Tag: cybersecurity

Categories
India News Lite Blogs Tech Lite

Cybersecurity Tips for Indian Digital Nomads

Awareness about the current landscape of cyber threats in India will help Indian digital nomads understand what kind of risks they face and how best to protect themselves online…writes Shikhar Aggarwal

In a world where the boundary between work and leisure is increasingly blurred, digital nomads have redefined the traditional employment terrain. It is indeed enticing to travel to exotic places while earning a living; hence, many Indians have embraced the lifestyle of digital nomadism. This notwithstanding, it is important to point out that in as much as these audacious globetrotters commence their journey around the globe, there is an underlying cyber security threat within this digital realm.

India’s diverse landscapes, rich culture, and thriving digital ecosystem are making it an increasingly favourite destination for digital nomads. However, this way of life poses some inherent issues around cybersecurity, which individuals must deal with if they are to secure their online presence and keep safe some confidential information. The following points underscore the key factors that Indian digital nomadic people have to put into consideration as they strive towards having a secure and worthwhile nomadic journey. India has witnessed cases of cybercrime ranging from phishing attacks to data breaches, which are becoming more frequent by the day. Awareness about the current landscape of cyber threats in India will help Indian digital nomads understand what kind of risks they face and how best to protect themselves online.

To secure their online activities, digital nomads, who are often reliant on their gadgets for official work and social interactions, must ensure these devices are protected. Strong, unique passwords, two-factor authentication, and the regular updating of software and antivirus programs are essential measures to enhance digital security. Public Wi-Fi networks found in cafes or co-working spaces are common places for digital nomads to access the internet. Nevertheless, the use of unsecured connections can be dangerous for them. It would be wise if Indian Digital Nomads considered employing Virtual Private Networks (VPNs) to encrypt their internet traffic and guarantee a secure connection.

Every place has its traditions and rules. In addition, Indian Digital Nomads need to have cultural sensitivity as well as understand local cyber security measures and policies. In this way, they will avoid trouble with the law while travelling peacefully through various counties of their choice. Communication effectiveness is vital due to the different time zones among digital nomads who often operate in globally distributed environments. Indian digital nomads should adopt tools that facilitate seamless communication and ensure that sensitive information is shared securely.

To handle their finances on the go, digital nomads have to depend on online banking and financial tools. The safety of Indian digital nomads’ financial information should be a priority for them as they use well-known platforms that are secure and keep an eye on their accounts for any strange movement. Fake emails and other messages that are sent to get personal information from a recipient are common in cyberspace. Any message or link may be harmful to Indian digital nomads, so they must exercise caution when receiving unsolicited messages via email. Therefore, it is important to authenticate sources to avoid such situations from happening in the future. Saving essential files is among the basic procedures one does while working online outside his/her premises. Encrypted cloud storage options or external hard disks can, therefore, come in handy for these people as they will provide security for what you work with and valuable memories of your past trips around India just in case your device breaks down or gets lost.

Having a balance between work obligations and the thrills of travelling forms the core of being a digital nomad. Digital Nomads from India need to set up schedules, including specific hours when they should dedicate themselves to their jobs, avoiding impromptu movements during this time frame. This equilibrium enhances productivity while also promoting general health. Indian digital nomads must continually learn because the digital landscape is ever-changing. This includes staying updated with cybersecurity trends, attending relevant workshops, and acquiring new skills that will enable them to remain ready for unpredictable vulnerabilities.

As they venture into uncharted territories, Indian digital nomads must never underestimate the significance of cybersecurity. It is a guide that assists these brave souls with the tools and knowledge necessary to travel safely through the realm of digital nomadism. Thus, Indian Digital Nomads can confidently and bravely embark on their journey only if they have strong cybersecurity systems in place, are well-informed about local regulations, and exhibit a proactive attitude toward such issues. On this protected land, as they move freely through cyberspace, among other things, their possibilities for exploration and career development become boundless.

ALSO READ-Awareness is best defence against cyber crime

Categories
-Top News India News USA

Quad Allies Join Forces to ‘Detect and Deter’ Cyber Threats

The Quad members–India, Australia, Japan and the United States–discussed the importance of enhanced cooperation in the field of cybersecurity while reaffirming an Indo-Pacific that is resilient and equipped against cyberattacks.

