Information security professionals are often concerned about attacks coming from outside the organization – such as remote hackers. However, more than half of these attacks1 come from inside the organization. Information security professionals along with non-IT staff need to be trained to recognize the traits and behaviors of organization insiders who pose a serious threat. (more…)
REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a smart strategy. This can get everyone in your organization thinking about information security and makecompliancean enterprise-wide priority for managing risks. (more…)
Over years of penetration testing, HALOCK has seen some enduring security vulnerabilities. They are so common, in fact, that we have come to expect to see them in the field. Many information security breaches occur because authentication vulnerabilities permit unauthorized access to applications, systems and data. If you were to follow these tips, our penetration tests would be much less fruitful (and that’s a good thing!) (more…)
The Third Circuit Court of Appeals announced on Monday, August 24, 2015 that the Federal Trade Commission is acting within its authority when it takes action against companies for poor data security practices. Take heed. You may be doing exactly what the FTC is complaining about. (more…)
The Internet of Things (IOT) andCloudComputing has provided business and consumers with unimaginable tools and functionality, not to mention immense entrepreneurial opportunities. Along with the connectedness of these solutions comesincreased security risks that many entrepreneurs,start-ups, and venture capitalists need to be aware of before either launching into the tech industry or investing in a tech business. (more…)
CREATE A REALLY STRONGPASSWORD: A PEN TESTER’S PERSPECTIVE.
Attackers have figured out how to crack even what you and I think are the toughest passwords. HALOCKpen testersalmost always find passwords as a weak spot in every investigation. With so much at stake, it’s a wonder why password safety still isn’t being taken seriously.(more…)
The use of social media like Twitter, Facebook, Instagram, Tumblr, Google Plus, LinkedIn and others have been steadily growing. It is used not only between individuals connecting with their “tweeps,” but also for businesses connecting with their customers, and even politicians with their constituents. Social media platforms have become a forum for sharing all manner of expression on all subjects.
Valentine’s Day is February 14. Traditionally it’s the one day of the year when people express their love for each other by sending flowers, candies and love notes. But we’re not here to talk about love and candy and flowers… we’re here to talk about how hackers use holidays like this to compromise your security.
Hackers and other thieves are looking to prey on those they perceive are weak – the lonely hearts. They set up elaborate fake social media profiles, with attractive photos using stock photography to swoon and lure their victims into thinking that they are a sincere love interest. The bad guys can get you talking and learn all sorts of things about you without you ever speaking a word or meeting face-to-face. All with the purpose of exploiting the information you have.
So the next time you get that friend request on Facebook or connection request on Linkedin, you might think twice about accepting it unless you actually know the person. Don’t be a sucker this Valentine’s Day – or any day. Hackers are counting on it.
PREPARING FOR YOUR DATA BREACH. Author:Chris Cronin, ISO 27001 Auditor
Most InfoSec professionals don’t want to think about becoming the next victim of a major data breach to make the headlines. And yet when faced with another major data breach it is a time when Executive Management and security teams reflect on their own insecurities. The latest breach is being reported as the largest data breach ofhealth informationor protected health information (PHI) in U.S. history with 80 million records stolen. The high profile breaches of Sony, Target and Home Depot, brand themselves in consumer’s minds, as Americans deal with the direct and indirect effects. And now we have a largehealthcareinsurance provider running itsincident responsecycle.(more…)
As the holidays approach, you’ll probably be seeing many relatives and friends. Many will pull you aside and ask you about the latest security news, myths and rumors. While preparing for a Thanksgiving visit, one relative asked me about a hoax security alert warning that her iPhone’s flashlight was listening to her conversations. (more…)