Posted on

Social Media Convergence == Bad?

I was recently in Shanghai. Great city! Enjoyed the trip, the city, and the people. When I travel, I usually use cash, not credit. There's plenty of ATMs around, and Shanghai was no exception. One of the things that really struck me while I was there was the overwhelming presence of mobile computing. I mean, when I was on the subway in Shanghai, all I could see were the tops of people's heads. Everybody was on a cell phone.

Now I've been around. I've been on the London underground, Paris and Vienna metros, New York's subway, and Washington DC's transportation system. Sure, we all use our phones, but we usually look up every once in a while, and we don't stay on them that long. But in Shanghai, it was completely different. Mobile computing is completely integrated with modern Chinese life — in Shanghai at least. And I expect Beijing is no different.

Posted on

An Overview of the Team Messaging App Security, Increasing Concerns and Emerging Solutions

Team messaging apps are no longer confined to small teams but have to facilitate global enterprise level adoption with multiple teams collaborating real time. Globally distributed teams transferring considerable size of data has widened the threat landscape considerably and many experts are also expressing significant concerns over it. Nemertes report indicated clearly that security concerns are one of the major constraints that are prohibiting many enterprises to adopt team collaboration, especially the ones dealing with private and mission-critical data.

Plenty of team messaging apps or team collaboration platforms are available in the market, such as Slack, Microsoft Teams, and Cisco Webex Teams, and each has its own strengths and weaknesses when it comes to security. The key to defending the enterprise’s collaborative environment and mission-critical data lies in the choice of the collaborative platform or the tool. First, we have to ask which them is the most suitable candidate capable of supporting the inherent workflow of your organization and has the most competent and fitting security system to match your enterprise’s operational style.

Posted on

The Fundamentals of Cybersecurity

Adoption of the IoT by businesses and enterprises has made mobile banking, online shopping, and social networking possible. While it has opened up a lot of opportunities for us, its not altogether a safe place because its anonymity also harbors cybercriminals. So, to protect yourself against the cyber threats of today, you must have a solid understanding of cybersecurity. This article will help you get a grip on cybersecurity fundamentals.

Let’s take a look at the topics covered in this cybersecurity fundamentals article:

Posted on

Why I Took the Time to Turn On Two-Factor Authentication

For the past few years, my dad has been encouraging me to turn on two-factor authentication (2FA) on any service that offers it. Having grown up in the social media age, I felt his requests were unwarranted.

I know social media inside and out (and I have a master’s degree to prove it). I have always taken care not to share personal information online that I wouldn’t share in person, and I regularly update my security settings across all my accounts on the internet. So, what was the big deal with turning on two-factor authentication?

Posted on

Mark Zuckerberg’s New Privacy Initiative Needs to Be Seen as the Regulatory Dodge It Is

In a recent blog post on Facebook, Mark Zuckerberg laid out his vision for “building a privacy-focused messaging and social network platform.” Too bad it’s a bunch of BS.

“I believe the future of communication will increasingly shift to private, encrypted services,” he wrote, “where people can be confident what they say to each other stays secure and their messages and content won't stick around forever.” Zuckerberg acknowledged the company’s abysmal reputation for protecting users’ privacy, saying, “I understand that many people don’t think Facebook can or would even want to build this kind of privacy-focused platform.” He then set out to reassure the apparently gullible masses that Facebook has officially turned over a new leaf.

Posted on

Smart Homes and the Internet of Things: What’s Next?

The future is starting to take shape where families are set to live the life of the Jetsons sans the Googie-styled buildings. Appliances can now be controlled remotely, robots are set to clean your floors, and automation frees you up from housework. Homes are getting their smart on with modern devices turning to IoT connectivity to make daily living a whole lot easier.

How It All Began

The inception of smart homes began when appliances that featured automation were introduced. Labor-saving machines such as washing machines, water heaters, and dishwashers were the purveyors of home automation. These appliances have helped us complete chores easier and faster; just set the timer and let them do their thing. This evolved to the X-10 technology that controls these appliances through radio frequency bursts where you can switch appliances on and off using central controls.

