Dark web, what dark web? Tips for beating back hackers and savvy cybercriminals

Dark web, what dark web? Tips for beating back hackers and savvy cybercriminals by Tom Sullivan.  Available from <http://www.healthcareitnews.com/news/dark-web-what-dark-web-tips-beating-back-hackers-and-savvy-cybercriminals>. [October 10, 2016; 07:15 AM] Photo Credit: By Andersson18824 (Own work) [CC BY-SA 4.0 (http://creativecommons.org/licenses/by-sa/4.0)], via Wikimedia Commons

Don’t wait another day to create a cyberthreat intelligence sharing team. Delve into the web’s dangerous corners, exchange what you find, learn from banking and defense. Just don’t presume cyberthreats won’t happen to you.

Anytime a major security incident occurs whether in healthcare or elsewhere the cyberintelligence team at insurer Aetna springs into action.

“When a large batch of credentials is released to the public on the dark web or on a website like Pastebin, we apply analytics to identify credentials that may be the same as what members are currently using,” Aetna CISO Jim Routh said.

If Routh’s team spots a match, that means there’s enough of a possibility that the cybercriminals could try to use those credentials for nefarious purposes that Routh has to address the situation.

“Out of an abundance of caution, we will force a password reset to proactively protect those accounts,” Routh explained. “Then we look for similarities in user IDs that may apply to our top vendors and we alert any that are impacted.”

And that’s just to start.

More sophisticated than traditional security
It’s worth noting that Denise Anderson, executive director of the National Health Information Sharing and Analysis Center, otherwise known as NH-ISAC, described Aetna’s team as particularly strong and savvy compared with the current state of healthcare organizations.

In other words: Many CIOs and chief information security officers could learn a lot from Routh and company.

Routh, in fact, was the global head of application and mobile security for JP Morgan Chase and worked for American Express before signing on with Aetna.

Indeed, Anderson explained that banking and defense sectors are ahead of healthcare in cyberthreat intelligence sharing—healthcare was hardly even talking about cyber as recently as five years ago.

“Threat intelligence is a relatively new concept and term,” Anderson said. “Intelligence should influence the more granular day-to-day work like looking at IP addresses and subject lines in emails.”

Sharing makes it better
Healthcare organizations that have not yet established a cyberthreat intelligence program should not rest on the presumption that you won’t have a security incident.

Many a CISO has said that there are two types of information security professionals in healthcare: Those who have been attacked or hacked and those who just don’t know they have.

Even though threat intelligence sharing is relatively new to healthcare there are a fistful of best practices that forward-thinking security professionals are employing already.

A first step is to participate in the intelligence sharing community that already exists by becoming a member of the NH-ISAC Anderson runs, joining InfraGard, the joint FBI-private sector partnership, work with the U.S. Computer Emergency Readiness Team (US-CERT), Department of Homeland Security’s Cyber Information Sharing and Collaboration Program (DHS CISCP), among others.

Don’t settle on just one, either. Routh recommended cultivating multiple sources to achieve best results because each can uncover different information.

“Gather information and read, read and then read some more. Develop a way to consume the intelligence you receive and make it actionable,” said Dan Wiley, head of incident response and threat intelligence head at Check Point. “Context is key to intelligence. The only way you can provide context to intelligence is to layer your knowledge about your environment with the intelligence you receive from others.”

Consider it a community. Give back. Share what you know about threats, solutions, what works, what doesn’t, and recognize that attackers — whether they’re acting alone, as part of a criminal syndicate, or even state-sponsored bad actors — are growing increasing sophisticated.

Delve into the dark web
To truly grasp what CISOs and infosec professionals are up against, it’s necessary to understand the threat landscape and, to every extent possible, your enemies.

“Get your house in order before stepping out into the threat intelligence arena,” said Bob Chaput, CEO of Clearwater Compliance. “This team must have the ability to identify a cyber incident and shut it down before the entire IT infrastructure is compromised.”

That encompasses having an intelligence team, strategy, framework, plan and infrastructure in place to defend the fortress, and only then exploring the internet’s murkiest corners.

“Ensure that some of your sources are active in the dark web and apply economic analysis to behaviors of criminal syndicates that use the dark web,” Routh said.

