Login
Blockchain technology has experienced remarkable adoption in recent years, driven by its use across a broad spectrum of institutions, governments, retail investors, and users. However, this surge in… Read more on Cisco Blogs
Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia’s most destructive ransomware groups, but little more is shared about the accused. Here’s a closer look at the activities of Mr. Ermakov’s alleged hacker handles.
Aleksandr Ermakov, 33, of Russia. Image: Australian Department of Foreign Affairs and Trade.
The allegations against Ermakov mark the first time Australia has sanctioned a cybercriminal. The documents released by the Australian government included multiple photos of Mr. Ermakov, and it was clear they wanted to send a message that this was personal.
It’s not hard to see why. The attackers who broke into Medibank in October 2022 stole 9.7 million records on current and former Medibank customers. When the company refused to pay a $10 million ransom demand, the hackers selectively leaked highly sensitive health records, including those tied to abortions, HIV and alcohol abuse.
The U.S. government says Ermakov and the other actors behind the Medibank hack are believed to be linked to the Russia-backed cybercrime gang REvil.
“REvil was among the most notorious cybercrime gangs in the world until July 2021 when they disappeared. REvil is a ransomware-as-a-service (RaaS) operation and generally motivated by financial gain,” a statement from the U.S. Department of the Treasury reads. “REvil ransomware has been deployed on approximately 175,000 computers worldwide, with at least $200 million paid in ransom.”
The sanctions say Ermakov went by multiple aliases on Russian cybercrime forums, including GustaveDore, JimJones, and Blade Runner. A search on the handle GustaveDore at the cyber intelligence platform Intel 471 shows this user created a ransomware affiliate program in November 2021 called Sugar (a.k.a. Encoded01), which focused on targeting single computers and end-users instead of corporations.
An ad for the ransomware-as-a-service program Sugar posted by GustaveDore warns readers against sharing information with security researchers, law enforcement, or “friends of Krebs.”
In November 2020, Intel 471 analysts concluded that GustaveDore’s alias JimJones “was using and operating several different ransomware strains, including a private undisclosed strain and one developed by the REvil gang.”
In 2020, GustaveDore advertised on several Russian discussion forums that he was part of a Russian technology firm called Shtazi, which could be hired for computer programming, web development, and “reputation management.” Shtazi’s website remains in operation today.
A Google-translated version of Shtazi dot ru. Image: Archive.org.
The third result when one searches for shtazi[.]ru in Google is an Instagram post from a user named Mikhail Borisovich Shefel, who promotes Shtazi’s services as if it were also his business. If this name sounds familiar, it’s because in December 2023 KrebsOnSecurity identified Mr. Shefel as “Rescator,” the cybercriminal identity tied to tens of millions of payment cards that were stolen in 2013 and 2014 from big box retailers Target and Home Depot, among others.
How close was the connection between GustaveDore and Mr. Shefel? The Treasury Department’s sanctions page says Ermakov used the email address ae.ermak@yandex.ru. A search for this email at DomainTools.com shows it was used to register just one domain name: millioner1[.]com. DomainTools further finds that a phone number tied to Mr. Shefel (79856696666) was used to register two domains: millioner[.]pw, and shtazi[.]net.
The December 2023 story here that outed Mr. Shefel as Rescator noted that Shefel recently changed his last name to “Lenin” and had launched a service called Lenin[.]biz that sells physical USSR-era Ruble notes bearing the image of Vladimir Lenin, the founding father of the Soviet Union. The Instagram account for Mr. Shefel includes images of stacked USSR-era Ruble notes, as well as multiple links to Shtazi.
The Instagram account of Mikhail Borisovich Shefel, aka MikeMike aka Rescator.
Intel 471’s research revealed Ermakov was affiliated in some way with REvil because the stolen Medibank data was published on a blog that had one time been controlled by REvil affiliates who carried out attacks and paid an affiliate fee to the gang.
But by the time of the Medibank hack, the REvil group had mostly scattered after a series of high-profile attacks led to the group being disrupted by law enforcement. In November 2021, Europol announced it arrested seven REvil affiliates who collectively made more than $230 million worth of ransom demands since 2019. At the same time, U.S. authorities unsealed two indictments against a pair of accused REvil cybercriminals.
“The posting of Medibank’s data on that blog, however, indicated a connection with that group, although the connection wasn’t clear at the time,” Intel 471 wrote. “This makes sense in retrospect, as Ermakov’s group had also been a REvil affiliate.”
It is easy to dismiss sanctions like these as ineffective, because as long as Mr. Ermakov remains in Russia he has little to fear of arrest. However, his alleged role as an apparent top member of REvil paints a target on him as someone who likely possesses large sums of cryptocurrency, said Patrick Gray, the Australian co-host and founder of the security news podcast Risky Business.
“I’ve seen a few people poo-poohing the sanctions…but the sanctions component is actually less important than the doxing component,” Gray said. “Because this guy’s life just got a lot more complicated. He’s probably going to have to pay some bribes to stay out of trouble. Every single criminal in Russia now knows he is a vulnerable 33 year old with an absolute ton of bitcoin. So this is not a happy time for him.”
Update, Feb. 21, 1:10 p.m. ET: The Russian security firm F.A.C.C.T reports that Ermakov has been arrested in Russia, and charged with violating domestic laws that prohibit the creation, use and distribution of malicious computer programs.
“During the investigation, several defendants were identified who were not only promoting their ransomware, but also developing custom-made malicious software, creating phishing sites for online stores, and driving user traffic to fraudulent schemes popular in Russia and the CIS,” F.A.C.C.T. wrote. “Among those detained was the owner of the nicknames blade_runner, GistaveDore, GustaveDore, JimJones.”
The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.
Under a new order from the Cybersecurity and Infrastructure Security Agency (CISA), federal agencies will have 14 days to respond to any reports from CISA about misconfigured or Internet-exposed networking equipment. The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration.
The order requires federal departments to limit access so that only authorized users on an agency’s local or internal network can reach the management interfaces of these devices. CISA’s mandate follows a slew of recent incidents wherein attackers exploited zero-day flaws in popular networking products to conduct ransomware and cyber espionage attacks on victim organizations.
Earlier today, incident response firm Mandiant revealed that since at least October 2022, Chinese cyber spies have been exploiting a zero-day vulnerability in many email security gateway (ESG) appliances sold by California-based Barracuda Networks to hoover up email from organizations using these devices.
