fbpx
0
Get Employees on Board With Cybersecurity

Get Employees on Board With Cybersecurity

How to Get Employees on Board With Cybersecurity Compliance

October is National Cybersecurity Awareness Month, which means now is the time to ensure employees are fully compliant with cybersecurity measures in your business. However, it’s not enough to merely distribute handouts and hope workers understand why cybersecurity is crucial.

Instead, it’s necessary to come up with actionable strategies not only to emphasize that cybersecurity matters, but also that your employees can take an active role in cybersecurity practices throughout the organization.

1. Help Employees Understand Why It Matters

Many employees don’t even have the foundational awareness of what it means to implement cybersecurity strategies and why they should. For example, they likely don’t realize the widespread problems that could happen if a person clicks on an infected link and compromises their entire network. So, an excellent initial step to take when discussing cybersecurity with employees is to make the material relevant.

Make it clear to employees how their actions can directly affect the overall company’s cybersecurity. When employees understand that their individual cybersecurity compliance can better the company as a whole, they may be more inclined to avoid risky digital behavior.

For example, a recent study of 500 people found two in five workers clicked on links or attachments they didn’t recognize. They probably took those actions without thinking about the possible consequences.

Another survey by Shred-It found more than 25 percent of respondents left their computers unlocked when the devices were unattended at their desks. These examples highlight that employee negligence is a costly and genuine concern for organizations, but it’s something they can reduce in meaningful ways.

The goal of early-stage discussions with workers about cybersecurity compliance is to get them to realize how even small, seemingly innocent choices could have far-reaching effects for an organization.

One way to achieve that might be through role-playing scenarios. Then, it could become clearer than ever that little decisions can make significant differences — in both positive and negative ways. When having such conversations, workplace representatives should never take angles that make employees feel blamed for cybersecurity shortcomings though.

Instead of only talking about cybersecurity mistakes, people who educate others about cybersecurity should highlight how it’s not as hard as some people may think to take small steps that collectively bolster cybersecurity.

2. Make Cybersecurity Training Part of the Onboarding Process

Making employees care about cybersecurity requires a comprehensive process — and one that can never start too early. That’s why it’s wise to bring up cybersecurity as an onboarding topic people hear about as new hires.

This strategy facilitates multiple benefits. Firstly, it shows employees cybersecurity is an ingrained part of the company culture, not a mere afterthought. Moreover, it gives them ways to support the organization’s cybersecurity efforts from their first day on the job and beyond.

People want to feel valued by their workplaces, and that they’re doing something meaningful to help the organization reach its goals. By including cybersecurity in the onboarding process, they learn right away how to contribute and keep the workplace safer for everyone.

3. Take a Top-Down Approach to Cybersecurity

People will likely resist any new or improved cybersecurity tactics if they don’t get the impression that the company’s most senior leaders don’t agree with them as much as the people who are lower on the corporate ladder. So, one essential way to build a strong cybersecurity culture in an organization is to recognize that the leadership must perpetuate it.

Since the company leaders should know what’s occurring to strengthen cybersecurity culture, it’s best to schedule regular, ongoing meetings with C-suite executives and members of the cybersecurity team. Together, those individuals can bring up matters of concern, celebrate evidence of progress and consider additional ways to get workforces involved with cybersecurity best practices.

4. Check for Understanding and Implementation

Cybersecurity professionals at an organization cannot blindly trust that employees are doing all or most of the things they’ve learned through applicable training. However, conducting a cybersecurity audit is a fantastic way for organizations to see how secure they are. Then, it’s possible to determine if workers are using what they’ve learned, or if there’s still substantial room for improvement.

Many companies, such as those associated with the federal government or receiving funds from a government agency, have to go through audits and prove they have well-defined policies, documents, procedures and processes that show they meet standards and take cybersecurity seriously. However, these inspections are informative for all kinds of organizations because they can establish baselines.

Outside of audits, companies can plan cybersecurity drills that give people opportunities to put their learned skills into action while participating in simulated scenarios. Creating system backups and relying on two-factor authentication are examples of ways to make immediate cybersecurity improvements.

Drills confirm people are doing those things and give participants chances to ask questions about anything that was previously unclear. Enhancing the overall clarity of cybersecurity practices increases the likelihood people will carry them out as well-formed habits. Then, all those individual practices come together and comprise effective plans.

