Two Factor Authentication – Your Pass http://your-pass.com/ Wed, 11 May 2022 11:10:26 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.3 https://your-pass.com/wp-content/uploads/2021/05/your-pass-icon-150x150.png Two Factor Authentication – Your Pass http://your-pass.com/ 32 32 This startup hit a $1.1 billion valuation by removing email hacks https://your-pass.com/this-startup-hit-a-1-1-billion-valuation-by-removing-email-hacks/ Wed, 11 May 2022 11:00:00 +0000 https://your-pass.com/this-startup-hit-a-1-1-billion-valuation-by-removing-email-hacks/

A growing wave of tech layoffs has led to remorseful laments from CEOs they hired too quickly during the pandemic. When starting Material Security, Ryan Noon says he faces no such issues; on the contrary, he says, he is being hired “probably a little slower” than necessary. “I think the last two years of Silicon Valley will be remembered as a time of waste,” says Noon, co-founder and CEO. “You don’t need a lot of people to do a lot if you have the right people.”

Material Security employs less than 40 people, but has exceeded its weight class to sign enterprise customers like Mars, Stripe and insurance giant Chubb for its security software that can protect emails even if they are pirated. “We significantly outnumber our number of customers by at least a binary order of magnitude or two,” says Noon, adding that he has yet to lose a single customer.

Now, with others relying on bloated payrolls, Noon believes the time is right to expand his staff. Investors agreed and poured $100 million in new funds announced Wednesday into the Redwood City, Calif.-based startup. The Series C fundraising, which values ​​the company at $1.1 billion, was primarily an insider round, led by existing investors Founders Fund, with participation from former backers Andreessen Horowitz and l solo investor Elad Gil.

In the pandemic era alone, Russian-backed hackers hacked Microsoft Office 365 email accounts from various US government agencies, while hackers suspected of being linked to China accessed Gmail accounts from journalists employed by News Corp. The idea of ​​Material Security is that even if these hackers are able to break into an organization’s email accounts, they can still be prevented from stealing valuables. The premise came to Noon in 2016 while he was on sabbatical in Berlin after a stint as head of engineering at Dropbox. Obsessed with the intrigues of the US presidential election that year, Noon says he became particularly drawn to leaked emails from the personal Gmail account of Clinton campaign chairman John Podesta.

To make the idea a reality, Noon returned to the United States to team up with former Dropbox colleagues Abhishek Agrawal and Chris Park. They launched their startup in 2017 (Agrawal is CTO, Park VP of Engineering) with an initial product that identifies important emails in an inbox – for example, a message containing a financial document sensitive – and obfuscates them so that if a hacker tries to download such an email, they are unable to see the sensitive information. An additional step, such as confirming a multi-factor authentication prompt on Duo or Okta, reopens email access for the authentic user.

Realizing that the same technology for personal email accounts could be applied to their corporate counterparts, the founders made the business decision to target large corporations rather than individuals. “An Office 365 account is just a very expensive Hotmail account, and a Google Workspace account is just a very expensive Gmail account,” says Noon. “We have all the time in the world to go and protect Grandma, but we decided to start with the real businesses first. (Clients include a handful of “VIP” people, such as billionaires and professional athletes, according to Noon.)

Material Security has since added more features, such as detecting hackers’ attempts to gain access to a user’s other non-email accounts by attempting to reset their passwords via email. The company’s net revenue retention is over 150%, with customers often paying more money to access more features over time. The new round of funding will go towards expanding engineering efforts to build more functionality around email security, but also beyond email. Some of the same principles used to protect email documents can be used to protect other content stores, such as files in Dropbox or Google Drive, says CTO Agrawal. “All of our patents are written in a fairly generic way,” adds Noon.

Ready now to bolster headcount – rough plan is to double in size over the next 12 months, says Agrawal – Material Security intends to build a go-to-market team to complement its mostly technical staff. The company currently has almost no marketing employees, and the bulk of sales has been driven by the founders. “Trae Stephens says founder-led sales usually end much sooner than they currently do” because the company would be better served to hire a sales manager with experience in selling to large clients. partner of the Founders Fund, which led the last round. “It was really cool to see them having that much momentum at this point.”

Founders and investors have been tight-lipped on what exactly this momentum means from a revenue perspective (Noon only offers this revenue which has more than doubled year over year). “Growth VCs will take every data point and they will extrapolate and then they will scale to certain audiences [stock comparison] curve and you’ll wish you hadn’t said a thing,” Noon says.

Still, Noon is confident enough to say he thinks hardware security can carve out an independent space for itself in the cybersecurity world. “There’s a lot of fake innovation and snake oil and all those things in our industry that are very hateful,” he says. Material Security customers, he adds, complained to him about former security software companies that promised exciting products but ultimately sold their businesses and cashed in before they got there.

“There haven’t been a lot of really big cybersecurity companies because entrepreneurs are playing it safe,” says Noon. “I have already sold a business. It’s not great; it’s a bit pointless. So I wanna keep the promise we made [to our customers]. It’s quite obvious and quite personal.

