Tag Archives: Tips

Debunking the Myths of the GDPR, Pt. 2

The date is approaching when the new GDPR (General Data Protection Regulation) will replace the 1995 data protection legislation and, as time passes, its application is taking relevance in the conversations of security experts and responsible for all the companies. Remember that the GDPR will help strengthen the protection of the user’s fundamental rights in the online environment and will give them back control of their personal information. Therefore, companies must be prepared to adopt mandatory measures.

We’ve already explained the fundamental changes to the legislation. We also went over some of the most widespread myths regarding the GDPR: its scope of application, the timeframe for reporting incidents, or requirements related to data encryption. Today we are going to analyze more myths that enshroud this new regulation.

Myth number 4: “The personal data already contained in our database is not subject to the GDPR”

One of the most overwhelming issues for companies is the massive amount of information they already have in their possession. Does the new legislation apply to these databases collected before its entry into force? The answer is, “Yes. Definitely.” All user data of a personal nature must comply with the regulation, regardless of the date of collection of said data. The only exception to this rule is in the case of deceased persons, since in this case the regulation would not apply to their personal data.

Myth number 5: “The data is stored by my cloud provider, so the GDPR is their problem, not mine”

Some have contended that since companies that use third party cloud storage are not technically responsible for directly storing data, we are not responsible for applying the measures imposed by the GDPR. However, whenever you deal with a user’s information, you will most likely fall into the controller or processor category. If you hire an external company to store the data, your company would become the controller, or controller and processor, while the cloud service would be solely in a processor role. But both are within the scope of the new regulation. So even if the controller uses a third-party service to store their data, it will still be responsible for complying with the GDPR.

Myth number 6: “The GDPR is restricted to personal identification information”

It is advisable to take extra precautions when approaching the changes indicated by the GDPR. That’s because, to date, the definition of what we consider to be personally identifiable data has fallen short. As the GDPR explains, the EU has substantially expanded this definition of personal data to efficiently reflect the types of data that is ordinarily collected. The new regulation expands the definition to include online identifiers or even IP addresses, since these are now considered to be personal data. Other data, such as economic, cultural, genetic or mental health information, are also considered to be personally identifiable information.

Panda Security can help you make the change

The GDPR will bring along with it a series of profound changes in the way a company operates. To help get things up and running, Panda Security has prepared this “Preparation Guide to the New European General Data Protection Regulation”. We respond to important issues related to the GDPR, such as: how does it affect my business? What obligations does this regulation require? What happens if I do not comply with these obligations?

We also work on solutions, so that the data and systems remain completely safe and in full compliance with the GDPR. For example, Adaptive Defense, with its state-of-the-art protection tools (NG EPP) and detection and remediation technologies (EDR), serves as a critical means of ensuring compliance. The GDPR is not to be underestimated, and understanding its finer points will be a differentiating factor in every sector that handles personal data.

The post Debunking the Myths of the GDPR, Pt. 2 appeared first on Panda Security Mediacenter.

Read More

How Secure is My Password?

Recently, researchers found an Equifax portal guarding access to 14,000 personal records being secured by the password “admin/admin”. The issue has since been fixed, but the example highlights the lack of importance given to password creation that continues to plague cyber security for businesses and individuals.

Most people still use passwords that are easy for cyber thieves to guess despite the devastating effects of identity theft. But the problem isn’t just about carelessness; it’s about human nature. Understanding the problem will help you create better passwords.

The Human Predictability Problem

The founder of our current day password strategy, Bill Burr, recently admitted he regrets his original recommendations. While working at the National Institute of Standards and Technology (NIST) in 2003, Burr authored a guide that laid out two fundamental rules for password creation:

  • It must have a combination of alphanumeric, uppercase, lowercase, and special characters.
  • It should be changed every 90 days.

Rule number 1 results in a password like “S3cur1Ty%”, which looks random, but it’s actually not that hard for cyber criminals to crack. It’s easy because humans are so predictable.

For example, most of us tend to capitalize the first letter in our passwords. We also use the same numerical substitutions for letters (ex. “3” for “E”, “1” for “i”). Those two common strategies alone make our passwords much more predictable.

