Cyber Security

by | Aug 10, 2020 | data, internet, privacy, security, Software | 0 comments

Cyber Security Tips and Advice

Cyber Hacker with skeleton mask and computer reflected in glasses

The following content is based around the Small Business Cyber Guide and the Easy Steps Checklist pubslished by the Australian Cyber Security Centre.

For more comprehensive information visit www.cyber.gov.au

On 6 August 2020, the Australian Government released Australia’s Cyber Security Strategy 2020.

To coincide with this, we at TigerFleet thought that it would be a good opportunity to give an overview of some of the steps that you can take as an individual or small business to protect yourselves from cyber attacks.

To better protect yourself from cyber criminals and secure your accounts and devices, the ACSC recommends that you:

Secure your email, social media and apps

Put strong security on important accounts where you exchange personal or sensitive information such as email, bank and social media accounts.
  • Turn on two-factor authentication, such as a code sent to your mobile, for an extra layer of security.
  • Use strong passwords on your accounts. A strong password is a passphrase of at least 13 characters, made up of about four words that are meaningful for you but not easy for others to guess. For example, ‘horsecupstarshoe’.
  • Don’t use the same password on any of your accounts.
  • Consider using a reputable password manager.

Hint: Use a Passphrase

A passphrase is similar to a password. It is used to verify access to a computer system, program or service. Passphrases are most effective when they are:

  • Used with multi-factor authentication – see below
  • Unique – not a famous phrase or lyric, and not re-used
  • Longer – phrases are generally longer than words
  • Complex – naturally occurring in a sentence with uppercase, symbols and punctuation
  • Easy to remember – saves you being locked out.

Passphrases will significantly increase security. The table below (from www.cyber.gov.au) gives some comparison on the ease of password styles to crack:

 

PASSWORD/ PASSPHRASE TIME TO CRACK EASE TO REMEMBER COMMENTS
(Brute Force Attack)
password123 Instantly Very Easy (too easy) One of the most commonly used passwords on the planet.
Spaghetti95! 24-48 hours Easy Some complexity in the most common areas, and very short length. Easy to remember, but easy to crack
5paghetti!95 24-48 hours Somewhat Easy Not much more complexity than above with character substitution, and still short length. Easy to remember, but easy to crack.
A&d8J+1! 2.5 hours Very Difficult Mildly complex, but shorter than the above passwords. Hard to remember, easy to crack.
I don’t like pineapple on my pizza! More than 1 Year  Easy Excellent character length (35 characters). Complexity is naturally high given the apostrophe, exclamation mark and use of spaces. Very easy to remember, and very difficult to crack.

Watch out for scam messages

Online scams and ‘phishing’ by email, SMS, social media posts and direct messaging are designed to steal your logins, credentials and personal details or to download malicious software onto your devices.

  • Check before you click links – hover over the link to see the actual web address.
  • Never enter your username or password from links in messages to your accounts – go to the official website or app.
  • If a message seems suspicious, contact the person/business through a separate, legitimate source to confirm it.

Secure your mobile and computer

  • Always use a PIN or password on your mobile and computer.
  • Always do the software updates such as Microsoft, iOS and Android.
  • Make sure you download apps from official stores such as the Apple App Store or Google Play for Android.
  • Install security software on your devices to protect you from malicious software.

Check public Wi-Fi before connecting

Information shared through public Wi-Fi hotspots in cafés, airports, hotels and other public places can be intercepted.

  • Turn off automatic connection to public Wi-Fi on your devices.
  • Choose to connect to non-public Wi-Fi for a more secure connection.
  • Consider installing a reputable Virtual Private Network (VPN) solution on your device.

Software Considerations Key areas

Securely organising your software can drastically increase your business’ protection from the most common types of cyber threats.

For example, your operating system is the most important piece of software on your computer. It manages your computer’s hardware and all its programs, and therefore needs to be updated, backed up and maintained.

Improve resilience, stay up to date and stay safe with these software considerations for small businesses.

Automatic Updates

An automatic update is a default or ‘set and forget’ system that updates your software as soon as one is available.

  • Better online security
  • Improved protection (in real-time, directly by the experts) from loss of money, data and identity
  • Enhanced features and efficiencies for programs and apps.

