Tag Archives: SME

Top secret information about Australia’s military hacked – SME’s overstretched with Cyber Security Frameworks

15 October 2017

Lisa Martins report Top secret information about Australias military hacked, published on October 12th, 2017 at news.com.au, about a one year old attack on an Australian defense contractor is another example that small businesses are technically and organizationally overstretched with the challenges of cyber security.

The best approach for SMEs would be to set up a cyber security framework like the NIST Cyber Security Framework or an ISO 27001 based framework. But the effort to do this is for small businesses just too high.

For SMEs to stay ahead of the cyber security curve a light version of such frameworks is required, with focus put on actively managing the risk.

The Strategies to Mitigate Cyber Security Incidents of the Australian Signals Directorate (ASD) puts focus on the basics. If carefully implemented and regularly assessed, the security level goes up and this kind of attacks are no longer possible. Even large businesses can raise their security level when implementing the ASDs recommendations.

But when it comes to critical infrastructures a full implementation of a cyber security frameworks is the only way to survive in the long-term. By the way, the first task in the NIST CSF core is asset management…

Have a great week.

Advertisements

Windows 10 free update phase ends in July 2016

2 July 2016

It’s high time to migrate to Windows 10. The free update phase ends in July 2015, one year after the first release of the most secure Windows operating system ever.

Windows 10 is the best choice for home users and SME. The core Windows 10 OS with the integrated SmartScreen application and URL reputation check and Windows Defender already provides a good security out-of-the-box, at no additional cost.

With UAC set to ‘Always notify me’ and with the rigorous waiving to work constantly with administrative privileges, a high security level is achieved with small impact on usability

It’s time to get started!

Have a good weekend.

The course towards security is set upon purchase of a computer

10 January 2015

In his report SME security on a shoestring budget Vladimir Jirasek aptly describes the state of the SME (Small- and Medium-sized Enterprises): They are the motors of economy! And increasingly susceptible to cyber-attacks, because they have only very limited IT budgets to spent.

Fortunately Microsoft provides lots of advice and free tools to help SME in the struggle against cyber-attacks. In addition lots of open software tools are available which help to boost security. Vladimir Jirasek discusses some of the fundamental built-in security measures for the safe operation of computers.

But the course towards security is set upon purchase of the computer. Please see below for my recommendations for Microsoft Windows-based computers

  • Select the 64-bit versions of Windows if you have the choice

I strongly recommend to buy a computer with a 64-bit Windows operating system, preferably Windows 8.1. Even with 4 GB Ram only, a 64-bit operating system makes sense because some security features like Enhanced Protection Mode in Internet Explorer require 64-bit processes.

Other security features, e.g. ASLR (Address Space Layout Randomization), which guards against buffer overflow attacks, work far more effective in a 64-bit environment.

Please check in advance whether your applications are 64-bit ready. Most of the 32-bit apps work without problems with a 64-bit windows.

The 64-bit Windows versions are normally available at no extra costs with a new computer. Please ask your reseller.

  • Select the professional versions of Windows if you have the choice

In the professional versions of Windows Vista, 7 and 8 is Microsoft’s drive encryption feature BitLocker included. If BitLocker is activated you have to enter a passphrase at boot time to release the drive. In the event of theft or loss a third party could not access the information on the drive because he does not know the passphrase to release the drive. BitLocker could be used to protect other storage devices as well.

The additional costs for the professional versions are at approx. 40 US$ if you buy a new computer.

With 64-bit Windows Professional the gain in security is high at moderate additional costs. I would recommend this choice even for home users.

That’s it for today. Have a nice Weekend.