The NIST has since revised Burr’s guidelines, admitting that requiring complex passwords cause users to “respond in very predictable ways to the requirements imposed by composition rules.”

Rule number two results in a similar problem. People who change their passwords regularly tend to only make minor alterations, like simply adding a “1” at the end (not exactly creating the Enigma Code there). The NIST guidelines no longer suggest changing passwords every 90 days. Instead, you should change them when it’s appropriate, like after the Equifax security breach.

How do cyber criminals steal passwords?

Hackers have many way of stealing your passwords.

Brute Force Attacks

Hackers use software that repeatedly tries many different password combinations. Since the reigning champion of worst passwords is still “123456”, brute force attacks are a reliable way to steal your information. Brute force password “cracking” software comes with names like Brutus, RainbowCrack, and Wfuzz and are free to download.

Brute force attacks are effective with shorter passwords, but struggle with longer ones. For those, hackers switch strategies.

Dictionary Attack

As the name implies, dictionary attack software searches through a prearranged list of words, trying different combinations and variations. Ironically, cyber criminals use stolen passwords to make stealing passwords easier. Cyber thieves often purchase stolen password lists on the online black market. They buy them, not for targeting individuals, but for determining the most common passwords people use. They’re searching for human predictability so they can narrow their future searches.

Even legitimate businesses buy stolen passwords in an effort to safeguard their customers’ information

Because of these password lists, the NIST recommends sites that rank a users’ password strength by comparing it “against a ‘black list’ of unacceptable passwords.” If you try and use a password on such a list, the website may reject it.

Wi-Fi Monitoring Attack

Password thieves can also steal your password when you’re connected to public Wi-Fi. Special software alerts hackers when you connect to Wi-Fi and enter your username and password. They intercept and record the transmitted data, stealing your credentials. Wi-Fi attacks and recently discovered vulnerabilities are making Wi-Fi monitoring attacks a bigger threat.

Phishing Attacks

Attackers use fake emails and websites to steal your passwords. Phishing attacks are usually emails disguised as legitimate company correspondence. The emails typically direct you to download an attachment, click a link, or sign into a website.

That email from your “bank” looks legitimate, but its real author may be a thief directing you to enter your username and password into a fake website. Although hackers are getting more sophisticated, there are still effective ways to spot phishing attacks before it’s too late.

Updated strategies for creating passwords

Creating a good password means finding a balance between memorability and randomness. Here are some new strategies based on the updated NIST guidelines.

Stop being predictable

Now that you understand how Burr’s guidelines actually resulted in more predictable passwords, you can avoid these issues by creating personalized randomness.

Personalized Substitutions

Instead of using common substitutions (ex. “4” for “A”, “$” for “S”), find your own substitutions based on individual associations. For example, if your name begins with A and you’re the third child, then substitute all your A’s with 3’s. You can also substitute all S’s with the number of S’s in the title of your favorite horror movie (ex. “Texas Chain Saw Massacre” = 4).

Capitalization

Avoid predictable patterns in letter capitalization, like upper-case letters in the first and last position. Use a personal preference or choose to capitalize a letter where it aids memorization the most.

Using personal connections makes remembering your password easier and guessing it much harder.

Length

The longer your password, the better. More characters guard against brute force attacks by increasing complexity. At minimum, you should have eight characters. The NIST recommends websites encourage users to create passwords as “lengthy as they want.” But remember: the longer the password, the harder it will be to remember.

Use Acronyms

Using acronyms built from a longer phrase is a good way to create a secure password that’s easy to remember. Here are the steps:

  1. Find a phrase you can remember easily. Example: “Don’t count your chickens before they hatch”
  2. Create an acronym by using the first letters of each word in the phrase. So, “dcycbth.”
  3. Add some numbers and special characters based on the substitution and capitalization strategies listed above. For example, dcYcb3Th% is a strong password that’s easy to remember.

The longer and more personalized your initial phrase the stronger the resulting password will be.

Note: “personalized” doesn’t mean personal. Never use personal information like your date of birth, hometown name, or other piece of data a thief could easily find. Therefore, an example of a bad phrase to use would be “My Birthday Is On June Fifteenth Nineteen Eighty.

