Four

now browsing by tag

 
 

Four #cybersecurity #tips for #travelers

Do you sacrifice convenience for security when you’re traveling on vacation or on business? A University of Phoenix survey says very few people take precautions to safeguard their data while traveling.

“You need to practice the same cybersecurity precautions that you take at home or at work when you are on business trips or vacations,” says Dennis Bonilla, executive dean at the College of Information Systems and Technology School of Business, University of Phoenix. “That’s when you are less secure because you are accessing networks that are not as protected and have a lot of public access. That’s where the hackers are lurking to figure out how to get your information.”

Bonilla shares four ways to protect yourself when traveling on business or vacation:

Avoid public Wi-Fi

Using public Wi-Fi at the airport or local coffee shop is certainly convenient. However, Bonilla says many of those networks aren’t encrypted. That means the data you are transmitting can be easily accessed. Hackers now have sophisticated tools that can intercept the data you are transmitting. Not only can they log keystrokes; they can also download your data onto their own device.

Don’t access Bluetooth

Do you enjoy listening to music on your Bluetooth device? Bonilla says the same way you access Bluetooth to get music from your device to your headphones, hackers can use the same technology to steal data from you. In late 2017, security company Armis published details of a new Bluetooth vulnerability in which hackers can take complete control of targeted devices in only 10 seconds. Bonilla’s advice is to always keep your Bluetooth capability off when traveling.

Stop using your personal device for business purposes

A University of Phoenix survey found a majority of travelers mistakenly believe their devices are just as safe on vacation as at home. Bonilla says you should never let your guard down. Using your personal device for business purposes not only puts your information at risk but also your employer’s. Imagine the amount of information that could get into the wrong hands! There may be financial data, intellectual property or other sensitive information you don’t want the general public to see. He says it’s important to avoid using common passwords for both devices.

Stay away from a hotel’s shared office space

Thinking about stopping by the hotel’s business center to print out your airline boarding pass? Bonilla says those computers are extremely vulnerable to cyber criminals, especially if you use them to check your personal or work emails. He says a lot of hotels don’t have any protection or encryption on their computers, putting your information at risk.

Bonilla says criminals are always a couple of steps ahead of the average person. No longer do hackers need a deep amount of knowledge to carry out their crimes. All they need is a laptop and an internet connection. He says it’s important for the average person to be educated on the ways hackers can target their information.

“Don’t be lazy,” says Bonilla. “Cyber-attacks are at an all-time high. We are more connected than ever. You’ve got to take precautions. Take the simple steps of updating the software on your phone, disabling Bluetooth, GPS, and Wi-Fi – stay off those network spaces. That’s where they are waiting to attack.”

advertisement:

The post Four #cybersecurity #tips for #travelers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #four myths #hampering #cybersecurity #maturity

Source: National Cyber Security News

We’ve seen tremendous advances in technology over the last 15 years or so, but security continues to struggle as much today as it did a decade ago.

A large part of the problem is that security professionals and their leaders have bought into myths that hamper their ability to move their organizations forward and achieve maturity – the kind of maturity that’s necessary to be able to survive and recover from a cyber attack.

In no particular order, here are the four myths that security organizations need to stop believing and how they should move forward.

Myth #1: Cybersecurity risk can be eliminated

As a security professional, you know this isn’t true, right? Cybersecurity risk cannot be eliminated. It can only be managed. However, judging by the enormous sums of money companies waste attempting to achieve impenetrability, it seems this myth has life in it yet.

The problem is at the top: Senior executives and Board of Directors don’t understand the nature of cyber security. They think if they throw enough money at the problem, it will go away. But we know that’s not the case. Senior executives and Board of Directors must be educated on the inevitable nature of a cyberattack and how that risk is managed.

Read More….

advertisement:

View full post on National Cyber Security Ventures

“Three in four” #councils do not #provide #mandatory #cyber security #training

Source: National Cyber Security News

Three in four local authorities do not provide mandatory cyber security training to their staff, Big Brother Watch has revealed, despite human error being a significant factor in most data breaches.

The privacy campaigners behind the research said they were concerned by their findings given the rapid accumulation of personal data by councils across the country.

The report revealed that more than a quarter of councils (114) have had their computer systems breached in the past five years and that 25 had experienced a breach that resulted in a loss of data.

