Three Fast 'Data Privacy Day' Tips

In advance of the annual international Privacy Data Day, please share these three action tips to protect the privacy of consumers and businesses:

• Nothing is truly free, including mobile apps. Be aware of the personal information you give mobile app providers. Many free apps sell your information to a wide range of companies, some of which may have malicious intents. Studies have shown most apps do not have many, or even any, security controls built in. Check privacygrade.org to see if the app you want respects your privacy and has security built in.
   
• Be cautious with new "smart" devices. A wide range of new and unique gadgets -- from socks to smart cars -- connects you directly to other entities (and even to the Internet) to automatically share information about your activities, location and personal characteristics. Before using such devices, make sure you know which data they are collecting, how it will be used and with whom it will be shared.
   
• Only share personal information with trusted sources. Be extra careful not to share sensitive personal information, such as social security numbers, credit card numbers and driver's license numbers. Don't do business with an entity that does not have a posted privacy notice.

Facebook’s Browser-spying Campaign

Facebook using the browsing data of its members to target the ads of its advertising partners

The Facebook used by billions is sharing its users' online behavior in ways it previously said we could opt out of. 

As Venture Beat reports, anytime a Facebook user visits a site with a "Like" button (any site, not just a Facebook page), that visit is stored by Facebook and used to better target the ads of its advertising partners. No need for the user to actually click the Like button. The page visit is enough to trigger the storage of user data.

I actually tested this by visiting several types of websites I've never visited before. Low and behold, I started seeing ads for associated items on my Facebook page.

There are a few tools that allow you to block sites like Facebook from inserting tracking code into your browser. Learn about them here. 

Quick Round-up of Some of the Latest Tricks and Traps

Beware of new scams and privacy pitfalls

New ways to fool people out of their money, information and identities pop up nearly every day. Here's a quick round up of some of the latest tricks and traps:

New Scam Targets Homeless: Fraudsters pay homeless people to take out cell phone contracts in their names. The fraudsters keep the phones, rack up the bills and then sell the phones, ruining the homeless person's credit.

Getty Images Allows Free Embedding, but at What Cost to Privacy? People can embed images in their sites for free, so long as they use the provided embed code and iframe. Because of the scope of Gettys' reach, this may allow the company to correlate more information about a user's browsing history than any single site could. Just another reminder that nothing's truly free in this world!

Human Error Tops Ponemon Patient Data Security Study Threats: 75 percent of healthcare organizations view employee negligence as the greatest data breach threat. This result underscores the importance of good security and privacy controls (and excellent employee training!) in healthcare environments. This extends to medical device manufacturers, who often work off very old technology software and continue to insist that controls are too cost-prohibitive.

The Data Brokers - Selling Your Personal Information: 60 Minutes' Steve Kroft recently reported on his investigation of the multibillion dollar industry that collects, analyzes and sells the personal information of millions of Americans with virtually no oversight.

WARNING! Your Flash Player may be out of date.

Adobe Flash Malware driven by infected "Router" The Moon Malware

Few days ago, I started to receive a pop-message "WARNING! Your Flash Player may be out of date". Please update to Continue., when I was trying to access websites like Facebook, YouTube, Google, etc.

If you're receiving a similar message then continue to read but make sure you don't click on anything nor try to update the flash player from the pop-window. You may check your current version of the "Adobe Flash Player" by visiting "Adobe" official website. If you're using Google Chrome browser, it already includes Adobe Flash Player built-in. Google Chrome will automatically update when new versions of Flash Player are available.

You will also notice that the same message is poping-up on all the devices which are connected to the same router (mobile phones, laptops etc.).

Now even the dumbest person should know it is not coming from computer but from the network which means your router is infected. It's commonly happening with Linksys, Asus and few other manufacturers.

How to fix this?

• Reset your router (by holding down the reset button under the router for 6 seconds). Note after restart all your ISP settings will be lost.
• Configure your router again with the ISP settings (username and password also required).
• Clear your browsers cache and pop-up message will not appear again.

Refer here for some basic tips on hardening your router to avoid such things happening again.

How secure is "Dropbox"?

Basic Overview and Awareness to Secure Your DropBox Account!

What's Dropbox?

Dropbox is a free and extremely easy-to-use tool for sharing files, photos, and videos, and syncing them among your devices. You can also use Dropbox to back up files and access them from other computers and devices (including smartphones and tablets), with dedicated apps for each device you own running Android, Mac Linux, Blackberry or iOS platform.

