push

now browsing by tag

 
 

Monsoon floods push millions of children into uncertainty amid COVID-19 – Bangladesh | #covid19 | #kids | #childern | #parenting | #parenting | #kids

Monsoon floods push millions of children into uncertainty amid COVID-19 – Bangladesh | #covid19 | #kids | #childern | Parent Security Online ✕ Parent Security Online […] View full post on National Cyber Security

#hacking | New Years Resolution: Organizations push for proactive approach to security

Source: National Cyber Security – Produced By Gregory Evans

#goals

Looking at the security fails of 2019 is amusing but it ought to set against the progress by many in adopting best practice when drawing up the security ledger for the year.

Security success stories tend to start with establishing an effective security policy coupled with a training program and sound contingency planning, a collective approach often absent from organizations.

But businesses and public sector bodies are moving to improve the way they secure personal information, not least because of the harsh fines imposed by tightened data protection rules such as the EU’s General Data Protection Regulation (GDPR).

Requirements for companies to disclose breaches, whether under GDPR or many of the data breach notification laws found throughout the US, are among the main reasons why organizations are starting to become more open about any data loss that they may experience.

This has equally prompted change in the way a business collects and uses data, and how it keeps their customers informed. Increasingly, user or customer education is part of a company’s data security team remit.

Businesses are now finding, in part, that a perimeter security approach – building ever-higher walls around systems and data – is unsustainable. A strong data protection policy, in short, is better for business.

This approach is known as “data stewardship”.

Why it’s worth investing in data stewardship

“Data stewardship starts with an effective data strategy,” Dr. Sanjana Mehta head of market research strategy for EMEA at (ISC)², the security professional association, told The Daily Swig.

“This means asking fundamental questions such as: what data is an organization collecting? What is the purpose of storing or processing that data? And are the data subjects fully aware of and have they consented to these purposes?”

An organization should be collecting only the data it needs for its business process, and it should be informing the customer, citizen, or employee about why the data is needed, how it will be processed, and for how long it will be kept. The GDPR, for example, sets out – for citizens residing in the EU – a legal ‘right to be forgotten’.

Unless organizations practice good data stewardship, knowing the data that they hold and where that data is, they will not be able to meet the obligations set out under the legislation, or indeed any similar data protection law that is to pass in 2020.

“Organizations continuously tread a fine balance between optimizing data processing to inform strategic decisions which means providing more people access to more data and securing the interests of their data subjects, which means tightening access to data,” Dr. Mehta said.

READ MORE Swig Security Review 2019: Part II

Clean data is good for business

Good data management makes it easier to protect information. The business can target protection measures – including firewalls, encryption, and data loss protection tools – and train staff to reduce accidental data loss. This is hardly news to CISOs.

But minimizing data collection, and being clear about why data is needed, goes further. It is also about trust.

“I have been saying for a couple of years that you can’t have customer experience without permission,” Darren Guarnaccia, chief strategy officer at Crownpeak, a digital experience management company, told The Daily Swig.

“Part of that experience is trust… So much of that has been eroded through events of the last couple of years. Brands have to earn some of that back.”

This is why Guarnaccia advocates an open approach to data policies, as well as on-going training for employees. His views are echoed by Phil Slingsby, head of governance, standards and assurance at converged ICT services supplier GCI.

“As a tech company it’s easy to forget the importance of people,” Slingsby warns. “Privacy, in particular, is a human right, so it’s fundamentally focused on people.

He told The Daily Swig: “To be as effective as possible when it comes to data protection, we’ve had to get better at engaging with our people and integrating data protection into the fabric of how we do business.

“This has meant a shift in priority away from just being certificated to things like [the] ISO 27001 [security standard], and more towards ensuring that we are actually ‘doing the right things’ when it comes to data protection.”

Good shepherds

Clear and relevant data collection policies are vital. Some organizations go further, and actively promote data and privacy protection to their customers, as well.

Mozilla, the organization behind the Firefox browser, promotes a free service for internet users to look up pwned passwords, for instance. The service holds breach data going back to 2007.

