Working from Home during COVID-19 - Things to Consider

Skip to content |Skip to navigation

First and foremost, our hearts go out to those around the world impacted by the COVID-19 virus. The director of the U.S. Center for Disease Control & Prevention (CDC), who advises the country on public health, has indicated that the risk to the generalpublic remains low and encourages Americans to go about their lives. Businesses and local communities are taking a much more personal approach. Many business, schools, and other organizations are advising their employees to work from home and students to stay home or use online learning.

We are seeing an unprecedented number of remote users on home and public internet services accessing their employer and school resources. This opens up these organizations to more risk from all of the remote users. IT departments are monitoring network bandwidth, VPNs, and access controls to make sure employees can still do their jobs. It is putting a strain on the organization infrastructure and the various internet providers.

Security departments need to be on high alert. With the larger remote workforce, there is a much greater risk that someone will get breached or pwned. If security controls and updates only work when connected to the internal network or via VPN, then encourage employees to leave laptops connected overnight and change update and scan schedules to reflect the new hours. Enable captive portals to validate the security and policy compliance of a system before it is granted access to the network. And wash your hands!

Read more here:
Working from Home during COVID-19 - Things to Consider - tripwire.com

Q:Can you explore the best way to store digital photos for the long term? I am currently downloading from our iPhone XR by connecting them to a 2017 HP laptop with a Seagate 2 TD SSD.

Also, can you recommend photo management software that can remove duplicate photos? I do most of my editing on my iPad and also backup to Google Photos.

Don Pappe

A:There are no surefire means of storing anything digital for the long term, but it sounds like youre on a right track. First, I like solid-state drives for longer-term storage simply because they have no moving parts and are accordingly less susceptible to failure. Still, SSDs can fail so if you really want to play it safe youll want to make more than one backup.

And dont make the mistake of keeping your drive in the same place as your computer. If theres a fire or a flood you could lose both. In short, for things you really dont want to lose, keep two backups in different locations.

My strategy is the same as yours: to back up both to an SSD drive and to cloud storage. The SSD drive is faster for uploading and downloading and the cloud storage is safe from any physical catastrophes that may strike my home or office.

As for your second question, I havent tried programs that remove duplicate photos but I do know that there are quite a few on the market and some of them are free or at least free to try. You can find an extensive list here: st.news/marshall0314 .

Q:About twice a year I need a phone number of someone. I dont need a monthly subscription to a service. Every time I search for a White Page service for a one-time look up, I get a service that will allow you to look up one number but you have to sign up for a $15-a-month service, which you can cancel if you call a certain number. We all know how that goes. You call a number which never answers or gives you a runaround. I refuse to get bogged down in that spiral.

Is there a legitimate site where you can look up one number for a price and not have to sign up for a subscription that you dont need.?

Richard Hawes

A:I wish there was a good answer to your question! I have not been able to find a free service for locating phone numbers. And I havent been able to find a simple way to pay for a single search. The closest Ive come is some services that offer to do your first search for one dollar and then you pay a monthly subscription that you can cancel at any time. Yes, I do know how that goes

So Ill pitch this one out to the readership: Anyone know of a better way to find phone numbers?

Q:I have Oracle Virtual Box running on an old Compaq laptop with Windows 7. On Virtual Box I have virtual machines running Debian and Ubuntu. If I connect to the internet using the Linux virtual machines, is there any way for malware to propagate from the VM environment to the Windows 7 environment? I am wondering if this configuration isolates my laptop from internet malware designed to attack Windows 7 vulnerabilities.

Brian, Sammamish

A:Computer security is all about degrees of safety. Is it possible to a hacker to gain access to your laptop running Windows 7 if youre connected to the internet via a Linux virtual machine? Yes. Is it likely? No, it is relatively unlikely.

There are viruses and malware out there that can affect Linux, so as soon as you connect to the internet you are potentially exposed. As a result, there are antivirus and antimalware programs for Linux that you can install to provide additional security.

At the same time, its no surprise that there is a lot more malware out there designed to attack vulnerabilities in the more popular Windows operating systems. So yes, any layers you can put between Windows 7 and the internet will provide extra protection. Thats especially important since Microsoft is no longer updating Windows 7 with security patches.

