by Rachel D | Oct 8, 2019 | Cybersecurity, Information Technology
What is Biometric Identification?
Biometric Identification is the latest in cybersecurity. Biometric Identification Techniques use the unique identifiers of the human body to recognize who a person is. Until recently, biometric identification might have seemed like the stuff out of science fiction movies, but it is quickly becoming commonplace. In fact, many people use it to unlock their own cell phones. That’s right, unlocking your phone by touching your finger to the home button is a type of biometric identification. Newer versions of the IPhone also use face recognition as a security measure–another form of biometric identification. So what is biometric identification and what are some of the most commonly used techniques.
Common Techniques
Fingerprint Image Processing
Fingerprint Image Processing is the oldest biometric identification technique and the one many people are most familiar with. If you have worked in a government job, you have likely had images taken of your fingerprints. Additionally, crime scene investigators have been using fingerprint identification for a long time. It is quick and easy, but there are some roadblocks that come with it. Although it is not easy, fingerprint images can be forged.
Facial Recognition
Facial recognition is perhaps the most human-like biometric identification technique, as it is the one humans use on a regular basis. We are used to recognizing people from their faces. This technique simply teaches computers to do the same. Despite the simplicity of it, unfortunately accuracy is low at this point. There is plenty of research into this technique, though, so we may see improvements in the near future.
Voice Analysis
Voice analysis is an inexpensive biometric identification technique, but one of the easiest techniques to forge. Many high quality voice recordings have tricked voice analysis software, so it is best to use this technique in conjunction with another for top security.
Iris Scanning
Image by Pexels
Iris scanning is a biometric identification technique that is becoming more popular in the cybersecurity community. There are some major disadvantages, though. Some users have complained the machine is uncomfortable and unhygienic, due to having to place your chin on a chin rest that is used frequently by numerous people. There have also been instances where a high quality picture of a person’s eye has been able to trick iris scanners.
Retina Scanning
Retina scans are similar to iris scans, but much more difficult to fake with a picture, due to the retina’s location in the eye. Although retina scans are more secure, they are also highly expensive. Due to the retina scans high level of accuracy; those with top security needs may choose to use it. Due to the cost, however, every day use of this technique is not likely in the near future.
Palm Vein Pattern Recognition
Photo by Jordan Whitfield on Unsplash
Another high cost-high accuracy technique is the Palm Vein Pattern Recognition. It is virtually impossible to fake the palm vein patterns of another person. An infrared scanner looks at the patterns beneath the skin on your palm. This technique is great for high security needs, however, it too comes with a high price tag. Companies with high cybersecurity needs may want to prioritize this technique.
Rachel Dalrymple is a content writer, marketing specialist, and M.B.A. candidate at Utah Valley University.
by Machelle | Jul 2, 2018 | Cybersecurity, General
As advances increase with the internet, so are people progressing cybercrime tactics on the internet.
Phishing is a cybercrime in which the perpetrators persuade its victims to release sensitive personal data. Financial details, passwords after contacting them via emails, text messages under the false pretext of being a legitimate organization are some examples. The moment information releases it results in identity theft, access to personal accounts, and substantial financial losses.
Common types of phishing
1. Spear Phishing
In spear phishing, the cybercriminals take time to gather information about you and use it in the email to appear legitimate. They go as far as mentioning your name, your phone number and where you work which they usually obtain from social media sites. After which they request for sensitive information, which they use to defraud their victims. Both spear and deceptive phishing, share common features which are the manner they reach out to people and the sense of urgency in their tone of their emails, sometimes they make you believe that if you don’t comply something terrible may happen.
2. Deceptive Phishing
Phishing of this type occurs when the scammer sends an email from a company that you always patronize their services. The scammers act as though they are employees of the company and request for your details in the email they send, placing deadlines on your compliance. The email usually contains fraudulent URL links that will have forms where personal information will be filled in. Protect your yourself from this kind of phishing attack by being more observant, with regards to URL sites before clicking to be sure you are about to visit a legitimate domain.
3. CEO Fraud
Here, the target is usually a top executive in a company, these scammers hack into their emails and send messages to junior employees most times requesting that money transfers to another account. They exploit the organogram of an organization as they know that most low ranking won’t ask questions and readily obey instructions from their superiors.
4. Search Engines, Dropbox and Google Docs Phishing
Some phishing scams involve search engines or favorite sites like Dropbox and Docs, where the users are always uploading and downloading as well as sharing files. They pose as Dropbox or Google Docs and request personal information just as in spear phishing.
