Archive for April, 2020

5 Reasons For Increased Cyber Security Threats During COVID-19

While the world is busy fighting against COVID-19, there is a section of cyber criminals who are exploiting the situation for lucrative benefits. They are taking advantage of the efforts made by organizations to sustain their operations during this pandemic. The cyber security attacks include phishing attacks, data breach, ransom, etc.

In order to defend your organization against cyber security threats during COVID-19, it is first important to understand the reasons that have resulted in an increase in cyber-attacks. Following are the 5 top reasons:

  • The foremost reason is that the employees are working from their home networks and their personal devices. These networks and devices are usually not updated with latest antivirus or operating system versions. The lack of a properly patched and protected system results in vulnerabilities leading to easy access for hackers.
  • The second reason that has led to an increase in the number of the cyber-attacks is the flow of organizational data. When employees work from their homes, sensitive organizational data travels outside the secure network of the organization. Additionally, while working with this data, employees tend to save it on their personal devices. This allows for easy data theft.
  • The third reason is that employees need to access the organization’s network to complete their work. This remote access may be insecure. Some organizations have already established a VPN for remote access. But again all the employees are not trained to install or use a VPN. Such untrained personnel pose a cyber-security threat when they access the organization’s network. On the contrary, there are some organizations that do not have a VPN setup for remote access. This may cause a cyber-threat of greater magnitude.
  • Fourth reason that has caused a rise in the number of cyber-attacks is an organization’s requirement to keep the employees involved and informed. The regular team meetings that were conducted to discuss the team operations have been replaced by online meetings. Organizations are making use of conference video calls or unique apps like ‘Zoom’ to conduct these meetings. The shift has been hasty and not all the involved employees are aware of how to use these apps securely. Insecure logins, poorly managed user credentials and login via an insecure network are some factors that have led to cyber-attacks such as video call hacking.
  • Fifth reason accounts for unauthorized access to an organization’s funds. The underlying reason is the need of the time to do things differently. A simple example of such an attack is that an employee receives an email from a fake account created on behalf of senior personnel in the organization. The email may instruct the employee to transfer funds to an account in lieu of some organizational purchase. Since employees may not be able to validate such emails, they may end up transferring funds to the hacker’s accounts.

In order to prevent such attacks, the organizations need to educate the employees to update their systems, download antivirus updates, secure their login details, use secure VPN to access the organization’s network and be aware of fake emails.

For more information on cyber security threats during COVID-19, contact Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments

Latest Identity & Access Management Trends

PDF Version: Latest-Identity-and-Access-Management-Trends

, , , ,

No Comments

Data Protection From Malicious VPN Apps

Web users intend to use VPN services with an assumption that VPN keeps their web browsing and personal data safe. However, recent research has thrown light on some vulnerabilities found in common and popular VPN apps.

These vulnerabilities include:

  • Missing encryption of sensitive data.
  • Hard-coded cryptographic keys within the app; thus, even if the data is encrypted, hackers can decrypt it using these keys.
  • Some VPN apps have user privacy breaking bugs such as DNS leaks which expose user DNS queries to their ISPs.

These vulnerabilities of VPN apps allow hackers to intercept user communications including web browsing history, username, passwords, photos, videos, and messages. The privacy breaches include location tracking, access to device status information, use of the camera, microphone access and ability to send SMS secretly. Using these vulnerabilities, hackers can manipulate the users to connect to their malicious VPN servers.

In addition to these vulnerabilities, there are some other concerns associated with free VPN apps:

  • Some free VPN apps sell your bandwidth to paying customers allowing them to use your device’s processing power.
  • Malicious VPN apps incorporate ads that may include malware. These apps may also share the online activity of users to third party marketing professionals.

Some signs that your phone has been affected by malware are:

  • Phone becomes slow.
  • Higher loading time of app.
  • Battery drains faster than usual.
  • Large number of pop-up ads.
  • Unexplainable data usage.

As the number of data breaches is exceeding, it has become important to take necessary measures for safeguarding yourself against malicious VPN apps. Following are some measures that you should take:

  • Check if you have sufficient information about the app developer. Download the VPN apps provided by trusted app developers only.
  • Check the app reviews. You can also search for the app on the search engine to check if there is any controversial news about it.
  • Audit the apps on your phone to check if they were downloaded by you or not.
    Delete apps that you don’t use frequently.
  • Run a malware scan after downloading any app to ensure it is safe.

For more information on ways to protect your data from malicious VPN apps, contact Centex Technologies at (254) 213 – 4740.

, , , , ,

No Comments

Importance Of Data Encryption For Healthcare Industry

Data protection holds an important place for every industry. This importance increases many folds in the case of the healthcare industry. A trusted way of data protection is ‘Encryption’. The key is to encrypt both static and moving data. However, with an increase in the amount of healthcare data being collected every day, encryption has become a challenge.

Before understanding the ways of data protection, it is imperative to know the sources of this data:

  • Hospital devices
  • Personal devices of the patient
  • Implant devices
  • Data from pharmacists, drug manufacturers, and distributors
  • Data from insurance companies

What Is The Need To Protect Healthcare Data?

Healthcare data is a lucrative magnet for cybercriminals as they can sell the data on the dark web and earn high profits. In addition to demanding ransom, the cybercriminals may use stolen healthcare data for:

  • Identity theft and health insurance fraud
  • Exposing private information
  • Damaging a person’s reputation
  • Causing personal distress
  • Using compromised accounts as gateways for a network breach

What Does Healthcare Data Encryption Mean?

Data encryption means converting the original data into encoded text. This form of text is unreadable unless it is decoded using a decryption key or code. In case, of healthcare data, it includes the protection of ePHI (Personal Health Information) to secure it from unauthorized access.

The secret for a successful data protection using encryption lies in ‘Key Management Strategy’.

Key Management Strategy:

Key Management Strategy deals with an important question – how can healthcare organizations ensure that the key required to decrypt the data are shared with authorized parties only. The strategy addresses the following points in general:

Key Storage: The decryption keys should be stored securely to avoid theft.

Rotation/Destruction Of Keys: This factor helps in ensuring that new decryption keys are applied to new data sets. Also, it is important to preserve the old keys required to access old data sets, whenever needed.

Key Generation Granularity: Zero Trust Approach should be followed in the process of key generation while ensuring key access to even the lowest tier of authorized users.

Automation: Automating the Key Management System helps in reducing human error as well as an administrative burden.

Ease Of Use: In order to make a Key Management System effective, the system should have an easy to use user interface.

For more information on the use of encryption to protect healthcare data, contact Centex Technologies at (254) 213 – 4740.

, , ,

No Comments