The SentreeGuard Monthly Security Brief

Teens are well aware of the value of their personal data.

In fact, it’s about as valuable as a large pizza.

For the not-so-princely sum of £15 (call it $20), 42% of survey respondents said they’d rather give away their personal data than work at a job to earn the cash, according to a new study.

IT services company Logicalis UK commissioned the survey from Realtime Generation.

Realtime Generation surveyed some 1,000 13-17 year-olds over the course of 10 days in January, and the results are now out in a report titled “The age of digital enlightenment” (PDF).

From a press release about the report:

As consumers, teens clearly understand the commercial value of their personal data, and are willing to share information provided it results in a better service or deal.

The survey posed specific scenarios to teens to find out what type of “better service” or “deal” they’d swap their e-selves for.

This is what the kids said they’re “mostly happy” to exchange personal data for:

  • Sharing location data with university to help use facilities or campus better, improve personal safety (39%).
  • Health data being monitored and shared with medical staff to better diagnose (37%).
  • Biometric data passwords (42%).

On the other hand, this sort of data sharing made them “mostly unhappy”:

  • Organizations sharing data with third parties (60%).
  • Movement tracked in-store via personal device for marketing purposes (41%).
  • Online habits used to provide targeted ads and promotions (50%).
  • Location data used or shared (54%).

Unlocking the keys to a teen’s data-sharing heart is pure gold to marketers, of course.

The currently ripening generation has never known a world that wasn’t digital. They spend more than nine hours a day online on average, be it at a PC or on a mobile phone – and 93% of them own a smartphone.

In fact, the average “Realtimer” (yes, that’s what the survey people are calling teens) owns 4.9 digital devices.

They’re increasingly comfortable creating as well as consuming. If there isn’t an app for what they’re after, many of them will make it, the report said: 18% of those surveyed claimed they had the skills to build their own.

These are the activities they spend time on during those hours online, on average:

    • Other: 17 minutes a day.
    • Blogging: 9 minutes a day.
    • Coding: 10 minutes a day.
    • Taking selfies: 15 minutes a day.
    • Email: 21 minutes a day.
    • Video calls: 24 minutes a day.
    • Research/search: 54 minutes a day.
    • Instant messaging: 55 minutes a day.
    • Gaming: 1 hour 12 minutes a day.
    • Streaming content: 1 hour 32 minutes a day.
    • Making videos: 1 hour 40 minutes a day.
    • Social media: 1 hour 40 minutes a day.

(Total: 9 hours 29 minutes.)

The report said that Realtimers’ digital lifestyles are enough to make marketers slobber. Whether they realize it or not, with all their online activity, they’re laying the digital bricks to build a lasting digital profile.

Some of the reasons why:

  • 73% follow brands they like.
  • 62% click on ads within social media.
  • 57% make in-app or in-game purchases.
  • 75% shop online or engage with a brand online, often to seek a better deal, as part of their shopping ritual.

The report wondered why any business wouldn’t be at the data trough, lapping this all up:

They may not consider the impact of the data they are sharing, but the ease with which this generation engages digitally with brands (unknowingly?) is generating a lasting profile.

This data is enabling organizations to better develop and market products and services. If you are not online, social, and incentivizing in return for their loyalty, you will struggle to maintain brand awareness and future market share.

Interestingly enough, teens spend the most time in online venues they trust the least: social media services.

The trust lineup, in decreasing order:

  • 44% of teens trust the UK government with personal data, in return for a better service, in spite of (or maybe because of?) the fact that they’re the ones who are least likely to ever interact with the government.
  • 38% trust brands.
  • 37% trust service providers.
  • 25% trust social media

From the report:

Realtimers spend on average 100 minutes per day on social media, it is the digital activity they claim to spend most time doing – and probably where they share the most data.

Their behavior, from sharing photos and liking brands, to publishing their opinions, is helping marketers create detailed digital profiles of this generation, however social platforms remain the least trusted of organizations by Realtimers.

The report writers noted that in each of the scenarios when they asked Realtimers to state if they’d be happy or unhappy to share their data, about one third weren’t sure.

That leaves plenty of opportunity for marketers to convince teens that they’re getting, say, the equivalent of a Domino’s MeatZZa Feast® in exchange for their digital souls.

But seriously, it also means that there’s room for teens to be convinced of the implications of sharing personal data.

They might be the most digitally empowered generation ever, but that doesn’t mean they’re digitally literate enough to sift the online wheat from the chaff, if we can use such a polite term to describe some of the gunk that’s findable online.

As it is, another recent study found that 1 in 5 kids believe that search engine results are always true.