These practices require more acuity than the daily grind of security and compliance.

NH-ISAC’s Anderson said that seasoned intelligence experts, many of whom come out of the military, have the expertise to gather information about Tactics, Techniques and Procedures (TPPs), tracking cybercriminals, following campaigns and understanding the motivations of bad actors.

Anderson noted that healthcare entities can either hire infosec professionals with that experience or outsource threat intelligence. Either way, she recommended looking to other industries to learn about their processes and procedures, glean insights from how they sold cyberthreat intelligence sharing programs and the money required to fund them to the C-suite, and what they have learned working with security vendors.

A powerful warrior: Patience
Threat intelligence is an evolving and ongoing process. Never ending, even.

Check Point’s Wiley went so far as it to call it a life-long learning process, while Chaput rattled off regular testing, keeping current with application and operating system vulnerabilities, continual awareness and training about imminent threats, among the tasks to conduct on a regular basis.

Anderson, for her part, pointed out that the banking and defense industries started out slowly and healthcare is poised to follow suit.

“Intelligence activities take time,” Aetna’s Routh said. “So be patient and choose trends and topics for the long term.”

Dark web, what dark web? Tips for beating back hackers and savvy cybercriminals by Tom Sullivan.  Available from <http://www.healthcareitnews.com/news/dark-web-what-dark-web-tips-beating-back-hackers-and-savvy-cybercriminals>. [October 10, 2016; 07:15 AM] Photo Credit: By Andersson18824 (Own work) [CC BY-SA 4.0 (http://creativecommons.org/licenses/by-sa/4.0)], via Wikimedia Commons

Here are some tips to improve your cybersecurity

Here are some tips to improve your cybersecurity Posted October 6, 2016 by .  Available from <http://azbigmedia.com/ab/tips-improve-cybersecurity>.

October is cybersecurity month.  As cyber hacks continue to increase, the landscape is changing in many ways.  Companies and business owners are taking on more responsibility to ensure their businesses are more protected or face legal and financial consequences.  We as individuals are required to be more conscientious when sharing our personal information. And, with the Internet of Things, our families, property and confidentiality are constantly being invaded.  So what can you do other than unplugging everything and crawling under a rock?  Below are a few simple tips for you, your business and your family to increase your protection.

Protect your business

If you’re a small to mid-sized business owner, you need to pay attention to your cybersecurity.  Particularly if you are a supplier to larger companies with sensitive information. More than 60 percent of data breeches occur at small- and medium-sized businesses. Remember that cyber hack some years ago at Target? Well, their network was tapped by going through the HVAC system networks.  That hack changed everything.  Banks and customers sued and the courts determined that Target had a duty to protect their customers and banks from criminal conduct of a third party.  This court case was followed by the Alpine Bank lawsuit that established that small companies are not immune from liability for their role in data breaches.  Scared yet?  It gets worse so read on. 

So how can you limit your business liability? 

• Protect your data.   Here are few tools to get you started. The Federal Communications Commission has a custom planning guide that you can create dependent upon your business needs.  The other is a 30-minute web-based class offered by the U.S. Small Business Administration (SBA).

• Ensure your suppliers are cyber savvy.  They should have a least the same level of security you have and yes, this should be more than nothing.  Your contracts should require suppliers to adhere to customary practices designed to provide safeguards.  Confirm this during the beginning of your relationship, not after something occurs.

• Consider cyber insurance. The National Association of Insurance Commissioners and the Center for Insurance Policy and Research has a good overall article on cyber risk management.

Protect yourself

In 2014, CNN Money reported that 47 percent of U.S. Adults had their personal information exposed by hackers, likely this number has increased during the past few years. The Identity Theft Resource Centerreported more than 28 million records exposed between the beginning of the year and September 8, 2016.  The industry response to its consumers seems to be a letter stating, sorry your security has been breached. Here is your free year of credit monitoring services.  While there isn’t a lot you can do to change their system, you can change the way you do things.

