Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Privacy

 

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

By Daniel J. Nemeth

Technology advancements have made it relatively easy for many employees to carry out their regular job duties from the comfort of their home.

Related: Poll confirms rise of Covid 19-related hacks

This is something companies are under pressure to allow to help minimize the spread of Covid 19. The main problem for remote workers is the threat to online security. Remote workers face having both their personal and work-related information compromised.

As a remote worker, it is imperative to take measures to protect yourself and your employer online. Start by checking to see what security protocols your company has in place. Your employers might be able to provide you with specific directions on how to handle certain aspects of your cybersecurity.

Here are some cybersecurity best practices tips that apply more than ever when it comes to remote workers carrying out their duties securely.

•Use strong passwords. It is essential to ensure that all accounts are protected with strong passwords. To this day, a significant amount of people still use the password across multiple accounts, which makes it much simpler for a cybercriminal to compromise a password and take over accounts.

Comment | Read | March 6th, 2021 | Best Practices | For consumers | For technologists | Privacy | Top Stories

SHARED INTEL: Forrester poll – security decision makers report breaches escalated as Covid 19 spread

By Byron V. Acohido

Human suffering and economic losses weren’t the only two things that escalated with the spread of Covid 19 last year.

Related: Can ‘SASE’ help companies secure connectivity?

Network breaches also increased steadily and dramatically month-to-month in 2020. This development is delineated in a recent report from technology research firm Forrester.

In its summary report – The State of Network Security, 2020 To 2021—Forrester combined findings derived from several surveys the firm conducted during the course of last year; Forrester polled security decision makers in organizations across North America and Europe.

The overarching takeaway: more organizations were breached, more often, in 2020 that 2019; some 58% of security decision-makers in North America and Europe reported dealing with at least one breach in 2020 as compared to 48% in 2019.

Notably, the number of organizations that said they were breached more than three times in the 12-month period was up significantly, as well.

Both external and internal cyber assaults were pervasive. Attacks routinely routed through through employees, contractors and vendors; in short, folks granted access for legitimate reasons in order to participate in cloud-based commerce.

Some 40% of respondents who experienced a breach due to an internal incident said it was due to intentional abuse of access rights from current or former employees; 38% said it was from accidental or inadvertent misuse by employees; and 22% said it was a combination of both.

Comment | Read | February 23rd, 2021 | For technologists | Privacy | Q & A | Top Stories

GUEST ESSAY: HIPAA’s new ‘Safe Harbor’ rules promote security at healthcare firms under seige

By Riyan N. Alam

The Health Insurance Portability and Accountability Act — HIPAA — has undergone some massive changes in the past few years to minimize the burden of healthcare entities.

Related: Hackers relentless target healthcare providers

Despite these efforts, covered-entities and business associates continue to find HIPAA to be overwhelming and extensive, to say the least.

Cyberattacks against healthcare entities rose 45 percent between November 2020 and January 2021, according to Check Point . Meanwhile, the healthcare sector accounted for 79 percent of all reported data breaches during the first 10 months of 2020, a study by Fortified Health Security tells us.

At last, some good news has surfaced that encourages healthcare providers to implement the best security practices and meet HIPAA requirements. Amidst all of the turmoil, President Donald Trump officially signed H.R. 7898, known as the HIPAA Safe Harbor Bill, into law on January 5, 2021.

It is a new sign of relief for entities that could do very little against unavoidable and highly sophisticated cyberattacks. This bill is one of many recent industry efforts aimed at improving cybersecurity. The legislation amends the HITECH Act to require the Department of Health and Human Services (HHS) to reward organizations that follow the best cybersecurity practices for meeting HIPAA requirements.

Comment | Read | February 8th, 2021 | For consumers | For technologists | Guest Blog Post | Privacy | Steps forward | Top Stories

ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular

By Byron V. Acohido

It’s only February — and 2021 already is rapidly shaping into the year of supply-chain hacks.

Related: The quickening of cyber warfare

The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer Relationship Management (CRM) platform as a gateway to compromise the cell phones of an undisclosed number of the telecom giant’s customers.

