source: securityintelligence.com

 

The new year has arrived, and with glasses raised and timeless stories recounted, we can now look to that well-meaning but often short-lived practice we know too well: setting resolutions.

Industry leaders often make fulsome commitments to changing systems for the better, fully intending to carry through, but they may end up missing the mark once the holiday shine wears off and the cold, hard reality of January sets in. As Forbes noted, just 25 percent of people make it 30 days into the new year with their resolution still in place, and only 8 percent turn their resolutions into reality.

With business email compromise (BEC), phishing attacks and even old-school malware reboots on the rise, how can you beat the odds with your security New Year’s resolutions? How can you stay the course when things don’t go as planned? Let’s answer these questions by looking at some security bad habits you should be rid of right now so you can tackle the top goals for both enterprises and end users to maximize cybersecurity posture.

Break Your Bad Security Habits

The first step toward a better you is giving up bad habits. Abstaining from fatty foods and alcoholic drinks tends to top the list of personal promises, but it’s often difficult to go without them since they’re simply so familiar.

This can also hold true for cybersecurity best practices. Before industry CISOs and end users can improve their 2020 outlook, they need to give up bad habits — even if they’re hard to break. Three of the worst IT offenders include:

  • Weak passwordsIn many cases, weak doesn’t do it justice. As recent data from the U.K.’s National Cyber Security Centre (NCSC) showed, some of the most common passwords cracked by cybercriminals this year included absolute gems like “pokemon,” “superman,” “qwerty,” “password” and everyone’s favorite, “123456.” Why do weak passwords remain so popular? They’re easy to create and easier to remember, but they also pose absolutely no barrier to even slightly determined hackers.
  • Free or public Wi-FiFree Wi-Fi is simple, convenient and fraught with potential security challenges — everything from man-in-the-middle (MitM) attacks to network spoofing and plain old eavesdropping can take place. Despite these dangers, 77 percent of staff still say they connect to free Wi-Fi when they’re away from the office.
  • Security blind spotsThe increasing risk of cybersecurity attacks often creates blind spots for C-suite executives. Some take a fatalistic approach and assume that since compromise is inevitable, it’s not worth the time and resources to defend the indefensible. Others aim for perfection with their cybersecurity best practices and become frustrated when it becomes apparent that this is an impossible mark.

Skip the Resolution — Set Enterprise Security Goals Instead

 

 

source: theguardian.com

 

With ever more tech in our lives, our data is vulnerable. Here are our six top tips to keep it safe in the new year

Technology is changing our lives for the better; yet it’s also exposing us to organised crime, online scammers and hackers – and whole industries built around monetising our personal data. But you don’t have to be resigned to cyber-victimhood. Give yourself, and your devices, a security update for 2020 and start fighting back.

Random and unique passwords

A study carried out by the Ponemon Institute found that 51% of individuals in the UK reuse an average of five passwords across different sites and services. “This makes your accounts far easier to hack,” says Nic Sarginson, senior solutions engineer at security firm Yubico. “By gaining access to one account an attacker could quite easily crack another.” It’s the cyber-equivalent of having one key that unlocks your front door, your office, your car and the bank for good measure, and then keeping a spare under the doormat. “Every year billions of credentials such as email addresses, passwords and personal information are shared and traded online by cybercriminals,” says Dr Richard Gold, director of security engineering at Digital Shadows. You can see if any of yours have been compromised already by going to haveibeenpwned.com. If you think coming up with a unique, long and random, complex password that you can remember for every account you use is impossible, you’d be right. Unless you use a password-manager app, such as LastPass or 1Password, which will not only generate the passwords for each site, but also store them securely and then automatically use the right ones when you need to log in. All you need to remember is the master password to unlock the app, and most will let you use your fingerprint on a smartphone instead of entering this every time.

Yes, seriously. Your smartphone is a treasure trove of data, and while your passwords are likely to be safe from prying eyes (your password manager will keep them encrypted), what about your email, social media apps, contacts etc? Criminals can use these to change passwords, take account control away from you, and commit fraud in your name or simply steal directly from you. “Most people do not set any lock code on their devices,” warns Fennel Aurora, security adviser at F-Secure. A long password is most secure. Even if you’ve set up a fingerprint scan to unlock your phone, it will ask for your pin or password after a few unsuccessful attempts. A thief can try to guess your pin (and 0000 is still a common option) or obvious password. Smartphones can be configured to automatically perform a factory reset, wiping all your data, after a certain number of incorrect unlock attempts. For Android check Settings/Security & Location/Screen lock, and on iPhones, Settings/Face ID & passcode/Erase data.