Dropbox is especially good for backing up your files online, although the biggest barriers to this are the size of your backups. You get 2GB free with Dropbox, or you can choose 100GB, 200GB, or 500GB with a monthly fee. There are also business plans that start at 1TB for five users. You’ll just have to make sure that the files you want backed up live in the Dropbox folder.

Dropbox also has the ability to share files with others. And, if your computer melts down, you can restore all your files from the Dropbox website.

Is Dropbox "Safe" to use?

The move on hosted services like Dropbox storage site raises questions about what cloud users can and should do to keep their information and data secure and compliant.

Cloud security drew attention in 2012 with Dropbox’s admission that usernames and passwords stolen from other websites had been used to sign into a small number of its accounts.

A Dropbox employee had used the same password for all his accounts, including his work account with access to sensitive data. When that password was stolen elsewhere, the attacker discovered that it could be used against Dropbox.

This was a powerful reminder that users should rely on different passwords for each secure site and service.

Also, VentureBeat reported that the Dropbox iOS app was storing user login credentials in unencrypted text files—where they would be visible to anyone who had physical access to the phone.

What Encryption does Dropbox use?

Dropbox claims:

At Dropbox, the security of your data is our highest priority. We have a dedicated security team using the best tools and engineering practices available to build and maintain Dropbox, and you can rest assured that we’ve implemented multiple levels of security to protect and back up your files. You can also take advantage of two-step verification, a login authentication feature which you can enable to add another layer of security to your account.

When it comes to encryption methods Dropbox use, they state that:

• Dropbox uses modern encryption methods to both transfer and store your data.
• Secure Sockets Layer (SSL) and AES-256 bit encryption.
• Dropbox website and client software are constantly being hardened to enhance security and protect against attacks.
• Two-step verification is available for an extra layer of security at login. You can choose to receive security codes by text message or via any Time-Based One-Time Password (TOTP) apps, such as those listed here.
• Public files are only viewable by people who have a link to the file(s).

Dropbox uses Amazon’s Simple Storage Service (S3) for storage, which has a robust security policy of its own. You can find more information on Amazon’s data security from the S3 site or, read more about how Dropbox and Amazon securely stores data.

How to Secure your Dropbox account?

Popular cloud storage service Dropbox, had a history of security problems, ranging from compromised accounts to allowing access to every Dropbox account without requiring password.

When and if you decide to use cloud services like Dropbox, the following three basic steps can help you protect your data:

• Apply web-based policies using URL filtering, controlling access to public cloud storage websites and preventing users from browsing to sites you’ve declared off-limits.
  
• Use application controls to block or allow particular applications, either for the entire company or for specific group.
  
• Automatically encrypt files before they are uploaded to the cloud from any managed endpoint. An encryption solution allows users to choose their preferred cloud storage services, because the files are always encrypted and the keys are always your own. And because encryption takes place on the client before any data is synchronised, you have full control of the safety of your data.You won’t have to worry if the security of your cloud storage provider is breached. Central keys give authorized users or groups access to files and keep these files encrypted for everyone else . Should your web key go missing for some reason—maybe the user simply forgot the password—the security officer inside the enterprise would have access to the keys in order to make sure the correct people have access to that file.

How to secure your Dropbox account?

• Enable Two-Step Verification - With two-step verification enabled, you’ll have to enter both your password and a security code from your mobile phone whenever you sign into the Dropbox website or add a new device to your account. Even if someone else knows your Dropbox password, they won’t be able to log In without the time-sensitive code from your phone.
  
• Unlink devices you don’t use and view web sessions.
  
• Get email notifications - Ensure email notifications are enabled so you’ll receive emails when new devices and apps connect to your account.
  
• Manage linked Applications – Third-party apps often require full access to your Dropbox account, and the app retains access even if you stop using it. If the app itself is compromised or starts behaving maliciously in the future, it will be able to do damage.
  
• Don’t reuse your passwords – You should use a unique password for your Dropbox account, one that you haven’t used for any other services.
  
• Encrypt your Dropbox files – To protect yourself and ensure your sensitive files remain secure, you can encrypt the files you store in your Dropbox account. To access the encrypted files, you’ll need to know the encryption password – anyone without the encryption key will only see random, jumbled nonsense data.

Cybersecurity in the age of "Surveillance"

How to assure that your network and its data are being guarded by a trusted partner?

The collection of information generated from the online activities of citizens, by both private and public interests, has become so widespread and pervasive that it has prompted several social commentators to label today’s digital-defined culture as “The Surveillance Age.”

The fact that nearly every sovereign state with the means is conducting high-tech surveillance programs, a practice that is considered by most to be integral to national security and ensuring the safety of the state and its citizens. For many observers, the most disconcerting component of the recently exposed data-collection activities of the National Security Agency was tied to multiple U.S. companies may have cooperated in the surveillance activities.

