5 Password Strategies To Keep Intruders Out

During the holiday season, millions of people will unbox new phones, gadgets and electronics. Ask anyone and they will agree that technology needs to get simpler. As Henry Thoreau wrote, "Our life is frittered away by detail... Simplify, simplify".

Complexity is a word people frown upon related to technology. Yet, technology in the area of password protection needs to get stronger and more complex to keep the bad guys out.

At a time when most devices connect to the Internet, making it harder for intruders to gain access is essential. The number one way hackers access an online account is through stolen or misused credentials, according to the annual Data Breach Investigations Report from Verizon.

The biggest concerns companies have about security breaches is their own employees, who unknowingly expose valuable company information to intruders.

To protect themselves, companies are banning employees from using portable devices like USB drives. They want them to be cautious about posting on social media sites. They discourage sharing vacation plans online or leaving "out of office" email replies on work emails.

Facebook reports that every day, imposters attempt to compromise 600,000 accounts to access messages, photos and other personal information. Thieves search the website by postal code to learn who informed their friends that they are on vacation. According to Marc Goodman,

"Vacation plans on Facebook or Twitter are like a 'please rob me' signal ...Some 78% of burglars get their leads from social media."

In many cases, the crooks target employee laptops and computers in the home, that are used to sign-on to corporate networks.

In a recent Wall Street Journal article, about 30 percent of data breaches in 2015 were caused by employee error, according to a survey published in December 2015 by the Association of Corporate Counsel. In 2014, JP Morgan experienced a cyber security breach that affected 76 million households. The investigation discovered a financial planner with the firm accessed 350,000 client data records illegally and took the information home. The firm believes Russian hackers gained access to the employee's computer at home and posted the client information online. While no client data was compromised, cyber security specialists say that a stealing a customer social security number, an email or a phone number is an important first step for a future breach.

Here are five password management strategies to keep the bad guys out.

1. Use different passwords for accounts.

If you put all your eggs in one basket, a breach could wreak havoc to your business if you have use the same password across accounts. According to criminal-record database service Instant Checkmate, almost three out of four people use the same password for more than one site, while more than three out of five smartphones users do not use a passcode to protect their device. One third of people use the same password for every website with weak passwords like '12345.'

2. Use two-factor authentication

This type of verification adds another level of security to your online account. In addition to providing a regular password, the user must enter a one-time code when logging into an account or service. In most cases, a code is sent to your mobile phone as a text message. After entering a password, the user must then enter a one-time code. This service is offered by most established companies like Google, Dropbox, Apple, Evernote, Microsoft, Twitter, Linked and Facebook.

According to a TeleSign Consumer Account Security Report, published in June 2015,

"72 percent of consumers want advice on how to protect the security of their online accounts. .. 77 percent of users use a password that is one year or older."

In August 2014, hackers attacked Apple iCloud accounts and leaked private photos for Jennifer Lawrence and other actors. Apple quickly confirmed its systems were not breached but that compromised accounts came from usernames, weak passwords and security questions.

3. Use a password manager.

Password manager programs work across platforms on any computer and device. Their primary function is to remember all passwords you use across devices, so you don't have to. Many also generate strong passwords with a single click. The most popular password managers are DashLane , LastPass , RoboForm , Sticky Password and LogMeOnce, which charge a monthly or annual subscription fee.

4. Use HTTPS instead of HTTP whenever possible

Websites that have an https:// before the website name, add an extra security layer called SSL by encrypting your browser. It is recommended to use https:// whenever possible especially when performing banking or financial transactions online. In other words, communications sent over regular HTTP connections are in plain text and can be read by intruders that break into the connection between your browser and the website. With HTTPS, all communication is securely encrypted. Due to SSL (Secure Socket Layer), an intruder cannot decrypt data that passes between you and a website.

