If you are having trouble viewing this email, click here to view this online

 

VOLUME 61

   ISSUE 61

29 August  2016

Article of the Month Around the World

Keep Your Data Secure on the Cloud

Earlier days there was a time when, to use files (word processing files, spreadsheets, etc.) on different computers, you needed to save your files on a thumb drive or CD-ROM disk or whatever storage devices. The drive or disk then traveled around with you so that you could load your information onto other computers while holding your breath until the document or PowerPoint slide was actually retrieved! Not any longer. The safety, stability, and ease-of-use of cloud computing in education is resulting in widespread adoption in educational institutions of all sizes and types.

Are there really any true advantages in education for storing information off-site on a server that could be located anywhere? The answer is yes! A recent conversation about cloud computing with several colleagues in the education field, including teachers, revealed significant advantages:


• No more carrying around devices, such as thumb drives or CDs. You don’t need to worry about losing the device, breaking the CD, or not having your information load properly.


• Easy access! Lesson plans, labs, grades, notes, PowerPoint slides – just about anything digital that you use in teaching is easily uploaded and accessed anytime.


• Stability: cloud computing is now to the point of being a very stable technology that you can rely on.


• Security: Your data, content, information, images – anything you store in the cloud usually requires authentication (ID and password, for example) – so it is not easily accessible by anyone. In addition, should something happen to the technology at school, your content will still be available to you and your students if it is stored elsewhere.


• Shareability: Working on an instructional assignment with other teachers? You can share some or all of your files that you have stored in the cloud. No more obtaining an extra thumb drive or burning another CD or DVD. You just need to send a link to the file(s) destination.


• Tractability: Make changes to a lesson and want to change it back? No problem. Cloud computing will save multiple revisions and versions of a document so that you can chronologically trace back the evolution of an item.


We trust the cloud more and more. Now even our documents from the bank, ID scans and confidential business papers work find their new residence on the cloud.

 

But can you be sure your information is safe and secure out there?


Here are five data privacy protection tips to help you tackle the issue of cloud privacy:


1. Avoid storing sensitive information in the cloud.


Many recommendations across the 'Net sound like this: "Don't keep your information on the cloud." Fair enough, but it's the same as if you asked, "How not to get my house burned down?" and the answer would be, "Do not have a house." The logic is solid, but a better way to translate such advice is, "avoid storing sensitive information on the cloud." So if you have a choice you should opt for keeping your crucial information away from virtual world or use appropriate solutions.


2. Read the user agreement to find out how your cloud service storage works.


If you are not sure what cloud storage to choose or if you have any questions as for how that or another cloud service works you can read the user agreement of the service you are planning to sign up for. There is no doubt its hard and boring but you really need to face those text volumes. The document which traditionally suffers from insufficient attention may contain essential information you are looking for.


3. Be serious about passwords.


You must have heard this warning a hundred times already, but yet most people do not follow it. Did you know that 90 percent of all passwords can be cracked within seconds? Indeed, a great part of all the sad stories about someone's account getting broken is caused by an easy-to-create-and-remember password. Moreover, doubling your email password for other services you use (your Facebook account, your cloud storage account) is a real trap as all your login information and forgotten passwords always arrive to your email.


Here is an efficient method of creating a secure password:


1. Choose a random word (preferably a long one) -- for example, "communication."


2. Now let's say you are signing up for Gmail. What you should do is add a "Gmail" word to the word you have chosen. Thus your password for Gmail will be "communication Gmail." If you sign up for Skype, your password will be "communication Skype", for example.


Therefore, you need to remember only your "core" word and the structure of your password. To strengthen it even more you can add a certain number before the name of the service, for example your birth date. In that case your password will look like "communication12111975Skype", etc.
You can invent any other way of memorizing your passwords, the one that appeals to you. But the main point doesn't change - such a method is really simple and effective.

4. Encrypt.
Encryption is, so far, the best way you can protect your data. Generally encryption works as follows: You have a file you want to move to a cloud, you use certain software with which you create a password for that file, you move that password-protected file to the cloud and no one is ever able to see the content of the file not knowing the password.


The most easy and handy way is to zip files and encrypt them with a password. When creating the archive check the "Protect with a password" option, type in the password (keeping in mind the no. 3 rule) and only after that you can move it to the cloud. If you want to share it with someone just give the password to that person.


In case you have more time and energy or want to provide an even higher level of protection for your files you can use “TrueCrypt” encryption software. It's an open source encryption program with which you can create an encrypted file (the so called "virtual disk") and keep all of your private files protected with a password.


5. Use an encrypted cloud service.
There are some cloud services that provide local encryption and decryption of your files in addition to storage and backup. It means that the service takes care of both encrypting your files on your own computer and storing them safely on the cloud. Therefore, there is a bigger chance that this time no one including service providers or server administrators will have access to your files (the so called "zero-knowledge" privacy). Among such services are Spideroak and Wuala.