Results published in 2017 about corporate cybersecurity readiness in government organizations found 68 percent of board members hadn’t received cybersecurity training about responding to incidents, and 10 percent had no plan for dealing with a breach. Those statistics are significant because, without a plan, organizations cannot hope to deal with unexpected events with the required swiftness.

5. Teach Employees How to Respond to Suspicious Events

Equipping workers to comply with cybersecurity best practices means minimizing the doubts they typically feel when deciding whether to report something that seems amiss. Often, people who notice strange occurrences content themselves by thinking, “surely someone else will report that,” but that’s not necessarily a valid conclusion.

It’s essential for organizations to have user-friendly processes for reporting unusual cybersecurity events accurately and promptly. Additionally, cybersecurity personnel should drive home the point that they’d rather people report things that end up being false alarms than avoid speaking up about something for fear of retaliation or embarrassment.

Having a straightforward, universal system in place reduces the errors and incomplete information-gathering practices that could occur if numerous departments use several methods to notify cybersecurity team members of unusual happenings. Also, if a reporting system is too confusing for the people who use it, they may feel overwhelmed due to a perceived lack of knowledge.

6. Don’t Distribute Too Much Information at Once

Most people know the numb feeling they get when sitting through barrages of PowerPoint slides at times when they already believe their brains can’t hold more bits of information without exploding.

That’s why, regardless of the methods they use to educate employees, the cybersecurity experts within an organization should strive to deliver information in manageable chunks.

They might use short videos to get their points across, or have lunchtime sessions where people receive information while enjoying catered food. In any case, giving small amounts of information continuously is the way to go.

Cybersecurity Readiness Should Be a Constant Process

It’s not feasible for cybersecurity professionals to reach a specific point and decide that their employees are sufficiently ready for any cybersecurity threat.

The tips mentioned here are all worthwhile, but only when used as regularly as other workplace processes. For example, employees all likely follow standard procedures when requesting time off or logging their hours each week.

Cybersecurity compliance should be approached in a similar way: everyone should follow good cybersecurity practices because every employee plays a role in protecting an organization’s cybersecurity.

 

 

 

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0
Loyalty Program Information Breach

Loyalty Program Information Breach

Dunkin’ Donuts’ loyalty program was hit with a credential stuffing attack that targeted names, email addresses, 16-digit DD Perks account numbers and DD Perks QR codes.

Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months.

Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which is Dunkin’s loyalty program. Names, email addresses, 16-digit DD Perks account numbers and DD Perks QR codes were potentially exposed.

There’s a growing underground market for loyalty program data. Hackers can sell the account’s credentials, or offer direct access to the accounts to people that go on to use the stored value, coupons, points and so on contained in them for themselves. Other rewards-point abuse often revolves around the ability to set up scams offering “discounted goods” that were actually purchased using stolen points.

The company said that it believes the hacker obtained usernames and passwords from security breaches of other companies, and then used those usernames and passwords to try to break in to various online accounts via widespread automated login requests – a method known as credential stuffing.

This campaign started on or around January 10, the company said.

“Our security vendor was successful in stopping most of these attempts, but it is possible that these third-parties may have succeeded in logging in to your DD Perks account if you used your DD Perks username and password for accounts unrelated to Dunkin’,” the company said in a data-breach notification to the State of Vermont.

The company has forced a password reset that requires all of the potentially impacted DD Perks account holders to log out and log back in to their account using a new password, and is replacing any DD Perks stored-value cards with a new account number.

Malicious bots and botnet-as-a-service offerings are hackers’ primary tool for conducting credential-stuffing attacks, since they can be used to test massive lists of stolen credentials on any website with a login page in an automated fashion. That automation is helped along by a range of easily obtained tools on the criminal underground.

“Snipr is a tool that automates credential-stuffing attacks like the one on Dunkin Donuts,” Andy Norton, Lastline’s director of threat intelligence, told Threatpost. “You can see here from Feb. 8th someone has built a “Config,” which means emulated the login process for Dunkin’ Donuts, so that they can run credential lists at the site, looking for valid logins.

The attacks are also often fueled by big credential dumps on the Dark Web.

