now browsing by tag


CodeSignal and Announce Partnership, Reinforcing Data as the Key to Hiring | #bumble | #tinder | #pof | #onlinedating | romancescams | #scams

Source: National Cyber Security – Produced By Gregory Evans

SAN FRANCISCO, May 26, 2021 /PRNewswire/ — CodeSignal, a technical assessment platform dedicated to helping companies #GoBeyondResumes in tech recruiting, today announced a new integration and partnership with®?, the inventor […]

The post CodeSignal and Announce Partnership, Reinforcing Data as the Key to Hiring | #bumble | #tinder | #pof | #onlinedating | romancescams | #scams appeared first on National Cyber Security.

View full post on National Cyber Security

Scamwatch: Scammers phishing for data through ANZ bank text messages | Blayney Chronicle | #relationshipscams | #dating | romancescams | #scams

Source: National Cyber Security – Produced By Gregory Evans

Every year, thousands of Australians are targeted by scams, whether it be online, via phone, mail or even in person. Australian Community Media has compiled a list of current scams […]

The post Scamwatch: Scammers phishing for data through ANZ bank text messages | Blayney Chronicle | #relationshipscams | #dating | romancescams | #scams appeared first on National Cyber Security.

View full post on National Cyber Security

What Chinese company Zhenhua Data will do with data of 35,000 Aussies | #facebookdating | #tinder | #pof | romancescams | #scams

You – the internet user – have become the front line in a battle for hearts, minds and political advantage. And your personal details are the weapons in an international […] View full post on National Cyber Security

#infosec | Norwegian Cruise Line Suffers Data Breach

Source: National Cyber Security – Produced By Gregory Evans

A major cruise operator has suffered a data breach as the travel industry battles the storm created by the COVID-19 outbreak.

Information from a database belonging to Norwegian Cruise Line was discovered on the dark web by an intelligence team at DynaRisk on March 13. 

Data exposed in the incident included clear text passwords and email addresses used to log in to the Norwegian Cruise Line travel agent portal by agents working for companies including Virgin Holidays and TUI. 

DynaRisk said data relating to 29,969 travel agents was breached from the portal on the website on March 12.

“After verifying that the data records are legitimate credentials, we notified a Norwegian Cruise Line representative immediately. Despite opening our message later that day, we received no response. After five days a representative responded to our team to discuss the breach,” said a DynaRisk spokesperson.

DynaRisk said that the incident left agents who were “already vulnerable at this time” at higher risk of cybercrime. 

A DynaRisk spokesperson said: “They are now exposed to account takeovers on numerous platforms, sophisticated phishing emails and fraud, which could put further pressure on large travel agents or worse still, put smaller agents out of business.”

Norwegian Cruise Lines told Infosecurity Magazine: “It has recently come to our attention that the website may have been compromised. In an abundance of caution, we are in the process of asking certain travel partners that may have been affected to change their password for the site and any site for which they may have used the same password, and to remain vigilant of any suspicious activity or emails. 

“We believe limited personal information was involved, specifically names of travel agencies and business contact information such as business addresses and email. This appears to be a unique and isolated incident that involved only a regional travel partner portal which houses marketing materials and educational information and did not involve guest data. We are deeply committed to protecting the security and confidentiality of information and regret any concern this matter may have caused.” 

Norwegian is the third cruise line this month to hit the cybersecurity headlines. Princess Cruises and Holland America Line both reported being hacked on March 2.   


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | Norwegian Cruise Line Suffers Data Breach appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | K-12 Remote Learning Checklist: Securing Data in a Remote Learning Environment

Source: National Cyber Security – Produced By Gregory Evans

12-Step Remote Learning Checklist to Help District IT Protect Student and Staff Data

K-12 school districts across the country are shutting down to increase “social distancing” and help slow down the outbreak of COVID-19—the disease caused by exposure to the new coronavirus. Many are either considering or preparing for a shift to remote learning for the remainder of the year.

Technologies focused on learning management, online teaching, collaboration, and video conferencing will help districts provide students and staff with the tools needed to move forward with remote learning. This shift requires a lot of time and effort for district IT teams to vet, implement, and support in the coming weeks.

But K-12 IT teams must also plan for the adjustments in cyber safety and security this shift will require.