The possibility that trusted businesses could be leaving digital backdoors through which sensitive information could slip has cast a chill across both consumer and professional market sectors. This issue is not for us to speculate here; however, given the interest it has attracted, it would be valuable to share some fundamental information about mobile security, as well as some guidance to assure that your network and its data are being guarded by a trusted partner.

A key element of security is encryption technology, which is critical to protecting the confidentiality and integrity of a digital transaction between two endpoints, such as a mobile device and a corporate server located behind a firewall. Providing an integrated approach to mobile security, in which data is encrypted while at rest (stored on a digital device) or in transit, is the best protection against the loss of data or a security breach that could impact the profitability, competitiveness, or reputation of an organization. Strong encryption guards against data integrity compromises in these environments, which are typically treated by network engineers or mobile security experts as hostile and untrustworthy

It’s important to note that encryption technologies differ significantly in the degrees of protection they offer. To gain a deeper understanding of encryption requires an introduction to a few esoteric cryptography terms. One of those terms is entropy, which plays a significant role in determining the effectiveness of a modern encryption system. At a very high level, entropy is a measure of how much randomness you have. Simply put, the more entropy you have the more effective your encryption can be. Consider the differences between seeking a needle in a haystack and looking for one hidden in an acre’s worth of haystacks. The procedures are essentially the same; it’s the level of difficulty and complexity that differs substantially between the two scenarios. 

Any discussion related to digital intrusion or surveillance has to include spyware, which is a form of malware. Businesses or organizations using mobile devices that have open development platforms are especially susceptible to attempts to exploit users through spyware. It is also a favorite tool of cyber criminals, who are increasingly targeting mobile devices as access points into the confidential data of organizations for purposes that range from nuisance to nefarious. 

Disguised within a consumer application, malware can be used to gain access to personal information, for anything from marketing to identity theft to compromising corporate data. This real and growing threat requires security solutions that properly safeguard the privacy of governments, enterprise workers, and individual users.

The fact that the number and utility of mobile devices will only increase means that the boundaries of the modern organization are being stretched to include hundreds or even thousands of mobile end points possessing access to the most precious assets, such as intellectual property and other sensitive information.

Security in this environment cannot be an afterthought. It must be built in at every layer -- hardware, software, and network infrastructure -- to ensure end-to-end protection. With the stakes so high in “The Surveillance Age,” it’s imperative that you demand "confidentiality & integrity" commitment from every partner you trust with your information.

Did you get an email from Target?

Are you one of the roughly 70 million people who got an email from Target last week about the store's mega security breach? If so, be careful.

Target did indeed do a blast to customers to offer one year of free credit monitoring. The problem is scammers are also on the prowl and are sending out similar emails.

Target even says it has identified and stopped at least 12 scams preying on consumers via email, Facebook and other outlets.

The Target emails went to customers whose personal information was in the Target database. Cyber thieves penetrated the records during the holiday shopping season breach discovered last month and stole info like names, phone numbers and email addresses. The full extent of the hacking is still under investigation.

In the meantime, here's what to do if you see an email from Target pop up in your inbox.

If you've already opened the email: Target has posted a copy of the email it sent out online. So go here to make sure the email you opened, the address it came from, and the link you clicked all matches up.

If it doesn't match, and especially if you clicked a link to an external website and entered personal information, you need to take action quickly.

First, get a copy of your credit report, check your bank and credit card activity on a daily basis and call the credit reporting agencies to tell them what happened. You can ask to have a fraud alert placed on your account, meaning it will be flagged to lenders if someone attempts to open credit in your name.

If you're really worried, you can request a credit freeze, which prohibits any credit from being extended under your name. But that's a big step because you will have to go through the process of undoing this whenever you need credit again.

If you entered a credit card or debit card number, reach out to those institutions to warn them of potential fraud as well.

If you haven't opened the email: To avoid any chance of a virus or of falling prey to a potential scam, it is  recommended to go directly to Target's website to view the letter you believe has landed in your inbox -- since even opening a fraudulent email could lead malware to be installed on your computer. And if you do open the email, don't click on any links.

All other correspondence from Target can be found here. The retailer emphasizes that it will never email a consumer and ask for personal information like a Social Security number or credit card information.

But it's not just emails claiming to be from Target that customers need to worry about.

If your personal information was compromised in the breach, that means scammers could contact you pretending to be anyone -- like another retailer.

