Posted by Kalyani M. on Jun 24, 2014
A few years back, business owners were under the impression that only big and well-known companies were at risk of cyber attacks. As big organizations handle enormous amounts of data and are highly interconnected, a data breach could have a significant negative impact on the economy. However, with the advancement in technology and the advent of cloud computing, things have changed. Now, small businesses are equally at risk of cyber attacks. According to a 2013 Verizon Data Breach Investigations Report, a study was conducted on 19 global companies to identify the occurrence of data breaches in the year 2012. The research indicated that 31% of breaches were from businesses with 100 or fewer employees, and another 9 percent were attributed to organizations with between 101 and 1,000 employees.
Posted by Kalyani M. on Jun 19, 2014
It does not matter whether you are a small or large business- data is a vital part of any enterprise. Losing corporate data can cost businesses millions of dollars. Today, a large majority of companies are relying on online data backups to protect their valuable information from being damaged, stolen, or affected by natural disasters like fire or flood. Online backup services have proven to benefit for many enterprises, as they give businesses the flexibility to access data anytime from anywhere.
Posted by Kalyani M. on Jun 12, 2014
Over the years, technology has evolved at an exponential rate, from desktops to laptops to tablets, and now wearable devices. Wearable technology is currently one of the fastest growing trends. With these devices, connection to the Internet is taken to an all new level. Companies are putting millions of dollars to build the next innovative and technically advanced product for their customers. According to research and market intelligence company, IDC, “the wearable devices market will reach a total of 19.2 million units in 2014, driven primarily by gadgets such as Fitbit devices or Jawbone’s UP bracelet.” Many big names in the tech industry, like Google, Apple, and Samsung, are gearing up towards this expected rise. Recently, Samsung released its smart watch, and Google Glass has been a popular item for several months. And if the media rumors are true, pretty soon Apple will also be entering the market of wearable technologies with its new product, iWatch.
Posted by Kalyani M. on Jun 10, 2014
Cloud computing has become an integral part of today’s IT market; however, the security of data in the cloud has always remained in question. Organizations tend to outsource almost 50% of their resources to cloud-based services because of their flexibility and cost effectiveness. Since huge amounts of corporate data rest in the cloud, they have become an attractive target for cyber criminals. A data breach in the cloud can cost organizations millions of dollars. Now the question arises: is the impact of data breaches in the cloud more significant compared to traditional IT systems? A recent study conducted by Ponemon Institute and sponsored by cloud-app analytics predicts that data breaches can be three times more costly in the cloud due to improper handling of resources by some organizations.
Posted by Kalyani M. on Jun 9, 2014
As predicted by security researchers, 2014 is really turning out to be the year for new forms of ransomware attacks. Ransomware is a form of malware that takes over your system and restricts access to your files and folders until you pay the ransom amount to the malware author. Without the knowledge of the victim, the malware slowly manages to encrypt all the files, folders and documents present on the victim’s machine. Your system will not show any sign of infection, as it will take hours to encrypt all the files and folders. Once all your files and folders are encrypted, a message with a timer will pop up on your computer screen asking you to pay a ransom amount or to lose access to your important files forever. Last year, a ransomware perpetuator named “Cryptolocker” managed to infect nearly 250,000 computers, stealing millions of dollars. Cryptolocker was very successful, as it was extremely difficult to detect.
Posted by Kalyani M. on May 29, 2014
In light of NSA surveillance, finding a truly secure email service presents a challenge. The PRISM revelations have made us aware of government surveillance programs targeting the email communications of millions of Americans for mass data collection, and as a result, many of us are more concerned about the privacy and security of our data in the electronic medium. The majority of email services store our correspondence with third party services, and, as a result, are vulnerable to surveillance and interception. Apart from that, there is also the possibility of the emails being hacked or scanned by advertisers. With the NSA targeting popular email services like Yahoo and Gmail, how can we ensure secure communications over the Internet?
Encryption is one form of protection against surveillance, however there are few concerns with this method, as well. Encryption only works if it is implemented properly, and the encryption keys are securely managed and stored. The NSA has been successful in circumventing the majority of the encryption technologies on the web. But when it comes to cracking strong encryption standards, like AES, the NSA is facing some level of difficulty. Keeping all these surveillance concerns in the forefront, a German-based company, Lavaboom, has come up with a secure email service that ensures protection against government snooping activities.
Lavaboom is named after Lavabit, an encrypted email service that was used by former NSA contractor Edward Snowden for communication. Lavabit shut down their operations last year when they were requested by the government to hand over the private SSL keys that would have allowed the government to decrypt all encrypted emails. When the NSA finds it difficult to get through a tightly secured application, it sends request notices to the service providers for access to user data. In Lavabit’s case, the NSA was after the encryption keys, as they could not find a way to bypass the strong security controls implemented in the email service.
