Feed aggregator
Turbine TOKEN CRYPTO – Early Stage Opportunity to Play
Article URL: https://www.turbinetoken.com/
Comments URL: https://news.ycombinator.com/item?id=42062455
Points: 1
# Comments: 1
Pieces of Truth
Article URL: https://www.tyleo.com/blog/pieces-of-truth/index.html
Comments URL: https://news.ycombinator.com/item?id=42062444
Points: 1
# Comments: 0
Robots are taking over low-skilled jobs - which can influence preferences
Article URL: https://knowledge.wharton.upenn.edu/article/robots-are-taking-over-low-skilled-jobs-and-changing-votes/
Comments URL: https://news.ycombinator.com/item?id=42062420
Points: 2
# Comments: 0
Best M3 MacBook Air Deals: Save Up to $200, Plus Even More With Trade-In Offers
Best Verizon Plans: How to Choose and Which Ones to Pick in November 2024
Ask HN: What does the outcome of the race mean for tech? Particular startups?
However you feel about it happened. Curious how folks think things may (or may not) change now.
Comments URL: https://news.ycombinator.com/item?id=42062311
Points: 2
# Comments: 2
It's raining PFAS in South Florida – study
Article URL: https://www.sciencedirect.com/science/article/abs/pii/S1309104224002678
Comments URL: https://news.ycombinator.com/item?id=42062294
Points: 1
# Comments: 1
New York City Became a Haven for Endangered Languages
Article URL: https://lithub.com/how-new-york-city-became-a-haven-for-endangered-languages/
Comments URL: https://news.ycombinator.com/item?id=42062280
Points: 1
# Comments: 0
I Tried Klarna's AI Shopping Assistant. It Helped Me Save $229
Private Cloud Compute Security Guide
Article URL: https://security.apple.com/documentation/private-cloud-compute/
Comments URL: https://news.ycombinator.com/item?id=42062230
Points: 2
# Comments: 0
A database with 750 TikTok Creator
Article URL: https://submityoursaas.com/
Comments URL: https://news.ycombinator.com/item?id=42062200
Points: 1
# Comments: 0
Best VPN for Android for 2024
8 security tips for small businesses
Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to one person that doesn’t have the time to do everything that is recommended or even required. Often security issues are just dealt with when the need arises.
There is the first issue right there. When the need arises, it’s often already too late. An infection has been found, a breach was discovered, or ransomware has disabled systems or made files unretrievable.
Small businesses also often do not consider themselves to be a target, but you don’t have to be explicitly targeted to get breached or infected. Depending on how small your business is, the tips below may be more or less important in your circumstances and for your threat model, which will depend on the line of business that you are in.
1. Enable your staffYour staff need to know what is expected of them, and what not to do.
- Make cybersecurity a company-wide issue, but also appoint a go-to person that has a responsibility, along with the time and the tools to perform that task.
- Train your employees in security awareness, so they can recognize phishing attempts and know what they can and can’t do on company-issued hardware.
- Consider outsourcing time-consuming and specialized tasks. In the end this may turn out to be more cost-effective than trying to do it with your own staff.
It’s important to be aware of your networking equipment, endpoints, and devices. Not only to know what needs to be protected, but also to know where weaknesses may lie.
- Pay special attention to devices that are used to work from home (WFH) or included in a BYOD program. Make it clear that mixing work and pleasure on the same device comes with security risks.
- Audit your environment on a regular basis, especially if you are a fast growing small business. That way you’ll know what you are using and what may need to be upgraded, replaced, or updated.
Once you have established the hardware and software in your environment you need to perform effective patch and vulnerability management.
If having specialized software for this task or outsourcing it is not an option, it might be a good idea to keep an eye on the Known Exploited Vulnerabilities Catalog which is maintained by the Cybersecurity and Infrastructure Security Agency (CISA). This catalog provides Federal Civilian Executive Branch (FCEB) agencies with a list of vulnerabilities that are known to be exploited in the wild and gives the agencies a due date by when the vulnerability needs to be patched in their organization. Even if your organization isn’t a FCEB agency that needs to follow the Binding Operation Directive 22-01, the CISA list acts as a good guide for your patch management strategy.
And keep an eye on security news sites in order to stay alerted to the biggest and most important updates and patches.