]]>
How to delete a Discord server on desktop and mobile https://your-pass.com/how-to-delete-a-discord-server-on-desktop-and-mobile/ Mon, 09 May 2022 11:02:57 +0000 https://your-pass.com/how-to-delete-a-discord-server-on-desktop-and-mobile/

Discord isn’t just an online messaging platform, but it makes it easy to build communities for the most specialized things you can imagine to find like-minded people. This is how servers act as online communities that are always online… The Server Pack various features such as voice channels, screen shares, video calls, etc., to be a much better version than dedicated forums.

After a while, you may need to delete your server if it has served its purpose or if it turns into something you don’t agree with. Of course, by deleting the server, you will also delete all data associated with it. The process of deleting a Discord server can be quite simple; however, it depends on whether you meet the criteria below.

Requirements to delete a Discord server

To delete a Discord server, you must consider the following or ensure that you have met these requirements:

  • The possession: Only the owner of a Discord server can delete it. Therefore, to delete a Discord server, you must either have created the server or transferred ownership to yourself. This differs from the role setting on Discord.
  • Authentication: If you’ve set up two-factor authentication for your Discord account, you’ll need to access the authenticator or keep your backup codes handy. Indeed, you will be prompted to enter the authentication codes when deleting the server.

If you meet these requirements, follow the steps below to delete your Discord server.

How to Delete a Discord Server on PC

When you delete a Discord server, the app deletes all members of the server, including yourself. After that, Discord shuts down the server and it ceases to exist. The steps below will guide you on how to delete a Discord server on a computer:

Step 1: On your PC, click on the start menu and search for Discord.

2nd step: Click on the Discord app in the results and select “Open” in the right pane.

Step 3: When the Discord app launches, click on the server icon in the left column.

Step 4: You should see the server name. Click the drop-down menu next to the server name.

Step 5: Click Server Settings from the drop-down menu to open a new window.

Step 6: In the new window, scroll down the list of menu options and click Remove Server.

Step 7: You should get a pop-up message asking, “Are you sure you want to delete server (server name)?” This action cannot be undone. Click the Delete Server button.

Step 8: Enter the passcode after using the Authenticator app and tap Delete to get rid of the server.

After following these steps, Discord will permanently delete the server.

How to Delete a Discord Server on Android

To delete a Discord server using your Android, here is what you need to do.

Step 1: Launch Discord on your Android phone or tablet.

2nd step: Scroll through the list of servers and tap the server you want to remove.

Step 3: Tap the three vertical ellipsis button at the top right of the page to launch a new window.

Step 4: Click the Settings icon to launch Server Settings.

Step 5: At the top right of the Server Settings window, tap the button with three horizontal ellipsis.

Step 6: Tap Delete Server.

Step 7: Enter the authentication code of you are using 2FA. Otherwise, you can continue the process.

Step 8: Press the Delete button to get rid of the server.

How to Delete a Discord Server on iPhone

The process for deleting a Discord server on iPhone is very similar to the one you have for Android. Check out the steps below:

Step 1: Launch the Discord app on your iPhone.

2nd step: Scroll through the list of servers and tap the server you want to remove.

Step 3: Tap the three horizontal ellipsis button at the top right of the page to launch a new window.

Step 4: Click the settings gear icon to launch server settings.

Step 5: In the Server Settings window, tap Overview.

Step 6: Scroll to the bottom of the new page and tap Delete Server. Confirm the process by tapping Delete on the pop-up window.

Step 7: You should get a pop-up message asking “Are you sure you want to delete server (server name)?” This action cannot be undone.’ Press Yes.

Step 8: Provide the passcode and tap Delete Server to complete the process.

Set up a Discord server

This is how you can permanently delete a Discord server from PC or mobile. This will also delete all attendees, messages, and any other data associated with it. If you change your mind later, you can always set up a new Discord server, as the app has no restrictions on this.

]]>
How can financial institutions better secure their workforce? https://your-pass.com/how-can-financial-institutions-better-secure-their-workforce/ Fri, 06 May 2022 20:45:52 +0000 https://your-pass.com/how-can-financial-institutions-better-secure-their-workforce/

By Rob Otto, Field CTO EMEA at Ping Identity

The pandemic has caused major upheavals in the way we work, pushing many companies to move away from office culture and embrace more flexible ways of working. This transition is still in the experimental stage, as companies try to find and test new post-pandemic work models for their businesses and employees.

When workers began accessing corporate applications and resources on personal devices via home Wi-Fi, excessive unpatched vulnerabilities were created and the door was opened to criminal actors. Home-based workers, for example, are prime targets for phishing and malware attacks trying to steal personal information or gain access to corporate accounts.

The banking sector has been disproportionately affected, with ransomware attacks up 1,318% year-over-year in the first half of 2021. In fact, according to IBM, 23% of all cyberattacks are directed against financial institutions. Businesses around the world are under pressure to secure their cyber infrastructure. Responsible leadership is an essential part of any path to transformation, especially that towards cyber resilience. To avoid being a victim and motivate others to follow, leaders must make the effort to take the lead and support cybersecurity practices.

So how can financial institutions effectively manage long-term cybersecurity threats?

Identification is the key

When the sea change to remote working happened in early 2020, business leaders and IT teams focused on getting their workforces up and running immediately, with security taking a back seat.

