Security Advisories

As Cyber-attacks are becoming more sophisticated, a breach can lead to online fraud, identity theft, and corporate account takeover. To prevent such attacks Nayatel takes all the effective security measures, adhering to cyber-security global standards to protect our customers’ identity/data.

Following are preventive measures for our customers to counter Electronic Crime.

General Security Advisory

• Do not use default passwords. Change them immediately.
• Use strong passwords. The minimum password length must be 10 characters. Password must include alphanumeric and special characters with no blank passwords.
• Change your password after every six months.
• Upon password renewal, do not reuse the last five used passwords.
• Do not share your passwords with anyone, including administrative assistants or secretaries. Do not insert usernames/passwords into email messages or other forms of electronic communication.
• Do not save your passwords in your Web Browser.
• Do not use the same passwords for different portals/accounts.
• Avoid using any cracked/malicious software.
• Regularly scan your servers/PCs using any antivirus software to see if they have any vulnerabilities and take necessary measures to remove those vulnerabilities.
• Regularly update your servers/PCs.
• If you receive a phishing email, do not respond to it. If an email looks suspicious from senders that you do not recognize, approach links/images/attachments in the email message with caution. Beware of .zip or other compressed or executable file types.
• Watch for email senders that use suspicious or misleading domain names.

Security Advisory for VPS Customers

• VPS should not be used for any activity, which is directly or indirectly related to any illegal/scam services.
• OS and all other services/applications running on the VPS should be up to date.
• To protect against network/application level DDOS attacks, shut down any unnecessary/random/commonly hacked ports/services at your VPS.
• Remote access such as RDP/SSH to the VPS should not be allowed for public access. Always use remote VPN for remote access.
• Restrict access to your VPS. Access should only be provided to authorized IPs/Users.
• It is recommended to always use NGFW and Anti-DDOS services for your VPS.

Security Advisory for Website Hosting

• Website Plugins should be kept updated whenever a new version is released.
• End of Life PHP version must be discontinued and should be shifted to a newer version.
• Websites using WordPress must be patched regularly.
• The database is an important part of a website hence must be considered as a critical asset.
• The database must have complex passwords using a strong hashing algorithm must be used.
• End of Life WordPress version must be discontinued and should be shifted to a newer version.
• Input validation methods should be implied for injection attacks.
• Captchas should be used in the website whenever taking input from the user.