Archive

Posts Tagged ‘security’

Cybersecurity: Safety and Cost Equilibrium

October 21, 2019 Comments off

by Dean Chester

Cybersecurity has been a hot topic for quite a while and it’s not likely to change any time soon.

Equilibrium

“Equilibrium” by Guido Sorarù is licensed under CC BY 2.0

Every new day brings more data breaches and more online scams. No single entity is completely safe, it seems: hackers target both private individuals and companies. The size of an organization doesn’t matter either because the security of even the largest of them such as Yahoo and eBay can become compromised.

Not all cybercriminals are ambitious enough to go after corporate giants. Sadly, some also have smaller businesses covered. And when the security of those gets breached, the losses may look negligible to companies that deal with billions of dollars. For a small, family-run enterprise, such losses often become insurmountable and lead to it going out of business.

One of the main reasons why small companies are such an attractive target for hackers lies exactly in their size. Because of it, these businesses can’t afford to spend a lot of money on their Internet security. They can’t afford large teams of security specialists that – for all the owners know – may never actually prove useful. Obviously, such an idea is wrong, but as long as there are no apparent breaches (which situation can very well be a result of the said specialists’ work), it’s hard for some people to see value in supporting such a team.

It’s possible, of course, to find free or low-cost solutions and to save on one’s cybersecurity. But is it a responsible thing to do?

It’s been said time and again that when something is free, it’s because you are the product. Money spent on providing that free solution must come from somewhere, after all.

There are a few ways in which money can be made off of customers who use free cybersecurity software:

  • They can be shown ads coming from third-party vendors. The frequency of it can vary from “relatively unobtrusive” to “all the time”.
  • Speaking of advertisers, the customers’ private info can be sold to them to expand their bases of people to target. This is especially true for shadier providers of free services such as virtual private networks and the like, that is, services that have access to the users’ Internet activity. The information gathered by such a “free” service can be then used to better understand what ads to show to their client base.
  • As a more extreme example of the above, free users’ Internet bandwidth is known to have been sold to a third party that used it for its own purposes, and those purposes weren’t benign. In fact, they included creating a botnet and conducting DDoS attacks on certain websites.
  • Pestering free users with ads has another purpose as well: it’s easy to get tired of such an inconvenience so much that getting a paid version of the same service will seem like a cheaper option.
  • Related to the last one, free versions of antivirus and other computer security software most often do not have all the features that the paid ones do, making their users consider investing money into them.

Besides that, there are definite concerns about the levels of security and protection that those free solutions can provide. As they are free, it’s somewhat unreasonable to expect them to have the best technology available.

If it’s a private individual we’re talking about, it’s obviously up to them to decide if they want to skimp on their security or not. However, as far as companies are concerned, things are more complicated.

If a business becomes a target of a data breach, it doesn’t only endanger that business. Its clients’ personal data may also be obtained by the perpetrator, and that’s bad news for both the clients and the company’s reputation.

That’s why I don’t think it’s the best decision for a business to rely exclusively on free cybersecurity software. It may be enough to protect it but the chances are not terribly high.

However, the question of money still stands. Yes, in the case of a breach the company is going to lose even more, but it doesn’t make the wherewithal to get professional security tools just magically appear. So what can be done?

  • Reinforcing the weakest link of cybersecurity: to make sure employees won’t click any suspicious links or tell anyone their passwords is supremely important. It can be done by anyone with a good grasp of IT security, really, but ideally, it should be entrusted to professionals.
  • System penetration testing: while it should be performed regularly, it doesn’t require having permanent staff and can be done\by a security company.
  • Getting cybersecurity tools at a discount: almost all major software manufacturers hold a sale from time to time, allowing small businesses to save quite a lot if they’re buying many copies at once.
  • Getting a data breach insurance: if a breach does happen, this can help with covering the losses and subsequent expenses, including those inflicted by reputation damage.

Although finding the balance between security and keeping costs neutral is not an easy task for smaller businesses, it is necessary to take care of it. In the long run, the potential price of negligence is going to be much higher than spending on protection.

Dean Chester is a cybersecurity expert and author. He is absorbed in online security and takes all measures to ensure that non-tech-savvy users can be protected on the Internet.

Categories: Contributed Articles, Security Tags: , ,

How To Take Proper Care of Your iPad

December 6, 2017 Comments off

iPad in useArticle contributed by Tara Desquitado.

Like most gadgets, your iPad needs to be taken care of to keep it running well. Although it does not require as much care as a laptop or desktop, it still needs a little bit of maintenance. In this article, we have listed down ways for you to take proper care of your iPad and keep it in check so that it can be of use to you for as long as it can.

