Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
Passwords are the first line of defence for protecting your devices and systems against improper access and malicious actors. They are used across almost all digital systems including software, cloud and infrastructure. Therefore implementing effective password management is one of the simplest ways of improving your cyber defences. And the best part? It costs next to nothing to have in place.
The use of a password login within a computer system was introduced at MIT in 1961. Yet after over 60 years of computer and security developments, we're still seeing weak passwords as a top cause for unauthorized access. In fact, failed admin logins were the top security issue identified by our Security Operations Centre (SOC) team in both 2020 and 2021.
This blog provides you with 5 simple yet effective areas of focus for your business, based on the National Cyber Security Centre's advice of actions every business should undertake to reduce cyber threats. Time to stop scribbling your passwords down on those post-it notes and make note of these 5 tips instead.
The most frequently spoken about tip, but one of the simplest out there, is to make sure you're using strong and unique passwords. Passwords should be ideally at least 16 characters long, as well as a mixture of letters, numbers and characters. To put it into context, a password of 4 characters consisting purely of numbers can be brute-forced almost instantly. 8 characters consisting of upper and lowercase letters can be hacked in around 20 minutes. But 16 characters made up of numbers, mixed case letters and symbols will take around 11 trillion years to brute-force. By which time, we might have finally figured out how to unmute ourselves before speaking on virtual calls.
But fear not, for your password to be strong, it doesn't have to be complex. Using three random words is a great way to create a long password, integrating numbers and symbols, that will help to keep hackers out. A main reason why strong and unique passwords are avoided is because people worry they won't remember what they've used and where, however the use of a secure password manager tool helps you to keep track of each password. Allowing you to avoid repeated passwords, or leaving them noted down in an unsecured location (anyone can access that post-it note in your top drawer).
Your business passwords should also always differ to those created for personal use. You don't want your business to suffer a cyber attack at the hands of someone using the same password they've used for every platform since they were a teenager.
Any site on the internet should expect to be hit with brute-force attacks. Default credentials are an easy win for hackers, enabling them to infiltrate your systems through these type of attacks.. Meaning you must ensure your organisation changes any default admin credentials, and follows general IT best practice of changing passwords every 3 months to avoid falling victim.
Our SOC team has gathered insights from honeypot networks that prove the dangers of default credentials. With passwords frequently used successfully within brute-force attacks including the following:
Not only this, but 24.5% of passwords used by hackers in brute-force attacks were contained within the RockYou data base leak back from 2009. Scarily showing the lack of password strength awareness in the 13 years since, and meaning businesses are leaving their doors practically wide open to hackers.
Multi-factor authentication (MFA or 2FA) is a great tool to have in your password arsenal. It provides an extra layer of protection by securing accounts beyond password access with the use of a second security authentication method, usually on a separate device. The benefit of having two separate forms of identification is that if a hacker manages to gain access through your password, they're unlikely to have your second device to authorise the log in.
Although 75% of businesses have a password policy in place within their organisation, only 37% have MFA as a requirement for staff to use. This could end up being an extremely costly choice for a business should a cyber attack occur where MFA was possible in preventing it. Therefore, it's best practice to enable MFA wherever possible for your systems and include it within password policies to reinforce it's value to staff as a key security tool. It might be slightly more time consuming for log-ins, but can surely outweigh the cost of dealing with an attack or breach.
More and more businesses are seeking out security certifications such as Cyber Essentials and ISO 27001 in order to win business contracts, or to highlight their security consciousness to both customers and supply chains. These certifications have MFA listed as requirements within their frameworks, so if you're looking to certify with such schemes, it's even more important to get MFA set up where possible to ease the certification process.
Can you account for everyone that has access to your network? Try to make it part of your password best practices to review who has access to your organisation's various devices and systems. Ensure only the correct people in your teams have access and those who leave the company have their access revoked. This is because removing old, unrequired and unused accounts will help to reduce the chance of unwanted and unauthorised access. Likewise, discourage password sharing between teams. If an individual needs access to something, give them their own login credentials wherever possible.
Managing access is particularly crucial if you are working with sensitive data, as only those who absolutely need to have access should be enabled to in order to prevent a potential data breach. The overall key lesson to learn here is to follow a just-in-time model. Meaning you give users precisely the level of access they need, for only the duration needed.
The final tip for secure password practices is to strengthen staff knowledge with security training. Increased password and security awareness from staff within their day to day practices is a key way to help protect your business.
Training also helps staff to be cautious over phishing attacks. A type of attack which could lead to them unintentionally giving their login credentials away. 83% of all cyber attacks are carried out through phishing tactics, which further highlights the importance for staff awareness over the issue. You can have all the correct security tools and processes in place, but just one employee clicking on a dodgy email could undo it all.
Bulletproof's Cyber Awareness Training is engaging and informative, putting employees in the mind-set of a hacker to understand how they could potentially be enabling malicious activity. Topics covered include password and account best practices, phishing and email security, as well as many more security and compliance key topics. Your staff will leave feeling more confident and aware of their impact on your business security.
Correct password management is a simple yet effective way to instantly bolster your security and your staff are your best defence against a majority of cyber attacks. This means getting password best practices in check with all your employees is crucial. Make sure you password policies include all of the 5 tips discussed within this blog, and staff are aware of what's expected from them in their day-to-day practices.
Emma is a Marketing Executive who has a keen eye for researching and writing interesting articles about business security.
Make security second nature for your employees with Bulletproof’s engaging cyber security awareness training courses.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.