You should have the best security technology you can possibly have, and your organization should have the most effective security policies it can create. But ultimately, the most powerful way to protect the organization is to create a culture of security. Whatever your place of business — whether it’s a large or small organization, healthcare provider, academic institution or government agency – creating a culture of cybersecurity from the break room to the boardroom is essential. Why is a culture of security so important? Think of the employees as the company’s first firewall. Staff stand between an organization’s information assets and the thieves who want to plunder them. Intrusions that are based entirely on technology are rare. Most intrusions result from fraud that takes advantage of employee carelessness, lack of judgment or even criminal intent.

Think of your company as a community. Most observers say there are three primary factors that help ensure law and order in a community.

1. Risk Perception

Members of the community can only act to prevent or report crime if they know what it looks like and have a certain level of fear about it. This is why the police departments in some communities work so hard to establish trust in their communities, and it’s the origin of the byword, “See something, say something.” In a company, you can take advantage of risk perception with user awareness training. Teach all employees what cybercrime looks like and how it is likely to affect them.

2. Social Norms and Conformity

Most human beings behave well because of social norms — informal understandings about the proper way to behave. Most of us go through our everyday lives with a sense of these informal understandings. Yes, the laws are there, but the opinions of our neighbors are keeping us in line. Just like every community, every organization has a culture that includes social norms, often ones we aren’t even aware of. Finding ways to incorporate security into those norms will go a long way toward protecting your organization’s assets. Here’s how you incorporate security into your organization’s social norms. First, make sure the leadership of the organization stresses the value of security and backs up these values by modeling appropriate behaviors. A CEO who talks about the importance of security and then writes his or her password on a sticky note on the computer monitor will harm more than help the culture of security.

Second, provide more advanced user training that teaches skills in addition to awareness. Give it a positive value. The Logical Operations CyberSAFE program, for example, culminates in certification so that those who successfully complete it have credentials providing tangible evidence of their value to the organization.

3. Routine Monitoring

Studies show that companies with skilled incident response teams suffer fewer catastrophic data breaches and lower average cost when data breaches do occur. This is because incident response teams reduce the “dwell time” of criminals that manage to invade your network. But incident response teams themselves also contribute to the culture of security, because their presence reminds employees of the importance of security.

My advice is that you designate, train and support an incident response team and promote their visibility within the organization. You may even want to consider ways to enhance the team’s prestige: stage a competition among candidates to join it, regularly report on it in the company newsletter and have its members visit and give presentations on security to other departments. Promoting the importance of the incident response team can contribute both to establishing social norms and conformity and the reassurance that contributes to a sense of stability that allows people get on with their work. The Logical Operations’ CyberSec First Responder program is an example of a way to train and certify an elite incident response team.

It’s not all about technology and law enforcement. You need to find as many ways as possible to support your employees’ adherence to security policies, exercise of good judgment and recognition of fraud. Risk perception, social norms and routine monitoring can only help.

Protect Your Assets

Once you have identified your “crown jewels” and critical assets, build your cyber protections around these first as you create a trajectory forward to protect your entire businesses. Ultimately, your goal is to build a culture of cyber security that includes employees knowing how to protect themselves and the business and understanding the cyber risks as your business grow or adds new technologies or functions.

Protections will include:

• implementing cyber protections on core assets
• implementing basic cyber hygiene practices across the business

Now that you know the assets of your organization, Step 2 is to implement protections. While the what you need to do will be based on your assets, protections may include:

• Locking down logins: Using stronger authentication to protect access to accounts and ensure only those with permission can access them. This can also include enforcing strong passwords.
• Backing up data: putting in place a system–either in the cloud or via separate hard drive storage–that make electronic copies of the key information on a regular basis.
• Maintaining security of devices over time: This includes knowing that software patches and updates are done in a timely fashion.
• Limiting access to the data or the system only to those who require it.

Train Employees

Creating a culture of cybersecurity is an important element building a cybersecure business. That culture is created by establishing the cybersecurity practices you expect your employees to follow and training and reinforcing that training so you have confidence the practices are being followed. Employees should know:

• Why cybersecurity is important to protecting your customers, their colleagues and the business
• The basic practices that will keep them and the business cybersecure (see basic hygiene below)
• How to handle and protect personal information of customers and colleagues
• How and when to report cyber incidents
• Any specific use polices that your business has including what websites they can visit, the use of personal devices in the workplace, special practices for mobile or work at home employees, etc..