Also, these scammers could hoist fake websites presenting low-cost products or offering loans with a low-interest rate. They defraud their victims when as they enter credit card details to patronize them.
5. Pharming
Also known as web delivery or ‘man-in-the-middle,’ here, scammers take over a website, lock out the webmasters redirecting the users of the websites to their fraudulent sites. It is considered the scariest type of phishing because if users of these websites are not careful enough, they give their details to the wrong persons. Also, the scammers may hack into the communication link between the users and the websites and pick vital information about the users without them knowing about it, hence the name ‘man in the middle.’
IDENTIFYING PHISHING THREATS
The following features are ‘red flags,’ warning signals you should look out for to protect yourself or your organizations from phishing scams.
Hyperlinks:
Clicking all links shouldn’t be done. Before clicking look at the link. If the link has spelling errors, avoiding it would be wise. These scammers usually use popular websites but deliberately misspell the address which vulnerable individuals will overlook.
Unbelievable offers:
Be careful about emails that have too-good-to-be or unbelieving offers. Offers like this are designed to catch attention and lure its victims into fraud. Whenever you see such emails, stay away from them.
Unknown Sender:
Any email that comes from unknown persons should be known as a phishing scam threat. There is no need to open it, delete it!
Attachments:
Once you see emails with attachments that you weren’t expecting, it is best you don’t download the websites. Phishing scams perpetrate in this manner and attachments of this sort could contain malware or viruses that would seriously harm you.
Emails with deadlines:
Never forget that financial institutions will not rush you to provide your financial details via the internet. Institutions usually give lots of time for you to comply. Therefore, disregard any emails, requiring your data with a high sense of urgency, this is a typical style of scammers. Contact your banks or any other institutions and verify appropriately before filing financial detail online.
PHISHING PREVENTION TIPS
In recent times, these scammers are becoming more innovative. Scammers intensify the menace of cybercrime. Against this backdrop, the following are tips to help you stay away from phishing attacks:
Change your browser settings
Adjust your browser’s settings to permit only verified sites to open. As a user, there is a need to explore the browser feature which gives an alert when a fake website is opening. Such warning signs should be adhered to strictly.
Use spam filters
What these filters do is to trace the source of the message, determine the software used to send the message, the appearance of the message and then blocks it. Sometimes the spam filters may even prevent your emails to keep you protected.
Always change passwords or use multiple factor authentications
An excellent way to avoid phishing attacks is to change passwords on a regular basis, avoid using the same password across accounts on the internet. Webmasters should adopt the multiple factor authentication or the CAPTCHA systems to prevent security breaches on their websites.
Cross check every URL
Before clicking, it is essential to take a second look, at the URL. Safe websites will always start with “https”; this is a proof that it has a valid Secure Socket Layer certificate.
Finally, to avoid severe losses of money and credibility, organizations and even individuals should invest in getting the right and updated information for the cyber attacks and cybersecurity. When applying regularly, you and the organization has protection from any form of cyber attack.
Linda Rawson is the CEO, and Founder of DynaGrace Enterprises, (http://DynaGrace.com) which is a Women-Owned, Small Business. She is also the author of The Minority and Women-Owned Small Business Guide to Government Contracts.
Resource:
Image Resource: https://pxhere.com/en/photo/714530; https://pxhere.com/en/photo/989227; https://pixabay.com/en/phishing-fraud-cyber-security-3390518/
by Machelle | Jun 25, 2018 | Cybersecurity, General
The signing of the Modernizing Government Technology Act (MGT) was in December 2017. Federal security operations for several years have been using hardware and software that are needing to be more modern. Obsolete technology has posed challenges in protecting the nation cyberspace and vital national data from cyber-attacks.
Making Room for New Technology
What is the Modernizing Government Technology Act
The government spends about 75% allocation to information technology. This spending is maintaining and ensuring that these outdated information technology systems remain operational. The risks these systems pose are a result of their inability to utilize current security practices. It includes multifactor authentication and data encryption. They are also expensive and always fail to fulfill the mission requirement and vulnerable to malicious software.
Against the backdrop, in a bid to address these issues, the Modernizing Government Technology (MGT) Act was passed by the legislatures. Through this
means, the government can empower federal agencies to effectively discharge their duties with regards to cybersecurity and information technology services.
The primary purposes of the Modernizing Government Technology (MGT) Act are to:
Curtail current and operational risk of the information technology systems of federal agencies by ensuring that they are compliant with recent security technology.
Assist the federal government in cutting cost with regards to information technology via modernization
Hasten the acquisition and application of modernized information technology practices such as cloud computing, data encryption and lots more through the provision of stable funding and transparent acquisition procedures.