Secure your dumb ‘smart’ speakers

While you may have read about smart speakers being at risk from hackers with maliciously crafted audio tracks or lasers (yes, seriously), in the real world there are more pressing security and privacy issues to consider. The account holder can see any requests that have been made of the device; worth remembering when using one at a friend’s house. To prevent this, tell Alexa to “delete what I just said”, and Google Assistant to “delete my last conversation”. That’s assuming they have enabled the “delete by voice” option in the account settings, of course – which,. as a courtesy to your friends and family, I’d recommend doing for your smart speakers. While in the account settings, you can also delete past recordings for good measure. Using the “voice match” function for Google Assistant can prevent your personal results being available to anyone but you, and possibly Jon Culshaw. If you have enabled purchasing and have one-click payments “on” for your Amazon account, you can set a spoken pin to stop others shopping on your behalf and at your cost.

source: nytimes.com

 

The 2010s made one thing clear: Tech is everywhere in life.

Tech is in our homes with thermostats that heat up our residences before we walk through the door. It’s in our cars with safety features that warn us about vehicles in adjacent lanes. It’s on our television sets, where many of us are streaming shows and movies through apps. We even wear it on ourselves in the form of wristwatches that monitor our health.

In 2020 and the coming decade, these trends are likely to gather momentum. They will also be on display next week at CES, an enormous consumer electronics trade show in Las Vegas that typically serves as a window into the year’s hottest tech developments.

At the show, next-generation cellular technology known as 5G, which delivers data at mind-boggling speeds, is expected to take center stage as one of the most important topics. We are also likely to see the evolution of smart homes, with internet-connected appliances such as refrigerators, televisions and vacuum cleaners working more seamlessly together — and with less human interaction required.

“The biggest thing is connected everything,” said Carolina Milanesi, a technology analyst for the research firm Creative Strategies. “Anything in the home — we’ll have more cameras, more mics, more sensors.”

If some of this sounds the same as last year, it is — but that’s because new technologies often take time to mature.

Here’s what to watch in tech this year.

In the last few years, Amazon, Apple and Google have battled to become the center of our homes.

Their virtual assistants — Alexa, Google Assistant and Siri — respond to voice commands to play music from speakers, control light bulbs and activate robot vacuums. Smart home products work well, but they are complicated to set up, so most people use virtual assistants just for basic tasks like setting a kitchen timer and checking the weather.

Then in December, Amazon, Apple and Google came to what appeared to be a truce: They announced that they were working together on a standard to help make smart home products compatible with one another.

source: techradar.com

 

Over the last decade we’ve seen things people wouldn’t believe. Samsungs on fire over our shoulder. We watched Windows Phones glitter in the dark near Bill Gates. 

Many of those moments are already lost in time, like tears in the rain. But some other awful things endure, and it’s time they got in the sea.

When it comes to naming the tech trends we’d like to see the back of, we’re spoilt for choice: hardware you can’t upgrade, surveillance tech you can’t evade, streaming service exclusives and Windows Flipping Updates. But despite their obvious irritations, they aren’t the worst. Far from it. These are the ones we love to hate, the tech trends we’d like to see the back of in the 2020s. 

Style over substance

You know who we’re going to pick on here. The 2010s were the decade when Apple’s designers ruled the school at the expense of practicality, when 'it just works' became 'it doesn’t work, but it looks brilliant'.

Remember the MacBook Pro keyboard that couldn’t handle people typing on it? The Mac Pro that didn’t so much put form over function as throw function in the bin, set the bin on fire and push the bin off a cliff? The MacBook with a single USB port that meant you couldn’t charge it and use an external device at the same time?

And don’t get us started on the iPhone headphone jack, the location of the charging point on the second-generation Magic Mouse or the clown car of remotes that ships with the Apple TV.

The good news is that Apple appears to have belatedly realised this, so for example the new 16-inch MacBook Pro has a proper keyboard again.

Here’s to more slightly duller but more user-friendly design decisions this decade.

Subscriptions for everything

You’re in a cafe. You ask for a coffee, but the barista won’t take your money. They want your bank details, because you can’t just buy coffee any more. You need to sign up to the Vibrate My Eyeballs Mega Super Deal Member Plan. You get seven days free and you can cancel at any time but if you forget it’s $79.99 a month.

That’s pretty much where tech is now.

The slow march of subscriptions didn’t stop with TV and movies. Today you don’t just need six different streaming subs to cover the programmes you want to watch and the songs you want to stream. You need your photo storage sub and your online gaming sub and your Creative Cloud sub and the Patreons you support and the sub that unlocks the filters in your photo app and your wireless security camera sub and the eighty-six different subs you’ve had to take out because nobody lets you just buy an app any more and you look at the graph in your online banking app and you ask yourself, hey! How did I get here?

And the short answer is: cheapskates, mainly. Cheapskates who wouldn’t pay for stuff even when it was reasonably priced, so the people who make stuff started to see too many ribs poking through their T-shirts and decided the only way they’d actually get to eat was to make the entrance fee zero and then hit everybody with a sub to actually make things work.

And that’s fine, and it’s fair, and it’s OK until the day when that check doesn’t clear or the client doesn’t pay and your bank account is full of cobwebs and your email app has 17 messages telling you there appears to be a problem with your payment method and nothing works anymore.