The People Problem

| April 26, 2016

article image
Let's face it. Humans are the weakest link in cybersecurity. Human error contributes to at least 95% of all security incidents. This paper explores the challenges with managing the human element and outlines seven steps you can take to improve your security posture.

Spotlight

Penta IT services

IT infrastructure management specialists, IT maintenance, network security and hosting since 1996. Penta accompanies your business by proposing IT solutions adapted to your size, needs, organization and operations.

OTHER ARTICLES

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | February 12, 2020

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More

What Is Mac Malware, How It Penetrates Your Device, and How to Get Rid of It

Article | November 25, 2020

I would like to share my experience with you and talk about viruses created for Mac devices and how to deal with them. You may say that there are no Mac viruses as Apple does not allow it. However, I may say that there are plenty of nasty malware types like adware that open new tabs in your browser, redirect you to irrelevant pages and show numerous popups. Yes, these are not real viruses. Adware like Search Marquis cannot clone itself and infect other connected devices. It cannot encrypt your files or cause any other harm. Its activity is related only to web redirects and excessive advertising. At the same time, who knows which rogue websites adware may land you on next time. It may happen that you end up on a phishing website where cyber crooks harvest personal information that leads to identity theft. Fake antiviruses I strongly recommend removing all adware that penetrated your device. But there is a problem here. If you want to get rid of Mac adware, you cannot quickly find a solution. If you go to google and search there how to get rid of Mac malware, you will see that all top results offer you to buy and install some shady software. In reality, these Mac antiviruses do nothing, as we know that the Apple ecosystem does not allow apps to access other apps' data. No antivirus can really scan and check your files. How to remove Mac malware Solution 1: If your system is infected with adware and you do not know how to get rid of it, you may try to call Apple and ask what to do. You can find their phone number here: support.apple.com/en-gb/HT201232#us-ca. Solution 2: Another option is to try your luck on Apple communities. Thousands of tech enthusiasts help uses with their problems there. Here is a sample thread: discussions.apple.com/thread/8226644. Solution 3: There are other options too. Apple operating systems are not very difficult to use, and any person can remove adware manually by going through step-by-step guides posted on numerous malware removal websites. Here is a guide by BitAdvisors.com on how to remove Search Marquis malware. Most rogue software works by exploiting bugs and vulnerabilities in your computer's operating system. And macOS has its own bugs too. To fix these vulnerabilities, Apple periodically releases operating system updates. To date, macOS has not proved attractive enough for cybercriminals and evil developers to flood it with malware. Protection tips To stays away from any surprises, it is recommended to update your OS as well as all apps installed regularly. You should never install apps from unofficial app stores not controlled by Apple. One of the ways for adware to penetrate your Mac computer is through bundled installs. You download and install a very useful app that is often free, but in reality, you get several apps. People never read user agreements written in small print. There it can be noted that you agree to install additional tools and provide some rights to them. Whenever you install something, be careful and read user agreements, and do not miss additional unnecessary software. Do not install any software without urgent necessity. Any additional software widens the attack surface. To be able to do bad things, current Mac malware requires users to perform some actions – grant rights. So, be careful with allowing any app to access your data, change settings, etc. One more wise move is to make backups. iCloud or ordinary flash drives will help you not lose your data in case of a system glitch or malware attack. Final advice - do use VPNs. Your connection will be encrypted, and attackers will not be able to find where you are actually located or what data your traffic consists of.

Read More

Wormable, Unpatched Microsoft Bug Threatens Corporate LANs

Article | March 11, 2020

Microsoft is warning on a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol – the same protocol that was targeted by the infamous WannaCry ransomware in 2017.The critical bug (CVE-2020-0796) affects Windows 10 and Windows Server 2019, and was not included in Microsoft’s Patch Tuesday release this week. The bug can be found in version 3.1.1 of Microsoft’s SMB file-sharing system. SMB allows multiple clients to access shared folders and can provide a rich playground for malware when it comes to lateral movement and client-to-client infection. This was played out in version 1 of SMB back in 2017, when the WannaCry ransomware used the NSA-developed EternalBlue SMB exploit to self-propagate rapidly around the world.

Read More

Cybersecurity Must Be Embedded in Every Aspect of Government Technology

Article | March 17, 2020

Cybersecurity has never been more important for every level of our government. The hacking attempts at major federal agencies have raised the profile of nefarious actors who use their highly advanced cyber skills to exploit both security and the vulnerabilities created by human error. Just last month, the Department of Defense confirmed that computer systems controlled by the Defense Information Systems Agency had been hacked, exposing the personal data of about 200,000 people. Additionally, the Department of Justice recently charged four members of the Chinese military for their roles in the 2017 Equifax breach that exposed the information of 145 million Americans. The hackers were accused of exploiting software vulnerability to gain access to Equifax’s computers. They are charged with obtaining log-in credentials that they used to navigate databases and review records.

Read More

Spotlight

Penta IT services

IT infrastructure management specialists, IT maintenance, network security and hosting since 1996. Penta accompanies your business by proposing IT solutions adapted to your size, needs, organization and operations.

Events