Basic Cyber Hygiene

Having everyone in the business follow these tips will help you make significant strides in protecting your business:

• Keeping a clean machine: Your company should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network. If they have any responsibility for making sure the devices use have updated software train them to implement those updates as quickly as possible.
• Following good password practices: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”).
• Don’t reuse passwords: At a minimum, work and personal accounts should have separate passwords.
• Lock Down Logins: Whenever possible, implement stronger authentication sometimes referred to as multi-factor authentication of two-step verification.
• When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email.
• Use WiFi wisely: Accessing unsecured WiFi is very risky. If you have employees who need WiFi access out of the office, use a virtual private network (VPN) or a personal hotspot.
• Backing up their work: Whether you set your employees’ computers to back up automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.
• Staying watchful and speaking up: Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.
• Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.

So you've got your eyes on that shiny new Pixel 2, or maybe you’re getting ready to go (almost) all-screen with the iPhone X. Since you’ll be getting a new phone, you won’t need your old one anymore. Plus, you can sell it and make some extra cash to put towards your new one. Some companies, like Apple and Google will even let you trade in your old phone to get money towards their latest and greatest phones.

But before you get ahead of yourself, that phone’s full of top-secret messages and embarrassing selfies that you’d never want anyone to see. Good news, though! All that private info can be wiped away before you hand off your boring old phone to some stranger. Here's how to do it.

iPhones

For iPhone owners, you’ve got a few things you need to do to clear out all your junk. First, unpair your Apple Watch to avoid any struggles when your new iPhone gets plopped on your doorstep. Then, back up your phone so everything’s right where you left it.

Then it’s time to bulldoze all your data off that bad boy. You should sign out of iCloud, which is as simple as jumping into Settings, tapping your name up top, scrolling all the way down, and hitting Sign Out. After you type out your Apple ID and password, tap Turn Off and you’re all set. To clear up all your data, dive back into Settings, hit General, scroll down to Reset, and choose Erase All Content and Settings.

Oh, and one more thing: If you’re switching to an Android phone, save yourself a headache and turn off iMessage. That way, you won't miss any incoming messages on your new phone.

Android Phones

Things are a bit different on Android, but you can still back up all your data and get everything cleared off pretty easily. If you’re sticking with Android, sync all your apps to your account. You can do this by going to Users and Accounts under Settings, tapping Account Sync, and tapping Sync Now.

After that’s done, back everything up. Jump into Settings, select System, hit Backup, and turn on Back Up to Google Drive. This will make sure all your data is nice and snug, ready to be unpacked when your new phone makes its way to your hands.

Now that you’ve got your data on lock, it’s time to clear it all. For that, you just dive into Settings, tap that big ol’ System button, and choose Reset (your device may also say Backup and Reset, in which case, pick that). From there, select Factory Data Reset, then Reset phone. Since you’re getting rid of this phone, you’ll want to erase everything.

Got it? Good. You’re all set! But if you’re feeling a little nostalgic and aren’t ready to say goodbye to your old pocket companion, here are some neat things you can do with your old phone.

These days, our digital devices contain vast amounts of data, from family photos and music collections to financial/health records and personal contacts. While convenient, storing all this information on a computer or mobile phone comes with the risk of being lost. Data can be lost in several types of incidents, including computer malfunctions, theft, viruses, spyware, accidental deletion and natural disasters. So it makes sense to back up your files regularly.

A data backup is a simple, three-step process:

1. Make copies of your data
2. Select the hardware or method to store your data
3. Safely store the backup device that holds your copied files

Make Copies of Your Data

Many computers come with backup software installed, so check to see if you have backup software. Most backup software programs will allow you to make copies of every file and program on your computer, or just the files you’ve changed since your last backup

Here are links to backup utilities in popular operating systems:

Apple

• Back up your Mac
• Time Machine
• iCloud for Apple iOs devices (iPads, iPhones, iPod touch, etc.)

Windows

• Windows 10
• Windows Visa, 7 and older

Select Hardware for Data Storage

When you conduct a backup, the files will have to be stored on a physical device, such as a

CD, a DVD, a USB flash drive or an external hard drive, or on the web using cloud-based online storage.

