Category Archives: tips

How to protect your privacy in a surveillance state

The Internet allows us to connect with virtually anyone, anywhere. For some governments, this connectivity is seen as a threat. Most countries use some form of electronic tracking to keep track of terrorists and criminals.

But for every criminal they monitor, governments also capture – and store – personal information belonging to millions of law-abiding citizens. In some countries, like China, this online surveillance is obvious. But in others like the USA and UK, the extent of civilian monitoring only became apparent after the PRISM spying program was revealed.

Privacy is your right – and there’s no reason you have to reveal your secrets to the government just because you want to use the Internet.

Here are some ways you can better protect yourself.

1. Use a VPN

A virtual private network (VPN) is used to encrypt traffic between your device and the websites and services you access online. The right VPN service, like that included with a Panda Dome Premium subscription, encrypts and anonymises traffic, making it much harder for government agencies to track you online.

2. Use encrypted chat apps

Instant messaging apps are now more important for person-to-person communications than SMS, email or social networking. Which is why government agencies spent so much time and effort on monitoring mobile communications.

SMS text messaging is relatively insecure, open to interception. Choosing an encrypted app like iMessage or Telegram will help to prevent your chats and picture messages from being captured by government surveillance programs.

3. Consider physical security

It’s not just your emails and text messages that government agencies are interested in. They also collect location data using the GPS system built into your phone so they can tell where you’ve been, where you are, and even to predict where you will go next. Obviously disabling your phone’s GPS can get round this tracking – but it means that your maps and weather apps won’t work.

That’s not enough on its own however. Your phone is constantly connecting to cell towers so you can make and receive calls – but those connections can be triangulated, to calculate your location again. The only way to prevent triangulation is to turn your phone off – or to store it in a special bag that can block radio signals.

The trouble is that you cannot make or receive calls while the phone is in the bag. And as soon as you take it out of the bag, your location will be revealed.

Use common sense

The reality is that you probably cannot be completely anonymous online – but you can minimise your exposure. Aside from using an anonymous VPN, your best protection is common sense. Before doing anything online, take a moment to think, ‘how might my privacy be compromised – and what can I do to reduce the risk?’

Answer those questions and you are well on your way to avoiding the most common forms of government surveillance.

To learn more about anonymous VPNs and how Panda Dome protects your privacy, you can download a free trial here.

The post How to protect your privacy in a surveillance state appeared first on Panda Security Mediacenter.

Breaking the cybersecurity stalemate by investing in people

No surprise, it happened again. In 2018, the financial toll cyber breaches took on organizations hit $3.86 million, a 6.4 percent rise from 2017. Before last year’s close, analysts at Gartner claimed worldwide spending on infosec products and services would increase 12.4 percent, reaching over $114 billion in 2019. In fact, when the U.S. government announced a 2019 budget of $15 billion for cybersecurity-related activities, it came with a 4.1 percent jump and a caveat: … More

The post Breaking the cybersecurity stalemate by investing in people appeared first on Help Net Security.

A network is only as strong as its weakest shard

Blockchain, a nascent technology, has enterprises globally enamored with the promise it holds to fundamentally turn everything from how we interact, transact, store, and manage data on its head. While the technology’s immutable nature and democratized architecture do have the potential to truly disrupt the world as we know it, there is currently no blockchain capable of truly unlocking the technology’s true potential let alone monetizing it. The reason for this is blockchain continues to … More

The post A network is only as strong as its weakest shard appeared first on Help Net Security.

The art of securing ERP applications: Protecting your critical business processes

In this Help Net Security podcast recorded at RSA Conference 2019, Juan Pablo Perez-Etchegoyen, CTO at Onapsis talks about the challenges of securing and monitoring ERP applications for vulnerabilities and compliance gaps across cloud and on-premise deployments. Juan Pablo leads the research & development team that keeps Onapsis on the cutting-edge of the business-critical application security market. Here’s a transcript of the podcast for your convenience. Hello everyone. Welcome to this Help Net Security podcast. … More

The post The art of securing ERP applications: Protecting your critical business processes appeared first on Help Net Security.