The third in-person Quad Senior Cyber Group (QSCG) Principal Meeting took place in Tokyo on December 5-6. The National Cyber Security Coordinator, Lt General MU Nair, represented New Delhi at the meeting.

Along with him, Hamish Hansford, Deputy Secretary Cyber and Infrastructure Security of Australia’s Home Affairs; Keiichi Ichikawa, Deputy National Security Advisor and Assistant Chief Cabinet Secretary of Japan; and Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology participated at the event.

“Together, we reaffirm our steadfast commitment to an Indo-Pacific that is resilient and equipped to detect and deter cyber-attacks,” read the joint statement of the Quad Senior Cyber Group.

It added that the Quad countries are among the world’s leaders in advancing digital technology, connectivity, and resilience and are undertaking efforts to provide capacity building in the Indo-Pacific region to strengthen the ability to defend their government networks and critical infrastructure from cyber disruptions.

The Quad partners also reaffirmed the application of international law to cyberspace and expressed serious concern about cyberattacks in the region on critical infrastructure. They also welcomed progress on the Quad cyber initiatives.

“We reaffirmed our support for the Quad Cybersecurity Partnership: Joint Principles, including through work done in Secure Software, Cybersecurity of Critical Infrastructure, Supply Chain Resilience and Security, and Cyber Awareness through the Quad Cyber Challenge events to encourage participants across the Indo-Pacific to enhance their cyber security and cyber awareness,” the joint statement read.

During the meeting, the Quad partners welcomed the idea of sharing cyber resources through capacity-building projects to improve the security of infrastructure in the Indo-Pacific.

Quad Leaders Summit in Hiroshima.

They all recognised that a safe and secure cyberspace contributes to a healthy and secure society and that international cooperation is key to this.

The Quad partners shared their recognition that cyberattacks have been increasing in frequency and sophistication.

In the wake of this, they discussed the importance of enhanced cooperation in securing the resilience of information technology (IT) and operational technology (OT) systems in critical infrastructure, ensuring mutual recognition of Quad nations’ labelling schemes for cybersecurity of Internet of Things (IoT) products, and the use of critical and emerging technologies such as artificial intelligence and machine learning.

They also reaffirmed the need for reliable, secure and resilient supply chains for critical sectors.

The Quad partners discussed fields of cooperation necessary to realise secure and resilient cyberspace in the region, including digital infrastructure and connectivity such as undersea cables, telecommunications networks, and cloud services.

They affirmed their commitment to continue working together with Indo-Pacific countries to deliver practical outcomes that will support capacity building in the region through the QSCG.

“We reaffirm our commitment to leveraging Quad partners’ respective strengths and resources to progress Quad cyber initiatives to promote a more secure cyber space and deliver Quad Leaders’ vision for a free and open Indo-Pacific that is inclusive and resilient, with a focus on the next Quad Leaders’ Meeting,” the statement added. (ANI)

ALSO READ: Jaishankar lauds India, Australia partnership in Quad format  

Categories
Business India News

‘Cybersecurity resilience key priority for Indian firms’

Cyber security. (source: ianstwitter/)

According to the study, around 62 per cent of these organisations say that the security incidents have impacted their business operations…reports Asian Lite News

Cybersecurity resilience has emerged as the top priority for companies in India as they look to defend themselves against a rapidly evolving threat landscape.

Around 62 per cent of these organisations say that the security incidents have impacted their business operations. This was revealed in the latest edition of Cisco’s annual study, ‘Security Outcomes Report’ launched on Wednesday in Melbourne.

Titled, ‘Security Outcomes Report, Volume 3: Achieving Security Resilience’, the study identifies the top seven success factors that boost enterprise security resilience, with a particular focus on the cultural, environmental, and solution-based factors that businesses leverage to achieve security. The findings are based on survey responses from over 4,700 participants across 26 countries.

Resilience has emerged as the top priority since a staggering 61.5 per cent of organisations surveyed said they had experienced a security event that impacted business in the past two years. The leading types of incidents were network or data breach (69.1 per cent), network or system outages (55.3 per cent), malicious insider abuse (50.4 per cent) and accidental disclosure (47.2 per cent).

