Data Breaches Cost Serious Money

Posted by Tobias Eichenseer Tue, 13 May 2014 10:09:00 GMT

Data breaches are unfortunately becoming an inevitable part of life. In addition to the IT headaches, reputational risk and customer churn associated with a breach, the monetary costs are also a huge concern. 

A data breach typically leads to fraud, which in turn can result in monetary losses from the victim. Furthermore, the FTC can fine a business up to $3,500 per data breach violation and the state may fine the business around $1,100 per record stolen. This means that if 10,000 customer records are stolen from a business, it will cost the most than $11 million. 

Most organizations are willing to help compensate victims and help prevent further fraud with free credit monitoring. However, the obligation to compensate victims can severely dent a business’ budget and may result in closure. 

It’s devastating to be notified that your information has been exposed at the fault of a university, health center or business. What is even more alarming is that there is not much you can do to prevent it as it is up to the organization to protect their data. 

Have you had information stolen as a result of a breach? What were the costs to you or your business? What additional preventative measures should companies take to reduce the risk of breaches and the resulting cost? We are looking forward to your comments!

 

no comments |

Demand for Remote Access Solutions Is Still Gaining Momentum

Posted by Tobias Eichenseer Fri, 09 May 2014 10:36:00 GMT

At the end of last year, we conducted a survey of more than 200 CIOs and CTOs in the U.S. The survey quantified the trends and challenges IT decision makers experience when implementing remote access solutions and revealed that remote access solutions are still gaining momentum, despite the associated security risks. Below you will find a beautiful infographic that summarizes the main findings of our survey.

The complete statistics and results of the HOB survey are now also available as a free ebook. “The State of Remote Access Security in the U.S.,” and many other ebooks can be downloaded from the HOB website.

no comments |

Yet another hacker tactic: Vishing

Posted by Tobias Eichenseer Tue, 06 May 2014 11:03:00 GMT

In a previous blog post, we covered popular and emerging black hat hacker tactics. However, a cybercrime intelligence firm, PhishLabs, has discovered a game changing black hacker tactic.

Cybercriminals have been stealing debit card information from customers of dozens of financial institutions in a phishing campaign that combines fraudulent text messages with VoIP calls.

Voice phishing, or vishing, was discovered by researchers from cybercrime intelligence firm PhishLabs while investigating a recent attack against customers of a midsize bank. Bank customers received text messages claiming their debit cards had been deactivated and instructing them to call a phone number. An Interactive Voice Response system set up at the provided phone number asked callers to input their debit card and PIN numbers in order to reactivate their cards.

PhishLabs believes that a group of Eastern European cybercriminals launched the campaign of attacks around October 2013.

PhishLabs’ blog post announcing the hacker tactic recommends for consumers, including:

  • Make sure a CVV1/CVC1 is encoded on cards and validated by payment processor
  • Always call your bank using a phone number that is directly printed on the back of your card

A bank account hack can be a serious headache as it poses a threat to your identity and credit. Stay aware of vishing and protect your sensitive data!

no comments |

The Heartbleed Bug - Part 3

Posted by Tobias Eichenseer Wed, 23 Apr 2014 14:13:00 GMT

While there has been much coverage online about the Heartbleed bug, it hasn’t been clear exactly which websites have been affected by the bug. Our friends at Mashable created a list of popular websites that may have been affected by the bug as well as feedback from representatives at those companies. See our abridged version of the list below.

Websites that highly suggest you change your password as soon as possible:

  • Facebook

  • Google

  • Gmail

  •  Yahoo

  • YouTube

  • DropBox

  • Wordpress

 Websites that don’t find it necessary to change your password:

  • LinkedIn

  • AOL

  • Hotmail

  • Amazon

  • eBay

  • Pandora

Many websites that suggest you change your password are unclear whether their site was affected or not, but still recommend that users create new and unique passwords. For example, a Facebook representative stated, "We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to .set up a unique password."Because the Heartbleed bug is still an unraveling mystery, we believe the mantra “better safe than sorry” properly applies here. We suggest changing your passwords for every site you have an account with.