Don’t leave it charging
You shouldn’t be leaving your iPad to charge all day and night. Overcharging it will only reduce its battery life. Avoid completely draining its battery as well. It’s best to let the battery down to 5% or less and then plug it in to charge. To help get the most out of your iPad’s battery life, you should also shut it down every now and then. Powering it down once a week can help extend its life.

Keep iOS Updated
Updating your iPad not only gives it more features, it also downloads the latest security updates too. Since iOS products are becoming more ubiquitous, there has been an increase in malware directed to target it. Updating your iPad equips it with better defenses. It also fixes old bugs found in the previous versions, making your iPad to run more effectively.

Add a passcode
Keeping your iPad secure from others is very important. Others may reconfigure its settings or come across personal or sensitive information. Adding a passcode can remedy this. It allows you to leave your iPad without having to worry about someone using it without your permission. If you can, you should also add biometric protection to your iPad. This ensures its security to privacy even more.

Use a screen protector
Although an iPad’s screen is made of a relatively durable material, it is the area of the iPad that is most likely to get damaged first since it receives the most contact. Using a screen protector is one way to safeguard your iPad’s screen from unwanted scratches and cracks. Make sure to apply it after its screen has been thoroughly cleaned as well. It is best to apply the screen after washing your hands so that oils will not end up on the screen when the protector is being placed.

Use a protective case
Since the iPad is designed to be extremely thin, a simple accidental drop may severely damage it. The best preventive measure is to suit it up with a protective case. There is a great selection of iPad cases to choose from. It is suggested to pick one that is made of durable material and fits the iPad’s form. Avoid loose-fitting cases as they are usually used for aesthetic purposes and provide little protection for the iPad.

Conclusion
Maintaining your iPad isn’t a process that falls under a long and tedious checklist. All you have to know is the hazards that are most likely to damage it and keep it away from those. Make sure you keep it protected, avoid overcharging it, keep it away from moisture and extreme temperatures and you’re good to go. Make it a point to clean it every now and then when you can find the time to do so as well and you’ll have your iPad running smoothly and effectively.

Be sure to visit macfixit.com.au for all your favorite Apple and Apple-compatible products and accessories.

Categories: Contributed Articles Tags: , , , , ,

Why a Seamless Digital User Experience Matters

November 3, 2016 Comments off

Pem GuerryGuest post by: Pem Guerry

As the digital space evolves, new applications, services and platforms are introduced to the market each year. This multitude of digital tools have certainly proved beneficial in the workplace and at home, but because so many of these programs work independently, users often miss out on the benefits of a truly seamless digital experience.

Integrating, or combining, two or more digital services into one fluid application greatly improves efficiency, usability and the overall user experience. This can be seen in the most robust e-signature integration—where a company combines a third party e-signature service with its own user platform for a swift signing process.

E-signature integration isn’t new to the digital conversation, but the technology behind these integrations has continued to improve—enabling you to offer a completely seamless signing experience for your clients.

API Integration

The most effective way to integrate e-signatures is through an application programming interface (API), which acts as a bridge between multiple applications, allowing you to manage them from a single platform.

The catch is looking for the degree of integration that an e-signature service can provide. There’s a difference between simply connecting two software workflows together and building a truly cohesive, integrated experience for signers. Most e-signature services will be able to provide a rudimentary-level integration where users can flow from one digital service, like a CRM portal, to an e-signature platform—an automatic connection from “Point A” to “Point B.”

Far fewer are able to provide a true private-label integration—where it’s virtually impossible for a user to tell that there are two technology engines behind their digital workflow. However, some technology providers and development resources have capabilities that allow you to customize an e-signature dashboard to match your own user interface with the same colors, fonts, logos, navigation menu and more. Because the end user does not have to switch back and forth between your site and an e-signature site, it’s a transparent process for him. This allows you to appear as the only source your clients must go through to submit approval, providing him with a smooth and easy signing experience.

Why does this level of detail matter? Why not simply take users from Point A to Point B? Two primary reasons:

  1. Client Trust

Client trust is a top priority – especially for members of highly regulated, high-stakes industries such as financial services, real estate and healthcare. Your clients are familiar with your brand, have had positive experiences using your software and have grown to trust you.

So think about how they’ll feel if they’re suddenly shuffled to an outsider for a portion of a transaction. For a homebuyer about to sign a real estate contract worth hundreds of thousands of dollars, going from the lender’s original website to a third party e-signature site could suddenly raise suspicion and cause hesitation. An integrated approach gives users a single, consistent and secure platform throughout the entire process.

  1. Brand Retention

In a world full of competition, creating a memorable brand—including company personality, logos, slogans and more—is key if you want to stand out in consumers’ minds. E-signature integration contributes to brand retention and exposure by eliminating third party branding and keeping your company name at the center of the signing process.