• CDs, DVDs and flash drives: These are best for storing small quantities of photo, music and video files
• External hard drive: If your computer serves as the family photo album and music library, it’s best to get an external hard drive that plugs into your computer (preferably via a USB port). This way, you can assure more adequate storage space for all of your files. Copying information will also be faster with these devices.
• Online backup services: If you don’t want to hassle with new hardware, there are many online backup services available, usually for a monthly fee. Some security software includes this service with your subscription, so be sure to check that you don’t already have this service available. You simply back up your files to a secure server over the internet. These services have the added advantage of safely storing your files in a remote location and the files can be accessed anywhere you have a connection to the internet. This can be valuable for people who travel a lot and may need to recover files or live in areas prone to natural disasters that might require evacuation.

Safely Store the Backup Device

After setting up the software and copying your files on a regular basis, make sure you keep your backup device somewhere safe. Some ideas include a trusted neighbor’s house, your workplace and a safe and secure place at home that would likely survive a natural disaster. Keep your backup device close enough so that you can retrieve it easily when you do your regular backup.

Other software programs are available for purchase if your system does not have a backup program or if you’re seeking other features. Ideally, you should back up your files at least once a week.

With smartphones companies allowing people a convenience to perform multiple tasks and purchase transaction over their phone, also opens the door for hackers, intruders and other costly exploits that you might have not been known to.

And, especially when the news broke out by researchers that I have covered in the section below, found out easy ways to create fake fingerprints to fool a smartphone fingerprint reader.

On the flip side, a market research firm IHS claims approximately the number of fingerprint sensors embedded in smartphone devices is expected to grow from 316 million in 2014 to 1.6 billion in 2020.

Popular brands like Apple, Android, and Samsung are making it easy for people to perform crucial transactions- fingerprints authentication is no longer limited to unlocking phones. It can also be used to make mobile payments and even authenticate bigger settlements that include large bank transfers too.

So the question you need to ask yourself: is it really safe to use fingerprint scanner technology to unlock your phones, especially when you store your personal and sensitive data on it?

Fingerprint scanner technology being one of the most convenient ways to unlock phones, has been around since the year 2000 for login-authentications and identification to computer access.

Today, this biometric technology allows you to secure your smartphones access too!

If you are already using fingerprint recognition to get into your phone data, might not be secure as you may think.

The biometric sensors embedded in smartphones are generally small and therefore the resulting images are limited in size.

To compensate, such devices often acquire multiple partial impression of a single finger during enrolment to make sure at least one of stored templates matches successfully for authentication.

This was claimed by researchers from New York University and Michigan State University in anabstract that was carried out to explore the possibility of generating a “MasterPrint” that can match on or even more stored templates for a significant number of users.

Evolution of fingerprint recognition for smartphone users

Back in 2011, Motorola Atrix 4G users were the first among the other smartphone owners to adopt the fingerprint security function over their phones.

Later in 2013, Apple iPhone 5S offered its users with an ability to use their fingerprints for multiple phone security purposes. Immediately a month later, HTC launched the One Max with also included fingerprint recognition.

Following the above brands, Samsung released the Galaxy S5 which offered fingerprint sensors on the home button.

With the popularity of the biometric sensors among smartphone users- many cheaper brands offered the technology as of December 2015, including $100 UMi Fair.

Samsung later added this security authentication services for its mid-range A-series smartphones.

Two years after the launch of Apple iPhone 5S, the brand introduced an even faster Touch ID fingerprint sensor with iPhone 6s.

Later in 2016, OPPO Electronics claimed to introduce to the fastest fingerprint recognition to unlock the F1s model in 0.22 seconds.

Kinds of fingerprint patterns to understand one of yours

Fingerprint has three ridges that are known as:

– Arch: similar to its name, the ridges of this pattern enter from the side of the finger, a rise in the center forming an arc, and exit from the other side of the finger.

– Loop: the ridges of this pattern enter from one side of the finger, create a curve, and then exit on the same side.

– Whorl: the ridges of this pattern from circularly around a central point of the finger.

Scientist claim there is an increasing number of chances that family members share the same general fingerprint, however, as per Apple’s Touch ID security site– every fingerprint will have a unique template, therefore, it’s rare that for a small section of two separate fingerprints are alike to match.

The probability of this happenings is 1 in 50,000 with a single enrolled finger. With five unsuccessful fingerprint match attempts a password will be asked, and the possibility of guessing the 4-digit pin code is 1 in 10,000.

For Google’s latest Android compatibility, the fingerprint sensor must have a false acceptance rate not higher than 0.002%.

