Category: Everything about the Web

3 tips to help make and manage complex passwords

3 tips to help make and manage complex passwords by Nick Ismail.  Available from <http://www.information-age.com/3-tips-complex-passwords-123462571/> [October 11, 2016] Photo: AdobeStock_21942031-634x0-c-default.jpeg

Passwords, despite the rise of biometrics, are still the most common form of user protection. It is important, therefore, to understand the best methods of producing and managing the most secure passwords possible

Every platform, every service we use requires a password or some other form of authentication.

Remembering dozens, perhaps hundreds, of unique passwords and usernames and keeping all of our devices up to date is difficult, to say the least, and these necessities conflict directly with our desire for maximum convenience.

Most people are guilty of re-using simple passwords across services and of writing them down to make them easier to recall when needed.

In the balancing act between security and convenience, convenience currently has the upper hand at the cost of immeasurable amounts of our most private data.

How can we begin to manage this growing list of passwords in a secure way? Here are 3 key tips and tricks you can use when it comes to password generation and management.

Apply mnemonics

You are probably aware of the rules of password best practice: Passwords must be long; they must contain a mix of characters; they should not be easily guessable; you should never share them; change your passwords often; use different passwords for different applications. The list goes on.

Satisfying all of these criteria can be a challenge, especially when considering that if you create a different password for each service you use you will somehow need to remember each one and avoid writing them down.

An easy way to approach this problem is by applying mnemonics to generating passwords.

For example, take the phrase ‘I would love to fly British Airways first class to Singapore!’ I can easily remember this phrase because it is true and it is not personal.

Also, it doesn’t include a name, an employer, a home location, or any other information about a person that’s easy to guess.

From this phrase, someone can formulate a password by using the first letter(s) of each word, numbers, capitalisation, and special characters.

Suddenly, this sentence creates a strong password that satisfies all the length and complexity requirements set forth by most services: IWLtoFBA1stCtoS!

You can also use other forms of mnemonics, such as misspelling common dictionary words, as a basis for your password instead of just the first letter. Be creative—the important factor is creating a complex password that you can actually remember!

Use a password manager

Though now you know an effective technique for creating passwords, you might still be struggling to remember enough different phrases to cover every account you own.

To help avoid re-using passwords across accounts, you can use password management applications or your web browser’s ability to save and remember passwords.

Password managers typically store passwords in the cloud and secure them all with a master password.

If you or your employer are not comfortable with cloud solutions, some password managers offer local storage as an alternative, giving you control and full responsibility over your password store.

However, bear in mind that though password managers are becoming increasingly feature rich, they can be vulnerable just like any other service.

For example, last year password manager LastPass experienced “suspicious activity” and urged users tochange their passwords.

As an alternative, saving passwords in your web browser is also convenient, as some browsers allow you to set a master password as an extra layer of protection, preventing your password from potentially being displayed in clear text.

Add more layers of protection

As well as passwords, you can add other forms of authentication to the data protection mix.

Authentication can be something you know (password), something you have (smart card, token, or mobile device app), or something you are (fingerprint).

On their own, each form of authentication has its weaknesses, but using multiple forms together – known as multi-factor authentication – strengthens the process.

So, even if your passwords are compromised, a malicious actor still needs another authenticator to access your data. Unless they also have access to that second factor, your data remains secure.

Everyone’s responsibility

Effective cybersecurity is not just a matter of installing the right software.

Technical ability alone is not enough to resolve the issue. If it were, breaches wouldn’t occur in such great numbers and with such frequency.

Only a holistic security stance will enable you to limit the opportunities cyber criminals have to steal your organisation’s data.

Preventing breaches requires encouraging secure behaviour at all levels across your organisation.

Every employee, contractor, third party vendor, intern or volunteer should understand the basics of password protection, as well as the basics of identifying, deflecting and reporting potential threats.

