Category Archives: tips

Dealing with a system launch: It requires more than just testing

Rolling out new IT systems or software can be a challenge and fraught with issues from day one – and the recent IT crisis with TSB has shown how damaging these can be if managed poorly. A lack of pre-launch tests has been raised as a potential cause of immediate failures, but it would be simplistic to suggest that this would completely eliminate the problems that companies encounter following a system launch. A successful launch … More

The post Dealing with a system launch: It requires more than just testing appeared first on Help Net Security.

How hackers exploit critical infrastructure

The traditional focus of most hackers has been on software, but the historical focus of crime is on anything of value. It should come as no surprise, therefore, that as operational technology (OT) and industrial control system (ICS) infrastructure have become much more prominent components of national critical infrastructure, that malicious hacking activity would be increasingly targeted in this direction. It also stands to reason that the salient aspects of hacking – namely, remote access, … More

The post How hackers exploit critical infrastructure appeared first on Help Net Security.

BEC scams and real estate deals: How to protect yourself?

Despite constant warnings by law enforcement and industry organizations, BEC scammers continue to fleece companies. They target small, medium, and large business and personal transactions, but have, in the last few years, shown a notable predilection for targeting companies in the real estate sector. What are BEC scams? Business E-mail Compromise (BEC)/E-mail Account Compromise (EAC) is a type of scam targeting both businesses and individuals performing wire transfer payments, and often starts with the attackers … More

The post BEC scams and real estate deals: How to protect yourself? appeared first on Help Net Security.

Do you have what it takes to become a Chief Scientist in the infosec industry?

Igor Baikalov, Chief Scientist at security analytics firm Securonix, is a trained scientist: he spent over 16 year working on various aspects of Structural Biology, developing new methods for determining the structure of basic building blocks of life: proteins, DNA, and their interactions. “A lot of this work had to do with processing and interpreting massive amounts of data and writing tons of code to do that – something I realized I was pretty good … More

The post Do you have what it takes to become a Chief Scientist in the infosec industry? appeared first on Help Net Security.

How to use the cloud to improve your technology training

Anyone who has tried to hire an IT expert knows that the shortage of qualified people is real. We’re not just talking about IT security jobs, either. Almost every area of tech faces a skills shortage that threatens to sap productivity and presents challenges to IT departments of all sizes. Informal on-the-job training has been the norm for most IT teams. However, the rise of cyberthreats and the pace at which they arise leaves companies … More

The post How to use the cloud to improve your technology training appeared first on Help Net Security.

A step-by-step guide to disappear from the Internet

Celebrities and public figures are not the only ones who get affected by their online publicity. We live in the digital age, and your online presence is starting to determine who you are even if you are not a public figure. Your online life sometimes affects what happens to you in the real one.

You may not think your online presence would be of interest to anyone, but you might be wrong. By merely googling your name, your friends, family, and co-workers might be able to find details about your life that you are not willing to voluntarily share with them. Clues about personal information could be found online – such topics may include your views on things like sexual orientation, political beliefs, religion, hobbies, etc. Your digital prints might be standing in the way of you nailing your next job interview before you even get there. Your old MySpace profile, or Twitter activity from 2009, might be readily available for evaluation by your current or future employer. While you might be proud of your past, do you want all this information readily available to anyone who expresses interest in you?

We have previously discussed that internet privacy is almost non-existent. Sometimes unknowingly, users leave so many digital prints all over the internet that removing it f from the net might be a challenging task. However, it is not an impossible one. No matter what your reasoning behind wanting to delete yourself from the internet is, there are certain things that you can do to make your information and personal data not as easily accessible for everyone. We decided to prepare some of the best practices that might help you achieve the desired internet-free nirvana you’ve been dreaming about.

–    Close all your accounts using www.Deseat.me

One of the best ways to start deleting yourself from the internet is a website called deseat.me. It is a tool that finds a vast amount of your online accounts and gives you instructions on how to delete your profiles on them, or helps you request sensitive data deletion from the webmasters. The tool comes with preset emails that help you maintain the professional tone.

–    Remove your details from people-search websites

Deleting yourself from data broker websites such as White Pages and Radaris is a must should you want to decrease your digital presence. Sadly, tools such as phone reverse lookup make the life of every person interested in you very easy, as finding information about you is only a few clicks away. As we’ve previously discussed, getting the full name of the person who lives next door is an easy task even if you’ve never spoken to him/her. Data brokers have tools that allow you to find almost anything about anyone – sensitive information may include full name, DOB, previous addresses, employer, outstanding mortgage of a property, etc.

