Make Improving Data Breach Prevention Your New Year's Resolution

Posted by Drew Paik

Dec 8, 2016

Illustration: 2017 - the Year We Make Cybersecurity a Habit? (Authentic8 blog post)SECURITY

As we reflect on the passing year, it’s clear that 2016 was a tipping point in terms of public awareness of data security issues. It was the year that John Q. Public suddenly became aware of encryption issues, with Apple’s battle with the FBI after the San Bernardino terrorist attack.

It was also the year people pondered how foreign governments could perhaps hack into our election system. The year also showed that the government’s biggest security breach — which resulted in the arrest of an NSA contractor — wasn’t necessarily malicious. It hammered home the idea that some data breaches occur simply because employees don’t take their responsibilities seriously enough.

Though there is an increasing awareness of what kinds of threats we are all vulnerable to, there’s a knowledge gap in how to keep yourself and your business secure — despite our best efforts towards cybersecurity education.

So as you imagine what improvements you can make to your life and your business in 2017, consider adding boosting your cybersecurity to your list of resolutions.

8 Must-have Features of a Secure Browser (1)

Posted by Gerd Meissner

Dec 1, 2016

8 Must-have Features of a Secure BrowserSECURITY

Regular browsers have become the most common inroad for hackers to infiltrate your computer and steal or manipulate your data.

Traditional approaches of network or endpoint security, such as advanced firewalls or antivirus software, have not kept pace with the problem.

This is why a new generation of “secure” browsers has emerged. But not all supposedly “secure” browsers are equal, and some are not even secure.

What are the features and capabilities that make a browser secure and safe, for business or personal use?

Topics: Security

Authentic8 adds support for Common Access Card to address growing federal demand

Posted by Gerd Meissner

Nov 17, 2016

Authentic8 adds support for Common Access Card to address growing federal demand (news release)CORPORATE

Secure virtual browser now validates CAC certificates for access to secure web sites

MOUNTAIN VIEW, CA (Nov 17, 2016) - Authentic8, maker of Silo, the secure, virtual browser now supports certificates stored on government-issued Common Access Cards, or CACs. This comes in direct response to growing demand for this functionality from federal agencies.

With this release, Silo will be configured with Department of Defense's (DoD) public certificates. When a user attempts to access a secure site that requires CAC authentication, the cloud-based browser will query the chip on the CAC that stores user-specific digital certificates to validate the user. All communication between the virtual browser and the local device is conducted over Authentic8's proprietary, encrypted protocol.

Topics: Corporate News

Not Trustworthy: How Local Browser Add-Ons Put Your Data at Risk

Posted by Gerd Meissner

Nov 16, 2016

How Local Broser Add-ons Put Your Data at RiskSECURITY

If you’re looking for ways to protect yourself when accessing the web, plugins and add-ons for your local browser are not the way to go.

Many plugins will actually increase the risk of online attacks or privacy violations, as in the case of the popular browser add-on WoT, developed by WoT Services, which was marketed as a tool to safeguard user’s data based on website ratings. WoT stands for “Web of Trust.”  Nice marketing pitch.

Yet users who bought into it just learned that they got anything but, as Germany’s investigative TV magazine Panorama and the BBC reported last week.

Topics: Security

How Can Companies Balance IT Security and Personal Web Access at Work?

Posted by Gerd Meissner

Nov 1, 2016

 InfoSec Luminary Lineup IllustrationSECURITY

Companies struggle to protect their IT infrastructure when employees access the web. Checking personal web mail or running online shopping errands from the office helps workers to maintain work/life balance, but it also puts the business at risk from web-borne threats.

Organizations scramble to put policies in place to protect themselves. But policies that are too restrictive can negatively impact productivity and workplace climate.

For our InfoSec Luminary Lineup blog discussion series, we asked: “How can companies balance IT security with users' need to access personal web resources at work?” In this post, cybersecurity startup leaders, experts and influencers share their thoughts, tips and insights on how companies can solve this dilemma.

Face Your Worst Cyber Security Fears

Posted by Scott Petry

Oct 27, 2016

Illustration: Face Your Worst Cyber Security Fears (National Cyber Security Awareness Month / Halloween blog post)SECURITY, NEWS

Survey results: What cyber security issues scare people most?

