Year: 2020

Is the user the weakest link in security?   When examining breaches, we can almost always point to users practicing poor security — how can we change this? Partner Now Request Infomation Put simply, most people believe that the weakest link in the security supply chain is the user. This attitude has become so widely accepted that it’s almost set in stone. It is justified by the inherent unpredictability of humans; the knowledge that a security hole in any application or codebase is fully discoverable and fixable; and the difference between ‘machine’ error and human error. Human error is inherently random; a lapse in attention or judgement can occur at any time, often with seemingly no context to prompt it. We never really question the idea that the user is the weakest link, but is it fair to stigmatize the user and consign them so unambiguously to being their own worst enemy? We ought to examine whether this consensus is truly justified. How users fail security When users have their data compromised, it’s usually as a direct result of a failure or misstep on their own part. While a determined hacker targeting an individual will eventually be able to overcome any security precaution, most of us will never be so specifically targeted. Maintaining basic security hygiene and awareness would be enough for us to protect ourselves against almost all general online hazards. And yet, we continually find that loss of security, compromised accounts or stolen credentials can be traced back to a failure on the user’s part. Password apathy Good password hygiene remains one of the hardest practices to instill in users. Our passwords form the gateway to our online accounts and potentially all our most sensitive data; no matter how secure a website may be against direct hacking attempts, if users allow their passwords to be broken or stolen it allows hackers free access to any data stored on that site. However, many users have poor password security, despite knowing the risks and the knowledge of how to improve their passwords. In 2019, SplashData estimated that about 10% of users used at least one of that year’s weakest 25 passwords. This might not be much of an issue on its own; not all our online accounts store especially sensitive personal data, and some breaches might hold very little of value for a hacker. This assumes, though, that the user has different passwords for each account they use online and that hackers wouldn’t be able to breach other, more sensitive accounts with the same login credentials. Ten percent doesn’t seem like a lot, but this is just the tip of the iceberg. Again in 2019, Microsoft revealed that 44 million users of various Microsoft service accounts were using vulnerable passwords that matched with a list of already-breached credentials circulating on the dark web. A survey from LastPass the previous year revealed widespread password re-use, with nearly 60% of users using the same password on multiple sites, even though 90% of respondents understood the security risks of password re-use. The same survey revealed that over 50% of users had gone longer than a year without updating their password. This does seem a damning indictment on users, with so many understanding the risks of lax password security but continuing to use old, already breached, or weak passwords. This is despite it being easier than ever to maintain good password security thanks to services like Avast Passwords, part of Avast Antivirus, which can generate and manage complex, secure passwords across multiple accounts, eliminating the problems of password re-use, memorization and weak passwords all in one package. There is also Avast Hack Check, which can tell you within moments whether you’re using a breached password that should be changed to keep you secure. Gullibility Users are also consistently taken in by the simplest, most preventable attack there is: Phishing. There is a wealth of information on what phishing is and how to avoid it, including the entry in Avast Academy and a discussion on the Anatomy of a Phish. Even though the success rate for phishing attacks continues to go down each year, enough users still fall victim to make them worthwhile, with phishing accounting for 22% of all data breaches in 2019. According to Verizon’s 2020 Data Breach Investigation Report (DBIR), 96% of phishing attacks are delivered via email, while the login credentials, PII, internal business data, medical information and financial credentials are the most targeted forms of data. We also see a lot of interplay between phishing and malware. Negligence and malware As users, we also allow malware to be more of a problem than it needs to be. Phishing campaigns extensively employ emotional manipulation and psychological techniques, so falling for one can be excused as a human lapse. In 2017, it was found that less than half of Windows users had any form of antivirus installed. The situation is even worse among smartphone users, with only 39% having any form of mobile antivirus installed. Even as the built-in security for our devices improves, we continue to leave ourselves at risk by failing to keep our software updated. The 2019 Avast PC Trends Report found that even Windows 10, which has automatic updates built in, is out of date for 8% of users. These statistics get worse with more specific programs; 15% of Microsoft Office 2007 and 2010 users have vulnerable versions of the software installed. When we examine software in general, we find that 55% of all programs are left unpatched, while Adobe Shockwave, VLC Media Player, Skype, Java Runtime, 7-Zip and Foxit Reader are out of date and vulnerable for over 90% of users. How security fails users Users could clearly be doing a lot more to keep themselves safe, but does this automatically make them the weakest link in security? We can simply say that users lack vigilance and leave it at that, but without careful examination of why users leave themselves so vulnerable, we do not have … Read more

