Blog

CNERIS.COM

CNERIS.COM

Hello, I’m Xiaoju, a code cub without feelings.

I’d like to recommend one to you todayShip NEWNew wechat applet component library:If it’s a brother, use it!

BRIEF INTRODUCTION

Tuesday, 25 May 2021 14:10

WECHAT FAQ, TIPS, AND HOW-TO’S

What is WeChat Out?

WeChat Out is a VoIP feature designed by WeChat to help users call mobile and landlines around the globe at low rates. WeChat Out is only available for users outside Mainland China. Currently, the feature is on live in the United States, Hong Kong, India, Italy, Macau, Thailand, Laos, Malaysia, Singapore, Australia, Myanmar, Saudi Arabia, Vietnam and under test in some other countries and regions. We will cover more regions in the near future.

However, this service is not available in Canada.

 

How do I use a group QR Code?

1- Share Group QR Code

A maximum of 100 users can scan a group QR Code to join a group, including users that the group owner previously invited to the group. When there is 100 members in the group chat, you can’t join the group by scanning the group QR Code.

2- View/Send Group QR Code

Select a group chat and click the people icon on the top right to enter the detail screen. Click「Group QR Code」and tap the icon on the top right to select「Save to Phone」

 

What does the exclamation mark mean in my chats?

If an exclamation mark appears when you’re sending a message, it means that the message did no go through due to an unstable or unavailable network.

Please check your network settings and try again. To resend your message, tap the message with the exclamation point.

Should this issue persist, try changing your network access point (e.g. Wi-Fi) and send the message again.

 

How do I prevent someone from adding me through my WeChat ID?

By default, WeChat users will be able to add you to their list of contacts through your WeChat ID, QQ ID or mobile number.To prevent others from adding you via WeChat ID, follow the steps below:

  1. Head over to the “Me” tab and select 「Settings」. 
  2. Tap 「Privacy」and press into「Methods for Friending Me」.
  3. Select「WeChat ID」, toggle the button so that it is turned off

 

How to log in WeChat with my linked accounts if I forget my password?

If you’ve forgot your WeChat password but you’ve linked your mobile number, email address or QQ ID to your WeChat, you may troubleshoot the problem following the instructions below:

 

1- Log in via Mobile number and SMS code

 1) Tap More Options at the bottom of WeChat login page.

 2) Select Log in to Another Account.

 3) In the page of Login via Phone, select the region of the phone number, then enter the correct number.

 4) Tap Next, then tap Log in via SMS verification code in blue.

 5) Tap Send in blue, and you will receive a SMS verification code from WeChat, enter the SMS code and tap Log In.

 

2- Log in via linked email address and retrieved password 

 1) Tap More Options at the bottom of WeChat login page.

 2) Select Log in to Another Account.

 3) Tap Log in via WeChat ID/Email/QQ ID in blue.

 4) Tap Unable to Log In at the bottom of the page. 

 5) Tap Email linked, enter linked email address then tap Next.

 6) An email will be sent to your linked email address, follow the instructions in the email to reset password.

 7) Login WeChat by the flow: tap More Options at the bottom of login page > Log in to Another Account > Log in via WeChat ID/Email/QQ ID > enter your email address and new WeChat password > Log In

 

3- Log in via QQ ID and QQ password

 1) Tap More Options at the bottom of WeChat login page.

 2) Select Log in to Another Account.

 3) Tap Log in via WeChat ID/Email/QQ ID in blue.

 4) Enter the previously linked QQ ID and QQ password, then tap Log In.

Note: If you have forgotten your QQ password, you can retrieve your password by visiting aq.qq.com on a computer. 

 

Where can WeChat Pay MY Wallet be used? Which methods of payment are supported?

You can use WeChat Pay MY to make payments to online merchants on WeChat Pay MY wallet or offline outlets that accept WeChat Pay MY.

The details are as follows:

1- Paying an online merchant on WeChat Pay MY wallet: You can use your Wallet Balance or a Malaysian Visa/MasterCard bank card to make a payment when you visit a merchant’s official account on WeChat.

2- Quick Pay (with a payment code): Show your payment code to the merchant (“Me” -> “Wallet” -> “Quick Pay”) and the merchant scans the code with a scanner to complete the payment. At present, Quick Pay only supports payments with your Wallet Balance.

If you have further problems, please follow the Official Account of WeChat Pay MY (search “WeChat Pay MY” and select “follow” ). After successfully followed, enter the Official Account and select “Contact” -> “CS Team”, to view contact methods of Consumer Service Team and feedback your problems

 

What is the difference between Web WeChat and WeChat for Windows?

Web WeChat and WeChat for Windows are both designed to provide users with a convenient chatting platform to allow quick and convenient file transfers between mobile and PC.

They differ in the following aspects:

1- Web WeChat can be logged in to at http://web.wechat.com; It uses browser-based login method.

2- WeChat for Windows must be downloaded and installed on PC before using. It uses client-based login mode.

3- WeChat for Windows allows users to backup and restore their chat history, while Web WeChat currently doesn’t offer a backup and restore feature

Here is an interview with Christy Schumann on How to To Build a Strong Remote Work Culture

Christy Schumann is Toptal’s VP of Talent Operations responsible for matching some of the world’s greatest freelancers with companies who need their skills. She spent more than a decade in management and consulting at Bain & Company, before joining Rackspace as a general manager of its security business. Schumann earned her BSc in Computer Science and Electrical Engineering from MIT, as well as an MBA from Columbia Business School.

In an episode of The Talent Economy Podcast, she discusses her shift from an office environment to a fully distributed and remote company—and what it is like to lead a more than 100-strong team of colleagues working to match Fortune 500 companies, or well-funded startups, with some of the best talent in the world.

The interview was conducted by Paul Estes, editor-in-chief at Staffing.com and host of The Talent Economy Podcast.

What advice would you provide to other executives and managers who are trying to figure out how to run their teams as efficiently and as successfully as possible right now?

I think what many organizations are afraid of is that everything they know in the office doesn’t work in the remote environment. And the only thing I think I’ve really honed in on over the past few months, half a year or so, being at Toptal—being 100% remote—is many of the best practices that you should be practicing in the office apply when you’re remote. Organizational structures don’t have to change. They may appear flatter, because anyone and everyone communicates on Slack, but that doesn’t have to change.

You should, in the office, be managing team metrics. Your teams and team members, frontline— up, down, and across—should know what a good day looks like. They should have performance metrics and KPIs. All those things emphasized in a remote environment are really best practices that you should have in the office anyway. So, I would say, don’t be nervous. A lot of the things you know already apply. It just so happens that you’re talking over Zoom instead of being together in the same room.

For organizations, my greatest piece of advice would be to not be nervous. This whole remote working, the rise of the talent economy—it’s no longer the future of work, it is now. It is now more than ever, given the global current events that are happening today with COVID-19 and the sudden rise of remote. But don’t be nervous.”

Understanding the Basics

Which companies allow remote work?
There are many companies in the world that allow remote work or are fully remote. Some of the more well-known names include Toptal, GitHub, InVision, Hotjar.

What does it mean to work remotely?
To work remotely means that you can work from your home or a shared space with only a laptop and internet connection. It means that you do not have to commute to a particular place every day to perform your duties.

What are the disadvantages of remote work?
The disadvantages of remote work are related to your social life. Working remotely alone can be a very isolating experience, and thus, every remote worker needs to have a plan how to maintain a healthy social life.

What is culture in the workplace?
Culture in the workplace is a set of shared norms that all employees subscribe to during work time. Workplace culture creates a sense of community in which everyone is working toward the same goal.

What are the benefits of working remotely?
Benefits of remote work include time saved on commutes, flexibility of working hours, and fewer office distractions.

Tips for Building a Culture of Security Among Remote Employees

We highlighted the importance that making security a part of your organizational culture played in keeping your remote workforce secure during the COVID-19 pandemic. 

1. Security culture is inseparable from the values of your organization’s leadership

2. Employees must be made aware of how important security is to the organization and how it impacts their work

3. As you educate employees tie it into personal learning

4. Encourage employees to apply what they’ve learned

5. Build a security resource library



Source: Read the Full Interview at Toptal

In this tutorial, we will show you how to install CentOS Web Panel on CentOS 8. For those of you who didn’t know, CentOS Web Panel is a free alternative to cPanel and provides plenty of features and designed for a newbie who wants to build a working hosting server easily and to take control or manage his/her server all in an intuitive web interface without having to open an SSH console. CentOS Web Panel provides Apache, Varnish, suPHP & suExec, Mod Security, PHP version switcher, Postfix and Dovecot, MySQL Database Management, PhpMyAdmin, CSF Firewall, CageFS, SSL Certificates, FreeDNS (DNS server), and many more.

 

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of CentOS Web Panel on a CentOS 8 server.

 

Install CentOS Web Panel on CentOS 8

Step 1. First, let’s start by ensuring your system is up-to-date.

 

sudo dnf update

Step 2. Setup Hostname.

 

Login into your server as root and make sure to set the correct hostname:

 

hostnamectl set-hostname cwp.idroot.us

Step 3. Download and Installing CentOS Web Panel.

 

After setting hostname, now download script installation Centos Web panel using the following command:

 

cd /usr/local/src

wget http://centos-webpanel.com/cwp-el8-latest

sh cwp-el8-latest

The installation script will take some time to complete, and once it’s done you will be provided with an URL to access the panel and your MySQL root password.

 

#############################

#      CWP Installed        #

#############################

 

go to CentOS WebPanel Admin GUI at http://SERVER_IP:2030/

 

http://SERVER_IP:2030

SSL: https://SERVER_IP:2031

---------------------

Username: root

Password: YOUR_PASSWORD

MySQL root Password: MYSQL_PASSWORD

 

#########################################################

          CentOS Web Panel MailServer Installer          

#########################################################

SSL Cert name (hostname): cwp.idroot.us

SSL Cert file location /etc/pki/tls/ private|certs

#########################################################

 

visit for help: www.centos-webpanel.com

Write down login details and press ENTER for server reboot!

Press ENTER for server reboot!

If the system does not reboot automatically simply type “reboot” to reboot the server:

 

reboot

Step 4. Accessing the CentOS Web Panel.

