The COVID-19 pandemic has fundamentally changed the way people work. Millions of employees have been able to stay productive while working from home during the lockdowns thanks to remote collaboration technologies like Zoom, WebEx and Teams. Very quickly, virtual meetings became ever-present, and people could connect with their managers and clients or give presentations from any location with internet access, including other countries. Even as much of the country returns to business (mostly) as usual, firms instituting flexible or work-from-home policies may need to review their telecommuting policies and practices to help keep data safe.

While working from home has been key to business continuity over the last 15 months, it has also opened up some potentially major security issues for firms. In an office setting, there are multiple ways to secure data, including firewalls and physical security measures such as badges, doors, locks and keys. However, remote employees could be working from their homes, their cars, or at a local coffee shop. They have laptops, mobile phones, tablets and smartwatches all of which communicate with each other and could use several different services (Wi-Fi, Bluetooth, cellular data, RFID).

Being outside a secure office makes these employees, and their data that is, your data and your clients data vulnerable to data leaks and hacks. Even something like a chat or text message could contain confidential information, such as a Social Security number, birth date, tax information, or even medical information.

This is why robust data security is vital for any company. Data breaches that compromise client or employee data are notoriously costly, averaging over $3.9 million in 2020. They not only hurt a firm's reputation and bottom line but can also result in the theft of client information, proprietary information or intellectual property. Think of all the due diligence-related information your firm has on clients who might be preparing for an IPO or merging with another company.

It's these risks, by the way, that drove the American Institute of CPAs to add to its Code of Professional Conduct Confidential Client Information Rule 1.700.001, which deals with disclosure of confidential client information without the specific consent of the client. This rule goes hand in hand with Internal Revenue Code Sec. 7216, where failure to comply can lead to fines and other consequences.

It is against that background that all firms must make a concerted effort to be vigilant about protecting their data and their clients data. Accounting firm leaders must recognize the issues affecting their firms and take measures to educate their professionals. With that in mind, here are a few practical ways to help secure access to data, stay compliant, and mitigate the damage in the event of a breach.

Encryption is your friend

You may have outfitted all of your employees with laptops and a secure virtual private network. While a VPN might be enough protection when employees use their devices on a secure home network, what if theyre traveling or decide to work in a cafe? Many hotels, airports and cafes offer free Wi-Fi, but these unsecured networks can allow hackers to gain access to data that is supposed to be secure. A VPN may protect outbound data, but it still leaves the laptop or tablet itself vulnerable via other potentially active services such as Bluetooth, hotspots or RFID. Encrypting the device itself will make it much harder for criminals to access the data.

Encryption can also help protect a device if it is physically stolen. Unattended computers, tablets or mobile phones are tempting targets for thieves. With the device in their possession, the thief could have a treasure trove of confidential information they can sell or use to scam your clients. If a device is encrypted, the data is safe, and you only lose the device. It could mean the difference between $1,000 or $1,000,000.

Turn off services

Mobile devices are designed to make communication easy. This is a double-edged sword, however, unless there are security protections in place. For example, virtually all mobile devices have Bluetooth, and a growing number can be used as internet hotspots or have radio frequency identification (RFID) technology built right in. If these services are turned on, a hacker could potentially compromise the device. While these services can be beneficial, they do not need to be active 24/7. All employees should be instructed to turn them off until they are needed, especially while traveling.

Make sure to back up your data

With millions of Americans telecommuting, tens of millions of laptops and other devices are floating around filled with potentially sensitive data. This creates a greater chance that data could be lost if a device is lost, stolen or damaged. Employees should back up their devices daily, or at the very minimum, weekly, so the information will remain accessible if there is a catastrophic failure. Moreover, it is vital that employees restrict backups solely to company-approved destinations (e.g., cloud storage, on-premises servers, encrypted hard drives). If they make a backup to another location, it exposes their organizations to a potential data breach they have no control over.

