6 Best Practices For Increasing Security In AWS In A Zero Trust World By Louis Columbus

  • Amazon Web Services (AWS) reported $6.6B in revenue for Q3, 2018 and $18.2B for the first three fiscal quarters of 2018.
  • AWS revenue achieved an impressive 46% year-over-year net sales growth between Q3, 2017 and Q3, 2018 and 49% year-over-year growth for the first three quarters of the year.
  • AWS’ 34% market share is bigger than its next four competitors combined with the majority of customers taken from small-to-medium sized cloud operators according to Synergy Research.
  • The many announcements made at AWS Re:Invent this year reflect a growing focus on hybrid cloud computing, security, and compliance.

Enterprises are rapidly accelerating the pace at which they’re moving workloads to Amazon Web Services (AWS) for greater cost, scale and speed advantages. And while AWS leads all others as the enterprise public cloud platform of choice, they and all Infrastructure-as-a-Service (IaaS) providers rely on a Shared Responsibility Model where customers are responsible for securing operating systems, platforms and data. In the case of AWS, they take responsibility for the security of the cloud itself including the infrastructure, hardware, software, and facilities. The AWS version of the Shared Responsibility Model shown below illustrates how Amazon has defined securing the data itself, management of the platform, applications and how they’re accessed, and various configurations as the customers’ responsibility:

Included in the list of items where the customer is responsible for security “in” the cloud is identity and access management, including Privileged Access Management (PAM) to secure the most critical infrastructure and data.

Increasing Security for IaaS in a Zero Trust World

Stolen privileged access credentials are the leading cause of breaches today. Forrester found that 80% of data breaches are initiated using privileged credentials, and 66% of organizations still rely on manual methods to manage privileged accounts. And while they are the leading cause of breaches, they’re often overlooked — not only to protect the traditional enterprise infrastructure — but especially when transitioning to the cloud.

Both for on-premise and Infrastructure-as-a-Service (IaaS), it’s not enough to rely on password vaults alone anymore. Organizations need to augment their legacy Privileged Access Management strategies to include brokering of identities, multi-factor authentication enforcement and “just enough, just-in-time” privilege, all while securing remote access and monitoring of all privileged sessions. They also need to verify who is requesting access, the context of the request, and the risk of the access environment. These are all essential elements of a Zero Trust Privilege strategy, with Centrify being an early leader in this space.

6 Ways To Increase Security in AWS

The following are six best practices for increasing security in AWS and are based on the Zero Trust Privilege model:

  1. Vault AWS Root Accounts and Federate Access for AWS Console

Given how powerful the AWS root user account is, it’s highly recommended that the password for the AWS root account be vaulted and only used in emergencies. Instead of local AWS IAM accounts and access keys, use centralized identities (e.g., Active Directory) and enable federated login. By doing so, you obviate the need for long-lived access keys.

  1. Apply a Common Security Model and Consolidate Identities

When it comes to IaaS adoption, one of the inhibitors for organizations is the myth that the IaaS requires a unique security model, as it resides outside the traditional network perimeter. However, conventional security and compliance concepts still apply in the cloud. Why would you need to treat an IaaS environment any different than your own data center? Roles and responsibilities are still the same for your privileged users. Thus, leverage what you’ve already got for a common security infrastructure spanning on-premises and cloud resources. For example, extend your Active Directory into the cloud to control AWS role assignment and grant the right amount of privilege.

  1. Ensure Accountability

Shared privileged accounts (e.g., AWS EC2 administrator) are anonymous. Ensure 100% accountability by having users log in with their individual accounts and elevate privilege as required. Manage entitlements centrally from Active Directory, mapping roles, and groups to AWS roles.

  1. Enforce Least Privilege Access

Grant users just enough privilege to complete the task at hand in the AWS Management Console, AWS services, and on the AWS instances. Implement cross-platform privilege management for AWS Management Console, Windows and Linux instances.

  1. Audit Everything

Log and monitor both authorized and unauthorized user sessions to AWS instances. Associate all activity to an individual, and report on both privileged activity and access rights. It’s also a good idea to use AWS CloudTrail and Amazon CloudWatch to monitor all API activity across all AWS instances and your AWS account.

  1. Apply Multi-Factor Authentication Everywhere

Thwart in-progress attacks and get higher levels of user assurance. Consistently implement multi-factor authentication (MFA) for AWS service management, on login and privilege elevation for AWS instances, or when checking out vaulted passwords.