We’ll continue to update our blog with any new information about the bug!

no comments |

HOB at @sLAN in Madrid!

Posted by Tobias Eichenseer Tue, 22 Apr 2014 09:37:00 GMT

After we have already been to trade shows in the USA, Germany and Australia during the past weeks, we are now going to present our connectivity solutions to the Spanish audience.

HOB will be an exhibitor at the @sLAN in Madrid, which will take place from April, 23 – 24, 2014.

In the fast-paced IT industry it is especially important to always be up to date. That’s why we at HOB try to be present at as many tradeshows as possible. Being on the @sLAN in Madrid allows us to inform ourselves about the newest trends and opinions of the international IT market, without having to rely on information from a third-party.

The Spanish IT congress will host numerous IT companies, which will be presenting their latest innovations and products. This year, HOB will also present itself to the Spanish market and try to convince the visitors of its superior remote access solutions. IT trends that will be the focus of this year’s tradeshow are Cloud Computing, IT Security, Mobility, Big Data and Virtualization.

The @sLAN will take place from April 23 until 24 at the exhibition area Ifema – Parque Ferial Juan Carlos I in Madrid. If you are planning to visit the trade show, you can find HOB at booth number 22. At our booth, we will be presenting exciting live demos of our software solutions and provide you with additional information. Also, we will be having great giveaways for you. A special highlight for HOB will be the presentation of International Account Manager José Antonio San Juan Sampron, who will be talking about “Going Mobile – New Trends in the Enterprise Mobility Market.” The presentation will be held April 23, at 10:20 am in Room N110 CANAL.

We are looking forward to welcoming you at our booth and hopefully having many interesting discussions with all of our visitors!

For all of you who can’t make it to Madrid to visit us personally: HOB provides several opportunities to stay up-to-date about the newest IT security trends. On our HOB Trendtalk Blog, as well as on Google+ and Facebook, you can find information on topics about Secure Remote Access, Mobile Working, Cloud Computing and IT Security. Videos about those topics can be watched on our YouTube channel. And for those who like it short and simple, follow us on Twitter.

no comments |

Experts Weigh In on the Heartbleed Bug

Posted by Tobias Eichenseer Tue, 15 Apr 2014 15:06:00 GMT

The Heartbleed Bug has affected websites, e-mails, and banking institutions utilizing open SSL/TLS encryption. As the story continues to unfold, IT security experts provide their thoughts on the one of the most significant internet security crises to date

·         "[This] underlines the vulnerability of the username and password system as a method of authentication. Username and password is old technology that is not up to the standard required to secure the deep information and private services that we as individuals store and access online today." -- Brian Spector, CEO, CertiVox

·         "Not all versions of OpenSSL are affected by the latest vulnerability. The 1.0.1 and 1.0.2-beta releases have the bug and a fix has already been implemented. This is one of the benefits of an open source software project. Changes are generally easier to detect and fixes tend to come quickly." -- Steve Pate, chief architect, HyTrust

·         "Although we are just finding out about this vulnerability now, it has existed for over two years. That means attackers may have already exploited the vulnerability during that time, stealing passwords, payment card information and other sensitive data without the end-user or business even realizing...” -- John Miller, security research manager, Trustwave

In our previous blog, we mentioned that experts recommend users change the passwords for all of their online accounts to protect themselves from the consequences of the Heartbleed bug. But before changing your passwords for specific websites, first check to determine if you should first check that those sites have adopted the Heartbleed fix. Users can easily check if a site is secure by going to this website.

Finally, we want to share a comic with you that explains how the Heartbleed Bug works. Moreover, if you want to learn more about the Heartbleed Bug, we can recommend this infographic.

Dear readers, in this blog article we heard some expert opinions. Now, we are interested in your personal opinion! What do you think about the Heartbleed Bug and how did it affect you?