And Nest, the Google-owned smart home company, set up a service last year warning users about password breaches, even if they were found to affect rivals’ hardware.

But our favorite is the privacy policy video from European low-cost airline easyJet. In a parody of those in-flight safety videos frequent travellers largely ignore, it sets out why the business collects data, and how it might even lead to lower fares.

YOU MIGHT ALSO LIKE Year in Review: Security needs a reboot in 2020

Source link

The post #hacking | New Years Resolution: Organizations push for proactive approach to security appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Ransomware attacks prompt push for US schools cybersecurity bill

Source: National Cyber Security – Produced By Gregory Evans

We do need an education

With schools across the US increasingly falling prey to ransomware attacks, two US senators are calling for the Department of Homeland Security (DHS) to create a set of guidelines to help schools improve their cybersecurity systems.

Senators Gary Peters, a Democrat representing Michigan, and Rick Scott, a Republican for Florida, have introduced a bill instructing the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to examine schools’ security risks and challenges.

The K-12 Cybersecurity Act of 2019 (PDF) would also require CISA to create a set of cybersecurity recommendations and online tools for schools over the next year.

The tools would be designed to educate officials about the new recommendations and suggest strategies for implementing them.

There’s no detail on what these recommendations and tools might be, and no funding has been allocated.

However, the bill is similar in principle to the State and Local Government Cybersecurity Improvement Act, recently passed by the Senate, which would see the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) providing state and local officials with access to security tools and procedures and carrying out joint cybersecurity exercises.

“Schools across the country are entrusted with safeguarding the personal data of their students and faculty, but lack many of [the] resources and information needed to adequately defend themselves against sophisticated cyber-attacks,” said Peters.

“This common-sense, bipartisan legislation will help to ensure that schools in Michigan and across the country can protect themselves from hackers looking to take advantage of our nation’s cybersecurity vulnerabilities.”

Off syllabus

Over the last few years, there has been an increasing number of ransomware attacks on US public sector organisations, including schools.

Data from cloud security firm Armor shows that 72 school districts or individual educational institutions have publicly reported being a victim of ransomware this year, with 1,039 schools impacted.

Connecticut saw seven school districts hit, while Louisiana went so far as to declare a state of emergency after schools across the north of the state were hit by malware in July. The Rockville Centre, New York, school district, paid out nearly $100,000 after being hit by the Ryuk ransomware in August.

Indeed, according to research from Malwarebytes, education was the top target for trojan malware during the 2018-2019 school year, and the most-detected threat category for all businesses in 2018 and early 2019. Adware, trojans, and backdoors were the three most common threats, with ransomware attacks soaring by 365% in the year to Q2 2019.

Schools are particularly easy targets, as they tend to be short on funding and often have outdated systems.

Adam Kujawa, a director of Malwarebytes Labs, told The Daily Swig: “Education organizations face several issues in reference to securing networks that many private businesses don’t deal with.

“For example, the increased opportunity for infection due to endpoints being spread across a campus, being accessed by both student and staff, many of which can affect the security of that endpoint and possibly the entire network with careless use – opening malware – or intentional malice.

“Overall, this kind of environment shouldn’t be treated as any other organization, so I am glad they are doing a study first to identify the unique problems educational networks deal with. We will have to wait and see if the results of this study – the tools developed and made available – will be effective or even deployed across the board.”

RELATED Ryuk ransomware implicated in City of New Orleans shutdown

Source link

The post #school | #ransomware | Ransomware attacks prompt push for US schools cybersecurity bill appeared first on National Cyber Security.

View full post on National Cyber Security

Florida push to become #bigger player in #cybersecurity comes amid #tough #competition

Source: National Cyber Security – Produced By Gregory Evans

Florida push to become #bigger player in #cybersecurity comes amid #tough #competition

Florida probably isn’t the first place that comes to mind in terms of a strong cybersecurity industry. In fact, it has a somewhat insecure reputation — the Sunshine State had the second highest rate for identity theft complaints in 2016, according to the Federal Trade Commission.