Barracuda was alerted to the exploitation of a zero-day in its products in mid-May, and two days later the company pushed a security update to address the flaw in all affected devices. But last week, Barracuda took the highly unusual step of offering to replace compromised ESGs, evidently in response to malware that altered the systems in such a fundamental way that they could no longer be secured remotely with software updates.
According to Mandiant, a previously unidentified Chinese hacking group was responsible for exploiting the Barracuda flaw, and appeared to be searching through victim organization email records for accounts “belonging to individuals working for a government with political or strategic interest to [China] while this victim government was participating in high-level, diplomatic meetings with other countries.”
When security experts began raising the alarm about a possible zero-day in Barracuda’s products, the Chinese hacking group altered their tactics, techniques and procedures (TTPs) in response to Barracuda’s efforts to contain and remediate the incident, Mandiant found.
Mandiant said the attackers will continue to change their tactics and malware, “especially as network defenders continue to take action against this adversary and their activity is further exposed by the infosec community.”
Meanwhile, this week we learned more details about the ongoing exploitation of a zero-day flaw in a broad range of virtual private networking (VPN) products made by Fortinet — devices many organizations rely on to facilitate remote network access for employees.
On June 11, Fortinet released a half-dozen security updates for its FortiOS firmware, including a weakness that researchers said allows an attacker to run malware on virtually any Fortinet SSL VPN appliance. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.
“This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted. “Patch your #Fortigate.”
In details published on June 12, Fortinet confirmed that one of the vulnerabilities (CVE-2023-27997) is being actively exploited. The company said it discovered the weakness in an internal code audit that began in January 2023 — when it learned that Chinese hackers were exploiting a different zero-day flaw in its products.
Shodan.io, the search engine made for finding Internet of Things devices, reports that there are currently more than a half-million vulnerable Fortinet devices reachable via the public Internet.
The new cybersecurity directive from CISA orders agencies to remove any networking device management interfaces from the internet by making them only accessible from an internal enterprise network (CISA recommends an isolated management network). CISA also says agencies should “deploy capabilities, as part of a Zero Trust Architecture, that enforce access control to the interface through a policy enforcement point separate from the interface itself (preferred action).”
Security experts say CISA’s directive highlights the reality that cyberspies and ransomware gangs are making it increasingly risky for organizations to expose any devices to the public Internet, because these groups have strong incentives to probe such devices for previously unknown security vulnerabilities.
The most glaring example of this dynamic can be seen in the frequency with which ransomware groups have discovered and pounced on zero-day flaws in widely-used file transfer applications. One ransomware gang in particular — Cl0p — has repeatedly exploited zero day bugs in various file transfer appliances to extort tens of millions of dollars from hundreds of ransomware victims.
On February 2, KrebsOnSecurity broke the news that attackers were exploiting a zero-day vulnerability in the GoAnywhere file transfer appliance by Fortra. By the time security updates were available to fix the vulnerability, Cl0p had already used it to steal data from more than a hundred organizations running Fortra’s appliance.
According to CISA, on May 27, Cl0p began exploiting a previously unknown flaw in MOVEit Transfer, a popular Internet-facing file transfer application. MOVEit parent Progress Software has since released security updates to address the weakness, but Cl0p claims to have already used it to compromise hundreds of victim organizations. TechCrunch has been tracking the fallout from victim organizations, which range from banks and insurance providers to universities and healthcare entities.
The always on-point weekly security news podcast Risky Business has recently been urging organizations to jettison any and all FTP appliances, noting that Cl0p (or another crime gang) is likely to visit the same treatment on other FTP appliance vendors.
But that sound advice doesn’t exactly scale for mid-tier networking devices like Barracuda ESGs or Fortinet SSL VPNs, which are particularly prominent in small to mid-sized organizations.
“It’s not like FTP services, you can’t tell an enterprise [to] turn off the VPN [because] the productivity hit of disconnecting the VPN is terminal, it’s a non-starter,” Risky Business co-host Adam Boileau said on this week’s show. “So how to mitigate the impact of having to use a domain-joined network appliance at the edge of your network that is going to get zero-day in it? There’s no good answer.”
Risky Business founder Patrick Gray said the COVID-19 pandemic breathed new life into entire classes of networking appliances that rely on code which was never designed with today’s threat models in mind.
“In the years leading up to the pandemic, the push towards identity-aware proxies and zero trust everything and moving away from this type of equipment was gradual, but it was happening,” Gray said. “And then COVID-19 hit and everybody had to go work from home, and there really was one option to get going quickly — which was to deploy VPN concentrators with enterprise features.”
Gray said the security industry had been focused on building the next generation of remote access tools that are more security-hardened, but when the pandemic hit organizations scrambled to cobble together whatever they could.
“The only stuff available in the market was all this old crap that is not QA’d properly, and every time you shake them CVEs fall out,” Gray remarked, calling the pandemic, “a shot in the arm” to companies like Fortinet and Barracuda.
“They sold so many VPNs through the pandemic and this is the hangover,” Gray said. “COVID-19 extended the life of these companies and technologies, and that’s unfortunate.”
As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. In my role, I regularly engage with CISOs in all kinds of sectors, representatives at industry bodies, and experts at analyst houses. This gives me an invaluable macroview not only of how the last 12 months have affected organizations and what CISOs are thinking about, but also how the upcoming year is shaping up.
Using this information, last year I wrote a blog summing up the nine top of mind issues I believed will most impact CISOs as we headed into 2022. Many of them still ring true now and will continue to do so, but some new concerns have risen up the agenda. Here are the topics that I think will be top of mind in 2023, and what CISOs can do to prepare.
One aspect that has come to the fore this year is the CISO’s position as ‘guardian of customers’ private data’ in the event of a breach, and their responsibilities over the level of disclosure they later provide. And here, we are not only talking about the legal duty to inform regulators, but the implicit moral duty to inform third parties, customers, etc. From my conversations this year, this whole area is getting CISOs thinking about their own personal liability more.
As a result of this, next year we could see CISOs tightening up the disclosure decision making process, focusing on quicker and greater clarity on breach impact, and even looking to include personal liability cover in cyber insurance contracts. CISOs will also likely be pushing more tabletop exercises with the executive leadership team to ask and answer questions around what is showed, to whom, and by whom.
