Data Privacy

Does data protection cover data security?

With all the news about data breaches and cyber attacks, it’s no wonder that you might be wondering if your data is really safe. After all, what’s the point of having data protection if your data isn’t actually secure? In this article, we’ll explore the answer to this question and give you some tips on how to keep your data safe.

Data security is the practice of protecting your data from unauthorized access or theft. Data security is important because it helps to protect your confidential information and prevent it from being accessed by people who should not have access to it. There are many ways to secure your data, including password protection, encryption, and physical security.

Data protection is the practice of safeguarding important information from unauthorized access. It is a broad term that can encompass everything from computer security to physical security measures. Data protection is important for both individuals and businesses, as it can help keep sensitive information safe from criminals and other unauthorized individuals. There are a variety of data protection measures that can be taken, and the best approach will vary depending on the type of information being protected and the potential threats.

The importance of both data protection and data security

Data protection and data security are both important considerations when it comes to keeping your information safe. Data protection covers the legal side of things, while data security focuses on the technical aspects. Both are essential to keep your data safe from theft, loss, or unauthorized access.

Data protection is important because it sets out the rules for how data must be handled. This includes specifying who can access the data, how it can be used, and what happens to it when it is no longer needed. Data security is just as important because it ensures that the data is kept safe from unauthorized access or destruction.

There are several ways to protect your data, such as encrypting it or storing it in a secure location. But no matter what measures you take, both data protection and data security are essential for keeping your information safe.

The difference between data protection and data security

Data protection and data security are two terms that are often used interchangeably, but there is a big difference between the two. Data protection is about ensuring that data is accurate and available when needed, while data security is about protecting data from unauthorized access or destruction.

Data protection is a broad term that covers measures to ensure the accuracy, availability, and integrity of data. This can include things like backing up data regularly, encrypting sensitive information, and making sure only authorized personnel to have access to confidential information.

Data security, on the other hand, is all about preventing unauthorized access to or destruction of data. This can include measures like physical security (such as locks and alarms), logical security (such as password protection and firewalls), and personnel security (such as background checks and training).

How to ensure both data protection and data security

Data protection is a critical part of any security strategy. By ensuring that your data is protected, you can help prevent unauthorized access and use. However, data protection alone is not enough to fully protect your information. You also need to implement security measures to help keep your data safe. Some common security measures include encryption, firewalls, and access control lists.  Data protection and data security are both important considerations when it comes to protecting your online information. Here are some tips to help you ensure both data protection and data security:

1. Use a secure connection: When transmitting data, always use a secure connection, such as SSL or TLS. This will help to protect your data from being intercepted by third parties.

2. Use strong passwords: Make sure to use strong passwords for all of your online accounts. A strong password should be at least eight characters long and include a mix of letters, numbers, and symbols.

3. encrypt your data: If you are concerned about the security of your data, you can encrypt it using software like TrueCrypt. This will make it difficult for anyone who does not have the key to access your data.

4. Keep your software up to date: Always keep your operating system and other software up to date. Software updates often include security fixes that can help protect your data from being compromised.

Under what circumstances does data protection apply?

Data protection is a term that refers to the set of laws and regulations governing the use and handling of personal data. It covers a wide range of topics, from data storage and destruction to data sharing and security. In most cases, data protection applies when personal data is being collected, used, or shared by organizations.

There are a few exceptions to this general rule. For example, data protection may not apply if the personal data in question is publicly available or if it is being used for research purposes. Additionally, some countries have their own specific data protection laws that may supersede general international regulations.

How does data protection apply to the workplace?

Data protection is a broad term that covers many different aspects of data security. In the workplace, data protection typically refers to the security of employee data, such as personal information, medical records, and financial information. Data protection in the workplace is important for several reasons: first, to protect the privacy of employees; second, to prevent unauthorized access to sensitive data; and third, to ensure the integrity of data.

There are a number of ways to protect data in the workplace, including physical security measures, such as locks and security cameras; logical security measures, such as password protection and encryption; and administrative measures, such as employee training and procedures for handling sensitive data. In addition, employers should have a policy in place that outlines how data will be protected and what employees should do if they suspect that their data has been compromised.

Data security Breaches and their Impact

Data security breaches can have a significant impact on individuals, businesses, and even governments. The most famous data security breach in recent years was the Equifax data breach, which exposed the personal information of over 145 million people. However, there have been many other data security breaches that have had serious consequences.

Data security breaches can result in the loss of sensitive information, financial losses, and reputational damage. In some cases, data breaches can even lead to identity theft and fraud. If you are a victim of a data security breach, it is important to take steps to protect yourself and your information.

If you are a business, data security breaches can also have a serious impact on your bottom line. Not only can you lose money from direct financial losses, but you may also face legal liabilities and damages. Data security breaches can also damage your reputation and make it difficult to attract new customers.

To protect against data security breaches, businesses should take measures to secure their data. This includes encrypting data, implementing strong access controls, and regularly backing up data. Individuals can also take steps to protect themselves by being careful about what information they share online and using strong passwords for their accounts.

Conclusion

Data protection and data security are two important concepts when it comes to safeguarding your information. Data protection covers the ways in which your data can be used, while data security focuses on protecting your data from unauthorized access or theft. Both are important for keeping your information safe, so make sure you understand the difference between them.