5. Don't use security questions when you forget your password

Most companies ask customers to answer "security questions" when registering for an online account. When a user forgets their password, they are asked to answer a few security questions. The problem with this is approach is that many users answer easy questions like favourite food, mother's maiden name, city of birth or favourite sport. Hackers have a reasonably good chance of guessing the right answer by monitoring your social activity. Google recommends having an alternative email address or an SMS option, instead of providing answers to security questions. Verifying a password by answering security questions should be a last resort.

Summary

While simplicity is highly desirable when we think of technology, it is an undesirable when we think about secure online accounts. Strong passwords are highly recommended with additional security measures as outlined in this article. The goal is to make it as difficult as possible for a hacker to breach an online account.

Digitisation threatened by lack of security

Business manager and IT specialist Yves Ephraim said that government needs to ensure that its planned digitisation of public records is sufficiently secured in order to prevent cyber attacks and theft of personal information.

Governor General Sir Rodney Williams announced during Thursday’s Throne Speech that the ruling administration would be digitising records in some of its departments, including the National Archives.

“In 2016, the digitisation of many government records and archive materials shall take place,” Sir Rodney said. “The Office of Intellectual Property and Commerce is expected to complete registration of a newly incorporated company in less than 24 hours.”

However, Ephraim said that the move could prove dangerous without the proper consideration of cyber security.

“The risk is that, as much as it provides a convenience for people, it also provides opportunity for nefarious characters to do reputational damage or even financial damage,” Ephraim said. “So therefore it means that there’s some responsibility on the part of whoever is delivering the service to ensure that … Security has to be paramount.”

Personal information is also inherently at risk for any member of the public who uses the Internet to register for government services, Ephraim said.

“You are going to have to give up personal information. For example, in the case of driver’s licences, there’s quite a bit of personal information that is saved in the Transport Board system. And if that information is passed back and forth through the Internet, then they need to make sure that they have measures in place to protect that.”

Ephraim also noticed that current websites maintained by the Government of Antigua & Barbuda are already unsecured, making the possibility of a security threat much more likely.

4 Simple Ways to Help Protect Your Business From Cybercrime

Years ago, if we wanted to protect our homes and our businesses from theft, the main thing we needed to do was install good locks and security cameras, purchase insurance, and be aware of how to avoid hold-ups. In today's technologically-driven world though, it's not that simple. These days, global cybercrime requires individuals and companies to be wary of thieves who operate from the relative safety of their personal location, and who can simply sit behind a computer to steal personal data, trade secrets, and money.

In fact, when it comes to businesses specifically, cyberattacks generally cause small and medium-sized firms to lose around $200,000 on average each year. Many of these companies (around two-thirds) actually end up forced out of business within just six months of the attack, because it takes such a toll on the organization. Similarly, on a personal level, even tech products and apps created by giants such as Apple can come under threat, with a recent malware attack on the iOS app store being evidence of the issue.

If you want to do what you can to help protect your business, it pays to stay up to date on the best ways to go about it. To really study the area, you can learn about the history and current trends in cybercrime by enrolling in an online cybersecurity degree or encourage one of your IT employees to increase their training. If you just want some quick takeaways that you can implement today to help keep your business protected from online thieves, read on for four main ways you can keep confidential information away from prying eyes.

1.Choose Good Passwords

One of the most basic things to do in order to protect your systems from cybercrime is to make sure your employees select secure passwords that can't be easily guessed by hackers. Even though you might think people know better, the most common passwords used around the world today are still things like "123456" and the word "password."

If you want to be smart about your business's digital security, make sure that employees use passwords that contain a combination of letters (both lower-case and capital), numbers, and symbols. Ideally, passwords should be between eight to 12 characters in length, and should avoid referring to personal data such as the name of children, partner, pets, or family birth dates.

In addition, encourage that employees try to vary passwords on different devices and for different websites, so that they don't just have the one code used everywhere. This way, if a password does happen to be hacked, a criminal won't be able to access all of your accounts. Furthermore, you should also have your employees update their passwords on a regular basis, around every eight to 12 weeks.

