Tag Archives: Passwords

NordVPN creates new generation password manager dubbed NordPass

NordVPN is creating a new generation password manager. NordPass will have a full range of features to ensure that passwords are as secure as possible. Its easy-to-use interface makes staying secure effortless.

“We can secure your connections with NordVPN and we can secure your files with NordLocker, but you still need a strong password for both,” explained Marty Kamden, CMO at NordVPN. “Passwords are the front line for your online account security. That’s why we’re introducing NordPass. It all started when we were looking for a safer and more productive way to deal with passwords within our company. In the end, this initiative has grown into something pretty exciting, which we decided to expand beyond the bounds of our own business.”

NordPass will remember and autosave all passwords, autofill online forms and allow the saving of private notes. Additionally, the new tool will generate strong passwords on the spot. NordPass will support major operating systems, offering browser extensions as well as native mobile and desktop apps.

ZeroEncryptionNordPass is created using the latest security practices and industry standards. It uses powerful Advanced Encryption Standard (AES-256-GCM) encryption with Argon2 for key derivation, which is virtually unbreakable. Additionally, the new tool will have a zero-knowledge encryption process to ensure ultimate security.

“Zero-knowledge encryption means you own the key to your passwords,” continued Kamden. “By the time your data reaches our servers, it’s already encrypted on your device, which means we have zero knowledge about the items saved in your vault. We couldn’t see your passwords even if we wanted to. These are only the essential features that come with the first version of NordPass. We’re very eager to expand its capabilities in the near future.”

At the moment, NordPass is going through internal stress-tests. It’s expected that the first beta version will be released this autumn.

NordVPN is a trusted online privacy and security solution used by over 12 million Internet users worldwide. It offers military-grade encryption with advanced privacy solutions and is recognised by the most influential tech sites and IT security specialists.

*For more information in NordPass access the NordVPN blog

Advertisements

Leave a comment

Filed under Risk Xtra

IDIS determined to focus on video cyber security at IFSEC International 2019

Network security and the threat of ‘cyber loopholes’ should be a top priority for video surveillance users, IDIS will tell visitors at IFSEC International. Launching a cyber security advisory video ahead of the show, the IDIS team at ExCeL in London from 18-20 June will also be on hand to demonstrate and explain how IDIS technology goes a step further to strengthen the resilience of traditional surveillance network processes.

IDIS will be highlighting the dangers of cyber attacks and the common vulnerabilities found in many surveillance set-ups – as well as showcasing a full range counter-measures – on Stand IF1110.

Users should plan for three specific risks, states the company: data access loopholes, data transmission weaknesses and the integrity of recorded footage.

“IDIS has consistently led the way in addressing cyber security concerns, taking a multi-pronged approach from R&D through to customer installation,” said James Min, managing director of IDIS Europe. “We’ve developed a rich, layered and comprehensive set of technologies and features to ensure maximum protection for end users.”

IDIS IFSEC Stand 2019 (1)

Visitors will see how IDIS DirectIP – the cornerstone of the IDIS Total Solution – closes-up widespread vulnerabilities and serves as a proprietary mutual authentication system for all IDIS IP products. IDIS DirectIP speeds up implementations and streamlines cyber security by eliminating the need for engineers to manage multiple IP addresses and associated passwords during implementation. It therefore mitigates human error and the common malpractice of saving passwords in vulnerable spreadsheets.

Using peer-to-peer technology, IDIS’ ‘For Every Network’ technology also lets engineers deploy and configure secure, multi-site surveillance solutions that use centralised monitoring and control without in-depth knowledge of routing or networking.

IDIS will also highlight the cyber security essentials for transmission and recording together with its own patented and proprietary technologies which prevent activities such as snooping, modification and the destruction of data.

James_Min_IDIS_Europe_MD

James Min

In addition, visitors to Stand IF1110 will learn how IDIS ensures the integrity of video recording, with its advanced ‘Chained Fingerprint’ technology authenticating footage such that it can be submitted to the police and the courts as evidence.

“Combined with these technologies, our industry-leading training programmes are helping installers and integration partners to work knowledgeably with devices and networks to ensure maximum cyber security for our end users,” concluded Min.

Leave a comment

Filed under Risk Xtra

Unwitting cyber scammers cold call industry expert at C3IA Solutions

Would-be cyber scammers made a megabyte blunder when they cold-called Matt Horan of C3IA Solutions: Horan is one of the country’s top cyber security experts. Realising the crooks were trying to take control of his computer, Horan put the call on speaker phone and asked a colleague to record it, with hilarious consequences.