• Use complex different passwords.  This is like flossing your teeth.  Your dentist says do it every day and we either ignore them or hate doing it but in reality it really helps.  The easiest way to select more secure passwords is to create phrases that you’ll remember and then insert numbers and symbols inside them.  For instance, if your phrase is “My cat ate my two fish” the password becomes Mycatatemy2fish.  You then create more complexity by changing the values to symbols and numbers, “Myc^t^t3my2fish!”

• Shred your information.  Place the shredder by your door and shred your unneeded mail before it gets into the house. The benefit is you’ll also reduce clutter in your own environment.

• Set your online social media privacy settings.  Social media sites like Facebook, Pinterest, Instagram and Snap Chat all have security settings.  The University of Texas at Austin Center of Identity has information on all of these, the settings that are available, and what they mean.

Protect your family

What is this Internet of Things we all keep hearing about on the news and radio?  In a nutshell, the IoT is the network of products that all connect to the Internet in some way.  It’s your printer, your car, possibly your television, refrigerator, your security system and even your toaster.  All of these things are collecting data from you and your family.  That talking Barbie doll, it’s also listening along with other learning toys and gadgets like Amazon’s Alexa.  Now, are you getting scared?  In reality, it comes down the price to play.  If you want the convenience of the product, you may have to give up some of your information.  These days, big data is also big business.  Here are a few tips:

• Keep your software updated.  Those pesky updates often contain new code to help ward off prior computer breaches.

• Limit your apps on your phone to reputable companies. And read the reviews before downloading.

• When using social media, don’t take that quiz unless you’re really willing to give away your preferences and receive future spam.

• Really think about the privacy price you are paying and whether it’s worth value you personally receive before you buy that new fangled device.

Here are some tips to improve your cybersecurity Posted October 6, 2016 by .  Available from <http://azbigmedia.com/ab/tips-improve-cybersecurity>.

4 Steps for Choosing A Cloud Storage Solution

4 Steps for Choosing A Cloud Storage Solution by by The NonProfit Times .  Available from < http://www.thenonprofittimes.com/management-tips/4-steps-choosing-cloud-storage-solution/?r=ig-mo>. [September 29, 2016] Photo by Tani12 - Creativecommons

There are a lot of good reasons to put your nonprofit’s files in the Cloud. It can reduce the burden on IT staff and open up opportunities to do their work remotely.

According to the staff at the nonprofit tech organization Idealware, if you’re ready to make the leap into the Cloud but aren’t sure how to find the right solution, consider these four steps:

1. Develop a Project Plan. Who from your organization should be involved in the decision-making process? Who will be involved in migrating your organization to the solution? How long will the project take? Time is an especially important factor. Managers frequently underestimate the time needed and often run the risk of the project interfering with mission-critical work.

2. Evaluate Security Features. A few high-profile data breaches can make Cloud storage seem risky, but consider the security measures most Cloud storage vendors take. The data centers are surrounded by fences and surveillance equipment and watched by armed guards. The vendors also employ data security experts who are trained to detect and defend against sophisticated attacks as they’re happening. The server you store in your closet is not likely to get that kind of attention.

Beyond the large-scale security measures Cloud storage vendors take, the software often includes built-in features that can help you take extra precautions. When considering a solution, find out whether it offers multi-factor authentication or allows you to control access by user, device, or IP address.

3. Consider Your Files. What kinds of files do you need to store and what level of management is necessary? If you have very large files, such as photographs or other graphics, it might not be cost effective or convenient to keep them in the Cloud versus on an external hard drive. Highly sensitive files such as health records or financial information might not be appropriate for some Cloud storage solutions, especially if the solution is not compliant with data security standards such as HIPAA.

4. How Do Staff Members Want to Access Files? For staff members used to navigating their computer’s local drive, there might be a strong desire to maintain the same file structure and user experience in the Cloud. Most hosted file sharing solutions will provide some way for users to access files through their computer’s file explorer. 

However, such options are not without their flaws. To provide this access, you’ll either need to sync a copy of the file structure to your computer — which is not practical for computers with little available free space — or map to the live, online server, making navigating the file structure and opening or saving files painfully slow. You might need to move away from the methods traditionally used to interact with files and adapt to working with these tools in browsers.