These incidents resulted in severe repercussions for the companies that experienced them, along with the ecosystem of organisations they do business with. The leading impacts cited include IT and communications interruption, supply chain disruption, response and recovery costs and lasting brand damage.

With stakes this high, it is no surprise that almost all executives (99 per cent) surveyed for the report said that the security resilience was a high priority for them. The findings further highlight that the main objectives of security resilience for the security leaders and their teams are to contain the spread or scope of security incidents, adapt to unexpected external change events or trends, and to continue to mature and improve security capabilities.

“Digitization has been fast-tracked for several years, bringing new opportunities for people, businesses, and communities. However, to ensure that this progress is not delayed or derailed, it must be accompanied by a sharp focus on and investments in security. Their ability to anticipate, detect, respond to, and recover quickly from cyber threats and attacks will be at the heart of companies’ efforts to build resilience in a dynamic world,” said Samir Mishra, Director, Security Business, Cisco India & SAARC.

“Security resilience allows companies to optimize their resources and prioritize areas that add the most value to their business today and are critical to their success in the future,” he added.

Meanwhile, the report said that the companies whose technology infrastructures are either mostly on-premise or mostly cloud-based had the highest, and nearly identical, security resilience scores. However, businesses that are in the initial stages of transitioning from an on-premise to a hybrid cloud environment saw scores drop between 8.5 and 14 per cent depending on how difficult the hybrid environments were to manage.

Further, businesses reporting an excellent security culture scored 46 per cent higher on an average than those without. Globally, the companies that reported implementing a mature Zero Trust model saw a 30 per cent increase in resilience score compared to those that had none.

“The Security Outcomes Reports are a study into what works and what doesn’t in cybersecurity. The ultimate goal is to cut through the noise in the market by identifying practices that lead to more secure outcomes for defenders,” said Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco.

“This year, we focus on identifying the key factors that elevate the security resilience of a business to among the very best in the industry,” said Patel.

ALSO READ: Indian-origin investor loses $2 million in FTX crash

Categories
India News

Indian executives see uptick in cybersecurity budgets in 2023

Cyber security. (source: ianstwitter/)

In the previous three years, one in four companies worldwide experienced a data breach that cost $1-$20 million or more, according to the report…reports Asian Lite News

Most executives in India say their organisations are continuing to increase their cyber budgets in 2023 as data breaches increase, a report showed on Wednesday.

While 77 per cent said cybercriminal activity is the biggest organisational threat, 62 per cent highlighted insider threat as a challenge. According to a PwC report, 43 per cent of Indian business executives said their firms were yet to fully mitigate the risks associated with remote and hybrid work, 61 per cent said the same around risks associated with accelerated cloud adoption and 55 per cent around increased data volumes.

“Our survey clearly reveals that organisations that have made cybersecurity a strategic priority have witnessed less disruption to business,” said Sivarama Krishnan, Partner and APAC Cybersecurity Leader, PwC.

In the previous three years, one in four companies worldwide experienced a data breach that cost $1-$20 million or more, according to the report. In India, the top areas of concern are cloud-based pathways (59 per cent) and the internet of things (58 per cent), followed by mobile devices and software supply chains (54 per cent).

According to the PwC survey, 89 per cent of Indian business executives say their organisation’s cybersecurity team detected a significant cyber threat to business and prevented it from affecting their operations, as against 70 per cent globally.

About 50 per cent of respondents believe that they have fully mitigated the risks their bold moves incurred since 2020, said the report.
This includes enabling remote and hybrid work (57 per cent say the cyber risk is fully mitigated); accelerating cloud adoption (61 per cent); increasing use of the internet of things (67 per cent); increasing digitisation of supply chains (52 per cent), and increasing back-office operations (56 per cent).

“Among all the risks affecting organisations, Indian respondents consider a catastrophic cyberattack, the resurgence of Covid-19 or a new health crisis, and a new geopolitical conflict as the top three,” the findings showed.