Students and staff will be accessing their Google and/or Microsoft accounts from locations outside of the school’s networks. They will also be using new, often OAuth-enabled, EdTech SaaS for a variety of learning and student management purposes. Both of these trends expose district information systems to data security and student data privacy risks.

G Suite & Office 365 Data Security & Student Safety Remote Learning Checklist

What is G Suite and Office 365 security and student safety? It is the district’s ability to have visibility and control into the activity taking place in collaborative cloud software as a service (SaaS) applications—such as Google G Suite and Microsoft Office 365—commonly used by districts today.

If or when your district moves to remote learning, traditional perimeter security safeguards, such as firewalls and content filters, become less effective. This is especially true if your district doesn’t have 1:1 device capabilities. Students will be accessing their school account from an unmanaged device without all the security measures a district device would have.



To help K-12 IT teams securely transition to remote learning and working, we’ve developed this 12-step remote learning checklist focused specifically on cybersecurity and safety protections.

1. Document remote work security policies

Your district’s staff and students are likely not used to working in a remote environment, and may not realize that security tools like firewalls and web content filters are less effective outside your district’s network. If your district hasn’t done so already, now is the time to create and document remote work security policies.

Start by developing a document outlining a list of approved cloud applications to be used for remote learning purposes. If your district doesn’t have a learning management system (LMS) or other remote learning tools already available, consider looking into tools such as BrainPop, Discovery Education, Agilix, Edmentum, and more. Other cloud applications your district’s IT team may want include Zoom, Google Hangouts, Cisco’s Webex, or another popular video conferencing tool that your district is comfortable with using.

Once your team has decided which cloud apps are approved, make sure to include the list in your district’s remote work security policy document. You may also consider including a list of apps that shouldn’t be downloaded and installed.

If your district isn’t 1:1, this will be tougher to enforce due to the fact that students will be accessing their school accounts from an unmanaged device. However, having a guide in place will prove useful in helping students and staff protect their devices, and sensitive data, when logging in to use these apps from home.

2. Create employee cybersecurity training & testing

Simple human error is the number one reason cybersecurity incidents happen in any organization. Educate your district’s staff, students, and parents on common cybersecurity best practices and what to look for in terms of possible red flags.

Create guidelines that encourage students, staff, and parents to look at who emails are coming from. Does the email domain match your district? If there are any links within an email, does the redirect URL match the destination the email claims?

Same goes for file attachments. Are they coming from a trusted source and do the documents pertain to any lessons or assignments students and staff are working with?

You may also want to consider testing your users’ ability to recognize a suspicious email.

One common tool to send out phishing email tests to see how prepared and educated your district stakeholders are regarding cybersecurity is KnowBe4. With this tool, your IT team can conduct phishing tests, password strength tests, email exposure and domain tests, and more. This way, your team has a better picture of where your weaknesses lie and what you need to educate further on during this hectic time.

3. Monitor student and staff account logins

Students and staff will be logging into their school accounts from outside of your district’s security perimeter—and from an unmanaged device if your district isn’t 1:1.

Your IT team must monitor account logins and look for anomalous behavior that may indicate an account takeover attack. Anomalous behavior might include multiple unsuccessful logins, failed multi-factor authentication checks, and successful logins from an unapproved location such as another country.




4. Check for unsanctioned 3rd party SaaS apps

Now that students will be using their school device—or a personal device—outside of school, monitoring for risky 3rd party apps is especially important. This is because malicious apps and apps with insufficient infrastructure security pose far-reaching risks to your district’s information systems.

Additionally, the flood of “free” teaching and learning apps on the market creates openings for serious OAuth security risks. Teachers and students alike may take advantage of these tools with the best intentions, but EdTech that hasn’t been properly vetted can lead to a variety of cybersecurity risks.

Your IT team should monitor which apps are granted OAuth access to district Google and/or Microsoft accounts, check what permissions are granted, and be able to remove the apps that don’t meet your infrastructure security, data security, and/or student data privacy policies.

5. Monitor for improper file sharing and access

Student data privacy laws still apply when your district transitions to remote learning, and keeping track of data becomes more difficult when students and staff access everything remotely.

To help prevent any financial, staff, and/or student data from leaving your district’s G Suite or Office 365 environment, look for drives, folders and files that have given external accounts access to view and/or edit. If any external shares are found, make sure to break them and set up policies to automatically remediate when a future external share is granted.

