Salesforce, Google, Microsoft, Verizon are all eyeing up a Twitter bid

Twitter continues to inch its way to a sale process, and the latest developments come in the form of alleged bids from potential buyers. Today CNBC is reporting, and we have also independently heard, that both Google and Salesforce are interested in buying the company. We have additionally heard that Microsoft and Verizon have also been knocking, although right now Verizon (which also owns AOL, which owns us), may have a little too much on its plate.

Twitter currently has a market cap of $13.3 billion, and it opened for trading today with a jump of nearly 22%, in response to all these whispers.

Google, Microsoft and Verizon have also been reported as potential suitors in the past (one recent article here), and what we’re hearing about the Microsoft interest is that it, in part, is an attempt by the company to drive the price up to keep it out of Salesforce’s hands.

“At this moment Microsoft has nothing to share,” a spokesperson said when reached for comment. But that begs another point, though: Of the four companies that we’ve heard about, the one that might be most surprising as a suitor is Salesforce.

Salesforce currently has around half of the current market cap of Twitter in its own cash reserves, meaning that if it acquired the company, it would need to raise the remainder elsewhere if it’s an all-cash deal, or it would need to make the rest of the purchase in shares. It would be the highest-ever acquisition by the very acquisitive Salesforce, which has already spent more than $4 billion on acquisitions in the first six months of this year.

Then again, it tried, but missed out, on buying LinkedIn (which Microsoft is picking up for $26.2 billion), so expensive purchases are not out of its sights completely.

There are reasons you might be skeptical of a Salesforce acquisition of Twitter. Twitter is fundamentally a consumer-facing product, currently with a very strong focus on repositioning itself as a media business (content + ads around that content). Salesforce ambition (and some would say achievement) is becoming the ultimate purveyor of cloud-based enterprise services. Maybe there is a place where Salesforce could leverage Twitter’s consumer media play in its own larger platform, but today it seems like a step too far to the side.

On the other hand, there are several reason why this could also make sense. Salesforce could use Twitter to expand significantly into a much different business area, and business model. For example it could help it really light a fire under its new Einstein big data platform with a vast infusion of real-time data.

Data is the big currency for today’s large tech companies, used for advertising but also making the wheels spin for all kinds of business intelligence and insight modelling. Today Salesforce lacks as many ingestion engines for this as others. Twitter, of course, is a mine of real-time data from its 313 million monthly active users, although on its own the company has had a lot of challenges in growing its user numbers, and also figuring out the best ways of effectively monetising them.

Meanwhile, there are other aspects of Twitter that fit into Salesforce’ business. Specifically, there is some potential around customer service (an area that Twitter is pushing via the division that joined it via Gnip).

And there is the fact that Salesforce already offers products around social media interaction and management between businesses and their customers/potential customers/wider public. Personally, I’m not sure if buying a single platform to enable this is what Salesforce would do, considering that today Salesforce manages across multiple platforms and in actuality Twitter is not that big in the greater scheme of things compared to Facebook and the aggregate of other platforms where “conversations” are happening.

There are other, smaller crossovers between the two companies that you shouldn’t overlook. For example, Bret Taylor, who has joined Salesforce via the acquisition of his cloud-based word processing startup Quip, is also on the board of Twitter. Salesforce and Twitter also happen to use the same M&A law firm, Wilson Sonsini (which is, admittedly, used by a lot of tech companies).

For the record, Salesforce declined to respond for this article. “We don’t comment on rumors,” Salesforce’s VP of corporate communications, Chi Hea Cho.

As for the other two companies we’ve heard about, Google as a suitor makes a lot more obvious sense for Twitter, if perhaps a little more pedestrian and predictable. For starters, there is the financial aspect: Google has a lot of cash on hand to finance the acquisition — $73.1 billion, by one estimate earlier this year.

Then there is social: Google has forever been looking for a stronger foothold in this year, which it has failed to achieve on its own over the years with its own efforts. YouTube is currently perhaps the company’s biggest hope in this space, but while there is some “conversation” on YouTube alongside the vast amount of traffic and consumption of videos, it’s nothing like the almost pure-play conversation that happens on Twitter.

Twitter potentially would hold a lot of promise for a company like Google both to expand its advertising business on desktop and mobile, tapping into a stream of consumers of social media who are slowly being lured away from Google by another huge social media platform, Facebook.

Verizon, lastly, has made no secret of its interest in buying into media properties to add a new wave of business to its traditional roots as a telecoms carrier.