One of the most common reasons AWS deployments are being breached is a result of privileged access credentials being compromised. The six best practices mentioned in this post are just the beginning; there are many more strategies for increasing the security in AWS. Leveraging a solid Zero Trust Privilege platform, organizations can eliminate shared Amazon EC2 key pairs, using auditing to define accountability to the individual user account level, execute on least privilege access across every login, AWS console, and AWS instance in use, enforce MFA and enable a common security model.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2FDBDEP


Trends in Enterprise Software Development – 2019 and Beyond By Jonathan Fries

Organizations on the cutting edge, the trendsetters, define the way others approach and conduct business, no matter the industry. Software companies are not immune to this phenomenon. Even the largest of enterprises define their roadmaps by what’s happening in the industry.

It is critical to stay ahead of software delivery trends. What is enterprise software and the trends that are shaping the way it is developed, distributed, and tested? Let’s explore…

What is “Enterprise Software”?

Before we dive into the trends, let’s take a quick look at what “enterprise software” means in this context. For the purposes of this article, we define it with five characteristics. First, it needs to be scalable. The exact scale of your application largely depends on your need, but needed scale should be understood at the beginning of a project to ensure that your architecture supports scaling to match the user growth expected.

Second, enterprise software needs to be flexible — it should support new features, the functional expansion of the application, and the addition of modules.

Next, enterprise software applications need to be robust, meaning that they need to execute well and without problems. Users need to be able to use applications smoothly and without issues.

Fourth, enterprise software needs to be secure. It should be built with security in mind and that security should be reviewed and tested throughout the application lifecycle.

Lastly, it needs to be manageable, meaning that characteristics one through four need to be achievable without excessive re-architecting, redesign or excessive cost.

With a definition of enterprise software, let’s jump into the industry trends we see shaping this space.

Trend #1: JavaScript

Today, 100 percent of any application can be built with JavaScript. Not only can it be, but often it should be. JavaScript is unique in that it can be used to do web development, server-side development, mobile development, or desktop. With JavaScript as the language of choice for development, you can share code with developers throughout the application.

Trend #2: Serverless Architecture and Microservices

Microservices are atomic blocks of code performing individual tasks. Though it seems simple, it’s not as easy to achieve as it sounds. You have to put in the time up front to design your microservices – what they are, how they will store date, and how they will communicate with each other. Once you’ve done that there are a lot of advantages on the development side. Once done correctly, microservices provide smaller blocks of code that are easier to maintain.

Serverless architecture is another trend that builds on microservice concepts. Serverless functions let you deploy your small, manageable blocks of code directly to a cloud provider, and the cloud provider determines the needed infrastructure for your current load.

This simplifies the deployment and management of those microservices, because you no longer have a complex server or instance architecture to manage. You have a microservice — you coded it as a microservice, you’re deploying it as a microservice, you’re managing it as a microservice. Now that the big cloud providers have adopted this concept— whether its Azure Functions, AWS Lambda or Google Cloud Functions — this trend is growing even stronger.

Trend #3: DevOps First

DevOps has been around for over a decade and it’s an important part of all software development today (or it should be). The key for new projects is to be planning your DevOps approach and tooling while you’re thinking about how to design your application. Either as you’re writing your first line of code or before it, think about how the application is going to be deployed and tested. How is continuous integration going to work?

This is something that must be done as the application is being built, or even before it, so that you can reap all the advantages of DevOps and don’t miss out on the benefits. Once done, organizations gain all the benefits including: increased speed of delivery, reduced errors, and clearer visibility into application health.

Trend #4: Automated Testing

Today we’re seeing organizations strive for ever greater levels of automated test coverage, even working toward 100 percent coverage in many cases. Using an automated QA pipeline, unit testing, integration testing, api testing, and performance testing ensures you have complete coverage of the code. You also have a clearer picture of how the application is going to perform, and can take advantage of that in your delivery lifecycle.

Trend #5: Hybrid Architectures

Hybrid architectures combine cloud infrastructure with on-premises infrastructure to give you both performance and scalability. What we’ve seen in this trend is that enterprises want to take advantage of using the cloud for the advantages it provides, but also want to leverage the benefits of on-prem infrastructure.

