Detect

September 2 2025

Monitor user activity diligently.

SJ CyberAware All, Daily Tips, Detect, Protect

Keep an Eye on Things

Users can be your weakest link or your best shield, it all depends on how closely you watch. Track logins, unusual access, and any sudden privilege jumps. Think of it like checking who’s sneaking biscuits from the tin, harmless most of the time, but worth noticing! For SMBs, smart monitoring stops insider slip-ups and makes investigations easier if something goes wrong. Trust your team, but always verify, because even the friendliest biscuit-lover can leave crumbs behind.

How to Keep A Close Eye Things!
Best Practice Monitoring & Accountability Checklist
Monitor Logins
Track who logs in, when, and from which device. Spotting unusual times or locations (like a “2am login from Paris”) can be the first clue something’s wrong.
Spot Unusual Access
Keep an eye on systems or files that suddenly get a lot of attention. If the accounts clerk starts opening engineering designs, it’s worth checking why.
Watch Privilege Changes
Anytime someone gains or loses admin rights, log it. Privilege creep (users collecting more access than they need) is a classic risk.
Enable Alerts
Real-time notifications for suspicious activity (like repeated failed logins) let you act fast. The sooner you know, the quicker you can shut down problems.
Log Everything
Audit trails are your safety net. They show “who did what, and when.” Essential for accountability, compliance, and forensic investigations if things go wrong.
Review Regularly
Reports shouldn’t gather dust. Review them weekly or monthly to catch issues early instead of waiting until a cyber incident exposes them.
Separate Duties
No one person should hold all the keys. Splitting responsibilities (like finance vs approvals) makes insider misuse harder and adds natural checks.
Educate Users
Remind staff they’re not just being watched, they’re part of the cyber defence team. Awareness training helps them recognise suspicious behaviour too.
Use Tools Wisely
Choose monitoring tools that fit your size and budget. SMBs don’t need enterprise complexity, just clear visibility and easy reporting.
Trust, but Verify
Foster a culture of accountability without paranoia. Trust your people, but back it up with sensible monitoring, because even the most loyal can make mistakes.

August 26 2025

Test security systems regularly.

SJ CyberAware All, Daily Tips, Detect, Protect

Testing security systems is like checking your smoke alarms, don’t wait for a fire. Run regular vulnerability scans, penetration tests, and phishing simulations. Review firewall rules, access logs, and backup integrity. Even basic tests can reveal misconfigurations or outdated defences. Document findings and act on them. For SMBs, testing doesn’t need to be expensive, it needs to be consistent. The more you test, the faster you catch issues before they become incidents.

Test Regularly
Test Your Security: Don’t Wait for a Fire
Testing your security is like checking your smoke alarms, waiting until there’s a fire is too late. Regular checks uncover weaknesses before attackers do. For SMBs, testing doesn’t have to be costly, it just has to be consistent. The more you test, the faster you can fix issues before they escalate into incidents.
Top Tips for Testing Security Systems:
Run Regular Vulnerability Scans
Use automated scanning tools monthly to detect known flaws.
Prioritize high-risk issues and patch them quickly.
Conduct Penetration Tests
Schedule annual tests with a trusted provider.
Focus on critical systems (email, finance, customer data).
Simulate Real Threats
Run phishing simulations to train staff awareness.
Test social engineering scenarios to expose weak processes.
Review Defences Routinely
Audit firewall rules to remove outdated or unnecessary entries.
Check access logs for unusual patterns (e.g., logins at odd hours).
Verify Backup Integrity
Test restoring files quarterly to ensure backups actually work.
Store at least one copy offline or off-site.
Document and Act
Record findings from every test, however small.
Turn results into an action plan with deadlines and owners.
Keep it Affordable & Practical
Start with free or low-cost scanning tools.
Build a testing calendar (monthly, quarterly, yearly) and stick to it.
Remember: Fire drills save lives because they prepare people before the emergency. Security testing works the same way, it builds readiness, exposes gaps, and prevents a small issue from becoming a disaster.

