Skip to main content
Please wait...

BrandPost: Avoid security breaches: How to protect your data

2 days 8 hours ago

Data security breaches at major corporations seem to be perpetually in the news. The hacks range in size and scope, but it’s no secret that firms hit by hackers often suffer serious consequences.

What can you do to help prevent your organization from becoming tomorrow’s cyber-breach news headline? Here are 18 pointers:

  1. Educate all employees on the importance of protecting data. Explain the need to avoid risky behavior such as downloading music or videos from rogue websites. Once employees understand that criminals want the data with which the employees work, their thinking changes in ways that can make the organization’s data much safer than before.
  2. Understand what data you have and classify it. You cannot secure information if you do not know that it exists, where it is stored, how it is used, how it is backed up, and how it is decommissioned. Make sure you know those things about all of your sensitive information. Because not all data is equally sensitive, make sure to classify data according to its level of importance.
  3. Do not give every employee access to every system and piece of data. Create policies governing who has physical and/or electronic access to which computer systems and data, and implement procedures, policies, and technical controls to enforce such a scheme. Authorize people to access the data that they need in order to do their jobs but do not provide them with access to other sensitive data.
  4. Consider moving sensitive information and systems to a cloud provider. Unless you have an adequate information security team, the odds are pretty good that a major cloud provider will do a better job than you at securing your system and information against various risks.
  5. Enable remote wipe. All portable electronic devices on which sensitive information will ever be stored should have remote wipe capabilities enabled.
  6. Give everyone his or her own access credentials. Ensure that each person accessing a system housing sensitive information has his or her own login credentials.
  7. Ensure that everyone uses proper passwords to access such systems. People like to use easy-to-remember passwords; without policies and technology to enforce the selection of proper passwords, organizations are at risk of having passwords such as “1234” being the only line of defense against unauthorized access to sensitive information. So, craft proper policies and implement technology to ensure that the policies are properly enforced.
  8. Go multi-factor. For accessing systems with especially sensitive information, consider implementing some form of strong, multi-factor authentication.
  9. Deal with BYOD. Make sure that you have policies and technology in place to address the many risks created by employees, contractors, and guests bringing personal devices into your facilities and connecting to corporate networks. All access to the Internet from personal devices or devices belonging to other businesses should be achieved via a separate network than is used for company computers.
  10. Encrypt sensitive data when storing it or transmitting it. There are many commercial and free tools available to do this – some operating systems even have encryption capabilities built in. As you probably suspect, if you are not sure if something should be encrypted, encrypt it.
  11. Backup. Backup. Most people and businesses do not backup frequently enough, and many (if not most) will not realize the danger of their mistake until it is too late.
  12. Keep your backups separate from production networks. If ransomware gets onto one of your production networks, it could corrupt any backups attached to that network. Maintain offsite backups in addition to onsite backups.
  13. Create appropriate social media policies and enforce them with technology. As so many organizations have learned the hard way, policies alone do not ensure that employees do not leak sensitive information or make otherwise inappropriate social media posts; implement technology to help with this task. Remember, many serious breaches begin with criminals crafting spear-phishing emails based on overshared information on social media.
  14. Comply with all information security regulations and industry standards. Consider such regulations a baseline – but not rules that if adhered to will offer adequate protection. GDPR, for example, is a regulation for which many businesses still need to prepare.
  15. Use appropriate security technology. Do not just buy the latest and greatest. Acquire and utilize what you actually need by defining functional and security requirements and selecting security controls accordingly. On that note: All computers and mobile devices that handle sensitive information or ever connect to a network to which devices that house sensitive information connect need have security software installed.
  16. Ensure that technology is kept up to date. Besides keeping security software current, make sure to install patches to server and client-side operating systems and software. Many major vendors have automatic update services – take advantage of these features.
  17. Keep IoT devices off of production networks. Treat Internet of Things devices as if they were a special class of risky BYOD devices – and keep them on their own networks. Only purchase IoT devices that have proper security capabilities such as the ability to be patched and to have default passwords changed upon installation and activation.
  18. Hire an expert to help you. There is a reason that businesspeople go to doctors when they are ill and don’t try to perform surgery on themselves, or utilize the services of lawyers if they are being sued or accused of a crime. You need experts on your side. Remember, the criminals who are targeting your data have experts working for them – make sure that you are also adequately prepared.

While there are no guarantees when it comes to information security – even the most security-conscious organizations still face some level of risk – by following these 18 tips, you can greatly improve your odds of fending off hackers who seek to steal your organization’s confidential information.

To read this article in full, please click here

Joseph Steinberg

BrandPost: Protect your data to protect your business

2 days 9 hours ago

The most important thing your business provides isn’t a service or a product. It’s trust. And it comes from letting your customers and employees know that you’re protecting your business—and their data—against cyberattacks.

Building a foundation for trust isn’t easy. Cyberthreats continue to grow in number and complexity as businesses shift more of their operations online and enable anytime/anywhere access to information to support an increasingly remote workforce. This ongoing digital transformation exposes more systems and data to potential attacks – increasing risk for your organization.