6. Secure personally identifiable information (PII) and create data loss prevention policies

Data loss prevention is a strategy to ensure the sensitive information of students and staff are protected and don’t inadvertently leave the network. Have your IT team start by checking email and files for PII, such as social security numbers, W2s, and bank account information. Then, delete, quarantine, or revoke access to any information that is being improperly shared.

Once complete, set up automatic policies to remediate all PII that leaves your district’s network to ensure FERPA requirements are met.

7. Create student safety monitoring & policies

Just because your district’s students are distanced from one another as a result of school closures and self-isolation, doesn’t mean that they aren’t communicating via their school Google or Microsoft accounts.

Students may be using their school accounts to send emails or use Google Docs as a chat board. It’s important for your IT team to continue monitoring for signals of cyberbullying, self-harm, inappropriate content, abuse, and other forms of student safety threats. Unfortunately, it may be easier for these issues to go undetected during this time.

8. Enable anti-phishing and anti-malware protection

With dispersed students and staff, cybersecurity risks in your district are going to increase. Your IT team will need to ensure they have anti-phishing and anti-malware protection enabled.

Students and staff will be logging in from their home networks and maybe from a personal device, which means school firewalls, web content filters and endpoint security may not be effective for the time being.

The best option for your team at the moment is to start with configuring your district’s G Suite and Office 365 anti-phishing and anti-malware capabilities, and layer additional safeguards to ensure district cloud applications are protected—regardless of the device or the location.

9. Monitor for lateral phishing activity

In the event a student or staff member at your district does fall victim to a phishing scheme, it’s important for your IT team to be monitoring the activity that is taking place within district cloud apps.

This means not only monitoring the email traffic coming from external sources, but also monitoring and analyzing emails sent from internal accounts to others. Doing so is critical to reveal signs of an account takeover and lateral phishing attack.



Are you getting phishing email alerts from an internal email address? Is a student or staff member sending an unusual number of emails to other school accounts that they don’t usually interact with? Is an account suddenly sharing and/or downloading more files than usual? These are a couple of examples of trends your team will need to look for more often in a remote learning environment.

10. Make multi-factor authentication mandatory

Multi-factor authentication requires your district’s students and staff to take a second step, after entering the correct password, to prove they have authorized access. Students and staff will be logging in from unrecognized devices, which makes this security tool a critical one for your district to have enabled during this time.

It’s also incredibly quick and easy to set up through your Google and/or Microsoft admin portal.

Multi-factor authentication typically includes entering a code that is sent to their phone via SMS. It can also include phone calls, answering security questions, mobile app prompts, and more.

11. Reset passwords across all accounts and set a password strength policy

Set policies and standards for your district’s cloud app passwords now that students and staff are accessing remotely.

At a minimum, enable your system’s “require a strong password” feature. You can also set minimum and maximum password lengths, password expiration, and more.

If your district already has policies in place, now is a good time to check current passwords to see if there are any passwords that are out of compliance and force password changes through your admin console.

12. Run a G Suite & Office 365 data security & student safety audit

With this checklist, now is an opportune time to run a cloud security audit of your district’s G Suite and/or Office 365 environment. An audit will check for any configuration errors, sharing risks, files containing sensitive information, risky 3rd party SaaS apps, and more.

It’s also important to run an audit on a periodic basis more frequently now that districts are closing or moving to remote learning. Weekly reports can be automated and provide you with detailed information into the security health of your cloud applications, and the activity taking place between students, staff, and external environments.

If your district uses SaaS applications such as G Suite and Office 365, protecting the data and accounts in these apps is a critical layer in your cybersecurity infrastructure.

Without it, monitoring and controlling behavior happening on the inside is impossible. This blind spot creates critical vulnerabilities in your district stakeholders’ sensitive information and is now a much bigger blind spot given the current circumstances.

The post K-12 Remote Learning Checklist: Securing Data in a Remote Learning Environment appeared first on ManagedMethods.