2. Install Protective Software and Firewalls

Another simple yet effective way to protect your data and systems from being accessed is to install protective software and firewalls. Purchase anti-spam and antivirus software and spyware, and then install it on every computer and other Internet-connected device in your office. This protection helps to avoid malicious viruses and software from getting into your systems via a Wi-Fi connection, websites, or spam emails.

Unfortunately, many hackers use malware that gets into computer systems and then installs codes that run in the background on your computers. You won't even know that your keystrokes and all your login details are being captured by this code and then relayed back to cyber criminals, but it's actually one of the biggest money and information-generating techniques used by hackers. If you install (and keep updated) proper protective software though, you should be able to stop this malware from doing harm.

Firewalls are also a must, especially for businesses who take customer data and other sensitive information via Internet-based programs. Firewalls are designed to protect computers from thieves who try to access things like credit card numbers, passwords and personal details. You can potentially turn on the firewalls that come already installed on many operating systems, or else choose to purchase a more comprehensive third-party version.

3. Keep Computers Updated

Another safety technique you can employ is to ensure that all of your business computers' software and hardware is updated regularly. You'll find that the latest versions of operating systems are the safest, and are the ones you should be utilizing. In addition, if you update programs often, this will help to identify any security holes or other potential issues that sometimes pop up when programming changes are made or new software is installed.

4. Educate Staff

Lastly, if you run a business, you should also discuss cybercrime with your team. Educate your staff on common hacking techniques, and require all employees to update their logins on office software and hardware on a regular basis -- with, of course, only strong passwords!

NSA Building the World's Biggest Spy Center ever

Forget NASA, CIA, FBI or any other agency that can intercept your calls,emails and internet connections. In  Bluffdale , USA  National  Security  Agency  is busy building the largest Spy center in the history of the world. The  immensely  secretive and high-priority project is to be completed in 2013. This  will  make  NSA  the  largest,  most  covert,  and  potentially  most intrusive intelligence agency ever.

The center will serve the purposes of NSA which are related to communications between humans as well as machines.It will have the power to intercept,decipher,analyze and store mammoth data collected from satellites,optical fibres and local and international networks.The under construction $2 billion center will be capable of storing contents of private emails,cell phone calls and messages,Google searches and activities on social networks.Besides these it will have all sorts of personal data-trails parking receipts,bookstore purchases and other digital “pocket litter.”

 Accoding to a senior security official,who until recently was involved with the program “this is more than just a data center.It is also critical for breaking codes”.He went on to say , code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents—will be heavily encrypted. According to another top, the agency made a huge breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems .

 The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.” 

6 things you do on social media which make you vulnerable to cyber criminals

Cyber crime is a real and prevalent threat – so there’s no harm in trying to tighten up your web safety.

To get the ball rolling, here are six things you probably do on social media which can make you vulnerable to hacks or attacks.

1. You accept followers or friend requests from people you don’t know.

By allowing strangers to view your Facebook, Twitter, Instagram and other social profiles, you’re essentially granting them access to your personal details.

You wouldn’t tell people on the street because it would be bizarre and potentially dangerous. Same goes online.

According to a study from Kaspersky Lab, specialists in internet security and antivirus software, a third (31 per cent) of users will accept connections from people they don’t know. This could expose them to more unknown people – even advertisement agents or cyber-criminals.

2. You click on links you’re sent by online friends without asking what it is.

Usually, friends share links to funny pictures or interesting articles. But, there’s no harm in being vigilant if the link looks dodgy or comes from somebody you don’t know or rarely speak to.

The study found that 26 per cent of participants said they’d click on a link sent by an online connection with no hesitation, or concerns in case the sender’s account had been hacked.

3. You’re sharing personal details.

It’s not just stuff like bank details you need to protect.

Online accounts can be set up with minimal information, so if there’s something you don’t want to share with your employer, family, or strangers – don’t put it online.

Almost a third (30 per cent) of social network users asked share their posts, check-ins and other information, not just with their friends, but with everybody who is online.

