Recent weeks have been rough, with droves of people turning to virtual communication for sensitive conversations theyd like to keep private medical visits, seeing friends faces and hearing their voices, or solace for those whove lost loved ones.

Understandably, the end-to-end (E2E) encrypted messaging app Signal has been signing up new users at unprecedented rates and flipping the switch on servers faster than we ever anticipated, Signals Joshua Lund said last week.

and you can say goodbye to any of that staying stateside if the EARN IT Act passes.

Signal claims that legal and liability concerns would make it impossible to operate in the US. That doesnt mean it would shut up shop entirely, but it could mean that the non-profit would need to move operations now based in the US.

Called the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act), the bill was introduced last month. If it passes, EARN IT would require tech companies to meet safety requirements for children online before obtaining immunity from lawsuits. You can read the discussion draft here.

To kill that immunity, the bill would undercut Section 230 of the Communications Decency Act (CDA) from certain apps and companies so that they could be held responsible for user-uploaded content. Section 230, considered the most important law protecting free speech online, states that websites arent liable for user-submitted content.

The proposed legislations details havent been ironed out yet, but at this early point, the bills intent to water down Section 230 turns that protection into a hypocritical bargaining chip, Lund wrote on Signals blog.

At a high level, what the bill proposes is a system where companies have to earn Section 230 protection by following a set of designed-by-committee best practices that are extraordinarily unlikely to allow end-to-end encryption. Anyone who doesnt comply with these recommendations will lose their Section 230 protection.

Maybe some of the tech behemoths could swing the potentially huge financial risk that would come with slews of lawsuits as they suddenly become responsible for whatever random things their users say, but not Signal, Lund said.

It would not be possible for a small nonprofit like Signal to continue to operate within the United States. Tech companies and organizations may be forced to relocate, and new startups may choose to begin in other countries instead.

Its bizarre that a government thats reliant on secure, private messaging would even contemplate gutting E2E encryption, Lund said. In February, the European Commission endorsed the messaging app, telling staff to switch to Signal for encrypted messaging. Lund listed other military and government endorsements, calling the proposed legislation troubling and confusing:

For a political body that devotes a lot of attention to national security, the implicit threat of revoking Section 230 protection from organizations that implement end-to-end encryption is both troubling and confusing. Signal is recommended* by the United States military. It is routinely used by senators and their staff. American allies in the EU Commission are Signal users too. End-to-end encryption is fundamental to the safety, security, and privacy of conversations worldwide.

*The US Military also recommends Wickr for encrypted messaging: both it and Signal feature auto-delete functions that erase messages after a set period of time.

The bills backers claim that theyre not targeting encryption. Rather, as with other attempts to legally enforce encryption backdoors, theyre claiming that their real goal is to get companies to accept responsibility for the enabling of online child sexual abuse.

But as has been explained by Riana Pfefferkorn, Associate Director of Surveillance and Cybersecurity at The Center for Internet and Society at Stanford Law, the bill doesnt have any tools to actually stop online child abuse. Furthermore, if it passes, it would actually make it much harder to prosecute pedophiles, she says.

As it now stands, online providers proactively, and voluntarily, scan for child abuse images by comparing their hash values to known abusive content.

Apple does it with iCloud content, Facebook has used hashing to stop millions of nude childrens images, and Google released a free artificial intelligence tool to help stamp out abusive material, among other voluntary efforts by major online platforms.

The key word is voluntarily, Pfefferkorn says. Those platforms are all private companies, as opposed to government agencies, which are required by Fourth Amendment protections against unreasonable search to get warrants before they rifle through our digital content, including email, chat discussions and cloud storage.

The reason that private companies like Facebook can, and do, do exactly that is that they are not the government, theyre private actors, so the Fourth Amendment doesnt apply to them.

Turning the private companies that provide those communications into agents of the state would, ironically, result in courts suppression of evidence of the child sexual exploitation crimes targeted by the bill, she said.

Pfefferkorn has also pointed out that the bill would give unprecedented power to Attorney General William Barr, a vocal critic of end-to-end encryption, who would become the arbiter of any recommendations from the best practices commission that the EARN IT bill would create.

The best practices approach came after pushback over the bills predicted effects on privacy and free speech. The best practices would be subject to approval or veto by Barr, who has issued a public call for backdoors; the Secretary of Homeland Security (ditto); and the Chair of the Federal Trade Commission (FTC).

