The Limited Times

Now you can see non-English news...

Did you enter personal details on Facebook? The company you work for is in danger - Walla! TECH

2020-09-14T21:53:01.558Z


In the cyber world there is a trend where identities are becoming the new perimeter wall of organizations. So how have our personal details on social media become a threat to the organization we work for?


  • TECH

  • Cyber

Did you enter personal details on Facebook?

The company you work for is in danger

In the cyber world there is a trend where identities are becoming the new perimeter wall of organizations.

So how have our personal details on social media become a threat to the organization we work for?

Tags

  • Data Security

Lavie Lazarovich

Tuesday, 15 September 2020, 00:33

  • Share on Facebook

  • Share on WhatsApp

  • Share on general

  • Share on general

  • Share on Twitter

  • Share on Email

0 comments

  • Segway G30 Max scooter

  • The Constitution Committee discusses the outline of the traffic light, Mayor Elad: No ...

  • Entering the classroom and creating a load: a gathering of parents in the first grade ...

  • Viral video of a zoom call

  • Gamzo: Imposition of the curfew - a difficult decision, apologize to the residents ...

  • USA: Apple, Google, Amazon and Facebook were questioned in Congress about ...

  • animal crossing

  • Artist Zeev Engelmeier (Shoshka) arrested during a demonstration ...

  • Wedding attendees at first glance 2020

  • lg wing

  • Trump in an attack on military commanders: pushing for wars to ...

The security breach discovered in the Tiktok app (Photo and editing: Check Point)

We all leave personal information and identification information on social networks.

This is not only a phone and email, but also the list of friends on Facebook, recent locations where he is, etc.

Most of us are well aware that this digital identity is dangerous because the individuals could be stolen as part of a cyber attack.

But so far, we have only put our personal information at risk.



In the age of remote work and remote identity verification at the entrance to the corporate network, it turns out that the organization we work for, and the information stored in its computer network, is also at risk through the personal identity of each of us, the employees.

This is because personal identity itself becomes the new parameter (peripheral protection) of organizations.

(Promoted Content)

The leading chefs in Israel will teach you to cook - at home

In collaboration with Foody

To the full article

So far we have only risked our security.

Now the whole company is exposed

When the boundaries between work and home are broken, personal identity is the protective wall

Since the outbreak of the corona plague, more and more workers have started working remotely, from home rather than from the office.

In order to enable continuous work and business continuity, organizations were forced to open the network out, access settings and all assets and resources in the enterprise computing network.

Thus suddenly it is no longer so clear what is “inside” and what is “outside” the network.



This process of moving to remote work comes against the background of a digital transformation of recent years, in which access to applications and organizational information is also possible outside the organization.

This includes even developers who develop remotely and need access to code and salespeople who need access to customer management when they are not in the office, finance managers, and more and more.

This means that access to this sensitive data now depends mainly on the identity and identification process of the person accessing the data.

When the traditional firewall is less relevant, which will stop an attacker from accessing the system - it is mainly the ability to identify who is requesting access. That is, identity is currently the key to accessing and accessing information, even when it is particularly sensitive information.

What are the new authentication methods for remote workers?

There are usually three methods for identity verification: the first is the use of a username and password, the second method is based on biometric identification - fingerprint, face recognition, voice recognition and the like.

And the third method is identification using the device itself, for example by receiving a temporary mobile code.

There is also the possibility of combining the different methods of identification by two-step identification, i.e. identification using two different methods.

Supposedly sent an email - and the damage was huge.

Twitter CEO Jack Dorsey (Photo: Gettyimages)

How does our personal information also become a way of authentication at the entrance to the corporate network?

As mentioned, once identity has become the organizational line of defense, our personal information is the focus.

Using this information, attackers can impersonate and act on their behalf.

Phone number, email, my friends list on Facebook, recent locations, etc., all of this information can be used by the attacker to use the SPEAR PHISHING method - targeted attack via email for example on specific users to get information about the organization.



For example, if the CEO's email address is valid, he can send an email to the HR manager and request the organization's employee list. The email, ostensibly on the CEO's name, with a simple change of the email header, and generate impersonation Perfect.

This method, Sapir Phishing, was used as an attack tool in recent attacks on Twitter and YouTube, in which the use of the identity of one of the employees was exposed, then also exposed the organization.

Thus, our personal information is suddenly much more sensitive because it is also used as an attack tool against the organization.

When not physically working in the office, emails and WhatsApp messages become the main contact.

How to deal with the new situation?

  • Jealously guard our personal information and do not allow easy access to our emails and mobile.

    Exposing these elements may allow attackers to target us.

    For example, if the bank sends the user a temporary code by SMS, and an attacker knows what his phone number and social security number are, he can receive this code using the SIM jacking technique, in which the attacker asks the cellular company to transfer the phone to another SIM. And thus becomes the owner of the number and can get one-time passwords.

  • Be very careful with who you communicate with and who you trust.

    When it comes to receiving messages and emails from unfamiliar sources asking for things - the employees of the organization should keep their eyes open and not trust anything.

    If we have already received an email and it has links - it should be seen that the email does make sense, that there is no slight change in the spelling of the address that could lead to an innocent-looking page but intended to launch an attack or attract the victim to reveal passwords.

  • On the organizational side, the adoption of a "zero-trust" approach - an advanced approach to protecting the assets of organizational information.

    This means that the organization and all the communication with it are constantly being tested and challenged, not trusting anyone with their eyes closed.

    Even after the identification process is complete, the organization's systems must ensure that the use and connection to the system is indeed legitimate.

Tips: Do's and don'ts

  • Do not disclose your corporate email and phone number - Do not use them for out-of-work services.

    It is recommended to use private email or temporary email.

  • When it comes to message links, whether mobile or email, be very careful before clicking and make sure the domain appears in the condemnation link.

  • Do not recycle passwords between all services, to avoid an attack called credentials stuffing - where the attacker takes passwords from one place and tries to use them at the entrance to the corporate systems or other systems.

  • As a password, it is recommended to use several "password phrases" (a password that consists of a line in a song or proverb) instead of one complicated password that will be used in several applications.

Lavie Lazarovich is the head of the research team at CyberArk

  • Share on Facebook

  • Share on WhatsApp

  • Share on general

  • Share on general

  • Share on Twitter

  • Share on Email

0 comments

Source: walla

All tech articles on 2020-09-14

You may like

Trends 24h

Tech/Game 2024-03-27T18:05:36.686Z

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.