Connect with us

Cyber Security

Cyber Security Protection Checklist for Remote Workers

Avatar

Published

on

Cyber Security Protection Checklist for Remote Workers

Amid all the COVID-19 chaos, as people get limited to their homes, the world is seeing a significant shift towards remote work culture. Although this shift helps to save people from the pandemic, it puts them under a different kind of risk.

A person sitting at a desk in front of a computer Description automatically generated

There are always those who’d benefit from a crisis. In this particular situation, hackers have gone in an over-drive.

The human element is the biggest risk among all IT security risks. That’s why hackers frequently trick and use credulous employees in their malware attacks.

As countless people strive to continue their careers from home, hackers use this opportunity to attack the usually inadequately protected home networks and unsuspecting remote workers.

With many personal activities being carried out online as well, like grocery or clothes shopping, more sensitive information is being shared online than ever before.

That’s why remote workers must be careful about the use of the internet as well as local apps, to avoid leaking sensitive or secret company information that hackers can use to infect an entire network and demand ransom money.

How to Protect Yourself?

Like most things, simple tips and tricks can help remote workers protect themselves against these challenges. Awareness is the key, however. If you’re aware of the threats surrounding you, you can move on to take essential measures.

Be Careful About Bringing Company Hardware to Home

You may want to bring company hardware home to facilitate working from home. But work devices are accustomed to a secure environment, that’s you might experience some vulnerabilities when you take these devices back home.

This move can result in data being lost in transit or at home. So be careful about only bringing home devices or information that you absolutely require. 

A person using a computer sitting on top of a table Description automatically generated

         Work and Personal Devices | Source: Unsplash

In the same vein, try not to use the same devices for personal and work use. People are usually casual and relaxed about using personal devices, which can be particularly dangerous for any company information stored on these devices. 

Similarly, don’t transfer work data to personal devices to prevent any unintended information leaks.

Use Secure Network Connections

Since you’ll be using your private network for work-from-home, remote workers must prioritize getting a secure Wi-Fi connection, so you only connect to your work network within a safe virtual environment.

You need to get a strong WLAN encryption locked using a unique and complex password. Using a VPN will further ensure your online privacy and safety by making you anonymous online. This can be critically important if your work involves exchanging sensitive information or accessing the company intranet.

Use Premium Antivirus Protection

High-quality antivirus protection is the other aspect of your online security. Premium antivirus solutions like Kaspersky and Norton offer features like personal firewalls, email filters, network security, VPN, phishing protection, ransomware protection, and many more. 

        Antivirus Protection for Remote Workers |  Source: Unsplash

These features are essential for the safety of remote workers. For a small monthly charge, you don’t just ensure the safety of your family and organization, but also get to enjoy a sense of mental peace by keeping digital threats at bay.

Keep Your Software Up to Date

Be it your operating system, antivirus software, or any other software you use; you must always keep them up to date. 

At home, you are sharing the same network for your personal and work-related connectivity. All personal devices and smart appliances are attached to the same router for data transmission, which increases your vulnerability.

That’s why make sure all your devices are up to date. Software companies regularly release updates that include performance or security patches that enhance the efficiency of the software.

It helps to keep your software settings set on automatic updates. But if, for any reason, you don’t want to turn on automatic updates, you must regularly check for the latest updates on your software provider’s official website and make sure all your security patches are in place.

Be Wary of Unsolicited Emails

As you probably already know, phishing emails are a common source of malicious activity. That’s why you need to be careful about unsolicited emails and email attachments.

Do not click on links or open attachments in emails you can’t confirm the source of. Even if an email is from a close friend but contains suspicious text such as unusual personal questions, it is probably malware at play.

Similarly, emails that create a sense of urgency warning you of severe consequences if you don’t take immediate action are chief candidates of phishing attempts.

In any case, you should never share personal or other sensitive information in emails or via other online channels without verifying the authenticity of a source through external means. 

If you receive an email from your service provider asking for information, you can try calling their customer service department for help. In case, the email is from a provider you’re not subscribed to, do not respond. 

Remember that legitimate companies do not ask you to divulge personal information through emails. They’ll only ever use verifiable sources in case they require any information from you.