Cyber insurance has become a newsworthy topic over the last 24 months, mainly due to the hardening of the market, as insurance products have become less profitable for underwriters and insurers’ costs have risen. But the topic will continue to be in focus as we move into 2023, with insurers demanding greater attribution – aka the science of identifying the perpetrator of a cybercrime by comparing the evidence gathered from an attack with evidence gathered from earlier attacks that have been attributed to known perpetrators to find similarities.
The need for greater attribution stems from the news that some insurers are announcing that they are not covering nation state attacks, including major marketplace for insurance and reinsurance, Lloyd’s – a topic I covered with colleague and co-author Martin Lee, in this blog earlier in the year.
Greater preparation and crystal-clear clarity of the extent to which attribution has taken place when negotiating contracts will be an essential element for CISOs going forward. For more practical advice on this topic, I also wrote a blog on some of the challenges and opportunities within the cyber liability insurance market back in June which you can read here.
Being a CISO has never been more complex. With more sophisticated attacks, scarcity of resources, the challenges of communicating effectively with the board, and more demanding regulatory drivers like the recently approved NIS2 in the EU, which includes a requirement to flag incidents that cause a significant financial implication or operational disruption to the service or to others within 24 hours.
With so much to consider, it is vital that CISOs have a clear understanding of the core elements of what they protect. Questions like ‘where is the data?’, ‘who is accessing it?’, ‘what applications is the organization using?’, ‘where and what is in the cloud?’ will continue to be asked, with an overarching need to make management of the security function more flexible and simpler for the user. This visibility will also inevitably help ease quicker decision making and less of an operational overhead when it comes to regulatory compliance, so the benefits of asking these questions are clear.
According to Forrester, the term Zero Trust was born in 2009. Since then, it has been used liberally by different cybersecurity vendors – with various degrees of accuracy. Zero Trust implementations, while being the most secure approach a firm can take, are long journeys that take multiple years for major enterprises to carry out, so it is vital that they start as they mean to go on. But it is clear from the interactions we have had that many CISOs still don’t know where to start, as we touched on in point #3.
However, that can be easier said than done in many cases, as the principles within Zero trust fundamentally turn traditional security methods on their head, from protecting from the outside in (guarding your company’s parameter from external threats) to protecting from in the inside out (guarding individual assets from all threats, both internal and external). This is particularly challenging for large enterprises with a multitude of different silos, stakeholders and business divisions to consider.
The key to success on a zero-trust journey is to set up the right governance mode with the relevant stakeholders and communicate all changes. It is also worth taking the opportunity to update their solutions via a tech refresh which has a multitude of benefits, as explained in our most recent Security Outcomes Study (volume 2).
For more on where to start check out our eBook which explores the five phases to achieving zero trust, and if you have already embarked on the journey, read our recently published Guide to Zero Trust Maturity to help you find quick wins along the way.
As with last year, ransomware continues to be the main tactical issue and concern facing CISOs. More specifically, the uncertainty around when and how an attack could be launched against the organization is a constant threat.
Increased regulation on the payment of ransomware and declaring payments is predicted, on top of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Ransom Disclosure Act, but that doesn’t help alleviate ransomware worries, especially as this will again put the CISO in the firing line.
CISOs will continue to keep a focus on the core basics to prevent or limit the impact of an attack, and again have a closer look at how any ransomware payment may or may not be paid and who will authorize payment. For more on how executives can prepare for ransomware attacks, read this blog from Cisco Talos.
Traditionally CISOs have talked about the importance of improving security awareness which has resulted in the growth of those test phishing emails we all know and love so much. Joking aside, there is increased discussion now about the limited impact of this approach, including this in depth study from the computer science department of ETH Zurich.
The study, which was the largest both in terms of scale and length at time of publishing, revealed that ‘embedded training during simulated phishing exercises, as commonly deployed in the industry today, does not make employees more resilient to phishing, but instead it can have unexpected side effects that can make employees even more susceptible to phishing’.
For the most effective security awareness, culture is key. This means that everyone should see themselves as part of the security team, like the approach that has been taken when approaching the issue of safety in many high-risk industries. In 2023, CISOs will now be keen to bring about a change to a security culture by making security inclusive, looking to create security champions within the business unit, and finding new methods to communicate the security message.
Last year, we talked about preparing for the ‘great resignation’ and how to prevent staff leaving as WFH became a norm rather than an exception. In the past year, the conversations I have had have altered to focus on how to ensure recruitment and retention of key staff within the business by ensuring they work in an environment that supports their role.
Overly restrictive security practices, burdensome security with too many friction points, and limitations around what resources and tools can be used may deter the best talent from joining – or indeed staying – with an organization. And CISOs don’t need that extra worry of being the reason behind that kind of ‘brain drain’. So, security will need to focus on supporting the introduction of flexibility and the ease of user experience, such as passwordless or risk-based authentication.
Just when we thought it was safe to go back into the organization with MFA protecting us, along came methods of attack that rely on push-based authentication vulnerabilities including:
There has been a lot written about this kind of technique and how it works (including guidance from Duo) due to some recent high-profile cases. So, in the forthcoming year CISOs will look to update their solutions and introduce new ways to authenticate, along with increased communications to users on the topic.
This issue was highlighted again this year driven by regulations in different sectors such as the UK Telecoms (Security) Act which went live in the UK in November 2022 and the new EU regulation on digital operational resilience for financial services firms (DORA), which the European Parliament voted to adopt, also in November 2022. Both prompt greater focus on compliance, more reporting and understanding the dependency and interaction organizations have with the supply chain and other third parties.
CISOs will focus on obtaining reassurance from third parties as to their posture and will receive a lot of requests from others about where their organization stands, so it is crucial more robust insight into third parties is gained, documented, and communicated.
When writing this blog, and comparing it to last year’s, the 2023 top nine topics fit into three categories. Some themes make a reappearance, seem to repeat themselves such as the need to improve security’s interaction with users and the need to keep up to date with digital change. Others appear as almost incremental changes to current capabilities such as an adjusted approach to MFA to cope with push fatigue. But, perhaps one of the most striking differences to previous years is the new focus on the role of the CISO in the firing line and the personal impact that may have. We will of course continue to monitor all changes over the year and lend our viewpoint to give guidance. We wish you a secure and prosperous new year!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Attackers specifically craft business email compromise (BEC) and phishing emails using a combination of malicious techniques, expertly selected from an ever-evolving bag of tricks. They’ll use these techniques to impersonate a person or business that’s well-known to the targeted recipient and hide their true intentions, while attempting to avoid detection by security controls.