That is an effort that it has filled out so far with its acquisition of AOL, and now Yahoo. Twitter in the mix makes an easy fit, and it would potentially keep Twitter running as it has done (which is the approach Verizon has taken with AOL properties).

On the other side, if Verizon is successful in building out a place for itself as a “third-pillar” for advertising online alongside Google and Facebook, that would theoretically leave little room for an independent Twitter — meaning that it could be a logical place for Twitter to land.

However, although we have heard that Verizon was interested in Twitter a while ago, Verizon tells us that a recent report in the New York Post on making a standing offer for the company was inaccurate. (You can also read that as a narrow and precise denial. Standing offer: no; but what about something else?)

It looks like bids could start to come in soon as Twitter’s board is eager to get things going, although CNBC says there may not be any news before the end of this year. One thing is for certain, however: if Twitter is a bird, its egg has now been cracked and we’re all now watching to see what will come out of it.

We are reaching out to all companies for their response, and will update as we learn more.


via:  techcrunch

Save pagePDF pageEmail pagePrint page

LinkedIn doubles down on education with LinkedIn Learning, updates desktop site

LinkedIn, the social network for the working world that now has some 450 million members and is in the process of being acquired by Microsoft for $26.2 billion, today took the wraps off its newest efforts to expand its site beyond job hunting and recruitment, its two business mainstays. The company has launched a new site called LinkedIn Learning, an ambitious e-learning portal tailored to individuals, but also catering to businesses looking to keep training their employees, and beyond that even educational institutions exploring e-learning courses.

The new site was unveiled today in LinkedIn’s offices in San Francisco, and it comes about a year and a half after LinkedIn acquired online learning site for $1.5 billion. A large part of LinkedIn Learning is based on Lynda content, and goes live with some 9,000 courses on offer.

Subjects taught through the service include business, technology and creative topics, with courses running the gamut from programming skills to writing and accounting.

Courses can be both selected by employees as well as recommended by employers and their HR managers who can use LinkedIn’s analytics products to both monitor employees progress but also look at the wider range of what is being studied as a point of reference, and curators at LinkedIn itself.

LinkedIn education is available for LinkedIn Premium subscribers who look like they will get 25 new courses every week based on information on the site. LinkedIn says it will soon be releasing an enterprise tier so that large companies can take subscriptions for their entire employee base, LinkedIn said today.

LinkedIn’s emphasis on education and learning goes hand-in-hand with the company’s primary role today as a place where many people go to create and maintain their professional profiles publicly, and to look for jobs. Building on that as a place to also enhance your professional skills makes a lot of sense.

It also provides a coda to LinkedIn’s efforts in trying to court higher education facilities. LinkedIn started opening up special, verified profile pages to universities and colleges a few years ago and encouraging younger users to get started building LinkedIn profiles as young as 13 to get started.

The idea was to use this as a way of onboarding users early in their professional lives (or before they were even started), but also to potentially hook into alumni job-finding networks for the recruitment business. I always thought this was missing something, though, without offering a learning component, so it’s interesting to see that LinkedIn is now trying to address this.

Interestingly, LinkedIn Learning comes a week after LinkedIn unveiled another take on how to bridge that gap: in India, the company now has an online job placement service that tests an individual’s skills and then suggests jobs that might be suitable for him or her. It doesn’t take the extra leap to include training, but you could imagine how LinkedIn Learning could fit into that product, too.

Today in a presentation in San Francisco about the new product, LinkedIn’s CEO Jeff Weiner described how education has become “one of our most important priorities.” He noted that the World Economic Forum expects 5 million jobs to be displaced by the introduction of new technologies, and that 78% of CFOs surveyed believe that up to 25% of their workforces could be displaced by 2020.

In other words, apart from the larger ideology that LinkedIn likes to describe about being a charter of our world’s “economic graph” (LinkedIn’s answer to Facebook’s social graph), LinkedIn also sees education as a business opportunity, with “just in time” experience training from LinkedIn as a key way of meeting that demand.

Desktop refresh, and messages get bots

Alongside today’s launch of LinkedIn Learning, LinkedIn also announced that it would soon be updating in other areas of its service. They include a new desktop experience, a “smarter” content newsfeed, and additions to its messaging service, including — you guessed it! — the introduction of bots.

None of these, it seems, are live yet but are coming soon, the company says.

