now browsing by tag
Love it or hate it, there’s no denying the unstoppable force of Black Friday. What started off as a tradition across the pond has now become the highlight of every British bargain-hunter’s calendar.
Whether you’re brave enough to flock to Oxford Street or prefer to shop online from the comfort of your own bed, there are serious savings to be had. Laptops, games consoles and clothes are all sold at a fraction of the price – perfect if you want to do some early Christmas shopping.
Because this event only comes around once a year, you need to be as prepared as possible – ideally, knowing exactly what you’re looking to buy. To help you prepare for your guilt-free shopping spree, therefore, we have created a guide of everything you need to know about Black Friday – including the start date, how to find the best deals, how to be safe when shopping online, and predictions of this year’s big-sellers.
What is Black Friday?
Black Friday is a tradition that originates from America, where retailers cut prices on a huge range of items the day after Thanksgiving. However, in recent years Britain has also jumped on the bandwagon.
As such, you can expect major UK retailers to cut prices on a large selection of items – including big-budget electrical items, beauty gift sets, kitchen equipment and clothes.
The post #cyberfraud | #cybercriminals | What date do the sales start and how to find the best offers? appeared first on National Cyber Security.
View full post on National Cyber Security
Oct. 2, 2019 – October is National Cybersecurity Awareness Month, so it’s a good time for law firms to revisit their cybersecurity practices to determine if they have the necessary defenses in place. But legal technology experts say law firms are behind.
Attorneys Dennis Kennedy and Tom Mighell recently discussed law firm cybersecurity on their podcast, the Kennedy-Mighell Report. Despite constant news about data breaches and law firms as targets, many solo and small firms still don’t do enough.
Mighell said he has spoken to many lawyers who don’t upgrade their systems and keep running programs that are unsupported, such as the Microsoft Windows 7 operating system. But unsupported programs are unlocked doors for lurking data thieves.
“Part of the problem is there continues to be brand new ways that bad people can get to us, and keeping up with it all is overwhelming,” said Mighell, chair of the American Bar Association’s Law Practice Management Section.
Christopher Shattuck, who manages the State Bar of Wisconsin’s Law Practice Assistance Program (Practice 411), says cybersecurity is a practice management issue that Wisconsin lawyers must address since ethics rules (SCR 20:1.1, Comment 8) require lawyers to “keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.”
“Many calls that come through the Practice 411 program are related to cybersecurity and what firms should be doing,” Shattuck said. “The solutions will vary by practice, but we can help lawyers and law firms develop plans that are most appropriate for them.”
Keep the Doors Locked
Implementing security protocols doesn’t have to be overwhelming. Consider simple steps like upgrading outdated programs or devices, using strong passwords, and embracing two-factor authentication, which would have prevented the following breach:
org jforward wisbar Joe Forward, Saint Louis Univ. School of Law 2010, is a legal writer for the State Bar of Wisconsin, Madison. He can be reached by org jforward wisbar email or by phone at (608) 250-6161.
A small firm is using Office 365, a cloud-based subscription service that provides a suite of applications for individuals and businesses, such as Word, Excel and Outlook. There are built-in security systems that can help law firms stay secure, but what happens?
Hackers are able to access a user’s Office 365 account because the user’s password is very weak. Then the hackers send emails, impersonating the user (the payroll manager), and gets two payroll checks diverted to a different bank. That money is gone.
“There were two opportunities to stop that hacker dead in its tracks,” Mighell said. “The first would be to set a strong password that would be much more difficult to break.”
According to one cybersecurity expert, an eight-character password can take minutes to crack, whereas a 20-character passwords can take months. Secure password managers can help law firms and lawyers maintain longer, unique passwords.
“Even if the password could have been broken, two-factor authentication would have stopped it. If it’s done right, it’s 99 percent effective,” Mighell said.
With two-factor identification, a user who logs into an online program could choose to receive a text with a numeric code that is required for login. Applications like Authy provides a two-factor identification solution to protect online accounts.
Don’t Use Outdated Software
One of the biggest cybersecurity problems is running outdated systems. When operating systems and programs reach “end-of-life,” they are no longer supported by developers. That includes an end to security updates and patches.
A 2016 lawsuit against a Chicago-based law firm illustrates the potential harm that can occur if law firms use outdated programs. A client sued the firm for running outdated programs that allowed attorneys to remotely access the firm’s network via the internet, including time entry software, a virtual network system, and the firm’s email system.
For instance, attorneys could access a time-tracking program with a user name and password. But the client-plaintiff alleged the law firm “improperly configured the service and left it running out of date software” that was more than a decade old.
The client-plaintiff also alleged the firm’s virtual private network (VPN), which allowed attorneys to access the firm’s files and documents off-site, was not implemented properly and left the whole network open to “Man in the Middle” attacks.
