Posts

Cyber Security Awareness 007: Token-Based

Image
What Is a Token? Think of a token like a digital pass. When you go to a concert, you might get a ticket that lets you in and out of the venue. Similarly, in the online world, a token is a small, unique piece of data that acts like a ticket to access certain websites or services. Once you're logged in, this token confirms that you're allowed to be there without asking for your password every time. How Does Token-Based Authentication Work? Here’s how the process typically happens: User Login : You start by entering your username and password, just like when you log in to your favourite app or website Token Generation : Once your login details are verified as correct, the website or app generates a special token for you. This token is a bit like a temporary ID card Token Storage : Your device (whether it’s your phone, tablet, or computer) stores this token safely. Think of it as your phone holding onto a pass that lets you move around the website or app without needing to log in a

Cyber Security Awareness 006: Biometric

Image
Have you ever unlocked your phone or laptop using your fingerprint or face? If so, you've already experienced the convenience of biometrics. Biometrics, also known as "something you have" authentication, is a technology that uses unique physical or behavioural characteristics to verify your identity and grant access to information. In today's rapidly evolving digital landscape, simple measures like passwords are no longer sufficient to keep up with sophisticated cyber threats. Biometric authentication systems, which gained widespread popularity around the 2010s, offer a more secure and efficient way to protect your data. By leveraging complex algorithms that analyse a user's unique physical and behavioural traits, biometrics provide a fast and easy way to authenticate individuals. Biometrics utilise various human attributes, including fingerprints, facial recognition, iris scanning, and voice recognition, to verify identity. Unlike passwords, which can be easily c

Cyber Security Awareness 005: Multi-factor Authentication

Image
What is Multi-Factor Authentication (MFA)? Multi-factor authentication (MFA) is like adding a second lock to your front door. It's an extra layer of security that requires you to provide more than one piece of information to access your online accounts. These additional steps make it much harder for hackers to break in. Why is MFA Important? Even the strongest password can be cracked. By adding an extra layer of security, MFA considerably increases the difficulty for hackers to access your accounts. By using MFA, you're reducing the risk of your personal information falling into the wrong hands.  How does MFA work?  There are three authentication techniques, as I covered in the blog post "Cyber Security Awareness 004: Authentication.".  Something you know : This is usually a password or a PIN. It's information only you should know. Something you are : This uses unique parts of your body, like your fingerprint or facial features. It's a part of you. Somethin

Cyber Security Awareness 004: Password Management

Image
Password Madness It used to be simple to remember your passwords, you might have a couple of computers, a few email accounts and your bank count but as the internet grew so did the requirement for logins and as applications have moved to the cloud that's grown exponentially. When I first started in IT the requirement was 6 characters, a combination of 2 character types and it was only updated annually. The best practice soon changed to a minimum of 8 characters, a combination of 3 out of four (uppercase; lowercase; numbers; symbols). Moving towards the recommendation of today's options being: A sequence of random non-personalised words (4-6 words) A short sentence with punctuation Alternatively: At least 12 characters long but 14 or more is better A combination of uppercase letters, lowercase letters, numbers, and symbols. Not a word that can be found in a dictionary or the name of a person, character, product, or organisation. Significantly different from your prev

Cyber Security Awareness 003: Authentication

Image
Introduction to Authentication Authentication is like showing your ID to get into a building. It's proving who you say you are to access something online. Whether you're checking your bank account, buying something online, or logging into your email, authentication keeps your information safe. Think of it this way: when you visit a website or app, you need to make sure you're the person you claim to be. That's where authentication comes in. It's like a digital doorkeeper, checking your credentials to let you in. There are three main steps involved in authentication: Identification : You tell the system who you are, usually by entering your username. Verification : You prove your identity by entering a password or using a fingerprint or facial scan. Authorisation : The system checks if you can access what you're trying to see or do. Authentication is crucial to your digital identity and business because it helps protect your personal information and

LinkedIn Qn: Assessing Needs for Cyber Cecurity

Image
Today on LinkedIn I was asked a relevant question about Assessing Needs for cyber security: " Begin by evaluating your current cybersecurity skill set against industry standards and the specific demands of your IS environment. Identify areas where you lag behind and need improvement. This might include knowledge of recent threats, mastery of new security software, or understanding advanced cyber defence strategies. Once you've pinpointed your skill gaps, you can create a targeted plan to address them, ensuring that your efforts are focused and effective. "  I found myself looking at all the answers professionals had posted and as one would expect they were all very relevant, but I thought they were lacking one crucial element, so I started posting my answer/comment, I had unfortunately run out of space so I've posted the full comment below: All of the standard answers to the question of assessing cyber security needs:  - Reviewing the risks against your current IS en

Welcome To Sahan

Image
 I'd like to offer a big MBC Blog welcome to Sahan Shahan is a graduated Cyber Security professional whom I've had the pleasure of working with previously and he's graciously offered to assist with posting some awareness articles on MBC. I look to more coffees & conversations moving ahead, thanks Sahan!