This leaves the door wide open for cyber-criminals to attack, as users remain unaware of just how public their private information can be on these channels.

4. You’re neglecting privacy settings.

Twitter and Instagram both have the option to decline follower requests – while Facebook over a slightly more in-depth choice of privacy settings.

If there are certain details, pictures, status updates or other information you don’t want people to know – ensure you’re using the protection provided.

Despite over three quarters (78 per cent) of Internet users having a social media account, the survey showed a distinct lack of security awareness amongst social media users.

One in ten (9 per cent) quiz respondents didn’t think people outside of their friends list could be seeing their pages and posts, making it easy for their personal information to fall into the wrong hands, or even be used by criminals for identity theft and financial fraud.

5. All of your passwords are the same – or they are saved in your web browser.

Although it’s terribly handy to have all of your log-ins and passwords remembered for you – it means if anyone hacks your browser, they have access to everything.

Strong passwords are made up of a mix of numbers, letters in bother upper and lower case. They should be strong and memorable, but not obvious – so forget using your date of birth.

6. You don’t have security software.

Along with vigilance and a little common sense, security software makes it possible to protect your digital life against Internet threats and safeguard your privacy and identity.

‘Social network users are playing a dangerous game by not being cyber-savvy and essentially giving strangers easy access to their personal details and private information.

‘With social media profiles containing a raft of insight – from birthdays through to addresses and holiday plans – it wouldn’t take much digging for a cyber-criminal to find and exploit valuable information, or steal your identity for their own gain.

‘This is even easier if you have unwittingly made them your friend,’ warned David Emm, principal security researcher at Kaspersky.

Physical security and cyber security predictions for 2016

As we head into a new year, Tim Compston at SecurityNewsDesk gives security vendors and industry experts an opportunity to share what, in their opinion, is likely to make waves security-wise over the next 12 months.

Video surveillance growth

Catching-up with Jon Cropley, a principal analyst at IHS, for his predictions around video surveillance in 2016, he thinks that by and large it will be a continuation of the trends that have already been occurring in the market: “We are forecasting overall growth next year of 10 percent for the global market but within that you have got some big differences so we are saying that standalone analogue will decline whilst the network video surveillance market will grow by nearly 19 percent and then the HD (High Definition) CCTV market will grow by almost 40 percent.” At the same time, Cropley explains that there is expected be high price erosion with companies striving to develop solutions to avoid their products becoming ‘commoditised. He also wonders if 2016 will be the year on the business front when consolidation in the market starts to accelerate.

Collaboration key in cybercrime battle

In the realm of cyber security, according to Carmina Lees, director security business unit, IBM UK and Ireland, the company will be pushing in 2016 for even-greater public and private sector collaboration to tackle cybercrime: “Cybercrime is akin to a pandemic. Left unchecked, cyber threats can quickly spread and infect businesses and governments alike. Similar to how the containment of a pandemic requires global collaboration across the public and private sector, the same holds true for cyberattacks.”

Lees says that, to date, the vast majority of organisations have been reluctant to share the security intelligence they collect, largely due to proprietary, legal and sensitivity concerns. The strong message from Lees is that this data is crucial to battling cybercriminals: “We cannot afford to keep it to ourselves for a moment longer.”

In the end, Lees reckons, companies should be competing on their ability to deliver actionable intelligence to clients using threat data, not simply on providing the data itself: “Perhaps this is a business model that we will see building over 2016”. Already she says that IBM has taken a lead here: “We opened up our own extensive threat database (20+ years of data, 700TB) as a catalyst to spark this global collaboration that will help safeguard our economies and privacy.”