Trend #6: Cloud Agnosticism

While the cloud is powerful and allows everyone to access the right amount of computing power and services for their current needs, many companies do not want to be locked in to a single cloud provider. Once locked in they are subject to cost changes and will have a harder time moving from provider to provider.

If an application is built properly using containers, container management, and new tools like Terraform that allow infrastructure to be deployed in any cloud (or on prem) it is possible to build an application and supporting infrastructure that is not dependent on any particular cloud provider but can be ported to different providers quite easily.

These six trends are helping define an entire world of modern software innovation — and for good reason. From JavaScript to DevOps, you can expect to see more organizations turn to these trends to help create powerful development engines to drive their businesses forward over the remainder of 2018 and beyond.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2FztF0r

Let’s Make Everyone’s Job Title “Email Checker”​ By Annie Jones

Everything’s All Talk, Nothing Actually Said

Do you remember when you first got an email address and every email felt like a little present? Today it’s hard to think of this ubiquitous technology as innovative and exciting, but I vividly recall the hype. You could email anyone, anywhere in the world, and they would get the message instantly! You could share your favorite band’s tour dates and debate which Beastie Boy was your favorite for days on end! We could all now save time and money by communicating more effectively and efficiently!

I’ll never forget my first time. It was 1997 and I was a journalism major at The University of Texas. Now I know I’m outing myself as old, but it was love at first send. I said to my boyfriend while working in the computer lab off Dean Keeton Street, “Can you believe I can skip the zip drive?”

I was so naive.

He answered back: “Do you know what this means? It means we’re going to have 500 more things in a day to do, than our parents ever did.”

Turns out, most everyone was so naive. As a modern-day working human, you know that the boyfriend was the superior prognosticator.

Every day I see an email thread that stretches for days when a five-minute phone call could have reached a more expedient conclusion. People are emailing, Slacking, chatting, tweeting and posting all the time and yet our ability to communicate is getting worse and worse. When I get a text from someone asking if they can set up a call I just want to scream, “Just call me. You’re already on this thing called a phone!”

It’s one thing to complain about it from the point of view of a disgruntled old-timer (though I do, and I’m not that old), but in the field of advertising, we have to directly contend with the fallout of how digital communications have rewired human interaction. I run an Austin creative marketing agency and design studio, which means we don’t have a growth strategy that doesn’t deal with having to cut through all this noise. Trust me, we keep having to push the creative envelope to make a product positioning strategy that works these days.

The upside is that all of this on-demand conveniences have created a culture of isolation. Do you remember when Lost was on the air? I think it was the last show you couldn’t watch on your own time. You had to catch the live broadcast so everyone could talk about it the next day… IN PERSON. Don’t get me started on how much less fun Seinfeld would have been to watch if I couldn’t wait to go to school to chat with my BFF about what we each thought the most clever parts were. The only collective experiences now are sports, the Oscars, and Sunday church. And those are all slowly declining in popularity.

So at the agency, our messaging gets attention because we focus on what our clients’ prospects really want. They don’t want a spec sheet. They want to be sold. The purchaser at Dell doesn’t want to hire a vendor that makes more work for her, but she will hire one that gets her a raise. We innately know how to turn a vendor into a partner-in-crime by realizing we are all born consumers. It’s what America’s about. That same purchaser is going to get a haircut at lunch, and head to Sam’s Club after work. The business buys the product, but the purchaser isn’t the business.

Even if being the owner of a digital marketing and advertising agency is my chosen profession (you don’t start a creative agency if you just want easy money), I can’t help but reflect on how we take for granted the skills a traditional education gave us. We used to go to libraries, read books by qualified academics, write papers where we had to cite sources. We don’t apply those skills outside of academics. Everyone asks me the same questions ten times though it’s in our project management system OR in 10,000 emails OR in our internal chat system. It’s easy to look stuff up now, but people don’t.

Now we read headlines and draw conclusions without even glancing at the articles. We believe people who are unqualified to give opinions. We then give our own unqualified opinions that are built on the nonsense we have absorbed. And even worse, this culture where people can hide behind anonymity and that is considered acceptable and valid. How can someone be legitimate if they’re hiding? How can you what they really want when they end up fostering hate? To me, the 2000s mark the rise of a weird culture of over-politeness in public, and a culture of hate just barely beneath the surface of a screen name. You’ll find it if you ever have to do market research that involves Reddit.