After stringing out the conversation for 35 minutes – during which time he was passed to more senior ‘helpers’ as he posed as an ignorant computer user – Horan then informed the caller that he had no Internet connection.

This prompted the fraudster to use an expletive before hanging up in anger. An edited video of the call has been amusing people across social media.

Horan is keen that the video is used to help people avoid falling for cyber scams. He told Risk UK: “One of the weakest parts of any business’ cyber security is the staff. They do nothing malicious, but can easily assist fraudsters. Along with ‘phishing’ e-mails, this type of phone scam is common and can cause huge amounts of damage.”

Matt Horan, director of C3IA Solutions

Matt Horan of C3IA Solutions

Horan continued: “The caller purports to be from Microsoft or a similar outfit and informs the person who answered the call that there’s a problem with their computer. They then instruct that person to look at the computer’s ‘systems and events logs’, which is simply a log of every action taken. They tell them that this is evidence of ongoing malicious attacks. After that, they try and entice them to log into TeamViewer or something similar which means they then can gain remote access and control of the target computer.”

In addition, Horan stated: “They then have all the information on a computer or network and can infect the system, read e-mails, steal passwords or encrypt the stored data. They can basically do anything they want. Obviously, this can cause massive harm to a business and may well lead to data loss, the theft of funds and the stealing of intelligence as well as cause acute embarrassment.”

C3IA Solutions trains staff at businesses to be ‘cyber-savvy’ and always to hang up on calls like this. If staff are in doubt they should contact their IT support.

“Firms such as Microsoft don’t make calls like the one I took, but they seem authentic,” explained Horan. “Often, the scammers work in pairs so the initial caller can pass over the call to a ‘senior supervisor’, as they tried with me. This gives an added authenticity. Caution should be the watchword when taking calls like this one.”

*The video can be viewed on YouTube: https://youtu.be/ncIehp0fBT8

Based in Poole, Dorset, C3IA Solutions is one of fewer than 20 companies certified by the Government’s National Cyber Security Centre. In addition to its work with Government agencies including GCHQ, the company operates a commercial section that works with businesses, assisting them with their cyber security.

C3IA (a military term) Solutions was set up in 2006 by Horan and Keith Parsons. It has 84 personnel on contract of whom 33 are employees and 51 are associates. The business operates in the defence and security sectors serving both SMEs and multi-national firms.

C3IA is a leading provider of secure ICT, technical programme management and information security services and solutions.

The company takes its Corporate Social Responsibility seriously, supporting serving and past members of the Armed Services. Indeed, the business sponsors those engaged in personal and team development through arduous sporting and other challenges.

Leave a comment

Filed under Risk UK News, Uncategorized

Wavestore releases Version 6 of award-winning Video Management Software

Wavestore has announced the introduction of additional features and functionality in its new V6 Video Management Software (VMS) and WaveView client software.

Known for providing leading system integrity and user friendliness, many major improvements have been incorporated within Wavestore V6 with the objective of enabling end users to securely and more easily “unlock the full potential” of an integrated security system.

Widely referred to as the ‘operator’s favourite GUI’, Wavestore’s graphical display has been revised with a fresh new look featuring updated icons and graphics, making it even more intuitive to use. The addition of dockable components and ‘configurability’ of the live event stream window provides an enhanced user experience which allows individual operators to arrive at their pre-customised screen layouts each time they log in.

V6 also introduces camera short-cut keys using the keyboard number pad for added convenience and security enhancements to protect against malicious hacking attempts, including enhanced encryption and a high-security password policy.

WavestoreV6Monitor

“Many of the new or updated features in V6 have been developed as a direct result of feedback from our worldwide network of customers,” said Julian Inman, product manager at Wavestore. “For example, Wavestore’s client side de-warping feature, which supports a wide range of 360 degree cameras, now offers greater flexibility by enabling the cameras to be fitted on angled surfaces, and not just flat ceilings or walls. We’ve also added full SDK integration with ImmerVision lenses and Oncam cameras.”

V6 maintains Wavestore’s ‘any video, any format’ philosophy which sees it supporting all leading camera vendors across multiple camera technologies. These include very high megapixel, Ultra HD, 4K, HD, 360° fisheye, thermal and analogue cameras operating on H.264, MJPEG, MPEG-2, MPEG-4, MxPEG and JPEG2000 video formats.