–    Stop using social media

Your online presence is hugely dependent on your social media activity. The more active on social media you are, the harder it gets to delete yourself from the internet. And your presence sometimes affects your real life. If you vocally express specific political views that are not popular, and you’ve listed your relationship to a particular business, you may end up bankrupt or jobless as people know that they can harm you by leaving negative reviews on Yelp or forwarding your conversations to your manager.

–    Delete email accounts

There is no true deletion from the internet if you still have email accounts. Email accounts are often associated with identity, and if you want to be genuinely out of the internet world, you have to delete your emails and close your email inboxes for good. Emails are indeed an easy way to communicate but also leave so much digital print – we bet this will be a tough one. Check our next tip if you are not ready to delete your emails.

–    Unsubscribe from all these companies that bombard you with emails

If you are not prepared to give up on your email and www.deseat.me hasn’t managed to find all your online accounts, you may want to start unsubscribing from the companies that still try to reach you. Manually unsubscribing can be a hassle but this is the only way you can make them stop bombarding your inbox. The path to total freedom is not easy.

–    Start using VPN

If you’ve managed to delete all your accounts and you’ve taken down vast chunks of your online presence, now is time to start enjoying the anonymous type of internet you had 20 years ago. Even if there are some things about you left on the internet, getting a quality VPN service may be the beginning of the rest of your internet life as you will finally be able to browse anonymously, and avoid leaving more digital prints.

–    Get sensitive personal information unpublished

There is a difference between personal data and confidential personal information. While your name, current address, and DOB might be a public record and is considered personal data, sensitive information such as SSN and bank account information that ends up published must be taken down. If the website administrator refuses to cooperate, you can send a legal request to Google to have it removed from the results.

Before you delete yourself from the internet, make sure that this is what you want. And if you are not 100% sure, create a backup of the information that you may need in the future. Taking impulsive decisions may result in forever lost images, contacts, and emails. Printing out essential emails and writing down the contact details of all your friends and family is also a must. Last but not least, most of the times deletion of accounts is definitive – be prepared to lose the 100% positive feedback on eBay that you’ve been building over the last decade. When you decide to get back online, you may have to start developing your accounts stats from scratch!

Download your Antivirus

The post A step-by-step guide to disappear from the Internet appeared first on Panda Security Mediacenter.

Zero login: Fixing the flaws in authentication

Passwords, birth certificates, national insurance numbers and passports – as well as the various other means of authentication, that we have relied upon for the past century or more to prove who we are to others – can no longer be trusted in today’s digital age. That’s because the mishandling of these types of personally identifiable information (PII) documents from birth, along with a string of major digital data breaches that have taken place in … More

The post Zero login: Fixing the flaws in authentication appeared first on Help Net Security.

George Gerchow, CSO at Sumo Logic: Our DevSecOps strategy

Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, their purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world. In this podcast, George Gerchow, CSO with Sumo Logic, talks about their DevSecOps strategy. Here’s a transcript of the … More

The post George Gerchow, CSO at Sumo Logic: Our DevSecOps strategy appeared first on Help Net Security.

Magecart presents an unprecedented threat: Here’s what you can do

Recently we learned that the previously disclosed Ticketmaster UK breach from a few weeks ago was not a one-off event but instead part of a widespread website digital credit card skimming operation that impacted over 800 ecommerce sites around the world. On the surface, even an attack of this size isn’t necessarily out of the norm in today’s threat landscape of highly sophisticated actors. However, if we consider the true impact of this event it … More

The post Magecart presents an unprecedented threat: Here’s what you can do appeared first on Help Net Security.

An overview of the OT/ICS landscape for cyber professionals

Most cyber security professionals take for granted the information technology or IT nature of their work. That is, when designing cyber protections for some target infrastructure, it is generally presumed that protections are required for software running on computers and networks. The question of whether some system is digital or even computerized would seem to have been last relevant to ask in 1970. We all presume that everything is software on CPUs. The problem is … More

The post An overview of the OT/ICS landscape for cyber professionals appeared first on Help Net Security.

