Jan 9, 2015
How many of you are secure in your security policies, especially cybersecurity?
I do training and presentations on business security and I'm wondering how many at MosaicHub have prepared for the probability they will be hacked or compromised given the current environment. If you would provide more than just a yes or no it would be appreciated. I will be using the information as generic talking points to my audiences. I will not name any names of course!
Expert Answers
Sort by Date
Sort by Votes
Jan 9, 2015
I know too much, so I never feel completely safe and secure, no matter how many precautions I take. Having seen what is out there and what people are capable of is unnerving! I tell friends to stop posting pics of their kids on Facebook and explain how much info can be gleaned from a photo or how easy it is to take that photo and use it for other means - well, they think I'm overreacting. They think because their FB settings say "private" they are protected. Ignorance is bliss, I guess.
Jan 11, 2015
Or they ignore the vulnerabilities on their smart phones. Do you have any idea how many people don't have any security on their phones? No password, no anti-virus..nothing, but they do their banking, check their email from it.
Jan 21, 2015
I have 58 WordPress websites to protect on a VPS managed server. While I don't rely exclusively on the Hosting company; they do backups and take other assorted security measures.
I believe that iThemes WP-Better-Security and Wordfence are the top security plugins for WordPress so I use one or the other on every website I build. I'd like to pick and stick with one, but sometimes there are WordPress themes that simply won't cooperate. :-) Whichever plugin is used I remove the user name "admin." I also have researched how to configure each plugin. Improperly configured, either one could be compromised.
I also add to every site the Country-Code-Failed-Login plugin. This free plugin locks out anyone who tries to login from another country . It also helps me stay with the free versions of WP-Better-Security and Wordfence.
Backups are done by creating a clone of each site using a product called Duplicator. Backups are maintained locally on my computer not on the managed server. This essentially works like Backup Buddy, but it too is free. Most of the automatic options I was presented with don't back up everything. Maybe they only backup the database. Note: If you haven't restored a site from backup...you should not consider yourself prepared.
I don't like guilt-ware so I use the plugin Zero-Spam, another free product, to handle spam-related problems. Akismet would cost too much for my operation.
Thus, it takes 4 plugins to handle cyber security. My current preference is Wordfence over WP-Better-Security. This is based on the fact that using it I don't use an optimization plugin; I'm pleased with the way the Wordfence Falcon engine works.
I'm also evaluating the usefulness of Photon. It is an image acceleration and editing service for sites hosted on Jetpack-connected WordPress sites. This is intended to mean less load on your host and faster images for your readers. The jury is still out deliberating.
I'm a solopreneur and freelance web designer so I have to keep it lean and mean. I'm always trying to do better,
- The Pragmatic Web Designer
Jan 21, 2015
John you have definitely helped me and anyone else who reads this. I have been impressed with the thoughtful answers I've received and appreciate your insights.
Jan 21, 2015
Steve Kozy, one of our community members and an IT expert, once helped me after I had fallen victim to Conduit and StartSavin two particularly virulent forms of malware. Conduit is a browser hijacker, which is promoted via other free downloads, and once installed it will add the Conduit Toolbar, and change your browser homepage and default search engine to search.conduit.com. StartSavin comes into your computer and shows you numerous pop up ads, deals and coupons. Steve provided a way for me to get rid of the virus that didn't enrich the coffers of the ad companies. While I can’t say I couldn't get work done; catching a virus slows you down.
Jan 21, 2015
I know everybody has their favorite web browser. Mine is Google Chrome. I think it gives me an added measure of protection along with my use of Norton Security. I'm probably delusional. :-) I get Norton free with my subscription to Xfinity TV and Internet.. Does anyone see a pattern developing? I'm becoming an "Xpert" on FREE.
-The Pragmatic Web Designer
Jan 9, 2015
90 percent people feel un secure because judicial system are worst more than 90 person criminal without getting and prison get free both police and judiciary are corrupt
Jan 11, 2015
Thank you for your response Hamza. To be sure there is corruption in judicial systems globally, but they aren't all that way. Both police and "judiciary" as you say are made up of people. In the end, all organizations, businesses, governments, etc. are all made up of people, just like you and me. Some are good and some are bad and some like to vacillate between the two. There are "hactivists" who believe that what they are doing is right because they have the right reasons for doing it, much like activists do in the physical world. There are hackers that do it for fun or to see if they can, or because they can. And there are hackers that do it for money, much like a thief or robber commits their crimes. The problem is that if you and your information is compromised, it really doesn't matter why, the issue now is how to fix it. It is much wiser to protect yourself before you are hacked, though there are limits as to what you can do.
Thank you for your response.
Jan 16, 2015
Hi,
While I cannot and do not make comment about the security policies and processes of the companies for which I work / have worked / consult / have consulted; my opinion about security policies in general is as follows.
The answer no one wants to hear--and for which I have been unpopular at a few banks for sharing--is that there is no 100% security; a determined individual or group will eventually get in given enough time and focused energy. An additional discomfort is that most successful hacks will very likely have a prominent element of social engineering because people are the easiest method of bypassing security measures. Probably the most distressing is that no matter how good the policies or the associated processes, mistakes will happen. Ultimately, most security policies and processes are there to achieve three things in my opinion:
- Reduce the risk of a breach;
- Deter intruders by making the target less attractive than other easier targets; and
- Lesson the impact of liability if a breach does occur.
Bottom line is that I don't think that it is possible--given the context--to feel secure about any security policy or process; the best we can hope for is to do things that help us feel less uncomfortable in my opinion.
Kind regards,
Seb
Jan 17, 2015
I'm a lousy example. I write books on the subject and use countless systems. But a great point to add to your presentation might be regarding small businesses and the relatively unfamiliar area of intrusion detection systems like samhain, snort, suricata, etc. Anything that improves topography will go over pretty well too in my experience.
Jan 17, 2015
And for the love of all things fluffy show them how to include Linux and other open source software so that they don't fall victim to every antivirus sales rep that strolls in off the street!
Jan 21, 2015
No problem, I found myself facing a similar dilemna once. I was fortunate to have a decent outline covering everything I had written about as a bulleted list made for good prompts, especially when it came to responding to things like enummeration and forensics questions.
Thank you, Dana. I appreciate your knowledge and concern for friends. It is unfortunate that they are not listening to you because you are right as far as you go. However it is worse than that. New and modified viruses, worms, malware of all types are created each day. How often do most people update their antivirus software assuming they even have it? Never or rarely. These people are greatly at risk and if it is a company, which will have employees and clients as well, they have put all of them at risk as well. Just search the internet daily for the single word "breach" and you will understand what I mean.
Thank you for responding.