 

CentOS Web Panel will be available on HTTPS port 2031 by default. Open your favorite browser and navigate to https://your-domain.com:2031 or https://server-ip-address:2030. Login to the panel using the system’s root account. You got the password in the previous step. If you are using a firewall, please open port 2030 to enable access to the control panel.

 

Congratulations! You have successfully installed CentOS Web Panel. Thanks for using this tutorial for installing CentOS Web Panel in CentOS 8 system. For additional help or useful information, we recommend you to check the official CentOS Web Panel website.

 

Source

4 Most Common Types of Cybersecurity Threats

There’s every indication that the pandemic is changing the nature of cybersecurity. Online threats are evolving to match our new remote-work paradigm, with 91% of businesses reporting an increase in cyberattacks during the coronavirus outbreak. 

Hackers are getting more and more sophisticated and targeted in their attacks. Many of these cyber threats have been around for a while, but they are becoming harder for the average user to detect. Beware of these four common types of cyber threats – and learn what you can do to prevent them. 

 

Advanced phishing attacks

Phishing takes place when a hacker tricks an individual into handing over information or exposing sensitive data using a link (with hidden malware) or a false email. These types of security threats are quite common, but in recent months they are becoming even more advanced. 

Microsoft’s recent survey of business leaders in four countries found that phishing threats are currently the biggest risk to security. Since March, 90% of those polled said that phishing attacks have impacted their organization, and 28% admitted that attackers had successfully phished their users. Recently, phishing emails have targeted enterprises to capture personal data and financial information using one of the following tactics: 

Posing as a provider of information about COVID-19 vaccines, PPE, and other health and sanitation supplies

Creating false “portals” for business owners to apply for government assistance and stimulus funds during the economic shutdown

Using download links for platforms and tools that help remote teams communicate, such as video conferencing 

Posing as “critical update” downloads for enterprise collaboration solutions, such as Microsoft OneDrive, and social media applications

Targeting IT service providers that ask for payment in order to provide tech support. 

Phishing is so effective because it can be very hard to recognize and targets individual people, rather than IT vulnerabilities. Yet, they are still ways to lower your risk of phishing. 

How to prevent phishing: The best chance to prevent phishing attacks is to educate your teams on what to look for in a phishing message. Poor spelling and grammar, as well as an email address that doesn’t match the user, are telling signs of a phishing message. If an offer seems too good to be true, it is a good sign you’re being scammed.  In addition to user education, you can add multi-factor authentication and other interventions to stop phishing messages from getting through. “Spam filters with sandboxing and DNS filtering are also essential security layers because they keep malicious emails from entering the network, and protect the user if they fall for the phishing attempt and end up clicking on a malicious hyperlink,” said one security expert told ZDNet.

 

Ransomware

Ransomware is a type of security threat that encrypts a victim’s files so they can’t access their information. The hacker then asks for a ransom – usually payment – to restore access and decrypt the user’s data. 

Perhaps the most notorious recent example of a ransomware attack is that of Garmin. In July, Garmin – a navigation and fitness wearables company – was hit by a ransomware attack that downed service for virtually every Garmin customer.  “Hackers deployed the ransomware tool WastedLocker, which encrypts key data on a company’s digital infrastructure,” reported Cyber Security Hub. “In the case of Garmin, website functions, customer support, and user applications were all affected. Unlike typical ransomware software, WastedLocker does not steal identifying information and hold it for ransom. Instead, it renders programs useless until decrypted.” Garmin reportedly paid $10 million for the decryption key to resume services after four days of outages. 

Garmin isn’t alone, however. There’s been a seven-fold increase in ransomware attacks this year targeting companies of all sizes. So, what can your organization do to protect itself?

How to prevent ransomware: First and foremost, it’s important to make sure your security protocols are kept airtight – and apply security patches as quickly as possible to prevent hackers from exploiting vulnerabilities. A tool like Nightfall can make it easier to maintain a strong defense, with AI monitoring your network for any issues. Multi-factor authentication can also prevent hackers from getting too far into your system. And, you should regularly back up your system so if a ransomware attack does happen, you’ll be able to recover some data. 

 

Password-based cyberattacks

A password-based cyberattack is one that targets users who have the same password for multiple sites. Research from the World Economic Forum found that 4 out of 5 global data breaches are caused by weak/stolen passwords. 

There are several different ways a hacker can infiltrate your system using a password-based cyberattack. The most common method is known as a brute force attack. This attack uses a computer program to try to login to a user’s account by trying all possible password combinations, starting with the most common and easiest to guess options – for instance, “1234” or “abcde”.  Sensitive data like passwords, credentials and secrets are in constant danger of exposure, especially as more companies conduct the majority of their business in the cloud. The highly collaborative and always-on nature of cloud services make it hard to enforce good password practices. Therefore, organizations need data loss prevention (DLP) to secure essential data from being exposed. 

How to prevent a password-based attack: make it easy for users and security teams alike to circumvent the risk of password attacks by implementing password-free authentication methods. This is a type of authentication that requires a user to confirm their identity during the login process through a separate channel. This extra step can also protect your workspace in case there’s any account compromised or if a device gets stolen. 

 

IoT and smart medical devices 

The internet of things makes life a lot easier – and also more open to bad actors. Connected devices are an increasingly popular target for cyber threats. In 2019, cyberattacks on IoT devices increased by 300%, according to one report. This includes attacks on everything from laptops and webcams to smart homes (like Google Nest), smart watches, routers, and other home appliances. 

Our personal devices aren’t the only things that are vulnerable. The Software Engineering Institute of Carnegie Mellon University reported, “As more devices are connected to hospital and clinic networks, patient data and information will be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient or disable vital sign monitoring.” Healthcare providers must also contend with protecting patient data. As many healthcare providers shift to remote work, they become an attractive target for hackers. Protected health information (PHI) must be kept safe during all cloud-based activities – yet many SaaS providers, including Slack, are not HIPAA-compliant right out of the box.

How to prevent IoT attacks: IoT attacks are sophisticated, and the best ways to protect your devices are to use strong passwords and keep your software up to date. Experts also suggest keeping your devices unlinked from social media.  Along with protecting your devices, look for a DLP partner who can protect your patient data while working on SaaS and IaaS platforms. Check out our coverage of instituting and maintaining HIPAA compliance on Slack and schedule a meeting below to learn more about how tools like Nightfall DLP play a role in keeping PHI safe.

 

This article was originally published at nightfall.ai

We highlighted the importance that making security a part of your organizational culture played in keeping your remote workforce secure during the COVID-19 pandemic. But what does that entail? In this post, we’re going to flesh out key steps that security teams and their leadership should take in order to make a strong culture of security a reality within their organizations.

1. Security culture is inseparable from the values of your organization’s leadership

Like any other organizational value, building a culture of security starts at the top. Invested stakeholders, usually starting with senior leadership, must cascade the types of cultural changes they wish to see by helping spearhead initiatives that will ultimately transform their organization. Although it is IT’s job to educate and engage with employees who break security policies and don’t follow security best practices, it would be very difficult for IT to function in an organization where leadership doesn’t embody the values needed to maintain a secure organization. 

While security teams and leadership have historically talked past one another, there is a growing understanding that leadership must play a role in fostering a culture of security by investing in security teams and setting the expectation that security is taken seriously across the entirety of the organization. Luckily, a growing number of security teams have found a common language to discuss these issues with the board and C-level executives – the language of business risk assessment and security performance benchmarking. When security leaders and business leaders speak the same language, it’s then that business leaders will begin to understand their role in shaping their organization’s security posture. This will motivate them to enshrine security as one of the organization’s core values and enable processes like best practices documentation and security education programs to play a critical role in employee onboarding and training. 

With this in mind, it might be challenging for organizations whose leaders don’t already appreciate the importance of security to adapt to the security challenges of remote work. Assuming these processes are in place within your organization, now is the time to update them to appropriately reflect the risks remote employees may encounter while working from home. However, if such processes are not in place, implementing them will obviously be a critical goal going forward.

2. Employees must be made aware of how important security is to the organization and how it impacts their work

Whether or not your organization has training and documentation in place, it’s a good idea to reiterate the significance of security best practices to employees through company wide communications channels and remote events like security discussions and training. This is especially true given that many employees are adopting new technologies to work and collaborate remotely while facing new and emerging types of malware and social engineering. Your aim as you educate employees is to remind them that security is critical to the health of the organization, and that the security risks they face effectively translate to job performance. Ultimately, an employee affected by a security incident will be unable to perform their duties making it very important for them to broadly grasp the types of cyber threats the organization faces. 

3. As you educate employees tie it into personal learning

good security education program effectively serves a workforce development function. Getting employees to see this will improve employee buy-in and make them more readily embrace security education. In addition to the previous point of tying security education to organizational health and improved job performance, you should also highlight that security education will make employees good digital citizens which will help them in their personal life and in future roles. To reflect this mindset, security teams should whenever applicable highlight when security lessons apply both on the job and off the job.

4. Encourage employees to apply what they’ve learned

Building and revamping security education programs for the remote work era is only half the battle. Getting employees to apply what they’ve learned by identifying and potentially stopping incidents is the ultimate goal. Comprehensive security education programs should often be paired with periodic simulations (like phishing tests) where employees can demonstrate their security savvy. Employees and departments that are successful in identifying real or simulated incidents should be recognized for doing so during performance reviews and evaluations.

5. Build a security resource library

Most of this post has focused on the nature of security education and awareness programs; however, documentation is an important resource for employees as well. Good onboarding documentation, like your employee handbook, is critical to setting the expectation that security is important. However, your organization should more generally provide other documation. In most cases this will take the form of a security resource library which should contain plain language summaries of company security policies, as well as descriptions of cyber risks relevant to your company. You might also choose to include learnings from previous security training in the form of videos or other interactive content. Finally, you’ll want to ensure you’ve assigned a stakeholder to maintain this library and encourage employees to review it periodically so that they can stay up to date on what they need to know to stay secure. 

If you already have such a resource, it’ll naturally be a great channel to provide employees with the lessons they’ll need to stay safe while working remotely. If not, it’s not too late to build one. You might find that some of your existing security content can readily be turned into materials to give remote employees the security insights they’ll need as they navigate the security risks of remote work.