Again, 100 percent security is not possible. So the question is how much do you want to spend in time and money to attain a given level of security?

Read the original:
Whats a reliable way to store photos for the long term? - Seattle Times

Cloud storage company Degoo may not be a household name, but it has managed to carve out a niche in the competitive cloud storage market, with its offerings attracting more than 15 million users over the past eight years.

The Swedish company has teamed up with TechRadar to deliver an even better package than usual - get 200GB free cloud storage for a year with no strings attached.

After 12 months, this will revert back to the regular 100GB package, which is still plenty for most.

You can also get a staggering 10TB for two years at just $99.99 (about 77 / AU$152) exclusive to TechRadar. Thats 58% off the standard price of $9.99 per month (that's around 8 / AU$15) - blowing the cloud storage competition out of the water.

Unlike some rival services, there are no file size limits and you dont need another Degoo account to receive files.

Uploaded files are encrypted in chunks (zero knowledge encryption) and spread out to data centres on four continents to eliminate the risk of account compromise.

Carl Hasselkog, CEO of Degoo, told TechRadar its infrastructure is five times more efficient than Dropbox per stored byte.

It's worth noting the free version has basic storage replication and no zero knowledge encryption, plus a 90-day account inactivity limit. It also carries adverts in the feed on Android.

Go here to see the original:
Here's the biggest free cloud storage right now, 200GB exclusive to TechRadar readers - TechRadar India

Virgin Media revealed last night (5 March) that the misconfiguration of a marketing database had led to around 900,000 customers contact details being breached.

Now, a spokesperson for the telecoms giant has confirmed to NS Tech that, as many security pros suspected, the data had been stored in a cloud-based server.

The incident makes the firm just the latest in a long line of businesses to have leaked customers contact details after failing to properly protect a cloud database.

The data, which was left in the unprotected database for ten months, included the names, home and email addresses and phone numbers of customers and potential customers. It was accessed by an unauthorised individual at least once over that period, according to the company, which said the extent of the access was unknown.

Security experts have warned that while the data does not include financial information, if it is sold on to scammers, it could be used in phishing attacks. Coupled up with Virgins broadband outage in the week, this could be a particularly good target for malicious actors to prey on, said Jake Moore, a security specialist at ESET.

A number of similar breaches have involved misconfigured Amazon Web Services S3 buckets in recent months and the company has said that, if it could, it would go back in time and redesign its security setup. Virgin refused to disclose the name of its cloud provider, citing security concerns.

Marco Essomba, founder of iCyber-Security, said he suspected the misconfiguration was related to inadequate access control or authentication permission. Its amazing how many of these flaws you can find if you dig on the internet using automated tools, he told NS Tech. This owes to the perception that cloud infrastructures are secure by default, which is simply not true. Access control for cloud storage systems are often left on default settings and completely forgotten once deployed in production.

Virgin Media said it had informed the Information Commissioners Office. Ryan Dunleavy, head of media disputes at the law firm Stewarts, said fines can be eye-wateringly high under the GDPR, even for an incident which doesnt involve passwords or financial details of consumers.

He added: Virgin could be facing a fine of multiples of millions of pounds. This is an opportunity for the ICO to put down another benchmark in terms of the value of fine for a breach of this nature in the UK.

Virgin Medias chief executive, Lutz Schler, said: We immediately solved the issue by shutting down access to this database, which contained some contact details of approximately 900,000 people, including fixed line customers representing approximately 15% of that customer base. Protecting our customers data is a top priority and we sincerely apologise.

More here:
Virgin Media breach: unprotected database was stored in the cloud, telco confirms - NS Tech

HodlX Guest PostSubmit Your Post

If 2019 has taught us anything about cybersecurity, it is that cyber-attacks are the reality of our times, hardware is still vulnerable and high-profile data leaks are becoming frighteningly more common.

The cybersecurity market is booming as recent data from MarketsandMarkets reveals that investments in cybersecurity can reach $250 billion by 2023 with spending already rising higher in 2019 than in any other industry sector.

The forces driving growth are increasingly strict measures and requirements on data protection imposed by the European Union and the growing threat of cyberterrorism. Cybercrime is forecasted to inflict damages of up to $6 trillion yearly by 2021, bellowing demand for security solutions both on the individual and corporate levels.