4. Lock things downHaving a strict policy to protect your important assets with strong passwords and multi-factor authentication (MFA) should be a no-brainer. Consider making it easier for your staff by using a single-sign-on service or alternatively by providing them with a password manager.
Very important files and documents can be encrypted or stored in password protected folders to keep them safe from prying eyes. A stolen or lost device is stressful enough without having to worry about confidential information.
5. Use a firewall and VPNA firewall protects an entry point to a network while a VPN creates an encrypted tunnel between two networks. Both can be used to protect your network.
If your company has internet facing assets—and who doesn’t—it’s important to apply network segmentation. The process of network segmentation separates a computer network into subnetworks, and allows for each segment of the network to be protected with a different set of protocols. By separating each segment according to role and functionality, they can be protected with varying levels of security. A common step for small organizations is to separate the systems that require internet access from those that don’t.
Remote desktop protocol (RDP) is a network communications protocol that allows remote management of assets. It allows users to remotely login to systems and work on them as if they were physically there. RDP is a necessary evil sometimes, but there are ways to make it more secure.
6. Protect your systemsMake sure all your devices are protected by cybersecurity solutions. Logs should be easy to digest and easy to understand, regardless of whether the readers are your own employees or those of a provider. A lot of needless alerts will interrupt your workflow, but you do not want to miss the important ones. So balance is important, especially with a limited staff.
7. Consider your supply chain safetyBusinesses need to understand what level of protection their providers or others with access to their resources have in place. Ransomware is contagious, so if your providers have it you likely will too. Supply chain attacks can come from your most trusted provider and still be disastrous.
Check for compliance and certifications. Depending on the type of supplier and the level of access to your assets, there is nothing wrong about setting some standards. For example, your IT services supplier can demonstrate a good level of cybersecurity by having achieved a cyber certification. It may also help to know that your supplier is aligned with a standard of cybersecurity deemed good enough by government organizations.
8. Have a recovery strategyWhen a security issue arises despite all of your efforts to secure your environment, you should have a plan ready to contain and deal with the consequences.
- Backups. Make sure you have backups that are as recent as possible and that are easy to deploy. Create backups in an environment that can’t be ruined by the same mishap that destroyed the original (preferably on a different carrier, physical location, and network).
- Know what legal body you need to inform in case of a breach. This is especially important if Personally Identifiable Information (PII)is involved. It is hard to give guidelines here, since every US state has different data breach notification laws, so plan this ahead of time for your jurisdiction. And have a critical communications plan in place that details how you will inform your customers in case of a breach.
We provide cybersecurity for sole proprietors, boutique businesses, and small offices – no IT skills required. Protect yourself with Malwarebytes for Teams.
8 security tips for small businesses
Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to one person that doesn’t have the time to do everything that is recommended or even required. Often security issues are just dealt with when the need arises.
There is the first issue right there. When the need arises, it’s often already too late. An infection has been found, a breach was discovered, or ransomware has disabled systems or made files unretrievable.
Small businesses also often do not consider themselves to be a target, but you don’t have to be explicitly targeted to get breached or infected. Depending on how small your business is, the tips below may be more or less important in your circumstances and for your threat model, which will depend on the line of business that you are in.
1. Enable your staffYour staff need to know what is expected of them, and what not to do.
- Make cybersecurity a company-wide issue, but also appoint a go-to person that has a responsibility, along with the time and the tools to perform that task.
- Train your employees in security awareness, so they can recognize phishing attempts and know what they can and can’t do on company-issued hardware.
- Consider outsourcing time-consuming and specialized tasks. In the end this may turn out to be more cost-effective than trying to do it with your own staff.
It’s important to be aware of your networking equipment, endpoints, and devices. Not only to know what needs to be protected, but also to know where weaknesses may lie.
- Pay special attention to devices that are used to work from home (WFH) or included in a BYOD program. Make it clear that mixing work and pleasure on the same device comes with security risks.
- Audit your environment on a regular basis, especially if you are a fast growing small business. That way you’ll know what you are using and what may need to be upgraded, replaced, or updated.
Once you have established the hardware and software in your environment you need to perform effective patch and vulnerability management.
