Four Common Myths about VPNs

A Virtual Private Network (VPN) is a useful tool that encrypts data before it passes across the public Internet and then decrypts it when it reaches its destination. Rather like shutters on the windows of a house, it shields what goes on inside even though the outside can be seen by everyone in the street. The process, often referred to as tunneling, is particularly useful for businesses whose workers have to use the Internet in public places like coffee shops or airports. It is also helpful for those who want to keep confidential customer information or intellectual property safe from the prying eyes of hackers and spies. In 2017, the U.S. Trump administration overturned regulations preventing ISPs from making money from users’ browser data. At the same time in the UK, the Investigatory Powers Act served to increased government surveillance of Internet activity in response to a heightened threat of terrorism. Both led to a surge in interest in VPNs. A VPN is an established technology that has traditionally been seen as the province of technical specialists. Perhaps because of this, and in spite of VPN services becoming easier to deploy, a number of enduring myths persist.
Read more

GDPR: Who is responsible for what?

The EU General Data Protection Regulation (GDPR) and the Network Information Security (NIS) directive are already causing a flurry of activity among businesses. Who is ultimately responsible for cybersecurity seems to be attracting particularly intense discussion. According to a recent study by Palo Alto Networks, cybersecurity is usually the responsibility of CIOs in 50% of companies compared to 30% of CISOs. This is a surprising finding, especially considering that the role of Chief Information Security Officer implies this task. Whether this changes is probably more of a political rather than technical matter. At least around 30 percent of respondents believe that the CISO or CSO should be responsible for cybersecurity. The current situation points to long established and seldom adapted rituals in the distribution of responsibility within companies.
Read more

Regulation for IIoT is on its way – but is it enough?

Two of the biggest technology trends today - IoT (Internet of Things) and M2M (machine-to-machine) communications - are changing the business world beyond all recognition. Companies of all sizes, from major manufacturers to small-and medium-sized services companies from all sectors, now have a golden opportunity to derive new revenue streams from managing and servicing their customers’ equipment remotely. According to leading industry analysts, the IoT market already accounts for hundreds of billions of dollars in 2017 – a figure that is set to be in the trillions by 2021. But new research reveals IoT is also a major headache for enterprise everywhere because of limited information and inadequate security measures. Legislators in the U.S. and in Europe are working to bring in standards compelling designers to do more to make their devices secure. But the signs are that even then they may be limited in scope. The good news at least is that remote connections can be reliably secured so that M2M communications remains private and confidential using virtual private networks (VPNs).
Read more

How to Lose User Confidence and Jeopardize Security

Using up-to-date security software is pretty much at the top of recommended defense measures. Anti-virus and anti-phishing software filter out daily attacks from network communications. However, it is important that users can trust this software to intercept malicious software, harmful links, and other threats no matter who they come from. Threats may originate from criminals but also increasingly government organizations. Users also expect that data remains stored confidentially on their devices, especially considering that security software has the capability of viewing and intercepting data. Recently, the Russian antivirus company Kaspersky has made headlines for exactly this reason. US authorities claim that Kaspersky stole top-secret software from a government employee’s PC and delivered it to the Russian intelligence service. This included exploits for previously unknown vulnerabilities.
Read more

Smart buildings need cyber-resilience built-in

Internet of Things (IoT) and machine learning are coming together to bring about a sea change in how we use buildings, at home and at the office. Smart infrastructure makes domestic households more energy efficient and allows companies to optimize their real estate. Almost every large enterprise and government organization is currently working on smart infrastructure projects at some level. It’s no surprise that the market for smart buildings is expected to increase four-fold by 2021. The pursuit of greater efficiency and convenience, however, introduces new risks. Many IoT devices and management systems still run on legacy software and lack any kind of security standards. This makes them vulnerable to attacks by hackers. The answer is to build-in cyber-resilience from the beginning starting with securing all connection points using virtual private networks (VPNs).
Read more

Importance of a Secure Defense for the World Cup in Russia

Major sporting events are always popular with businesses. The 2018 World Cup tournament in Russia promises to be no exception. The corporate sponsorship opportunities on offer are an ideal way to entertain influential decision-makers of important customers and prospects. Set against this are recent reports of Russia’s tough new internet censorship laws - set to come into effect from November 1, 2017. The move is a security concern for Western company executives anxious that employees and VIPs visiting the event may be unable to prevent sensitive information being exposed to Russia’s extensive surveillance network. The good news is that the new regulation only blocks access to web services and online information that are outlawed already and does not extend to personal or legitimate business Virtual Private Network (VPN) use. With a corporate VPN and some simple guidelines it should be possible for visiting executives to conduct business over the Internet securely during World Cup 2018.
Read more

Authentication on PCs: Recommendations from Security Experts

Authentication is an important part of working on a computer, whether logging on, opening encrypted data or using web services like PayPal. Usernames and passwords still play an important role, even if many experts advise against using passwords as the only authentication method. Even approaches to passwords have changed over time. Until recently, experts recommended choosing complex passwords using special characters, numbers and uppercase and lowercase letters. However, many professionals now consider that complex passwords are inconvenient for users, especially if they must be changed frequently. Phrases such as a quote from a book or a sentence which is relevant to the log-in context are more meaningful for users. Such phases can easily reach more than 20 characters and are nevertheless much easier to remember than complex, eight-letter combinations of letters and numbers.
Read more

Encryption is Central to EU GDPR’s Demand for Privacy

Starting May 2018, any business offering goods and services to EU citizens will have to comply with new GDPR rules. These rules explicitly require companies to take all measures necessary to protect the integrity of consumer data that they process or store. A key principle of GDPR is “privacy by default” which requires the digital information in everything from emails and mobile apps to cloud storage systems and M2M communications to be kept private and secure at all times. Studies show that U.S. organizations are no less committed to compliance as those in the EU. One of the most powerful protection measures a company can take is to encrypt data at every stage – in use, in motion and in storage. A tried and tested way to transport sensitive personal data securely across public networks is via business-grade VPNs. VPNs provide an encrypted tunnel to communicate privately between email and mobile connections as well as internal databases and cloud storage facilities.
Read more

OVUM Report Highlights NCP’s Secure Remote Access Technology and Expansion into IoT and IIoT

We recently briefed Rik Turner, Principal Analyst of Infrastructure Solutions at OVUM Consulting, on our VPN client software (IPsec and SSL), VPN gateways, central management consoles and personal firewall product, Net Guard. Given our extensive experience in the manufacturing and process industries, we discussed the expansion of NCP technology into the Internet of Things and the Industrial Internet of Things.
Read more

Is an EU-wide IT security certification program on its way?

Measures for cybersecurity are to be regulated at the European level in the future, according to the mandate of the European Commission. IT products and services may pass through a voluntary certification scheme in future under the aegis of the European IT security agency ENISA. At the beginning of this year, ENISA applied to the European Commission to extend its remit, including introducing an EU-wide program for certifying the security of IT products. This ranges from simple certification for IoT devices to complex evaluations of high-security systems such as banking applications. The significant cost differences in national certification schemes was named as an important consideration for establishing a centralized certification program.
Read more
Page 1 of 212