Avoid Phishing Websites

Many phishing websites can trick you into sharing sensitive information. Some would even download malware on your device just for being on the site.

Always check a website’s security before you visit it. Pay close attention to the website’s Uniform Resource Locator (URL). The ones that begin with “https” differentiate safe sites from the unsafe ones (http).

Furthermore, where you may have to share information, make sure the site has a padlock icon next to the URL. This symbol indicates that your information will be encrypted for security.

Use Multi-Factor Authentication (MFA)

Would you believe that 123456 is the most commonly used password? No kidding. That’s like presenting all your personal information to hackers on a golden plate.

That’s why always use unique passwords with a combination of small and capital letters, digits, and special characters. One trick is to take your favorite quotes or song lyrics and turn them into a creative password. That way, it’s easier to remember them.

Use a different password for each account so that even if one gets hacked, the others will still be safe. Also, change passwords regularly and never write them down anywhere. 

If you have difficulty coming up with unique combinations or remembering them, it’s better to use a Password Manager.

The best thing, however, is to use multi-factor authentication where possible. With MFA, the user needs to present two or more credentials to authenticate their identity. These credentials usually include a password and another evidence type, such as a secret question, mobile number, numerical codes, biometrics, etc.

MFA makes it harder for hackers to break into your account. Even if they are successful in cracking your password, they won’t be able to verify other credentials. 

Turn off Voice-Controlled Smart Appliances

Virtual assistants like Alexa and Siri listen in on everything you talk about at home and transfer this information to their providers. There’s every possibility of these recordings falling into the wrong hands.

So, you must be careful about their presence in the same room where you work or even generally discuss important matters. You should either turn them off or remove them from the room altogether.

Also, be sure to cover the webcam on your PC when not in use and be careful about using the video function for sharing information.

Log off from your User Account when not Working

Even the most disciplined of us can get relaxed about some work rules at home. One of the most common things we do is to leave our user accounts unlocked when taking a break from work at home. 

Be careful not to do that and always lock the screen of your PC so that it isn’t accessible during your absence. As an added measure, be sure to safeguard your devices against unauthorized use and theft, as well.

Backup Important Data Regularly

Last but not least, always back up your important data. We’d recommend you save your data on a top-quality external storage device as well as to cloud storage. 

Backups come in handy if you lose your device or malware threatens to erase everything. In case of malware, you can reset your PC to factory settings and get rid of the malware, and you’ll still have all your data safely stored.

Use Trusted Sources for COVID-19 Updates

While we are on the subject of being careful online amidst COVID-19, you also need to watch out for the pandemic related scams. Don’t go to any random sites that offer the latest info stats on COVID-19. 

Consult legitimate government websites where you’ll find all the up-to-date information you need to know. 

Similarly, if you want to contribute to any charities, verify the charity’s authenticity before you make any contributions, so you don’t end up losing your money to malicious actors.

Summing Up

Awareness and caution will keep you safe in most cases. Just follow the tips we have talked about and have a safe working day at home.

If, however, you feel that you may have leaked sensitive company or financial information, report to your organization and alert them to the problem so that they can take necessary measures. 

In case of a financial information leak, contact your bank immediately and close the accounts you think may have been compromised. Keep an eye out for any unexplainable debits to your account.

If it’s passwords that may have been given away, change them immediately and watch out for signs of identity theft. 

Source: https://gbhackers.com/cyber-security-protection-checklist-for-remote-workers/

Cyber Security

Symple implements PwC Protect to catch and weed out loan application fraud

Avatar

Published

on

Symple Loans, the Melbourne-based personal lending fintech, today announces the successful implementation of PwC Protect – an innovative SAAS solution developed by PwC Australia for the prevention of loan application fraud in the banking industry.

The cloud-based product leverages PWC’s deep expertise in fraud prevention and forensic analytics to digitally assess documents (such as payslips and bank statements) submitted during the loan application process and then detect with a high degree of accuracy, instances when information may have been manipulated or falsified.

“The merits of integrating PWC Protect were clear to us from the onset” says Bob Belan, Symple’s Co-Founder and CEO. “This sophisticated solution has helped modernise and automate a key part of the loan application process – adding fraud risk protection and also enabling us to deliver a better and faster experience for customers.”