“Massive password breaches create huge spikes in bot traffic on the login screens of websites – in this case, the Dunkin’ Donuts site – as hackers cycle through enormous lists of stolen passwords,” said Distil co-founder Rami Essaid, via email. “While this is often framed as a problem for the individuals who own the passwords, any online business that has a user login web page is at risk of becoming the next breach headline.”

An analysis last year by the Distil Research Lab found that after the credentials from a data breach have been made publicly available, websites experience a 300 percent increase in volumetric attacks. In the days following a public breach, websites experience 3X more credential stuffing attacks than the average of two to three attacks per month.

Essaid added, “Password dumps create a ripple effect of organizations spending precious time and resources on damage control. The massive spike in failed logins, then the access into someone else’s account before the hacker changes the password, then the account lock-out for the real user, then the customer service calls to regain access to their account. All because a username and password was stolen from a different website.”

There are steps that companies can take to thwart these kinds of attacks.

All organizations should implement two-factor authentication to protect their customers from these credential-stuffing attacks, and in order to save themselves from financial loss, reputation damage or customer churn,” Lastline’s Norton said.

0
Is Your VPN Leaking Your IP Address

Is Your VPN Leaking Your IP Address

 Is Your VPN Leaking Your IP Address

(Virtual Private Networks) are great for security, but one of the big reasons many people use one is to mask or change their IP address. Thus, one of the essential motivations to utilize a VPN is to conceal your actual IP address. In addition, while using a VPN, all of your web movements are encoded and sent to a VPN server. These servers, which handle all the data on the server side and is run by your VPN provider, are encrypted.

This implies that outside eyewitnesses can only see the IP address of the VPN server and not your actual IP. VPN providers take strong measures to protect user IPs, including using shared IPs and not maintaining logs. However, there is still a chance that your IP address can be discovered while using a VPN. Read on to learn how to find out if your VPN is leaking your IP and what you can do about it.

What Is an IP Leak?

An IP leak is the leaking of a user’s real IP address while connected to a VPN service. It can occur in a situation where a user’s computer is unknowingly accessing default servers rather than the anonymous VPN servers assigned by the network such as VPN. Here is simple example to understand IP leak while you are using a VPN:

Say you want to access some content that is not accessible (i.e. geo-restricted) from your home country. When you log into your VPN account, usually you can choose between servers in different countries. The VPN will “pretend” you’re actually located in the selected region. Usually that’s enough to convince you that you are now virtually in a supported country – all good so far!

But, if you go to access that content and are still facing the geo-restrictions, this means that service you are trying to access from a restricted country is actually tracking your original IP rather than the IP from the VPN server. This means your VPN is leaking your original IP.

Most IP leak types can affect any network protocol at one time or another on your smartphones, but the best VPN providers have built workarounds into their software to minimize the likelihood of an IP leakage. IP leaks aren’t normally the fault of your VPN service provider. They are often caused by vulnerabilities in existing technology like browser plugins (flash), web browsing software and operating systems on our smartphones.

Similarly, some DNS leaks can expose your original IP address to the DNS server. If your VPN has the “DNS Leak,” it means your DNS requests are being sent to an unsafe DNS server (usually one controlled by your internet provider). Some VPNs have built-in DNS leak protection, use their custom DNS servers, and use special technology to assure that your DNS requests are always routed securely, inside the encrypted VPN tunnel.

Some ISPs use a technology called “transparent DNS proxy”. Using this technology, they can intercept all DNS requests moving through their servers. If you specify the different DNS server on your home PC or router, it’s possible these requests could still be intercepted. If you have changed your DNS settings to use an ‘open’ DNS service such as Google or OpenDNS, expecting that your DNS traffic is no longer being sent to your internet provider’s DNS server, you may be shocked to find out that they are using transparent DNS proxying.

How to Check If Your VPN Is Leaking Your IP

Your ‘real’ IP address is the one which is assigned to you by your internet service provider and can be used to identify your unique internet subscription specifically. All devices on your home network will share the same IP address.

Here are few useful steps through which you can check whether your VPN is working fine and not leaking your IP address:

Step 1: Check your IP – Make sure that your VPN is NOT connected. If you are sure that your VPN is disconnected, then go to Google and type “what is my IP address” to check your real IP.