*** This is a Security Bloggers Network syndicated blog from ManagedMethods authored by Jake Kasowski. Read the original post at:

Source link

The post #cybersecurity | #hackerspace |<p> K-12 Remote Learning Checklist: Securing Data in a Remote Learning Environment <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Interos Completes Series B Funding to Drive Data Science

Source: National Cyber Security – Produced By Gregory Evans

Markus Spiske from Pexels

Interos announced it has raised $17.5 million in a Series B funding round to accelerate data science and engineering growth, expand personnel and boost sales to drive commercial momentum for its leading risk management platform.

The funding comes after Interos tripled its headcount, increased annual recurring revenue by 700% and hiked SaaS subscription bookings by 693% in 2019. With the funding, Interos expects to capitalize on last year’s growth and more than double its personnel in 2020, hiring more staff to augment its proprietary software, which exposes critical risks in the global supply chain for leading private and public sector customers. 

 The round was led by first-time investor Venrock with participation from Kleiner Perkins. 

 “After a strong 2019, this funding shows Interos has already secured major support in 2020 from the world’s most successful investors,” said Jennifer Bisceglie, CEO and founder of Interos. “Like our customers, investors see the value of the Interos platform, which is critical for global businesses in 2020. From events like the coronavirus to political unrest, companies need a platform that exposes risks and identifies how events affect suppliers around the world the moment they happen.” 

“Interos is one of the most compelling big data and AI companies I’ve come across in the last decade,” said Nick Beim, Venrock partner. “Over the last 20 years, global supply chains have grown so rapidly and with so much opacity that most companies don’t know who they’re working with or who they’re dependent on. There’s so much data to gather to fully understand those risks, and Interos helps companies address these urgent, strategic issues with a brand new set of capabilities.”

Interos also recently added Phil Venables, a cybersecurity and risk expert to its board of directors. Venables’ distinguished career includes previously serving as Goldman Sachs’ first chief information security officer and head of technology risk, and as its chief operational risk officer. Prior to his work at Goldman Sachs, Venables was the chief information security officer at Deutsche Bank. Venables serves on the executive committee of the U.S. Financial Services Sector Coordinating Council for Critical Infrastructure Protection, is co-chair of the Board of Sheltered Harbor, and is a member of the boards of the Center for Internet Security and the NYU Tandon School of Engineering. He is also an adviser to the cybersecurity efforts of the U.S. National Research Council and the Institute for Defense Analyses.

Interos has worked with the U.S. Department of Defense, NASA and Department of Energy critical infrastructure. Interos uses machine learning to build and maintain the world’s largest knowledge graph of over 50 million relationships to discover and monitor the entirety of a supplier ecosystem. Each month, Interos ingests over 85,000 information feeds, processing over 250 million risks a month. Interos instantly visualizes the most complex multi-tier relationships, updating and alerting to changes in risk along five factors: financial, operations, governance, geographic and cyber.

 “In today’s interconnected world, Interos is bringing clarity to the muddled, confusing nature of supplier relationships,” said Ted Schlein, partner at Kleiner Perkins. “By automating due diligence, leveraging sophisticated technology and exposing vital risks, Interos shines a light on an otherwise opaque global supply chain.”

Source link

The post #nationalcybersecuritymonth | Interos Completes Series B Funding to Drive Data Science appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Oregon Business – Data Risk

Source: National Cyber Security – Produced By Gregory Evans

Small businesses face a heavy risk when it comes to cyber security. The best defense relies on an active, educated employer.

On March 9, 2018, the Oregon Clinic discovered an unidentified party had accessed an email account. The data breach gave attackers access to names, birth dates, medical information, and in some cases, the social security numbers of patients and staff. 

The clinic was able to recover from the attack, and went on to offer patients impacted by the breach one full year of identity monitoring services. 

But other businesses which have been subjected to cyberattacks face more dire consequences.

According to a recent study by insurance carrier Hiscox, the average cost to a business when it is subjected to a cyberattack is around $200,000. 

Small businesses suffer most from these costly attacks. Due to the massive price tag associated with an infringement, 60% of small businesses go out of business within six months of being victimized, according to the National Center for the Middle Market. 

Attackers target small businesses for a variety of reasons. Some try to gain access to employee and client information, such as email accounts, bank numbers and social security numbers. Hackers also install ransomware, which, as the name implies, will hold a network hostage until the business owner pays a fee to be released. 

Hackers also target servers to create a “zombie” network, which uses a business server as a launching pad to conduct other attacks to avoid detection. 

