Contents contributed and discussions participated by sheinne jim
Dyman Associates Risk Management Review: 3 Ways to Make Your Outlook.com Account Safer - 1 views
-
Following on from our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes for users of Microsoft's Outlook.com (formerly known as Hotmail and, for a while, Windows Live Hotmail).
Controls affecting Outlook.com security are mainly found in one central place, which can be accessed by clicking your username (this will probably be your name), shown in the top right of any live.com page when you're logged in, and selecting "Account settings".
1. Protect your password
Your first step should be to make sure your password is well chosen and not shared.
If you need to set a new one, visit the "Security & privacy" section of the Account settings page.
You'll then have to verify your account with a security code, which you can do by email or text.
At the top you'll see when your password was last changed, with an option to change it below.
Just below that, in the section labelled "Security info helps to keep your account secure", you'll find any backup email addresses or phone numbers you've given to Microsoft to help verify your identity if you get locked out of your account.
Make sure these are a good way of getting in touch with you, and are not easily accessible by people you don't trust.
These contact points will also be used to send alerts if Microsoft spots any suspicious activity - you can choose whether or not to receive alerts by phone and whether to have them sent to multiple email addresses, but the primary alternate email must always get alerts.
2. Set up two-step verification
On the same screen you can also set up two-step verification.
Scroll down to the next section of the "Security & privacy" page.
When you follow the link to set it up, Microsoft recommends using a smartphone app, which will vary depending on what kind of device you use.
Windows Phone users can get Microsoft's own authenticator app, Android users can use the Microsoft Account app, and those with iOS devices will need Google's multi-purpose Authenticator.
Each has its own process for setting up, but most will simply require you to scan a QR code displayed on-screen. Once set up, you should be able to use the code generated by the app any time you want to log in to your account.
If you choose not to use an app, or don't have a smartphone, you can have codes sent by SMS to the number you provide, or by email to one of your alternative accounts, but Microsoft will continue encouraging you to opt for the app approach, at least until you tell it to stop.
When you log in with a 2SV code, there will be an option to trust the device you're using and not ask for any more codes, so in future you'll only need your normal password.
Only check the box if you're on a machine you use regularly and know to be kept well-secured.
As part of setting up 2SV, you'll be given an emergency backup code. This is used if you ever lose access to the apps, phone numbers and email addresses provided for 2SV codes.
Outlook.com recommends you print it and keep it somewhere very safe, but if you find it easier to keep it in a file on your (well secured) computer, make sure it's very well encrypted.
In the "Recovery codes" section you can choose to renew the emergency backup code if you no longer have it.
3. Check your settings
You should consider checking the "Security & privacy" page occasionally, to make sure the backup and 2SV contact details are up to date - check that any old devices you no longer have are removed from the "Security info" or "App passwords" sections.
There's no way to monitor which devices have been marked as trusted for 2SV purposes, but at the bottom of the "Security & password" page you can at least remove trust from all machines, cutting off anyone who may have obtained unauthorised access.
There's a whole section of the "Security & Privacy" area dedicated to "Recent activity".
This is the place to go if you suspect someone's been intruding on your account. You can view a detailed list of logins, attempts, 2SV challenges and significant settings changes, and for each one there is further information on the device type and browser or app used, the IP address and location.
There's even a little Bing map pinpointing where the IP address appears to come from, but this may not be very accurate, particularly for things like POP access from a mobile mail client.
In case you're worried about any particular event, the details area for each one provides a large button marked "This wasn't me". Clicking this will lead to a review of your security settings, including resetting your password to make sure strangers are kept out.
Finally, the "Related accounts" section, under "Security & Privacy" lets you view and manage any accounts you have linked to your Outlook.com account, and also any other apps and services which may have been granted access.
You should make sure any entries in here are expected and necessary.
Once you're done with making your Outlook.com account safer, make sure you are following our general advice in our guide to securing your webmail.