533 Million Facebook Users Data Breached


Facebook is by far the largest and most popular social media platform used today. With 2.8 billion users and .84 billion daily active users, it controls nearly 59% of the social media market. With that many users, one can only imagine the amount of data produced and collected by Facebook every second. A majority of the data collected is personal information on its users. The social tech platform collects its user’s names, birthdays, phone numbers, email addresses, locations, and in some cases photo IDs. All of this information can be maliciously used if it got into the wrong hands, which is why numerous people are worried about the latest Facebook data breach. 

Microsoft Exchange Server Hack – Everything You Should Know



What happened with the Facebook Data Leak?

The most recent Facebook data leak was exposed by a user in a low-level hacking forum who published the phone numbers and personal data of hundreds of millions of Facebook users for free. The exposed data includes the personal information of over 533 million Facebook users from 106 countries. The leaked data contains phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.

The leak was discovered in January when a user in the same hacking forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users for a price. A Facebook spokesperson is claiming that the data was scraped because of a vulnerability that the company patched in 2019. Data scraping is a technique in which a computer program extracts data from human-readable output coming from another program. The vulnerability uncovered in 2019 allowed millions of phone numbers to be scraped from Facebook’s servers in violation of its terms of service. Facebook said that vulnerability was patched in August 2019.

However, the scraped data has now been posted on the hacking forum for free, making it available to anyone with basic data skills. The leaked data could be priceless to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials.

Who’s Running on AWS – Featuring Twitter



What caused the Facebook data breach?

When Facebook was made aware of the data exposed on the hacking forum, they were quick to say that the data is old from a break that occurred in 2019. Basically, they’re saying this is nothing new, the data has been out there for some time now and they patched the vulnerability in their system. In fact, the data, which first surfaced back in 2019, came from a breach that Facebook did not disclose in any significant detail at the time. Facebook never really let this data breach be publicly known. 

Uncertainty with Facebook’s explanation comes from the fact that they had a number of breaches and exposures from where the data could have come from. Here is a list of recent Facebook “data leaks” in recent years:

  • April 2019 – 540 million records exposed by a third party and disclosed by the security firm UpGuard
  • September 2019 – 419 million Facebook user records scraped from the social network by bad actors before a 2018 Facebook policy change
  • 2018 – Cambridge Analytica third-party data sharing scandal
  • 2018 – Facebook data breach that compromised access tokens and virtually all personal data from about 30 million users

Facebook eventually explained that the most recent data exploit of 533 million user accounts is a different data set that attackers created by abusing a flaw in a Facebook address book contacts import feature. Facebook says it patched the weak point in August 2019, but it’s uncertain how many times the bug was exploited before then.



How can you find out if your personal information is part of the Facebook breach?

With so much personal information on social media today, you’d expect the tech giants to have a strong grip on their data security measures. With the latest Facebook breach, a large amount of data was exposed including full names, birthdays, phone numbers, and locations. Facebook says that the data leak originated from an issue in 2019, which has since been fixed. Regardless, there’s no way to reclaim that data. A third-party website, haveibeenpwned.com, makes it easy to check if you’re data was part of the leaked information. Simply, input your email to find out.  Though 533 million Facebook accounts were included in the breach, only 2.5 million of those included emails in the stolen data. That means you’ve got less than a half-percent chance of showing up on that website. Although this data is from 2019, it could still be of value to hackers and cybercriminals like those who take part in identity theft. This should serve as a reminder to not share any personal information on social media that you don’t want a stranger to see.



TOP 5 VPN’S OF 2021

In today’s working environment, no one knows when remote work will be going away, if at all.  This makes remote VPN access all the more important for protecting your privacy and security online. As the landscape for commercial VPNs continues to grow, it can be a daunting task to sort through the options to find the best VPN to meet your particular needs. That’s exactly what inspired us to write this article. We’ve put together a list of the five best and most reliable VPN options for you.

What is a VPN and why do you need one?

A VPN is short for a virtual private network. A VPN is what allows users to enjoy online privacy and obscurity by creating a private network from a public internet connection. A VPN disguises your IP address, so your online actions are virtually untraceable. More importantly, a VPN creates secure and encrypted connections to provide greater privacy than a secured Wi-Fi hotspot can.

Think about all the times you’ve read emails while sitting at the coffee shop or checking the balance in your bank account while eating a restaurant. Unless you were logged into a private network that required a password, any data transmitted on your device could be exposed. Accessing the web on an unsecured Wi-Fi network means you could be exposing your private information to nearby observers. That’s why a VPN, should be a necessity for anyone worried about their online security and privacy. The encryption and privacy that a VPN offers, protect your online searches, emails, shopping, and even bill paying. 

Take a look at our top 5 server picks for 2021.

Our Top 5 List of VPN’s for 2021

ExpressVPN

  • Number of IP addresses: 30,000
  • Number of servers: 3,000+ in 160 locations
  • Number of simultaneous connections: 5
  • Country/jurisdiction: British Virgin Islands
  • 94-plus countries

ExpressVPN is powered by TrustedServer technology, which was built to ensure that there are never any logs of online activities. In the privacy world, ExpressVPN has a solid track record, having faced a server removal by authorities which proved their zero-log policy to be true. ExpressVPN offers a useful kill switch feature, which prevents network data from leaking outside of its secure VPN tunnel in the event the VPN connection fails. ExpressVPN also offers support of bitcoin as a payment method, which adds an additional layer of privacy during checkout.