This bad news from UScellular follows similarly troubling disclosures from networking software supplier SolarWinds and from email security vendor Mimecast.

The SolarWinds hack came to light in mid-December and has since become a red hot topic in the global cybersecurity community.

Video: What all companies need to know about the SolarWinds hack

Meanwhile, Mimecast followed its Jan. 12 disclosure of a digital certificate compromise with a Jan. 26 posting confirming that the compromise was at the hands of the same nation-state threat group behind the SolarWinds hack and subsequent attacks on various technology companies and federal government agencies.

And now UScellular admits that it detected its network breach on Jan. 6, some two days after the attackers gained unauthorized access. The intruders got in by tricking UScellular retail store employees into downloading malicious software on store computers.

Comment | Read | February 3rd, 2021 | For technologists | Imminent threats | My Take | Privacy | Top Stories

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

By Byron V. Acohido

The cybersecurity operational risks businesses face today are daunting, to say the least.

Related: Embedding security into DevOps.

Edge-less networks and cloud-supplied infrastructure bring many benefits, to be sure. But they also introduce unprecedented exposures – fresh attack vectors that skilled and motivated threat actors are taking full advantage of.

Adopting and nurturing a security culture is vital for all businesses. But where to start? Ted Harrington’s new book Hackable: How To Do Application Security Right argues for making application security a focal point, while laying out a practical framework that covers many of the fundamental bases.

Harrington is an executive partner at Independent Security Evaluators (ISE), a company of ethical hackers known for hacking cars, medical devices and password managers. He told me he wrote Hackable to inform folks oblivious to the importance of securing apps, even as corporate and consumer reliance on apps deepens.

Here are excerpts of an exchange Last Watchdog had with Harrington about his new book, edited for clarity and length:

LW: Why is it smart for companies to make addressing app security a focal point?

Harrington: Software runs the world. Application security is the soft underbelly to almost all security domains, from network security to social engineering and everything in between.

Comment | Read | February 1st, 2021 | Best Practices | Book Excerpts | For consumers | For technologists | Privacy | Steps forward | Top Stories

MY TAKE: With disinformation running rampant, embedding ethics into AI has become vital

By Byron V. Acohido

Plato once sagely observed, “A good decision is based on knowledge and not on numbers.” 

Related: How a Russian social media site radicalized U.S. youth

That advice resonates today, even as we deepen our reliance on number crunching — in the form of the unceasing machine learning algorithms whirring away in the background of our lives, setting in motion many of the routine decisions each of us make daily.

However, as Plato seemingly foresaw, the underlying algorithms we’ve come to rely on are only as good as the human knowledge they spring from. And sometimes the knowledge transfer from humans to math formulas falls well short.

Last  August, an attempt by the UK government to use machine learning to conjure and dispense final exam grades to quarantined high-schoolers proved to be a disastrous failure. Instead of keeping things operable in the midst of a global pandemic, the UK officials ended up exposing the deep systemic bias of the UK’s education systems, in a glaring way. 

Then, in November, the algorithms pollsters invoked to predict the outcome of the 2020 U.S. presidential election proved drastically wrong — again, even after the pollsters had poured their knowledge into improving their predictive algorithms after the 2016 elections.  

2 Comments | Read | January 18th, 2021 | For consumers | For technologists | My Take | Privacy | Steps forward | Top Stories

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

By Ellen Sabin

Today’s children are online at a young age, for many hours, and in more ways than ever before. As adults, we know that bad online decisions can have negative or dangerous effects for years to come.

Related: Web apps are being used to radicalize youth

The question isn’t whether we should educate children about online safety, but how we can best inspire them to learn to be thoughtful, careful, and safe in the cyber world for their lifetime. For adults doing the teaching, it’s no easy task.

Teaching children about good cyber security habits starts with helping them realize their power to learn to make smart choices. Often, messages about online security are presented as ‘to-do’ lists that can make even the most pliant of us feel like we are being preached to. Instead, let children think about why they want to become smart about online decisions and how they can make good choices.

Here are some tips to excite kids about cybersecurity.

Comment | Read | January 13th, 2021 | Best Practices | For consumers | Guest Blog Post | Privacy | Top Stories

Older Articles »