fbpx
0
65% Increase In Cloud Attacks

65% Increase In Cloud Attacks

Proofpoint Research Reveals 65% Increase In Cloud Application Attacks In Q1 2019; 40% Of Attacks Originating From Nigeria.

 

Proofpoint, Inc., a leading cybersecurity and compliance company, today released its Cloud Application Attack Snapshot: Q1 2019 research, which examined over one hundred thousand cloud application attacks aimed at global organizations between September 2018 and February 2019. Overall, targeting attempts increased by 65 percent during that time period with 40 percent originating in Nigeria. China was the second most prevalent country of origin, with 26 percent of attacks originating from Chinese IP addresses.

Cloud application attacks use intelligence driven brute-force techniques (to crack passwords) and sophisticated phishing methods to lure victims into clicking and revealing their authentication credentials to break into cloud applications including Microsoft Office 365 and Google G Suite. If successful, attackers often increase their foothold in organizations by spreading laterally through internal phishing messages to infect additional users, access confidential information, and fraudulently route funds.

“As organizations continue to move their mission-critical business functions to the cloud, cybercriminals are taking advantage of legacy protocols that leave individuals vulnerable when using cloud applications,” said Ryan Kalember, executive vice president of Cybersecurity Strategy for Proofpoint. “These attacks are laser-focused on specific individuals, rather than infrastructure, and continue to grow in sophistication and scope. As a best practice, we recommend that organizations establish a cloud-first approach to security that prioritizes protecting employees and educates users to identify and report these advanced techniques and methods.”

Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts. This industry, and students especially, are highly vulnerable due to their remote nature.

Additional Proofpoint Cloud Application Attack Research Findings

Brute-Force Cloud App Attack Findings:

· IMAP-based password spraying attacks are the most popular and extensive technique used to compromise Microsoft Office 365 accounts. These attacks occur when cybercriminals attempt common or recently leaked credentials across many different accounts at the same time.

· Most brute-force attacks originated in China (53%), followed by Brazil (39 percent), and the U.S. (31 percent).

· Over 25 percent of examined Office 365 tenants experienced unauthorized logins and over 60 percent were actively targeted. Overall, the success ratio in Q1 2019 was 44 percent.

Phishing Cloud App Attack Findings:

· Most phishing cloud app attacks originate from Nigeria (63 percent), followed by South Africa (21 percent), and the United States via VPNs (11 percent).

· Attackers will often modify email forwarding rules or set email delegations to maintain access. They will also use conspicuous VPN services to bypass conditional access and geolocation-based authentication.

To access Proofpoint’s Cloud Application Attack Snapshot: Q1 2019 research, please visit: Q1 Research Link

Learn More Here…

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0
IoT And Your Digital Supply Chain

IoT And Your Digital Supply Chain

IoT And Your Digital Supply Chain

“Money, it’s a gas. Grab that cash with both hands and make a stash”, Pink Floyd is always near and dear to my heart. No doubt the theme song to a lot of producers of devices that fall into the category of Internet of Things or IoT.

I can’t help but to giggle at the image that comes to mind when I think about IoT manufacturers. I have this vision in my head of a wild-eyed prospector jumping around after finding a nugget of gold the size of a child’s tooth. While this imagery may cause some giggles it also gives me pause when I worry about what these gold miners are forgetting. Security comes to mind.

I know, I was shocked myself. Who saw that coming?

While there is a mad rush to stake claims across the Internet for things like connected toasters, coffee makers and adult toys it seems security falls by the way side. A lot of mistakes that were made a corrected along the way as the Internet evolved into the monster that it is today are returning. IoT appears to be following a similar trajectory but, at a far faster pace.

With this pace we see mistakes like IoT devices being rolled out with deprecated libraries and zero ability to upgraded their firmware or core software. But, no one really seems to care as they count their money while they’re still sitting at the table. The problem really comes into focus when we realize that it is the rest of us that will be left holding the bag after these manufacturers have made their money and run.

Of further concern is the fractured digital supply chains that they are relying on. I’m worried that with this dizzying pace of manufacture that miscreants and negative actors are inserting themselves into the supply chain. We have seen issues like this come to the forefront time and again. Why is it that we seem hell bent on reliving the same mistakes all over again?

