashes.

Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Usernames

WildStar: In July 2015, the IP.Board forum for the gaming website WildStar suffered a data breach that exposed over 738k forum members’ accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames