Does Your Online Presence Pose a Security Risk?

Posted by Stefanie Kober Fri, 31 Oct 2014 09:36:00 GMT



Would you hand out your name, social security number and email address to a total stranger on the street? Probably not. However, when it comes to giving out the same information online, we are somewhat less adamant. Is it really easy to gain information on an individual from seemingly trivial data? How could your online presence be used against you? In this article, we answer these questions and discuss how to mitigate these risks.

Would You Give Out Your Email Address?

A social experiment conducted by People’s ID Bot Project and London agency Abundance has shown how incredibly easy it is for fraudsters to glean a disturbing level of personal information online, by simply using an email address. Bar customers wrote their email address on a sham mailing list, then researchers used their email addresses to evaluate the target’s details online. Within a matter of minutes, the researchers had gathered so much private information on the individuals that they succeeded in convincing the patrons that they had known them for years. Would the same have happened to you?

Sharing Your Life Online
The shocking experiment highlights the dangers of leaving yourself open to online identification fraud – it reveals how easy it is for a stranger to research individuals. People should be aware of the how much of their personally-identifiable information is freely available online. In the wrong hands, this information is used to commit identity theft or sold to other criminals. Usually, the victim is only made aware after a crime has been committed against them.
Often, people disclose all types of personal information on the Internet that allows identifying data to be deduced. Social media services such as Facebook, Twitter and Instagram are libraries of personal minutiae – school and work chatter, snapshots of family vacations, and books read are just the tip of the iceberg. Such seemingly superficial pieces of self-revelation can gradually be gathered and reconstructed by computers to help create a picture of a person’s identity, sometimes even down to the Social Security number.

How to Prevent Victimization
People can increase their defenses against identification in social networks by implementing tight privacy controls on information in personal profiles. Unfortunately, an individual’s actions are not sufficient to protect privacy in the interconnected world of the internet. In today’s online world, personal privacy is no longer an individual phenomenon; although you may not disclose personal information, your online friends or colleagues may do it for you, denoting your gender, education or employer, location, and interests.

Take Away
The Web offers us excellent value and convenience, however it is important to be vigilant in protecting our online identities. It is essential to exercise caution and implement these simple adjustments to online behavior in order to prevent victimization. People should exert more caution with personal details – it is by obtaining such data that the process of identity theft starts.
 

no comments |

4 Critical Advantages of Pure Software VPN Solutions

Posted by Stefanie Kober Tue, 28 Oct 2014 14:08:00 GMT



Most companies are turning to virtual private networks (VPNs) to reduce costs and increase security and performance. By using a public network, VPNs can connect off-site users, such as teleworkers and remote workers, vendors, and customers, to a larger centralized network. A VPN is considered as important as the internet connection itself, therefore choosing the right VPN solution is essential.

VPN Solutions
There are several different VPN solutions in the market today, therefore extra caution must be taken to ensure that the best possible decision is made when choosing a business VPN solution.
The two main product categories are dedicated VPN hardware appliances, and software VPNs (also called server-based VPNs). In the case of software VPNs, the VPN endpoint is actually software running on the device itself, whereas a hardware VPN is a virtual private network based on a single, stand-alone device.

The following four key points highlight how software VPNs are superior to hardware VPNs:

 

  1. Cost-Effective
    VPN software is generally considered to be a relatively low-cost way to deploy a VPN; dedicated hardware VPN appliances are more expensive than a software VPN because, generally, the VPN software is installed on an existing device. This means there is virtually no other investment required apart from software upgrades.

  2. Easy Network Management
    A further advantage to the software VPN approach is that the network does not change. No additional devices need to be installed, and management of the network remains the same. In contrast, a VPN appliance involves adding a new piece of equipment to the network, therefore increasing the complexity of the networking environment.
     
  3. Less Training
    Another benefit is that generally, less training is required in the case of software VPNs. Conversely, in hardware VPNs, the IT staff would require more intensive training since the configuration and management tools will probably be different than the ones used on the corporate routers.
     
  4. Performance and Scalability
    The performance factor is equally as important. The ability to expand the VPN to support more sites or users should not be underestimated when choosing a VPN. Pure software VPN solutions benefit from high scalability. This is not the case for a hardware VPN. If a company were to start with a VPN appliance designed to support 50 simultaneous VPN sessions, and later experience considerable increases in personnel, the VPN would need to accommodate more users. This would require scaling up the VPN will require the purchase of more appliances. Selecting a VPN that is not scalable can easily double the cost if or when the VPN capacity is outgrown.


SSL VPN
When choosing a VPN, special attention should be paid to the merits of the various deployment models (SSL VPN vs. IPsec VPN). Modern, pure software SSL VPNs do not require the installation of specialized client software on the end user’s computer. This translates to high scalability and the ability to support many different platforms (such as Windows®, Mac, Linux/Unix), from virtually any device. SSL VPNs enable secure server-based computing environment with strong SSL encryption and strong authentication.

HOB RD VPN is a very performant software SSL-VPN solution, which was only recently certified by the German Federal Office for Information Security. If you are interested in VPN solutions, don’t hesitate to visit our website www.hobsoft.com and inform yourself about HOB software solutions “Made in Germany”.
 

no comments |

Cybercrime Prevention Tips (Part 2)

Posted by Stefanie Kober Thu, 23 Oct 2014 13:24:00 GMT



In one of our previous blog posts, we started our discussion with cybercrime prevention tips. In the following article, we shall further provide advice on how to prevent cyberattacks, with a more in-depth focus on mobile technology and deployments.

Preventing Cybercrime
Many cybercrime attacks can be avoided with the implementation of straightforward preventative steps. Cyber criminals prefer to attack easy targets, thus the more difficult you make their job, the more likely it is that they will move on to an easier target.
By implementing the following precautionary measures, you can effectively fight cybercrime:

 

  1. Protect your computer with security software
    Several necessary security software elements are required for basic online security. Antivirus programs and firewalls are just two examples of security software essentials. Generally, a firewall is the first line of cyber defense, as it controls who and what can communicate with your computer online. Firewalls block connections to unknown or phony sites, and will prohibit certain types of viruses and intruders. Antivirus software monitors all online activities such as e-mail messages and Web browsing, offering protection from viruses, worms and other types of malicious programs. More recent versions of antivirus programs also protect from spyware and potentially damaging unwanted programs, such as adware.   
     
  2. Secure your mobile device
    Mobile devices, such as smartphones and tablets, are also vulnerable to cyberattacks; these devices are attacked by cyber criminals in a similar way to computers. A more in-depth look into smart phone security can be found here.
    When smartphones are used for business purposes, a number of safety practices should be followed, such as not saving any sensitive business data directly on the device, to prevent unauthorized data access.
     
  3. Turn off location settings
    Numerous smartphones, tablets and even some digital cameras now come GPS-enabled, allowing geotagging (the addition of GPS coordinates to your online posts or photos) is especially popular with photos. A geotagged photo is the most marked threat for the user’s personal privacy and security.
    The problem with such location-based services is not the information they provide, but rather the information they might also provide to other parties. Providing information about your current location is risky, but even more precarious, the data may be permanent and searchable, allowing criminals to build up a clear picture of your activities through time.
    To mitigate these risks, the best thing to do is to completely disable the location settings when requested by applications and refrain from using geotagging. Alternatively, in some cases, these may be turned on only when you specifically need it, then turned off again immediately after; even in this scenario, only a restricted number of friends should be able to see the information of where you are and where you have been. 
     
  4. Secure your offsite workers
    Offsite workers, such as teleworkers and remote workers, including vendors and customers, making use of any type of mobile device (e.g., laptops, smartphones and tablets) should be equipped with remote access solutions or other modern solutions, so as to assure a secure access to the corporate network.
  5. Back up critical dataAlthough this is not strictly a way to prevent cybercrime, backing up critical data is a crucial step in the event of an attack. Recovery of data and return to normal operations is essential for business continuity; any down time to mission-critical systems may be harmful. Details of the backup processes should be part of the business continuity and disaster recovery plans.


Keeping Balance

The most really effective steps taken by a computer user to avoid being a victim of a crime render the user’s computer somewhat less convenient to use. Every user must balance how much security is considered enough to keep unauthorized intruders at bay. The German software developer HOB offers its customers the perfect balance between user experience and security. The Secure Remote Access Suite HOB RD VPN allows users to remotely access corporate files and servers from anywhere, at anytime. Due to SSL-encryption and modern authentication methods, HOB RD VPN offers its users a maximum of security. The recent Common Criteria (EAL4+) certification is yet another independent proof for the high security level of HOB RD VPN. If you are interested in learning more about HOB products, please visit our website www.hobsoft.com.
 

no comments |

Cybercrime Prevention Tips (Part 1)

Posted by Stefanie Kober Tue, 14 Oct 2014 09:32:00 GMT



Every week, we hear new reports of new cyber breaches and the exploitation of security flaws. Internet connected activities are as susceptible to cybercrime as physical crime, and both can lead to severe damages and lasting negative consequences. Ultimately, it is the responsibility of the individual to protect themselves and their families against cybercrimes through safe online practices.

