Tag: Data Protection

Google location tracking continues even when turned off

Turning off Google location tracking may not be as simple as changing one setting to “off,” according to new research.

An AP investigation found that even with Google location tracking turned off, certain apps will take a timestamped snapshot of the user’s location and store that data when the user performs a search, opens Google Maps, or checks the weather.The unexpected Google location tracking behavior on Android and iOS devices has been confirmed by computer science researchers at Princeton University.

Read more about how it is possible for Google to track your movements even when location tracking is turned off, on TechTarget.

Industrial cybersecurity: Protecting OT from IT

A powerful technique for protecting OT from IT, or to enforce whatever separation is required to ensure the integrity of industrial control infrastructure, involves controlling the direction of traffic into or out of an ICS enclave.

At first glance, it might seem counterintuitive to restrict bidirectional traffic between OT devices and management systems, but closer inspection reveals that across IT/OT interfaces, almost all data flows are from OT to IT systems, and hardware unidirectional flow assurance provides strong risk reduction for OT.

Read more about how unidirectional gateways can protect ICS devices from malware according to Edward Amoroso, CEO of TAG Cyber, on Help Net Security.

Unified Security Data: A Simple Idea to Combat Persistent, Complex Cyberattacks

When cyberattacks take place in enterprises, the resulting data lives in various siloes: security information and event management (SIEM) systems, emails, ticketing systems, intel feeds, security devices, and more. Data flows in and out of these systems, and security teams react to the data as best they can in order to address threats as they arise.

But what happens to the data once it’s not in use? Where does this data live long term, and how can it be applied to future threats?

Read why Liz Maida, Co-founder, CEO and CTO of Uplevel Security, believes that unifying data across an entire security architecture provides the intelligence and context necessary to activate data on demand and use it to identify and resolve persistent threats, on DarkReading.

Yale data breach discovered 10 years too late

Yale University discovered it suffered a data breach — 10 years ago. The Yale data breach occurred at some point between April 2008 and January 2009, but officials are unsure exactly when. The Yale data breach included sensitive data such as names, Social Security numbers and birth dates on an unknown number of people, as well as some email addresses and physical addresses.

Because the Yale data breach happened so long ago, the University claimed it did not have much information on how it occurred. The breach was discovered in June 2018 when the school’s IT was “testing its servers for vulnerabilities and discovered a log that revealed the intrusion.”

Read more about the Yale data breach that was discovered 10 years too late on TechTarget.

Digital trust: Security pros, business execs and consumers see it differently

An extensive global survey of consumers, cybersecurity professionals and business executives about their views on digital trust conducted by analyst firm Frost & Sullivan, highlights how consumers perceive and trust organizations to protect their digital data.

Responses to the survey showed that the Digital Trust Index for 2018 is 61 points out of 100, a score that indicates flagging faith from consumers surveyed in the ability or desire of organizations to fully protect user data.

Read more about the findings of the new survey by Frost & Sullivan on Help Net Security.

Cybersecurity & Business: Not Just an IT Problem

Connected technology, Internet-enabled (IoT) devices and other digital services each come with their own security risks. But when used in concert with businesses and their data, these technologies can present more substantial cybersecurity risks than those used for personal use.

Vendors, suppliers, partners and other third-parties associated with your business can also increase your risk for a data breach. Consequently, businesses have spent millions on cybersecurity solutions to combat the risks of the multitude of online, data-driven business services.

Read why, aside from adopting new technologies, a proper cybersecurity strategy requires businesses to emphasize cybersecurity awareness and education along with their stringent security protocols, on Business 2 Community.

California Consumer Privacy Act: What you need to know to be compliant

In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect this past spring. The California law doesn’t have some of GDPR’s most onerous requirements, but in certain respects it goes even farther.

The California Consumer Privacy Act takes a broader view than the GDPR of what constitutes private data. The challenge for security, then, is to locate and secure that private data.

Read more about California’s new privacy law, AB 375, and learn how to be compliant on CSO.

Save the Embarrassment: The Value of Two-Factor Authentication

These days, it’s not a matter of if your password will be breached but when. Major websites experience massive data breaches at an alarming rate. Have I Been Pwned currently has records from 295 sites comprising 5.3 billion accounts.

Password breaches are a cause for embarrassment; they are talked about in hushed tones just like finding mice in your home or having your credit card declined. Instead of being embarrassed, take steps to minimize the impact that a data breach has on your life. One of the best ways to do this is to enable two-factor (or multi-factor) authentication on the accounts that you use on a regular basis.

Read step-by-step instructions on how to configure two-factor authentication on some of Internet’s most popular websites, on Tripwire.

Effective auditing can save your enterprise $1.5 million during its next security breach

According to a report sponsored by IBM Security, the average global cost of a data breach is now calculated to be $3.86 million. However, the same report also shows that companies that can find a security breach within 30 days of its occurrence can shave as much as $1 million from that average cost.

The research conducted by Ponemon Institute for IBM Security also found that organizations using auditing and logging tools that leverage artificial intelligence, machine learning, and other automated structures saved more than $1.5 million off the average cost of a data breach.

Learn how a decisive response to a security breach could save your enterprise a significant amount of money if you have an automated and systematic auditing and logging strategy, on TechRepublic.

Every Week Is Shark Week in Cyberspace

Your odds of being attacked by a shark are zero if you never venture into the ocean — which is far lower than the odds of being cyber hacked even if you never go online. After all, you could still become a victim of identity theft without ever wading unto Internet waters.

The point is this: Fear the cyber shark far more than the great white, tiger, or bull shark, whose majesty was celebrated this week during the Discovery Channel’s Shark Week, as it has every year since 1987. So, what can Shark Week teach us about cybersecurity?

Read about four cybersecurity areas to focus on in honor of Shark Week to protect your data, identities, and credentials, on DarkReading.