Daily Archives: March 11, 2016

New Cyber Security Ideas for 2016

Posted on March 11, 2016 | Leave a comment

2016_Data

In the last 5 years, almost all businesses, big or small, have realized just how vulnerable they are to cyber-attacks. The astonishingly increasing number of attacks each year trouble corporate heads so much that they spend hours on end discussing their company’s cyber security system. The IT professionals and Chief Information Security Officers (CISOs) are even more troubled, for they keep seeing their efforts foiled by hackers.

The number of big corporations targeted in 2015 only goes to show that no one is completely safe. Wherever you look, there is an Ashley Madison data breach case or a Home Depot or JP Morgan Chase case story from the past year that will make you realize just how precarious security structures are. To help corporations beef up their security better in 2016, we discuss some new ideas.

  1. Being aware of the data stored

It is quite astonishing how many big firms do not have any idea what huge chunks of data in their systems are about. Technologies like the Internet of Things have a lot to contribute to this, but company data should be handled better. One must at least know what is stored in their systems. That would provide them an idea as to what data is of the most priority and what needs to be protected most against threats.

  1. Focus on protecting data

The most infamous cases of 2015 related to data breaches of global services and corporations. Yet, corporations think that beefing up their firewalls and security perimeters is the answer to such attacks. They couldn’t be less accurate. Attacks like these go to show that protecting your data is the main priority. Encrypting different clusters of data with secure mechanisms is vital to prevent data from being compromised easily should unauthorized personnel make it into corporate network.

  1. Address the Mobile threat

Many corporations use the idea of Bring Your Own Device, allowing employees to use their personal device in the workplace. It is always safe to assume that most employees do not take the necessary security measures for their mobile devices. This invariably puts corporate data on such devices at great risk. IT admins need to have better control over such devices. They need not have more control, but better control.

  1. Spread awareness

It is never a bad time to spread awareness among employees, however small or high ranking they are, about the different threats they face. Ignorance should never be doubted or disregarded, for it is always present around you. Interacting with employees regularly about the different threats present and sharing ideas about improving security are good practises.

  1. Take insider threat seriously

You might shell out millions of dollars trying to protect your network from outside threats only to be undone by one of your employees clicking on a wrong link and compromising some sensitive data on his or her system. Hackers regularly send malicious emails to many employees in a firm in hopes that one of them falls for it, and they quite frequently do. Encourage your employees to be more vigilant, for such emails can quite easily be spotted.

Conclusion

We saw in this article how some new ideas can aid companies in improving their security against attacks from hackers. These are just some suggestions, which can definitely be improved upon post further study and research into the matter.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security, Technology

Tagged , , ,

3 Easy Techniques to Protect Your Data

Posted on March 11, 2016 | Leave a comment

Data_LockSome of the best firms use very simple techniques to protect their companies’ information. These techniques can be very efficient with not only securing company data but also your employee’s personal information as well. These may take some time and resources to set up initially, but you will thank yourself down the road.

First you want to implement some sort of yearly or bi-yearly security training program. Something interactive that will keep them involved and teach them the basics of security in the office. Using game-ology or animation in this training will insure that the information sticks with the employees. Not only will you remain compliant with a yearly security training program but you can insure awareness around the main cause of information leaks and breaches; humans.

Once this program is in place, you want to put it to the test. One of the best ways is to create a phishing campaign. This entails you sending out a fake email from a fake address with a false, clickable link that will record the number of users that click on this link. You can set up this campaign to log information like, clicks, openings of emails and even going as far as viewing the users that clicked the link then filled out an informational form about themselves. A phishing campaign is not to be used as a form of punishment but a teaching point about what “exactly” to look for in a phishing email.

Lastly is a step you should take into your own hands as a security professional. Utilize a tool like bit locker and/or Digital Guardian to monitoring what your employees are doing on the internet and help prepare for the worse situations. Having timely backups on all saved information is a plus incase you need to roll back changes on someone’s machine due to a malicious link that was accidently clicked.

Overall the best options, no matter how you do it, is to educate the people that handle sensitive information on best practices and then create assurances around them to protect in case of an accident. Remember in this industry it is not “if” but “when” a security event will take place.

Leave a comment

Posted in Big Data, Cyber Security, Data Breach, Encryption, Hacking, Security

Tagged ,

5 Innocent Mistakes That Cause an IT Security Breach

Posted on March 11, 2016 | Leave a comment

Breach

Security breaches, also known as a safety violation, occur when a person or application illegally enters a confidential IT border. This could result in the hacking of unauthorized data, services, networks and applications that are highly critical.