As a firm leader, you should work with your IT team to ensure the mobile devices with access to firm information use properly containerized apps such that your firms data is automatically backed up, even if the rest of the devices data is not. Note that even email and everyday collaboration tools are loaded with documents and sensitive data that could be easily leaked. To reiterate, always (1) encrypt the devices and (2) back up important information.

A few decades ago, it was practically unthinkable that employees would have access to a secure server from their home, or for them to be a potential target for hackers. Accounting firm leaders must adapt their security practices to the time and, perhaps most importantly, educate employees about cybersecurity. Even with just these three relatively simple steps, firms can significantly reduce the chances of being subject to a costly data breach or cybercrime incident.

See more here:
How accounting firms can protect against remote work security threats - Accounting Today

WHO DO YOU ask to find out if the government of Ethiopia has really shut down the internet? If Facebook is blocked in India? Or if Wikipedia is unreachable from Venezuela? For the past few years, the answer to all those questions has been NetBlocks.

Since its launch in 2016, the London-based outfit has alerted the world to all and every internet incident. Whenever a ruler, junta or strongman tampers with a countrys connectivity, NetBlocks will be tweeting about it, publishing graphs and reports showing how the disruption unfolded. Day after day, crisis after crisis, NetBlockss alerts pour in, almost a fixture of the age of internet censorship.

The groups rise has been unstoppable. It has over 125,000 followers on Twitter and its posts can rake in thousands of retweets and tens of thousands of likes. Articles citing NetBlocks have appeared in The New York Times (at least 15 articles), CNN (over 150 times), BBC (over 100), and WIRED (at least ten stories). United Nations documents about the scourge of internet censorship include links to NetBlocks, as do working papers by the governments of the UK and the US. Yet, as NetBlocks has attained stardom among internet-watchers, a question has rumbled on: how does it know that the internet is down?

Its a seemingly simple question with a complex answer. Several experts in the internet measurement sector have spent years scratching their heads at the vagueness of the organisations explanations of its methods and have continually called for more transparency. To those pleas, NetBlocks and its firebrand British-Turkish founder, Alp Toker, have replied with defensiveness and accusations of unfair competition.

But, even as other specialists worry about NetBlockss lack of transparency, attention-seeking, and potentially unethical practices, the companysmedia cachet has never been stronger. Governments across the globe are increasingly turning to internet shutdowns and censorship to oppress their citizens. In parallel, the internet measurement community is engaged in a battle, unevenly fought, to discover, document, and report the truth with accuracy and prudence. For this community, the behaviour of a fast-moving, fiercely competitive startup like NetBlocks raises questions not just about the truth but also who gets to tell it and how. And, at the centre of this row is a crisis that affects us all: who monitors the internet monitors?

ON DECEMBER 15, 2019, Collin Anderson an American researcher with a decade of experience investigating internet censorship fired off a fusillade of tweets revealing a security flaw that he believed posed a risk to internet users in repressive countries. In this case, he claimed, the danger did not come from state-backed snoopers or ruthless security services: Anderson was pointing the finger at NetBlocks, the self-styled internet observatory. And he had a stark warning: NetBlockss website could be dangerous.

[NetBlocks] is running undisclosed experiments that could endanger people, Andersons tweet read. Without their permission, visitors to [NetBlocks] are forced to conduct censorship measurements. When a user opened netblocks.org, a series of inconspicuous scripts in the pages source code would hijack his or her browser and have it connect to dozens of websites, including social media, news outlets, internet forums, and websites selling VPNs, among others.

NetBlockss script could gauge what was blocked and where: if the browser of someone in, say, France, reported back that it could not connect to Twitter, that would provide NetBlocks with useful data. Andersons view was that it was unethical. Not only were these tests conducted without the users express consent; worse, Anderson thought they could put people in danger. If someone whose internet traffic was already being monitored by an oppressive government were to access netblocks.org, Anderson argued, their unwitting connection to certain websites for instance US-backed Voice of America, or the controversial imageboard 4Chan, both among the checked websites might put a target on their backs. That was not just a speculative scenario: in 2016, Turkey jailed 150 teachers who had been reportedly tracked down because they used a texting app linked to president Recep Tayyip Erdogans arch-rival Fethullah Gulen. Anderson was categorical. [NetBlocks] should stop immediately, he signed off his thread.

