Via US-CERT (link opens in new tab).
I’m going to share a few more security tips from the US-CERT over the holiday season because they’re covering a lot of ground in a realy easily-to-digest fashion and because thinking about the security of a new device – and evaluting your habits with your current devices – is a critical step in keeping your personal information and finances safe.
This Security Tip, “Cybersecurity for Electronic Devices”, covers six easy things you can do to keep your data safe and secure – from keeping your actual devices out of attackers’ hands to keeping your connection safe from prying eyes. Included are links to articles that shed light on concepts like patches and password choices – things that are understood almost intuitively by IT folk, but that are difficult to understand for novices. I highly recommend giving them all a read! Once you understand the steps you can take to keep yourself secure, it’s a lot easier to find tools and develop practices that work for you.
If you have any comments on these tips or any great tools to share, I encourage you to leave them in the comments below.
Via Information Security Buzz (link opens in new tab):
New research, conducted by IronKey by Imation and Vanson Bourne, surveyed 500 IT decision makers in the UK and Germany to uncover the risks of remote working and inquire into the security measures organisations have in place. The findings raised concerns over senior management, with 44 percent of organisations believing that a member of their senior management has lost a device in the last year, whilst 39 percent say senior management had a device stolen. Even more concerning is that the vast majority (93 percent) of these devices contained work related data, including confidential emails (49 percent), confidential files or documents (38 percent), customer data (24 percent) and financial data (15 percent).
This critical bit of information is one that is often overlooked when implementing a set of security policies and practices. There’s a tendency in many organizations to exclude senior management and executives from the most stringent of security practices, perhaps out of a belief that such people have a better sense of what is important to the business than employees further down the org chart or perhaps out of a belief that the behavioural changes required by good security practices would inconvenience the executive group too greatly.
Avoiding information loss or security breaches requires active participation from all levels of an organization, regardless of their technical savvy and of their pay grade. Implementing useful tools and good practices can be a straightforward process if this is kept in mind during all phases of the implementation; ensuring executive engagement is critical, but is often overlooked with the exception of obtaining sign-off for the purchase of a new toolkit.
My recommendation is to ensure that built into any tool or practice implementation is a set of executive training sessions that emphasize the importance of their actions and the most efficient ways to use their tools (both new and old). As good as any tool is, the weakest link is the least-engaged user – letting that user be the one with the most critical data on their portable devices is a mistake that can be easily identified and avoided if the appropriate steps are taken.
Getting on the US-CERT mailing list means that you sometimes get a set of good tips (and also that you get reminders when Microsoft pushes out their monthly set of patches). Right now, they’re sharing a set of security tips around home networking, such as the dryly-titled “Security Tip (ST15-002): Securing Your Home Network“.
The title is dry but the content is important for any home. Check it out for tips on setting up your router for a good baseline level of security, to keep people from using your network without your permission and to keep people from spying on your Internet usage.
To sign up for future security tips and alerts from the US-CERT, scroll to the bottom of the security tip page and drop in your email address. It’s been invaluable to me!
Get affordable enterprise-grade protection, built-in and integrated across your business.
Businesses today face a constantly evolving set of potential threats, from data security breaches to downtime from unexpected events. Businesses are asking questions like:
- With growing use of the cloud and mobile devices at work, how can we keep business data protected?
- As my data grows, how can I make sure it is all backed up without spending a fortune?
- If an unexpected event occurred, like a fire, break-in, or flood, how long would it take our business to get back online? And what would this downtime cost our business?
- How do we keep up with a constantly changing compliance landscape?
Get modern protection for evolving threats, with solutions that help protect your business data and minimize the disruptions caused by unexpected events. With Microsoft, enterprise-grade protection is built into its technologies. So you don’t have to think about it. From advanced data protection to solutions that help you recover quickly from unexpected events, get technology that is designed to help safeguard your business.
For more information, contact us today and check out the use cases after the cut.
Read more ›
Posted in Privacy
Tagged with: azure
, data protection
, office 365
, safeguard your business
, threat protection
For a small per person fee, we’ll coordinate and run a Privacy Party for you and your friends, colleagues, or partners. We can help you set up secure services for:
– File storage, sharing, and backup
– Text messaging
– Voice calls
– Password storage
– Two-factor authentication
If you’ve been worried about sending private information to the people you need to trust, this is a great way to get started. We can help you get started with tools that are compatible across Windows, Mac OS X, many flavours of Linux, Android, and iOS. Most of the tools are free – we’ll show you how to use them and how to make the most of them, letting you feel safer while you go about your day.
Posted in Privacy
Tagged with: android
, browser extensions
, mac os
, os x
This looks to be an excellent course with a focus on OS X and iOS security. For anyone using those tools, I recommend checking it out!
I’m considering developing a short course on enabling PGP for Android and Windows; let me know if there’s interest in the comments.
Via Boing Boing:
It seems like it’s pretty much impossible to trust an ATM when you’re travelling internationally, but obviously you don’t want to carry a tonne of cash with you either. One suggestion – that should help you avoid the Bluetooth-enabled skimmers, at least – is to use your phone to scan for Bluetooth devices when you’re at the ATM you want to use. If you see any devices that don’t belong to you, don’t use the ATM.
It’s not convenient – and it means having your phone out in public, which may pose other risks – but the added security for your bank account is probably worth it.
Posted in Security
Tagged with: banking
Via Boing Boing:
Symantec recently issued (and then revoked) SSL certificates that could have allowed third parties to impersonate Google anywhere on the web.
Symantec’s response – terminating the employment of the people identified as having allowed this apparent mistake to happen – may seem excessive, but in my opinion this kind of error is severe enough that it should have serious consequences. Being able to trust the certificates that are issued by big-name providers – which means being able to trust that some of the most important sites on the Internet are the sites you’re actually browsing and trusting with your data – is absolutely crucial.
The nearest parallel I can come up with is the Superfish issue, but in this case the issue is one that wouldn’t have been able to be resolved by making a change on your computer; if these certificates had gone undetected, the Internet could have been a much less safe place.
For those whose privacy needs go beyond ad-blocking (and really folks, this should be everyone), Lifehacker’s list of privacy-enhancing browser extensions is a must-read.
Personally I’m a heavy user of both uBlock Origin and Mailvelope; if you have other tools you’d recommend, let me know and I’ll write them up.
The idea of offloading the task of ad-blocking from a browser extension to a dedicated device is pretty appealing – it would mean being able to reduce the number of systems to keep updated, which I always appreciate, and would reduce the memory load on some of my systems pretty significantly – and this seems like a pretty cool DIY way to do it.
Before implementing a system like this, I would want to review the instructions and do some deeper reading to determine the longevity, security, and reliability of the system. I’ll post an update if I come across anything else interesting on this.