Learning how to cast a hairy eyeball at what the internet coughs up is just one of a host of tips we’ve put together in various lists regarding how to keep kids safe online.

Those tips aren’t just for kids, of course: they’re good for all of us, regardless of age.

Readers, have you talked to your kids about sharing their personal data? How did that go?

Please share whatever insights you’ve managed to glean.

Follow @NakedSecurity

Follow @LisaVaas

Image of Personal data brokering courtesy of Shutterstock.com

 

[contentblock id=72 img=gcb.png]

Anybody who walks or drives past new tracking billboards with a mobile phone in their pocket can be spied on without their knowledge or consent: a potential invasion of privacy that US Senator Charles E. Schumer wants the US Federal Trace Commission (FTC) to investigate.

Schumer, a Democrat from New York, delivered a briefing in Times Square on Sunday, electronic billboards blinking and scrolling behind him.

From his remarks:

A person’s cell phone should not become a James Bond-like personal tracking device for a corporation to gather information about consumers without their consent.

No one wants to be followed or tracked throughout their day, electronically or otherwise.

These new “spying” billboards raise serious questions about privacy, Schumer said. They should be investigated by the feds, and the companies behind them should be required to offer an opt-out option for consumers who feel that they violate their privacy.

The billboards can be found at roadsides, airports, commuter hubs, and, of course, Times Square – where Schumer gave his briefing. Some are even equipped with small cameras.

This sort of data collection is nothing new, of course.

All WiFi-capable devices broadcast a unique ID – a Media Access Control (MAC) address – when they’re looking for networks (and so long as WiFi is enabled, they’re always looking for networks).

So if you walk around carrying a mobile phone with WiFi turned on, you’re broadcasting your own, unique radio beacon, and it’s easy to track your movements.

And boy, have we seen marketers go to town on all that freely broadcast data.

MAC address tracking, also known as Mobile Location Analytics (MLA), is of serious interest to companies trying to sell us things. As of October 2013, the Washington Post reported that there were at least 40 MLA companies logging thousands of customer interactions every day on behalf of retailers.

Nothing is sacred: MLA companies have even rigged up spying rubbish bins in London, all the better to track MAC addresses of people as they passed by.

It’s common for these companies to say the data they collect is anonymous and aggregated.

But just because data is “anonymized” doesn’t mean it can’t be used to track us. As both AOL and researchers have shown, making data truly anonymous is hard.

And as Naked Security’s Mark Stockley has pointed out, turning a MAC address such as e4:ce:8f:1f:f7:ba into “Mark Stockley” by cross referencing existing personal data would be “trivial” in a retail environment – where stores already stockpile data on us through loyalty programs and data purchased from store cards to deliver highly targeted, personal advertising.

In June 2014, Apple made the news with a simple privacy enhancement that promised to throw a monkey wrench into phones’ promiscuous MAC address broadcasting when it tweaked iOS 8 so that it used randomly generated MAC addresses to mask a phone’s true MAC address.

It wasn’t perfect: Once you decided to connect to a hotspot, iOS 8 would then use your real MAC address. But imperfect as it was, it was quite a gauntlet to throw down in front of data-hungry marketers.

Schumer said that by using the data and analytics, the companies will be able to amass information such as viewers’ average age and gender, and about individuals who view a given billboard in a particular place at a given time.

Schumer urged the FTC to allow consumers to opt-out of the billboard tracking program. But given that people are likely unaware that they’re even being tracked, he also urged the FTC to make companies notify consumers when they do use the tracking technology.

The FTC has yet to respond to Schumer’s request.

Follow @NakedSecurity

Follow @LisaVaas

 

[contentblock id=71 img=gcb.png]

The world of technology is growing rapidly every day and so are the security vulnerabilities around these technologies. With so much of the business world reliant on technology, we need to ensure that there are enough trained professionals to properly manage and protect all the information made available through it. As it currently stands there are not enough IT security professionals that are properly trained to deal with such things as a cyber-attack, data leak and even an internal security audit. ISACA provided a survey in January that stated 86 percent of global organization leadership believes there are not enough skilled expects in the field to hire.

The demand for trained security leadership and senior level experts are in such high demand, the government and higher education programs alike are working together to develop a more stringent learning program to further educate our nation’s youth. One of the main reasons for this shortage is due to the sensitivity of the job at hand. During collage if you are a finance major, it is not hard to find an internship at a well-known financial institution. In cyber security, companies are limited to what they can expose Interns to. Interns that may only be around for the summer, they can risk a leak of sensitive information. As a result of this trend, it is hard for graduates to find starting jobs without any work experience in the first place. This has turned into a terrible cycle that is taking graduates longer to gain the experience needed to become experts.

