Information Security: 3 Effective Data Safeguarding Measures

Information is the lifeblood of the modern organization – but if improperly guarded, it can be an Achilles’ heel, which is why information security is essential.

IT administrators are therefore tasked with performing a sort of balancing act: How much freedom can they give users without jeopardizing data? It’s a tricky position to be in, but it’s a pickle that can be remedied with refined measures. Here are some key examples for how these information security measures can benefit an organization:

1. Lockdown for Public-Access Machines

Many organizations such as libraries, airports, testing centers and retailers are in the position of providing public access on certain machines. From a security standpoint, this is risky since every single endpoint on a network is also an attack vector. At the same time, not granting access to increasingly common amenities such as self-service kiosks could result in lost opportunities for excellent customer service.

The more effective way around this problem is to use a computer management tool that enables desktop lockdown. Specifically, unauthenticated users would have restricted access to a specific set of applications, and even then, they would be unable to launch any unauthorized executable through those applications (i.e. a web browser). Likewise, USB ports and disk drives can be deactivated to prevent malicious uploads or attempted data theft.

2. User Login and Software Compliance Tracking

User tracking and software compliance are critical components of endpoint management.

The ability to track user login sessions is important for several reasons. For one, it helps administrators understand when

Ransomware’s Raid on the IoT : Protecting Critical Systems

Back in June 2016, a botnet army comprised of 25,000 CCTV cameras crashed an online jeweler’s website. The notion that internet-connected cameras could be hijacked and used for DDoS was frightening, but not necessarily unique. Internet of Things DDoS attacks took place prior to and after the incident.

Another point of contention with internet-connected cameras was the idea of spying. Security surveillance systems and webcams, for instance, without proper authentication can be turned into vessels for espionage. Again, this is worrisome, but not novel.

Fast-forward to January 2017. President-elect Donald Trump only has a few days before becoming President Donald Trump and officials in Washington D.C. are preparing for the big event. Then it happens: Ransomware knocks 70 percent of the city’s CCTV cameras offline. The good news is that the public safety was never in jeopardy as a result. The scary news, however, is that under s a different set of circumstances, things could have been so much worse.

Disruption Like Never Before

When ransomware strikes, at worst, critical systems are rendered useless, causing immediate danger to people. At best, the systems are simply wiped and restored, and brought back online with little to do.

Of course, the best-case scenario is anything but ideal. Less than a week after the inauguration, the Cockrell Hill police department just outside of Dallas announced that it had been hit with a variant of Locky called Osiris. As a result, eight years of digital evidence was locked down. The department chose to wipe everything. While some

How Organizations are Contributing to the ‘Green Computing’ Movement

Organizations in a variety of industries and sectors have spared no effort to reduce the operational expenses associated with information technology (i.e. cloud migration, work from home and BYOD). One method that has recently achieved a level of prominence is green computing, or green IT.

The concept of green IT or the ‘Green Computing’ movement was conceived with the launch of Energy Star in 1992 under the U.S. Environmental Protection Agency (EPA), according to TechTarget. However, it’s become more relevant with time, as an increasing number of organizations digitize their operations.

For the sake of cutting operational costs, let’s look at a few tips that can help an organization scale back energy consumption.

Invest in Smart IT Infrastructure

In 2014 (last year data is available), data centers and server rooms consumed 70 billion kilowatt hours of electricity. While much of this spend is unavoidable, some of it goes to waste on inefficiencies in how data centers are managed. For example, a study by the Natural Resource Defense Council estimates that there are about 3.6 million zombies servers in the U.S. These non-essential systems continue to consume energy, often because they’ve simply been forgotten about, eating up the equivalent of about $30 billion worldwide.

Another significant operational expense in data centers and server rooms is air conditioning, which is responsible for about 40 percent of total energy consumption in data centers, according to Data Center Knowledge contributor Phil Koblence.

To alleviate these problems, IT teams have begun relying more heavily on smarter infrastructure

Faronics Tech Roundup – January in Review

January was quite the month for IT security news and announcements.

For those who may have been a bit preoccupied with U.S. president Donald Trump’s inauguration and news of his first few weeks in office, here’s the rundown for the month that was:

1. Gmail Restricts .JS Attachments

Google announced in January that it will start restricting JavaScript attachments (.JS) as of Feb. 13. According to Tom’s Hardware, the gradual phasing out of Flash (which has more or less become a factory for zero-day threats) has prompted many hackers to focus their efforts on other areas, namely, JavaScript vulnerabilities.

To stem the tide of ransomware and other malicious executables that are now being disseminated via .JS file format, Gmail will block all .JS files shared over email.

2. New Ransomware Attacks Come to Light

It wouldn’t be an IT security roundup without any mention of ransomware. This month, we have four for you:

  • Two police departments: Eight days before Donald Trump’s inauguration, 70 percent of police CCTV cameras in D.C. were rendered inaccessible by a ransomware attack. It took three days to get them back online. In an unrelated incident, the Cockrell Hill Police Department based in Dallas announced the loss of digital evidence from as far back as 2009 after choosing not to pay a ransom, and instead wiping the server.
  • One Luxury hotel: A hotel in the Austrian Alps was forced to pay thousands of dollars to hackers after a ransomware intrusion made it impossible to issue key cards to incoming guests. This

Study : 91% of All Cyberattacks Start as Phishing Emails

Of the many tactics hackers have employed to bypass perimeter defenses, none are as devastating as social engineering schemes. Phishing ploys in particular manipulate millions of people into downloading malicious attachments, clicking on links to malware or inadvertently compromising their own login credentials to business systems.

The situation is dire, according to a study recently conducted by PhishMe: 91 percent of all cyberattacks start as phishing emails. Verizon’s Data Breach Investigations Report corroborates this report, also noting that the majority of data breaches in 2016 were direct consequences of email phishing.

A few notable examples include:

  • SWIFT: The global financial messaging system was broken into by hackers using stolen login credentials, resulting in the loss of $81 million.
  • John Podesta: Hillary Clinton’s campaign chairman surrendered access to his Gmail account after receiving an illegitimate email telling him to reset his password.
  • Los Angeles County, California: As many as 108 LA County employees fell for email phishing scams, resulting in the theft of 750,000 people’s personal information.
  • Most cases of ransomware: 2016 was the year of digital extortion, thanks in large part to phishing emails as a tool for ransomware dissemination.

The question going forward is this: What are some actionable steps employers can take in the war against phishing?

Teach Employees Best Practices

Human beings are typically the weakest link in the cybersecurity chain, which is why it’s so important to teach employees how to identify phishing scams. To be fair some of these schemes are more elaborate than others. Nevertheless,