ALSO READ-India offers operational, cyber security training to Philippines military

Categories
-Top News China

China issues security warning after sale of stolen data

In an advert on a criminal forum, later removed, the user said the data was stolen from Shanghai National Police

Chinese President Xi Jinping has urged public bodies to “defend information security” after a hacker offered to sell stolen data of one billion Chinese citizens.

In an advert on a criminal forum, later removed, the user said the data was stolen from Shanghai National Police, the BBC reported.

The hacker claims the information includes names, addresses, National ID numbers and mobile phone numbers.

Cyber-security experts have verified that at least some of a small sample of the data offered is real.

The 23 terabytes of data is thought to be the largest ever sale of data on record and was being offered for $200,000 until the post was removed on Friday.

No Chinese officials have responded to the news and President Xi did not make direct reference to the data sale.

But, according to the South China Morning Post, the President has asked public bodies in China to “defend information security… to protect personal information, privacy and confidential corporate information” to ensure people feel secure when submitting data for public services.

On Friday, the moderators of the website where the sale was listed, by a user called ChinaDan, posted a notice which read: “Dear Chinese users, welcome to our forum. You most likely came here because of the Shanghai police database leak. The data is no longer being sold, and posts related to this topic have been deleted.”

The website administrators then added that they have many other similar and high quality Chinese databases for sale, adding: “We are not in China and we are not Chinese, so we do not have to obey Chinese laws,” the BBC reported.

According to DarkTracer, which monitors cyber criminal activity, another hacker, perhaps inspired by the publicity surrounding ChinaDan’s offer, posted an advert on Tuesday for 90 million Chinese citizen records, which the hacker claims to have stolen from Henan National Police (HNGA).

None of that data has been verified.

“It remains unclear exactly why the data has been withdrawn,” the BBC quoted Toby Lewis, global head of threat analysis at Darktrace, as saying.

“The original offer of sale suggests that the hacker was looking to sell the data to several buyers without exclusivity, rather than just one.

“So one theory is that for a high enough price exclusivity could have been bought, and that kind of purchase could possibly have been made by the Chinese state itself,” he added.

ALSO READ: Reshaping Hong Kong into China with controls, surveillance

Categories
India News

Indian cyber agency warns users of multiple bugs in Chrome, Zoho

These vulnerabilities exist in Google Chrome due to ‘Heap Buffer’ overflow in ‘WebRTC’, ‘Type Confusion in V8’ and ‘Use after Free’ in Chrome OS Shell….reports Asian Lite News

The Indian Computer Emergency Response Team (CERT-In), which comes under the IT Ministry, has warned users of multiple vulnerabilities in Google Chrome which could allow a remote attacker to execute arbitrary code and denial-of-service (DoS) conditions on the targeted system.

A remote attacker could exploit these vulnerabilities by sending specially crafted requests on the targeted system.

“Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and denial-of-service (DoS) conditions on the targeted system,” said CERT-In the advisory late on Wednesday.

These vulnerabilities exist in Google Chrome due to ‘Heap Buffer’ overflow in ‘WebRTC’, ‘Type Confusion in V8’ and ‘Use after Free’ in Chrome OS Shell.

The vulnerability (CVE-2022-2294) is being exploited in the wild, said the cyber agency, adding that the users are advised to apply patches urgently.

CERT-In also advised users against a ‘Remote Code Execution’ vulnerability that has been reported in a Zoho Corporation software which could be exploited by an unauthenticated remote attacker to execute arbitrary code on the targeted system.

This vulnerability exists in ‘Zoho ManageEngine ADAudit Plus’ due to a ‘misconfigured XML’ parser that processes user-supplied input without sufficient validation.

“Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system,” warned the cyber agency, advising the users to upgrade to the latest Zoho ‘ManageEngine ADAudit Plus’ security build update.

Last month, CERT-In issued an advisory over serious vulnerabilities in networking major Cisco products that could help hackers gain access, infiltrate into computer systems and steal data.



The multiple vulnerabilities have been reported in Cisco Secure Email and Web Manager, Cisco Email Security Appliance (ESA) and Cisco Enterprise Chat and Email (ECE) which could allow the attacker to execute arbitrary code, conduct a cross-site scripting (XSS) attack and retrieve sensitive information on the targeted system, CERT-In said in its advisory.

