• How to Secure Corporate Data in Post-Perimeter World
    eSecurity Planet (11/12/15) Webber, Chris

    With employees increasingly moving to the cloud and taking corporate data with them, the traditional enterprise security perimeter is no longer enough. IT leaders should adopt a new approach to protecting critical information that is focused on identity management and allows IT to follow its users as they move across networks, apps, and devices. To start, IT leaders should find a solid federated identity solution that can extend across all the apps and devices users need, while allowing them the convenience of a single-sign-on solution. Such solutions eliminate the need for users to have multiple accounts and passwords for every app and device, which creates numerous points of weakness attackers can target. Next, critical apps that handle sensitive data should be even more secured, ideally by using multi-factor authentication. Lost or stolen devices are also a serious threat, so whatever identity solution IT selects should ideally include the ability to locate, lock, or erase lost or stolen devices. Finally, it should be easy to both assign and revoke credentials to users. Automating the provisioning and deprovisioning process is ideal, but at the very least there should be a specific individual in charge of tracking users access to apps and removing that access upon the employee’s departure.

    Web Link | Return to Headlines

    Survey: How Wearables and IoT Are Impacting BYOD
    ZDNet (11/09/15) Matteson, Scott

    A majority of companies now use bring your own device (BYOD) policies in the workplace. These new concepts, ranging from wearables to personal employee-owned phones, have the potential to further influence and change the BYOD trend by making it more complex. A survey from Tech Pro Research found that nearly three-quarters of organizations allow BYOD, with security concerns ranking as the biggest impediment to implementation. IT and educational companies were most likely to permit BYOD and the government was the most likely to prohibit it. Smartphones and tablets were the most common devices. Small companies were the most likely to have included Internet of Things (IoT) devices into their BYOD plans. Interestingly, 78 percent indicated that BYOD policies had no effect on IT costs. Securing these devices remains a sticky issue for many companies, but the improved communication, better organizational capabilities, and enhanced productivity are causing many companies to overlook the negatives and focus on the immediate positives.

    Web Link

  • 12 Cost-Efficient Video Surveillance Strategies
    Security Magazine (11/01/15) Zalud, Bill

    Security video and surveillance has changed a great deal over recent years, and Bill Zalud, Security Magazine’s editor emeritus, offers several tips on how security professionals can get the most out of security video for the least amount of money. First, he recommends working closely with internal partners, such as IT, both to make the use of video surveillance more effective, but also to gain access to a larger budget pool. He also recommends taking advantage of recent advances, such as cloud-based video services and megapixel and panoramic cameras, the capabilities of which can reduce the number of cameras that need to be placed on site. There are also a plethora of both wired and wireless transmission options available today, giving security the flexibility to find the solution that best meets there needs. This includes power-over-ethernet, which can eliminate the need to run power separately to cameras. There is also a wide variety of storage solutions available, ranging from on device and onsite to cloud-based. Zalud recommends choosing a flexible and scalable solution, especially when transitioning from an analog to a digital system. He also recommends employing video analytics, which is only becoming cheaper as its capabilities increase.

    Web Link

  • Surveillance Cameras Could Pose Security Threat
    WJTV.com (11/02/15) Alexander, Beth

    While surveillance cameras are intended to help make users feel more secure, some of those cameras are viewable online anytime, by anyone, day or night. The website Insecam, for example, grants access to more than 8,700 of these cameras, showing everything from inside houses, street views, parking lots, officers, and beaches. Melissa Wiggins, a computer science professor at Mississippi College says that such cameras are “unsecured and people put them in bedrooms and babies nurseries. And places that they would not want the general public to be able to see what they’re doing or who was there.” Wiggins continued on to say that unprotected cameras can lead to significant security risks for homes or businesses, including break-ins and online threats. “If it doesn’t have to be on the Internet don’t put it on the Internet. Turn the wireless off,” she urges, noting that if something does need to be put online, users should make to “secure everything from the point that the connection comes into [the] house to the camera. And any other device that might be on the Internet as well.”

    Web Link

  • Study Highlights Poor Employee Security Habits
    SC Magazine (10/27/15) Greenberg, Adam

    A new study on employee cybersecurity habits from CompTIA found 17 percent of the 1,200 surveyed U.S. employees plugged an unfamiliar USB drive into their own devices. “Given that malware, including viruses, Trojan horses, and other types of code can be released by such a method, we felt it was important to highlight that these behaviors still exist—and people need to be better educated to the risks,” says CompTIA CEO Todd Thibodeau. He says part of the problem is a lack of the right kind of security training. The study found 45 percent of employees receive no security training from their employers. A good place to start when improving security policies and training would be password management. Thirty-seven percent of the employees said they only change work passwords annually or sporadically and 54 percent said they change their personal passwords only annually or sporadically. What’s worse, 38 percent said they use work passwords for personal accounts. In addition, 63 percent said they use work-issued devices for personal activities such as online banking and social media, and 94 percent will connect laptops and mobile devices to public networks and 69 percent will handle work-related data while doing so.

    Web Link | Return to Headlines

    Hacking of ‘Unregulated Data’ Poses Big Risk to Firms
    Wall Street Journal (10/30/15) Rubenfeld, Samuel

    There are several types of data, the storage and transmission of which, the government has decided to regulate. These include things like medical records or personally identifiable information. Companies face strict notification requirements should this data be breached. However, many of the most serious data breaches in recent history have involved “unregulated” data, the massive sets of corporate data that do not fall into any regulated category. Experts warn that breaches of this data can be just as damaging to a company as breaches of regulated data. Sony Pictures Entertainment, for example, suffered major reputational damage after thousands of emails stolen in a massive data breach were made public. And while corporate data may not be subject to formal reporting requirements, the Federal Trade Commission has suggested that companies that fail to disclose breaches of corporate data could still face legal consequences. “The FTC is saying that if a company has specific information that its systems may not have been secure and they didn’t disclose it, they may be committing a deceptive practice,” says Charles Beard, a cybersecurity expert at PricewaterhouseCoopers. That said, experts agree that not all corporate data should be treated the same. Don Keller, also of PwC, says that companies should create a “hierarchy of value” to help them better store and secure their data.

    Web Link

« Previous Entries   

Recent Comments