But local stakeholders are looking to change that, and Florida is making slow but incremental progress on a few fronts.

“The mission that was given to us is make Florida the leading state in cybersecurity,” said Sri Sridharan, executive director of the Florida Center for Cybersecurity.

The University of South Florida-affiliated center, which is hosting its annual cybersecurity conference Friday, was established by the Florida legislature in 2014 to “position Florida as a national leader in cybersecurity.”

That title comes amid stiff competition. The Northeast and California have deeply established communities for cybersecurity, anchored around schools — such as Johns Hopkins University or Carnegie Mellon University — or natural hubs — government agencies in Washington, D.C., and tech giants in Silicon Valley.

What the state lacks currently, said Sridharan, is a talent pool of mid-career professionals who already have strong training.

But Florida isn’t completely out of this game. Firms such as Tampa-based ReliaQuest have set up shop in the state. IBM, which has a focus on cybersecurity, has an established presence in the state with an office in Tampa. And KnowBe4, a Clearwater-based cybersecurity training firm, announced this week that it received a $30 million investment from Goldman Sachs Growth Equity.

What Florida may have to offer is its large student population and amenable business climate.

Education is the cornerstone of local stakeholders’ efforts to put Florida on the digital security map.

Florida currently has 13 schools that the National Security Agency has designated as centers of academic excellence in cybersecurity education or research. Around 40 cybersecurity-related programs for graduate and undergraduate studies have been implemented in Florida state colleges.

“Students learn cybersecurity very easily,” Sridharan said.

His approach at the Florida Center for Cybersecurity is to get schools and students on board with cyber, and shape the curriculum around what the industry currently wants.

“Will you hire them?” That’s the question Sridharan asked of 18 security employers when USF was shaping its curriculum.

Training the workforce early — as early as kindergarten and grade school — is also a priority.

While the center hosts boot camps for high school students, digital security company ReliaQuest recently set up shop in JA Biztown, a Junior Achievement play city where students take charge for a day to learn economic concepts.

ReliaQuest’s storefront mimics the company’s real office. Their youth “employees” help other businesses in the town identify and fix security issues on their equipment.

“They’re using devices more than we are,” ReliaQuest CEO Brian Murphy said. If kids can build good digital security habits now, he said, when they are older, “they can operate devices with a professional skepticism.”

Beyond education, entrepreneurs such as Adam Sheffield, a former intelligence collector for the Army, are looking to supplement the academic approach here by creating a cybersecurity hub.

Sheffield is working on hosting “boot camp-style” training programs, meet-ups and events in Ybor City, calling the concept “Cybor.”

One area for improvement is Florida’s privacy climate. Industry professionals often consider security and privacy to go hand in hand, and state laws often shape how companies approach issues such as securing personal information and disclosing to consumers when their data has been leaked.

“A lot of it has to do with the attorney generals involved,” said Bob Siegel, president of Delray Beach-based Privacy Ref.

Siegel is a member of the International Association of Privacy Professionals and part of their training faculty.

One of the reasons California has become a privacy and security hub, Siegel said, is because of its attorney general’s strong stance toward digital privacy.

California is considered to have some of the most consumer-friendly privacy laws. It requires companies that operate in the state to post a particular notice about how they respond to consumers’ Internet browser’s requests to not be tracked with digital cookies. It also allows children under 18 years old to have their personal information deleted from social media networks.

But Florida, he said, is slightly less progressive in this area. For example, the state data breach law considers an information leak to be a “data breach” if the information was electronic. That doesn’t account for information on paper, such as paper forms filled out.

The post Florida push to become #bigger player in #cybersecurity comes amid #tough #competition appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Officials push cybersecurity education amid rise in malicious attacks

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans SALT LAKE CITY — Digital security breaches that impact megacompanies like Equifax, Sony or Yahoo tend to dominate headlines when they occur, but it’s far more common for small businesses to fall victim to cybercriminals and, when they do, the results are typically far more catastrophic. […] View full post on AmIHackerProof.com | Can You Be Hacked?