The biggest lesson gained from Lavabit’s case is that, apart from establishing strong encryption standards, email service providers need to come up with a way to effectively handle their secret keys to prevent unauthorized access. Lavaboom’s secure email service purports to take care of this issue. Their end-to-end email encryption method allows only the users to take charge of the key needed to decrypt the emails they receive from others. It is based on PGP encryption standards, which is considered one of the most robust and hard-to-crack encryption methods by far. PGP is a unique combination of traditional encryption and public key cryptography. In public key cryptography, a user’s public key is available to the public for use, but the private is only available to the user. When sending any message to the user, the sender needs to encrypt the message with the user’s public key. The encrypted message can only be read by the user when using the private key to decrypt the message.
Some people are under the impression that the use of security tools on the Internet will put them under extra scrutiny by the NSA. This is simply not true. By not using security tools, you are opening the doors for other kinds of cyber attacks, like phishing and identity theft. Imagine the amount of personal and sensitive data stored in your inbox- bank statements, credit card information, medical information, and much more. An intruder can take advantage of this sensitive information and carry out fraudulent activities. Therefore, it is in your best interest to use the appropriate services to encrypt your email messages.
Secure cloud storage service that protects your data from surveillance
SpiderOak believes in zero-knowledge privacy and establishing defenses against any individual or organization attempting to compromise your privacy. It is our belief that privacy is a right, and it is our mission to protect yours.
It provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers reliable products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. Sign up for this product today.
Posted by Kalyani M. on May 27, 2014
Data attacks have unfortunately become commonplace these days, with new reports of penetrated security systems being reported on a seemingly regular basis. SQL injection is the most commonly used form of attack by intruders to compromise enterprise data, as it is highly effective and successful in gaining access. The SQL injection vulnerability has been around for ages, and could be easily fixed during the development life cycle. SQL injection attacks have been on the rise for the past few years. “According to Neira Jones, former head of payment security for Barclaycard, some 97 percent of data breaches worldwide are still due to SQL injection somewhere along the line.” Many well-known companies, like LinkedIn, Yahoo, and the Federal Bureau of Investigation have become victims of this form of attack.
Posted by Kalyani M. on May 21, 2014
Enterprises invest huge sums of money on developing security mechanisms to protect company assets and networks against cyber attacks. With ever-emerging security threats, it becomes imperative for any organization to bolster their security controls. Organizations tend to focus on introducing new technical upgrades, improving encryption technologies, better threat detection, and prevention tools for preventing unauthorized access to their company resources. However, there is one popular means of gaining access that completely bypasses technologies and security systems. Social Engineering is a form of attack in which the attacker uses a variety of psychological tricks on a user to gain access to a computer or network.
Posted by Kalyani M. on May 15, 2014
In today’s age of technology, it is safe to say that the mobile phones have surpassed desktop PCs in terms of popularity and usability. You can get all your tasks accomplished on a small portable device, rather than sitting in front of a static computer for hours. You can surf the Internet, pay your bills, do shopping, and socialize with your friends, all from your smartphone. Besides being easy and convenient to use, another major reason behind the popularity of mobile devices is the availability of apps. There is an app for almost everything these days, from banking to health and fitness. With smartphones, all kinds of services are just a click away. However, because of their widespread use and popularity, mobile phones are vulnerable to cyber attacks.
Posted by Kalyani M. on May 13, 2014
There has been significant growth in the number of individuals working remotely or telecommuting in recent years. Remote connections, also called VPNs, are an attractive alternative for many businesses; they increase employee productivity, save company expenses, and require less maintenance. In order for this large workforce to carry out business effectively and efficiently, it is important to focus on the security of remote access technologies. It is necessary to extend the concept of “confidentiality, integrity, and availability” to the remote access devices that have direct connections to corporations’ secure data and network resources.
There is no doubt about the fact that virtualization has made our life easier by providing access to corporate home bases, anytime from anywhere. The remote services allow us to get our tasks done without having to be physically present in the office. This is an excellent option for employees with a lengthy commute between office and home, and those who need to care for children or family members. Unfortunately, remote access services are one of the most exploited IT resources in today’s time and age. Enterprises invest huge amounts of money to provide remote services; however, much less is invested to make the connections secure. Vulnerable remote access connections provide easy access to any intruder hoping to gain entry to a company’s sensitive information. From a lack of secure network configuration, to weak passwords and poor endpoint security, there are several loopholes that can lead to major data breaches.
Let us take a look at the security risks associated with remote access services:
It appears that virtual workspaces and cloud computing are here to stay. As long as giving employees the option to work remotely pays off for companies, there will be a need fo remote access connections. Therefore, enterprises should invest in strengthening remote access solutions, in order to ensure better security and confidentiality of corporate data.
True Privacy with SpiderOak: Secure remote access requires implementation of best security practices for better security of data. SpiderOak believes in “zero-knowledge” privacy, and implements strong security controls, such as 256 bits AES and two factor authentication for protection of sensitive information. It allows you to encrypt your files and folders before sending them to the cloud. Even SpiderOak cannot read your data because the keys used for encryption only belong to you. It is impossible for someone to gain control of your data by hacking into SpiderOak. SpiderOak offers amazing products, like SpiderOak Hive and SpiderOak Blue, to help you secure consumer and enterprise data. SpiderOak Blue provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space. Sign up for this product today.