One of my favorite drums to pound on is the use of deprecated, known vulnerable, libraries in their code. I’ve watched talks from numerous presenters who unearthed this sort of behavior at a fairly consistent pace. What possible rationale could there be for deploying an IoT device in 2016 with an SSL library that is vulnerable to Heartbleed?

I’ll let that sink in for a moment.

And this is by no means the worst of the lot. These products are being shipped to market with preloaded security vulnerabilities that can lead to all manner of issues. Data theft is the one that people like to carry on about a fair bit but, it would be a fairly trivial exercise to compromise some of these devices and have them added to a DDoS botnet.

What type of code review is being done a lot the way by code written by outsourced third parties? This happens a lot and really does open a company up to a risk of malicious, or poor, code being introduced.

The IoT gold rush is a concern for me from a security perspective. Various analyst firms gush about the prospect of having 800 gajillion Internet enabled devices online by next Tuesday but, they never talk about how we are going to clean up the mess later on. Someone always has to put the chairs up after the party is over.

 

IoT And Your Digital Supply Chain By:  Dave Lewis

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0
Keeping Kids Safe Online

Keeping Kids Safe Online

“Here Be Dragons”, Keeping Kids Safe Online

Sitting here this morning sipping my coffee, I watched fascinated as my 5-year-old daughter set up a VPN connection on her iPad while munching on her breakfast out of absent-minded necessity.

It dawned on me that, while daughter has managed to puzzle out how to route around geofencing issues that many adults can’t grasp, her safety online is never something to take for granted. I have encountered parents that allow their kids to access the Internet without controls beyond “don’t do X” — which we all know is as effective as holding up gauze in front of semi and hoping for the best (hat tip to Robin Williams).

More parents need to be made aware that on the tubes of the Internet, “here be dragons.”

First and foremost for keeping your kids safe online is that you need to wrap your head around a poignant fact. iThingers and their ilk are NOT babysitters. Please get this clear in your mind. Yes, I have been known to use these as child suppression devices for long car rides but, we need to be honest with ourselves. Far too often they become surrogates and this needs to stop. When I was kid my folks would plonk me down in front of the massive black and white television with faux wood finish so I could watch one of the three channels. Too a large extent this became the forerunner of the modern digital iBabysitter.

These days I can’t walk into a restaurant without seeing some family engrossed in their respective devices oblivious of the world around them, let alone each other. Set boundaries for usage. Do not let these devices be a substitute parent or a distraction and be sure to regulate what is being done online for both you and your child.

I have had conversations about what is the best software to install on a system to monitor a child’s activity with many parents. Often that is a conversation borne out of fear of the unknown. Non-technical parents outnumber the technically savvy ones by an order of magnitude and we can’t forget this fact. There are numerous choices out there that you can install on your computer but, the software package that is frequently overlooked is common sense.

All kidding aside, there seems to a precondition in modern society to offload and outsource responsibility. Kids are curious and they will click links and talk to folks online without the understanding that there are bad actors out there. It is incumbent upon us, the adults, to address that situation through education. Talk with your kids so that they understand what the issues are that they need to be aware of when they’re online. More importantly, if you as a parent aren’t aware of the dangers that are online you need to avail yourself of the information.

This is by no means that only choice out there but, it is a good starting point. The Internet is a marvelous collection of information but, as with anything that is the product of a hive mind, there is a dark side. Parents and kids need to take the time to arm themselves with the education to help guard against perils of the online world.

If you don’t know, ask. If you don’t ask, you’ll never know.

 

Keeping Kids Safe Online By:  

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0
Will Anyone Even Know?

Will Anyone Even Know?

If An Infosec Policy Falls In The Forest

When you are building an Information Security practice you need a solid governance structure in place. For those of you who might not be familiar we can look at it a more accessible way. If you are building a house you need a solid foundation otherwise the thing will collapse.
Much in the same vein, if you do not have a solid set of policies, you are destined to fail.

All is not lost as there are all sorts of resources that are available to help you online. The key point to remember is that with anything you find should never be used verbatim. If you cut and paste a policy you find online and swap the letterhead you should just hang up your tin star now. Do not pass go. Do not collect $200.