Step 2: Sign in to VPN – Log into your VPN account and connect to the server of your choice. Verify twice that you are connected.

Step 3: Check your IP again – Go to Google and type “what is my iIP address” again to check your new IP. You should see a new address, one that corresponds with your VPN and the country you selected.

Step 4: Do IP Leak test – Several free websites allow you to check if your VPN is leaking IP. There is a good tool for IP Leak tests in regards to user’s online privacy. It’s unique because it’s a modern web app and includes a free API to use on your smartphones. Most IP or DNS  leak tests used today are generally not mobile friendly, but more importantly outdated. For example, this tool’s API checks if DNS over TLS is enabled, which is missing from the older DNS leak test sites. This may be a relatively new protocol, but will become an increasingly important feature since it keeps your DNS requests encrypted. Its API also checks to see if DNSSEC is enabled or “Checking Disabled” is on or off. DNSSEC provides origin authority, data integrity, and authenticated denial of existence. So overall these results give you a more complete picture of your privacy and security settings.

What Other Leaks Can Expose Your IP Address? And How Can You Fix Them?

There is another common leak named ‘Dropped Connection’ which occurs if your VPN disconnects suddenly, in which case all your web traffic will be routed through your regular Internet connection (less secure). This is the common IP leak and also the easiest to prevent.

Choosing a VPN service with a kill-switch feature is the right choice even for your smartphones. A kill-switch is a critical piece of your VPN client software that continuously monitors your network connection and makes sure that your true IP address is never exposed online in the event of a dropped VPN connection. If it detects a change, it will instantly stop all internet connectivity and try to reconnect to the VPN automatically. I recommend looking for this feature when you are comparing VPNs.

VPNs can be a great tool for protecting your privacy online, but sometimes they can be undermined. I hope this post has opened your eyes to risks of IP leaks and the importance of regularly checking for them to ensure your information is staying safe.

 

by Anas Baig

0

Are Password Managers Safe?

A new study has identified security flaws in five of the most popular password managers.

Now for some counter-intuitive advice: I still think you should use a password manager. So do the ethical hackers with Independent Security Evaluators who came to me with news of the flaws — and other security pros I spoke to about the study, published Tuesday. You wouldn’t stop using a seat belt because it couldn’t protect you from every kind of vehicle accident. The same applies to password managers.

But the research, which finds password manager users are vulnerable to targeted malware attacks, does shine a light on ways to bolster our defenses. And it speaks to a bigger truth that gets lost in headlines about breaches and bugs: Online safety isn’t about being unhackable; it’s about not being the lowest-hanging fruit.

Password managers are programs that keep all your log-in details in an online safe-deposit box. They’re critical tools for staying safe, because the No. 1 most annoying thing about the Internet — passwords — leads people to make the No. 1 security mistake — reusing passwords. Hackers know we do this, so they take passwords from one breached site and then try them on lots of others. Using a program to keep track of all your unique passwords takes some adjustment, but they’re getting simpler and can make logging into things faster.

The question that has haunted these programs is: How is it possibly safe to put all your passwords in one basket? If someone steals it, you’re hosed.

For accountability’s sake, audits like the new one by ISE are important. It found the Windows 10 apps for 1PasswordDashlaneKeePassLastPass and RoboForm left some passwords exposed in a computer’s memory when the apps were in “locked” mode. To a hacker with access to the PC, passwords that should have been hidden were no more secure than a text file on your computer desktop. (The researchers studied only Windows apps, but say it may affect Apple Macs and mobile operating systems, too.)

1Password, LastPass and Roboform even exposed master passwords, used to unlock all your other passwords. “The ‘lock’ button on password managers is broken — some more severely than others,” said lead researcher Adrian Bednarek.

The companies had a range of responses. LastPass and RoboForm told me they would issue updates this week. Dashlane said it has documented the issue for some time and has been working on fixes, but it has higher-priority security concerns. KeePass and 1Password shrugged it off as a known limitation with Windows and an accepted risk.

Casey Ellis, the founder of Bugcrowd, a site for researchers to report vulnerabilities, told me that companies have to weigh the risk of each discovered bug and figure out what to prioritize. “Password companies have some of the highest standards of security, and folks should be able to sleep pretty well at night knowing that these companies are taking concerns seriously,” he said. “Vulnerabilities aren’t mysterious — they’re a product of the fact that people aren’t perfect — and finding them is a good thing.”

