Posts tagged data protection
3 awesome security tips for 2012
Jan 3rd
by Claudiu Popa
Everything I’m reading these days indicates that hacking and malware infections are going to increase in 2012. I don’t need to provide references here because everything you’re reading does too. Yet all the software you need to secure computers, both corporate and personal, is available for free. There’s everything from scanning and blocking to diagnosing and disinfecting the computing devices you depend on.
Claudiu Popa
So how come we’re poised for continued growth in data theft and general cyber-mischief?
In short, you’re the weakest link. If it weren’t for you, your computer would have a much higher chance of leading an infection-free existence, gracefully growing old and slowly descending into obsolescence. Instead, you may hear yourself thinking out loud: “it was fast at the beginning, but now it’s so slow I’m thinking of getting a new one”. This platform-independent mantra is no doubt very depressing for laptops and smartphones to overhear and even the shiny new tablets, smug in their reliance on a firmware-based operating system, aren’t too far behind.
What are your options? Panic? Trade in your new tablet for a stone tablet? Pester the one social recluse in your family with open-ended questions?
The latter is always a good idea (although you can’t go wrong with the first two either). Make sure you corner him (it’s always a ‘he’) at the family party this holiday season and don’t let him take another sip of the eggnog until he makes an effort to put his answers into plain English. Pull up a chair, make him feel special, for once!
Stone Tablet
In the failing case, here are three (because no one can really retain more than that anyway) tips for you to better understand computing security in general, and in particular over the next few months, as the reliance on technical attacks on all platforms (not just on mobile devices, PCs, or ‘in the cloud’) gives way to plain old abuses of trust). At the very least, you’ll sound smarter about this stuff, so here’s some sage advice:
1. Sometimes things that increase convenience may increase your security risk
Just one example: URL shorteners. These handy little tools (aside from the fact that they build clickthrough statistics) may send you to malicious destinations and may contribute to the security problems that plague social networking sites. So click wisely.
2. Sometimes it’s better to focus on the things that go out of your computer
We’re on the Internet for a reason: to explore and access information. Each click is a request, an a consensual invitation, an implied permission and an open door to receiving information. So when that response happens to be malicious, it’s difficult to see exactly what it’s doing inside your computer, but it’s relatively easy to block unauthorized software from ‘calling home’ and initiating outbound connections of its own. So look for personal firewalls with egress filtering and be cautious about approving connection requests.
3. Sometimes things that protect your privacy may decrease your security
You know that little ‘lock’ icon everyone tells you to look for when completing online purchases? And the ‘secure tunnel’ your IT guy tells you about when installing your remote access VPN into the office (so you can be ‘productive‘ from home, naturally)? Those are great things. They protect the confidentiality of the data that you exchange with the big bad Internet, and also serve to protect your privacy. But they also make it next to impossible for security tools to inspect data traffic, see malicious code and the details of hacking attacks as they come and go. So use with caution, and appreciate that once encrypted, both good and bad data is protected from prying eyes (and be sure to have a memory resident scanner to detect the latter just before or immediately after scrambling).
Enjoy 2012 and if you know someone who could use the information, don’t hesitate to suggest this blog.
Hardening LinkedIn for privacy protection:
Nov 15th
The 12 settings that could impact your professional image
by Claudiu Popa
With the introduction of LinkedIn’s new settings page this year, the company also took the opportunity to make some changes to its Privacy Policy.
Since the expansive document’s 29 pages would put even the most troubled insomniac into a deep slumber, the company conveniently provided a summary which hints at the different ways it seeks to monetize its service and in some ways emulate Facebook’s much maligned model.
Claudiu Popa
Instead of stringing together 7415 words however, the latter prefers to describe its privacy-related practices through a series of nested pages that branch off an initial six sections. You get the idea. Six of one, half a dozen of the other. But enough of that. I plan to send you on your way with something you can actually use. Read the rest of this entry »
Mobile devices & medical research — protecting personal health information
Sep 13th
By Dr. Ann Cavoukian
Nothing disappoints me more than news of yet another lost unencrypted USB key or laptop containing personal health information. Unequivocally, there have been far too many breaches of this kind, most of which could have easily been avoided by utilizing well-established privacy and security measures and building in Privacy by Design (‘PbD’)best practices.
Ann Cavoukian, Information and Privacy Commissioner of Ontario
The numbers are startling. In the U.S. over a 20-month period ending June 2011, there were 288 notable breaches impacting millions of Americans – with about a third involving mobile devices. Here in Ontario, there have been a number of high-profile breaches over the past two years impacting well over 100,000 people.
Some of these breaches have been in the health research area, as researchers have become increasingly reliant on laptop computers, memory sticks and other mobile computing storage devices, to collect and store personal information.
Concerns over the privacy and security of personal health information used for research purposes should not undermine the resounding fact that health research is extremely important, and high quality research depends on the availability of high quality information. Read the rest of this entry »
Finally, some statistics on the impact of cybercrime in Canada!
Sep 9th
Claudiu Popa
By Claudiu Popa
It’s about time. Since most companies do not benefit from security monitoring tools and technologies and many of those that do aren’t inclined to share their unfortunate events for fear of getting ridiculed at the playground, statistics on cybercrime and malware in Canada are few and far between. So kudos to Symantec for releasing some meaningful statistics on cybercrime in Canada and some global figures in general.