August 20 2025

Monitor network traffic

SJ CyberAware All, Daily Tips, Detect, Protect

Monitoring network traffic for anomalies is a key defensive tactic for SMBs looking to catch threats before they escalate. By keeping an eye on unusual patterns, like unexpected data transfers, login attempts at odd hours, or spikes in bandwidth, businesses can spot early signs of compromise or misconfiguration. Tools like intrusion detection systems (IDS), firewalls with logging, or even basic router analytics can provide valuable insights. Regular reviews help build a baseline, making it easier to detect when something’s off.

Spotting Network Weirdness
Top Tips for Spotting Network Weirdness Before It Bites
1. Know Your Normal
Establish a baseline of typical traffic, who’s logging in, when, and what’s flowing where. Without this, “anomaly” is just a fancy word.
2. Watch the Exits
Outbound traffic spikes can signal data exfiltration. If your printer suddenly starts chatting with a server in Belarus… raise an eyebrow.
3. Log Like a Legend
Enable logging on routers, firewalls, and endpoints. Even basic logs can reveal patterns like brute-force login attempts or rogue devices.
4. Use Free Tools First
Start with Wireshark, Nmap, or even your router’s built-in analytics. You don’t need a SOC to spot sketchy traffic.
5. Schedule Your Scans
Regular scans (weekly or monthly) help catch slow-creep threats. Automate where possible, but always review manually too.
6. Flag the Oddballs
Look for:
Unusual ports (e.g., SSH on port 12345)
Traffic at 3am from a staff laptop
Sudden bandwidth surges
7. Segment Like a Strategist
Keep guest Wi-Fi, IoT, and business-critical systems on separate VLANs. If your smart kettle gets hacked, it shouldn’t reach your payroll server.
8. Alert, Don’t Panic
Set up alerts for key anomalies, but tune them to avoid noise fatigue. A flood of false positives helps no one.
9. Document the Drama
Keep a simple log of anomalies spotted, actions taken, and lessons learned. It builds institutional memory and helps refine your response playbook.
10. Train Your Team
Make “weird traffic” part of your culture. If staff notice their machine lagging or behaving oddly, they should feel safe reporting it.

August 19 2025

Utilize intrusion detection systems.

SJ CyberAware All, Daily Tips, Detect, Protect

Intrusion Detection Systems (IDS) are essential tools for identifying and responding to unauthorized or suspicious activity within a network. By continuously monitoring traffic and system behaviour, IDS can detect anomalies, flag known attack patterns, and alert administrators before damage occurs. Whether signature-based or anomaly-driven, these systems help organizations stay ahead of threats by providing early warnings and forensic insights. Integrating IDS into your security strategy strengthens your overall defence posture and supports rapid, informed incident response.

What you need to know
IDS Best Practices for SMBs
Choose the Right Type
Select between Network-based IDS (NIDS) and Host-based IDS (HIDS) depending on your infrastructure. NIDS monitors traffic across the network; HIDS focuses on individual devices.
Baseline Normal Behaviour
Train anomaly-based IDS with a clear picture of “normal” activity. This reduces false positives and sharpens detection of genuine threats.
Update Signatures Regularly
For signature-based systems, ensure threat databases are updated frequently to catch the latest known exploits.
Integrate with SIEM Tools
Pair IDS with Security Information and Event Management (SIEM) platforms to correlate alerts, streamline response, and gain deeper insights.
Tune for Relevance
Customize alert thresholds and rules to reflect your business’s unique risk profile, don’t settle for default settings.
Act on Alerts
Build a response playbook. Alerts should trigger investigation, containment, and communication—not just sit in a dashboard.
Educate Your Team
Ensure staff understand what IDS alerts mean and how to respond. Even basic awareness can prevent escalation.
Test and Simulate
Run periodic simulations to validate detection accuracy and refine response workflows. Treat IDS as a living system, not a set-and-forget tool.