As a result of the requisite expertise needed to combat these complex attacks, email security has traditionally been siloed away in disparate teams and security controls. Practitioners are buried under an ever-growing pile of RFCs, requiring extensive domain-specific knowledge, unending vigilance, and meticulous manual interventions, such as tweaking trust levels and cultivating allow/block lists with IPs, domains, senders, and vendors.
Cisco Secure Email Threat Defense is leading the industry forward with a major shift, elevating email security into a new era; where administration will consist of merely associating specific business risks with the appropriate due diligence response required to remediate against them.
Email Threat Defense has introduced a new Threat Profile that provides the customer with deep insights into the specific business risks of individual email threats and the confidence to act quickly. This new visualization is powered by a new patent-pending threat detection engine. This engine leverages intelligence distilled from Talos global-scale threat research across a massive volume of email traffic into machine learning, behavioral modeling, and natural language understanding.
The detection engine granularly identifies specific underlying threat techniques utilized in the message by the attacker. The identified techniques provide the full context of the threat message as the supporting foundation for the engine to determine threat categorization and the specific risk to the business. These malicious Techniques, together with the threat category and specific business risk, are used to populate the Threat Profile.
Each message’s Threat Profile is identified in real-time, automatically remediated per policy, and surfaced directly to the operator in the message detail views, providing deep contextual insights into the attacker’s intent and the associated risks to the business. As part of a larger Extended Detection and Response (XDR) strategy, the actionable intelligence in Email Threat Defense is integrated with the wider enterprise orchestration of security controls via SecureX, easing the operational burden by decreasing your mean time to remediation (MTTR).
Email Threat Defense delivers a distinct understanding of malicious messages, the most vulnerable targets within the organization, and the most effective means of protecting them from phishing, scams, and BEC attacks. With a clean design and core focus on simplifying administration, Email Threat Defense deploys in minutes to strengthen protection of your existing Microsoft 365 Exchange Online platform against the most advanced email threats.
For more information, visit the Cisco Secure Email product pages, read the Email Threat Defense data sheet, and view the demo video below.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cyber security implies protecting the confidentiality, availability and integrity of computer systems and networks. Often security researchers and security teams focus on threats to software and the risks associated with authenticating and managing users. However, computing systems are built upon a tall stack of computing resources.
Each layer within the stack is exposed to specific threats which need to be considered as part of a cyber security strategy. As the threat landscape evolves and exposure to risk changes, organizations need to review their threat exposure and consider if current mitigations are sufficient for their needs.
The recent disruption of the Nord Stream submarine gas pipeline in the Baltic Sea by an apparent act of sabotage highlights the risks to infrastructure located beneath the waves. The telecommunications infrastructure that carries internet traffic between countries and continents is often provided by submarine cables. These cables are relatively few in number but carry vast amounts of internet and enterprise traffic, potentially from many different service providers.
The seabed is a challenging environment for infrastructure. Sea water is corrosive, the pressure on the ocean floor can be extreme, while earthquakes, ship’s anchors and dredging provide additional risks to may result in the severing of a cable. Submarine cables are only expected to achieve a lifespan in the region of 25 years before failure.
Repairing or replacing a submarine cable is expensive and time consuming. It may be many months before a failed cable can be repaired or replaced. In the absence of a functioning cable, internet connections must be rerouted to avoid disruption. However, this risks saturating the remaining infrastructure and adversely affecting the quality of connections.
Organizations that require high availability international or intercontinental network connections should review their exposure to the risk of submarine cables failure. The nature of this risk will depend on how services are currently delivered.
At the time of writing there is no specific threat to undersea infrastructure. Other than attacks against terrestrial cables, no cable damage has been shown to be due to sabotage. Nevertheless, the Secretary General of NATO has stressed the importance of undersea cables to civilian society and military capability [1]. The British Chief of Defense Staff has warned how seriously intentional damage to telecommunications cables would be taken [2].
Physical infrastructure can not be taken for granted. Organizations would do well to review the impact of one or more submarine cables being taken out of service. Preparing response plans and contingencies in advance ensures that disruption is kept to a minimum in the event that such a scenario occurs.
[1]. Press Conference (22 Oct 2020), NATO Secretary General Jens Stoltenberg.
https://www.nato.int/cps/en/natohq/opinions_178946.htm?selectedLocale=en
[2]. “Chief of Defence Staff: Russia cutting underwater cables could be ‘an act of war’” (8 Jan 2022), Forces.net.
https://www.forces.net/news/chief-defence-staff-russia-cutting-underwater-cables-could-be-act-war
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Scott Heider is a manager within the Cisco Security Visibility and Incident Command team that reports to the company’s Security & Trust Organization. Primarily tasked with helping to keep the integration of an acquired company’s solutions as efficient as possible, Heider and his team are typically brought into the process after a public announcement of the acquisition has already been made. This blog is the final in a series focused on M&A cybersecurity, following Dan Burke’s post on Making Merger and Acquisition Cybersecurity More Manageable.
Mergers and acquisitions (M&A) are complicated. Many factors are involved, ensuring cybersecurity across the entire ecosystem as an organization integrates a newly acquired company’s products and solutions—and personnel—into its workstreams.
Through decades of acquisitions, Cisco has gained expertise and experience to make its M&A efforts seamless and successful. This success is in large part to a variety of internal teams that keep cybersecurity top of mind throughout the implementation and integration process.
“Priority one for the team,” says Heider, “is to balance the enablement of business innovation with the protection of Cisco’s information and systems. Because Cisco is now the ultimate responsible party of that acquisition, we make sure that the acquisition adheres to a minimum level of security policy standards and guidelines.”
The team looks at the acquired company’s security posture and then partners with the company to educate and influence them to take necessary actions to achieve Cisco’s security baseline.
That process starts with assessing the acquired company’s infrastructure to identify and rate attack surfaces and threats. Heider asks questions that help identify issues around what he calls the four pillars of security, monitoring, and incident response:
The infrastructure that Heider’s team evaluates isn’t just the company’s servers and data center infrastructure. It can also include the systems the acquisition rents data center space to or public cloud infrastructure. Those considerations further complicate security and must be assessed for threats and vulnerabilities.