Basically, those wolves are going to eat smaller encryption providers alive, Lund said:

It is as though the Big Bad Wolf, after years of unsuccessfully trying to blow the brick house down, has instead introduced a legal framework that allows him to hold the three little pigs criminally responsible for being delicious and destroy the house anyway. When he is asked about this behavior, the Big Bad Wolf can credibly claim that nothing in the bill mentions huffing or puffing or the application of forceful breath to a brick-based domicile at all, but the end goal is still pretty clear to any outside observer.

Last month, Sen. Ron Wyden, who introduced the CDAs Section 230, said that the disastrous legislation is a Trojan horse that will give President Trump and Attorney General Barr the power to control online speech and require government access to every aspect of Americans lives.

The EARN IT Act is only the latest of many attempts to inject an encryption backdoor that the US government and law enforcement agencies have been trying to inflict for years.

Digital rights advocates say that the proposed act could harm free speech and data security, and Sophos concurs. For years, weve said #nobackdoors, agreeing with the Information Technology Industry Council that Weakening security with the aim of advancing security simply does not make sense.

The EARN IT Act is still working its way through Congress, not having seen a vote in either the House nor Senate.

Theres still time to stop it, Lund said. To reach out to elected officials, you can look up contact information on The Electronic Frontier Foundations Action Center.

See the rest here:
Signal: Well be eaten alive by EARN IT Acts anti-encryption wolves - Naked Security

Protecting consumers personal information has become the primary reason for deploying encryption technology, according to a study involving Cambridge-based nCipher Security.

It also found employee mistakes were the biggest threat to keeping sensitive data safe - outweighing concerns over hacking.

Some 6,457 individuals across multiple industry sectors in 17 countries were surveyed for the 15th annual Global Encryption Trends Study by the Ponemon Institute in collaboration with nCipher, an Entrust Datacard company focused on hardware security modules.

For the first time, protecting consumer data topped the reasons given for using encryption, with 54 per cent citing it as their top priority, while compliance (47 per cent) - traditionally a key driver - was fourth. It has been falling down the list since 2017, indicating that encryption is transitioning from a requirement to a proactive choice to safeguard critical information.

Dr Larry Ponemon, chairman and founder of Ponemon Institute, said: Consumers expect brands to keep their data safe from breaches and have their best interests at heart. The survey found that IT leaders are taking this seriously, with protection of consumer data cited as the top driver of encryption growth for the first time.

Encryption use is at an all-time high with 48 per cent of respondents this year saying their organization has an overall encryption plan applied consistently across the entire enterprise, and a further 39 per cent having a limited plan or strategy applied to certain application and data types.

Some 54 per cent cited employee mistakes as the biggest threat to keeping sensitive data safe, with hackers (29 per cent), malicious insiders (20 per cent), lawful data requests (12 per cent) and government eavesdropping (11 per cent) well behind in the list.

The growth in digital initiatives, cloud use, mobility, IoT devices and the advent of 5G networks means that data discovery was cited by 67 per cent as the biggest challenge in planning and executing a data encryption strategy. The number of employees working remotely during the pandemic, and keeping extra copies on personal devices or in cloud storage, means this concern is only likely to increase.

John Grimm, vice president of strategy at nCipher, which has a base in Station Square, said:As the world goes digital, the impact of the global pandemic highlights how security and identity have become critical for organisations and individuals both at work and at home,

Organisations are under relentless pressure to deliver high security and seamless access protecting their customer data, business critical information and applications while ensuring business continuity. nCipher empowers customers by providing a high assurance security foundation that ensures the integrity and trustworthiness of their data, applications and intellectual property.

Other findings in the full report, which can be downloaded online, include:

Read more

nCipher acquisition completed by Entrust Datacard

nCipher Security looks forward to 'great synergies' with Entrust Datacard as Thales Group agrees to divest

Read more:
Protecting consumers personal data becomes top reason for encryption, global study involving nCipher Security finds - Cambridge Independent

Technavio has been monitoring the encryption management solutions market and it is poised to grow by USD 3.21 bn during 2019-2023, progressing at a CAGR of almost 14% during the forecast period. The report offers an up-to-date analysis regarding the current market scenario, latest trends and drivers, and the overall market environment.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20200417005010/en/

Technavio has announced the latest market research report titled Global Encryption Management Solutions Market 2019-2023 (Graphic: Business Wire)

Technavio suggests three forecast scenarios (optimistic, probable, and pessimistic) considering the impact of COVID-19. Please Request Latest Free Sample Report on COVID-19 Impact

The market is concentrated, and the degree of concentration will accelerate during the forecast period. Cisco Systems Inc., IBM Corp., McAfee LLC, Oracle Corp., Sophos Ltd., and Symantec Corp, are some of the major market participants. To make the most of the opportunities, market vendors should focus more on the growth prospects in the fast-growing segments, while maintaining their positions in the slow-growing segments.