However, everyone in business must be proactive in order to prevent fraudsters from using stolen identities and credentials. Knowledge of cybersecurity and information systems is essential as it serves as the basis for avoiding a cyber breach or attack. Employees should be educated (and educated) in cybersecurity, because a security vulnerability cannot be addressed or reported if it is not identified.

Choosing the right degree of security is essential for a business, and the following are some of the most important.

The first phase of the process is identification, in which a user submits information about themselves when creating an account. A genuine user will provide accurate information, but a fraudster may provide fraudulent or stolen information.

Secondly, verification, which obliges the user to demonstrate that the information he has provided is correct, is crucial. Since stolen identities can be used to open accounts, this step prevents fraudsters who cannot prove their identity from creating fake accounts.

To finish, authentication, which requires users to prove their identity, is necessary. Methods used for verification, such as fingerprint scanning and facial recognition, are also used for authentication. If the user logs in at an unusual time, place, or other situation, adaptive authentication will ask for more information to make sure they are who they say they are.

Companies must build a bridge that connects all ecosystems, allowing them to succeed while ensuring that only the right people have access.

Multi-factor authentication

Another tool in the arsenal of financial institutions is multi-factor authentication (MFA). MFA, at its most fundamental level, requires confirmation that users are who they say they are. Before access is granted, users must present verification from two or more authentication factors.

A hacker or unauthorized user may be able to obtain or purchase a password on the dark web, but their chances of gaining access to a second authentication factor are low and will require a lot more work. Therefore, MFA prevents criminals from entering your systems and obtaining your data.

Since most organizations lack the time and resources to eliminate the need for usernames and passwords to authenticate users, additional means of validating a user’s identity are required. In multi-factor authentication, users must present proof of their identity from two or more authentication factors before they can access their account.

API Security

A final area that financial institutions need to ensure they are properly protected is their application programming interfaces (APIS). The number of APIs being developed in financial services has exploded in recent years, propelled by digital transformation and the critical role APIs play in mobile applications and the IoT. Whether an application is for customers, workers, partners, or anyone else, the client side communicates with the server side through an API.

As far as APIs are concerned, they are often extensively documented or easily reverse-engineered because they are frequently accessed through public networks, making them attractive targets for criminal actors. An attack may include circumventing the client-side application in order to impair the operation of an application for other users or compromise sensitive information. API security is about protecting this layer of the application and talks about what could happen if the wrong person tries to hack the API directly.

Due to the crucial role they play in digital transformation and the access to sensitive internal data and systems they provide, they need a dedicated security and compliance strategy. As digital transformation programs accelerate the introduction of new APIs, it is important that organizations review new APIs for appropriate security measures.

Secure for the future

Cyberattacks on financial institutions continue to be a major source of revenue for cybercriminals. Despite the fact that financial institutions have strengthened their cybersecurity measures, the changing and growing strategies of cybercriminals are making it harder for them to stay safe. To be successful, all leaders must ensure that their organizations have a strong safety culture. The need to keep the team informed of potential threats and train them on how to respond in a crisis is now more critical than ever.

Using sophisticated login methods, such as multi-factor authentication, can help protect against social engineering attacks aimed at customers. Even if the scammers manage to get the login credentials of the consumers in such a case, they will not be able to access the financial company’s website. Multi-factor authentication can also help protect against insider attacks by fraudsters trying to access sensitive data.

More importantly, educating consumers and staff about social engineering can help mitigate the impacts of this type of aggression on both parties. Financial institutions can reduce the risk of email hacking by providing customer training materials in the form of newsletters and detailed staff training.

]]>
On World Password Day, Uttarakhand police refer to Elon Musk’s son https://your-pass.com/on-world-password-day-uttarakhand-police-refer-to-elon-musks-son/ Thu, 05 May 2022 10:42:35 +0000 https://your-pass.com/on-world-password-day-uttarakhand-police-refer-to-elon-musks-son/ Uttarakhand police on Thursday urged netizens to set strong passwords on World Password Day for “optimal digital security” and added an Elon Musk twist.

The police asked netizens to make sure the passwords are difficult like the name of the son of the CEO of Tesla. In a quirky way, Uttarakhand Police asked: “Elon Musk named his son X Æ A-Xii and you can’t think of a strong and reliable password? »

Netizens have been scratching their heads after the world’s richest person named his son ‘X Æ A-12’ in 2020 and now Uttarakhand police have used it to promote cyber security.

See the post:

See reaction:

https://platform.twitter.com/widgets.js

World Password Day is celebrated annually on the first Thursday in May to promote cybersecurity. In keeping with the national calendar, Intel Security declared World Password Day in May 2013, inspired by the idea of ​​security researcher Mark Burnett.

A strong password is crucial to prevent attacks from cybercriminals. Phishing attacks can be avoided by not reusing the same password, setting up two-factor authentication, and performing online security checks by Google.

The unusual name of Elon Musk and his partner Claire Grimes’ son, X Æ A-12, caught the eye online in 2020. The SpaceX CEO had even explained the meaning of the name and how to pronounce the name in a viral podcast with American comedian Joe Rogan.