10 defenses against smartphone theft

Thieves see mobile phones as easy cash. Take these 10 steps to defend yourself

10) Use security applications

Android phones and iPhones both come with security software. But that doesn't mean the software is active, or that third-party software might not help even more. If you have an Android phone, make sure you're using Android Device Manager or a third-party security software such as Lookout Security & Antivirus. If you have an iPhone, make sure Find My iPhone has been set up and activated.

9) Use a strong password

Too many people just give up when it comes to passwords, access codes, and PINs. They pick something such as "password" or "qwerty" or "1234." Raise the level of your game: Come up with a functional password generation recipe, then apply it to your devices and websites. You don't need a password manager. This is not rocket science.

8) Keep phone data handy

Write down your phone model number, serial number, and International Mobile Equipment Identifier (IMEI). If your phone gets stolen, you'll want these numbers (along with your mobile carrier's support phone number) to help your carrier place your IMEI number on the GSMA IMEI blacklist. You can find your IMEI number in most phone settings menus by dialing *#06#, or by checking the battery compartment, if accessible.

7) Be aware of your surroundings

We've all seen them. People who meander down the sidewalk, staring at their phones, forcing others to take evasive action to avoid a collision. People chatting on phones oblivious to those nearby. People who set their phones down on cafe tables or on public transit seats. People who let their phones dangle from purse or pocket. Don't be one of these people.

6) React quickly if your phone is stolen

Report the theft to the local police. This will allow police to check websites that might be trying to unload your stolen phone and will provide you with a police report in case you want to make an insurance claim. Report the theft to your mobile carrier, so your phone service can be suspended and the phone's identifier can be blacklisted. Activate any applicable security software such as Find My iPhone or Lookout. You might also want to change your phone and app passwords, in case the thief was able to login and access some of the services you use through stored passwords. If you're really lucky, your phone's security software will help you recover your device.

5) Choose your phone to match your security expertise

Google executive chairman Eric Schmidt recently insisted that Android phones are more secure than Apple's iPhone. That might be true if you're talking about recent-model Android phones with the Android 4.4 "KitKat" operating system. But security experts scoff at Schmidt's claim. The reality is that the majority of mobile malware affects Android devices.

In August, the FBI and DHS issued a report that found 79 percent of mobile malware affected Android devices, 19 percent affected Symbian devices, and less than 1 percent affected BlackBerry, iOS, or Windows Phone devices. Android's troubles largely arise from the fact that as many as 44 percent of Android users worldwide rely on Android versions 2.3.3 to 2.3.7, which have known vulnerabilities.

So although it's possible to run Android securely, it requires more diligence. Choose BlackBerry, iOS, or Windows Phone if you don't want to be proactive about security. Choose Android if you require the flexibility of a more-open ecosystem and are comfortable with the responsibility.

4) Choose your WiFi network carefully

Just because a WiFi network is visible and accessible doesn't mean it's safe. Use secure WiFi networks when possible. When there's no other option, avoid doing anything that involves authentication if you can. You never know who might be listening or intercepting unprotected network traffic.

3) Choose your apps and websites carefully

User behavior represents a major source of insecurity. If you can avoid downloading sketchy apps and visiting suspect websites, you will reduce your chances of acquiring malware. Security firm Trend Micro says it has analyzed 3.7 million Android apps and updates, and found 18 percent to be malicious, with an additional 13 percent categorized as high risk. Almost half of the malicious apps (46 percent) were acquired from Google Play, the company says.

2) Don't buy phone insurance

If the mobile carriers really are fighting pre-installed security software to sustain revenue from insurance premiums, you can fight back by refusing to participate. Carrying your expensive smartphone without an insurance net should also encourage you to guard your phone more carefully. Of course, you'll be wishing you had insurance when your phone slips from your pocket and fracture lines spread across the touchscreen.

1) Leave your phone at home

It's easier said than done. But you can't lose what you don't have. Shocking though it may be, people used to get by without mobile phones. Try it once in while, if only to highlight your device addiction.

4 Easy Steps To Protect Your Identity

Four major areas of your daily life that are frequently used as gateways into your private data, Protect those areas!

It's no secret that the damage caused by a single identity fraud event can take years to fix. Many consumers don't even discover they have been affected until months after the attack occurs. In fact, identity fraud is the fastest growing crime in the world, costing billions of dollars annually.

So what should we do? The ubiquity and anonymity of the Internet, coupled with old-fashioned method of stealing identity via "dumpster-diving" makes this problem unmanageable for average folks, right? Wrong. 

There are four major areas of your daily life that are frequently used as gateways into your private data. Paying attention to them can help you stay safe from the bad guys. 

Tactic #1: Guard Your Mail. 