Rising demand for digitalization has been instrumental in driving the growth of the market.

Encryption Management Solutions Market 2019-2023 : Segmentation

Encryption management solutions market is segmented as below:

To learn more about the global trends impacting the future of market research, download a free sample: https://www.technavio.com/talk-to-us?report=IRTNTR31232

Encryption Management Solutions Market 2019-2023 : Scope

Technavio presents a detailed picture of the market by the way of study, synthesis, and summation of data from multiple sources. Our encryption management solutions market report covers the following areas:

This study identifies honey encryption as one of the prime reasons driving the encryption management solutions market growth during the next few years.

Encryption Management Solutions Market 2019-2023 : Vendor Analysis

We provide a detailed analysis of around 25 vendors operating in the encryption management solutions market, including some of the vendors such as Cisco Systems Inc., IBM Corp., McAfee LLC, Oracle Corp., Sophos Ltd., and Symantec Corp. Backed with competitive intelligence and benchmarking, our research reports on the encryption management solutions market are designed to provide entry support, customer profile and M&As as well as go-to-market strategy support.

Register for a free trial today and gain instant access to 17,000+ market research reports.

Technavio's SUBSCRIPTION platform

Encryption Management Solutions Market 2019-2023 : Key Highlights

Table Of Contents :

PART 01: EXECUTIVE SUMMARY

PART 02: SCOPE OF THE REPORT

PART 03: MARKET LANDSCAPE

PART 04: MARKET SIZING

PART 05: FIVE FORCES ANALYSIS

PART 06: MARKET SEGMENTATION BY APPLICATION

PART 07: CUSTOMER LANDSCAPE

PART 08: MARKET SEGMENTATION BY DEPLOYMENT

PART 09: GEOGRAPHIC LANDSCAPE

PART 10: DECISION FRAMEWORK

PART 11: DRIVERS AND CHALLENGES

PART 12: MARKET TRENDS

PART 13: VENDOR LANDSCAPE

PART 14: VENDOR ANALYSIS

PART 15: APPENDIX

PART 16: EXPLORE TECHNAVIO

About Us

Technavio is a leading global technology research and advisory company. Their research and analysis focus on emerging market trends and provides actionable insights to help businesses identify market opportunities and develop effective strategies to optimize their market positions. With over 500 specialized analysts, Technavios report library consists of more than 17,000 reports and counting, covering 800 technologies, spanning across 50 countries. Their client base consists of enterprises of all sizes, including more than 100 Fortune 500 companies. This growing client base relies on Technavios comprehensive coverage, extensive research, and actionable market insights to identify opportunities in existing and potential markets and assess their competitive positions within changing market scenarios.

View source version on businesswire.com: https://www.businesswire.com/news/home/20200417005010/en/

Contacts

Technavio ResearchJesse MaidaMedia & Marketing ExecutiveUS: +1 844 364 1100UK: +44 203 893 3200Email: media@technavio.com Website: http://www.technavio.com/

See more here:
Analysis of COVID-19-Encryption Management Solutions Market 2019-2023 | Rising Demand For Digitalization to Boost Growth | Technavio - Yahoo Finance

Tech-savvy individuals and firms have been eager to apply their skills to the coronavirus pandemic, as they should be. Some of them are working with governments who have flexed their "special powers" and public health muscles, as governments should do.

Much of this tech effort, from all sides, has been put into contact tracing, which aims to find out who might have been exposed to the virus from an infectious person.

Contact tracing is already a routine process in most developed nations for battling things like meningococcal disease, tuberculosis, and sexually transmitted infections (STIs), including HIV.

Normally, this "painstaking and quick detective work" is labour-intensive and involves lots of phone calls and text messages. The new technologies that are being developed intend to improve that.