Protect your data using an airgap with LTO Tape: Read the Blog

Surfshark

  • Number of servers: 3,200+
  • Number of server locations: 65
  • Jurisdiction: British Virgin Islands

Surfshark’s network is smaller than some, but the VPN service makes up for it with the features and speeds it offers. The biggest benefit it offers is unlimited device support, meaning users don’t have to worry about how many devices they have on or connected. It also offers antimalware, ad-blocking, and tracker-blocking as part of its software. Surfshark has a solid range of app support, running on Mac, Windows, iOS, Android, Fire TV, and routers. Supplementary devices such as game consoles can be set up for Surfshark through DNS settings. Surfshark also offers three special modes designed for those who want to bypass restrictions and hide their online footprints. Camouflage Mode hides user’s VPN activity so the ISP doesn’t know they’re using a VPN. Multihop jumps the connection through multiple countries to hide any trail. Finally, NoBorders Mode “allows users to successfully use Surfshark in restrictive regions.

NordVPN

  • Number of IP addresses: 5,000
  • Number of servers: 5,200+ servers
  • Number of server locations: 62
  • Country/jurisdiction: Panama
  • 62 countries

NordVPN is one of the most established brands in the VPN market. It offers a large concurrent connection count, with six simultaneous connections through its network, where nearly all other providers offer five or fewer. NordVPN also offers a dedicated IP option, for those looking for a different level of VPN connection. They also offer a kill switch feature, which prevents network data from leaking outside of its secure VPN tunnel in the event the VPN connection fails. While NordVPN has had a spotless reputation for a long time, a recent report emerged that one of its rented servers was accessed without authorization back in 2018. Nord’s actions following the discovery included multiple security audits, a bug bounty program, and heavier investments in server security. The fact that the breach was limited in nature and involved no user-identifying information served to further prove that NordVPN keeps no logs of user activity. 

Looking for even more security? Find out how to set up a Zero Trust Network here.

IPVanish

  • Number of IP addresses: 40,000+
  • Number of servers: 1,300
  • Number of server locations: 60
  • Number of simultaneous connections: 10
  • Country/jurisdiction: US

A huge benefit that IPVanish offers its users is an easy-to-use platform, which is ideal for users who are interested in learning how to understand what a VPN does behind the scenes. Its multiplatform flexibility is also perfect for people focused on finding a Netflix-friendly VPN. A special feature of IPVanish is the VPN’s support of Kodi, the open-source media streaming app. The company garners praise for its latest increase from five to ten simultaneous connections. Similar to other VPNs on the list, IPVanish has a kill switch, which is a must for anyone serious about remaining anonymous online. 

Norton Secure VPN

  • Number of countries: 29
  • Number of servers: 1,500 (1,200 virtual)
  • Number of server locations: 200 in 73 cities
  • Country/jurisdiction: US

Norton has long been known for its excellence in security products, and now offers a VPN service. However, it is limited in its service offerings as it does not support P2P, Linux, routers, or set-top boxes. It does offer Netflix and streaming compatibility. Norton Secure VPN speeds are comparable to other mid-tier VPNs in the same segment. Norton Secure VPN is available on four platforms: Mac, iOS, Windows, and Android. It is one of the few VPN services to offer live 24/7 customer support and 60-day money- back guarantee.

5 Cyber Security Trends from 2020 and What We Can Look Forward to Next Year

Today’s cybersecurity landscape is changing a faster rate than we’ve ever experienced before. Hackers are inventing new ways to attack businesses and cybersecurity experts are relentlessly trying to find new ways to protect them. Cost businesses approximately $45 billion, cyber-attacks can be disastrous for businesses, causing adverse financial and non-financial effects. Cyber-attacks can also result in loss of sensitive data, never-ending lawsuits, and a smeared reputation. 

 

With cyber-attack rates on the rise, companies need to up their defenses. Businesses should take the time to brush up on cybersecurity trends for the upcoming year, as this information could help them prepare and avoid becoming another victim of a malicious attack. Given the importance of cyber security in the current world, we’ve gathered a list of the top trends seen in cybersecurity this year and what you can expect in 2021.

INCREASE IN SPENDING

 

It’s no secret that cybersecurity spending is on the rise. It has to be in order to keep up with rapidly changing technology landscape we live in. For example, in 2019 alone, the global cyber security spending was estimated to be around $103 billion, a 9.4% increase from 2018. This year the US government spent $17.4 billion on cybersecurity, a 5% increase from 2019. Even more alarming is the fact that cybercrime is projected to exceed $6 trillion annually by 2021 up from $3 trillion in 2015. The most significant factor driving this increase is the improved efficiency of cybercriminals. The dark web has become a booming black market where criminals can launch complex cyberattacks.  With lower barriers to entry and massive financial payoffs, we can expect cybercrime to grow well into the future.

 

Learn more about how Microsoft is teaming up with US National Security to defeat threatening malware bot.

COMPANIES CONTINUE TO LEARN

 

Demand for cybersecurity experts continued to surpass the supply in 2020. We don’t see this changing anytime soon either. Amidst this trend, security experts contend with considerably more threats than ever before. Currently, more than 4 million professionals in the cybersecurity field are being tasked with closing the skills gap. Since the cybersecurity learning curve won’t be slowing anytime soon, companies must come to grips with strategies that help stop the shortage of talent. Options include cross-training existing IT staff, recruiting professionals from other areas, or even setting the job qualifications at appropriate levels in order to attract more candidates. 