VOTER FREEDOM OR SUPPRESSION Exploring voter suppression and voter fraud in the Trump campaign Partner Now Request Infomation U.S. election security is always a concern, and sometimes eyes fall on Russian intervention or North Korean. So let us get another update on election security as we divide within the ranks and Voter Fraud in the November count. New concerns were raised on two topics: voter suppression & supposed voter fraud. The analysis shows how 3.5 million Black Americans were recently targeted by the Trump campaign team, in a report on the UK.’s Channel 4 news allegation. The Black Americans were targeted for ads that aimed to try to convince them to stay home and not vote in the November election. Another report described an additional campaign that was targeting white voters with fearful social media messages aimed at enticing them to vote for Donald Trump. The articles are in addition to other research by the Washington Post about a Twitter account @WentDemtoRep that was removed. The account showed a number of testimonials by Black Americans challenging accusations of racism by Trump. Voter suppression was part of the playbook of the Trump 2016 campaign. This article in TechCrunch describes what Cambridge Analytica did to manipulate private Facebook members’ data when working for the Trump campaign itself. Back in 2016, many Blacks didn’t vote, thanks to various disinformation ads on Facebook and other social media platforms, according to PolitiFact here. These ads aren’t exclusive to Republicans — you might recall back in 2012 when the Obama campaign had an app that allowed them to collect private user data and friend networks. More recently, Elizabeth Warren’s experiment with placing a phoney Facebook ad back in October 2019, using its example to call for better accountability from the platform. These same targeting methods are still widely in use by many campaigns. This isn’t the first time this is happening. Voter suppression also isn’t new: There was a lot of data collected by Mueller, during his investigation several years ago which showed that more than 3,500 ads on Facebook were placed by the Russian Internet Research Agency to try to convince potential Black voters to stay home during the 2016 elections. The same group also posted a series of anti-Muslim ads and organized concurrent protest rallies in Texas on opposite political sides. (You can view some of these ads in a new PBS program called Us vs. Them at the 20-minute mark, and the Amazon movie All In goes into detail about the long history of voter suppression in the south.) One thing that doesn’t help voting matters is when the various state-run registration systems crash. This happened over the first week in October in Pennsylvania, followed quickly by systems serving Florida registrations. Service was restored to both by Monday, October 5. The Pennsylvania outage was caused by equipment failure at an outsourced data centre and affected other state agencies. One reason for the outage could be the system was initially constructed nearly 20 years ago and now is overwhelmed by the huge increase in mail-in ballot requests. The weekend outage wasn’t the first time the system had crashed: it also went down the day before the last day to register for the state’s primary. Florida’s registration system was overwhelmed by ballot requests hitting just before the filing deadline. This week also saw system crashes in both Georgia (where early voting has begun) and Virginia (where a construction crew cut a fibre optic cable that brought down their online registration portal). The voting machine failures in Georgia contributed to long waits at various polling stations. Contrast what is happening in Colorado, where they have been voting by mail for many years. I recently spoke to Trevor Timmons, the CIO for the Colorado Department of State, the agency that supervises its elections. In its June 2020 primary, more than 99% of registered voters submitted mail-in ballots. The state maintains duplicate data centres with active failovers to handle potential outages. “And we do plenty of load and failure tests to ensure we have sufficient capacity,” he said. “We don’t want to create our own denial of service incident if we don’t have sufficient processing capacity.” He mentioned that almost every state should have tested its mail-in processes out during the primary season to learn any weak spots. The other bit of news is the result of another investigation, this one by the New York Times into voter fraud. Trump has brought up this issue in numerous rallies, including mentioning it several times during his first live debate with Biden in late September. The Times wrote: “Voter fraud is an adaptable fiction, and the president has tailored it to the moment. It is nothing short of a decades-long disinformation campaign — sloppy, cynical and brazen, but often quite effective — carried out by a consistent cast of characters with a consistent storyline.” There have been many studies of potential fraud claims, including this recent FBI advisory that didn’t find any direct evidence. “During the 2020 election season, foreign actors and cybercriminals are spreading false and inconsistent information through various online platforms in an attempt to manipulate public opinion, discredit the electoral process, and