View post:
How the internet censorship world turned on NetBlocks | WIRED UK - Wired.co.uk

Screenshot: YouTube/YourVoice Network, Inc

Be it Parler, Gab, or GETTR, recent times have seen no shortage of dollar-sign-eyed entrepreneurs looking to capitalize on conservative Americas disdain for liberal Silicon Valley. It was only a matter of time before someone tried to invent the MAGA phone.

Er, make that...the Freedom Phone. The device, which launched Thursday, is the product of Erik Finman, a 22-year-old crypto-millionaire who says that he wants Americas patriots to take back control of their lives from the tech oligarchy. Finmans phone, which costs $499, claims to offer conservatives a way to be free of Big Techs spying and censorshipthough it is radically vague on the details. Like a random handgun, the phone should be treated as if it were loaded and dangerous because we simply dont know whats under the hood.

Freedom Phone claims that it can protect users from the data collection that comes with an iOS or Android operating system (it has something called a FreedomOSwhich, ironically, just appears to be a modified version go Googles Android OS). The phone is also meant to liberate users from Big Techs alleged ideological preferences: it has an uncensorable app store (called the PatriApp, lol), where it is apparently impossible for apps to get booted no matter how unsafe or horrendous they are.

The device also comes pre-loaded with a host of privacy features (Signal, DuckDuckGo, Brave), as well as a suite of apps that seem tailor-made for Trump voters: Parler, One America News Network, Newsmax, and Rumble are all included.

This is the first major pushback on the Big Tech companies that attacked us - for just thinking different, Finman tweeted Thursday morning. Were finally taking back control. Other right-wing influencers and commentators could also be seen promoting the product on their channels.

G/O Media may get a commission

Yet while the product is being sold as an escape from Big Techs nefarious oversight, in reality, it appears to be a budget phone from Asia that may end up compromising buyers autonomy rather than protecting it.

Before we get into the specifics of why this device probably sucks, let me just say that the desire to have a phone that is dedicated to protecting your autonomy and privacy is a reasonable oneand should be encouraged. That said, I dont think the Freedom Phone provides that. Actually, aside from its overt partisan bent, its impossible to tell what kind of device this is because Finman and his acolytes havent provided any information about it.

Lets start with the website (freedomphone.com). Hilariously, it provides literally zero specs about the actual device. There is no information about the phones operating system, storage, camera, CPU, or RAM capabilities. It has a list of features, but there are no actual details about them. Instead, under each feature, theres merely a Buy it now button which redirects you to the sites shopping cart. The phones hefty price, combined with the companys total lack of transparency, is ridiculousessentially asking the buyer to cough up half a grand in exchange for, uh, something! We sent an email to Freedom Phone to ask for further information and will update this story if they ever respond.

The fact that the device is essentially a black box also makes it a potential security (and thus also privacy) nightmareand once again, it should be treated that way until proven otherwise. In fact, based on the assessment of some security professionals who have scoped it out, the Freedom Phone should be avoided at all costs.

Matthew Hickey, the co-founder of Hacker House and longtime cyber professional, said that, while it hasnt been confirmed, the Freedom Phone would appear to be a cheap Android device sourced from Asiathe likes of which could be vulnerable to all assortment of supply chain risks and other issues.

Based on photographs from the company website a number of Internet sleuths identified that the device has the same form-factor, shape, and appearance of a Umidigi A9 Pro, said Hickey, via email. This device is a drop-shipped customizable Android-based phone that can be ordered from ASIAPAC region and customized to a projects requirements, he said, clarifying that such devices can be bought and shipped in bulk with custom logos and branding so as to give the appearance of a phone that has been designed for a unique purpose but is actually just a common cheap Android-based smartphone with core components produced in Taiwan and the surrounding areas. Its also very cheap: the A9 Pro is currently available for about $120, much less than the Freedom Phones $500.