Australia's plan toadoptTraceTogether, the COVID-19 contract tracing app from Singapore, is one obvious example.

The remarkable partnership between Apple and Google to roll out APIs to enable contact tracing apps is another.

But how many of these players are thinking about the long-term implications?

TraceTogether's creators seem to have made a solid effort to protect users' privacy from each other. The co-called "Central Authority" server generates temporary IDs which are periodically refreshed, for example.

The data log only contains relative distance between users, as determined by the Bluetooth signal strength, not the exact location where the users came in close contact.

But a detailed analysis by researchers from the University of Melbourne and Macquarie University highlights a range of privacy flaws.

One key problem is that users must trust the Central Authority -- in Singapore, that's a Ministry of Health server -- to do the right thing.

"Even though the data logs are only sent to the Central Authority following user's consent, there is no check to ensure that the request from Central Authority is genuine or not, i.e., whether that user was in proximity of an infected user," the researchers wrote.

"Thus, a curious Central Authority might be able to obtain and decrypt data logs from a large number of users yielding to [a] potential mass-surveillance threat."

While the data logs held locally on users devices are deleted after 21 days, there's no guarantee that the data logs decrypted at the authority server would also be deleted.

As well as tweaks to provide more protection from the Central Authority, and less centralisation, the researchers also recommend that any future use of anonymised data logs "must be restricted".

"An important aspect of data gathered by the server is future use by epidemiologists and policymakers," they wrote.

"Although the information seems innocuous, it can be very sensitive and reveal a lot about the users."

The privacy of medical information is particularly important.

As the Australasian Contact Tracing Guidelines remind us, any disclosure that individuals have tested for, or are living with, such as HIV/AIDS or other STIs, can invite social stigma and discrimination.

"People may be reluctant to seek medical attention if they fear their information could be disclosed to others. This 'chilling effect' could have implications for the future prevention, treatment and study of medical conditions."

These risks are also present with COVID-19. Australia is already seeing racist vandalism and physical and verbal abuse. If specific individuals are ever identified, their situation would only get worse.

For this reason, the researchers say that the data shouldn't be made public, even if anonymised.

"A large percentage of the people might share their data. Even the contact graph, without locations, timestamps, phone numbers or explicit identities, can be linked to other data sources enabling user re-identification."

In fact, another University of Melbourne team found such a vulnerability with a supposedly anonymised public dataset in 2016 and had re-identified seven prominent Australiansin 2017.

The government didn't really fix the problem, however. They just tried to make data matching illegal. The legislation lapsed before the federal election in May 2019.

Digital Rights Watch Australia (DRW) has called for more transparency about the planned use of TraceTogether, along with "unimpeachable guarantees" that the data won't be used for anything else.

"They certainly need to do better than suggesting that privacy implications will be examined by the Attorney-General," said DRW chair Lizzie O'Shea on Wednesday.

"Everything about this needs to be transparent. The code must be independently audited. There needs to be a clear benchmark for when data will no longer be collected and the app deactivated."

O'Shea noted, as others have, that there's a real risk of false positivesand a need to preserve human rights even in the face of a pandemic.

"The existence of encryption-breaking laws like the government's own Assistance and Access [Act] undermines our capacity to keep such systems secure," she said.

"Such technological tools need a social licence to operate effectively, and the government has a long way to go before it comes close to earning it."

In a global context, Dr TJ McIntyre, an associate professor in the Sutherland School of Law at University College Dublin, went further.

"COVID-19 tracing is the most significant technology policy development of this generation -- even more so than the war against end to end cryptography -- and we're watching it happen at breakneck speed," McIntyre said.

"The role of tech firms vs states will be critical."

Genevieve Bell, director of the 3A Institute at the Australian National University wrote that the response to the coronavirus presents a chance to reinvent the way we collect and share personal data while protecting individual privacy.

"The speed of the virus and the response it demands shouldn't seduce us into thinking we need to build solutions that last forever," Bell wrote.

"There's a strong argument that much of what we build for this pandemic should have a sunset clause -- in particular when it comes to the private, intimate, and community data we might collect."

Of course, once governments gain certain powers or access to certain technologies, very rarely do they hand them back with a friendly "Thanks, we don't need that any more".

In fact, the opposite happens. There is always scope creep.