When searching for an e-signature service, make sure that you’re not leaving the aesthetics out of the conversation. With a cohesive, easy-to-use platform, your clients will complete seamless transactions and have more positive encounters with your company, furthering their loyalty to your brand.

###

Pem Guerry is the Executive Vice President at SIGNiX, a digital signature solutions provider that makes signing documents online safe, secure, and legal for any business. SIGNiX offers the only independently verifiable, cloud-based digital signature solution, which combines workflow convenience with superior security. Learn more about what makes SIGNiX different at www.signix.com.

Categories: Contributed Articles Tags: , , , , , ,

IT Security as a “Gated Community”

August 9, 2016 Comments off

Why workers are a threat organizations can no longer ignore

shadow-3By Stacy Leidwinger, VP of Products at RES

When one thinks about keeping the home and family secure, the first thought is to take up residence in a secure location – ideally, a guarded and gated community. The second is to carefully secure the perimeter of the house itself: the doors and windows – the points of ingress. Sensors are wired to each opening, cameras and motion detectors are aimed at carefully selected places, and monitoring is switched on. When it’s all plugged in and working, we are confident that our homes are safe. But we also need to keep track of the residents of the home and ensure their cooperation with security measures. Who has a key? Or a garage door opener? Do they routinely close and lock the windows? Because even the finest perimeter defenses are readily breached by the actions, intentional or not, of residents. What can happen when someone leaves a key under the doormat for an expected visitor? Or a garage door is mistakenly left open as the owner drives off to work?

In our gated community example, our traditional defense is focused on securing entry and exit points, and assuming that residents will make no action to breach security. And in the vast majority of cases that will prove just fine. But we in our houses are not continually subject to attackers seeking to trick or cajole us into one simple mistake; a mistake that, once taken, will crack the most airtight security, exposing our homes to the depredations of criminals.

When cybersecurity measures are focused entirely on the perimeter, the organization does nothing to mitigate its greatest risk: the workers whose actions can breach the most secure perimeter defense with a single, careless mouse click.

Secure perimeters require secure workers

An organization’s workers are its chief assets – the means by which value is delivered. But they’re also a massive liability in terms of cybersecurity. And new trends within the technology-enabled workforce are making things far worse.

Today’s IT organizations are expected to equip their workforces with the devices that make the most sense for the organization, while also satisfying the ever more demanding individual worker. Whether it’s supporting preferences between Mac and PC, providing immediate access to apps and services, or allowing workers to use their own mobile devices for work, the workspace has truly become digitized – and therefore more vulnerable, compared to the days when each worker had his or her own locked-down desktop PC, and worked exclusively from the office. But as IT continues to support mobile work-style requirements, a whole slew of security-related IT issues are being raised; and the most serious threats to today’s security are stemming from the inside.

In a time of “do more with less,” IT departments are struggling to provide basic protections against malware, ransomware and spyware, and to secure firewalls to prevent outsider attacks. But is enough attention being paid to those they trust the most – their own workers?

This insider threat is no secret. A recent global study by Kensington entitled “Voice of IT” revealed that IT executives pegged the following as their biggest pain points when it comes to IT: human error, lack of process and workers not following established processes.

What can companies to do streamline IT processes and find solutions to insider threats? After all, within the “gated community” of organizational security, the user is the last line of defense.

A Gap too Big to Span?

One of the biggest debates in recent years when it comes to the digital workspace is bridging the gap between worker enablement and security. It’s an old conundrum in IT: new technologies are constantly being layered into the infrastructure, but hardly anything is ever thrown away. The result is a hodgepodge of hybrid technologies seeking to solve the same problems. And this is far from invisible to workers, who are often required to shift from app to app, from physical to virtual, in an awkward sequence of steps that has them longing for the relative simplicity of the consumer technologies they enjoy at home.

And IT security is perhaps the greatest culprit in the disruption of worker productivity. Is your organization overwhelming your workers with too many checkpoints to cross and too many updates to install? Are your existing security systems working together? And if so, are they working together seamlessly?

Organizations must create a safety net around their workers – the risks of cyberattack are too great to do otherwise – but they must do it in a way that doesn’t inhibit individual productivity, allowing workers to work when and where they choose, on the devices that are most productive for them. And all this must be accomplished with safety controls in place to prevent them from being the source – witting or otherwise – of security threats.

Yes, there are Solutions

IT must be continually on the defensive, protecting workers and the infrastructure from easy-to-make, yet potentially tragic mistakes. And, good news: there are several decisive steps an organization can make that will secure the organizational community without undue hampering of workers.