Pay attention to your physical mailbox to reduce the chance of being victimized. The mail system has been vulnerable since the days of wagon trains and stage-coaches.

Action Steps:
1) Never use the red flag on your mailbox. It notifies potential thieves that there may be something of value left unattended in the box.

2) Lock your mailbox if possible. Fraudsters look for checks, parcels and other valuables in unattended mailboxes.

3) Place your outgoing mail in a mailbox inside post offices whenever possible. Outdoor mailboxes are magnets for mail thieves and mischief-makers.

Tactic #2: Guard Your Unique Personal Information. 

Your personal data points are often referred to by the acronym SNAPD, which stands for SSN, Name, Address, Phone, and Date of birth. Our SNAPD elements are the "coins of the realm" in the financial underworld and your Social Security Number (SSN) is the Holy Grail.

Action Steps:

1) Never share your SSN, name, address, phone numbers, or date of birth with others unless absolutely necessary.

2) Only share your SNAPD information when it is mandatory. Healthcare, government and financial services organizations will often require these details, but you would be amazed how little NPPI (Non-Public Personal Information) you can share without causing a fuss.

3) Paper shredders are crucial. All SNAPD info (at home and in the office) should be disposed of in a nice cross-cut shredder.

Tactic #3: Guard Your Payment Tools. 

You would never think of leaving any significant amount of cash out in the open and unguarded, so why leave your checks, credit or debit cards exposed? Check fraud is an old yet extremely prevalent practice. Credit and debit cards look similar but are governed by different laws, responsibilities, and remedies. It should be obvious that your debit card puts your immediate personal assets at risk as opposed to the risks associated with credit card fraud. 

Action Steps: 

1) Guard your checkbook, credit, and debit cards and closely examine your monthly statement for unauthorized charges (even tiny ones). By promptly reporting any discrepancies, your financial institution can help investigate, minimize or correct any damage done.

2) Regularly review your credit report.

Tactic #4: Protect Your Computer(s). 

Apply protection controls to not only your desktop, notebook or tablet device, but also your smartphone. According to a study from the Pew Research Center's Internet & American Life Project, 56% of Americans now own a smartphone, a new demographic referred to as "The Mobile Majority". 

Action Steps: 

1) Install and frequently update anti-virus, anti-malware protection for all devices including smartphones.

2) Create passwords with at least 9 alphanumeric digits, and change them every 6 months. Consider using encryption on all your devices.

3) Exercise good data privacy habits by locking your devices, surfing and downloading safely, and guarding the physical security of each machine.

Take Time To Understand Free Tools Before You Use Them

Free tools and technologies can deliver real value, Yet they also can present risks!

URL shortening services, for example, are fantastic, especially for those of us who love to share our knowledge and findings inside social networks. Yet they can very easily, and often do, hide a nefarious attack.

Another Free Tool to Use with Caution

Be sure to check the security of shortened URLs before clicking them. One service you may consider is urlxray.com.

How To Stop Your Face From Appearing in Ads?

Imagine Your Face in Google Ads

When it comes to developers of popular free tools, Google is king. Yet the tradeoffs for using tools like YouTube, Gmail and Google+ are becoming clearer. For instance, starting November 11, Google will be able to include Google+ users' faces, names and comments in ads. Configured as a default, the policy is one that users must opt out of if they do not want their images projected in marketing messages.

Here's exactly how to stop your face from appearing in what are being called "adver-dorsements" (at least for now, until Google+ changes again):

• Navigate to Shared Endorsements in Google+ settings.
• Uncheck the box next to "Based upon my activity, Google may show my name and profile photo in shared endorsements that appear in ads."

Understand that this will not stop your network from being able to see those companies and brands that you have liked (or in Google+ language, plus-one'd).

If this makes you uncomfortable, simply stop hitting +1 and do not leave any reviews on Google products.  

How Much Information You Are Leaving Online?

Do you ever feel like you're being followed?

Perhaps that's because you are. While it may not be the boogeyman who's hot on your trail, there are many groups of watchers who have made it their business to know as much about you as possible.

Each day, we are tracked by the 'smart' systems, mobile apps, personal communication devices and other surveillance platforms that have become commonplace in our daily lives. In an effort to educate more people about the data trails they are leaving behind (and the companies, data bureaus and marketers who are sniffing out that trail).

How comprehensive profiles Google is capable of building based on all the information we voluntarily share?

How valuable your online information is to burglars?

Notice all they can get off of *your* social network sites...and those of your friends, family and co-workers. Be aware of what you put out there!

For those of you in charge of or influencing your company privacy policies, consider how you are gathering and sharing your customers' data. Are you doing so in a manner that is transparent and compliant?

iPhone 5S: A Biometrics Turning Point?