]]>
6 Best Data Loss Prevention Strategies https://your-pass.com/6-best-data-loss-prevention-strategies/ Sun, 01 May 2022 19:24:41 +0000 https://your-pass.com/6-best-data-loss-prevention-strategies/

Data loss has a worldwide cost $3.92 million. Any organization that lacks due diligence in protecting its data risks losing it to cyberattackers. Data loss is more than just an inconvenience; it’s an event that can make or break the future of your business. The only meaningful way to combat such an event is with a strong data loss prevention strategy.

There is a lot of data loss prevention methodsbut they have the same objective: to counter and reduce the risk of loss of your company’s data.

DLP technology is available in two categories: enterprise DLPs for a company’s desktops and servers, and embedded DLPs, which are used to secure web gateways, email encryption, and other tools.

Below we discuss data loss prevention implementation strategies. The security of your data is intrinsically linked to the security of your system.

We will also look at some best practices for data loss prevention. If some require the use of software, the human link can never be ruled out. Safe, robust and efficient data processing is vital.

Build a solid DLP strategy

Nothing protects your data more than a solid DLP strategy. The first step in any data loss prevention strategy is to determine the level of protection your data needs.

Next, you need to determine an appropriate course of action for data access. Some companies opt for comprehensive reporting, showing who is accessing their data, when it is accessed, what is taken, etc.

You can extend your data loss prevention project plan by selecting the organizational data that needs to be secured.

Implement policies that dictate where data should reside and the requirements for accessing it, such as multi-factor authentication or privileged access. Your plan should also include protocols for dealing with hypothetical threats if your data is compromised.

Classify data and identify what you want to protect

When implementing your data loss prevention strategy, it is crucial to understand the importance of each data of the company. All modern businesses are data-driven, but not all data is equally relevant.

Sensitive data must be separated, classified and prioritized. A vital component of a data loss solution keeps an eye on the data shared with your suppliers, partners and third-party platforms.

Over time you will notice distinct patterns as sensitive data is stored separately with data loss prevention controls. This cluster of data essentially becomes your most valuable asset. Back it up and update it frequently to keep your organization running in the event of a data breach.

Do not collect unnecessary data

In modern companies, most data compilations are done through automationAI data collection systems which leave almost nothing untouched.

However, one of the best data loss prevention steps you can learn is that excessive data diminishes your efforts to protect your business. You only need data that is useful.

Don’t let your system collect data just because it’s there. There is so much storage space available these days no matter which solution you use.

Yet cloud services and servers are limited, and too much data takes away the resources you can use to protect your information Minimize your risk by cutting the fat and focusing on the data that drives your business.

Additionally, the data you collect should be determined by the company policies and regulations you implement. Not to mention that companies these days are supposed to be transparent when it comes to privacy.

Implement strong access management practices

One of the best data loss prevention best practices has access management to prevent data leaks. You can use Access Control Lists (ACLs) to review and manage who can access your company’s online resources, granting custom permissions to your employees. The assignment of roles within the framework of IT management is an excellent data loss prevention method.

It may not seem like much, but keeping your software up to date can boost your security tenfold. Make sure you are working with updated versions of all software, from operating systems to antivirus. Spread the word to the IT team to manage any necessary patches to keep your technology running like a well-oiled machine.

When planning data loss prevention controls, you need to find out about the anomalies. An anomaly is a point that stands out in your data, creating an imbalance in its normal behavior. Anomalies can be outliers that appear unsystematic or a large spike that shows a sudden change from standard patterns. You may face slow drifts or long-term changes in your data.

Modern data loss prevention strategies rely on a statistical analysis coupled with correlation rules. The data obtained is combined with machine learning procedures and behavioral analyzes to identify abnormal behavior. Once your systems have learned the expected behavior of your data, they can detect any suspicious activity that could cause data leaks.

Educate your employees and test the DLP strategy

For your data loss prevention project plan to work, you have to apply it. The best way to do this is through education: schedule classes, seminars, online training, email campaigns, and more. Your employees need to be aware of the risk of data leaks to comply with all of your security policies.

You can go further and create a training scenario where they apply the DLP strategy step by step to be evaluated. You can also create a group to inform employees about what is data loss prevention. Hold quarterly meetings to keep your team up to date with cybersecurity updates.

Final Thoughts

A good data loss prevention strategy combines technology, controls, regulated access to data and trained personnel. Your business can thrive if you implement a well-structured and centralized DLP program. You need to assess the risks and your internal sources of data. Creating an inventory of the data you need helps maintain a streamlined operation.

Protect your data with restricted access and controls that let you see who has access to it and how it’s being used. Beware of anomalies; use machine learning tools to protect your data. Take the time to educate your staff and make sure they understand the issues data loss prevention controls and the critical role they play in maintaining corporate security.

The post 6 Best Data Loss Prevention Strategies appeared first on EasyDMARC.

