Computer News & Safety – Harry Waldron Rotating Header Image

February 11th, 2016:

Microsoft Security Updates – FEBRUARY 2016

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release:

http://technet.microsoft.com/en-us/security/bulletin/ms16-feb

https://isc.sans.edu/forums/diary/Microsoft+February+2016+Patch+Tuesday/20711/

http://blog.talosintel.com/2016/02/ms-tuesday.html

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.

Corporate Security – 2016 Employee work and home use safeguards

As BYOD devices and home access to corporate systems are popular options in corporate IT, home and work security can sometimes blend together.  Thus it is important to have strong security controls and employ best practices universally. Some of the key exposures are enumerated in the excellent slideshow by eWeek below:

http://www.eweek.com/security/slideshows/10-things-employees-can-do-to-improve-it-security-in-2016.html

In 2015, the borders between personal and professional use of apps and devices became less defined than ever. People constantly use whatever device they have at the time to do either personal or business tasks—that’s the real world. In 2016, the line between how employees use data in and outside of work will continue to blur and will drive important trends that IT needs to consider when building a security strategy.

The company’s 2015 Online Identity Study revealed that most employees today are not connecting the dots between the security best practices they are taught and their behavior at work and home. While employees say online security is a priority, they struggle to consistently follow best practices and be accountable for their actions, the study revealed. The study results showed that in the event of a data breach, most employees say the blame falls on IT and not on their own risky behavior. Here’s a look at key trends that the study suggests will shape the coming year.

1. Employees Are Non-biased on Device Use — Increasingly, the lines between work and personal devices are blurring. Sixty percent of employees do work activities from a personal device, and 55 percent do personal activities on work devices.

2. They Rely on IT — While employees admit to less-than-stellar password-related behavior, enterprise IT teams keep them on track.

3. They’re Confident in IT — As software, device and technology use transforms due to rapid innovation in the space, IT must be able to keep employees educated about how to keep their identities secure.

4. They’re Confident in Their Own Security Chops — Enterprises’ education efforts around security best practices are paying off: 79 percent of employees say they understand which online activities expose their personal or corporate information.

5. They Value Security — Employee intentions are well intact: 58 percent of respondents believe protecting work-related information is very important, even more so than their personal emails and home addresses.

6. They Share Passwords — More than three-quarters of employees believe it’s risky to share passwords, but 37 percent are still likely to do so. In fact, 54 percent admit to sharing log-in credentials with family so they can access each other’s computers, smartphones and tablets. Employees today use work and personal devices interchangeably; it’s prudent for IT to assume their corporate network may extend farther than expected.

7. They Reuse Passwords— If your account has been breached and your log-in credentials are in the hands of malicious hackers, it’s wise to assume those hackers will test those credentials (email, username, password) every day for the next 10 years. It’s easy to see why password reuse is risky.

8. They Take More Care of Work Credentials — When asked about work and personal credentials, employees admitted to being more careful when it comes to their work log-in credentials.

9. Their Passwords Have a Price Tag — While 74 percent of employees wouldn’t give up their work email credentials for anything, one in 10 would trade them for a paid mortgage or rent for one year. Further, 14 percent would give up their work email log-in credentials to pay off student loans.

10. They Resist Accountability — Fifty-nine percent of employees believe IT is accountable in the event of a corporate data breach. C-level executives are the next to be held accountable at 17 percent, and only 11 percent believe they, as individuals, would be held accountable in the event of a breach.