As the shift to digital lending continues to accelerate locally and globally, the most prudent credit providers are taking steps to develop or deploy advanced methods for accurately and efficiently assessing borrower documentation.   PWC Protect has been designed to specifically address this industry-wide challenge facing both fintech and traditional lenders alike.

Belan added, “The collaboration between Symple and PwC has been outstanding and we’re very pleased to be integrating another piece of world-class technology into our state-of-the-art lending platform.  While our fraud losses to date have been very low at around 0.1%, constant vigilance and ongoing investment in innovate solutions like Protect are needed to ensure this is maintained.  This is one of several technology investments that we’ve fast tracked during this Covid-19 period as we prepare to ramp up loan origination growth in the months ahead.”

Thomas Sonderegger, Consulting Financial Services Partner at PwC said, “We are thrilled to be working with the team at Symple – joining forces with them and our other customers who are using Protect to prevent fraud, reduce costs and ultimately improve customer experiences.

Source: https://australianfintech.com.au/symple-implements-pwc-protect-to-catch-and-weed-out-loan-application-fraud/

Continue Reading

Cyber Security

Interview With John Milburn – Clear Skye

Avatar

Published

on

Aviva Zacks of Safety Detectives sat for an interview with John Milburn, CEO of Clear Skye, and asked him about his company’s platform.

Safety Detectives: What got you interested in cybersecurity?

John Milburn: I was working for a large bank in the run-up to Y2K. That was a time of very explosive growth in cybersecurity. This was the first time that IT organizations across all verticals were forced to admit that their businesses were dependent on systems that were vulnerable. No longer were we talking about security in the abstract; instead, the industry came together with a shared goal of ensuring business continuity in the face of a real problem. It was during this period that markets such as firewalls, SEIM, and Identity Management began to come into their own and the innovation happening in these new disciplines caught my attention and never let go.

SD: Tell me about Clear Skye’s platform.

JM: Before I answer that, I would like to first speak about the journey the cybersecurity space has taken over the past 20 years. The IT landscape keeps changing, meaning the attack surfaces keep changing and like any good industry, every new security problem will be met with a new security product. Over time these products get bigger and often become platforms. The result is, while technically we have the tools to make us more secure, there are so many products, platforms, and silos that effectively and securely driving your business forward is incredibly challenging. The Clear Skye team believes that it doesn’t have to be this way. Organizations don’t necessarily need more silos or platforms to be secure, and thus our solution leverages a platform our customers already have, ServiceNow. Specifically, we believe the Now Platform provides a better way to solve the Identity Governance and Administration (IGA) problem. Our approach removes much of the headwinds commonly found in IGA programs, such as:

  • A disconnected user experience – IGA programs depend on non-IT users to interact with the system, requesting or approving application access. If an organization is using ServiceNow, knowledge workers are already using its Service Portal to facilitate similar requests and approval workflows. A standalone IGA solution will require users to learn a new URL, new interfaces, and new workflows which often slows down the engagement and value realization of a well-intentioned program. Clear Skye IGA is native to the Now Platform, meaning that we leverage the same portals, interfaces, and workflow that an organization is already running their business on – resulting in much better speed and effectiveness.
  • Poor integration with other key processes – Identity Governance is a practice that needs to interact with other key IT Security processes such as ITSM, GRC, Incident Management, and HR Management. Historically organizations spend a significant amount of time building integrations between these large solutions, with results that are typically brittle and falling short of the original vision of cross-process interaction. As these workloads are more and more frequently moving into the Now Platform, it only makes sense to add Identity Management to the mix as well. Clear Skye IGA does not merely integrate with these other solutions, they are platform siblings, allowing for the complete sharing of data and security workflows that can easily cross the walls created by former silos of security.
  • The need for expensive specialty resources trained on your specific solution – Part of the IGA product selection process today must include the availability of trained resources, specifically trained on both Identity and Product X, available to get the project going. I have seen the scarcity of skilled hands slow down many IGA programs. As Clear Skye IGA is a native Now application, organizations can leverage the much larger pool of ServiceNow resources to drive and manage their IGA program.

SD: What types of companies use your technology?