*** This is an EasyDMARC Security Bloggers Network syndicated blog written by EasyDmarc. Read the original post at: https://easydmarc.com/blog/6-best-data-loss-prevention-strategies/

]]>
ARKcoin Review – The Revolutionary Trading App [2022] https://your-pass.com/arkcoin-review-the-revolutionary-trading-app-2022/ Sat, 30 Apr 2022 04:57:50 +0000 https://your-pass.com/arkcoin-review-the-revolutionary-trading-app-2022/

A cryptocurrency exchange is required to trade cryptocurrencies. However, there are many reports of exchange hacks. It is scary to think that the money a user puts into an exchange could be stolen.

Additionally, many exchanges are located outside of the United States. Also, depending on the countries where the exchanges are located, they may have freer laws and security, which makes them vulnerable to hacking.

ARKcoin (https://arkcoin.cc/), on the other hand, is an exchange that is actively trying to address these security issues. It is based in the United States and claims to have never been hacked. The platform is also simple to use and offers reasonable costs. Many cryptocurrencies available on ARKcoin can be purchased directly in USD. This review will take a deeper look at the ARKcoin cryptocurrency exchange platform.

What does ARKcoin offer?

ARKcoin’s popularity stems from the fact that it has one of the easiest and fastest purchase processes. It also helps that it is a US regulated company.

A user can trade Bitcoin, Bitcoin Cash, Ethereum, and Litecoin on the ARKcoin platform without first converting their base currency to another cryptocurrency.

Wallets

ARKcoin, like other cryptocurrency exchanges, provides a digital wallet to hold a user’s digital assets. They can keep all their cryptos on a smartphone using the ARKcoin wallet.

ARKcoin Wallet apps are available on both the Apple App Store and the Google Play Store and are decentralized. It uses the most advanced security technology, such as Secure Enclave and biometric authentication.

Is my money safe with ARKcoin?

Cryptocurrency exchanges are a common target for cybercriminals. ARKcoin, on the other hand, prides itself on being one of the few exchanges that has never been hacked. It also claims to keep less than 2% of its customers’ money online.

When a user accesses their ARKcoin account and deposits/withdraws money, they can use two-step verification. Its Universal Second Factor (U2F) uses a security key or time-based one-time password (TOTP) to authenticate users using mobile authentication software like Duo or Google Authenticator.

ARKcoin is a custody service, so keep that in mind. This means users don’t have direct access to their money or the private keys that go with it. They should remember that ARKcoin can and has frozen user accounts without warning, although this has only happened in serious circumstances.

Is ARKcoin good for beginners?

This platform is often considered one of the best cryptocurrency exchanges for beginners due to its user-friendly web and app interfaces. Experienced traders, on the other hand, may want to look for a platform with more charting capabilities or lower trading fees.

How to open an account

A verification email will be sent to a user when they complete the initial registration form on the website. After that, they will be asked to choose whether they are an “Individual” or a “Company”. If a user wants to set up two-factor authentication, they will also need to provide their phone number.

Using a photo ID, driver’s license or passport, ARKcoin will ask the user to verify their identity. Finally, the user must associate a payment method with their account, such as a bank account, debit card or credit card.

Features of ARKcoin

Ease of use

ARKcoin is really simple to use. Registration takes no time, and then users can link their bank account to their account using the Plaid data transfer network, which is the recommended approach to reduce trading fees.

The user interface is dynamic and easy to use. Users can use a search bar to browse the myriad crypto options available, from Bitcoin to Tellor, and they can schedule purchases to recur on a regular basis.

As for those who want to go a little more technically, ARKcoin allows users to exchange certain cryptos for other cryptos, so they can convert their Litecoins to Augur, for example.

Staking bonus

Those who have particular coins in their ARKcoin accounts can receive rewards by allowing ARKcoin to stake them or use them as collateral to validate transactions for proof-of-stake cryptocurrencies, such as Ethereum.

Customer service

Don’t worry too much about customer service. They can contact customer service at any time of the day as it is open 24/7. Moreover, the presence of a 24-hour customer service center is also quite important to note.

The verdict

User-friendliness of the interface is guaranteed by features such as the ability to use a demo account before engaging in live trading, customization, and responsive customer support. Moreover, it has been proven to generate income; however, it is not guaranteed.

Basically, to learn more about ARKcoin, be sure to contact the team for more answers!

(Devdiscourse journalists were not involved in the production of this article. The facts and opinions appearing in the article do not reflect the views of Devdiscourse and Devdiscourse claims no responsibility for them.)

]]>
How to Build a Culture of Trust in a Zero Trust Environment https://your-pass.com/how-to-build-a-culture-of-trust-in-a-zero-trust-environment/ Thu, 28 Apr 2022 14:30:08 +0000 https://your-pass.com/how-to-build-a-culture-of-trust-in-a-zero-trust-environment/

Trust and security are two sides of the same coin. As leaders, we are responsible for cultivating a culture of trust with our employees, and we have a responsibility to employees, customers and all stakeholders to keep our businesses safe and secure. But how do we foster a culture of transparency and trust when the greatest threat is within our walls?

The vast majority of breaches (85% according to Verizon’s 2021 Data Breach Investigation Report) contain a human element and often involve people who already have access to a corporate network: employees and other insiders .

The high cost of a breach – $4.24 million in 2021 alone, according to IBM’s Cost of a Data Breach report – coupled with the often long downtime that follows a successful attack can easily lead to dramatic and far-reaching consequences that negatively impact every employee’s livelihood. Reducing the risk by even two or three percent can yield huge savings.