Use a Passphrase

Passphrases are built from random words strung together. They help thwart dictionary attacks that look for common patterns and connections. If you used a random noun generator to produce the four words “hallway”, “routine”, “travel” and “tsunami” you could build a password with strong randomness and length: hallwayroutinetraveltsunami. Add some uncommon substitutions and special characters and you’ve created a strong, memorable password.

Note: some security analysts argue the strength of random words passphrases are less secure than we might think given the limited number of words the average college educated person knows (80,000 words).

Use Two-Step Verification

If you haven’t set up two-step verification (2SV) on your accounts, you should do it as soon as you can. Also known as two-factor authentication, 2SV provides an extra layer of protection by having you prove your identity. Many 2SV systems work by sending a text to your phone with an access code. After you enter the code, the website gives you access to your account.

Vulnerabilities exist in 2SV because of the possibility of Wi-Fi and phishing attacks, but the NIST still recommends the practice.

Google recently announced its 2SV program called Google Prompt for Android phone phones The company claims Google Prompt is an easier and more secure method of authenticating an account than traditional 2SV.

Get a Password Manager

Another problem with passwords is that around 60% of people use the same one for multiple accounts. The downsides are obvious, but with so many of our online services requiring passwords, creating unique and memorable passwords isn’t practical.

Password managers are increasing in popularity because they create secure passwords you don’t have to remember. Most work by having you create a master password. The manager will then let you create and save more passwords for each of your outside accounts. They will even randomly generate passwords for you. If you can remember your master password, you can access all of your other ones.

When creating strong passwords, it’s definitely good not to follow the crowd. Secure passwords should be as unique as you are, so follow the NIST guidelines and keep access to your accounts in your hands, not those of cyber criminals.
Download Free Antivirus

The post How Secure is My Password? appeared first on Panda Security Mediacenter.

Read More

Female gamers, online abuse, and staying safe

For many women playing online games, the experience is less than enjoyable. Female gamers may love the games, but other players can make life a living hell with sexist abuse.

A recent Guardian story detailed one woman gamer’s experiences, ranging from low level insults, to unwanted sexual advances from another player. To avoid similar problems, she has developed a range of safeguards, from pretending to be a boy, through to simply not participating in the in-game chat between players.

Obviously the real problem is unreasonable behaviour by male players, and this is where real change needs to take place. In the meantime, female gamers will need to take steps to better protect themselves.

Here are some tips to help you stay safe online.

1. Understand the game’s reporting system

Most games now offer a system for reporting abuse, allowing the game operator to intervene when “banter” becomes unreasonable. Usually this will be a button marked “Report Abuse”, although this will vary between games and websites.

You should make sure you know how to report abuse before you start playing online. Many platforms may ask for additional evidence to help them investigate a report, such as taking a picture of what is shown on your screen (known as a screenshot):

For an Apple computer, hold down Shift + CMD (⌘) + 3 – a picture will be saved to your desktop.

For a Windows PC, hold down Alt + Prt Scr – the picture can be found under This PC -> Pictures -> Screenshots

2. Use the reporting system

Some major platforms like Xbox Live use real time monitoring to detect abusive language, and block trolls automatically – but many do not. These automated systems are not fool-proof either, so you must report abuse – otherwise the troll is free to abuse you and other players.

The sooner you report abuse, the quicker it will be dealt with.

3. Stay calm, don’t react

Once you have reported another player for abuse, you should avoid communicating with them again. Many trolls enjoy upsetting other people and making them feel bad, but you should never get into an argument with them.

Stay calm, and let the reporting process complete. If you are unsatisfied with the outcome of an investigation, or are concerned that nothing is being done, contact the games provider’s support helpline. Remember that an investigation may take longer than you expect.

4. Install a PC security tool

Some trolls will go even further, stalking and harassing their victims outside the game. They may attack via social media, or even try and hack their computer, looking for sensitive personal data that they can use to embarrass or threaten their victims.

To protect yourself against these people, always ensure you have an anti-malware tool installed on your computer. This will detect and block hackers, keeping your data safe. Download Panda Free Antivirus to get started now. You can also learn more about using social media safely in this guide.

