Recently, enterprise data security issues have occurred frequently, and data security is still one of the major risks facing enterprises. As a network security company, Zhian Network provides safe and reliable data protection services for enterprises and individuals with a professional technical team and rich industry experience
Case 1:
The database information of the college student learning software Chaoxingxuetong (hereinafter referred to as Xuexuetong) was publicly sold and posted on Weibo. There were 172.73 million pieces of information in total, sparking heated discussions among netizens. The search found that the ioS version of Xuetong has received a total of 120,000 ratings, and its average rating is only 1.4 points (out of 5 points). Many users who gave a one-star review mentioned that Xuetong is suspected of excessive collection of private information. In order to realize the function of exam invigilation, users "must turn on the microphone, turn on the camera, and must use real names." Some netizens also reported that the frequency of usage data displayed by Xuetong software is too high, which does not match the actual situation. In this regard, Xuexuetong said that it is normal for learners to use hundreds of thousands of Xuetong, and it is not a manifestation of account leakage. The public security is currently investigating the data leakage issue.
Case 2:
In March 2023, the Internet Security Department of the Public Security Bureau of Dong'an County, Yongzhou City, Hunan Province, discovered clues to the information leakage of the owner of a community during the investigation of a case of infringement of citizens' personal information, and immediately launched a "one case double investigation" on the property company belonging to the community. After investigation, the face recognition system and vehicle management system used by the company contained more than 6,000 owners' names, phone numbers, ID numbers, bank accounts and other sensitive data in plain text.
At the same time, both the face recognition system and the vehicle management system have weak passwords for the login account, and the account has not been set up for authority management. The office computer storing user data is operated using remote control software, and no security measures have been taken, and the data security protection obligation has not been fulfilled.
With the promulgation and implementation of relevant laws and regulations such as the "Data Security Law" and "Personal Information Protection Law", how to ensure data security has increasingly become the focus of attention of relevant organizations in various industries, and the importance of data security is self-evident. Metaphor
If your server uses a weak password to log in, hackers may illegally log in to your server, steal server data or damage the server. It is recommended that you set a highly secure login password for the server and change the login password regularly.
It is mandatory that the password strength of all management system accounts must reach a certain level. Weak passwords such as admin and 123456 can no longer be used. Change the password to a complex password and store it encrypted. It is recommended that the password contain uppercase and lowercase letters, data and special symbols. The length of the password should not be less than eight characters. If the website has data leakage vulnerabilities (such as sql injection vulnerability), be sure to fix the vulnerability.
Password setting generally follows the following principles:
(1) Do not use empty passwords or system default passwords, which are well-known and typical weak passwords.
(2) The length of the password should not be less than 8 characters.
(3) The password should not be a continuous character (for example: AAAAAAAAA) or a combination of repeated characters (for example: tzf.tzf.).
(4) The password should be a combination of the following four types of characters, uppercase letters (AZ), lowercase letters (az), numbers (0-9) and special characters. Contains at least one of each type of character. If a character of a class contains only one, it should not be the first or last character.
To help enterprises achieve one-stop worry-free management of office security, choose Zhian Network Cloud Wall·Website Comprehensive Defense System
Anti-Webpage Tampering: The cloud wall prevents the website from being hacked and tampered with by blocking hacker attack requests.
Anti-data leakage: WAF has built-in anti-collision library, brute force cracking and other algorithms to prevent website user names, passwords and other information from being violently guessed by hackers and prevent data leakage.
Anti-0day vulnerabilities: Provide "efficient virtual patches" to quickly "fix" vulnerabilities at the first time, and update the protection strategy synchronously across the network to achieve rapid protection against 0day vulnerabilities.