That way, if someone succeeds in breaking through your defences, which unfortunately seems inevitable, having a well-educated and aware user base will only help reduce the damage and identify the problem sooner.
Sourced by Stuart Clarke, chief technical officer, cybersecurity, Nuix

3 tips to help make and manage complex passwords by Nick Ismail.  Available from <http://www.information-age.com/3-tips-complex-passwords-123462571/> [October 11, 2016] Photo: AdobeStock_21942031-634x0-c-default.jpeg

5 Main Tips to Optimize Your Business Online

5 Main Tips to Optimize Your Business Online by Lisa Wheatly.  Available from <http://www.tgdaily.com/business/5-main-tips-to-optimize-your-business-online> [October 07, 2016]

Running an online business has been made so much easier with the emergence of social media, because just about anybody, even your target audience, is there all the time. But, even though you may have a handle on nearly all aspects of running a business online, there are still ways you can improve it. Here are 5 main tips you can implement today and optimize your online business for best results.

1. Create Fresh and Engaging Content

Being able to put up fresh new content consistently will drive your visitors to check out your page more often, which means more chances for them to purchase something from you, and more chances to share your content. And in order for them to share it, they need to find it engaging and useful. It is simple: just create your content so that overlaps with their needs, and provide a solution to their problems. Ultimately, you can hire a writing service liketopaussiewriters.com to assist you with content writing.

2. Create Mobile-Friendly Pages

These days, the majority of searches is done using mobile devices such as smartphones and tablets, which means your website and/or blog need to feature responsive design, which makes sure that the content is displayed properly, regardless of the screen size. You can create a separate version of your webite for mobile devices, but sooner or later, you will have to start incorporating responsive design, because it is quickly becoming the norm when it comes to web design and online business.

3. Use Analytics Software

One of the best ways to optimize your business would be to make use of analytics software. Analytics software can measure and quantify just about every aspect of your visitors’ behavior. Using this data, you can tweak and improve your efforts, see what works and what doesn’t, and reach your target audience more efficiently. For this, you can useGoogle Analytics (which is completely free) or Moz Analytics, which are able to gather tons of data. Another great tool you need to start using is Crazy Egg, which creates a visual heat map, where you can plainly see which landing pages and sections of your website receive the most clicks.

4. Make Your Business More Search Engine Friendly

Despite what you may have read or heard, SEO is still as important as ever, even though the way you use it has changed. Google no longer prefers keyword stuffing. Instead, it prioritizes quality content that provides real value for the readers. But, instead of waiting for your visitors to come to you, you can come to them. Check out BuzzSumo, which will let you know all about topics and keywords which are currently trending, so you can shift your focus towards providing content that is popular among the people. Also, it can help you keep an eye on your competitors and their activities.

5. Engage with Your Social Media Followers

Engaging with your customers on social media can help you establish trust, as they will be able to see that there is an actual human behind the brand, and that you’ve taken the time to hear them out. But, instead of spending time on all possible social media outlets, focus on those which are suited for your business. For instance, if your business is arts and crafts, social networks like Facebook, Pinterest, Instagram, and even Tumblr may be of use to you, while the same cannot be said for LinkedIn, for instance.

Follow these tips, and you will be able to make the most out of your efforts and improve your business so that it becomes, and stays, a success story.

Author Lisa Wheatly is a long time employee of Top Aussie Writers, a team member with years of experience under her belt. Lisa studied at the University of Queensland, Australia where she gained a degree in business that prepared her for the vast array of assignments that she now works on daily.

5 Main Tips to Optimize Your Business Online by Lisa Wheatly.  Available from <http://www.tgdaily.com/business/5-main-tips-to-optimize-your-business-online> [October 07, 2016]

Dark web, what dark web? Tips for beating back hackers and savvy cybercriminals

Dark web, what dark web? Tips for beating back hackers and savvy cybercriminals by Tom Sullivan.  Available from <http://www.healthcareitnews.com/news/dark-web-what-dark-web-tips-beating-back-hackers-and-savvy-cybercriminals>. [October 10, 2016; 07:15 AM] Photo Credit: By Andersson18824 (Own work) [CC BY-SA 4.0 (http://creativecommons.org/licenses/by-sa/4.0)], via Wikimedia Commons

Don’t wait another day to create a cyberthreat intelligence sharing team. Delve into the web’s dangerous corners, exchange what you find, learn from banking and defense. Just don’t presume cyberthreats won’t happen to you.

