Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @mikko
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @mikko
-
19/ PS. This thread was based on a blog post I made for the http://Maki.vc (
@MakiVentures) blog:https://medium.com/maki-vc/the-ten-most-common-security-problems-that-startup-companies-fall-into-6ec468091ea7 …Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
18/ And when you know your stuff is safe, your next challenge is to convince your customers that you can be trusted, even though you’re just a startup. One tip there is to get experienced advisors to join you, validating your security process and vouching for you. Good luck! /end
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
17/ Make sure your developers can identify and fix the common security vulnerabilities. Then have your app security tested. Have your network pentested. Have your code audited.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
16/ Make sure you exactly know who can move money in the company, and make sure they know how modern Business Email Compromise attacks work. These attacks are way more complex than traditional fake billing scams.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
15/ Make sure you can change passwords and access rights as needed. It’s especially easy to get burned with shared passwords you use for your corporate social media accounts. Force a password change on public company accounts whenever someone who had access leaves the company.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
14/ In the fast-moving environment of a startup, people come and go all the time. Make sure your people do not take their access rights with them. Make sure you can lock people out of your repositories and cloud systems.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
13/ Update prompts are annoying, but almost always the reason for the update is security. So update your OS. Update your applications. Update your apps. This seems obvious, but updating can fail for surprising reasons.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
12/ This happens often because online backups are deleted or encrypted by the attacker. This is why cloud backup and Time Machine systems alone are not good enough for backup. Have regular off-line backups that will survive even if your office building burns down.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
11/ Ransomware continues to be one of the biggest problems we see. Recovering from ransomware attacks would be easy if you’d always have an up-to-date backup of your data. Surprisingly, many companies cannot restore their data when they are attacked.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
10/ Do note that Mac users fall for phishing just as easily as Windows users — and iPhone and Android users fall even better, as there are fewer safeguards on those, and detecting a fraudulent lookalike URL is harder on a smaller screen.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
9/ When I walk around startup events, everybody seems to be rocking a MacBook. Macs are great for security, but probably not for the reason most people think. As Mac market share hovers only around 10% , criminals keep focusing only on Windows with their attacks.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
8/ Make sure everybody has their mobile devices locked by default (Face ID / Touch ID is fine). Make sure your people enable two-factor authentication where possible, with an Authenticator app. And do not force regular password changes on your users for no reason.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
7/ At the end of your next all-hands dev meeting, open https://shhgit.darkport.co.uk/ on the projector and let everybody watch for five minutes. That should do it.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
6/ Actually, forget that. Just make sure all your developers use a password manager. Also, make sure everybody understands the risks of posting Private API keys to GitHub or pasting AWS Access keys to Pastebin.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
5/ …but you need to use the cloud right. The easiest way to screw up with cloud servers or cloud storage is to lose credentials. Make sure your developers use strong, unique passwords on all cloud services.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
4/ Most startups today choose to go for cloud services such as AWS, Azure and GCE. Amazon, Microsoft and Google are investing hundreds of millions of dollars into their security. Breaking into the servers that run the largest cloud providers is hard...
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
3/ Do not invent stuff which has been invented already. There are trusted and tested principals that will save you time and make you safer. Definitely do not develop things such as encryption or hashing algorithms by yourself. Just don’t.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
2/ Speed is the enemy of security. The faster you move, the faster you develop, the faster you deploy — the less time you have for bug checking, quality assurance and testing. Security is not something you can add to a ready product, it has to be built in from the design phase.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
1/ Practically every startup ends up writing code, even if technology wouldn't be the main focus of the company. Here’s a checklist I made to help you and your hot new startup avoid the most common infosec pitfalls. [thread]
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
@mikko Retweeted
I had to get a background check for my job, and it turns out the report is a 300+ page pdf of every single tweet I’ve ever liked with the work “fuck” in it. Enjoy your dystopian bs! *waves*
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.