And here I am in my digital creative marketing agency trying to lay out the most optimal, effective game plan to grow a client’s company at hyperspeed. In advertising, there’s a thing called the “rule of seven” that says a customer needs to see an ad seven times before they will take an action (click on the ad, possibly buy the thing). The actual number varies from campaign to campaign, and our goal is to lower it as much as possible. But I would wager that the number goes up each year on average.

Could you tell me the last ad you saw? Or any ad you saw today? Can you recall the last text message you sent, email you read, or Facebook post you shared? Back in the day, I could tell you the last commercial I saw, liked or hated immediately. Especially if it was an infomercial hawking ‘Oriental Pearl Cream’ my friend bought and asked me if I used. Now that’s just funny. Today she’d jump off a cliff before admitting that.

Does that sound like we are communicating more effectively, or that there’s just more of it? Most of all, my job requirement––a ‘no matter what––is to hire for curiosity. Are we absorbing anything?

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2MdVMm8

Design Dilemma — How to Build a Futuristic Mobile Application With Killer Design By Mitesh Patel

Design Dilemma- How to Build Futuristic Mobile Application with Killer Design

Mobile apps are indispensable to all of us. Whether at the workplace or at home, we just cannot imagine our world without mobile apps. But then, app stores are surging with over 5.2 million mobile apps, it is quite difficult for the newcomers to stay ahead of the curve. It is necessary for mobile application development companies to come up with an app that has a seamless performance and appealing appearance.

Today, tech-savvy app users prefer an app that has easy navigation and simple yet attractive UX design. Therefore, the app development company’s focus remains on developing the user-friendly design. Here, it is necessary to address the ever-changing business requirements of the client and current market trends. Another important thing is- the development company needs to make an app ready for the future.

Let’s go through a few handy tips to develop a future-ready mobile app solution.

  • Consider multiple platforms

It is almost certain that you cannot target any specific audience in the competitive business scenario. It is important to offer similar UX across different platforms and devices. In other words, if you want a futuristic mobile app, you need to consider multiple platforms. When the app will provide a seamless experience to the app users irrespective of tablet or mobile, it can be said to be ready for the future.

  • Focus on hassle-free user experience

Mobile app development solution needs to keep the focus on the end user. When it comes to design, the mobile app development company takes care that the design can take the user directly to the main point of the page.

Here the app developers need to integrate the focused point at the center in a way that it can give a complete idea of the entire page or services. Such design remains hassle-free for the users and they can meet their objectives with ease.

Every page of the app should be designed by keeping this point in mind so that the users can take necessary actions swiftly.

  • Keep navigation simple

Navigation is one of the most complex aspects of mobile app development. It is because you need to make it inclusive and yet simple to understand. The navigation can make or mar the reputation of your business because it has a direct connection with the user experience. It is better to remember that simple and straightforward navigation can encourage app users to visit your app frequently.

All the design elements in your app should be placed properly and in a way that the app user can readily access all of them. To enhance the user experience, the mobile app developers use bright colors, attractive icons, and high-quality graphics in line with your business model in the application.

  • Double check all buttons

Proper functionality is a key to success for any business app. Even if you come up with the updated app version with desired features, you should always focus on its performance. Interestingly, buttons and links can play a major role in maintaining the app’s functionality. Poor functioning can make the app user frustrated and compel them to switch to the competitor’s app.

When it comes to the browsing experience, it is always better to make your app highly responsive to retain the app users. When the users control their browsing with ease, they will like your app for sure.

In a way, one of the most important features for making your enterprise app ready for the future is a seamless and hassle-free performance.

  • Let designers design the UX and UI

UI and UX design can play a vital role in making your app ready for the future. How about coming up with an MVP (Minimum Viable Product) first and take the feedback from early app users?

Honest reviews from the app users, friends, and relatives can help you build an app with pleasant user experience and flawless functionality. You can hire mobile app developers for developing an app, but it is better to assign the designing part to professional designers. They can find and address the pain points while designing the app in a user-friendly way. They know the app’s flow well and design accordingly.

  • Stick to Mobile-first Approach

At times, the budget constraints result in a business app with a low-quality appearance and performance. Such an app can look like a miniature version of a web app. But then, both mobile and desktop have a different environment. You need to focus on mobile-first approach whether you opt for a mobile app or a website.

Your app should be crafted by keeping the real estate of mobile devices in mind. When your company will bring an app compatible with various devices across all the major platforms, more people will attract toward it.