JM: Managing who has what access across company applications is something that all organizations should be doing as basic security hygiene, though we see the highest demand in regulated industries such as financial services, healthcare, energy, and government. The Clear Skye target customer also has invested in ServiceNow as an application platform. Many start their journey trying to solve a discrete problem such as ITSM and CMDB, but evolve over time leveraging the platform to drive digital transformation, better enabling the business to adapt to market changes (like the one we are going through now) by quickly automating workflows across departments and silos. Our customers have a vision of the Now Platform becoming the single point of interaction between the knowledge workers and IT. The more IT security workloads that can be managed on this platform the more they will help the CISO have fewer things to integrate and audit, and the knowledge workers spend less time learning new security tools as opposed to driving the organization’s mission. Extending this vision to include Identity Governance both improves their current program and better enables their overall strategic vision.

SD: What is the worst cyberthreat out there?

JM: The scariest cyberthreat is how much we still depend on people to keep us secure. We have spent so much time developing very powerful tools for specific threats, including a recent focus on machine learning and artificial intelligence, and yet it is commonly acknowledged that there is an increasing shortage of security professionals to leverage these solutions. Something doesn’t add up there. I would argue that by focusing so much on building bigger and more powerful solutions for very specific security threats, we have made the CISO’s problem more challenging, not less. There is so much effort spent in integrating processes, that we are running out of skilled hands. Training and education are important to solving these problems, but I think it is just as important to take a long look at the security siloes we have allowed to get bigger and bigger over the last two decades. I don’t think our dependence on more security personnel will decline until we start breaking down some of these walls. We still need ITSM, IGA, and GRC capabilities, for example, but it is debatable whether the value of these solutions continuing to grow as bigger and bigger castles outweighs the management and efficacy problems these separate solutions create. With more alignment, I believe an organization can do more with less skilled people.

SD: How has the Covid-19 pandemic changed cybersecurity forever?

JM: The changes brought about by work from home and increased digital customer interactions will affect the cyber community forever. There will be lots of ongoing impacts but the one I think is most interesting is the increased role of the knowledge worker in cybersecurity. With most employees working remotely, far from their IT security teams, it has become more important than ever that everyone in an organization is security-minded in their daily operations. Much has been written already about this, and most people are focused on the need to increase end-user security skills training. While I do think that is needed, I think this misses the bigger issue. Trained users are great but that doesn’t help much if the daily processes and workflows that they use to do their jobs do not have security embedded in them. It will no longer be acceptable to create a security program that assumes end users will change their business processes to align with security goals. We need to focus on operationalizing security in ways that align with the very business flows that knowledge workers use every day. Where end-users are concerned, effective security protection will require aligning to their daily workflow, not the other way around.

Source: https://www.safetydetectives.com/blog/interview-john-milburn-clear-skye/

Continue Reading

Cyber Security

Interview With Ernie Anderson – Kudelski Security

Avatar

Published

on

Ernie Anderson, Chief U.S. Services Officer of Kudelski Security, was interviewed by Safety Detectives’ Aviva Zacks. She got a chance to ask him about his fascinating journey to cybersecurity.

Safety Detectives: What was your journey to cybersecurity?

Ernie Anderson: I wish I could say that I predicted cybersecurity would be a hot topic when I started my professional career almost 20 years ago, but I just got lucky in choosing my career path. I grew up with technology and computers in the house, having a mother who worked for IBM for over 25 years before retiring. I always knew that I wanted to be in IT and enable businesses to work smarter, faster, and be more connected. Coming out of school at the peak of the dot com era was both exciting and scary. It was exciting because the Internet was connecting people in new ways never thought of before and technology advances were happening in leaps and bounds. It was a scary time because the business models behind companies advancing IT were breaking new ground.  This translates into a lot of change and uncertainty, which included getting laid off from my first “real job” due to a restructuring effort shortly after joining so the business could try to reposition for the emerging economy.

