A short talk about Information Security, mainly focusing on start-ups and entrepreneurs.
Some basics on what Information Security is, how it can impact your business and some tips on how to mitigate against risk.
6. Confidentiality
- If confidentiality is breached it’s generally
classified as a ‘leak’
- Can have legal implications
- Bad for your reputation
- Hacker only needs read access
7. Integrity
- Less common but more serious
- Can cause persistent problems
- Possible to remain undetected for a long period
- Hacker does need write access
8. Availability
- This is what DDoS attacks do
- Usually short term but VERY damaging
- Hard to solve
- Hacker needs no access
9. What can I do?
- Passwords, passwords passwords!
- This is THE most important thing
10. Use a password manager
This will help you to:
Generate, maintain & manage strong passwords
Use different passwords for every site/service
Manage password access for your company
Change passwords when employees leave
Use KeepassX, LastPass, 1Password or Passpack
11. Resource Management
- People can be bad, make sure all master
accounts are under the company not under
individuals
- Separate access so changes can be logged
- This is especially critical for tech services such
as:
- Github
- Amazon Web Services
- Linode
- Bitbucket
- Dropbox
- Anywhere that your code/resources are stored
12. Turn on MAX Security
- Pretty much all services like AWS/Github etc
support 2FA (Two factor authentication)
PLEASE TURN IT ON!
If not you could end up like Code Spaces.
13. Education
- The weakest part of any organisation is always
the human element, known in infosec as
‘wetware’
- Prone to social engineering
- If you are a company owner or the tech go-to
person, it’s your job to educate
14. Safe Coding Practises
- Use a framework
- Don’t EVER EVER EVER EVER trust user input
- Always Hash passwords
- Build your APIs with Authentication
- Check ‘OWASP Top 10’ for more info
15. DDoS Protection
- Unfortunately if you get popular this is a serious
risk (Happening to Feedly/Evernote last month)
- There are various services that you can look at to
mitigate against DDoS attacks:
- http://www.incapsula.com/
- https://www.cloudflare.com/
- http://www.akamai.com/
16. Platform Security
- ALWAYS keep the core up to date
- If you can use a specialist host (WPengine/Page.ly)
- Use as few plugins as possible
- NEVER pirate themes/plugins as they often contain
malware
17. The END!
Questions?
Stalk me @ShaolinTiger or @THEdarknet on Twitter
If you are interested in Infosec – http://fb.me/darknetorguk
This preso will be on http://slideshare.net/shaolintiger