Other attackers, especially ones from foreign governments, take over a network to mine for bitcoins. 

Close to 50% of all cyber attacks are perpetrated against small businesses, which hackers often perceive as low-hanging fruit. According to a report compiled by Verizon, nearly half of small businesses reported a data breach in the past two years. 

Despite the likelihood of an attack, and the relative risk involved, less than half of small business owners reported spending money on cyber security last year. 

This is in part because maintaining a good cybersecurity defense is costly. Unlike virus protection, a business cannot simply install a defensive program against cyberattacks and remain safe.

“The demand for these cybersecurity professionals is so high that the price they command for their services is also very high,” says Dr. Wayne Machuca, lead instructor for Mt. Hood Community College’s cybersecurity program. “This precludes small and medium-sized businesses from being able to afford and adequately staff around their cybersecurity needs.” 

There are 4,600 cybersecurity job openings in Oregon, according to cybersecurity employment website CyberSeek. Despite Oregon’s reputation as a state with a heavy tech sector, there are twice the number of cybersecurity job openings as there are qualified professionals to fill them. 

Ruth Swain is the interim director of the Small Business Development Center at Mt. Hood Community College, which helps small businesses protect themselves against cyber threats through the Oregon Center for Cybersecurity. 

With Machuca’s help, the center has developed a program which allows students in their last year of school to provide training and cybersecurity expertise to small businesses owners and their employees free of charge. 

“We worked with the interns and instructors here to come up with a cybersecurity prevention checklist for small businesses,” says Swain. “The advising is free, so we are encouraging businesses to sign up.”

The program was awarded a grant from the National Science Foundation, and Machuca says they have used the grant money to replicate the program along with its sister colleges.  “It’s really exciting stuff,” he says. 

Skip Newberry, president and CEO of the Technology Association of Oregon and executive sponsor of Cyber Oregon, an organization dedicated to delivering the latest cybersecurity information and best practices to businesses, says businesses which cannot afford a cybersecurity professional on staff should train employees to recognize cyberattacks. 

“The first and best defense is adequate training for employees,” he says. “In this day and age, anyone who uses technology should be trained in how to spot phishing and spear phishing attempts, and best practices for managing passwords, which is how the vast majority of cyber breaches occur within small businesses.”

Much of the training is preventative, but if an attack has occurred, the most important thing for a business is not to keep silent. 

To subscribe to Oregon Business, click here.

Source link

The post #school | #ransomware | Oregon Business – Data Risk appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | US healthcare technology: Move to standardize APIs for patient data access receives mixed response

Source: National Cyber Security – Produced By Gregory Evans

Emma Woollacott

12 March 2020 at 15:38 UTC

Updated: 12 March 2020 at 15:42 UTC

Interoperability rules largely welcomed, but potential privacy and security issues must be addressed, experts warn

New rules giving patients better access to their medical data have been approved by the US Department of Health and Human Services (DHSS) – but experts warn that security may not be entirely sewn up.

Currently, many electronic health record contracts contain provisions that either prevent or are perceived to prevent the sharing of information related to the records in use, such as screenshots or video.

From the beginning of next year, though, health plans doing business in Medicare, Medicaid, CHIP, and federal exchanges will be required to share patients’ health data.

Meanwhile, a new API will allow developers to create apps allowing patients to access their own data, as well as integrating a health plan’s information with their electronic health record (EHR).

“Delivering interoperability actually gives patients the ability to manage their healthcare the same way they manage their finances, travel, and every other component of their lives,” says Don Rucker, national coordinator for health information technology.

“This requires using modern computing standards and APIs that give patients access to their health information and give them the ability to use the tools they want to shop for and coordinate their own care on their smartphones.”

Predatory apps and snake oil warning

The new rules are generally being welcomed – with reservations.

“I’m not sure diving in headfirst by giving patients apps to access their own healthcare records via mobile apps is a good idea,” says Paul Bischoff, privacy advocate for security research firm

“Patients might not know what they’re agreeing to when handing over permission to apps to access their health records. This could lead to predatory apps that leverage medical records to sell snake oil.”

Meanwhile, says Tim Mackey, principal security strategist with the Synopsys Cybersecurity Research Center, the nature of the US’ insurance-based healthcare system means that patients may need to be careful about the information they share.