The ‘Information Disclosure Vulnerability’ exists in the web management interface of Cisco Secure Email and Web Manager, “due to a lack of proper input sanitisation while querying the external authentication server”.

“An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. Successful exploitation of this vulnerability could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server,” the advisory read.

The ‘Cross Site Scripting Vulnerability’ exists in the web interface of Cisco Enterprise Chat and Email (ECE) “due to insufficient validation of user-supplied input that is processed by the web interface”.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information.

ALSO READ: ‘Companies operating in India need to follow law of land’

Categories
Social Media Tech Lite UK News

Cyberattack on Defence Academy caused ‘significant’ impact

The targeting of an academic institution is a sign of how the frontline in modern warfare can be anywhere, the former director-general of the academy told Sky News…reports Asian Lite News.

A cyberattack — possibly by China or Russia — reportedly hit the academic arm of the UK’s Ministry of Defence and had a “significant” impact, the officer in charge at the time has revealed.

According to Sky News, Air Marshal Edward Stringer, who retired from the armed forces in August, said the “sophisticated” hack — discovered last March — prompted the Defence Academy to accelerate plans for its entire network to be rebuilt and made more resilient.

The targeting of an academic institution is a sign of how the frontline in modern warfare can be anywhere, the former director-general of the academy told Sky News.

“The consequences for the operations were significant, but then manageable,” Stringer was quoted as saying.

“But only manageable because your people work incredibly hard to keep things going and find back-up methodologies,” he added.

IT staff had to “find back-up ways to use regular internet, etc, etc, to keep the courses going, which we managed to do – but not as slickly as previously, that would be fair,” he mentioned.

He said he did not know whether criminals or a hostile state were responsible, but a primary concern had been if the hackers had tried to use the Defence Academy as a “backdoor” to penetrate much more secret parts of the MOD’s IT systems.

According to the report, it is the first time a senior — albeit now-former — official has spoken on the record about the cyberattack and its impact on the academy, which is based in Shrivenham, Oxfordshire.

ALSO READ-‘India ready to combat China’s cyber attacks’

Categories
-Top News Social Media UAE News

UAE, Intersec to launch first Cyber Security Lab in January

The new Cyber Security Lab was developed to focus on investigative techniques, forensic capabilities, and public-private partnerships to prevent cross border digital terrorism…reports Asian Lite News

The UAE Cyber Security Council has announced a strategic partnership with Intersec, the world-leading emergency services, security and safety event, to introduce the first ever Cyber Security Lab at the global event running from 16th to 18th January 2022.

The 23rd edition of the flagship event has the theme of “Uniting the world’s leading industry specialists for the safety and security of future generations”.

The new Cyber Security Lab was developed to focus on investigative techniques, forensic capabilities, and public-private partnerships to prevent cross border digital terrorism.

Intersec’s elevated programme is reaching new heights in 2022 and will include cybersecurity as one of the many new additions taking centre stage as part of the event. Intersec’s innovation and technology focus is introducing the Cyber Security Lab to enable global and regional industry leaders to discuss critical aspects of the industry in a dynamic, knowledge exchange platform.

Highlighting its importance, Mohammed Hamad Al Kuwaiti, Head of Cyber Security for the UAE Government and Head of the UAE Cyber Security Council, will be inaugurating the Cyber Lab conference.

Al Kuwaiti said, “The Cyber Security Council aims, during its participation in the global event, to shed light on the UAE’s innovative and advanced initiatives in cybersecurity and the country’s efforts to establish effective global partnerships, exchange experiences, and unify global efforts to address cross-border cyber-attacks to enhance global digital security.”

“The UAE is a global leader in cyber security, which was evident in the global competitiveness indicators, where the protection of our cyber security and maintaining business continuity in strategic sectors is a top priority in the council’s strategy to confront suspicious cyber-attacks proactively and with high efficiency. Cyber Security and the protection of digital assets remains top of the Cyber Security Lab agenda with wide global participation which enhances UAE’s position as an international innovative laboratory that presents new tools and advanced technologies capable of facing current and future cyber-attacks worldwide,” he added.