Be prepared and be sensible

For women who do fall victim to trolls, it may feel as though they are not receiving proper protection online. Unfortunately this means that until games companies start taking these threats more seriously, female gamers will need to protect themselves.

The post Female gamers, online abuse, and staying safe appeared first on Panda Security Mediacenter.

Read More

Black Friday VS Cyber Monday

Black Friday or Cyber Monday? Which is better?

Halloween was fun but now is officially gone for 2017 and guess what – Michael Bublé is coming out of hibernation and Christmas carols are about to take over the world for the next two months. The weather is getting colder and wet, days are shorter but lose no faith, the festive period is coming sooner than later – Thanksgiving is just around the corner!
There are always so many great deals around Black Friday that this year nearly half of the US population is expected to go out there looking for bargains during the Thanksgiving long weekend.

This is the time when people’s Christmas-shopping instinct usually kicks off. While going out in the cold bargain-hunting may sound appealing to many, more and more people are opting out from fighting the Black Friday crowds and are going to do the shopping online from the comfort of their home, or workplace on Monday. Last year’s Cyber Monday was by far the biggest online sales day in the US history – Americans spent nearly $3.5 billion.

There are various reasons why more and more people are choosing to stay at home and do the Black Friday/Cyber Monday shopping from the comfort of their home or workplace. Even though buyers cannot get the dreamed purchase right away, online shopping may have a positive impact on your wallet. As we all know, when looking to make a purchase, there is a high chance you may find it cheaper online when compared to retail.

Paying sales tax does not have much of an effect on your wallet when purchasing everyday goods, but it can make a huge difference when you want to buy expensive consumer electronics such as a TV, DSLR or your next laptop. Online shopping sometimes comes with the perks of not having to pay sales tax which can save you between 2%-10%. As long as you are careful and patient, online shopping can be a great experience and save you some cash.

When should you make a purchase – Black Friday or Cyber Monday?

There are so many great deals on Black Friday and Cyber Monday that sometimes this time of the year feels like Christmas came early. However, very often you don’t know when is the right time to make a purchase. Sometimes you end up buying something on Black Friday only to find out there is a better deal on Cyber Monday. Deciding which day will give you a bigger bang for your buck is a tough question, and there is no definitive answer, but there are a few things that you can keep in mind.

If you are a deal-hunter and savings is all you crave, you may want to make a purchase on Black Friday and monitor the market until Monday. If the price on Cyber Monday is more favorable than the one on Black Friday, you may just return or cancel the purchase you made on Friday. However, always be aware of the cancellation process and if there are restocking fees. Luckily, many retailers and online shops start their promos on Black Friday and keep the same deals going until the end of Cyber Monday – they do that probably because they do not want to deal with returns either. We advise you to also listen to your gut, if you are ready to pay something and you are happy with the price, just do it and don’t look again. Don’t ruin your holiday-time stressing on a $5 savings you could have had.

Keep your devices safe

No matter what your choice is, if you are planning on doing the majority of your shopping online, be vigilant and purchase goods only from websites that you trust. The festive period is the time when hackers want to take advantage of your eagerness to strike a fantastic deal and are known to be active.

Be vigilant, be protected, and remember that if something looks too good to be true, it probably isn’t.

Download Free Antivirus

The post Black Friday VS Cyber Monday appeared first on Panda Security Mediacenter.

Read More

Halloween cyber security tricks to avoid being hacked

When it comes to cybersecurity, there are very few treats to be enjoyed.

Even the good guys need to use tricks to avoid the nasty plans of hackers and criminals sometimes.

1. Suspicious attachments – the beast from within

Still the most popular tool for hackers to break into your computer, email is a constant source of potential problems. A malware infected email attachment allows the bad guys to take over your computer and steal your information.

Always treat email attachments with suspicion and never open a file sent by someone you don’t know. If you have any concerns at all about the attachment, delete it – and keep the monsters away from your computer.

2. Dodgy links – the gateway to Hell

Links from unknown sources can open the door to all kinds of horrors. Sometimes hackers will embed links to dodgy files and websites in email messages, or on social media websites.

