Will employees be threatened? Yes, although there is such a possibility, it is basically unconscious. I recently wrote some statistics to highlight the biggest reason for WordPress vulnerabilities. But another fairly large component of the infrastructure is equally vulnerable and is the direct target of external malicious actors – our users – that we all often ignore. Why can we learn from the directory CIA? What are they after? Where and how? What can you do with all this? What did you learn from the CIA approach? Starting from the process of strengthening confidentiality login, implement personal information attributes according to strong password security and policies, identify and classify authenticity, authority and authority restrictions, user change records, maintain effectiveness, data backup failure, security threat to planned data availability, preventive maintenance education and training, foreign teachers CIA will learn Possible lessons phishing and pretexting are two favorite tactics for cybercriminals. This social attack can lead users to abandon login credentials and other personal information. These details are used for hacker attacks, security breaches, web applications, systems, and data access.
Ask twitter, T-Mobile, Marriott, Amtrak or Ritz Hotel. Although all the headlines and attention are well-known brands, it is surprising that more than one in four (28%) small businesses are directly targeted and suffer from success. The following insights can be gained from Verizon’s research: Their 2020 DBIR (data break investments report) gives detailed foren style investigation highlights on malicious behavior, motivation and methods of malicious actors. They obviously pursue one thing, your data.
But we also know how to develop defense plans to mitigate such cyber security violations. Why attack? What are they after? The simple answer is that the attacker wants the valuable data you have. Nearly one ninth (86%) of successful violations of the system come from financial interests. Most of them (55 per cent) are related to organized criminal groups defined in the report as \
Like other enterprises, \
Therefore, all security response plans should focus on data protection. Where and how? Criminals know that if they can master the user’s credentials, the work will be much easier. Therefore, it is not surprising that users should give up system login details and other personal information to make more efforts in more sophisticated phishing and free text attacks. \
Online network
Application is the most common attack vector. Attackers can use lost or stolen user login credentials, or they can enter using indifference substitution attack (malicious use of weak password). \
What did you learn from the CIA approach? Ah, here, we are not talking about the world’s highest level of new technology provided by the CIA. This technology can be used to repel criminals. We are discussing an elegant and flexible framework, with a focus on protecting threatened key asset data. The CIA framework consists of three core basic principles designed to reduce accidental and malicious access to and modification of data. Confidentiality authenticity validity confidentiality confidentiality confidentiality asks what you can do to ensure the security of the data you have. That is, only employees have access to the information they need to perform their roles.
More than 80% of successful hacker attacks use lost or stolen user credentials, or maliciously use weak passwords, such as \
Therefore, even if the attacker does not access the physical device and the login credentials are damaged, the attack can be prevented as long as the pin is required. Strong password security and policy implementation. More than 35% of user accounts use weak passwords that can be easily cracked. Therefore, strong password security and policy are needed. Implement not only password strength policy, but also password recording and expiration policy. These powerful passwords must expire in time. Therefore, it is only useful when the user’s credentials are actually damaged and the password is valid. Therefore, changing the password may hinder future malicious operations.
Two factor authentication method and powerful password implementation make quite powerful defense possible. View the current access control list of each role according to the data identification and classification stored according to the personal information attributes, and then appropriately allocate the required data access rights using the minimum permission principle. Access to personal and sensitive data should be restricted as needed and requires employees to fulfil their roles. For example, a customer support representative may need to access order history, delivery details, contact details, and so on. Do you need to view the customer’s credit card details, social security number or other sensitive personal identification information?
Or provide ordinary employees with the company’s bank account balance and details? Or the company’s current and past financial accounts? Then let’s treat it as No. Authenticity integrity requires you to control and understand who can change the data under what circumstances, and consider the measures taken to ensure the effectiveness of the data. To ensure data integrity, focus on data items that may need to modify permissions and permission restrictions
Limit your permissions. Most of the data needs no or almost no modification. This principle, also known as the minimum permission principle, is one of the most effective security best practices. It is usually ignored, but it is easy to apply. In addition, if the attack implements limited access to the data and successfully accesses the system account, the data infringement and its losses will be limited. If existing data changes, how do you know when, who, and what? Are you sure? Has the modification been approved and effective? With a comprehensive real-time activity log, you can get full visibility of all tasks performed on all word press systems, which is the basis of good security practices. In addition, the archiving and reporting of all activities helps to comply with the personal information protection laws and compliance obligations of the jurisdiction. Due to effectiveness and availability, we must focus on maintaining data accessibility and stability. Therefore, you can ensure that the business continues uninterrupted, let employees perform their duties, let customers place orders, and fulfill and send orders in a safe way. Downtime is not only a potential loss of revenue, but also the unavailability of the system and the collapse of the confidence of users, users, customers, partners and employees. Back up data regularly and consider storing these backups in different places. The following is a good article on the security risks of developing this topic and saving word press backup files and old files to the site. Examine the infrastructure components on which your business depends to cope with failure. Manage networks, servers, applications, etc., and have improvement measures and plans. Even if any of these key factors fails individually or collectively, it can be recovered quickly. You may be using the hosting company of the WordPress website. Who will handle these tasks for you. But it’s important to ask relevant questions to determine the process and level of services they provide you and whether they meet your business needs. For example, restore WordPress backups, test security systems, and simulate disaster recovery processes. From the security perspective of data availability, the number one threat of all events recorded in the report is DDoS (distributed denial of service) attack, which is mainly aimed at interruption rather than trying to access (hacker). Many WordPress hosting companies provide appropriate defense against such attacks. However, it is always prudent to investigate the vigilance and security services they provide and whether these measures are sufficient or whether defense should be strengthened. Preventive maintenance plays a vital role in usability. WordPress website and related plug-ins are updated automatically in time to fix existing known vulnerabilities and provide stronger security protection. Just as education and training Benjamin Franklin once said that \