Why isn’t this a pants-on-fire issue? Because at the moment, we’re ahead of the threat. There’s no evidence hackers are targeting the PCs of individual password manager users. The question is: How long will that last?

Risk is relative

Yes, there is risk in storing all your passwords in one place with a password manager. But it’s helpful to look at the risk like a hacker: There’s no “safe” and “unsafe.” There’s “safer than,” or “better than.” Being 100 percent safe would require disconnecting from the Internet and moving to an undisclosed bunker.

Assuming the bunker isn’t an option for you, your choices are: reusing passwords or trusting a password manager.

The latter certainly wouldn’t be safer if password manager companies were exposing millions of our passwords at once through breaches of their servers. The companies encrypt our secrets and don’t store our master passwords used to unlock the encryption. If their servers do get hacked, the data is gobbledygook without the master password only each individual user knows. (So choose a unique master password, never share it with anyone, and definitely don’t forget it.)

The bug ISE found raises a different kind of risk: passwords exposed on the memory of individual users’ PCs. Any exposure “puts users’ secret records unnecessarily at risk,” Bednarek wrote in his report. But this discovery is nowhere close to our worst-case scenario. To peer into your PC’s memory, a hacker would likely either need to be sitting at your computer or trick you into installing malware that has control over your computer.

A recording made by researcher Adrian Bednarek of how a program he wrote can extract a 1Password version 4 user’s master password even when it is locked. (Adrian Bednarek/Independent Security Evaluators)

Hackers typically prefer mass attacks rather than going after individuals, unless it’s an extremely high-value individual. For mass attacks, there’s much lower-hanging fruit, such as all those people still reusing passwords.

The worry for Bednarek: As more people use password managers, malware makers might start targeting their PCs to steal passwords. Multiplied over millions of password manager users, a low risk to the individual could turn in a large number of exposed passwords. He says his goal is to “establish a reasonable minimum baseline which all password managers should comply with.”

The companies said malware isn’t a risk to password manager users only. A hacker with access to your computer might also make use of code such as a key logger that slurps up all your activity — at which point, using a password manager is not your only problem.

The companies and the researchers also disagree over how much they can do about the memory leak problem without fundamental changes to operating systems. Dashlane chief executive Emmanuel Schalit said local memory attacks are still a hypothetical concern. “It is more important for us to work on strengthening even further core components of our server infrastructure or cryptography, because this has a more material impact on our users’ security,” he said.

Bolstering defenses

Both sides agree on one thing: Your personal devices are the weak link. It’s a lot harder for a password manager — or any software — to protect your valuable data if the computer you’re working on is compromised.

So make yourself not worth hacking by:

  • Updating your software religiously. New versions contain very important security patches.
  • Checking your computer for malware. I recommend Malwarebytes for Windows and MacOS.
  • Being very careful about installing software that comes from places other than Microsoft, Apple and Google-managed app stores. Say no to Web browser extensions and pop-up messages.
  • Not storing extremely valuable secrets such as bitcoin private keys in password managers.

The other lesson from the new research is in how the password managers handled the problem. “They all are not created equal,” said Bednarek. Dashlane and KeePass did the best job at protecting master passwords in the computer’s memory. Dashlane remains my top-choice password manager for consumers, even though it’s also the most expensive.

I also learned from how seriously they responded to ISE when Bednarek contacted them — and to me when I followed up. KeePass dismissed it as old news, and RoboForm had little to say. Dashlane put me on the phone with its CEO. 1Password’s Chief Defender Against the Dark Arts sent me lengthy emails. LastPass had me speak with its top technical executive — but it also got Bednarek banned on Bugcrowd, the site for researchers to report flaws, because he disclosed the bug to me.

Troy Hunt, a security expert who runs the compromised-passwords database Haveibeenpwned.com, says password managers ought to be as resilient as possible. “If the outcome of this is that impacted password managers further strengthen their security posture, then that’s a good thing,” he said. “So long as it doesn’t scare off their users.”

