• Free Wi-Fi Hotspots Are a Major Security Threat for Businesses
    From “Free Wi-Fi Hotspots Are a Major Security Threat for Businesses”
    BetaNews (04/21/16) Fadilpašic, Sead

    A new report from iPass Mobile Security shows that Wi-Fi hotspots are the biggest security threat for mobile workers. Ninety-four percent of companies surveyed said the hotspots are a “significant” threat and 62 percent of organizations are banning their mobile workers from even using the hotspots. Another 20 percent are planning to do the same in the future. Free Wi-Fi spots were considered the biggest threat, followed by lack of security attention from employees and the specific devices in use. In the era of bring your own device policies, and the proliferation of various forms of mobile devices, enforcing these rules is becoming more difficult. Mobile workers, against everything a company may tell them, will seek out free Wi-Fi because it is convenient. The report noted that simply banning access to hotspots is “not the solution.” Instead, companies must educate their workers about the dangers of insecure free Wi-Fi and provide them with the appropriate tools to access a secure connection while remaining productive.

    | Web Link

  • Hackers Only Need Your Phone Number to Eavesdrop on Calls, Read Texts, Track You
    From “Hackers Only Need Your Phone Number to Eavesdrop on Calls, Read Texts, Track You”
    Computerworld (04/18/16) Storm, Darlene

    Hackers can listen into and record calls, read texts, and track locations, with access to nothing more than a phone number, according to a 60 Minutes report. According to the report, “every person with a cellphone needs Signaling System Seven (SS7) to call or text each other. The SS7 network is the heart of the worldwide mobile phone system.” However, the network is flawed, according to security researchers who have been warning about SS7 protocol vulnerabilities for years. Some people believe the SS7 flaw has never been fixed “because the location tracking and call bugging capacity has been widely exploited by intelligence services for espionage.” Congressman Ted Lieu (D-Calif.) participated in an experiment using an iPhone supplied by the segment team in order to evaluate the legitimacy of the SS7-flaw argument. Karsten Nohl of SRLabs and his team were able to intercept and record the congressman’s calls, read his texts, view his contacts, and track his location even if GPS location services were turned off. Nohl says this hack “is targeting the mobile network,” as opposed to the individual phone, meaning any security precautions taken by the owner are ineffective. He also says there is currently “no global policing of SS7,” meaning mobile networks are responsible for protecting their customers, which can prove challenging.     | Web Link

  • 20 Percent of Employees Would Sell Their Passwords
    From “20 Percent of Employees Would Sell Their Passwords”
    BetaNews (03/21/16) Barker, Ian

    Research from identity management company SailPoint found that one in five employees would be willing to sell their work passwords to another organization, up from one in seven last year. Of those who would sell their passwords, 44 percent would do it for less than $1,000, and some for less than $100. SailPoint also found that two in five employees still have corporate account access after they leave their job, 26 percent uploaded sensitive information to cloud apps with the intent to share data outside the company, and 32 percent share their passwords with their co-workers. The data comes from a survey of 1,000 office workers at large organizations (with at least 1,000 employees) across the U.S., UK, Germany, France, the Netherlands, and Australia. The Market Pulse Survey proves there is a disconnect between employees’ growing concern over the security of their personal information and their negligence over data security practices in the workplace.

    | Web Link

  • Cyber Impact: Why Physical and IT Security Are Converging
    From “Cyber Impact: Why Physical and IT Security Are Converging”
    Security Today (03/01/16) Joseph, Stephen

    The shift of banking practices from physical branches to online has forced financial institutions to revamp their security measures for the cyber realm. IT and physical security are increasingly converging, with new network-based technologies allowing the two departments to share common tools and work in tandem. Corporate security directors faced with limited security staff are using smart technology for traditional security support as well as for handling decision making. An example is network routers that can be programmed to detect and route specific network traffic, such as financial transactions, e-mail or surveillance video, according to preset conditions and priorities. In mitigating potential threats, it is also important for IT and physical security to work side-by-side, such as in deploying a physical security system technology on a bank’s network. Another way the two fields are converging is the IP video camera, a popular physical security device today being deployed across banking networks. As with any network device, the security camera should meet certain basic IT security standards and banking institutions should follow standard protection recommendations. New technology always comes with the potential of new threats, but through efforts by both parties to seamlessly merge cyber and physical security programs, an institution can become more capable and successful in mitigating potential risks.

    | Web Link | Return to Headlines
    Data Security Threats Could Be Lurking Inside Your Organization
    From “Data Security Threats Could Be Lurking Inside Your Organization”
    In Homeland Security (03/02/2016) Tarbet, Michael

    Most organizations tend to focus security efforts on data breaches that come from the outside. But 43 percent of breaches actually come from within the company itself, some as a result of simple human error and some by more nefarious means. These breaches carry consequences similar to those that come from outside breaches, and often have larger repercussions. As bring-your-own-device policies become more popular, the threat of interior breaches grows. One way to combat this risk is to implement policy-based data access governance. Identity-based access management can work well, but policy-based governance can control what data leaves the organization and precisely defines who or what applications can use the data. It also enables companies to define the types of data an employee can access based on administrative roles. This principle works for current employees, but ex-employees pose a threat as well. The most efficient way to stymie that risk to to revoke all access to data by ex-employees as quickly as possible, especially if their termination was messy.

    | Web Link

« Previous Entries