This article was originally published at nightfall.ai

Sunday, 17 January 2021 16:47

CRM software for small businesses

Relationships between people form the key to any business, whether a multi-million dollar multinational mega-corporation or a small mom-and-pop. Businesses grow as those relationships develop, and today, there are powerful software packages to help you do just that. Known as Customer Relationship Management Software, or CRM, these Software as a Service (SaaS) packages aim to streamline every aspect of client management. No matter how small, if your company is looking to grow and expand, you may find that CRM provides a path forward.

 

What is CRM software

Only in existence for the past few decades, CRM software allows a company to analyze and manage its approach with past, present, and future clients. With a goal of overall customer growth, CRM software supplies companies with a cohesive, understandable way forward. Today’s CRM can also be used in tandem with social media, providing the necessary data to underpin advertising efforts and outreach opportunities. What do I need in my CRM software?

 

What should a small business look for in any potential CRM? What should a CRM software for small businesses provide?

Sales Reporting

Sales reporting is more than just a glorified version of the month’s receipts. A good sales report lets you track sales vs. inventory, monitor and improve your product design, and plan promotions and advertising efforts. Some CRM packages even offer Point of Sale systems as well, integrating the CRM directly with your shops and giving you even more data on current and potential sales.


Contact Organization

Your customers are already giving you their business; while you do need to keep customer retention in mind, the way forward for most companies requires outreach. Both customer retention and attracting new customers relies heavily on communication and advertising and reaching out to individuals that you otherwise might have missed.

 

That’s why the contact organization provided by your CRM software for small businesses comes in. The earliest CRM software was essentially a giant Rolodex, tracking contact information and little else. Today’s CRM does that same task, but with vastly more information. From email addresses to phone numbers, websites, and social media profiles, CRM provides a one-stop location for customer contact information.

 

Customer Segmentation

Lastly, customer segmentation offers you as a business owner the opportunity to break down who your customers are and how to focus on them. By determining what your customers like, where they’re located, and other information, you can better cater to their needs and in return receive repeat and new clients which leads to better growth.

 

So whats the best CRM Software for Small Businesses

Now that you know what CRM software for small businesses are and what they do, here are some of the best crm software for small businesses packages out there on the market today:

 

Capsule CRM

One of the older CRMs out on the market, Capsule is popular because of it’s simple and easy to understand pipeline. Usable on both web and mobile with a five group interface, Capsule only lacks information in reporting and functionality of campaigns.

 

Pipeliner CRM

If you’re looking to customize your sales pipeline, Pipeliner CRM is here for you. An all-in-one program, it can be customized to Mailchimp and other helpful third party apps. It does offer a real-time visual on tracking sales and necessary integrations with social networks.

 

Sugar CRM

Best for small businesses, Sugar allows for customization and automation, making your job even easier. If your brand needs to improve from previous experience, Sugar helps you provide a consistent experience, so your customers will always be guaranteed consistency.

 

FreshSales

Recently revamped for a new era, FreshSales offers AI-intelligence, plenty of built-in and automated programs, and the ability to find sales leads easily. With a clean and simple interface, FreshSales emphasized online consumer engagement. If you’re looking to learn more about your customers, FreshSales is extremely helpful.

 

Salesflare

Created for people who want automated programs with minimal fuss, Salesflare is predominantly based on automation freeing you up for more sales. It also offers the ability to see who contacted which customer, which leads to a unified team mindset. Overall, SalesFlare is excellent for growth and those who want to spend more time interacting with the consumer, whether you’re a medium or small business.

 

Pipedrive

Lastly, offering a personalized experience along with organization, Pipedrive caters specifically to small businesses. With the ability to offer a consistent and helpful experience every time, Pipedrive really emphasises the personal touch, which is evident in their email campaigns, and email and text templates. Additionally, an organized pipeline helps keep everything in place and in turn pushes the business growth forward.

Many small business owners have discovered that crm software for small businesses are an absolute necessity to help them stay on track. CRM allows small businesses to harvest and track a vast amount of information, giving them a growth pipeline that otherwise would require a large team of employees to create and manage.

CRM lets small businesses punch above their weight when it comes to data and client relations. Look around and decide which CRM is best for your small business.

 

Source: https://www.serchen.com/category/crm-software/Best-CRM-Software-Guide-for-Small-Businesses/

 

There’s every indication that the pandemic is changing the nature of cybersecurity. Online threats are evolving to match our new remote-work paradigm, with 91% of businesses reporting an increase in cyberattacks during the coronavirus outbreak. 

Hackers are getting more and more sophisticated and targeted in their attacks. Many of these cyber threats have been around for a while, but they are becoming harder for the average user to detect. Beware of these four common types of cyber threats – and learn what you can do to prevent them. 

Advanced phishing attacks

Phishing takes place when a hacker tricks an individual into handing over information or exposing sensitive data using a link (with hidden malware) or a false email. These types of security threats are quite common, but in recent months they are becoming even more advanced. 

Microsoft’s recent survey of business leaders in four countries found that phishing threats are currently the biggest risk to security. Since March, 90% of those polled said that phishing attacks have impacted their organization, and 28% admitted that attackers had successfully phished their users. Recently, phishing emails have targeted enterprises to capture personal data and financial information using one of the following tactics

  • Posing as a provider of information about COVID-19 vaccines, PPE, and other health and sanitation supplies
  • Creating false “portals” for business owners to apply for government assistance and stimulus funds during the economic shutdown
  • Using download links for platforms and tools that help remote teams communicate, such as video conferencing 
  • Posing as “critical update” downloads for enterprise collaboration solutions, such as Microsoft OneDrive, and social media applications
  • Targeting IT service providers that ask for payment in order to provide tech support. 

Phishing is so effective because it can be very hard to recognize and targets individual people, rather than IT vulnerabilities. Yet, they are still ways to lower your risk of phishing. 

How to prevent phishing: The best chance to prevent phishing attacks is to educate your teams on what to look for in a phishing message. Poor spelling and grammar, as well as an email address that doesn’t match the user, are telling signs of a phishing message. If an offer seems too good to be true, it is a good sign you’re being scammed.  In addition to user education, you can add multi-factor authentication and other interventions to stop phishing messages from getting through. “Spam filters with sandboxing and DNS filtering are also essential security layers because they keep malicious emails from entering the network, and protect the user if they fall for the phishing attempt and end up clicking on a malicious hyperlink,” said one security expert told ZDNet.

Ransomware

Ransomware is a type of security threat that encrypts a victim’s files so they can’t access their information. The hacker then asks for a ransom – usually payment – to restore access and decrypt the user’s data. 

Perhaps the most notorious recent example of a ransomware attack is that of Garmin. In July, Garmin – a navigation and fitness wearables company – was hit by a ransomware attack that downed service for virtually every Garmin customer.  “Hackers deployed the ransomware tool WastedLocker, which encrypts key data on a company’s digital infrastructure,” reported Cyber Security Hub. “In the case of Garmin, website functions, customer support, and user applications were all affected. Unlike typical ransomware software, WastedLocker does not steal identifying information and hold it for ransom. Instead, it renders programs useless until decrypted.” Garmin reportedly paid $10 million for the decryption key to resume services after four days of outages. 

Garmin isn’t alone, however. There’s been a seven-fold increase in ransomware attacks this year targeting companies of all sizes. So, what can your organization do to protect itself?

How to prevent ransomware: First and foremost, it’s important to make sure your security protocols are kept airtight – and apply security patches as quickly as possible to prevent hackers from exploiting vulnerabilities. A tool like Nightfall can make it easier to maintain a strong defense, with AI monitoring your network for any issues. Multi-factor authentication can also prevent hackers from getting too far into your system. And, you should regularly back up your system so if a ransomware attack does happen, you’ll be able to recover some data. 

Password-based cyberattacks

password-based cyberattack is one that targets users who have the same password for multiple sites. Research from the World Economic Forum found that 4 out of 5 global data breaches are caused by weak/stolen passwords. 

There are several different ways a hacker can infiltrate your system using a password-based cyberattack. The most common method is known as a brute force attack. This attack uses a computer program to try to login to a user’s account by trying all possible password combinations, starting with the most common and easiest to guess options – for instance, “1234” or “abcde”.  Sensitive data like passwords, credentials and secrets are in constant danger of exposure, especially as more companies conduct the majority of their business in the cloud. The highly collaborative and always-on nature of cloud services make it hard to enforce good password practices. Therefore, organizations need data loss prevention (DLP) to secure essential data from being exposed. 

How to prevent a password-based attack: make it easy for users and security teams alike to circumvent the risk of password attacks by implementing password-free authentication methods. This is a type of authentication that requires a user to confirm their identity during the login process through a separate channel. This extra step can also protect your workspace in case there’s any account compromised or if a device gets stolen. 

IoT and smart medical devices 

The internet of things makes life a lot easier – and also more open to bad actors. Connected devices are an increasingly popular target for cyber threats. In 2019, cyberattacks on IoT devices increased by 300%, according to one report. This includes attacks on everything from laptops and webcams to smart homes (like Google Nest), smart watches, routers, and other home appliances. 

Our personal devices aren’t the only things that are vulnerable. The Software Engineering Institute of Carnegie Mellon University reported, “As more devices are connected to hospital and clinic networks, patient data and information will be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient or disable vital sign monitoring.” Healthcare providers must also contend with protecting patient data. As many healthcare providers shift to remote work, they become an attractive target for hackers. Protected health information (PHI) must be kept safe during all cloud-based activities – yet many SaaS providers, including Slack, are not HIPAA-compliant right out of the box.

How to prevent IoT attacks: IoT attacks are sophisticated, and the best ways to protect your devices are to use strong passwords and keep your software up to date. Experts also suggest keeping your devices unlinked from social media Along with protecting your devices, look for a DLP partner who can protect your patient data while working on SaaS and IaaS platforms. Check out our coverage of instituting and maintaining HIPAA compliance on Slack and schedule a meeting below to learn more about how tools like Nightfall DLP play a role in keeping PHI safe.

Source: https://nightfall.ai/resources/4-most-common-types-of-cybersecurity-threats/

 

Monday, 21 December 2020 22:22

Best password managers of 2020

Our password manager reviews are the result of over 40 hours of research on 140+ password manager companies from across the web. These reviews and our password manager guide help small businesses and startups find the best password manager for their business.

