One of the ways that businesses have approached the issue of having to log into multiple different accounts, applications, websites, and services is through the use of single sign-on solutions. It’s a common technology that you might see just about every day, but how does it work, and what kind of security can you expect from it?
Today’s blog might seem a bit simple, and that’s because it is. Your network security is going to play a huge part in the operations and functionality of your business, whether you realize it or not. In fact, your network security might be the only thing keeping your business in proper working order. We’re going to discuss some of the less-obvious reasons why security is beneficial for businesses like yours.
Cyberwarfare has continued to evolve in sophisticated ways, and while security researchers try their best to keep up, hackers are always trying to outdo them. One example of such attacks, which are often sponsored by government agencies, is a recent attack on the United States and Israeli technology sectors, which have become the target of password spraying campaigns.
If we told you that it is possible for others to hire hackers to launch attacks against your business, would you believe it? Well, we hope so, because it is very possible and more common than you might think. Comparitech launched an investigation into the average prices of various hacking services on the Dark Web, and you might be surprised by how affordable and accessible they are. This is just more reason to take network security seriously.
When it comes to network security, there are a lot of complex solutions that solve multi-faceted issues, some so mind-boggling in scope that it is simply overwhelming. Then there are the small-scale solutions that you can implement on a day-to-day basis that can make significant changes over time. Locking your computer is one of these tactics, and it should not be overlooked in your security strategy.
Understand the Value of Your Assets Your data is valuable—but do you know how valuable it really is, and which would cause the most harm if breached? Prioritizing protections based on this knowledge is how the IT experts do it to mitigate as much harm as possible to a business and its reputation. Ask yourself: if you were a hacker, what would you steal from you? Work with Proactivity in Mind In order to sufficiently protect your network, you need to start early by creating a comprehensive response plan that could conceivably protect your operations from the worst-case circumstances. In doing so, you are preparing yourself to react to cyberattacks and other events as they come with strategies designed to minimize and mitigate the problem. Invest Time in Employee Training Who would you rather have protecting your network: a few trained people amongst your team, or everyone following best practices to reduce your vulnerability? With everyone on the same page as far as what they should be doing is concerned, cyberthreats can be made half as severe and limited to half as often. Teaching your team to spot different warning signs of a cyberattack can help keep your business from being breached. Continue Innovating As cyberthreats and other attacks are always being innovated upon and improved, you need to match these efforts with your cybersecurity by remaining up-to-speed on the various threats and the strategies to counter them. Knowing how to respond to a cyberattack is a good thing, being able to prevent these attacks in the first place to protect your business’ assets is better. Cybersecurity isn’t a quick and easy fix, but SRS Networks can help make it a little quicker and easier for your organization. To learn more about the strategies and solutions we can offer, give us a call at (831) 758-3636.
What Do Our Smart Assistants Actually Hear? We all know that person that claims that the smart assistants are being hacked into by the government and they are listening into our conversations. For the majority of us, that conspiracy doesn’t make a whole lot of sense. That said, these devices do listen, when they are prompted to. Here is how to trigger four of the most popular assistants: Amazon Alexa devices respond to the term “Alexa,” ”Computer,” ”Amazon,” or “Echo.” Google Home devices wake up to “Okay/Hey, Google.” Apple’s Siri responds to “Hey Siri.” Microsoft’s Cortana reacts to its name, “Cortana,” or “Hey, Cortana.” There have, in fact, been instances where these smart assistants, and especially with the smart speakers, pick up some things they weren’t supposed to. If you have one of these speakers in your home, there have to be some natural security concerns, but they probably aren’t from the manufacturers. The Analysis Researchers looked into the question of what exactly these smart assistants hear and formed a paper titled, Unacceptable, where is my privacy? Exploring Accidental Triggers of Smart Speakers. They analyzed when the terms that successfully activated the assistants were spoken, finishing with over a thousand phrases. They then further analyzed them into their phonetic sounds to try and ascertain why there were so many false positives. Depending on how a user pronounced a word, some triggers were found, including: Alexa devices also responded to “unacceptable” and “election,” while “tobacco” could stand in for the wake word “Echo.” Furthermore, “and the zone” was mistaken for “Amazon.” Google Home devices would wake up to “Okay, cool.” Apple’s Siri also reacted to “a city.” Microsoft’s Cortana could be activated by “Montana.” Of course, these assistants are used on devices all over the world, and as a result found that when used in other languages had a lot of the same issues. For example, the German phrase for “On Sunday” (“Am Sonntag”) was commonly mistaken for “Amazon.” What Does This Mean for Individual Privacy? Even with the interesting nature of this analysis, the findings are a little more disconcerting. The study shows that once the wake word or phrase is recognized by the device, it immediately starts listening for queries, commands, and the like. So even though they claim to only start listening when prompted to, several different iterations of phrases can cause the assistant to start listening. The complications don’t end there, since the data is reviewed manually by people—which already destroys any notion of privacy—one of those technicians could potentially be given information that wasn’t intended to be captured by an assistant. This could potentially be devastating if the technician whose job is to manually check this information were to gain access to account information or some other PII and use it in an unethical way. The smart speaker, and smart assistant are useful products that need a little more refinement before we can completely trust them. To learn more about new technology and how it is being used, check back to our blog regularly.