Such attacks allow hackers to eavesdrop on communications and steal confidential information, especially when the faulty VPN, supporting insecure renegotiation, is accessed on public connections at conference centers, cafes, or other public networks.
The client’s lawsuit, which ultimately entered arbitration under the firm’s engagement letter, alleged breach of contract and fiduciary duty, and negligent legal malpractice.
Law firms don’t have to go it alone. Solo and smaller firms that don’t have in-house technical expertise can outsource IT services to Managed Service Providers (MSPs). Given the ethical duty to protect client data, this may be a necessary expense.
According to an article by the Florida Justice Technology Center, using MSPs “is an incredibly effective method of preventing cybersecurity breaches as the IT systems are managed by a third-party who are experts in securing systems. The MSP is contractually obliged to patch the operating systems, patch the applications, and update the firmware and microcode on the associated hardware,” the article states.
Cybersecurity experts Sharon Nelson and John Simek of Sensei Enterprises recently addressed common cybersecurity questions in the June 2019 Wisconsin Lawyer. The article highlights simple things law firms can do to shore up their law firm security.
Do a Security Assessment. “The assessment is usually done using software tools and involves a thorough review of your network. The result is generally a report identifying critical, medium-level, and low-level vulnerabilities. A security assessment tends to come with a proposal for (at least) remediating the critical vulnerabilities along with the estimated cost. We believe it is wise to do these assessments, using a certified third-party cybersecurity company, annually.”
Train Employees. “There is no getting around the absolute need for annual employee cybersecurity training. It is generally somewhat inexpensive and covers the basics of current threats and how to avoid such things as clicking on suspicious links and attachments, going to sketchy websites, giving information over the phone (duped by social engineering), and many other easy-to-make mistakes. A solid hour of good training each year is a small price to pay for educating your employees and creating a culture of cybersecurity.”
Use Password Managers. “Beyond a doubt, the most important security tip is do notreuse passwords! The bad guys are now using computer bots to force attacks using passwords revealed from past data breaches. If you continue to reuse passwords, there is a high probability that the password will be used against other systems. This is another great reason to use password managers; doing so makes it easier to have unique passwords for every system.”
Move Law Firm Data to the Cloud. “Virtually all cybersecurity experts now agree that the cloud will protect your data better than you will. Is the cloud absolutely secure? Of course not. But do law firms, especially solo practices and small firms, tend to be woefully insecure? Yes, they do.”
Try to Keep Up with Technology. Resources such as Attorney at Work, Bob Ambrogi’s LawSites blog, and of course, Wisconsin Lawyer, help attorneys stay on top of new developments in the areas of technology and cybersecurity. “Don’t forget continuing legal education – and ask your colleagues for recommendations regarding speakers who both inform and entertain,” Nelson and Simek wrote.” The 2019 Wisconsin Solo and Small Firm Conference has an entire tracks of CLE programming dedicated to technology and practice management, including cybersecurity.
Don’t Click on Suspicious Links in Emails. A common cybersecurity threat involves “phishing,” where third parties will impersonate someone in your network with genuine-looking emails that contain links to unleash malware or other viruses. Examine emails carefully before clicking on links or call the purported sender to confirm.
You Might Also Be Interested In …
The post #nationalcybersecuritymonth | Law Firm Cyber Security: Start Simple: appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security News
The campaign, sponsored by an insurance company, intends to demonstrate how often hacking attempts are made on a typical small business site.
A variety of recent campaigns have employed digital billboards to show imagery in response to data from weather, traffic conditions, social posts from passersby and commute times.
Today, a new week-long campaign launches in the UK: Dozens of digital displays will demonstrate the frequency of hacking attempts on a typical small business’s website.
Called the Honeypot Poster by campaign sponsor Hiscox insurance, the displays show dots that demonstrate live hacking attempts on custom, “honeypot” proxy servers of the sort that might host a typical small business website, except there was no virus or firewall protection. The servers hold some data but no personal or sensitive info.
The displays show changing dots inside the words “Cyber Attack,” with each dot representing a hacking attempt and a numerical counter showing the daily attacks thus far. During the trial period for the campaign, the hacking attempts averaged 23,000 daily, sometimes peaking as high as 60,000, from Russia, Vietnam, the UK and elsewhere around the world.
The point, Hiscox Head of Marketing and Partnerships Olivia Hendrick said in a statement, is to make “small businesses more aware of the very real threat that cybercrime poses and challenging the belief that cyber criminals only target larger organisations.
View full post on National Cyber Security Ventures
The worldwide “ransomware” cyberattack spread to thousands of more computers on Monday as people logged in at work, disrupting business, schools, hospitals and daily life, though no new large-scale breakdowns were reported. In Britain, whose health service was among the first high-profile targets of the attack Friday, some hospitals and doctors’ offices were still struggling to recover. The full extent …
The post Monday morning blues as ‘WannaCry’ hits at workweek’s start appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Have you been single for a long time? Do you want to get back into the exciting world of finally finding that special someone? Here are our tips! Sometimes, if you go for long enough without dating, beginning the process again can seem overwhelming. Read More….