HOW WE CHOSE THE BEST PASSWORD MANAGERS

Dozens of password managers are available to help you manage passwords for your personal and business accounts. Every provider touts a variety of features and services, making it difficult to determine which one is the best fit for your needs. To make it easier to choose the right one, we evaluated password managers based on what’s most important.

SECURITY

Security is the most important criteria when choosing a password manager because you’ll be using the tool to store your account credentials. We looked for password managers with the highest level of encryption available, along with secure password generators and password reports to let you know if your passwords are too weak, have been reused on multiple sites or have been compromised. We also checked to see if each password manager works with biometric authentication, which adds an extra layer of security when logging in to your accounts.

DEVICE COMPATIBILITY

Compatibility across a wide range of devices is important because many people use mobile devices and tablets to log in to their online accounts. We reviewed each password manager to determine if it’s compatible with the most common operating systems, browsers, and mobile platforms.

UNLIMITED STORAGE

Storage capacity is critical if you have many online accounts, so we prioritized services with unlimited password management. With so many people signing up for email, streaming services, online banking and other online services, it’s easy for one person to have dozens of accounts to manage. A password manager with unlimited storage makes it possible to keep them all secure.

ADDED FEATURES

Extra features can make it even easier to manage passwords and share credentials with trusted family members or colleagues. We looked for password managers that offer password audit tools and password sharing.

THE 20 BEST PASSWORD MANAGERS OF 2020

1PASSWORD

1Password Logo
1Password offers individual and family accounts with 256-bit AES encryption to prevent unauthorized access to your accounts. The built-in password generator enables users to automatically create secure passwords, and the automatic form-filling function eliminates the need to fill in form fields manually.

1Password also offers biometric authentication, which enhances security by requiring a unique identifier before anyone can log in to your account. Another important security feature is the password report, which informs you if a password is weak or has been compromised. Individual and family accounts also include automatic syncing and password sharing.

Automatic syncing updates data changes across every device, ensuring that you always have access to your current passwords. Password sharing also makes it possible for trusted contacts to log in to shared accounts without seeing your credentials. Both versions work with unlimited devices and are compatible with multiple platforms, making it easy to manage passwords on a desktop computer, laptop, tablet, or smartphone.

Pros and Cons of 1Password

What Customers Are Saying
Users love that 1Password is dedicated to keeping their data safe. One user writes, “The attention to detail when it comes to 1Password’s security is incredible.” 1Password also receives praise for how easy it is to use. The interface is intuitive, and it’s easy to organize dozens of passwords.


BITWARDEN

Bitwarden Logo
Bitwarden offers a free version for personal use as well as team and enterprise accounts with additional options for business users. The free account can be used on two devices at a time, and the team and enterprise accounts work on unlimited devices. Storage capacity also depends on whether you use the free version or a paid version; the free version stores up to 50 passwords while the paid versions have unlimited password storage.

To keep your data secure, Bitwarden uses 256-bit AES encryption and offers a secure password generator to help you generate strong passwords that are difficult for hackers to guess. Users also have access to a tool that identifies weak passwords. Additional features include device syncing, password sharing, and automatic form-filling. Bitwarden is compatible with multiple platforms and devices, including the Android and iOS mobile platforms, making it possible to manage passwords at home, in the office, or on the go.

Pros and Cons of Bitwarden

What Customers Are Saying
Bitwarden customers love how easy it is to manage passwords across multiple devices. One user reports that there are plugins for “Firefox, Chrome, Safari, Opera, Edge, Vivaldi and Tor Browser,” while another comments that creating secure passwords is “easily accomplished” with Bitwarden. Users also appreciate the clean, uncluttered interface.


DASHLANE

Dashlane Logo
Dashlane offers free and paid accounts with a wide range of features. The free account works with one device and stores up to 50 passwords, but the paid options offer unlimited password storage on an unlimited number of devices. Dashlane protects user data with 256-bit AES encryption, which is the industry standard for preventing unauthorized access to online accounts. It also includes a secure password generator to help users create strong passwords that are difficult for hackers to guess.

This password manager also has a tool that conducts password audits and lets you know if your passwords are vulnerable to brute-force attacks. Users can also use the password tool to determine if their passwords have been reused. Dashlane also offers data syncing across multiple devices, an automatic form-filling function and password sharing, which enables users to give trusted individuals access to their online accounts without revealing their usernames and passwords.

Pros and Cons of Dashlane

What Customers Are Saying
Dashlane is well-regarded for its intuitive user interface and premium features. One reviewer writes that Dashlane is “well-designed and well-executed,” making it easy to start managing passwords immediately. Dashlane has also been praised for offering additional security features, such as VPN protection and automatic scans of the Dark Web.


ENPASS

Enpass Logo
Enpass offers a free version as well as a paid subscription that costs just $0.50 per month. For $41, users can also upgrade to a lifetime subscription. The free account stores up to 25 passwords and works on one device, while the premium version stores unlimited passwords and works with an unlimited number of devices.

In terms of security, Enpass uses industry-standard 256-bit AES encryption to prevent unauthorized access to user credentials. Enpass also supports biometric authentication, has a secure password generator and offers a password audit tool that helps users create strong passwords that aren’t as vulnerable to hacking attempts as weak passwords are. For users who want to share accounts with friends and family members, Enpass offers password sharing, which makes it possible to allow other people to log in to streaming services and other online accounts without having access to the account credentials.

Pros and Cons of Enpass

What Customers Are Saying
Enpass receives high marks for security, with one user commenting that his favorite feature is that “my data is all stored securely and encrypted locally,” which means no one at Enpass ever sees your passwords. Users also praise Enpass for seamless syncing between desktop and mobile devices.


F-SECURE

F-Secure Logo
F-Secure offers a single paid version priced at €29.90 per year for unlimited password storage. The password manager also works with a wide range of platforms and devices, including laptops, smartphones, and tablets. To protect user credentials against unauthorized access, F-Secure uses 256-bit AES encryption and supports the use of biometric authentication, which uses a unique identifier to verify a user’s identity before allowing access to any accounts. The built-in password report highlights potential security flaws, alerting users when their passwords aren’t strong enough to resist brute-force attacks by hackers.

F-Secure also offers automatic form-filling, which saves users time when they log in to websites and mobile applications. Additional features include a secure password generator and automatic syncing across multiple devices. F-Secure doesn’t offer password sharing, however. F-Secure works with the Mac, Windows and Linux operating systems, the iOS and Android mobile platforms and the Safari, Opera, Edge, Chrome, Firefox and Internet Explorer browsers.

Pros and Cons of F-Secure

What Customers Are Saying
F-Secure performed well in third-party tests, making users feel confident in its ability to keep their passwords secure. One reviewer commented that F-Secure performed well in antimalware tests and “includes special protection for banking sites…to foil man-in-the-middle and other attacks.” F-Secure also receives high praise for its parental controls.


INTUITIVE PASSWORD

Intuitive-Password Logo
Intuitive Password offers a free version and three paid plans: Express, Advanced and Pro. The cost of a paid plan ranges from AUD $2 to $7 per month for access to features such as syncing across multiple devices and unlimited password storage. The free version offers limited storage and only works with one device. Several security features protect user data from unauthorized access, including AES-256 encryption and a secure password generator that helps users choose strong passwords. Intuitive Password also supports biometric authentication for added security, reducing the risk of third-party access to account credentials.

Password sharing enables users to give account access to trusted contacts without revealing their usernames and passwords, making it easier to use shared streaming accounts, online banking services and other online resources. Intuitive Password also offers automatic form-filling, which reduces the amount of time spent typing usernames and passwords into online forms.

Pros and Cons of Intuitive Password

What Customers Are Saying
Users appreciate the high level of security offered by Intuitive Password. One user comments that Intuitive Password’s “robust options go beyond the basics” to protect user data. Users also claim that Intuitive Password offers more two-factor authentication options than many of its competitors, making it even more difficult for third parties to gain access.


KASPERSKY PASSWORD MANAGER

Kaspersky-Password-Manager Logo
Kaspersky Password Manager offers a free version that offers unlimited password storage and works with a single device. The paid version, which costs $14 per year, also offers unlimited storage, but it works with an unlimited number of devices. AES-256 encryption protects user data by adding extra characters to online credentials, making it difficult for hackers to guess your password or crack it with an algorithm. Like many password managers, Kaspersky Password Manager is also compatible with biometric authentication for added security.

Kaspersky Password Manager allows premium users to sync across multiple devices, including tablets, smartphones and computers. This tool also works with a variety of browsers, including Chrome, Safari, Firefox, Opera, Edge and Internet Explorer. One potential drawback of Kaspersky Password Manager is that it doesn’t offer password sharing, which may cause users who want to share accounts to give out their usernames and passwords, making their data a little less secure.

Pros and Cons of Kaspersky Password Manager

What Customers Are Saying
Users often comment on the tool’s advanced security features, such as the ability to encrypt image files. Kaspersky also receives high marks for its visually appealing user interface. One reviewer praises Kaspersky for its “effective design, with a pleasing green, white, and gray color scheme and clearly outlined elements.”


KEEPASS

KeePass Logo
KeePass is an open-source password manager that’s a little different from traditional password-management tools. They use the Advanced Encryption Standard (AES) and the Twofish algorithm to encrypt their password databases. These algorithms are highly secure — AES is even approved by the National Security Agency for top secret information.

KeePass also offers a secure password generator, a password report that alerts users when their passwords should be stronger and support biometric authentication. What sets KeePass apart from many of the other password managers on the market is that it’s free for life. Many free versions have limited features, but KeePass users have access to unlimited storage and can use the password manager on an unlimited number of devices. KeePass also makes it easy to import passwords from other sources, which can reduce the amount of time it takes to set up.

Pros and Cons of KeePass

What Customers Are Saying
Customers love KeePass for its strong commitment to security. The password manager has received several certifications from international authorities for its commitment to security. One reviewer says KeePass only stores “the minimum [amount of data] needed to make the site function,” giving users additional peace of mind.


KEEPASSXC

KeePassXC Logo
Like KeePass, KeePassXC is an open-source password manager that offers a variety of features for free. This version of KeePass uses AES-256 encryption, which is the industry standard for protecting user accounts from unauthorized access. KeePassXC also offers unlimited password storage at no cost to users.