 

Most organizations are starting to realize that cybersecurity intelligence is a critical piece to growth Understanding the behavior of their attackers and their tendencies can help in anticipating and reacting quickly after an attack happens. A significant problem that also exists is the volume of data available from multiple sources. Add to this the fact that security and planning technologies typically do not mix well. In the future, expect continued emphasis on developing the next generation of cyber security professionals.

THE INFLUENCE OF MACHINE INTELLIGENCE DEVELOPS

 

Artificial Intelligence (AI) and Machine Learning (ML) are progressively becoming necessary for cybersecurity. Integrating AI with cybersecurity solutions can have positive outcomes, such as improving threat and malicious activity detection and supporting fast responses to cyber-attacks. The market for AI in cybersecurity is growing at a drastic pace. In 2019, the demand for AI in cybersecurity surpassed $8.8 billion, with the market is projected to grow to 38.2 billion by 2026. 

 

Find out how the US military is integrating AI and ML into keeping our country safe.

MORE SMALL BUSINESSES INVEST IN CYBER PROTECTION

 

When we think of a cyber-attack occurring, we tend to envision a multibillion-dollar conglomerate that easily has the funds to pay the ransom for data retrieval and boost its security the next time around. Surprisingly, 43% of cyber-attacks happen to small businesses, costing them an average of $200,000. Sadly, when small businesses fall victim to these attacks, 60% of them go out of business within six months.

 

Hackers go after small businesses because they know that they have poor or even no preventative measures in place. A large number of small businesses even think that they’re too small to be victims of cyber-attacks. Tech savvy small businesses are increasingly taking a preventative approach to cybersecurity. Understanding that like big organizations, they are targets for cybercrimes, and therefore adapting effective cybersecurity strategies. As a result, a number of small businesses are planning on increasing their spending on cybersecurity and investing in information security training.

 

We have the ultimate cure to the ransomware epidemic plaguing small business.

CYBER-ATTACKS INCREASE ON CRITICAL INFRASTRUCTURES

 

Utility companies and government agencies are extremely critical the economy because they offer support to millions of people across the nation. Critical infrastructure includes public transportation systems, power grids, and large-scale constructions. These government entities store massive amounts of personal data about their citizens. such as health records, residency, and even bank details. If this personal data is not well protected, it could fall in the wrong hands resulting in breaches that could be disastrous. This is also what makes them an excellent target for a cyber-attack. 

 

Unfortunately, the trend is anticipated to continue into 2021 and beyond because most public organizations are not adequately prepared to handle an attack. While governments may be ill prepared for cyber-attacks, hackers are busy preparing for them. 

 

Curious About the Future of all Internet Connected Devices? Read Our Blog here

WHAT CAN WE LOOK FORWARD TO IN 2021?

Going forward into a new year, it’s obvious that many elements are coming together to increase cyber risk for businesses. Industry and economic growth continue to push organizations to rapid digital transformation, accelerating the use of technologies and increasing exposure to many inherent security issues. The combination of fewer cyber security experts and an increase of cyber-crime are trends that will continue for some time to come. Businesses that investment in technologies, security, and cybersecurity talent can greatly reduce their risk of a cyber-attack and  increase the likelihood that cybercriminals will look elsewhere to manipulate a less prepared target.

NCSAM WEEK 4 ; The Future of Internet Connected Devices

A decade ago, the average household would not be able to answer their front door from miles away via a smartphone, or order dinner by simply speaking to a small box. These things may have been customary in Hollywood spy films, but now they can be found in nearly every home across America. These internet connected devices are what is known as the Internet of Things.

 

The internet world is flourishing. It’s not just about computers, laptops, tablets, and smartphones anymore. There are now thousands of devices that are internet-connected. The list of devices has grown to washing machines, robotic vacuum cleaners, door locks, toys, and toasters. Because all of these devices are connected to one another through the internet, we must be more aware of these devices and their settings to protect our data and our privacy.

New Internet-connected devices provide a never before seen level of convenience in our lives, but they also require that we share more information than ever. The cars we drive, appliances we use to cook, our watches we use to tell time, the lighting in our homes, and even our home security systems, all contain sensing devices that can talk to another machine and trigger other actions. We have devices that direct that control the amount of energy we use in our homes and the energy in our bodies by tracking eating, sleeping, and exercise habits.

The security of the information users share with these devices is not always guaranteed. Once the device itself connects to the Internet, it is vulnerable to all sorts of risks. It is important than ever that we secure our devices, with more entering our homes and workplaces each day.

Upgrading your organizations network devices is easier than ever with DTC

Future Predictions about Internet Connected Devices

 

There will be more than to 21 billion IoT devices by 2025.

In 2016, there were more than 4.7 billion devices connected to the internet, and by 2021 it is expected to increase to nearly 11.6 billion devices.

There will be more “smart” cities.

Household consumers aren’t the only ones that use the power of internet connected devices. Cities and companies are also adopting smart technologies to save both time and money. Cities are able to automate, remotely manage, and collect data through things like visitor kiosks, video camera surveillance systems, bike rental stations, and taxis.

