Managed Services , cyber security and data protection

Sterling IT has been providing clients in Wetherill Park, Smithfield, surrounding suburbs, as well as the whole of Australia, Managed Services before it become a buzz word.

How do you check if your company’s and personal passwords have been breached and are for sale on the dark web?

Continue reading “Managed Services , cyber security and data protection”

How secure is my password and how long will it take to crack?

easy-password-to-crack

This topic comes up quite a fair bit some some clients. They do not realise the risk of having simple passwords until it’s too late.

It also means people can be looking at your data without even knowing.

We recommend passwords at a minimim to be 6 characters (however we recommend 8) , and also to have upper, lower, alphanumber and special characters in the password.
The password %^@gtgTT is easier to crack than aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

The reason is only because of length not complexity.
Here is some examples of weak passwords used in 2015.

To see how hard it is to crack your password, click this link and it will take you external to our site using a calculator to see how long it takes.

2015 Top 25 passwords used – how to protect yourself on mobile and computer.

If you cannot remember a complex password or more than one password, ask Sterling IT how we can assist you with a password manager that is secure.

Internet users continue to put their security at risk by using generic passwords such as “123456” and “password”, despite widespread advice to create more unique and secure codes.

Both “123456” and “password” have held the top two spots on SplashData’s annual list of leaked passwords since the first list in 2011 and data released by SplashData yesterday shows 2015 was no different.

The top 10 passwords on the 2015 list are dominated by numerical passwords, with football, baseball and ‘qwerty’ also among the least secure passwords being used online.

 

Go to Smart Company to READ MORE

Sterling IT have the solution to protect your passwords securely on phone and computers.

Contact us for more info

 

Source: smartcompany.com.au  – Recommended by Sterling IT for all good businesses.

How to fix WordPress site that has been hacked. Protect your site with iThemes Security Pro

 

Our external website got attacked yesterday (and not proud of it). We are very security conscious and hold NO data (customer or own) on our site excluding our blogs.
Even with strong admin passwords, we thought we were safe.
The only way we were safe is we make monthly off server backups.

We tried recovering some files but each time, there was a background script which would kill those newly updated files and replace with the ‘hacked page’.

We have now implemented a plugin called iThemes Security Pro.

This is a free plugin and is brilliant as allows so much configuration through a GUI (simple) interface, including renaming admin account, locking down php files plus much more.

It is also rated quote high and has over 700,000+ installs as well.

The main thing here is the fix was to restore from a backup after deleting ALL files on the host, then applying iThemes Security Pro

Make sure you backup, backup, backup. (iThemes Security Pro will do this for you as well)

If you need help with implementation of this, or assistance with a hacked website, comment here or contact Sterling IT.

New Australian Privacy Act 2014 and how will it affect many

The amendments to the Act are scheduled to come into force on 12 March and will enforce tougher security and privacy requirements on all organisations with an annual turnover of more than $3 million, along with government agencies.

Notable in the changes is the requirement for businesses to go beyond check box compliance where security tools were merely switched on without regard to proper configuration and monitoring; Federal Privacy Commissioner Timothy Pilgrim has stated organisations that fail to detect a breach will fall foul of the amended Act and risk penalty through the courts.

Exactly how far the Office of the Australian Information Commissioner (OAIC) would require organisations to go in purchasing, configuring and monitoring systems is described only as reasonable steps. (pdf Download from Govt Site)

The Privacy Commissioner could impose financial penalties of $1.7 million on serious or repeatedly breached organisations and could compel them to notify national or state newspapers.

CRN spoke to dozens of security and IT managers and engineers, under condition of anonymity. The lack of clarity around the requirement of reasonable steps was a consistent theme.

Only chief security officers at some of the largest Australian organisations claimed the reforms would mean little to them, given their existing strict compliance requirements and large security budgets.

Matt Ramsay, APAC regional director of security vendor Centrify, warned organisations that the uncertainty of the Act was similar to the US Sarbanes-Oxley (SOX) legislation enacted in 2002 to shore up the accuracy of financial reporting.

“While SOX has raised the compliance bar for corporate reporting, it has had the unintended impact of creating a lot of uncertainty because of its lack of precision,” Ramsay said in a statement.

“SOX compliance costs and complexity have run out of control in the US during the past decade. The SOX legislation is prescriptive without being descriptive: It tells you to jump, but not how high. As a result, US corporations need to jump a very high bar indeed to avoid the threat of non-compliance.”

Robson urged caution about conflating the experience of SOX in the US with the new requirements of the Privacy Act.

“The most helpful approach that Privacy Act and security specialists can take in relation to assisting organisations with their new Privacy Act requirements is to provide a sober assessment of what could be reasonably expected of them,” he said.

Source: Darren Pauli CRN 28.1.14