Tag: #cybersecurity

What Separates a Good VPN From an Average VPN.

These days, it is becoming more and more difficult to stay secure in what we know as cyberspace, the World Wide Web, or simply the internet. The internet, historically, was certainly not meant to be the all-encompassing digital world it is for billions of people today. It is an incredible thing to remember that the ‘net’ started its life as a scientific research project in the 90s, that would relatively quickly become one of the greatest and most revolutionary inventions of humanity.

Following its release to the public in the mid-90s, the internet saw a huge rise in activity, somewhere between 2004-2010, which coincided with major tech revolutions such as the release of the first iPhone. This period also saw the invention of Facebook, in 2004. In essence, social media and smartphone development really pushed the internet to unprecedented levels. Later in the 2010s, we witnessed even more internet revolution as everything picked up even more speed and breadth (especially the invention of apps), and major upticks in the amount of global internet usage were observed.

Of course, with such an enormous network that is alive, interconnects the entire globe, and keeps growing exponentially every day, there are now security issues to deal with that are a serious concern for anyone’s online activity. Cybercrime has risen and is not stopping anytime soon, which means that the need for cybersecurity has never been greater. 

iDEAR Replay/Shutterstock.com

As malware reared its ugly head (malware is a general term for all malicious software such as viruses, spyware etc.), most notably at the beginning of the 2000s, the demand for cybersecurity grew in every sector, and grows to this day.

What Is A VPN

A Virtual Private Network, or commonly known as a VPN, is an essential tool that helps you stay safe online. It comes in three forms today; for desktop, enterprise solutions for businesses and as an app for smartphones. For this purpose, let’s talk about publicly available VPNs for ‘home’ users (we’ll leave business solutions out in this case). So what does a VPN do? When you connect to the internet, a VPN gives you the option of connecting to an external server that serves as a ‘tunnel’. These servers can be local, or international. Most VPN software offers at least a dozen choices of these tunnels to connect to, more or less.

When you connect to the VPN, this tunnel is encrypted (secured against intrusions), allowing all of your activity on the network to ideally be anonymous. So, this tunnel/server functions in the midway path between you and the rest of the internet. 

We will later cover more on the distinctions between an average and a good VPN, why VPNs vary a lot, and are definitely not equal. There are several VPN choices to choose from, both free and paid, and your choice may vary depending on what they offer. First, let’s delve into why being cyber-aware is important, below.

Being cyber-aware

Let’s emphasize why there is a need to keep the internet secure, and more importantly for you, why you need to protect yourself online. An entire industry of cybersecurity is thriving today in the midst of seemingly endless threats, and it is no longer strange to have software such as an anti-virus, anti-malware and a good Virtual Private Network, or VPN, installed on your system, all active at the same time. 

Having specialized protection against malware is one thing, but in terms of your general safety, anonymity and freedom online, nothing approaches the importance of using a VPN today. As with any software, especially in this day and age, it is critical that you know what it is exactly that you have downloaded. To be truly cybersecure, while using a VPN, you must know what is happening to your data, as well as read up on the privacy policies of the software you have downloaded. 

For instance, let’s talk about a few issues in order to highlight the importance of being cyber-aware; many people have made the mistake of logging into their computer or mobile phones, and downloading whatever VPN software they find, believing that they are now protected. 

There are many free VPNs out there, but their reputation and legitimacy can be questionable. Then, what happens with your data when you connect to a questionable VPN? Why should you invest your time (and sometimes your money) in a good VPN service? Let’s talk about this.

What Makes a Good VPN

What does it mean when we say a ‘good’ VPN? There are a couple of points any VPN worth its salt should include. This would include the following critical must-haves;

 

  • Your VPN should have a strict no-log privacy policy
  • The VPN must guarantee a well-encrypted service
  • The service must be able to unblock geo-blocks
  • Look for encryption such as; L2TP/IPSec, IKEv2, OpenVPN, WireGuard
  • Make sure that you have 128-bit encryption at the least
  • Go for a paid service, avoid free VPNs, for peace of mind

 

A good VPN should be able to give you a high-speed, anonymous, secure and free internet service. It should completely cloak your internet usage, and allow you to view search results in the country you have connected to. In most cases, you will rarely find a free VPN that guarantees all of these criteria, however there are of course exceptions if you do a little research. 

A guaranteed way to check how secure you are if you have downloaded a VPN, is to do an extensive online security check. With these checks, you will be able to know if your Internet Service Provider, as well as the rest of the internet ‘sees’ you. A good VPN will show your location as the one you selected in your VPN program, and should not show any of your local info at all. You should also not have any DNS leak warnings when you do the check. Once you have completed this step, it is also advisable to download a secure browser that includes ‘do-not-track’ and ‘anti-fingerprinting’ options. A good browser combined with a good VPN are a fantastic combination for a free, safe and anonymous internet experience.