Automatic Backups

An automatic backup is a default or ‘set and forget’ system that backs up your data automatically, without human intervention.

  • Quicker and easier to get your business back up and running if information is lost, stolen or destroyed
  • Protects credibility of your business and help meets legal obligations ^
  • Peace of mind that you’re always protected so you can focus your business efforts that deliver value

Multi-Factor Authentication

Multi-factor authentication (MFA) typically requires a combination of something the user knows (pin, secret question), physically possesses (card, token) or inherently possesses (finger print, retina).

The multiple layers make it much harder for criminals to attack your business. Criminals might manage to steal one proof of identity e.g. PIN, but they still need to obtain and use the other proofs of identity. Two-factor authentication (2FA) is the most common type of MFA.

Small businesses should implement MFA wherever possible. Some MFA options include, but are not limited to:

  • Physical token
  • Random pin
  • Biometrics/ fingerprint
  • Authenticator app
  • Email
  • SMS

People and Procedures Key areas

Businesses, no matter how small, need to be aware of and consciously apply cyber security measures at every level.

Given small businesses often lack the resources for dedicated IT staff, this section addresses how you can manage who can access, and who can control your business’ information, and the training of your staff.

Your internal processes and your workforce are the last, and one of the most important lines of defence in protecting your business from cyber security threats.

Access Control

Access control is a way to limit access to a computing system. It allows business owners to:

  • Decide who they would like to give access privileges to
  • Determine which roles require what access
  • Enforce staff access control limits.

Access control systems help you protect your business by allowing you to limit staff and supplier access to your computer:

  • Networks
  • Files
  • Applications
  • Sensitive data

Peace of Mind (Part 2) – Understanding Cloud Technology

by | Feb 19, 2020 | cloud computing, data, hardware, internet, privacy, security, servers | 0 comments

Peace of Mind (Part 2) – Understanding Cloud Technology

In part one of this discussion on data protection and technology we looked at some of the ways that you can protect your personal data while browsing the internet and shopping online. This part looks at the shift to cloud technology and protecting data stored in the cloud or on in house servers.

What is Cloud Technology?

Cloud technology has been around for many years now, but the levels of trust in the security of the system and understanding of cloud-based technology varies from person to person and company to company. 

Cloud-based software, simply put, is software that is stored on servers owned or leased by the software provider. The servers are typically held within secure and climate controlled third-party data centres, and all you need to access the software is an internet connection and the software provider takes care of the rest. You typically pay a subscription fee for the software and access it much the same way that you would access a website.

In House Servers

Until relatively recently, businesses that use software packages and share files and folders across their business network would have needed an in house server and a network of workstations with unique addresses. If set up correctly, a workplace network is a simple way of sharing data among employees and does not require an internet connection to operate.

With increased technology (and access to an internet connection or mobile data network) Virtual Private Networks (VPNs) and Remote Desktop Connections enabled companies to share a single network with multiple physical locations, both nationally and internationally.

Hosted Servers

Server hosting is a bit of mix of the above, and is a service offered by network providers who run all the software that you would ordinarily house on your internal server on a remote server that they either own themselves or lease. You may have a server dedicated to your company, or you may share a partition of one with someone else. You typically rent/lease an amount of data storage space, same as you would rent/lease office space.

As with cloud-based software, you need your own personal computer, laptop or tablet and a reliable internet connection to access the hosted server. 

Which is Better for my Business?

For many people there is something comforting about having a large server ticking away within a data room on your own premises. You know that your data is sitting in your own building, you are in control of its fate – good and bad, and you are not dependent on a third party provider and the internet speed and stability in order to get your daily work done. But, and this is an important but, you need to protect your hardware, software and data; many companies are at risk of losing its data through inappropriate backup schedules, insufficient hardware maintenance, power surges, viruses, spyware, hacking and a host of other factors. 

Although high-end in house servers can be extremely expensive, and the cost of maintaining them can be high, if you are in an area where you do not have fast and reliable internet this might be your only option. Even if you do have good internet, your own server can be a more cost-effective solution for small businesses, and a lower spec server or a powerful PC might suit all your needs. 

