Where Is Your Security Perimeter?

By | Cloud Computing, Mobility, Security, Virtualization | No Comments
User-Centric Security

We live and work in a mobile-first, cloud-first world. But the cloud revolution hasn’t happened the way many people expected it to happen. Instead of organizations moving everything wholesale to the cloud in a “lift and shift” approach, it’s happened just like the introduction of every other “big new thing” over the last several decades: cloud technology has ended up being layered on top of what we’re already doing. So now we have desktop apps and SaaS apps and Web apps and mobile apps and cloud apps, and apps that defy categorization. (What is Office 365? Is it a desktop app? A cloud app? A mobile app? The answer is “D. All of the above.”) Read More

Online Safety at Home

By | Security | No Comments

While internet usage in the home continues to grow, so does our need to learn, exercise and share internet safety. From posting on social media to using the latest internet-connected toy, it is imperative that everyone from children through older adults learn to use the internet and internet-connected items safely.

Here are a few tips to get those conversations started based on StaySafeOnline recommendations:

Keep a Clean Machine: Those pesky “updates” on our cell phones, PCs and other Internet-connected devices, are designed in part to help keep your devices free of viruses, malware, and other online threats. Don’t ignore them – many times they include patches to recently discovered vulnerabilities.

Lock Down Your Login: One does not need to look hard to find recent examples of large-scale password exposures. Improve account security by enabling robust authentication tools such as bio-metrics or one-time access codes. Let’s Talk About Passwords.

Read Between the Lines: Would you put up a sign on your front door saying, “Nobody is Home?” Of course not but that could be how a bad actor reads your real-time check-in or vacation photo. If you want to share your adventures, lock down who can see your posts or consider posting once you have returned.

Share with Care: Think carefully about what you are saying about yourself or others before you post. Choices can hurt feelings, betray trust or even come back to bite you in the future.

Back it up: Having a recent copy of your important files and photos can spare you from the ill-effects of device failure and #ransomware.

Protect Personal Information: Personal information is an asset that can be sold for money. Information such as your locations and purchasing habits and even search history is deemed valuable by an array of retailers. Did you know that Medical Records are more valuable on the black market than your credit card numbers?

Be Aware of Incognito Mode: Browsing Incognito can be a great way to ensure that your cookies and site data are not saved. However, parents beware, browsing incognito can allow your home users to visit sites without you being able to track their activity by looking at the browser history.

Avoid Falling for Tricks: From Phishing to Spoofing, bad actors can be very creative in tricking unsuspecting internet users to click on malware. Knowledge is power so keep yourself and your household familiar with how to recognize potential fraudulent attempts to get you to click. Be wary of communications asking you to click or enter private information. When in doubt, contact the organization directly by phone to confirm that the communication is legitimate and to report it if it is not.

Secure Your WiFi Router: Change your WiFi router’s default name in a way that does not let people identify that it’s yours. No using “WoodwardHomeWiFi”. Set a very strong passphrase for your WIFi network. Have fun with it keeping it positive and easy to remember and consider throwing in some numbers to substitute as letters such as “IL0V3THEB3ACH”.

Follow Xiologix for more #cybersecurity information as we participate in the 15th Annual National Cybersecurity Awareness Month and work year-round to help businesses of all sizes protect their digital infrastructure and data.  #cyberaware

5 Reasons to Purchase Cybersecurity From a VAR

By | Security | No Comments

The digital business model requires organizations to adopt a new approach to securing data and networks. At the same time, technology and networks are evolving, making security more complex.

One of the biggest challenges is the sheer number of security products and vendors inside an organization. According to our technology partner Fortinet, Some larger financial enterprises; for example, use products from as many as 40 or more vendors to secure their networks.

All these products — firewalls, intrusion protection systems, antivirus tools and so on — have their own management systems and generate their own alerts. Since they don’t typically integrate, these disparate products complicate security efforts even further.

The number of alerts generated by separate systems can overwhelm even the most robust security teams, with many alerts going uninvestigated.  Read More

Let’s Talk About Passwords

By | Security | No Comments

Ugh. Passwords. The concept has been around as long as civilization itself. But are they the best way to protect account access in the digital age? How do you insure that people use “strong” passwords? What is a “strong” password, anyway? And when is a password – regardless of its strength – not enough?