ā
Dyman & Associates Risk Managements Projects: 8 Tips for Keeping Spreadsheets Secure - 0 views
-
For most businesses, spreadsheets offer a simple way to perform key business functions, such as accounting, data analysis or chart creation. But many of the user-friendly advantages of spreadsheets also make them susceptible to data or security errors that can create nightmares for organizations if overlooked.
According to the European Spreadsheet Risk Interest Group (EuSpRIG), a global resource for spreadsheet risk management, spreadsheet errors can have a tangible impact on companies ranging from lost revenue or fraud to poor decision-making or financial failure.
In a recent survey by Forrester Research, only 10 percent of 155 IT decision makers surveyed said they provide an alternative to Microsoft Office. Although Excel is an excellent business tool, it still requires careful auditing, particularly as the complexity of a spreadsheet increases, says Jürgen Schmechel, owner of Capitalise-IT, a Sydney based consultancy specializing in spreadsheet auditing and business strategies for growing companies. By following best practices for spreadsheet use, whether Microsoft Excel or an alternative, many common problems can be prevented, he says.
1. Define parameters for use- “Complex spreadsheets in large enterprises normally involve several departments, and designing an effective template for each process is often necessary,” says Schmechel. By identifying requirements for spreadsheet use up front, companies can avoid common errors such as versioning mistakes or allowing the wrong person access.
2. Perform an audit- Identify the most critical spreadsheets used within your organization and ensure ad hoc sheets are not used for critical processes. “Logical handover processes for spreadsheets are crucial, especially when multiple departments are involved,” says Schmechel.
3. Don’t rely on document protections- Security features such as password protection, hiding or protecting sheets and other features are not actually designed to secure information and can be easily bypassed. “Many companies do not consider that software is readily available to crack passwords or are unaware that opening an Excel document on the iPad using a $10 app called Numbers will remove all perceived protection features such as hidden sheets,” says Schmechel. “The fact that third-party solutions also remove such so-called protection is another issue, with common examples including cloud offerings from Google GOOG +0.19% and Zoho,” he adds. Preventing this problem can be difficult without taking steps to better manage or secure files.
4. Determine sharing requirements- Make a distinction between spreadsheets designed for internal and external use, ensuring that confidential information or source data is not present in documents designed for third-party review. “Alternatively, use PDF format only for third parties,” says Schmechel.
5. Secure at the file level- Security must be enforced at a file level for true protection. “File or directory-based, read-only or edit permissions for internal spreadsheets is recommended, given the open nature of spreadsheets,” says Schmechel.
6. Utilize document management- Implement an internal document management system that includes file versioning, testing and approval processes before sharing takes place.
7. Don’t forget to check the work- Manual data entry and custom formulas must be checked to correct errors just like a spell-check is needed on text documents. Studies indicate that almost 90 percent of spreadsheets contain errors ranging from minor to severe. “Larger companies often base multimillion-dollar decisions on spreadsheet information that contains errors. If a $10,000 external audit ensures all data is correct, the expense is worth it,” says Schmechel.
8. Bring your own- With BYOD increasing, companies must also consider spreadsheet security for personal mobile devices and for documents created using software from home or freeware, such as Google Docs. Decide whether employees can send out spreadsheets to third parties or edit them on portable devices using Polaris Office, Kingsoft Office or other solutions. Alternatively, maintain all data on local servers, with remote access technology granted to approved staff and frequent audits from uninvolved parties.
The ubiquity of spreadsheet use within organizations of all sizes can make it easy to overlook the potential risks they can pose. Companies that follow these simple best practices will ensure they are less vulnerable to errors and security flaws.
Dyman Associates Management, Focus on global effort to ensure cybersecurity - 0 views
-
Muscat: With the number of cybersecurity attacks increasing, regional and global cooperation is necessary to face the challenge, speakers at the third annual regional Cybersecurity Summit that opened in Muscat on Monday, stressed.
Organized by the Information Technology Authority (ITA), represented by Oman National CERT (OCERT) in cooperation with the International Telecommunication Union (ITU), IMPACT and French business information group naseba, the 3rd Annual Regional Cybersecurity Summit opened under the auspices of Yousuf bin Alawi bin Abdullah, Minister of Foreign Affairs.