What makes the current situation in Australia even more worrisome is that TraceTogether has been fast-tracked through the review process at a time when Parliament and its various oversight committees have been shut down.

Yes, we need to fight the coronavirus with extraordinary measures, but we also need to have our wits about us.

Updated at 9.34am AEST, 16 April 2020 : Clarified status of lapsed data matching legislation.

Here is the original post:
Coronavirus tracing tech policy 'more significant' than the war on encryption - ZDNet

Hello,

A few days ago my laptop crashed and I had to reinstall W10 all over again. Luckily I had copied most of my files on an external drive. What I forgot to do is decrypt the files first before putting them on that drive. I used cipher to encrypt.

Now that I have reinstalled W10 (it works fine again), I cannot open these files. I have tried to decrypt with command prompt (D:>cipher /d "D:>folderfolder.doc.doc" whereas D: is the letter of the external drive), I also tried right mouse click on the document (on the external drive) > Properties > tab Security > Advanced / Edit > ... , following tips from the internet. But I still cannot decrypt the files. Even copying to the laptop drive isn't allowed.

Can anybody help?

Regards,

jazz

Edited by hamluis, Today, 05:35 PM.Moved from W10 Discussion to Encryption - Hamluis.

Read the original post:
Decrypting file on external drive - Encryption Methods and Programs - BleepingComputer

Ray Hillen, Managing Director of Cybersecurity at Agio

COVID-19 has induced a significant shift in the way we work. Remote is the new reality. As large swathes of the financial services economy acclimate to working from home, its workers are finding new methods for cross-enterprise communication.

For many, Zoom has been the answer to staying connected in the workplace. The video conferencing tools growth has exploded since virtual meetups became the new norm, with many organizations embracing the platform to exchange sensitive data, discuss proprietary information and conduct high-stakes business negotiations.

The apps customer base surged from 10 million users pre-outbreak to 200 million. Including 600,000 new clients onboarded on March 15 alone, the same day social distancing orders were first put in place across the country. The US government stands out here, having signed enterprise contracts with Zoom valued at $1.3m as part of its pandemic response.

There may be, however, a tremendous cost to Zooms convenience.

Simply put, the widespread adoption of Zoom amid a global pandemic might be the security vulnerability of the decade. In fact, any financial services organization using the service should immediately assume their user credentials are under malicious parties control. In recent weeks, New York Attorney General Letitia James has probed Zooms data security strategy, and whether the companys security protections can keep up with the spike in users. It is also our understanding the FBI, among other federal government agencies, has also prohibited the use of Zoom and WebEx due to security concerns.

At Agio, we have discontinued the use of Zoom. This piece explains why the platforms use poses a significant risk to organizations and what actions leaders should take to mitigate that risk.

Privacy Policy

Zoom has already set a precedent for lax privacy and security. Until recently, the platform created a local web server on users device allowing it to turn on the devices camera.This server was not mentioned in any official documentation and The Electronic Privacy Information Center filed an FTC complaintagainst Zoom, alleging intent to bypass browser security settingswithout the knowledge or consent of the user. This, in turn, introduced risks including remote surveillance, unwanted videocalls, and denial-of-service attacks. Arvind Narayanan, associate professor of computer science at Princeton University and digital privacy expert, has even referred to Zoom as malware.

The platforms privacy policy is another cause for concern. While it claims not to sell user data for money, this does not include sharing information with third parties like Google or Facebook, for targeted advertising or other undisclosed business purposes. Despite the exchange taking place, it is not bound by any privacy agreement. The process for rejecting data collection is also notoriously complicated, with experts reporting that users must opt out of more than 85 separate cookies.

Encryption

Another area of concern is Zooms claims around encryption capabilities. After initially stating its platform used end-to-end encryption to protect virtual meetings, the firm recently admitted in a blog post this was not the case. Instead, calls are encrypted using transport layer security (TLS), which is known to be less secure. The company also claims that audio and video meeting data is protected by 256-bit advanced-encryption-standard (AES) keys. Several sources, however, have revealed the keys are actually 128-bit. They are also run in electronic code book (ECB) mode, which fails to completely anonymize underlying data. This runs counter to the professional recommendation that encryption keys are run in Segmented Integer Counter or f8 mode. Crucially, Zooms lack of end-to-end encryption extends to its Company Directory, opening the door to thousands of email addresses and photos being leaked to strangers. With this information, a bad actor can conduct Zoom video calls with the owners of those emails.