Securing Irish SMEs as cyber-attacks surge. #Dell #DataCentres #Cybersecurity

John O’Donoghue, Solution Consultant for the Data Centre Computer Group, Dell Technologies Ireland.

Cybersecurity is more important than ever, as hacks and attacks surge following the mass migration to remote working. Irish businesses are coming to terms with their ‘new normal’ and as many within the workforce adapts to remote working over the longer-term, organisations will become ever more vulnerable to attack. 

At a time when many small and medium-sized enterprises (SMEs) in Ireland are planning for an uncertain future while seeking to protect their employees, one area that businesses will need to focus on is security. Moreover, cybersecurity strategies need to be adapted at speed to the new ways of working to protect businesses. For smaller and medium businesses struggling with cash flow issues, a cyber-attack could be disastrous.

Covid-19 Cyber Realities

Since the start of the Covid-19 outbreak, the volume of cyber-crime and cyber-attacks became significantly more prevalent in Ireland, while the rate of phishing attacks skyrocketed by over 600% in Europe compared to previous figures. Attackers have been exploiting the fear and uncertainty generated by the pandemic by luring users to click on a variety of links or handover personal details – or unknowingly download malware.

The increased level of risk is being acknowledged across industries – with healthcare businesses being particularly affected. The World Health Organisation reported a five-fold increase in cyber-attacks, targeting its employees as well as the general public, with scammers impersonating the organisation. It took to the media to urge extra vigilance as a result. 

Meanwhile here in Ireland, An Garda Síochána has warned that the number of cyber-attacks is likely to increase further, as cybercriminals are using Covid-19 themed phishing scams and emails in an attempt to exploit vulnerabilities and fear.

SMEs are right to be concerned. Not only are they disproportionately being targeted, but they are particularly at risk from phishing attacks due to a comparative lack of cyber training and awareness. Larger businesses tend to have several in-house cybersecurity experts, enabling swift and effective responses. Speed is key when it comes to containing a breach.

Apart from a lack of awareness putting smaller businesses in Ireland at risk, the larger businesses that may rely on their goods and services also risk being exposed – creating both reputational as well as financial consequences. Cybersecurity is a collaborative effort, requiring all stakeholders to be aligned, alert and prepared to take the appropriate action in the event of an attack.

Protecting medium businesses

With high risks and high stakes, Irish SMEs will need to review and update security strategies – engaging with expert consultancy where possible for support. In order to protect businesses, data must be protected from the endpoint to the data centre, assessing each step of the chain and reviewing when the business landscape evolves. Being able to pivot in order to protect is key. Their first line of defence is their employees.

John O’Donoghue

Ensuring the workforce has a good understanding of cybersecurity essentials is a key part of any strategy – along with an instant response plan. This can be achieved through regular training, workshops and testing to help businesses spot security threats. With the surge in phishing attacks, it is important that they understand the risk, the levels of deception and the consequences. Practice really does help erase complacency and keep staff on their toes.

While some SMEs may ponder why they would be targeted over a larger business, overall they seem to accept that the threat is not only real but impending, according to a recent study. However, far from being complacent, with the volume of risk being exponentially high, there is a tendency for IT decision-makers to panic – and they need to know who to turn to for clarity.  

Trusted advisors with deep digital expertise should be able to share a clear security roadmap, that is surprisingly simple. Security experts at Dell Technologies Ireland help to tailor cyber strategies to businesses, providing a threat intelligence network using AI technologies, while ensuring the ecosystem of partners is covered. SMEs are not alone – but they do need to act.

As the Irish economy continues to digitise operations, supply chains, business transactions, and employee and customer services, cyberattacks are expected to continue to pose as one of the major threats. Shoring up security for medium businesses provides a critical lifeline in otherwise uncertain times.

Here’s What You Need to Know About Enterprise Security in the COVID-19 Era. #Covid-19 #Security

In the wake of the developing COVID-19 pandemic, organizations around the world have adopted social distancing practices to slow the spread of the disease, including instructing many employees to work from home. But no one could have foreseen the need for businesses, government agencies, and other organizations around the world to quickly transition the majority of their workforces to remote work. 