  • Address the user’s requirements

Last but not least. When you go for developing a business app, always keep the user’s requirements in mind. Even when the app is ready for updates, consider the user’s expectations and problems while integrating new features. The primary goal of a mobile app is to address the end user’s problems.

Your enterprise mobile app should be scalable enough to meet this objective for the long term. When you include additional features in the updated version, you should ensure the app’s performance and appearance are not compromised. You can readily target the audience with a visually appealing app, but to retain them, you need a proper functionality.

Concluding Lines

Well, that’s all for now. As you invest a sizeable amount of money and time while making a business app, you should make it ready for the future. Hope these handy tips will assist you to come up with an app that can attract and retain people for a long time.

Today, mobile app development services are capable of offering scalable, feature-rich, and futuristic app solutions. You can contact a reliable mobile app development company to know more ways to make a future-friendly mobile app.

As a reputed mobile application development company, we build feature-rich and futuristic mobile applications. We have an in-house team of developers to work exclusively on your project in a cost-effective way.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2AMqs9M

3 Reasons Why Technology Is No Longer Optional For Canadian Businesses By Dottie Chong

From predictability to productivity, it’s now or never to get on the tech train

According to the International Data Corporation (IDC), at least 50% of the global gross domestic product (GDP) will be digitized by 2021. That’s a mere 24 months away. Sure, some industries such as construction and F&B will remain in their brick-and-mortar forms, but customers and vendors will (if they haven’t already) expect the ability to process transactions in seconds, with high accuracy and a secure environment to match.

For small businesses, the pressure is on. The failure to digitize could spell demise, and the countdown may begin sooner than expected.

1. Technology helps you gain control when all else is unpredictable

It was a big year for Canadian businesses. From Bloomberg to Twitter, family dinners to the office break room, perhaps no news was more prominent than tariffs and trade negotiations.

According to a recent TSheets survey, 51% of those in construction believe the steel and aluminum tariffs will impact overall economic growth negatively. This is leading many in the industry to consider completing more work faster and sourcing for cheaper materials, as possible countermeasures.

Yet the same pool of respondents is risking human error and inaccuracies by using pen and paper to track employee time and process payroll, instead of relying on technology to consistently save on payroll costs while shaving hours off manual administrative work. Why add to the uncertainty of the trade wars when there are predictable deliverables already available to your business?

2. Automation boosts productivity and growth

For some businesses, the realization that technology is a friend happened long before “technology” became a buzzword. In 1999, the Sandhu family’s beloved samosas were gaining popularity among the restaurants and grocery stores in the Toronto area. There was only one problem: The Sandhus couldn’t make them fast enough. The brothers, Harpal and Harminder, knew automation was the only solution, but they weren’t able to find the right machine.

Undeterred, they decided to modify a pierogi maker. Today, the almost entirely automated Samosa and Sweet Factory in Etobicoke makes 150,000 samosas daily, along with other traditional sweets and dishes, catering to domestic and international demands. Harpal credits the machinery for keeping costs down, yields consistent, competitors away, and clients coming back for more. “When we decided to go with automation, it was definitely an investment and a risk. But it paid off. We would not have been able to grow as we did otherwise,” Harpal told TSheets.

3. Brand personalities resonate with the help of technology

As technology allows the reach for every business to go global, it’s become vital to have a friendly face and online presence to connect with your target audience, wherever they may be. Sure, it may not be possible to meet every customer in person, but it’s definitely possible to emotionally engage with the help of technology. And it has been consistently proven that emotions drive brand loyalty, oftentimes edging out rational elements like price and quality.

Yet 59% of Canadians surveyed by GoDaddy and Redshift said they don’t even have a website, and only a third planned to build one. Some respondents said they don’t have the time, others said building a website was too expensive or beyond their technical expertise. Together, these businesses missed out on $1.8 billion, or 24.6 million digital buyers, in 2017.

An online brand personality is something near and dear to TSheets that we’ve benefited greatly from. From our website to our blog and emails, our online presence has helped us compete, establish ourselves as an industry expert, and build connections with our customers beyond borders.

So if your business is considering a business investment in 2019 and technology has yet to gain a foothold in your operations, it’s time to get on board.