Once Heider’s team is activated, they partner with the acquired company and meet with them regularly to suggest areas where that acquisition can improve its security posture and reduce the overall risk to Cisco.
Identifying and addressing risk is critical for both sides of the table, however, not just for Cisco. “A lot of acquisitions don’t realize that when Cisco acquires a company, that organization suddenly has a bigger target on its back,” says Heider. “Threat actors will often look at who Cisco is acquiring, and they might know that that company’s security posture isn’t adequate—because a lot of times these acquisitions are just focused on their go-to-market strategy.”
Those security vulnerabilities can become easy entry points for threat actors to gain access to Cisco’s systems and data. That’s why Heider works so closely with acquisitions to gain visibility into the company’s environment to reduce those security threats. Some companies are more focused on security than others, and it’s up to Heider’s team to figure out what each acquisition needs.
“The acquisition might not have an established forensics program, for instance, and that’s where Cisco can come in and help out,” Heider says. “They might not have tools like Stealthwatch or NetFlow monitoring, or Firepower for IDS/IPS operations.”
When Heider’s team can bring in their established toolset and experienced personnel, “that’s where the relationship between my team and that acquisition grows because they see we can provide things that they just never thought about, or that they don’t have at their disposal,” he says.
One of the most important factors in a successful acquisition, according to Heider, is to develop a true partnership with the acquired company and work with the new personnel to reduce risk as efficiently as possible—but without major disruption.
Cisco acquires companies to expand its solution offerings to customers, so disrupting an acquisition’s infrastructure or workflow would only slow down its integration. “We don’t want to disrupt that acquisition’s processes. We don’t want to disrupt their people. We don’t want to disrupt the technology,” says Heider. “What we want to do is be a complement to that acquisition, – that approach is an evolution, not a revolution.”
The focus on evolution can sometimes result in a long process, but along the way, the teams come to trust each other and work together. “They know their environment better than we do. They often know what works—so we try to learn from them. And that’s where constant discussion, constant partnership with them helps them know that we are not a threat, we’re an ally,” says Heider. “My team can’t be everywhere. And that’s where we need these acquisitions to be the eyes and ears of specific areas of Cisco’s infrastructure.”
Training is another way Heider, and his team help acquisitions get up to speed on Cisco’s security standards. “Training is one of the top priorities within our commitments to both Cisco and the industry,” Heider says. “That includes training in Cisco technologies, but also making sure that these individuals are able to connect with other security professionals at conferences and other industry events.”
When asked what advice he has for enterprises that want to maintain security while acquiring other companies, Heider has a few recommendations.
Having the right security agents and clear visibility into endpoints is critical. As is inputting the data logs of those endpoints into a security event and incident management (SEIM) system. That way, explains Heider, you have visibility into your endpoints and can run plays against those logs to identify security threats. “We’ll reach out to the asset owner and say they might have malware on their system—which is something nobody wants to hear,” says Heider. “But that’s what the job entails.”
Often, end users don’t know that they’re clicking on something that could have malware on it. Heider says user education is almost as important as visibility into endpoints. “Cisco really believes in training our users to be custodians of security, because they’re safeguarding our assets and our customers’ data as well.”
End users should be educated about practices such as creating strong passwords and not reusing passwords across different applications. Multi-factor authentication is a good practice, and end users should become familiar with the guidelines around it.
Updating software and systems is a never-ending job, but it’s crucial for keeping infrastructure operating. Sometimes, updating a system can weaken security and create vulnerabilities. Enterprises must maintain a balance between enabling business innovation and keeping systems and data secure. Patching systems can be challenging but neglecting the task can also allow threat actors into a vulnerable system.
Heider says public cloud operations can be beneficial because you’re transferring ownership liability operations to a third party, like Amazon Web Services or Google Cloud platform. “The only caveat,” he says, “is to make sure you understand that environment before you go and put your customer’s data on it. You might make one false click and expose your certificates to the Internet.”
Heider says that while a big part of his job is helping acquisitions uplevel their security domain to meet baseline security requirements, there’s always the goal to do even better. “We don’t want to be just that baseline,” he says. His team has learned from acquisitions in the past and taken some of those functionalities and technologies back to the product groups to make improvements across Cisco’s solutions portfolio.
“We’re customer zero – Cisco is Cisco’s premier customer,” says Heider, “because we will take a product or technology into our environment, identify any gaps, and then circle back to product engineering to improve upon it for us and our customers.”
Managing Cybersecurity Risk in M&A
Demonstrating Trust and Transparency in Mergers and Acquisitions
When It Comes to M&A, Security Is a Journey
Making Merger and Acquisition Cybersecurity More Manageable
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Dan Burke is the director of strategy, risk, and compliance for AppDynamics, a company acquired by Cisco in 2017. Burke and his team are a vital part of the Cisco acquisition process in helping acquired companies adhere to a higher level of cybersecurity. This blog is the fourth in a series focused on M&A cybersecurity, following Shiva Persaud’s post on When It Comes to M&A, Security Is a Journey.
Part of the secret to Cisco’s success is its ability to acquire companies that strengthen its technology portfolio and securely integrate them into the larger organization. From the outside, that process might appear seamless—consider Webex or Duo Security, for instance—but a fruitful acquisition takes tremendous work by multiple cross-functional teams, mainly to ensure the acquired company’s solutions and products meet Cisco’s rigorous security requirements.
“My team is responsible for aligning new acquisitions to Cisco controls to maintain our compliance with SOC2 and FedRAMP, as well as other required certifications,” says Burke.
When Cisco acquires a new company, it conducts an assessment and produces a security readiness plan (SRP) document. The SRP details the identified weaknesses and risks within that company and what they need to fix to meet Cisco standards.
“In the past, my team wouldn’t find out about an acquisition until they received a completed SRP. The downside of this approach was that the assessments and negotiations had been done without input from our group of experts, and target dates for resolution had already been decided on,” shares Burke.
“We needed to be involved in the process before the SRP was created to understand all risks and compliance issues in advance. Now we have a partnership with the Cisco Security and Trust M&A team and know about an acquisition months before we can start working to address risks and other issues—before the SRP is completed and the due dates have been assigned,” Burke adds.