Growing threats mean growing demand

2019 has seen a number of IPOs in the cybersecurity industry as CrowdStrike, a California-based cybersecurity company, announced that was going public with an IPO, raised $700 million, and is valued at $6.8 billion.

The American Cloudflare web-infrastructure and website-security company, providing content-delivery-network services, also went through an IPO and added a whopping 20% to its market price on the first day. And KnowBe4 announced that it received a staggering $300 million investment from private equity firm KKR. A number of other cybersecurity companies like Palo Alto Networks, Proofpoint, and Zscaler also enjoyed bullish rounds in stocks making the cybersecurity market attractive for investors.

Its evident that the B2B security industry is experiencing a renaissance. While the market is stronger than ever, there is a massive market cap shift from legacy security vendors like Splunk, McAfee, Symantec, and Check Pointto the new breed of leaders, as stated by Jeb Miller, general partner at Icon Ventures.

Given that 90% of all data available online was generated over the last few years and the fact that cloud, mobile, API and other services are being increasingly integrated into the frameworks of corporations, the enticement of cybercriminals to tap into the wealth of information is simply irresistible. According to Juniper Research, overcall cybercrime costs have reached $2 trillion at the end of 2019 making companies increase their spendings on cybersecurity.

The growing demand for confidentiality caused by data leaks, as well as the needs of companies and organizations to comply with the new European General Data Protection Rules (GDPR), are attracting entrepreneurs and investors to next-generation solutions, including blockchain, artificial intelligence-based data management solutions, and advanced cryptography.

Cybersecurity as a Service

Cybersecurity as a service is part of the global trend towards the transition to the sharing economy model. In 2020, companies are not willing to overpay for tools, so they will be switching to using the required services for the period of time needed. The IT startups that started offering the given model have already become unicorns. Among such firms are McAfee Inc. and NortonLifeLock. Other alternative endpoint security providers include Carbon Black, Cylance, Palo Alto Networks, FireEye, and others.

New and promising providers are also emerging with viable solutions, such as Cloudstrike with its Falcon the first Software-as-a-Service multi-tenant, cloud-native, intelligent security platform. A competitor Infoblox is offering security coupled with simplicity and automation via SD-WAN, hybrid cloud and IoT, reducing manual tasks by 70% and increasing productivity by 300%. Their BloxOne Threat Defense allows for traffic monitoring, proactive threat identification, network breach protection and automation. With 52% of the DDI market in their grasp, InfoBlox is the industry leader gripping 59% of Fortune 1000 companies and 58% of the Forbes 2000.

Blockchain

Routing all business and personal data through a centralized server with one main point of contact poses an overwhelming number of threats for information security. In 2019, $2 trillion was the cost of cyber-crime for businesses.

A new promising category to solve this problem is blockchain technology that makes data near impossible to change, with decentralized end-to-end encryption data services replacing traditional encryption tools. In 2020, we can see the projects that managed to offer decentralized data storage.

A new way to store data privately in a decentralized way was found by Jeff Pulver, the US VoIP entrepreneur behind $3 billion Vonage, an early Twitter investor. In 2018, he co-founded a new company to develop a blockchain-enabled communication network offering clients new authentication layers and decentralized solutions.

The solution, called Debrief, is said to be the most secure end-to-end business communication network that no longer exposes user confidential information unlike existing services like Facebook, Skype, and Zoom. As claimed by Pulver, with data encryption used in the network, information cannot be edited or tampered with in any type of way once it is placed onto the network. Each recipient on that network receives the same piece of information as it is inputted in real-time. In order for a hacker to tamper or edit the information on one recipients computer, the other computers on the network would have to accept this as edited information, which they would immediately reject.

The data leaks that we witnessed in 2018-2019 had their causes and we believe that the best way of making high-security communications services universally available is through the use of blockchain technologies. By refraining from centralized control, we will be removing the weak link from the equation the third parties, Pulver explained.

Debrief consists of a decentralized storage system and secure blockchain authentication, making it impenetrable for hackers. The Debrief DApp, operating on the network to showcase its extensive functional capabilities, provides clients HD Video Conferencing, P2P audio and video calling, messaging, decentralized file storage, ensuring the confidentiality of all data. Its also a middleware for other mainstream blockchains and traditional communication applications to utilize and enable blockchain communication features.

