Cybersecurity and Technology

Cropped 879.jpg

Tag: security

Security Tips for WordPress

Although most people rarely think about website security when building a WordPress site, it is still essential.

In 2018, over 90,000 attacks were carried out on WordPress sites and hosting providers worldwide. Attacks are by hackers targeting both large corporate websites and small businesses.

Although WordPress is not always safe from various cyber attacks, it has protections built into its code

WordPress Security

Since WordPress is open-source software, it is vulnerable to various cyber attacks. For instance, skilled hackers can easily insert malicious code into the platform’s core.

WordPress is built by people all around the world. Its developers and designers are constantly updating the software to keep it secure. They also create security patches as soon as they know of a vulnerability. Since it is an open-source platform, users should regularly update their software.

Aside from the developers, other people also have a role in keeping WordPress sites secure. Site owners and hosting providers have a lot of responsibilities to keep their websites running smoothly.

Website Hosting

One of the most critical steps a hosting provider should take is implementing effective security measures. These include having a well-designed monitoring system that keeps track of their servers’ various activities.

A hosting provider should consider having a dedicated hosting plan. This type of plan gives users the most control over their servers. However, it is only ideal for some websites.

HTTPS and SSL Certificates

One of the most effective ways to keep your website secure is by implementing a secure connection between your browser and the website. When visiting a website that has a secure connection, you’ll notice a grey padlock icon at the top of the page. Having an SSL certificate is very important for websites as it allows them to protect their data.

The hypertext transfer protocol, or HTTP, is a fundamental component of the World Wide Web.

When visiting a website using HTTP, the information you provide to the server sends in plain text. A hacker could easily access this information and steal sensitive details, such as credit card numbers and names.

A secure connection, known as HTTPS, adds a layer of encryption that prevents unauthorized access to the data sent and received by the website. This ensures that hackers cannot access the information that you provide.

You’ll need to install an SSL certificate to ensure your website’s connection is secure. This type of security measure adds a layer of authentication to the web browser’s interface.

Most HTTPS websites will display the “https://” at the beginning of their web page’s URL. Most browsers hide the “https://” from the address bar, and you’ll see a grey padlock icon if the connection is secure.

Chika Wonah A Guide for Cybersecurity Terms

A Guide for Cybersecurity Terms

The topic of cybersecurity is becoming increasingly prevalent worldwide due to the number of companies that cyber-attacks have hit in the last few years. Social security numbers and other sensitive data were stolen in the Equifax hack, which affected over 145 million people.

 

Despite the technological advancements in the past few years, we remain at risk of having our digital data stolen and manipulated. However, being in the digital age is not as frightening as it sounds.

 

In addition to having a good understanding of how your device works, you should also learn cybersecurity basics. This will allow you to protect yourself and your company from various threats.

 

VPN

This tool encrypts traffic and masks the user’s location so they can remain anonymous on the internet.

 

IPN

Your computer’s internet version is known as its home address, typically displayed when it connects to a network.

 

Exploit

An exploit infects a computer with a malicious application or script.

 

Breach

Once a hacker successfully exploits a vulnerability, they can access a computer’s files and network.

 

Firewall

Defend yourself from bad guys with this defensive technology. It is possible to have a hardware firewall or a software firewall.

 

Malware

Malware is an umbrella term that refers to various types of harmful software that can affect a computer. Some of these include viruses and ransomware.

 

Virus

Viruses are designed to modify, corrupt, or wipe information on a computer before it can spread to other people.

 

Ransomware

Ransomware is a type of malware designed to prevent a user from accessing their computer’s files. It typically demands a ransom to get the files decrypted.

 

Bot

An attacker can take over a computer through a command-and-control system typically performed through a software application or script. This type of attack is referred to as a botnet.

 

Rootkit

A type of malware known as a rootkit is another attack that allows hackers to take over a computer. Since it’s hard to detect, this type of malware could remain on a computer for a long time.

 

Phishing

Criminals use a variety of techniques to trick people into providing their personal or sensitive data to them. For instance, they can send out email messages designed to trick people into entering their bank account information.

