protect

now browsing by tag

 
 

#sextrafficking | How To Protect Your Child From Falling Victim To Sex Trafficking Or Predators Online – NBC 7 San Diego | #tinder | #pof | #match | romancescams | #scams

“STOLEN” is a year-long NBC 7 investigation into the sex trafficking and exploitation of children in San Diego County. The seven-episode documentary series is told from the perspective of survivors, […] View full post on National Cyber Security

Forensic review underway after Twitter hack, tips to protect your accounts | #corporatesecurity | #businesssecurity | #

Twitter says a forensic review is underway. “Dr. Fraud” shared these tips on how you can avoid your accounts from being hacked: ·        Use two factor authentication ·        Super strong password ·        Lock […] View full post on National Cyber Security

#sextrafficking | Advocates say youth shelter in Truro would protect teens from human trafficking | #tinder | #pof | #match | romancescams | #scams

Source: National Cyber Security – Produced By Gregory Evans

The recent case of a man who was unlawfully at large in the Truro, N.S., area and allegedly committed dozens of sex and drug trafficking crimes against children shows the need for a local youth shelter is dire, says a youth advocate.

Michelle Rafuse, a volunteer who supports First Nations youth in court, said a shelter for young people would help prevent at-risk youth from becoming victims of violence and sexual exploitation.

“There’s no place for kids to go in Truro if they need a place to stay,” said Rafuse, who often allows homeless kids to stay at her own home.

“If they have no place to go, they end up in circumstances where they could get led down a path they don’t want to be on.”

Truro and the surrounding Colchester County do not have a youth shelter. The counties of Digby, Yarmouth, Shelburne, Pictou and Halifax all have youth shelters serving their areas.

Youth shelters are usually run by not-for-profit groups and are aimed at ending homelessness for people aged 16 to 24. The youth stay for several months and receive connections and support to help them get their lives on track.

Morgan MacDonald, 31, was living in Truro and unlawfully at large during the time he is alleged to have committed dozens of sex and drug trafficking crimes against children. He communicated over Facebook using the name Kaycee MacDonald, victims say. (CBC)

CBC News spoke to a 22-year-old Indigenous man who said he spent the last several years homeless in Truro. He said he used to walk around the town at night messaging friends and asking for a place to stay, often crashing at the homes of friends on their laundry room floors. If he couldn’t find a place to stay, he kept walking.

“It was weird sleeping outside, so I just stayed awake,” said the young man, who recently found housing because a member of the community offered up her home. “There’s a lot of people in the same boat. There’s a pretty big need for it.”

CBC News is not identifying the man because he has been a participant in the youth criminal justice system, involved in break and enters, which he said he did to get money to support himself. He said he wouldn’t have committed those crimes had he not been so desperate and had a safe home.

He said his troubles started in his teens when his relationship with his father turned volatile. Upset about the fighting, he failed to turn up at his job baking cookies and bread at a local bakery. After losing the job, he said he was kicked out of the house because he could no longer pay the rent.

Truro has emergency shelter, but it’s not just for youth

Truro has a youth centre, which has been closed due to COVID-19, but it’s only open during the day. There is also an overnight emergency shelter open to youth over the age of 16.

Truro, with its population of 12,500 is a hub town, a crossroads where the Trans-Canada Highway joins from three different directions. The town is next door to the Millbrook First Nation, a Mi’kmaw community with many members living off-reserve. 

A 2018 Statistics Canada study found Nova Scotia had the highest rate of human trafficking in the country in 2016.

Joe Pinto, a local developer and businessman, said he’s noticed the growing issue of youth homelessness in Truro.

“There seems to be a lot of kids that the parents are not available to look after them or they’re just on the street, couch-surfing, going from place to place. I feel that there’s a need to house them and give them a bit of guidance,” he said. 

Pinto said he has space available in downtown Truro for a youth shelter if a community group is interested.

Social services and housing are provincial responsibilities. In a joint statement, the Department of Community Services and the Department of Municipal Affairs and Housing described having a place to live as an important piece of the complex problem of human trafficking.

To propose a youth shelter for the town, a community group would first have to submit a proposal, which could include a request for funding, to Nova Scotia’s Department of Municipal Affairs and Housing. So far, no such proposal has come forward.