 

The fast transition, the sheer number of people now working from home, and the already-devastating economic effects of the pandemic are among the factors that make this time an especially perilous one for enterprise security. IT security teams are struggling to keep up with increased threat levels from COVID-19-related malware and other cyber threats. Newly remote workers are leaving their companies’ networks vulnerable to hackers, and COVID-19-related cyber scams are on the rise as hackers seek to cash in on the crisis. Here’s what you need to know to keep your company safe.

Educate Employees About COVID-19 Cybersecurity

If your organization hasn’t already been giving employees regular cybersecurity training, then you need more help than this article can give. If you have been giving employees regular cybersecurity training, now is not the time to slack off. You should be aware that COVID-19-related cyber scams are proliferating at a mind-boggling pace. By mid-March, Computer Weekly was already calling COVID-19 the biggest cyber-threat in history, due to the massive volume of related malware and scam emails already circulating by that time. By mid-April, Google reported blocking 18 million COVID-19-related scam emails a day. 

 

Cyber criminals love to play on the emotions of their victims to cash in, because users in the grip of a strong emotion, like fear of a deadly disease, often aren’t thinking straight. They’ll click on links or download attachments that they might otherwise have ignored. And many people around the world, having lost their jobs or been physically restricted to their homes or neighborhoods, are looking for a way to make a living, so the ranks of cyber criminals may be swelling, too.

 

That’s why it’s so important to educate employees about the cybersecurity risks associated with COVID-19. Regular security training will keep employees vigilant against suspicious emails that might land in their inboxes. Make sure to send out regular memos warning employees of common COVID-19 related malware and phishing scams as they emerge. Your employees may not be targeted by specific scams, but knowing what kinds of things to look out for can help them protect the enterprise network.

 

Of course, you’ll also need a security solution that can detect vulnerabilities and threats and work to neutralize them. Your employees will be reporting suspicious emails, perhaps in greater numbers than ever before, and your IT security team will be facing more threats than it probably ever has in the past. Make sure you have a comprehensive enterprise network security solution to help your team meet these new challenges.

Require a VPN and Regular Security Check-Ins

Your employees’ home networks won’t be as secure as your enterprise network, because it’s unlikely that employees have intrusion detection or protection on their home networks. That’s why you should require employees to connect to the company’s network through a virtual private network (VPN). A VPN can hide your employees’ activities on your network, and help protect your information from thieves.

 

You should also set network security standards for employees working from home. Put together a security protocol that includes securing devices physically, keeping work and personal emails separate, and locking down their home networks. Implement regular security check-ins with staff to make sure they’re using multi-factor authentication to log into enterprise systems and work email accounts, and to verify that they’re implementing the enterprise security protocols for their home networks. 

Give Employees Company Devices to Work from Home

It might be tempting to allow employees to work from home on their personal devices — it would save your organization a lot of money on laptops. But you don’t know what employees are doing on their personal devices when they’re not on the clock, what antivirus and antimalware protection they’re using, or how tight their security is. It’s easier to protect your enterprise network when you issue company devices to employees who are working from home. It’s also easier to keep an eye on those employees to make sure they really are working when they’re supposed to be. When you issue company devices, you’ll be able to synchronize the same endpoint solution across each one, to remove some of the vulnerabilities that can come with a rapid distribution of teams.

 

The COVID-19 pandemic has brought a lot of uncertainty with it, especially when it comes to keeping your enterprise network secure. Don’t let the challenges of this pandemic leave you vulnerable to cyber criminals. Protect your network, so you and your employees can weather the storm.

Irish business working remotely due to coronavirus? Here’s how to do it securely…#Cybersecurity #Sophos #Coronavirus

Many, if not most, organisations have already crossed the “working from home”, or at least the “working while on the road” bridge.

If you’re on the IT team, you’re probably used to preparing laptops for staff to use remotely, and setting up mobile phones with access to company data.

But global concerns over the current coronavirus (Covid-19) outbreak, and the need to keep at-risk staff away from the office, means that lots of companies may soon and suddenly end up with lots more staff working from home…

…and it’s vital not to let the precautions intended to protect the physical health of your staff turn into a threat to their cybersecurity health at the same time.

Importantly, if you have a colleague who needs to work from home specifically to stay away from the office then you can no longer use the tried-and-tested approach of getting them to come in once to collect their new laptop and phone, and to receive the on-site training that you hope will make them a safer teleworker.

You may end up needing to set remote users up from scratch, entirely remotely, and that might be something you’ve not done a lot of in the past.

So here are our five tips for working from home safely.

  1. Make sure it’s easy for your users to get started

Look for security products that offer what’s called an SSP, short for Self-Service Portal.

What you are looking for is a service to which a remote user can connect, perhaps with a brand-new laptop they ordered themselves, and set it up safely and easily without needing to hand it over to the IT department first.