Why? Well, let’s cut to the chase. No company is the same as the next. You would be doing yourself and your organization a disservice if you are to maintain this perspective. OK, so if you are maintaining the idea that because you work at Bank A and Bob has a job in governance at Bank B that you will not be able to take their policy and simply use it at your own. Realistically you will need to tailor any policy to your own environment.

If you don’t have a proper governance structure in place it can cause you some angst. As an example, how can you remove an employee who is surfing porn on the Internet if you have no framework in place to deal with such an action? That is the simplest example that comes to mind.

To spin it differently, there was a shop that I worked for at which I was told that I could not use a certain piece of software. It was a fairly benign software application so, I couldn’t help but to ask why. Now, bearing in mind I had no argument with being told no. I was just interested in knowing what the rationale was for that decision. The answer I received was, “because $group said no.”

What?

I asked the unforgivable question. I said, “OK, can I see the documentation regarding that decision? I just want to better understand why.” I was greeted with a Jedi hand wave. This isn’t OK. If you don’t have things documented then they do not exist. Pure and simple.
So, when you are tackling the policies for your organization be sure to go beyond the flaming sword of justice approach to governance. It is simply a dead method for dealing with the foundation for your security program. You want to facilitate the business in a safe and secure way to ensure that security is not the “road block” of old while saving the organization from itself.

When you create your policy documents make sure that they receive reviews from senior leadership, legal and human resources departments. Failing to do so will limit the veracity and adoption of a policy.

If you do not communicate your policies within your organization, how can you expect people to abide by them? Communication is a mainstay of any governance program. Go forth and bring the positive word of security to the masses.

If an information security policy falls in the corporate forest…does anyone read it?

 

Will Anyone Even Know?By: Dave Lewis

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0

Cybersecurity Risks Identified

Malware And Malicious Insiders Accounted For One-Third Of All Cybercrime Costs Last Year, According To Report From Accenture And Ponemon Institute.

The cost to companies from malware and “malicious insider”-related cyberattacks jumped 12 percent in 2018 and accounted for one-third of all cyberattack costs, according to new research published today by Accenture (NYSE: ACN) and the Ponemon Institute.

Based on interviews with more than 2,600 security and information technology (IT) professionals at 355 organisations worldwide, Accenture’s 2019 “Cost of Cybercrime Study” found that the cost to companies due to malware increased 11 percent, to more than US$2.6 million per company, on average, and the cost due to malicious insiders — defined as employees, temporary staff, contractors and business partners — jumped 15 percent, to US$1.6 million per organisation, on average.

Together these two types of cyberattacks accounted for one-third of the total US$13.0 million cost to companies, on average, from cybercrime in 2018, an increase of US$1.3 million in the past year. Similarly, the cost to companies from phishing and from social engineering increased to US$1.4 million per organisation, on average.

The study calculated cybercrime costs as what an organisation spends to discover, investigate, contain and recover from cyberattacks over a four-consecutive-week period, as well as expenditures that result in after-the-fact activities — i.e., incident-response activities designed to prevent similar attacks — and efforts to reduce business disruption and the loss of customers.

“From people to data to technologies, every aspect of a business invites risk and too often security teams are not closely involved with securing new innovations,” said Kelly Bissell, senior managing director of Accenture Security. “This siloed approach is bad for business and can result in poor accountability across the organisation, as well as a sense that security isn’t everyone’s responsibility. Our study makes it clear that it’s time for a more holistic, proactive and preventative approach to cyber risk management involving full business engagement across the entire ecosystem of partners.”

Other notable findings of the study include:

In 2018, surveyed companies each recorded an average of 145 cyberattacks — resulting in the infiltration of a company’s core networks or enterprise systems — an 11 percent increase over 2017 and 67 percent higher than five years ago.
Malware is the most expensive type of attack, costing companies US$2.6 million, on average, followed by web-based attacks, at US$2.3 million.
The number of organisations experiencing ransomware attacks increased by 15 percent in 2018, with the costs increasing 21 percent, to approximately US$650,000 per company, on average. The number of ransomware attacks more than tripled in the past two years.
Six in seven companies (85 percent) experienced phishing and social engineering cyberattacks in 2018 — a 16 percent increase over 2017 — and three-quarters (76 percent) suffered web-based attacks.
Automation, orchestration and machine-learning technologies were deployed by only 28 percent of organisations — the lowest of the technologies surveyed — yet provided the second-highest cost savings for security technologies overall, at US$2.9 million.