  • Deploy automated, context-aware access controls

Automate the many processes and workflows that govern the access each worker has to apps, databases and services within his or her digital workspace. Technology is available now that will:

  • Govern what resources can be accessed for each person, based on their immediate working contexts (including the devices being used, physical locations and time of day)
  • Automatically provision and de-provision those resources as needed based on that working context
  • Track that access gathering data necessary for guaranteed, easy audits.
  • Low-maintenance whitelisting with automation

Human behavior is your greatest security risk. And today’s cybercrooks are becoming increasingly creative in their attempts to exploit human inattention. Context aware whitelisting and blacklisting can ensure that only permitted apps can be executed; and the list of permitted apps can be governed by IT based on what the business chooses to allow, and each individual worker’s context at the moment access is attempted. Whitelisting adds a thick layer of protection by only allowing approved executables to be opened.

Although many organizations have some form of whitelisting in place, maintenance burdens can be high for traditional solutions. A new approach can not only use automation to better maintain the whitelist, but can add user safeguards by automatically verifying unique file signatures. This ensures that the files being executed are authentic and that workers aren’t being tricked into opening different infected files.

  • Automate the onboarding and offboarding of workers

More than 13% of workers can still access a previous employer’s systems using their old credentials. And there’s much more. In a study on rogue access, Intermedia found that 89% of ex-workers retain access to at least one app from a former employer. 49% actually logged into an account they were supposed to no longer have access to. 45% retained access to confidential data.

When employees leave the organization, that is the moment they pose perhaps the greatest risk to the organization. IT must tightly integrate de-provisioning processes into existing human resource apps, project management systems and other enterprise identity stores. Doing so allows worker access qualifications to be automatically managed and altered each time a worker’s identity status is changed in those systems. With a more holistic approach to identity lifecycle management, organizations can significantly improve productivity, compliance and security – and prevent former employees from exposing the organization’s data and systems to extremely high risk.

  • Stamp Out “Shadow IT”

Today’s crop of workers are productive like never before, thanks to the incredible technology available through modern digital workspaces. But this productivity also breeds an “I need it right now” attitude towards new technologies. And if IT can’t provide it “right now”? Often the worker’s solution is just a log in or credit card away, with ubiquitous cloud-based solutions studding the skies overhead.

The risks are great. IT must prevent employees from taking matters into their own hands to solve IT issues. But is shadow IT best prevented by hiring an army of alert IT professionals, available 24/7? Or is there an easier (and cheaper) solution? Yes! Through automation, IT can provide on-demand self-service access to the apps and services workers need, and prevent workers from circumventing access rules. This can include password management, access to a new data drive, or a request for a particular workspace app. The best way to prevent workers from going around procedures is to give them an instantaneous, trackable and reliable way to get what they need from IT. No hassles. No tickets. No violations.

Security should come naturally to an organization, but it will likely never become second nature to many of your workers. When we’re at home, we’re surrounded by a sense of security – no matter how real or illusory it truly is. Many of us don’t truly think about security unless our perimeter is breached. But IT can build a powerful security shroud around its systems, its data and its workers, by using automation and self service to simplify security processes, empowering workers to focus on their responsibilities without disruption, and keeping the enterprise safe from intrusion.

To be sure, no security solution is perfect. But we owe it to our organizations and our fellow workers to do our very best.

Categories: Contributed Articles Tags: , , , , , , , ,

The Sixth Flag Introduces Cell Structure Security To Secure Cloud

February 4, 2016 Comments off

The Sixth FlagRaleigh, N.C., February 4th, 2016 – The Sixth Flag, Inc. today revealed its model of Cell Structure Security to secure its Workspace-as-a-Service in the Cloud. Recognizing traditional approaches to securing the cloud and enterprise networks are still falling short, Pete Kofod, founder and CEO of The Sixth Flag, has found that this concept, which he developed from experience in the military, to be highly effective in securing his Workspace-as-a-Service.

“A cell structure is a system that is highly resilient to external compromise and severely limits the ability of an attacker to further exploit the organization beyond the cell.  Should the cell be compromised, the parent organization immediately isolates and collapses it. This is a concept regularly employed in clandestine warfare, which we have adapted to the securing of our virtual workspace,” says Pete Kofod, Founder of The Sixth Flag, Inc.

The industry response to advanced persistent threats (APT) has been to continue to focus on hardening single points of failure, including central authentication systems.  While this is certainly a worthwhile activity, little has been done to mitigate the consequences of inevitable compromise.  “It’s not good enough to harden a system against an attack,” Kofod explains. “You must also have a process that contains the effects of an inevitable breach.”

Pete likes to point out the following paradox:  “If the systems that employ multiple layers of security all rely on the same single “Central Authentication” mechanism, the question that never gets asked is whether those systems actually provide independent layers of defense, or ‘Defense in Depth.’ This is not an academic exercise.  Recognizing the criticality of authentication systems, attackers have spent significant resources on compromising them, often successfully.”