The solution may not be so clear cut, but a change needs to happen starting in the high school level. No longer are the days where learning cursive writing is valuable, instead more technology based teachings should be implemented to stay ahead of this security curve. The second piece of the equation will be a little trickier to solve.

Getting early work experience started before graduation is a key point. Students need a place to get paid, mess up and have the ability to learn from their mistakes without it leading to a data breach. Investing in all technology based colleges for developers and security minded folks would be an awesome but expensive solution. This could be where the government could step in to help fill in this industry gap.

This shortage of trained security gurus will affect you sooner than later. In today’s technology based world where everything involves some sort of machine to help make life easier, you will need someone to turn to when vulnerabilities arise in this technology. The average market value for security folks are rising annually, so waiting until later may not be the best choice as fair as money goes. Overall a solution needs to be found to help steady the increase for advanced security help and also to implement this experience at a younger age with more opportunities to succeed. Only then will society have change at bridging this gap with technology.

 

[contentblock id=74 img=gcb.png]

Businessman pressing security text and icon on digital world map technology style Elements of this image furnished by NASA

 

In today’s world filled with computers, smartphones, and other smart gadgets, passwords have played an important role. Passwords have played a key role in authenticating one’s identity online. But how long do you think this authentication measure will work? The power of the computers is increasing every day. Such computers, when used by hackers and scammers, can prove to them as an effective tool for cracking passwords and accessing our online databases.

Simple or even complex passwords are easily crack able thanks to the advances in the field of technology. There has been a growing demand for using biometrics in place of textual passwords. But are biometrics as safe and secure as its supporters claim it to be?

In this article, we shall be analyzing the future of passwords and the shift in the methods of authenticating your identity. We shall also be analyzing about the various option available to us in case passwords are proved to be ineffective in the near future. Keep reading:

Are biometrics really that secure?

You may say that biometrics are the most secure way of authentication. However, biometrics has its own flaws, sometimes, even more dangerous than those in the textual passwords. Biometrics involve various methods like retina scan, finger-print scans, facial recognition. All these methods have their own merits and flaws. However, thinking them of being flawless is an overstatement which can cost you dearly.

Consider the following situation: You are “under the influence” of drugs or alcohol. Someone knowingly/forcefully puts your thumb on the finger-print sensors and steals your data.

What do you do in such a situation? Can you change your biological information? Someone said it right, that “I can change my password, but I can’t change my eyeballs!” Further, there are chances of such biometric data being stolen from the server of such companies storing such data and reverse engineered to create another set of biometric credentials to hack into your system.

What might be the future?

There are already several features in the present world which is a reflection of what is to come in the near future. There are Bluetooth bands around your arms to unlock your phone, or gadgets that follow your voice commands. Apart from these, your behavioral patterns may also be used in the future to authenticate yourself. Given below are a list of behavioral pattern which could be used for authentication purposes:

· Characteristics of speech

“Voiceprints” will not be enough. Voiceprints will be supplemented with additional information like accent, emotional state, cadence, which will form a part of a strong password.

· Blinking

MasterCard has already implemented the Identity Check system whereby you can use a selfie to authenticate yourself. In addition to selfies, the check also requires you to blink. The blink patterns may prove to be a key factor in differentiating between the true user and an imposter.

· Walking

You walking pattern might also add a layer of security. You speed, or gait will provide your devices with sufficient information to determine the authenticity of the owner.

Endnote

From the above discussion, it becomes very clear that passwords and biometrics are not secure enough in today’s online world. There, definitely, is a need for a stronger authentication method which has no or little loopholes. There is a need to add another layer to the biometrics to beef up the security.

In the near future, we might see a combination of biometric authenticators and other methods to enable swift and secure authentication into our devices. Hopefully, this will be done soon and in an efficient manner so that chances of being compromised remains minimal.

 

 

[contentblock id=75 img=gcb.png]

Torso shot of businessman pressing the words ACTIVE CYBER DEFENSE. Green closed padlock and cloud icon signify secure data transfer. Security engineering metaphor. Cybersecurity concept.

 

System infrastructure for cyber security is commonly divided into three tiers of infrastructure that breaks it down into separate silos presentation, applications processing and data management. This foundation of three modules that was developed by Open Environment Corporation (OEC), allows developers to exercise flexibility in reusing, replacing, adding or modifying software functions to client-server architecture.

