Kalyani M., Author at The Privacy Post - Page 4 of 23

3

The Ploutus Predicament: New ATM Malware Allows Hackers to Remotely Access Cash

Posted by on Mar 27, 2014

Ploutus malware

Ploutus malware allows attacker to take control of  ATM machines remotely.
Image source: symantec.com

The recent major data breach at Target has been an eye-opener that showed how malware infected Point-Of-Sale (PoS) devices can be exploited to gather huge amounts of credit and debit card data. Malware attacks are on the rise these days. The reason why most of these attacks are successful is because most of the malware being used is new and unknown, and no defense mechanisms are in place to counter it. Another new form of malware, called Ploutus, is targeting ATM machines and allowing cyber criminals access cash. In order to install this malware, the hacker needs to be able to physically access the ATM machine. Therefore, in the majority of cases it is seen that standalone ATM machines, especially the ones in convenience stores, become victims of data breaches. The ATM machines in banks are usually more secure than standalone ATM machines, and have a heavy physical shield protecting them from unauthorized access.

Continue reading…

Kalyani M., Author at The Privacy Post - Page 4 of 23

1

Cloud Security: Efficient and Reliable Encryption Key Management Crucial for Data Protection

Posted by on Mar 25, 2014

security in the cloud

It is important to manage encryption keys securely in the cloud.
Image from Flickr User FutUndBeidl

In our modern day and age, many enterprises are embracing cloud computing. However, one of the major concerns regarding cloud computing has always been security. Encryption in cloud computing is still in a state of flux and infancy. Some vendors provide encryption, while others don’t. There are different kinds of encryption schemes for securing data in the cloud, sometimes integrated within a system. Whenever a company decides it move its applications to the cloud, it considers several pros and cons before doing so. These are some of the questions that come to our minds before storing our data in the cloud- How the data is protected? Can we encrypt the data? How the encryption keys are managed? Who will have access to those keys?

The goal of encryption is to ensure that data stored in the cloud is protected against unauthorized access. Access to sensitive user data by third parties is a violation of privacy, and should never occur. In the light of PRISM revelations and major data breaches, like the recent Target breach, it is extremely important for enterprises to bolster cloud security. The surveillance programs by the U.S government have raised security concerns among many people. One of the things that worries end users the most is possible access to their personal data by parties without their knowledge or permission. Even globally, companies outside of U.S. have expressed security and privacy concerns regarding U.S.-based cloud companies. In order to restore the trust of their customers, companies need to take strides to strengthen their cloud security practices.

Continue reading…

Kalyani M., Author at The Privacy Post - Page 4 of 23

4

Snowden’s Take on the Value of End-to-End Encryption

Posted by on Mar 20, 2014

Snowden

Edward Snowden highlights the importance of end-to-end encryption.
Image from Flickr User DonkeyHotey

The PRISM revelations have made us more aware and proactive regarding maintaining our privacy in the electronic medium. The NSA has left no stone unturned to monitor and gather millions of user data. They have circumvented almost every security control on the Internet for bulk data collection. When it is not possible for them to break into the system, they provide legal notice to companies to access sensitive user information. In such a situation, how can we expect to maintain the security of our data? How can businesses retain the trust of their consumers that their data is safe from surveillance?

Recently, Edward Snowden spoke at the Southwest Interactive technology festival in Austin via satellite video, regarding the importance of encryption for data privacy. He said encryption works if it is implemented properly. This practice has time and again proved to be one of the most effective ways of protecting data. Snowden emphasized that encryption should not only be implemented by businesses, but active research and analysis should also be done on this security control at an academic level. The best method is end-to-end encryption. It ensures complete security of data against unauthorized access. However, often times it is seen that end-to-end encryption is not implemented in mainstream commercial products. Across the majority of the Internet, online companies are hesitant to implement end-to-end encryptions in their products.

Continue reading…

Kalyani M., Author at The Privacy Post - Page 4 of 23

0

Managing Disaster Recovery in the Cloud

Posted by on Mar 18, 2014

Cloud based disaster recovery is the most efficient and cost effective approach for data back up.
Image from www.clearpathsg.com.

Cloud computing is attracting many enterprises because of its easy deployment, cost effectiveness, and flexibility. One of the major advantages of cloud computing is its disaster recovery approach. With this system, enterprises have a cost effective disaster recovery plan in place, and do not have to worry about deployment and maintenance of IT infrastructure or resources for disaster recovery. Cloud computing gives a completely different approach to disaster recoveryIn this approach, the operating system, data and applications are integrated into a single software bundle or virtual server. This virtual server can be easily copied and backed up on an off-site data center within minutes. In comparison to the conventional disaster recovery approaches, this is extremely beneficial because it is hardware independent and therefore it is easy to transfer information from one data center to another without the burden of installing every component of the server. Cloud-based disaster recovery approach is extremely cost effective and dramatically reduces recovery time compared to traditional approaches.

Continue reading…

Kalyani M., Author at The Privacy Post - Page 4 of 23

3

A United Front: Credit Unions & Congress Fight Back Against Data Theft

Posted by on Mar 13, 2014

Capitol building

Congress is working on legislation for stronger data security standards.
Image Courtesy of Glyn Lowe Photoworks

When it comes to enacting new protections and punishments for massive data breaches, like the sort recently suffered by Target stores, Congress and credit unions are joining forces to fight back. Data theft threatens virtually every industry, from online gambling and alternate currencies like Bitcoin, to established healthcare providers and insurance companies. So when it comes to protecting customer data, everyone has a hand to play and a vested interest in the outcome. Major credit unions and their representatives are pushing for stronger penalties for data breaches so that they won’t have to keep recouping the costs of identity theft that is most often the direct result of such breaches. And congressional leaders are forging ahead to enact tougher laws and disclosure requirements to take advantage of the public’s wave of frustration over lost credit card information. While pushing for strong legislation is definitely a great step towards stronger universal data security standards and consumer protections, enterprises shouldn’t wait around for Congress to decide on a final plan. Instead, proactive businesses should stay ahead of the curve while gaining fierce brand loyalty by keeping consumer data private and anonymous through secure cloud storage and sync solutions.

