The use of the double username/password in the use of computer systems is something we are used to, it has been around for so long that it is no longer given due attention. This makes cybercriminals focus their efforts on obtaining passwords to access critical sites, taking advantage of the fact that we have lowered our guard.

Currently, according to various studies, almost 80% of cyber attacks focus on the use of insecure passwords. It is estimated that a large part of the passwords circulating on the network could be decrypted by an attacker in a time that goes from as little as a few seconds to about 2 hours.

We Should Seriously Consider At Least 2 Things:

• Use of strong passwords.
• Use complementary authentication systems.

We have already talked about strong passwords, being one of the first defense barriers against attacks by cybercriminals, but let’s focus on complementary authentication systems.

Apart from username and password, currently, a large majority of sites already offer the so-called “two-factor authentication”.

Two-Factor Authentication What Is It What Does It Consist Of

We could define it as the security process by which a user must confirm their identity in at least 2 different ways. This secure identification method is based on authenticating a person by several methods that can be used simultaneously:

• Something you know (Password, pin …)
• Something you have (Key generator, coordinate card …)
• Something you are (fingerprint, facial recognition, etc …)

As we add layers, we improve security, making it more difficult for an attacker to get hold of sensitive information. We are talking about multi-factor authentication.

What Should We Protect With This System

In general, all those services or tools that have access to sensitive information, such as email accounts, online banking, access to social networks, websites or portals of travel agencies or online reservations, files in the cloud, and in general, any platform that we use where sensitive information is contained that may be compromised

How Is It Used

There are different ways to carry out two-factor authentication, some of the most common can be:

• Use of USB authenticating memories, apps that generate temporary security codes.
• Specific data that only we know, such as the PIN or the answer to a security question.
• Biometric measures, such as the use of fingerprint, facial recognition, voice, etc.

In general, currently, most email account providers already allow you to activate this option in their settings, even so, several applications offer the 2-step authentication service and are mostly free. These applications allow you to generate codes to access different services.

On the other hand, the use of USB sticks intended for authentication is also useful, since they are specific devices for this function to which the attacker should also have physical access. There are various manufacturers on the market of this type of media valid for computers, mobile phones, and tablets.

Difference Between Two-Factor Authentication VS Two-Step Verification

These 2 systems are often confused because of their similarity, but the big difference is that generally in 2-step verification a security code is sent via SMS that can be intercepted. The SMS message does not meet the security requirements of two-factor authentication, as it is neither something that the user knows, nor something they have, nor something that is, but something that they send.

Its use is currently discouraged since a third party could impersonate the sender by sending messages aimed at obtaining information (or even if someone has access to the device, it will be easy for them to see the verification code and access the service).

On the contrary, in multifactor authentication, it would be necessary to verify by fingerprint, facial recognition, or other physical means that we are the person authorized to access. This does not fully guarantee security, but it makes it more difficult for an attacker to take control, besides, the codes generated by the app are temporary and of short enough duration to be able to avoid attacks even if it falls into their hands.

In The Company

Implementing two-factor authentication on business access accounts and computers is an effective way to prevent attacks on sensitive information that could compromise our customers’ data. It also helps to narrow the scope of the employee to business information through the use of specific devices of the company and to become aware of the maintenance of good security practices, which will undoubtedly help to reinforce business security.

Also Read: Big Data Analytics & Cyber Risks, The Face And The Cross Of Digitization

The post Secure Your User Accounts With Two-Factor Authentication appeared first on Web Updates Daily.

Each of them favors hiding the information. Accountants and managers aim to keep the data about salaries in secret, while the researchers would better secure their findings so that no one could steal their invention. It is all about cybersecurity. Thus, before starting to pick cybersecurity solutions, the ones provided in Kaspersky or PC Pitstop reviews, one should know how they define the workplace and operation.

Cyber Security and Workplace

Cybersecurity refers to the protection of computer systems from digital attacks. The goal of such cyberattacks is usually to gain access to confidential information, modify or destroy it, extort money from users, or disrupt normal business processes. A smart approach to workplace cybersecurity involves multiple layers of protection for computer networks and systems.

An organization must align people, processes, and technology to deliver efficient safeguard against cyber attacks. Here are factors that constitute cybersecurity culture in the workplace.