Tips on Using Gamification in Your Ecommerce Mobile App: Aliexpress Example

Adults enjoy playing just as kids do, especially if they can save some money in process. Retail applications provide lots of opportunities to enjoy games and challenges, and in exchange they get loyalty, higher retention rate, engagement and greater revenue.

Gamification is a marketing strategy that works for many types of businesses beginning with education and social media to retail. We will talk about it in our article.

A good choice of products, convenient checkout with an optimal mobile payment gateway and customer service is not enough for a modern retail app. Ecommerce app gamification allows your brand to stand out from the crowd and attract users to your application.

According to P&S market research, $22 million will be the evaluation of the gamification market that will show a rise of 41.8% annually. Another study shows that 87% of ecommerce shops in US are planning about using gamification as a part of their strategy, and the biggest companies actually already use it.

To keep up, you should also make it a part of your business model, and in this article we will explore the psychology of gamification the ways to use it properly so it brings the most profit.

Benefits of Gamification

Let’s talk more about why gamification in e-commerce applications is so beneficial and how other apps manage to get the most from it. We will show you some examples of gamification in ecommerce app.

1.User engagement

The secret of gamification lies in addressing inner nature of every person: strive to challenges, achievements and entertainment. If used properly, it hits all the goals and makes the user truly engaged in the whole process of playing, getting rewards and then spending them on your products.

Example:

Aliexpress is great at engaging users with their app. Games are one of the most special and prominent features in Aliexpress. Personal preferences are key here: while one game is oriented on long-term results, the other is all about fun and luck.

2.High retention rate

Daily challenges or coupons are what make users return to the app again and again, even without planning to purchase anything. As many customers purchase something in an ecommerce shop only once and then leave the app, owners of ecommerce stores often find it very hard to return customers to their apps. The answer is gamifying the UX.

Example:

The main currency that can be exchanged for coupons in Aliexpress are coins, and each day the user enters the app, one coin is presented. Daily tasks are one of several ways to gain more coins, and that motivates users to return each day.

There are many options to choose from, like daily tasks or a game Lucky Forest that also encourages regular interaction with the app.

3.Building a community

Gamification is often tied to social media. Competition is a very important part of a gaming process: it makes people more eager to win, and sharing achievements is a great motivating factor.

Also, social media can help to promote your business – nobody can do it better than your customers. Reward them for sharing information, following influencers within your community and creating user-generated content.

Reviews of the products are extremely important for modern ecommerce, as people have no opportunity to hold the product in their hands like they would do in brick and mortar shops. Reviews is their only way to know that they will get what they want. According to statistics, 88% of customer decisions about adding a product to cart were influenced by reviews.

Example:

Aliexpress uses daily tasks to build a strong community around their ecommerce platform. Look at the tasks they offer to complete to get coins:

Each task involves taking part in the life of the community and sharing reviews, that will later allow you to sell more.

With gamification, you can:

  • Get to know user behaviour
  • See user reaction to any changes and new approaches
  • Personalize your interaction with a customer
  • Develop brand loyalty
  • Increase repeat sales

This is why retail companies love gamification. It leads to positive experience, and according to Walker Info, the most important success factor for retail will be not the price or the product itself, but the user experience. This is the thing that will determine whether people will trust your brand and buy your products.

Tips on Using Gamification

How to use gamification properly, so it brings the most benefit to your business? We have several tips for you, that will help you understand the direction.

The first thing to know, is that any type of gamification consists of three important steps:

  • Challenge
  • Instructions
  • Reward

Without a challenge the user won’t be engaged with a game. Instructions help to understand the rules and avoid any obstacles or misunderstandings. Reward is the goal of the whole process, and the user needs to know about it beforehand, as it’s the biggest motivator.

The first step you’ll need to make before you start to develop a strategy, is to determine your goal. Adding a bonus system or a game without a clear understanding of what you want to achieve, won’t result in anything.

Think thoroughly about what you want. Possible goals may be:

  • Higher retention rate
  • More time spent in the app
  • Bigger revenue
  • Greater average order value
  • More user-generated content

These and many other goals can be achieved with the help of gamification, and after you determine what your expectations are, you’ll be able to create the gamification strategy.

Each type of gamification can help to achieve different results. Let’s talk about them in more details.