The main idea with the desktop redesign is to give the desktop experience, on the bigger screen and via a browser, more parity with what LinkedIn has done with native apps. In a way, this was overdue: the company counts professionals as its customer base, a mostly desk-bound, and therefore captive, audience for a better desktop version.

The new look will include quicker ways of toggling from your own profile to suggestions of others to look at, follow, and message; as well as a more dynamic stream of potential jobs and other content.

The content, meanwhile, looks like it will also get updated again. The feed will be expanding to include a bigger mix of suggested people to connect with and follow; more influencer content; and news curated by LinkedIn’s editorial team.

The news element of this is particularly interesting: it looks like LinkedIn wants to take a bigger step forward here and position itself as destination to get all the news that you might want to read that might be relevant to your professional world and beyond. Think of this as LinkedIn’s equivalent of Facebook’s trending topics.

LinkedIn has tried to offer aggregated news content to its users in the past — a service that it picked up by way of its acquisition of Pulse — but it has also peppered it with a lot of thought pieces about the news from Influencers rather than offer readers the core of the news itself.

Now LinkedIn will push breaking news alerts to you, and then, when you click on them, you will be given a wider array of supplemental links to learn more. This could include more news stories, or people on LinkedIn who are connected to you, and to the news; and (yes) those Influencer posts.

My impression is that I’m not sure how much traffic or buzz LinkedIn’s news feed gets today, and this is a way of trying to turn that around.

Last of all, LinkedIn showed off a little preview of how it will be updating its messaging and chat experience. I don’t know if this is really necessary, or just a sign of the times, or LinkedIn jumping on the bot bandwagon, but it looks like there will be more “suggested content” that will now be worked into the messaging experience.

For example, if you are chatting with someone about setting up a meeting, you can now schedule it, including setting up the meeting room, “using bot technology.”

LinkedIn has a long way to go, though, before messages are a big thing on the site. Today, Mark Hull, who is head of product in the messaging team, highlighted the progress LinkedIn has made by noting that there has been a 240% increase in messaging activity on the platform since relaunching the messaging apps last year.

He said that people are now “using messages on a weekly basis” — which may indeed be progress for LinkedIn, but is obviously well behind apps like Facebook’s Messenger and WhatsApp, or perhaps more in LinkedIn’s professional court, Slack, which are used daily and hourly.


via:  techcrunch

Save pagePDF pageEmail pagePrint page

How to Create a Portable Hotspot on Android with VPN on

Many Android users (myself included) have long found it annoying that creating a working portable hotspot is not possible while using a VPN on the device that shares the connection.  From the user interface to the lines of code that power the app behind it, a driving principle of designing Freedome has always been to make the kind of VPN that only makes your online experience better, without hindering it in any way.

Tethering with VPN is now possible

This is why we are extremely happy – both personally and for our users – to announce that our new Android release (out now on Google Play) makes it possible to have Freedome turned on while sharing your connection with other devices. We are also the first (as far as we know) major VPN provider to make this happen.

Instructions on setting up a portable hotspot

The new update automatically allows you to create a portable hotspot with Freedome VPN, so the instructions are fairly simple.

  1. Download Freedome VPN on your Android
  2. Turn on the portable hotspot feature from your Android settings

Keeping it simple, as usual!

A note on privacy

It’s worth noting for the sake of your privacy that the tethered device’s traffic will NOT go through the VPN tunnel of the device sharing the connection. As Freedome lead Android developer Antti Eskola (who, by the way, you can thank for making this feature a reality) says:

“Android does not allow tethered devices access to the VPN tunnel. This is a deliberate choice forced by Android for security reasons. For instance, when using VPN to access your employer’s network, they might not want your friends and family there. Also a VPN tunnel shared with others wouldn’t really be a private network anymore”

In other words, remember to use Freedome on laptops and any other devices you connect to your own hotspots with.


via:  safeandsavvy

Save pagePDF pageEmail pagePrint page

LightCyber Closes Breach Detection Gap in Cloud Data Centers

LightCyber Closes Breach Detection Gap in Cloud Data Centers by Extending Behavioral Attack Detection to Amazon Web Services — New Magna Products Deliver Attack Detection for Public Cloud Data Centers and Additional Detection for Linux Data Center Workloads.

