por Rebeca | Feb 24, 2021 | Recursos, Soffid
After the issuance of movement restriction policies by the government to avoid the spread of coronavirus, organizations had no choice but to send people home. Most were in a hurry to get people up and working from home such that most resulted in advising some people to use their own devices. It is also highly likely that most overlooked the importance of cybersecurity.
Unfortunately, cybercriminals never rest and they are always looking for such opportunities to attack. While you had the IT department take care of cybersecurity issues when working in the office, the problem could have fallen squarely on you now. Not to worry, though, here we enlist 5 tech tips for cybersecurity as you work from.
Presented below are the top three cyber risks that organization need to address:
-
- Use of Unsecured Wi-Fi Networks – Employees accessing Company networks using Wi-Fi from popular locations (such as a coffee shop) can be more susceptible to cyberattacks.
- Lack of Cybersecurity Awareness and Training – Ensuring that there is a training program in place for best practices on security is Paramount in defending against cybersecurity threats.
- Lack of Physical Security or Personal Use of Laptops – Leaving work devices in the open, letting non-employees, such as family and Friends, borrow devices for personal use, or using corporate devices to answer personal emails, shop online or visit social media pages, are all examples of risky behaviour that employees may engage in whilst working remotely.
There are a number of ways in which your employees can ensure they stay safer when working out of the office. Make sure you inform your employees of these home cyber security tips.
- Avoid Public Wi-Fi. A lot of people like to work in cafes which have public Wi-Fi. This is a very dangerous way of working because it means that hackers can target your computer if they are on the same network. If your employees work in public places, make sure your employees use personal hotspots or encrypt their web connection. Encrypted web connections help to protect your traffic.
- Use adaptive and multi-factor authentication:
- Device encryption ensure that if a laptop is stolen or lost that hackers can’t get into it. They also help to protect your online accounts.
- Make sure you and your remote working employees use long passwords with multi-characters.
- Add multi-factor authentication processes is also a great way to stay safe.
- Do not use your corporate passwords with third party systems.
- Use Security Protection. If your organization owns laptops that your employees will take home, make sure that good and up-to-date security protection is installed on it.
- It is a good idea to have firewalls, antivirus, device encryption, web filtering, and any other preventative software.
- If your employees are using their own laptops or desktops, then make sure your employees have these security protections on their laptops too.
- Encrypted Emails. Encrypt your emails so that hackers can’t read your business emails. Install applications that ensure the protection of your emails.
- It is also a good idea to ensure your employees know how to spot cyber threats, such as phishing emails, so give them some training on cybersecurity.
- Hide Your Work. If your remote employees are working at a coffee shop, make sure they know to hide their work. Don’t let the people around you see what you are typing or your screen.
- Always keep your work with you, even if you just go to the restroom, because hackers can easily access your information in a matter of minutes.
- Download our free cybersecurity reportto find out about the most critical IT security protections your business needs in place.
Protecting your business from hackers and cybercrime is extremely important, so make sure you implement our 5 cybersecurity tips now.
Remember to ensure your remote employees follow physical security tips too, such as not leaving a laptop in plain sight in their car.
Looking for effective IT solutions? Learn more about how we can help you by contacting us now
por Rebeca | Feb 17, 2021 | Sin Categoria
The General Data Protection Regulation (GDPR) is the most significant overhaul of European Union (EU) data protection legislation in over 20 years. Amongst other things, it is intended to provide better protection to individuals and to give greater certainty to organizations in navigating data protection across EU member states
It includes 99 articles or clauses covering virtually every aspect of business and information management – everything from the consent to collect and process information, to the “right to be deleted”. Importantly for global businesses (including those outside the EU) the GDPR is supra-national, therefore any business that processes the data of EU citizens will fall under its remit, not just European businesses.
For cyber security professionals, the drive for data protection and information management is not new; although the level of detail, the requirements on data breach notification and the fines in GDPR impose a lot more focus.
As the scale of the cyber threat is revealed, organizations should welcome the data security requirements laid down by the GDPR as an opportunity to reduce the risk of data breaches. After all, if an organization’s data is compromised, regulatory fines may be the least of its worries
While the GDPR introduces severe penalties for compliance failures, it will also force organizations to pay more attention to data security in the face of the looming cyber threat.