Solid state drives offer faster, smaller and longer lasting computers, which may be an option for your in-house server, but these advantages come with a trade-off. Larger capacity solid state drives are expensive, especially for the better brands, which means that storing large amounts of data locally can be very expensive, and increasing your data storage capacity can be complicated.

Cloud-based systems (including hosted servers) easily allow for multiple users to access your important data in real time, from any device, increasing productivity, access to information and user independence. This reduces business risk and ensures a level of flexibility that on-premises equipment simply can’t offer. You would typically have a known cost per month to access the system and extra storage/users can be added as and when it is needed.

Providers of cloud services are responsible for a broad set of policies, technologies, applications and controls in order to protect the internet portals you access your data through as a client. They are responsible for ensuring the compatibility of the applications and services they provide with the browsers through which you access them. They are also responsible for the security of your information and take care of hardware maintenance, data backups and related services for you.

Although there are many pros and cons of each type of system, and an initial assessment may suggest that the on-premise solution is cheaper, if all factors are considered, cloud-based technology offers much greater value and flexibility.  

A Common Sense Approach

Regardless of what you decide, you still need to have systems in place to prevent data breaches and potential losses. In part one of this series, we discussed how poor password security is responsible for over 80% of data breaches, but leaving computers unlocked, having inadequate virus and spyware protection and sharing your login details with other people can lead to big problems. 

Even though you might have the latest and the best virus and spyware protection installed, the software you have is always one step behind the bad guys. To put it another way, the antivirus needs the virus to exist in the first place for it to be needed, so never ‘assume’ that you are protected from the suspicious email you are about to open.  

How does TigerFleet Store and Protect your Data?

TigerFleet’s main database is hosted on Microsoft Azure servers. Microsoft Azure has the largest global network, servicing 55 regions and 140 countries around the world. Each region is a set of data centres that are interconnected via a massive and resilient network. The network includes content distribution, load balancing, redundancy, and encryption by default.

Azure regions are organized into geographies, and each geography ensures that data residency, sovereignty, compliance, and resiliency requirements are honoured within geographical boundaries. Geographies are fault-tolerant to withstand complete region failure, through their connection to the dedicated, high-capacity networking infrastructure.

Microsoft’s datacenters comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability, and are managed, monitored, and administered by Microsoft operations staff. The operations staff has years of experience in delivering the world’s largest online services with 24 x 7 continuity.

TigerFleet ensures that data stored with Azure is encrypted in accordance with their standards and maintains control of the keys that are used by its cloud applications to encrypt data. Encryption of data in storage and in transit is deployed by TigerFleet as a best practice for ensuring confidentiality and integrity of data. TigerFleet uses SSL to protect communications from the internet and even between their Azure-hosted VMs.

TigerFleet has opted for Geo-redundant storage (GRS) with Azure. GRS maintains six copies of your data. With GRS, our/your data is replicated three times within the primary region. The data is also replicated three times in a secondary region hundreds of miles away from the primary region, providing the highest level of durability. In the event of a failure at the primary region, Azure Storage fails over to the secondary region. GRS helps ensure that data is durable in two separate regions.

If a customer closes their account, they can request to have all of their data destroyed immediately. If this is not requested, their data is retained by TigerFleet for 12 months, which allows the client to export all of their data to Excel if they wish to use it elsewhere (e.g. upload to a new provider). At the end of this period, however, the data is destroyed.

Why Microsoft Azure?

Access to customer data by Microsoft operations and support personnel is denied by default. When access to customer data is granted, leadership approval is required and then access is carefully managed and logged. The access-control requirements are established by the following Azure Security Policy:

Azure provides customers with strong data security, both by default and as customer options. Azure is a multi-tenant service, which means that multiple customer deployments and VMs are stored on the same physical hardware. Azure uses logical isolation to segregate each customer’s data from the data of others. Segregation provides the scale and economic benefits of multi-tenant services while rigorously preventing customers from accessing one another’s data.

Microsoft helps ensure that data is protected if there is a cyberattack or physical damage to a datacenter. This includes in-country/in-region storage for compliance or latency considerations, and out-of-country/out-of-region storage for security or disaster recovery purposes.

