Resources

In light of Uber's recent data breach, the ride-hailer is being investigated by regulators in the U.K., Australia, the Philippines, and New York. Now the

CEO Dara Khosrowshahi has confirmed that hackers stole the data of 57 million riders and drivers around the world—and that the company kept it quiet.

When Uber paid a $100,000 ransom so that hackers who broke into its data warehouse would destroy the personal information they stole, it allowed the ride-sharing company to keep a massive breach of 57 million user and driver accounts secret for nearly a year.

There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.

How many of us really  know how cyber security works or its priority level in an organisation? To give a broader picture, the rising awareness among company heads regarding the business impact of IT security incidents is already driving the global spend on security, slated to grow at a CAGR of 7 per cent globally. An independent estimate suggests that the global annual IT security spend will reach north of $93 billion in 2018.So, how do companies protect themselves against any form of cyber attack? To start with, there are many moving parts to building cyber defenses; the most important is to find vulnerabilities across the entire digital footprint of an enterprise. The three layers of security are cyber security, network security, and information security. The layers are not exactly exclusive areas but intersect with each other and thus often lead to a semantic conundrum. Simply put, cyber security is about external threats, network security is about internal threats, and information security is about protecting data and information from getting lost or stolen. External threats become internal threats when a hacker or the malicious entity breaks into a network asset, for example, an endpoint device like a Desktop or a printer. Research suggests that Enterprises can bring in significant improvements to their security profiles through enabling basic hygiene factors when it comes to IT security. Here are 10 tips for IT administrators to secure the Enterprise network: Patch: Set up all endpoints and network devices for automatic software and OS updates. An unpatched machine is more likely to have software vulnerabilities that can be exploited.Secure DNS: There are websites that distribute infected programmes, applications and Trojan files. Another threat exists in the form of poisoned DNS attacks, whereby a compromised DNS server directs you to an unauthorised web server. Users can protect themselves from DNS threats by changing the way their computers process DNS services.Secure connections: Mandate employees to use VPN or remote connectivity and secure file transfer options when off campus.Inventory: It is challenging to keep track of all devices connected in the network. Network discovery tools bring a lot of value as they identify and list all hardware/software components, and can also go one step further and identify software installations that provide weak security configurations.Beyond firewalls: Firewalls help stop incoming threats, but you still require formalised management, destruction and archival procedures for your electronic data. Threats can also come from wireless networks, dial-up modems, and internal employees. Such threats often bypass firewall protection. Next-gen security devices like the Cisco UTM Appliance could provide the ability to detect and stop a much more comprehensive array of attacks than a standard firewall, however; some attacks may pass through the device.Employees, a hidden threat? The Computer Security Institute estimates that between 60 and 80 per cent of network misuse comes from within the organisation. To mitigate the risk of a threat, dealers should have an Internet content filtering solution that will prevent employees from visiting inappropriate or virus filled websites. Monitor day and night: Obviously you cannot have your staff watching 24/7 to see when an attack happens and respond to it but you can have a ‘network behaviour anomaly detection’ tool to integrate with the threat-centric NAC  (network access control) solution to respond to security events. Thereby looking across the entire attack continuum, before, during and after an attack.Fight malware:  The power of having Advanced Malware Protection(AMP)  everywhere within an organisation’s security infrastructure is really the power of having more eyes in more places. Malware moves quickly, works together with other malware in the environment and attacks via e-mail, web, on the endpoint, mobile devices, the list goes on. Get maximum visibility and control into as many attack vectors as possible. Single AMP deployments are powerful on their own. Many organisations are okay with, for instance, deploying AMP at the endpoint or deploying AMP at the network to get the amount of visibility and control they need. However, many choose to deploy AMP simultaneously at multiple security control points to increase security effectiveness for the organisation. With AMP in more places, you get more eyes watching more attack vectors, continuously monitoring for malicious behaviour across the extended network.Enable threat-centric NAC: Centralise and unify network access policy management to provide consistent, highly secure access to end users, whether they connect to your network over a wired, wireless, or VPN connection. Also, simplify guest experiences for easier guest onboarding and administration. Streamline BYOD and enterprise mobility with easy, out-of-the-box setup for self-service device onboarding and management. Gain greater visibility and more accurate device identification and device profiling. NAC would help reduce the number of unknown endpoints and potential threats on your network.Secure e-mail traffic: More than 100 billion corporate e-mail messages get exchanged on any given day. An e-mail security solution should provide inbound e-mail security and outbound e-mail control, spam filtering, reputation filtering, virus outbreak filters provide zero-day virus protection and work along with integrated virus signatures. Corporate risk must also be reduced through embedded data loss prevention (DLP) functions, which can detect sensitive content, patterns or images in a message body or within attachments. Must be able to filter/block e-mail attachments.There are multiple vendors and multiple point solutions available in the market to support every area discussed here. However, it makes sense to go ahead with a single vendor with an integrated hardware and software solution for network security -- the IT security vendors.Security breaches are, by far, the most significant business risk in the digital age. Be proactive in ensuring the safety of your digital assets and thus protect the corporate reputation, data and information.