"There is a time to take counsel of your fears," General George S. Patton once famously said. Halloween marks the end of National Cyber Security Awareness Month (NCSAM). Let’s make this the time to take counsel of the cyber security fears that keep us up at night.

Topics: Security

5 Vendor Risk Reports Every IT Leader Should Read

Posted by Gerd Meissner

Oct 25, 2016

reviews-5-vendor-risk-resources-every-it-leader-should-read-from-denial-to-data-breach-1.pngSECURITY

How do you break into a bank? In the old days, burglars would dig their way into the vault from a basement next door.

In today’s digital economy, hackers don’t barge through the front door, either. They are looking to circumvent the cybersecurity barriers of financial service providers and other security-conscious companies by targeting potential weak spots on their IT periphery - such as less guarded software vendors or law firms with access to the bank’s network.

How can companies assess and manage third-party risk? Vendor risk management ranks high now on the agenda of enterprise CIOs and CISOs in the financial services industry and its business partner ecosystem. But what about other sectors?

Law firms were the first to feel the pressure, as described elsewhere on this blog. Yet in many organizations, regardless of industry, the IT infrastructure continues to remain under threat through undetected and unmitigated vendor risks.

You may have heard how vendors contributed to recent large-scale data breaches at retailers, healthcare providers and government agencies.

To be clear - third parties didn’t “cause” these data breaches by themselves. The surveys and research results covered in this post illustrate an endemic lack of vendor risk awareness and management.

Topics: Security

8 Easy Tips for Better, More Secure Passwords

Posted by Scott Petry

Oct 11, 2016

Thumbnail Illustration for Authentic8 Cybersecurity Awareness Month Blog Post Illustration: 8 Easy Tips for Better, More Secure PasswordsSECURITY

We all know the Ben Franklin quote about two certainties in life being death and taxes. It’s time to add a third: passwords.

We can’t avoid passwords. The problem is, when using them, most of us can’t seem to avoid taking shortcuts either. Hackers count on it, which is why weak or unprotected passwords are still the #1 reason for most major data breaches. I’ve blogged about the reasons here.

No National Cyber Security Awareness Month should go by without pointing out methods to improve password security. I recommend you take the following simple steps sooner rather than later: 

Topics: Security

8 Easy Steps to Protect Yourself Online When Traveling

Posted by Gerd Meissner

Oct 4, 2016

Thumbnail Illustration for Authentic8 Cybersecurity Awareness Month Blog Post Illustration: Business Travel Online SecuritySECURITY

Consider this before taking your next trip: When traveling for business, you are more likely to get hacked than to get mugged, according to a recent report.

Are you among the rapidly growing group of professionals - like lawyers, IT professionals, financial advisors or executive search consultants - who stay connected with their job while on an extended weekend or a vacation trip?

Then you potentially put your organization at risk every time you fire up your notebook or tablet computer in an airport lounge, hotel room or beach restaurant.

Don’t be the one employee whose carelessness opens the door for online crooks. October is National Cybersecurity Awareness Month, so here's to cybersecurity awareness while traveling:

Topics: Security

How a Secure Browser Insulates the Enterprise from Third-Party Risks

Posted by Gerd Meissner

Sep 13, 2016

Illustration for blog post: How a Secure Browser Insulates the Enterprise from Third-Party Risks - Trusted Vendor MemeSECURITY

From enterprise-sized organizations down to one-person professional firms, critical business information is frequently handled by third-party service providers.

Suppliers and vendors are routinely given access to their customers’ most sensitive systems and data. And just as routinely, this results in massive data breaches.

How can your organization improve security to minimize the risk introduced by third-party suppliers?

***

Most companies learn about vulnerabilities when it’s too late - after a data breach. 37 percent of the U.S. companies who responded to a recent survey by Ponemon Institute believed their main third party vendors would not inform them in case of a serious data breach.

Companies are depending on IT consultants, accounting and payroll professionals, HR consultants, recruiters and other professional service providers to get the job done and to maintain a competitive edge.

Topics: Security