Decoding Security artwork

It's A Matter Of Trust

Decoding Security

English - January 16, 2018 07:01 - 13 minutes - 10.5 MB - ★★★★★ - 6 ratings
Technology website security cybersecurity web security online security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: New Year's Resolutions
Next Episode: Email Security Mistakes

You work hard to keep cybercriminals out - but what if they're already in? Learn how the security principle of least privilege can protect your organization.

Who Do You Trust, And How Much?
It’s A Matter of Trust

15 January 2017 Episode 10

Summary

You work hard to keep cybercriminals out - but what if they're already in? Learn how the security principle of least privilege can protect your organization.

In The News

Spectre / Meltdown

What are Spectre and Meltdown?

https://www.redhat.com/en/blog/what-are-meltdown-and-spectre-here%E2%80%99s-what-you-need-know

Who has patched?

https://threatpost.com/anti-virus-updates-required-ahead-of-microsofts-meltdown-spectre-patches/129371/

https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/

https://threatpost.com/apple-releases-spectre-patches-for-safari-macos-and-ios/129365/

https://threatpost.com/experts-weigh-in-on-spectre-patch-challenges/129337/

Principle Of Least Privilege

https://www.beyondtrust.com/blog/what-is-least-privilege/

Web Designers

Should have their own accounts - never full root or admin privileges
Separate users for each functionality
Backups
Databases
Web applications
Servers
Billing
Remove old users as soon as they are no longer active
Ask for references when hiring freelancers
Don’t use hard coded credentials on your website applications or scripts

Employers

Humans are the weakest and costliest link-
https://www.tripwire.com/state-of-security/security-data-protection/insider-threats-main-security-threat-2017/
Force password changes and firmware updates
Don’t allow employees who don’t need it to have admin on their computers
IP filtering - only allow access to corporate files from a single IP address or range
Utilize an intranet if you have the resources
Don’t keep sensitive corporate data or employee files in shared drives
Carefully manage personal device usage - if possible, do not allow employees to access sensitive emails or data from their personal laptops or phones

At Home tips

Shared computers should have individual accounts and permissions
Kids in particular should not have admin
Monitor logs from the admin account
Remove unneeded software and require admin permission to install software from unfamiliar sources
Be careful with what permissions mobile and PC apps are asking for

Final Tip

Separate Admin and day-to-day users for websites and computers.

Books Referenced