undermine confidence in U.S. democratic institutions,” the advisory stated. Colorado’s Timmons hears from many of its citizens and advocacy group members about potential fraud cases, “but the reality is that our ballots are mailed to specific people, the registered voter. The return envelope is signed, and we then compare the signatures.” Timmons says his goal is to dispel any uncertainty and help people understand how mail-in ballots move through the process. In anti-fraud efforts, Facebook has announced they will reject ads that wrongly claim victory in the U.S. presidential race prematurely. It will also ban ads that claim widespread voter fraud and will also ban ads the week before the election. Google is also banning ads placed after the polls close too. Given Facebook’s spotty record at protecting its members’ privacy, this is long … Read more

TRUSTED CLOUD? The cloud is popular with small businesses for storage and remote data access, but how safe is it? Partner Now Request Infomation Whether you’re launching a startup or have been running an SMB for years, you need to understand the technology that you use and the security measures you have in place. All businesses have the ethical and legal responsibility of keeping data secure – from staff’s private information to the data retrieved from clients. That’s why carefully selecting how your data is stored is crucial. In this article, we will address using the cloud as a small business – from its benefits to how secure it is. What is cloud storage for small businesses?The cloud is used as a form of data storage that sees digital information stored in logical pools, rather than on a physical hard drive in your office. While physical servers are used to keep cloud data, they are located in data centres that are managed by the host supplying the service to you (if you opt for public cloud). You can access the data server using the internet (on a web-based interface) – retrieving or uploading files in either a manual or automated fashion. When using cloud storage, you can access your data from anywhere in the world, as long as you have access to the internet, and as many members of your team can access it as needed. Public and private cloudThere are two options for cloud storage services: public or private cloud. While you access the data in the same way – on the internet – the data are operated by different people. The public cloud is operated by a third party. You pay for the service, and the host is responsible for storing the data, creating an interface for access, and keeping the network secure.If you opt for the private cloud, you are responsible for storing and accessing the data and keeping it safe. You will manage the server that holds the information, but this will still be accessed online.How do businesses use the cloud?As a small business, you can use the cloud in multiple ways – whether it’s for data storage, data backup, remote working, or information sharing. The flexible nature of the technology makes it highly adaptable to most business environments and ways of working. What are the benefits of using the cloud?Now that we understand how the technology works and what it is used for let’s take a look at the benefits of using the cloud as a small business. Scalability and flexibilityScalability is essential for small businesses – your company may start to rapidly increase in size as it grows. All of a sudden, you need a much larger storage solution to house the data of new employees, new clients, and new projects. With the cloud, you can easily upscale your business storage to suit your needs. This works the other way too – downscaling as and when you need it. The solution can flexibly adapt to your changing environment and meeting your capacity. Remote collaborationWith the cloud, you can easily control who has access to what data. You can grant individual members of staff with higher access, and everyone can upload or retrieve any required information whenever they want, from wherever they are. This is perfect for collaborative working and file sharing. Employees can share and co-author computer files, helping teams work together as flexibly and efficiently as possible, even when apart. Automatic backupWhen using the cloud, you can either upload data manually or automatically. Automatically backing up your data can help you prepare for unexpected internet downtime or even ransomware attacks. This is crucial when running a small business, as any drawback can have a worse hit on SMBs. It’s always best to be prepared. Not only does the cloud keep your data secure, but the automatic service can also help you use your time more efficiently – making for a more productive business. Reduced costsCloud storage can help you save money in multiple ways – from improving ways of working to ultimately driving revenue, to helping you avoid expensive data breaches. The cloud can help you run operations more smoothly, with automatic systems supporting efficiency and productivity – which can see you save money in the long run. It can also help improve you and your team’s ability to work remotely, saving on overhead like office space and equipment. Using the public cloud is usually more cost-effective than the private cloud. Although you will have to pay a third-party for the service, this is much cheaper than creating your own infrastructure. What is the best cloud storage?There are plenty of companies that offer cloud service solutions, so it’s best to do your research. Look into the history of their security, ensuring you are comfortable with the measures they have in place. Opt for encrypted cloud storage for better security. There are