Four key security tips when using any collaboration technology

With database breaches and ransomware attacks making daily news, security is now a top priority for companies, and collaboration solutions are no exception. In the current age of global connectivity, video conferencing and collaboration technologies have become an inescapable part of doing business. Business partners and remote employees around the world rely on these solutions to stay connected and communicate effectively, especially when in-person meetings aren’t possible. While it’s easy enough to say, “my company … More

The post Four key security tips when using any collaboration technology appeared first on Help Net Security.

Tax season scaries: How to keep your data safe from insider threats

With April 15 quickly approaching, companies across the country are rushing to get their taxes filed. This often requires third party specialists who are well-versed in corporate taxes and prepared to navigate new regulations. While the right contractors are extremely valuable during tax season specifically, they shouldn’t be overlooked when it comes to managing insider threats. According to a survey by NPR, one in five employees is a contractor – that’s 20 percent of American … More

The post Tax season scaries: How to keep your data safe from insider threats appeared first on Help Net Security.

Current phishing defense strategies and execution are not hitting the mark

Few professionals are completely confident in their ability to assess the effectiveness of their phishing awareness efforts. In a new paper, Phishing Defense and Governance, released in partnership with Terranova Security, ISACA outlines key takeaways from this phishing research that reached security, assurance, risk and governance professionals, including: Only a slight majority (63 percent) regularly monitor and report on the effectiveness of their activities. 38 percent of respondents reported that their organizations develop security awareness … More

The post Current phishing defense strategies and execution are not hitting the mark appeared first on Help Net Security.

How to avoid zero-day attacks

zero-day zero day

The IT team at an important company has just installed a vital update on all its corporate devices so that everyone can keep using them properly. The team and the organization’s management have every confidence in this new version. After all, why should they suspect that something could go wrong? Updates are standard procedure, and applying them is safe. What’s more, in many cases, they’re a vital part of cybersecurity.

However, something has caught the IT department off guard, and they send out a warning: a piece of malware has got through all their protections and has infected all the company’s computers. How could this have happened? A preliminary assessment points to that recently installed update. An investigation of the infection uncovers something worrying: the update contained a vulnerability that nobody, not even the software developers, had spotted. No one, that is, except the cyberattacker. This criminal is now well known on the Deep Web: he is the author of a new zero-day attack.

The window of opportunity

Coming across an unpatched vulnerability and using it to carry out an attack is the dream for many cyberattackers. Not only will a discovery of this type boost their standing in the cybercriminal community, but it also means that they will be able to personally benefit from the attack. This is precisely why zero-day attacks are so dangerous.

Time is not on the cyberattackers’ side: their window of opportunity between the discovery of the vulnerability and it being closed by cybersecurity providers or developers is limited. But not all attacks of this type are fixed so quickly. If the cyberattacker is discreet enough, companies can be exposed persistently through a vulnerability that they are unaware of. In previous blog posts we’ve talked about the risks posed by these advanced persistent threats (APT).

Insufficient cybersecurity to tackle the unknown

The fact that the cyberattacker needs to find that small vulnerability and act quickly and discreetly means that they are working in a context that has many limitations. This leads some organizations to the mistaken belief that zero-day attacks are not a very common occurrence. But they have become much more frequent over the last few years, and are now the most common incident registered. A study carried out by the consultancy firm Ponemon Institute shows that 76% of the companies that were surveyed that had suffered a cyberattack in 2018 say the type of attack was a new or unknown zero-day attack.

This percentage also highlights another aspect confirmed by the report: companies tend to prepare their cybersecurity plans to deal with known attacks, but pay less attention to unknown attacks. This goes some way to explaining the fact that, according to the study, 53% of companies dedicate more of their endpoint security investment to known attacks, while 47% spend more resources on unknown attacks.

