Why Your Cybersecurity Should Get Physical for National Clean Out Your Computer Day

This week sees the 18th National Clean Out Your Computer Day, and while It may feel like awareness days are popping up everywhere, this is an important one to take notice of, especially if you value keeping your personal data private. After all, to a criminal your personal or work computer can be a gold mine. If a stranger were to get access to your PC, it is possible that they may even learn enough to steal your identity.

Most of the advice given around Clean Out Your Computer Day concerns a modern type of cleaning – however what is more important than a dust cloth and anti-bacterial screen wipes, is having a decent knowledge of data sanitisation. This includes how to clear your browser and download history, turn off the ‘remember me’ setting for your regular passwords and run anti-virus software to make sure your computer is free from malware.

Clean Out Your Computer Day

But, the physical elements of your data and computer hygiene shouldn’t be ignored either. Recent research carried out by consulting firm EY has revealed that over 50% of businesses have increased their cybersecurity budget in the last year. Stricter cybersecurity often means that employees have a wealth of different login details and passwords to remember. However, according to the Password Exposé Report by password manager firm Last Pass, those using the service use an average of 191 passwords each month. This is an alarming statistic given that it is impossible for anyone to remember this many passwords. This is causing some people to share the burden of remembering passwords, with a study undertaken by Deloitte showing that 20 per cent of employees routinely share passwords.

This leads to multiple dangers, including employees writing down passwords or, maybe even displaying them in the office in full view of any visitors. It only takes a moment for the security of a business to be compromised and any digital security measured rendered null and void if, for example, paper documents full of sensitive business data are stolen off an employee’s desk and put into the wrong hands. Just recently the Hawaii Emergency Management Agency came under fire for posting a picture online that had a post-it note in the background that read ‘Password: warningpoint2’.

All of this demonstrates that organisations need to significantly improve, the way that their physical networks and data is looked after. In the same way that a business needs security cameras and access fobs, they also need to improve the data security awareness of their staff, turning them into a key first line of defence. You wouldn’t leave your keys in your front door, so why leave an opening to your corporate network stuck on the front of your PC monitor?

Organisations therefore need to proactively educate their employees on the dangers of leaving sensitive data vulnerable and encourage employees to actively keep paper documents in a secure location, such as a locked drawer.

This National Clean Out Your Computer Day, make sure an office wide spring clean includes your network, processes and data as well as the traditional desk ‘clean-out’.

Cyber Security and Social Media – Not Just a Risk for Individuals but for the Companies Where They Work

It’s long been known that social networks are viewed by cybercriminals as rich hunting grounds. Using social engineering techniques, they can obtain information through posts and images from social media profiles to launch targeted phishing attacks. Counterfeiters are also using increasingly sophisticated methods to dupe consumers into purchasing fake goods through social media. Panda Security recently warned of a new online scam propagating through Instagram’s advertising platform, where discounts of up to 70% on leading clothing brands are targeted at users who through their profile are most likely to ‘bite the hook’.

social media security strategy

However, the risks lurking behind social media platforms are not restricted just to the individuals that use them in their personal lives. If those individuals are in active employment, it’s highly likely that they will access their own personal accounts during working hours, either for personal purposes when on a coffee break or lunch, or for professional work related to activities such as networking. A 2016 survey conducted by US software company Sprout Social revealed that 7 out of 10 employees use social media at work, yet less than half of those surveyed said the companies they worked for gave guidance on the use of social media.

It is imperative that companies have in place a clear social media security strategy, yet studies by the Pew Research Center in the US found that just over 50% of businesses don’t. Social media sites don’t present completely new cyber threats but they do greatly increase the risk of falling victim to existing ones. By not taking the issue seriously enough they are risking exposure to a variety of potential threats, ranging from negative comments about the company by their own employees to possible involuntary breaches of confidentiality regarding the publication of corporate information.social media security strategy

Such a strategy should clearly define to employees what they can and cannot do on social media during working hours, starting with the obvious but often overlooked rule of not clicking on dubious or unknown links, such as those so commonly found nowadays on Facebook and Instagram.