How to comply with the 5 cyber security clauses of GDPR
For security monitoring and operations in GDPR compliant businesses there is increased focus on both prevention and avoidance of security and privacy breaches. Further, it is imperative to be able to respond quickly when a problem does occur, understand it and take action. The 72 hours allowed to notify the government authority is accompanied by an expectation that affected data subjects will be communicated with promptly. As a minimum, businesses handling personal data will need to:
- Engage DPO to be part of the access and authorization approval processes.
- Use identity governance tools to get access attestation as well as prevent unauthorized access.
- Create a catalogue of roles to identify the personal data contained in each application. Track and timely review each one of these roles.
Shall we talk about your needs? Our team can help you with your cybersecurity projects.
Sources:
(1) Dreamhost
(2) gdpr.eu
por Rebeca | Feb 10, 2021 | Soffid
As businesses reflect on the disruption caused by the COVID-19 crisis, ensuring agility and resilience have risen to the top of C-suite agendas everywhere.
Administrative users require privileged account access in their day-to-day roles to maintain systems, perform upgrades and troubleshoot issues. However, these users can also misuse their privileges to gain unauthorized access to sensitive information or cause damage to the IT environment. To deter the misuse of privileges by authorized users, as well as detect malicious activity that could indicate a compromised account, organizations should proactively record and monitor all privileged session activity.
It’s great to have a session recording tool that recorded everything users do on the command line, it might prevent some oversights from happening in the first place if users are aware that what they were doing will being recorded. After all, people are usually on their best behavior when they know they are being recorded.
Key Benefits:
- Cost and time savings– both admins and developers need to use less time for non-productive routines and can concentrate on real value-adding tasks.
- Improved security– not having to generate, rotate, and dispose of passwords or keys improves your security posture and reduces your attack surface. Ditto for the automatic revocation of access rights upon someone leaving the organisation and not having to worry about lost credentials.
- Improved compliance– with detailed audit logs and the available session recording and playback and integration with SIEM systems, you get full visibility into who has done what, where, and when. This not only gives you peace of mind, but it also helps you stay on the right side of GDPR and other regulations.
- Better user experience– while a great customer experience is something we often think about, improving the user experience easier is often equally valuable.
Report and audit privileged sessions that leverage shared accounts and individual accounts with full video and metadata capture. The Soffid Audit and Monitoring Service allows customers to conduct analysis and leverage high-fidelity recordings for audit and compliance purposes.
por Rebeca | Feb 3, 2021 | Sin Categoria
Cybercriminals are constantly seeking to take advantage of your computer security vulnerabilities.
The move to remote-first has underlined the increasing reliance on cloud and web technologies while also confirming what the software development world has known for at least a few years: that web-only is finally a viable option.
While the goals of these cybercriminals may vary from one to the next (political motives, monetary gain, or just for kicks/prestige), they pose a significant threat to your organization.
Part of protecting your business against modern cyber threats is being aware of the different types of vulnerability that might put your network at risk—and then securing those weaknesses before an attacker can use them. What are some common network security vulnerabilities, and how can you counter them?
IT security pros have never faced more threats, whether it’s from the huge increase in remote work. While there will always be new holes to plug, security vulnerabilities usually stem from the same few causes: unpatched vulnerabilities, misconfigurations or user error, and even the most tech-savvy companies are vulnerable to these mistakes.
Here are some of the most common IT security vulnerabilities. By taking a proactive stance against the most common cyber vulnerabilities and security misconfigurations, you can prevent many cyber attacks from happening.
- Missing Data Encryption. When your data is not properly encrypted before storage or transmission, your vulnerability to a cyber threat increases.
- OS Command Injection. OS command injection, or shell injection, happens when an attacker executes operating system (OS) commands on your server while it’s running an application. This vulnerability can be used to prey upon other parts of your infrastructure to gain deeper reach into your organization. It is typically caused by incorrect or complete lack of input data validation.
- Buffer Overflow. Most software developers understand the threat posed by buffer overflow. Even still, the occurrence is common because of the wide variety of ways buffer overflows can occur, and the error-prone techniques often used to prevent them.
- Missing Authentication/Authorization. This vulnerability is due to insufficient authorization or authentication limitations. Attackers step in to take advantage where weak authentication or privilege limitations exist.
- Cross-Site Scripting And Forgery. CSRF, also referred to as XSS, XSRF, Sea Surf or Session Riding, tricks a web browser into executing an unwanted action. When it works, CSRF can impact both the business and its use.
- URL Redirection To Untrusted Sites. Redirects can leave the door open for attackers to drive users of your application to an untrusted external site, creating security issues for your user and leaving your reputation at risk.