Protect your company against zero-day attacks

Awareness in companies is vital when it comes to preventing unknown attacks. However, the very nature of zero-day attacks makes protection measures more complex. When faced with known threats, there are times when it could be enough to use traditional cybersecurity solutions that have successfully proven that they can remove threats. But what can companies do to protect against malware that has never been identified? Organizations need to take several measures, bearing in mind three essential aspects:

  • The right software: windows of opportunity are opened for cyberattackers every time a new piece of software is installed on the company’s computers and systems. This, however, doesn’t mean that the company must do away with the programs it needs. What it must do is to maintain a control policy that includes periodical revisions and uninstallation of programs that haven’t been used for some time.
  • In spite of the risks, the best option is always to update; as we mentioned, updates can contain new exploitable vulnerabilities. Nevertheless, developers try to correct errors and to apply new security measures in each version of their programs. It is therefore always worth keeping everything updated and using the latest versions of all software. To reduce the complexity of managing vulnerabilities, updates and patches for operating systems and applications, we recently launched Panda Patch Management. This solution makes it easier to respond to security incidents by patching all vulnerable computers in real time with just one click, all from a single security and management console.
  • Solutions based on behavioral analysis: The security model based on signatures is obsolete and inefficient against zero-day attacks. The way to fight these unknown attacks must therefore be based on the detection of suspicious behaviors.

This is the line followed by the most advanced cybersecurity solutions, such as Panda Adaptive Defense. It offers total endpoint security and complete protection against known malware. But that’s not all; it also classifies 100% of processes using machine learning techniques, which allows it to analyze all suspicious behaviors. This way it can increase the possibilities of detecting any kind of unknown malware. Panda Adaptive Defense combines EPP, EDR and 100% Attestation and Threat Hunting services, giving way to a new cybersecurity model that reduces the attack surface to the absolute minimum.

The post How to avoid zero-day attacks appeared first on Panda Security Mediacenter.

How to not fall for viral scares

As outrage and panic around the Momo hoax reduces, it’s worth taking a few minutes to think about what happened before we all forget. By grabbing headlines across the world, Momo has shown just how quickly and easily we can be distracted from ‘real’ threats online.

What is a hoax?

Unlike malware or hacking, a viral hoax doesn’t cause any damage to your computer. And when handled correctly, a hoax is usually completely harmless.

Take Momo for instance. According to media reports, harmless YouTube videos like Peppa Pig had been ‘hacked’. Some unknown person had inserted footage of a woman-like figure singing a song containing threats to kill the child and their family. They were then encouraged to send a message to an anonymous WhatsApp account, triggering a series of increasingly violent and dangerous challenges.

The problem is that none of these compromised videos has ever been found on YouTube. There is one video of the ‘Momo song’, but this exists separately from YouTube – and it could only be found by deliberately searching for it.

But rumours about hacked videos spread like wildfire as panicked parents tried to find – and block – scary videos. Videos that didn’t exist.

Ultimately it was the fear of Momo, rather than Momo itself that caused the problems – and that is the hallmark of an internet hoax.

Protecting against hoaxes

The hallmark of a good hoax is that it sounds believable, much like fake news. We know that someone could embed scary clips into a YouTube video. And we know that some internet trolls may do exactly that.

It was no great leap of logic to believe early reports that people really were making Momo videos. Which leads us to the first protection – a pause.

Take a pause

The Momo panic quickly spiralled out of control because no one took time to check if the story was true. The Momo story has been circulating online since the middle of 2018– but most people hadn’t heard of it. A quick search of fact-checking websites like Snopes.com would have revealed that the Momo challenge videos were a hoax for instance.

So before you shut off your kids’ internet access, or start sharing official “warnings” on Facebook, take a breath and check the facts for your self.

Have “the talk”

It is a great idea to discuss internet safety regularly with your family. Technology and trends are under constant change, and your kids are probably plugged into much more than you realise.

You should encourage your kids to talk to you about what they see and do online. And they must be free to tell you when they run into problems, from scary videos, adult content or cyber-bullying.

Filter the worst content automatically

Some content – like pornography – will never be suitable for children. Rather than hoping they won’t be exposed (they will), you should use tools like Panda Dome to help block unwanted content automatically.

The automated filtering tools included with Panda Dome can block out dodgy websites and videos to keep your kids safe online. And because the filters are updated daily, they will also be protected against the next hoax that turns out to be a real threat.

To learn more about content filtering and how to protect your family, download a free trial of Panda Dome now.

Download Panda FREE VPN

The post How to not fall for viral scares appeared first on Panda Security Mediacenter.

8 Mobile Security Tips to Keep Your Device Safe

person typing on phone

It’s no secret that the technology we use can make us a target for viruses and cyber attacks if not secured properly. When it comes to mobile device use, there is no manual that comes with a phone to teach the user mobile security. In addition, threats are always evolving and adjusting based on our habits.

