Tag Archives: cyber security

Going Abroad? Tips For Staying Cyber-Safe

Keeping thieves at bay when travelling used to involve money pouches and hidden pockets. These days, the threat has moved into the cyber sphere. Keeper Security’s Co-founder Darren Guccione explains. 

The holiday/vacation period is looming, and many people are making plans for international travel. If you are among them, be sure you have done all you can to take responsibility for cybersecurity when travelling. After all, it’s a dangerous world out there when it comes to the cyber threat environment. Some common sense and preparation will go a long way toward ensuring your international travel memories are of the good kind.

Let’s break down the tips and tricks of cyber safe travel into two categories. The first is basic “blocking and tackling,” which for the most part is done prior to your travel. The second category deals with security tips once you are on the road.

First, a note about U.S. Border Patrol agents

It is important to know in advance that the travel environment itself has changed. While travelling within the U.S., TSA agents at the gates are not allowed to confiscate your digital devices, nor are they allowed to demand passwords to get into them. If such attempts are made, demand to speak to a supervisor.

The rules, however, are different for U.S. Border Patrol agents and for agents in other nations too. Recently there have been multiple news reports of U.S. citizens having to turn over digital devices and their passwords as a condition for entering or re-entering their own country. What can the border agents do with your passwords or data on your devices? How long can they keep that information? How long can you be detained? These and other questions are not easy to answer. But as you will see from the tips and tricks below, there is much that can be done to minimise what might be compromised or inspected while you ensure your trip overall is as cyber safe as it can be.

Before you head out: basic blocking and tackling

  1. Back up your e-files. Just presume you are going to lose everything on your devices. If all data is backed up before you leave, then if you lose your device you won’t lose what really matters most to you.
  2. Don’t carry sensitive data. This is easier said than done if you are mixing business and pleasure, but it is not unreasonable to just leave behind all the sensitive files you are not likely to use. Store them on cloud backup or on removable media. But get them off your devices.
  3. Change all passwords for all devices. When doing this, use two-factor authentication if possible, which most devices have today. Make the passwords eight characters or longer with a combination of nonsensical letters, numbers, and symbols.  Download a free password manager that will do all the work of creating complex passwords and remembering them for you.
  4. If you haven’t checked recently, this is an excellent time to be sure your antivirus software is current. There is plenty of danger lurking in foreign hotels, coffee houses, and even airports, as we’ll see. This software is your first line of defence.
  5. If your smartphone allows, and most do, enable the feature that automatically erases all data in the event of multiple failed password attempts (usually 10 or so).
  6. If available, enable anti-theft software (often through the cloud) that allows you to lock your device remotely if it is stolen. Enable and activate the “find my phone/device” function so if your phone or tablet is stolen, you can track it, disable it, and change all the passwords.
  7. Be mindful of movies, books, and other things you have loaded into your devices that could be considered pornographic and otherwise illegal in certain other countries. Also, some downloads considered legal in the U.S. may actually violate local intellectual property or digital asset rights in other countries, should your device be searched. Just err on the side of caution and store and remove anything that might be construed as such.
  8. Disable Wi-Fi auto-connect options from all devices before you leave, such that you have to manually connect when you think it is safe to do so. The best approach is to buy a subscription to services that only connect to secure Wi-Fi hotspots throughout the world. Rates are inexpensive and getting more so all the time. Just do a search on “unlimited wifi.” If you will need to transfer or access sensitive data abroad, consider getting a highly secure VPN connection on a daily or weekly rental basis. Just search “VPN rental.”
  9. Similarly, disable Bluetooth connectivity. If left on, cyber thieves can connect to your device in a number of different and easy ways. Once they are in, your cyber world is their oyster!
  10. Finally if you do not have an international subscriber identity module, better known as a SIM card or do not have a roaming package on your smartphone, your two-factor authorisation access will be limited. All the more reason to purchase a secure Wi-Fi data plan.