What the province says it’s doing

The Nova Scotia government earmarked $1.4 million in new funding to combat human trafficking, some of which is trickling down to Truro. In the town, there is one housing support worker and a trustee who can help at-risk youth find secure, stable housing. The province said rent subsidies are available and the Truro Homeless Outreach Society can also connect people to safe and affordable housing.

Truro Mayor Bill Mills said he’s open to the idea of a youth shelter, but it’s going to be a tough sell right now to get funding from the municipality because everyone is being stretched.

“On the surface, if we could pull this off and have a youth shelter and the right people in place… sure, why not,” he said, adding that a letter to council would be the first step.

.  .  .  .  .  .  . .  .  .  .  .  .  .  .  .  .   .   .   .    .    .   .   .   .   .   .  .   .   .   .  .  .   .  .

Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The post #sextrafficking | Advocates say youth shelter in Truro would protect teens from human trafficking | #tinder | #pof | #match | romancescams | #scams appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Why Infastructure Companies Need to Protect Themselves Against Hostile Foreign Powers

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity is the set of practices, processes and systems for protecting Information Technologies (IT), which consists of computers, networks, software and stored information, from digital attack. Cybersecurity has become a preoccupation for the government, private sector, institutions and individuals. Billions are spent annually to defend governmental, corporate, and personal IT from cyber intrusion. Innovative companies have developed new ways of providing security.

A major aspect of cybersecurity is the protection of critical infrastructure. The Department of Homeland Security defines critical infrastructure as “the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.” There are 16 critical infrastructure sectors, including energy, communications, food and agriculture, transportation, water and wastewater, nuclear power and materials, major manufacturing, and defense industries.

All these sectors are dependent on IT, not merely for communications or billing, but for the operation of major physical systems. Most of them employ IT-based supervisory control and data acquisition (SCADA) systems to monitor and operate a wide variety of hardware. For example, the energy sector is critically dependent on SCADA technology to manage the flow of power, direct the operation of production and storage facilities, and monitor the state of energy usage.

The threat to these large, complex systems, essential to not only the way we live but our very lives, is quite severe. The same IT and SCADA systems that allow for the efficient management and operation of critical infrastructure sectors also create enormous vulnerabilities that adversaries will seek out to exploit. The cyber threat to our energy sector, perhaps the most critical of all, has been growing for years. According to a report by the Idaho National Laboratory prepared for the Department of Energy: “Cybersecurity for energy delivery systems has emerged as one of the Nation’s most serious grid modernization and infrastructure protection issues.”

The dominant focus of infrastructure security is on protecting computers and networks from the introduction of malware. When it comes to critical infrastructure, hackers look for ways of entering the networks and then wend their way to the software programs that control operations. Often, the hackers will look for easy entry points, such as electronic billing systems or supply chain communications, from which they can then launch attacks against SCADA systems or other IT-based means of monitoring and directing operations within a sector.

It is becoming harder to protect entire networks from hacking. The explosive growth in the use of IT for personal and business purposes, and the move to a world where the so-called Internet of Things is ubiquitous, has resulted in a massive increase in potential entry points for hackers. Recently, it was discovered that IT-enabled baby monitors could be hacked. Moreover, hackers keep finding new network vulnerabilities and investing in ever-more sophisticated malware.

Protecting critical infrastructure is a never-ending problem. Operating systems must be constantly patched as vulnerabilities are uncovered. Computer systems and networks are routinely needing upgrades as new malware is developed. The expense of that is significant. Some experts have characterized IT security spending as a “black hole.” Any new approach that does not have to be constantly enhanced would significantly reduce future costs of cyber defense.

An alternative approach to establishing a high level of infrastructure security at an affordable cost is by focusing on operational technologies or OT. OT consists of hardware, such as valves, pumps, generators and SCADA-enabled machinery, all of which are critical to the operation of networks that deliver power, water, and oil and gas.

By focusing appropriate critical infrastructure protection on keeping OT secure, utility companies and others in critical infrastructure sectors can simplify their cybersecurity requirements and significantly reduce costs. The key is to focus on protecting IT-directed OT, rather than an entire network. This can be done by placing a device that only allows pre-defined, legitimate signals to be sent to the OT on a network. No non-specified commands could pass through a protective device. Even if a hacker could penetrate an electric utility’s network, no malware intended to cause OT malfunction could penetrate a device or machine.