People. Employees should understand and follow basic data protection principles such as choosing strong passwords, being careful with email attachments, and backing up data. In turn, managers and team leaders should facilitate and encourage the right treatment of data at work.

Processes. Organizations must deploy a system to prevent and mitigate cyberattacks. One established strategy can help. It will explain how to identify attacks, protect operations, detect threats, respond to them, and remediate the consequences of successful attacks. Also, ideally, every process must have a scenario for a possible hacker attack.

Technology. Technologies are at the heart of creating computer security tools to protect organizations and individuals from cyber attacks. There are three main groups of objects to preserve: endpoints, such as computers, smart devices and routers, networks, and the cloud. Naturally, there must be professionals to manage these to prevent possible hacker attacks. However, executives may also get involved in researching the best cybersecurity technologies, such as antiviruses.

Also Read: Cybersecurity In Teleworking An Approach Guide For The Entrepreneur

Workplace cybersecurity justification

Everyone uses advanced cybersecurity software in today’s networked world. On an individual level, a cyberattack can lead to a wide variety of consequences. The identity theft, attacks aimed at extortion, financial gain, the breach of data, and its loss are the most vivid cases.
The avoidance of these events is fundamental to the smooth functioning of any firm or business. In this regard, Bestantiviruspro.org has some reviews of antiviruses for corporate goals.

Know your data

To keep your business data safe, you must audit and determine which of them are public information (and therefore should not be carefully guarded), which are of medium importance, so that they will not significantly affect the business in the event of a leak (some security measures should be established for them).

Finally, executives should understand which data is most important and confidential. The latter must be protected as reliably as possible with the strictest access rights for employees and partners. It is likely to prevent paying seven figures or using third companies like Coveware to negotiate with hackers and get data back.

Account security

Authentication is the act of verifying identity (whether a user, computer, or other devices) by comparing the provided credentials with an existing database of authorized users before allowing a given system or application to access the system.

Entering a username and password to access your email account is the simplest example. But instead of relying only on passwords, which are becoming increasingly weak, we recommend using multiple factors for authentication.

Among these factors are some user’s secrets (for example, username/password, answer to a secret question), some of their physical property (for example, digital certificate, smart card), and some biometric factor (for example, fingerprint, face recognition).

Strong passwords

Many “black” hackers sell data that they managed to get after hacking. This includes information about thousands, if not millions, of users and their passwords. If you use the same password on every account, then it becomes a trivial task for a hacker to gain access to all of your systems.

It is much more complicated if the password is long, composed of various characters, and does not contain words from the dictionary. Use a password manager to ensure you don’t forget unique passwords for each service.

Timely software updates

Hackers are always looking for new vulnerabilities in the software your business is using. Finding them is as easy as finding a path on your Windows network. Simultaneously, the software companies themselves are working hard to release patches to fix these vulnerabilities, so it is essential to update the software as soon as an update is released.

Data backup

Backups ensure that files can be recovered in the event of data loss. You should always store your data in different locations, physically separated, so that hackers cannot access everything at once. And the backups need to be updated regularly.

Personal devices in the workplace

Some companies allow employees to use personal mobile phones for work. This improves productivity and efficiency but opens up opportunities for an attack.

These smartphones can be compromised and used to access your corporate network. Bring Your Own Device (BYOD) rules will help educate employees about the use of mobile technology and how to reduce the risk of such an attack.

Also Read: Cybersecurity Trends For 2020 And 2021

The post Cybersecurity Culture: Is it a Necessity? appeared first on Web Updates Daily.

Unquestionably, it is a useful system that offers us great advantages by facilitating our day today. However, like any device connected to the Internet, there are some risks that we must take into account. One of them is ‘voice hacking ‘.

However, first, it is important to know that there are two ways in which voice assistants can be compromised: from the Internet connection itself and from within the physical space in which they are used.