LightCyber, a leading provider of Behavioral Attack Detection solutions, today announced new Magna products for Amazon Web Services (AWS) to close the breach detection gap in cloud and hybrid cloud data centers. The new products provide attack visibility for Infrastructure-as-a-Service (IaaS) cloud and hybrid cloud data center workloads. Leveraging all of the existing behavioral profiling and anomaly detection capabilities available in the Magna platform, the new Magna Detector-AWS and Magna Probe-AWS products support deployment within an organization’s AWS Virtual Private Cloud (VPC). LightCyber also announced a new version of its agentless, on-demand Magna Pathfinder for Linux to extend integrated network and endpoint detection features to one of the most common data center server platforms.

Approximately 155 million workloads will move to public cloud data centers by 2019 according the Cisco Global Cloud Index (1), eclipsing those that will exist in private cloud data centers. Even bulge bracket banks are projected to migrate from little or no use of public cloud data centers today to having 30 percent of their data center capacity in the public cloud within three years, according to a note from Deutsche Bank (2).

“While network security analytics systems exist for on-premise environments, the capabilities for public cloud workloads have lagged behind,” said Jason Matlof, executive vice president, LightCyber. “Extending the Magna Behavioral Attack Detection platform into the public cloud data center enables security operators to achieve similar levels of security visibility into active attacks for both the on-premise and cloud data center environments.”

The new LightCyber Magna products detect the operational activities of malicious insiders or targeted external attackers attempting to gain control of assets hosted in an AWS cloud data center or using it as a point for command and control (C&C) communication and eventual exfiltration of data. Similar to an on-premise data center, once attackers gain a foothold, they need to explore the environment through reconnaissance and must expand their realm of control to gain access to assets using lateral movement. The Magna Behavioral Attack Detection platform employs machine learning techniques to detect these reconnaissance and lateral movement activities, as well as C&C and exfiltration, so that an attack can be thwarted before damage is done. The Magna platform combines the capabilities of Network Traffic Analytics (NTA) with User and Entity Behavior Analytics (UEBA) to eliminate blindness to attacker and malicious or risky insider activity.

The new Magna Probe-AWS and Magna Detector-AWS make use of native AWS VPC Flow Logs or, the currently in beta, Gigamon Visibility FabricTM for AWS to monitor the virtual network. It also complements the existing capability of the Magna platform to monitor inbound and outbound network traffic to a public cloud over a site-to-site VPN.

In addition, the new version of Magna Pathfinder extends the Magna platform with an agentless, on-demand capability to interrogate Linux workstations and servers, which complements the network-centric behavioral profiling capabilities of the Magna Detector products. Previously Magna Pathfinder engaged only with Windows servers and clients.

Pricing and Availability

LightCyber Magna Probe-AWS and Magna Detector-AWS are beginning their beta program, with general availability planned for Q4 2016. The price starts at $5,000 per year, depending on the number of nodes in the AWS environment. The new LightCyber Magna Pathfinder is now generally available and pricing starts at $9,000 per year.


Infographic and Blog — How attackers stay hidden in the public cloud and how detect them.
Product details — Magna platform for Behavioral Attack Detection with addition of AWS.



via:  enterprise-security-today

Save pagePDF pageEmail pagePrint page

Yahoo! Confirms the Breach of 500Mn Online Credentials

It’s been a few weeks coming, but Yahoo! has confirmed the breach of 500 million credentials.

Back in August, the hacker responsible for dumping hundreds of millions of MySpace, LinkedIn and other credentials online in recent months claimed to have put up for sale 200 million Yahoo log-ins.

Yahoo said at the time that it was “aware” of the incident, although it didn’t initiate a user-wide password reset.

Now, the online giant—which is in the process of being acquired by US telecoms behemoth Verizon, has confirmed the situation, but the breach is larger than expected, and Yahoo said that the heist was carried out by a state-sponsored attacker.

It said in a statement that certain user account information was stolen from the company’s network in late 2014, including names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected, it said.

“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network,” it said in its statement. “Yahoo is working closely with law enforcement on this matter.”

Certain details differ from the previous claim by Peace—those 200 million credentials were linked to an earlier breach, from 2012. Peace also has never been seen as a state-sponsored bad actor. For now, whether this 500-million cache is from an additional incident unrelated to Peace’s claims is unknown.

Security experts, who have been waiting all day to hear the company’s confirmation (some would say confession) were quick to pounce on what they perceive to be the company’s irresponsibility.