 

Chika Wonah

Common Cybersecurity Mistakes

Adequate cybersecurity requires organization and leadership from all aspects of the organization. For solid security against most cyber attacks, there are a few basic principles that an organization should follow. The following are the most common mistakes made by organizations regarding their cybersecurity efforts as well as tips to avoid these common mistakes.

1. Having a Sense of False Security

It happens all too often that a company falsely presumes they are not a target due to the type of data they typically handle. Cyber attacks commonly affect credit card data and personally identifiable information. Despite this, every company is at risk of an attack, as all businesses have valuable information and a leak could impact all of your employees and consumers. A solution is to hire experts to determine vulnerabilities within your company and set up security appropriately.

2. Placing Emphasis on the Wrong People

IT is not the only responsible department for cybersecurity. Everyone in the company carries company data and has the responsibility of protecting it. Organizations should obtain policies and processes to help every employee protect company assets. To ensure that your entire organization is protected it is vital to train, educate, and simulate the entire staff for cyberattack scenarios.

3. Misunderstanding Your Network

Another big mistake companies make is failing to understand and update their network. Failing to do so makes a breach simple and almost inevitable. It is impossible to verify network targets, however, there are ways to lessen the probability of an attack. Ensure that IT updates software in a regular and timely manner and knows where company data is.

4. Only Having One Line of Defense

Many companies simply rely on anti-virus software. These technologies are not adequate for advanced attacks. This software work to identify a virus after it has been attacked. The solution to this is in addition to the anti-virus technology, companies should also employ technologies that also work to predict future attacks and their effects.

5. Overlooking Your Endpoints

Most attacks are on those who fail to monitor their endpoints. Today’s hackers can pass endpoints quickly. Appropriate endpoint technology should be used to provide a proactive approach to tracking down attacks and viruses. Proper security requires a proactive approach.

Chika Wonah

Mobile Security Tips

In today’s world, it seems that everyone is always on the go and needs a mobile device to stay connected. With all of this mobility comes new security risks for your data and identity. This post will give you six tips for mobile security to help you keep yourself safe.

1. Keep Your Phone Locked

When you’re not using your phone, lock it. It will make sure that no one can access the information on your mobile device if they gain physical access to it while you are away from it.

2. Add a Security Question

This is helpful if someone else gets hold of your phone and tries to reset the password or get into your account. You can set a security question not easily guessed to help keep your account safe from identity theft.

3. Set a Pin on Your Phone

Similar to locking your phone, setting a pin on it will ensure that no one can access your information without the correct code. This also helps prevent others from reading messages or seeing personal photos on your phone.

4. Be Careful What You Share

Just because you have a mobile device and are staying connected doesn’t mean that you should be careless of who you give data to, especially if it’s sensitive information. If someone has access to your phone or can see what you’re looking at on the screen, they could be able to take your information and use it against you.

5. Connect to Secure WIFI

One of the biggest threats to mobile devices is other people on public networks. Use secure WIFI where possible and avoid using public wifi if at all possible, especially for things like online banking or shopping. This will help prevent others from logging into your connections and intercepting data or personal information.

6. Set App Permissions

When installing an application on your devices, take a moment to review the permissions that the app requests and make sure they are reasonable. If an application requests access to functions that seem suspicious or unrelated, reconsider installing the app.

In Conclusion

Overall, using these tips and keeping your mobile device up-to-date with the latest operating systems can help you stay safe when on the go and reduce the chances of your identity being stolen due to data breaches or security breaches.

Cybersecurity For Nonprofits

Cybersecurity for Nonprofits

If you’re running a nonprofit organization that uses different technology platforms, it’s time to combat any cybersecurity risks. Most nonprofitable organizations use technology in the storage and dissemination of technology in an electronic way—a collection of information and preferences from donors and subscribers as well as the registration of event donators through company websites and business portfolios.