RISKS RELATED TO COMPLACENCY AND INSIDER THREATS

The vast majority of employees are good-minded, risk-oriented, observant and hard-working. Of course they are. Recognizing and dealing with insider threats does not mean that a company no longer trusts its employees. It is rather prudent to protect the company itself and the employees who have a vested interest in the organization being able to continue doing business.

Cyber ​​threats come from external and internal sources. External threats include hostile nation states, terrorist groups, criminal gangs and individual hackers. Ransomware is an example of a rapidly growing external threat to businesses around the world, along with other threats such as malware, social engineering, denial of service attacks, zero-day exploits and other injection attacks.

While these threats represent a clear and present danger to any business, let’s focus on insider threats that come from individuals directly connected to your organization, such as employees, contractors, or former employees. These people often pose the greatest risk to an organization’s security posture, whether knowingly or unknowingly.

Accommodating actors are employees who do not have malicious intent but who do not always remain vigilant in observing good security hygiene. They can get careless and unknowingly bypass standard protocols, like clicking on the wrong link in a phishing email. In fact, in a recent study, two-thirds of remote employees said they violated their company’s cybersecurity policies at least once every 10 business days.

Disenfranchised actors in your organization don’t always start out with malicious intent, but they can eventually take damaging and destructive actions, such as knowingly introducing malicious code into the network. These actors become malicious for a myriad of reasons, ranging from an organizational change to an event in their personal life. They can profit from the attack or simply want to harm their employer, and the result is always costly.

Cybercriminals will always seek the path of least resistance. One of the easiest ways to break into a network is to exploit a human vulnerability through phishing. That’s why 96% of cyber threats are email-based. All it takes is for a complacent or disenfranchised employee to click on the wrong link for hackers to gain credentials and gain access to your environment.

From a behavioral perspective, it’s important to have internal cybersecurity awareness training for all employees from the top down. Simulate a phishing email. Dust off the disaster recovery plan and perform mock training exercises to practice how to respond in the event of a breach. These are just a few fundamental elements to help create a culture of safety and resilience within an organization.

MINIMIZE RISKS WITH ZERO CONFIDENCE

The next natural step in an organization’s journey to security and resilience is to adopt a zero-trust model. This “protect everyone, verify everything” mindset assumes breaches and trusts nothing by default. Essentially, every user and device accessing network resources represents a potential threat and should be treated as such to minimize threats of convenience and guard against malicious intent.

With Zero Trust, each user is authenticated, authorized and validated before being granted access privileges. The process can be as simple as multi-factor authentication or a more sophisticated technological solution. When designing an insider threat program, zero trust should be the cornerstone. It mitigates the damage by granting only authenticated users access to the applications they need to fulfill their job responsibilities.

Building a culture of trust in a zero trust environment is not an easy task simply due to the nature of the architecture and the necessities involved in its implementation. However, as with so many difficult concepts, clear and open communication is the best tool any business has.

Honestly communicating the need for increased security while openly explaining the intent behind actively hunting down threats can help alleviate any fears some employees may have about enhanced measures and lessen their apprehensions when it comes time to start dealing with them. enforce.

When properly executed, Zero Trust can actively increase trust between companies and their employees – trust that all steps are taken to protect the organization and safeguard the livelihoods of its employees by ensuring that the business can continue to do business without interruption.

Calling for a zero trust environment within an organization can challenge the commitment based on trust, respect and expectations between the company and its employees. But understanding that it is necessary for organizational resilience and continuity transforms this apparent divide into a connection where all levels of the company work together to safeguard everyone’s best interests.


Kevin Lynch is the CEO of Optiv, the leader in cyber consulting and solutions serving more than 7,000 businesses across all major industries.

]]>
What a future without passwords would look like, when it might happen https://your-pass.com/what-a-future-without-passwords-would-look-like-when-it-might-happen/ Sun, 24 Apr 2022 13:30:01 +0000 https://your-pass.com/what-a-future-without-passwords-would-look-like-when-it-might-happen/

Managing your online passwords can be a chore.

Creating the kind of long, complicated passwords that best deter cyberthieves, especially for dozens of different online accounts, can be cumbersome. But it’s necessary, given the record number of data breaches in the United States last year.

That’s why it’s so tempting to dream of a future where no one has to constantly update and change passwords online to stay ahead of hackers and ensure data security. Here’s the good news: some of the biggest names in tech are already saying that the dream of a passwordless Internet is about to come true. Apple, Google and Microsoft are among those trying to lead the way.

In this hopeful future, you will still need to prove your identity to access your accounts and information. But at least you wouldn’t have to remember endless strings of eight-character (or more) unique passwords, right?

Well, maybe not quite. The answer is still a bit complicated.

What passwordless options already exist?

In theory, removing passwords from your cybersecurity equation negates what former Homeland Security Secretary Michael Chertoff called “by far the weakest link in cybersecurity.” According to Verizon, over 80% of data breaches are the result of weak or compromised passwords.

