2014: The Year of Mobile Surveillance

By | March 25th, 2014|Uncategorized|

Guest Blog_032414This guest blog post comes from Camille McClane, writer and researcher based in Southern California.

Between Snowden, the NSA, the sheer amount of our private information we keep in public and the vulnerability of our personal electronics to hackers and their ilk, it’s easy to feel like we’re in an inescapable downward spiral toward absolute zero privacy. The good news is that, in 2014, it’s not all bad news. As threats try to expand, so does the technology to fight back. Here are some of the important security trends we can look forward to this year.

Increased Cloud Usage

Cloud storage already exists, but since the security parameters are so different from physical storage, more companies are going to be consolidating their information in a cloud. Not only is cloud storage more secure, it can even make your day-to-day business more efficient and is certainly worth consideration. Wouldn’t you rather have convenience and security, if possible? Cloud storage has the added benefit of creating a backup, a network and a server that is both encrypted and remotely accessible.

New Encryption Methods

What’s one of the best ways to keep sought after valuables secure inside a safe? Change the combination often. Similarly, one of the best ways to secure your data is by increasing the levels and complexity of your digital encryption. Watch for mentions of cryptographic block modes like cipher-block chaining (CBC) and output feedback (OFB), and authenticated modes like EAX, CCM and GCM, as well as new standards of access and passkey management.

Greater Internal Protections

Your security wall is only as strong as your weakest barrier to entry, and insiders still have the easiest means to disrupt a system. So what can you do about it in your business? On the security side, expect larger companies to focus on system-wide data encryption, making it harder for employees to accidentally (or intentionally) compromise the security of company data.

People Will Become More Private

At the very least, as the threats against privacy continue to grow, people will become more conscious of how they expose themselves to these threats through carelessly granting permissions to countless apps, websites and software. There is an international effort underway to educate the public in these matters, and as the individuals begin to take back some of the lost ground; it will theoretically reduce the overall risk in the process.

After all, no matter how scary the truth is, isn’t it better to know than to not? Let us know your thoughts on Twitter and Facebook, and check out our Tumblr for the latest news stories.

CSID Presents at the Fall UT Center for Identity Symposium

By | October 3rd, 2012|Uncategorized|

Do you know the risks that your company’s data faces when stored on a cloud? Do you know what to look for in a cloud provider? Do you know how to better secure your own information?

Last week our VP of Information Systems and Operations Isaac Chapa addressed questions like these at an Identity Symposium held by the University of Texas Center for Identity.

Isaac (pictured) recommended that companies dig deep through vendor options when looking for a cloud provider. Scrutinize their security processes and encryption standards. And what happens if there is a security breach down the line? “Know your plans from the start,” Isaac stressed. It’s important to set these terms with your cloud provider before the occurrence of a breach—know each of your roles in the situation. Have it built right into your contract.

Isaac’s enthusiastic presentation also reiterated some key points from our recent webinar, like the benefits of implementing multi-factor authentication and diversifying passwords.

For more highlights from the symposium—key points from Isaac’s presentation, as well as those from biometrics expert Dr. Mohamed Lazzouni of MorphoTrust—check out the Twitter hashtag #idsymposium.

Securing Your Digital Life: Lessons from the Mat Honan Hack

By | August 9th, 2012|Uncategorized|

With just a few easy details in hand, a hacker can drastically change your life. Wired technology reporter Mat Honan’s digital life was recently abolished by a couple of hackers who ultimately sought access to his three-letter Twitter handle, @Mat. Within a matter of minutes, they deleted his Google account, erasing years of communication with technology influencers.  They wiped each of his Apple devices, including all existing photos of his baby daughter. And finally, they took over his Twitter.

Mat has written a full account (a worthwhile read) on how these hackers destroyed his digital life with such ease. Access to Mat’s Gmail led them to his billing information stored in his Amazon account, which provided them with the credentials to access his Apple ID and iCloud, and eventually his Twitter handle.

Mat’s story has had a strong impact on the security and technology industries. As professionals and consumers, what can we learn?

  • Use two-factor authentication—Mat believes that had he set up two-factor authentication on his Gmail account, the hack would have been foiled from the start.
  • Avoid linking accounts when possible—Mat’s various accounts were all linked, providing access to one another.
  • Vary your email addresses—Mat’s email addresses each had the same basic format, so the hackers could guess any that were unknown.
  • Back up your data in a hard location—Mat lost private photos and documents that were only saved on his computer and iCloud.
  • Be wary of using Find My Mac tool—Hackers can use this tool to remotely wipe your computer.

One of the hackers has been in touch with Mat since the incident, saying, “He likes to publicize security exploits, so companies will fix them. He says it’s the same reason he told me how it was done.” It’s true—this story has highlighted a number of security holes in the companies we trust most with our personal data. Apple, for instance, has put a lockdown on over-the-phone Apple ID resets, and Amazon will no longer allow customers to change account settings via phone.

What is your biggest takeaway from Mat’s story? What would you do as a consumer or company to prevent this from being possible? Share your thoughts via comments, Twitter or Facebook

CSID Takes on SXSW Interactive

By | March 5th, 2012|Uncategorized|

Headed to South by Southwest Interactive (SXSWi) conference in Austin, Texas this month? So is CSID.

We’ve been working hard, organizing three SXSW panels that address today’s hottest security concerns: data breach preparedness, cloud security and voice authentication.  

The increase in volume, severity, publicity and fallout of recent data breaches and lack of cyber-security has taken the topics of data protection and breach mitigation to new heights. We plan on addressing many of these issues during our panels including how businesses should prepare for the seemingly inevitable breach, how voice biometrics can be used as a method of fraud prevention and how best to address identity protection in the cloud. We’ve assembled an amazing group of individuals for each panel, which should make for some interesting discussions. We’d love to have you attend and answer any questions you may have.

We’ll be blogging a bit more about each panel as SXSWi approaches. You can also catch our updates on Facebook and Twitter. Stay tuned.

Data Breaches: Taking the Bull by the Horns

When: Monday, March 12, 12:30–1:30 PM CST
Where: InterContinental, Stephen F. Austin, Capital Ballroom B
What: When a breach or security issue occurs, it is not just the IT department that needs to react. Company leaders need to know how to address the issue quickly, protect customers and secure their brand. This panel will discuss multiple aspects of breach preparation from technologies that will help mitigate the impact of a breach to lessons learned for those that looked a data breach in the eyes and lived to tell.
Who: Joe Ross, president of CSID, Joseph DeMarco, partner at DeVore & DeMarco, Michael Bruemmer, VP data breach of Experian Consumer Direct, Monica Jedrzejowska, associate at Hunton & Williams, and Terry Hemeyer, senior lecturer and advisory council member at The University of Texas at Austin
Hashtag: #SXBreach

No Rainy Days: Identity Protection in the Cloud
When: Sunday, March 11, 3:30–4:30 PM CST
Where: Hilton Garden Inn, Sabine
What: From financial statements to music collections, we trust the cloud with a lot of personal information. Yet how secure is the cloud? How much control do we have over the data we entrust to it? What can we do if that data is stolen? This panel will try to answer these questions and more as we explore the impact of the cloud on personal identity and security.
Who: Eric Youngstrom, VP of product strategy at CSID, Francis D’Addario, principal at the Security Executive Council, Dr. Suzanne Barber, director of the UT Center for Identity and Oren Hamami, senior cloud security architect at Rackspace
Hashtag: #SXCloudID

My Voice is my Passport. Verify Me
When: Monday, March 12, 5:00–6:00 PM CST
Where: Hilton Austin, Downtown, Salon J
What: Warm up your vocal chords. Voice authentication is going to be front and center as the world looks for ways to secure data. Why? Your voice is unique. It can’t be stolen or forgotten. It is also easy to measure. This panel will discuss advances, strengths and limitations of voice authentication as well as how businesses are implementing the technology to protect identities, transactions and more.
Who: Isaac Chapa, VP of Technology at CSID and Dan Miller, senior analyst and founder of Opus Research
Hashtag: #SXVoiceBio

Load More Posts