Top trends

Based on consultants responding to security incidents, IBM Emergency Response Services (ERS) recently spotlighted key cybercrime trends. The first concerns so-called ‘onion-layered security incidents’ where investigating one event reveals an older, often significantly more damaging hidden attack. Ransomware is also, according to the ERS team, big business for cybercriminals who hold data hostage via encryption. A further cybercrime trend on the radar is ‘malicious insider attacks’ where disgruntled ex-employees wreak havoc by setting up access before walking out the door. A concerning pattern that has emerged from ERS investigations here is that administrative user accountability often goes unenforced. On a brighter note, it is suggested that high-profile breaches have increased interest in cybercrime prevention at management and board level.

Risk realities

For Kevin Mahaffey, co-founder and cto at mobile security specialist, Lookout, in the future cybersecurity effectiveness will be measured more by risk reduction rather than technology deployment: “Simply having security equipment or products is no guarantee of safety, those technical solutions need to actually reduce risk. Organisations need to shift their thinking to focus on risk reduction rather than implementation.” Mahaffey also foresees a world where everyone uses their smartphone as a ‘multi-factor authentication element’ and becomes more important than the passwords people use now.

In the opinion of Peter Ainsworth, director – EMEA marketing, at Tyco Security Products cybersecurity is also going to be one of the most pressing issues on the radar of security equipment manufacturers next year: “Last year we saw customer concerns and industry awareness of cyberattacks continue to increase.” To help combat this, Ainsworth reveals that Tyco has taken an aggressive stance: “We have formed internal teams of engineers who focus on performing security vulnerability assessments and ongoing monitoring, managing third-party penetration testing, and improving the overall response for threat management.”

Mobility matters

Another area where Ainsworth anticipates continued activity for 2016 is in the realm of mobility: “What started a few years ago as a simple check box in the list of features provided to customers has grown into an unmistakable customer demand. Apps are now important to the point where customers are redefining their operations around mobility and demanding that it flexes to their needs.” Additionally, Ainsworth says that Tyco is seeing integration and unification as major trends that will remain high on the agenda for 2016, driven, in particular, by strong customer interest in harnessing business intelligence and adopting a single ‘user-friendly’ interface.

Over hyped?

Offering his thoughts on the year ahead, Clym Brown, marketing director at Texecom, says that although the smart home and ‘Internet of Things’ concept is becoming a world-wide phenomenon as of yet actual customer purchases have not lived up to the hype, something he doesn’t expect to change any time soon: “The principle reason for this is the lack of interoperability between different home devices and a lack of a clear eco-system for devices to connect to. This is resulting in end user customer confusion and is delaying the smart-home becoming an effective mass-market proposition.”

Connected systems

A trend which Brown suggests will have more prominence in 2016 relates to connected systems: “These are systems that do not form part of a wider eco-system but are connecting over IP and cloud-based services to enhance the value and user experience. None more so than in the home security sector, where residential security systems are now offering app based smartphone interactivity that feature push-based notification of system events and direct IP camera streaming.” Brown goes on to say that these added features put homeowners in control of their own security, without affecting any professional security monitoring services that may be in place.

Brown adds that the proliferation of wireless security sensors is set to continue making, he believes, connected residential home security system installations even easier to implement than ever before: “Mesh-based wireless sensors are ideal for covering large areas, and the ability to quickly deploy wireless security and home

automation devices are increasing the appeal of connected secure homes.”

In the cloud

Julie Kenny, chairman and chief executive of Pyronix, thinks that the standout trend for 2016 will be the continuation of merging applications and cloud infrastructure into security offerings on the domestic front: “This innovation delivers a multitude of advantages and possibilities. End users can remotely control their home system by setting and un-setting their alarm, checking sensor status, receiving push notifications and checking their event history. There will also be an increase in the variety of automation devices included, allowing end users to open and close blinds, gates and garages, along with control over lighting, heating, sprinklers and so on, as the technology develops.”

To sum-up Kenny believes the good news for the security industry is a shift in attitude from the customer simply viewing a security system as a ‘grudge purchase’ to more of a ‘desired lifestyle choice’: “The industry is commencing a journey which will see security systems becoming desired integrated packages of home/business automation and monitoring,” concludes Kenny.