More than half of those hit by a breach did not report it, the report found. However, the Freedom of Information results used to gather the data did not reveal how many of those breaches affected personal information.

Organisation are not legally required to report data breaches, but the Information Commissioner’s Office urges them to do so anyway. When GDPR comes into force in late May, firms could face significant fines if they fail to.

Jennifer Krueckeberg, lead researcher at Big Brother Watch, said she was shocked to discover that the majority of councils’ data breaches go unreported and that staff often lack basic training in cyber security.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Four #Proactive #Tips to Improve #Cybersecurity for Small #Businesses

Source: National Cyber Security News

Although the media headlines often highlight major data breaches of large corporations and government agencies, the majority of businesses being hacked are small businesses. Why is this the case? Most small businesses do not have layers of security in place to protect them so attackers consider them low-hanging fruit. According to Verizon’s 2017 Data Breach Investigations Report, 61 percent of data breaches in 2016 affected small businesses. As many of you are aware, the title industry is in the attackers’ direct line of fire. The good news is that effective IT security is not beyond reach. Here are a few cybersecurity tips that can benefit your business.

Network Security

Implementing a network firewall with intrusion detection and prevention capabilities (IDS/IPS) is crucial. A firewall protects your network from malicious traffic and an IDS/IPS system properly monitored can stop a attackers in their tracks. Unmanaged systems do not provide adequate security.

Attackers are working around the clock and so should your security. Performing regular network vulnerability testing, internally and externally, can identify risks and give you the opportunity to remediate before being hacked. Many of the common vulnerabilities that this process could identify include legacy or otherwise unsupported operating systems, poor patch management and exposed systems.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Four ways #state and local CIOs can boost #cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

Looking back at the hundred-plus FBI cyber investigations and victim notifications I’ve worked over the past decade, without a doubt, the most concerning and most difficult ones centered around local and state governments.

States and cities face a tall order: protecting critical data and infrastructure. They’re expected to conduct an investigation, and remediate and prevent future attacks, all with under-staffed or non-existent cybersecurity teams, limited incident response capacity, and a lack of reliable technology.

Working closely with CIOs in cities like Los Angeles and states like Colorado has given me perspective on what is working and where we should be devoting our energy. Here are the top four observations — and solutions — for helping city and state CIOs resolve their cybersecurity challenges.

1. Get the basics right, then tackle IoT

I get it. IoT is important. IoT is scary. But we are still not doing the basics on the workstations and servers that run those IoT devices. Many jurisdictions, for instance, do not yet have a complete and accurate inventory of every asset on their network. And the easiest way to breach a network will always be through the one unpatched piece of software the organization doesn’t know about — not the smart streetlight (yet). This is not to say states and cities should halt all IoT efforts. Rather, they should prioritize their time and investments in getting essential cyber hygiene efforts done first.

Action item: Have your security team run a vulnerability scan and compare the endpoints found with your IT team’s most recent patch report. If the reports are identical, compliment both teams; if they’re not, check both teams’ tools. One of them is broken.

2. Break down organizational silos

IT operations in state and city government are often run by the various agencies within the government, rather than being centralized under the state’s or city’s CIO. This leads to shadow IT, with a wide range of servers, software, and hardware spread across the state and city, and no standardized way to measure their risk level or even know when systems need to be updated. IT administrators cannot share best practices, causing further inefficiencies. What’s worse than shadow IT? Shadow security — rogue systems with no security features turned on. Fortunately, some states and cities have made significant efforts toward consolidating and federating their IT, and the broader trend is toward consolidation, as NASCIO reported in its survey of state CIOs.

Action item: Identify the agency or department with the least number of cybersecurity resources and consolidate those first. Don’t boil the ocean by starting at the agency with the most crown jewels.

3. Reduce the number of tools

Because technology management is so spread out across agencies, states and cities tend to have dozens of tools for managing their IT and security. I once responded to an incident at a state government that had more than a dozen different tools for asset inventory and patching alone. If you have a dozen tools, you need people with expertise in each piece of software, and you have to commit valuable time and money to train those people. When a mistake gets made and leads to an incident, IT staffers have to bring in outside help, because no one internally has expertise in all the tools, which is required to conduct a proper response. States and cities can significantly reduce their risk, and improve efficiency, by consolidating IT operations and security tools. Shared tools also are better for states’ budgets, because procurement officials can negotiate state-wide prices.

