Welcome to #WeekendWisdom number 99. This week we’re going to talk about using the security.txt file.
Why is this a thing
If criminals break into a company’s systems and steal their data, its called a data breach, taking lots and lots of data belonging to a company. They may then try to sell this data on some underground forums, where they might try and sell it to other criminal gangs, for their use.
But there are also, usually, good guy security researchers in those forums too, keeping an eye on things. If they come across some company’s data being trying to be sold, they may try to notify the company that there has been a breach as they may not be aware of it. Sometimes the security researchers find it difficult to get through to these companies to make contact with somebody that they can discuss this data breach.
How can using the security.txt file help
That’s where the security.txt file comes in. This is just a simple text file that contains some contact information for somebody in the security area or in IT. Somebody that would be reachable by email and maybe if you want to do it securely they may also include the public encryption key for the email to make sure that all communications are kept secured so that the security researchers can reach out and contact the company. They can use the contact address and get in touch there to report the data breach and maybe other vulnerabilities that they may have discovered.
Where can I find out more
So it’s always good to have this and it’s usually placed on your website in a well-known location. Here is the security.txt proposed standard.
So if you have a website, set-up this security.txt file for it.
So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.