Authentication on PCs: Recommendations from Security Experts

Authentication is an important part of working on a computer, whether logging on, opening encrypted data or using web services like PayPal. Usernames and passwords still play an important role, even if many experts advise against using passwords as the only authentication method. Even approaches to passwords have changed over time. Until recently, experts recommended choosing complex passwords using special characters, numbers and uppercase and lowercase letters. However, many professionals now consider that complex passwords are inconvenient for users, especially if they must be changed frequently. Phrases such as a quote from a book or a sentence which is relevant to the log-in context are more meaningful for users. Such phases can easily reach more than 20 characters and are nevertheless much easier to remember than complex, eight-letter combinations of letters and numbers.

Another plea for multi-factor authentication

A hacking and cyberespionage group is currently targeting industrial control systems at energy companies. According to a survey by Symantec they have broken into 27 corporate networks so far. The Dragonfly group, also known as Energetic Bear is using spear phishing campaigns and malware-infected websites to collect credentials for corporate networks. Dragonfly has been active since at least 2011 and was exposed by security analysts in 2014. Afterwards, the group seemed to go underground and has only recently emerged again in the public eye. Symantec researchers refer to the current attacks as “Dragonfly 2.0” because they replicate many aspects of the previous attacks. The attacks target industrial control systems (ICS) which belong to companies that operate pipelines, generate electricity, and other energy-related companies. The Dragongly group appears to be particularly active in Switzerland, Turkey and North America.

NCP Secure Enterprise iOS Client Wins Government Security Award

NCP has been named by Security Today magazine among the 2017 winners of its coveted Government Security Awards, also known as “The Govies”. The Govies recognize new security products across a spectrum of disciplines that share a common trait – they are all fundamentally important to IT professionals working in government agencies and their private sector partners. NCP is thrilled to receive top honors for its Secure Enterprise iOS Client, which took the Platinum award in the Network Security category. This achievement further underlines NCP’s dominance in Government remote access VPN solutions having triumphed in the same Govies category on numerous previous occasions.

Top 5 security vulnerabilities are always the same

The research and analyst firm techconsult issued a summary of the five major security vulnerabilities in SMEs and public organizations in Germany at the start of 2017. Their annual study Security-Bilanz Deutschland reviews IT and information security based on a representative survey of more than 500 interviews in companies and non-profit organizations. The results are sadly not that surprising each year. Although the organizations surveyed are aware of the problems and have the resources to deal with them, unfortunately they either approach issues through the wrong channels, inconsistently or too late.

The national economic protection strategy in Germany and real life

When it comes to security, public authorities in any country also want to represent their interests, some more intensively than others. Germany is not lacking in initiatives and organizations that want to help companies in terms of digital security. Unfortunately, the wheels of public administration can turn very slowly, such as the recently unveiled national economic protection strategy shows. In addition to the key associations BDI and DIHK, different security agencies in Germany are involved in the initiative, including the Federal Office for the Protection of the Constitution, the Federal Criminal Police and the Federal Office for Information Security. Announced in August 2013, it took nearly three years until a significant concept was presented this week. On the whole, the national economic protection strategy is not much more than brochures and explanatory films that are intended to raise awareness of security threats among SMEs – not just in the field of IT. Practical measures such as financial support for companies to hire certified security consultants or implement security projects are lacking. Raising awareness of security threats whether physical or virtual through cyberspace is never a bad thing.

Open Haus: Multi-Factor Authentication [VIDEO]

NCP has been present at a number of industry events throughout the year, from it-sa in Nuremberg to SC Congress in New York to INTERFACE in Denver. While these gatherings offer great opportunities for reconnecting with our friends and partners, as well as reaching out to new clients, they also provide an invaluable time for taking the industry’s temperature, so to speak. And if there was one thing we found that was on nearly everyone’s minds this year, it was the growing need for two-factor (or multi-factor) authentication. As data breaches caused by spear-phishing and social engineering tactics have become both increasingly more frequent and more damaging, multi-factor authentication emerges as a common sense solution for reducing the success rate of these cyberattacks. Unfortunately, it’s not as simple as flicking a switch. Cybersecurity budgets may be increasing, but IT professionals are still struggling with the amount of resources they have, and are unsure about where to shift their priorities. How to implement multi-factor user authentication, or how to determine which VPN or defense-in-depth solution offers the best multi-layer fit for your organization, are all pain points for enterprises. How It Works That’s what gives NCP Secure Enterprise Management (SEM) such a leg up on the competition. Unlike other secure remote access VPN providers, NCP’s solution provides integrated multi-factor authentication safeguards to help give your organization greater peace of mind. Protecting login information with just a username and password isn’t safe anymore; it’s all too easy for hackers to guess around these, especially when so many users have simple passwords to begin with. Two-factor or multi-factor authentication setups, instead, require...