After that, I spent about a year searching for systems administrator jobs and found myself moving across the country from Boston to San Diego. By searching random job boards, I found work at a management consulting firm looking for a system/security administrator to manage all the hardware and software in their web application development environment. The role I filled grew out of a public breach that stemmed from non-security focused developers’ insecurely managed systems, including opening unnecessary firewall ports, deploying misconfigured systems, and a slew of general hygiene matters that would make any of today’s security professionals shake their head. My primary goal was to maintain security configurations of systems and monitor the lab. The funny thing about that job was I learned the most about hardening systems by figuring out how our developers were trying to circumnavigate controls because they didn’t have access to what they needed and doing things they weren’t supposed to. Fast forward 20 years, I’m still in the cybersecurity industry and just as excited about it as when I was a twenty-something out of college.

SD: What is Kudelski Security’s flagship product or service?

EA: Kudelski Security is an innovative, independent provider of cybersecurity solutions for large companies and public sector clients. We support our clients in the development, deployment, and administration of cybersecurity solutions through a combination of advanced managed security services, consulting, and security technologies.

As a managed security services provider (MSSP), we have invested millions of dollars into our experts, our methodologies, and infrastructure. We have honed our capabilities to separate the signal from the noise through our 24x7x365 Cyber Fusion Center (CFC), which provides management of all security devices across all environments – on-prem, cloud, OT, and IIoT. It also fuses contextualized threat intelligence with human analysis of data to rapidly identify, contain, and mitigate threats. We apply the information we gather from one network or system to every network or system we monitor, making our intelligence richer and more complete. For most organizations, the kind of investment such coverage would require makes no business sense.

SD: What industries use your solutions?

EA: Our clients include Fortune 500 enterprises and government organizations in Europe and across the United States. Key industries that use Kudelski Security’s solutions include financial services, energy and utilities, manufacturing, retail and wholesale, and software and internet services.

SD: What is the worst cyber threat today?

EA: People and users pose the greatest cyber risk today. It’s easier to trick someone into giving you the information you need vs. breaking into a system and circumventing controls to get it. In general, people are trusting so it’s easy to prey on them. Additionally, system users don’t always appreciate the risks they’re taking when handling data or collecting information. For example, it’s very simple to accidentally email out employee payroll information to a cached email address in your email client. Or maybe you want to test an application in the cloud, and you need some data to validate that it’s working. It’s easy to drop production/customer sensitive information where it shouldn’t be and have someone stumble across that temporary server that was never hardened. User mistakes and unintentional consequences from seemingly harmless decisions will always pose threats we have to manage.

SD: How is the cybersecurity landscape going to change over the next few years?

EA: The cybersecurity landscape is likely to shift due to two main factors: the increasing complexity of privacy rules and laws and cyber attacks with more catastrophic consequences.

In terms of privacy rules and laws, there will be an increased struggle for businesses to abide by the increasingly complex regulation and maintain a balance between security and privacy rights. We’re seeing a strong trend with a slew of privacy laws coming out like GDPR and CCPA that aim to put control of personal data back into the hands of individuals. We are likely to see more substantial punitive damages and penalties imposed on companies that are negligent in protecting data. These laws will continue to mature, become more stringent, and be more challenging to navigate.

On the other side of this equation, we’re going to see a battle between public health and the right to privacy. Take the COVID pandemic right now – contract tracing could be much more effective if we could track a person’s whereabouts, who they’ve been in contact with in the past 14 days, and where those additional contacts may have traveled. If we could then identify that person and all potentially affected people, we could curb COVID outbreaks much more quickly. While that sounds good in practice, there is the potential for unintended privacy implications that must be considered. There will most likely be a battle around privacy rights that will be much different in a post-COVID world.

In terms of cyber attacks, most of the public breaches and attacks experienced have been conducted for financial gain (e.g., ransomware and credit card theft), intellectual property/information gathering, or hacking for fun/notoriety. Eventually, we’re going to see the proliferation of technology (think IoT and connected everything) used as the vector for state-sponsored or terrorist attacks. Everything is connected and networked these days, and that will only continue to grow from phones and cars to medical equipment and massive operational control (OT) networks. We’re likely to see a cybersecurity attack be tied to a digital terrorist event and/or significant loss of life in our lifetime.