Applying the above channels in your nonprofit organization puts your data at a higher risk of being tapped by unauthorized individuals. This might also put the data of donors in danger, demoralizing the entire operation process. For the security of the users’ data, the United States launched a program that aims to offer total security to the users’ data. This contributed to the formation of the General Data Protection Regulations.

The Risks of Cybersecurity on Nonprofits

Data breaches are a major risk of cybersecurity that can cause the downfall of an entire organization. Note that most nonprofits store sensitive and protected data by the rule of law of the respective organization. When a data breach occurs in that situation, it imposes a high risk to the individual whose data is stored within the system.

This has raised an alarm across nonprofits contributing to developing a distinctive way of managing such issues. This will aid in ensuring that all of your client’s sensitive information is well kept.

The Risk Assessment Process

Assessing your data processing channel is an important way to enhance data security. This should begin by analyzing where all your data inventory is collected and stored. Consider the application of the Nonprofit Technology Network to assess the potential of the template assessment tool. The tool requires to be fed with detailed information regarding the data as the program develops.

Also, it is vital to check if there is data that your organization keeps and it’s not of any assistance. This can force you to limit the amount of data you collect from individuals or eliminate a particular type of data. This will contribute to the proper management of data and efficiency in the organization’s operations.

Cybersecurity has become a rampant aspect within the past few years. Developing a distinctive way of handling this matter places nonprofit organizations on a better side.

Cybersecurity Terms To Understand

Cybersecurity Terms to Understand

If you use the internet, then you need to know about cybersecurity. Cybersecurity is how we keep our information safe and secure online. From your personal email address to your bank account, from your credit card number to your social media passwords – it all needs a layer of protection against hackers and malicious software. Security is an ongoing process; one can never be too careful when it comes to privacy or the security of others. Here are some basic terms related to cybersecurity that you may find helpful in understanding this topic:

A firewall

A firewall is software that protects the security of your computer or network. Firewalls prevent outsiders from accessing private data and networks and keep internal users from accessing unauthorized sites. A firewall can be programmed with different levels of permissions depending on who needs access. It is usually possible to temporarily override a firewall’s restrictions for a limited amount of time.

Password

A password is a word or phrase used to authenticate access to data, devices, and buildings. Passwords are widely used in computer networks because they are relatively easy to implement and can be revoked. They are also harder for someone else to find out than other types of credentials like biometrics. However, passwords are vulnerable to hacking if they are not sufficiently complex.

Authentication

Authentication is validation that an individual can be trusted or that a computer system or network is secure and functioning properly. The authentication process involves the validating party evaluating something the subject brings with them to verify their identity. In computer systems, rather than something physical, a subject is authenticated through passwords or keys.

Data encryption

Data encryption is a process that drives home security by making data unreadable to anyone without authorized access. Encrypting data renders it meaningless to unauthorized users who might intercept it and try to read the contents. Encryption involves using algorithms and cryptographic keys to make data files unreadable.

Debugging

Debugging is checking and fixing errors in computer software or hardware. It can be performed on a live system, usually for testing purposes, but sometimes also when the program is in the maintenance phase or done on a copy of the program (“dummy”) to save time and effort. Debugging is often performed by programmers during the development process.

Malware

Malware refers to any kind of software designed to disrupt computer operation, gather sensitive information from your system, or gain access to private data such as passwords or banking details. Malware is often spread through phishing emails that contain infected attachments or links to compromised websites (also referred to as a watering hole attack).

If we implement preventive measures, such as those I have listed above, we can probably avoid cyber attacks. It will be pretty difficult for hackers to access any of your personal information if you avoid risky behaviors on the internet.

Protecting Your Personal Information On Social Media

Protecting Your Personal Information on Social Media

People can use these four tips to protect their personal information on social media.

Avoid posting sensitive information

Some people use social media for everything. They send Wi-Fi passwords to their friends. They upload work-related documents to colleagues. Some people even use Facebook to communicate with their accountants during tax season. Using social media to message people is okay. However, do not use the platform as a storage space for confidential documents. Instead, use flash drives. Important issues should be resolved offline.

