source: securityweek.com

High-risk users are aware that they are more likely to be targeted by hackers compared to the general population, but many of them still have bad security habits, a Google survey shows.

High-risk user groups include business executives, politicians and their staff, activists, journalists and online influencers. Individuals in these categories are more likely to be targeted in cyberattacks due to their occupation or their online activities.

Google has commissioned The Harris Poll to survey 500 high-risk users from the United States; 100 people from each of the five aforementioned categories.

The results of the survey show that 78% of high-risk users are aware that they are more likely to be targeted by hackers compared to the general population, and 65% of them are more concerned about their accounts being hacked today than they were one year ago — a majority are mainly concerned about their work account being targeted.

Nearly three-quarters of respondents have been targeted in a phishing attack and 39% admitted having their accounts compromised. In many cases the phishing attempts relied on personal details, such as their name or organization, to increase the chances of success.

While roughly three-quarters of high-risk users believe their work and personal accounts are secure, with 91% of them claiming that they have taken steps to secure their accounts, the survey shows that many of them actually have bad security habits.

Specifically, over one-third of respondents admitted not using two-factor authentication, and 71% use the same passwords for at least some accounts. Only half of them use a security key for two-factor authentication, and 76% admit using their personal email accounts for work-related communications, which is generally considered an unsafe practice.

 

source: securityintelligence.com

 

The new year has arrived, and with glasses raised and timeless stories recounted, we can now look to that well-meaning but often short-lived practice we know too well: setting resolutions.

Industry leaders often make fulsome commitments to changing systems for the better, fully intending to carry through, but they may end up missing the mark once the holiday shine wears off and the cold, hard reality of January sets in. As Forbes noted, just 25 percent of people make it 30 days into the new year with their resolution still in place, and only 8 percent turn their resolutions into reality.

With business email compromise (BEC), phishing attacks and even old-school malware reboots on the rise, how can you beat the odds with your security New Year’s resolutions? How can you stay the course when things don’t go as planned? Let’s answer these questions by looking at some security bad habits you should be rid of right now so you can tackle the top goals for both enterprises and end users to maximize cybersecurity posture.

Break Your Bad Security Habits

The first step toward a better you is giving up bad habits. Abstaining from fatty foods and alcoholic drinks tends to top the list of personal promises, but it’s often difficult to go without them since they’re simply so familiar.

This can also hold true for cybersecurity best practices. Before industry CISOs and end users can improve their 2020 outlook, they need to give up bad habits — even if they’re hard to break. Three of the worst IT offenders include:

  • Weak passwordsIn many cases, weak doesn’t do it justice. As recent data from the U.K.’s National Cyber Security Centre (NCSC) showed, some of the most common passwords cracked by cybercriminals this year included absolute gems like “pokemon,” “superman,” “qwerty,” “password” and everyone’s favorite, “123456.” Why do weak passwords remain so popular? They’re easy to create and easier to remember, but they also pose absolutely no barrier to even slightly determined hackers.
  • Free or public Wi-FiFree Wi-Fi is simple, convenient and fraught with potential security challenges — everything from man-in-the-middle (MitM) attacks to network spoofing and plain old eavesdropping can take place. Despite these dangers, 77 percent of staff still say they connect to free Wi-Fi when they’re away from the office.
  • Security blind spotsThe increasing risk of cybersecurity attacks often creates blind spots for C-suite executives. Some take a fatalistic approach and assume that since compromise is inevitable, it’s not worth the time and resources to defend the indefensible. Others aim for perfection with their cybersecurity best practices and become frustrated when it becomes apparent that this is an impossible mark.

Skip the Resolution — Set Enterprise Security Goals Instead

 

 

source: theguardian.com

 

With ever more tech in our lives, our data is vulnerable. Here are our six top tips to keep it safe in the new year

Technology is changing our lives for the better; yet it’s also exposing us to organised crime, online scammers and hackers – and whole industries built around monetising our personal data. But you don’t have to be resigned to cyber-victimhood. Give yourself, and your devices, a security update for 2020 and start fighting back.