A coherent strategy based on a full assessment of the social media risks, both by the company’s IT and Marketing divisions, and backed up from input from legal, compliance and operations, will help protect against some of the dangers lurking in the depths of social networks.

 

Data Privacy in the Age of Alexa

Reading the technology media coverage of both CES 2018 and the post-Christmas sales, it feels like smart devices are finally having their much predicted moment. Every consumer technology vendor seems to have their own take on the smart device, from Amazon and Google’s smart home hubs to Philip’s connected lightbulbs and Samsung’s internet enabled fridge. The rate of ownership of these particular devices may not be that high, with only 18% of UK households reporting owning one, however, if we include other connected devices such as wearables and smartphones, then it becomes very clear that these devices are appearing everywhere.

Internet connected devices have certainly made our lives easier and even have wide reaching potential for making our cities safer and more responsive for example through monitoring pollution and optimising traffic flow. Yet, as Data Privacy Day approaches, it is vital that we consider how all these devices will affect the use and collection of personal data.

A key part of Data Privacy Day, and the wider practice of data protection and privacy, is ensuring that individuals are aware of how their personal information is being used, collected and shared. This is vital for both consumers and businesses. Consumers should feel confident that their data is being used fairly and should be able to own their online presence, and businesses should be able to use customer data to improve and market their services in ethical and innovative ways. Awareness of the issue of data privacy is certainly growing, with IDC research published in 2017 finding that 84% of US consumers are concerned about the security of their personally identifiable information and with research from the UK Information Commissioners’ Office in 2016 showing that only one in four people trust businesses with their personal information. These concerns are likely to have been validated by last year’s Equifax breach.

Data Privacy Day 2018

Smart devices add a whole new dimension to these privacy concerns, however, due to the range of data which they are capable of collecting. Your Fitbit can collect data on how you sleep, your phone can record your location and (most importantly) your Smart Home Hub can record your voice. This certainly raises serious privacy concerns. Whilst we assume that the companies we use will collect our data, such as our browsing history and interests, and use it, this can often feel like a relatively impersonal exchange. You do, after all, have a degree of control over what you type into a search engine.

However, when you add data on how and when you sleep, voice recordings of what you say and do in your house and data on where and when you exercise, this data collection can suddenly feel incredibly personal and invasive. This data collection, when viewed as a whole, can amount to what Stay Safe Online call the ‘Internet of Me’  – a complete picture of your life, online, that could be used improperly or stolen by bad actors.

smart Home Hub

Technology vendors have a key role to play in ensuring that consumers feel safe by ensuring that security and transparency is built into products and that consumers can have complete control over what data is being collected. Data privacy should not be relegated to, or hidden, in the terms and conditions of a device, but instead be a headline feature.

In essence, whilst data privacy is certainly a challenge for both vendors and consumers in the age of Alexa, it also presents an opportunity for vendors who are willing to publically take responsibility for data privacy. Rather than an obstacle, data protection can instead be a major selling point for consumers concerned about the privacy of their online data.

 

La France, terre promise pour les start-up de la cybersécurité

En France, la cybersécurité est une affaire de start-up. Le secteur, en pleine expansion sera d’une importance capitale à l’avenir. Dans la course à l’armement entre hackers et les RSSI, avoir la mainmise technologique est primordial. Heureusement, en France, le secteur de la cybersécurité est en forme… et en particulier ses start-up. Tour d’horizon de celles qui font la réputation de notre pays en la matière.

Continue reading “La France, terre promise pour les start-up de la cybersécurité”

Security Implications of Blockchain Beyond Bitcoin

There is a new foundation being created for the internet, and it already looks like it will upgrade the very way the internet records and shares data. Moreover, many analysts believe this technology will shake up several industries, paving the way for user-to-user interactions without the use of a middle man. It’s called blockchain technology, and it was originally created to service Bitcoin transactions. But, what exactly is Blockchain technology?  Don and Alex Tapscott, authors of Blockchain Revolution, describe it as “an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.”