“Another issue resolved in this process change is that Cisco can gain earlier access to the people in the acquired company who know the security risks of their solutions. During acquisitions, people will often leave the company, taking with them their institutional knowledge, resulting in Cisco having to start from scratch to identify and assess the risks and determine how best to resolve them as quickly as possible,” says Burke. “It could be vulnerabilities in physical infrastructure or software code or both. It could be that the company isn’t scanning often enough, or they don’t have SOC 2 or FedRAMP certification yet—or they’re not using Cisco’s tools.”
“Third-party vendors and suppliers can also present an issue,” he adds. “One of the biggest risk areas of any company is outside vendors who have access to a company’s data. It’s vital to identify who these vendors are and understand the level of access they have to data and applications. The earlier we know all these things, the more time we must devise solutions to solve them.”
“Now that I’m in the process earlier, I can build a relationship with the people who have the security knowledge—before they leave. If I can understand their mindset and how all these issues came about, I can help them assimilate more easily into the bigger Cisco family,” says Burke.
The additional benefits of bringing teams in earlier are reduced risk and compliance requirements can be met earlier. It also provides a smoother transition for the company being acquired and ensures they meet the security requirements that customers expect when using their technology solutions.
“Without that early involvement, we might treat a low-risk issue as high risk, or vice versa. The misclassification of risk is extremely dangerous. If you’re treating something as high risk, that’s low risk, and you’re wasting people’s time and money. But if something’s high risk and you’re treating it as low risk, then you’re in danger of harming your company,” Burke shares.
“The key is to involve their risk, compliance, and security professionals from the beginning. I think other companies keep the M&A process so closely guarded, to their detriment. I understand the need for privacy and to make sure deals are confidential but bringing us in earlier was an advantage for the M&A team and us,” Burke adds.
When asked what he thinks makes Cisco successful in M&A, Burke says, “Cisco does an excellent job of assimilating everyone into the larger organization. I have worked at other companies where they kept their acquisitions separate, which means you have people operating separately with different controls for different companies. That’s not only a financial burden but also a compliance headache.”
“That’s why Cisco tries to drive all its acquisitions through our main programs and controls. It makes life easier for everyone in terms of compliance. With Cisco, you have that security confidence knowing that all these companies are brought up to their already very high standards, and you can rely on the fact that they don’t treat them separately. And when an acquisition has vulnerabilities, we identify them, set out a remediation path, and manage the process until those risks are resolved,” Burke concludes.
Managing Cybersecurity Risk in M&A
Demonstrating Trust and Transparency in Mergers and Acquisitions
When It Comes to M&A, Security Is a Journey
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Sometimes in order to move forward effectively, it’s good to take stock of where we’ve been. In this blog, we’ll review a concept that has been foundational to networking and cybersecurity from the beginning: the session. Why focus on the session? As the philosophy of Zero Trust is adopted more broadly in the security industry, it’s important to understand the building blocks of access. The session is a fundamental component of access to any resource.
To get things started, let’s start with a definition. A simple definition of a session might be: “a period of time devoted to a particular activity.” Not so bad, but the complexity for internet and network security springs from scoping the “particular activity.”
The internet exists on top of a standardized suite of protocols that govern how data can be transmitted or exchanged between different entities. This suite, now generally referred to as the TCP/IP stack, is comprised of four distinct layers that delineate how data flows between networked resources. This is where the scoping of a session becomes obscure. The “particular activity” could refer to the network layer, which is responsible for establishing communications between the actual physical networks. Or, perhaps the activity refers to the Internet layer, which ensures the packets of data reach their destinations across network boundaries. The activity could also be the transport layer, responsible for the reliability of end-to-end communication across the network. It could also be referencing the application layer, the highest layer of the TCP/IP stack, which is responsible for the interface and protocols used by applications and users. For the familiar, these layers were originally defined in the OSI model.
This layering framework works well for establishing the distinct session types and how we can begin to protect them. However, the rise of cloud-based services means we must now also look at how sessions are defined in relation to the cloud — especially as we look to provide security and access controls. At the application layer, we now have client devices with web browsers and applications that communicate to a cloud service. Additionally, cloud services can be one or a combination of SaaS, PaaS and IaaS, each defining their own session and thus access.
With all the different classes of sessions, there are different mechanisms and protocols by which authentication and authorization are employed to eventually provide that access. All sessions use some type of account or credential to authenticate and evaluate a set of variables to determine authorization or access. Some of these variables may also be similar across different sessions. For example, an enterprise may evaluate the device’s security posture (e.g. it is running the latest OS patches) as a variable to grant access at both the network and application layer. Similarly, the same username and password may be used across different session layers.
However, each layer might also use distinct and specific variables to evaluate the appropriate access level. For instance, the network interface layer may want to ensure cryptographic compliance of the network interfaces. A cloud service may evaluate geographical or regional compliance. The common practice today is to have every session layer act alone to make its own access decision.
Let’s take a step back and review.
Now, let’s explore something new: what if the variables and access evaluation outcomes were shared seamlessly across session layers?
What if recent network context and activity were used to inform cloud access decisions? Or, recent user access decisions across the network layers be used to inform cloud application controls? Think about the enhanced resilience provided if network-based risk signal like packet information could be appropriately mapped and shared with the cloud application layer. Sharing information across session boundaries provides more robust fulfillment of Zero Trust principles by striving to evaluate security context as holistically as possible at the time of access.
In order to build a future where security decisions are informed by broader and continuous context, we’ll need tools and protocols that help us bridge tools and map data across them. To provide improved access and security, both the bridge and the correct mapping must be in place. It’s one thing to get the data transferred to another tool, it’s quite another to map that data into relevance for the new tool. For example, how do we map a privileged application credential to a device? And, then how do we map relevant context across systems?
The good news is that work is starting to enable a future where regardless of session definition, security context can be mapped and shared. Protocols such as the Shared Signals and Events and the Open Policy Agent are evolving to enable timely and dynamic signal sharing between tools, but they are nascent and broader adoption is required. Cisco has already contributed a technical reference architecture as a guide for Shared Signals and Events. We hope that by accelerating the adoption of these standards the industry gets one step closer to actively sharing relevant security context across OSI layers. While the road ahead won’t be easy, we think the sharing signals will make for a more resilient and robust security future.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
It’s a question I get several times a year from anxious parents, either via a direct message, an email or even in line at the grocery store. It goes something like this: “What’s the one thing you wish you’d done better when monitoring your kids’ technology?”