Improved support for larger systems

As the result of an update incorporated within V6, Wavestore’s proprietary Large Allocated Storage System (LASS) now empowers the VMS to manage an industry-leading 384 Petabytes of data per server. As such,V6 claims to set a new industry benchmark for Enterprise level applications with effectively no limit to the mass of images it can manage. The calculation and system design process is also greatly simplified.

Intelligent failover is now also available at Wavestore Enterprise level to ensure minimal disruption to recording should a fault occur, and to deliver resilience and peace of mind for mission-critical applications.

“We’ve made it as flexible as possible for specifiers and systems integrators to choose the right level of software required for a each project, while our simple ‘buy once’ licence model enables additional licenses to be purchased if and when a system grows,” explained Inman.

“Wavestore can be cost-effectively deployed for small to medium-size projects with either our Base or Premium levels of software, and then upgraded when required to Enterprise level for larger or more critical applications.”

Leave a comment

Filed under Risk UK News, Uncategorized

CrowdControlHQ: “IT directors ignore social media risks at their peril”

Marc Harris (Chief Technical Officer at CrowdControlHQ) examines the issues facing IT directors from the use of social media.

Many IT directors operate their own personal Facebook and LinkedIn accounts. However, when it comes to corporate social media they pass responsibility for management of same to the Marketing Department. Are they doing so at their peril?

Let me start with the elephant in the room, namely the role of the IT director. After an extensive IT career in the media, telecommunication and technology sectors recent experience has led me to conclude that social media needs to be firmly at the top of the priority list of every IT director.

In my current role, I see at first hand the impact of reputational damage realised by both internal and external sources through the use of social media, and find it surprising how few IT directors are willing to discuss the issues or attend conferences on the subject. Perhaps they feel an unwelcome interference or ‘elbowed out’ by this new communication channel which has evolved extensively under the umbrella of marketing?

In future, the organisations succeeding in the social media space will have Marketing and IT Departments working seamlessly together to tackle the issues. The ‘DNA’ of IT makes it the most qualified department to deal with some of the risk issues that surround social media, so why isn’t it more involved?

Today, social media is being used in every aspect of business, from the Boardroom right through to the delivery of customer service. By its very nature, social media is a collective responsibility. Not surprisingly, its reliance on ‘collaboration’ has in some instances manifested itself as ‘sharing’ responsibility for posting of content… and even the sharing of passwords!

New rules now apply

I once overheard a social media officer quite gleefully boasting the fact that they had the Twitter login to hand for their company chairman. When challenged, the officer admitted that he was ‘The Chosen One’. If he was off sick that was it – no tweets or updates! Worse still, if he left the organisation he had the power to bring the place down tweet by tweet.

This is the stuff that would have kept me awake at night as an IT director, yet in a world powered by social engagement new rules seem to apply.

Marc Harris: CTO at CrowdControlHQ

Marc Harris: CTO at CrowdControlHQ

Recent research also reported that a scarily large number of employees still use the dreaded Post-It note to record their login usernames and passwords, stuck to walls, desks and even the computer screen. Apparently, we’re not coping well with the need to access everything online from social media to our weekly shop and fear our mobile devices could be pinched. We’re reverting to pen and paper, it seems.

This practice can only end in tears. There have now been too many examples of ‘rogue’ tweets, no audit trail of who posted them (or why) and organisations – who, frankly, should have known better – being left rosy cheeked, so why is this practice still so rife?

Why would an employee, with their job on the line, ‘fess up’ when they know that at least 15 other people had access to the account that day?

I also believe that few IT Departments have a handle on the number of users across their ‘official’ social media accounts, let alone a log of which password protocol they are using, how they are accessing the site or posting.

Need to look both ways

We cannot just blame the employees. Even organisations with the most robust and celebrated IT protocols let themselves down when it comes to simple issues such as data storage. I suspect very few IT directors are crystal clear about where their marketing communications teams are storing their social media campaigns, let alone harbour an understanding of the conversations from the past that they may need to reference in the future or where they keep their notes about their customers linked to these campaigns.

I would hazard a guess that many IT Departments are breaking their own compliance and governance issues when it comes to social media.

Today, there’s no need to share passwords. The social media ‘savvy’ have cottoned on to tiered password access, with both the IT and Marketing Departments having an ‘on/off’ switch to give them instant control in times of crisis. If IT is involved in the installation of a Social Media Management Solution (SMMS) they can see exactly who is plugged into the system, where accountability lies and who they need to train and develop to uphold the security protocols needed in order to keep an organisation’s reputation intact.