The remote user is often an initial target and while systems such as Time-based One-Time Password (TOTP) protect against compromise of user login credentials, they do little to protect the underlying authentication system.

The Sixth Flag applies Cell Structure Security to its virtual workspaces, transforming the Cloud into a security asset. In a bold prediction, Pete Kofod states that “2016 is the year the cloud will be considered an asset rather than a liability.”

About The Sixth Flag, Inc.

The Sixth Flag Inc, is a Raleigh, North Carolina-based Workspace-As-a-Service firm for global teams and organizations in need of Remote Desktop Management solutions.  Launched in 2015, TSF provides a web-based, cost effective and secure throw away desktop for today’s global, mobile teams. Its cloud-based, HTML-rendered Workspace-as-a-Service requires no dedicated hardware, thereby eliminating the need for organizations to spend on capital outlay. With nothing more than a browser, users can access their corporate desktop from anywhere in the world, whether from a laptop, desktop, or tablet.  Because user data is not stored on the local device, loss of a device does not represent compromise of sensitive organizational data. For more information, visit www.thesixthflag.com

Categories: Press Releases Tags: , , , , , , ,

5 Places to Never Use a Bank or Credit Card

September 18, 2015 Comments off

Contributed Article By: Shaun Murphy, CEO Private Giant

According to ConsumerCredit.com, 80% of consumers use their debit cards for everyday purchases like gas, meals and groceries instead of cash. While a card is more convenient to simply swipe through a machine versus counting out change and worrying if you have enough cash on hand to make a purchase, it is not always the safest way to pay. Cash cannot be traced to a bank account or to other personal financial information like a bank or credit card can.

Privacy and security expert Shaun Murphy, founder of Private Giant, has identified five places consumers should never use their bank or credit card in order to help prevent their identity from being stolen and to protect their personal information.

Here are the places you should think twice before swiping or entering those priceless digits:

1.) Online shopping sites that are not secure. Before you enter your credit or bank card information, look for the lock icon without any overlays. While you are checking out, you should see this icon in your web browser:

HTTPS - Secure Connection

Not either of these:

HTTPS-Bad1  or  HTTPS-Bad2

Some sites, Amazon included, will not show you a lock icon until you login to your account or begin the check out process. This means anyone can see what you are shopping for while you are browsing.

2.) Hidden / out of view terminals. A hidden terminal could be as simple as the gas pump furthest away from the center or an unattended station for automatic checkouts at the grocery store. These are sweet targets for credit card skimming devices that can sit there for months without anyone noticing.

3.) Cell phone charging stations. While it may sound convenient to swipe your card to charge your phone for free when the battery is nearly dead, but you should think again. Despite being ripe for credit card skimming or nefarious credit card information storage, these devices can also dump the information from your cell phone while charging! This attack method even has a cool name: Juice Jacking!

4.) Apps (desktop or mobile) that ask you for your credit card information outside of the normal app store. Chances are this is not a legit application, especially if it is threatening you (you have a virus, please deposit $10… or I’ve encrypted all of your files and I’ll unlock them for a price.)

5.) Services that claim to be free or a free trial but still need you to input a credit card before you can start using it. It is almost guaranteed that service is either going to scam you or sign you up for some paid service that will be impossible to cancel.

Now, if you are wondering how exactly you are supposed to pay for the services you need in situations like those listed above there are a few options. One of the easiest is to use your bank or credit card to buy one-time use/reloadable cards that do not have ties to your personal information. Just make sure when you are checking out at the store that you go to a clerk, not a self-checkout lane.

Categories: Contributed Articles Tags: , , , , , , ,

Damage Control: Making what’s visible in Citrix/Terminal Servers invisible

July 22, 2015 Comments off

Kurt Mueffelmann, CEO and President, CryptzoneArticle contributed by Kurt Mueffelmann, President and CEO, Cryptzone

The Citrix XenDesktop™ and XenApp™ solutions, and Windows Terminal Servers, are commonly used to provide remote access to network resources. They are typically located between the internet and the internal network, providing an entry point into internal servers—something that makes them an attractive target for hackers.

Citrix/Terminal Servers provide highly valuable functionality for session-based access from the server to the network, which must be very open to allow for all the differing user profiles and use cases. The challenge is that all traffic from every user using a Citrix/Terminal Server is seen on the network as coming from a single IP address, which might represent dozens of different user types, all with various levels of clearance.

For a traditional firewall, this means that an access rule is necessary to allow the server to access every resource that any user on that server could need. In practice, these access rules often become a permit all for the Citrix/Terminal Server. This open door to the network represents a significant security risk.