 

no comments |

5 IT Security Trends from RSA 2014

Posted by Tobias Eichenseer Fri, 07 Mar 2014 12:39:00 GMT

As a gold sponsor of RSA 2014, the HOB team was fortunate to be at the epicenter of all things IT security. Not only were we able to showcase our own contributions to the industry, RSA was an opportunity for us to join the conversation of IT security experts discussing trends and debating the future of the industry. 

As part of our RSA recap, we’d like to share 5 trends we observed during the conference:

  • Although an atmosphere created by the exposure of NSA activity, and its subsequent fall-out, is to be expected at any IT security conference, this was especially true at RSA. Prior to the conference, Reuters reported that the RSA organizer was engaged by the NSA and was responsible for creating loopholes for the agency. As a result, several digital security experts declined to attend and speak at RSA. In opposition to this movement, Stephen Colbert, who gave the closing remarks, called Snowden, “practically a war criminal,” and encouraged the American people to take responsibility for their actions:

    "We all deserve credit for this new surveillance state that we live in," he said, "Because we the people voted for the Patriot Act. Democrats and Republicans alike. We voted for the people who voted for it, and then voted for the people who reauthorized it, then voted for the people who re-re-authorized it."

  • Corporate firewalls with authentication services from the past created the notion of corporate security as an island fortress. The more remote the island, the more secure the company. Today, the prevalence of BYOD has created several bridges to that island, and the workforce is eager to make use of these bridges. At RSA, we saw that IT admins are less inclined to manage multiple security vendors and systems.

  • Along this same thread, enforcing security policies in the cloud was also heavily discussed at RSA. Overall, companies were looking for a mix of private, hybrid and public cloud services, whereby some applications remain stored in corporate data centers and others housed in a public cloud.

  • The many security breaches that occurred in 2013 sparked the discussion about which team – admins or hackers – is winning the security match. The several billions being spent on IT security didn’t prevent severe attacks on Target, Neiman Marcus and Snapchat, to name a few, and thousands of people suffered as their personal data was exposed.

  • In order to combat malicious hackers, we saw a trend toward the application of big data to IT security. The use of massive amounts of data could enable the early detection and removal of security breaches.

Which IT security trends did you discover at RSA 2014? Let us know in the comments!

no comments |

5 Exciting Days in San Francisco - HOB at RSA 2014

Posted by Tobias Eichenseer Fri, 28 Feb 2014 15:05:00 GMT
The IT security flagship conference, RSA in San Francisco, is a yearly highlight for the HOB team. This year, HOB joined the ranks of HP, Juniper and Cisco as an official sponsor of RSA 2014! As an IT security firm, there is nowhere better to make meaningful connections, discuss industry trends, and enjoy some much-needed California weather. 
 
Not only were we excited to see what our American counterparts had been working on, we were thrilled to exhibit our latest innovations in secure remote access and announce our contributions to the IT security industry. As the HOB team met to coordinate our booth logistics, including exciting prizes and giveaways, we couldn’t have foreseen the degree of hustle and bustle that would ensue for the next three days. The Moscone Center was buzzing with excitement as IT industry members assembled for live demonstrations, industry forecasting discussions, and general merriment!
 
At booth #3231 in the North Hall, HOB was right in the thick of things, and we used our presence to help our patrons find the remote access solution that best suited their needs. Over the week, HOB booth representatives gave countless demos of the latest additions to the robust suite of HOB security solutions, as well as innovations to existing HOB products, such as HOBLink Mobile for Android.  Furthermore, we were thrilled to announce huge company strides made in the last year, such as the recent Common Criteria certification and receiving 5 Global Excellence awards! 
 