Both of my kids are now young adults, and together, we survived a handful of digital mishaps. So, I tend to have a few answers ready. I’ll go into one of those answers in this post, and here it is: I’d physically pick up their phone more often and ask questions about the apps I didn’t recognize.
And here’s why.
There are the apps on your child’s phone that are familiar. They are the easy ones. We know what color they are, what their graphic avatars look like — the little ghost on the yellow background, the little bird, the camera on the bright purple and orange background. We may have gone through the app together or even use one or two of the apps ourselves. There’s Snapchat, TikTok, Twitter, YouTube, WhatsApp, Kik, and Instagram, among others. There are the mainstay photo apps (VSCO, Facetune, PicsArt) and games (The Sims, Fortnite, Minecraft). We may not like all the apps, but we’ve likely talked about the risks and feel comfortable with how your kids use them. With general recognition, it’s easy to have a false sense of security about what apps our kids are using.
Then, there are the apps on your child’s phone you know nothing about — and there are plenty. Rather than dismiss your concern because you don’t understand the app or because you may not have the energy to start an argument, next time, think about pausing to take a closer look. If you have concerns, address them sooner rather than later.
Here are just a few of the non-mainstream apps that kids use that may not be on your radar but may need a second look. Note: Every app has the potential to be misused. The apps mentioned here are also used every day for connection, entertainment, and harmless fun. Here are just a few this author has had experience with, and others commonly documented in the media.
Quick Tip: It’s possible a child might bury an app inside a folder or behind other apps on their home screens, making it harder to find. By going into settings in either iOS (Settings > General > iPhone Storage) or Android (Google Play Store > Apps >All), you can usually get a quick view of all the apps that exist on a phone.
Almost every app has privacy gaps if settings and monitoring are neglected. However, apps such as Live.Me, Game Pigeon, and Zoomerang (among many others) may have loopholes when it comes to age verification, location tracking, and gaps in personal data security. These gaps can give potential predators access to kids and increases opportunities for cyberbullying.
Safe Family Tip: Sit down with your kids, go through any unfamiliar apps, and use parental controls to monitor all family device activity.
If a child wants to keep activity or content secret from a parent, they will likely find a way. Some of the apps kids use to hide games, photos, or texts are encryption apps (apps that scramble content to outside sources) such as WhatsApp, Proton VPN, ProtonMail, Telegram, and Signal. Other secrecy apps are called vault apps (apps that can be disguised, hidden, or locked), such as Calculator, Vault, HideItPro, App Locker, and Poof.
Safe Family Tip: If you find one of these apps on your child’s phone, stay calm. Kids want privacy, which is normal. However, if the content you see is risky, remind your child that no content is 100% private, even if it’s in a vault app. In addition, commit to the ongoing dialogue that strengthens trust and together, considers setting safety expectations for devices, which may include parental controls.
Some apps, especially dating-type apps, require users to allow geotagging to connect you with people in your area. Yubo, which is an app like Tinder, is one your kids may be using that requires location to use it. Live.Me is another geotagging app.
Safe Family Tip: Go over the reasons location apps (and dating apps) are dangerous with your child. Sharing their location and meeting In Real Life (IRL) has become the norm to many kids. Remind them of the risks of this kind of behavior and together, put new boundaries in place.
The web is full of sketchy, dark pockets kids can stumble into. They can hear about a community forum or app from a friend and be wowed simply because it’s different and edgy. While there are plenty of harmless conversations taking place on these apps, spaces such as Discord, Reddit, and Twitch have reportedly housed communities’ extreme ideologies that target vulnerable kids.
Safe Family Tip: Be aware of behavior changes. Talk with your kids about the wide range of ideals and agendas promoted online, how to think critically about conversations and content, and most importantly, how to spot these communities.
Anonymity online is problematic for a plethora of reasons. Apps such as Yolo, Tumblr, and Tellonym, Omegle, YikYak, Whisper, LMK, MeetMe, are just a few of those apps to look for. Many of these apps are chat apps used to eventually meet up with new friends in real life (IRL). However, when apps allow anonymous accounts, it’s almost impossible to trace inappropriate content, threats, or bullying incidents.
Safe Family Tip: Kids get excited about making friends and having new experiences— so much so, they can ignore potential consequences. Discuss issues that may arise (catfishing, sextortion, scams, bullying) when people hide behind anonymous names and profiles. If needed, give real examples from the news where these apps have been connected to tragic outcomes.
Several apps and online communities have been connected to violence, hate content, intolerance, and fanaticism. A few of these sites include 4Chan, 8Chan, AnyChan, Gab, SaidIt.Net, and 8Kun, among many others.
Safe Family Tip: Note any behavior changes in your child. Talk often about digital literacy and being a responsible publisher (and consumer) of media online.
Staying in step with your child’s latest and greatest app affinity isn’t easy, and every parent makes mistakes in how they approach the task. However, kids of all ages (no matter how tech-savvy they are) need boundaries, expectations, and consistent and honest dialogue when it comes to digital habits and staying safe online. If you don’t know where to start (or start over), one first step is to start today and commit to staying aware of the digital risks out there. In addition, make time to have regular, open conversations with your child about their favorite apps — the ones you know about and the ones you may not.
The post Potentially Malicious Apps Your Kids May Use appeared first on McAfee Blogs.
Most of us have fond summer memories of hanging out with friends in a secret clubhouse. However, this isn’t that. While the word clubhouse stirs up instant feelings of belonging to a group of friends, the digital Clubhouse app, we’re referencing is a meeting hub for users over 18. Currently, still in its beta phase, Clubhouse is by invitation only. This exclusivity is also what makes it somewhat irresistible for tweens and teens looking for a new place to meet with friends.
Clubhouse is an all-audio social network; kind of like a podcast meets a group phone call. Guests may drop in and even speak if they raise their hand are unmuted by the speaker. Speakers create “rooms” each with different topics and invite people to join in on that discussion.
The app found its wings as a fun place to connect during the pandemic. Mom groups, business roundtables, staff meetings, political groups, think tanks, and hobbyists flocked to connect on the app and still do. The topics are plentiful and there’s always a conversation happening that you can access with a click.
Currently there aren’t any parental controls or privacy settings on Clubhouse. While the app states that there’s a minimum age requirement of 18, there isn’t an actual age-verification system. As with so many other apps, anyone under 18 can simply get an invite, fake their age, and either drop in on any of the conversations going on or start their own room.