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0
Public WiFi Safety

Stay Safe on Public Wi-Fi Networks

Stay Safe on Public Wi-Fi Networks

Free Wi-Fi is available in shopping malls, airports, restaurants, coffee shops, libraries, public transport, hotel rooms – you name it. These networks are used by millions of people on a daily basis. According to a recent survey by ITRC, three out of four respondents said they use free public Wi-Fi.

However, what most people don’t realize is that free public Wi-Fi isn’t secure. Even if it requires a password to login, that doesn’t necessarily mean your online activities are safe. You might love public Wi-Fi, but so do hackers! So, if you use public Wi-Fi without adequate protection, you’re essentially risking your online identity and money.

How Hackers Can Use Public Wi-Fi to Steal Your Identity

There are two main types of attacks through which cyber-criminals can use shared public Wi-Fi to gain access to your personal information and steal your identity.

1. Hackers on the Same Network

A hackers’ ultimate objective is to get connected to a network where multiple users are already connected, making public Wi-Fi networks excellent targets. Once he gains entry into such a network, he can deploy his tactics to take control of all the data and communications taking over this network.

One of the most common techniques hackers use to intercept data of people on the same network is known as Man in the middle (MITM). This is where cyber-criminals intercept communications between clients (or users of public Wi-Fi) and the public Wi-Fi router. Consequently, they’re able to capture and view all of the incoming and outgoing data.

Another risk to being on the same network as the hacker is the ability to file share. If you have file-sharing enabled while you’re on the network, the hacker can send you files infected with malware.

2. Hackers Who Create a Fake Wi-Fi Hotspot

This is another technique to trick unsuspecting users into joining a fake network put up by the hacker. With this, they can gain access to your personal information of your social accounts and financial credentials, and other sensitive information that may be crucial to your well-being. They can also have access to your files, if the file sharing option is enabled on your system.

Another tactic is once you connect to the fake network, hackers can push malware on your device by sending fake warnings of a system upgrade. Rather than upgrading, they install malware which can broadcast your sensitive information in real-time, including your system’s documents, photos, communication logs, etc.

5 Tips to Keep Your Data Safe on Public Wi-Fi

If you can’t avoid public Wi-Fi networks, you should at least ensure you’re well-protected when using them. Fortunately, there are some useful tips that you can follow to yourself safe on public Wi-Fi networks:

1. Verify the Network; Configure and Turn off Sharing

Remember that hackers are very clever, so its better to surf and play smart. Read the network name very carefully and ask an employee of the business if the link is legitimate. You can also ask the offering IP address. As mentioned above, hackers often set up fake networks, so verify the name to avoid being victim.

Another important thing to consider, when connected to the public internet, do you really need to have sharing preferences turned on? Obviously, not! So right after you verify the network, turn off the file sharing option. File sharing is usually pretty easy to turn off from the system preferences or control panel, depending on your operating system.

2. Use a VPN

A VPN (Virtual Private Network) is the most secure option to surf on public networks. It is one of the most useful tools to help people keep their information secure when logged on to public networks.

VPNs encrypt your data traffic and act as a protected tunnel between the client (browser) and server. All the data passing through the tunnel won’t be visible to hackers and they won’t be able to access your information and the activities you do online.

Another potential benefit to VPNs, is they mask your IP with their own IP address from different location. You could physically be in the Australia, but your VPN would show that you’re in a different location.

Not all VPN services are created equal. There are some free VPNs that are less secure than the paid ones. Paid VPNs do cost some money, but they give additional security to your needs. Here is the list of best VPNs that help guarantee your privacy and security.

3. Use HTTPS

If you don’t have access to a VPN, making sure you are only visiting encrypted sites can also help protect your data from some of the threats outlined above.

Look for HTTPS at the beginning of a website’s address. This means the connection between the browser and the web server is encrypted, so any data that is submitted to the website will be safe from eavesdropping or tampering. Most browsers also include a padlock symbol at the beginning of the address to indicate the site uses encryption.

4. Keep the Firewall Enabled

Turning on the firewall can prevent hackers’ unauthorized external access to your system. A firewall won’t provide complete protection, but it’s a setting that should always be enabled.

A firewall also acts as a barrier that protects your device from data-based malware threats. It actively monitors the data packets that come from networks and checks whether they’re safe or not. If it sees any malicious data packet, it gets blocked by the firewall. By blocking certain kinds of data, the firewall protects your computer or network and safeguards your data from attacks.