In September, Microsoft announced that its users could access services such as Windows, Xbox and Microsoft 365 without a password. Microsoft users can instead use options like Windows Hello or Microsoft Authenticator apps, which use fingerprint or facial recognition tools to help you log in securely.

Microsoft also allows users to sign in using a verification code sent to your phone or email, or with a physical security key – similar to a USB drive – that plugs into your computer and has unique encryption for you and your device.

Joy Chik, vice president of identity at Microsoft, wrote in a company blog post in September that tools like two-factor authentication have helped improve user account security in recent years, but hackers can always find ways around these additional measures. “As long as passwords are still part of the equation, they are vulnerable,” she wrote.

Similarly, Google sells physical security keys and its Smart Lock app lets you press a button on your Android or iOS device to sign into your Google Account on the web. In May 2021, the company said these tools are part of Google’s work to “create a future where one day you don’t need a password at all.”

Apple devices have used Touch ID and Face ID functionality for several years. The company is also expanding its Passkeys feature to let you use those same fingerprint or facial recognition tools to create passwordless logins for apps and accounts on your iOS devices.

So, in a sense, a passwordless future is already here: Microsoft claims that “nearly 100%” of company employees use passwordless options to log into their corporate accounts. But getting every company to offer password-free options to employees and customers is sure to take time — and it may be a while before everyone feels secure enough to get rid of passwords. in favor of something new.

That’s not the only problem either.

How secure are they?

Removing passwords completely is not without risk.

First, verification codes sent via email or SMS can be intercepted by hackers. Even scarier: hackers have shown the ability to fool fingerprint and facial recognition systems, sometimes by stealing your biometric data. As annoying as changing your password can be, changing your face or fingerprints is much more difficult.

Second, some of today’s no-password options still require you to create a PIN or security questions to back up your account. It’s not much different from having a password. In other words, tech companies haven’t perfected the technology yet.

And third, there’s a widespread adoption problem. As Wired pointed out last year, most passwordless features require you to have a smartphone or other type of relatively new device. And while the vast majority of Americans own a smartphone, these devices vary widely in age and internal hardware.

Additionally, tech companies still need to make online accounts accessible across multiple platforms, not just smartphones — and also for people who don’t own smartphones at all, which is about 15% of the United States.

In other words, it will probably still take some time before the passwords completely disappear. Have fun typing your long and complex strings into login boxes while you can.

Register now: Be smarter about your money and your career with our weekly newsletter

Don’t miss:

If your passwords are less than 8 characters, change them immediately, according to a new study

These are the 20 most common leaked passwords on the dark web – make sure none of them are yours

]]>
Time is running out to activate Facebook Protect: what happens if I don’t? https://your-pass.com/time-is-running-out-to-activate-facebook-protect-what-happens-if-i-dont/ Fri, 22 Apr 2022 14:39:29 +0000 https://your-pass.com/time-is-running-out-to-activate-facebook-protect-what-happens-if-i-dont/

Facebook is undoubtedly one of the most widely used social networks in the world. Almost all of us access a few times a day to update our profile or see what our friends are sharing, but sometimes overnight we have lost access to Meta’s social network. This could be due to Facebook Protectand we tell you why.

If you’re somewhat up-to-date with Facebook and its owner Meta, you’ll know that it’s been in the “eye of the hurricane” for a long time due to the security of the platform and all of its profiles. How could it be otherwise, the company founded by Mark Zuckerberg got to work, and that’s why it introduced Facebook Protect in its system, a more advanced security program which seeks to ensure the integrity of its users’ accounts. However, despite the fact that it works very well, it can be the cause of the (temporary) blocking of your account.

Why is Facebook Protect blocking your account?

Facebook Protect began to be introduced in the social network in 2019 following the election campaign in the United States. Its mission at the time was to further secure the accounts of candidates, members of the government or agencies of the country. Its use was so well received that the company decided to start gradually bring this program to all its users.

The “problem”, and what many people don’t know, is that activating Facebook Protect is totally mandatory. It is very likely that you received an email or a message when opening the application telling you that we need to activate this program to improve the security of your account. If so, be aware that in the same message it will indicate a deadline, and if you do not activate the program for that day, we will lose access to the account.

Message to activate Facebook Protect.

Don’t worry, it has a very simple solution

If this message has appeared or if the time limit for activating Facebook Protect has already passed, you should know that you just have to follow the steps indicated by the application. Although we have lost access to the account, this “lock” will last only until we activate the programso you shouldn’t worry if this is the case.

Basically what this program does is scan your account to see if it contains any significant vulnerabilities. This process causes the program to check two things: the security of our password Yes Whether or not we have two-step authentication enabled. Regarding the password, it is crucial that we always have one that is not too obvious or simple, so it is very important to think about a password that is difficult to obtain. If you can’t find any, you can always go to a website that generates strong passwords.

Facebook Protect activation process

This is the process to activate Facebook Protect.

Two-step authentication is another factor that will make our account more secure. The Meta social network offers us 3 options for this: an authenticator app, a text message (SMS) Is a security key. Once we have improved these two factors (or if our account was already sufficiently secure), we will already be in the Facebook Protect program and we can continue to interact with our account as usual. If you have any questions about the program or how it may affect your account, you can contact Facebook customer service.