Addressing this challenge requires a new approach to protecting business information. “The assumption that everything’s on-premises and protected behind a firewall has largely disappeared,” says Robert Crane, principal at CIAOPS, a technology consultancy that specializes in helping businesses improve their productivity by using technology and smart business practices. “But some businesses are still locked into that old-world thinking.”

To read this article in full, please click here

Constantine von Hoffman

Google Smart Lock: The complete guide

1 week 1 day ago

Think fast: How many times a day do you pick up your phone to look at something? Unless you live in the tundra or have far more self-control than most, the answer probably falls somewhere between "quite a few" and "more than any sane person could count." Assuming you keep your device properly secured, that means you're doing an awful lot of unlocking — be it with your face, your fingerprint, or the code you tap or swipe onto your screen.

Security's important, but goodness gracious, it can be a hassle.

Thankfully, there's a better way. Google Smart Lock provides a variety of options for keeping your Android phone unlocked in preapproved, known-to-be-safe circumstances. It’s an easily overlooked but incredibly useful feature that lets you create a sensible balance between security and convenience. And once you set it up, it's simple as can be to use.

To read this article in full, please click here

JR Raphael

Microsoft to stop serving non-security monthly updates to Windows

1 week 1 day ago

Beginning in May, Microsoft plans to halt the delivery of all non-security updates to Windows, another step in its suspension of non-essential revisions to the OS and other important products.

The optional updates, which Microsoft designates as Windows' C and D updates, are released during the third and fourth week of each month, respectively.

"We have been evaluating the public health situation, and we understand this is impacting our customers," Microsoft said to some understatement in a March 24 post to the Windows 10 messaging center. "In response to these challenges we are prioritizing our focus on security updates."

To read this article in full, please click here

Gregg Keizer

Reading between the lines about Microsoft 'pausing optional updates'

1 week 2 days ago

Yesterday, a post on the official Windows Release Information site said that Microsoft will, at least temporarily and starting in May, stop sending out the pesky “optional, non-security, C/D Week” patches we’ve come to expect. 

Those “optional” second-monthly patches are usually laden with many dozens of fixes for miscellaneous, minor bugs in Windows. For example, the second-monthly cumulative update for Win10 version 1903 released yesterday lists 31 different fixes, most of which only matter in very specific cases.

To read this article in full, please click here

Woody Leonhard

Microsoft Patch Alert: March 2020 brings two ‘sky-is-falling’ warnings, with no problems in sight

1 week 3 days ago

It’s been another strange patching month. The usual Patch Tuesday crop appeared. Two days later, we got a second cumulative update for Win10 1903 and 1909, KB 4551762, that’s had all sorts of documented problems. Two weeks later, on Monday, Microsoft posted a warning about (another) security hole related to jimmied Adobe fonts.

Predictably, much of the security press has gone P.T. Barnum.

The big, nasty, scary SMBv3 vulnerability

Patch Tuesday rolled out with a jump-the-gun-early warning from various antivirus manufacturers about a mysterious and initially undocumented security hole in the networking protocol SMBv3.

To read this article in full, please click here

Woody Leonhard

Microsoft adds 6 months support for Windows 10 1709 to account for pandemic disruption

2 weeks ago

Microsoft today extended the support lifespan of Windows 10 Enterprise 1709 and Windows 10 Education 1709 by six months, pushing their retirements to Oct. 13. The original end-of-support date had been fixed as April 14.

Microsoft cited the COVID-19 pandemic's impact, which in just the U.S. has ranged from massive business closings and even statewide lockdowns to a broad movement of companies telling white-collar employees to work from home. By midday March 19, 171 deaths in the U.S. had been attributed to the virus. Globally, deaths approached 10,000.

"We have been evaluating the public health situation, and we understand the impact this is having on you," wrote John Cable, director of program management, in a March 19 post to a company blog. "To ease one of the many burdens you are currently facing, and based on customer feedback, we have decided to delay the scheduled end of service date for the Enterprise, Education, and IoT Enterprise editions of Windows 10, version 1709."

To read this article in full, please click here

Gregg Keizer

12 security tips for the ‘work from home’ enterprise

3 weeks ago

If you or your employees are working from home while our governments lurch awkwardly through the current crisis, then there are several security considerations that must be explored.

Your enterprise outside the wall

Enterprises must consider the consequences of working from home in terms of systems access, access to internal IT infrastructure, bandwidth costs and data repatriation.

What this means, basically, is that when your worker accesses your data and/or databases remotely, then the risk to that data grows.

While at normal times the risk is only between the server, internal network and end user machine, external working adds public internet, local networks and consumer-grade security systems to the risk mix.

To read this article in full, please click here

Jonny Evans

Take your time, get it right for March Patch Tuesday

3 weeks 1 day ago

This is a big update to the Windows platform for the Microsoft March Patch Tuesday release cycle. Consisting of 115 patches, mostly to the Windows desktop, with almost all of the critical issues relating to browser-based scripting engine memory issues, this will be a difficult set of updates to release and manage.