In addition to AES-256 encryption, KeePassXC has several features to enhance the security of a user’s accounts. One is support for biometric authentication, which requires the user to provide a fingerprint or other unique identifier to gain access to any credentials. Another is a secure password generator, which helps users avoid choosing weak passwords. KeePassXC also has a password report that points out potential problems with existing credentials.

Although KeePassXC doesn’t offer password sharing, it does include device syncing and automatic form-filling for the user’s convenience. KeePassXC works with Windows, Mac and the Chrome, Vivaldi, Chromium and Firefox browsers, but it’s not compatible with mobile platforms like iOS and Android.

Pros and Cons of KeePassXC

What Customers Are Saying
Users love that KeePassXC is an open-source solution to password management. One user raved, “If you want total control over your sensitive data, this is for you.” Customers also appreciate the option to sync data with Dropbox, flash drive and other tools, which isn’t offered by many other password managers.


KEEPER

Keeper offers a free version of its password manager as well as a paid version that costs $1.66 to $4.99 per month depending on the type of account selected. The free and paid versions work on an unlimited number of devices and have no limit on the number of passwords that can be stored. Keeper also has a number of standard security features, including 256-AES encryption, support for biometric authentication and a secure password generator that makes it easier to create strong passwords.

For users who want to share account access without giving out their usernames and passwords, Keeper also offers password sharing. When a password is shared with a trusted individual, that person can log in to the account without knowing the user’s credentials. Syncing across devices also ensures that users always have access to their current credentials. Keeper works with desktop and mobile platforms, giving users additional flexibility.

Pros and Cons of Keeper

What Customers Are Saying
Users rave about Keeper’s cross-platform compatibility, with one reviewer writing that Keeper “delivers an excellent experience across a ton of platforms and browsers.” Customers also appreciate Keeper’s secure password generator, which one reviewer claims can increase productivity by “cutting out the time and frustration of remembering or resetting passwords.”


LASTPASS

LastPass Logo
LastPass has a free version that offers password storage on an unlimited number of devices. What makes LastPass stand out is that it has a package designed for families. This family account costs $4 per month and comes with six Premium licenses to make it easier for family members to share passwords.

LastPass also takes security seriously, offering 256-AES encryption, support for biometric authentication and a password audit tool to alert users if their passwords are weak. The secure password generator offers extra protection against unauthorized account access by making it easier for users to create strong passwords. LastPass also offers automatic form-filling and syncing across multiple devices to help users save time and avoid having to make manual updates when they switch from a computer to a mobile device. This password manager works with a variety of platforms and devices, including iOS and Android.

Pros and Cons of LastPass

What Customers Are Saying
Users appreciate the availability of a “feature-rich” free account that offers unlimited storage on a single device. LastPass also offers “many ways to trigger account recovery,” which makes it possible to access your account even if you forget your master password. Most password managers have no account recovery options.


LOGMEONCE

LogMeOnce offers a free version and three premium versions: Pro, Ultimate and Family, which range in price from $2.50 per month to $4.99 per month. The free version offers unlimited password storage, but it only works on one device. Users who upgrade can use LogMeOnce with an unlimited number of devices. The Ultimate and Pro plans have similar features, but the Ultimate plan offers 10GB of encrypted storage compared to the 1GB of encrypted storage included with the Pro Plan.

LogMeOnce keeps user data secure with AES-256 encryption, a secure password generator and support for biometric authentication. This password manager also has an audit tool to help users determine if they need to make their passwords stronger. LogMeOnce works with the Mac, Windows and Linux operating systems, the Chrome, Firefox, Opera, Edge, Safari and Internet explorer browsers and the iOS and Android mobile platforms.

Pros and Cons of LogMeOnce

What Customers Are Saying
Customers love that LogMeOnce offers proprietary features that aren’t available with other password managers. One user even commented that LogMeOnce “has one of the most impressive lineups of features on the market.” Users also appreciate how easy it is to import passwords into LogMeOnce from other sources.


NORDPASS

NordPass Logo
NordPass offers a free version and a premium version that costs $2.49 per month. Both versions offer unlimited password storage, but the free version works on one device, while the premium version works on up to six devices at a time. NordPass protects user data with a XChaCha20 algorithm, which makes it more difficult for hackers to use algorithms to decrypt usernames and passwords. This password manager also supports biometric authentication and offers a secure password generator to help users strengthen their credentials.

Many password managers aren’t compatible with Linux, but NordPass is, giving users more control over their online credentials. NordPass also offers password sharing and automatic syncing across multiple devices. Automatic syncing means that password changes are updated immediately, eliminating the need for users to make manual changes, while password sharing enables account owners to grant access to their online accounts without sharing their credentials.

Pros and Cons of NordPass

What Customers Are Saying
NordPass users love the tool’s easy-to-use interface, which has an intuitive design that makes it easy to start managing passwords, even for users with little technical experience. Customers have also commented on the affordability of the NordPass tool, with one reviewer commenting that it’s a “budget-friendly” solution for managing online credentials.


>PASSWORD BOSS

Password Boss offers three versions of its password-management tool: a free version with unlimited password storage on one device, a premium version that costs $2.50 per user per month and a family version that costs $4 per month. The family and premium versions both offer unlimited password storage across an unlimited number of devices.

This password manager works with MacOS, Linux, Windows, iOS, Android, Chrome, Firefox, Safari, Edge, Opera and Internet Explorer, making it possible for families or business users to use Password Boss without having to upgrade their devices or download different browsers. Password Boss uses 256-bit AES encryption to protect personal data, has a password audit tool to make users aware of flaws in their existing passwords and offers a secure password generator for added convenience. Automatic form-filling, device syncing and password sharing are also available with the free and paid versions of Password Boss.

Pros and Cons of Password Boss

What Customers Are Saying
Password Boss has a reputation for being easy to use and having an intuitive user interface, prompting one reviewer to state that the password manager is “extremely easy to use.” Password Boss also receives high ratings for reliability, with one user writing that “you can hardly find any flaws in the program.”


REMEMBEAR

RememBear Logo
RememBear has a free version, which works with one device, and a premium version, which costs $3 per month and works with an unlimited number of devices. What makes RememBear a little different from other password managers is that animated bears appear when account owners use certain functions. RememBear also offers automatic form-filling and syncing across multiple devices.

This password manager uses AES-256 encryption to prevent unauthorized account access, helps users create strong passwords with a secure password generator and has an auditing tool that points out potential problems with users’ current credentials. The password auditor alerts users when they should change their passwords to make them stronger, enhancing online security. In terms of compatibility, RememBear works with many platforms and browsers, including the iOS and Android mobile operating systems. It’s important to note that RememBear doesn’t offer password sharing, even with a premium account.

Pros and Cons of RememBear

What Customers Are Saying
RememBear is known for its well-designed user interface, which prompted one reviewer to praise the “excellently designed UI and UX.” Users also love the animated bears that appear when it’s time to capture new passwords, sync updates across multiple devices and perform RememBear’s many built-in functions.


ROBOFORM

RoboForm Logo
RoboForm was one of the earliest password managers on the market. Since its early days as a form-filling tool, RoboForm has added many additional features, including unlimited password storage for both free and paid accounts, a secure password generator, password sharing and device syncing for premium accounts. Like many of its competitors, RoboForm uses AES-256 encryption to safeguard users’ personal data. It also offers a password audit tool to help users understand how they can improve their online security.

RoboForm has a free version, a premium individual version priced at $23.88 per year and a family version priced at $47.75 per year. The free version offers unlimited password storage on an unlimited number of devices, but it omits some of the features available with premium plans, such as device syncing, cloud backup, two-factor authentication and priority 24/7 support. RoboForm works with six browsers, three computer operating systems and two mobile platforms.

Pros and Cons of RoboForm

What Customers Are Saying
Customers love how easy it is to set up RoboForm and start using it immediately. One user writes, “I find it easy to set up and then let Robo do its job. It’s so nice not to fill in all the info.” Customers also report a positive experience with RoboForm’s audit tool.


SPLASHID

SplashID offers a variety of features to keep data secure and make password management more convenient. This password manager has a security dashboard, which is similar to the password auditing tool offered by many of its competitors. The dashboard gives users feedback on the security of their stored credentials, highlighting weak passwords and other potential security issues. Two versions of SplashID are available: a free version that works with one device and a premium version that works with an unlimited number of devices at a price of $1.99 per month. Both versions offer unlimited password storage.

To keep user credentials secure, SplashID uses AES-256 encryption and gives users access to a secure password generator. It also offers device syncing for premium users, an automatic form-filling function and password sharing. The intuitive interface makes it easy to set up SplashID and start using it right away, even if a user has little technical knowledge.

Pros and Cons of SplashID

What Customers Are Saying
Customers praise SplashID for its strong security features, prompting one user to write, “All the credentials are encrypted and safe.” SplashID also has a strong reputation for having an elegant user interface that’s easy to use. Based on these features, SplashID has been called a “must-have productivity improvement tool.”


STICKY PASSWORD

Sticky-Password Logo
Sticky Password offers free and paid accounts, all of which come with unlimited password storage. The premium version offers access to additional features, such as syncing across multiple devices, password sharing and automatic backups. What makes Sticky Password unique is that the company takes a percentage of the proceeds from every premium license sold and makes a donation to a nonprofit organization that helps manatees.

Sticky Password uses 256-bit AES encryption to protect user credentials against hackers. Users also have access to biometric authentication, a secure password generator and a password report to assess the strength of each password. Sticky Password works with Windows, Linux and MacOS; 16 browsers, including Internet Explorer and Opera, and the iOS and Android mobile platforms.

Pros and Cons of Sticky Password

What Customers Are Saying
Users love Sticky Password’s security features and password-sharing capabilities. One reviewer explains that password sharing, biometric authentication, and other features make for a “liberating experience.” Sticky Password is also well-regarded for offering the ability to sync data without using the cloud, which enhances security and gives users more control.


TRUE KEY BY MCAFEE

True-Key Logo
True Key has additional security features that set it apart from its closest competitors. Because True Key is offered by McAfee, it comes bundled with most of McAfee’s security suites, giving users an extra layer of protection when accessing websites and mobile applications. True Key also has several types of multifactor authentication to make it more difficult for hackers to access users’ accounts. In addition to these extra features, True Key offers the standard AES-256 encryption and supports biometric authentication.

