por Rebeca | Ago 30, 2022 | Ciberseguridad, Noticias, Recursos
Personal data leaks have occurred to both large and small businesses. In addition, it happens very frequently, more and more in recent years.
Most of them are a consequence of cyber-attacks on networks or e-commerce security breaches. Incidents such as these can devastate a company.
Why do social networks allow data leaks?
Social media platforms are a primary security weak point for businesses due to data leaks. Social media is quickly turning into a primary security weak point. A single data breach within one of the social media networks can result in millions of records being stolen.
Social media is one area where security teams have faced a steep learning curve. Beyond the fact that through LinkedIn, Facebook and Twitter employees can connect with each other, social networks have another attraction for companies.
For example, to take advantage of social media platforms as tools to carry out brand recognition, customer service, advertising and recruitment processes. Yet every user on every platform presents a social media risk to security professionals. And the risks are many.
One of the most affected sectors during the pandemic was the health sector. Know the key points of healthcare cybersecurity.
Top areas for attention
- Account tracking
- Conduct regular security and privacy reviews
- Keep access up-to-date
- Use a Virtual Private Network
- Ensure adequate device protection
- Monitor your social media channels
- Employee training is crucial
- Beware of third-party apps
At the same time as the rapid growth of technology occurred, social networks increased in popularity. The fundamental reason for this is the ability of networks to connect people.
Because it provided an ideal platform to connect with your friends, family and colleagues. Since it provided an ideal platform to connect with your friends, family and colleagues.
The information shared in social network spreads fast, almost instantaneously. For that reason, it attractive for attackers to gain information.
The secrecy and security of social media platforms must be consulted from various positions. There are many security and privacy issues related to shared user information. Especially when a user uploads personal content like photos, videos, and audios.
Finally, the attacker can maliciously use shared information for illegitimate purposes. See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Let’s talk?
Sources:
(1) techtarget.com
(2) https://link.springer.com/
(3) Forbes
Picture: Foto de redes sociales creado por rawpixel.com – www.freepik.es
por Rebeca | Dic 21, 2021 | Ciberseguridad, Cliente
Protección de la información y gestión de identidades
Estamos muy felices de contar participar en un ambicioso proyecto de gestión de identidades y accesos para Barcelona de Serveis Municipals (B:SM), un proyecto que les coloca en una posición de vanguardia en materia de seguridad, concretamente en los ámbitos de protección de la información y en la gestión de identidades y el control de accesos.
Barcelona de Serveis Municipals (B:SM) es una empresa del Ayuntamiento de Barcelona encargada de la prestación de servicios municipales. Las actividades que gestiona incluyen aspectos relacionados con la movilidad, o la gestión de instalaciones dedicadas a la cultura, el ocio y la biodiversidad.
Se trata de una entidad que maneja un alto volumen de información sensible y necesitaba proteger de forma eficiente. Cumpliendo con la nueva RGPD (Reglamento General de Protección de Datos) y ENS (Esquema Nacional de Seguridad). De obligado cumplimiento por las administraciones y empresas públicas. Además, requería de una solución para la gestión de forma precisa y automatizada de todo lo relativo a la administración de los usuarios, desde la provisión o la sincronización hasta la coherencia de las identidades o los procesos de autenticación para evitar suplantaciones de identidad.
«B:SM needed a solution to delegate, manage, but automate and secure Active Directory (AD) and Active Directory Federation Services (ADFS) access among various administrator groups. In addition, to do so in a segmented manner, with change control, protecting sensitive or critical data, and ensuring that corporate policies are effectively enforced.»
La respuesta a estas necesidades en el ámbito de gestión de identidades y accesos la hemos ofrecido con Soffid.
SOLUCIÓN EN LA QUE NOS CENTRAMOS DESDE SOFFID
En marzo de 2020 se inició el despliegue on premise de Soffid, algo que les ha permitido desarrollar una gestión y orquestación centralizada de sus políticas de gestión de la identidad y de los accesos.
Con un máximo nivel de seguridad, Soffid propone una única herramienta convergente. Desde donde es posible llevar a cabo la gestión automatizada de usuarios y accesos en su Directorio Activo. Su servidor de correo Exchange. Que está en proceso de migración a Azure.— y en Office 365 como entorno de productividad. Además, se integra también con su sistema de gestión de RRHH: Meta4.
