Posts

What is the Cyber Essentials Scheme? Cyber Essentials is a government-backed scheme to improve the cyber security stance of businesses. The idea behind the scheme is to raise the bar of business in the UK concerning their approach and readiness for cyber incidents. It is also now a requirement when bidding for government contracts. Should I Obtain Cyber Essentials? The short answer is yes. Cyber Essentials helps any business improve its security stance and put in place a framework that makes it easier for a business to stay secure while also providing tips and advice on how to do so. If you can obtain the certificate and keep it year on year the business is likely to be in a better security stance than a business without Cyber Essentials. The certification can help businesses avoid cyber attacks such as phishing attacks, malware, ransomware and network attacks. It can also improve overall security posture by enforcing good practices such as password policies and other user account security. This can affect any business, even small businesses with only a couple of employees. ...

This post is aimed at addressing what phishing attacks are, the damage they can do, and how to spot them. Phishing attacks are very common and apply to everyone. It’s important to know they can target you in your personal life and in work. What Is A Phishing Attack? Phishing attacks are when attackers attempt to trick victims into providing sensitive information through various means. They can range from simple emails pretending to be someone such as a colleague, or friend, through to sophisticated attacks where attackers will register domains and clone websites to try and steal login information. ...

Introduction Good security practice for individuals is still something that most people don’t do, sometimes because people see it as too much additional effort or because people don’t realise the importance of cyber security and what consequences can come from a lack of it. In this post, we’ll look at the importance of a specific good practice that everyone should follow, specifically the use of password managers. Not only does this help secure a user’s online accounts at home, but also an important step that businesses should be taking to ensure their employee’s weak passwords are not a threat to their business. ...

Introduction As with all Cyber Security blogs, it’s an unwritten rule and requirement to have a post about HTTPS… so here we go. In the ever-evolving landscape of the internet, you may have encountered the term “HTTPS” while browsing the web. But what exactly is HTTPS, and why does it matter? And more importantly, when should you prioritize its implementation? There are thousands of resources online telling you, the daily user, that “HTTPS is important”. “You should only trust websites that have that little green padlock”, “you should always make sure the URLs and links you use are prepended with HTTPS”. But what most resources don’t tell you, is why you should care. This post aims to help break down what HTTPS is, and if we’re lucky, answer those three questions in a manner that you can leave feeling like you know a little bit more. We aren’t aiming to teach you the cryptographic magic behind HTTPS, but we hope it will help answer any high level questions you may have surrounding the topic. In future posts we will dig into which solutions can be used to deploy your own SSL/TLS, this post is more just an introduction. If there are specific questions off the back of this that you may have surrounding the topic, please feel free to let us know and we could try to produce content to address these. ...

What is HackYour.Tech? HackYour.Tech is a new Cyber Security focused blog run by two techs currently working for a large consultancy firm. Our daily focus covers a wide range of areas, such as DevSecOps, Penetration Testing, Network Administration and a lot of code. Why Are We Doing This? At the heart of our mission, and the reason for creating this blog, is the development of projects tailored to enhance the technical capacities of smaller businesses while also raising awareness about critical security concerns during solution deployment. Through our experience, we’ve encountered numerous businesses (big and small) that unwittingly assume risks or blindly inherit security practices from vendors solely due to brand recognition. ...