The free version of True Key stores up to 15 passwords, while the premium version offers unlimited password storage at a cost of $19.99 per year. True Key also offers additional features, such as automatic form-filling, device syncing, and a secure password generator, but neither version comes with password sharing. For users who like to switch between desktop and mobile devices, True Key also works with a wide range of browsers and platforms, including Linux and Opera.

Pros and Cons of True Key

What Customers Are Saying
Customers love that True Key comes bundled with McAfee’s antivirus software and has “excellent MFA (multifactor authentication) options.” True Key has also been recognized for its easy-to-use interface and robust password audit tool, which enhances security by helping users create strong passwords that are less vulnerable to attacks.


ZOHO VAULT

Zoho-Vault Logo
Zoho Vault offers a robust free version as well as three paid versions. The Standard version costs just $0.09 per user per month, the Pro version costs $3.60 per month and the Enterprise version costs $6.30 per month. Standard accounts come with password sharing, the ability to set up user roles, a centralized panel and the ability to transfer passwords to new users. The Pro account includes everything in the Standard plan, along with the ability to manage user groups, view activity reports and share folders. Enterprise accounts can be integrated with Active Directory or business help desk software.

Zoho Vault provides access to a password report that gives users guidance for strengthening their credentials and making them less vulnerable to attacks. This password manager also uses AES-256 encryption, supports biometric authentication and offers a secure password generator to protect sensitive data against unauthorized access.

Pros and Cons of Zoho Vault

What Customers Are Saying
Zoho Vault is known for delivering excellent value at an affordable price. One user comments that Zoho Vault is “priced extremely competitively,” and another notes that it is an “excellent tool to manage credentials.” Customers also like that Zoho Vault makes it easy to organize passwords and create new password entries.

WHAT ARE PASSWORD MANAGERS?

Password managers are tools used to store and manage your online credentials. A good password manager offers unlimited storage, making it possible to manage passwords for streaming services, shared productivity applications, online banking, records management, and many other types of accounts.

Password managers are especially helpful for small businesses, as they enable employees to use shared accounts without seeing the usernames and credentials. Business owners can rest a little easier knowing that an employee who leaves the company doesn’t have access to credentials that can be used to submit purchase orders or access financial documents.

A good password manager also enhances collaboration, especially among the employees in small businesses. Small firms may not have the funds available to purchase every employee a copy of an application or program. Password managers make it possible for multiple employees to use the same account, keeping costs as low as possible.

Weak passwords, such as passwords containing no special characters or passwords that are used for multiple sites, are easy to guess, making accounts with those passwords more susceptible to unauthorized access. Password managers make it possible to generate strong passwords that are difficult for others to guess, enhancing online security and keeping your data private.

BENEFITS OF PASSWORD MANAGERS

Small business owners can benefit from using a password manager in the following ways:

  • Reduce your IT expenses. Data breaches tie up resources, prompting some business owners to hire additional IT staff. By keeping passwords secure, a password manager prevents unauthorized access to company accounts, freeing up your IT staff for other duties and eliminating the need to hire extra team members.
  • Increase employee productivity. If employees waste a few minutes each day trying to remember passwords or calling IT for help with password resets, that’s several hours per year that could be put to a better use. A password manager eliminates the need to remember passwords for multiple websites.
  • Give customers peace of mind. Business owners deal with confidential data every day. Customers want to know that firms are doing everything in their power to keep that data secure. If you use a customer relationship management system or similar type of software, a password manager can help protect against unauthorized access.
  • Enhance collaboration. Password managers make it possible for employees to log in to websites using the same credentials. This makes it easier for employees to access the data they need to write reports, prepare presentations and complete other tasks requiring collaboration.

MUST-HAVE FEATURES IN A PASSWORD MANAGER

When choosing a password manager, it’s important to look for four key features. The first is a high level of security, which relates to the level of encryption used to protect your data against unauthorized access. Many password managers use 256-bit AES encryption, making them effective for guarding against brute-force attacks, a type of attack that involves entering random passwords and hoping that one of them works.

The best password managers also use techniques known as salting and hashing to keep data secure. Hashing refers to scrambling of a password, while salting refers to adding extra data to the hashed password to make it even more difficult to guess. Device compatibility and unlimited storage are also important. Many people now use tablets and smartphones in addition to their desktop and laptop computers, creating a need to manage passwords across a wide range of devices. Unlimited storage is necessary because most people have dozens of passwords to store, for everything from online investing accounts to digital gaming accounts.

The final thing to look for in a password manager is the availability of added features. Great password managers offer special features like password sharing and password audit tools to make them even more useful.

THE COST OF PASSWORD MANAGERS

Password managers are relatively affordable, especially considering that they do the important job of protecting your online accounts against unauthorized access. Many companies offer free accounts for individual use. These free accounts typically have limited features, but they can be useful if you just want to store a few passwords and don’t mind not having access to premium features. Free accounts may also limit the number of devices that can be logged in at the same time, so that’s something you’ll want to consider if you’re trying to balance costs with functionality.

Paid versions are available in a wide range of prices, from less than $0.10 per user per month all the way up to $199.99 for a lifetime subscription. Some companies offer monthly billing, while others require you to pay for one year of service up front. This is another important consideration when choosing a password manager. If you’re signing up for a personal account, you may want the flexibility of being able to pay a small amount each month rather than a lump sum once per year. For business owners, paying annually is usually more convenient, as it eliminates the need to pay an extra invoice every month.

Source: https://digital.com/password-managers/

 

Monday, 21 December 2020 21:59

What is Cybersecurity?

What is Cybersecurity?

The security of your Information Technology (IT) network
from end-to-end is cybersecurity.
That’s it?
Yes, but how we do this can get very complicated.
To make this easier, let us take a look at the Confidentiality – Integrity – Availability concept.
  •  

    01 Confidentiality

    If you stored your critical, super private information on your IT network, but everyone could see that information, you would agree that your super private information wouldn’t be private very long. You need a way to protect your super private information, or what is called the Confidentiality of your information. Many times, we utilize encryption to protect the Confidentiality of our information on our IT networks.

    02 Integrity

    You have worked very hard and many hours to create a listing of the critical assets of your business. You save this information and return to the listing the next day and find that the information you saved has been changed by someone else. You would not be happy – correct? What changed? How did it change? It will take you more hours and a lot more hard work to figure out what changed. The Integrity, or the accuracy, of your listing has been affected and you are not happy.

    03 Availability

    Picture your IT network that cannot access the internet, cannot talk to anyone or any other computer. Not much good – right? If we eliminate Availability to communicate on the network, the network is almost worthless to us and our business. Having our network communicate to other computers and people is critical; therefore, Availability is super critical to us.
    In Cybersecurity, experts determine how to protect information on IT networks, how to ensure accuracy of the information, and how to provide continuous availability of that information to those who use the information.
     
  • What is Information Security?

    The world around us is full of information that we use, understand, and make decisions with. Most of us have paper around our homes and businesses. What kind of paper? Do you receive mail with your name, home address, and possibly other personal information inside? Did you print a document from your Information Technology (IT) network to a printer? If you have these paper documents, then you have information that is not electronically on your IT network.
    It’s important to understand that not all information that we use day-to-day resides on our IT networks. Remember, Cybersecurity protects the data that resides on our electronic, IT networks. Information Security protects all of our information – even that on our IT networks. Those paper documents are protected by Information Security.
     
    Let’s discuss ways that Information Security experts support overall security:
     
     
    a. Did you open a door, use a key, or meet a security guard when you went to work today? These are all forms of physical security, which is a link to overall Information Security.
     
    b. Have you seen or heard a fire truck responding to an emergency, maybe a fire? We use fire suppression systems and alerting devices to assist us in protecting ourselves and the information we have within our homes and businesses.
     
    c. Let’s discuss an area that all of you deal with, but most never considered Information Security - laws, business and corporate policies, industry standards and best practices. How are these information security? Senior leaders create these documents or practices to support our Information Security through reduction of the risk to our facilities, our data, and even our personal safety.
    The next time you go home or to work, take a look around. We live in a world of information – in our personal and professional lives. Those who would do us harm will use our information to obtain access to our world and cause confusion, frustration, and possibly, considerable personal and professional loss. Understanding Information Security through training adds tremendous value to you and your organization.
    image
     
  • Information Security
    VIS-A-VIS Cybersecurity

     
    If you are asking, “What’s the difference, are they not the same?” The simple answer is "No".
    Information Security deals with understanding risks and how we protect our information. Cybersecurity deals with protecting our Information Technology (IT) networks and data within.
     
     
    Here are two approaches to see the difference between the two:
    A.
     
    You would agree that the computer at your home or business has a lot of information that you have created and stored within its storage devices – Correct?
    How do we protect this information?
     
    We will use Cybersecurity to protect the electronic data. That’s good, but how do you keep someone from gaining access to your computer and your electronic data? That’s a very good question.
     
    We will use Information Security to protect information within our home or business, provide user training, and ensure the right people have access to our IT networks. Information Security includes Cybersecurity since electronic information is still information.
    Still not convinced you understand? Let’s try another description:
    B.
     
    Let’s assume that your home or apartment has several rooms – the kitchen, the television room, the bedroom, and maybe a bath. These rooms serve a purpose within the home or apartment.
     
    Visualize that Information Security is your home or apartment – You have doors, keys, locks, possible alarm systems, and maybe a fire suppression system. You may even have a neighborhood security company that protects the outside of your home.
     
    Visualize that Cybersecurity is a room in your home or apartment (i.e. the Kitchen). This specialized room supports you by providing a special function within the home.
    You likely agree that if Cybersecurity is a room within the home, and the home is Information Security, then Cybersecurity is a part of Information Security. Information Security protects all information, while Cybersecurity protects the electronic information.
     
  • Types of Cybersecurity

     
    Cybersecurity is a diverse field that covers a wide range of security measures. A neat way to classify these measures is on the basis of what is it that is being secured. Let us take a look at the various categories below.

    Application Security

    We rely on computers and Information Technology (IT) networks to provide us everything from work, social networking, entertainment, and shopping to name a few. You likely know that many of these are provided through software programs (Amazon, Microsoft Office, Computer games) and hardware (laptops, smart phones, Bluetooth speakers). We use these everyday and those who might wish to harm us know that we depend on these.
    So how do we protect ourselves while we use these programs and devices?
     