Cybercrime Prevention Strategies

Preventing cybercrime is not an easy task, however cybercrime prevention can be achieved relatively rapidly and in a cost-effective way. The following tips help prevent cyber attacks:

Install the latest patches and updates
By regularly updating your computer operating system with the latest patches and other software fixes when they become available, you can block attackers from taking advantage of software flaws that would otherwise compromise your system.

Keeping your computer up-to-date renders it much more difficult for cyber criminals to gain access to your system. Although updates alone do not guarantee protection, they block several basic and automated attacks completely and may discourage a less-determined hacker to look for a more vulnerable computer somewhere else. Fortunately, most Windows-based systems can be configured to download software patches and updates automatically. 

Choose strong passwords… and protect them
Choosing a password, meaning one that is not easily guessed, is the first step towards keeping passwords secure and out of the wrong hands. Strong passwords use a combination of upper and lower case letters, numbers and special characters or symbols (such as ?, @, $ and &). Any type of personal information or dictionary words should be avoided.

A different password should be used for each service used; although this makes it more difficult to manage your online accounts, it is well-worth the effort. Passwords should be changed regularly so as to limit the damage caused by someone who has already gained access to one account. It is essential to store passwords in a safe place. If you suspect that one of your online accounts may be hacked, one of the first steps to take is to change your password.

Shred old or unwanted paperwork

Any paperwork that contains personal details should be shredded or made illegible before discarding or recycling it. Criminals can go through your trash to recover sensitive information such as receipts and letters from banks that they can use online.

Protect your personal information
Refrain from revealing personal confidential information in the public domain, for example social media websites. Overexposure can lead to social engineering, whereby attackers gather small bits of personal information from several portals, such as Twitter and Facebook, to launch an attack.

Although absolutely not divulging any personal information is rarely possible, the following is a checklist for how to share personal information safely online:
 

  • Pay attention to privacy policies on websites and in software
  • Steer away from fraudulent websites used to steal personal information
  • Keep an eye out for phony email messages – do not open email attachments unless you are certain that they are authentic
  • Do not respond to email messages that ask for personal information
     

Be social media savvy
Check your security setting to ensure that your social networking profiles (such as Twitter, Facebook and YouTube) are set to private. Once information is posted online, it is extremely difficult to remove it!

Cybercrime: No Intention of Slowing Down
As the technology evolves, so does cybercrime. This exposes new vulnerabilities which attackers can exploit, therefore implementing the rightful preventative measures is essential to stay one step ahead of attackers. Stay tuned for Part 2 of this blog series where we will discuss further methods to protect against the ongoing threat of cybercrime.

no comments |

How to Avoid Becoming a Victim of a Mobile Phishing Attack

Posted by Tobias Eichenseer Thu, 18 Sep 2014 15:38:00 GMT

The dependence on mobile browsers to accomplish security sensitive operations is increasing. With this comes an increase in mobile cyber threats, as cybercriminals are now moving beyond computers and shifting to mobile handheld devices.

A phishing survey reported that the number of phishing targets increased from 2012 to 2013, indicating that e-criminals are spending time looking for new opportunities. Mobile phishing occurs when identity thieves collect the user's information, including financial or account information such as user name and password, Social Security Number, date of birth, and credit card information from mobile devices, for the purpose of committing fraud or other illegalities.

Limitations of Mobile Devices
Specific limitations of the mobile platform make mobiles susceptible to phishing attacks:

1.    The mobile device’s much smaller screen size constrains the ability of the mobile browser to entirely display any anti-phishing security elements a website may contain. Most mobile browsers in use today simply lack any room to incorporate security indicators and certificate information that alert users of site identity and the presence of strong cryptographic algorithms, as is done with their desktop counterparts. This leaves users unable to verify whether the website they are logging into is legitimate or not; a critical security flaw rendering mobile browsers unsafe. 
    
