Authentication on PCs: Recommendations from Security Experts
Authentication is an important part of working on a computer, whether logging on, opening encrypted data or using web services like PayPal. Usernames and passwords still play an important role, even if many experts advise against using passwords as the only authentication method. Even approaches to passwords have changed over time. Until recently, experts recommended choosing complex passwords using special characters, numbers and uppercase and lowercase letters. However, many professionals now consider that complex passwords are inconvenient for users, especially if they must be changed frequently. Phrases such as a quote from a book or a sentence which is relevant to the log-in context are more meaningful for users. Such phases can easily reach more than 20 characters and are nevertheless much easier to remember than complex, eight-letter combinations of letters and numbers.
read moreEncryption is Central to EU GDPR’s Demand for Privacy
Starting May 2018, any business offering goods and services to EU citizens will have to comply with new GDPR rules. These rules explicitly require companies to take all measures necessary to protect the integrity of consumer data that they process or store. A key principle of GDPR is “privacy by default” which requires the digital information in everything from emails and mobile apps to cloud storage systems and M2M communications to be kept private and secure at all times. Studies show that U.S. organizations are no less committed to compliance as those in the EU. One of the most powerful protection measures a company can take is to encrypt data at every stage – in use, in motion and in storage. A tried and tested way to transport sensitive personal data securely across public networks is via business-grade VPNs. VPNs provide an encrypted tunnel to communicate privately between email and mobile connections as well as internal databases and cloud storage facilities.
read moreIs an EU-wide IT security certification program on its way?
Measures for cybersecurity are to be regulated at the European level in the future, according to the mandate of the European Commission. IT products and services may pass through a voluntary certification scheme in future under the aegis of the European IT security agency ENISA. At the beginning of this year, ENISA applied to the European Commission to extend its remit, including introducing an EU-wide program for certifying the security of IT products. This ranges from simple certification for IoT devices to complex evaluations of high-security systems such as banking applications. The significant cost differences in national certification schemes was named as an important consideration for establishing a centralized certification program.
read moreOVUM Report Highlights NCP’s Secure Remote Access Technology and Expansion into IoT and IIoT
We recently briefed Rik Turner, Principal Analyst of Infrastructure Solutions at OVUM Consulting, on our VPN client software (IPsec and SSL), VPN gateways, central management consoles and personal firewall product, Net Guard. Given our extensive experience in the manufacturing and process industries, we discussed the expansion of NCP technology into the Internet of Things and the Industrial Internet of Things.
read moreSMBs Need VPNs Too
Small business owners have many things on their mind but IT security should not be one of them. Not so long ago, network protection for a small business amounted to maintaining a firewall and some antivirus software. Now, recent technology advances have blurred the boundaries between the company perimeter and the world at large. Consumerization of IT and flexible working mean employees now need secure, private remote access to company resources from their own devices at any time of day from anywhere in the world. This translates into increased risk to the business and the potential for higher levels of stress for business owners, especially if they take on fixing security issues in person. A small business requires additional protection, particularly once they begin to expand. This is where remote access Virtual Private Networks (VPNs) for employees and Industrial Internet of Things (IIoT) can help.
read moreAnother plea for multi-factor authentication
A hacking and cyberespionage group is currently targeting industrial control systems at energy companies. According to a survey by Symantec they have broken into 27 corporate networks so far. The Dragonfly group, also known as Energetic Bear is using spear phishing campaigns and malware-infected websites to collect credentials for corporate networks. Dragonfly has been active since at least 2011 and was exposed by security analysts in 2014. Afterwards, the group seemed to go underground and has only recently emerged again in the public eye. Symantec researchers refer to the current attacks as “Dragonfly 2.0” because they replicate many aspects of the previous attacks. The attacks target industrial control systems (ICS) which belong to companies that operate pipelines, generate electricity, and other energy-related companies. The Dragongly group appears to be particularly active in Switzerland, Turkey and North America.
read moreThe Rise of Cloud-based Services Fuels Demand for Managed VPNs
The growing popularity of cloud services coupled with security concerns is driving demand for managed VPNs. In particular, the success of public cloud services is gradually encouraging more enterprises to move away from conventional remote network access methods in favor of cloud-based remote access. Providing remote access via the public cloud brings organizations multiple advantages including ease of management, flexibility and lower costs. However, opinions are divided over the level of security it affords. Most users of public cloud services consider security a primary benefit. Yet mistakes can and do happen, leading to high profile consequences. One aspect of cloud management technology that is not in dispute is its capacity to simplify secure VPN connectivity for large numbers of remote workers.
read moreAwareness is crucial – How to prevent e-mail fraud
Sometimes it’s hard to believe the stories we read. In the case of CEO fraud incidents, cybercriminals earn double-digit sums in the millions by persuading employees that they are acting on behalf of the CEO or another senior manager. Employees then transfer the required amount to an alleged account of a partner or supplier, based only on an e-mail or telephone request without seeking reassurance. CEO fraud follows a similar method to telephone cons targeting the elderly but causes significantly higher financial damage. In mid-2016, an international network was unraveled which was alleged to have earned USD 60 million through the cybercriminal methods of Business Email Compromise (BEC) and CEO fraud. Similar attacks are now occurring on a daily basis in Germany, with similar dramatic consequences.
read moreConnect With Us
Contributing Member
