Skip to content

CyberSecurity Awareness

Home
CyberSecurity Awareness

You have until July to Install SSL or Google will mark your site “Not Secure”

A secure web is here to stay

For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure.  By next month Google will be marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”

In Chrome 68, the Omnibox will display “Not secure” for all HTTP pages.

At Techinnovar we have been transitioning our clients’ sites to HTTPS and making the web safer for everyone. In conjunction with Google, we are dedicated to making it as easy as possible to set up HTTPS. Mixed content audits are now available to help companies migrate their sites to HTTPS in the latest Node CLI version of Lighthouse, an automated tool for improving web pages. The new audit in Lighthouse helps companies find which resources a site loads using HTTP, and which of those are ready to be upgraded to HTTPS simply by changing the subresource reference to the HTTPS version.

Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default. HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP.

What do I need to do?

Worry not, Techinnovar is here for you.  We install an SSL certificate and migrate your website to HTTPS. Before you order one though, take stock of what you need to secure. You may just have a single domain or you may have something more complicated like sub-domains or even multiple domains, in which case you’ll want to find the right certificate. Don’t worry, there’s a diverse set of offerings that cover just about every use case. Next, we migrate to HTTPS, by changing the protocol in your URLs to HTTPS, then using 301 redirects.

The 10 things you must NOT do on Company’s computer.

Sadly, we live in a world where people are preyed on by hackers for simply being human.

Our online behavior determines the risk and exposure of privacy invaded or even getting hacked. This, in turn, requires an understanding of why people fall victim to any sorts of attacks and exactly how attacks take advantage of the weaknesses in people’s online behaviors. It’s called the Suspicion, Cognition, Automaticity Model (SCAM). (will discuss this in the next blog post)

Another often-ignored factor involves the habitual ways people use technology. Many individuals use email, social media and texting so often that they eventually do so largely without thinking. And in turn media use becomes routine, people become less and less conscious of which emails they opened and what links or attachments they clicked on, ultimately becoming barely aware at all. It can happen to anyone, even the president.

Work computers are for work, though sometimes the lines blur just a little bit, so let us take a moment to help clarify what you should never be doing on a work computer.

10 Things You Should Never Do on Your Work Computer

  1. Don’t Use Your Personal Email

Personal email is risky when it comes to company’s computers. Do your best to keep your personal activities innocuous, as a mail could contain something inappropriate for work or a virus that could infect the entire office.

  1. Don’t apply for Jobs at Other Companies

This is very common in our “working-class society” nowadays whereby we spend half the expected working time to search for other jobs online. If you’re restless at work, job search on your own time on a personal computer. I urge you to respect the company and its policies as this is not only a breach of contract but also a data protection breach.

  1. Don’t check or update your social media accounts

Your social status is personal and therefore at all times avoid using any public device to access them as most of the ae very vulnerable and therefore upsetting the security protocols for your company.

Protect your personal information by being careful what websites you leave your personal details and ensure your social networking profiles are set to private (Facebook, Twitter, LinkedIn etc.)

  1. Never Save Personal Files to Your Desktop

It may seem harmless to keep a few documents of your own saved to your work desktop but just don’t do it. At the end of the day, the company owns the content that’s on the computer, this means that legally, you may come across serious issues if any security-related issues are connected to your files.

  1. Don’t visit any Sites that against company Policies or watch disapproved content.

This seems obvious, especially since people are fired all the time for inappropriate searches, but there’s one thing you may not realize. It doesn’t take insane software to have websites flagged to HR with your name saying that you’re looking at this and it’s inappropriate.

Also, often than not there are valid reasons why companies deem some sites unworthy of their time as some possess a threat or breach of security (e.g. pornography sites).

  1. Suppress the Urge to Shop Online

Shopping online might seem as the most convenient modern technology has offered us. But while you may enjoy scouring the Web for cheap deals in the comfort of your office, your shopping accounts, and financial transactions could be compromised by countless prying eyes.

Now that data breaches, incidents of hacking and identity theft etc. are becoming more common, I, therefore, urge you to not use the company’s computer as this possess as a huge threat to it Information privacy.

  1. Don’t Have Personal Conversations Over Office Chat

We all love a good “hangout” channel office gossip or dishing on what’s going on with those two love-birds in accounts, but make sure to remember that everything you type is logged—so keep it all professional always.

  1. Lend it to a friend or family member.

Remember when you got the job you agreed to adhere to the company policies, this includes IT security policies. By sharing your work device, you are exposing the company to the potential risk of attack.

  1. Never download any software’s without IT admin approval

Keep your computer configuration current with the latest patches and updates and report suspicious activity to your  IT  administrator.

     10. Never open any suspicious email.

Emails and online deals that look too good to be true, usually are! If you receive emails from unknown sources, then do not open them especially if they have attachments.

 

 

 

 

Ways to handle cyberbulling in the society

STOP CYBERBULLYING

Cyberbullying is becoming a major concern to not only parents but also society. We as Techinnovar we are ready to tackle this problem by all means necessary. Should you encounter any cyber harassment, please, feel free to contact us.

Below is a list of practices that we should all adopt for internet safety. Note, there are various ways to tackle the issue of cyberbullying in our day to day society. I have listed only but a few not limited to this list.

Create anti-bullying strategies for your school:

In school, ambassadors/prefects are should be appointed to come up with ideas to prevent bullying and present them to the school in groups of four to six. Recently I saw an idea of having a bench with cushions in the playground where pupils can sit and talk to ambassadors. They also talk to parents about their work.

Understand what’s not bullying :

As Techinnovar we run several campaigns Against Bullying, we also offer training which is attended by the whole school community, including parents. We talk about everything regarding online safety, dos and don’ts on the internet, bullying, including what is not bullying, such as a difference of opinion, a fight or an argument.