What cyber criminals can’t see, they can’t compromise.

Taking the recent Anthem breach and many other notable breaches that were the result of stolen credentials into account, it’s safe to say that nothing is out of reach. Accepting that Citrix/Terminal Server access will be compromised is the most proactive cybersecurity strategy you could take. Here’s why: hackers are, simply, the best at what they do. Research supports his theory: incident response provider Mandiant recently reported that 97 percent of organizations have been breached at least once.

Citrix/Terminal Server access rules allow users sharing an IP address to access every resource on a network segment. Once inside the network a cyber criminal who possess stolen credentials, can “see” applications and services, whether authorized or not. Enterprises need to move away from IP-centric architectures to a role-based security model, dynamically provisioning access depending on the user’s role and contextual attributes.

Once past denial, and on to acceptance, an organization can fully embrace a practical Citrix/Terminal Server security plan by focusing on minimizing risk. While the majority of cybersecurity spending historically has gone toward building up a perimeter, limiting the amount of damage intruders can do after they’re in is a powerful paradigm shift in a CXO’s strategy.

It’s time to flip cybersecurity strategies on their head.

The focus now becomes about user access and entitlements, including tight user-based controls around network access from virtual desktops. Enterprises must move away from IP-centric architectures to a role-based security model that maintains the distinction between individual users connecting through a Citrix or Windows Terminal, then dynamically provisions access on the network and application level depending on the user’s role and contextual attributes.

Dynamic access control considers factors such as, “Is the user on a laptop at home, or on an unrecognized tablet on an unsecure Wi-Fi network?” “Should access be granted in the latter case to sensitive data?”

Disruptive solutions allow organizations to limit the damage that can be done by cyber attacks (via privileged account and third-party users) by using identity and context to dynamically secure access to individual resources—essentially making the rest of an enterprise’s infrastructure invisible. They prevent the exposure of sensitive and confidential information to only allow an individual to access what they are authorized to access. This not only prevents someone from authenticating into a network if something seems amiss, but can also limit any damage a bad actor can take if they get in with stolen credentials.

This concept is taking hold at places like Coca-Cola, Google and others. It’s IT’s job to ensure that every enterprise, regardless of their size or resources, can reap the same benefits. In order to truly protect corporate data and resources, tighter user-based controls around network access from virtual desktops is critical.

Categories: Contributed Articles Tags: , , , , , , , , ,

Got Security?

April 1, 2015 Comments off

SecuritySecurity is a topic that’s on everyone’s minds these days. And there’s a good reasons for it: Security is important. Now, that might sound like a tremendous understatement, but it’s the truth. In fact, the truth is that security is the top concern for most of the world’s businesses. It should be. Every day you read about another significant breach of a major retail chain, of a bank, or even of a government site. Prominent companies are under constant attack from so-called “black hat” or criminal hackers whose sole purpose is to compromise data, steal valuable data, and to expose vulnerabilities in your security.

If you think that you’re safe, for whatever reason that you’ve told yourself, you aren’t. If you’ve ever had a fraud alert from a credit card company or your bank, then you realize how vulnerable you really are.

Unfortunately, as a customer of a restaurant, of a clothing store, of an online vendor, or of your corner market, you’re vulnerable to credit card and, ultimately, identity theft. While the point of this post is to inform you, rather than to scare you, please note that the threats are real and that you should take more care and practice vigilance in the use of your identity, including your credit cards, debit cards, and online accounts.

If you own a business, you owe it to yourself and to your customers to make every effort to prevent breaches of your company information, your personal information, and your customer’s information. It’s not easy to do by yourself. There’s all kinds of advice, good and bad, on the Internet about how to protect yourself, how to recover from identity theft, and how to go on the security offensive for you, your business, and your family.

Bad information is worse than no information at all. You can put yourself at greater risk by listening to alleged experts than you can by playing it smart and hiring a security consultant who can find out exactly what the bad guys can find out about you and your business.

It works something like this: If you want to find out how vulnerable your house is to break-ins, who would you hire–a clean-shaven, upstanding, taxpaying citizen who’s never been arrested for breaking and entering or would you be smarter to hire a reformed bad guy to tell you how it’s really done? If you’re smart, you’ll hire the person with a criminal background who’s gone straight to figure out where you’re vulnerabilities are.

On the same hand, if you want to test your company’s or your personal security, you should hire someone who’s hacked for a living–in the criminal sense.

That’s the service I’m offering you. I have a select group of former black hat hackers as my associates who’ll put your security through its paces. Further, we’ll help you mitigate the flaws we find* and tell you how to fix the problems.