You should never click a link from an unknown source – instead, type it directly into the address bar to avoid being tricked.

3. SSL – keeping the monsters out

The Internet is constantly monitored by ghosts and ghouls, waiting to grab your most sensitive information – like credit card numbers and passwords. Grabbing that information may be easier than you expect too.

Always check for the padlock icon in the address bar when shopping online. No padlock, no shopping.

4. Anti-malware – your cyber shotgun

Effective defence against malware and hackers means taking steps to properly protect yourself. In the same way that a shotgun will stop a zombie in its tracks, anti-malware like Panda Security will halt attacks by hackers.

Always ensure that your computers and mobile devices are fully patched, and that all available security updates have been installed. You must then boost your defences with anti-malware to detect, block and eradicate malware before it can take over your computer.

5. Brains – use them, don’t eat them

When combined with anti malware, the most effective defence against any ghosts or monsters is common sense – using your brain to defeat the brainless. In many cases, basic hacking attacks can be defeated by paying close attention to what you are doing.

Does an email look slightly odd? Delete it. Is there something unusual about the website you’re using? Shut your browser down and try again. Not sure about the link you’ve been sent? Retype the address manually.

If something looks wrong – low quality pictures, spelling mistakes, unusual website address – it probably is. If you avoid these risks, you’ll avoid the bad guys waiting to steal your data.

Get started today.

Download Panda Free Antivirus, and defeat the evil gremlins who could turn your Halloween into a nightmare.

The post Halloween cyber security tricks to avoid being hacked appeared first on Panda Security Mediacenter.

Read More

3 Ways to Minimize “Security Fatigue” Among Employees

There’s a side effect to our rising awareness of (and concern over) cybersecurity. It’s called “security fatigue”, and employees the world over are beginning to show symptoms of it. According to a study from the National Institute of Standards and Technology (NIST), the majority of internet users suffer from this so-called security fatigue.

Users find themselves asking two major, and contradictory, questions: 1) if large companies with big security budgets are routinely attacked, how will I protect myself from cybercriminals? And 2) despite all the cyberattacks you hear about in the news, I personally do not know anyone who has been hacked — am I really a target for a cybercriminal? This confusion between the inevitability and probability of becoming a victim of cybercrime is resulting in a kind of nonchalance with respect to matters of security. This lack of concern, this attitude of surrendering to the notion of “whatever will be, will be” puts both users and the companies they work for at risk.

So how can we minimize security fatigue in our companies?

Use a password manager

The average internet user has more than 100 accounts associated with the same email address. Ideally, therefore, they would have 100 different passwords. Obviously, it is impossible to memorize such an enormous number of credentials. In addition, from time to time we require our employees to update their password to start the PC or access a particular software program. And what do they do? Choose the fastest and easiest option. 81% of users use the same password in different accounts and 36% reuse the password in more than 25% of their online accounts.

The solution to this problem is to set up a password manager for all employees. It is the easiest way to generate unique passwords for each account that have a high level of security. With it, employees will only need to remember one password, instead of one hundred.

Update, update, update

We can’t stress this enough.

Limit the number of security decisions your employees have to make. If the security team keeps systems and devices up to date, implements patches, and automatically downloads the latest malware databases, unnecessary risks will be avoided. This should be a mandatory practice, ensuring that employees have safe working tools and will not have to worry about supplementary tasks, nor receive constant alerts to update programs.

Use advanced cybersecurity measures

Employees are overexposed to security alerts, a situation that ultimately ends up becoming a little bit like the boy who cried wolf. Pages reminding them that their passwords are insecure, antiviruses that warn of the dangers of accessing a particular web page or downloading a certain file … The constant repetition of these warnings contributes to a feeling that nothing is safe anymore, so why bother? In the work environment, we can reduce that level of insecurity using tools that block an attack before it even occurs. Advanced cybersecurity solutions monitor the organization’s systems in real-time, detecting and stopping any suspicious behavior that could be harmful. Preventing the attack before it occurs will take some of the stress off of the employee and, in turn, reduce the security fatigue that is increasingly prevalent in our modern times.

The post 3 Ways to Minimize “Security Fatigue” Among Employees appeared first on Panda Security Mediacenter.