2.    The permanent default browsers preinstalled on certain phones are another limitation. Their ability to automatically start up and display links the user opens makes it less difficult for cybercriminals, who can now focus on only one browser to exploit.

This combination of a radically reduced screen size and absence of security indicators makes it difficult for users to determine the security standing of mobile browsers, and makes mobile browsing more dangerous for average users, since it provides a false sense of security. Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers. 

Advantages of Mobile Devices:
However, the mobile platform also has some benefits that reduce the concern of mobile phishing: 

1.    The mobile platform allows phishing targets, including online shopping and banking sites, to develop their own apps for customer use. Assuming there are no spoofed apps and there is a mechanism for constant updates, these legitimate apps facilitate more secure exchanges of information between organizations and their customers.

2.    Mobile browsers are increasingly becoming more powerful, and are able to process and run complex scripts. Websites that involve login details may take advantage of this fact to implement better security measures.

Protection Against Mobile Phishing

One can prevent mobile phishing from taking place by adopting and following the following best practices:

1.    Avoid opening links in emails, especially from suspicious or unknown senders. One should always verify the legitimacy of the email messages received.

2.    Utilization of official apps. If the website one is trying to log in to has an official app, one should use it rather than the browser.

3.    Checking the permissions of all the downloaded apps. One should exert extreme caution when choosing which apps to download, as some apps may be requesting too much data, which could result in a violation of privacy.

4.    The URLs of the websites one visits should be manually typed in and subsequently bookmarked for future visits. This procedure eliminates typographical errors in the URL that can be directed to a phishing website.

5.    Installation of a security solution. Modern solutions for mobile devices enable secure access to data located in the corporate network, without the data ever being downloaded to the device. This eliminates the risk of phishing.

Conclusion
The direction of cybercrime is shifting towards the “post-PC” era, as cybercriminals follow where the users and their money go. Cyberattacks on mobile devices can be prevented by adopting mobile computing best practices.

no comments |

Cyber Security is Everyone’s Responsibility

Posted by Stefanie Kober Tue, 16 Sep 2014 07:38:00 GMT



Cyber security starts with improving the individual responsibility of each user within an organization. A single user’s lack of responsibility may not only harm the individual, but could provide a platform for attack on other users within the network; older threats, such as viruses, have been replaced by sophisticated attacks that can cripple the entire organization’s IT system. Knowledge of how to protect computers and engaging in appropriate behavior while logged on to the corporate network, will decrease vulnerabilities.

How to Act Responsibly in Cyberspace

Cyber security is a shared responsibility, and each user has a role in preventing cyber threats. Every person should take these basic security measures to improve the organization’s cybersecurity. 

1.    Strong Passwords

Choosing a strong password cannot be stressed enough! Weak passwords are just as bad as no passwords at all, as they can be easily cracked by relatively simple hacking techniques. Strong, hard-to-crack passwords are normally the first line of defense against a security breach. Strong passwords generally cannot be found in the dictionary and include special characters or numbers.

2.    Beware of Social Engineering
Not all threats come from online. The term “social engineering” describes a non-technical type of intrusion that relies mainly on human interaction – a scam or fraud, where people are deceived into disclosing valuable data, breaking the normal security procedures. Social engineering can take several forms, and is normally considered to be the easiest and most successful type of attack. One of the most traditional cracks is simply to call a person and ask them questions. Users should never divulge a password to anyone, including people who claim to be from customer service, nor communicate a password via telephone, e-mail or instant messaging.

3.    Recognize the Importance (and Vulnerability) of their Data
One of the reasons social engineers are successful is because people are not aware of the value of the information they possess and are therefore not vigilant protecting it. Better security awareness by each individual facilitates businesses to safeguard their trade secrets and intellectual property, and decreases loss of productivity due to downtime. 

4.    Keeping Track of Business Data

In addition to keeping the information safe, protection of business data ensures compliance with relevant data protection rules and legislation. Employees downloading business documents to a public drive, attaching and sending unencrypted confidential documents from the workplace using personal (Web-based) email accounts, and downloading, storing and transferring unencrypted confidential documents from a workplace desktop to a generic USB drive are all examples of security risks that can arise in organizations involving negligent or malicious users.

5.    Back Up Data
Data is one of the most important assets of the business; a lot of information, such as employee records, is irreplaceable. Users should plan ahead and back up critical data as preparation for worst-case scenarios. 

