Security Doesn’t Get a Summer Break, 7 New Things You Should Know
June 16, 2017 By Christopher George Cloud, cybersecurity
Summer is here and with the warmer temperatures come outdoor parties, long weekends and extended vacations. Unfortunately, the freedom associated with the summer season does not extend to your cybersecurity needs. Here are 7 new cybersecurity trends and potential solutions to watch for this year.
- Accountability for Device Security has become a focus of the FTC when it was discovered thousands of low security, IoT (Internet of Things) devices were used to launch large-scale DdoS (Distributed Denial of Service) attacks. These attacks impacted DNS provider DYN and several other organizations.The FTC filed a complaint claiming the device maker “failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds…”
IoT device manufacturers and tech suppliers are required to ensure adequate security precautions are being taken to protect devices from attacks, or they will face potential legal charges.
- Business Email Compromise (BEC) schemes are exploits driven by stolen or invented identities and are growing in effectiveness and sophistication. In 2016, BEC attacks compromised financial institutions, leading healthcare organizations, the Democratic National Committee and an NBA team.Although most BEC attacks are unsuccessful, the few that are most often result in million-dollar losses for the affected corporation. This large payout has led to an increased effort by cyber attackers. Additionally, each time a BEC attack is successful, the news reports how it was accomplished, providing a framework for other attackers to build upon.
- Mobile Device Security policies and practices need to become a priority for businesses. Mobile devices are fully controlled by employees and are more difficult to protect than computers housed within an office.To protect sensitive company data, it is crucial that proper identity and access management policies are created and enforced. Basic policies should include these protocols. Require mandatory updates when security fixes are developed. Ensure all company devices are secured with a PIN number, password or fingerprint detection. Set a backup schedule for all data stored on mobile devices, as well as a remote wipe in case the device is lost or stolen. Implement device measures that prohibit the download of unnecessary third-party apps, or apps that require more access than is absolutely needed for the service.
- Contextual access to safeguard digital assets requires answers to certain questions, so organizations can be more confident in whom they are granting access. This technology connects to online databases or trusted sources for answers to questions designed to improve identity procedures of the individual requesting access.
- Cloud storage services and shadow IT putting businesses at risk occurs when employees unintentionally expose sensitive data to external threats. While popular apps, such as Dropbox or Google Drive may be sanctioned by the company IT department, users who access them from a non-corporate email account can place the data at risk.Additionally, employees often turn to other services, such as Evernote and Asana that do not provide formal usage policies and make it easier for company information to be shared or exposed to malware or ransomware attacks.
- Authentication and DMARC have been designed to protect email users from phishing scams and shut down same-domain impersonation attacks. With DMAR, IT staff can discover and authorize, or deny any third-party software distribution service as soon as the service attempts to send an email.In addition to pre-send, emails that are rejected generate a report that is sent back to the domain owner. This allows IT a chance to see if phishing attacks are underway and identify “shadow” services being used without the department’s knowledge. Essentially, DMARC has allowed email service providers to build a global army of bouncers that block attacks before end users see them.
- Device-specific credentials “bind” a user account to a physical device. This balance of security, convenience and privacy means a user’s phone will become their password and existing credentials will be improved. Once these credentials are set up, the user, via their device, will be asked to enter a PIN number, use a biometric authentication or otherwise identify they are a human before information will be released.
Implementing the necessary steps to ensure your data stays secure may seem like a daunting task. With Protelligent’s Premonition Security Suite™ you can get the professional security you need without cutting into your summer fun. Call us today at (855) PRO-TELL.
Recent Posts
Archives
- August 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (1)
- March 2020 (1)
- February 2020 (1)
- January 2020 (1)
- December 2019 (1)
- November 2019 (1)
- October 2019 (1)
- September 2019 (2)
- July 2019 (1)
- June 2019 (3)
- April 2019 (1)
- March 2019 (1)
- February 2019 (1)
- January 2019 (1)
- December 2018 (1)
- November 2018 (1)
- October 2018 (1)
- September 2018 (1)
- August 2018 (1)
- May 2018 (1)
- March 2018 (1)
- February 2018 (1)
- January 2018 (2)
- December 2017 (2)
- November 2017 (3)
- October 2017 (3)
- September 2017 (2)
- August 2017 (3)
- July 2017 (2)
- June 2017 (5)
- May 2017 (7)
- April 2017 (5)
- March 2017 (5)
- February 2017 (1)
- January 2017 (5)
- December 2016 (1)
- October 2016 (4)
- September 2016 (1)
- August 2016 (3)
- July 2016 (1)
- June 2016 (1)
- May 2016 (1)
- April 2016 (1)
- November 2014 (1)
- July 2014 (2)
- June 2014 (1)
- May 2014 (3)
- April 2014 (3)
- March 2014 (1)
- February 2014 (2)
- January 2014 (3)
- December 2013 (1)
- November 2013 (4)
Categories
- Community (19)
- Cloud (18)
- IT (16)
- cloud backup (16)
- cybersecurity (15)
- cloud backup data recovery (9)
- cloud computing (8)
- clouddr (8)
- it security (8)
- cloud storage (7)
- data security (7)
- AWS (6)
- Education (6)
- cloud services (6)
- Giving Back (3)
- cloud restoration (3)
- compliance (3)
- data (3)
- assessment (2)
- business (2)
- chief information officer (2)
- client satisfaction (2)
- cloud data recover (2)
- cloud dr (2)
- critical power exchange (2)
- cyber (2)
- cyber responsibility (2)
- data recover (2)
- datacenter (2)
- duo security (2)
- end-to-end encryption (2)
- hackers (2)
- holiday season (2)
- internet (2)
- storage (2)
- 2019 goals (1)
- Android (1)
- Arts (1)
- Business Continuity (1)
- CASBO (1)
- Cisco Cloud Web Security (1)
- Cisco Security Intelligence Operations (1)
- Custom Design (1)
- Graphics (1)
- Protelligent (1)
- Virus (1)
- account protection (1)
- advanced persistent threats (1)
- alien vault technology (1)
- alienvault technology (1)
- antivirus program (1)
- antivirus software (1)
- apis (1)
- apt (1)
- attachment (1)
- attack (1)
- automatic updates (1)
- awareness (1)
- backup (1)
- benefits (1)
- best practices (1)
- bot-driven attacks (1)
- bring your own device (1)
- bug (1)
- business growth (1)
- byod (1)
- california joint powers insurance authority (1)
- california jpia (1)
- check cashing (1)
- cisco (1)
- cjpia (1)
- client testimonial (1)
- cloud backup vs cloud storage (1)
- cloud computing services (1)
- cloud conversion (1)
- cloud migration (1)
- cloud recovery (1)
- community link consulting (1)
- compliance program (1)
- compliance regulations (1)
- computer science (1)
- computer security (1)
- computers (1)
- contain attacks (1)
- cost of cybercrime (1)
- cost of data breach study (1)
- critical power (1)
- critical power products & services (1)
- customer testimonial (1)
- customer testimonial video (1)
- cyber liability (1)
- cyber-threat (1)
- cybercrimes (1)
- cybercriminals (1)
- cybersecurity program (1)
- data access (1)
- data breach (1)
- data breach protection (1)
- data center (1)
- data encryption (1)