“One of the more egregious errors in this disclosure was the fact that date of birth (DOB) information was exposed,” Todd Feinman, founder of Spirion, said via email. “Companies like Yahoo have an obligation to their customers to protect their privacy and classify personally identifiable information. DOBs are a perfect example of data that should be classified and protected so that, in the event of a data breach, personally identifiable information (PII) is not exposed.”

DOB can be used in conjunction with other data to steal an identity or compromise the victim in other ways. It is sometimes used as secondary validation, and Feinman said “should be classified as confidential and kept encrypted just like social security numbers and health record numbers.”

Jason Hart, the CTO of Data Protection at Gemalto, noted that the month+ that it has taken Yahoo to fess up is also an issue.

“While it is worrying that Yahoo has been breached, what’s more concerning is that it has taken over a month to confirm, especially when consumers’ personal information is at risk,” he said. “The good news is the sensitive data that is now for sale, such as user names, email addresses and dates of birth, is encrypted— but these records could be easily decrypted if the company did not implement properly managed encryption keys. What’s more, Yahoo certainly could have done more to prevent the breach in the first place by implementing two-factor authentication internally, which can protect employees from a spear-phishing attack.”


via:  infosecurity-magazine

Save pagePDF pageEmail pagePrint page

Mamba Ransomware Encrypts Hard Drives Rather Than Files

Just when we thought ransomware’s evolution had peaked, a new strain has been discovered that forgoes the encryption of individual files, and instead encrypts a machine’s hard drive. The malware, called Mamba, has been found on machines in Brazil, the United States and India, according to researchers at Morphus Labs in Brazil. It was discovered by the company in response to an infection at a customer in the energy sector in Brazil with subsidiaries in the U.S. and India.

Renato Marinho, a researcher with Morphus Labs, told Threatpost that the ransomware is likely being spread via phishing emails. Once it infects a machine, it overwrites the existing Master Boot Record with a custom MBR, and from there, encrypts the hard drive.

“Mamba encrypts the whole partitions of the disk,” Marinho said. “It uses a disk-level cryptography and not a traditional strategy of other ransomware that encrypts individual files.”

The malware is a Windows threat, and it prevents the infected computer’s operating system from booting up with out a password, which is the decryption key.

The victims are presented with a ransom note demanding one Bitcoin per infected host in exchange for the decryption key and it also includes an ID number for the compromised computer, and an email address where to request the key.

Mamba joins Petya as ransomware targeting computers at the disk level. Petya encrypted the Master File Table on machines it infected. Mamba, however, uses an open source disk encryption tool called DiskCryptor to lock up the compromised hard drives. Petya was a game-changer among ransomware families. It spread initially among German companies targeting human resources offices. Emails were sent that contained a link to a Dropbox file that installed the ransomware. The malware showed the victim a phony CHKDSK process while it encrypted the Master File Table in the background.

Researchers quickly analyzed Petya’s inner workings and by understanding its behavior, were able to build a decryptor shortly after the first infections were disclosed.

More than a month after Petya surfaced, a variant was found that included a new installer. If the installer failed to install Petya on the compromised machine, it installed a less troublesome ransomware strain known as Mischa. Petya included an executable requesting admin privileges that caused Windows to flash a UAC prompt; if the victim declined at the prompt, the malware would install Mischa instead of Petya.

Mischa behaves like most of the ransomware many are familiar with. Once the victim executes link sent in a spam or phishing email, the malware encrypts local files and demands a ransom of 1.93 Bitcoin, or about $875 to recover the scrambled files.


via: threatpost

Save pagePDF pageEmail pagePrint page

Security-as-a-Service Uptake Increases with Cloud Adoption

More than half of the workforce at about half of all companies in business are using cloud applications, like Dropbox or Salesforce. And that uptake is driving adoption for security-as-a-service offerings.

The fresh survey, from Thycotic, also shows that about 32.5%—the largest percentage of respondents—said that 75% or more of their employees have access to an application in the cloud. The top three usage scenarios are email, storage and collaboration/project management—all areas involving rich repositories of company data. 

When asked how important it is to protect privileged accounts that have access to company data, the vast majority—85.8%—said that it was “very important.” But only 62% said they feel that these accounts are already very secure and well-guarded. It indicates a gap and potential area of future investment.

Growing businesses require a mature focus on protecting the network and data from crippling threats that take advantage of unmanaged privileged accounts to gain undetected access to the network. Interestingly, the survey found that the embrace of the cloud extends to security solutions, too. The survey found that 60.6% said they would be “very likely” to use a cloud platform to protect passwords on privileged accounts.