Conclusion
Independent of the type of multi-layered defense one opts for to safeguard the corporate network, it must be combined with good judgment, common sense, and safe computing and safe Web surfing habits.

Author: Hazel Farrugia

no comments |

8 Things to Learn from a Data Breach Study (Part 2)

Posted by Stefanie Kober Tue, 12 Aug 2014 12:42:00 GMT



In our previous post on IT security, we discussed four key findings from a data breach study conducted by Ponemon Institute. In this article, we will further discuss these four key findings and outline preventative measures to avoid security breaches.

Key Findings (Continued)

5.    Cybercrime Costs Differ by Company Size, but Smaller Organizations Sustain a Significantly Higher Cost than Larger Organizations

While everyone is vulnerable to cyber-attacks, smaller organizations are more at risk. A common cyber-attack is the theft of sensitive data, and for a small organization, the loss of project files or customer databases can put them out of business.

Smaller companies (employees<20) should implement a VPN for secure connectivity anytime, anywhere. Due to their ease of use and versatility, SSL VPNs are well-suited for small companies allowing users to only access specific applications and services, and providing access to Web applications, Windows Terminal Servers and their applications or internal network connections.

6.    Information Theft, Followed by the Costs Associated with Business Disruption, Represent the Highest External Costs


Annually, information loss and business disruption (or lost productivity) account for 43% and 36% of external costs, respectively. (In the context of this study, an external cost is one that is created by external factors, including fines, marketability of stolen intellectual properties and litigation)

Setting up strong network security is therefore crucial. Increasingly, more organizations are adopting SSL VPNs, which ensure a secure network connection through the use of encryption, single-sign on options, and firewalls.

In order to minimize costs associated with business disruption, it is imperative that all organizations have a contingency plan in place that outlines how to contain and recover from a substantial security breach. The IT staff must quickly solve the issue, hopefully restoring data from backup files, and returning systems to service without any significant downtime. Nonetheless, any downtime can be disastrous in the case of mission critical systems. 

7.    Recovery and Detection are the Most Costly Internal Activities


Combined, recovery and detection account for 49% of the total internal activity cost per year; cash outlays and labor account for most of these costs. This highlights the importance of back-ups. A data-backup policy is especially important if the organization has several laptops or other mobile devices that can be lost or stolen. To avoid data theft from loss or stolen mobile devices, no data should be downloaded to the device, but rather all data is completely and securely located in the central corporate network.   

8.    A Strong Security Policy Minimizes the Cost of Cyber Attacks


As expected, businesses that invest in a strong security policy and system are better off than their counterparts. This stresses the importance of a strong security policy, which provides the plan for the overall security program adopted by the organization.

Conclusion

As cybercriminals have become more sophisticated in their tactics, fighting cybercrime has become increasingly challenging for organizations worldwide. Although sustaining an organization’s security posture or compliance with standards, policies and regulations also comes at a cost, the benefits of strong security measures outweigh the plausible costs incurred by cyber-attacks.

Author: Hazel Farrugia

no comments |

8 Things to Learn from a Data Breach Study (Part 1)

Posted by Stefanie Kober Thu, 07 Aug 2014 13:00:00 GMT



Recently, the sophistication of cyber-attacks has grown significantly. Cybercriminals are specializing and sharing intelligence so as to steal sensitive data and disrupt critical business functions. Consequently, the topic of cybercrime has been kept top of mind as the repercussions of a cyberattack are costly and potentially very damaging.   

Key Findings
The study, 2013 Cost of Cyber Crime Study: United States, was conducted by the Ponemon Institute and sponsored by HP Enterprise Security Products.

1.    Cybercrimes are Still Costly for Organizations

The average annual cost of cybercrime per organization was $11.6 million, an increase of 26% over the average cost reported in 2012. Considering this increase in cost, IT security should be a top priority for all organizations, as there is no single failsafe solution to protect against cybercrime.

2.    All Industries are Susceptible to Cybercrime

The average annual cost of cybercrime appears to differ according to industry segment; organizations in financial services, defense, and energy and utilities experience markedly higher crime costs than organizations in retail, hospitality and consumer products. The organizations facing higher security threats are not only at risk for financial loss due to cyber-attack, but are also more vulnerable to phishing attacks that could compromise sensitive customer data such as credit card, bank account and social security numbers.