Presentation Tier

The top tier is a user interface that presents direct access to services in an easy-to-read display. It interfaces with all the other tiers of the network, including the browser/client layer. For maximum cyber security, this tier can be designed to be a server within a server including a server within a database server. Such an arrangement allows for diversity in server locations.

 

Domain Logic Tier

The second tier controls functions of the architecture, such as applications processing and business rules. It can be organized as a web server integrated with a web application and/or database server. The logical tier is where cyber security managers have access to establishing and adjusting security risk management policies. It’s an exclusive access tier that allows senior management to collaborate on testing and assessing various security features.

Data Storage Tier

The third tier comprises data management. It’s a tier that allows IT professionals to conduct regular security procedures, such as continuous monitoring for cyber security threats, without affecting set policies of the overall framework. It’s where backups can be stored and accessed in the event of a disaster. This tier provides the IT team with instructions on how cyber security procedures implemented in the logical tier have been updated for risk-based management decisions.

 

Cyber security software fits into architecture that can be divided into well-defined tiers of servers that allows for efficient and flexible upgrading when new technology needs to be added. Each server of the system has a specific purpose and is independent of the other tiers, allowing for a new operating system to be installed in the user interface without affecting the other tiers. At the same time data can be transferred between all tiers. Ultimately, the three-tier system provides the most protection possible against cyber threats.

 

[contentblock id=73 img=gcb.png]

We all love a good BYOB, so just think about it… what if you could do a BYOG? You know, Bring Your Own Gateway. Enjoy a clean, safe Internet experience without having to use any additional software or hardware, plus be safe online in five minutes. Can you imagine not having to spend time and energy on wiring your house or business (not to mention the gray hairs you will save)? We know, it sounds so simple. Well, that’s because it truly is. There is nothing to move or change when you do it the smart way, the BYOG way.

MDS Cloud Powerhouse

 

Turn your existing gateway into a perimeter security powerhouse! Not only do you have Botnet protection with MDS, but also phishing protection. Save the fishing time for a Saturday afternoon at the river, not when you are busy working on your laptop. Who wants to handle that headache of making sure you are protected from malicious malware and phishing schemes on a daily basis? Luckily for you, we do.

BYOG Cloud Link

 

MDS not only protects your computer system when you BYOG, but we also are able to get you connected quickly to our cloud tunnel since there is no extra wiring needed. Don’t have an existing gateway? No problem! You can also connect though one of our Cloud-Links®. The MDS Cloud-Link gives you full access to the MDS Cloud in under five minutes. It’s easy to manage and includes free guest WiFi.

It’s that simple. Turn your existing router or gateway into a next generation cybersecurity machine in just five minutes! Experience clean Internet with the MDS Cloud with a simple click of the mouse. Just think, the MDS Cloud provides you with a Firewall, Antivirus, IPS, APT Defense, Web Filtering, Botnet Protection, Phishing Protection, Malicious Site Protection, Application Control, DLP, and Advanced Malware Protection. All in a day’s work for MDS when you BYOG to our MDS Cloud!

 

[contentblock id=71 img=gcb.png]

 

Implementing a strategic plan for teaching new hires about data security is an important part of your company’s onboarding process. The weakest security link in any company are the people working there and you need to make sure those people know this. The best way to get this point across is presenting the following topics with a sense of urgency and fear. No one wants to be the person responsible for a data breach.

Do not click the link

Phishing emails are the easiest way for attackers to compromise your data. It is a best practice to teach your company to trust your gut when receiving phishing emails, if it looks suspicious, it probably is. Things like email domains, caps lock and redirecting links are all pin point signs of a phishing email. Here are some tips and tricks to help better detect these emails before you open them.

  • Anything with a hidden hyperlink is suspicious, if you hover your mouse over this link without clicking, it should tell you the true identity of the source or redirect site.
  • Misspelling of email address or domain suffix
  • Email content consists of wiring money to an external account
  • A general rule, if you have never spoke to the person before, why would they be emailing you?

A yearly reminder should be sent out regarding the dangers of phishing emails to reinstall the fear into your employees. Also conducting a phishing campaign yearly will give you an accurate progress report on how effective your methods are.

Don’t share your password

Teaching password best practices is a must, employees will make passwords short and simple to easily remember. To make a secure password the following must be met:

  • Password length should be over 14 characters
  • Must contain a special character
  • Must contain a number
  • Must contain a capital letter

Also it may be easier to have your employees try to remember a passphrase. For example take the first letter of every word in your favorite song verse. Now combined these together, add a capital, number and a special character. You now have a super secure password. This passphrase should also prevent them from writing down their password.