August 3 2025

Test security controls regularly.

SJ CyberAware All, Daily Tips, Detect, Protect

Regularly testing security controls ensures they are effective and up-to-date. Conduct regular audits, vulnerability assessments, and penetration tests to identify weaknesses and address them promptly. This practice helps maintain a strong security posture and protects your systems and data from potential threats.

Reasons to test!
🔍 Security That Stays Sharp
Security controls aren’t sacred relics, they’re living systems. What worked last year might be limp today. Firewalls, antivirus, policies, they need fresh eyes and sharper teeth.
Best Practice: Test Like You Mean It
Run vulnerability scans, pen tests, and red team drills like clockwork.
Automate routine checks, outdated software? Alert, log, patch, repeat.
Don’t just test tech, test people. Drop decoy USBs, mimic phishing, build fake login pages. See who bites, and who reports it.
Real-World Lesson from the Classroom
A school thought its firewall was holding the line. It blocked known malware… but missed a crypto-miner embedded in student downloads. A pen test exposed the blind spot just in time. That’s the kind of intel testing delivers.
Rethink the Culture
Testing isn’t finger-pointing, it’s flaw-catching before attackers do. A mature org treats findings as fuel for growth, not ammo for blame.
Build the reflex: “Does this still work?”
Reward those who flag flaws before they fester.

July 31 2025

Implement network segmentation for security.

SJ CyberAware All, Daily Tips, Detect, Protect

Implementing network segmentation enhances security by dividing a network into smaller, isolated segments. This approach limits the spread of potential threats and restricts access to sensitive areas. Each segment can have its own security controls and policies, reducing the risk of unauthorized access and improving overall network security.

Why you should do this.
Think Like a Hacker, Segment Like a Pro
Network segmentation isn’t just IT housekeeping, it’s your tactical moat. Picture it like this: would you store your wedding ring, tax records, and your old punk mixtape in the same drawer? Thought not. You’d use separate safes. Same goes for your digital assets.
Why It Matters: Blast Radius Reduction
When malware hits, segmentation stops it dead in its tracks. Divide your network into zones by function, finance, operations, guest Wi-Fi, IoT, so if one falls, the others stay standing.
Use VLANs and access controls like velvet ropes, only the right people and devices get past.
Block lateral movement: if your smart printer can talk to payroll, you’ve basically hired it as a rogue accountant.
Real-World Wake-Up Call
A dental clinic got stung when a malware-loaded thermostat shared a network with their booking system. That bridge gave attackers access to patient data. With segmentation? No bridge, no breach.
Your Action Plan
Audit your network like you’re casing a heist, what’s critical, what’s vulnerable, who’s got access?
Build in segmentation with firewalls between zones, and monitor inter-zone chatter.
Treat this as strategy, not slog. You’re not just securing tech, you’re building a fortress of trust.

July 27 2025

Encourage the reporting of security concerns.

SJ CyberAware All, Daily Tips, Detect, Protect, Respond

Encouraging the reporting of security concerns helps maintain a secure environment by addressing potential threats promptly. Create a culture where employees feel comfortable reporting suspicious activities or vulnerabilities without fear of repercussions. Provide clear channels for reporting, ensuring all concerns are taken seriously and investigated thoroughly. This practice helps identify and mitigate risks early, fostering a safer and more secure organization.

I recently wrote a an article called “Put Your Hand Up!”, go have a read.

No drop down tip or additional information, just read the article.

June 20 2025

The Perfect Storm

SJ CyberAware All, Cyber Digist, Detect, Identify, Protect

Legacy OT Systems Running Out-of-Support Operating Systems

First, what is OT? Operational Technology (OT) refers to the systems and software used to monitor and control physical devices, processes, and infrastructure in the real world. Unlike IT, which handles data and communication, OT directly interacts with machinery and environments, like adjusting a thermostat, managing lift (elevator) functions, or regulating traffic lights (The Italian Job for those old enough to remember the original and best version). It’s used in everything from cash machines dispensing money to robotic arms in factories and water systems ensuring clean supply. Energy grids depend on OT to balance electricity and handle outages, and more. As smart devices connect more systems to networks, OT is becoming more intelligent and essential, but also more exposed to digital threats. It’s a vital, often unseen, part of how the modern world runs smoothly.