Zoom now states it has implemented robust and validated internal controls to prevent unauthorized access to any content users share during meetings and that an on-premise solution exists today to give users direct control of the key management process. To date, however, Zoom has not addressed criticisms of encryption key length, mode discrepancies or its lack of true end-to-end encryption.

An added vulnerability, which is particularly prevalent on Windows operating systems, is Zooms ability to convert universal naming convention (UNC) paths into hyperlinks. If a meeting participant is duped into clicking on one of these links pasted inside Zooms chat section, they can unknowingly send their computers username and password hash to a bad actors server. Using decryption software to uncover these credentials, the bad actor can then breach users by joining calls as an uninvited guest (Zoombombing); accessing the users desktop remotely; browsing through any shared network folders; breaching local network devices; and conducting SMBRelay attacks (where the attacker can alter communications being exchanged between two other parties).

Server Hosting

A geopolitical dimension to our concerns around Zoom is the companys ties to China. The AES 128-bit keys used to encrypt Zoom meetings come from the companys cloud infrastructure, which consists of servers that situated all around the world, including China. Servers in China may even be engaged when a virtual meetings participants are all domiciled outside of the country.

Zoomsrecent filing with the SECreveals the company owns three China-based subsidiaries employing more than 700 R&D employees to create Zooms app. Keep in mind that more than 80% of Zooms revenue comes from North America. An application used by financial services businesses to exchange high-value information, especially one with limited security, is a ripe target for nation state attackers conducting electronic espionage.

Against the backdrop of a trade war and claims that 5G equipment manufactured by Chinese telecom companies might threaten US national security, one should consider whether Zoomcould be pressured, or legally obligated, to share servers or encryption keys with Chinese authorities on-request, and what the state would do with that information. Compared to other technology companies, Zoom has provided little information around how many government requests it receives for data, or whether they comply.

Conclusion

So, what protective retroactive steps can an organization take to secure itself, and its devices, when conducting virtual meetings? Here are some suggestions:

If an organization opts to use Zoom, the consequences can range from breached employee privacy and corporate sabotage, to reputational damage and theft of intellectual property. Regardless of Zooms retroactive measures, which allegedly include new patch fixes, enhanced bug bounty programs and third-party security expert review, this platform is not fit for commercial use.

In Zooms case, the convenience is simply not worth the cost.

The views represented in this commentary are those of its author and do not reflect the opinion of Traders Magazine, Markets Media Group or its staff. Traders Magazine welcomes reader feedback on this column and on all issues relevant to the institutional trading community.

Continued here:
Zeroing in on Zoom's Threat to Financial Services - Traders Magazine

By Karmesh GuptaIn recent weeks, working from home has become the new normal. With Covid-19 keeping everyone indoors in the safety of their homes, enterprises are worried about the safety of their proprietary data as a sizeable number of employees are accessing their company accounts and sensitive data using personal devices.

Working from home is necessary for companies to continue functioning. However, the real challenge in the world of employees working from their own homes is not the slack in productivity or the threat of transmission of the virus, but cybersecurity.

CxOs have the advantage of calling system admins over to their home offices and setting up their network connections up to corporate standard to ensure data safety. However, for other employees, the risk of a data breach is very real. That not only threatens the integrity of a company, but also increases the headache of the CxOs and their share of work.

So, what should you do to ensure that your company network is safe while your employees are working from their homes

1. Provide VPN access to your employeesOne of the easiest and cost-efficient ways to protect your company network and data is by providing all employees with VPN (virtual private network) access. Deploy a VPN so the data moves securely between the companys core systems and the devices used by your employees. A VPN adds an extra layer of security, and heres what it can do for your employees a. Hide their IP addressb. Encrypt the data being transferred between devices using the VPNc. Mask the location of the sender and the recipient of the dataMany of the larger corporations already have a VPN in place. Smaller ones might need to choose a VPN provider. Ensure that all your remote employees have access to the VPN service. If necessary hold a meeting or share tutorials on how to use a VPN efficiently to protect company network.

2. Ensure complete security of your VPNChoosing a VPN service out of a list of the best-rated ones is not enough. You need to ensure that it delivers the highest level of security to your company network that it promises. For that, the employer or the company IT team needs to focus on the encryption used by the VPN.