3.    Denial of Service Attacks, Malicious Code and Web-based Attacks are the Most Costly Cybercrimes

These are responsible for more than 55% of all cybercrime costs to organizations. Denial of Service (DoS) is an attack which renders information or data unavailable to its intended recipients. Organizations using VPNs can mitigate such risks by configuring access control lists, a method of defining access rights according to user (such as a file directory or individual file).
Malicious code is a piece of executable code designed to harm a computer or its information, or prevent normal computer operations. Malicious code can come from various sources, such as the Internet, infected diskettes, files received via electronic mail, and worms that exploit several system vulnerabilities. It could also be introduced via a disgruntled insider, who has physical access to a computer or network.
A multilevel strategy is required to effectively defend against malicious code, including physical security, password management, product selection, configuration and maintenance, user awareness and education, up-to-date anti-virus software for servers, clients, and electronic mail and adequate system backups.       Web-based attacks focus on an application itself, as application vulnerabilities could provide the means for malicious end users to breach a system's protection mechanisms. Generally, such attacks take advantage or gain access to private information or system resources. To mitigate Web-based attacks, firewalls, reverse proxies, and intrusion detection and prevention systems (IDPS) should be used, which actively monitor for attacks and attempt to block or change the environment, thus preventing further attacks from reaching the protected application or system. 

4.    Cyber-attacks Can Be Costly if Not Resolved Rapidly 

The results show a direct and positive relationship between the time required to contain an attack and the organizational cost. The results also demonstrate that both the cost and the time taken to resolve an attack increased from the previous year. Failure to resolve the problem quickly leads to prolonged business disruption and gives competitors a distinct advantage.

Conclusion

The results of the study reveal that no one is immune cyber-attacks, which have the potential to inflict significant financial and reputational damage to the targeted organization. Stay tuned for Part 2 where we shall further discuss the findings of this data breach study and how organizations should protect themselves from becoming a victim of cyber-attacks.
  
Author: Hazel Farrugia

no comments |

3 Main Security Concerns as revealed by HOB Remote Access Study

Posted by Tobias Eichenseer Tue, 05 Aug 2014 13:56:00 GMT

Remote access solutions are gaining prevalence as organizations are adopting the mobile workforce strategy, benefitting from increased productivity and reduced expenses. When evaluating and planning a VPN solution, it is essential to understand the security risks that are associated with this technology.

Top 3 Remote Access Security Concerns  
In fall of 2013, HOB conducted a research survey on the state of remote access in the US. Over 200 CTOs and CIOs were polled, and findings revealed three main concerns regarding remote access security issues.

1.    Hackers gaining access to the Network during Employee Remote Access Solutions

Hackers have succeeded in breaking through two-factor authentication and identifying and exploiting vulnerability in a Web application to access an enterprise’s network. Therefore, it is not surprising that 66% of the polled respondents are concerned with hackers gaining access to the network during employee remote access sessions.
Organizations should implement safe and reliable VPNs which provide an adequate level of security, without compromising performance.

2.    Employees accessing the Network through their Personal Devices

Today, mobile devices such as smartphones, laptops and tablets have become an integral part of everyday life. As more organizations implement remote working policies, IT managers have less control over enterprise data from numerous devices. Furthermore, determining which devices are accessing which systems and data has become increasingly difficult.  
The repercussions of data breaches resulting from lost or stolen devices can be severe. In addition, IT managers generally lose data access visibility when multiple personal, unmanaged devices are connecting to the network simultaneously.
This highlights the importance of a comprehensive mobile workforce security policy, which should also include who is responsible for device maintenance and support, and which security measures should be implemented.

3.    Errors by the IT Team leaving the Network open to Intruders


Cyber-attacks are increasing in sophistication and frequency; the costs associated with cyber-attacks are not limited to monetary costs, but also encompass reputational loss and diminished competitive advantage. Security holes unintendedly created by the IT team may potentially lead to the exposure of sensitive enterprise data, financial fraud or even bankruptcy.
The results indicate that enterprises require new strategies in order to combat and prevent advanced cyber-attacks; IT teams should be wary of software and systems use and investigate any suspicious behaviors that are known to be associated with malicious activity.

Conclusion
As organizations make use of remote access to satisfy various business needs, securing the corporate network becomes priority. The findings of this study stress the importance of a robust mobile workforce strategy.

If you would like to learn about the state of remote access in the USA, please download our free eBook “The State of Remote Access in the US”.
 