The testing profile for the Windows desktop platform is very large, with a lower than usual exploitability/risk rating. For this month, we do not have any reports of publicly exploited or disclosed vulnerabilities (zero-days), so my recommendation is to take your time, test the changes to each platform, create a staged rollout plan and wait for future (potentially) imminent changes from Microsoft.

To read this article in full, please click here

Greg Lambert

Come on, Microsoft! Is it really that hard to update Windows 10 right?

3 weeks 2 days ago

Yesterday, on Patch Tuesday, as I was finishing up the column that follows lamenting the sorry state of Windows 10 patches and providing copious examples of things gone very wrong, a big, fat example landed in my lap (but happily not in my laptop). Word emerged that Microsoft had accidentally leaked news about a new Server Message Block (SMB) bug with a maximum severity rating, a.k.a. SMBGhost. The leak also said that this bug wasn’t patched in that day’s releases.

To read this article in full, please click here

Steven J. Vaughan-Nichols

Patch Tuesday’s tomorrow. We're in uncharted territory. Get Automatic Updates paused.

3 weeks 4 days ago

It’s always a good idea to pause Windows updates just before they hit the rollout chute. This month, we’re facing two extraordinary issues that you need to take into account. Wouldn’t hurt if you told your friends and family, too.

Take last month’s Windows patches. Please. We had one patch, KB 4524244, that slid out on Patch Tuesday, clobbered an unknown number of machines (HP PCs with Ryzen processors got hit hard), then remained in “automatic download” status until it was finally pulled on Friday. We had another patch, KB 4532693, that gobbled desktop icons and moved files while performing a nifty trick with temporary user profiles. Microsoft never did fix that one.

To read this article in full, please click here

Woody Leonhard

Enterprise resilience: Backup and management tips for iOS, Mac

4 weeks ago

Apple’s solutions are seeing increasing use across the enterprise, but do you have a business resilience strategy in place in case things go wrong?

If you’re one of the estimated 73% of SMBs that have not yet made such preparation, now might be a good time to start.

Your data is your business

It’s challenging enough when a consumer user suffers data loss as precious memories and valuable information go up in the digital smoke. Natural disasters, technology and infrastructure problems or human-made problems such as burglary, cyberattacks or civil unrest can all impact the sanctity of your systems, whatever platform you use. It matters because in today’s connected world, your data is your business.

To read this article in full, please click here

Jonny Evans

Apple, the FIDO Alliance and the future of passwords

1 month ago
Apple is the latest firm to join the FIDO Alliance, an industry standards group developing more secure ways to log in to online accounts and apps using multi-factor authentication (MFA), biometric authentication and physical security keys. Computerworld's Lucas Mearian joins Ken Mingis and Juliet Beauchamp to discuss the Apple move, how different forms of authentication work and how far away we are from a password-less world.

FIDO Alliance and the future of passwords

1 month ago

Apple is the latest company to join the FIDO Alliance, an industry standards group committed to finding more secure ways to log in to online accounts and apps. The FIDO Alliance pushes for multi-factor authentication (MFA) deployment, from biometric authentication to physical security keys. Computerworld's Lucas Mearian joins Ken and Juliet to discuss why Apple joined the FIDO Alliance, how different forms of authentication work and how far away we are from a password-less world.

To read this article in full, please click here

Ken Mingis,

Juliet Beauchamp,

Lucas Mearian

Mitigate your risk of getting hacked with help from with this online academy

1 month ago

Cyber crime rates are on the rise. In fact, according to this 2019 Juniper Research paper, the financial burden of this global nuisance is expected to surpass $2 trillion in 2020 alone. But don't panic. It turns out that education plays a major role in mitigating the risks, which is why grabbing a lifetime subscription to the CyberTraining 365 Online Academy is money well spent.

To read this article in full, please click here

DealPost Team

Will pay by palm be a thing? Should it be?

1 month ago

Amazon is experimenting with a way to allow shoppers to use a palm-print biometric to authenticate payments and to do so in physical stores far beyond Amazon-owned brick-and-mortars, (Whole Foods, AmazonGo, AmazonBooks, Amazon 4-Star and Amazon Pop-Up). Amazon is reportedly looking at QSRs (quick-service restaurants), especially coffee shops.

Palm prints have several advantages over more popular mobile biometric methods, such as fingerprint (prescription drugs, cleaning chemicals, burns and various other things can interfere with fingerprint readings) and facial recognition (finicky method that requires the face to be a precise distance from the scanner — not an inch too close or too far — and can suffer from hair growth, lighting, cosmetic changes, some sunglasses, as well as giving false positives to close relatives). And unlike my favorite biometric for security (retina scan), it's far less invasive. It's fairly accurate, convenient and (other than forcing customers to remove gloves, which could be a problem with outdoor shops in the winter) should be well-received.

To read this article in full, please click here

Evan Schuman
1 hour 3 minutes ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.