The usage of fingerprints via smartphones

For those who typically use the fingerprint scanner to unlock their phones, it is being configured for other functions like:

Managing app access

This means you can hide certain apps with fingerprint authentication to secure your Whatsapp messages, personal images, email, calendar and more.

Faster Google Play purchases

This means you can ease and secure your paid app-purchase transactions over Google Play Store.

From the settings tab, select for “fingerprint authentication” to avoid the password prompt for confirming your favorite app purchases.

Samsung pay

This is a mobile payment system that allows payment authentication via fingerprint on Samsung Galaxy smartphones.

Camera clicks

This offers an ability to simply tap on the fingerprint sensor, instead of tapping on the screen for clicking images from your phone.

Fingerprint spoof attack examples

Spoofs are being produced over time by experts that showcase how fingerprint authentication is being attacked with the use of ink and paper.

https://www.youtube.com/watch?v=fZJI_BrMZXU

This video shows presented by Kai Cao and Anil Jain showcases the hacking of fingerprint authentication on mobile phones using self-created printed fingerprints.

https://www.youtube.com/watch?v=h1n_tS9zxMc

This video highlights how other flaws in iPhone 5S are exposed that – when combined with Touch ID’s vulnerability to fingerprint spoofing- allow access to the phone.

https://www.youtube.com/watch?v=sfhLZZWBn5Q

This video demonstrates the flaws of fingerprint authentication in the Samsung Galaxy S5 that exposes the user’s device, data, and even payment transactions.

Should you really be worried?

There are many hurdles for the attacker to access your fingerprint authentication- they’ll have to create multiple templates of “Master Prints” to match and mimic a real human finger.

Considering the security measures to eliminate the risk of fingerprint authentication exploitation – iPhone 6S incorporates a second-generation Touch ID sensor that is up to twice as fast as the first- generation sensor found in iPhone 5S, e and SE phones.

The iPhone 5s has also moved slightly beyond the capabilities of earlier touch sensors: It provides a higher resolution image and – as far as initial experiments can tell – this makes it difficult for the fingerprint authentication attack.

Fingerprint authentication sensor can surely eliminate the risk of forgetting complex passwords or passcodes to enter your mobile phone, as it is something to do with a human body which cannot be lost.

However, at the same time, you should enable all security measures available to keep your data and personal information away from hackers.

Additionally, you can always switch over to other authentication mobile solutions that include:

PIN code/Passcode

Mostly available for every smartphone- users can set a 4- digit passcode to unlock their phones.

This can be the most secure biometric method, because even if your phone gets lost and unable to crack your code- your data is safe and cannot be manipulated.

Downside: There may chances when you forget the PIN code and on performing several attempts your phone will get locked which will require a factory-reset. However, if you choose a reset option, you probably give up your data stored on your device.

Pattern lock

This can eliminate the need of having to remember difficult codes or alphanumeric passwords- as you create your own pattern through a grid of nine dots. And, the best part is you can create new patterns with time to ensure security.

Downside: There may be chances when you forget the pattern and your phone will ask you for a hard reset. In this case, your existing data will not be recovered.

IRIS

Offered by most of the popular mobile companies, IRIS Scanner is one of the trending and secure biometric method for unlocking phones.

Downside: The only hassle is to ensure proper light on your eyes, especially in direct sunlight. The most recommended way is to hold your phone close to your eyes.

Face lock

Available with a number of Apple and Android smartphones, Face unlock is an interesting biometric method alternative to leaving your phone in Swipe to unlock mode.

Downside: There may angles and distance that are calculated while performing a face recognition and can be slow. Also, the amount of light will determine the chances of your phone being unlocked.

Fingerprint Biometric method is rapidly being introduced by popular smartphone brands. Whether in this generation or an upcoming one, whether it’s Apple, Samsung, HTC or even Motorola- someone will surely figure out on how to implement fingerprint authentication without being hacked.

Will Fingerprint biometric method be a good way to secure a phone? Sure, it will when mobile brands merely stops attacker/hackers to get into your data simply by building physical phones with extra security measures.

Wrapping up

I myself use a fingerprint pattern to unlock my Samsung Galaxy J7 Prime- however never encountered an attack. Maybe, because I’m not a recognized firm, educational organization or even government entity that deal with important data and files via smartphones.

Either way, the safety of your phone authentication will depend on the makers to boost device security!

Source: Anil Parmar