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

Employees are the main gateway into the organization for cyberattacks. As a result, they are also the first line of defense. So arming these “sentry” employees with information they need to identity attacks is a critical part of a company’s overall security program — and yet most companies fail at this. One of the big reasons security rules often don’t work is because they are so complex they drive people to take shortcuts that defeat their purpose. The single most important thing companies can do to shore up this first line of defense is to improve the relationship between IT and employees. Getting to know the employees, what their roles are, and how they work with technology, will increase the chance that they will report security issues and be more conscientious in their security practices. It also can help provide IT the information they need to tailor their security education and testing efforts to individuals. It will take collaboration like this within the organization to really change peoples’ habits and make a difference in keeping organizations safe.

#EdTechAfterDark #TLAP #EDchat #EdLeadership #FLedchat #GlobalEdChat

Student creation of six-word memoirs can help form powerful connections to learning. Discover some technology resources to help them. Explore this and more at TCEA TechNotes Blog, your go-to source for educational technology and teaching innovation.

Back in the 1960’s I remember my mother telling me not to sit so close to our Magnavox color tv console my family had purchased that was the center of entertainment in our house. “The radiation will...

ED is America’s education agency. We help students pay for school, support families, and give educators tools to do their jobs. We protect students' rights and make sure every American has equal access to an education.

The focus of developing today’s tech trends is turning to the youngest of learners.

Awesome memory: Winner of the 2011 Thanksgiving Contest on www.doink.com by ArdyTheKoi. Happy Thanksgiving, Doinkers! #doink #animation #edtech.

The Dynamic Learning Project seeks to improve education equity and student learning by supporting teachers with classroom coaching in an effort to better leverage technology in powerful and meaningful ways.

Spread the loveAccording to the STEM (Science Technology, Engineering, and Math) Coalition, there are 26 million STEM jobs in the U.S., comprising 20 percent of all jobs. By 2020, there will be 9.2 million STEM jobs in the U.S. Despite the need for these workers, only 45 percent and 30 percent of high school seniors are prepared for college-level math and science courses, respectively. As the American K-12 system continues to look for ways to increase student interest and aptitude in STEM learning, technology is playing an increasingly pivotal role. Children who come to classrooms today have an inherent aptitude […]

One of the best new tools offered by technology is the digital bulletin board. Learn how to use it and which ones are the most effective for learning. Explore this and more at TCEA TechNotes Blog, your go-to source for educational technology and teaching innovation.

The first three quarters of 2017 have seen 3,833 breaches reported, exposing over seven billion records, according to a new report.

As a principal, I get pinged by edtech providers almost every day. Everyone has a new solution that is going to “disrupt” my school. Most of the time ...

An intro to web app and DDoS attacks meant for sharing with executives working in areas outside of technology. They might not know about these threats, but they should at least know the basics.

We've compiled a list of our favorite note-taking apps for iOS and Android phones and tablets to help keep your life organized and your thoughts in order.

George Couros designs dynamic programs to infuse innovation into teaching and leadership, equipping educators with strategies for immediate impact and