Companies in the United States experienced the greatest increase in costs due to cybercrime in 2018, at 29 percent, with a cost of US$27.4 million per company, on average — at least double that of companies in any other country surveyed. Japan was the next highest, at US$13.6 million, followed by Germany, at US$13.1 million, and the U.K., at US$11.5 million. The countries with the lowest total average costs per company were Brazil and Australia, at US$7.2 million and US$6.8 million, respectively.

“Increased awareness of people-based threats and adopting breakthrough security technologies are the best way to protect against the range of cyber risks,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Our report not only illustrates our joint commitment with Accenture to keep security professionals informed about the nature and extent of cyberattacks, but also offers practical advice for companies to improve cybersecurity efforts going forward.”

For more information on security investments that can help organisations effectively deal with cyber risks, visit: https://www.accenture.com/us-en/insights/security/cost-cybercrime-study.

Methodology
The study, conducted by the Ponemon Institute on behalf of Accenture, analyses a variety of costs associated with cyberattacks to IT infrastructure, economic cyber espionage, business disruption, ex-filtration of intellectual property and revenue losses. Data was collected from 2,647 interviews conducted over a seven-month period from a benchmark sample of 355 organisations in 11 countries: Australia, Brazil, Canada, France, Germany, Italy Japan, Singapore, Spain, the United Kingdom and the United States. The study represents the annualised cost of all cybercrime events and exploits experienced over a one-year period from 2017 to 2018. These include costs to detect, recover, investigate and manage the incident response. Also covered are costs that result in after-the-fact activities and efforts to contain additional expenses from business disruption and the loss of customers.

About Accenture
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialised skills across more than 40 industries and all business functions — underpinned by the world’s largest delivery network Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With 469,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.

Accenture Security helps organisations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organisations’ valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.

Learn More Here…

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0
New Privacy for Facebook

New Privacy for Facebook

A New Privacy Constitution for Facebook

Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferouscritics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined the platform, even while conceding that “frankly we don’t currently have a strong reputation for building privacy protective services.”

There is ample reason to question Zuckerberg’s pronouncement: The company has made — and broken — many privacy promises over the years. And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook’s surveillance capitalism business model. All the post discusses is making private chats more central to the company, which seems to be a play for increased market dominance and to counter the Chinese company WeChat.

In security and privacy, the devil is always in the details — and Zuckerberg’s post provides none. But we’ll take him at his word and try to fill in some of the details here. What follows is a list of changes we should expect if Facebook is serious about changing its business model and improving user privacy.

How Facebook treats people on its platform

Increased transparency over advertiser and app accesses to user data

Today, Facebook users can download and view much of the data the company has about them. This is important, but it doesn’t go far enough. The company could be more transparent about what data it shares with advertisers and others and how it allows advertisers to select users they show ads to. Facebook could use its substantial skills in usability testing to help people understand the mechanisms advertisers use to show them ads or the reasoning behind what it chooses to show in user timelines. It could deliver on promises in this area.

Better — and more usable — privacy options

Facebook users have limited control over how their data is shared with other Facebook users and almost no control over how it is shared with Facebook’s advertisers, which are the company’s real customers. Moreover, the controls are buried deep behind complex and confusing menu options. To be fair, some of this is because privacy is complex, and it’s hard to understand the results of different options. But much of this is deliberate; Facebook doesn’t want its users to make their data private from other users.

The company could give people better control over how — and whether — their data is used, shared, and sold. For example, it could allow users to turn off individually targeted news and advertising. By this, we don’t mean simply making those advertisements invisible; we mean turning off the data flows into those tailoring systems. Finally, since most users stick to the default options when it comes to configuring their apps, a changing Facebook could tilt those defaults toward more privacy, requiring less tailoring most of the time.