Physical access

Now that you have covered virtual security, protecting physical security is next on the list. Preach the importance of not losing your door badge key. More importantly, not letting people piggy back into the building. Piggybacking is letting someone in on your badge swipe. This occurs a lot because employees find it awkward to shut the door on someone. By announcing to your entire company that shutting the door in someone’s face (or at least checking to make sure they have a badge) is not only acceptable but expected. This will remove the tension and awkwardness throughout the building if everyone knows this is policy.

All of these practices should be included in your companies IT security policy, which every employee should have access to. All of these vulnerabilities have one thing common, the human. Any activity that involves a human and sensitive information should have a control around it to help prevent unwanted data leaks.

 

[contentblock id=74 img=gcb.png]

Security Brief – May 2016

 

Employee Personal Data Breaches on the increase

You wouldn’t think that working for a grocery chain would put you at risk of having your personal data stolen and posted online. But, that’s exactly what happened to almost 100,000 employees of the UK supermarket chain Morrisons. What makes this worse is the supermarket recently denied liability for the breach. Lawyers representing the employees in this case promise to contest the retailer’s position on this.

Cox Communications recently announced that it is looking into the possible breach of the personal information of 40,000 of its employees. Although they aren’t sure yet if the stolen information is authentic, a spokesman for the company says they are conducting a thorough investigation and are committed to protecting privacy and data security.

One employer that most of us would assume would be highly safe to work for is the U.S. Department of Homeland Security (DHS). However, just last month the DHS learned that a hacker posted the names, job titles and email addresses of 9,000 of its employees online.

U.S. Universities targeted by hackers

Last month the University of Central Florida made it known that the personal information, including social security numbers, of 63,000 current and former students, staff and faculty members had been exposed.

The faculty, students and alumni at UC Berkeley recently found out that a hacker broke into the financial data system containing information on 80,000 records. They could not prove that anything had actually been stolen but took steps to patch the flaw immediately.

Indiana Electrical Company breached

The Kankakee Valley REMC discovered a possible data breach affecting 17,700 of its members. The breach happened in mid-January of this year and was discovered after the company conducted a cyber security audit. The information exposed included member names, addresses and phone numbers.

Although the company couldn’t confirm if any of this information was copied or stolen, they did respond promptly to correct the problem and will conduct more frequent audits.

It’s always a good practice to check the vulnerability of your network.  Check your network’s performance now at shieldtest.com.

Our monthly Security Brief is here to offer you a monthly briefing of whats going on in the world of Data Security

Employee Personal Data Breaches on the increase

You wouldn’t think that working for a grocery chain would put you at risk of having your personal data stolen and posted online. But, that’s exactly what happened to almost 100,000 employees of the UK supermarket chain Morrisons. What makes this worse is the supermarket recently denied liability for the breach. Lawyers representing the employees in this case promise to contest the retailer’s position on this.

Cox Communications recently announced that it is looking into the possible breach of the personal information of 40,000 of its employees. Although they aren’t sure yet if the stolen information is authentic, a spokesman for the company says they are conducting a thorough investigation and are committed to protecting privacy and data security.

One employer that most of us would assume would be highly safe to work for is the U.S. Department of Homeland Security (DHS). However, just last month the DHS learned that a hacker posted the names, job titles and email addresses of 9,000 of its employees online.

U.S. Universities targeted by hackers

Last month the University of Central Florida made it known that the personal information, including social security numbers, of 63,000 current and former students, staff and faculty members had been exposed.

The faculty, students and alumni at UC Berkeley recently found out that a hacker broke into the financial data system containing information on 80,000 records. They could not prove that anything had actually been stolen but took steps to patch the flaw immediately.

Indiana Electrical Company breached

The Kankakee Valley REMC discovered a possible data breach affecting 17,700 of its members. The breach happened in mid-January of this year and was discovered after the company conducted a cyber security audit. The information exposed included member names, addresses and phone numbers.

Although the company couldn’t confirm if any of this information was copied or stolen, they did respond promptly to correct the problem and will conduct more frequent audits.

It’s always a good practice to check the vulnerability of your network.  Check your network’s performance now at SentreeGuard shieldtest.com.

Is Your COMPANY's Data on the Dark Web, Find out TODAY!!!

GET YOUR FREE DARK WEB SCAN TODAY!!!

Copyright © 2015 - 2018 Sentree Systems, Corp.. All rights reserved.

Sentree Systems, Corp. | 6137 Crawfordsville Rd Ste F #177 Indianapolis, IN 46224 | 317-939-3282