Daily bonuses – increase retention rate. Users can get them only if they visit the app every day. For example, Aliexpress gives one bonus a day, and also allows to earn more by completing tasks.

Badges – help to differentiate the users according to their achievements. Badges determine the privileges and motivate users to get more of them.

Likes and Follows – are connected with building a community around your brand. You can reward the users with bonuses, points or coins that they will later exchange for coupons.

Games – increase engagement and allow users to get even more coins. Develop some simple, yet interesting games with clear rules and reward system, and motivate users to try them. Games are one of the best ways to get users spend more time in your app.

Competitions – also work for creating social interaction and promoting your business. Competitions motivate users to share their achievements in social media and achieve higher results.

Go way ahead of your competitors and think about using gamification in ecommerce apps along with modern trends like AR. With the release of ARKit from Apple and ARCore from Google there appeared lots of possibilities for startups and development companies like Mobindustry to implement AR games both in apps and in brick-and-mortar stores.

Following trends mindfully can make your brand bright and successful, you should definitely look into spicing your ecommerce mobile app with some games and challenges.

The post Tips on Using Gamification in Your Ecommerce Mobile App: Aliexpress Example appeared first on TechWorm.

How to save data

Our smartphones are latched to us at all times and we constantly spend time online. From using applications to searching the web, we spend at least a few hours a day connected to the internet. But at what cost? While wifi becomes more and more accessible, using data is still the go-to for many people on the go.

While some data plans are unlimited, many are restricted to 3-20 GB of data. When it comes to saving data, there are a few things to take into account. We’ll show you which apps are killing your data plan, how much data you really need and tips to keep your data usage down.

Now that you are an expert on how to save data, take a few minutes to update your settings and reflect on what apps you can cut down on. Remember to use safe, private wifi when you can, and to toggle off cellular data for apps that are rarely used. These tips can save you money on your cellular bill and battery life for your devices.

Sources:
Ting | Confused | Tech Walla | Lifehacker | CNET | Digital Trends | Whistle Out | Time | Apple | iMore |

The post How to save data appeared first on Panda Security Mediacenter.

Emails, the gateway for threats to your company

It’s an undeniable fact: these days, email has become one of the main vectors for cyberattacks against companies.  According to the recent 2018 Email Security Trends report by Barracuda, 87% of IT security professionals have admitted that their company has faced some kind of threat via email in the last year. This has led three quarters of the professionals surveyed to be more concerned about this risk factor now than they were five years ago.

And this concern hasn’t appeared out of the blue. The same study has shown that 81% of heads of corporate IT security have noticed an increase in the number of cases compared to the situation one year ago.  What’s more, a quarter of the professionals who agree with this statement qualify the increase as “drastic”.

But why is the volume of cyberattacks carried out over email on the up?  Just like with other kinds of threats, the success of these attacks can be put down to human error: whether it’s due to a lack of time to stop and assess the authenticity of the email, or because of our innate sense of curiosity or compassion, mechanisms like social engineering do exactly what they set out to achieve. This is the opinion shared by the vast majority of the IT professionals surveyed; they single out “poor employee behavior” as their main concern when dealing with these cyberthreats.

Mitigation costs are rising drastically

The economic consequences of these attacks are also increasing.  81% of heads of cybersecurity agree with this statement, emphasizing, in 22% of cases, that the costs stemming from mitigating a security breach have grown very significantly.

Of the different types of malicious actions that can financially damage a company via email, information theft, ransomware, and BEC scams are the most costly.  In other words, we’re facing two types of cyberattacks: on the one hand, we have attacks that seek to make a profit by attacking a company’s information and either selling it, or kidnapping it in order to demand a ransom. On the other hand, we see attacks whose aim is to trick an employee who has access to the company finances into making a transfer to the cybercriminals without realizing.  In a previous post, we saw how this last kind of scam, Business Email Compromise, became the most lucrative cybercrime of 2017 in the USA.

How can I deal with this threat in my company?

The fact that human error plays such a key role in the success of this kind of scam of course means that companies must train employees at all levels to pay attention to tell-tale signs in suspicious emails: how they’re written, spelling, or the kind of links they contain.  Likewise, they must get into the habit of thoroughly verifying the supposed intention of any emails received: for example, by checking with the finance department that the bank transfer that they are being asked for is legitimate, in order to avoid BEC scams.