Google will push users to abandon SMS two-step verification to avoid security risks

Source: National Cyber Security – Produced By Gregory Evans

Google Inc. is pushing users to switch from messaging-based two-step login verification to a phone-based service instead as a way to bypass the security risks of Simple Messaging Service authentication services. Beginning this week, Google will invite users of its existing so-called SMS 2-SV service to use a different login…

The post Google will push users to abandon SMS two-step verification to avoid security risks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Experts, Microsoft push for global NGO to expose hackers

Source: National Cyber Security – Produced By Gregory Evans

Experts, Microsoft push for global NGO to expose hackers

As cyberattacks sow ever greater chaos worldwide, IT titan Microsoft and independent experts are pushing for a new global NGO tasked with the tricky job of unmasking the hackers behind them. Dubbed the “Global Cyber Attribution Consortium”, according to a recent report by the Rand Corporation think-tank, the NGO would…

The post Experts, Microsoft push for global NGO to expose hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

STATE CIOS PUSH FOR FEDERAL PARTNERSHIP ON CYBERSECURITY

Source: National Cyber Security – Produced By Gregory Evans

STATE CIOS PUSH FOR FEDERAL PARTNERSHIP ON CYBERSECURITY

Members of the National Association of State Chief Information Officers (NASCIO) are asking the federal government to strengthen its partnership with state-level technology officials when it comes to critical issues like cybersecurity. The advocacy session was part of NASCIO’s midyear conference currently underway in Washington D.C.

NASCIO members met with federal officials from the U.S. Department of Homeland Security (DHS), Internal Revenue Service (IRS), Social Security Administration (SSA), FirstNet, and various strategic partners to emphasize the need for strong intergovernmental partnerships between the federal government and state governments. State CIOs heard from DHS Director of Federal Network Resilience Mark Kneidinger about federal resources available to states to combat cybersecurity threats. State CIOs also discussed cybersecurity and federal priorities with several association partners including the National Governors Association (NGA), National Conference of State Legislatures (NCSL), National Association of Secretaries of State (NASS), and the National Association of Medicaid Directors (NAMD).

Additionally, as part of NASCIO’s advocacy effort to harmonize federal IT security regulations, representatives from the IRS and SSA joined NASCIO members to discuss ways to introduce efficiencies into the compliance process.

State governments administer federal programs to state citizens and as such must comply with federal information security regulations like those contained in “IRS Publication 1075” and SSA’s “Electronic Information Exchange Security Requirements and Procedures for State and Local Agencies Exchanging Electronic Information with the SSA.” State CIOs are responsible for meeting the IT security needs of state agencies that deliver government services and have asked representatives from both the SSA and IRS to work together on normalizing the security audit process.

“State CIOs recognize the importance of securing citizen data. We appreciate the intent behind federal information security regulations that aim to protect citizen information,” said NASCIO President and Connecticut CIO, Mark Raymond. “We look forward to ongoing and productive engagement with our federal partners.”

Source:

The post STATE CIOS PUSH FOR FEDERAL PARTNERSHIP ON CYBERSECURITY appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Buffalo Teachers Push for Carl Paladino’s Removal From City’s School Board – District Dossier – Education Week

Buffalo school board member Carl Paladino has been under fire since late December for derogatory comments he made about President Obama and first lady Michelle Obama. He has refused to resign despite mounting pressure for his ouster.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post Buffalo Teachers Push for Carl Paladino’s Removal From City’s School Board – District Dossier – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

After Chattanooga School Bus Crash, Officials Renew Push for Seat Belts – Rules for Engagement – Education Week

A deadly school bus crash in Chattanooga, Tenn., has rekindled a debate on seat belt mandates. Just six states have school bus seat belt requirements. Authorities have not yet concluded whether seat belts would have prevented injuries in the incident.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post After Chattanooga School Bus Crash, Officials Renew Push for Seat Belts – Rules for Engagement – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online