See how some cities are using AI to help crisis management

Artificial intelligence (AI) will keep growing

Smart home hubs, thermostats, lighting systems, and even TVs collect data on your habits and patterns of usage. When users set up voice-controlled devices, the allow them to record what is said and store the recordings in the cloud. The data is collected in the creation of what is known as machine learning. Machine learning is a type of artificial intelligence that helps computers “learn” without someone having to program them. 

Network routers become more secure and smarter

Most internet connected devices exist in the home and don’t have security software installed, leaving them vulnerable to attacks. As manufacturers rush to get their products to market in a rapid manner, security becomes an afterthought. 

The router is the entry point of the internet and gate keeper into your home, giving it the ability to provide protection to all of the connected devices. A conventional router provides some security, like password protection, firewalls, and the ability to allow only certain devices on your network. In the future, router manufacturers will continue to find new ways to increase security.

5G Networks Will Drive IoT Growth

Wireless carriers will continue to implement 5G (fifth generation) networks, promising increased speed and the ability connect more smart devices at the same time. Faster network speeds translate into increased data collected by your smart devices to be analyzed and managed, driving innovation and growth. 

Cars Will Continue to Get Smarter

The emergence of 5G will impact the auto industry like never before. The development of driverless cars and internet connected vehicles will advance from data moving faster. New cars will increasingly analyze your data and connect with other IoT devices, including other high-tech vehicles on the road.

5G Connected Devices Will Open the Door to New Security Concerns

Eventually, 5G internet connected devices will connect directly to the 5G network than via a Wi-Fi router, making those devices more vulnerable to direct attack. Devices will be more difficult for in-home users to secure when they bypass a central router.

 

For more information on CyberSecurity & how to be #CyberSmart, visit the CISA website today:

Click Here: https://www.cisa.gov/national-cyber-security-awareness-month

NCSAM Week 2 ; Securing Devices at Home and Work

Securing Devices at Home and Work

 

According to a 2018 study by CNBC, there were over 70% of employees around the world working remotely at least one day per week. With the recent COVID-19 pandemic, many organizations have had to make full-time remote work an option just to stay in business. As full-time remote workers are progressively more common, there still aren’t many resources that focus on the cybersecurity risk created by working remotely.

With the latest surge in working from home (WFH) employees, businesses are forced to rely on business continuity planning. This means that organizations must find ways to protect their customer’s sensitive data simultaneously granting workplace flexibility. Provided the current conditions we are all facing and in celebration of Cyber Security Awareness Month (CSAM), we thought we should share a few tips to help your business increase its cybersecurity.

Security tips for the home, office and working from a home office

Secure your working area

The first and easiest piece of security advice would be to physically secure your workspace. Working remotely should be treated the same as working in the office, o you need to lock up when you leave. There have been way too many instances when laptops with sensitive data on them have been stolen from living rooms, home offices, and even in public settings such as coffee shops. Never leave your devices unattended and lock doors when you leave.

See why laptop and home office security is so important. 

Secure your router

Cybercriminals take advantage of default passwords on home routers because it is not often changed, leaving any home network vulnerable. Change the router’s password from the default to something unique. You can also make sure firmware updates are installed so known vulnerabilities aren’t exploitable. 

Use separate devices for work and personal

It’s important to set separate restrictions between your work devices and home devices. At first it may seem like an unnecessary burden to constantly switch between devices throughout the day, but you never know if one has been compromised. Doing the same for your mobile devices, can decrease the amount of sensitive data exposed if your personal device or work device has been attacked.

Encrypt the device you are using

Encryption is the process of encoding information so only authorized parties can access it. If your organization hasn’t already encrypted its devices, it should. Encrypting the devices prevents strangers from accessing the contents of your device without the password, PIN, or biometrics. 

Below is a way to encrypt devices with the following operating systems:

  • Windows: Turn on BitLocker.
  • macOS: Turn on FileVault.
  • Linux: Use dm-crypt or similar.
  • Android: Enabled by default since Android 6.
  • iOS: Enabled by default since iOS 8.

Check that your operating system is supported and up to date.

Usually, operating system developers only support the last few major versions, as supporting all versions is costly and the majority of users upgrade when told to do so. Unsupported operating systems no longer receive security patches, making your device and sensitive data at risk. If your device does not support the latest operating system, it may be time to look into updating the device.

Here’s how to check if your operating system is still supported:

  • Windows: Check the Windows lifecycle fact sheet
  • macOS: Apple has no official policy for macOS. That said, Apple consistently supports the last three versions of macOS. So assuming Apple releases a new version of macOS each year, each release of macOS should be supported for roughly three years.
  • Linux: Most active distributions are well supported.
  • Android: Security updates target the current and last two major versions, but you may need to check that your manufacturer/carrier is sending the security patches to your device. 
  • iOS: Like macOS, Apple has no official policy for iOS but security updates generally target the most recent major version and the three prior. 

Read more about Android security here

Create a strong PIN/password only YOU know

Everything mentioned prior to this won’t matter if you don’t use a strong password. A common tip for creating a strong password is to avoid using repeating numbers (000000), sequences (123456), or common passwords such as the word password itself.

More tips on creating a strong password include:

  • Avoid using anything that is related to you
  • Avoid using your date of birth
  • Avoid using your license plate
  • Avoid using your home address
  • Avoid using any family members or pets’ names.