This article originally appeared at TSheets.com.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2DdV6KR

How Do I Know If My Email Has Been Leaked in a Data Breach? By Emily Gray-Fow

The Dangers of Bad Password Hygiene

Many people use their email addresses and a small set of passwords (or even just one password) to log in to their online accounts. Unfortunately, this means that any hacker with your email address already has half your login details. Add in numerous password breaches from big-name digital service providers and you have a recipe for disaster.

Since most people still recycle versions of their passwords, once one of them is released in a data leak, it could mean that all of your online accounts are compromised thanks to bad password hygiene.

Even if you’re one of the many people who uses a selection of different passwords based on some sort of theme or the rearrangement of certain elements, an attacker could combine knowledge of one password with a brute force attack or social engineering to more easily discover your other passwords.

Have I Been Pwned? Good Question!

Luckily there’s a well-trusted website where anyone can quickly find out if their email address has been compromised in an email leak and which company leaked your data. Have I Been Pwned? (HIBP) was set up by Troy Hunt, a highly respected digital security expert.

It’s simple to find out if your email address has been compromised. Just go to Have I Been Pwned? to search their database of leaked details.

Source: haveibeenpwned.com

HIBP doesn’t just include leaked emails, but (as my friend found out) other personal data that has been exposed on the web. What you learn may surprise you—I asked a friend to try a few of their emails, and though all of their passwords were safe, other bits of personal data had been leaked by several marketing data aggregation companies.

Hackers make use of many types of personal data, combining databases with known passwords when they do leak to make cracking your accounts that much quicker, so any sort of data leak can be risky.

Check a few of your emails on the site, and chances are that at least one of them will have been involved in a data leak at some point, even if your passwords haven’t been released.

There’s also a handy password checker to find out if a certain password has made its way into the public domain. (Don’t worry, the site uses hashing to keep your password anonymous and doesn’t store it.)

Out of curiosity I checked the statistics for using “password” as a password—it turned out to have been pwned 3,533,661 times, a stark reminder that common sense doesn’t always triumph when humans are left to their own devices regarding password strength.

Subscribing to Have I Been Pwned is free and doing so will alert you to future leaks involving that email address as soon as they become public; adding additional emails is straightforward and doesn’t incur any additional fees. As a website owner or administrator, you can also set up alerts that let you know if any email addresses associated with your domain have been compromised.

Note: In September 2018, Firefox Monitor partnered with Troy Hunt to launch their own branded version of Have I Been Pwned? for searching leaked emails. Some people may feel more comfortable using a service endorsed by an organization like Mozilla.

What Should I Do if I Find My Address in an Email Leak?

1. Change Your Passwords

Once you’ve checked your email addresses for breaches, the next step is to change all of your passwords that are related to that email to something strong and complex. Choosing strong, unique passwords can be difficult for some people – believe it or not, a random string of letters, numbers, and symbols can be just as easy for a machine to crack as any other password.

XKCD explains it pretty well in this cartoon; think “pass phrases” of unrelated terms, rather than just a “password.” And no, changing letters for numbers (l33t style) is far too common to make this a safe way to create a cunning password!

If your password comes up as having been leaked on the password checker, it doesn’t necessarily mean that your personal password has been leaked. Maybe your choice of secret word wasn’t as unique as you thought it was.

What it does mean is that your password is likely to be in a database along with other confirmed passwords that a cracker program will use first when trying a brute-force attack on your account. Combine a compromised password with a leaked email for an account without multi-factor authentication, and you’ve just handed anyone with those two databases full account access.

And what do we mean by unique? Not unique to you, but unique to each site or login you use. Remember never to use any of your biographical data in your passwords either; many of the data breaches on Have I Been Pwned? are from marketing companies that don’t actually have people’s passwords. What they do leak is a handy, searchable database of lots of your other information (including things like kids’ birthdays, work anniversaries, and so forth).

2. Use a password manager

Of course, with all these unique passwords, you may be tempted to write them all down. If you want to keep your new set of passwords safe, though, consider using a password manager (with a strong, unique password that you can remember). There are a number of options, many of them free, that will help you store your passwords safely.

LastPass and Dashlane are the two most popular options, and both have points in their favour. If you take your online security seriously, it’s worthwhile paying for a premium version.They’re relatively inexpensive and include important features like syncing across devices and advanced multi-factor authentication. Where possible, you should enable multi-factor authentication on all of your accounts.