Source: https://www.safetydetectives.com/blog/interview-ernie-anderson-kudelski-security/

Continue Reading
Crowdfunding4 hours ago

Saudi Arabia Monetary Authority to Award More Fintech related Licenses, as Number of Digital Transactions Continue to Rise

Crowdfunding4 hours ago

UK Extends Coronavirus Support Programs for Businesses

Crowdfunding4 hours ago

Cryptocurrency Exchange & Custodian Gemini Makes Debut in the UK

Crowdfunding4 hours ago

Fintech Lenders in Indonesia to Support Government with Disbursing Loans to SMEs as Part of COVID Relief Effort

Crowdfunding5 hours ago

Sberbank Launches Cloud Services for Businesses to Sign Payment Documents Through Mobile App

Crowdfunding5 hours ago

Renewable Energy Now Powers Nearly 40% of Proof of Work Cryptocurrency Mining: Report

Crowdfunding6 hours ago

Michele Tucci from Fintech CredoLab Shares Strategy to Help US Lenders with Surviving COVID-19 Crisis

Automotive7 hours ago

Infiniti QX60 Monograph previews a handsome next-gen three-row crossover

Crowdfunding7 hours ago

South Korea’s ICONLOOP’s VisitMe, an Electronic Guestbook QR Service that Digitizes Visitor Logs, has 100,000+ Users

Automotive7 hours ago

BMW fined $18 million for inflating monthly U.S. sales figures

AR/VR7 hours ago

HP Reverb G2 Will Begin Shipping in November, New Orders in December

Automotive8 hours ago

Amazon announces Ring car security devices and a drone that patrols inside your house

CNBC8 hours ago

Amazon’s newest Ring device is a flying security camera drone

AI9 hours ago

Improved OCR and structured data extraction with Amazon Textract

CNBC9 hours ago

House Democrats prepare new $2.4 trillion stimulus plan with unemployment aid, direct payments

CNBC9 hours ago

Futures rise slightly as market tries to avoid losses for the week

CNBC9 hours ago

Trump to sign executive orders protecting preexisting conditions and seeking a way to prevent surprise medical bills

AI10 hours ago

Preventing customer churn by optimizing incentive programs using stochastic programming

AI10 hours ago

Underwater Autonomous Vehicles Helping Navy Get More for the Money 

AI10 hours ago

Researcher Interview: Ziv Epstein, Research Associate, MIT Media Lab  

Crowdfunding10 hours ago

Nav, a Machine Learning enhanced Financing Platform for SMEs, Adds Real-Time Business Data Analytics, Other Major Updates

AI10 hours ago

As Cloud Computing Grows Rapidly, Companies Look to Manage Costs 

AI10 hours ago

The Trolley Problem Undeniably Applies to AI Autonomous Cars 

AI11 hours ago

AI and IoT Applied to Supply Chains Are Driving Digital Twins 

Crowdfunding11 hours ago

OCC Crypto Guidance Used to Assure National Banks as Certain States Move Aggressively into Digital Assets

CNBC11 hours ago

Amazon announces new Fire TV devices and a brand-new home screen that makes it easier to find stuff to watch

CNBC11 hours ago

What the post-coronavirus workplace might look like

AI11 hours ago

Selecting the right metadata to build high-performing recommendation models with Amazon Personalize

AI11 hours ago

Streamline modeling with Amazon SageMaker Studio and the Amazon Experiments SDK

Automotive11 hours ago

Charlie Martin set to be first transgender racing driver in the Nurburgring 24 Hours

Automotive12 hours ago

Watch a Tesla Model S Plaid prototype lap Laguna Seca in 1:30.3 seconds

CNBC12 hours ago

Facebook adds more guidelines for internal employee speech, banning political images in profile pics

CNBC13 hours ago

Google will help employees pay off student loans amid ‘debt crisis’

Biotechnology13 hours ago

Live imaging method brings structure to mapping brain function

AR/VR14 hours ago

WebAR: The Next Big Thing for Your Business

AR/VR14 hours ago

Augmented Reality Revolutionizing Healthcare Sector

CNBC14 hours ago

Amazon announces all-new Echo, Echo Dot, Echo Dot with Clock

AI14 hours ago

Expanding Amazon Lex conversational experiences with US Spanish and British English

CNBC14 hours ago

Biden’s child tax-credit plan is a big clue that his agenda could be more progressive than thought

CNBC15 hours ago

Salesforce CEO Marc Benioff praises former boss Larry Ellison for TikTok deal: He’s the ‘master of relevance’

Trending