 

 A good pin/password should appear arbitrary to everyone except you. Consider investing in a password manager. A good password manager can help you create strong passwords and remember them, as well as share them with family members, employees, or friends securely. 

Learn more about how to create a strong password

 Install antivirus software

An antivirus software is a program that detects or recognizes a harmful computer virus and works on removing it from the computer system. Antivirus software operates as a preventive system so that it not only removes a virus but also counteracts any potential virus from infecting the device in the future.

Authorize two-factor authentication

Two-factor authentication is an authentication method where access is granted only after successfully presenting two pieces of evidence to an authentication mechanism.  This method has been proven to reduce the risk of successful phishing emails and malware infections. Even if the cybercriminal is able to get your password, they are unable to login because they do not have the second piece of evidence.

The first and most common evidence is a password. The second takes many forms but is typically a one-time code or push notification. There are several applications that can be used for two factor authentication such as Google Authenticator. 

Erase data from any devices you plan to sell

This should be the number one rule on any cybersecurity list. It is only a matter of time until your devices are obsolete, and it is time to upgrade. The one thing you don’t want is to have a data leak because you failed to properly erase the data from your device before selling or disposing of it. Returning the device to factory setting may not always be enough, as some hackers know how to retrieve the data that has been “erased”. Before doing anything, always remember to back up your data to multiple devices before clicking that “delete” button. 

Consult with your operating system to see how to properly reset your device to factory settings. If you are certain you do not want the data on your device to be accessed ever again, we can help with that. Here is a list of data destruction services we provide:

Security tips for employers handling a remote workforce

Train employees on cybersecurity awareness

As cybercriminals are always looking for new ways to bypass security controls to gain access to sensitive information, cybersecurity isn’t something that can just be taught once. It must be a continual learning and retention. Here are a few things that a business can teach their staff in order to help thwart a cyberattack:

  • Avoid malicious email attachments and other email-based scams
  • Identify domain hijacking
  • Use operations security on their social media accounts and public profiles 
  • Only install software if they need to 
  • Avoid installing browser plugins that come from unknown or unidentified developers

Use a virtual private network (VPN)

A virtual private network (VPN) extends a private network across a public network, enabling you to send and receive data across shared or public networks as if you are directly connected to the private network. They do this by establishing a secure and encrypted connection to the network over the internet and routing your traffic through that. This keeps you secure on public hotspots and allows for remote access to secure computing assets. 

Celebrating National Cyber Security Awareness Month

Celebrating National Cyber Security Awareness Month

 

Every October since 2004, National Cyber Security Awareness Month (NCSAM) is observed in the United States. Started by the National Cyber Security Division within the Department of Homeland Security and the nonprofit National Cyber Security Alliance, the NCSAM aims to spread awareness about the importance of cybersecurity. The National Cyber Security Alliance launched NCSAM as a large effort to improve online safety and security. Since 2009, the month has included an overall theme, for 2020 we celebrate “Do Your Part, #BeCyberSmart”. Weekly themes throughout the month were introduced in 2011. This year, our weekly themes will be as follows:

  • Week of October 5 (Week 1): If You Connect It, Protect It
  • Week of October 12 (Week 2): Securing Devices at Home and Work
  • Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare
  • Week of October 26 (Week 4): The Future of Connected Devices

If You Connect IT. Protect IT.

 

October 1, 2020, marked the 17th annual National Cybersecurity Awareness Month (NCSAM), reminding everyone of the role we all play in online safety and security at home and in the workplace. Brought forth by both the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), NCSAM is a joint effort between government and industry to make sure every American has the resources they need to stay safe and secure online. 

To kick off National Cyber Security Awareness Month, here are some tips to stay say online:

Enable multi-factor authentication (MFA). This ensures that the only person who has access to your account is you. Use MFA for email, banking, social media and any other service that requires logging in.

Use the longest password allowed. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passphrase for each of your accounts.

Protect what you connect. Whether it’s your computer, smartphone, game device or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser and operating systems. 

Limit what information you post on social media.  Cyber criminals look for everything, from personal addresses to your pet’s names. What many people don’t realize is that these seemingly random details are all cybercriminals need to know to target you, your loved ones, and your physical belongings. Keep Social Security numbers, account numbers and passphrases private, as well as specific information about yourself, such as your full name, address, birthday and even vacation plans. Disable location services that allow anyone to see where you are.

Stay protected on public networks. Before you connect to any public Wi-Fi be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. Your personal hotspot is a safer alternative to free Wi-Fi. Also, only use sites that begin with “https://” when shopping or banking online.

Introducing CISA, the Federal Governments Protection Against Cyber-Attacks

 

On November 16, 2018, the United States Congress formed the Cybersecurity and Infrastructure Security Agency (CISA) to detect threats, quickly communicate the information and aid in defense of the nation’s critical infrastructure. The new federal agency was created through the Cybersecurity and Infrastructure Security Agency Act of 2018, which was signed into law by President Donald Trump. That legislature made the National Protection and Programs Directorate (NPPD) of the Department of Homeland Security’s (DHS) the new Cybersecurity and Infrastructure Security Agency, reassigning all resources and responsibilities within. Before the bill was passed, the NPPD handled all of DHS’s cybersecurity-related affairs.