“Given the sensitive nature of medical records, and the potential for a pre-existing condition to negatively influence future patient care, vetting of both app creators and medical data usage in care decisions are concerns,” he says.

“As consumers embrace apps as a proxy for physical identification and their mobile devices as a central store for their most sensitive data, both the security of those apps and the potential for compromise of a mobile device become increasing concerns.”

Much-needed security standard

According to the DHSS, similar apps already exist, in the form of Medicare Blue Button 2.0, which allows patients to securely connect their Medicare Part A, Part B and Part D claims and other data to apps and other tools.

More than 2,770 developers from over 1,100 organizations are working in the Medicare Blue Button 2.0 sandbox, it says, and 55 organizations have applications in production.

But, says David Jemmett, CEO and founder of security firm Cerberus Sentinel, it could be hard to implement a comprehensive security standard.

“As things stand currently, you don’t know if your portal has been checked for security standards unless there has been certification to meet a number of additional standards,” he says.

“Often the code itself goes unchecked and third-party companies can be building them for the interface, but there is no one to go line by line, ensuring security standards are met to certify the software.”

READ MORE EU to give €100bn MedTech industry a security health check

Source link

The post #hacking | US healthcare technology: Move to standardize APIs for patient data access receives mixed response appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | How to prevent the data breach that keeps on happening

Source: National Cyber Security – Produced By Gregory Evans

By Dr Steve Jeffery, pre-sales engineer

The potential for revealing personally identifiable information (PII) in the ‘To’ or ‘CC’ fields of an email is a risk well understood. Yet despite this, it remains the source of far too many data breaches.

• In January 2020, Capita accidentally leaked the email addresses of all those attached to a support incident ticket on their call handling system.
• In October 2019, West Berkshire Council sent an email containing a survey about leisure centres to 1,107 recipients who could all see each other’s email addresses.
• In April 2019, the UK Home Office accidentally disclosed details of hundreds of EU citizens requesting settled status to one another
• A UK Freedom of Information request in 2018, showed at least 147 self-reported data breaches to the ICO were down to this error.

Accidental in nature, it’s easy to see why these types of breaches occur. When we want to send an email to a number of people – be that a newsletter, an event invitation, or an update on a technical support ticket – we might simply copy and paste the email addresses into the ‘To’ or ‘CC’ fields and press ‘Send’ without giving it a second thought. This approach means that all recipients of the email are visible to each other, which isn’t a problem if you are addressing a group known to one another, but in the case of a mailing list to customers, it is a privacy breach that could result in a fine.

It is no surprise that human error is the cause of so many breaches. Conditioned to using email, we have become inured to the potential danger that exists every time we press ‘Send’. Focussing on the task at hand, we don’t always give the time required to consider the privacy ramifications of our actions. We know that ‘BCC’, or blind carbon copy, is the field to use to ensure email addresses remain private, yet accidents still happen. What can an organization do to mitigate this risk?

Reducing the risk of an email data breach

To offset the inevitable risk associated with email communications, organizations need a clear cybersecurity strategy encompassing people, processes, and technology. Email policies need to be established, the workforce trained, and policy rules enforced with software. The software acts as the final safety net against the inadvertent actions of employees.

The Clearswift Secure Email Gateway can support employees to make better decisions, without increasing the administration burden on the IT support team.

In the gateway, simply create an email policy rule that automatically holds emails where the number of recipients in the “To” or “CC” fields exceeds a minimum number set. When an email exceeds that threshold, an alert is sent to the employee. If the action was deliberate, the employee can release the email without the need to raise an IT support ticket. The decision to release the email message is audited and recorded in the gateway. If, however, a mistake occurred, the employee can delete the email and create a new version compatible with the organization’s privacy policies.

Additional information

Learn more about preventing data breaches with Clearswift Secure Email Gateway
Step-by-step guides for setting up Recipient Limiters can be found on the Customer Support Portal.