Continue reading…

Kalyani M., Author at The Privacy Post - Page 4 of 23

3

Protecting Medical Records in a New Era of Health Insurance

Posted by on Mar 11, 2014

Courtesy of Greg Harbaugh/Feature Photo Service

With the healthcare system undergoing numerous changes, it’s important to make sure medical data is secure.
Courtesy of Greg Harbaugh/Feature Photo Service

Enterprises have scrambled to stay ahead of new regulations brought about by the Affordable Care Act, otherwise known as ObamaCare. The healthcare industry, however, is the most directly impacted by the law, as healthcare providers and insurance companies must prepare for an influx of new patients and a more widely insured populace. But as the insurance pool broadens, risk will be compounded as medical records and sensitive data becomes a brighter target for hacking and leaks. The best way to protect medical data in this new era of mandatory health insurance is through secure cloud storage and sync services that offer 100% data privacy and user anonymity. Anything less than full data privacy and security for medical records could result in damaged brands, exploited information, and increasingly costly HIPAA fines.

Continue reading…

Kalyani M., Author at The Privacy Post - Page 4 of 23

0

Router Security In the Cloud: Enterprises Seek Data Protection for Remote Workers

Posted by on Mar 6, 2014

As router security becomes an increasing concern, companies with remote workers are seeking data protection in the cloud.
Image Source: Flickr User Cisco Hardware at Router-switch.com

For many enterprises, security has become a chief concern in the light of hacking, the spread of malware, and international cyber wars. The latest in the litany of worries over data safety comes from news of 300,000 compromised routers. While many enterprises operate on a much bigger scale than the small office and home office (SOHO) routers that were recently attacked, the growing popularity of enabling mobile workforce and work from home policies jeopardizes sensitive company data, due to the relative insecurity of such commonly used routers. Instead of scaling back worker mobility, enterprises can still take advantage of on-the-go work and work from home solutions by securing important corporate and consumer data in a private cloud service.

Continue reading…

Kalyani M., Author at The Privacy Post - Page 4 of 23

7

Digital Currency Concerns: Bitcoin Security in the Cloud

Posted by on Mar 4, 2014

http://farm6.staticflickr.com/5544/10307542203_8ecae47c05.jpg

Bitcoin digital currency has been the focus of some attacks, but will it still gain traction among large enterprises?
Image Courtesy of Flickr User anatanacoins

For tech-savvy early adopters and enterprises seeking to stay ahead of technological innovations, Bitcoin has been presented as if it were a digital gold mine. This decentralized digital currency works through value transfers that are not yet regulated by any country, corporation, or bank. Bitcoin isn’t backed up by solid assets, so value tends to fluctuate with user investment, jumping from $150USD to $1,000USD in just a matter of months. While many enterprises have stayed away from Bitcoin use or investment until the legal issues are all cleared up, those that want to stay ahead of the curve can still take advantage of the currency while keeping their assets safe through private key storage and sync with a secure cloud service.

Continue reading…

Kalyani M., Author at The Privacy Post - Page 4 of 23

4

Don’t Wait For Data Legislation: Get Ahead of It

Posted by on Feb 27, 2014

 

FCC Chairman Genachowski Speaks About Consumer Protection

In the wake of the stunning data breach suffered by Target late last year, proactive enterprises have already started to draft and enact better security standards to protect corporate and customer data. Such data breaches irreversibly tarnish brands by establishing a bad corporate reputation and losing consumer trust that can be incredibly hard to earn back. Congress has started to discuss legislation that would provide a federal security standard along with consumer protections, but instead of waiting around for legislation that must be responded to, the best enterprises will leverage technology in their favor by seeking out fully secure solutions to data storage and syncing. Being able to proactively protect data not only offers peace of mind, but also allows enterprises to market themselves as fierce defenders of their consumers’ privacy, earning lifelong trust and better branding.

Continue reading…

Kalyani M., Author at The Privacy Post - Page 4 of 23

2

Generational Risk: Millennials & Data Security

Posted by on Feb 25, 2014

IT, Finance, & The Threat to Data Safety.
Image Source: Softchoice

Millennials are typically seen as the go-to generation for all things tech-related. So it may come as a big surprise that recent surveys indicate that lax generational views toward data security could jeopardize the safety of your enterprise’s data. This flies in the face of the recent trend of reverse mentoring, in which younger workers share their tech habits to older workers. When it comes to bad habits, such practices could cause entire organizations to adopt unsafe data storage and syncing techniques, leaving sensitive corporate information open to attack or leakage.

The best way to protect such data is through strong internal systems and the adoption of secure storage and sync services. A recent survey put out by Softchoice is changing the way enterprises view their Millennial workers. According to the research, 28.5% of 20-somethings have their passwords kept in plain sight. This is in comparison with 10.8% of Baby Boomers. So it’s clear that the common wisdom that younger generations are inherently more data-secure falls flat on its face. The survey also found that the lack of secure password storage went hand in hand with syncing sensitive files to unprotected devices for the convenience of working from home. As Millennials are more likely than other generations to push for mobile or work-from-home options, companies need to find secure solutions to handle this trend without putting their data at risk.

Continue reading…