varying price points, so find an option that works for your budget. Pros and cons of cloud computing and storageThere are several pros and cons to storing your data on the cloud. Let’s recap on what we’ve discussed: ProsScalability – your cloud service solution grows as you doRemote working – allows you and your team to work together, no matter where you areAutomation – helps you run your business more efficiently.Back up – keeps your files safe, no matter what ConsSecurity breaches – public clouds are often the target of cybercriminals.Paying a monthly fee – and additional cost each month, but one that could help you save in the long runToo many choices – lots of businesses to pick from, which can be overwhelming. How secure is the cloud?The security risks associated with using the cloud differ, depending on if you use public or private. With the public cloud, you rely on the service provider to keep your data secure. This can be both a pro and a con. While relying on someone else to secure your private information – and … Read more

New SOC goes live! Avosec’s new security operations centre ensures users have 360-degree cybersecurity protection Partner Now Request Infomation  July 14th, 1:55 AM EDT London, UK – July 14, 2020 – COVID-19 has brought change to every aspect of life. Businesses are closed, staff are working remotely, and the global economy has slowed significantly. While many business sectors have slowed down, one sector is busier than ever – cyber crimes. In the last week of March alone, Microsoft reported more than 110,000 phishing attacks on businesses and offices. As well as focusing on their core services and products, businesses are being tasked with implementing new health and safety measures, managing remote workforces and navigating government loan programs, it’s no wonder that for many, cybersecurity has taken a back seat, leaving companies vulnerable to data breaches as well as serious cyber attacks. Avosec, a European leader in managed IT services, is launching a new security operations centre (SOC) for end-user clients. While the company has focused its working relationships on large organizations and businesses in the past, it is now bringing the security and convenience of its premium cybersecurity protection to small businesses, software resellers and computer support companies. The new service is dedicated to covering all aspects of business security needs including managed anti-virus protection, email and content filtering, and disaster recovery. Clients will have access to leading-edge cyber security protection and effortless one-on-one IT helpdesk support when needed. The online security and IT experts at Avosec encounter a sense of complacency amongst network end users on a daily basis. Perhaps out of a mistaken sense that their business won’t be targeted, or that they are too small to afford professional cyber security, most small businesses will only think about security after a phishing or cyber-attack has happened and their network, customer information, and work product have been compromised. Avosec CEO explains why businesses need to be proactive with their cybersecurity and data recovery planning. “With businesses suffering so much downtime already, being taken offline or having to deal with privacy breaches is the last thing that companies need,” explains James Norris, CEO of Avosec. “The new SOC service being offered by Avosec will provide clients with anti-virus, content filtering and patch management services and will go a step further into fully managed backup and disaster recovery assistance. Clients will have the assurance of knowing their network, online activities and email systems are fully protected, while never having to do any of the technical work themselves.” Avosec’s new SOC service launches this week. With offices in London, England, Sofia, Bulgaria and Pune, India, Avosec has the resources and staff to provide support and monitor cybersecurity for its clients around the clock. For more information or to connect with the IT security experts at Avosec, please visit www.avosecmsp.com For more information, or to arrange an interview, please contact below. Media ContactCompany Name: AvosecContact Person: James NorrisEmail: Send EmailPhone: +44 207 1004509Country: United KingdomWebsite: www.avosecmsp.com Download the full article

How to effectively sell antivirus software to businesses Partner Now Request Infomation Avast Antivirus delivers multi-platform internet security applications developed in house for Microsoft Windows, Mac, Android and iOS. Avast Antivirus products range from the freeware to the paid versions that deliver computer security, browser security, antivirus protection, antispyware, software firewall, anti-phishing and anti-spam. Avast launched a free business product, Avast for Business, in February 2015. It was a cross-platform solution that included antivirus protection, web threat scanning, browser protection, and a cloud management console. Avast antivirus no longer offers Avast Business Free and all solutions are now paid options.Avast is now the most popular consumer antivirus vendor on the market now, and it has the largest user base of any antivirus applications. Avast consumer and OEM licenses are very popular and have a mass user base globally.Avast antimalware products are tested by AV-TEST who are an independent Antivirus organisation, Avast Free Antivirus has awards for detecting 100% of malware samples.Avast’s Mobile Security & Antivirus protect Android and iOS phones and tablets. The app detected 100% of malware samples in a recent test of Android malware by AV-Comparatives. Download the full article