Demand for blockchain solutions capable of tracking vulnerabilities and suspicious transactions will continue to grow. Solutions like CipherTrace and Chainalysis, which managed to enter the market first, are now being used not only by large organizations, but also by government organizations, even the Interpol.

Employee training

The need for proper staff training will rise as cybercriminals become more devious. The new breed of employees will need to understand social engineering, phishing schemes, malware, ransomware and much else. Proper investments in people-oriented security systems will reduce losses.

AI and ML

Artificial Intelligence (AI) and Machine Learning (ML) are set to take the lead in security in 2020 as Richard Cassidy, senior director security strategy at Exabeam predicts,

2020 should herald a truly golden age of deep learning, which will see a resurgence of artificial intelligence embedded into the fabric of our security frameworks. Expect to see some exciting machine learning developments in the seemingly ad infinitum war on cyberthreats and bad actor group attack circuits.

Cassidys words are backed by numbers. A Capgemini study shows that 69% of senior executives believe that AI and ML are inseparable from cybersecurity. An example is Kounts Omniscore, which employs AI and ML to provide fraud analysts with necessary data for improving customer experiences and reducing fraud.

In 2020, the amount of ransomware attacks will increase, as it is easier for the attackers to find a security breach using new AI and machine learning technologies, since temporary data blocking is a quick way to make a buck. By 2022 , 50% of servers will encrypt all data, over 50% of security alerts will be handled by automatic AI-based mechanisms, and 150 million people will receive blockchain-based digital identifiers. New technologies, such as encryption, blockchain, machine learning and analytics will be used to improve security measures, as state-sponsored hackers and cybersecurity firms are both using artificial intelligence to get an edge.

SECURITI.ai is one company to watch out for as it enables enterprises to issue data rights and complies with global privacy regulations to improve the brands image. Another company is Tel Aviv-based Deep Instinct, which uses AI and deep learning to safeguard enterprise endpoints, both mobile and stationary. Deep Instinct is revolutionary in that it offers real-time cyberthreat identification and blocking.

Cloud

Cloud storage is on the rise as businesses shift their operations to cloud computing provided by the likes of Amazon Web Services. The company will be competing with mainstays like Fortinet, Palo Alto Networks and others as software-defined wide area networks (SD-WAN) technologies start taking over the cloud storage security frontier. But the giants have more competition coming up, as Netskope and Menlo Security are among the cloud security startups going public in 2020 that investors will be looking out for.

ID management

Identity management is another key area in the cybersecurity domain. Email and data-loss protection are being offered by a number of companies like Proofpoint, Okta, Qualys, Mimecast, Rapid7. Hackers know that targeting key employee or management emails is the easiest way of gaining access to corporate data management and storage systems.

Cyberark offers privileged accounts, Okta provides advanced identity management, while other companies are focusing on Zero Trust approaches. Cisco Systems, which recently acquired Duo Security for $2.35 billion, is fully vesting in the Zero Trust sector as it conducts full identity checks of all users and device health analysis before granting device access.

Gartner Research states that approximately 75% of all large companies will be employing selective access management systems by 2021, which is a 25% increase from their previous 2018 report. Forrester Research indicates that 80% of all security breaches are caused by compromised credentials. Among the most prominent victims of such attacks were Quest Diagnostics, Marriott International, Equifax, Yahoo Anthem, Target and others.

Tightening the rivets

Unlike generalized world-scale problems, digital threats pose a greater risk to the cornerstone of the global economy data. As criminals are becoming ever more devious and sophisticated in their approaches to milking money from individuals and enterprises, the challenge is up to cybersecurity firms to step up and take on the mantle of viable solution providers.

2020 is set to become a make-or-break year in the cybersecurity industry as new approaches to handling threats are coming to the forefront. Whether it be AI, ML, blockchain, Zero Trust or any other technology, the aim is the same safeguarding data and reducing economic damages that are so far showing signs of abating.

See the original post here:
6 Cybersecurity Trends Worth Looking at in 2020: Blockchain Is on the List - The Daily Hodl