- Path Traversal. Directory traversal (also known as file path traversal) is a common vulnerability that allows a potential attacker to read files on the server that is running your application, such as code and data, credentials for back-end systems and sensitive OS files.
- Poor password policies. Brute force attacks do no longer try to attack an account with thousands of passwords. Instead, they try to login to thousands of accounts with two or three common passwords, like abc123 or your company name plus the year number, and it’s likely to succeed in most cases.
- Unused accounts: keeping inactive accounts enabled increases the attack surface. It’s important to disable or remove accounts of former employees or contractors.
Vulnerability assessment, scanning, penetration testing and patch management are important steps for controlling vulnerabilities. They should be conducting regularly, if not continuously.
Misconfigured web servers and applications make easy targets for hackers to exploit. Misconfigurations can happen at any level of the tech stack – from your web server to its database to your framework or virtual machines. Cybercriminals take advantage of security misconfigurations through unauthorized access to default accounts, rarely accessed web pages, unprotected files and folders, directory listings, etc.
There is a relatively high chance that some security misconfigurations exist in your system at this very moment. If you want to see how common they are, just see this white-hat hack of Apple from a few months ago. Businesses that use a hybrid approach of in-house and cloud environments can experience the highest level of risk exposure. Keeping a careful watch for security misconfigurations during the frequent updates is an essential factor for protection. Visibility and attention are key.
Common Types of Security Misconfigurations
These are some common misconfigurations that security and IT teams should be on the lookout for:
- Applications and products under production phase in debug mode
- Running unwanted services on the system
- No proper configuration for accessing server resources and services
- Leaving default keys and passwords as is
- Incorrect exception management—can disclose unauthorized data, including stack traces
- Using default accounts with default credentials
Keep your identities information clean and safe. Getting a good quality for identities data is critical nowadays.
Source:
- Netsparker
- Linuxhint
- Owasp
por Rebeca | Ene 27, 2021 | Soffid
Privileged account management (PAM) is emerging as one of the hottest topics in cybersecurity — and it’s easy to understand why. Cybercriminals are relentless when it comes to finding and compromising their targets’ privileged credentials to gain unfettered access to critical assets. PAM also protect against administrative mistakes and if they do happen, it allows for the traceability of the person involved and to know the reason.
Chief information security officers (CISOs) have plenty of incentive to manage access to privileged accounts robustly and comprehensively. However, market drivers for PAM solutions go beyond the risk of financial consequences due to a breach.
Shockingly, 54 percent of companies today still use paper or Excel to manage privileged credentials. With no shortage of commercially available solutions on the market, why are so many businesses continuing to use manual processes?
Many vendors offer point solutions, such as password managers and session recorders, that only accomplish a portion of what is needed in (yet another) technology silo. Plus, more robust PAM solutions are often hard to deploy, unintuitive and not integrated with related critical technologies that enable security teams to manage privileged accounts holistically. Businesses looking to move beyond spreadsheets should consider new solutions to mitigate risks and gain a rapid return on investment.
Take Privileged Account Management to the Next Level with Soffid
PAM solutions help security teams to:
- Discover all instances of privileged user and application accounts across the enterprise.
- Establish custom workflows for obtaining privileged access.
- Securely store privileged credentials in a vault with check-in and check-out functionality.
- Automatically rotate passwords when needed — either after every use, at regular intervals or when employees leave the company.
- Record and monitor privileged session activity for audit and forensics.
- Receive out-of-the-box and custom reports on privileged activity.
- Enforce least privilege policies on endpoints.
By integrating a PAM solution with identity governance and administration (IGA) tools, security teams can unify processes for privileged and non privileged users. They can also ensure privileged users are granted appropriate access permissions based on similar users’ attributes (e.g., job role, department, etc.) and in accordance with the organization’s access policy. Events related to privileged access are sent to a security incident and event management (SIEM) platform to correlate alerts with other real-time threats, which helps analysts prioritize the riskiest incidents. Integration with user behavioral analytics (UBA) solutions, meanwhile, helps security teams identify behavioral anomalies, such as the issuance of a rarely used privilege.
By investing in PAM tools that integrate seamlessly into the existing environment, organizations can put the full power of the security immune system behind the ongoing effort to protect sensitive access credentials from increasingly sophisticated threat actors. This enables security teams to move beyond inefficient, manual processes and embrace a holistic approach to privileged account management.
Resources:
(1) Security Intelligence
