data

California’s New Privacy Law Protects Consumers’ Submitted Data

Aneesa YousefiLeave a comment

California residents rejoice – a new law passed for 2020 allows for greater consumer data protection in which one can opt-out of having companies collect and sell their data to third parties. This includes any data collected from social networking websites, consumer goods retailers, banks, etc. 

The new act is called the California Consumer Privacy Act (CCPA) and ultimately protects people from having their data monetized. Under this act, consumers have the right to access copies of any data collected by companies. Those businesses that violate the Act can face State fines or sanctions placed upon them. Enforcement of the Act begins this year in July, and any company that has yet to comply with the change in data collection may not face trouble until then. 

For those companies already in compliance with the new law, consumers can find their data collection opt-out pages typically under the Privacy tab. Recently, a directory of links was created to include these company pages for easy access to opt-out requests –  if in case the page isn’t found straightforwardly on the company site homepage. 

For more information on California’s new Consumer Privacy Act, please visit this page here. The directory of opt-out request pages can be found here.

ATTN Trello Users: Don’t Post Your Passwords on Your Boards

Aneesa YousefiLeave a comment

These days, with so many website accounts to keep track of, we turn to applications that can offer us the most convenience in maintaining all our passwords in one place, but dear Trello users: Trello is not a great way to preserve this precious information.

Initiated in 2011, Trello has become a space in which project collaboration with team members is made easy through sharing of boards and lists. However, the site has also become popular for the use of password listing for users, and this comes with consequence, as members of the community are susceptible to password thieves and hackers.

Research from David Shear of Flashpoint–a security firm–found that many users posted login credentials, passwords, and sensitive data on public, or “open” boards. He and Brian Krebs of KrebsOnSecurity alerted Trello of the boards, and some users have already been notified via comment posts like “Change your password” on their boards from other community members.

As Krebs explains on his post:

“One particularly jarring misstep came from someone working for Seceon, a Westford, Mass. cybersecurity firm that touts the ability to detect and stop data breaches in real time. But until a few weeks ago the Trello page for Seceon featured multiple usernames and passwords, including credentials to log in to the company’s WordPress blog and iPagedomain hosting.”

Trello is now working with both Krebs and Shear to purge the site of its public boards with sensitive data, further teaming up with Google to clear the cached sites.

As one Trello spokesperson comments:

“We have put many safeguards in place to make sure that public boards are being created intentionally and have clear language around each privacy setting, as well as persistent visibility settings at the top of each board.”

While Trello can be used for business purposes, it’s safe to say it’s not the best place to store your passwords, especially if there are options to make your boards public. Do yourself a huge favor, and steer clear of pasting passwords on sites/apps that can potentially post your information publicly.

 
For more information from the original article, please click here.

31 Days of Cybersecurity in October

Taylor RidgeLeave a comment

It’s almost October meaning it’s time for pumpkin spice everything, Halloween preparations, and Cybersecurity Awareness Month! The month of October is designated to educate the public about the importance of cybersecurity.

For 31 days straight, we will be posting a tip a day on our Facebook page, so be sure to “like” us so you don’t miss out!

According to the Department of Homeland Security, the monthly awareness program was  “designed to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.”

With the direction technology is headed, it’s no secret that cybersecurity is at the top of the concern list for people all over the world. Global Cyberattacks, data breaches, and ransomware attacks have dominated the headlines recently, exposing citizens to an insurmountable amount of cyber problems. While these problems are in fact very real, we believe that a true weapon against cyber-destruction is knowledge.

In some cases, there is a breakout of a phenomenon known as “security fatigue.”

Is security fatigue real?

With the increasing number of cyber problems accumulating on a daily basis, it seems that individuals have been developing a phenomenon known as “security fatigue,” or risky computing behavior in response to too many instructions and ads against such attacks.

Constantly changing passwords, two factor authentication, captcha, and strong passwords are said to potentially add too much of a burden on employees. For those advanced companies, you might start seeing a move towards biometrics rather than counting on ever-changing passwords to act as your security wall.

For those of us who do not have access to biometrics and fingerprint authentication, we’re going to bring an innovative spin to tried-and-true methods all of us should be putting into practice.

Be sure to follow along on our Facebook page for daily tips that are quick to implement and easy to share. Be sure to let us know if you try them out! #Inverselogic #October #CybersecurityAwarenessMonth

Locked PDF Phishing Scam Attack

Taylor RidgeLeave a comment

Last week, the SANS Internet Storm Center alerted people about an active phishing campaign that contains malicious PDF attachments. This PDF phishing scam is specifically aiming to steal email credentials.

In the subject line of the email, it reads, “Assessment document,” and a single PDF attachment in the body of the email. The message reads: PDF Secure File UNLOCK to Access File Content.”

pdf_phishing.png

Photo courtesy of KnowBe4.com

You are then prompted to enter your email and email password to “view” the document. This is the type of phishing campaign that targets everyone, not just the more sophisticated users. Founder & CEO of KnowBe4, Stu Sjouwerman, says, “This is a large spray-and-pray campaign that hopes to get a small foothold into your org via an email account and then compromise, tunnel in or send spear-phishing attacks.”

