small and medium business – Page 17 – Computer Security Articles

Change my password? AGAIN?

March 7, 2022 admin Security, small and medium business, windows

Credit to Author: Susan Bradley| Date: Mon, 07 Mar 2022 10:02:00 -0800

Every year at this time, I have to fill out my firm’s cyber insurance application — and every year they ask whether we encourage strong passwords and change them often. This question annoys me tremendously, because we really shouldn’t be changing passwords often. We should instead be choosing authentication processes that appropriately match site risks; using a password should be the last thing you want to rely on.

First, think about the information and data a website is keeping on you. The sites we want to offer the most protections often have the weakest. Where you can, always add two-factor authentication to a site’s access. (Not all multi-factor authentication is created equally, but some sort of multi-factor is better than none. If it encourages attackers to go elsewhere, it’s done its job.

To read this article in full, please click here

ComputerWorld Independent

It's time to secure the Apple enterprise

March 3, 2022 admin apple, MacOS, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Thu, 03 Mar 2022 09:35:00 -0800

It’s not unreasonable to assume that war in Ukraine will generate a wave of cyberattacks. That means every business or personal computer user should audit their existing security protections, particularly for companies that have embraced the hybrid workplace.

While larger enterprises usually employ Chief Information Security Officers (CISOs) and security consultants to manage such tasks, what follows is useful advice for Mac, iPad, and iPhone users seeking to start such an audit.

To read this article in full, please click here

ComputerWorld Independent

In a time of war, it’s important to stay secure

February 28, 2022 admin apple, Security, small and medium business, windows

Credit to Author: Susan Bradley| Date: Mon, 28 Feb 2022 06:09:00 -0800

As Russia invaded Ukraine, seeing the disruption in the world occur in near real time on social media brought poignancy to what was happening. While I don’t know anyone in Ukraine, I know many people who have friends or family members that have been impacted by the war. Ukraine has many technology ties around the world. It’s also been a source of cyberattacks, which is why there’s extra concern about what we can do to protect ourselves in case of attack. (Eastern Europe has often been the source of many of the ransomware attacks that occur around the world.)

So what can tech users do to ensure you protect yourself from possible cyberattacks arising from the conflict?

To read this article in full, please click here

ComputerWorld Independent

Behavioral Analytics is getting trickier

February 28, 2022 admin Mobile, Security, small and medium business

Credit to Author: Evan Schuman| Date: Mon, 28 Feb 2022 03:00:00 -0800

Behavioral analytics is one of the best authentication methods around — especially when it’s part of continuous authentication. Authentication as a “one-and-done” is something that simply shouldn’t happen anymore. Then again, I’ve argued the same thing about using unencrypted SMS as a form of multi-factor authentication and I sadly still see that being used by lots of Fortune 1000 firms.

Oh well.

Although most enterprise CISOs are fine with behavioral analytics on paper (on a whiteboard? As a message within Microsoft Teams/GoogleMeet/Zoom?), they’re resistant to rapid widespread deployment because it requires creating a profile for every user — including partners, distributors, suppliers, large customers and anyone else who needs system access. Those profiles can take more than a month to create to get an accurate, consistent picture of each person.

To read this article in full, please click here

ComputerWorld Independent

Windows is in Moscow’s crosshairs, too

February 25, 2022 admin Security, small and medium business, windows

Credit to Author: Preston Gralla| Date: Fri, 25 Feb 2022 03:00:00 -0800

Russia telegraphed its intentions to invade Ukraine well ahead of this week’s attack by massing nearly 200,000 soldiers along Ukraine’s borders, and by Vladimir Putin’s increasingly belligerent threats.

Behind the scenes, Russia was doing more than that, including dangerous cyberattacks launched against Ukraine. And as is typically the case in such attacks, Windows was the attack vector.

“We’ve observed destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government, Tom Burt, Microsoft corporate vice president for customer security and trust, wrote in a blog post in mid-January. “The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable.” In a related technical post detailing how the malware works, Microsoft added: “These systems [under cyberattack] span multiple government, non-profit, and information technology organizations, all based in Ukraine.”

To read this article in full, please click here

ComputerWorld Independent

Take your time testing these February Patch Tuesday updates

February 12, 2022 admin microsoft, Microsoft Office, Security, small and medium business, windows

Credit to Author: Greg Lambert| Date: Fri, 11 Feb 2022 12:21:00 -0800

There are (as of now) 51 patches to the Windows ecosystem for February, but no critical updates and no “Patch Now” recommendations from the Readiness team. I’m hoping that with this month’s list of Patch Tuesday updates, we can enjoy the quiet after the storm. January was tough for a lot of folks. And, with this month’s very light release from Microsoft, corporate security and systems administrators can take the time needed to test their applications and desktop/server builds. It’s also important to invest in their testing methodologies, release practices, and how their applications may be affected by OS-level updates and patches.

To read this article in full, please click here

ComputerWorld Independent

Second Israeli firm accused of undermining iPhones, like NSO Group

February 3, 2022 admin apple, iPhone, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Thu, 03 Feb 2022 09:08:00 -0800

As if recent revelations about NSO Group weren’t bad enough, yet another Israeli firm — QuaDream — has now been accused of using the same hack to undermine iPhone security.

QuaDream also used the hack, Reuters claims

A Reuters report has the details:

QuaDream made use of the same flaw to commit similar attacks against iPhones.
The company is smaller than NSO Group, but also sells smartphone hacking tools to governments.
Both companies used the same highly sophisticated “zero-click” ForcedEntry attack, which enabled them to remotely break into iPhones without an owner needing to click a malicious link.
Once deployed, attackers using the software could access messages, intercept calls, and use the device as a remote listening device. They also gained access to the camera and more.
Apple closed this vulnerability in September 2021.
It is believed NSO Group software was used to target the family of murdered Saudi journalist Jamal Khashoggi.

The news follows the revelation that the FBI also obtained NSO’s Pegasus spyware, but claims it did not use it. That also follows another recent claim that NSO Group offered “bags of cash” in exchange for access to US cellular networks via the SS7 network.

To read this article in full, please click here

ComputerWorld Independent

Why Apple’s improved 2FA protection matters to business

February 2, 2022 admin apple, iOS, MacOS, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Tue, 01 Feb 2022 06:01:00 -0800

Apple has introduced a new layer of protection to its existing two-factor authentication (2FA) system, making it a little harder for phishing attacks to successfully steal valuable authentication credentials.

Given that Apple, PayPal, and Amazon were the top three brands used for successful phishing attacks last year, according to a recent Jamf report, this matters.

Phishing costs billions and is bad for business

Phishing is a huge problem. The scale of these attacks shot up during the pandemic. The FBI Internet Crime Report 2020 revealed that phishing attacks affected 241,342 victims in 2020, up from 114,702 in 2019, with adjusted losses of more than $54 billion. Verizon’s 2021 Data Breach Investigations Report confirmed that 36% of data breaches that year involved phishing.

To read this article in full, please click here