Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Top Stories

 

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

By Daniel J. Nemeth

Technology advancements have made it relatively easy for many employees to carry out their regular job duties from the comfort of their home.

Related: Poll confirms rise of Covid 19-related hacks

This is something companies are under pressure to allow to help minimize the spread of Covid 19. The main problem for remote workers is the threat to online security. Remote workers face having both their personal and work-related information compromised.

As a remote worker, it is imperative to take measures to protect yourself and your employer online. Start by checking to see what security protocols your company has in place. Your employers might be able to provide you with specific directions on how to handle certain aspects of your cybersecurity.

Here are some cybersecurity best practices tips that apply more than ever when it comes to remote workers carrying out their duties securely.

•Use strong passwords. It is essential to ensure that all accounts are protected with strong passwords. To this day, a significant amount of people still use the password across multiple accounts, which makes it much simpler for a cybercriminal to compromise a password and take over accounts.

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

By Ashley Lukehart

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Related: Companies must bear a broad security burden.

As a business owner, you must be aware of the implications of different types of malware on your company’s bottom line, and what steps you can take to protect your company from future attacks.

This article will walk you through the various types of malware, how to identify and prevent a malware attack, and how to mitigate the risks.

What is Malware  

Malware, a combination of the terms ‘malicious’ and ‘software,’ includes all malicious programs that intend to exploit computer devices or entire network infrastructures to extract victim’s data, disrupt business operations, or simply, cause chaos.

There’s no definitive method or technique that defines malware; any program that harms the computer or system owners and benefits the perpetrators is malware.

SHARED INTEL: Forrester poll – security decision makers report breaches escalated as Covid 19 spread

By Byron V. Acohido

Human suffering and economic losses weren’t the only two things that escalated with the spread of Covid 19 last year.

Related: Can ‘SASE’ help companies secure connectivity?

Network breaches also increased steadily and dramatically month-to-month in 2020. This development is delineated in a recent report from technology research firm Forrester.

In its summary report – The State of Network Security, 2020 To 2021—Forrester combined findings derived from several surveys the firm conducted during the course of last year; Forrester polled security decision makers in organizations across North America and Europe.

The overarching takeaway: more organizations were breached, more often, in 2020 that 2019; some 58% of security decision-makers in North America and Europe reported dealing with at least one breach in 2020 as compared to 48% in 2019.

Notably, the number of organizations that said they were breached more than three times in the 12-month period was up significantly, as well.

Both external and internal cyber assaults were pervasive. Attacks routinely routed through through employees, contractors and vendors; in short, folks granted access for legitimate reasons in order to participate in cloud-based commerce.

Some 40% of respondents who experienced a breach due to an internal incident said it was due to intentional abuse of access rights from current or former employees; 38% said it was from accidental or inadvertent misuse by employees; and 22% said it was a combination of both.

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

By Ellen Sabin

Cybersecurity training has steadily gained traction in corporate settings over the past decade, and rightfully so.

In response to continuing waves of data breaches and network disruptions, companies have made a concerted effort and poured substantial resources into promoting data security awareness among employees, suppliers and clients. Safeguarding data in workplace settings gets plenty of attention.

Related: Mock attack help schools prepare for hackers

However, the sudden and drastic shift to work-from-home and schooling-from-home settings has changed the ball game. The line between personal and professional use of digital tools and services, which was blurry even before the global pandemic, has now been obliterated by Covid-19.

Moving forward, companies can no longer afford to focus awareness training on just employees, partners and clients. It has become strategically important for them to promote best security practices in home settings, including the training of children.

Bringing smart habits into homes and minds is good for kids, good for parents, and, it turns out, good for businesses, too.

We’re all connected

Consider that kids are constantly connected on the internet with online games, streaming devices, virtual schooling, and zoom play dates. Adults increasingly are working from home, and usually on networks they share with their children. Mistakes online by one family member can lead to compromises in a household’s network, placing computers, personal data, and perhaps even work-related content at risk.

Cyber criminals have increased attacks as they see these opportunities. Companies must take this into account and consider extending employee training to also promote security and privacy habits among all family

GUEST ESSAY: HIPAA’s new ‘Safe Harbor’ rules promote security at healthcare firms under seige

By Riyan N. Alam

The Health Insurance Portability and Accountability Act — HIPAA — has undergone some massive changes in the past few years to minimize the burden of healthcare entities.

Related: Hackers relentless target healthcare providers

Despite these efforts, covered-entities and business associates continue to find HIPAA to be overwhelming and extensive, to say the least.

Cyberattacks against healthcare entities rose 45 percent between November 2020 and January 2021, according to Check Point . Meanwhile, the healthcare sector accounted for 79 percent of all reported data breaches during the first 10 months of 2020, a study by Fortified Health Security tells us.

At last, some good news has surfaced that encourages healthcare providers to implement the best security practices and meet HIPAA requirements. Amidst all of the turmoil, President Donald Trump officially signed H.R. 7898, known as the HIPAA Safe Harbor Bill, into law on January 5, 2021.

It is a new sign of relief for entities that could do very little against unavoidable and highly sophisticated cyberattacks. This bill is one of many recent industry efforts aimed at improving cybersecurity. The legislation amends the HITECH Act to require the Department of Health and Human Services (HHS) to reward organizations that follow the best cybersecurity practices for meeting HIPAA requirements.

ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular

By Byron V. Acohido

It’s only February — and 2021 already is rapidly shaping into the year of supply-chain hacks.

Related: The quickening of cyber warfare

The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer Relationship Management (CRM) platform as a gateway to compromise the cell phones of an undisclosed number of the telecom giant’s customers.

This bad news from UScellular follows similarly troubling disclosures from networking software supplier SolarWinds and from email security vendor Mimecast.

The SolarWinds hack came to light in mid-December and has since become a red hot topic in the global cybersecurity community.

Video: What all companies need to know about the SolarWinds hack

Meanwhile, Mimecast followed its Jan. 12 disclosure of a digital certificate compromise with a Jan. 26 posting confirming that the compromise was at the hands of the same nation-state threat group behind the SolarWinds hack and subsequent attacks on various technology companies and federal government agencies.

And now UScellular admits that it detected its network breach on Jan. 6, some two days after the attackers gained unauthorized access. The intruders got in by tricking UScellular retail store employees into downloading malicious software on store computers.

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

By Byron V. Acohido

The cybersecurity operational risks businesses face today are daunting, to say the least.

Related: Embedding security into DevOps.

Edge-less networks and cloud-supplied infrastructure bring many benefits, to be sure. But they also introduce unprecedented exposures – fresh attack vectors that skilled and motivated threat actors are taking full advantage of.

Adopting and nurturing a security culture is vital for all businesses. But where to start? Ted Harrington’s new book Hackable: How To Do Application Security Right argues for making application security a focal point, while laying out a practical framework that covers many of the fundamental bases.

Harrington is an executive partner at Independent Security Evaluators (ISE), a company of ethical hackers known for hacking cars, medical devices and password managers. He told me he wrote Hackable to inform folks oblivious to the importance of securing apps, even as corporate and consumer reliance on apps deepens.

Here are excerpts of an exchange Last Watchdog had with Harrington about his new book, edited for clarity and length:

LW: Why is it smart for companies to make addressing app security a focal point?

Harrington: Software runs the world. Application security is the soft underbelly to almost all security domains, from network security to social engineering and everything in between.