]]>
Why we need a holistic approach to cyber resilience https://your-pass.com/why-we-need-a-holistic-approach-to-cyber-resilience/ Mon, 18 Apr 2022 11:00:00 +0000 https://your-pass.com/why-we-need-a-holistic-approach-to-cyber-resilience/

To build resistance to devastating electronic attacks, organizations must take a resilience-focused approach to cybersecurity. Just as improving a company’s sustainability requires consideration of a myriad of factors from production to supply chain to workforce, improving business resilience he IT environment requires an approach that goes beyond technology purchases. While the “people, process, technology” mantra may sound like the call of the 2000s, it remains relevant in guiding technology efforts in 2022.

One of the most significant positive developments in cybersecurity over the past two decades has been the movement of this topic from the water cooler of the IT department to the boardroom. Most business leaders would consider cybersecurity a concern: it’s a win. As a robust and rapidly growing market for security-related products and services vies for the attention of buyers, it can be difficult to know where to start.

This article offers guidance on a starting point, seen through the lens of the dimensions of people, process and technology.

People

We start with this dimension because it impacts cybersecurity resilience in multiple ways. When it comes to securing infrastructure and managing operational risk, people really are the most important ingredient.

When pressed to choose between cutting-edge technology, an ultra-robust process, or an experienced veteran of the cybersecurity trenches, I would always choose the latter. Unfortunately, this may be easier said than done given the limited number of qualified and experienced staff relative to demand. Consider where augmenting your internal team with external vendors can fill capacity gaps.

Although you can outsource some functions, avoid the trap of abdicating responsibility for cybersecurity. Make sure there is an internal team member accountable and empowered to focus on cybersecurity, even if it is part of a larger role and not a dedicated security role. Stay engaged with external service providers. One way to do this is to ask your service providers to explain the “why” and the “how” of what they do. For example, refer to a recent attack described in the news and ask them to explain how such an attack would be detected and mitigated in your environment.

Outside of the technology organization, it is important to provide understandable and actionable information to employees, contractors, and others concerned with the organization’s security. The most effective security awareness programs include a variety of content and periodically test employee behavior to reinforce awareness messages. Although it is inevitable that some users will fall victim to attacks, well-designed security awareness programs reduce this risk by lowering this number.

Process

Formalizing cybersecurity policies and procedures improves resilience. Indeed, policies perform an important governance function and set the tone for how the entire organization will view cybersecurity. Processes improve scalability, reduce errors, and smooth friction points between teams. Expect to be asked about policies and processes by auditors, regulators, business partners, customers and insurance companies.

At a fundamental level, make sure your organization has a cybersecurity policy. It should describe the organization’s overall approach to security, designate roles and responsibilities for governance and enforcement, and outline policies for areas such as information classification, management incidents and account management.

Developing a policy does not have to be a long project; Small organizations often find it efficient to start with a template and then quickly customize the relevant parts to suit their environment. The Center for Internet Security provides a comprehensive set of policy templates aligned with the NIST Cybersecurity Framework (CSF) standards.

In support of the overall cybersecurity policy, there are a plethora of standards and processes to consider. Organization-specific factors, such as the nature of the business, the complexity of IT operations, and regulatory requirements, should influence development prioritization and timing. Consider developing and documenting the following areas first, as they address core capabilities:

  • Endpoint protection standards (including mobile device encryption and required security software)
  • Audit logging standards (to ensure that all systems generate useful audit logs to help administrators and incident responders)
  • Vulnerability detection and management process (including external network perimeter scanning for vulnerable or unexpected systems available on the Internet)
  • Patch management process
  • Identity and access management standards (including ensuring that administrative accounts have strong, unique passwords that are not the same across multiple systems)
  • Incident response process

Technology

Finally, we came to the dimension where many industry players start the discussion. If you’ve ever attended a major security conference such as the RSA, you might understand the overwhelming feeling that just staring into the trade show can bring. Dozens of service companies. Entire categories of products that are new to you. Is it another EDR provider?

Consider implementing the technologies below first, as they reduce the risk of the most common types of attacks, facilitate incident response, and mitigate damage in the event of an attacker’s intrusion.

  • Endpoint Detection and Response (EDR) with Next Generation Antivirus (NGAV) functionality: All servers and end-user systems must have agents installed and blocking capabilities enabled.
  • Multi-Factor Authentication (MFA): Protect internet-connected systems, including email and VPNs.
  • Privileged Access Management (PAM): Ensure at a minimum that systems have unique administrative passwords.
  • Resilient Backups: Isolate archived data from intentional corruption by an attacker accessing the network.
  • System, patch, and vulnerability management tools: Ensure that every system can be managed, scanned for vulnerabilities, and remediated quickly.
  • Understand your Internet footprint: Make sure available services are protected.

#cyberresilience is measured on a continuum, and incremental steps can have an impact. Organizations need a holistic approach that considers dimensions beyond technology. #cybersecurity #respectdataClick to tweet

It’s important to remember that resilience is measured on a continuum and incremental steps can have an impact. Prioritize your efforts. Take a holistic approach that considers dimensions beyond technology. Most importantly, start the journey today.

]]>