Now that you’ve arrived…

The tips and tricks in this list really won’t take long at all for travellers to put in place. Doing so is great insurance against many of the cyber threats that lurk when your plane touches down on foreign soil. But once that happens and your excitement builds as you head to the luggage carousel, your cybersecurity work is not done. Here are some steps to promote cyber-safety on the ground:

  1. Double check to be sure all of your apps are password protected with fresh, new passwords, ideally stored in your password management system so you don’t have to remember any of them. And don’t use the same PIN for hotel room safes that you use for your device password.
  2. At all cost, avoid using “public” digital devices, such as those at coffee houses, libraries, and bookstores. They are often notoriously riddled with malware lurking to steal your information. If you use them, you should presume that someone other than you would see any information you enter.
  3. Be very careful about connecting to any Wi-Fi network if you haven’t subscribed to a global service previously, per the tip above. These are prime milieus for cyberthieves. Say you are in a train station (bahnhof) in Germany. You scan your device for a wireless network and there are several. A legitimate one might be “bahnhofwifi”—but you don’t know that. A cyberthief has set up his own Wi-Fi trap and it shows up as “bahnhoffwifi,” with but one letter changed. Connect to that and your troubles are just starting.
  4. Don’t charge your devices using anything other than your own chargers plugged directly into the wall or into your adapter. It is easy for cyber thieves to install malware onto hotel and other public docking stations.
  5. Never connect any USB drive or other removable media that you don’t personally own. Again, they are easy to load with malicious software.
  6. This goes without saying, but NEVER let your devices leave your sight. If you cannot physically lock devices in your hotel room safe or other secure place, take them with you. There are no good hiding spots in your hotel room. And, of course, never check your devices with your luggage.
  7. Most social media sites are happy to automatically share your location as you post photos and messages. This also tells thieves back home that you are away, which is a great time to break in. So limit the information you post regarding your location at any point in time.

Bon voyage! And safe cyber-travels.

Darren Guccione is Co-founder and CEO of Keeper Security,  a password manager app and digital vault for consumers and enterprises with 9 million+ users. 

Cyber Criminals Could Hold Your Data Hostage

Password theft, identity theft, ransomware – in an age where hacking has become the career of choice for tech-savvy criminals, data protection must be a top priority for CPOs.

“Cyber criminals don’t need to even leave their house to do damage,” says Craig Hancock, cybersecurity expert and Executive Director of Telstra Service Operations. “One breach of trust and the consequences can be irreparable. These days, the traditional idea of criminals – think balaclavas, weaponry, a getaway car – has moved off the streets and into cyberspace.”

Are you prepared for cyber criminals? Do you have your business information secured? How do you manage the confidential information of your customers? And what do you have in place to mitigate risk?

Hancock will deliver a cybersecurity update at the upcoming 10th Asia-Pacific CPO Forum, where he’ll demonstrate how frighteningly easy it is to steal data from a computer by showing a live hack. “I’m planning on showing the group how easy it can be to hack a business, with basic tools and knowledge. I want to make sure everyone is aware about what goes on in the world of cybersecurity threats, and give them some understanding of what they should be doing to help mitigate these threats.”

“Mitigate” is a key word here, as Hancock predicts the cybersecurity challenge faced by businesses and organisations will continue to grow year on year. Notably, he says that any organisation offering a fix-all solution to “solve” your cybersecurity challenge should be avoided.

“It’s an ongoing challenge – cybersecurity has evolved enormously from five years ago, and is likely to look entirely different again by 2020. There’s no single ‘fix’ and there are plenty of bright, shiny objects to distract your security team. You would be wise to put in place some basic, common-sense measures and controls and partner with an organisation that understands the extent of the threat.”

What are the risks?

Cybercrime can be initiated through your head office, at weak point in your supply chain, or even through IoT-enabled devices with low-level protection. Among the types of crime that can take place, Hancock mentions:

  • Password theft: with the obvious prize being the password or access code to users’ bank accounts.
  • Identity theft: a customer’s date of birth and other key information (such as health records) enables criminals to assume their identity, or to sell on this information to others. This can be very expensive for the company that has suffered the breach.
  • Ransomware: Hackers can lock your company’s data in an encrypted vault and demand a ransom for its release. A famous example of this occurred last year when a cyberattack on a Los Angeles hospital left doctors locked out of patient records for over a week, with the hackers demanding a ransom of $3.7 million in Bitcoin.

Telstra’s Craig Hancock will deliver a cybersecurity update at PIVOT: The Faculty’s 10th Annual Asia Pacific CPO Forum.

US Intelligence to Aid Supply Chains Against Cyber Attacks

A new US Intelligence campaign is set to help supply chains defend themselves against cyber attacks.

Cyber attacks

As businesses and supply chains grow increasingly more global, inevitably risk increases at the same rate. One of the most high profile risks for supply chains currently is are cyber attacks and hacking.

With each passing year, the cyber attacks get bigger. In June, the Democratic National Committee was breached by Russian hackers, and 20,000 e-mails, linked to Hillary Clinton’s Presidential campaign, were posted online.

In March, the Bangladesh Federal Reserve lost $100 million to hackers, with only $20 million recovered so far. Over 4,700 cyber attacks have been reported in the US alone since 2005, impacting hundreds of millions of people.

However, organisations with cross-border supply chains are about to get a helping hand in the fight against cyber attacks.

Cyber Attacks & Vulnerable Supply Chains

The National Counterintelligence and Security Centre will provide sensitive information, including classified threat reports, to companies about the risks of hacking in their supply chains.

The move is part of an effort to increase responsibility and education for organisations for supply chain security. It has previously been highlighted that there is a lack of understanding in US companies that having international suppliers makes supply chains vulnerable to cyber attacks.

“The supply chain threat is one that’s the least talked about but is the easiest to manipulate for all aspects of our daily lives,” said NCSC Director, William Evanina.

Domestic & Foreign Threats

The NCSC campaign will initially focus on supply chains linked to both China and Russia, the alleged sources of previous hacks. However, it will also be aimed at domestic hackers, criminal enterprises, and even disaffected former employees.

The campaign will prioritise telecommunications, energy and financial services corporations first. This is in part due to the nature of the business, but also their strategic importance to US national security.

And as well as cyber attacks, the NSCS will also be providing information and advice on so-called “hands on” crimes, such as stealing of classified information, or destruction of sensitive equipment.

Procurement Must “Play Full Part”

As part of the efforts to reduce cyber attacks, the key role of procurement has been highlighted. Evanina emphasised that procurement need to be fully integrated with other areas of the organisation to help mitigate risk.

He highlighted the role of ongoing due diligence to support initial investment in cyber security software and programmes. This would be carried out by procurement, but in partnership with the other areas of the business.

Evanina expands on the role of procurement in this video. He states that research into suppliers, and their own supply chains is critical in mitigating the risk.

Wider World

Although the work to be carried out as part of the campaign is primarily aimed at US companies, the applicability is there for all global supply chains.

Many US-based companies will purchase goods from overseas suppliers, and at the same time there will be companies purchasing from US suppliers. The inter-connected nature of the supply chain, as well as increased connectivity across technological platforms, increases the risk to organisations.

Carrying out due diligence on suppliers, knowing the full supply chain, and, perhaps most importantly, ensuring procurement plays a full part in organisational security, is a way to help mitigate this risk.

Will your organisation be taking advantage of the advice from the NCSC? Will you be impacted by any changes that take place? Let us know in the comments below.

Want to know what’s happening in the world of procurement and supply chain? Well, we’ve picked out the key headlines from the past week to keep you up to date…

Verisk Maplecroft Releases Modern Slavery Index
  • Global Risk Analysts, Verisk Maplecroft, have released their latest supply chain modern slavery index.
  • According to the Index, modern slavery constitutes a ‘high’ or ‘extreme risk’ in 115 countries worldwide.
  • Major exporters China and India fall again into the extreme risk category. The UK is one of only four countries seen as ‘low risk’
  • The report notes that most countries have some form of anti-slavery legislation or framework in place, but lack the resources to enforce these laws.

Read more at Forbes

African Countries Ban Secondhand Clothing Imports
  • A ban on imports of secondhand clothing is to be implemented by the Governments of the East African Community.
  • The group, including Kenya, Tanzania, and Uganda, proposed the ban in order to stimulate the apparel industry in their countries.
  • It is hoped that the measure will also create jobs and bolster the countries’ economies.
  • The rise of ‘fast fashion’ has led to a dramatic increase in the region’s secondhand clothing imports over the past decade.

Read more at Sustainable Brands

Scotland Launches Brexit Stimulus Fund
  • The Scottish Government has announced plans to create a stimulus fund following the UK’s decision to leave the EU.
  • The fund will add an additional £100 million to capital spending to support Scottish businesses.
  • Funds will be allocated to projects based on jobs creation and impact on the overall supply chain.
  • The Government also announced the creation of Business Information Service to support businesses affected by vote.

Read more at Supply Management

Shipping Industry Struggles Continue
  • As the results for the first half of 2016 are released, the struggles in the shipping industry look set to continue.
  • Hapag-Lloyd and Orient Overseas have both reported first half losses for 2016, with Maersk expected to do likewise this week.
  • Decreasing freight rates and over capacity have been blamed for the current plight in the industry.
  • Hapag-Lloyd plans on acquiring United Arab Shopping Co., a deal that could deliver $400 million in savings annually.

Read more at the Wall Street Journal