Many SSPs also allow the user to choose between different levels of access, so they can safely connect up either a personal device (albeit with less access to fewer company systems than they’d get with a dedicated device), or a device that will be used only for company work.

The three key things you want to be able to set up easily and correctly are: encryption, protection and patching.

Encryption means making sure that full-device encryption is turned on and activated, which protects any data on the device if it gets stolen; protection means that you start off with known security software, such as anti-virus, configured in the way you want; and patching means making sure that the user gets as many security updates as possible automatically, so they don’t get forgotten.

Remember that if you do suffer a data breach, such as a lost laptop, you may well need to disclose the fact to the data protection regulator.

If you want to be able to claim that you took the right precautions, and thus that the breach can be disregarded, you’ll need to produce evidence – the regulator won’t just take your word for it!

  1. Make sure your users can do what they need

If users genuinely can’t do their job without access to server X or to system Y, then there’s no point in sending them off to work from home without access to X and Y.

Make sure you have got your chosen remote access solution working reliably first – force it on yourself! – before expecting your users to adopt it.

If there are any differences between what they might be used to and what they are going to get, explain the difference clearly – for example, if the emails they receive on their phone will be stripped of attachments, don’t leave them to find that out on their own.

They’ll not only be annoyed but will probably also try to make up their own tricks for bypassing the problem, such as asking colleagues to upload the files to private accounts instead.

If you’re the user, try to be understanding if there are things you used to be able do in the office that you have to manage without at home.

  1. Make sure you can see what your users are doing

Don’t just leave your users to their own devices (literally or figuratively).

If you’ve set up automatic updating for them, make sure you also have a way to check that it’s working, and be prepared to spend time online helping them fix things if they go wrong.

If their security software produces warnings that you know they will have seen, make sure you review those warnings too, and let your users know what they mean and what you expect them to do about any issues that may arise.

Don’t patronise your users, because no one likes that; but don’t leave them to fend for themselves, either – show them a bit of cybersecurity love and you are very likely to find that they repay it.

  1. Make sure they have somewhere to report security issues

If you haven’t already, set up an easily remembered email address, such as security911 @ yourcompany DOT example, where users can report security issues quickly and easily.

Remember that a lot of cyberattacks succeed because the crooks try over and over again until one user makes an innocent mistake – so if the first person to see a new threat has somewhere to report it where they know they won’t be judged or criticised (or, worse still, ignored), they’ll end up helping everyone else.

Teach your users – in fact, this goes for office-based staff as well as teleworkers – only to reach out to you for cybersecurity assistance by using the email address or phone number you gave them. (Consider snail-mailing them a card or a sticker with the details printed on it.)

If they never make contact using links or phone numbers supplied by email, they they are very much less likely to get scammed or phished.

  1. Make sure you know about “shadow IT” solutions

Shadow IT is where non-IT staff find their own ways of solving technical problems, for convenience or speed.

If you have a bunch of colleagues who are used to working together in the office, but who end up flung apart and unable to meet up, it’s quite likely that they might come up with their own ways of collaborating online – using tools they’ve never tried before.

Sometimes, you might even be happy for them to do this, if it’s a cheap and happy way of boosting team dynamics.

For example, they might open an account with an online whiteboarding service – perhaps even one you trust perfectly well – on their own credit card and plan to claim it back later.

The first risk everyone thinks about in cases like this is, “What if they make a security blunder or leak data they shouldn’t?”

But there’s another problem that lots of companies forget about, namely: what if, instead of being a security disaster, it’s a conspicuous success?

A temporary solution put in place to deal with a public health issue might turn into a vibrant and important part of the company’s online presence.

So, make sure you know whose credit card it’s charged to, and make sure you can get access to the account if the person who originally created it forgets the password, or cancels their card.

So-called “shadow IT” isn’t just a risk if it goes wrong – it can turn into a complicated liability if it goes right!

Most of all…

Most of all, if you and your users suddenly need to get into teleworking, be prepared to meet each other halfway.

For example, if you’re the user, and your IT team suddenly insists that you start using a password manager and 2FA (those second-factor login codes you have to type in every time)…

…then just say “Sure,” even if you hate 2FA and have avoided it in your personal life because you find it inconvenient.

And if you’re the sysadmin, don’t ignore your users, even if they ask questions you think they should know the answer to by now, or if they ask for something you’ve already said “No” to…

…because it might very well be that they’re asking because you didn’t explain clearly the first time, or because the feature they need really is important to doing their job properly.

We’re living in tricky times, so try not to let matters of public health cause the sort of friction that gets in the way of doing cybersecurity properly!