The strength of any encryption depends upon the bit size of the encryption key. The strength of the encryption depends upon the length of the key. Longer keys can provide optimal protection against brute force attacks.

The RSA (Rivest-Shamir-Adleman) encryption system has been popular for over two decades. It is an asymmetric encryption system that can utilize various key lengths including 1024-bits and 2048-bits. RSA-2048 or higher is necessary for corporate networks to optimize their VPN tunnel. Till date, it is one of the few that has not been accessed by an unauthorized third-party.

3. Use MAC binding Your IT team can use MAC binding to control which devices can access your closed company network. MAC address binding links MAC addresses of LAN and WiFi interface of employees official machine with the VPN User Id.

After static MAC binding, only the device (computer, laptop, iPad or mobile phone), with a specified and approved MAC address can receive and send information across the VPN only.

It also discourages employees from using their personal devices for official work. Since personal devices rarely have updated OSx and state-of-the-art firewalls, using them can increase the risk of data breaches and DNS attacks

4. Implement multi-factor authenticationTwo-factor or multi-factor authentication is an effective way to deter unauthorized users from accessing your company network. Work with your IT team to set up two-factor authentication systems for each employee who needs to log into their company user profile remotely.

A multi-factor authentication could be a combination of the following a. Something known to the user (user ID, PIN, or a secret question)b. Security key, token or card that the user possesses physically or can be sent to the registered mobile number of the userc. Biometric identification (if supported by the users device)In most cases, biometric identification is far-fetched for those working from home. Therefore, two-factor authentication, or a combination of user ID along with a one-time-password (OTP) sent to the users personal registered number is used as a hallmark of security in the country.

5. Discourage the use of third-party remote access platformDeploying a remote desktop service (RDS) or application can result in a bottleneck in the network unless the IT team can adjust and size the network suitably. In case your team has to use a remote desktop service, it is imperative for the CxO to set up a remote desktop service monitoring system.

The RDS can be the weakest link in the chain and allow third-party intervention. It can threaten the security of your company network despite the use of the best VPN service in town.

You and your team should choose the RDS very wisely before you begin exchanging information and holding meetings on the remote desktop platform.

Remote working is the life-blood of thousands of small and large companies across the country right now. However, it is also important to safeguard the company data while your employees are working from the safety of their own homes. Make wise choices like setting up a VPN with RSA-2048 or higher, using MAC binding and leveraging multi-factor authentication to keep the sensitive data and information of your company safe and secure.

The writer is CEO& Co-founder, Wijungle.

Read more:
Top tips to safeguard your network when employees are working from home - Economic Times

In the 1900s computer punch cards could store only 80 bits of data, most cellphones today store the equivalent of 400 million cards or more. From hard drives to networks, and data encryption to cloud data, the advancement of memory storage and security has been vast in the last 70 years. We are now living in a digital age, but how did we get here? 1950The first hard drives were developed in the 50s making storage of information easier. In 1956 IBM unveiled the RAMAC 305, a magnetic disk drive that could store 3.75 MB of data. It was the first storage device allowing random data access, eliminating the wait time of drums or tape to get to a data point.1960A little over 10 years later the floppy disk was invented, again by IBM. Floppies allowed people to buy, load, and share data, which sparked a new aftermarket software industry. The 8-inch disks could hold 80 KB of data and were first sold in 1971.

Also within that timespan, Semiconductor Random Access Memory (RAM) was developed. Over the next five years RAM storage capacity grew 32 times its size, going from 8 bits to 256 bits per chip. Semiconductors allowed memory devices to shrink in size and operate at higher speeds, paving the way for personal computers.

Viruses became more prevalent and in 1988 the Morris Worm infected 1 in 10 computers connected to the internet within 24 hours. This followed by Dr. Popp, the first known ransomware in 1989. Dr. Popp was spread through floppy disks and after lying dormant for 90 power cycles, the malware locked the infected computer and demanded payment to release it.

Soon after, in 1998, IBM and CISCO developed Internet Small Computer Systems Interface (ISCSI). ISCSI allowed access to stored data over an internet connection, making block storage cheaper and easier than SAN could.

In 2017 Generative Adversarial Networks (GAN), were used to superimpose celebrities faces in adult films. A few months later with the help of GAN, a video was forged of President Donald Trump speaking about climate change in Belgium. These fake videos were convincing enough to raise serious concerns over how to determine datas authenticity. Over half of companies have said they plan to continue increasing security

By 2025 175 Zettabytes of data will be stored worldwide, mostly through cloud-based data centers. As AI and machine learning increase the value of big data, so do the opportunities for data breaches. So now that were here in the digital age of data storage, consider protecting what was brought to you by annals of time.

Learn more about cybersecurityhere.

Read next: 24 Percent of Global Users Say They Just Don't Understand Computers and New Technology

Go here to see the original:
The Evolution Of Cybersecurity And Data Storage (infographic) - Digital Information World

Analysis of the Global Biometric Data Encryption Device Market

A recent market research report on the Biometric Data Encryption Device market published by Fact.MR is an in-depth assessment of the current landscape of the market. Further, the report sheds light on the different segments of the Biometric Data Encryption Device market and provides a thorough understanding of the growth potential of each market segment over the forecast period (20XX-20XX).

According to the analysts at Fact.MR, the Biometric Data Encryption Device market is evenly poised to register a CAGR growth of ~XX% during the assessment and surpass a value of ~US$ XX by the end of 2029. The report analyzes the micro and macro-economic factors that are likely to impact the growth of the Biometric Data Encryption Device market in the upcoming years.

Request Sample Report @ https://www.factmr.co/connectus/sample?flag=S&rep_id=1884

Key Insights Enclosed in the Report

Segmentation of the Biometric Data Encryption Device Market

The presented report dissects the Biometric Data Encryption Device market into different segments and ponders over the current and future prospects of each segment. The report depicts the year-on-year growth of each segment and touches upon the different factors that are likely to influence the growth of each market segment.

Competitive landscape of Biometric Data Encryption Device market

Request Methodology On This Report @ https://www.factmr.co/connectus/sample?flag=RM&rep_id=1884

COVID-19 Analysis

The report encompasses the major developments within the global Biometric Data Encryption Device market amidst the novel COVID-19 pandemic. The report offers a thorough understanding of the different aspects of the market that are likely to be feel the impact of the pandemic.

Important doubts related to the Biometric Data Encryption Device market clarified in the report:

Why Choose Fact.MR

Ask analyst about this report at https://www.factmr.co/connectus/sample?flag=AE&rep_id=1884

Read more:
Addressing the potential impact of coronavirus disease (COVID-19) on Biometric Data Encryption Device Market Growth Analyzed in a New Study - Science...

Government lockdowns have made it necessary for people, who are working from home, to use video-conferencing for meetings. And of all the communication apps available, Zoomwhich supports group calls of up to 1,000 video participants and 10,000 viewershas seen the most traction. But now, there are reports of its vulnerability to hack attacks. Zooms Windows client, for instance, potentially lets remote attackers steal login credentials from victims computers. So, if you desperately need an alternative free video conferencing solution, you might want to consider Jitsi Meet. The Tor Projecta non-profit that espouses privacy and freedom onlineendorsed the service via a tweet: If you want an alternative to Zoom: try Jitsi Meet. Its encrypted, open-source, and you dont need an account.'; var randomNumber = Math.random(); var isIndia = (window.geoinfo && window.geoinfo.CountryCode === 'IN') && (window.location.href.indexOf('outsideindia') === -1 ); console.log(isIndia && randomNumber Security: Jitsi Meet uses a P2P mode when there are just two participants in a call and this allows for end-to-end encryption.

When there are more participants, the transmitted media gets routed through Jitsi own secure Videobridge server. The encryption is then carried out hop-by-hop, which means that the media is decrypted by the bridge and encrypted again before it is sent out. This step is necessary as of now for video routing between more than two users. Currently, the service supports up to 75 participants, but it is recommended to keep the number below 35 for a better call experience.

To start a video call: Head to meet.jit.si. Under Start a new meeting on that page, enter a name for your video conference and hit Go. Here, you will need to allow Jitsi to access your camera and microphone when prompted by a browser pop-up.

After that, the service provides you with a link and dial-in details that you can share with the people you want to invite. You can also set a password for your room. Create one, and hit the Enter key. You will also need to share the password with the people you have invited.

Features: During a call, depending on your connection speed, you can choose between four levels of video quality, ranging from Low bandwidth to High definition.

Read more:
Jitsi: Your free alternative to Zoom video conferencing - Times of India