Anytime a major security incident occurs whether in healthcare or elsewhere the cyberintelligence team at insurer Aetna springs into action.

“When a large batch of credentials is released to the public on the dark web or on a website like Pastebin, we apply analytics to identify credentials that may be the same as what members are currently using,” Aetna CISO Jim Routh said.

If Routh’s team spots a match, that means there’s enough of a possibility that the cybercriminals could try to use those credentials for nefarious purposes that Routh has to address the situation.

“Out of an abundance of caution, we will force a password reset to proactively protect those accounts,” Routh explained. “Then we look for similarities in user IDs that may apply to our top vendors and we alert any that are impacted.”

And that’s just to start.

More sophisticated than traditional security
It’s worth noting that Denise Anderson, executive director of the National Health Information Sharing and Analysis Center, otherwise known as NH-ISAC, described Aetna’s team as particularly strong and savvy compared with the current state of healthcare organizations.

In other words: Many CIOs and chief information security officers could learn a lot from Routh and company.

Routh, in fact, was the global head of application and mobile security for JP Morgan Chase and worked for American Express before signing on with Aetna.

Indeed, Anderson explained that banking and defense sectors are ahead of healthcare in cyberthreat intelligence sharing—healthcare was hardly even talking about cyber as recently as five years ago.

“Threat intelligence is a relatively new concept and term,” Anderson said. “Intelligence should influence the more granular day-to-day work like looking at IP addresses and subject lines in emails.”

Sharing makes it better
Healthcare organizations that have not yet established a cyberthreat intelligence program should not rest on the presumption that you won’t have a security incident.

Many a CISO has said that there are two types of information security professionals in healthcare: Those who have been attacked or hacked and those who just don’t know they have.

Even though threat intelligence sharing is relatively new to healthcare there are a fistful of best practices that forward-thinking security professionals are employing already.

A first step is to participate in the intelligence sharing community that already exists by becoming a member of the NH-ISAC Anderson runs, joining InfraGard, the joint FBI-private sector partnership, work with the U.S. Computer Emergency Readiness Team (US-CERT), Department of Homeland Security’s Cyber Information Sharing and Collaboration Program (DHS CISCP), among others.

Don’t settle on just one, either. Routh recommended cultivating multiple sources to achieve best results because each can uncover different information.

“Gather information and read, read and then read some more. Develop a way to consume the intelligence you receive and make it actionable,” said Dan Wiley, head of incident response and threat intelligence head at Check Point. “Context is key to intelligence. The only way you can provide context to intelligence is to layer your knowledge about your environment with the intelligence you receive from others.”

Consider it a community. Give back. Share what you know about threats, solutions, what works, what doesn’t, and recognize that attackers — whether they’re acting alone, as part of a criminal syndicate, or even state-sponsored bad actors — are growing increasing sophisticated.

Delve into the dark web
To truly grasp what CISOs and infosec professionals are up against, it’s necessary to understand the threat landscape and, to every extent possible, your enemies.

“Get your house in order before stepping out into the threat intelligence arena,” said Bob Chaput, CEO of Clearwater Compliance. “This team must have the ability to identify a cyber incident and shut it down before the entire IT infrastructure is compromised.”

That encompasses having an intelligence team, strategy, framework, plan and infrastructure in place to defend the fortress, and only then exploring the internet’s murkiest corners.

“Ensure that some of your sources are active in the dark web and apply economic analysis to behaviors of criminal syndicates that use the dark web,” Routh said.

These practices require more acuity than the daily grind of security and compliance.

NH-ISAC’s Anderson said that seasoned intelligence experts, many of whom come out of the military, have the expertise to gather information about Tactics, Techniques and Procedures (TPPs), tracking cybercriminals, following campaigns and understanding the motivations of bad actors.

