8 Must-have Features of a Secure Browser (2)

Illustration: Empty Canvas - 8 Must-have Features of a Secure Browser (2)SECURITY

Regular browsers, such as the one that came with your PC or mobile device, are leaking data on the internet like a sieve. The inherent vulnerabilities of the local browser model allow criminal hackers to infiltrate computers and steal or manipulate data.

Firewalls or antivirus software provide little or no protection against modern attackers and their tools. Browser add-ons, plugins and extensions promising “extra” security and privacy cannot be trusted. Their makers were even caught selling out private user data.

Because the “traditional” browser architecture is inherently unsafe and promoting data leakage,  a new generation of secure browsers has been developed for security-conscious companies and consumers.

Not all supposedly “secure” browsers are equal, and some are not secure at all. How can you tell the difference?

In this second part of “8 Must-Have Features of a Secure Browser” (read Part 1 here), we examine another four features and capabilities your browser must have to deserve the label “secure” for business or

Book Review: What They Really Do With Your Medical Data

Thumbnail: Book Review: What They Really Do With Your Medical Data - Illustration for Authentic8 blog review of Our Bodies, Our Data by Adam TannerSECURITY, IDENTITY, NEWS

Happy Data Privacy Day.  A new book provides an in-depth look at the commercial trade in patient medical data.  Sensitive data, a vibrant market, and not much cause for celebration.

*

A while ago, I wrote about the wave of data breaches at healthcare organizations and medical identity theft that is impacting millions and what we can do to protect ourselves better.

One of the readers of that post was acclaimed journalist Adam Tanner, who has reported on data collection and consumer privacy since 2012.

Adam and I have had an ongoing discussion on data privacy and security matters since we met a few years ago.  He was covering the issue for Forbes, and I had a chance to brief him on our secure browser solution.

A few weeks ago, he kindly directed my attention to an unknown - to me, at least - aspect of our personal medical records. I thought our medical data was sacrosanct.  Protected by regulatory

Ransomware: Majority of U.S. Businesses Unprepared for Attacks

Thumbnail: Ransomware: Majority of U.S. Companies Unprepared for Ransomware Attack - Illustration for Authentic8 blog postSECURITY

A new survey shows that 66 percent of IT professionals identify ransomware as a serious threat. Yet only 13 percent say their company is prepared to handle it.

The research was conducted by The Ponemon Institute on behalf of Carbonite, a provider of cloud backup and restore solutions. Its findings are published in a report titled The Rise of Ransomware [PDF].

Surveyed were those responsible for containing ransomware infections within their organizations. Respondents included IT professionals and IT managers, who primarily report to the Chief Information Officer (CIO).

The report indicates that traditional methods like AV software have failed to stop the ransomware scourge. Most respondents indicated that they don’t consider current technologies sufficient to prevent ransomware infections, leading almost half of the surveyed companies (48 percent) to pay the ransom.

Traditional tools fail to stop ransomware

Ransomware is mainly spread through web-borne attacks. When users access the web through a regular browser, infected websites can drop and activate malicious

2016 Revisited: Data Breach Trends and Numbers

Thumbnail: IT Security Sinkhole - Illustration for Authentic8 blog postSECURITY

What were the biggest data breaches in 2016? How did federal agencies’ cybersecurity hold up last year, compared to 2015, with its disastrous OPM hack? Did ransomware live up to, or even beat, the dire predictions? Which industries got hacked most, and why?

We’ve pulled together summary posts and publications worth returning to, as a quick reference to consult when needed in the year ahead.

10 Biggest Security Stories of 2016

Data breaches, vulnerabilities, exploits and malware that made headlines in 2016.

Source: IT Security News

ABA Tech Report 2016: Security

What the American Bar Association’s 2016 Legal Technology Survey Report reveals about data security in the nation’s law firms, summarized by David G. Riess, attorney at Clark Hill PLC.

Source: ABA Tech Report

Verizon’s 2016 Data Breach Investigations Report

Details about 2,260 data breaches (in 2015). The report documented that in most attacks, stolen or guessed credentials of legitimate users were used to gain unauthorized

What is the Most Underestimated IT Security Threat, and Why?

What is the most underestimated IT security threat, and why? - InfoSec Luminary Lineup IllustrationSECURITY

One of the most chilling developments in IT security this past year were the cyber attacks reported on energy utilities and manufacturing plants, which exploited critical infrastructure vulnerabilities introduced by the convergence of IT and Operational Technology (OT). Yet they were barely noticed by the broader public, not nearly as much as Hillary Clinton pulling rank on her IT staff to use a private email server.

Time for a reality check? For our InfoSec Luminary Lineup blog discussion series, we asked cybersecurity leaders and experts: “What is the most underestimated IT security threat, and why?”

In their responses, they don’t dabble in technicalities of the vulnerability-de-jour variety. Instead, all of our contributors paint the bigger picture.