To help you navigate your device in a secure way, we’ve created an infographic that includes 8 mobile security tips to keep your device safe.

1) Keep Your Phone Locked

One potential threat is getting your device is stolen, which could give the thief complete access to your personal information. To prevent this, be sure to have a lock on your screen. Whether this is a passcode, pattern, fingerprint or face recognition is up to you and your device’s capabilities.

When enabling a lock screen you’ll have the option to choose how long the phone can be idle before locking. Be sure to choose the shortest amount of time. This will protect you, by automatically enacting the lock screen even if you forget to lock it yourself. It will also save your battery because the screen will go dark after the set amount of time.

2) Set Secure Passwords

Setting strong passwords on your apps will make it harder for a hacker to guess them. It’s also suggested to set a different password for each app. This way if one password is discovered, the hacker won’t have access to all your information.

Not only are personal devices a concern, but professional devices are at risk as well. According to the Verizon Mobile Security Index 2018 Report, only 39% of mobile device users in enterprises change all default passwords and only 38% use strong two-factor authentication on their mobile devices. Having weak passwords can put an entire organization at risk.

graphic of settings on mobile device loading

3) Keep Your Device’s OS Up-To-Date

Mobile phone operating system updates are intended to improve your experience. This could entail anything from performance to security. Although they happen frequently and users tend to click through quickly or ask the device to remind them in the future, it’s important to stay up to date with these. These updates can protect both iOS and Android devices from newly discovered threats. To check if your phone’s OS is up to date, go to “about phone” or “general” and click “system updates” or “software update.”

4) Connect to Secure Wifi

The beauty of mobile devices is that we can access the internet anywhere and everywhere we go. One of the first things we do at a restaurant or friend’s house is search for wifi. While free wifi can save us on data, it’s important to be wary of unsecured networks.

To stay safe while using public wifi, be sure to connect to a virtual private network or VPN. Check out Panda VPN for Android, which allows you to enjoy secure Wi-Fi connection even on public networks. Changing your virtual network will protect your location and keep your information from prying eyes.

graphic of message protected by password

5) Beware of Downloads

When you are downloading apps, be sure to download them from the official app stores and check reviews. Cybercriminals create rogue mobile apps that mimic trusted brands in order to obtain users’ confidential information. To avoid this trap, be sure to look at the number of reviews, last update and contact information of the organization.

6) Don’t Jailbreak or Root Your Phone

Jailbreaking or rooting your phone is when you unlock your phone and remove the safeguard the manufacturers have put in place so you can access anything you want. It may be tempting to jailbreak or root your phone to access app stores other than the official ones, but this puts you at high risk. The apps on these illegitimate stores have not been vetted and can easily hack into your phone and steal your information.

graphic of encrypted files

7) Encrypt Your Data

Your smartphone holds a lot of data. If it’s lost or stolen, your emails, contacts, financial information and more can be at risk. To protect your mobile phone data, you can make sure the data in encrypted. Encrypted data is stored in an unreadable form so it can’t be understood.

Most phones have encryption settings you can enable in the security menu. To check if your iOS device is encrypted, go to the settings menu and then click on “Touch ID & Passcode.” It will prompt you to enter your lock screen code. Then scroll to the bottom of the page where it should say “Data Protection is enabled.”

To encrypt an Android, you must first be sure your device is 80% charged, and unroot your phone before continuing. Once these things are done, go to “Security” and choose “Encrypt Phone.” If you don’t charge your device, unroot it or interrupt the encryption process, you may lose all your data. Encryption can take an hour or more.

8) Install Anti-Virus Software

You’ve probably heard of anti-virus programs for laptops or desktop computers, but your handheld computers can benefit from them, too. These programs can protect against viruses and hacking attempts. Some software like Panda’s free antivirus software has VPN features included as an added bonus.

Smartphones are pocket-sized computers that can hold all your important data and personal information. Keeping these mobile security tips in mind will help you protect your device.

mobile security tips infographic

Sources:

TechRepublic I Forbes I How to Geek I Identity Force I Global Stats I We Live Security I Wired I Digital Trends

The post 8 Mobile Security Tips to Keep Your Device Safe appeared first on Panda Security Mediacenter.