 

Why the CISA was Formed

In April 2015, IT workers at the United States Office of Personnel Management (OPM), the agency that manages the government’s civilian workforce, discovered that some of its personnel files had been hacked. Sensitive personal data on 22 million current and former federal employees was stolen by suspected Chinese hackers. Among the sensitive data that was stolen, were millions of SF-86 forms, which contain extremely personal information collected in background checks for people requesting government security clearances, along with records of millions of people’s fingerprints. 

In the wake of the massive data breach, it became even more evident that the Department of Homeland Security was not effectively positioned to respond to the growing threat of cyber-attacks, both foreign and domestic.  As more foreign invasions into U.S. IT infrastructure and other forms of cybersecurity attacks increased, industry experts demanded the creation of a new agency that would be more aligned to handle the issue of cyber security.

DHS’s cybersecurity strategy, made public in May 2018, offered a strategic framework to carry out the government’s cybersecurity responsibilities during the following five years. The strategy highlighted a unified approach to managing risk and lending greater authority to the creation of a separate cybersecurity agency. Besides the need for a new approach to the nation’s cybersecurity threats, CISA was created to solve what security professionals and government officials frequently referred to as a “branding” problem DHS faced with NPPD. CISA would be a clear and focused federal agency.

Learn more about the 2015 OPM Attack

What Does CISA Do?

 

In a nutshell, CISA is in charge of protecting the nation’s critical infrastructure from physical and cyber-attacks. The agency’s mission is to build the national capacity to defend against cyber-attacks and to work with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the .gov networks that support the essential operations of partner departments and agencies. Below is a list of other responsibilities the CISA has undertaken as a newly formed federal agency:

  • Coordinate security and resilience efforts using trusted partnerships across the private and public sector
  • Deliver technical assistance and assessments to federal stakeholders as well as to infrastructure owners and operators nationwide
  • Enhance public safety interoperable communications at all levels of government 
  • Help partners across the country develop their emergency communications capabilities
  • Conducts extensive, nationwide outreach to support and promote the ability of emergency response providers and relevant government officials to continue to communicate in the event of a natural disaster, act of terrorism, or other man-made disaster

Visit the CISA official government page

Who Leads the CISA?

 

The CISA is made up of two core operations that are vital to the agency’s success. First, is the National Cybersecurity and Communications Integration Center (NCCIC), which delivers 24×7 cyber-situational awareness, analysis, incident response and cyber-defense capabilities to the federal government. The NCCIC operates on state, local, tribal, and territorial government levels; within the private sector; and with international partners. The second is the National Risk Management Center (NRMC), which is a planning, analysis and collaboration center working to identify and address the most significant risks to the nation’s critical infrastructure.

The CISA is led by a team of eight highly respected and experienced team of individuals.

  • Director, Cybersecurity, and Infrastructure Security Agency (CISA), Christopher C. Krebs 
  • Deputy Director, Matthew Travis 
  • Assistant Director for Cybersecurity, Bryan Ware 
  • Assistant Director (Acting) for Infrastructure Security, Steve Harris
  • Assistant Director, National Risk Management Center, Bob Kolasky 
  • Assistant Director (Acting) for Emergency Communications, Vincent DeLaurentis 
  • Assistant Director for Integrated Operations, John Felker
  • Assistant Director (Acting) for Stakeholder Engagement, Bradford Willke

You can learn more about the CISA leadership team and their structure here.

Apple’s Bug Bounty Program : Hacker’s Getting Paid

How does one of the largest and most innovative companies in history prevent cyber attacks and data hacks? They hire hackers to hack them. That’s right, Apple pays up to $1 million to friendly hackers who can find and report vulnerabilities within their operating systems. Recently, Apple announced that it will open its Bug Bounty program to anyone to report bugs, not just hackers who have previously signed up and been approved. 

 

Apple’s head of security engineering Ivan Krstic says is that this is a major win not only for iOS hackers and jailbreakers, but also for users—and ultimately even for Apple. The new bug bounties directly compete with the secondary market for iOS flaws, which has been booming in the last few years. 

 

In 2015, liability broker Zerodium revealed that will pay $1 million for a chain of bugs that allowed hackers to break into the iPhone remotely. Ever since, the cost of bug bounties has soared. Zerodium’s highest payout is now $2 million, and Crowdfense offering up to $3 million.

So how do you become a bug bounty for Apple? We’ll break it down for you.

 

What is the Apple Security Bounty?

As part of Apple’s devotion to information security, the company is willing to compensate researchers who discover and share critical issues and the methods they used to find them. Apple make it a priority to fix these issues in order to best protect their customers against a similar attack. Apple offers public recognition for those who submit valid reports and will match donations of the bounty payment to qualifying charities.

See the Apple Security Bounty Terms and Conditions Here

Who is Eligible to be a Bug Bounty?

 

In order to qualify to be an Apple Bug Bounty, the vulnerability you discover must appear on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration. The eligibility rules are intended to protect customers until an update is readily available. This also ensures that Apple can confirm reports and create necessary updates, and properly reward those doing original research. 

Apple Bug Bounties requirements:

  • Be the first party to report the issue to Apple Product Security.
  • Provide a clear report, which includes a working exploit. 
  • Not disclose the issue publicly before Apple releases the security advisory for the report. 

Issues that are unknown to Apple and are unique to designated developer betas and public betas, can earn a 50% bonus payment. 