Anderson noted that healthcare entities can either hire infosec professionals with that experience or outsource threat intelligence. Either way, she recommended looking to other industries to learn about their processes and procedures, glean insights from how they sold cyberthreat intelligence sharing programs and the money required to fund them to the C-suite, and what they have learned working with security vendors.

A powerful warrior: Patience
Threat intelligence is an evolving and ongoing process. Never ending, even.

Check Point’s Wiley went so far as it to call it a life-long learning process, while Chaput rattled off regular testing, keeping current with application and operating system vulnerabilities, continual awareness and training about imminent threats, among the tasks to conduct on a regular basis.

Anderson, for her part, pointed out that the banking and defense industries started out slowly and healthcare is poised to follow suit.

“Intelligence activities take time,” Aetna’s Routh said. “So be patient and choose trends and topics for the long term.”

Dark web, what dark web? Tips for beating back hackers and savvy cybercriminals by Tom Sullivan.  Available from <http://www.healthcareitnews.com/news/dark-web-what-dark-web-tips-beating-back-hackers-and-savvy-cybercriminals>. [October 10, 2016; 07:15 AM] Photo Credit: By Andersson18824 (Own work) [CC BY-SA 4.0 (http://creativecommons.org/licenses/by-sa/4.0)], via Wikimedia Commons

Here are some tips to improve your cybersecurity

Here are some tips to improve your cybersecurity Posted October 6, 2016 by .  Available from <http://azbigmedia.com/ab/tips-improve-cybersecurity>.

October is cybersecurity month.  As cyber hacks continue to increase, the landscape is changing in many ways.  Companies and business owners are taking on more responsibility to ensure their businesses are more protected or face legal and financial consequences.  We as individuals are required to be more conscientious when sharing our personal information. And, with the Internet of Things, our families, property and confidentiality are constantly being invaded.  So what can you do other than unplugging everything and crawling under a rock?  Below are a few simple tips for you, your business and your family to increase your protection.

Protect your business

If you’re a small to mid-sized business owner, you need to pay attention to your cybersecurity.  Particularly if you are a supplier to larger companies with sensitive information. More than 60 percent of data breeches occur at small- and medium-sized businesses. Remember that cyber hack some years ago at Target? Well, their network was tapped by going through the HVAC system networks.  That hack changed everything.  Banks and customers sued and the courts determined that Target had a duty to protect their customers and banks from criminal conduct of a third party.  This court case was followed by the Alpine Bank lawsuit that established that small companies are not immune from liability for their role in data breaches.  Scared yet?  It gets worse so read on. 

So how can you limit your business liability? 

• Protect your data.   Here are few tools to get you started. The Federal Communications Commission has a custom planning guide that you can create dependent upon your business needs.  The other is a 30-minute web-based class offered by the U.S. Small Business Administration (SBA).

• Ensure your suppliers are cyber savvy.  They should have a least the same level of security you have and yes, this should be more than nothing.  Your contracts should require suppliers to adhere to customary practices designed to provide safeguards.  Confirm this during the beginning of your relationship, not after something occurs.

• Consider cyber insurance. The National Association of Insurance Commissioners and the Center for Insurance Policy and Research has a good overall article on cyber risk management.

Protect yourself

In 2014, CNN Money reported that 47 percent of U.S. Adults had their personal information exposed by hackers, likely this number has increased during the past few years. The Identity Theft Resource Centerreported more than 28 million records exposed between the beginning of the year and September 8, 2016.  The industry response to its consumers seems to be a letter stating, sorry your security has been breached. Here is your free year of credit monitoring services.  While there isn’t a lot you can do to change their system, you can change the way you do things.

• Use complex different passwords.  This is like flossing your teeth.  Your dentist says do it every day and we either ignore them or hate doing it but in reality it really helps.  The easiest way to select more secure passwords is to create phrases that you’ll remember and then insert numbers and symbols inside them.  For instance, if your phrase is “My cat ate my two fish” the password becomes Mycatatemy2fish.  You then create more complexity by changing the values to symbols and numbers, “Myc^t^t3my2fish!”