Read More

3 Ways to Minimize “Security Fatigue” Among Employees

There’s a side effect to our rising awareness of (and concern over) cybersecurity. It’s called “security fatigue”, and employees the world over are beginning to show symptoms of it. According to a study from the National Institute of Standards and Technology (NIST), the majority of internet users suffer from this so-called security fatigue.

Users find themselves asking two major, and contradictory, questions: 1) if large companies with big security budgets are routinely attacked, how will I protect myself from cybercriminals? And 2) despite all the cyberattacks you hear about in the news, I personally do not know anyone who has been hacked — am I really a target for a cybercriminal? This confusion between the inevitability and probability of becoming a victim of cybercrime is resulting in a kind of nonchalance with respect to matters of security. This lack of concern, this attitude of surrendering to the notion of “whatever will be, will be” puts both users and the companies they work for at risk.

So how can we minimize security fatigue in our companies?

Use a password manager

The average internet user has more than 100 accounts associated with the same email address. Ideally, therefore, they would have 100 different passwords. Obviously, it is impossible to memorize such an enormous number of credentials. In addition, from time to time we require our employees to update their password to start the PC or access a particular software program. And what do they do? Choose the fastest and easiest option. 81% of users use the same password in different accounts and 36% reuse the password in more than 25% of their online accounts.

The solution to this problem is to set up a password manager for all employees. It is the easiest way to generate unique passwords for each account that have a high level of security. With it, employees will only need to remember one password, instead of one hundred.

Update, update, update

We can’t stress this enough.

Limit the number of security decisions your employees have to make. If the security team keeps systems and devices up to date, implements patches, and automatically downloads the latest malware databases, unnecessary risks will be avoided. This should be a mandatory practice, ensuring that employees have safe working tools and will not have to worry about supplementary tasks, nor receive constant alerts to update programs.

Use advanced cybersecurity measures

Employees are overexposed to security alerts, a situation that ultimately ends up becoming a little bit like the boy who cried wolf. Pages reminding them that their passwords are insecure, antiviruses that warn of the dangers of accessing a particular web page or downloading a certain file … The constant repetition of these warnings contributes to a feeling that nothing is safe anymore, so why bother? In the work environment, we can reduce that level of insecurity using tools that block an attack before it even occurs. Advanced cybersecurity solutions monitor the organization’s systems in real-time, detecting and stopping any suspicious behavior that could be harmful. Preventing the attack before it occurs will take some of the stress off of the employee and, in turn, reduce the security fatigue that is increasingly prevalent in our modern times.

The post 3 Ways to Minimize “Security Fatigue” Among Employees appeared first on Panda Security Mediacenter.

Read More

Post-vacation cybersecurity tuneup: Get your company ready!

panda-security-tips-companies

It’s that time of the year when most of us return to the stress of our jobs after having enjoyed a well-deserved summer vacation. But, if getting over the post-vacation blues is hard for anyone, for the members of the IT team it is a real nightmare: out-of-date computers, new software vulnerabilities, systems that do not work, organizational changes… It’s time to get ready for the situations you’ll have to face in the return to normality. And you better do it as thoroughly as possible to avoid risks. Here is a list of things you need to do in order to make sure that everything is in order.

Update

The first thing you must certainly do is update all systems, patch all applications, and download the latest malware signatures and security updates. This process is critical and must be completed immediately. You never know what may have happened during the time you’ve been on vacation.

Check your operating systems’ hardening status 

Hardening your computers’ operating systems is essential to keep your entire network safe. There are some differences between general and specific hardening. However, in both cases you must check that all necessary security measures are properly in place. And if you don’t have a hardening plan yet, now is the time to implement one.  Evaluate the possibility of unauthorized access, prevent user misuse, protect your network from known attack vectors, etc.

Review security rules with your network users

It is essential that your organization’s employees and other users are aware of the basic security protocols required to ensure network protection. Remind them of the need to comply with the company’s password policy, and ban the installation of non-corporate software on corporate computers. Reviewing all of these security aspects and procedures with your employees will save you from future headaches.

