Cybersecurity Tips from GCHQ

Yes, you’ve scared us. Now what do we do?’ That’s the question GCHQ’s director general of cybersecurity, Ciaran Martin, has found himself facing a lot, as the agency expands from protecting government and military assets to advising British businesses on how to protect themselves.

Accept the inevitable

The first thing to accept is that you can never stop all attacks. “The sheer scale of hostile activity on many organisations means that, eventually, some will get through,” Martin says. “What’s important is how you manage those.” That goes even for the most security-sensitive of institutions: between 2010 and 2013 the Ministry of Defence suffered 3,892 security breaches, both physical and cyber-related.

GCHQ’s own website, which suffers frequent DDoS attacks, was on one occasion taken down for several hours. “You need a playbook ready for how you will react when an incident occurs,” says Martin. “You may not be able to hold off a breach but, by having procedures in place, you can quarantine them, isolate the damage and keep the organisation running.”

Protect what’s really important

Bearing in mind that breaches are inevitable, it’s important to decide what can be sacrificed. “I’ve been a government official for 20 years and when I started the culture was about protecting absolutely all information,” Martin says. “Now we have to take a much more risk-based approach, figuring out what is important and why.” He points to the takedown of GCHQ’s website as an example. “Although I’d prefer that hadn’t happened, it is not business critical to this organisation,” he says. “That was very far from a disaster. There are risks in my organisation that could have much more impact, so I spend much more attention, much more money and employ far more people on those.”

Guard your interior

The fundamental weakness of any wall, whether in the physical world or the cyber, is that it still needs to allow legitimate traffic in and out. “Perimeter defence is just about rising the barrier for entry into your system so that you’re not an easy target,” Martin says. But as all walls can be breached, so relying on perimeter defence alone is insufficient. “You need both perimeter defence and active internal monitoring to look for spikes, or unusual patterns of activity,” he continues. “In some of the most well-known compromises, something as simple as monitoring the use of power on a network could have caught them.”

Collaborate

A tactic private companies are increasingly adopting from intelligence agencies is to attempt to use data collection and analysis to predict attacks before they occur. But to access the data needed for real, useful insight, collaboration will be essential. “There needs to be information sharing between companies who are normally competitors.” Martin says. “The financial sector has made great strides because they face a measurable financial threat every day, so they’ve set aside commercial rivalries to pool their data. And because they’re of a sufficient size they’ve been able to build systems that can process all this. Once you have access to this data, having systems actually able to make use of it is a key constraint.”

An organisation’s greatest weakness is increasingly not technological, but human. “System administrators are your key vulnerability,” Martin points out. “If they’re compromised then systems like encryption offer no further protection.” Yet malicious insider activity is less of a threat than accidental breaches. “People need to upskill significantly in cyber security, so being punitive isn’t always the best response ” Martin says. “It’s more important to focus on making procedures simple and accessible. We estimated that if you took all the advice about complex passwords, for the average number of systems that a person needs access to, it’s the equivalent of asking them to remember 660 digits every month. It’s better to design systems that may be mathematically less secure in the abstract, but are a lot more likely to actually be implemented to a decent standard.

Make Wifi More Stable At Home

Stable, strongWiFi at home is a covetous thing. A reliable internet connection is no longer a frivolous wish, but an increasingly necessary tool for many people’s professional and personal lives. And, of course, it’s just plain frustrating to pay a hefty monthly fee for a mediocre connection. So what can you do if your home WiFi is pretty lackluster? Luckily, you don’t necessarily need to pay more for a premium internet package to improve your current connection.

A number of factors beyond our control affect our WiFi signals, such as the area you live in (rural vs. urban, for example), available service providers, and even geographical features like mountain ranges or valleys. But while those issues are hard to change, you can make some changes at home to improve what you have. You might even live in an area with typically sturdy WiFi, but have accidentally sabotaged your own connection by giving your router a less than ideal set-up.

StarHub created a video with a short list of five simple tips and tricks to boost your home WiFi connection’s range orsignal strength.Here are the tips themselves, and you can check out the actual video below the list!

1. Get your router high

…No, not like that. People’s favorite place to put their router— on the floor, in the corner of their living room or home office— is actuallypretty terrible. You know how people sometimes hold their cell phones above their heads to try and get a stronger signal?They’ve got the right idea. Your router should be mounted somewhere high off the ground, and in the center of your house to reach all ends equally.

2. Personal space

Think of your router like you woulda person who doesn’t like their personal space being invaded. Keep clutter away from the router (this will be easy if you do the suggestion above!). You also might want to see if any other devices or appliances near or next to your router are causing signal disruption. Microwaves, home phone sets, and even wires can interfere with your WiFi signal strength.