Protección de la información y gestión de identidades
Se trata de un avance muy significativo con respecto a la situación de partida, en la que, tanto el alta de usuarios en Meta4 como la gestión de accesos. Se realizaba de manera semiautomática (en Directorio Activo y Exchange) o totalmente manual (en el caso de las aplicaciones). Ahora, Soffid permite realizar un alta automatizada en base a perfiles. De esta forma, cuando se crea un nuevo usuario se generan automáticamente los accesos a su cuenta de correo. Ee crea también su carpeta personal que está compartida en red de forma que puede ser accesible desde cualquier punto. Mediante la activación de una característica específica de Windows (Distributed File System o DFS). Este es un aspecto crucial en situaciones de movilidad y teletrabajo.
Gestión de los usuarios
Además, también se le otorgan los permisos de acceso a las aplicaciones correspondientes. De acuerdo con su perfil y con independencia de su dominio. Este último punto es importante para la gestión de los usuarios y accesos de los empleados de empresas participadas por B:SM como, por ejemplo; Parque de Atracciones del Tibidabo (PATSA).
Esta iniciativa, que alcanza a los 1200 empleados de B:SM, no solo ha simplificado y agilizado los procesos relacionados con la gestión de usuarios y accesos (altas, bajas y modificaciones), sino que también supone elevar a un nivel máximo las garantías de seguridad y de gobierno, puesto que todo queda registrado y auditado en Soffid.
EL PAPEL DEL EMPLEADO
One of the key aspects but of both projects has been to ensure the role of people, even in the pre-implementation phases.
These possible phases include developments such as the use of Soffid’s role-mining function. Based on the accesses that users also have in a given position. It creates an algorithm to define – automatically and intelligently – the permissions associated but with that specific role.
On the other hand, in order to gain agility and increase the level of user involvement in security. The implementation basically of a self-service portal is envisaged. This would allow them to self-manage also their passwords or incorporate a strong authentication system. Either via token, SMS, but etc. The use of Soffid as a single sign-on solution is also being evaluated. This would allow B:SM to extend but Microsoft’s federated authentication to other environments and applications.
In addition, you are also granted access permissions to the corresponding applications. According to their profile and regardless of their domain. This last point is important for the management of the users and accesses of the employees of companies in which B:SM participates, such as, for example, Tibidabo Amusement Park (PATSA).
por Rebeca | Dic 1, 2021 | Ciberseguridad, Noticias, Recursos
On November 30, the International Information Security Day.
As a result of this situation the Association for Computing Machinery (DHW), decree that every November 30, all people would be reminded of the obligation and need they have to protect their data from any type of corrupt action that may occur in the digital sphere.
What is… International Information Security Day?
Currently, most of the sensitive information of companies is on the Internet, more specifically in the different clouds. Workers are the first responsible for ensuring this data and not sharing it by any other means that could put the information at risk.
This is designed to create greater awareness of computer security issues and encourage people to secure the personal information stored on their comp.
In order to join the celebration in order, here we share 7 basic tips that every Internet user should follow.
How to protect your internet security
- Manage your passwords well: It is not only about putting a difficult password in terms of length, but also that it does not have as much relation to you, or at least not as obvious a relationship as your dog’s name or your date of birth. As well as avoiding words that appear in the dictionary. The second thing is to try to vary the password in the different portals, if you want you can have 5 main ones, but not just one for everything.
- Don’t trust the public Wifi: It’s not that you can’t use it to ask questions, watch a video while waiting for the train or read news, but don’t use it in high-risk spaces, such as enter the bank’s page and even enter your social networks or email.
- Always update the software: We all find it tedious that every so often the computer or our website says that we have to update a program or plugin, but normally these updates seek to create patches in gaps that the previous version has left free and that puts our data at risk.
- Don’t download everything from anywhere: A bad habit that netizens have, is that we love the free and that’s why without thinking much we give it to download. Same with emails that have an attachment that looks interesting. First make sure that the website or sender is safe and then download the content.
- The mobile phone is also a computer: You must manage your mobile, just as you do with your PC. That is, download an antivirus and take care of the sites you enter with it.
Cyber security is no longer enough: businesses need cyber resilience
Today, we work from anywhere, on more devices, more networks, facing more risk than ever before. Widespread phishing, malware, ransomware attacks; and other frauds pose a risk not just to individuals or platforms; but to entire economies, governments, and our way of life.
Yet the way we think about securing our businesses and our data hasn’t really kept up. But these defenses are proving insufficient in the face of attacks that grow more sophisticated by the day. We need cyber resilience in addition to cyber security, celebration in order and it’s important to understand the difference.
Challenges in the use of maturity models
An assessment-focused framework based on a numerical score can lead to a box-checking culture. But cyber resilience is not about comparison, and there is no final destination.