    Have you heard of Norton or McAfee Antivirus software? Most likely you have as these are some of the biggest names in both antivirus and computer firewalls. Let’s discuss antivirus programs:
    When you get sick, what does the doctor do for you? Determine what is making you sick and possibly give you medicine? You understand the medicine will make you better. An antivirus program is similar to your doctor – it looks at the illness (virus) trying to infect your computer or IT network system and provides the medicine to prevent the virus from infecting your computer further.
    We stated that Norton and McAfee also provide computer firewalls – you ask, “What is a firewall?” I want you to think of a firewall as a large brick wall that attempts to prevent intruders from gaining access to your building. In a computer or IT network system, we use firewall applications to provide a barrier to those who wish to harm us. What kind of barrier? Not a physical barrier like a visible fence or wall, but an electronic barrier that prevents network intrusions.
     
    Remember in Cybersecurity, we stated we use encryption to protect our computers and IT networks. How does encryption programs provide that protection? Think of encryption as scrambling information to make it unreadable or extremely difficult to understand. Encryption programs protect our information on computers and IT networks by making that information very hard to read or understand.
     
  • Cloud Security

    It’s amazing that we utilize something called a ‘Cloud’ to support our computers and Information Technology (IT) networks. In fact, we have become extremely dependent upon it. We cannot, however, discuss Cloud Security until we understand what a Cloud is within our computer and IT networks. So, what is a Cloud?
     
    Just like real clouds in the sky, a computer or IT network cloud is an entity that ‘visibly’ exists in the IT world, but just like real clouds in the sky, you can’t say that there’s a one-size, fits all category for it. A computer or IT network cloud can change shape, size, and characteristics to match the environment desired by those who utilize them. Interesting! It has the ability to adapt and change within seconds to meet your needs – just like a real cloud in the sky can alter its shape based upon its environment.
     
    We use the cloud (like Amazon Web Services (AWS) or Microsoft Azure) to store and manage our vast array of information. If you have ever used Google Drive, Microsoft OneDrive, or Apple’s iCloud, then you have used the cloud to store your information or data. Cool, huh?
     
    Cloud Security protects our information in the cloud through applications that:
    1. Identify those who should have access to our information stored in the cloud
    2. Prevent unauthorized use of our information
    3. Protect our information through strong security measures
    The use of the cloud is critical to our everyday personal and professional lives and we rely on cloud security to secure and protect our information.
     
  • Infrastructure Security

    Every day we rely on critical infrastructure to support our lives – traffic lights,hospitals, electricity through the electrical grid. In fact, we cannot imagine a world that does not have these ‘modern’ conveniences.
     
    Some refer to days without electricity or running water as ‘the stone age.’ Critical infrastructure dates back to the Roman Empire and the aqueduct systems.
     
     
    Why is critical infrastructure a type of Cybersecurity?
    1. Although critical infrastructure dates back to the Roman Empire, the use of Information Technology (IT) to support and enhance critical infrastructure is much more recent – in the late 1900s. Much like the vulnerability of IT networks to possible attacks, our use of IT to support critical infrastructure makes them vulnerable to attacks.
     
    2. Can you imagine your electric company being attacked through the IT network? What could happen? You could lose your power – how do you like life without electricity? Not good, right? What about your water supply? If attackers stopped the flow of water to your home by shutting down the pumps, how do you take a shower or get a drink of water? You don’t.
     
    3. Infrastructure Security focuses on programs (software applications) and computer devices (hardware) to: a. Identify and detect events taking place in our IT networks that might affect our critical infrastructure systems, and protect those systems with electronic barriers against those who would do them harm.
     
    4. Infrastructure Security supports laws, regulations, and standards that enhance companies and governments ability to adopt methods of limiting the impacts to us if we are attacked:
    a. Backup generators and alternate work locations in the situation our environment becomes unusable (no water or electricity).
    b. Physical security around our critical infrastructure areas like water, electricity, hospitals, and food production.
     
  • Network Security

     
    Many businesses with even a small number of employees have an Information Technology (IT) network to support its operations.
     
    Can you imagine the cost of purchasing, installing, and maintaining many copies of Microsoft Office on every computer within your company?
     
    Many networks have a central repository of common, shared programs (Microsoft Office, Adobe) that allow rapid installation and maintenance.
     
    Networks also tie our individual IT equipment (computers, laptops, printers, scanners) together allowing quick, efficient deployment of programs and assets.
     
    Now that you know more about a network, it’s time to discuss Network Security. What is it? How does it work? How does it support our cybersecurity effort? All great questions –
    let’s answer them:
    01
    Network Security seeks to protect our internal networks through prevention, detection, and correction of intrusions – I know your question, “What’s an ‘internal’ network?” Many experts state that the ‘External’ network is the Internet – that part of your business network which you don’t have direct control over. If the ‘External’ network is that portion of your business network you don’t have control over, then the ‘Internal’ network is that which you do have direct control over.
    Where’s that ‘Easy’ button!
    image
     
    02
    Network Security uses many types of software and hardware assets to support its function.
     
    a. Artificial Intelligence and Machine Learning-
    by harnessing the power and speed of the computer (yes, it’s much faster than a human), the network rapidly scans our networks to identify intrusions and bad situations (called anomalies).
     
    b. Vulnerability Management programs-
    scuba diving at night in the ocean – trust me, you feel vulnerable! Well, vulnerability management looks into our internal networks to identify those areas which might be susceptible or vulnerable to an intrusion.
     
    c. Intrusion Detection and Prevention Systems-
    software and hardware devices that constantly search and notify us of intrusions.
     
    03
    Like a hand in a glove, Network Security is integral to cybersecurity with its focus on maintaining the security of our internal networks.
     
  • Internet of Things (IoT) Security

    It is amazing how every facet of our lives are being scrutinized and devices which have computer chips are being created and placed in most homes and businesses to make our lives easier, more connected. If you go to an appliance store, you will find ovens, refrigerators, dishwashers, and washer and dryers that utilize the power of the internet to allow you to control their actions from a smart device, or do activities more efficient. In a recent commercial, a man was in a grocery store and could not remember if he had milk – he logged into his refrigerator at home and used the internal camera to see if there was milk inside. Really? How about our home security systems, cameras, thermostats? Do you have Alexa in your home? “Hey Alexa, get me a soda from the smart refrigerator – I see I have one in there from the camera inside.” NOPE! Alexa can’t do that yet.
    What are we talking about? We know we have these devices in our homes, but what do cybersecurity experts call these devices – Internet of Things (IoT). As a society, we have become use to ‘things’ that utilize the internet to provide us information, entertainment, or assistance. These devices are not necessarily connected to our Information Technology (IT) networks. Some devices connect directly to your smart device using a different connection capability called ‘Bluetooth’. Bluetooth uses a wireless signal that is very short range to normally communicate between two devices (a smart phone and wireless headsets or a smart toy).
    image
    Internet of Things (IoT) Security is focused on protecting our IT networks when IoT devices are connected. How much security do you believe is built into a $10 smart toy? Not much, if any. The problem with this $10 smart toy is that it could be vulnerable to an attack, and if it is connected to your IT network – well, guess what? You’ve been attacked by an intruder.
    So how do we protect ourselves if IoT devices are everywhere?
     
    1. Training – the more you know about the vulnerabilities of IoT devices, hopefully, the more you will be smart in how you use them.
     
    2. Limited use on our IT networks – Genius! So why don’t we simply not use them on our networks? Problem solved right? No. Remember, one of the major three components of cybersecurity is Availability. That’s right – people want their IoT devices.
     
    3. Increased protection on our IT networks specifically tailored to look for IoT device vulnerabilities. That’s easier said than done since we are constantly changing our IoT devices and how we use them.
     
  • Is Cybersecurity for..

     
    There are many who would like to get into Cybersecurity but find the market full of certifications and technical jargon. They search to find the right certification, the right training organization, and a way to gain the experience needed to pursue a career they desire. Let’s look at several questions and attempt to lift the veil of technical jargon and understand how to get into cybersecurity.
     
    How do I understand the importance of a certification?
    Certifications inform employers and cybersecurity experts that you have both the experience and knowledge that the certification covers. Certifications don’t replace experience – they complement experience prerequisites
    Working in a different career field or just finished school – how do I get into cybersecurity?
    1. First, congratulations on your career path to date – it takes dedication and perseverance to achieve what you have so far. Guess what? The perseverance you have displayed is what it takes to make a career change or pursue a life as a cybersecurity expert
    2. Cybersecurity has so many different paths – forensics, malware analysis, vulnerability management, incident response, etc. For certain, there are hundreds of titles for various positions. A good reference is the National Institute for Science and Technology (NIST) National Initiative for Cybersecurity Education (NICE) framework – it identifies those career fields that are fully recognized as the foundation of all other cybersecurity career areas
    3. Lastly, what interests you ? Seriously – what really intrigues you? If you like crime scene investigations and getting into the understanding of cybercrime and finding the ‘bad guy’, then Forensics may be your area. The primary key to getting into cybersecurity is finding what you really like to do and understand – promise, there’s a cybersecurity area that deals with what you enjoy. Why can we say that? Because Information Technology (IT) permeates everything we do – cybersecurity protects IT
    Are you saying there’s no correct answer? No, we’re saying there’s so many different answers that no answer fits all possibilities
    Here’s what you need to do:
    1. What interests you – not your friends, family, or significant others – just you! Give yourself a Top-3 list
    2. Look at NIST NICE references or other cybersecurity websites – which cybersecurity career fields match to each of your Top-3
    3. Research (Google, GreyCampus) these cybersecurity career fields – identify the requirements for your Top-3
    4. Don’t procrastinate – make a decision and pursue your dream! Cybersecurity is fun, rewarding, and challenging
     
  • CyberSecurity Certifications
     

    Path to Certification

    Where do I start?
    Most want to know the answer to that question – in fact, almost every cybersecurity expert in the industry today has asked that question more than once. Remember – you are not alone in wanting to know. In fact, you will likely search for this answer many times as you become more involved with cybersecurity. Understanding cybersecurity and the path that guides you to your career goal is circular – let’s explain.
    1. Where am I now?
    Your experience whether in technical or non-technical brings valuable insights into cybersecurity. Some of the best experts in the industry were musicians, artists, journalists – it’s not how technical you are, it’s how you pursue your goals
    2. What education and training do I need?
     
    a. Much of this depends on how you learn – are you a classroom-style learner? Visual learner? Virtual learner? Book learner? Practice-exam learner? So many different methods these days – what works best for you?
     
    b. Education is a formal program similar to college – typically longer in duration with a very structured format
     
    b. Training is a semi-formal program that supports shorter duration (a few days to few weeks) courses that are more focused than education
    • Certification programs are likely training-style
    3. If certifications, education, or training don’t replace experience – how do I get the experience?
    a. Some career fields have beginner or starter positions – help desk, entry-level analysts, technicians
    b. Each career field has different certification requirements – obtaining some certifications require little to no experience
    You never stop learning – even after you obtain the experience and certifications, you need to continuously support your understanding of the global cybersecurity environment. The world is changing – and so must you!
    Now, based on your target focus area and level of competence, let us discuss certain cornerstone certifications, both entry-level and advanced.
     