Use anonymized platforms

People need to question whether it is necessary to use their real name and picture online. Do the pros outweigh the cons? Things can go wrong in a security breach. Identities get stolen. People’s lives get turned upside down. Internet users should consider using Reddit and other anonymized chatrooms. People can still find out about current events on Reddit. There are insightful discussions about various topics. For example, people talk about the latest technological advancements. They also share funny cat videos. People can stay safe on the internet by using fake credentials when signing up for an account. Become anonymous in case anything happens.

Make sure to log out

People stay logged in when they are at home. It is convenient. No one likes to waste time signing in. However, staying logged in is a cybersecurity issue. What happens when someone comes over? That person can easily access the computer when the homeowner is not looking. He or she can impersonate the homeowner on social media and ask friends for strange favors. This is a disaster waiting to happen. Therefore, users should remember to log out when they are finished with their browsing session.

Adjust privacy settings

Social media users have control over the types of people that can see their content. They can let the public see everything. They can also limit viewership to friends or friends of friends. People should become familiar with privacy settings because they can affect all aspects of life. Employers check social media when they screen applicants. Universities also research social media profiles before sending out acceptance letters. People should be mindful of these things when they log in.

By taking these actions, people can navigate social media without compromising their safety.

The Risks Of Login Codes Sent Via Text Message

The Risks of Login Codes Sent via Text Message 

 Two-factor authentication can seem very useful for securing your essential accounts from intruders. However, more and more hackers have been getting into accounts that use text messages for two-factor authentication. Look into these reasons why you should switch over the type of two-factor authentication you operate away from text messaging.

Routing Messages

 When you’re holding your phone close to you, you might be thinking that an intruder will have to get into your phone by getting you to install malware. For the past couple of years, though, intruders have been more clever into how they get into mobile phones. They can do this by going directly to your mobile phone carrier.

 The way they do this is by first finding some personal details about you. These can be as complicated as your social security number or as simple as the address you live on. From there, they call up your phone carrier.

 Depending on the phone carrier, they can be easily convinced that you’re locked out of your mobile device, and you need your number transferred to a separate phone. Intruders can accomplish this by giving up their details and paying a small fee. If it goes successfully, an intruder will have full access to any phone calls or text messages coming your way, with no way to stop them until you’re able to call your phone carrier again. This all is why you shouldn’t ever use text messaging for your two-factor authentication.

Notifications

 Sometimes, an intruder might not even be far away to the point where they can be looking at your phone screen in public. Depending on your mobile device settings, you might have notifications popping up with security codes on any screen of your device. Intruders can come up with a plan to get a security code this way.

 For example, you might be live-streaming a game on your phone to the internet. Intruders will use this to their advantage by logging into your account online and checking your stream for when the phone notification appears. After that, they can log in to your account and do enough damage before you even have the chance to change the passwords on your accounts. Notifications are just another reason why you shouldn’t be using text messaging linked to your two-factor authentication.

Chika Wonah Technology Hiring

Technology’s Impact on Hiring and Recruitment

Burgeoning tech has been laying claim to multiple industries from real estate to insurance, and more recently technology began to disrupt our hiring and recruitment tactics. In the digital age, it’s no surprise that how people find openings and apply for jobs changed. Now the vast majority start their searches online with sites like Linkedin and Indeed, but the actual interview process itself is also changing. Portfolios all take place online, interviews originally happen via video and personality diagnostics are standard.

One Way Interviews

Interviews are typically two-sided. A few business representatives interview a potential hiree, and while the hiree wants to impress the business, it’s also a chance to field questions and get to know each other.

Tech poses to change that with the rise of video interviews. As Dave Lee describes, “Traditional interviews with an interviewer and interviewee could go by the wayside, too. Rather than a two-way interaction, job candidates will upload video responses to interview questions. New technology will detect non-verbal cues such as those facial expressions and tone while eliminating human bias.” Brands like Red Bull already hopped on board with video interviews. This added step tests the applicant’s ability to think on their feet while also working through potential red flags or false starts eliminating wasted time for recruiters. Then, once the cream rises, formal interviews can take place. As Rajpreet Heir highlights, “Not only does digital interviewing allow candidates and employers to connect earlier in the interviewing process, it also saves time and money. A study by OfficeTeam revealed that 63% of companies are using video interviews vs. 13% from 2011.

