Are Regular Password Changes a Good Policy?

Data security is a process that evolves over time as new threats emerge and new countermeasures are developed. The FTC's longstanding advice to companies has been to conduct risk assessments, taking into account factors such as the sensitivity of information they collect and the availability of low-cost measures to mitigate risks. The FTC has also advised companies to keep abreast of security research and advice affecting their sector, as that advice may change. What was reasonable in 2006 may not be reasonable in 2016. This blog post provides a case study of why keeping up with security advice is important. It explores some age-old security advice that research suggests may not be providing as much protection as people previously thought.

[More]

Biometrics - How do they work and are they safe?

We are starting to see some clients using Biometrics, mostly fingerprint readers at this point.   It's our expectation that more sophisticated biometric sensors such as face recognition and whole hand readers will become more common in the next several years. 

Biometrics are part of the cutting edge of technology. Put simply, biometrics are any metrics related to human features. Fingerprinting is a very early and simple version of biometrics, like when you login to your phone using your fingerprint. As with any emerging technology, the first question you should ask is if they are safe.

How Do Biometrics Work?

If you've ever put your fingerprint into an device, you have a vague idea of how biometrics work. Basically, you record your biometric information, in this case a fingerprint. The information is then stored, to be accessed later for comparison with "live" information. Anyone else in the world can put their finger on you device's touch circle and it's not going to open your phone.

[More]

New Phishing Scam Involving Company W-2s

Your company bookkeeper or outside accountant receives a seemingly innocuous email from the CEO, owner, or other "high up" person in the organization asking for a copy of all the 2015 W-2s in pdf form.  Simple enough - just one of the many things that need to be responded to every day.  Except this one isn't innocuous.  It's a trap to capture your employee's social security numbers.  And unfortunately, because of its deceptive simplicity, it's been successful in a few places.

"Can't happen here." or "We are way to small."  No such thing. No organization is immune and even the best anti-malware products may not be able to keep up with every single instance of this Scam.  In the last couple of weeks, we have seen instances with some of our clients where this exact Phishing Scam has been identified  Fortunately, most people are vigilant and aware.  They asked their superiors to confirm the request and stopped the issue then and there.

Below is a release from the IRS outlining this issue in more detail.  Bottom line is simple:  You can't be too careful with important company information. Always ask questions and independently doublecheck those kinds of requests.

IR-2016-34, March 1, 2016

WASHINGTON — The Internal Revenue Service today issued an alert to payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees.

The IRS has learned this scheme — part of the surge in phishing emails seen this year — already has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.

[More]

Telltale Signs an App is Violating Your Privacy

Malware isn’t just for laptops and desktops. In fact, it can be a lot easier for malware to end up on your mobile phone or tablet than your computer. When it comes to mobile malware, a little bit of paranoia goes a long way. Malicious apps can steal your personal information, including sensitive financial information that can then be used to steal your identity. A lot of malware ends up on your phone due to malicious apps. So what are signs that you might already have a malicious app on your phone?

Slow Internet Connections

A slow Internet connection doesn’t always mean malware, but it is one of the few symptoms that even the most sophisticated malware can’t hide. Whether a malicious app is phoning home, communicating information about you or using your mobile device as part of a botnet scheme, it’s going to be using Internet bandwidth to do it. So if your connection speeds are all of a sudden crashing down to nothing, that can be a very clear sign that there’s something amiss with one of your apps.

[More]

This is why People Fear the Internet of Things

The "Internet of Things" (IoT) is a fast growing segment of all techonologies.  Being able to connect to your home thermostat, remotely lock (or unlock) your front door or operate a surveillance camera in your home or office all are very intriguing.  But like a lot of things - Danger Lurks!  

The following article from "Krebs on Security" is fairly dense reading, but does a great job of describing many of the potential security issues surrounding the IoT.  Like many issues involving Internet techologies, there are ways to do things right.  Usually, they are not the easiest to implement and rarely are they inexpensive, however we caution all our clients to make sure that the fancy new gizmo that you want to add to your network doesn't inadvertantly create an enormous security hole!

Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt.

[More]

Previous Entries / More Entries