However, despite these views, most people are far too lax when it comes to their own security. Let’s take a closer look. Consumers on Businesses and Their Data Practices In a recent report from advisory firm KPMG, the results of a survey that asked American consumers about their expectations of corporations and the privacy of their collected data were revealed. These results showed a few concerns very clearly, while revealing that not all respondents were fully aware of today’s most pressing cyberattacks. 86 percent of respondents to the survey felt that their data privacy was a rising concern. 70 percent claimed to be “generally familiar” with how companies collect their personal data, while 64 percent were familiar with how it was used and stored, 63 percent say they understand how it is protected, and 57 percent say they know how it is sold. Having said that, 68 percent don’t trust these companies to sell this data ethically, 54 percent don’t trust it will be used ethically, 53 percent don’t feel it will be collected ethically, and 50 percent don’t trust these companies to protect their data sufficiently. Most consumers are concerned about the theft of their social security number, with 83 percent of respondents identifying this concern. Following closely behind come the 69 percent worried about their credit card numbers. Surprisingly, only 16 percent are concerned about the theft of their medical records. Data Practices Amongst Consumers While this sounds like a decent start, the survey’s results showed a bit of hypocrisy. Most users agreed that repeating passwords, saving credit card information to a website, and using public Wi-Fi are risky behaviors, but more than 40 percent of them did these things anyways. 61 percent neglected to use all available tools to secure their accounts, as well. What We Can Learn It doesn’t matter if it’s your data at stake, or your business’… your highest priority needs to be your security. In another study, this one conducted by Harvard Business Review Analytic Services, it was shown that almost half—46 percent—of consumers surveyed had stopped doing business with a retailer because of issues with that retailer’s privacy statement. Are you willing to let half of your client base abandon your business? It just goes to show that, from the consumer’s perspective, it is our responsibility to make sure that companies are accountable for the data they collect. From the business standpoint, it shows that data security is something that can’t be slapped together or neglected. Is ensuring data security simple? Far from it… but when compared to what you risk otherwise, it’s a no-brainer. SRS Networks is here to help. We can help you to implement the security solutions and processes that will help protect all your data. To learn more, or to get started, call our team at (831) 758-3636 today.
The stimulus is not the first time that the U.S. Government has distributed stimulus checks, but as online banking has become more commonplace, the treasury has been distributing millions of checks via direct deposit and it has given online scammers the opportunity to try and steal money that by right will come to you. Here are five ways that they are going about scamming people: Avoid anything that has you sign up for stimulus money – Chances are that you don’t have to sign up to receive stimulus dollars, so be wary of anyone who contacts you claiming that you need to fill out information to enroll you. Scammers don’t just act online – There has been evidence of people getting postcards in the mail with a password printed on it and addressed to an individual. The card asks the user to go online to “access” or “verify” the individual’s payment information (bank account, routing number, etc.) Similar scams have been sent through traditional phishing messages via email, however, so read your correspondence thoroughly. You can’t get your money faster – Scammers have also contacted people promising that for a small fee, they can get their money to them faster. Reputable tax companies have services like this around tax time, so it may be just enough to fool some people. No, you aren’t getting more – There have also been reports of scammers sending people checks for more than they are owed. Later the scammer will call to apologize for the mistake and ask the person to return the difference in cash, gift cards, or a wire transfer. If the check isn’t coming from the U.S. Treasury, and you weren’t expecting another check, it is surely a scam. IRS correspondence – It’s true that some people have had to fill out forms on the IRS website in order to get their checks sent to them or deposited in their bank accounts. Scammers have set up webforms much like the ones on the IRS’ Economic Impact Payment website. The IRS typically contacts people through the mail, so if you get a message or an email from the IRS asking you to take action, it’s best to ignore it. Knowledge is the best defense against scammers. If you haven’t yet received your CARES Act stimulus money, you need to go to the official IRS website to find out why (or more likely when) you will receive your stimulus check. Have you seen any scams looking to steal people’s money? Leave your story in the comments below and check back to our blog for more information about cybersecurity, and the practices you need to know to avoid being a victim of cybercrime.
Knowing What You Have If you don’t have an accurate idea of the data you possess, how can you possibly keep it all protected? Without this information, it becomes far more likely that you will, at some point, experience a breach. Keeping impeccable records of your assets is imperative to avoiding this outcome. These records should contain a comprehensive collection of data in a well-organized and documented format. If your storage architecture could use a bit of a refresh, take advantage of that time to properly build out and implement this strategy. Using a specified architecture makes it much easier to manage the permissions of your users, as well, so it can further boost your data security. These considerations only become more important as you accumulate more and more data, and your team and clients alike entrust you with theirs. Betraying that trust would be a bad look for your business, so you need to be sure that you are subscribing to best practices. Sorting Through Your Data Once you know what you have and where it is kept, you should commit yourself to weeding through it all. How much of the data you’ve collected is really needed to support your business’ operations, and are there alternative methods to consider that might help keep this data safer while accomplishing the same thing? For instance, unless you still need them for business purposes, it isn’t wise to retain customer payment details for any longer than necessary. This just increases the opportunity for this sensitive data to be undermined and stolen. Furthermore, you should also be reexamining who in your business can access what. Different roles will naturally have different responsibilities, each of which will bring different data access requirements. Providing excessive access is opening the door to potential data security issues. Keeping Your Data Safe Finally, you need to make sure that you are prepared to protect the data you collect, which will require a lot. You need to have a predetermined storage strategy, complete with proposed defenses, identifying the devices used to store this data and the access controls to prevent unauthorized users from tampering with it. This goes for both digital versions of your data, as well as any hard copies you have. In case someone manages to breach your defenses and access your data, you need to be capable of identifying the breach at its source and preventing as much damage as possible. This is why we promote the use of both proactive monitoring services and comprehensive backup practices… they can more effectively enable you to bounce back from such a breach. If you would like assistance in implementing these solutions, or want more information about them, don’t hesitate to reach out to SRS Networks. Our team is ready to assist you, you just need to give us a call at (831) 758-3636.