“Our assumption was that because organizations often are often worried about security when they implement a SaaS solution, that they would be hesitant to use an SaaS deployment model for protecting their company’s information assets,” said a company spokesperson. “That assumption proved to be wrong.”

The results fit with findings from the 2016 Gartner Market Guide for Privileged Access Management (PAM), which predicts that by 2019, 30% of new PAM purchases will be delivered as a service or run in the cloud (up from less than 5% today). This growth suggests that the need for managed virtual infrastructure and cloud services will become more critical.

Dovetailing with the trend, Thycotic has announced Secret Server Cloud, a cloud-based privileged account management solution engineered to keep organizations’ most valued assets in the cloud by allowing enterprises to discover, manage and protect their privileged accounts.

“The next killer app in the cloud is privileged account management as a service,” said Joseph Carson, Thycotic security specialist. “Many companies are moving away from traditional brick and mortar offices and with this we see many of those companies moving to the cloud to fully run and operate their business. However, as those businesses start to grow quickly and even as traditional companies use more and more cloud services, managing and securing all of those privileged accounts start to become a major challenge.”


via: infosecurity-magazine

Save pagePDF pageEmail pagePrint page

Data Security Compliance: A Cheatsheet for IT

From HIPPA to SOX, whether you work for an organization controlled by compliance standards or you are an independent IT firm looking to build your enterprise business, industry regulations regarding data security can sometimes cause a real headache.  Keep reading for a single set of guidelines to follow that can be applied to all industry regulations at once.

  Why Data Security Regulations Exist

Industry mandated data security requirements are there for a good reason. Where there is personal data, there are hackers trying to get at it. After all, social security numbers, credit card numbers, birthdates and more are all extremely valuable on the black market.  

According to the Identity Theft Resource Center (ITRC), there were 780 electronic data breaches in 2015. These breaches affected over 175 million records in a variety of industries including healthcare, banking, education and government agencies. Broken down by industry, the numbers look like this:

Breaches: 276
Records lost: 121,629,812

Breaches: 71
Records lost: 5,063,044
Breaches: 58
Records lost: 759,600
U.S. Government/Military
Breaches: 63
Records lost: 34,222,763
Breaches: 312
Records lost: 16,191,017

Five Steps to Compliance

Despite different industries being required to follow differently named guidelines, there’s a pretty good overlap for those items that IT really needs to worry about.   

Although some personal information that may not fall under any compliance standards, from an IT perspective, it’s safe to assume that any and all customer, employee or other personal information needs to be protected from breach or accidental exposure.   

In order to obtain and maintain compliance to any industry or government mandated protocol, you must have documented and validated policies and procedures that are in use by your company.   

The steps you need to follow as IT regarding security policies and procedures are fairly standard, regardless of the industry you serve: 

1. Risk Analysis

Risk analysis, sometimes also called gap analysis or security risk assessment, is the first step toward developing a data security policy. Security risk assessments should be conducted annually, biannually or any time something changes, such as the purchase of new equipment or expansion of company services.   

The purpose of risk analysis is to understand the existing system and identify gaps in policy and potential security risks. As explained by the SANS Institute, the process should work to answer the following questions:

What needs to be protected?
Who/What are the threats and vulnerabilities?
What are the implications if they were damaged or lost?
What is the value to the organization?
What can be done to minimize exposure to the loss or damage?

Areas to review for proper security:

Workstation and server configurations
Physical security
Network infrastructure administration
System access controls
Data classification and management
Application development and maintenance
Existing and potential threats

Methods of security to review:

Access and authentication: access should be physically unavailable to anyone who is not authorized
User account management
Network security
Segregation of duties
Physical security
Employee background checks
Confidentiality agreements
Security training

Resources from the SANS Institute also give excellent instruction for conducting a thorough risk analysis for your company.

2. Development of Policies and Procedures  

Based on the outcome of the risk analysis conducted, security policies and procedures for safeguarding data must be updated or, if none currently exist, written from scratch.   

Identify, develop and document:

A comprehensive plan outlining data security policies
Individual staff responsibilities for maintaining data security
Tools to be used to minimize risks, such as security cameras, firewalls or security software
Guidelines concerning use of internet, intranet and extranet systems

3. Implementation  

Once your company policies and procedures have been identified, planned out and documented, they need to be implemented and followed.