Random and unique passwords

A study carried out by the Ponemon Institute found that 51% of individuals in the UK reuse an average of five passwords across different sites and services. “This makes your accounts far easier to hack,” says Nic Sarginson, senior solutions engineer at security firm Yubico. “By gaining access to one account an attacker could quite easily crack another.” It’s the cyber-equivalent of having one key that unlocks your front door, your office, your car and the bank for good measure, and then keeping a spare under the doormat. “Every year billions of credentials such as email addresses, passwords and personal information are shared and traded online by cybercriminals,” says Dr Richard Gold, director of security engineering at Digital Shadows. You can see if any of yours have been compromised already by going to haveibeenpwned.com. If you think coming up with a unique, long and random, complex password that you can remember for every account you use is impossible, you’d be right. Unless you use a password-manager app, such as LastPass or 1Password, which will not only generate the passwords for each site, but also store them securely and then automatically use the right ones when you need to log in. All you need to remember is the master password to unlock the app, and most will let you use your fingerprint on a smartphone instead of entering this every time.

Yes, seriously. Your smartphone is a treasure trove of data, and while your passwords are likely to be safe from prying eyes (your password manager will keep them encrypted), what about your email, social media apps, contacts etc? Criminals can use these to change passwords, take account control away from you, and commit fraud in your name or simply steal directly from you. “Most people do not set any lock code on their devices,” warns Fennel Aurora, security adviser at F-Secure. A long password is most secure. Even if you’ve set up a fingerprint scan to unlock your phone, it will ask for your pin or password after a few unsuccessful attempts. A thief can try to guess your pin (and 0000 is still a common option) or obvious password. Smartphones can be configured to automatically perform a factory reset, wiping all your data, after a certain number of incorrect unlock attempts. For Android check Settings/Security & Location/Screen lock, and on iPhones, Settings/Face ID & passcode/Erase data.

Secure your dumb ‘smart’ speakers

While you may have read about smart speakers being at risk from hackers with maliciously crafted audio tracks or lasers (yes, seriously), in the real world there are more pressing security and privacy issues to consider. The account holder can see any requests that have been made of the device; worth remembering when using one at a friend’s house. To prevent this, tell Alexa to “delete what I just said”, and Google Assistant to “delete my last conversation”. That’s assuming they have enabled the “delete by voice” option in the account settings, of course – which,. as a courtesy to your friends and family, I’d recommend doing for your smart speakers. While in the account settings, you can also delete past recordings for good measure. Using the “voice match” function for Google Assistant can prevent your personal results being available to anyone but you, and possibly Jon Culshaw. If you have enabled purchasing and have one-click payments “on” for your Amazon account, you can set a spoken pin to stop others shopping on your behalf and at your cost.

source: nytimes.com

 

The 2010s made one thing clear: Tech is everywhere in life.

Tech is in our homes with thermostats that heat up our residences before we walk through the door. It’s in our cars with safety features that warn us about vehicles in adjacent lanes. It’s on our television sets, where many of us are streaming shows and movies through apps. We even wear it on ourselves in the form of wristwatches that monitor our health.

In 2020 and the coming decade, these trends are likely to gather momentum. They will also be on display next week at CES, an enormous consumer electronics trade show in Las Vegas that typically serves as a window into the year’s hottest tech developments.

At the show, next-generation cellular technology known as 5G, which delivers data at mind-boggling speeds, is expected to take center stage as one of the most important topics. We are also likely to see the evolution of smart homes, with internet-connected appliances such as refrigerators, televisions and vacuum cleaners working more seamlessly together — and with less human interaction required.

“The biggest thing is connected everything,” said Carolina Milanesi, a technology analyst for the research firm Creative Strategies. “Anything in the home — we’ll have more cameras, more mics, more sensors.”

If some of this sounds the same as last year, it is — but that’s because new technologies often take time to mature.

Here’s what to watch in tech this year.

In the last few years, Amazon, Apple and Google have battled to become the center of our homes.

Their virtual assistants — Alexa, Google Assistant and Siri — respond to voice commands to play music from speakers, control light bulbs and activate robot vacuums. Smart home products work well, but they are complicated to set up, so most people use virtual assistants just for basic tasks like setting a kitchen timer and checking the weather.

Then in December, Amazon, Apple and Google came to what appeared to be a truce: They announced that they were working together on a standard to help make smart home products compatible with one another.