Leaks of any type of customer data can be both embarrassing and expensive for businesses. An increasing number of countries have steep penalties for any kind of data breach, in some cases attracting unlimited fines or large percentages of an organization’s annual turnover (yes turnover, not after-tax profit). If you’re responsible for your company’s data security or digital platforms, then you’re probably acutely aware of this fact.

LoginRadius has a vested interest in maintaining the highest levels of data protection. Download our e-book Phishing for Identity to learn about other ways that credentials fall into the hands of hackers.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2RMwPUe

Spear Phishing: Targeting Executives to Steal the Most Critical Data By Patrick Knight

An email may look innocent, perhaps from a trusted colleague, and bearing an innocuous subject line. Many people wouldn’t think twice about opening it and clicking on a link inside to a known website or to download a work-related file. Unfortunately, appearances can be deceiving, and that email may be an attempt at spear phishing.

As spear phishing attackers use increasingly sophisticated methods to target organizations around the globe, it’s important to understand how to recognize an attack and how to combat these efforts in the future so that your organization remains unscathed.

Studies continue to show that significant numbers of data breaches are the result of insiders. For example, IBM studied data breaches and discovered 60% were related to the activities of employees. These breaches include both malicious intent as well as simple human error like falling prey to phishing email attacks.

mohamed_hassan / Pixabay

What is Spear Phishing?

Today’s digitally sophisticated society knows to be wary of clicking unknown links or providing personal information in response to unsolicited emails. While traditional phishing emails appear to come from large, well-known companies, spear phishing emails appear to come from someone within the recipient’s own organization. Often, the email contains information or requests that appear to be urgent and legitimate within the context of the recipient’s relationship to the sender.

When the recipient clicks on a link in the email or opens an attachment, malicious code is downloaded onto the recipient’s computer, where it can access confidential information, install a virus that blocks access to files and applications, or corrupts them, making them inoperable. The malware can also use backdoor access to infect the network that the individual’s computer is on, opening the entire organization to data breaches and potential disruption of operations.

Recognizing a Spear Phishing Attack

A spear phishing attack can happen to any organization in any industry – big or small. And, once bitten isn’t necessarily twice shy when it comes to cyber attacks. Moreover, it can be difficult to recognize when a spear phishing attack has taken place. Employees are typically trained how to use computers to do their daily jobs, but they’re not trained as computer security professionals.

HTML in email creates its own tricks to fool email recipients. In an email created in HTML, an actual URL can be “hidden” by other text or images and rendered like a web page. The “hover” feature gives recipients the ability to see what is underneath a displayed link; however, there are still some additional indications that an email may not be as innocent as it looks.

  • Email contacts include the actual email address as well as an optional Contact Name or alias. However, many email applications may only display one or the other in simple format. The full email address (john.doe@organization.com) should match its “alias” (John Doe).
  • The email displays a familiar email address as the Contact Name but the actual email address in simple view does not match. (e.g. “john.doe@organization.com” <xyz@domain.net>)
  • The email displays a familiar alias (John Doe), but the full email address in the simple view does not match the sender (xyz@domain.net).
  • The email contains only a link or attachment and little or no other content or signature.
  • Subject lines or text within the body might convey urgency or that the content was previously requested (e.g. “Here’s that data you asked for”, “Please review for accuracy” or “Time sensitive”)

Combatting Spear Phishing

There are a number of strategies healthcare organizations and their employees can implement to reduce spear phishing.

  1. Take advantage of user analytics that can help identify behavior-based weak points so that security strategies can be designed around them.
  2. Ensure that anti-malware and antivirus programs are up to date.
  3. Restrict remote access to data or set up a Virtual Private Network (VPN) for work-from-home employees, with authentication requirements and encrypted data.
  4. Educate employees to scrutinize the sender’s address, links and attachments for anomalies.
  5. Notify network security or IT personnel of any suspicious emails.
  6. Delete suspicious emails immediately and then empty the email trash folder.
  7. Notify the “spoofed” sender that their email address has been compromised.

Because attackers are employing increasingly sophisticated methods to avoid detection, organizations should devote additional IT resources to cyber security and incorporate ongoing employee education to fight spear phishing. Such training should not be limited to lower-level employees and managers, but should be required at every level of the organization, including the c-suite. Executive level buy-in and support is critical to creating a security culture necessary for safeguarding sensitive data.

A version of this article originally appeared here.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2stxQlS