4 Steps for Choosing A Cloud Storage Solution by by The NonProfit Times .  Available from < http://www.thenonprofittimes.com/management-tips/4-steps-choosing-cloud-storage-solution/?r=ig-mo>. [September 29, 2016] Photo by Tani12 - Creativecommons

5 practical tips for retailers to make the best use of mobile wallets

5 practical tips for retailers to make the best use of mobile wallets By  Available from <http://www.itproportal.com/features/5-practical-tips-for-retailers-to-make-the-best-use-of-mobile-wallets/>. [September 30, 2016]

Mobile wallets are fast becoming the preferred method of payment, especially among millennials.

This is great news for retailers since they allow for the consolidation of all the things that we use on a daily basis – our cash, cards, receipts and vouchers – into the very thing that most of us already wouldn’t dream of leaving the house without, our mobile phone.

Moving past simple payments, there are so many other possibilities that mobile wallets open up. Research has found that regardless of age, gender, and location, consumers want to use mobile wallets to communicate with brands about sales, offers, coupons, loyalty programs and more. This all sounds very promising, and whilst successful employment can increase the visibility of your brand, act as a powerful marketing tool and provide a straightforward channel for engagement, some are still not convinced.

To help guide retailers through this thought process, I have put together 5 practical tips which outline my best practice guidelines on how to make use of a function already installed on two thirds of the population’s handsets and help maximise the return on your mobile wallet strategy.

1. Light touch engagement with your customers

Enabling potential customers to download a voucher that is stored straight into their mobile wallet allows for easy engagement with customers, without the need for them to download and commit to a full app. This allows customers to see the value of your brand straight away, whilst also providing them with easy access by which to redeem their voucher in-store.

2. Remind customers of the vouchers in their handset 

The top two reasons for lapses in mobile wallet usage are because consumers either forget to use them or are unsure of which merchants accept them, both of which are can be easily resolved if retailers take measures to move mobile wallets to the front of consumers’ minds.

By setting up the co-ordinates of your store, customers are able to receive handy notifications when they are 100m away to remind them that they have a voucher they can redeem in store. This not only ensures that customers remember to use the voucher, but also prompts them to pay a visit to your store if they are nearby.

3. Include a time sensitive call to action 

Research has shown that putting a timeline on any offer and creating a sense of urgency helps drive a better response with customers. A mobile voucher solution allows you to make use of this by setting an end date for any voucher to be redeemed. You are then able to send timely reminders to the customer in order to notify them of its looming expiration.

4. Make it personal

As we now know, the key to success when it comes to marketing is personalisation at scale. Customers no longer want to receive blanket messaging that is irrelevant to them and, as retailers, you don’t want to do this for fear of irritating your customers or in some cases, leaving them disenchanted with your brand.

By utilising CRM, you can make every mobile voucher individual to the end user. Including their name, loyalty points and, of course, only sending them vouchers that you know they would be interested in.

5. Keep it fresh

The beauty of the mobile wallet solution is that you can update the voucher in your customer’s mobile wallet as many times as you want without them having to do anything. This means that after they have downloaded the initial voucher, you can continue the engagement with them by updating the voucher, at a schedule that suits you, with the latest offer you can provide. This will demonstrate to the customer the value that you place on their loyalty whilst also establishing a long term engagement strategy.

The use of mobile wallets to engage with customers is an exciting landscape and when executed correctly, can be a turning point for your business. We believe that these 5 tips are key to achieving success and are confident that by bearing them in mind, you will see their potential to deliver true utility to your consumers, reduce costs for your business and ultimately drive more mobile payments.

Image source: Shutterstock/Denys Prykhodov

5 practical tips for retailers to make the best use of mobile wallets By  Available from <http://www.itproportal.com/features/5-practical-tips-for-retailers-to-make-the-best-use-of-mobile-wallets/>. [September 30, 2016]

Choose Wisely: How to Pick an SEO That Will Get Results

Choose Wisely: How to Pick an SEO That Will Get Results By .  Available from <http://www.business.com/seo-marketing/how-to-pick-an-seo-that-will-get-results/>. [September 26, 2016] 

The widely used term “SEO” refers to search engine optimization (or optimizer).

When you make the choice to hire someone to optimize your website for search engines, it is a huge step and has the power to save you time and improve your website.