Blockchain

Continue reading “Security Implications of Blockchain Beyond Bitcoin”

Your Customers Feel Safe – Remember This If You’re Selling Security Solutions in Poland

Poles feel safe; this is evident in recent research by CBOS which shows that 89% of the population declares Poland is a safe country and 95% claim their neighbourhoods are inviolable and free from danger. On top of this 60% of respondents said they were not afraid of being a victim of any kind of offence and only 14 percent states they have been a victim of theft over the past 5 years. Isn’t this idyllic? Yes; but it arguably leaves many Poles a little credulous, especially when faced by cybercrime.

Poland CybercrimePoland Cybercrime

Continue reading “Your Customers Feel Safe – Remember This If You’re Selling Security Solutions in Poland”

Industry 4.0 – The Fourth Industrial Revolution That Will Herald A New Era in Cyber Security

Seven years ago, in a flurry of news headlines reminiscent of the recent WannaCry and NotPetya global ransomware attacks, reports came out about Stuxnet, a malware that targets Programmable Logic Controllers (PLCs) used in the automation of industrial machinery and processes. As the Iranians discovered at the time, this included nuclear centrifuges.

Despite infecting 200,000 computers worldwide and causing 1,000 machines in Iran’s Natanz nuclear facilities to shake themselves to pieces, it wasn’t long before it was largely forgotten about by the mainstream media. This may well have been because back in 2010 the concept of Industry 4.0 was still in its infancy and nowhere near as widely known as it is today.

Continue reading “Industry 4.0 – The Fourth Industrial Revolution That Will Herald A New Era in Cyber Security”

The Adobe Flash Phaseout: what it means for you and Cybersecurity

Adobe has recently announced the decision to gradually phaseout its Flash format and is working with partners to maintain the plugin and ensure a smooth transition until the Adobe Flash phaseout is complete in 2020.

Outdated and full of vulnerabilities, Adobe’s Flash is causing more harm than it is good. It’s a consistent threat to web users’ systems everywhere and its usage is decreasing as the use of HTML5, WebGL and Web Assembly grow. According to Google, 80% of desktop Chrome users were accessing a page running Flash three years ago and that figure has dropped to only 17% this year.

Flash is infamous for its numerous security vulnerabilities. According to CVE Details, the ultimate security vulnerability data source, there have been over 1,000 reports of Flash cybersecurity vulnerabilities, which have given cyber criminals the opportunity to worm into victims’ computers and take advantage of stolen personal information.

Continue reading “The Adobe Flash Phaseout: what it means for you and Cybersecurity”

What can PR managers learn from NotPetya?

We’ve heard a lot about cyberattacks lately, with news about incidents travelling far, wide and fast. That’s hardly remarkable, given that attacks can cause highly sensitive information to become public, personal information can be  stolen and entire companies can be shut down whilst cybercriminals wait for a ransom to be paid. In short, the economic and social impact is high. Recently, NotPetya dominated the news with both the Maersk terminal in the Port of Rotterdam and TNT post being hit. Using both online and offline media monitoring we found that there were more than six thousands articles and posts about the virus in just the first few days of the attack.

Continue reading “What can PR managers learn from NotPetya?”

How ‘Human Firewalls’ can protect Organisations from Cyber Threats

Cyber security awareness is now part and parcel of everyday working life. High profile breaches of large organisations such as the NHS, Tescos, Wonga and more recently, again the NHS has driven companies to place more emphasis on employee security awareness and training. Not only do individuals need to be aware that threats exist, they need to be taught how to recognize and react to that threat. But in reality, how many organisations are actually doing this effectively?

Continue reading “How ‘Human Firewalls’ can protect Organisations from Cyber Threats”