More user protection from stalking

Facebook stalking” is often thought of as “stalking light,” or “harmless.” But stalkers are rarely harmless. Facebook should acknowledge this class of misuse and work with experts to build tools that protect all of its users, especially its most vulnerable ones. Such tools should guide normal people away from creepiness and give victims power and flexibility to enlist aid from sources ranging from advocates to police.

Fully ending real-name enforcement

Facebook’s real-names policy, requiring people to use their actual legal names on the platform, hurts people such as activists, victims of intimate partner violence, police officers whose work makes them targets, and anyone with a public persona who wishes to have control over how they identify to the public. There are many ways Facebook can improve on this, from ending enforcement to allowing verifying pseudonyms for everyone — not just celebrities like Lady Gaga. Doing so would mark a clear shift.

How Facebook runs its platform

Increased transparency of Facebook’s business practices

One of the hard things about evaluating Facebook is the effort needed to get good information about its business practices. When violations are exposed by the media, as they regularly are, we are all surprised at the different ways Facebook violates user privacy. Most recently, the company used phone numbers provided for two-factor authentication for advertising and networking purposes. Facebook needs to be both explicit and detailed about how and when it shares user data. In fact, a move from discussing “sharing” to discussing “transfers,” “access to raw information,” and “access to derived information” would be a visible improvement.

Increased transparency regarding censorship rules

Facebook makes choices about what content is acceptable on its site. Those choices are controversial, implemented by thousands of low-paid workersquickly implementing unclear rules. These are tremendously hard problemswithout clear solutions. Even obvious rules like banning hateful words run into challenges when people try to legitimately discuss certain important topics. Whatever Facebook does in this regard, the company needs be more transparent about its processes. It should allow regulators and the public to audit the company’s practices. Moreover, Facebook should share any innovative engineering solutions with the world, much as it currently sharesits data center engineering.

Better security for collected user data

There have been numerous examples of attackers targeting cloud service platforms to gain access to user data. Facebook has a large and skilled product security team that says some of the right things. That team needs to be involved in the design trade-offs for features and not just review the near-final designs for flaws. Shutting down a feature based on internal security analysis would be a clear message.

Better data security so Facebook sees less

Facebook eavesdrops on almost every aspect of its users’ lives. On the other hand, WhatsApp — purchased by Facebook in 2014 — provides users with end-to-end encrypted messaging. While Facebook knows who is messaging whom and how often, Facebook has no way of learning the contents of those messages. Recently, Facebook announced plans to combine WhatsApp, Facebook Messenger, and Instagram, extending WhatsApp’s security to the consolidated system. Changing course here would be a dramatic and negative signal.

Collecting less data from outside of Facebook

Facebook doesn’t just collect data about you when you’re on the platform. Because its “like” button is on so many other pages, the company can collect data about you when you’re not on Facebook. It even collects what it calls “shadow profiles”—data about you even if you’re not a Facebook user. This data is combined with other surveillance data the company buys, including health and financial data. Collecting and saving less of this data would be a strong indicator of a new direction for the company.

Better use of Facebook data to prevent violence

There is a trade-off between Facebook seeing less and Facebook doing more to prevent hateful and inflammatory speech. Dozens of people have been killed by mob violence because of fake news spread on WhatsApp. If Facebook were doing a convincing job of controlling fake news without end-to-end encryption, then we would expect to hear how it could use patterns in metadata to handle encrypted fake news.

How Facebook manages for privacy

Create a team measured on privacy and trust

Where companies spend their money tells you what matters to them. Facebook has a large and important growth team, but what team, if any, is responsible for privacy, not as a matter of compliance or pushing the rules, but for engineering? Transparency in how it is staffed relative to other teams would be telling.

Hire a senior executive responsible for trust

Facebook’s current team has been focused on growth and revenue. Its one chief security officer, Alex Stamos, was not replaced when he left in 2018, which may indicate that having an advocate for security on the leadership team led to debate and disagreement. Retaining a voice for security and privacy issues at the executive level, before those issues affected users, was a good thing. Now that responsibility is diffuse. It’s unclear how Facebook measures and assesses its own progress and who might be held accountable for failings. Facebook can begin the process of fixing this by designating a senior executive who is responsible for trust.