Author: Hazel Farrugia

no comments |

How to Fight Cybercrime

Posted by Tobias Eichenseer Thu, 31 Jul 2014 11:52:00 GMT

Businesses and individuals are increasingly relying on computers and Internet-based networking. They experience several benefits, but also potential risks. When staff or business partners have constant access to internal networks from insecure locations, security is a major concern.

The Rise of Cybercrime
Cyberattacks generally refer to criminal activity involving the use of a computer network, normally conducted via the Internet. Internet users and organizations face increased risk of becoming targets of cyberattacks. An independent research report conducted by Ponemon Institute on organizations located in the United States in 2013 found that the U.S. experienced an increase of 18 percent in successful attacks from the previous year.
Today, criminals have more advanced technology and greater knowledge of cyber security. Attacks may include financial scams, computer hacking, virus attacks and distribution, denial-of-service, theft of an organization’s information assets, posting of sensitive business data on the Internet, and malware.

Risks of Cybercrime
For businesses and corporations, the cost associated with cyberattacks is large. Stolen or deleted corporate data can inflict financial damage on the victim, damage the company’s reputation, and negatively affect people’s livelihoods. The risks are even higher for small companies, since their businesses may rely solely on project files or customer data bases. The same Ponemon Institute study reported that in 2013, the average cost of cybercrime in the U.S. was $11.6 million annually - an increase in cost by 26 percent from the previous year.

Preventing Cyberattacks
Organizations should follow basic guidelines in order to reduce the security threat to their data and devices. To prevent cyberattacks, companies should:

1.    Use a Secure Connection to the Corporate Data
This generally involves implementing a Virtual Private Network (VPN). VPN technology provides protection for information that is being transmitted over the Internet by allowing users to form a virtual “tunnel” to securely enter an internal network to access resources, data and communications.

2.    Store Data Centrally
Centralized storage of data offers protection and increases speed, convenience and efficiency for accessing files. Sharing of files enables rapid and easy access to important data from virtually anywhere in the world. The relative mobility and control of data improves effectiveness of workflow. Another crucial advantage of centralized data is cost. Although it is possible to store and backup data on multiple machines, it is considerably more cost effective to use central storage. For instance, data can be stored on a server within the corporate LAN behind the firewall.

3.    Use Modern Authentication Methods
Authentication is the process by which the parties at either end of a network connection can verify the identity of the other party. Verification is typically based upon something you know (such as passwords), something you have (smart card or tokens), or something you are (biometric techniques, including fingerprint and eye scans). Deployment of modern authentication methods, such as Kerberos authentication protocol, ensures confidentiality through encryption that ensures no one can tamper with data in a Kerberos message. 

4.    Use Reliable, Strong Encryption Technology
Encryption is the process of changing information in a manner that cannot be deciphered by anyone except those holding special knowledge (generally referred to as a "key") that enables them to alter the information back to its original, readable form. A VPN turns the Internet (an unsecure environment) into a secure private network, by providing heavy encryption. In particular, an SSL VPN is best-suited for mobile apps. 
 
5.    Enforce Strong Passwords
Implementation of strong passwords is a basic security procedure, however it is often overlooked.  Complex, hard-to-crack passwords are a simple line of defense against a security breach. Password policies, which offer advice on proper password management, should be in place. Password best practices include:

•    Avoid using dictionary words or common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.
•    Do not use personal information. 
•    Use special characters, such as * and #.  The majority of passwords are case sensitive, therefore, a mixture of both upper case and lower case letters, as well as numbers, should be used.
•    Choose a long password, as passwords become harder to crack with each added character.
•    Create different passwords for different accounts and applications. Therefore, if one password is breached, the security of other accounts is not at risk.
•    Never write down passwords and leave them unattended in a desk drawer or any other obvious place.
•    Never communicate a password by telephone, e-mail or instant messaging
•    Never disclose a password to others, including people who claim to be from customer service.
•    Change passwords whenever there is any doubt that a password may have been compromised.

Conclusion
The growing popularity and convenience of digital networks has led to an increase in cyberattacks; consequently, keeping up to date with the most recent and important concerns facing the organization is in itself a challenge. Organizations can protect their highly sensitive information by following a safety plan and adopting reasonable security practices.
 
If you would like to learn more about VPN technology, and review some tips on critical security aspects, download our free e-book: How Do I Find the Best VPN Solution for My Company?
 

no comments |