ways

now browsing by tag

 
 

#cyberfraud | #cybercriminals | Business Mail Compromise: 5 ways to detect this scam and what can be done to prevent it

Source: National Cyber Security – Produced By Gregory Evans Advertisement Millions of dollars and lots of personal information are being stolen by a growing threat known as the Business Email Compromise (BEC). Business Mail Compromise: 5 ways to detect this scam and what can be done to prevent itMillions of dollars and lots of personal […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | 7 Ways Industry is Supporting National Cybersecurity Awareness Month

Source: National Cyber Security – Produced By Gregory Evans

We are headed into the final stretch of the 16th annual National Cybersecurity Awareness Month (NCSAM). The annual initiative is co-led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA).

As the name suggests, it’s aimed at raising awareness around cybersecurity. Those that work in the space know we’ve all become more reliant on networks and cybercrime has proliferated – and the initiative is a way to spread the word about things everyone can collectively do to improve security. But spreading the word is a big challenge, so NCSAM is designed to be a public-private partnership.

Or, in the words of the official kickoff announcement:

“…a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the nation against cyber threats.”

That got us thinking: what are some of the ways the private sector is supporting NCSAM this year? Below are a few ways we found the industry is helping to build awareness.

1) Champions of NCSAM.

A “champion” is a simple and voluntary pledge an organization can make on the official website for NCSAM – StaySafeOnline.org. The pledge asks applicants how they will participate and how many people the applying organization thinks it will reach. Afterward, the NCSA asks participants to, “please collect and report to us any metrics you collect as a result of your NCSAM initiatives.”

Here is the list of the growing ranks of companies, nonprofits, schools and other organizations that have publicly signed onto the program.

2) Full-day workshops for employees.

Tech analyst Cynthia Brumfield cites a CISA representative for her story in CSO Online describing activities by “an unnamed science and research company in Bethesda.” The CISO at that organization held an all-day workshop complete with “expert speakers to educate employees on what they need to do to protect the information and data the company is building through its research efforts.”

It’s a pretty big deal for any organization to pause work for a full-day and encourage employees to attend training like this, but they weren’t alone, according to Ms. Brumfield’s reporting:

“Another big corporation, a retail giant that CISA requested remain anonymous, is holding a host of internal activities for their employees throughout the month, training and educating workers at every level, starting at headquarters all the way down to individual stores.”

3) Customer tips for safely banking online.

First Bank & Trust Company, a regional financial services company in Virginia published a list of security tips consumers should follow in online banking. The list includes current best practices such as monitoring your accounts, being wary of emails from people you don’t know, and enabling two-factor authentication (2FA), among many others.

Notably, it also highlights a recurring issue in financial scams driven by events such as disasters:

“Con artists take advantage of people after catastrophic events by claiming to be from legitimate charitable organizations when, in fact, they are attempting to steal money or valuable personal information.”

4) Hollywood-style, micro-learning videos.

Corporate training isn’t always fun, engaging or memorable, and therefore it’s not effective. That’s the thesis behind NINJIO, which makes “Hollywood-style, micro-learning videos.” These are basically short videos with important learning points about cybersecurity. However, the company goes one step further – the lessons in the video are “ripped from the headlines” meaning the videos are modeled after real security events.

In support of NCSAM this year, the company offered “organizations, employees, and families free access to a selection of their award-winning library of animated video content until the end of October 2019.”

The videos focus on three areas including:

  • email compromise and wire fraud;
  • social media engineering; and
  • spear phishing.

For example, one of the videos being offered is described as follows:

“Business Email Compromise and Real Estate Wire Fraud

NINJIO Season 2, Episode 2: ‘Homeless Homebuyer’ was inspired by the many wire fraud incidents that happen every day. In this episode, NINJIO educates learners about using verbal authorizations on any transfer of funds.”

If you are wondering, the company does have some real professional entertainment cache as the videos are “developed and co-produced by Hollywood writer and producer Bill Haynes, best known for CSI: NY and Hawaii Five-O.”

NINJIO has had about 50 companies, ranging from small and mid-sized businesses to mid-market enterprises, signed up in response to the company’s contribution to NCSAM this month, said Matt G. Lindley the CISO for NINJIO, in an email exchange with Bricata.

5) Networking and panel event.

Women in Security and Privacy (WISP) teamed up with Dropbox to organize a local San Francisco networking and panel event:

“We will be featuring three amazing lightning round speakers who will cover this year’s themes of ‘Own IT. Secure IT. Protect IT.’ Attendees will be introduced to the latest tech advances used to ramp up security for their personal lives and learn tips to bring to the office.”

This struck us as a very simple and effective way to support NCSAM and it can be easily replicated. As this post is being published, there’s still time to register and attend the event if you live or work in the Golden Gate City.

6) Free online training for non-technical personnel.

Several training-oriented organizations are offering free training and resources for the month. For example, KnowBe4 has an NSCAM resource kit and Global Knowledge has compiled videos, articles, white papers and primers into a cybersecurity awareness resource page.

Separately, Inspired eLearning has put together an impressive weekly curriculum with a variety of free resources – posters, webinars, videos and more. Here’s the outline they are offering:

  • Week 1: Email Phishing
  • Week 2: Alternative Phishing Methods: Vishing, SMiShing, & USB Baiting
  • Week 3: Physical Social Engineering
  • Week 4: Prevention, Protection and Training Best Practices

7) Free online training for your security pros.

The Infosec Institute provides a variety of online training courses aimed at security and IT professionals. Typically, the Institute offers a 7-day free trial, but have extended that to 30-days in support of NCSAM. Access is unlimited and includes more than 400 on-demand courses the organization offers and 50 skill and certification learning paths such as the CISSP and CCSP.

Finishing Strong and Planning for Next Year

As of today, there’s a little more than a week left for NCSAM, which offers some time to get on board with the initiative for this year – if you haven’t already. Likewise, we hope this list will give you a creative jumpstart on planning for it next year.

As Forrester Principal Analyst Jinan Budge wrote in a post titled, What CISOs Need To Do To Maximize Cybersecurity Awareness Month, “Plan for it as you would for any other security project…stay on top of planning and start organizing your Cybersecurity Awareness Month campaigns well in advance.”

If you enjoyed this post, you might also like:
6 Tips for Building an Effective SOC

*** This is a Security Bloggers Network syndicated blog from Bricata authored by Bricata. Read the original post at: https://bricata.com/blog/cybersecurity-awareness-month-industry/

Source link

The post #nationalcybersecuritymonth | 7 Ways Industry is Supporting National Cybersecurity Awareness Month appeared first on National Cyber Security.

View full post on National Cyber Security

6 ways to #improve your #cybersecurity #practices

Source: National Cyber Security News

Whether your company is a mid-sized family-owned enterprise or a Fortune 500 entity, likely most of your board directors don’t have backgrounds in cybersecurity.

Most top corporate leaders, including many CIOs, don’t either.

Given that reality, how can a company proactively mitigate cybersecurity risks?

I recently sat down with David Ross, a principal with Baker Tilly specializing in cybersecurity, to talk about some of the steps and strategies companies can employ. Here are some of the thoughts he shared.

1) Educate your board
Boards need to understand the potential risks and how to establish proactive policies that will provide guidance and structure should a breach happen. Cyberattacks are a very real risk, and every board member must understand his or her fiduciary duty to provide oversight regarding risks.

Even if a board has a cybersecurity expert as a director, engaging with an outside consultant can be advantageous. The world of cybersecurity is changing all the time, making multiple perspectives vitally important to understanding and anticipating new threats.

2) Assess company needs and structure
The board, along with the CEO, chief risk officer, general counsel or chief information officer, should decide how to address and staff cybersecurity inside the company.

Read More….

advertisement:

View full post on National Cyber Security Ventures

6 ways #hackers will use #machine #learning to #launch #attacks

Machine learning algorithms will improve security solutions, helping human analysts triage threats and close vulnerabilities quicker. But they are also going to help threat actors launch bigger, more complex attacks.

Defined as the “ability for (computers) to learn without being explicitly programmed,” machine learning is huge news for the information security industry. It’s a technology that potentially can help security analysts with everything from malware and log analysis to possibly identifying and closing vulnerabilities earlier. Perhaps too, it could improve endpoint security, automate repetitive tasks, and even reduce the likelihood of attacks resulting in data exfiltration.

Naturally, this has led to the belief that these intelligent security solutions will spot – and stop – the next WannaCry attack much faster than traditional, legacy tools. “It’s still a nascent field, but it is clearly the way to go in the future. Artificial intelligence and machine learning will dramatically change how security is done,” said Jack Gold, president and principal analyst at J.Gold Associates, when speaking recently to CSO Online.

“With the fast-moving explosion of data and apps, there is really no other way to do security than through the use of automated systems built on AI to analyze the network traffic and user interactions.”

The problem is, hackers know this and are expected to build their own AI and machine learning tools to launch attacks.

How are cyber-criminals using machine learning?
Criminals – increasing organized and offering wide-ranging services on the dark web – are ultimately innovating faster than security defenses can keep up. This is concerning given the untapped potential of technologies like machine and deep learning.

“We must recognize that although technologies such as machine learning, deep learning, and AI will be cornerstones of tomorrow’s cyber defenses, our adversaries are working just as furiously to implement and innovate around them,” said Steve Grobman, chief technology officer at McAfee, in recent comments to the media. “As is so often the case in cybersecurity, human intelligence amplified by technology will be the winning factor in the arms race between attackers and defenders.”

This has naturally led to fears that this is AI vs AI, Terminator style. Nick Savvides, CTO at Symantec, says this is “the first year where we will see AI versus AI in a cybersecurity context,” with attackers more able to effectively explore compromised networks, and this clearly puts the onus on security vendors to build more automated and intelligent solutions.

“Autonomous response is the future of cybersecurity,” stressed Darktrace’s director of technology Dave Palmer in conversation with this writer late last year. “Algorithms that can take intelligent and targeted remedial action, slowing down or even stopping in-progress attacks, while still allowing normal business activity to continue as usual.”

Machine learning-based attacks in the wild may remain largely unheard of at this time, but some techniques are already being leveraged by criminal groups.

1. Increasingly evasive malware
Malware creation is largely a manual process for cyber criminals. They write scripts to make up computer viruses and trojans, and leverage rootkits, password scrapers and other tools to aid distribution and execution.

But what if they could speed up this process? Is there a way machine learning could be help create malware?

The first known example of using machine learning for malware creation was presented in 2017 in a paper entitled “Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN.” In the report, the authors revealed how they built a generative adversarial network (GAN) based algorithm to generate adversarial malware samples that, critically, were able to bypass machine-learning-based detection systems.

In another example, at the 2017 DEFCON conference, security company Endgame revealed how it created customized malware using Elon Musk’s OpenAI framework to create malware that security engines were unable to detect. Endgame’s research was based on taking binaries that appeared to be malicious, and by changing a few parts, that code would appear benign and trustworthy to the antivirus engines.

Other researchers, meanwhile, have predicted machine learning could ultimately be used to “modify code on the fly based on how and what has been detected in the lab,” an extension on polymorphic malware.

2. Smart botnets for scalable attacks
Fortinet believes that 2018 will be the year of self-learning ‘hivenets’ and ‘swarmbots’, in essence marking the belief that ‘intelligent’ IoT devices can be commanded to attack vulnerable systems at scale. “They will be capable of talking to each other and taking action based off of local intelligence that is shared,” said Derek Manky, global security strategist, Fortinet. “In addition, zombies will become smart, acting on commands without the botnet herder instructing them to do so. As a result, hivenets will be able to grow exponentially as swarms, widening their ability to simultaneously attack multiple victims and significantly impede mitigation and response.”

Interestingly, Manky says these attacks are not yet using swarm technology, which could enable these hivenets to self-learn from their past behavior. A subfield of AI, swarm technology is defined as the “collective behavior of decentralized, self-organized systems, natural or artificial” and is today already used in drones and fledgling robotics devices. (Editor’s note: Though futuristic fiction, some can draw conclusions from the criminal possibilities of swarm technology from Black Mirror’s Hated in The Nation, where thousands of automated bees are compromised for surveillance and physical attacks.)

3. Advanced spear phishing emails get smarter
One of the more obvious applications of adversarial machine learning is using algorithms like text-to-speech, speech recognition, and natural language processing (NLP) for smarter social engineering. After all, through recurring neural networks, you can already teach such software writing styles, so in theory phishing emails could become more sophisticated and believable.

In particular, machine learning could facilitate advanced spear phishing emails to be targeted at high-profile figures, while automating the process as a whole. Systems could be trained on genuine emails and learn to make something that looks and read convincing.

In McAfee Labs’ predictions for 2017, the firm said that criminals would increasingly look to use machine learning to analyze massive quantities of stolen records to identify potential victims and build contextually detailed emails that would very effectively target these individuals.

Furthermore, at Black Hat USA 2016, John Seymour and Philip Tully presented a paper titled “Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter,” which presented a recurrent neural network learning to tweet phishing posts to target certain users. In the paper, the pair presented that the SNAP_R neural network, which was trained on spear phishing pentesting data, was dynamically seeded with topics taken from the timeline posts of target users (as well as the users they tweet or follow) to make the click-through more likely.

Subsequently, the system was remarkably effective. In tests involving 90 users, the framework delivered a success rate varying between 30 and 60 percent, a considerable improvement on manual spear phishing and bulk phishing results.

4. Threat intelligence goes haywire
Threat intelligence is arguably a mixed blessing when it comes to machine learning. On the one hand, it is universally accepted that, in an age of false positives, machine learning systems will help analysts to identify the real threats coming from multiple systems. “Applying machine learning delivers two significant gains in the domain of threat intelligence,” said Recorded Future CTO and co-founder Staffan Truvé in a recent whitepaper.

“First, the processing and structuring of such huge volumes of data, including analysis of the complex relationships within it, is a problem almost impossible to address with manpower alone. Augmenting the machine with a reasonably capable human, means you’re more effectively armed than ever to reveal and respond to emerging threats,” Truvé wrote. “The second is automation — taking all these tasks, which we as humans can perform without a problem, and using the technology to scale up to a much larger volume we could ever handle.”

However, there’s the belief, too, that criminals will adapt to simply overload those alerts once more. McAfee’s Grobman previously pointed to a technique known as “raising the noise floor.” A hacker will use this technique to bombard an environment in a way to generate a lot of false positives to common machine learning models. Once a target recalibrates its system to filter out the false alarms, the attacker can launch a real attack that can get by the machine learning system.

5. Unauthorized access
An early example of machine learning for security attacks was published back in 2012, by researchers Claudia Cruz, Fernando Uceda, and Leobardo Reyes. They used support vector machines (SVM) to break a system running on reCAPTCHA images with an accuracy of 82 percent. All captcha mechanisms were subsequently improved, only for the researchers to use deep learning to break the CAPTCHA once more. In 2016, an article was published that detailed how to break simple-captcha with 92 percent accuracy using deep learning.

Separately, the “I am Robot” research at last year’s BlackHat revealed how researchers broke the latest semantic image CAPTCHA and compared various machine learning algorithms. The paper promised a 98 percent accuracy on breaking Google’s reCAPTCHA.

6. Poisoning the machine learning engine
A far simpler, yet effective, technique is that the machine learning engine used to detect malware could be poisoned, rendering it ineffective, much like criminals have done with antivirus engines in the past. It sounds simple enough; the machine learning model learns from input data, if that data pool is poisoned, then the output is also poisoned. Researchers from New York University demonstrated how convolutional neural networks (CNNs) could be backdoored to produce these false (but controlled) results through CNNs like Google, Microsoft, and AWS.

View full post on National Cyber Security Ventures

Four ways #state and local CIOs can boost #cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

Looking back at the hundred-plus FBI cyber investigations and victim notifications I’ve worked over the past decade, without a doubt, the most concerning and most difficult ones centered around local and state governments.

States and cities face a tall order: protecting critical data and infrastructure. They’re expected to conduct an investigation, and remediate and prevent future attacks, all with under-staffed or non-existent cybersecurity teams, limited incident response capacity, and a lack of reliable technology.

Working closely with CIOs in cities like Los Angeles and states like Colorado has given me perspective on what is working and where we should be devoting our energy. Here are the top four observations — and solutions — for helping city and state CIOs resolve their cybersecurity challenges.

1. Get the basics right, then tackle IoT

I get it. IoT is important. IoT is scary. But we are still not doing the basics on the workstations and servers that run those IoT devices. Many jurisdictions, for instance, do not yet have a complete and accurate inventory of every asset on their network. And the easiest way to breach a network will always be through the one unpatched piece of software the organization doesn’t know about — not the smart streetlight (yet). This is not to say states and cities should halt all IoT efforts. Rather, they should prioritize their time and investments in getting essential cyber hygiene efforts done first.

Action item: Have your security team run a vulnerability scan and compare the endpoints found with your IT team’s most recent patch report. If the reports are identical, compliment both teams; if they’re not, check both teams’ tools. One of them is broken.

2. Break down organizational silos

IT operations in state and city government are often run by the various agencies within the government, rather than being centralized under the state’s or city’s CIO. This leads to shadow IT, with a wide range of servers, software, and hardware spread across the state and city, and no standardized way to measure their risk level or even know when systems need to be updated. IT administrators cannot share best practices, causing further inefficiencies. What’s worse than shadow IT? Shadow security — rogue systems with no security features turned on. Fortunately, some states and cities have made significant efforts toward consolidating and federating their IT, and the broader trend is toward consolidation, as NASCIO reported in its survey of state CIOs.

Action item: Identify the agency or department with the least number of cybersecurity resources and consolidate those first. Don’t boil the ocean by starting at the agency with the most crown jewels.

3. Reduce the number of tools

Because technology management is so spread out across agencies, states and cities tend to have dozens of tools for managing their IT and security. I once responded to an incident at a state government that had more than a dozen different tools for asset inventory and patching alone. If you have a dozen tools, you need people with expertise in each piece of software, and you have to commit valuable time and money to train those people. When a mistake gets made and leads to an incident, IT staffers have to bring in outside help, because no one internally has expertise in all the tools, which is required to conduct a proper response. States and cities can significantly reduce their risk, and improve efficiency, by consolidating IT operations and security tools. Shared tools also are better for states’ budgets, because procurement officials can negotiate state-wide prices.

Action item: Track the top 10 agencies in your state or city by number of employees and count the number of IT and security tools being used across all 10 networks. Start thinking about how many tools overlap and which ones can be decommissioned.

4. Create dedicated security roles

The cybersecurity workforce gap is an oft-discussed issue, but it’s especially prevalent in local governments and even some state agencies. Too often, IT professionals are tasked with taking on security roles, too, or their positions are only part time. In both cases, not enough attention is being paid to security. IT teams need to get creative in solving their workforce issues. Try forming tiger teams made up of diverse experts from across agencies to evaluate your state holistically and solve discrete IT and security problems. Consider leveraging existing resources, such as your state’s National Guard. Explore ways to partner with local universities to get young people interested in government and cybersecurity. By far, the most interesting cyber cases I’ve investigated happened only because I worked for the government. It is why NSA, not Silicon Valley, is able to hire the best mathematicians — they recruit early and often.

Action item: Sponsor a capture-the-flag hacker tournament at a state college and offer the top three winners summer internships at your agency.

Many of these challenges and solutions are connected. Reducing the number of tools not only helps with security, it also addresses your workforce issues by freeing up the time and money you were formerly spending on a plethora of tools and training.

States and cities are clearly placing an increased emphasis on improving IT management and security, as was made clear when 38 governors signed the National Governors Association’s cybersecurity compact this summer. Now it’s time to tackle the tough issues.

The post Four ways #state and local CIOs can boost #cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

6 Ways To #Protect Your #Smartphone #E-Tickets From #Hackers

Source: National Cyber Security – Produced By Gregory Evans

6 Ways To #Protect Your #Smartphone #E-Tickets From #Hackers

Security experts say there’s no need to go back to paper: A few easy steps can keep your e-tickets and smartphone safe.

From air travel to concerts and sporting events, we’re using mobile ticketing more than ever. The nation’s largest commuter rail systems—the Metropolitan Transit Authority’s (MTA) Long Island Rail Road and Metro-North in New York and NJ Transit in New Jersey—have all gone paperless, allowing customers to use apps to purchase tickets, which they then display on their smartphones for QR code scanning. And now, even the New York City subway and bus systems are testing mobile payments.

But as with any digital step forward, there is always a hacker or scam artist looking to trip us up—and some of the ways they do it may surprise you. Fast Company talked with Jonathan Donovan, chief product officer at London-based Masabi, the company behind the MTA e-ticketing project, for some tips on how to keep your tickets and phones safe.

REPORT STOLEN/LOST PHONES IMMEDIATELY

Having a mobile ticket stolen or losing your only digital copy of it can be easier to deal with than losing a physical ticket, says Donovan. And as with a credit card, it’s best to report the loss or theft to whoever issued the ticket as soon as possible.

“Mobile ticketing is better than traditional physical ticketing in the case of a passenger losing a ticket, or having the ticket stolen— especially if it is a commuter monthly or annual ticket worth hundreds/thousands of dollars,” writes Donovan in an email to Fast Company. “Once they have reported the loss to the transit agency, the old tickets can be blocked, and then when they get a new phone, a brand-new ticket can be issued to the original owner free of charge, with no risk to the transit agency that the old ticket might also be still in use.”