And it’s been a worthwhile exposure effort. One day after the Norton Cybercrime Report’s release, the Internet was already teeming with superficial coverage of the contents. Most outlets are happy to report the big global number of $114 billion in losses for the past year. Personally, I like to have a deeper look. In this case, I’ll constrain my scope to the Canadian figures and try to put things into perspective. So here goes: Read the rest of this entry »
Time to empower, not blame security’s ‘weakest link’
Jul 7th
By Nestor E. Arellano
It’s getting to be tiring hearing that tech users are data security’s weakest link.
Recently we reported on a study released by Symantec Corp. which outlined the key differences in the security features of Apple’s iOS and Google’s Android mobile operating systems.
- Nestor Arellano
The study noted that popular mobile gadgets such as the iPod, iPhone, iPad and the multitude of Android phones and tablets were designed for consumers and have “traded off their security to ensure usability to varying degrees.”
“These tradeoffs,” the report said, “have contributed to the massive popularity of these platforms, but they also increase the risk of using these devices in the enterprise.” Read the rest of this entry »
A thought on cloud security…
Jun 22nd
By Brian Bourne
There have been no shortage of Cloud service failures recently. The latest being discussed in this ITBusiness article: “Dropbox drops the ball on account security”.
So this raises the question. How scared should the average business owner be about moving to the cloud? Of course it’s a complex question. If you look at it completely academically, you’ll need to value assets, calculate risk and all the rest. But let’s cover a few practicalities here.
Brian Bourne
It’s very common for small businesses (and some large ones) to have an attacker inside their systems for months if not years before anyone notices. When they do notice, there is seldom a competent forensic investigation to determine what has happened and for how long. Actually, what usually happens when there is a security incident is the sysadmin or IT provider does his/her best to patch it up and move on. So would you rather have someone directly inside your systems, or just have a bit of your data in a large pile of other data that a random person may or may not ever go through or use against you? Read the rest of this entry »
Something good out of LulzSec attacks
Jun 16th
By Nestor E. Arellano
In the simulated network attack used in the recently concluded SC Canada Congress security conference, organizers attributed the hypothetical theft of a fictitious company’s data to a secretive band of hackers known as LulzSec.
Nestor Arellano
The simulated attack which was the highlight of the session titled 2 ½ hours to network meltdown was a hilarious affair featuring a hapless operations chief of a network security team that scarcely had any idea how to handle the attack that was taking place.
But there is nothing to laugh about in the real attacks poised recently by the grey hat hacker group whose motto is ironically “laughing at your security since 2011”. Read the rest of this entry »
Commit to “Loving” your data
Feb 14th
By: Blake McConnell
For most people, Valentine’s Day conjures up thoughts of candy, flowers and secret admirers. Well, here at Symantec, it makes us think about information.
Blake McConnell
Yes, information. It may not be the most romantic notion, but the amount of “love” you give your data can have a significant impact on the success of your company. Your information – from company plans to customer financial information – is the backbone of your business, so today make a commitment to giving it a little extra care and attention.
In a recent Symantec survey, 74 per cent of SMB respondents said they were afraid of losing electronic information. Read the rest of this entry »
Privacy by Design comes to power: Protecting personal information in the Smart Grid
Feb 4th
The current electrical grid is seen by some as the greatest engineering achievement of the 20th century. But it is increasingly out of date and overburdened. Efforts to modernize the grid – making it smarter, stronger, and greener – are gathering momentum, especially in North America and Europe.
Ann Cavoukian
Right now, the Smart Grid is very much in its infancy, existing mostly in the form of plans, projects, and small pilots. But ultimately, development of the Smart Grid is expected to enable a two-way flow of information and electricity that will provide major advantages for the system, and give consumers more choices about how, when, and how much electricity they use.
We all stand to benefit from the Smart Grid. And we stand to benefit most if it is well designed and well implemented. An important aspect of that, in my view, is making sure that the Smart Grid is also smart about privacy.
My office has been actively advocating on behalf of building privacy into the Smart Grid for some time. In November 2009, we released a white paper with the Future of Privacy Forum, entitled SmartPrivacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation. The paper called attention to the privacy issues related to personal data generated and collected by the Smart Grid, and argued that improving the grid can be achieved without sacrificing privacy. Read the rest of this entry »
How cyber crooks break CAPTCHAs
Aug 11th
The per centage of spam containing shortened hyperlinks has increased significantly over the last year. As far as spammers are concerned, any tactic that makes it harder to block their spam emails is going to be exploited. These shortened hyperlinks contain reputable and legitimate domains, making it harder for traditional anti-spam filters to identify the messages as spam.
Paul Wood
Analysis in the latest MessageLabs Intelligence Report revealed that URL-shortened spam hit a one day peak of 18 per cent, or 23.4 billion spam emails, on April 30, 2010. This doubled last year’s peak level of 9.3 per cent of spam, or more than 10 billion spam emails, on July 28, 2009.
While botnets are often the source of short URL spam, 28 per cent of this type of spam originated from sources not linked to a known botnet, such as unidentified spam-sending botnets or non-botnet sources such as webmail accounts created using CAPTCHA-breaking tools.