According to The Daily Beast, Finman confirmed that the device he was selling was made by Umidigi but couldnt say what specific model it was.

On top of everything, Freedom would also appear to be using a CPU from Taiwan produced by Mediatek, the likes of which is popular in low-end Android-based devices and is known to be buggy, said Hickey.

Historically Mediatek devices have shipped with a wide number of insecure configurations and are prone to trivial vulnerabilities that allows anyone with physical possession of such a device to read/write the data on the phone through its early bootloader, Hickey said. They make phones specifically to permit high customization and as such many of the vendors own software [that] can be used to manipulate the devices, which is why such hardware is popular in countries like North Korea as often the security enabled by a user can simply be circumvented by a state operative, he added.

Nothing screams freedom like products popular in the DPRK.

The funny thing is, if Trump voters are looking for a way to get off the Big Tech grid, theres no need for them to buy this sketchy shit. There are actually entire subcultures within the phone industry dedicated to escaping the Android/iOS paradigm. You can wade into the de-Googled phone sector, for instancewhere Android phones are sold that have ostensibly been refurbished to rid the devices of code that will send your personal data back to the tech giant. Theres also the Linux-based Pinephone, which sells at a fraction of the Freedom Phones cost (between $150 and $200), and is a favorite of those in the privacy community. All of these come with caveats, obviously, but the point is that there are much more transparent and affordable options than the Freedom Phone.

Of course, total security and privacy arent really what the Freedom Phone is about. For Finman and his company, its just a cash-in on the growing conservative demand for products that are brand MAGA. For the customers, meanwhile, buying a phone like this is a statement of identitya consumer choice that brings with it a sense of community, as well as a chance to give a big middle finger to the commercial and cultural establishment that they feel has repudiated them.

Itd be nice if Americans could actually come together around the issue of privacy since its an area whereregardless of political partywere all collectively getting screwed. However, something tells me the Freedom Phone isnt exactly a harbinger of thatmore the opposite.

Read the original here:
MAGA-Branded 'Freedom Phone' Is a Black Box That Should Be Avoided at All Costs - Gizmodo

SAN CARLOS, Calif., July 06, 2021 (GLOBE NEWSWIRE) -- Check Point Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, today announced it has become a sponsor of The Smart Factory @ Wichita, a new Industry 4.0 immersive experience center by Deloitte. The sponsorship identifies the need for cyber security as a core component of any secure smart factory and enables Check Point customers access to experience the advanced manufacturing methods and technologies at the heart of digital transformation.

As a sponsor, Check Point Software will work with Deloitte to advance the execution of smart factories and enable manufacturers to adopt Industry 4.0 technologies that boost quality, productivity and sustainability, in a digitally secure manner. As part of the sponsorship, Check Point will leverage the powerful ecosystem of The Smart Factory @ Wichita to help customers secure their manufacturing infrastructures and supply chains. From augmented workforce efficiency through asset intelligence to smart warehousing solutions, the digital transformations that manufacturers are undertaking requires a comprehensive cyber security architecture to keep every element of a smart factory safe from ransomware attacks and hackers.

The increasing connectivity of smart factories and the convergence of OT and IT networks expands the attack surface of industrial manufacturing and critical infrastructure facilities, says Dan Yerushalmi, Chief Customer Officer at Check Point Software Technologies. Cyber attacks in the US alone have increased over 300% in the past 9 months creating the need for consolidated cyber security architecture that minimizes risk exposure across IT and OT environments, and blocks attacks before they reach critical assets.