Mature content. Topics on Clubhouse cover a wide range of topics both mainstream and fringe. So, if an underage user fills out their profile information and interests, they will automatically get invitations to several daily discussions, which may or may not be age appropriate. They can also explore and join any kind of group.
Bullying. Clubhouse discussions are uncensored. Therefore, it’s possible that a heated discussion, biased comments, or bullying can take place.
Misinformation. If you walked through a crowded mall, you might overhear a dozen different accounts about a news event, a person, or a topic. The same holds true for Clubhouse where commentary is the currency. Therefore, misinformation is likely (as is common with any other app).
Accounts can’t be locked. Another privacy gap on Clubhouse is that accounts can’t be set to private and rooms/conversations will remain open by default unless the host makes it private, which means anyone can drop in.
The celebrity hook. Clubhouse has attracted celebrities and social media influencers to its halls who host discussions. This is a big draw for kids who want to hear real-life conversations and just get a bit closer to their favorite celebrity. Again, content can be unpredictable in these rooms and potentially risky for underage users.
Why age restrictions matter. More and more, kids who ignore age restrictions on apps are wandering into trouble. Consider talking to your child about why age restrictions exist, the consequences if they are ignored, and some alternative apps that might be safer.
Why privacy matters. While Clubhouse has grown prolifically in a short time, which has caused some concern over data privacy. According to reports, Clubhouse asks users to share their contacts and has been accused of being “overly aggressive with its connection recommendations.” Also, it’s unclear how the app collects and leverages user data. As outlined by McAfee’s Advanced Threat Research Team last month, the security of user information and communication within Clubhouse has vulnerabilities that could be exploited. For these reasons, consider discussing the data “exchange” we often make when we jump on an exciting new app, why data matters, and why it’s important to understand what’s being collected and to use any and all privacy settings. According to its privacy policy, Clubhouse also “temporarily record the audio in a room when it is live.”
Why content matters. With so many images and ideas coming across our screens every day, holding fast to our content standards can be a challenge for families. Talk to kids about why age-appropriate conversations, topics, and friend groups matter online and what happens when you try to speed up that process. Discuss how content filters and parental controls work and consider them for your family.
The good news about Clubhouse (when it comes to young users) is that along with its rapid growth, the creators are reportedly responding to consumer safety demands and daily increasing in-app safety features for reporting harassment and abuse.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Is the Clubhouse App a Safe Place for Kids to Hangout? appeared first on McAfee Blogs.
Over the last 12 months, technology has featured in our lives in a way I don’t think any of us would have predicted. Whether you were in lockdown, choosing to stay home to stay well or quite simply, out of other option – technology saved the day. It helped us work and learn from home, stay connected with friends and family, entertain ourselves, shop and essentially, live our lives.
For many parents, this was a real ‘aha’ moment. A moment when technology went from being an annoying distraction to incredibly critical to the functioning of our day to day lives. Of course, many of us had always considered technology to be useful to help us order groceries and check Facebook but to experience first-hand that technology meant life could go on during a worldwide pandemic was a real game changer.
Whether it was downloading video calling apps like Zoom or Facetime, setting up a Twitter account to get updates from the Health Department, using Google Doc to work collaboratively or experiencing what online gaming really is via a few sessions on the Xbox, 2020 means many parents had to get up to date, real fast! And you know what – that’s a good thing! I’ve had so many parents remark to me that they know finally understand why their kids are so enamoured with technology. There really is nothing like walking in someone’s shoes to experience their world!
I’m a big believer in parents taking the time to truly understand the world in which their kids exist. For years, I’ve advised parents to download and use the apps and games their kids play so they can understand the attraction and complexity of their kids’ digital life. Well, it may have taken a global pandemic, but I am delighted to report that, anecdotally at this stage, more parents are now embracing their kids’ online world.
When we first become enamoured with something, we often enter the ‘honeymoon’ phase. As a married woman of 28 years, this was many years ago for me!! The honeymoon phase is when everything is wonderful and rosy, and negatives are not always considered. And our relationship with technology can be much the same. And I’ve been there – there’s nothing quite so wonderful as discovering a new app or piece of software and almost being joyous at just how transformational it could be for your life. And this often means we gloss over or even ignore the risks because we are in love!!!
So, as Cybermum, I’m here to cheer you on and pat you on the back for embracing and using new apps and software. Yes, I’m very proud! But I also want to share with you just a few steps that you need to take to ensure you are not taking on any unnecessary risks with your new favourite app. Here are my top tips:
1. Passwords
Every app, online account or piece of software needs it own individual password. Yes, I know that it is a real pain, but it is one of the most important things you will do to protect yourself online. I’m a big fan of password managers that not only generate the most incredibly complex passwords for each of your accounts but remember them for you. McAfee’s password manager, True Key, is a free option which has completely helped me manage my 80 plus collection of passwords!! Very grateful!
2. Software Updates
The main purpose of a software update is to protect the user from security threats. Yes, you may also get some new features and possibly have a glitch or 2 removed but it is all about the user’s safety. So, if you don’t update your software, it’s a little like leaving windows open when you go out. And the longer you leave between updates – the more windows you leave open!
So, automate these updates if you can or schedule them in your diary. Why not earmark the first day of the month to check and see what you need to download to protect yourself? And don’t forget about your operating system on your phone or laptop too!
3. Be Wi-Fi Wary
Dodgy wi-fi is where so many people come unstuck. Regardless of what app or software you are using, anything you share via unsecured wi-fi could be intercepted by a hacker. So, if you find yourself using wi-fi regularly, you might want to consider a Virtual Private Network or VPN. A VPN creates an encrypted tunnel so anything you share via Wi-Fi cannot be intercepted. Genius, really! Check out McAfee’s Safe Connect for peace of mind.
So, please keep going! Keep exploring new ways technology can work for you in our new COVID world. But remember to take a break too. There is no doubt that technology has saved the day and has ensure we can all still function but there must be a balance too. So, walk the dog, play a board game or having a cuppa outside. Remember you manage the technology; it doesn’t manage you!
Till next time
Stay safe online.
Alex xx
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How 2020 Helped Parents Understand Their Kids’ Digital Lives appeared first on McAfee Blogs.
FreshRSS 