But is this enough? The heads of IT security who responded also recommended some other measures that should be kept in mind:

  • Phishing drills: This highly effective method to test the possible negative effects of phising consists of surprising your employees with this kind of email, to see how they react. Those who get tricked by the email will have learned for themselves the type of behavior they must avoid in the future, whereas those who pass the test will still be alert as they were before.
  • Social engineering detection: This requires a specific, practical training process for employees. The aim is to make sure they ask themselves a series of questions before replying or paying attention to a dubious email. Here are some examples of this type of question: “Can a third party help me verify the identity of the person who is contacting me?”, “Am I really authorized to carry out the thing they’re asking me to do?”, “Is the action or information that they are requesting public?”
  • Encrypting emails: To avoid the possible theft of emails containing confidential information, your company must have a system that encrypts all emails sent by employees, making it necessary to introduce an additional password in order to gain access to the content of the email.
  • Having an advanced cybersecurity solution: Using a suite like Panda Adaptive Defense will help you to detect any possible attempts to attack your company via email, thanks to the use of cognitive intelligence and a real time detection system. This way, you will avoid possible financial losses that can result from this kind of cyberattack.

The post Emails, the gateway for threats to your company appeared first on Panda Security Mediacenter.

Employee habits that can put your company at risk

We often talk about the cybersecurity risks that companies can be exposed to through their own Internet connections, but the truth is that most of the time, the employees themselves tend to be the weakest link in the company.

And the fact remains that there are several things that employees may do every day that could well lead to serious security breaches. That’s why it’s a good idea to be up to speed with the threats you could be facing, and to be responsible when managing the tools that are used to handle the company’s information.

Be careful with public WiFi

Although this habit is probably one of the most widespread among the majority of employees, it’s also one of the least advisable.  These days we struggle between wanting to consume more content and trying to use less data. This means that finding a totally or partially open Wi-Fi connection can seem like a godsend, especially for someone needing to do something work-related, such as connect to the company’s internal network, send large files, log on to platforms that consume a lot of data, and so on.

However, using public WiFi can really put your company’s cybersecurity at risk. When in use, this connection can expose the user to possible intruders who, with a bit of social engineering, could gain access to the employee in question’s data: usernames and passwords, or confidential company information, to name but a few. Stealing information through open WiFi connections isn’t as difficult as you might expect, so it’s best not to trust them to keep you safe.

How to avoid it

To avoid this kind of risk, it’s absolutely essential that employees avoid using open WiFi connections wherever possible.  In the rare case that an employee has no choice but to use a connection of this type, they should do so with a VPN that can protect their data, and, more importantly, any sensitive information that they may have on their device, thereby minimizing the possible risks.

Phising, malware, and intrusions

The endless back and forth of emails is a constant in almost every type of company, which can entail certain risks.  One clear example of this is the tech support scam: an employee receives an email in which they are asked for certain data, with the pretext of needing to solve some kind of technical problem. The employee is asked for certain information, which then ends up in the hands of someone who can jeopardize the whole company’s cybersecurity.

But this isn’t the only case. A cybercriminal can also send an email impersonating another employee, with an attachment that could be invasive, steal data from the computer, or even spy on and monitor the activity carried out on the device.

Mobile apps can also pose a series of risks. If an employee is in the habit of using their personal phone to handle company data and information, managing apps improperly could give rise to problems, especially if access is granted to unofficial apps that, in the same way as malware, get hold of the information stored on the phone, spy on it, or even modify its operation guidelines.

How to avoid it

The key thing here is raising awareness about corporate cybersecurity: every company must make sure its employees know the importance of being responsible with emails and the apps on their phones.  In the case of the latter, they should only be downloaded from operating systems’ official stores.

On the other hand, it’s important for companies to have ransomware insurance, and encryption on their company email. This way, as well as avoiding possible intruders, if someone does manage to gain unauthorized access to the IT system, confidential information will be better protected, and the company’s cybersecurity won’t be compromised.  If you want a tool that can help you to avoid unwanted visitors, you can try Panda Adaptive Defense, the tool that will help you to batten down the hatches of your company’s IT security. Panda’s advanced cybersecurity solution allows you to stay ahead of attacks, even before they happen, limiting the risks stemming from everyday tasks that employees carry out without thinking.

The post Employee habits that can put your company at risk appeared first on Panda Security Mediacenter.