  • Entry-Level Certifications

    imageChoosing the right certification for your entry into cybersecurity is important, but don’t fear if you select one that is not perfect. Most cybersecurity experts have many certifications to represent many different focus areas. What we need to do is identify those certifications that cover a broad range of areas, allowing you to seek a career in an entry-level position and gain both the experience in cybersecurity, and knowledge of addition certifications to pursue over time. All of these certifications require little to no experience to get started.
    1. CompTIA is an organization that specializes in entry-level certifications, many are cybersecurity related
    a. A+, Network+, Server+ - these certifications provide you the initial understanding of IT systems. Many beginning IT and cybersecurity individuals take these certifications to certify that they understand the basics of an IT network
    b. Security+ - this is the first certification that most cybersecurity experts pursue. The Security + states that an individual has spent considerable time researching and studying cybersecurity and has gained a very good understanding of the basics and has some knowledge at the intermediate levels
     
    2. EC-Council is an organization that primarily focuses on vulnerability assessments and analysis
    Certified Ethical Hacker (CEH) – the CEH states that you have a basic understanding of penetration testing (looking at a computer network and finding the weak areas within). Many cybersecurity experts begin with this certification, especially if they seek to become a Security Control Assessor
     
    3. Cisco is an organization that has for decades supported the creation and implementation of IT networks, switches, and routers
    Cisco Certified Network Associate (CCNA) – provides valuable insights into the basics of how networks operate. Most signals that travel within a network need to be switched or routed to their destinations. Understanding how networks work is vital for a cybersecurity expert in devising how to protect the network
     
  • Advanced-Level Certifications

    You are already a cybersecurity practitioner and possibly an expert in several cybersecurity domains. Fantastic, we have both information and certifications that can support your continued growth within the industry. Most advanced-level cybersecurity certifications focus around specialization – seeking to understand specific areas at a greater depth than surface-level; however, there are a few broad certifications that are superb, advanced-level certifications to obtain. All of these certifications require experience to earn the certification or to become fully certified.
    1. CompTIA is an organization that specializes in entry-level certifications, but does have one that meets the intermediate/advanced-level
    CompTIA Advanced Security Practitioner (CASP+) – the CASP+ is a very technical-based certification that addresses your knowledge of Command Line Basics (Unix-based code), network operations, and advanced, cybersecurity support requirements
     
    2. ISACA is an organization that focuses on cybersecurity within a business; seeking to ensure understanding of how cybersecurity involves and is impacted by business decisions and senior management
    a. Certified Information Security Manager (CISM– addresses how cybersecurity strategy and operations mesh with business decisions – addresses the symbiotic relationship that must be nurtured
    b. Certified Information System Auditor (CISA) looks at cybersecurity from the perspective of an auditor, or as a business preparing for a cybersecurity audit. Cybersecurity audits are critical to our defense-in-depth and understanding of where our security gaps are
     
    3. (ISC)2 is an organization that has many of the global, Gold-Standard certifications for cybersecurity – both broad scope and focused; heralded as the prime certifications for most Federal and State governments, Military, and commercial entities
    a. Certified Information Systems Security Professional (CISSP) – the gold-standard, broadscoped, cybersecurity certification focusing on all eight of the recognized cybersecurity domains (or areas of knowledge)
    b. Certified Cloud Security Professional (CCSP) – the gold-standard, cloud-based certification focused on non-specific cloud environments, operations, and security
     
  • Career Options in Cybersecurity

     
    You’ve done your research on cybersecurity, looked at various cybersecurity certifications, and have decided that you are ready to embrace a career in cybersecurity. Fantastic, but it appears that you have a few more questions:
     
    1. Am I ready to make a move into cybersecurity? Do I need a college degree? Do I need to have a technical background?
    Great questions – let’s take a look at the answers:
    a. You’ve conducted hours of research on cybersecurity, certifications, and possible career opportunities within cybersecurity, and you are excited and motivated to get started – then it looks like cybersecurity might be a great choice for you
    b. No, you don’t need a college degree
    c. No, you don’t need a technical background – there are technical aspects to cybersecurity, but creativity and the ability to ‘think outside the box’ are extremely important traits or skills of a cybersecurity expert
     
    2. I’ve worked in a non-cyber, non-IT career field for many years – is it too late to change my career to cybersecurity?
    No, it’s never too late – we have cybersecurity experts who started their career in human resources, logistics, or project management, plus many others.
     
    3. Who should pursue a cybersecurity certification?
    Anyone who has an interest in cybersecurity – some certifications require experience, some do not. Review our information on Entry-Level and Intermediate/Advanced cybersecurity certifications – this will provide valuable information on certification organizations and the certifications that could support your desire to be in cybersecurity
     
    4. What jobs are available to a cybersecurity expert?
    There are far too many to name them all, but Cyber Defense Analyst, Information Assurance Analyst, Vulnerability Management Analyst, Security Engineer, Forensics, Malware Analyst, Penetration Tester, Security Controls Assessor – there are dozens of different titles and positions that are in high demand within the government, military, and commercial sectors
     
  • How to prepare for Cybersecurity?

     
    There are so many organizations promoting their cybersecurity training – which is best? You likely know the answer already – it depends. Not the answer you were looking for? We understand, so let’s discuss this question and why it depends:
    1. Are you an ‘in class, bootcamp-style’ learner?
    Many cybersecurity students need that face-to-face interaction with an instructor, especially an instructor who provides the information in a way that makes the material relevant to today, as well as an instructor who is dynamic – interacting with each student in a way that best meets all students requirements for learning
    2. Are you a ‘virtual’ learner?
    Some cybersecurity students want to learn in the comfort of their homes, or they are at work and cannot leave their desk for a week to attend an ‘in class’ course. The virtual environment allows interaction with an instructor either in a visual, audio, or both format. The virtual environment does limit the amount of interaction you have with the instructor, but many virtual platforms have superb methods of enhancing the interaction to provide that feedback to and from the instructor
    3. Do you only want the original certification organization (for the CISSP that would be (ISC)2) to present the course to you?
    In most situations this is a viable option, however, the cost for the course can be much higher than from a qualified organization presenting certification materials that provide similar quality materials
    4. Are you seeking the cybersecurity certification with the best value to you, and to your organization?
    There are many certification organizations that provide high quality certification courses that equal or sometimes exceed the original certification organization’s course. These certification organizations may enhance the learning experience with highly skilled instructors, labs, webinars, workshops, course study materials, and practice exams
    When choosing a certification training organization, ask yourself if they meet your needs in a way that you can learn the best.
     
  • Attacks

     
    Did you know that most cybersecurity experts stated, “It’s not if we’ll be attacked, it’s when we will be attacked”. All we have to do is look around – listen to the news, read the headlines, look at history. Most attacks go unpunished and result in gains of prestige and significant monetary funds.
    Did you know that there are hundreds of cyber-attacks per day around the world? That number could be in the thousands if a true accounting was completed of all known and unknown attacks. Really, you say? Let’s pose a question – assume that you could legitimately (100% lawful), make $10,000 by conducting 20 phone calls to possible connections and just asking a simple question – nothing to sell and no pressure. Would you do this? Most of you would. So, why is it so hard to believe that a threat (someone or something who would do us harm) would take $10,000 of your monies by simply gaining access to your computer? You might report, but doubtful that you or anyone else would catch the cyber thief.
     
    Cyber attacks target people, computer systems, governments, and industry (just a few):
    1. In 2014, Russian hackers gained billions of user names and passwords. Credit card data from banks (JP Morgan Chase among others) are stolen
    2. In 2015, suspected Russian efforts shutdown Ukrainian electrical power, and another disrupted French television networks
    3. In 2016, the Petya ransomware attacked worldwide. A botnet (a very large array of internet devices) caused a major availability problem for Netflix, Paypal, and others
    4. In 2017, Equifax had 143 million customer records stolen. WannaCry ransomware affected hundreds of thousands
    5. In 2018, major brands – British Airways, MyFitnessPal, and Facebook had data stolen from internal databases costing millions
    6. In 2019, millions of cyber records stolen from Bulgarian National Revenue Agency, Fortune 500 companies, and Marriott-Starwood brands
     
  • News-Blog

     
    Staying connected and informed is very important to a cybersecurity expert. Our need to understand the environment (threats, new capabilities, old concerns) provides us both a sense of awareness and drives us to gain new training and experience to support the ever-changing Information Technology (IT) world.
     
    We stay connected in many of the same ways you stay connected with our News, and Blogs. Let’s take a look at each:
    01
    News – did you know that most crime reported is really only about 10% of the actual crime that occurs? Most are never reported. The same can be stated about cybercrime. The three major reasons for non-reporting of cybercrime are:
    a. Didn’t know – many cybercrimes go unnoticed for days, weeks, months, and even years
    b. Wasn’t required to report – didn’t see this as a big deal and wasn’t required to tell anyone – we didn’t
    c. Reputation expense too great – if we report, we won’t be trusted or our brand will be tarnished
     
    02
    Blogs – many times an organization, researcher, or expert will create a running discussion (called a blog) on a topic or list of topics.
    a. Digital Guardian – focuses on data protection and threat research
    b. The Hacker News – provides up-to-date insights on technology and how that affects the global network
    c. Threatpost – an independent look at cybersecurity and the threats and vulnerabilities within
Page 5 of 9