In the world of industrial operations, reliability and uptime are paramount. However, this focus on continuity often leads to a dangerous compromise: the continued use of legacy operational technology (OT) systems running outdated and unsupported operating systems. These systems, while functionally stable, represent a growing cybersecurity liability.

A striking example of this occurred in 2017 when a major European automotive manufacturer experienced widespread production disruptions due to the WannaCry ransomware attack. The malware exploited a vulnerability in older versions of Windows, including Windows 7 systems that had not been updated. Although the attack primarily targeted IT systems, the interconnected nature of the company’s IT and OT environments allowed ransomware to spread into production networks, halting assembly lines and causing millions in losses. The root cause? Legacy systems running out-of-support operating systems that lacked critical security patches.

The danger of such systems lies in their inherent vulnerability. Once an operating system reaches end-of-life, it no longer receives security updates from the vendor. This means any newly discovered vulnerabilities remain unpatched and exploitable. In OT environments, where systems often remain in place for decades, this creates a perfect storm for cyber attackers.

Moreover, as OT networks become increasingly connected to IT systems and the internet, the attack surface expands. Threat actors can exploit a single weak point in an outdated system to gain a foothold, move laterally across networks, and disrupt or manipulate critical operations. In sectors like manufacturing, energy, and transportation, the consequences can be severe, ranging from financial loss and reputational damage to safety hazards and regulatory violations.

Mitigating these risks requires a proactive and layered approach. Isolating legacy systems from internet-facing networks is essential, as is implementing virtual patching and intrusion prevention systems to shield them from known threats. Organizations should also enforce strict access controls, monitor network activity for anomalies, and develop a phased plan to upgrade or replace outdated systems.

While legacy OT systems may still perform their intended functions, their outdated operating systems make them a silent but serious threat. In an era of increasingly sophisticated cyber threats, maintaining the status quo is no longer a viable option. Businesses must act decisively to modernize their OT environments and protect the integrity of their operations.

May 26 2025

Recognize and avoid phishing emails!

SJ CyberAware All, Daily Tips, Detect, Protect

Phishing emails are designed to trick you into revealing personal information. To recognize and avoid them, look out for suspicious senders, spelling and grammar errors, generic greetings, urgent or threatening language, unexpected attachments or links, and requests for personal information. If you suspect an email might be phishing, don’t click on any links or attachments, verify the source, and report the email to your provider. Staying vigilant can help protect you from these attacks.

The Signs
Spotting a phishing scam can save you from fraud and identity theft.

Check the Sender’s Email Address – Scammers often use email addresses that look official but contain small errors or unusual domains.

Look for Generic Greetings – Phishing emails often start with “Dear Customer” instead of using your actual name.

Watch for Urgent Language – Messages that pressure you to act immediately, like “Your account will be locked!” are often scams.

Hover Over Links Before Clicking – Check where a link leads before clicking. If it looks suspicious or doesn’t match the sender, don’t click.

Be Wary of Unexpected Attachments – Never open attachments from unknown sources, as they may contain malware.

Check for Spelling & Grammar Mistakes – Many phishing emails contain typos or awkward phrasing.

Verify the Email Domain – Legitimate companies use official domains (e.g., @bank.com, not @bank-security123.com).

Avoid “Too Good to Be True” Offers – Scammers lure victims with fake prizes, refunds, or discounts.

Keep Your Security Software Updated – Up-to-date antivirus software can help detect phishing attempts.

Trust Your Instincts – If something feels off, double-check with the company directly before taking action.

Being vigilant and applying these tips will help you steer clear of phishing scams. Need guidance on strengthening the security of your accounts?