Such a system, called Binary Armor, already exists. It could revolutionize the protection of OT. Essentially, it places an in-line barrier to cyber intrusion on a network in front of the OT device. The Binary Armor unit monitors all communications to a piece of OT. Only legitimate commands within the defined operating parameters of the OT can pass through. A command that would cause the OT to behave improperly, or self-destructively, could not pass, regardless of how cleverly the malware was written. This system also will prevent accidentally sending the wrong command to the OT, which is what happened in the Chernobyl disaster.

Because the system is “pre-loaded” with the legitimate commands and operating parameters for that OT, it will rarely need to be upgraded, unlike typical cybersecurity systems. Moreover, Binary Armor would allow utilities and other critical infrastructure sectors to use commercial networks, rather than proprietary ones, further reducing cybersecurity costs. Finally, it would radically increase the problem and costs for the hacker, primarily because a Binary Armor unit must be physically accessed to be reprogrammed.

Currently, a Binary Armor unit must be installed on a network. This is not difficult. The current Binary Armor unit is a 3x2x2 inch box with two Ethernet access ports and a power source. It weighs about six pounds. But in the future, the basic technologies could be embedded into OT, simplifying the cybersecurity challenge.

Strong action needs to be taken now by all critical infrastructure sectors, particularly for energy, to enhance their cybersecurity protections. Public utilities would be remiss in not testing Binary Armor to understand its applicability for their networks.

Source link

The post #hacking | Why Infastructure Companies Need to Protect Themselves Against Hostile Foreign Powers appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | DFARS / CMMC for 2020: Culmination of Efforts to Protect National Security Data and Networks – Cybersecurity and Privacy Alert | Bradley Arant Boult Cummings LLP

Source: National Cyber Security – Produced By Gregory Evans

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC (“JD Supra” or “we,”https://www.jdsupra.com/”us,” or “our“) collects, uses and shares personal data collected from visitors to our website (located at www.jdsupra.com) (our “Website“) who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our “Services“). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the “My Account” dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account (“Registration Data“), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users’ movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our “Cookies Guide” page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook’s “Like” or Twitter’s “Tweet” button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network’s privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at privacy@jdsupra.com.

Children’s Information


Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra’s principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another’s rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation (“GDPR”) In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the “Your Rights” section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.

  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at privacy@jdsupra.com or by writing to us at:


Privacy Officer

JD Supra, LLC

10 Liberty Ship Way, Suite 300

Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the “My Account” dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use “automatic decision making” or “profiling” as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the “How We Share Your Data” Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at privacy@jdsupra.com or by writing to us at:


Privacy Officer

JD Supra, LLC

10 Liberty Ship Way, Suite 300

Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to privacy@jdsupra.com. We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the “My Account” dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to privacy@jdsupra.com.

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at: privacy@jdsupra.com.

As with many websites, JD Supra’s website (located at www.jdsupra.com) (our “Website“) and our services (such as our email article digests)(our “Services“) use a standard technology called a “cookie” and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user’s login session and requires a valid username and password to obtain. It is required to access the user’s profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • Session cookies” – These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • Persistent cookies” – These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • Web Beacons/Pixels” – Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot – For more information about HubSpot cookies, please visit legal.hubspot.com/privacy-policy.
  • New Relic – For more information on New Relic cookies, please visit www.newrelic.com/privacy.
  • Google Analytics – For more information on Google Analytics cookies, visit www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the “Like,”https://www.jdsupra.com/”Tweet,” or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It’s also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser’s “Help” function or alternatively, you can visit http://www.aboutcookies.org which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at: privacy@jdsupra.com.

Source link

The post #nationalcybersecuritymonth | DFARS / CMMC for 2020: Culmination of Efforts to Protect National Security Data and Networks – Cybersecurity and Privacy Alert | Bradley Arant Boult Cummings LLP appeared first on National Cyber Security.