Engage with regulators

Much of Facebook’s posturing seems to be an attempt to forestall regulation. Facebook sends lobbyists to Washington and other capitals, and until recentlythe company sent support staff to politician’s offices. It has secret lobbying campaigns against privacy laws. And Facebook has repeatedly violated a 2011 Federal Trade Commission consent order regarding user privacy. Regulating big technical projects is not easy. Most of the people who understand how these systems work understand them because they build them. Societies will regulate Facebook, and the quality of that regulation requires real education of legislators and their staffs. While businesses often want to avoid regulation, any focus on privacy will require strong government oversight. If Facebook is serious about privacy being a real interest, it will accept both government regulation and community input.


User privacy is traditionally against Facebook’s core business interests. Advertising is its business model, and targeted ads sell better and more profitably — and that requires users to engage with the platform as much as possible. Increased pressure on Facebook to manage propaganda and hate speech could easily lead to more surveillance. But there is pressure in the other direction as well, as users equate privacy with increased control over how they present themselves on the platform.

We don’t expect Facebook to abandon its advertising business model, relent in its push for monopolistic dominance, or fundamentally alter its social networking platforms. But the company can give users important privacy protections and controls without abandoning surveillance capitalism. While some of these changes will reduce profits in the short term, we hope Facebook’s leadership realizes that they are in the best long-term interest of the company.

Facebook talks about community and bringing people together. These are admirable goals, and there’s plenty of value (and profit) in having a sustainable platform for connecting people. But as long as the most important measure of success is short-term profit, doing things that help strengthen communities will fall by the wayside. Surveillance, which allows individually targeted advertising, will be prioritized over user privacy. Outrage, which drives engagement, will be prioritized over feelings of belonging. And corporate secrecy, which allows Facebook to evade both regulators and its users, will be prioritized over societal oversight. If Facebook now truly believes that these latter options are critical to its long-term success as a company, we welcome the changes that are forthcoming.


By: Bruce SchneierAdam Shostack

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0
Is somebody watching you

Is somebody watching you?

Is somebody watching you? How to stop apps from tracking your location

While location-tracking data is often anonymized before being sold on, it can reveal an alarming amount of information about your activity. It’s not just about where you shop — it shows everywhere you go, which may include anything from a prenatal clinic visit to an AA meeting, revealing potentially sensitive details about your life.

If you’re concerned about your privacy, or just kind of creeped out, you can take action to prevent apps from tracking your location. Here’s how to prevent app location tracking on Android or iOS.

FIND OUT WHICH APPS HAVE LOCATION DATA ACCESS

It’s a very good idea to start with a review of the apps on your phone that have access to location data. There are legitimate reasons for many apps to track your location, so be aware that denying access to location tracking may prevent some apps from working properly. A navigation app like Google Maps, for example, is not going to be anywhere near as useful if it doesn’t know where you are.

HOW TO PREVENT LOCATION TRACKING ON AN ANDROID PHONE

If you have an Android device, and you want to turn off location tracking entirely, then it’s easy to do, although the precise instructions will differ slightly from phone to phone.

On a Google Pixel 3, go to Settings > Security & location > Location and toggle Use location off.

On a Samsung Galaxy S9 Plus, go to Settings > Connections > Location and toggle it off.

On a Huawei P20 Pro, go to Settings > Security & privacy > Location services and toggle off Access to my location.

This will turn off all location tracking, so no apps will be able to access your location. It also means that, in theory, Google won’t track or save your location, though there’s evidence it will anyway. You may also still get ads based on your IP address location.

Unfortunately, turning off location altogether also means that you can’t track your phone if it goes missing, you can’t see or share your location in Google Maps, and some other services and apps may not work as well as they otherwise would.

Another setting worth looking at if you want to limit Google’s tracking is your Web & App Activity. You can find full instructions on how to control and delete searches and browsing activity, which sometimes also includes location, from Google.

HOW TO JUST RESTRICT SPECIFIC APPS IN ANDROID

If you decide that turning off location tracking altogether is a step too far, you can still toggle off specific apps that you’d prefer not to have location access. Once again, the instructions will vary a little depending on your phone.

For example, on a Pixel, go to Settings > Apps & notifications > Advanced > App permissions > Location.

On a Samsung Galaxy, it’s Settings > Apps > Menu (three dots at top right) > App permissions > Location.