Qualifying issues include:

  • Security issues introduced in certain designated developer beta or public beta releases, as noted in their release notes. Not all developer or public betas are eligible for this additional bonus.
  • Regressions of previously resolved issues, including those with published advisories, that have been reintroduced in certain designated developer beta or public beta release, as noted in their release notes.

How Does the Bounty Program Payout?

 

The amount paid for each bounty is decided by the level of access attained by the reported issue. For reference, a maximum payout amount is set for each category. The exact payment amounts are determined after Apple reviews the submission. 

Here is a complete list of example payouts for Apple’s Bounty Program

The purpose of the Apple Bug Bounty Program is to protect consumers through understanding both data exposures and the way they were utilized. In order to receive confirmation and payment from the program, a full detailed report must be submitted to Apple’s Security Team.  

 

According to the tech giant, a complete report includes:

  • A detailed description of the issues being reported.
  • Any prerequisites and steps to get the system to an impacted state.
  • A reasonably reliable exploit for the issue being reported.
  • Enough information for Apple to be able to reasonably reproduce the issue. 

 

Keep in mind that Apple is particularly interested in issues that:

  • Affect multiple platforms.
  • Impact the latest publicly available hardware and software.
  • Are unique to newly added features or code in designated developer betas or public betas.
  • Impact sensitive components.

Learn more about reporting bugs to Apple here

The TikTok Controversy: How Much Does Big Tech Care About Your Data and its Privacy?

If you have a teenager in your house, you’ve probably encountered them making weird dance videos in front of their phone’s camera. Welcome to the TikTok movement that’s taking over our nation’s youth. TikTok is a popular social media video sharing app that continues to make headlines due to cybersecurity concerns. Recently, the U.S. military banned its use on government phones following a warning from the DoD about potential personal information risk. TikTok has now verified that it patched multiple vulnerabilities that exposed user data. In order to better understand TikTok’s true impact on data and data privacy, we’ve compiled some of the details regarding the information TikTok gathers, sends, and stores.

What is TikTok?

TikTok is a video sharing application that allows users to create short, fifteen-second videos on their phones and post the content to a public platform. Videos can be enriched with music and visual elements, such as filters and stickers. By having a young adolescent demographic, along with the content that is created and shared on the platform, have put the app’s privacy features in the limelight as of late. Even more so, questions the location of TikTok data storage and access have raised red flags.

You can review TikTok’s privacy statement for yourself here.

TikTok Security Concerns

Even though TikTok allows users to control who can see their content, the app does ask for a number of consents on your device. Most noteworthy, it accesses your location and device information. However, there’s no evidence to support the theory of malicious activity or that TikTok is violating their privacy policy, it is still advised to practice caution with the content that’s both created and posted.

The biggest concern surrounding the TikTok application is where user information is stored and who has access to it. According the TikTok website, “We store all US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law.” “The personal data that we collect from you will be transferred to, and stored at, a destination outside of the European Economic Area (“EEA”).” There is no other specific information regarding where user data is stored.

Recently, TikTok published a Transparency Report which lists “legal requests for user information”, “government requests for content removal”, and “copyrighted content take-down notices”. The “Legal Requests for User Information” shows that India, the United States, and Japan are the top three countries where user information was requested. The United States was the number one country with fulfilled request (86%) and number of accounts specified in the requests (255). Oddly enough, China is not listed as having received any requests for user information. 

What Kind of Data is TikTok Tracking?

Below are some of the consents TikTok requires on Android and iOS devices after installation of the app is completed. While some of the permissions are to be expected, these are all consistent with TikTok’s written privacy policy. When viewing all that TikTok gathers from its users, it can be alarming. In short, the app allows TikTok to:

  • Access the camera (and take pictures/video), the microphone (and record sound), the device’s WIFI connection, and the full list of contacts on your device.
  • Determine if the internet is available and access it if it is.
  • Keep the device turned on and automatically start itself.
  • Secure detailed information on the user’s location using GPS.
  • Read and write to the device’s storage, install/remove shortcuts, and access the flashlight (turn it off and on).

You read that right, TikTok has full access to your audio, video, and list of contacts in your phone. The geo location tracking via GPS is somewhat surprising though, especially since TikTok videos don’t display location information. So why collect that information? If you operate and Android device, TikTok has the capability of accessing other apps running at the same time, which can give the app access to data in another app such as a banking or password storage app. 

Why is TikTok Banned by the US Military?

In December 2019, the US military started instructing soldiers to stop using TikToK on all government-owned phones. This TikTok policy reversal came just shortly after the release of a Dec. 16 Defense Department Cyber Awareness Message classifying TikTok as having potential security risks associated with its use. As the US military cannot prevent government personnel from accessing TiKTok on their personal phones, the leaders recommended that service members use caution if unfamiliar text messages are received.

In fact, this was not the first time that the Defense Department had been required to encourage service members to remove a popular app from their phones. In 2016, the Defense Department banned the augmented-reality game, Pokémon Go, from US military owned smartphones. However, this case was a bit different as military officials alluded to concerns over productivity and the potential distractions it could cause. The concerns over TikTok are focused on cybersecurity and spying by the Chinese government.

In the past, the DoD has put out more general social media guidelines, advising personnel to proceed with caution when using any social platform. And all DoD personnel are required to take annual cyber awareness training that covers the threats that social media can pose.

Scroll to top