Within the scope of most IT budgets a SMMS will be a drop in the ocean but will address these major issues. Any smart IT director will already be looking at a SMMS if there isn’t already one in place. Such a system gives control back to the organisation. All passwords are held in one place such that accounts are not owned by individuals but by the company. The right system gives an organisation the ability to moderate content at a senior level. In turn, the risk of misuse or mistakes can be eradicated.

A SMMS also takes care of the practical management issues. I fear that some organisations are taking a step backwards in terms of their technological evolution, reverting to time-wasting, ineffective manual processing of social media (eg multiple logins to different social media platforms rather than using readily available tools for automation and effectiveness).

The message is clear. IT directors ignore social media at their peril. When it comes to corporate social engagement, it’s time for them to wake up, check and challenge.

Leave a comment

Filed under Risk UK News

Centrify survey pinpoints ID theft as key concern for digital consumers

Identity theft has ranked as the top concern among 2,000 consumers questioned about their digital lifestyles in new research commissioned by Centrify Corporation. The survey reveals that 81% of respondents stated they are concerned – or very concerned – about the prospect of having their identity stolen online.

Having credit card information stolen on the Internet is also extremely worrying for consumers, with 79% ranking it the second biggest concern above being a victim of cyber crime (73%).

Surprisingly, cyber bullying is the least concerning prospect for respondents with just 40% of consumers showing any real concern, while privacy of social networks (59%) and e-mail spam (68%) both ranked much higher.

The comprehensive survey also reveals the numbers of respondents that have a high, medium or low ‘digital footprint’ based on the amount of time they spend online in a typical week e-mailing, texting and sharing or watching digital images, songs, games, videos and apps.

62% of those very concerned about identity theft have a medium digital footprint, 46% low and 26% have a high digital footprint. Equally, only 26% of those with a high digital footprint are concerned about having credit card information stolen on an online shopping website and their e-mail accounts being spammed, showing that those who spend more time online are less concerned about their identity being stolen.

One-in-four respondents to the survey have definitely (or probably) been a victim of identity theft, 43% of victims suggesting the problem took more than one month to fix with one-in-five saying it took more than ten hours. 47% of interviewees admitted to having to spend their own money to resolve the issue, with 28% noting they’ve spent at least £60 (in turn highlighting the need for increased password security).

Identity theft remains a key concern for online shoppers in both America and the UK

Identity theft remains a key concern for online shoppers in both America and the UK

Security of personal information at risk

“With so much of our time now spent online, be it in relation to social networking, banking or shopping, the security of our personal information and, more importantly, our identities is being put at risk on a daily basis,” explained Tom Kemp (CEO at Centrify).

“According to our survey, online purchases are the top reason why users feel they became victims of identity theft, underscoring the importance of confidence in one’s own online security. Consumers have very little faith in the absolute security of their passwords. Just 15% believe those passwords are very secure, regardless of the amount and type of characters used. Being able to manage our password security is crucial.”

Other research highlights:

• The groups that are most likely to say they’ve been victims of identity theft are those that probably best understand and notice the signs of identity theft: IT workers, online shoppers, higher salary workers, the ‘tech-savvy’ and those with a high digital footprint

• Those with the least confidence that their passwords are absolutely secure include individuals that do less online shopping (12%), those aged 50-64 (11%) and those with a medium digital footprint (11%)

• A plurality of consumers are only somewhat confident that their passwords for personal accounts could not be cracked by a computer program, but few are very confident

*The Widmeyer Survey was developed to assess people’s engagement with (and perception of) passwords in order to determine their efficacy in the workplace. The survey was completed in September 2014 with more than 1,000 participants in the UK and 1,000 in North America. Results were similar across both regions

Leave a comment

Filed under Risk UK News

“Remote working places business data at risk” reveals Imation Corporation Survey

According to new research initiated by global data storage and information security company Imation Corporation, poor security and impugned responsibility are placing business data at risk for those working remotely. Staff are taking confidential information away from the office, often without the knowledge of their employer, and losing unsecured and unencrypted business data in places such as pubs, on trains and in hotels.

According to the survey of 1,000 office workers* from the UK and Germany, nearly two-in-five of respondents (or someone they know personally) have lost or had a device stolen in a public place. Three quarters of these devices – among them laptops, mobile phones and USB sticks – contained work-related data. This included confidential e-mails (37%), confidential files (34%) and customer data (21%).