Teach your child at a tender age:

We need to educate pupils about cyberbullying as soon as we expect them to start using technology. Nowadays children below six years know how to download games ways better than some millennials.  We also must educate parents. There is the assumption that cyberbullying won’t affect their child until secondary school. We run workshops for parents of children in reception about staying safe online, primarily to highlight areas they wouldn’t even think of – cyberbullying doesn’t just happen on Facebook.

Empathy is the key to cyberbullying:

Let it be known that we cannot always hide behind a screen, computer, tablet or phone and bully others. The cyber world is part of the real world and should not be being separate. The approach we adopt is for perpetrators to develop their empathic skills. It is so important for young people to be able to imagine the effect their words and actions may have on their victim.

Run workshops for parents/teachers/tutors and Educators:

We talk about the definition of cyberbullying, the type of young person that may become a perpetrator or victim, different types of online harassment and what to do if your child is affected. We also run specific e-safety workshops, where we look at the different ways children cyberbully and how parents can help protect their child online.

Understand the law when it comes to cyberbullying:

If the school suspects that an indecent image has been shared, particularly in a

cyberbullying context, the device may be confiscated. In general, such images should not be viewed unless there is a clear reason to do so, such as checking the device to see if any offense has been committed. teachers or parents should not go on a fishing expedition through a pupil’s device and should always act within the school’s protocols, safeguarding and child protection policies.

Involve higher authority within the community:

One of the things we have found to be powerful is involving authority whenever necessary. A bullying incident may not involve prosecution, but it helps parents and students gain a better understanding of the legal dimensions involved. It’s particularly important when it comes to addressing issues that arise when students are in possession of an indecent image or video of another child, where discussions are also an issue of child protection.

Words of wisdom to youths:

My advice to the young people, treat your online passwords like your toothbrush, don’t share them with anyone, not even your best friend, and change them regularly. And keep your tweets sweet and your status gracious.

Let’s raise children as a society :

An interesting perspective is how bullying affects other people, causing reactions that impact the victim even more. Getting bystanders to empathize is key and their role in bullying is something that a school’s e-safety curriculum should cover. This is not only a teacher/parent obligation but rather a social concern and therefore should you see any evil blow the whistle.

 

Make employees care about cyber security with this 10 tips

Did you know your employees are your best assets, and you need to invest in them continually? If you did not know, now you know. Get them patched frequently, else you’re always going to have vulnerabilities. Even in a company with one employee or thousands, it’s worth training them as opposed to taking on the risk of a breach and this is because they represent a large potential attack surface in every organization. Take it from Techinnovar.

Here are 10 tips for best cyber risk practice for all employers.

  1. Perform “baptism by fire” training exercises

The best training today is “baptism by fire” training, in which the users undergo a simulated attack specific to their job, I would say.

Let them become a victim to an attack that’s arranged by a security department or an outside cybersecurity company, and then they’re asked to understand the lessons they’ve learned from that attack, and the implications on the business, on their personal lives and how they could have prevented it. And then they’re asked to share that experience with their peer group through a report.

By performing regular phishing tests, in which the IT team sends out a fake phishing email to all employees across the organization, and gauge how many people click on it. Then, they can break that data down by departments and types of messages, to tailor training to problem areas. It also allows the company to show progression.

  1. Top management involvement.

The IT team need to make the rest of the team aware of the ramifications of a potential breach. Typically, to have a good cyber plan, you have to have a lined item in the budget for people, hardware, or software, year after year. That means getting the CFO, and CEO of the company involved.

  1. Start cyber awareness training for every new employee

Every first-time employee joins the company, start building the mindset as all new hires go through security training from day one. That way they learn from day 1 that cybersecurity is important and that they are going to get continuous training.

  1. Frequent system evaluations

Make a timetabled plan for performance evaluations of both employees and systems to find out how vulnerable your organization is to attack. Until you do that, you won’t know how bad or good your security posture may be. Like we say here at Techinnovar, we detect to protect!

  1. Communication flow

Create a good communication culture for cybersecurity information to all employees, to get all departments on board with training and learning best practices. This will help break down the topic creating alignment, and this helps people work on it together.

  1. Have a handy formal plan

IT teams should develop a formal, documented plan for cybersecurity training that is reviewed and updated often with the latest information on attack vectors and other risks that are bound to occur.

  1. Appoint cybersecurity culture ambassadors.

Tech leaders should appoint a cybersecurity culture ambassador in every department at their organization. These representatives can act as an extension of the IT team and keep employees trained and motivated. That’s something that’s often overlooked—use the resources you already have in the company beyond the IT team.

  1. 8. Training, training and more training

Do not shy away from Cybersecurity training. You should make it a continuous process throughout the year, at all levels of the organization, specific to each employee. If you’re an end user, there must be training associated with the types of attacks you might receive—for example, attacks on your email or attacks that are oriented on the type of job you hold. If you’re in IT, the attacks may be more technical in nature in terms of the attacks you might be seeing.

  1. Insist on the importance of security both at work and at home.

IT teams should help employees appreciate the importance of cyber hygiene not just in the workplace, but also at home. Teach users about privacy, security, and how the lessons learned at work can apply at home and in their personal lives to give them a ‘what’s in it for me’ they can apply all the time, not just at work.

  1. Reward employees

Make it a fun-fair by rewarding employees that find malicious emails and share stories about how users helped thwart security issues. IT leaders should also empathize with employees who make mistakes: Many employees send or receive hundreds of emails per day, so asking them to avoid one of those can be difficult.

While these training tips can help, education is not a permanent solution but, just one aspect of defending the environment from advanced attacks.

Stay up to date on all the latest cybersecurity threats. Click here to subscribe to the Techinnovar newsletter.