Benefits of the Modernizing Government Technology (MGT) Act
Federal IT experts in some quarters are of the opinion that the MGT Act is long overdue. Nevertheless, the law has lots of benefits with regards to operational ease, data security, and investment opportunities. The following are the significant benefits:
Access to capital funds that will boost the modernization of IT systems:
MGT Act gives room for heads of different agencies to access working capital funds. These funds can be used to update or replace existing IT systems with modern state-of-the-art information technology systems. Also to adopt and train their staff on new risk–inclined cybersecurity measures.
The Funds
The funds can be utilized by agencies to ensure a smooth transition from legacy IT systems to cloud. Or, a shared service to boost security and effectiveness in the discharge of their duties serving the American people.
This gesture will empower these agencies to reprogram or transfer funds. This includes those earmarked for the maintenance of obsolete IT systems for other variety of projects or investments which are within its mandate as a federal agency.
However, monitoring the utilization of these funds are required to submit comprehensive reports regarding the expenditures and balances every six months. These reports are made public for the sake of accountability.
Migration to cloud systems:
The MGT Act will hasten up the movement to a Cloud system. This migration is more cost-effective and has access to another realm of innovation that associated with cloud systems. It also offers a more secure means to handle data.
Expect that these agencies will, for the sake of providing better services, jettison the legacy system for more efficient digital technology. A good example is the network modernization that allows Chief Information Officers (CIO) to know what exactly happens in their operations.
Although there are critics of the MGT Act, who say that the Act is a misguided venture, the benefits will improve the lives of the American people.
Resources: https://www.fedscoop.com/trump-signs-mgt-act-law/; https://www.whitehouse.gov/about-the-white-house/the-legislative-branch/; https://www.investopedia.com/terms/c/capital-funding.asp; https://www.techopedia.com/definition/635/legacy-system
Images by: Business Technology – Cyber Security [www.bluecoat.com/; https://www.flickr.com/photos/111692634@N04/]; US Capital https://pxhere.com/en/photo/738025
by Machelle | Jun 11, 2018 | Business, Cybersecurity, General, Information Technology
In recent times, online thievery has become so rampant cutting across every facet of human endeavors where data systems are in use.
The frequency of hacking has become very high that’s it is believed to occur every minute. This particular development has raised concern in several quarters on how exactly to be free from hacks, how can we stop the activities of hackers.
The following are trusted tips to prevent hackers from intruding into your files.
-
Keep your security software updated
Being safe entails being watchful. Safety could mean making sure all routes viruses could take into your system is blocked and steadily watched over. All you need is to install capable anti-spy wares or antivirus and ensure they are always updated. To ensure your system has protection, you can also connect to a network firewall. Firewalls help scrutinize data going in and out of your system, identifying threats and neutralizing them as well.
-
Always change your passwords
Before now, all that would occur was changing the default passwords to words that we can easily remember. However, things have changed. Customizing passwords are no longer enough to protect you from hacking. Your passwords must be strong. It should be a mixture of different numbers, characters of both upper and lower cases alongside symbols.
The understanding that the only portal hackers have into your business systems is via your username and passwords. This info should encourage you to continuously change your username as well as passwords on a widespread basis. Though this approach may be stressful, it is a small price to pay to be secure online. Nevertheless, as these changes continue, care must be taken that the new passwords are secure from unlawful persons.
-
Restrict access to needless sites
Limiting visits to specific sites might be one of those giant strides you make to be safe online. Some sites, like pornographic web pages, can be harbors of different forms of malware or viruses. Viruses could render the entire business operating system vulnerable. Against this backdrop, it becomes vital to take serious measure to block sites of this sort.
-
Carefully chose your Internet Service Provider (ISP)
Different firms now provide internet services, not all of them can keep you protected. There is, one primary criterion to be considered while choosing an ISP, before cost and speed. It is built in security features. A perfect ISP should have all these features and save you worry while using the internet.
-
Invest in cybersecurity education
Continuous training in cybersecurity trends is vital for any organization that is serious about keeping its data way from hackers. Training can be carried out via workshops, videos, employee drills or any other method. This is vital to ensuring that they are not ignorant of matters that pertain to cybersecurity.
Knowing these tips and acting on them is another. However, the reality is that we live in a time where cyberattack is on the rampage threatening the very existence of a business. To efficiently stop these hackers is to be security conscious while using the internet and consistent implementation of these tips.
Linda Rawson is the CEO, and Founder of DynaGrace Enterprises, (http://DynaGrace.com) which is a Women-Owned, Small Business. She is also the author of The Minority and Women-Owned Small Business Guide to Government Contracts.
