Tips to enhance & strengthen passwords
Password security remains one of the most neglected topics in the cyber world. Despite increasing awareness in this space, there are still a number of people using ‘1234546’ or ‘password’ to secure their account! Here are a few basic tips for the general public to strengthen your passwords:
- Avoid predictability: Use nonsense phrases instead of words. Avoid personal information such as name, DOB, anniversary or a pet name. This can significantly enhance the password strength by making it difficult to crack.
- Decrease reliance on the browser: Even though companies such as Google have taken steps to improve password security of their browsers, still most of the browsers don’t promote good password hygiene. One of these practices include ‘auto-filling’ whereby one stores his/her username and password on the browser, for an instant click and log in. Decreasing dependence on the browser can help reduce the chances of a password breach.
- Use a password manager: It is not ideal to use the same passwords on multiple platforms. A password manager gives you the flexibility to be creative with your password phrases and you don't have to remember all of them. Typically, all stored passwords are encrypted, and you just need one master password to access all the passwords.
Australian Utility Week Wrap
Privasec team was in Melbourne this week at the Australian Utility Week Conference.
Privasec's COO, Karan Khosla gave a panel session on the risks around moving to the cloud and our Senior Security Consultant James Cristofaro delivered a presentation on behind-the-meter devices and how to mitigate threats with defense in depth.
A special thanks to the Australian Utility Week team for arranging another fantastic event.
Privasec's APAC Cyber Security Advisor speaks at ISACA Summit in Sydney
Our APAC Cyber Security Advisor, Shamane Tan, was on the panel for the ISACA Summit in Sydney this week. Shamane shared her views on skill shortage in the industry and good hiring practices. Here are a few tips from Shamane:
- Look beyond the obvious.
- Look for transferable skills, potential, passion, curiosity, resilience, integrity in the individual candidate.
- Look for candidates with the ability to pick up new skills on the job.
Other panellists provided their take on the topic, notable mentions include:
- Create diverse teams, consider beyond ethnicity, gender, colour etc.
- Mentoring programs for those with potential to learn and grow into the role.
- Every individual brings something different to the role so keep an open mind when hiring.
A special thanks to the ISACA team for arranging another fantastic event.
Payment Card Industry Data Security Standard (PCI DSS): Why is Compliance Critical?
The Payment Card Industry Data Security Standard (PCI DSS) is mandated by the major payment brands (MasterCard, Visa, Amex, JCB and Discover) for organisations that handle payment card data. The PCI DSS defines the minimum security controls needed to protect cardholder data. If you process, store, or transmit payment card data, you are required to comply with PCI DSS. Merchants that accept payment via debit or credit cards and service providers that process payment card data are required to comply with the standard.
Compliance with PCI DSS enables your organisation to meet its contractual obligations whilst protecting payment card data and reducing risks relating to fines and reputational damage.
Achieving PCI DSS compliance can be a challenging, confusing, and for some, expensive experience. Privasec can guide you through the process of understanding what to do and give you pragmatic choices about how to minimise compliance costs. Our PCI DSS Health Check is a high level assessment, led by a registered PCI Qualified Security Assessor (QSA).
Call us now to learn how we can help
AU: 1800 996 001, NZ: +64 9 222 4725, SG: +65 6631 8375.
Vulnerability Scanning vs Penetration Testing
Even some of the most accomplished IT professionals are not sure about the difference between a vulnerability scan and a penetration test. Here are three basic differences between the two terms:
1. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment. A penetration test on the other hand is the practice of testing a computer system, network or web application to identify insecure business processes, poor security settings, or other weaknesses that a hacker could exploit.
2. While a vulnerability scan informs the stakeholders about the system vulnerabilities, a penetration test shows how these vulnerabilities could be exploited to cause harm to the organisation.
3. A vulnerability scan could be performed by an organisation's IT department using tools such as OpenVas and Nessus. A wide range of tools are available for use during a penetration testing but it’s the skill of an experienced pen-tester that is needed to identify ways in which vulnerabilities can be exploited.