Al Kuwaiti has also praised the “Projects of the 50” that are set to establish a new phase of the country’s internal and external growth in cyberspace, consolidate its regional and global position in all sectors, and raise human competitiveness in the UAE to achieve global outstanding ranks.

ALSO READ: SpaceX to launch UAE’s MBZ-SAT in 2023

Alex Nicholl, Messe Frankfurt Middle East’s Head of Intersec, said that this partnership demonstrates the importance of this sector and the innovative developments at the show in 2022. “We are thrilled to bring the highest level of government partners to collaborate and participate at the event. The UAE Cyber Security Council has embarked on a number of initiatives that reinforce a safe and secure cyber infrastructure in the UAE, we are honoured to be a part of their plans to share their vision across the world.”

Intersec 2022 will also feature some of the world’s best speakers in the UAE for the first time with global experts and government leaders headlining Intersec’s inaugural Cyber Security Lab at the three-day conference.

The cyber programme will include discussions on rapid changes in the industry, key trends and the growth in emerging innovations and technology advancements. An innovative line-up of live activities including an interactive three-day hackathon will include some of the region’s most ambitious students and exciting Start-Up’s.

Also new to the programme is the Intersec Cyber Awards recognising global and regional talent. A significant focus on diversity in Cyber Security will feature throughout the program, plus the role of education and academia in growing talent.

Cyber Security is one of seven product sections at the annual event, joining Commercial Security; Fire & Rescue; Perimeter & Physical Security; Safety & Health; and Homeland Security & Policing.

Categories
Arab News News Qatar

Qatar University and Thales joins to boost cybersecurity solutions

Thales ambition is to be the trusted partner of Qatar in cybersecurity delivering customized solutions to ensure Qatar’s sovereignty…reports Asian Lite News

Qatar University renews its partnership with global technology leader, Thales, to continue with the development of innovative cybersecurity solutions, upskill local youth and protect the country against emerging cyber threats. Thales ambition is to be the trusted partner of Qatar in cybersecurity delivering customized solutions to ensure Qatar’s sovereignty.

As part of the renewed agreement, Thales will support Qatar University with its annual cybersecurity event, Cyber Week, through reintroducing its advanced training tool, Cyber Range, to assist the university’s students in improving their capabilities to address cyberattacks.

The event, organised by Knowledge, Intelligence, Networked Data and Interdisciplinary (KINDI) Research Center, aims to discuss current challenges and future trends related to security and privacy. Held from October 24th, the event will provide students with hands-on training and awareness sessions. Thales will be speaking on the importance of cyber sovereignty and cyber resilience in a new post-pandemic world.

ALSO READ: Blinken, Qatari counterpart discuss Afghanistan situation

This collaboration builds on a long-standing relationship where the two entities have been working closely in the field of cybersecurity since 2014 when Thales signed an agreement with Qatar University to sponsor a ‘Professional Chair’. This was followed by Thales introducing its advanced training tool, Cyber Range in 2019.

FREDERIC SALLET, QATAR VP, COUNTRY DIRECTOR, THALES: “As a long-term partner of the State of Qatar for over 40 years, Thales supports the country through three main axes: industry, innovation and education. Today, the critical importance of Cybersecurity  is more and more understood, and it is key to support the digital transformation that is happening in all sectors.  It is also becoming more and more complex, and we believe that inspiring future generations to engage in these latest technologies is crucial. Through our partnership with Qatar University, we are developing young experts whose learnings and research will support the realization of the Qatar National Vision 2030, of which security and education are core to building a future we can all trust.”

Dr Abdulaziz Khalid Al-Ali, Director of KINDI Computing Research Center, said, “Cyberthreats represent some of the most significant challenges to national security. Most large institutions, including us in higher education, face cybersecurity challenges. With Thales’ expertise, our students gain a unique practical element which encourages and prepares them to be well trained for future careers in the field of cybersecurity and resilience.”

Categories
News Social Media World

SANS Institute launches #SecureTheFamily campaign

Heather Mahalik, #SecureTheFamily Campaign

World-leading experts offer advice this Cybersecurity Awareness Month to become safer online at home with lessons learned at work…reports Asian Lite News

This October, for Cybersecurity Awareness Month, SANS Institute (SANS) is encouraging everyone to spread security awareness programs beyond the boundaries of the office and to help all employees and co-workers apply the lessons learned at work to protect their families and friends with the global #SecureTheFamily initiative.