• Secure It Using The Singing Method or Singing Password: To do this, use the first letter of each word of your favorite song. You should not use password words that may appear in a dictionary of any language in the world, and you should try to make it usually have more than 15 characters. Also, the password of the Wi-Fi router must have at least WPA2 security. 
• Keep Your Voice Assistant Away From SmartTVs, Audio Equipment or Radios & Windows That Face The Outside: For this, you will have to “deafen” your voice assistant by placing a stuffed toy, or any material that absorbs sound waves, or even an adhesive tape fine, in front of the microphone hole (usually labeled MIC) to reduce the microphone’s pickup sensitivity and thus prevent the assistant from executing commands from afar. This may sound crazy, but there have already been reports of “automatic shopping” when voice assistants hear malicious words or advertisements (with phrases like “Alexa, buy a yacht” or “OK Google, open the front door”).
• Do Not Say Any Voice Commands In Front Of Strangers: You can configure the assistant so that it does not give answers aloud. The goal is to prevent a stranger from recording your voice and then imitating it with sound editing software. Which would allow you to give commands such as “Alexa, open the back door” or “OK   Google, check my bank statement.”
• Ask Someone You Trust To Try To Execute Commands On Your Behalf To Verify That It Only Responds To The Sound Of Your Voice: To make this happen, configure the ‘ voice match ‘ option (a function that recognizes your own voice in the Google Home virtual assistant) or the Alexa 4-digit ‘ voice code ‘ on the Amazon Echo (4-digit secret code before making a purchase). This will allow the assistant to “teach” to recognize only your voice (vocal biometry) and also program it so that it only shows results when it listens to you. This will prevent someone else from accessing your data.

Also Read: Voice Technology, Key To The Success Of Digital Transformation

The post Tips To Avoid The Voice Hacking appeared first on Web Updates Daily.

• The Most Used: One of the main reasons why cybercriminals attack smartphones resides in the fact that it is one of the most used devices. According to the Hootsuite “Digital in 2019” report, 96% of the population has a mobile phone, of which 87% are smartphones. These data show the high degree of penetration of this device. Also, it is worth noting the fact that these devices increasingly offer a greater number of functionalities that, together with their internet connectivity, make us use them to carry out any action: access email, make online purchases, etc.
• They Store Important Information: The smartphone has evolved to become a device for personal and corporate use. It is essential to highlight that technological development makes mobile phones powerful and allows their users to develop an infinite number of processes. As a consequence, smartphones are storing more and more important information such as contacts, images, location, bank credentials, corporate data, passwords, etc. All this data is especially attractive to cybercriminals since many of them allow them to impersonate the identity of the user to obtain financial benefits, etc.
• They Are Unprotected:  Despite being a fundamental device for users, from CheckPoint they highlight the lack of awareness about smartphone security. “In general, the vast majority of users do not have security measures on their smartphone,” they point out from the company. In this sense, the lack of protection solutions such as antivirus makes mobile phones unprotected against any threat and, therefore, vulnerable to any cyberattack.
• Gateway To Other Devices: Smartphones are part of the ecosystem of smart devices (not only smartphones, but also smart televisions, etc.) that connect to Wi-Fi networks, either in-home or corporate environments or even in open networks like airports, restaurants, etc. The lack of protection of these devices not only facilitates attacks on cybercriminals but also opens the door for them to infect a greater number of victims and thus produce massive attacks. In this way, by attacking a single phone, a cybercriminal can have access to tremendous amounts of information, hack security systems, etc.

This combination of factors makes this type of device the obvious choice for attackers to focus their efforts on finding potential vulnerabilities and “exploiting” the resources available on them, such as personal data, access to banking systems, entry point to other corporate or residential systems and, of course, for the espionage or monitoring of certain users.

The smartphone is essential in our lives due, among other reasons, to a large amount of information it stores. However, despite being aware of its importance, we hardly spend time and resources to guarantee its security, something that cybercriminals take advantage of for their benefit.

The post Reasons That Make Your Smartphone The Main Target Of Cybercriminals appeared first on Web Updates Daily.

14 trends that will mark cybersecurity in 2020 and 2021

Cybersecurity has become one of the major concerns of businesses and Internet users. How will the situation evolve in the coming years?

Artificial intelligence applied to security

The development of artificial intelligence will be one of the main pillars when it comes to improving security tools. Technologies such as machine learning or deep learning will contribute to making AI increasingly essential in antivirus, VPN, and all kinds of online software. Thanks to it, huge databases can be registered and analyzed, threats can be predicted before they occur or they can be “human” in the face of cyberattacks.

Blockchain or blockchains

The blockchain born as a united technology to criptomonedas, but today its use has spread to many other fields, including cybersecurity. The main advantage of the Blockchain is that it allows new information to be added to a chain, preventing data from being lost on the way and allowing access only to authorized users. This is a very basic explanation of this technology, so if you want to know more we recommend that you read our article on Blockchain.