Around one-in-ten interviewees had lost financial data or access details such as login and password information, potentially exposing even more confidential information to the risk of a data breach.

What makes these findings even more concerning is that a large proportion of data removed from the workplace isn’t adequately secured. As many as three quarters of respondents said they had taken digital files with them outside of work, yet many do not use standard security measures such as encryption, password protection or remote wiping to protect that data from unauthorised access.

One-in-four employees interviewed for the Imation Corporation’s survey admitted breaking security policies to work remotely while the majority were not concerned about losing confidential business data

One-in-four employees interviewed for the Imation Corporation’s survey admitted breaking security policies to work remotely while the majority were not concerned about losing confidential business data

Nearly half (44%) of respondents said that data is never encrypted when taken out of the office. Three out of every ten respondents admitted they don’t protect their data with passwords, while nearly one-in-ten workers who take digital files outside of the office do not secure them at all.

Office workers, it seems, are not losing any sleep over losing confidential business data when they take work home, with only one-in-16 worrying about this massively important issue.

Lack of understanding around corporate data security

“Companies may not be aware of the amount of data that’s leaving offices unsecured,” said Nick Banks, vice-president (EMEA and APAC) for Imation Corporation’s IronKey solutions. “In addition, half of respondents said that, at least some of the time, nobody would notice if they were to take data away from the office and lose it. It’s obvious that poor security and lack of understanding of what happens to corporate data are placing organisations at risk of a data breach.”

Even though eight-in-ten of the employees interviewed read or write work e-mails on the move, and around seven-in-ten work on electronic documents away from the office, businesses are failing to provide their employees with secure tools for remote working and not putting the right security policies in place.

Fewer than six out of every ten respondents said their organisation had a remote working policy in place. Of those employees working for companies that do have a policy, more than a quarter of interviewees admitted they’d broken that policy in order to work remotely. Of those staff questioned, 8% had knowingly broken the policy and a further 18% say they’d unknowingly broken it.

Equally, of those individuals who do secure data that they take outside of the office, just over half said that their employer or a third party supplier provides the remote working security measures. One-in-five respondents reported that just they themselves provide the security measures.

“These figures emphasise the urgent need for businesses to ensure that their employees have the necessary systems in place to work flexibly and securely without further hindering productivity,” asserted Banks. “The reality is that people are working in cafes, on aeroplanes, in their GP’s waiting room and even while they take their children to the park. Organisations are tasked with a monumental challenge of providing secure access to corporate networks and data. Data protection is now a huge concern for employers who are battling to manage security and privacy for employees on the move.”

Nearly half (44%) of survey respondents said that data is never encrypted when taken out of the office

Nearly half (44%) of survey respondents said that data is never encrypted when taken out of the office

Key highlights of the research

Other research highlights are as follows:
• As many as 41% of interviewees suggested that they either do not have the right tools available to work remotely or that their solutions for doing so could be improved
• Three-in-five respondents would tell their boss if they lost a storage device with company data on it. However, nearly one-in-ten would do nothing. Less than one third of survey respondents said they have policies that dictate who should be notified depending upon the type and sensitivity of the data lost
• Almost a quarter of respondents have looked over the shoulder of someone working on a laptop/tablet in a public place or noticed someone looking over their shoulder while 6% would let someone else use their work laptop, tablet or smart phone outside of the office
• Around half (48%) of respondents that take digital files with them outside of the office do not fully separate their work and personal data, in turn placing their personal data at risk of being wiped when business data is compromised
• Only 70% of respondents report that they protect their data with passwords and only 36% encrypt their data. A small proportion of respondents are using biometric technology (14%) or remote wiping (7%) to secure their data
• Public areas such as pubs, cafes and restaurants (22%) and public transport (29%) are some of the most common locations for respondents to read or write work e-mails when outside of their home

Nick Banks: vice-president (EMEA and APAC) for Imation Corporation’s IronKey solutions

Nick Banks: vice-president (EMEA and APAC) for Imation Corporation’s IronKey solutions

*The research consisted of 1,000 online interviews carried out this summer and involving office workers in businesses of at least 250 employees and covering a range of industry sectors. 500 respondents emanate from the UK and 500 respondents work in Germany. 80% of respondents were required to work remotely for at least part of their working week. Interviews were conducted online using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate

Leave a comment

Filed under Risk UK News