Posts Tagged ‘cyber-security’


Cyber Security: Fighting Back Against Threats

Tuesday, November 29th, 2016

Computer hacker stealing data from a laptop concept for network security, identity theft and computer crime

By Sydney Rodgers*

Theresa Payton is a notable expert on leading cyber security and IT strategy. As former White House CIO from May 2006 until September 2008, she is one of the leading security specialists in the nation. Payton is the CEO of Fortalice Solutions and co-founder of Dark Cubed. Both companies provide security, risk and fraud consulting services to various organizations.

At the recent Public Relations Society of America (PRSA) International Conference, Payton compared potential security risk to connecting a talking Barbie to unknown WIFI sources. According to Interstate Technology & Regulatory Council (ITRC), in 2015 over 169 million personal records were exposed due to breaches. With the internet playing such a large role in daily life I wanted Payton’s insight on how to structure your brand. Below Payton gives us tips on how to expand your assets without putting them at risk.

 

How does someone determine their most valuable assets?
Your most valuable asset(s) is that information that you absolutely cannot afford to lose. It’s the most critical asset that you need to safeguard and protect either for yourself or your organization.  Lots of digital assets are considered valuable but the top 3 digital assets that cyber criminals target before and during a large event are:

  1. The schedules of notable people and their security detail assignments;
  2. Ability to spoof or fake credentials online or in person; and/or
  3. Stealing personally-identifiable information or the right credentials to access payment information and bank accounts

 

What trends do you see in breaches of security?
Over the course of my career, one item rings true over and over again. Today’s technology, by design, is open so it can be easily updated. That open design also means that a breach is inevitable, but how you plan to respond to one is not. If you create and store data, there will be cyber criminals waiting to pounce to copy it, take it, post it, ransom it, or destroy it. Offensive strategies with defensive mitigating controls work, but a purely defensive strategy is a losing strategy. For every defense you put in the path of a cyber criminal, just like a squirrel after an acorn, they will relentlessly try to circumvent your defenses to grab it.

As we live in today’s world, it would be completely negligent to only think in terms of physical or digital security as two separate entities. We discussed this in great detail at the White House that a security strategy must dovetail the two together, physical and digital, and that a one sided approach was doomed to fail.

 

What things should someone take into consideration when looking into cyber security?
An area often overlooked or widely misunderstood is the use of open source intelligence, also known as OSINT, as part of the overall strategy. 70% of data breach victims indicate that they were alerted they had a breach from someone outside their own organization. That stunning statistic reinforces why every company should target your own organization, as if you are the adversary. This approach helps you identify the information leaking out of your vendor’s connections to your data, through your own employees, or technology, before cyber criminals use that same intelligence to launch an attack against your organization.

Digitally, you can use OSINT tools to identify everything you can about the technology and people that work at your organization. You can also use OSINT to see if your sensitive data has leaked online. Physically, you can use an OSINT technique to digitally geo fence a specific and physical land area and monitor the digital traffic occurring that mentions the location. In the case of fighting terrorism, private sector companies and law enforcement can geo fence critical infrastructure, significant events, and venues and then monitor to identify terrorist capabilities, sympathizers, motivation, flash points and intentions through various OSINT tools.

 

What apps would you suggest someone use to monitor their protection?
Some apps that I use everyday are: Privacy Badger and Ghostery to protect my online browsing from 3rd party marketing firms and other snoops. I also use Threema to protect sensitive text messages.

 

Should there be differences in cyber security for personal and professional?
How you think about protecting your privacy and sensitive digital assets in your personal and work life are the same. Most of the principals that you apply in your personal life should go to the office with you and vice versa. Please make sure you are familiar with the tighter restrictions at work that are typically agreed to within employee agreements that you have signed so you don’t unknowingly break rules or put your company’s most sensitive assets at risk.

 

*Sydney Rodgers is a student at Southeast Missouri State University. She has always been interested in the communication process and social interaction and is currently studying public relations. In her spare time Sydney likes to keep up with current events and is AVP of Communication for her Public Relations Student Society chapter.
Twitter: https://twitter.com/SydSpksSuccess
LinkedIn: https://www.linkedin.com/in/sydney-rodgers-5a6305127

The National Strategy for Trusted Identities in Cyberspace: Engaging Individuals One Poll at a Time

Monday, August 2nd, 2010

by Lauren Shapiro*

The White House recently announced that they are taking steps to create a manner in which online identities could be protected from hackers through the National Strategy for Trusted Identities in Cyberspace (NSTIC). This new initiative would provide individuals with online identification cards, ala drivers’ licenses or social security cards. This identity could then, hypothetically, allow for safe online banking and shopping. Although this program is quite a breakthrough and a necessity for the already burgeoning world of online transactions, it is not the first to discuss the issue of privacy in cyberspace.

White House

Flickr Image: ~MVI~ (Shubert Ciencia)

At the beginning of this year the Interactive Advertising Bureau and the FCC came to a head over the privacy concerns. And more recently the Federal Trade Commission considers implementing a do not track mechanism that would allow consumers to more easily manage targeted marketing.

What may be more interesting and certainly sets the NSTIC initiative apart is the communication strategy used by the White House.

The announcement of this program was made via a blog post by Howard A. Schmidt, cyber-security coordinator. In it, Schmidt describes the vastness of cyberspace, the relatively humongous role it plays in everyday life and the need for a greater emphasis on security within the online environment. The goal of the NSTIC is to, “reduce cyber-security vulnerabilities and improve online privacy protections through the use of trusted digital identities.” What better way to convey a message about cyberspace than in cyberspace!

The other PR savvy tactic: Mr. Schmidt asked for the public’s opinion on how best to mold this new proposal. By visiting http://www.nstic.ideascale.com/ you could submit ideas or opinions while browsing ideas already submitted and agree/disagree with them.

By empowering the nation to become an active voice in the creation of the NSTIC, Howard Schmidt has taken full advantage of one of the most beneficial aspects cyberspace has to offer – the ability to create an open forum of discussion and polling. Through this method, the White House will, theoretically, be able to create a system for the public by the public.

Do you use online polling or discussions during the creation of your PR strategies? Will we one day vote for the President of the United States via online polling? How does online privacy affect your professional communications objectives and personal activities? Please share your thoughts with the me and the readers of BurrellesLuce Fresh Ideas. 

***

*Bio: Soon after graduating from the Richard Stockton College of New Jersey, in 2006 with a B.A. in communication and a B.S. in business/marketing, I joined the BurrellesLuce client services team. In 2008, I completed my master’s degree in corporate and organizational communications and now work as the supervisor of BurrellesLuce Express client services. I am passionate about researching and understanding the role of email in shaping relationships from a client relation/service standpoint as well as how miscommunication occurs within email, which was the topic of my thesis. Through my posts on Fresh Ideas, I hope to educate and stimulate thoughtful discussions about corporate communications and client relations, further my own knowledge on this subject area, as well as continue to hone my skills as a communicator. Twitter: @_LaurenShapiro_ LinkedIn: laurenrshapiro Facebook: BurrellesLuce