Breaches can also cause bankruptcy and destroy a company’s reputation, which is why most businesses hire an IT solutions company. However, not all security breaches are intentional; mistakes can trigger a security violation, as well, and without any warning.

Here are five innocent mistakes that lead to an IT security breach.

Device Theft or Loss

A lost or stolen device like a smartphone or laptop causes 3.3 percent of confirmed security breaches and 15.3 percent of overall incidents.

People who forget their devices in a public place or vehicle have higher chances of losing their gadgets because of theft. Most of these cases are opportunistic and involve a huge number of public departments.

When the thief takes advantage of the device, he can access the person’s confidential images, videos, documents and business files without IT security measures in place.

Document Errors

Document-related errors are some of the common causes of a data breach. A few examples of these include forwarding sensitive information to incorrect recipients, publishing private data to public web servers, and carelessly disposing of confidential work data.

These events usually occur internally and accidentally. When this happens, hackers can use the stolen information as blackmail or as an asset to their group. They can also access bank accounts and other documents related to finance.

Weak and Stolen Credentials

Hacking is the biggest cause of security attacks, which is primarily instigated by weak passwords and stolen credentials. Employees who have access to password-protected files and applications should take caution when unlocking these documents, especially when the company asset contains confidential information.

If you are working on a public computer, avoid clicking on the “remember password” option, so that intruders won’t have the opportunity to access private accounts if your computer gets hacked.

Additionally, you should never leave your password in an open computer file or even written on a sticky note affixed to your desktop, as this can be used by an external actor like a service person to access the organization’s intranet.

At the same time, it is important that you create a strong, non-obvious password that includes numbers, symbols, and capital and lower-case letters. One of the most effective techniques is the Bruce Schneier Method, which takes a sentence and turns it into a strong password.

There are also password-generating sites and password managers that throw out efficient and strong passwords.

Internet Spyware

Did you know that over 50% of security breaches are caused by employees misusing access privileges? Whether maliciously or unwittingly, employees who naively click pop-up browsers or install a malicious application can welcome spyware on a company’s system.

Spyware is a type of malware that enters a computer without the knowledge of the owner to collect private information about internet interaction, keylogging, passwords and valuable data. Spyware can either be on a file you downloaded online or a malicious hard drive inserted on your desktop. This can also be found in unauthorized web searches and varying computer settings.

The risk of a security breach is very high with spyware but you can prevent this by generating a virus scanner and avoiding malicious websites and illegal downloads at work. Companies should also take the first step by implementing a spy trap, which is basically a filter for all work systems.

Vulnerable Systems and Applications

Using outdated software and web browsers can cause serious security concerns. Attack methods become more advanced each year, and hackers increase the number of ways that they can violate vulnerabilities like these.

When outdated systems regularly connect to the internet, they can submit valuable information online without the user knowing it.

You can prevent security breaches by taking note of these basic pointers.

  • Take care of your personal data, especially when on the road. Every time you bring your data on the go, you are opening yourself to a multitude of security risks. For example, when you access public Wi-Fi, you disseminate your information to the immediate public and to hackers who use meticulous processes to breach data. Avoid this by investing in a personal hotspot or by subscribing to your provider’s mobile data services.
  • Create strong passwords. Never create a password that contains basic personal information like your surname or birthday. Hackers can easily identify this and use it in your work and personal accounts. A strong password should be a combination of characters, numbers, and symbols. Apart from this, don’t use one password for every account you own. Although it may be easy to remember, it’s also easy to hack.
  • Be careful of file sharing. You share a number of important files every time you work with multiple clients. No matter how much you trust a colleague, you never know where he will use the data you shared. To prevent malicious use of relevant documents, make sure that the files you share with your clients are only for work purposes. If you share documents through a cloud, immediately delete the final ones after use.

The number of security breaches increases every year, but there are plenty ways to protect yourself and your company from this. Keeping your data secured is the most efficient way to prevent damaging security breaches.

 

About the Author: Vlad de Ramos has been in the IT industry for more than 22 years with focus on IT Management, Infrastructure Design and IT Security. Outside the field, he is also a professional business and life coach, a teacher and a change manager. Vlad has set his focus on IT security awareness in the Philippines and he is a certified information security professional, a certified ethical hacker and forensics investigator and a certified information systems auditor.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of TheDigitalAgeBlog.

 

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Uncategorized

Tagged , ,