Along with HOB’s sponsorship and exhibitor presence, HOB’s Tech Evangelist, Aiden Gogarty presented, "Why SSL Is Better Than IPsec for Fully Transparent Mobile Network Access”. This speaking session gave HOB the opportunity to discuss the methods of network optimization whereby TCP and UDP can be sent over an SSL TCP tunnel or IPsec easily and quickly. This presentation was well received by RSA attendees and industry professionals.
 
Showcasing German engineering at RSA is always a great experience, and we already look forward to RSA 2015!
 
If you had the chance to visit the RSA conference or our booth, we would be happy to read about your thoughts and experiences in the comments.

no comments |

Don’t Dig Your Car Out of the Snow! Work from Home!

Posted by Stefanie Kober Thu, 09 Jan 2014 14:55:00 GMT

Large parts of the US are being paralyzed by this year’s first blizzard “Hercules” - Happy New Year! With temperatures far too cold to get out of your house and thousands of cars being buried beneath masses of snow, having to go to work can be terribly annoying. You might even end up digging out your car from the snow, only to realize that it was your neighbor’s. In order to prevent this from happening, you have three options:

1. Call in sick.

2. Take vacation and try to catch a plane to a warmer place. Maybe somewhere like Iceland or just any other place on earth.

3. Work from home, if you are lucky enough to work for a company that allows you to access your workplace from home.

 

Although options 1 and 2 seem tempting, this blog article wants to concentrate on option number three. Working from home offers a lot of benefits to employees. You can more flexibly arrange your work-life-balance, save on time commuting to and from work and avoid distractions at your workplace (also, you don’t have to deal with blizzards on your way to work). For companies, home offices help save energy costs, offer their employees more flexible working hours and can secure business continuity.

Home offices seem great, but we have bad news for you. According to a study from 2012, the chances that you are able to work from home are rather low . The study found that, even though more and more companies are claiming to offer possibilities to work from home, the proportion of employees that actually work from home remained essentially flat between the mid-90s and mid-2000s. The authors found that in 2004 only seventeen percent of the working population worked for an average of six hours a week from home. Another statistic reports that in 2011 forty-five percent of the US workforce held a job that was compatible with at least part-time telework .

The good news is that the technology to enable employees to work from home is already there and ready to be implemented. At HOB, we offer various software products that can help you set up home offices. With HOB RD VPN, for example, employees are able to connect from any computer with an internet connection to company servers or their desktop computer in the office. The access doesn’t require any admin rights or installation on the client side, which makes it perfectly easy for anyone to connect with their workplace. Thanks to Wake-on-LAN, you can remotely turn on and off your workplace computer and save energy. Remote connections over HOB RD VPN are SSL encrypted, so you don’t need to worry about security issues. Since HOB products are only software, they can be easily integrated into any existing IT infrastructure.

As one can see, there really is no point in trying to fight Hercules. Instead, companies and employees should start implementing and using remote access technology to enable home offices.

Finally, please let us know how you and your work life have been affected by Hercules and what experiences you made with home offices. We are looking forward to reading your comments!

 

Sources:

M. C. Noonan & J. L. Glass (2012): “The hard truth about telecommuting.” In Monthly Labor Review

K. Lister & T. Harnish (2011): “The State of Telework in the US.“ http://www.workshifting.com/downloads/downloads/Telework-Trends-US.pdf

no comments |

HOB RD VPN Again a Finalist at Golden Bridge Awards 2013

Posted by Sarah Becker Wed, 21 Aug 2013 11:54:00 GMT

Golden Bridge Award Finalist 2013

 

For three years in succession, HOB RD VPN has been a finalist at the Golden Bridge Awards. The top-class jury has nominated HOB RD VPN in five categories as a potential winner („Access - Innovations“, „Cloud Security - Innovations“, „Network Security Solution – Innovations“, Remote Access Solution – Innovations“ und „VPN/IPSec/SSL - Innovations“).

The final winners will be announced on September 30th, 2013 in San Francisco. Till then we keep our fingers crossed!

You can find further information about the Golden Bridge Awards here: http://www.goldenbridgeawards.com/world/

no comments |