Future: Mobile Devices Will Boost Interest in Advanced Authentication

Apple's decision to include a fingerprint scanner in its new iPhone 5S is an important step toward bringing biometrics-based authentication into the mainstream. But there's still a long way to go before biometrics supplant usernames and passwords at the enterprise level.

Owners of the new phone can use a fingerprint to physically unlock their devices instead of using a numeric passcode. Apple will also let users confirm purchases from the iTunes store by swiping a finger on the sensor.

Apple have not yet revealed whether they will allow third-party developers to take advantage of the new TouchID fingerprint technology to build biometrics-based authentication into their apps. While TouchID is an important milestone toward getting users comfortable with using biometrics as an authentication credential, the technology has to expand beyond the Apple universe before it can truly be considered a game-changer or a significant security breakthrough.

Biometrics authentication is not new to the mobile space. Some laptop vendors, including Lenovo, have included fingerprint readers in their devices for several years. Plus, a number of smart phones and tablets already incorporate biometrics to authenticate users. And security vendor McAfee recently introduced an online file storage service that relies on voice recognition to authenticate users. But all of these vendors use closed, proprietary models, which has made it difficult for biometrics to gain traction in the marketplace.

Market penetration for PCs and laptops with fingerprint sensors is about 20 percent, according to the FIDO Alliance, an industry group focused on open standards for authentication. Even if a majority of iPhone users opt for the iPhone 5S, overall smart phone market penetration for fingerprint scanners will remain low, considering that research firm IDC estimates Apple has about 17 percent smart phone market share.

The iPhone's popularity and its reputation as a trendsetter could help more consumers feel comfortable with the idea of using fingerprint scanners on a regular basis. And once they are used to the idea of fingerprint scanners, other types of biometrics won't be far behind. TouchID is the "first example of the potential for large-scale mass-market mobile biometric authentication.

BYOD, Corporate-Owned or Hybrid Environments?

BYOD: Problem in the reality is smaller than it seems!

Companies nowadays wrestle with the decision of whether to give employees the freedom to use personal mobile devices to access corporate data, or issue secure, mobile devices.

The main issue of the BYOD concept is to deal with corporate control and user privacy and usually at the end of the day this concept can cost to the company more than buying corporate-owned mobile devices. You also have to deal with different OS versions, installed applications, rooted devices, etc. They are some great MDM out there, but no one can deal with the diversity world of mobile devices.

BYOD, Corporate-Owned or Hybrid Environments? That depends of the “type” of business you do, but the best way to start is to limit the access to the resources from mobile devices to those who they really need them. In this way at the end of the day you will find out, that the problem in the reality is smaller than it seem at the moment.

An interesting article about the cost, efficiency, productivity, risk and security implications of BYOD, Corporate-Owned and Hybrid Environments can be found on the following link http://goo.gl/7g0LL3.

Cybersecurity is a never-ending Tom and Jerry cartoon

The Coming Wave of Security Startups

The threat from cyber-intrusions seems to have exploded in just the last 18 months. Mainstream media now report regularly on massive, targeted data breaches and on the digital skirmishes waged among nation states and cybermilitants. Unlike other looming technical problems that require innovation to address, cybersecurity never gets solved.

The challenges of circuit miniaturization, graphical computing, database management, network routing, server virtualization, and similarly mammoth technical problems eventually wane as we tame their complexity. Like antibiotic-resistant bacteria, attackers adapt to our defenses and render them obsolete. As in most areas of IT and computing, innovation in security springs mostly from startup companies. Larger systems companies like Symantec, Microsoft, and Cisco contribute to the corpus of cybersecurity, but mostly acquire their new technologies from startups.

Government agencies with sophisticated cyberskills tend to innovate more on the offensive side. Anyone looking to found or invest in one of those small security companies destined for success should focus on the tsunami of change rocking the IT world known as cloud computing.

According to Forrester, the global market for cloud computing will grow more than sixfold this decade, to over a quarter trillion dollars. Cloud security, as it is known, is today one of the less mature areas of cloud computing, but it has already become clear that it will become a significant chunk of that vast new market. A Gartner report earlier this year predicted that the growth of cloud-based security services would overtake traditional security services in the next three years. Just like other software products, conventional security appliances are being replaced by cloud-based alternatives that are easier to deploy, cheaper to manage, and always up-to-date.

Cloud-based security protections can also be more secure, since the vendor can correlate events and profile attacks across all of its customers’ networks. This collaborative capability will be critical in the coming years as the private sector looks to government agencies like the National Security Agency for protection from cyberattacks. The cloud also enables new security services based on so-called big data, which could simply not exist as standalone products.