• Shred your information.  Place the shredder by your door and shred your unneeded mail before it gets into the house. The benefit is you’ll also reduce clutter in your own environment.

• Set your online social media privacy settings.  Social media sites like Facebook, Pinterest, Instagram and Snap Chat all have security settings.  The University of Texas at Austin Center of Identity has information on all of these, the settings that are available, and what they mean.

Protect your family

What is this Internet of Things we all keep hearing about on the news and radio?  In a nutshell, the IoT is the network of products that all connect to the Internet in some way.  It’s your printer, your car, possibly your television, refrigerator, your security system and even your toaster.  All of these things are collecting data from you and your family.  That talking Barbie doll, it’s also listening along with other learning toys and gadgets like Amazon’s Alexa.  Now, are you getting scared?  In reality, it comes down the price to play.  If you want the convenience of the product, you may have to give up some of your information.  These days, big data is also big business.  Here are a few tips:

• Keep your software updated.  Those pesky updates often contain new code to help ward off prior computer breaches.

• Limit your apps on your phone to reputable companies. And read the reviews before downloading.

• When using social media, don’t take that quiz unless you’re really willing to give away your preferences and receive future spam.

• Really think about the privacy price you are paying and whether it’s worth value you personally receive before you buy that new fangled device.

Here are some tips to improve your cybersecurity Posted October 6, 2016 by .  Available from <http://azbigmedia.com/ab/tips-improve-cybersecurity>.

4 Steps for Choosing A Cloud Storage Solution

4 Steps for Choosing A Cloud Storage Solution by by The NonProfit Times .  Available from < http://www.thenonprofittimes.com/management-tips/4-steps-choosing-cloud-storage-solution/?r=ig-mo>. [September 29, 2016] Photo by Tani12 - Creativecommons

There are a lot of good reasons to put your nonprofit’s files in the Cloud. It can reduce the burden on IT staff and open up opportunities to do their work remotely.

According to the staff at the nonprofit tech organization Idealware, if you’re ready to make the leap into the Cloud but aren’t sure how to find the right solution, consider these four steps:

1. Develop a Project Plan. Who from your organization should be involved in the decision-making process? Who will be involved in migrating your organization to the solution? How long will the project take? Time is an especially important factor. Managers frequently underestimate the time needed and often run the risk of the project interfering with mission-critical work.

2. Evaluate Security Features. A few high-profile data breaches can make Cloud storage seem risky, but consider the security measures most Cloud storage vendors take. The data centers are surrounded by fences and surveillance equipment and watched by armed guards. The vendors also employ data security experts who are trained to detect and defend against sophisticated attacks as they’re happening. The server you store in your closet is not likely to get that kind of attention.

Beyond the large-scale security measures Cloud storage vendors take, the software often includes built-in features that can help you take extra precautions. When considering a solution, find out whether it offers multi-factor authentication or allows you to control access by user, device, or IP address.

3. Consider Your Files. What kinds of files do you need to store and what level of management is necessary? If you have very large files, such as photographs or other graphics, it might not be cost effective or convenient to keep them in the Cloud versus on an external hard drive. Highly sensitive files such as health records or financial information might not be appropriate for some Cloud storage solutions, especially if the solution is not compliant with data security standards such as HIPAA.

4. How Do Staff Members Want to Access Files? For staff members used to navigating their computer’s local drive, there might be a strong desire to maintain the same file structure and user experience in the Cloud. Most hosted file sharing solutions will provide some way for users to access files through their computer’s file explorer. 

However, such options are not without their flaws. To provide this access, you’ll either need to sync a copy of the file structure to your computer — which is not practical for computers with little available free space — or map to the live, online server, making navigating the file structure and opening or saving files painfully slow. You might need to move away from the methods traditionally used to interact with files and adapt to working with these tools in browsers.

4 Steps for Choosing A Cloud Storage Solution by by The NonProfit Times .  Available from < http://www.thenonprofittimes.com/management-tips/4-steps-choosing-cloud-storage-solution/?r=ig-mo>. [September 29, 2016] Photo by Tani12 - Creativecommons