Here is a partial listing of our services:

  • Identity fraud checking/fixing
  • Employee Social Engineering checking/fixing
  • Website Penetration/Vulnerability analysis
  • Company penetration/information grabbing
  • Training and prevention

If you’re not 100 percent sure of how vulnerable you might be, here are some examples:

About four years ago, I bought a cake from a local bakery and used my debit card for the purchase. One of the workers there used my card to buy pizza and some other things that he’d had delivered to his girlfriend’s house. Once I found the fraudulent charges, I tracked him down, via his girlfriend and confronted him. I won’t go into detail, but I did make an impression. The bank investigated and made good on the losses to my account.
That scenario is common, except for the part where you get to confront the perpetrator. Typically, the guilty party is so far away that you’ll never find him. Bad for you, but great for him.

My wife paid my son’s technical school tuition with a credit card only to find later that we’d been charged an additional $1,800 for services that we’d never heard of, much less purchased. We contacted the vendor and explained the situation and they promptly removed the charges.

I receive calls from unknown numbers on a weekly basis, trying to have me answer so that my phone can be charged bogus fees or to verify my number for fraudulent charges. I Google the numbers to verify their legitimacy. So far, all of them have been sources of fraud.

Yes, these things actually happened to me/us. These are only three examples and we’re only one family in 750 million that’s had our accounts or cards compromised. Think about the repercussions of poor security on you, your family, and your business. Your integrity and reputation, not to mention your credit score, are at risk. It’s made us all a lot smarter about how we transact business these days.

So that you realize that we’re trying to help you, I’m going to offer you a free list of 10 things you can do to make yourself more secure today.

  • Google yourself – Contact all of the “public information” carriers/resellers and have them remove your information from their databases.
  • Do Not Call lists – Go to https://www.donotcall.gov/ and register to have your phone numbers removed.
  • Mall survey cards – Never fill out one of those mall survey cards or enter any contest at a mall or other retail establishment.
  • Unrecognized phone numbers – Never answer calls to your cell phone when you don’t recognize the phone number.
  • Use cash – Carry cash with you and avoid using credit/debit cards as much as possible.
  • Email attachments – Don’t open email attachments that don’t make sense and don’t respond to those emails.
  • Nigerian Princes – Never respond to any email from a Nigerian Prince who wants you to deposit money in a bank account for him.
  • Ignore “You’re a Winner!” emails – If you didn’t enter it, you didn’t win it.
  • Passwords/SSNs – Never give your passwords or Social Security Numbers to anyone over the phone.
  • Account-oriented emails – No online service will ever request your password or a login via email.

If you’d like to discuss your security or your security concerns, you may contact me via email at ken@kenhess.com. I’ll be glad to setup a time to call you and discuss your concerns and how we can help you get a handle on your personal or business security. Don’t be a victim. Don’t be a statistic. Learn to fight back by finding out what the bad guys know about you and how to fix it.

*Ask about our 50 percent rebate plan.

Categories: Articles, Hot Topics Tags: , , , , , , , , , , ,

Acer Chromebook C720 (Review)

July 25, 2014 1 comment

Acer C720 ChromebookAcer Chromebook C720
Acer, Inc.
Price varies from $179 to $379 depending on hardware and features.
$199 for the C720-2800 Reviewed model

My Acer Chromebook C720 is just cool. I know that’s not a very good review, but it is in fact, cool. I love it. If there’s one computer that I always grab for writing, Internet browsing, buying stuff online, watching YouTube videos, or connecting to remote server systems to do some heavy work, it’s my trusty, little C720 Chromebook. If you’ve ever read anything I’ve written on ZDNet in my Consumerization column, you know that I sort of have a love affair with Acer. Yes, I’m afraid that it’s a one-sided affair, but it’s one that I’ve carried on for years.

I’ve purchased many Acer products and have recommended them (successfully) to my in-laws and others. Someday I’ll provide a full list of the still living models, although I can tell you that I have one, a Linux system living in my personal data center (garage) that has to be ten years old. I digress. But you see my point? I love Acer products. And the C720 hasn’t changed my mind.

The C720 is what Chromebooks aspire (Watch that pun, Acer has a line of Aspire systems) to be. They’re lightweight, powerful, stable, durable, high quality, full of features, and competitively priced. What more can you ask for? Great support, probably. Well, Acer has that. Although I’ve never had any serious problems with any of my Acer products, the two or three times I’ve used Customer Support, the agent has helped me until the issue was resolved. I’ve never disconnected from one of the online chat sessions with anything but satisfaction in my head and a smile on my face.

My Acer C720 surpassed my Acer One Netbook as my favorite computer about a week after I got it. The C720 is so fast and responsive that rivals even the most souped-up computer that I’ve ever used. There’s never any hesitation, freezing, or “Not responding” messages. And I really don’t have the patience for “Not responding” messages.