If you happen to choose an SEO that is not that great, it has the potential to damage your own reputation as well as your website.

Take the time to inform yourself about the good and bad that can come from using an SEO that is not reputable.

What Does an SEO Do?

SEOs and consultants or agencies similar to this are capable of offering services for websites like:

  • Developing content
  • Reviewing content or structure
  • Advising on hosting, error pages or redirects
  • Researching keywords
  • Training for SEO
  • Coaching on catering to specific markets or regions

It should be noted that Google’s search results pages will include not only organic results but also paid advertisements that are indicated with a “Sponsored” or “Ads” caption. When you advertise with Google, it will not impact on the site’s presence within the search results. Google does not take part in offering a service that ranks websites in their search results, and it costs nothing to a website owner to appear in Google’s organic search results.

Prior to starting your search for an SEO, you should work to become familiar with how the search engines work and you may then regard yourself as an educated consumer. Google offers Webmaster Guidelines as well as an introduction on crawling and indexing.

When you are in the early stages of your website design is when you should be thinking about seeking the help of an SEO. Ideally, one would be hired when you establish that you will be doing a redesign of the website or are launching a new website. When you do this, you will be able to work hand in hand with your SEO to ensure that the website will be optimized and designed coherently right from the start. SEOs may also help to improve upon an existing website as well.

What to Ask Your Potential SEO

  • How long have you been working in SEO?
  • What is your experience in the industry?
  • What are the expected results for the SEO and what is the time frame?
  • How do you know when a job has been successful?
  • Will you show me some of your examples and previous work as well as success stories?
  • What type of guidelines do you follow, if any?
  • Do you have any experience in my geographical area?
  • Do you have any experience in SEO with international websites?
  • What should my expectations be regarding communication?
  • Will you share all changes made to the site and provide insight as to why these changes were made?

There is no question that SEOs provide their clients with important services, but the unethical SEOs have made a negative impact on the industry thanks to their extremely aggressive marketing tactics and actions used to manipulate search engine results in a way that is unfair. These actions violate Google’s guidelines and can lead to a destructive adjustment to the website’s presence in Google’s search results, or the site could even simply be removed from the index altogether.

What to Think About

One common improper practice is for the SEO to place “doorway” pages that are filled up with keywords somewhere among the client’s normal website. The SEO will say that this action makes the web pages more relevant to a larger number of search queries. Technically, this is false information because single pages are not commonly relevant for a wide range of target keywords.

What’s awful about this maneuver is that these doorway pages that have been created will hold links that are hidden and will direct to the SEO’s other clients. This practice as a whole will take away from the popularity of a website and funnel it to the SEO and their clients. There is no telling what these clients do or what kind of content they are responsible for a lot of times it is illegal or simply unsavory.

Another tactic that is frowned upon is implementing “shadow” domains. These will bring users to a website through a series of misleading redirects. These false domains are usually owned by the SEO, and the SEO will assert that they are working on a client’s behalf. There is potential for this relationship to go south, and the SEO then has the power to edit this domain to redirect to another website, even a competitor’s website. If this were to happen, the client has ultimately paid for a website that they have no control over, it is all owned by the SEO.

Look Out for These Red Flags

  • There are no SEOs that can guarantee you a #1 ranking on Google.
  • Trash emails that come from web consultants or SEO firms out of nowhere.
  • Say goodbye to any company that will not clearly explain what it is exactly that they intend to do with your website.
  • You should never be obligated to link to the SEO.
  • Your SEO should be totally transparent about what you are paying for.
  • Carefully consider any firm that you are considering hiring for SEO.
  • If they have had previous domains removed from Google.
  • If they are linking to other clients via doorway pages.
  • If they are owners of shadow domains.
  • When they promise outstanding ranking but do not offer information on your target keywords or unique phrases.

While not all SEOs are taking part in malevolent activities, there are those firms out there and it is vital to have the education that enables you to spot the con artist so that you are not wasting your time or money on them. A well-established SEO will take pride in their work and will be more than happy to show you their successful portfolio.

Choose Wisely: How to Pick an SEO That Will Get Results By .  Available from <http://www.business.com/seo-marketing/how-to-pick-an-seo-that-will-get-results/>. [September 26, 2016]