The post How to Start Dating Again: 9 Steps to Get Back in the Game appeared first on Dating Scams 101.
View full post on Dating Scams 101
Met someone new, and need advice for when things get sexy? Here are 30 sexting examples to get a head start on texting dirty, and steaming it up. Sexting is an art form, capable of bringing two interested individuals together for the first time, or keeping an established couple passionate about each other. Read More….
The post 30 Hot, Sexting Examples to Start a Naughty Text Marathon appeared first on Dating Scams 101.
View full post on Dating Scams 101
In a Pastebin post entitled “ECA vs. Assad | Part 1,” Zer0Pwn published sample data, along with a SendSpace link to the full databases.
The sample data includes full names, user names, encrypted passwords, e-mail addresses and phone numbers.
The file on SendSpace includes more than 60,000 full names, user names, phone numbers and home addresses, along with encrypted passwords for Jobs.sy and clear text passwords for RealEstate.sy.
Cyber War News notes that other recent targets of the European Cyber Army have included syrianmonster.com, syria-courts.com, sana.sy, moj.gov.sy, and banquecentrale.gov.sy.
Syria needs to work hardest on their websites security when they are already warned.
View full post on Am I Hacker Proof
The gang, who have dubbed themselves ‘CYBER JIHADIS’ sent a ransom demand after successfully hacking the entire customer data base of the to the communications giant.
The phone and broadband provider said credit card, bank details other personal information were stolen.
TalkTalk said it was “too early to say” how many of its four million UK customers had been affected by the attack.
But today it emerged that already attempts – strangely low-level attempts – had been made to raid customers’ cash.
Discussing the identity of the hackers Adrian Culley, a former detective in the Metropolitan Police’s cyber crime unit, told the BBC Radio 4’s Today Programme:
The post Talk Talk hackers start raids on customers’ bank accounts appeared first on Parent Security Online.
View full post on Parent Security Online
The Heartbleed bug crushed everyone’s faith in the secure web, but a world without the encryption software that Heartbleed exploited would be even worse. In fact, it’s time for the web to take a good hard look at a new idea: encryption everywhere.
Most major websites use either the SSL or TLS protocol to protect your password or credit card information as it travels between your browser and their servers. Whenever you see that a site is using HTTPS, as opposed to HTTP, you know that SSL/TLS is being used. But only a few sites — like Facebook and Gmail — actually use HTTPS to protect all of their traffic as opposed to just passwords and payment details.
Many security experts — including Google’s in-house search guru, Matt Cutts — think it’s time to bring this style of encryption to the entire web. That means secure connections to everything from your bank site to Wired.com to the online menu at your local pizza parlor.
Cutts runs Google’s web spam team. He helps the company tweak its search engine algorithms to prioritize certain sites over others. For example, the search engine prioritizes sites that load quickly, and penalizes sites that copy — or “scrape” — text from others.
If Cutts had his way, Google would prioritize sites that use HTTPS over those that don’t, he told blogger Barry Schwartz at a conference earlier this year. The change, if it were ever implemented, would likely spur an HTTPS stampede as web sites competed for better search rankings.
A Google spokesperson would only tell us that the company has nothing to announce at this time. So this change won’t happen overnight.
The Dispute Against Total SSL
But if HTTPS is so great, then why don’t all websites use it already? There are several disadvantages to using HTTPS everywhere, the World Wide Web Consortium’s HTTPS expert Yves Lafon told us in 2011.
The first is the increased cost. You have to purchase TLS certificates from one of several certificate authorities, which can cost anything from $10 dollars per year to about $1,000 dollars a year, depending on the type of certificate you purchase and the level of identity verification it provides. Another issue is that HTTPS increases server resource consumption and can slow sites down. But Marlinspike and Butler say the costs and resource overhead are actually greatly overestimated.
An issue for smaller sites is that it’s historically been hard to set up unique certificates on sites that use cheap shared hosting. Also, sites that used content delivery networks — or CDNs — to speed up their responsiveness also frequently faced challenges when implementing SSL. Both of these issues have been largely resolved today, though the costs, performance and complexity varies from host to host.
But even if the entire web isn’t ready to switch completely to HTTPS, there are plenty of reasons that more sites should start using HTTPS by default — especially sites that provide public information and software. And given how far we’ve already come since the days of FireSheep, we can expect HTTPS to continue to continue to spread, even if Google doesn’t start prioritizing sites that use it.
The post Before MORE Website’s Heart start bleeding it’s Better to Encrypt the entire Internet appeared first on Am I Hacker Proof.
View full post on Am I Hacker Proof