Use a centralized security tool

The best security solution for your business is a centralized defense system that allows you to monitor your network in real time, make decisions, and take immediate action. With Panda Endpoint Protection, you’ll be able to keep your company safe from a single, centralized, cloud-based console, across all platforms and with minimal resource consumption.

Monitor your networks

Having a good intrusion detection system (IDS) is crucial. Intrusion detection systems inspect network traffic thoroughly, comparing it against identifiers of known attacks and suspicious behavior. Check the HIDS system deployed to your customers and your network IDS to make sure that everything is in order.

Check your firewall rules

Having a good firewall is essential too. Hardware firewalls are great allies, but perimeter protection rules must be regularly checked and updated. Some security solutions, such as Panda Adaptive Defense, allow organizations to monitor connections efficiently and automatically, maximizing efficiency and minimizing efforts.

ISO 27001, your best ally

ISO/IEC 27001 is an information security management standard that specifies all the directives you must follow to keep your corporate network safe. Regardless of whether or not you apply for the certification, the ISO standard can be used to check that you comply with every single safety procedure required to ensure that your systems are operating properly. The aforementioned recommendations are just a summary of the directives included in the ISO standard, which covers all of the above and much more. Faithfully following all these recommendations may seem difficult, but it is definitely the best starting point to make sure your business runs smoothly. And what better time to do this than now that you have just returned to work charged up after your vacation?

The post Post-vacation cybersecurity tuneup: Get your company ready! appeared first on Panda Security Mediacenter.

Read More

Cyber Security Tips for Parents and Children

cyber security tips for children

How to protect your children from cyber threats

The summer just gracefully glanced over our lives, and now it is time for things to get back to normal – we will soon start feeling the cold breeze and the days will become shorter. Even though that the good old days of casual dress code in the office are now gone, being back to reality has some positives too. Lots of quality TV shows such as The Big Bang Theory and Gotham will be back on the small screen, and your house will become less noisy as the little, and sometimes not so little, bundles of joy will be going back to school. As parents, it is our duty to keep our children safe. One of the ways to protect them from cyber threats is to educate them about the dangers and give them some advice on how to be alert and avoid becoming a victim.

Similar to the well-known parents advise such as to never get into a stranger’s car and to always cross on green, we need to remind our children that irresponsible behavior on their PC or wireless devices, is equally as bad as crossing a street on a red light. Every kid with access to a tablet, cell phone or a computer needs to be aware of how to use them safely. Even though they may not fully understand the fact that using these devices makes them vulnerable, you need to talk to your children about some of the dangers and discuss possible ways to prevent them from happening. The time before they get back to school is perfect for such a conversation.

Here are a few tips worth mentioning;

  • Keeping passwords safe

    Tell your kids always to be cautious when they are using passwords in school/college. Make them aware that people could steal their password by shoulder peeking. Give them an example, tell them to imagine how they would feel if someone starts posting nonsense from their profile on social media only because he/she knows their password. Advise them to make sure no one is watching them when entering a password. Tell them not to share their passwords with anyone!

  • Locking and logging off

    Things can go wrong if students do not log off from a computer at school after using it. If they do not log off, the next person who will be using the same PC may end up intentionally or unintentionally tampering with their work. Tell your kids that it would be a real waste if they’ve worked so hard on a project or a painting, and suddenly everything gets messed up simply because they forgot to lock or log off from their computer.

  • Password changing

    As you know, databases are sometimes not well protected and get compromised. The best way to deal with the ongoing problem is to change passwords often. Remind your kids that changing their passwords at least once every three months is important for them. Make it like a fun game and get them to want to change their passwords even if they don’t do it because of the dangers, but because it is fun. Tell them they can use a funny password such as ‘BieberLikesBananaz12%’.

  • Report cyber bullying

    A quick reminder about the existence of cyber bullying is a must before sending the little ones back to school. Remind them how to notice it and report it. Cyber bullying could be destructive for children of all ages. Tell them not to engage with anyone who they do not know in real life and to tell you if anything abnormal happens with the ones they know. You can use various tools to exercise parental control too. And if you spot something disturbing, do not press the WW3 button but pull quietly them away from the harmful content or friendship. You want your children to trust you!