Social engineering

Social engineering attacks are expected to increase, for example, phishing or phishing, fraudulent websites, etc. Experts believe that these threats will be more frequent than other types of attacks, such as denial of service or zero-day attacks. The main reason is that the information obtained, such as passwords, passwords, or account numbers, can be easily sold on the Deep Web.

Banking Trojans

One of the cybersecurity trends in 2020 has been the increase in attacks caused by banking Trojans, which aim to steal the accounts of banks’ clients. This threat has been around for a long time, but cybercriminals have perfected their creations and are increasingly difficult to detect and remove.

Remote authentication

Another trend in cybersecurity for 2021 will be the development of new ways of remote authentication. It is a trend that has had its boom in 2020 because of the Covid-19 and the consequent increase in teleworking. New and more effective ways are needed to control who accesses what information, from where and with what level of permits.

Geopolitics and protection of critical infrastructures

After the 2nd World War, the United States and Russia entered into a technological and arms race that was called the Cold War. Well, today we are entering a new stage of the Cold War, in this case, the cyberwar.

Technology will be increasingly used with the aim of achieving competitive advantages on the world geopolitical map. In addition, governments increase their concern for national defense against intelligence teams from other countries and attacks from abroad.

All this is already a reality in which there are three main actors: the United States, China, and Russia. Not surprisingly, the United States has already vetoed numerous Chinese manufacturers and Russia is heading towards its own internet and isolated from the rest of the world.

Cloud computing development

Among the cybersecurity trends in 2020 and 2021 is also the growing concern about the security of data stored in the cloud. According to Forbes, around 80% of companies’ work has already moved to the cloud by 2020. This implies that cloud computing services can be one of the main objectives of cyberattacks, so it is necessary to create infrastructures and systems that guarantee the security of the information and avoid data leakage.

Increased ransomware attacks

Among professionals dedicated to computer security, there is some alarm regarding the increase in attacks with ransomware. This type of malware increased by 500% during 2019 and is expected to continue growing during 2020 and 2021. The main victims of these attacks have been public institutions such as municipalities, as well as hospitals and health centers.

Increased user awareness of their privacy

Users are increasingly aware of the risks that the internet has for their security and privacy. Some scandals, such as the sale of information by Facebook, or the case of eavesdropping on smart speakers, have been partly to blame. In addition, data protection regulations have been tightened, with the aim of establishing a unitary regulatory framework in the European Union that more respects the rights and freedoms of the individual.

Increase in vulnerable devices

Until recently, companies’ digital assets were well identified and protected. However, with the development of the Internet of Things or IoT, there are more and more connected devices, gadgets, and tools that multiply the possibilities of suffering attacks from other fronts. Furthermore, there is no specific regulation regarding these connected devices, nor a security standard.

Juice Jacking

Trends in cybersecurity in 2020 may also include increasing concern about attacks through infected hardware. One of the novelties in this regard is Juice Jacking, which consists of the infection of a computer through charging ports. For example, there have been cases where mobile phones have been infected by connecting them to public chargers.

Malicious use of artificial intelligence

Artificial intelligence can not only be used to improve security systems. The cybercriminals also take advantage of this technology to refine their attack methods. Thanks to these tools they can detect flows or behaviors that help them find security breaches. They can also design tools capable of predicting patterns so that they can avoid security controls.

Increased security breaches caused by third parties

More and more companies outsource third-party services. This saves time and human capital, but it can also lead to security breaches, especially if the subcontracted company does not use the appropriate measures. Many cybercriminals are aware of this, which is why attacks on third parties in the production chain have increased by almost 80% during 2019 and is one of the cybersecurity trends for 2020 and 2021.

Increasingly difficult threats to detect

Refinement of the methods employed by hackers makes cyber threats increasingly difficult to detect. According to an IBM study, the average time for the detection of a threat in 2019 was 206 days, and that without taking into account that many of them do not even get detected.

These are some of the trends in cybersecurity for 2020 and 2021. As we see, we face a present and a future with many challenges on the horizon, and still a long way to go to guarantee security in telecommunications.

The post Cybersecurity Trends For 2020 And 2021 appeared first on Web Updates Daily.