Analytics and Diagnostics

Personality diagnostics are also increasingly popular as an inexpensive means to gauge fit and placement within a larger company. As Chamanpreet Singh says, “Data is critical in the digitisation of recruitment. It allows you to determine the effectiveness of any strategy implemented and will enable HRs to develop future recruitment strategies based on the metrics and measurements received. This data will give an insight into channels that can work for your company which means cutting down on time and expenditure.

Building a Business-Savvy Brand

It’s important to remember that if you can find them, potential recruits can also find you. As a result, recruiting in the digital age requires a larger emphasis on companies’ online brands. People want to understand the company culture they throw themselves into. Show personality, but also be sure the image you portray is accurate. Top talent is going to do their research, and if your digital presence is non-existent or inaccurate, they won’t want to work with you. As Rachit Jain says, “Building a healthy working culture and employer brand is getting more important day by day. But most importantly, employers and recruiters have to adapt and move to the modern recruiting technology faster.

Pro Tips Chika Wonah

Pro Tips for Keeping Your Crypto Safe

Staying safe online is harder than ever, and the stakes are even higher when there’s money involved. Someone can easily make a fake Twitter account using your profile image and copied bio, and in the time it takes you to report the account, another person might have mistaken it as you and already transferred money to them. It’s an easy mistake to make if you’re not being vigilant, and unfortunately, as soon as you report one account, another can pop up in its place. To keep your cryptocurrency safely in your possession, these suggestions will help you do that:

Know the attack vectors.

You can’t protect yourself if you don’t know what you’re up against. Fake sites have gotten very good at mimicking their targets – so good that if you don’t double check the URL, you might not even know the difference.

Use strong passwords.

This might seem like a no-brainer for digital natives, but it’s worth repeating. Don’t use words like street names, birthdays, or song lyrics. But don’t randomly keyboard smash, either, because a) you’re not as random as a computer generator and b) you want to be able to keep track of your keystrokes, or else risk not being able to sign into your account anymore.

Use cold storage.

All “cold storage” means is offline and unattached or “air gapped,” which is to say, unconnected to your home network in any capacity. You can do this by removing the network card from your computer, or by buying a hardware wallet. If you’re feeling really cautious, you can cover your computer’s camera and microphone, and even remove all electronic devices from that room.

Test everything.

Make small transactions beforehand to make sure everything works. Never manually type in a url – it’s too easy to make a mistake that way, and could cost you a lot of money in errors. Copy/paste and QR codes are your best friends, though make sure your scanning app is reliable! Test your seed phrase on your hardware wallet; test the MD5 checksum before and after you load the SD card on your air gapped computer. Check everything. You can never been too careful.

Store your seed phrases in multiple places.

Your seed phrase is the string of 24 words that you can derive a private key from. You want to make sure your seed phrase stays secure at all times. For some, this means writing the seed phrase down on paper, in which case, it is recommended you make two copies and store them in separate places. SD cards are also an option, though they don’t tend to last more than five years and can be wiped by an EMP bomb. A combination of analog and digital methods is the best option. For the most cautious, they will split the seed phrase in parts and store those parts separately. If you do this, be sure to remember the order they go in, or else lose access to seed phrase altogether.

Plausible deniability.

Most simply, this means be able to keep some of the data hidden. Like in the physical world, you don’t want to advertise how much money is in your bank account, so don’t do it in the digital world, either. Also look into using multiple wallets rather than storing all of your currency in the same place.

Keep your environment safe.

Require two-factor authentication, and educate others on how to stay safe. Help the community at large by reporting fake sites and teaching the less tech-literate about why strong passwords are important. Not only are you keeping yourself protected, but you are also protecting others and paying that forward.

 

Powered by WordPress & Theme by Anders Norén