Companies like SumoLogic can harvest signals from around the Web for analysis, identifying attacks and attackers that couldn’t be detected using data from a single incident or source. These new data-centric, cloud-based security products are crucial to solving the challenges of keeping mobile devices secure. Most computers shipped today are mobile devices, and they make juicier targets than PCs because they have location and payment data, microphones, and cameras. But mobile carriers and employers cannot lock down phones and tablets completely because they are personal devices customized with personal apps. Worse, phones and tablets lack the processing power and battery life to run security processes as PCs do.

Cloud approaches to security offer a solution. Software-as-a-service security companies like Zscaler can scan our mobile data traffic using proxies and VPNs, scrubbing them for malware, phishing, data leaks, and bots. In addition startups like Blue Cava, Iovation, and mSignia using Big Data to prevent fraud by fingerprinting mobile devices. Cloud security also involves protecting cloud infrastructure itself. New technologies are needed to secure the client data inside cloud-based services against theft or manipulation during transit or storage.

Eventually it should become possible for cloud computing customers to encrypt and destroy data using their own encryption keys. Until they do, there is an opportunity for startups such as CipherCloud and Vaultive to sell encryption technology that is used by companies over the top of their cloud services to encrypt the data inside.

Lastly, cloud security also includes protecting against the cloud, which enables creative new classes of attack. For example, Amazon Web Services can be used for brute force attacks on cryptographic protocols, like that one German hacker used in 2010 to break the NSA’s Secure Hashing Algorithm. Attackers can use botnets and virtual servers to wage distributed denial of service attacks; and bots can bypass captcha defenses by crowdsourcing the answers. Cloud-based attacks demand innovative defenses that will likely come from startups.

For example, Prolexic and Defense.net (a company Bessemer has invested in) operate networks of filters that buffer their clients from cloud-based DDOS attacks. Cloud computing may open up enormous vulnerabilities on the Internet, but it also presents great opportunity for innovative cybersecurity. In the coming decade, few areas of computing will be as attractive to entrepreneurs, technologists, and investors.

Visualizing The World's Biggest Data Breaches

In corporate servers we trust? A beautiful interactive timeline puts the growing vulnerabilities to our personal online security in stark relief

The experience is becoming so common it’s scary. You're sitting there minding your own business, when up pops an email (or worse, a letter via snail mail) from some company you may or may not be familiar with telling you that your data has been compromised by a security breach. Change your password, post haste--if you’re lucky that a password is the worst of what was compromised.

More than 50% of CEOs surveyed by the Ponemon Institute, a cybersecurity think tank, say that their company experiences cyber attacks daily or even hourly.

These attacks are becoming more and more sophisticated, and increasingly, they are successful--to date this year, there have 343 data breaches reported in the U.S., which already exceeds the number in all of 2006, according to the Wall Street Journal. A new visualization of the world’s biggest data breaches on a timeline since 2004 puts the rise of cyberattacks in stark relief.

You can explore the graphic more here. And to protect yourself against certain kinds of data breaches, it's always good to follow good hygiene for passwords and PINs to your online accounts, like making sure you use different passwords for all sites. You can see a few additional tips on how to secure your passwords here.

Beware - Trojans on Google Play Infected Up to 25,000 Devices

Malicious Apps were designed to send text messages to premium numbers

Researchers at Russian anti-virus company Doctor Web recently uncovered three malicious Android apps on Google Play that install the Android.SmsSend Trojan, which sends text messages to premium numbers without the user's permission.

All three apps, which are audio players and a video player that displays adult content, were uploaded by a Vietnamese developer called AppStore Jsc.

According to Doctor Web, the apps have been installed between 11,000 and 25,000 times.

Each app asks the user for permission to download additional content, such as adult video clips in the case of the video app -- but that download the installs the Trojan.

"The program covertly sends short messages to the short number 8775 which is specified in the malware's configuration file," Doctor Web notes.

"It is noteworthy that this Trojan really does enable a user to view adult video clips. Apparently, the attackers implemented this feature to avoid unnecessary suspicion."

Why Mobile Security Matters

How do Enterprises secure the increasing flow of data in and out of their doors?

The widespread adoption of intelligent mobile devices has transformed the way we work in innumerable ways. In 2012, IDC calculates that 712.6 million smartphones were shipped globally – 44.1% more than in 2011. In 2013, it predicts worldwide mobile tablet sales will reach 190.9 million, increasing the adoption of cloud and app-based solutions.