Source link

The post #cybersecurity | #hackerspace |<p> How to prevent the data breach that keeps on happening <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Kenya’s data storage boom entices global tech giants : The Standard

Source: National Cyber Security – Produced By Gregory Evans

Kenya is set to become a major recipient of foreign direct investments in cloud computing.
This is as international investors rush to fund a data centre boom spawned by the proliferation of smartphones, mass adoption of business software and 5G.
Huawei, Microsoft and Amazon Web Services are some of the international players currently enticing small businesses with free data storage in preparation for a looming expansion in data fanned by 5G networks and fibre optic cables.
“So there’s a big opportunity there, as more people begin to use cloud services instead of having their own data servers. These are going to become more valuable,” said Xalam Analytics in their latest report on Africa data centre boom.
Another incentive for the localisation of data storage is that it improves internet speeds since users no longer have to fetch data from the other side of the world.
It is also being driven by clamours by government officials to have local data hosted domestically for national security purposes.

For More of This and Other Stories, Grab Your Copy of the Standard Newspaper.  

Banks such as Absa Kenya are making investments in machine learning and artificial intelligence tools to improve customer experience and credit risk. New “digital banks” such as Tala, Branch, Zenka are cloud-based.
Since cybersecurity is not an expert capability field for banks, continuous upgrading and development of data centres have been expensive.
Saccos have not been left behind either, as most of them are running on software that allows customers to access their services on the phone.
They also need to store this data somewhere given that in-house data centres are too costly for them. Governments are using cloud and virtualised infrastructure to enhance public service delivery.
Large retail firms also use computer capabilities such as Amazon Web Services databases to transform how they reach a predominantly mobile and digital customer base. Corporates whose expertise is not data storage are slowly giving up their small in-house data centres to major players – helping to drive demand while scores of cloud-native startups are leveraging the cloud to disrupt entire industry sectors.
“The fast-rising requirements of cloud-based technology businesses and their customers, as well as the search for the smallest possible delays in transaction times, has seen businesses seek alternative cloud options,” said the managing director, Carrier Services Division at Telkom Kenya Kebaso Mokogi.
The Kenyan market is currently served by Safaricom, Liquid Telecom, MTN business and other regional players who are set to face competition from the deep-pocketed multinationals who are able to outprice them.
However, Kenya alone does not have the market to attract such high profile investments but is acting as a Launchpad for regional business. It is, however, one of the most active in internet and tech-driven business hubs alongside South Africa and Nigeria.
Africa currently accounts for less than one per cent of total available global data centre capacity, according to data from Xalam Analytics, despite the continent being home to about 17 per cent of the world’s population.
However, its capacity has doubled in the past three years.
Xalam Analytics says the key players in Africa – South Africa, Kenya and Nigeria are set to see investments from multiple investors among them Warren Buffet backed Berkshire Partners and London-based private equity firm Actis, which is injecting Sh25 billion into African data centres over the next three years.
Actis is the investor behind Garden City Mall in Nairobi.
“If you look at the trends around data, its consumption, and cloud migration globally — those trends have played out in many markets and have led to significant growth of the data centre sector,” said Kabir Chal, director at Actis.
“Africa is no different: you see digitisation, the inexorable migration to cloud, and really the advent of big data but, as a consequence, the supply of data hasn’t kept up.”
For data-storage companies operating in Africa, a big hurdle is the continent’s lack of infrastructure, which complicates an already capital-intensive, power-hungry business.
Kenya’s power supply remains low at less than 2,000MW compared to South Africa’s 40,000MW. The two have nearly equal population size.
Companies must often rely on large-scale generators running on costly diesel and petrol to provide electricity, while slow internet speeds, high data costs and a lack of fibre networks constrain their operations.
Nevertheless, the Actis investment is part of a broader trend of international players looking to become involved in the data centre sector in sub-Saharan Africa — where the total data centre capacity equals about a quarter of London’s or half of Frankfurt’s, according to Xalam Analytics.
Microsoft also launched its first African cloud data centres last year, which is a key growth market alongside Nigeria, Kenya and Ghana.
It already accounts for roughly half of Africa’s data centre capacity. Meanwhile, Amazon Web Services plans to open a cluster of data centres in the coming months — the company’s first foray on the continent.

Do not miss out on the latest news. Join the Standard Digital Telegram channel HERE.

Xalam AnalyticsSafaricomGarden City MallMicrosoftHuawei

Source link

The post #deepweb | <p> Kenya’s data storage boom entices global tech giants : The Standard <p> appeared first on National Cyber Security.

View full post on National Cyber Security