On a Huawei phone, it’s Settings > Apps & notifications > Permissions > Your location.

Review the list and toggle off anything that you’d prefer did not have the ability to track your location.

HOW TO PREVENT LOCATION TRACKING ON AN IPHONE

Things are a little more straightforward with iOS, so if you want to turn off location tracking on your iPhone, or just restrict certain apps, then you need to go to Settings > Privacy > Location Services, where you can choose to toggle Location Services off completely.

Bear in mind that this will impact some services and apps, such as Maps and Find My iPhone, so it might be a step too far. Although, it’s worth noting that Location Services can be re-enabled on the device if it’s in Lost Mode. You can put your iPhone into Lost Mode via iCloud.

In Settings > Privacy > Location Services, you’ll also see a list of apps that have location data access and you can tap on each one and decide whether it should be allowed to access your location NeverWhile Using the App, or Always.

WHAT ABOUT THE LOCATION DATA ALREADY RECORDED?

Now that you’ve prevented various apps and services from tracking your location going forward, you may be wondering whether you can delete the location data that companies have already collected about your movements.

If you have an Android phone, then you can ask Google to delete your location history. Simply follow that link, make sure you’re signed into your Google account, and tap the red Delete Location History button. Bear in mind that it will delete the information permanently and you won’t be able to get it back.

If you have an iPhone, then go to Settings > Privacy > Location Services and scroll down to find System Services > Significant Locations, then tap Clear History at the bottom. Apple claims this information is encrypted and can’t be read by Apple, so this may be unnecessary.

As for the location data collected by other companies through the apps you’ve been using, there’s no easy way to find out what it is or to delete it. You could start by referring to the organization in question’s privacy policy and get in touch with them, but it’s very possible they’ve already sold your data and they don’t have any legal duty to help you in the U.S.

If you’re in the European Union, you do have a legal right to request a copy of the data that a company has collected on you, including location data, and to insist that they delete it. Check out the U.K. Information Commissioner’s Office guide for details on your rights and how to request data, but be prepared to jump through some hoops.

To further safeguard your privacy, we recommend using one of the best Android VPN apps or the best iPhone VPN apps.

 

Is somebody watching you?By: Simon Hill

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0
Google confirms it tracks users

Google confirms it tracks users

Google tracks your location — even when you deny it permission

Google confirms it still tracks users who turn Location History off

BREAKING: Google clarifies to users it still tracks their location even after they turn off location history, following AP report.

The AP first started looking into the issue when K. Shankari, a graduate researcher from University of California, Berkeley, turned off her Location History on her Android device — but still received a notification asking to rate a shopping trip to Kohl’s.

While Google does ask permission to use location information (such as requesting access for use in navigation), the issue lies within the Location History setting. Google’s support page states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored,” but the AP’s investigation found this to not be true.

The in-depth report includes a map that illustrates the commute of Gunes Acar, a Princeton privacy researcher. Even with “Location History” turned off on his Android phone, the map pinpoints exactly where he traveled and saves the data to his Google account.

Even if users “pause” Location History to keep the company from noting where they’ve been, the AP says “Google apps still automatically store time-stamped location data without asking.”  AP found that pausing it doesn’t keep the company from being able to store a snapshot whenever you open Maps, or pinpoint where you are when your Android device automatically updates to give you the weather.

A quick Google search for random items on your device apparently isn’t safe from tracking either. Even though your search isn’t related to location, it still allows the device to determine your location and save it to your Google account.

In response to the findings, Google issued a statement to the AP:

“There are a number of different ways that Google may use location to improve people’s experience, including: Location History, Web and App Activity, and through device-level Location Services. We provide clear descriptions of these tools, and robust controls so people can turn them on or off, and delete their histories at any time.”

The tech giant says that users can turn off another setting called “Web and App Activity,” which is enabled on your device automatically. It’s a setting that stores information from Google apps and websites to your Google account.

Turning it off will prevent Google from saving location markers, along with information based on your search and activity. But the AP also notes that turning this setting off could alter how effective Google Assistant is, which could greatly affect those who rely on it often.