Access Control – the death of proprietary systems

On reflection John Davies, managing director at TDSi – is of the opinion that, from a technology and access control point of view, there is more to come from biometrics in 2016. Alongside this, other themes he draws out include: the requirement for more open access control systems, and more open systems in general across the electronic security landscape, the interoperability of systems and ease of integration: “That is going to become more and more prevalent so proprietary systems are pretty much becoming a thing of the past. If there are still proprietary systems out there they are going to go by the wayside with a lot of people wanting more open systems,” reflects Davies.

In addition, Davies spotlights the expanding footprint of IT people across the security landscape: “No longer is it just physical security people specifying security systems. With the advent of IP all these systems exist on the same network and there a growing number of people involved in other parts of organisations – beyond those with a security background – who are actually specifying and putting systems onto the overall corporate network.”

From Biometric to BLE

Taking an access control perspective, Philip Verner, regional sales director, EMEA at CEM Systems, agrees that there has been an explosion in biometrics and that this will remain a key development for 2016: “All aspects of biometrics are being looked at and employed and have become more reliable. I think the whole multi-modal approach to biometrics will be more prevalent.” Alongside this, Verner suggests that contactless access control is likely to gain a bigger foothold: “Using your phone for access control in certain sectors and certain deployments will become more available. You put your credentials on to your mobile phone and that becomes your access control device.” Regarding the technology behind this, Verner says that most vendors are looking towards BLE (Bluetooth Low Energy): “NFC [Near Feld Communication] is still there but the deployment on BTLE means that it is now available on many different phones and the read range is much longer as well,” concludes Verner.

As we head into 2016 it will be interesting to see which of these predictions actually come to fruition, which fall by the wayside.

Cyber security: Israel wants joint ecosystem with India

Eyeing a billion-dollar cyber security market in India in the next five years, Israel - the leader in the sector — is trying to tap the opportunity. Organisations such as CyberSparkfrom Israel have started holding preliminary talks with Indian companies including Reliance and Tata groups, educational institutions like Indian Institute of Management-Ahmedabad, Indian Institute of Techonology-Mumbai and even start-up incubators to start collaborations between the two countries.

CyberSpark is the central coordinating body for joint cyber security activities with government agencies, the Israel Defense Forces, the public and academia. It is formulating a multi-year business plan, leveraging the region's significant strengths and maximising its potential in the field of cyber technology.

According to Roni Zehavi, co-founder and chief executive of CyberSpark Industry Initiative, the governments in the two countries are keen to evolve a joint start-up ecosystem. “We want bigger and better collaborations in India. We are collaborating not just with the companies, but with India. What we have here is a blessing of government from both the countries. We have a number of events lined up where companies from both the countries would be there this year,” said Zehavi. “By working together, India’s cyber-security can easily be around a billion dollars in the next five years.”

According to experts, the Indian cyber security market is worth $218 million at present. While the country has made enormous progress in sectors such as information technology and e-commerce, the cyber-security in India is at a nascent stage. Israel, the biggest player in the sector after the US, had exported $6 billion worth of cyber-related products in 2014.

According to sources in the Ministry Telecom and Information Technology, talks are on to form a mechanism under which start-ups from both the countries can work together on cyber security solutions and a fund pooled in from the two countries would be used to bankroll certain projects. “Cyber security is going to be one of the major topics of discussions between the two countries during Prime Minister Narendra Modi’s visit to Israel. The two government plans to work on various solutions together,” said a senior official in the ministry.

Zehavi said he also held meetings with representatives from various sectors. “All the qualities we are looking for a successful collaboration are here.”

CyberSpark, which is working on a cyber test range for autonomous vehicles (basically cars that will drive on their own), met representatives from Tata Motors. “We are interested to collaborate with a couple of major players in the domain to establish a range to check whether those cars can work in hostile environment. Tata Motors is a fantastic candidate for the project. However, the talks are at a preliminary stage,” said Zehavi.