  • Be aware of belongings

    Stress on the fact that devices can be tampered with and children should not leave them around. Youngsters need always to keep their devices securely locked. Tell them that if they don’t take care of their belongings, you will not buy them new ones. Get them to imagine how long and exhausting will be the months without a phone or a tablet should they end up not taking good care of it.

When you are a parent, some of the things that you do to remain protected are as obvious and as natural as breathing. However, kids from all ages might not have experienced the bad side of technology yet, and things may not feel as natural to them. While you can proudly say kids are tech savvy, they are not necessarily experienced enough to be safe and to be left on their own.
Before you send them back to school, make sure the OS of their devices are fully up-to-date and have stable anti-virus software. It not only protects their devices but quality antivirus software comes with parental control options that give you more freedom to monitor their online behavior safely and from distance.

The post Cyber Security Tips for Parents and Children appeared first on Panda Security Mediacenter.

Read More

Back to School with Cybersecurity on our Minds

The multitude of devices that have entered our lives over the past decade have also entered the classroom, and the security issues we face every day are just as real in the school as they are in our homes or businesses. Tablets, computers, even smartwatches can be useful educational tools, but the personal data that they store, belonging to students and teachers alike, can be a major liability. As we prepare to go back to school, how can educational institutions protect their data and guarantee the security of their students and faculty?

The Risks of Flunking Cybersecurity

According to Verizon’s 2017 Data Breach Investigations Report, there were 455 security incidents in the US education sector last year. This sector has greater exposure and a crucial responsibility as schools handle a large amount of personally identifiable information, including financial and credit card data. According to the report, more than half of these incidents resulted in the disclosure of personal data — belonging to both students and employees — while just over a quarter resulted in the publication materials subject to intellectual property.

In January of this year, a phishing attack on the Manatee County School District led to the disclosure of names, addresses, salaries, and social security numbers from more than 7,700 employees. More recently, the WannaCry ransomware affected schools and universities in China, negatively impacting hundreds of institutions, including Beijing University and Tsinghua University. According to Chinese media, students had important data encrypted or wiped, including thesis files and other important work that could impair their ability to graduate.

However, the risk goes beyond endangering academic or financial information. There are plenty of other areas associated with these institutions that can be targeted by cybercriminals. Some colleges and universities have their own affiliated medical centers and hospitals, which means that medical records and confidential patient information have also been endangered. Even university admissions processes are vulnerable to external manipulation by cyberattacks.

In terms of security, educational institutions face some very basic problems, such as a lack of funding. With the need for continuous maintenance, implementing advanced cybersecurity programs can be very costly. However, it is vitally important to change our mentality regarding the money we invest in cybersecurity. Given the invaluable data at stake, security should be a priority, no matter the initial costs.

Back to School: How to Pass the Cybersecurity Test

At present, the risks of data being exposed to threat actors are still very real, and it is paramount that any type of institution has a detailed plan to address the hazards it may face. To develop this plan, colleges and universities should consult companies providing cybersecurity and monitoring services to ensure their students, teachers and employees are protected. Cybersecurity professionals will help to devise preventive policies and response methods to alleviate the effects of a possible cyberattack on the institution.

Panda Security recommends implementing this series of measures:

  • Educate employees and students to raise awareness about security and encourage them to report suspicious activity such as phishing. Training and reporting is a very relevant first step, and often ignored.
  • Establish protocols to protect especially sensitive data. Limit access to and sharing of certain folders.
  • Require constant updates for user passwords, and combine this measurement with multifactor authentication for the school’s most important data.
  • Most of the computer attacks in China occurred because they were using pirated versions of Microsoft Windows. These versions do not receive the Microsoft update patches, and are therefore vulnerable to attacks that use exploits. It is always recommended to use secure and official versions of software.
  • Implement advanced cybersecurity solutions, tailored to the specific needs of the education sector, with detection and rapid remediation capabilities.
  • Develop a response plan and test it regularly to ensure that the institution is prepared for any kind of attack, just as physical training is often carried out in such educational institutions to prepare for the possibility of earthquakes, tornadoes, fires, etc.

The post Back to School with Cybersecurity on our Minds appeared first on Panda Security Mediacenter.

Read More