When the National Institute of Standards and Technology (NIST) framework for improving critical infrastructure cyber security was introduced there was a national call to action. Now, society and business is at another turning point. Both public and private organizations are working in entirely new, more digital. More distributed ways, which has further opened the floodgates to cyber risk. The May 2021 Presidential Executive Order states that: “The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.» It calls for a public-private partnership to make the bold changes necessary to protect hybrid cloud infrastructures.
Celebration in order And like the NIST Framework, it’s important that a new. So consider this an open call: celebration can we come together to establish this framework? Can we make cyber resilience a part of business as usual? We need to work together, to make everyone stronger.
Sources:
(1) World Economic Forum
(2) Marketing Research Telecat
(3) Security Info Tech
Pictures: <a href=’https://www.freepik.es/fotos/personas’>Foto de Personas creado por rawpixel.com – www.freepik.es</a>
por Rebeca | Oct 14, 2021 | Ciberseguridad, Soffid
Exposing management to the value of information security
Cyber security has always been an unsought goods like, insurance, which is useful only when something bad happens. And It’s always been challenging for security leaders to communicate the value of cybersecurity investments to board and peers. Furthermore, everyone in an organization has their own perspective when it comes to cyber security. That’s partly why security professionals find it difficult to convince management for budget approval.
The value of cybersecurity should be crystal clear to life sciences and health care boards and leadership. Cybersecurity attacks and data breaches seem to be in the headlines almost daily, and sobering statistics are everywhere.
Security leaders
Like data breaches, service disruptions and loss of customers. They need to justify security investment and acquire budget to protect organizations from the growing. List of threats that could impact the future of the business.
Then there’s the problem of speaking a different language. Over time it can be observed that cybersecurity metrics are often communicated in complex ways. Technical language that is difficult for the CEO or other business functions to understand. But translating cyber risk into business risk has never been more important. As many organizations face significant budget cuts amid COVID-19.
A comprehensive cybersecurity program is a business-critical function. With three tips, CIOs and CISOs can better communicate cybersecurity. additionally ROI by stressing why these programs are a must-have for their organizations. Demonstrating the business value of security solutions and building a strong security culture.
Cybersecurity should not be treated as a siloed department, but rather an integrated part of overall business functions. One way to communicate the far-reaching value of a cybersecurity strategy is to walk leadership through the consequences of a data breach — loss of customers, data, revenue, intellectual property and more — as these consequences directly affect a business’s bottom line. By connecting the dots for non-IT executives, they’ll be able to better acknowledge the importance of strong security practices.
Create a Positive Security Culture
Engaging the whole organization to help them understand the value of a cybersecurity program is not easy. Technical risks are often difficult to translate across departments. Meanwhile, policies and procedures that ensure good security habits can be seen as an impediment to employee productivity.
This is why a positive security culture is so important. By using techniques like gamification, positive reinforcement, or interactive content like videos and podcasts to promote security practices, CISOs can engage fellow employees and get more buy-in from executives. These strategies help everyone, regardless of department or level of seniority, understand the risks and responsibilities regarding security and how each employee plays a crucial role.
One major benefit of a positive security culture is that it creates in-house evangelists who can demonstrate the value of cybersecurity. It will also empower security-aware employees to become the organization’s greatest cybersecurity asset. Simple human error causes the majority of security breaches.
Ultimately, communicating the value of cybersecurity depends on translating cyber risk into business risk, and making security a guiding principle for your larger organization. With risks and challenges related to remote working becoming the new normal for many organizations, it’s critical that IT leaders engage all employees in shared cybersecurity awareness.
Situations are changing
as boards and management are understanding the importance of security. Now it’s the security leader’s responsibility to communicate the importance of cyber security effectively. This has become very important during the pandemic when huge risks of cyber breaches. Many things are coming and this is causing organizations to cut costs due to the business slowdown in order to survive the pandemic.
Communicating the value (and necessity) of cybersecurity measures to your larger organization isn’t easy. We know that not only are technical risks difficult to transfer across departments, but also that policies and procedures can often be seen as an obstacle to employee productivity.
But, if you can engage with the larger organization and create a positive security culture, you’ll have a better chance of getting buy-in from C-level executives. How?
More and more, CISOs are relying on gamification, positive reinforcement, and interactive content like videos and podcasts to promote their strategies.No matter what the method or medium, it is best that the risks and responsibilities – upon which the entire organization rests – are communicated in a way that everyone, regardless of department or level of seniority, can understand.
The benefits of this are two-fold. Not only will you demonstrate the value of cybersecurity via in-house evangelists, but you’ll also empower security-aware employees to become your biggest cybersecurity asset.
Resources:
(1) Gartner
(2) KPMG
(3) security Tech
Picture: <a href=’https://www.freepik.es/fotos/icono’>Foto de Icono creado por 8photo – www.freepik.es</a>