3. DIY modify

You can also try a simple do-it-yourself modification using a soda can. Cut the bottom of an empty soda can off, then cut the can lengthwiseto the top. Then, cut around the top in one direction and then in the opposite direction, leaving a little bit connecting the top to the can’s (now unfurled) body. Stick the router’s antenna through the hole in the top used to drink out of, and arrange the cut-out body so it looks a bit like a sail.

Keep in mind that people have reported varying levels of success with this trick, with some people claiming it had no perceivable effect. Still, it’s worth a shot for a small increase in signal strength.

4. Extend it

Not into DIY? Buy your way to farther-reachingWiFi. You can purchase WiFi extenderswhich will increasethe range of your signal. It does this by picking up your router’s signal and then rebroadcasting it, thus artificially extending its range. However, doing so usually decreases the strength of the signal, sothis is a solution for people who have a strong signal but a short range.

5. Go 2 for 1

There are some instances where more does not equal better, but happily this isn’t one of them! Having not one, but tworouters in your home will indeed increase the amount of signalsaround you and potentially solve your WiFi woes. Since there are plenty of affordable WiFi routers out there, this solution is both simple and low-cost.

Secure Those IoT devices

As more and more Internet-connected devices find their way into our homes and businesses, it’s important to remember that they represent a security risk. The Internet of Things (IoT) is growing rapidly, and in the rush for convenience, our privacy and safety is often an afterthought. Leaving them unsecured is the digital equivalent of leaving the back door unlocked.

There are 5.5 million new things getting connected every day in 2016, as we head toward more than 20 billion by 2020, according to Gartner. That’s an awful lot of devices. They might bring all sorts of handy new features, but, whether it’s the latest cutting-edge baby monitor or a wireless doorbell camera that links to your phone, it’s also a network-connected computer and should be treated as such. Here are eight tips to help you secure those IoT devices.

1. Don’t connect your devices unless you need to.
The first step is to consider what functionality you need from the device. Just because your TV or fridge can connect to the internet, doesn’t mean you definitely want to hook it up. Take a good look at the features it offers and learn exactly what internet connectivity brings before you connect.

2. Create a separate network.
Many Wi-Fi routers support guest networking so that visitors can connect to your network without gaining access to shared files or networked devices. This kind of separation also works well for IoT devices that have questionable security.

3. Pick good passwords and a different password for every device.
It’s very important to pick strong passwords, but you must also make sure that you pick a different password for every device. If a hacker manages to get one of your passwords, they will typically try it with other services and devices. Reusing passwords is not a good idea. Use a password manager to keep track of all your passwords.

4. Turn off Universal Plug and Play (UPnP). Sadly, UPnP can make routers, printers, cameras and other devices vulnerable to attack. It’s designed to make it easier to network devices without configuration by helping them automatically discover each other. The problem is that hackers can also potentially discover them from beyond your local network because of vulnerabilities in the UPnP protocol. Is best to turn UPnP off completely.

5. Make sure you have the latest firmware.
If you want to make sure you have the latest security patches and reduce the chances of a successful attack, then you need to keep your firmware fully updated. Vulnerabilities and exploits will be fixed as they emerge, so your IoT devices and your router need to be regularly updated. Automate this wherever possible or set a schedule to check for updates every three months or so.

6. Be wary of cloud services.
A lot of IoT devices rely on cloud services, but the requirement for an internet connection in order for something to function can be a real problem. Not only will it not work when the network is down, but it may also be syncing sensitive data or offering another potential route into your home. Make sure you read up on the provider’s privacy policy and look for reassurances about encryption and data protection.

7. Keep personal devices out of the workplace.
Don’t take your personal IoT devices to work. There are lots of potential security concerns for wearables. Every enterprise should have a clear BYOD policy, and it’s often a good idea to prohibit personal IoT devices from connecting to the network, or at least limit them to a guest network.

8. Track and assess devices.
Businesses need to track everything connected to the network and monitor the flow of traffic. Devices need to be assessed to determine the level of access they should have, to keep them fully patched and up to date, and to protect data end-to-end to preserve its integrity. Unknown devices should flag an alert. Understanding which devices are connected and what they’re doing is a prerequisite for proper security.

If you’re dealing with sensitive data or you’re concerned about privacy, then make sure you have a long hard look at the IoT devices you’re considering. What security protocols do they support? How easy are they to patch? Do the providers have a proper privacy policy? It’s not safe to assume they’re secure because all too often they simply aren’t.