As Cyber-attacks are becoming more sophisticated, a breach can lead to online fraud, identity theft, and corporate account takeover. To prevent such attacks Nayatel takes all the effective security measures, adhering to cyber-security global standards to protect our customers’ identity/data.

As Cyber-attacks are becoming more sophisticated, a breach can lead to online fraud, identity theft, and corporate account takeover. To prevent such attacks Nayatel takes all the effective security measures, adhering to cyber-security global standards to protect our customers’ identity/data.

 

Following are preventive measures for our customers to counter Electronic Crime.

General Security Advisory
  • Do not use default passwords. Change them immediately.
  • Use strong passwords. The minimum password length must be 10 characters. Password must include alphanumeric and special characters with no blank passwords.
  • Change your password after every six months.
  • Upon password renewal, do not reuse the last five used passwords.
  • Do not share your passwords with anyone, including administrative assistants or secretaries. Do not insert usernames/passwords into email messages or other forms of electronic communication.
  • Do not save your passwords in your Web Browser.
  • Do not use the same passwords for different portals/accounts
  • Avoid using any cracked/malicious software.
  • Regularly scan your servers/PCs using any antivirus software to see if they have any vulnerabilities and take necessary measures to remove those vulnerabilities.
  • Regularly update your servers/PCs.
  • If you receive a phishing email, do not respond to it. If an email looks suspicious from senders that you do not recognize, approach links/images/attachments in the email message with caution. Beware of .zip or other compressed or executable file types.
  • Watch for email senders that use suspicious or misleading domain names.
Security Advisory for VPS Customers
  • VPS should not be used for any activity, which is directly or indirectly related to any illegal/scam services.
  • OS and all other services/applications running on the VPS should be up to date.
  • To protect against network/application level DDOS attacks, shut down any unnecessary/random/commonly hacked ports/services at your VPS.
  • Remote access such as RDP/SSH to the VPS should not be allowed for public access. Always use remote VPN for remote access.
  • Restrict access to your VPS. Access should only be provided to authorized IPs/Users.
  • It is recommended to always use NGFW and Anti-DDOS services for your VPS.
Security Advisory for Website Hosting
  • Website Plugins should be kept updated whenever a new version is released.
  • End of Life PHP version must be discontinued and should be shifted to a newer version.
  • Websites using WordPress must be patched regularly.
  • The database is an important part of a website hence must be considered as a critical asset.
  • The database must have complex passwords using a strong hashing algorithm must be used.
  • End of Life WordPress version must be discontinued and should be shifted to a newer version.
  • Input validation methods should be implied for injection attacks.
  • Captchas should be used in the website whenever taking input from the user.