Action item: Track the top 10 agencies in your state or city by number of employees and count the number of IT and security tools being used across all 10 networks. Start thinking about how many tools overlap and which ones can be decommissioned.

4. Create dedicated security roles

The cybersecurity workforce gap is an oft-discussed issue, but it’s especially prevalent in local governments and even some state agencies. Too often, IT professionals are tasked with taking on security roles, too, or their positions are only part time. In both cases, not enough attention is being paid to security. IT teams need to get creative in solving their workforce issues. Try forming tiger teams made up of diverse experts from across agencies to evaluate your state holistically and solve discrete IT and security problems. Consider leveraging existing resources, such as your state’s National Guard. Explore ways to partner with local universities to get young people interested in government and cybersecurity. By far, the most interesting cyber cases I’ve investigated happened only because I worked for the government. It is why NSA, not Silicon Valley, is able to hire the best mathematicians — they recruit early and often.

Action item: Sponsor a capture-the-flag hacker tournament at a state college and offer the top three winners summer internships at your agency.

Many of these challenges and solutions are connected. Reducing the number of tools not only helps with security, it also addresses your workforce issues by freeing up the time and money you were formerly spending on a plethora of tools and training.

States and cities are clearly placing an increased emphasis on improving IT management and security, as was made clear when 38 governors signed the National Governors Association’s cybersecurity compact this summer. Now it’s time to tackle the tough issues.

The post Four ways #state and local CIOs can boost #cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

China Releases Four Draft Guidelines in Relation to Cybersecurity Law

Source: National Cyber Security – Produced By Gregory Evans

On August 31, 2017, the National Information Security Standardization Technical Committee of China published four draft voluntary guidelines (“Draft Guidelines”) in relation to the Cybersecurity Law of China. The Draft Guidelines are open for comment from the general public until October 13, 2017. Information Security Technology – Guidelines for Cross-Border…

The post China Releases Four Draft Guidelines in Relation to Cybersecurity Law appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Protect Four Key Areas To Create A Balanced Cybersecurity Portfolio

Source: National Cyber Security – Produced By Gregory Evans

For this article, I had the chance to speak with Jay Chaudhry, the CEO and Founder of Zscaler. Zscaler bills itself as a cloud cybersecurity solution, or “Security as a Service.” Zscaler has a unique approach to cybersecurity, one that fits into my balanced cybersecurity framework, but that also dispels…

The post Protect Four Key Areas To Create A Balanced Cybersecurity Portfolio appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Four areas of concern for cyber security professionals

Source: National Cyber Security – Produced By Gregory Evans

As cyber threats continue to rise, an annual survey from ISACA has found that enterprises face continued difficulty finding qualified personnel to fill cyber security positions. It also highlighted four emerging areas of concern in the current environment that concern practitioners over and above traditional threats. One-third of the respondents…

The post Four areas of concern for cyber security professionals appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Brick School Redistricting Plan Could Affect Four Schools

Brick Township is considering redistricting – a term for changing the geographic boundary lines – of four schools within the township, though officials say a relative few number of students will be affected.

The schools include Veterans Memorial Elementary School, Herbertsville Elementary School, Lanes Mill Elementary School and Midstreams Elementary School. The district recently completed a demographics study and have been considering the redistricting effort mainly because of class sizes being too large at VMES, officials said.

“We haven’t finalized any redsitricting plan,” said Dennis Filippone, Director of Planning, Research & Evaluation for the district. “We still have two meetings with parent groups and then we have to get it in front of the board.

Read More

The post Brick School Redistricting Plan Could Affect Four Schools appeared first on Parent Security Online.

View full post on Parent Security Online

FOUR WAYS SOCIAL MEDIA MANAGERS CAN PROTECT THEIR COMPANY’S ACCOUNTS AGAINST HACKERS

These days, everyone is on social media, and customers expect you to be too. No matter what industry you’re in, if you don’t have a social media presence, you may not be visible or accessible to a large proportion of … View full post on National Cyber Security Ventures hacker proof, #hackerproof

The post FOUR WAYS SOCIAL MEDIA MANAGERS CAN PROTECT THEIR COMPANY’S ACCOUNTS AGAINST HACKERS appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com | Can You Be Hacked?