Thursday, February 7, 2019

Things to include in your employee cyber security policy

According to IBM’s Cyber Security Intelligence Index, 60% of cyber attackers are usually insiders. Most of these reported attacks come from employees who have “accidentally” allowed access to attackers. Secure Channels, an online security firm, lists down cyber security policy must-haves to reduce such incidents.

Image source: cyberdefensemagazine.com
Conduct audits in the IT department. Do this by looking at the software and hardware practices of your employees and your vendors. Before you sign a contract with a party, investigate their security practices.


Lock computers and devices and secure portable media. Passwords to company issued-mobile phones and laptops must be limited, and portable devices such as DVDs, hard drives, and USB drives should be scanned. Secure Channels adds that you should not encourage employees to bring their own laptops to the office. Additionally, instruct that their screens be locked when they leave their desks.

Image source: medium.com
Hold a seminar to detect phishing scams. Inform your employees of the different kinds of phishing scams they could possibly encounter so they will know when to report a cyber threat. Ask your employees to be vigilant not only on the web, but also on the phone. Some scams can be perpetrated over the phone, so caution them never to indulge important company information to anonymous callers.

Secure Channels provides solutions that are customizable to its client’s environment without compromising the level of protection it offers. The company does all these without the costs of additional maintenance and support-by-support teams. It also provides cost- and performance-effective, innovative, and state-of-the-art designs, complementing clients’ existing investments in security. For more articles like this, visit this page.

Thursday, January 17, 2019

Why the biggest cybersecurity threats are inside your organization

You don’t need to look farther than your own backyard when looking at the biggest security breaches that can ever hit your organization. Hackers and criminals are aplenty out there, but your high-value cyber assets are most at risk when you consider your own internal environment: your people and company insiders.

Image source: Pixabay.com
In a 2016 report, IBM discovered that some 60 percent of all cyber attacks were performed by insiders. Of these attacks, three-quarters were out of malicious intent while the remaining one-quarter involved unsuspecting players. In a report made in 2015, it also found that human error is nearly always an element that made these breaches possible. While 23.5 percent were undertaken by inadvertent insiders versus 31.5 percent by malicious characters, a whopping 95 percent involved a person making a mistake.


To err is human, as they say. Unwitting insiders make breaches possible with anything from misaddressed emails and stolen hardware and devices to confidential data transmitted to vulnerable home systems. The greatest risks were with rather well-meaning IT administrators who can have total access to the company infrastructure – and whose small error can turn into a full-blown catastrophe for the business.

Image source: Pixabay.com
An employee system can also be compromised when cyber criminals and fraudsters, who are adept at hijacking identities, inject malware into company systems or mount phishing attacks. Sometimes they use stolen credentials, particularly those obtained from social networks. They can elevate a particular user access within an internal system, getting further access to sensitive and valuable data.


Cybersecurity is not just guarding the perimeter and mounting a solid external defense. It’s also a war waged with an enemy within, whether a bad employee or people who need to be better informed and educated when it comes to security compliance and consciousness.


Secure Channels has innovative platforms that provide security into endpoints, applications, and networks from the inside out, offering access to your critical resources while protecting client data from breach, theft, and misuse. Learn more on this page.

A closer look at the huge global threat that is ransomware

First off, ransomware is not entirely new. It has been around for many years now, but only in recent times has attacks of this nature become more prevalent and more dangerous. This is not helped by the arrival of RaaS or ransomware-as-service offerings by cybercriminals, who provide via the deep web compact kits for launching ransomware campaigns.

Image source: kaspersky.com

Ransomware is essentially malware that enters systems via malicious codes, with the intent of encrypting them and locking users out. In effect, a ransomware-affected device is held hostage, and you’d have no access to your sensitive data. Cybercriminals then demand a ransom (now increasingly payable via cryptocurrency) before you regain access to the device.

Image source: tripwire.com



It is highly advisable that even if you do become a victim of ransomware that you don’t pay the said ransom, as it will just propagate and fund future attacks. Moreover, many users don’t even get the decryption keys even after they’ve paid up.


Prevention is therefore key. To avoid becoming part of the growing ransomware-victim statistics, always make sure that your devices are protected by comprehensive, 24/7, and reliable anti-malware software. Set these to automatically update to newer versions.


Also, ensure that you regularly back up your data, whether on physical external storage devices or online cloud platforms. Finally, be smart; don’t click on any suspicious attachments or links sent via your email or private messages from various social media sites.


Secure Channels provides solutions for access control, data protection, adaptable encryption, enterprise confidentiality solutions, and proximity-based monitoring. Check out this pagefor more posts and insights on data security.

How exactly does data encryption work?

Encryption in general refers to the modern method of cryptography that lets users hide information from others. It does so by applying a complex set of algorithms called ciphers, which convert normal data (technically called plaintext) to what amounts to seemingly random characters (ciphertext). Only those who hold the key can decrypt the data and view them in plaintext anew.

Image source: agileit.com
Again, today’s encryption processes are based on old cryptography methods that create and decipher codes, tracing its origins back to ancient Greece. However, encryption in the internet age is done for a wide array of security measures, from protecting our private correspondences, personal information, and sensitive business data to keeping our credit cards, bank accounts, and social security numbers from being compromised.

Image source: teskalabs.com

In 1976, the U.S. National Bureau of Standards initiated the so-called Data Encryption Standard (DES), a shared secret encryption method or block cipher as the country’s official Federal Information Processing Standard or FIPS. Today, DES is being used more and more on a global scale.


Modern encryption essentially has two types: those that use symmetric key algorithms and those that apply asymmetric ones. Symmetric key algorithms use identical or related encryption keys for both encryption and decryption. On the other hand, asymmetric key algorithms have different or separate keys for encryption and decryption. Experts in the industry often refer to the latter as Public-key Cryptography.


The Agile Security Platform (ASP) of Secure Channels allows organizations to take a modular approach to better suit their needs, whether for securing access to critical resources or protecting client data from breach, theft, and misuse using the company’s patented Superencipherment solution. Visit this blogfor related reads.