When customers delete data or leave Azure, Microsoft follows strict standards for overwriting storage resources before their reuse, as well as the physical destruction of decommissioned hardware. Microsoft executes a complete deletion of data on customer request and on contract termination.

Peace of Mind (Part 1) – Protect Yourself and Your Data

by | Feb 12, 2020 | data, privacy, security | 0 comments

Peace of Mind (Part 1) – Protect Yourself and Your Data

Our personal data is everywhere, and we can no longer afford to be blasé about our data security – if we are not taking proactive measures to prevent the use of our personal information, we are opening ourselves up to all kinds of problems.

Data breaches are inevitable, and the bad guys keep coming up with new ways to steal your personal information. If you want to protect yourself in this dangerous digital world, you need to take a proactive approach, and that means building security into everything you do online. Here are some tips you can use to protect yourself and your data in this age of data breaches.

HTTPS and SSL

Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. The extra “s” means your connection to that website is secure and encrypted; data you enter is safely shared with that website. This technology is called Secure Socket Layer (SSL) and this security is particularly important when users transmit sensitive data, such as by logging into a bank account, email service, or health insurance provider.

Any website, especially those that require login credentials, should use HTTPS. In modern web browsers, such as Chrome, websites that do not use HTTPS are marked differently than those that are. Look for a padlock in the URL bar to signify the web page is secure or look for warnings like the one below that alert you to the ones that are not.

Designate an Online Shopping Card

Shopping online is convenient, but it is important to stay safe. With so much credit card data being stolen, it has never been more important to be proactive about protecting yourself and your money. In addition to shopping only on sites that display the HTTPS/SSL padlock notification, you can also designate a single card for all your online shopping. Use that credit card whenever you shop online, then check your statements carefully for signs of fraud and unauthorized use.

Avoid Saving Your Credit Card Data at Shopping Sites

It may be convenient to save your payment information, but it is also risky. Avoid the temptation to save your credit card information and instead take the time to enter it each time you shop. This proactive measure will prevent your credit card information from being revealed in the next data breach, and may also reduce the impulse purchases that we are all guilty of.

Run Updates Regularly

One of the ways that hackers try to breach your computer’s firewall is through weak or outdated code. Most software providers release updates to their products but, when the program is running locally on your computer or server, it is up to the user or company IT department to run these updates.

Some updates are programmed to run in the background, such as those related to your computer’s operating software, while other programs are scheduled to check for updates on start up. In order for these updates to be installed or users to be notified that they are available, the computer needs to be restarted on a regular basis.

Indeed, restarting computers and other electronic devices, such as phones and tablets, is needed to ensure that programs run smoothly, so it is a good daily habit to get into.

Use Strong Security on All Your Devices

Your online security is only as strong as your weakest link, so make sure all your devices are well protected. From your tablet to your smartphone to your laptop, make sure you have strong antivirus and malware protection on every device you use.

Implementing strong security and keeping it updated is one of the best things you can do to protect yourself from the next data breach. Think of your online security as a chain, one that requires the robust participation of every link along the way.

Use a Trusted Password Manager Tool

A password manager is a tool that does the work of creating, remembering and filling in passwords – we use LastPass. Simply log into an online account for the first time and the password manager will store your username and password so every time you go back your credentials will be filled in automatically.

81% of breaches are caused by weak or reused passwords, so it is essential that each account you have has it’s own unique password. So how are you supposed to remember these strong, unique passwords? You can’t. But a password manager can.


In the next part of this discussion on Data Protection, we will look at Cloud Technology v Onsite Servers and outline what TigerFleet does to ensure your data is safe.

Notes Screen Searchable

by | Feb 8, 2020 | data, Employee, Software, Update, Vehicle | 0 comments

Notes Screen Searchable

Did you know that the notes you make in the TigerFleet Management Vehicle’s and Employee’s Notes screens are now searchable? 
 
We thought that this would be a great place to store all of the information that just doesn’t have anywhere else to be entered, but you would still like to be able to find easily. 

Just to get your ideas rolling, we think that notes would be the ideal place to store the past registration details of a vehicle or the Serial No./Asset Code of a piece of equipment given to an employee. Instead of looking through all of the screens, you can now search the details up straight in the main Vehicles or Employees screen quickly and easily.