Posted on

Best Practices in Software Development Outsourcing and Information Security

Business objectives drive globalization, IT outsourcing, transforming operational models, and organizational structures. However, with the growing number of data security breaches reported by Internet giants like Facebook, information security becomes a major concern for business owners and top managers seeking to establish distributed teams or reap the benefits of offshoring.

To enable efficient and reliable collaboration among businesses and outsourcing vendors, the Computools team has identified the primary information security concerns for both parties and defined the best practices and contractual provisions.

Posted on

Control Your Privacy: Start Encrypting Your Emails

Sending an email to another person is not as secure as one would think. When you send an email, your email does not travel directly to the computer of the person that expects the email; it needs to hop through a bunch of other mail and proxy servers until it reaches its destination. During all this hopping from server to server, your email content is visible to everyone that knows a little bit about sniffing the network, but more importantly, Internet companies and mail providers can read the content. Think of it as sending a postcard where everyone with access to the postal system (of your postbox) can read the content of the postcard.

A lot of people claim that they have nothing to hide, which I sympathize with, after all, we haven’t done anything wrong, so why should we hide things? However, that is not the point. The point is that you are having a private conversation with another person and sometimes you don’t want anybody else outside that conversation to know what you talked about. And that is your right to have that sort of privacy. The same goes for email and other digital means of communication, where only you and the destination should be reading the content of your email, not a telecom company, not someone sniffing the network, and definitely not your email provider. For the same reason that you do not give up your favorite social media password to anyone, no one should be able to access and read what is yours.

Posted on

Supercookies

Supercookies, also known as evercookies or zombie cookies, are like browser cookies in that they can be used to track you, but are much harder to remove.

What Is a Supercookie?

The way I first heard supercookies described was as a cookie that you can appear to delete, but as soon as you do, software rewrites the cookie. Like the Hydra from Greek mythology, cutting off a head does no good because it grows back [1].

Posted on

GDPR Compliance: How Continuous Vulnerability Scanning Is Key

Even months after the interest in GDPR compliance peaked, some companies are struggling to make sure they comply with this new set of regulations aimed at protecting the privacy and security of European citizens. The regulation applies to businesses anywhere as long as their users are in the EU, and with the highest penalties potentially reaching the millions of euros, they’re right to worry.

Take the case of British Airways, for example. On September 6th, 2018, the airline announced that it had suffered a breach that affected around 380,000 users, and that part of the stolen data included personal and payment information.

Posted on

Privacy Secrets Your Systems May Be Unknowingly Telling

Permissions and Privacy in User Data

Privacy has overtaken security as a top concern for many organizations. For IT professionals, the difference between privacy and security may not be apparent. Protecting sensitive data from the prying eyes of malicious users seems to be an obvious goal of application security. But privacy is more than just protecting sensitive data. Privacy is also the users’ ability to keep their data private, no matter if the data is considered sensitive or not. Giving users the ability to control who has permission to see their data and who does not have permission is an important goal of privacy.

How to Ensure Personal Data Is Kept Personal

Many IT professionals today are unaware of exactly how to ensure users’ data is kept private, or even how to determine if the users’ privacy has been violated. Relying on a member of the IT team to “know it when they see it” is not a scalable way to ensure their users’ privacy. Often, IT staff are not subject matter experts concerning the data their organization is collecting. If the sensitivity of the data is not documented and privacy standards have not been explained to everyone who works with the data, it creates an opportunity for incorrect assumptions to be made concerning what data needs to be protected, when it needs to be protected, and where it needs to be protected.

Posted on

The DPO: Not Just for GDPR Anymore

They’re the “hottest tech ticket in town,” according to Reuters. Now, with GDPR — after two years of scrambling (and yes, some denial) within affected organizations, it finally went into effect in May — data protection officers are now officially part of the C-Suite.

After years of the DPO already being the norm in countries like Germany, France, and Sweden, Article 37 of GDPR specifically calls on all organizations involved in the handling of EU resident data to appoint a data protection officer, who shall among other things train and empower organizations and relevant employees on GDPR requirements, monitor for compliance, and conduct audits.