Resources: https://dynagrace.com/cybercrime-invisible-crime/ ; https://passwordsgenerator.net/ ; https://www.sans.org/cybersecurity/
Image Resources: https://pxhere.com/en/photo/1331118; https://pxhere.com/en/photo/867306; https://pxhere.com/en/photo/1366057
by Machelle | Jun 4, 2018 | Business, Cybersecurity, General, Information Technology
Ransomware is a kind of malware that blocks computer users from their systems. It does this either by locking some folders or locking the system’s screen until a ransom pays.
The history of this malicious software dates back to 1980. In 1980, the first ransomware identified to be PC Cyborg also known as AIDS began. This malware could encode files in the C: Directory after forcing the computer system to reboot up to 90 times. Its victims were forced to pay $189 ransom via mail. This ransomware was easy to decrypt by people who understand computer systems and therefore posed only a little threat
Pop-ups Everywhere
Image by DynaGrace Enterprises
Real ransomware graced the scene in 2004 known as Gpcode. Gpcode also used an RSA encryption that encrypts files until paying a certain amount. The year 2007 had WinLock trending as ransomware. It displayed pornographic images, limiting users’ access to their screen and demanded payment via SMS. The next generation of ransomware are called the law enforcement ransomware, or Reveton was born in 2012. This malware was designed to show the logo or symbols of crime-fighting agencies like Interpol, FBI or local PDs. It accuses its victims of indulgence in different crimes ranging from child pornography to computer hacking.
Other vices include a download of classified files demanding ransom up to $300. As the years go by, ransomware is becoming more dangerous and ruthless, especially with the advent of CryptoLocker. CryptoLocker uses encryptions of military standards to WannaCry and Petya of May and June 2017 respectively. This ransomware with their complex encodings stifles business as well as limit cyber freedom all around the globe.
Types of Ransomware
Different types of ransomware exist based on the extent of their severity. The major ones are as follows.
Screen lockers
Screen lockers lock you out of your computer entirely by taking hold of your computer screen. Shutting down the system does you no good as it is starting. An FBI logo or that of the Justice Department appears claiming that illegal activity has been carried out on this system and they need to pay a fine. Victims often forget that these law enforcement agencies don’t collect penalties for unlawful activity forcefully via the computer. Agencies follow appropriate and legitimate routes.
Encrypting ransomware
These types of ransomware collect your files, encode them and then asks for a ransom before its release can take place. This ransomware is the most dangerous of all ransomware as your encrypted files may not be inaccessible until paying the money. Sometimes after paying the ransom, the data are still not returned by the cybercriminals, and this is the most painful part.
Scareware
Scareware involves tech support or rogue security scams. They tend to send a different kind of pop-up messages claiming malware has infected your system. They go further to explain that the only way to eradicate it is to pay a certain amount. This trend continues and sometimes becomes an online disturbance especially if you ignore these messages. Interestingly, most times these are mere scare tactics as the name implies, as your files may be safe.
Protecting yourself from ransomware
Though there are different types of ransomware, the mode of entry into their victims’ cyberspace is not much different. Also, the best way of protecting your cyberspace from ransomware is by understanding how this malware can infect your computer system.
Recently, one of the most popular ways computer systems become infected by malware is via malicious advertising also called mail advertising. Mail advertising uses the platform of online adverts to disburse ransomware with minimal user interactions. They appear as pop-ups even on legitimate sites which are often not clicked and redirects users to criminal servers. This malware is linked to these servers to gather the victim’s system’ details and take advantage of them. All these happen without the knowledge of the victims.
Malicious spam
Malicious spam is another way systems get infected; they are unsolicited mail used to distribute malware. These emails contain attachments, word documents or even links to unsafe websites creating an access point for the ransomware.
If the mode of entrance of ransomware into the system is well understood and blocked, the following are steps to taken to ensure you are safe from ransomware;
- Invest in cybersecurity. Get cyber software that can protect your computer from powerful ransomware attacks. Plus they should have features that shield vulnerable programs in your system
- Always create secure backups for your systems files and data daily. The use of external storage devices that can be detached immediately after data backup is a good start. However most recommended is the use of cloud storage that utilizes powerful encryptions. As well as multiple factor authentication for security purposes.
- Your system needs updating. Though it is not still easy to be up to date in a fast-changing tech world, recommending activating automatic updating.
Finally, be informed. Be abreast of the latest facts as regards cybersecurity. Avoid suspicious links and website. Be purposeful, exercise some discipline, discreetness and avoid wandering as you browse the internet.