Once opened (using any email / password variation), the PDF suggests that it is a SWIFT banking transaction and transmits any entered data to the spammer.

SANS says, “Be wary of emails from domains that don’t match the contents, note that encrypted PDF documents are not locked this way (and will never ask you for your actual email password anyway), and look for other inconsistencies that give these away as scams.”

If you’ve got Adobe Reader, it will warn you upon opening it. However, if you’re running on Windows 10, be extra weary. The default browser is Edge, which does not appear to give any warnings upon receiving the email.

Be sure to think extra hard before you click so that you don’t become victim to any PDF phishing scam or malicious attempts.

Inverselogic’s Director of Technology Offers Expert Recommendations for Cloud Storage in New Survey Report

Taylor RidgeLeave a comment

Inverselogic, Inc.’s Director of Technology Jeff Alerta Offers Expert Recommendations for Cloud Storage in New Survey Report

Did you know that 14% of small- to medium-sized businesses using free cloud storage are storing medical data? And 11% are storing banking data?

clutch-article

A recent survey by Clutch, a leading B2B IT ratings and reviews firm, found this and more eye-opening statistics on 2016 trends in cloud storage as part of their 2nd Annual Small Business Cloud Storage Survey.

Jeff Alerta, Director of Technology at Inverselogic, Inc., offered expert commentary on the results, with advice and recommendations that small businesses can implement to ensure they are using their cloud storage effectively and safely.

In regards to storing sensitive data in free cloud storage, Alerta said, “If you need to be HIPAA compliant or PCI compliant, you should be using the highest level of security that you can obtain, and usually that’s not present on most free cloud storage accounts.”

“If it won’t kill your business to lose your information or have it compromised, then you can take advantage of free cloud storage,” he continued. “But if it would be devastating if the information you need to store was compromised, then you should go with paid cloud storage, because they have beefier security.”

A follow-up report, titled “5 Steps to Cloud Storage Success: A Guide to Selecting Your Cloud Storage Provider,” offered advice for small businesses currently in the process of selecting their cloud storage provider.

For example, the article asks, “What sort of issues can you expect with your cloud storage provider?” The survey found that over a third of respondents had no issues with their cloud storage in the past 12 months, while the rest divvied up their responses amongst other issues.

clutch-chart

Speaking to the third who experienced no issues, Alerta said, “Almost all of the cloud providers nowadays have become very stable, redundant and pretty much know what they’re doing now so that outages are very, very rare…The systems are engineered so you don’t really notice when an outage occurs.”

Cloud storage is here to stay. Alerta said that the popularity of cloud storage in business increased lately due to its greater acceptance in the home.

graph-2

“Once they started to see the advantages of actually having your data backed up to the cloud – where if something happened to your computer, you would be able to recover it quickly – they started to say, ‘Well, if I can do this with my home computer, wouldn’t this also help me with my business computer?’,” said Alerta. “So that’s when the business of essentially using cloud storage for backing up your servers and your work computers started to become popular.”

Thus, insights into their industry, such as those offered by Alerta, become increasingly necessary.

Web Traffic Study- Who’s Hogging the Data?

Hannah KatalbasLeave a comment


With America’s entertainment consumption shifting to online channels, it’s no surprise that Internet data usage has steadily surged over the years. The average monthly data usage on wired networks has doubled since 2011 from 25GB to 51GB. 
What might surprise you is the fact that during peak hours in North America (9:00PM to 12:00AM), just one channel is responsible for 33 percent of all downstream traffic.  Sandvine, a company specializing in web traffic management, confirms that Netflix streaming is the dominant force in this consumption. 
Netflix streaming is available on mobile devices.  Image Courtesy of Engadget.
To put things in perspective, Amazon’s service accounts for 1.8 percent and Hulu a mere 1.4 percent of traffic. Netflix’s successful growth is likely due to their expanded TV offerings with less emphasis on movies and their push to enable streaming access from a multitude of devices including gaming consoles, mobile phones, and tablets. Analysts predict that by 2014, 60% of all households will watch TV online. To capitalize on this shift, several start ups like Aero and Skitter TV are working to offer streaming television subscription services similar to Netflix.

ESO Creates 9-Billion Pixel Image of the Milky Way Center

Hannah KatalbasLeave a comment

The European Southern Observatory’s VISTA telescope, short for Visible and Infrared Survey Telescope for Astronomy, has created the largest catalog of stars at the center of the Milky Way. The telescope has taken thousands of separate pictures of the galaxy’s center which have been combined to create one massive image. Previously, older stars in the center could not be studied due to obstruction by dust and gas in space. Using infrared technology to look through the dust and gas, scientists can now get clearer images of these stars, allowing them to analyze their characteristics and compile data about them that is more accurate. 

Image courtesy of European Southern Observatory (ESO)

Above is a significantly minimized picture (the original is 24.6GB). To give you an idea of what the 108,200 by 81,500 pixel image would look like, if printed at the standard resolution for books, the picture would span 23 feet wide and 7 meters tall. 

 For information about ESO and more images check out the ESO website.