Are your employees creating a security risk in your company? Did you know that employees were the second highest cause for data breaches, after criminal attacks? Here are some common ways well-meaning employees can cause data breaches.
Ryan McDonald, the Digital Producer for the Baltimore Business Journal, recently interviewed me for the publication’s latest cybersecurity story, “As cyber attacks multiply, so do insurance policies that cover damages,” where he discusses the pros and cons of purchasing cybersecurity insurance and how to go about it. I thought it was worth sharing here on our blog in case any of you missed it. Below is an excerpt from the story.
In the wake of high-profile security breaches that have affected major companies and universities, a growing number of firms are pushing a relatively new product for businesses: cyber security insurance.
Today, I’m going to walk you through the process of being able to browse the web in complete safety. The title of this post explicitly mentions “viruses”, but I’m using this as a more well-known moniker for the term “malware”. Malware is a more generic term which encompasses viruses, spyware, trojans, etc.
What I mean by “complete safety”, is that you do not have to worry about malware infecting your computer. It does not mean you are safe from being tricked into giving your banking passwords to a site that is only pretending to be your bank.
Does Light Point Security track our users’ browsing? I get this question a lot, so I’d like to clarify this in a blog post. We absolutely do not track our users’ activities online. In fact, that goes totally against what we stand for – to protect you while on the web.
October is National Cyber Security Awareness Month. Through a series of events across the country, National Cyber Security Awareness Month engages public and private sector partners to raise awareness and educate the public about cybersecurity.
Light Point Security has just released Light Point Web 1.1. While this version contains updates to our open source code, and small usability related bug fixes, the main improvement is flash video playback.
There are usually a lot of events scheduled the week of the Black Hat conference. I’ll be attending some of these events, and I encourage you to attend some as well. This is a list of after parties and Black Hat sponsored special events that will keep you busy all week.
I have come to realize recently that almost all computer security products (including antivirus) are what I call “filter-based”. The problem though is that when (not if) the filter is wrong, the user’s security is compromised.
A filter-based security product is any security product which roots its security in the premise that it can filter all the bad things that might happen away from the non-bad things. So for anything that a user tries to do, the security product first attempts to decide if that thing is bad. If it’s bad, the product will stop that thing from happening. Thus, the effectiveness of the product is totally dependent on the accuracy of the filter.
I am going to tell you the single most effective thing you can do to keep your home computer free of viruses and other malware. Its very simple; something you only have to do once and never think of it again. Most likely you are already doing it.
So without any more suspense, the single most effective thing you can do to keep malware off of your computer is…use a router.
On March 17, 2011, RSA announced that it had been the victim of a cyber intrusion, and as a result, information related to its SecurID product – a two-factor authentication device – had been compromised. According to RSA, the compromise does not lead to a direct attack on SecurID, but it does decrease its effectiveness.
In reaction to the RSA cyber intrusion, The National Security Agency (NSA) released Information Assurance Advisory No. IAA-003-2011: Recommended Actions for SecurID Users in Response to RSA Cyber Intrusion. This advisory expands on the information previously released by NSA via Information Assurance Alert No. IAR-001-2011: Mitigations for the RSA Cyber Intrusion, and provides additional guidance on:
· The use of SecurID hard tokens and soft tokens
· Fortifying the security profile of SecurID’s authentication factors
· Measures to harden SecurID’s Authentication Manager