Heather Mahalik, #SecureTheFamily Campaign

Today, we are more digitally connected than ever before, as more people work from home, remote e-learning has grown exponentially, and Wi-Fi-enabled “smart” devices increasingly occupy different aspects of our daily lives. Connected personal assistant devices can control your smart home devices, digital refrigerators can track your food inventory, video monitors allow you to keep an eye on your little one anywhere from your smartphone, thermostats and light bulbs can connect to your home Wi-Fi, and some washing machines let you remotely schedule wash cycles in advance. Our children are super savvy about the latest model of mobile phone, while our aging parents need help with theirs. All of this connectivity brings plenty of benefits and convenience, but each connected device also brings increased risk.

HEATHER MAHALIK, DIGITAL FORENSICS EXPERT, SANS FACULTY FELLOW, CELLEBRITE SENIOR DIRECTOR OF DIGITAL INTELLIGENCE: “Every personal device used is a potential entry for system threats, Cyber attackers can target anyone’s home – no one is invulnerable. Risks to our digital safety are everywhere, but there are steps you can take to protect yourself and your family.”

Ms. Mahalik developed the SANS Security Awareness curriculum for #SecureTheFamily with practical advice on securing personal devices and data and how to keep families safe online.

Ms. Mahalik notes a few misconceptions about individual-based security practices, such as your home network is too small to be at risk of a cyberattack and that your smart devices are secure right out of the box. So how do we secure our homes, and more importantly, protect our families? Ms. Mahalik highlights some key issues:

Heather Mahalik, Digital Forensics Expert and SANS Institute Faculty Fellow

1. Backing Up Your Digital Information

Most of us know that we need to back up our data, but how often do we do it? And are we sure we know where it’s going? Our data security depends on good habits such as strong organization of our passwords and consistent backups. Separate your work from personal items from family storage plans so that sensitive items are not shared with those who don’t need access to them.

2. Protecting Your WiFi Network

Another crucial step is to secure your home WiFi network. Make sure you change the network’s name first – don’t leave it as “Admin” or use your last name. Also, change the network password to a word or phrase that your family will remember, but outsiders won’t easily guess.

3. Balancing Your Children’s Privacy

When they log onto their devices, our children and teens face numerous risks, including cyberbullying and potential exposure to online predators through social media and video gaming. In fact, research shows that 40% of kids in grades 4-8 report they have connected or chatted online with a stranger, 51% of all teens use at least one social networking app regularly, and 90% of teenagers have regular access to a mobile device. Tweens and teens spend so much time on their digital devices that parents can face challenges striking an appropriate balance between security and accessibility. To balance children’s privacy online, parents need to monitor kids’ online activities and set screen time limits. 

ALSO READ: P&G and Zulekha Hospital initiates Pink It Now campaign

4. Securing Your Devices

From very young toddlers up through high schoolers, our children are more likely than ever to be attached to one or more digital devices, which comes with considerable risk. As parents we must protect our children by securing their devices. For Android devices, set a passcode, enable FindMyDevice to locate or lock a lost device, and establish a phone number/email that can be used to validate your information. For Kindles/ eReaders, enable the lock screen by setting a passcode, enable FindMyKindle to locate or lock a lost device, and update your personal information to include your name and email address in case the device is lost. For all iOS devices, set a passcode, enable FindMyPhone to locate or lock a lost device, establish a phone number/email that can be used to validate your iCloud information, and create backups with iCloud or iTunes.

5. Safeguarding School-Issued Devices

Make sure to secure school-issued Chromebooks and other devices by setting passcodes, knowing what location artifacts are being tracked, and ensuring children fully understand Internet safety. Many children and teens will try to bypass the security measures on their devices, so be vigilant against the use of jailbreaks, hacking, and other techniques that kids might use that invite additional security risks.

The #SecureTheFamily initiative will help you better educate your workforce, friends, and family with techniques to secure home devices and personal data, as well as how parents can protect their children and teens online.

“Because it’s never too late to practice good cyber hygiene,” reminds Ms. Mahalik.