Purchase security software and other tools that have been identified as necessary
Update existing software and operating systems that are out-of-date
Conduct mandatory security training and awareness programs for all employees, and require signatures on mandatory reading materials
Conduct background checks of all employees
Vet third-party providers to be sure that they maintain and document compliant security protocols identical to or more robust than those in place within your company

4. Validation  

In order to prove that your company is compliant with industry regulations, you must have a third-party data security company validate your company’s security protocols, procedures and the implementation of those policies and procedures. This should be done annually or biannually.   

This process can be pricey, time-consuming and intrusive; however, this type of verification will both help your business to maintain data security, and add value to your services for use by your customers.  

A SSAE16 SOC 2 Type II security protocol can cover a large spectrum of industry regulated data security requirements, including all of those discussed in this article:  


5. Enforcement  

Security policies and procedures can be enforced through education and penalties.    You may have noticed that education falls under both implementation and enforcement. This is absolutely the most important part of your company security and must be offered continuously.

Mandatory training and awareness programs must be scheduled for employees to ensure sensitive and confidential data is protected. Be sure that anybody who might touch protected data is trained on current policies and risks, and kept current as policies are updated or new risks identified.  

For example, be sure that all relevant employees are aware of email phishing scams, how to identify them, what to do if somebody thinks they may be targeted and what to do if they have become a victim, possibly exposing protected data. As new types of scams come into being, send company-wide emails detailing methods of identification and protection.  

The second part of enforcement is eliminating the temptation to ignore protocols and encouraging compliance. This can be done by issuing penalties, financial or otherwise, for those who do not follow important procedures.

  There You Go—Simple!

Okay, maybe it’s not exactly simple. But, if you want to avoid adding your business or your clients to the data breach stats, data security measures must be thorough. Industry compliance and overall data security will help maintain the safety of your organization’s data, and add a great selling point when pursuing clients.


via:  itproportal

Save pagePDF pageEmail pagePrint page

It’s now only $29 to fix your cracked iPhone if you have AppleCare+

Following the  iPhone 7 announcement, Apple is announcing that new AppleCare+ members will be able to get their cracked screens fixed for $29. This is big news for everyone who uses an iPhone with AppleCare+, and ultimately, anyone who owns an iPhone to begin with.

It’s worth noting how much AppleCare+ costs — $149 for the iPhone 7 Plus, or $129 for the iPhone 7 — on top of the existing cost of buying a new iPhone 7 or 7 Plus ($649 or $769 unlocked, respectively. By comparison, getting a cracked screen fixed without having AppleCare would cost you $149 , so there is some benefit to be had by enrolling.

However, the fun stops when you read the fine print: having an AppleCare+ subscription, which costs $129, includes only two repairs from accidental damage, plus a service fee. After you’ve somehow broken your iPhone 7 twice (thus confirming that you’re accident-prone), all repairs will cost $29 thereafter. This updated pricing applies to existing AppleCare+ customers as well.

As for the last-generation flagship iPhones (the 6S and 6S Plus), an AppleCare+ subscription will be the same pricing structure ($149 and $129), with the same policies as iPhone 7 AppleCare+ customers.

Try not to break your shiny new phone, is my personal recommendation.


via:  techcrunch

Save pagePDF pageEmail pagePrint page

A new wearable generator creates electricity from body heat

Now your sweaty body can power your phone. Like Neo in the Matrix, a new system created by researchers at North Carolina State University lets you generate electricity with a wearable device. Previous systems used massive, rigid heat sinks. This system uses a body-conforming patch that can generate 20 μW per centimeter squared. Previous systems generated only 1 microwatt or less.

The system consists of a conducive layer that sits on the skin and prevents heat from escaping. The head moves through a thermoelectric generator and then moves into an outer layer that completely dissipates outside the body. It is 2mm thick and flexible.

The system, which is part of the National Science Foundation’s Nanosystems Engineering Research Center for Advanced Self-Powered Systems of Integrated Sensors and Technologies (ASSIST), has a clear path to commercialization.

The goal is to embed these into health tools that can measure your vital signs without needing to be recharged. “The goal of ASSIST is to make wearable technologies that can be used for long-term health monitoring, such as devices that track heart health or monitor physical and environmental variables to predict and prevent asthma attacks,” said researcher Daryoosh Vashaee, an associate professor at NC State. “To do that, we want to make devices that don’t rely on batteries. And we think this design and prototype moves us much closer to making that a reality.”


via:  techcrunch

Save pagePDF pageEmail pagePrint page