Are You Protecting Your Documents With A Digital Signature?

Protecting digital documents and being able to verify that the sender of a file is, in fact, who they say they are, is fast becoming a major concern for many businesses.

Whether receiving a document from a business partner, or downloading software from the Internet, the ability to verify the integrity of a file is crucial. Documents that have been tampered with, or created fraudulently, pose a serious threat. A good protection strategy is the use of a digital signature. This is a mathematical scheme for demonstrating the authenticity of a digital file.

The recipient of a document has reason to believe a known sender created it, and prevents them from denying sending it, this is known as authentication and non-repudiation. Like a tamper-proof seal, it indicates that the document was not altered during delivery, its integrity was in tact.

How log management can protect your systems

Every PC and server you use will keep an audit of its activity, which gives you valuable insight into the behaviours of its users.

Log management is an essential tool in the battle against cyber-crime. It might not be as glamorous as anti-malware software, or the use of honeypots, but it can be the single most important way of preventing a potential hack. It is effectively the gathering of information from your systems. Every PC and server you use will keep an audit of its activity, which gives you valuable insight into the behaviours of its users. You are able to track exactly who logged in at any given time, and where exactly they were accessing.

The eSignature Comes of Age

In recent years, the use of digital or electronic signatures has rapidly increased in an effort to streamline all types of business transactions. The eSignature can not only be used as an actual certifiable signature, just as we did with a pen, but can also be used to encrypt the contents of a document, thus making it accessible only to those whom the owner of the eSignature has granted permission. Furthermore, the protected document can be additionally controlled to ensure that the content cannot be changed.

There are two types of electronic signatures: those based on Public Key Infrastructure (PKI) and those that are not. Digital signatures that do not use PKI cannot: offer a unique signature for each user; identify the signer (authentication); detect changes in the documentation after signing (non-repudiation); or offer a guarantee of sole control for the signer (non-repudiation).

Encryption as the Cornerstone of Big Data Security

Big data refers to huge data sets that come about through the phenomenal growth being seen in the volume of information collected, produced, analysed, shared and stored by organisations. By analysing big data sets, valuable insights can be gained into how patterns of data are associated to enable better-informed decision-making, which can aid in competitiveness and drive innovation. According to Gartner, 48% of organisations had invested in big data capabilities in 2016.

Big data sets harness information from multiple sources such as databases, data warehouses, log and event files, security controls such as intrusion prevention systems and user-generated data from sources such as emails and social media posts. The information collected can be in either structured form, such as in the columns of a database, or unstructured, such as information contained in a word-processing document. Increasingly, data feeds are from devices – and transactions from devices – that make up the Internet of Things (IoT) and this looks set to increase dramatically. As well as this, an increasing number of organisations are looking to incorporate data feeds from physical security systems, such as building access control and smart building management systems.

Digital Security Solutions for SME’s

Often a hacker can remain on your system for months, gathering data, exploiting your network and gradually making their way up the chain.

The small to medium enterprise (SME) owner tends to think they have little or no data that is at all valuable and, as a result, issues of digital security are therefore not important for them. Even some of the more ‘tech savvy’ directors consider that the data they hold is inconsequential and worth very little to a potential hacker. And, as often there is no requirement under PCI rules for SME’s to have security, as they don’t hold credit card or payment details on their network, this view is strengthened.

Why Encryption is the Best Strategy

Data protection, wherever it resides, must form the core of companies’ security systems.

Encryption, in which information is converted from readable format into one that obscures its meaning from those without the authorisation or ability to decipher it, has long been used to protect sensitive information from prying eyes.

Data security as a pressing concern

Why passwords must be taken seriously

So, how can businesses ensure that their employees use the best password security to guard their data safely?

The Friend Finder Network hack, the largest data breach of 2016 that exposed more than 400 million user accounts, has, once again, highlighted the issue of passwords.

Passwords continue to be the bane of our digital lives. We tend to use simple, memorable passwords that any ‘wannabe hacker’ can break. If you then try harder and go for a more complex solution it often gets forgotten or, worse still, written down. So, how can businesses ensure that their employees use the best password security to guard their data safely?

Challenges of complying with the Investigatory Powers Act

Despite opposition by civil liberties groups and technology companies, the UK government has passed the controversial Investigatory Powers Act, adding a host of security and contingency requirements that UK businesses need to consider

On 29 November 2016, the Investigatory Powers Act 2016 was given royal assent and enshrined in UK law. The act is designed to consolidate the various surveillance powers that were spread across different legislation and update them for the 21st century, while replacing the previous three surveillance commissioners with a single oversight body

Blackmail for a digital age ……

Ransomware is a particularly malicious form of malware that gains access to a user’s system and then proceeds to prevent them from accessing their own data. In some cases, the files on the system are encrypted so as to be irretrievable without the key and, in others, access is simply denied to the device’s owner. In both situations the hacker will demand a ransom is paid to un-encrypt the files or have access given back to the user. You could say it is traditional blackmail revolutionised for a digital age.

Ransomware is generally distributed via email, with the recipient inadvertently clicking on a malicious website link, or opening a harmful attachment.

The Danger Within……

While many security professionals and budgets are focused on threats from external actors, the insider threat looms large. According to Vormetric, 89% of organisations are at least somewhat vulnerable to insider attacks. It states that privileged users are considered to be the most dangerous, primarily owing to their access to systems and information considered to be particularly sensitive.

This is echoed by research from those Ponemon Institute, which found that almost half of respondents believe the insider threat to be growing.

The insider threat can come from those inside the organisation that have had their credentials compromised, or are negligent or malicious. Increasingly, external actors are looking to gain a foothold on the network through social engineering exploits, often stealing credentials of a victim within the target organisation.