By 2016, mobile data traffic will have increased 18-fold, with smartphones, laptops, tablets and other portable devices driving around 90% of that traffic [Cisco]. Yet, alongside the countless new opportunities that these handy communications tools present for flexible workers, the continued rise in mobility also brings with it a myriad of potential security threats.

Most enterprises are already well-accustomed to protecting corporate data, including everything from commercial information to intellectual property and customer/employee information. However, the fact that mobile phones and tablets are small, portable and frequently used in public places or for downloading applications makes them particularly vulnerable to attacks and difficult to manage, especially compared with PCs.

In effect, these devices take corporate information out of the ‘safe’ corporate network and into unsecured environments, such as public Wi-Fi hotspots, and invite users to access a huge range of apps and websites.

The consequences of unwittingly falling foul of security threats can potentially go beyond the need for a simple repair to become far reaching. Whether it’s connecting to a bad Wi-Fi network in an internet café or downloading an app which contains malware, a single unintentional mobile security breach could potentially lead to financial and information loss, a privacy breach, loss of intellectual property or even damage to reputation.

As with other aspects of business, the cost of prevention is far lower than the cost of cure. For this reason, it is critical that today’s businesses assess their security environment and put the necessary protection in place to enable employees to work securely and without risk of infection, whenever and wherever in the world they may be.

Refer here to download the white paper (registration maybe required) which covers the following topics:

• Mobile security challenges and risks faced by large organisations
• Factors to consider when developing a mobile security strategy
• How to find a security solution that meets your organisational needs

Sex Matters: Men & Women differ on data security

Surprise: Women are also more likely to take steps to control what's visible to strangers on social media although they take less security precautions online!

Two Microsoft studies have found that when it comes to technology, men and women may have different priorities when it comes to staying safe and secure.

The first study, which surveyed more than 10,000 mobile and desktop users worldwide, found that 35 percent of men kept their mobile devices protected behind a passcode and used secured wireless networks to go online.

Women, the study found, took those same security precautions at a slightly lower rate of 32 percent.

Following that trend, 32 percent of men kept the software on their mobile devices up-to-date, an important defense against malware attacks. Only 25 percent of women did.

The numbers seem to show that men take mobile security slightly more serious than their female counterparts, but also that both sexes adopt these common-sense security precautions at an abysmally low rate.

Jacqueline Beauchere, chief online safety officer at Microsoft, said in a statement. "We know from earlier research that men and women practice mobile safety very differently."

Despite their slight edge in security, men appear to fall victim to mobile-based attacks more frequently than women. They receive slightly more phishing emails, intrusive pop-ups and messages from impostors.

When it comes to defending their reputations, women tend to be more cautious than men about what they're willing to share online, the study found.

Women are also more likely to take steps to control what's visible to strangers on social media. The study also found that women are less cavalier than men when it comes to the content of their text messages.

A different Microsoft survey, this one conducted on Facebook, asked more than 800 people about their mobile pet peeves.

Many respondents cited loud talkers, constant phone checking and socially inappropriate use of mobile phones as among their top annoyances.

Do You Need an Anti-Virus for MAC?

It's unlikely you'll ever run into malware for the Mac

But you may still want to consider an antivirus tool anyway—if not to protect yourself, but to protect your Windows-using friends from any malware you may inadvertently send their way.

If you agree, Sophos Anti-Virus for Mac maybe the best choice, and it's free.

Many of you may choose to use nothing, but you need to consider that malware is starting to become a bit more prevalent on the Mac, and even the safest browsing habits don't protect you completely. 

Sophos Anti-Virus for Mac

Platform: OS X (10.4+) 
Price: Free
Download: Click here

Features

• Compact, easy-to-use interface that can be used for custom on-demand scans of files, folders, and drives, or scheduled, periodic full scans of your Mac.
  
• Also scans files on your Mac for known Windows malware, trojans, and viruses, and deletes or quarantines them so you don't risk spreading them to someone else via network share, USB drive, or email.
  
• Deletes or quarantines known threats, gives you the option to quarantine anything suspicious that may be a new threat or dangerous file.
  
• Runs quietly in the background, scanning emails, downloads, and any other files on access, stopping you from opening them before they can do any harm.
  
• Light on system resources while running in the background.
  
• Installs like any other Mac application, and uninstalls just as easily—no complicated packages or components to manage or configure.
  
• Sophos' "Live Antivirus" feature updates your app the moment new threats are detected or found in the wild. The feature also performs real-time lookups to see if files accessed are in the SophosLabs database, even if they're unfamiliar to the app.
  
• Supports OS X up to 10.8 and back to 10.4, and is completely free for all versions.