View full post on National Cyber Security

How to Secure Your Wi-Fi Router and Protect Your Home Network

Source: National Cyber Security – Produced By Gregory Evans If you’re lucky, the process will be automatic; you might even get alerts on your phone every time a firmware update gets applied, which usually happens overnight. If you’re unlucky, you might have to download new firmware from the manufacturer’s site and point your router towards […] View full post on AmIHackerProof.com

#hacking | Online tools help consumers protect against Magecart

Source: National Cyber Security – Produced By Gregory Evans Trustwave researchers outline free card skimmer detection techniques Online shoppers and merchants can detect whether websites are infected by Magecart with easy to use techniques provided from researchers at Trustwave. In a blog post published yesterday (December 19), security researcher Michael Yuen outlined how to determine […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Fortress Information Security Strives to Help Protect Critical Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

The agencies and businesses that make up the backbone of our critical infrastructure have a larger bullseye on their backs than an average company. When it comes to the electric utility providers that manage the power grid, the exposure to risk is exacerbated by the fact that much of the equipment, software, and services come from a limited set of vendors. Fortress Information Security just launched the Asset to Vendor (A2V) Network to mitigate these risks and improve the security posture of the power grid.

The Federal Energy Regulatory Commission (FERC) recognizes the unique threats posed to the power grid and understands that it’s crucial to address these challenges and protect the critical infrastructure. FERC has issued requirements for standardized risk assessments and mandated that electric utility providers prioritize supply chain vendors based on their relative risk. The problem is that many of the 3,000 or so electric providers are small, regional companies that don’t have the budget or resources to do this effectively on their own.

The A2V Network was launched as a joint venture between Fortress and AEP (American Electric Power) to address this challenge and help all electric utility companies collaborate to comply with the FERC regulations and improve protection of the critical infrastructure more efficiently and effectively. Organizations that join the A2V Network will be able to purchase completed vendor assessments for significantly less than it would cost them to conduct a redundant assessment of their own, and participating companies can also contribute completed assessments to build out the A2V Network library.

Reluctance to Share

I had an opportunity to chat with Alex Santos, CEO of Fortress, about the A2V Network and some of the challenges it addresses. He described the supply chain like streets in a community. Just as each person is responsible of their own home and property, but share the roads and pay taxes to share the burden and ensure the roads are taken care of, each company is responsible for itself, but they share risk exposure from the supply chain and it makes sense to collaborate and share the burden to mitigate the risk and secure the critical infrastructure.

I asked Santos for his thoughts on why businesses in general—not just electric power providers—seem so reluctant to engage in this sort of sharing and collaborative effort. The two main issues, according to Santos are that some information is very proprietary, and some information is not very good. Companies want to maintain the privacy of intellectual property and sensitive information. In some cases, there is a competitive advantage associated and sharing it is just bad for business. In other instances, organizations are reluctant to engage in sharing information because what they receive is not useful. If the information is not properly vetted and curated to ensure it is correct and relevant, it creates more problems than it solves.

Santos explained that the A2V Network strives to address both of those challenges. The A2V Network takes information about supply chain risk assessments and provides a platform to easily share it while anonymizing it and protecting the privacy of proprietary data. Part of what the A2V Network also does is to validate the information and make it actionable.

Gaining Momentum

Santos was especially grateful for having AEP as a partner for the launch of the A2V Network. He noted that even though there are 3,000 electric utility providers, only about 150 of those are large enough to be regulated by the North American Electric Reliability Corporation (NERC)—and that the top 15 largest deliver power for 75% of consumers. That leaves nearly 2,900 companies that must comply with the FERC regulation but lack the resources to do it effectively on their own.

He said that having AEP on board is huge because any new movement or initiative requires a first big company to get the ball rolling. AEP showed leadership in taking that initiative and having a company with the size and prestige of AEP involved creates a snowball effect that will entice other electric utility providers to jump on board.

The more companies get involved, the more momentum the A2V Network will have and the greater value it will provide to every participating organization. That, in turn, will attract more companies. It becomes a self-feeding cycle of momentum that will ultimately lead to a more secure critical infrastructure.

Source link

The post #cybersecurity | #hackerspace |<p> Fortress Information Security Strives to Help Protect Critical Infrastructure <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Do You Know How To Protect Yourself Against Phishing Emails? – University Times

Source: National Cyber Security – Produced By Gregory Evans Close Illustration by Lauren Dahncke Illustration by Lauren Dahncke Illustration by Lauren Dahncke National Cybersecurity Awareness month recently came to an end, but phishing emails never seem to.  According to Cal State LA’s Information Technology Security, phishing emails are sent to the recipient with the purpose […] View full post on AmIHackerProof.com