Anti-spoofing controls – stopping the email impostors

By Euan Henderson Cyber Security Apprentice Three controls that should be configured are: Sender Policy Framework (SPF) DomainKeys Identified Mail (DKIM) Domain based Message Authentication, Reporting & Conformance (DMARC) records NCSC recommends the following: That all domains have the SPF and DMARC records in place, regardless of whether the domain is or is not used …

Stop downloaded files running without warning

By Tony Wilson Senior consultant We are often asked how to prevent, or alert the user that, an untrusted file has been downloaded from the internet. This is a requirement of Cyber Essentials and relates to question 4.5 of our questionnaire. It is often a good idea to check your anti-virus programme as it may …

Bringing down the barriers to Cyber Essentials Certification

By Jason McNicholas Cyber Security Apprentice The Indelible Data tech team attended Infosec in London looking for tools and services that would help companies achieve Cyber Essentials. Our highest priority was to identify a way in which small companies could implement two-factor authentication affordably. After trawling hundreds of stands, they found a great solution from …

Indelible Data certifies 1000 customers to Cyber Essentials

Indelible Data is celebrating certifying more than 1000 companies to Cyber Essentials and Cyber Essentials Plus as the scheme reaches its fifth anniversary. From FTSE 100 company Whitbread Plc and multinationals like 8×8 Inc and Xerox Ltd, to SMEs and micro businesses, Indelible Data has assessed and assisted organisations seeking to keep their systems safe …

Making sense of Cyber Essentials – AutoRun and AutoPlay

By Jason McNicholas Cyber Essentials Assessor There is often a lot of confusion about the ‘AutoRun’ and ‘AutoPlay’ features of the Windows Operating System. Both features relate to the behaviour of a computer when removable media is inserted, however these features are completely independent of each other. Note that none of these functions have anything …

How to make Office 365 Exchange block executable content

By Tony Wilson Senior consultant Indelible Data has found that many companies trying to comply with Cyber Essentials, particularly those wishing to prevent emailed executable files running without sufficient warning, are actually blocking valid, often important, files arriving into user inboxes. For example, the Cyber Essentials Plus test includes executables contained in zip (container) files …

Fighting back for internet privacy

By Jason McNicholas Cyber Security Apprentice For years, governments and companies have slowly, but surely,  attempted to stamp out internet anonymity for users, from legislation to small print on Terms and Conditions, data is constantly being gathered on everyone. Within the last few years, VPN (Virtual Private Network) usage, to disguise the user’s IP address …

Email security: guarding against the expected

By Euan Henderson Cyber Security Apprentice In order to secure an organisation’s emails, TLS should be enabled as best practice. TLS stands for Transport Layer Security and is a security protocol that encrypts and authenticates data between services/applications and the end users. TLS v1.1 is not considered safe, so ensure that you use v1.2 wherever …

Cyber secure our future!

Malware and hackers might be the two biggest challenges facing Cyber Security but a skills shortage means the industry is struggling to keep pace. A recent study by the University of Roehampton has found that fewer 16-year-olds in England are getting a computing qualification. It also found that schools were cutting back on the hours …

Some of the known tools developed by Julian Assange

By Jason McNicholas Cyber Security Apprentice With the news of Julian Assange being arrested in the Ecuadorian Embassy, people may be wondering why he is charged with hacking by the United States government as many people only see Assange as a journalist and not a hacker. The centre of the hacking allegation stems from the …