I expect most know what I do for a living and today attended a seminar on banking security. I learned quite a bit and some I'll share with you.

DO NOT use cloud computing other than to store your snapshots. A forensic expert showed how with only a name he could steal your identity and drain your bank account in 48 hours.

DO USE locks on your Smartphone, 75% of people who lost, misplaced theirs had personal data accessed by the 'finder'.

DO NOT ALLOW, BYOD, bring your own device to connect to the network.

There's more but it gets even more worrisome.

 

Not in the industry, but have been becoming more and more worried about electronic (in)security....

One of the reasons my IP is stored on a drive I keep with me at all times. Backed up to a drive not connected to anything (except when backing up).

 

BYOD?

 

BYOD ( bring your own device). Thats when folks use their personal device, phone, for work purposes. Problem with that is there are many ways to embed or use apps that can be used maliciously either overt or covertly.

 

It's becoming more prevalent in the education space as there are school districts out there today supporting BYOD for their students too. They are also looking at IT partners to help subsidize the cost of portable devices so parents can send their young students to class with a reliable and affordable piece of technology.

 

Do you mean by the company against the worker or the other way around?

 

Good one! Most here are employers.

I've always been careful about any internet exchanges. Particularly in regard to anything that may have implications in the workplace.

 

Industrial espionage is the first reason, second is protection against extortion using an infected personal device inside a firewall protected environment. The latter poses the greatest risk right now and here's how it works. A small code is downloaded through being embedded in a photo or a PDF ( the latter was used in a real world situation) The code or virus isn't identified by anti malware once in it begins a search of the net looking for it's brethren and starts collecting them one at a time. In the real world example this took ten weeks. Once the code it constructed it instantly encrypts all the files on the hard drive and leaves a message that reads ALL FILES ARE ENCRYPED - DEPOSIT xxx BICOINS TO xxxx WITHIN xxx TIME OR ENCRYTION KEY WILL DISAPPEAR.

It was thought the initial file was downloaded to a phone or pad and brought into a well secured system. I don't have the solution to the problem but IT should be made aware of it and also the service provider as they control the bandwidth. The latter is important for DDOS (distributed denial of service) attacks as that floods the server with files and manifests as heavy bandwidth traffic.

Have a nice day.

 

how about the guest sign in on the router is that safe to allow visitors to use?

 

Good question and I don't know.

 

Why would you need a guest account on the router. You are just asking to be hacked with that.

 

I'll axe my IT guru for advice and get back to y'all.

 

What seminar was that?

 

As a business, the "guest access" should be outside of the company firewall, it should never be within the company internal access for the very reason of being hacked into company's internal network.

Isn't that kind of extreme, Jim? And how do you expect any response from him when his head is rolling on the ground after you've axed him?

 

I could tell you but then.. well you know the answer already. Really not much a big deal but it was for insiders and it was by invitation.