When choosing the best way of protecting your information keep in mind how valuable that information is to you and to what extent it is reasonable to protect it. Therefore, the first thing you should do is to define the level of privacy you need and thus a level of protection for it. If you do not actively use the Internet to work, even a two-step verification involving SMS with a code sent to your mobile phone may seem cumbersome, though most people who use email for sending business data appreciate this option.


Not everyone is ready to pay for data to be stored, but if you use cloud storage for keeping corporate data, you'll find paying for safe and secure data storage reasonable. So try to strike that delicate balance between the required level of protection and the time/effort/money spent on it.

 

Ishadi Gulawita


Ishadi is an undergraduate of Uva Wellassa University of Sri Lanka, currently following Bachelor of Industrial Information Technology and currently working as Intern - Information Security Engineer at Sri Lanka CERT|CC
 

 

 

 

 

 

 

 

 

 

References

1 Statistics on the Internet growth in Sri Lanka
http://www.trc.gov.lk/images/pdf/
statis_sep_2012.doc
2.The Dragon Research Group (DRG)
http://www.dragonresearchgroup.org/
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
https://www.jpcert.or.jp/english/tsubame/
4.Shadowserver Foundation
http://www.shadowserver.org/wiki/
5. Team Cymru
http://www.team-cymru.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
  
  Car hacking: Defcon style
  
   "....This year at Defcon, the car hacking village is bigger than ever, with more cars, car hacking adapters and giant snarls of tiny exposed wires tied to demo stations with car parts screwed to plywood stands than ever before. It’s car hacking 101 here, and class is in full force....."
 

As emoji grow more popular, the “language” also risks fragmentation

  

"...Emoji have become important. They’ve permeated our conversations and our messaging apps and our popular culture to a degree that no one could have anticipated just a few years ago, and when your phone or computer gets an update, new emoji are often featured prominently in the release notes or even announced in their own press releases...."

  Lack of security talent is a threat to corporate safety
   

'...In March-April 2016, a survey about attitudes and experiences with cybersecurity was conducted of more than 4,000 company representatives in different industries and of various sizes. The findings show a general shortage in full-time security staff and expert talent availability which calls for the need for more specialists in the field....'

Now's the time to perform a personal Android security audit

   
  

'....Most of the monthly missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. In fact, if you look closely, you'll start to notice that most such stories come from studies commissioned by companies that -- gasp! -- make their money selling malware protection programs for Android phones. (Pure coincidence, right?)...'

COMMERCE'S CYBER HIT LIST: THIRD-PARTY APPS, PHISHING

  

'....As it implements the Cybersecurity National Action Plan, the Commerce Department is focused on a cooperative approach across its components.

Speaking during a Wednesday webcast event hosted by Government Executive, Chief Information Security Officer Rod Turk said Commerce wants to ensure, "since we do have a very federated nature ... we are working closely in those areas where we can collaborate....'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in July  2016
     
  
  Hacked
  Fake
  Other
   
  Statistics - Sri Lanka CERT|CC

How well does social engineering work? One test returned 150%

'"...White hat hackers see companies at their worst. It is, after all, their job to expose weaknesses. Network World Editor in Chief John Dix recently chatted with penetration testing expert Josh Berry, Senior Technology Manager at Accudata Systems, an IT consulting and integration firm based in Houston, to learn more about the attack techniques he encounters and what he advises clients do to fight back.....'

FBI WANTS CYBER ANALYTICS SYSTEMS THAT KEEP HUMANS IN CONTROL

'...Five years ago, FBI's technical analysts might examine 500 gigabytes of data for a specific incident. Today, it's in the range of 1 to 2 terabytes, on average, according to agent Gabe Maxwell, part of the bureau's Cyber Division.....'

Eight LinkedIn alternatives for IT professionals

"...Professional networks are designed to provide an outlet for business professionals to establish and maintain relationships, share resources and even find their next job.

Some sites are aimed at small to medium sized businesses while others opt for larger enterprise clients. Either way, there's likely to be one for you......"
Microsoft to end decades-old pick-a-patch practice in Windows 7

'...Microsoft yesterday announced that beginning in October it will offer only cumulative security updates for Windows 7 and 8.1, ending the decades-old practice of letting customers choose which patches they apply.

"Historically, we have released individual patches ... which allowed you to be selective with the updates you deployed," wrote Nathan Mercer, a senior product marketing manager, in a post to a company blog. "[But] this resulted in fragmentation where different PCs could have a different set of updates installed leading to multiple potential problems."...."
 
Notice Board
  Training and Awareness Programmes - August  2016
  
DateEventVenue
6th August-12th August Computer Laboratory ,ICT Branch, Ministry of Education e-Library Workshop
  7th August-11th August Computer Laboratory ,ICT Branch, Ministry of Education  Training programme for (G.C.E) A/L syllabus  
  9th August-15th August Ruwanpura NCOE  Content Development Programme  
  12th to 13th August Computer Laboratory , ICT Branch, Ministry of Education  Software Development Programme  
  18th, 24th, 25th Computer Laboratory , ICT Branch, Ministry of Education Training on A/L Module  

Brought to you by: