Data Masking and Algorithmic Boss
Take a glance at the most discussed cybersecurity topics of the week.Security vulnerabilities in a company’s data systems are not always the case. The major weakness remains the human factor.
The value of email security awareness
Dark Reading on October 15, 2018
Nearly three-quarters of phishing, malware, and ransomware attacks enter through email, according to a SANS Institute study. But the vulnerabilities in a company’s data systems are not always the case – a major weakness remains the human factor. Here are four ways to increase your employees’ awareness in email security:
- Personalize the email security training program according to the employee’s area of the business and responsibility.
- Reward workers who proactively report suspicious correspondence to IT and show initiative.
- Invite “white hat” specialists to organize a simulated attack and check employees’ skills. More substantive training using real-world scenarios can be a powerful tool.
- Accurately account the results of the email security training program.
In addition to these recommendations, keep in mind the threat moving toward collaboration platforms like Slack or Google Drive that allow for the sharing of files that previously would have been attached to an email or SMS.
Data masking resolves a dispute between consumers and developers
Software Testing News on October 12, 2018
When it comes to data usage, organizations need, on the one hand, to consider consumer concerns around privacy, compliance, and security. On the other – to provide developers with sufficient information for effective testing changes and updates. It’s especially true in the context of implementation of copies of the production database. Although there are proven methods of its protection like using a limited dataset of anonymous data, a better way to secure information is data masking when sensitive data is replaced with fictitious, but still realistic data.
Organizations adopting data masking have to focus on three key areas:
- Look for the right data masking solution (e.g., static data masking, dynamic data masking or their combination).
- Manage the complete data masking lifecycle by adopting an enterprise solution that provides tools to manage the full lifecycle of masking data from a central user interface.
- Use cloning data masking tools to reduce overheads.
Is an Algorithm your boss?
The New York Times on October 12, 2018
“Whether we realize it or not, algorithms are managing all of us”, says Alex Rosenblat, the author of the forthcoming book “Uberland: How Algorithms Are Rewriting the Rules of Work”. Although algorithms gave us super-convenient food delivery services and personalized movie recommendations, Uber drivers claim: all that glitters is not gold.
The algorithmic manager seems to help drivers during periods of high demand. It encourages them to relocate to certain areas at certain times and activates surge pricing. However, the “boss” is indifferent when it comes to conflict situations and insulting drivers. Another eternal question – the rating system that leaves no chance for drivers below 4.6 stars.
Whenever we use a ride-hailing app, algorithms manage what we do as passengers, by controlling and manipulating the information we have about the price and location of available cars. So the impact of algorithms seems to be not as inconsiderable as we think.
How to make a tight-budget cybersecurity effective
Healthcare finance on October 15, 2018
Cybersecurity is a must for both business structures and small physician practices. But what if it meets the financial capacity constraints? Look at five points of building a good information security plan on a tight budget:
- Basic infosec building blocks go a long way – asset management for PCs, servers, and data, vulnerability management, anti-virus software and log correlation are some of the bare bones tools that can improve security on a tight budget.
- Patch management and network monitoring – turning on patch management auto updates is cost-effective. Network monitoring should include intrusion detection and failed logins.
- Cyber cost-benefit analysis – although it’s difficult to measure it, the absence of negative events is the benefit that allows you to avoid extra expenses.
- Don’t forget partners and vendors. It ties right back to knowing who and what is on your network.
- Education: the cornerstone to a necessary security culture. Integrate cybersecurity education in your corporate culture.