Commenting on the summit, he said, "This regional conference is very important for the Sultanate as it has assumed responsibility for cybersecurity in the region. The cooperation between the regional countries and other countries that have important interests in this region should be real. The Sultanate welcomes such cooperation, which aims to protect the common electronic interests from theft and other bad behaviors that could result in losses for the business community and companies, investments and others."
In his welcome address at the summit, Dr. Salim Sultan Al Ruzaiqi, CEO of ITA Oman, said, "The issue of cybersecurity in general and protecting institutions' critical infrastructures in particular requires a holistic view. As the number of cybersecurity attacks increase, regional and global cooperation is necessary to face the challenge. The role of regional and national CERTs is to work together to develop plans, share experiences and discuss solutions."
Highlighting some statistics from Symantec from the past two years, Dr Al Ruzaiqi stated that the financial loss resulting from cybercrime is estimated at 110 billion dollars per year, and that 556 million people worldwide have fallen victim to cybercrimes. He further pointed out that the sectors most affected by cybercrime are the critical infrastructure facilities around the world. "Only by intensifying our efforts to develop solutions and strategies for the protection of such institutions can we win the war against cybercrime."
Chairperson for the first day of the event, Eng. Badar Ali Al Salehi, Director General of OCERT, explained the importance of such a regional gathering and the impact it can have on the cybersecurity future of the region.
He said, "The conference is being organised to highlight key issues that are affecting most regional countries. It acts as a platform for everyone to come together and address these threats." He concluded his opening remarks by noting the importance of staying ahead. "It is important to learn from mistakes and figure out the motives behind cyber-attacks. But the main key is prevention."
The opening keynote address was followed by the address of Ilia Kolochenko, CEO of the Swiss Company, High Tech Bridge. While the keynote address discussed the importance of eliminating vulnerabilities and maximizing efficiency in interconnected and interdependent infrastructures, Kolochenko highlighted how protecting all the classified information has become a top priority for nations and businesses all across the world.
The agency's press release at Dyman & Associates Risk Management Projects indicated that the lease, which will cost the tech giant $ 1.16 billion, is for " research, development, assembly and testing in the areas of space exploration, aviation, rover/robotics and other emerging technologies".
NASA Administrator Chris Bolden said, "As NASA expands its presence in space, we are making strides to reduce our footprint here on Earth." He added that the agency wants "to invest taxpayer resources in scientific discovery, technology development and space exploration - not in maintaining infrastructure no longer needed."
According to the report, a real-estate offshoot of Google called Planetary Ventures will be managing the Moffett airbase and will take over the $200 million improvement to the site, which includes educational facilities to let the public "explore the site's legacy".
The 1,000 acres of airfield in the southern part of SF Bay include two runways, a golf course, office space, NASA's Ames research center and three hangars, one of which is the iconic Hangar One. It's expected that the agency will save around $6 million worth of operation and maintenance expenses per year because of the lease.
Hangar One is one of the biggest freestanding edifice which covers 8 acres and was constructed in the 1930s for US naval airships. In 1966, it was recognized as a US Naval Historical Monument but has recently been placed as an endangered historic place according to a Dyman & Associates Risk Management Projects' press release.
"GSA was proud to support NASA in delivering the best value to taxpayers while restoring this historic facility and enhancing the surrounding community," said Dan Tangherlini of the US General Services Administration.
The Moffett lease shouldn't really come as a surprise as it's practically just next to Googleplex HQ. In fact, it's already servicing private jets owned by the company's executives such as Sergey Brin, Larry Page and Eric Schmidt.
Both Brin and Page, the firm's co-founders, are evidently interested in space exploration and aviation as shown by their X Lab's Project Loon and Project Moonshot. Their company has also acquired satellite and robotics firms recently such as Meka Robotics and Redwood Robotics.
NASA and Google have also previously teamed up in 2005 when the latter made office at the agency's research facility and launch a new lab.