If having specialized software for this task or outsourcing it is not an option, it might be a good idea to keep an eye on the Known Exploited Vulnerabilities Catalog which is maintained by the Cybersecurity and Infrastructure Security Agency (CISA). This catalog provides Federal Civilian Executive Branch (FCEB) agencies with a list of vulnerabilities that are known to be exploited in the wild and gives the agencies a due date by when the vulnerability needs to be patched in their organization. Even if your organization isn’t a FCEB agency that needs to follow the Binding Operation Directive 22-01, the CISA list acts as a good guide for your patch management strategy.
And keep an eye on security news sites in order to stay alerted to the biggest and most important updates and patches.
4. Lock things downHaving a strict policy to protect your important assets with strong passwords and multi-factor authentication (MFA) should be a no-brainer. Consider making it easier for your staff by using a single-sign-on service or alternatively by providing them with a password manager.
Very important files and documents can be encrypted or stored in password protected folders to keep them safe from prying eyes. A stolen or lost device is stressful enough without having to worry about confidential information.
5. Use a firewall and VPNA firewall protects an entry point to a network while a VPN creates an encrypted tunnel between two networks. Both can be used to protect your network.
If your company has internet facing assets—and who doesn’t—it’s important to apply network segmentation. The process of network segmentation separates a computer network into subnetworks, and allows for each segment of the network to be protected with a different set of protocols. By separating each segment according to role and functionality, they can be protected with varying levels of security. A common step for small organizations is to separate the systems that require internet access from those that don’t.
Remote desktop protocol (RDP) is a network communications protocol that allows remote management of assets. It allows users to remotely login to systems and work on them as if they were physically there. RDP is a necessary evil sometimes, but there are ways to make it more secure.
6. Protect your systemsMake sure all your devices are protected by cybersecurity solutions. Logs should be easy to digest and easy to understand, regardless of whether the readers are your own employees or those of a provider. A lot of needless alerts will interrupt your workflow, but you do not want to miss the important ones. So balance is important, especially with a limited staff.
7. Consider your supply chain safetyBusinesses need to understand what level of protection their providers or others with access to their resources have in place. Ransomware is contagious, so if your providers have it you likely will too. Supply chain attacks can come from your most trusted provider and still be disastrous.
Check for compliance and certifications. Depending on the type of supplier and the level of access to your assets, there is nothing wrong about setting some standards. For example, your IT services supplier can demonstrate a good level of cybersecurity by having achieved a cyber certification. It may also help to know that your supplier is aligned with a standard of cybersecurity deemed good enough by government organizations.
8. Have a recovery strategyWhen a security issue arises despite all of your efforts to secure your environment, you should have a plan ready to contain and deal with the consequences.
- Backups. Make sure you have backups that are as recent as possible and that are easy to deploy. Create backups in an environment that can’t be ruined by the same mishap that destroyed the original (preferably on a different carrier, physical location, and network).
- Know what legal body you need to inform in case of a breach. This is especially important if Personally Identifiable Information (PII)is involved. It is hard to give guidelines here, since every US state has different data breach notification laws, so plan this ahead of time for your jurisdiction. And have a critical communications plan in place that details how you will inform your customers in case of a breach.
We provide cybersecurity for sole proprietors, boutique businesses, and small offices – no IT skills required. Protect yourself with Malwarebytes for Teams.
A simple to use Java 8 JWT Library
Article URL: https://github.com/FusionAuth/fusionauth-jwt
Comments URL: https://news.ycombinator.com/item?id=42062152
Points: 1
# Comments: 0
The Real MVP
Article URL: http://aslam.com/mvp
Comments URL: https://news.ycombinator.com/item?id=42062147
Points: 1
# Comments: 0
CrowdStrike to Acquire Adaptive Shield
Article URL: https://www.crowdstrike.com/en-us/blog/crowdstrike-acquires-adaptive-shield-and-integrates-saas-protection/
Comments URL: https://news.ycombinator.com/item?id=42062144
Points: 1
# Comments: 0
Will Write for Food
Article URL: https://bitfieldconsulting.com/posts/will-write-for-food
Comments URL: https://news.ycombinator.com/item?id=42062139
Points: 2
# Comments: 0
Donald Trump wins presidential election, defeating Harris to retake White House
Article URL: https://www.washingtonpost.com/politics/2024/11/06/donald-trump-wins-presidential-election/
Comments URL: https://news.ycombinator.com/item?id=42062124
Points: 2
# Comments: 0