And say what you will about Google, but the Chrome browser and the Chrome OS are the best things to happen to computers since Linus released Linux back in the mid-1990s. Google aced it, in my humble opinion, with Chrome and Chrome OS.

C720_SideViews

The C720 comes in a variety of models from the most basic to the very elaborate with a touch screen, super fast CPU(s), 4GB RAM, and a larger (32GB) internal SSD. The touch screen is the big bonus feature for the Chromebook. Chrome OS isn’t Windows 8, but the operating system and computing environment is still enhanced by touch screen technology for those of us who have become accustomed to tapping and swiping our phones and tablets. Alas, my C720 doesn’t have a touchscreen, but the trackpad is very good. Sometimes, if I’m working at a desk instead of on my lap, I plug in an external mouse and I’m fine.

  • 11.6’’ (1366×768) display, 16:9 aspect ratio
  • 0.75 inches thin – 2.76 lbs/ 1.25kg
  • Up to 8.5 hours of active use 1
  • New Intel® Celeron™ processor
  • 100 GB Google Drive Cloud Storage2 with 16GB Solid State Drive
  • 30-day free trial with Google Play Music All Access
  • Built-in dual band Wi-Fi 802.11 a/b/g/n
  • VGA Camera
  • 1x USB 3.0, 1x USB 2.0
  • Full size HDMI Port
  • Bluetooth®4.0 Compatible

One thing to note about your Chromebook is that its operating system, Chrome OS, has been deemed the “most secure operating system” by Kevin Mitnick, the famous hacker turned security expert. He’s correct. I’ve performed multiple security scans over the network against the Chromebook and I can’t break into it. There’s just no available attack vector. In other words, you can feel safe using your Chromebook out in public because no one can scan your system, break into it, and grab your data.

Why it’s Frugal: The C720 is frugal for many reasons, but the most important one is features per dollar. You get a full, powerful computer for $200 that won’t require you to spend on hardware upgrades because of a newer operating system version every two years. There’s no spinning hard drive to fail on you. There’s very little heat generated from it. It requires very little electricity. It really requires no additional accessories to make it useful. And it’s an Acer product, which means that it will last for years. That’s frugal.

The C720 comes equipped with a camera (top center of the screen) and a built-in microphone located just above the function keys above the keyboard, so that you can use Google Hangouts with audio or both audio and video. If you’re a videocaster or podcaster, you can use Google Hangouts from your Chromebook and easily upload the finished product to YouTube. And you can perform those casts from anywhere that you have access to Wi-Fi or a wired network.
While your C720 doesn’t come with an Ethernet connection, you can purchase a USB-to-Ethernet network interface for under $20. There are no drivers to install or any issues. Plug it in and it works.
Using a Chromebook is a little different than using a “regular” computer. You don’t typically save anything to your local computer. You save your documents and pictures to Google Drive, Dropbox, or some other cloud-based storage service and you work 100 percent of your time on web-based applications, whether you’re editing photos, writing your memoirs, or listening to music. You’ll get used to it. Plus, if the darn thing dies and can’t be repaired (very rare), you’re only out $200. Go buy another one.
You login to your Chromebook with your Google account, which means that you have Gmail, Hangouts, YouTube, and customized search via Google.com at your fingertips. Other users can login to your Chromebook, if they have a Google account, but they can’t look at or alter any of your settings or data. This means that if you have a friend who needs to check her Gmail, you can let her do that and both of you can feel secure in the fact that both your data and hers are protected from each other’s prying eyes. The same goes for a stranger who wants to login. For this reason, Chromebooks make excellent shared/public kiosk type computers.
The C720 is lightweight at just over two-and-a-half pounds, which makes it very portable. It also features a very long battery life of up to 8+ hours. Under heavy usage conditions, such as audio/video or constant on, I’d figure on four to five hours. As with most laptop/notebook computers, it charges while you work, if plugged in.
You can look at and test the C720 at Office Depot and other stores in sort of a try before you buy fashion. I can tell you that you won’t be disappointed with the C720 regardless of configuration. I love mine. It’s my favorite computer.
Rating: 10/10
Recommendation: Buy it and love it.
Categories: Product Review Tags: , , , , , , , ,
CrapDance Film Festival

It's a real shit show

Experimental Film Fest

A refuge for art house, avant-garde, experimental, exploratory, and silent cinematic creations

False Pretense Films

Films with a Twist

I'm Just Trying to Help

Helpful Hints, Tips, Tricks, and Info

5K a Day 2017

Our 2017 fitness goal

The securityNOW Podcast Show

Cybersecurity News and Interviews

chichiforme.wordpress.com/

LoneStarFreedomPress

Phoenix Republic - The Lone Star Gambit / Sovereign's Journey