The difficulty from an administrative perspective is that the restrictions we impose on our users in an attempt to force them to create strong passwords are often counterproductive. If the password must be at least 8 characters long, must contain both upper- and lower-case characters and at least one numeric and one “special” character, and cannot be a word that’s in the dictionary and must be changed every 90 days and cannot be a password that you’ve used before, you’ve almost guaranteed that it’s going to be written down somewhere because it will be nearly impossible to remember.

So what’s an admin to do? Well, there are some guidelines that we can give users to help them create strong passwords that are easy to remember. Read More

What Would a Mobile Workspace Look Like?

By | Cloud Computing, Mobility, Security | No Comments

Mobile Workspace

Well over a decade ago, at a Citrix conference, I saw an amazing video. It showed a team of people in geographically separate locations collaborating to solve a business problem, sharing access to applications and data in the process. It showed a business person leaving his office, and having his running applications seamlessly follow him to a mobile computing device in his car, then, when he got home, seamlessly follow him to the computer in his home office, all the while continuing the collaboration session with his teammates. At the time, none of this technology existed outside of developers’ imaginations (and whatever prototypes they might have been working on in their labs).

Today, not only does the technology exist, it is relatively commonplace. Telecommuters access data and applications with performance that is every bit equal to that of their colleagues in the office. Engineers work on CAD drawings remotely with no loss of performance or graphic resolution. Radiologists can view a diagnostic image on an iPad from the sidelines of their child’s soccer game. Companies have discovered the cost savings available from Bring Your Own Device (BYOD) programs. And it all goes back to the basic vision that work is something that you do – it is not necessarily a place where you go. Read More

Why Hackers Hack

By | Security | No Comments

WHY HACKERS HACK

One does not need to look very hard for news of recent cyber attacks. As 2017 numbers come into focus, the problem is continuing to grow.  According to the ITRC Breach Report 2017 breaches increased at about 21% over 2016.   Most of the breaches fell into the Business sector followed by the medical/healthcare sector.  Some big names were involved such as Equifax,  Yahoo, Verizon and more. But notably, over 50% of cyber attacks are aimed at small -mid-sized business that don’t make the national headlines.

Check out the Real Time Threat Map to get a visual on current threat activity.

While the actual numbers are still be tallied, let’s take a look Raconteur’s infographic on what motives cyber attacks. Why do hackers hack? Who is behind the data breaches?

why hackers hack
Courtesy of: Visual Capitalist

Three Questions to Ask about Identity Management

By | Security, SIEM | No Comments

Identity ManagementSome years ago, we knew RSA as the company that made those key fob tokens for dual-factor authentication. Indeed, they were pioneers in the multi-factor authentication space, and to my knowledge, no one has ever found a way to successfully beat their SecurID token-based authentication. But RSA is so much more than that these days. Even the venerable SecurID product has grown into a powerful and flexible Identity Management solution.

Unfortunately, “powerful and flexible” can sometimes translate into “I’m not sure where to start with this.” So here are three questions that may help you get on the right track: Read More

Cylance Just May Be the Tool You’ve Been Waiting For

By | Security, Uncategorized | No Comments
ransomware

The cyberwar over who will control your PC and the data on it has been dragging on for literally decades, with no end in sight. Malware is big business. It isn’t about just wreaking havoc for the heck of it anymore – it’s about monetization: incorporating your system into a botnet that can then be rented out on the Dark Web, stealing your identity and sensitive financial information, or encrypting your data and holding it for ransom. This latter version, so-called “ransomware,” rakes in tens of millions of dollars annually from its victims, and, as we’ve stated previously, has proven to be one of the most challenging forms of malware to protect against. Read More

3 PCI Security Essentials to Beef-up Payment Card Security Defenses

By | Retail, Security, Uncategorized | No Comments

3 PCI Security EssentialsNo matter your business—whether you’re a startup or enterprise business—if you collect customers financial data, you have a responsibility to safeguard this information.

Verizon recently released its 2017 Payment Card Security Report, which unfortunately shows that too many businesses are not set up to sufficiently ensure the security of payment card data on an ongoing basis.

There were some bright spots in the report. Verizon found that last year, just over 55 percent had full compliance with the Payment Card Industry Data Security Standard (PCI DSS). That’s an all-time high, but work still needs to be done. The report also found that within a year, almost half had fallen out of compliance.

Compliance is undeniably important. Out of the 300 payment card data breaches, Verizon found between 2010 and 2016; none were fully compliant with PCI DSS. But compliance only tells part of the story. Read More