Help prevent user-error security breaches

[vc_row][vc_column][vc_column_text]

Help prevent user-error security breaches

As written on blogs.office.com
According to the Association of Corporate Counsel, unintentional employee error is the top cause of data breaches. And with 87 percent of IT professionals concerned about the security of cloud data, according to a Dimensional Research survey conducted for Druva, it’s easy to feel vulnerable. Preventing these unintentional errors can help keep your data protected.

The problem—simple passwords

Simple or reused passwords open the door to hackers. According to SplashData, the top five worst passwords of 2015 were:
  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
But even a great password can pose problems when used on multiple sites. Hackers know that people like to reuse passwords, so when they crack one, they test it on multiple sites, especially those that may contain higher value information.
Your solution—Educate employees on how to create a strong password. Then put a policy in place to ensure passwords meet minimum complexity requirements and require that users change them often. Also, encourage secure password-keeping practices such as using third-party services that store passwords in the cloud and secure them all with a master password.

The problem—falling for phishing

According to a Verizon Data Breach report, phishing is the second most common threat and is implicated in around a quarter of all data breaches. If a phishing message ends up in an employee’s inbox, there’s a good chance they will click the link.
Your solution—In addition to top-notch security and secure email filters, encourage users to report suspicious-looking messages—similar to reporting junk mail. Once reviewed and identified as a threat, add these messages to service-wide filters.
help-prevent-user-error-security-breaches-1
In Exchange Online, Email Safety Tips provide an additional layer of protection with a warning to the user in messages that are marked suspicious.

The problem—BYOD practices

Bring-your-own-device (BYOD) policies are widely used in today’s business landscape, but employees accessing sensitive information from personal devices can open the door to security threats. According to research from the Ponemon Institute, a total of 67 percent of respondents cited employees using their devices to access company data as likely or certainly the cause of data breaches.
Your solution—Create clear BYOD policies and educate employees on how to follow these guidelines—including what’s at risk if they’re ignored. For additional layers of security, require the use of approved secure mobile apps and multi-factor authentication when accessing company information.

The problem—lost or stolen devices

Lost devices are another leading cause of data breaches. And not just employee-owned devices—even your company’s devices are at risk, leaving your organization exposed to threats if they are lost or stolen.
Your solution—Educate employees on proper device security on- and off-premises, and instruct them to report lost devices as soon as possible. Enable security policies to ensure you can remotely access, locate and wipe a device if necessary.
Continually educate employees to minimize risk of common user-error breaches. Security features available with Office 365 help mitigate the risks introduced by employees. Data Loss Prevention (DLP) proactively scans emails and notifies users before they send sensitive information. Information Rights Management (IRM) allows you to control email access permissions to keep unauthorized people from printing, forwarding or copying sensitive information. Additionally, Office 365 gives you the option to use Microsoft Defender to safeguard mailboxes against sophisticated attacks in real time.

[/vc_column_text][/vc_column][/vc_row]

Passwords for 32M Twitter accounts may have been hacked and leaked

[vc_row][vc_column][vc_column_text]

Passwords for 32M Twitter accounts may have been hacked and leaked

By Catherine Shu and Kate Cogner as written on techcrunch.com

untitled

There is yet another hack for users of popular social media sites to worry about. Hackers may have used malware to collect more than 32 million Twitter login credentials that are now being sold on the dark web. Twitter says that its systems have not been breached.
“We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” a Twitter spokesperson said.
LeakedSource, a site with a search engine of leaked login credentials, said in a blog post that it received a copy of the user information from “Tessa88@exploit.im,” the same alias used by the person who gave it hacked data from Russian social network VK last week.
Other major security compromises which have hit the news recently include a Myspace hack that involved over 360 million accounts, possibly making it the largest one ever, and the leak of 100 million LinkedIn passwords stolen in 2012.
LeakedSource says the cache of Twitter data contains 32,888,300 records, including email addresses, usernames, and passwords. LeakedSource has added the information to its search engine, which is paid but lets people remove leaked information for free.
Based on information in the data (including the fact that many of the passwords are displayed in plaintext), LeakedSource believes that the user credentials were collected by malware infecting browsers like Firefox or Chrome rather than stolen directly from Twitter. Many of the affected users appear to be in Russia—six of the top 10 email domains represented in the database are Russian, including mail.ru and yandex.ru.
Even though Mark Zuckerberg got several of his non-Facebook social media accounts hacked this week, including Twitter, his information wasn’t included in this data set, LeakedSource claims. Zuckerberg was ridiculed for appearing to reuse “dadada” as his password on multiple sites, but results from LeakedSource’s data analysis shows that many people are much less creative. The most popular password, showing up 120,417 times, was “123456,” while “password” appears 17,471 times. An analysis of the VK data also turned up similar results.
In a statement to TechCrunch, Twitter suggested that the recent hijacking of accounts belonging to Zuckerberg and other celebrities was due to the re-use of passwords leaked in the LinkedIn and Myspace breaches.
“A number of other online services have seen millions of passwords stolen in the past several weeks. We recommend people use a unique, strong password for Twitter,” a Twitter spokesperson said. Twitter suggests that users follow the suggestions in its help center to keep their accounts secure. Twitter also posted on its @Support account that it is auditing its data against recent database dumps.

twitter support

LeakedSource said that it determined the validity of the leaked data by asking 15 users to verify their passwords. All 15 confirmed that the passwords listed for their accounts were correct. However, experts cautioned that the data may not be legitimate.
Michael Coates, Twitter’s trust and information security officer, tweeted that he is confident the social media platform’s systems have not been compromised.twitter hack

 

“We securely store all passwords w/ bcrypt,” Coates added, referencing a password hashing function considered secure. “We are working with LeakedSource to obtain this info & take additional steps to protect users,” he continued.
Troy Hunt, the creator of a site that catalogs breaches called haveibeenpwned.com, also expressed skepticism about the authenticity of the data. Hunt told TechCrunch that he’d heard rumors of breaches at Twitter and Facebook for several weeks but had yet to see convincing proof. “They may well be old leaks if they’re consistent with the other big ones we’ve seen and simply haven’t seen the light of day yet. Incidentally, the account takeovers we’ve seen to date are almost certainly as a result of credential reuse across other data breaches,” Hunt said.
Whether or not the leaked Twitter credentials are authentic, it never hurts to change your password — especially if you use the same password across several sites. Turning on two-factor authentication also helps keep your account secure, even if your password is leaked.

[/vc_column_text][/vc_column][/vc_row]