Usually we turn off the Windows firewall because of the annoying pop ups and notifications and then just completely forget about it. If you want to restart it, then head over to the Control Panel, go to “System and Security” and select “Windows Firewall”. If you are a Mac user, you can go to “System Preferences”, then “Security & Privacy”, then “Firewall” tab and enable Firewall on Mac.

5. Use Antivirus

Antivirus can help protect you while using public Wi-Fi by detecting malware that might get into your system while using the shared network. Always make sure to use latest versions of antivirus program that is installed on your device. An alert will be shown if any known viruses are loaded onto your device or if there’s any suspicious activity, malicious attack, or malware gets into your system via network.

Other Important Tips to Stay Safe on Public Wi-Fi Networks

Other than mentioned above tips, here are some more recommended tips of keeping your system secure on public Wi-Fi:

  • Always turn off automatic connection.
  • Always use 2 factor authentication – this way, even if a hacker obtains your username and password, they still won’t be able to access your accounts.
  • Always check forget network after using public Wi-Fi.
  • Don’t run financial transactions over public networks.

And most importantly! Instead of using these insecure networks, it is better to use your smartphone as a hotspot.

Conclusion

Digital security is important and we need to understand the risks of public Wi-Fi. This may prevent internet users and our loved ones from falling victim to data thefts. These tips are simple, easy, relatively inexpensive and could save you from cyber-criminals at any public place.

 

by Anas Baig

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0

Lawsuits Surge Over Websites’ ADA failures

Lawsuits Surge Over Websites’ ADA compliance failures

Businesses with websites that can’t be navigated by the blind are getting pummeled with lawsuits.

The new frontier in federal disability litigation has accelerated dramatically in recent years, with some companies now getting hit by lawsuits for the second or third time even after they’ve reached settlements to upgrade their sites.

Companies say the suits—targeting restaurants and retail stores, art galleries and banks—are fueled by plaintiffs’ lawyers looking for an easy payday. Disabled consumers argue they deserve to be able to access the internet freely.

The number of website-access lawsuits filed in federal court reached 2,250 in 2018, almost three times the 814 filed in 2017, according to law firm Seyfarth Shaw LLP. Most of the cases have been filed in New York and Florida, the firm’s data shows, though a recent appellate decision is likely to prompt more action in California.

On an inaccessible site, screen readers can’t properly translate the content. They get stuck, simply saying “image” instead of describing it, or not saying which information should be typed into blank fields on an ordering page.

The ADA prohibits discrimination against the disabled in all places of public accommodation, which most courts have interpreted to include websites connected to a physical business.

The Justice Department said in 2010 it would create website-access guidelines. It delayed the rule-making, then dropped it—leaving businesses to argue that they can’t upgrade websites to standards that don’t exist. The Justice Department declined to comment.

Plaintiffs’ lawyers and courts say that argument is a poor excuse.

In a closely watched ruling, the Ninth U.S. Circuit Court of Appeals recently sided with a blind man who sued Domino’s Pizza in 2016 after he was unable to order customized pizzas from the restaurant’s website. The court said the federal disability law unequivocally applies to the pizza chain’s website and mobile app.

Domino’s “has received fair notice” of the need for its technology to be accessible, the court said, adding that, “Our Constitution does not require that Congress or DOJ spell out exactly how Domino’s should fulfill this obligation.”

A Domino’s spokesman declined to comment.

Most website-access lawsuits settle, lawyers involved say—often for $20,000 or less in attorney fees and costs, plus an agreement to improve websites within two years. Overhauling a website to make it work seamlessly with screen readers can cost from several thousand to several hundred thousand dollars, depending on the complexity.

“There’s no excuse for companies today not to have fixed and remediated their websites,” said Jeffrey Gottlieb, a New York attorney who has filed hundreds of ADA website cases. “I find only a lawsuit pushes them to do it.”

Florida defense lawyer Anastasia Protopapadakis says her clients usually don’t resist updating their websites. But when they get hit with a complaint, she said, “a lot of them feel this is just a method of legal extortion.”

An analysis by UsableNet, a provider of accessibility technology and services, found that 20% of the website lawsuits filed in 2018 were against companies that had already been sued.

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.