Wednesday, October 30, 2013
Are your protecting your WordPress website from attacks?
Monday, June 18, 2012
Passwords Still the Easiest Hack
Thursday, May 19, 2011
Whitehouse has released a cybersecurity plan
- National Data Breach Reporting. Proposal to help businesses by simplifying and standardizing the existing patchwork of 47 state laws that contain these requirements. (I personally do not think we will have 1 national privacy policy anytime soon. States rights!!)
- Penalties for Computer Criminals. Clarifies the penalties for computer crimes, synchronizes them with other crimes, and sets mandatory minimums for cyber intrusions into critical infrastructure
- Voluntary Government Assistance to Industry, States, and Local Government. Proposal to enable DHS to quickly help a private-sector company, state, or local government in a breach
- Voluntary Information Sharing with Industry, States, and Local Government. Proposal to help entities share information. ( Sure ATT will share information with Sprint and Bank of America will share information with the government)
- Critical Infrastructure Cybersecurity Plans. Proposal to enable transparency to help market forces ensure that critical-infrastructure operators are accountable for their cybersecurity.(Thats way to vague)
- Management. Update the Federal Information Security Management Act (FISMA) and formalize DHS’ current role in managing cybersecurity for the Federal Government’s civilian computers and networks. (They definitely need this now!).
- Personnel. Recruit and retain highly-qualified cybersecurity professionals. (With reduced funding for education, we will probably have to recruit from China)
- Intrusion Prevention Systems. Implement better IDS systems. (Imagine having to read all the log files from all the government agencies, need to outsource this effort)
- Data Centers. Embrace Cloud Computing. (if you use cloud computing, you will rely on Facebook for your security requirements?)
Wednesday, December 29, 2010
The Dangers of Employee Social Media Usage
Does your company have anything in place for protecting confidentiality through social media usage? Do you have a Social Media Security Policy? Employees sign agreements when joining the company but did the business cover disclosing things like pictures or private conversations and even meeting information via Google Buzz or Facebook? What about brand new products being developed that are trade secrets?
If your employees are online working to do their job and Facebook, MySpace, or gaming sites like Pogo are not blocked, how do you know they are doing their work 100% of the time? Just because their production numbers look great, doesn’t mean they are not slacking. Have you done a Social Media Security Assessment?
It is becoming an epidemic in the work force with employees breaking rules and ultimately being fired every day. If security monitoring technologies are in place you could possibly sue the former employee but your trade secrets are gone and so might be your reputation. If an employee is bad-mouthing your company and tells everyone to not buy or shop with you, there goes your business immediately.
You can make a legal policy for employees to sign when they start their job that they will not talk, disclose, or say anything bad about the company on social media sites. If businesses do not step up soon and do something it can be a total free for all!
Here are a few interesting facts to consider. One out of every ten employees admitted overriding their job’s security system so they could access restricted sites. In 2009, 24% of eight hundred employers surveyed said they had to discipline an employee for using social media sites. Another study showed 8% of employees were terminated for accessing Facebook out of two hundred businesses polled. Twenty eight thousand people were polled in the United Kingdom at the beginning of 2010 and a whopping 87% said they can do what they want; it is their right to do so.
It is now believed that social networking will replace email by 2014 as the main way to communicate for 20% of all business owners or users. Is your company prepared for Secure Social Media?
Gary Bahadur
CEO KRAA Security, baha@kraasecurity.com
http://twitter.com/kraasecurity
*Managed Security Services
*Vulnerability Management
*Compliance & Police Development
*PGP Security
*Free Website Security Test
Wednesday, December 15, 2010
Sunday, December 12, 2010
Tips to Avoid Confidentiality Issues When Using Social Networking Media
Social media applications are not just a part of one’s personal lifestyle; this has also become incorporated in the corporate climate. Many places use these applications for marketing, file sharing, communication, and employee recruitment. While these applications can open up a great many doors of communication, some type of guidance or governance is necessary. Because banning the use of such sites is most likely unenforceable or impractical, a hospital or other such entity that must shield private information should at least ask or force their employees to adhere to some Social Media Policy guidelines.
For instance, when utilizing social networking sites, one should use separate passwords for the different sites, as an individual can easily hack all of one’s accounts if they know the one password. A security breach of one account could snowball. Passwords should be complex and change every 90 days. Accessing social media sites should be over SSL and only from trusted network connections, not coffee shops especially for business purposes!
In the case of company documents or patient information, if it isn’t found on the company’s web page it probably should not be posted elsewhere. There are sites that exude a feeling of privacy and security, but are far from it. Allowing one’s corporate information security team to determine what sites are acceptable is the best option.
Another thing one should not do is post his or her own identifying information publicly, such as date of birth, his or her social security number, or an employee ID number. If a site requires this information, 1) it is most likely not a reputable site, and/or 2) one could make something up or ensure that it is not going to be displayed in a profile that will be public.
Some information may not be considered confidential; yet not posting these items to public social media sites is probably a good idea. This can include anything from rumors, to purchases the company plans on making, anything about the technology one’s company uses or will use, and any projects the individual may be working on.
So in one’s personal endeavors, it is most beneficial to all involved if confidential information, or information that could be considered secret, stays out of the hands of the public. Follow practical posting guidelines and do not share more information than is necessary in corporate social media activities.
Gary Bahadur
CEO KRAA Security, baha@kraasecurity.com
http://twitter.com/kraasecurity
*Managed Security Services
*Vulnerability Management
*Compliance & Police Development
*PGP Security
*Free Website Security Test