The Smart Factory @ Wichita is a highly digitized, connected production facility that uses technologies such as artificial intelligence (AI), Internet of Things (IoT) and robotics to help companies manufacture products, create new business value, unlock data-driven insights, and automate or eliminate business processes. These technologies enable people to do their jobs in a more productive and efficient manner while improving quality and overall safety. The Smart Factory @ Wichita will bring secure digital transformations to life by demonstrating how to merge existing technologies with new innovations, sparking a dialogue about how companies can accelerate their journeys toward scalable and sustainable capabilities.

Story continues

We are thrilled to have Check Point Software onboard as a Builder sponsor of the Smart Factory @ Wichita to accelerate the secure adoption of Industry 4.0 technologies and the value it can bring to manufacturers across their business ecosystem, said Stephen Laaper, principal, Deloitte Consulting LLP. The integrated cyber approach that Check Point brings to the Smart Factory @ Wichita, and the combined power and effort of our sponsors will enhance the experience and outcome available to clients that walk through the factory doors, accelerating the speed and adoption of a secure digital transformation for their organization.

To learn more about the partnership, please visit:https://www.checkpoint.com/partners/global-systems-integrator/deloitte/

About Check Point Software Technologies Ltd.Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and corporate enterprises globally. Its Infinity portfolio of solutions protects enterprises and public organizations from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other threats. Check Point Infinity comprises three core pillars delivering uncompromised security and generation V threat prevention across enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and datacenters, all controlled by the industrys most comprehensive, intuitive unified security management. Check Point protects over 100,000 organizations of all sizes.

About DeloitteDeloitte provides industry-leading audit, consulting, tax and advisory services to many of the worlds most admired brands, including nearly 90% of the Fortune 500 and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape todays marketplace delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Building on more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloittes more than 330,000 people worldwide connect for impact at http://www.deloitte.com.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (DTTL), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the Deloitte name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see http://www.deloitte.com/about to learn more about our global network of member firms.

Ana Perez Check Point Software 415-299-7767press@us.checkpoint.com

See the original post:
Check Point Software Technologies Sponsors The Smart Factory @ Wichita by Deloitte to Demonstrate the Need for an Integrated Cyber Security Approach -...

Every July, we celebrate EFFs birthday and its decades of commitment fighting for privacy, security, and free expression for all tech users. This years membership drive focuses on a central idea: analog or digitalwhat matters is connection. If the internet is a portal to modern life, then our tech must embrace privacy, security, and free expression for the users. You can help free the tubes when you join the worldwide community of EFF members this week.

Join EFF!

Free the Tubes. Boost the Signal.

Through July 20 only, you can become an EFF member for just $20, and get a limited-edition series of Digital Freedom Analog Postcards. Each piece of this set represents part of the fight for our digital future, from protecting free expression to opposing biometric surveillance. Send one to someone you care about and boost our signal for a better internet.

Physical space and cyberspace arent divided worlds anymore. The lines didnt just blur during the last year; they entwined to help carry us through crisis. This laid bare the brilliance and dangers of a world online, showing us how digital policies will shape our lives. You can create a better future for everyone as an EFF member this year.

Will you help us encourage people to support internet freedom? It's a big job and it takes all of us. Heres some language you can share with your circles:

Staying connected has never been more important. Help me support EFF and the fight for every tech users right to privacy, free speech, and digital access. https://eff.org/greetings

Twitter | Facebook | Email

We introduce new member gear each summer to thank supporters and help them start conversations about online rights. This year's t-shirt design is a salute to our resilience and power when we keep in touch.

EFFCreative Director Hugh D'Andrade worked in this retrofuturist, neo-deco art style to create an image that references an optimistic view of the future that we can (and must) build together. The figure here is bolstered by EFF's mission and pale gold and glow-in-the-dark details. We have all endured incredible hardships over the last year, but EFFwith the strength of our relationships and the power of the webnever stopped fighting for a digital world that supports freedom, justice, and innovation for all people. Connect with us and we're unstoppable.

Donate TOday

K.I.T. Have a nice summer <3 EFF

See the original post:
Greetings from the Internet! Connect with EFF this Summer - EFF