It isn’t pretty. The most underestimated IT security threat is… - “all of us,” as Frederick Scholl (Monarch Information Networks) writes. His fellow contributors seem to agree. It’s the “‘people aspect’ of cybersecurity,” Law & Forensic LLC’s Daniel Garrie points out,

Make Improving Data Breach Prevention Your New Year's Resolution

Illustration: 2017 - the Year We Make Cybersecurity a Habit? (Authentic8 blog post)SECURITY

As we reflect on the passing year, it’s clear that 2016 was a tipping point in terms of public awareness of data security issues. It was the year that John Q. Public suddenly became aware of encryption issues, with Apple’s battle with the FBI after the San Bernardino terrorist attack.

It was also the year people pondered how foreign governments could perhaps hack into our election system. The year also showed that the government’s biggest security breach — which resulted in the arrest of an NSA contractor — wasn’t necessarily malicious. It hammered home the idea that some data breaches occur simply because employees don’t take their responsibilities seriously enough.

Though there is an increasing awareness of what kinds of threats we are all vulnerable to, there’s a knowledge gap in how to keep yourself and your business secure — despite our best efforts towards cybersecurity education.

So as you imagine what improvements you can make to your

8 Must-have Features of a Secure Browser (1)

8 Must-have Features of a Secure BrowserSECURITY

Regular browsers have become the most common inroad for hackers to infiltrate your computer and steal or manipulate your data.

Traditional approaches of network or endpoint security, such as advanced firewalls or antivirus software, have not kept pace with the problem.

This is why a new generation of “secure” browsers has emerged. But not all supposedly “secure” browsers are equal, and some are not even secure.

What are the features and capabilities that make a browser secure and safe, for business or personal use?

1. Every new session should start from a clean image

Regular browsers fetch code from the web and execute it on the local computer. This web code serves many purposes - images and text, cookies and other trackers used to monitor your online activity, or active scripts that fetch and render page content from a variety of sources.

These elements are designed to stick around after you quit your web session. Image data is cached in your

Authentic8 adds support for Common Access Card to address growing federal demand

Authentic8 adds support for Common Access Card to address growing federal demand (news release)CORPORATE

Secure virtual browser now validates CAC certificates for access to secure web sites

MOUNTAIN VIEW, CA (Nov 17, 2016) - Authentic8, maker of Silo, the secure, virtual browser now supports certificates stored on government-issued Common Access Cards, or CACs. This comes in direct response to growing demand for this functionality from federal agencies.

With this release, Silo will be configured with Department of Defense's (DoD) public certificates. When a user attempts to access a secure site that requires CAC authentication, the cloud-based browser will query the chip on the CAC that stores user-specific digital certificates to validate the user. All communication between the virtual browser and the local device is conducted over Authentic8's proprietary, encrypted protocol.

CACs can also be used to gain access to computer terminals. Based on Silo's integration with the SAML authentication standard, the CAC authentication process can also be used to validate users before accessing their Silo profile.

As with other Silo capabilities, administrators can enable or

Not Trustworthy: How Local Browser Add-Ons Put Your Data at Risk

How Local Broser Add-ons Put Your Data at RiskSECURITY

If you’re looking for ways to protect yourself when accessing the web, plugins and add-ons for your local browser are not the way to go.

Many plugins will actually increase the risk of online attacks or privacy violations, as in the case of the popular browser add-on WoT, developed by WoT Services, which was marketed as a tool to safeguard user’s data based on website ratings. WoT stands for “Web of Trust.”  Nice marketing pitch.

Yet users who bought into it just learned that they got anything but, as Germany’s investigative TV magazine Panorama and the BBC reported last week. It turns out that the WoT makers sold attributable surfing histories, email addresses and phone numbers of WoT users to the company’s customers. This allowed third parties to assemble WoT user profiles with PII, sexual preferences, health status and other sensitive information.

A big surprise? Hardly for anyone who follows this blog. Regular browsers are inherently unsafe,

How Can Companies Balance IT Security and Personal Web Access at Work?

 InfoSec Luminary Lineup IllustrationSECURITY

Companies struggle to protect their IT infrastructure when employees access the web. Checking personal web mail or running online shopping errands from the office helps workers to maintain work/life balance, but it also puts the business at risk from web-borne threats.

Organizations scramble to put policies in place to protect themselves. But policies that are too restrictive can negatively impact productivity and workplace climate.

For our InfoSec Luminary Lineup blog discussion series, we asked: “How can companies balance IT security with users' need to access personal web resources at work?” In this post, cybersecurity startup leaders, experts and influencers share their thoughts, tips and insights on how companies can solve this dilemma.

The main takeaway: As information security industry insiders, we  use terms like “black hat” and “white hat” to describe hackers. But there’s no black-and-white when dealing with employees and how to protect them when they access the web.

Ill-conceived approaches lead to IT security managers and individual