Linda Rawson is the CEO, and Founder of DynaGrace Enterprises, (http://DynaGrace.com) which is a Women-Owned, Small Business. She is also the author of The Minority and Women-Owned Small Business Guide to Government Contracts.
Resource: https://en.wikipedia.org/wiki/AIDS_(Trojan_horse); https://en.wikipedia.org/wiki/PGPCoder; https://www.us-cert.gov/ncas/alerts/TA13-309A; https://en.wikipedia.org/wiki/WannaCry_ransomware_attack; https://www.symantec.com/blogs/threat-intelligence/petya-ransomware-wiper
Image Resource: DynaGrace Enterprises; http://www.dodlive.mil/2013/10/05/national-cyber-security-awareness-month/; https://pxhere.com/en/photo/540556
by Machelle | Apr 16, 2018 | Cybersecurity, General
With cybercriminal activities perpetually on the rise, cybercrime is one of the most significant challenges that humanity has faced. Also, with the trend of hacking, experts predict that this will continue for even more than two decades. Cybercrime has become profitable and even more comfortable with the sales of stolen data in the black market.
Since the use of unknown online currencies as a means of payment, these digital currencies are a challenge to track online. Cryptocurrencies like Tor and Bitcoin are giving room for cybercriminals to thrive. Cybercriminal organizations are growing more tentacles. By increasing their scale of operation, the frequency of their attacks is expanding.
Cost of Damage
The price of damage as a result of cybercriminal activities goes beyond the loss of cash. It also involves the robbery of intellectual property, loss of personal, organizational data to theft. Therefore losing productivity which obstructs the normal flow of business operations. Other hidden cost includes time spent on restoration or deletion of hacked data and malware. A security systems breach causes reputational harm and loss of customers’ confidence suffered.
Increasing cybercriminal activities makes it impossible to estimate the actual cost of the damage caused by cybercrime. Although cyber-crimes are often reported in the media, these are just a piece of the whole picture. In most cases, this kind of crime is frequently not reported to the authorities.
Recently, McAfee, as well as the Center for Strategic and International Studies released a report. It estimates that the global cost of damage as a result of cybercrimes is up to $600 billion. This figure constitutes about 0.8% of the worldwide GDP. The extent of this global economic report causes a sense of worry. Findings obtained from similar reports in 2014, shows more than 20% increase in cybercrime estimated damage cost. Increased theft of intellectual property and vital secret information, accounts for about 25% of the cost of global cybercrimes.
Who is affected?
The reports further reveal that all regions of the world are affected by this global trend. Even though there may be variation in figures that represent the cost of the damage. These variations are dependent on the regional economic prosperity and cyber technology maturity. These factors are evident by the fact that the wealthiest countries suffer the most significant losses. Europe and Asia alone lost about 160 to 180 billion dollars followed by North America who endured about 140 to 175 billion dollars loss. South America and Sub-Saharan Africa are the least hit losing 15 to 30 billion dollars and 1 to 3 billion dollars respectively.
Predictions from cyber authorities reveal that by the year 2021, the estimated cost of cybercrime damage may be $6 trillion annually against the $3 trillion recorded in 2015. Financial cyber analysts explain that this will be one of the highest magnitudes of wealth amassed from illegal activities. More significant than the amount of money accrued from the sales of all kinds of illicit drugs.
The more complacent we become it appears, the media is overrun with reports of ransomware and another form of cyber-attack. The reality is that this is a significant threat to all sorts of digital innovation and global investments. The risk that cybercrime poses is not covered by any form of insurance, hence it is not a risk we can continue. Instead, it is time to collectively make efforts to protect our enterprises from the escalating wave of cybercrimes.
If you are curious how to pay for travel with Bitcoin please refer to our friends at Million Mile Secrets and their article Can You Use Bitcoin to Pay for Travel?”.
Linda Rawson is the CEO, and Founder of DynaGrace Enterprises, (http://DynaGrace.com) which is a Women-Owned, Small Business. She is also the author of The Minority and Women-Owned Small Business Guide to Government Contracts.
Resource: https://en.wikipedia.org/wiki/Cybercrime; https://www.coindesk.com/information/what-is-bitcoin/; https://newswire.net/newsroom/pr/00100652-cyber-crime-damage-costs-to-exceed-6-trillion-by-2021.html; https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/; https://dynagrace.com/capabilities/cybersecurity/
Image Resource: Featured Image https://pixabay.com/en/cyber-crime-internet-crime-cyber-1012751/; https://pxhere.com/en/photo/488123