 

 The Associated Press

Google confirms it tracks usersBy: Brenda Stolyar

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0
Cyber Culture

Organizational Approach to Cyber Culture

Organizational Approach to Cyber Culture

Predictions aren’t easy, especially in the chaotic world of cybersecurity. The threat landscape is ever-growing, all thanks to offensive and defensive technologies and nation-state attacks emerging at a fanatic pace with advanced scope and sophistication. The following post emphasizes how one can improve a company’s cyber security culture.

What is a security culture? A facet of the broader corporate culture, it encourages employees to make decisions and fulfill day-to-day duties – while adhering to the organization’s ongoing security policies. By using security best-practices, employees can mitigate cyber risks and improve compliance with even the most severe regulations. A security culture, however, is a healthy mix of knowledge and follow-through.

Why it’s essential to build a healthy security culture?

Do you know what an organization’s culture requires the most? Care and feeding on a daily basis; with security emerging as a critical issue, business owners are investing heavily in promoting a security-aware culture. Now, do you think a sustainable security culture is just a single event? Definitely not! When a security culture is sustainable, chances are it transforms security from a one-time event into a lifecycle that generates security returns forever.

What makes a sustainable security culture? It’s based on four features: It must be deliberate and disruptive. Second, it has to be engaging and fun. Third, it turns out to be rewarding. Fourth, it provides a great return on investment.

Most important of all, a sustainable security culture has to be persistent. Don’t consider it as a one-time investment – it’s embedded in everything you do.

What follows are several tips that can improve a company’s security culture:

Make security accessible

Security constraints and skill shortages are some of the biggest challenges. It’s a common, but misleading, belief that only the most senior executives should handle security.  That’s not the case at all. Instead, everyone should own a company’s security solution and culture.

While this might seem difficult, it’s not impossible. All you need to do is incorporate security at the highest level of your existing environment. Moreover, keep updating software, corporate policies and make sure that security remains a non-negotiable agreement for a lifetime. This means those who have (CISO, CSO) in their titles won’t be the only ones with clear access to security. Access and responsibility is from C-level execs – all the way down to individual managers.

Train employees

Many people may find cybersecurity training quite labor intensive. However, if we view cybersecurity training in the long-term, it’s not so! The good news is there’s a variety of training available – from traditional PowerPoint presentations conducted by an IT team member to more modern options. Another interesting way to foster a security-centric culture is by conducting role-playing games. For example, let employees review security-related cases and decide how to solve specific problems in alignment with your company’s security policy. Using this approach makes learning in a fun, yet practical way to follow security policy – without posing any risk to the organization.

Secure executive support

There is no harm in seeking executive support to create a successful cyber culture. This eventually helps boost profitability to a great extent. In addition, when building support – try to set realistic expectations.

Ask employees to report incidents

Communication is key to success. A company is more like a community of employees that ends up being socially responsible. Here, management should encourage employees to report not just full-fledged incidents, but even the smallest suspicious activities encountered throughout the day. By getting employees on board with reporting, you’ll increase the rate of spotting cybersecurity issues – and hopefully reduce the chance of serious incidents.

Building a strong security culture takes work. As the old expression goes: “Slow and steady always wins the race”. –This means you must continuously promote cybersecurity awareness. Approach information security with the same level of engagement and responsibility as you would with financial and other corporate risks.

Final thoughts

Incorporating an effective security culture can positively change how an organization approaches it. Keep in mind that change takes time, so expecting employees to become pen-testing Ninjas or experts who can write secure code while they sleep is a waste of time. But with the right process and attitude, you’ll eventually get there.

So it’s time to brush up your defense skills that embrace and reward the adoption of good cyber security behavior.

What kind of security culture do you have? 

by Vikash Chaudhary

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0
Daylight Saving Time Starts Sunday

Daylight Saving Time Starts Sunday

REMEMBER!

Mar 10, 2019 -Daylight Saving Time Starts

When local standard time is about to reach

Sunday, March 10, 2019, 2:00:00 am clocks are turned forward 1 hour to

Sunday, March 10, 2019, 3:00:00 am local daylight time instead.

Sunrise and sunset will be about 1 hour later on Mar 10, 2019 than the day before. There will be more light in the evening.

Also called Spring Forward, Summer Time, and Daylight Savings Time.

learn more here...

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

1 2 3