BE CAREFUL WITH SCREENSHOTS

“Overall, if you have an app QR code or e-ticket on your phone, the general sense is you should treat it as a password,” says James Nguyen, a product manager for mobile at Norton by Symantec. Just as you wouldn’t post your email password to social media, you should avoid posting pictures or screenshots of tickets that include those codes. That’s because they could be used by thieves to take a trip or go to an event in your name. Even taking screenshots that include the codes can be risky if your phone is set to sync pictures to a cloud provider, since you’re relying on that provider’s security to keep your tickets from falling into the wrong hands.

KEEP YOUR PHONE FREE FROM MALWARE

Smartphone malware could capture images of tickets and upload them to thieves, Nguyen says. That means digital tickets are another good reason to keep phones patched, only download apps from reputable stores and developers, and consider anti-malware software.

WATCH OUT FOR SHOULDER SURFERS

Depending on the value of a ticket, someone could theoretically even attempt to steal it by snapping a picture while it’s being displayed, says Andrew Blaich, a security researcher at San Francisco mobile security company Lookout. “If you’re showing your QR code on the screen and somebody may be looking at your screen, they could potentially take a picture of that,” he says. Just like with passwords, it’s best to keep your e-tickets out of view when they’re not needed.

KEEP AN EYE OUT FOR HIGH-TECH SKIMMERS

And while they haven’t been reported yet, there’s no reason why thieves wouldn’t be able to install decoy devices in public places like train stations or event venues that claim to validate tickets. Those would be like hidden credit card skimmers, which for years have cloned cards while customers used them at gas pumps and ATMs. As with credit cards, consumers should avoid using their tickets with any scanning machines that look suspicious, says Nguyen.

“Sometimes it’s difficult, but you can be diligent about noticing additional hardware or wires come out of the scanning equipment,” he says. When in doubt, skip the machines and talk to a human in a uniform, if there’s one around.

LOCK DOWN YOUR PHONE, BLUETOOTH INCLUDED

Locking your phone when it’s not in use, and using strong passwords and two-factor authentication when possible, will also help keep tickets and other confidential data safe from physical snooping, says Blaich.

Phone users should also keep unnecessary network connections, especially Bluetooth, disabled when they’re not using them, says Nadir Izrael, CTO of Armis. The Palo Alto-based security company made headlines in September by revealing a set of Bluetooth vulnerabilities it called Blueborne. Izrael says it’s quite possible someone armed with similar exploits will develop a Bluetooth-based virus that can hop from infected devices to nearby vulnerable ones. Such an attack could be launched in a busy area like a train station or stadium—exactly the kinds of places people would have their phones out to show mobile tickets.

“Someone will walk into a crowded space with an infected device, and it will likely just transmit from device to device like an infection would play out,” he says.

The post 6 Ways To #Protect Your #Smartphone #E-Tickets From #Hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

5 Ways to Protect or Freeze Your Credit After Identity Theft

Source: National Cyber Security – Produced By Gregory Evans

In the wake of the Equifax data breach, which compromised the personal information of up to 143 million Americans — nearly half of the U.S. population, according to NBC News — many Americans are looking to prevent potential identity theft. The Equifax breach is just the latest in a string…

The post 5 Ways to Protect or Freeze Your Credit After Identity Theft appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Ways to Protect Yourself from Internet Hackers

Source: National Cyber Security – Produced By Gregory Evans

Getting hacked can be so frustrating, however, there are a lot of people out there engaging in such heinous activity. There are quite a number of ways to protect yourself from internet Hackers. It is very important to keep your privacy, information, money, and identity safe from online hackers. One…

The post Ways to Protect Yourself from Internet Hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

5 Ways to Think About Cloud Security

5 Ways to Think About Cloud SecuritySource: National Cyber Security – Produced By Gregory Evans Applying these five considerations will make for a more successful path to cloud security. Cloud computing promises significant costs savings and more streamlined management of mission-critical information technology, data processing and storage needs. But is it secure? Vibrant Credit Union (VCU), a Midwestern-based full service financial […] View full post on AmIHackerProof.com | Can You Be Hacked?

5 Ways to Strengthen Your Organization’s Cybersecurity Risk Posture

Source: National Cyber Security – Produced By Gregory Evans

5 Ways to Strengthen Your Organization’s Cybersecurity Risk Posture

A company’s risk posture refers to its overarching cybersecurity plan – that is, its approach to keeping sensitive data safe from internal and external threats. This includes everything from proactive planning and prevention to implementation, management and remediation strategy. No company – large or small – is immune to a potential security breach, which means every single organization in business …

The post 5 Ways to Strengthen Your Organization’s Cybersecurity Risk Posture appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures