cybersecurity Archives - PeepTek Solutions

By:LaDonna Kearney
October 5, 2023
0

Why You Need to Know What a dApp Is https://peeptek.com/wp-content/uploads/2023/10/dapps-scaling-platorms-1024x709.jpg 1024 709 LaDonna Kearney LaDonna Kearney https://secure.gravatar.com/avatar/b86a8627f071e21f4383e1f98943b62e?s=96&d=mm&r=g October 5, 2023 October 5, 2023

Why You Need to Know What a dApp Is

Most apps today run on centralized networks. While centralization is efficient, it generates huge amounts of user data for unwanted exposure to hacking, clickbait and third parties profiting from stealing your data. DApps are stored across many distributed computers or nodes that make up a blockchain network.

Data security issues have generated interest in peer-to-peer solutions, which eliminate intermediaries and prevent data collection by blocking ads and trackers, letting you control your data and how it’s used. DApps can help businesses reduce the barriers preventing customers from accessing services, affording a competitive advantage.

Without a central authority, blockchains use consensus mechanisms to ensure the validity of transactions. The entire network is responsible for verification. There’s no single point of failure, making dApps reliable — blockchain networks span multiple nodes — each would have to fail simultaneously to produce an outage. And dApps are accessible through conventional web browsers.

Many institutions are attempting to improve the efficiency of financial markets by moving to blockchain solutions to develop a more democratized financial paradigm as an alternative to traditional financial services: parallel services without the need for centralized custody or fees from intermediaries. Insurance companies can promote easier settlements and faster payouts. There’s potential to unlock efficiencies in asset trading and settlement, investing, lending and borrowing, as well as real estate — and even health care.

But it’s true, too, that presently dApps need regulatory clarity to be fully effective for real-world payments. Custody activities, asset and derivatives trading, and automatic contract settlements need to be more clearly defined with greater transparency required across the board.

What are the positives of dApps?

They operate using computing power from different computers, not a central server. DApps don’t require personal information from users to grant access.
- The anonymous nature of dApps makes them guarantee data privacy and increase consumer trust. For example, while cloud storage has improved information storage for business, the trade-off is lower data safety.
- Malicious individuals can target data silos and take over company databases.
- Blockchain-powered apps ditch this arrangement, relying on distributed computing systems. Accessing stored files would require hacking the entire network, which is difficult if not impossible. The data stored can only be decrypted by those with access to the cryptographic keys.
They improve customer privacy, better data safety, reduced downtime — there’s no single point of failure, preventing service interruptions and reducing application downtime.

Know the full story

Instead of using a username and password, you access decentralized applications with a private and public key, which can be awkward. Other possible drawbacks:

It’s not easy to modify the source code after deploying it — it’s difficult to launch a dApp and add new features to encourage scalability and maintenance. Developers can’t fix bugs and improve the system unless each peer on the network updates its node software.
There are major risks that need to be mitigated before decentralized finance can substantially displace traditional finance. There’s potential for growth, but a whole host of risks remain. Financial institutions and central banks are exploring how to combine the innovative aspects of decentralized finance with appropriate safeguards.

Basic governance requirements — especially in risk management — need to be mandated. Crypto asset investors and other stakeholders have seen risks from weak regulation and governance. It seems apt to compare dApps to the early days of the internet. DApps may seem mainly unproven, and skepticism is high, but there’s the promise of useful innovations.

Networks will have to gain scale and there needs to be interoperability across networks. DApps are open source, meaning that anyone can examine the inner works to ensure there are no hidden dangers; if the dApp isn’t up to par, the community can duplicate and launch an alternative version, giving developers a solid incentive to play fair, which isn’t often the case with standard apps.

This is just an introduction to a complex and rapidly growing field. To see whether dApps are right for you, work with IT and financial professionals.

By:LaDonna Kearney
May 31, 2023
0

Cybersecurity Training for Your Remote Employees https://peeptek.com/wp-content/uploads/2023/05/Untitled-design-84.png 940 788 LaDonna Kearney LaDonna Kearney https://secure.gravatar.com/avatar/b86a8627f071e21f4383e1f98943b62e?s=96&d=mm&r=g May 31, 2023 May 31, 2023

Cybersecurity Training for Your Remote Employees

Having Remote Workers Brings on New Challenges with Cybersecurity. Know the Risks and Offer Cybersecurity Training.

According to a Digital Defense Report published by Microsoft in 2021, the private industry’s support of remote work, in addition to factors introduced by the COVID-19 pandemic, has made remote workers a lot more susceptible to the actions of cybercriminals. Per the 2021 Microsoft report, “While most industries made the shift to remote work due to the pandemic, it created new attack surfaces for cybercriminals to take advantage of, such as home devices being used for business purposes.”

As you can infer, for companies that employ remote workers, it is important to implement training measures that teach them all about various cybersecurity dangers. But what should the training process look like?

Let’s explore some areas of consideration for your training process. These suggestions have been put forth by SANS Security Awareness in its Security Awareness Deployment Guide that covers how to securely work from home. The SANS guide outlines the core cybersecurity risks that remote employees are most likely to face as they work from the comfort of their homes.

Risk No. 1: Social engineering attacks

Social engineering attacks are one of the most dangerous and frequent risks that remote workers face while on the job from home. In essence, social engineering risks refer to situations where remote workers face psychological attacks. In these instances, the social engineering perpetrator tricks remote workers into making mistakes.

The perpetrators do this by taking advantage of vulnerabilities that remote workers deal with during difficult times involving a lot of change. You can think of the COVID-19 pandemic as a prime example of a time when social engineering risks were very prominent.

However, rather than focusing strictly on phishing attacks via email, it is important that employers pay attention to other modes of social engineering attacks, such as via text, over the phone, on social media and through the spread of fake news.

Risk No. 2: Not having strong passwords

A main cause of global data breaches is none other than weak passwords. Though not the only contributing factor, weak passwords put remote workers at risk of having their information stolen or compromised. To counter the likelihood of your remote employees being subjected to data breaches, make sure you train them on the importance of strong passwords and how they can reduce password-related risks.

During the training period, consider addressing the following points:

Setting up extra security measures, such as passphrases.
Establishing unique passwords for every online account.
Utilizing password managers.
Enrolling in multifactor or two-factor authentication.

Risk No. 3: Using outdated systems instead of updating them

Something else to keep in mind is that out-of-date technologies are gold mines for cybercriminals who want to target remote workers. To combat this, take measures to ensure that the operating systems, online applications, mobile applications and other forms of technologies that are used by your remote employees are always updated.

Also, remote employees who use their own personal devices for work-related tasks should be advised about the importance of keeping their systems updated too. For example, remote workers can enable automatic updates, which is especially helpful if updating devices is something your remote workers put off or forget to manually do.

3 more cybersecurity topics to cover in training

For starters, you’ll want to let your employees know about the importance of identifying and addressing suspicious online activity. Let your employees know what suspicious activity looks like and how they can report any suspicious activity they see.

From there, let your employees know that if they work remotely outside their own homes, they are still in harm’s way given the public nature of their workplace. As such, make sure they consider the cybersecurity threats associated with their daily work routines.

Finally, inform your remote workers about the importance of keeping their work-related technology private. Relay the fact that they should not let unauthorized persons access their work-related technology, including family and friends.

Make it a point to offer cybersecurity training to all remote employees

Training new remote employees on all things cybersecurity during orientation is always a wise idea. For remote employees who have been with your company for a longer period of time, make sure you provide training periodically so that your long-term remote employees are educated on critical cybersecurity developments as they arise.

To ensure that the training you provide to your employees is accurate, up to date and thorough, consider hosting training sessions that are led by remote-work cybersecurity experts.

By:LaDonna Kearney
April 28, 2023
0

Cybersecurity – DOL Guidance https://peeptek.com/wp-content/uploads/2023/04/Untitled-design-45-1024x577.png 1024 577 LaDonna Kearney LaDonna Kearney https://secure.gravatar.com/avatar/b86a8627f071e21f4383e1f98943b62e?s=96&d=mm&r=g April 28, 2023 April 28, 2023

Cybersecurity – DOL Guidance

Department of Labor Weighs in on Cybersecurity:

The U.S. DOL has cybersecurity guidance for plan sponsors, fiduciaries, recordkeepers and participants. The guidance aims to help safeguard an estimated $9.3 trillion in plan assets and pertains to employer-sponsored plans regulated by the Employee Retirement Income Security Act (ERISA).

Since ERISA covers retirement plans and health and welfare plans, you may be wondering whether the DOL’s guidance applies only to retirement plans or to all ERISA-covered plans.

According to Groom Law Group, “notably, while some of the guidance package is framed in the context of retirement plans, the guidance appears to apply to all ERISA plans, including health and welfare plans, as the underlying fiduciary responsibilities and obligations are equally applicable in both contexts.”

Ultimately, the guidance confirms that ERISA requires plan fiduciaries to mitigate cybersecurity risks and offers best practices in three areas:

Service provider selection.
Cybersecurity programs.
Online security.

1. Service provider selection

This part of the guidance provides tips for choosing service providers with strong cybersecurity practices in place.

For example, before hiring a retirement plan service provider:

Ask them about their established information security policies, procedures and standards.
Request to see their audit results and determine whether those results are in line with industry standards.
Inquire about their levels of security and whether they have insurance to cover potential losses caused by a cyberattack.
Find out whether they have suffered security breaches in the past. If so, what happened, and how did they respond?

For more information, see the DOL’s Tips for Hiring a Service Provider With Strong Cybersecurity Practices.

2. Cybersecurity programs

As stated, service providers should have a strong cybersecurity system. The second part of the DOL’s guidance helps plan fiduciaries understand the components of a strong cybersecurity system. They include:

A formal, properly documented cybersecurity program.
Annual risk assessments.
Annual third-party audits.
Periodic cybersecurity awareness training.
Robust access control procedures.
A program addressing business continuity, incident response and disaster recovery.
A chief information security officer to oversee the cybersecurity program.

For more information, see the DOL’s Cybersecurity Program Best Practices.

3. Online security

This part of the guidance helps plan participants and beneficiaries who use the internet to check their retirement plans to lower the risk of fraud and loss.

The guidance offers online security tips for the following:

Registering, setting up and monitoring an online account
Utilizing strong and unique passwords.
Applying multifactor authentication.
Keeping personal contact information updated.
Closing or deleting unused accounts.
Being cautious of free Wi-Fi.
Being wary of phishing attacks.
Installing antivirus software and keeping it current.
Knowing how to report cybersecurity incidents, including identity theft.

For more information, see the DOL’s Online Security Tips. Also, help your plan participants protect themselves by informing them of the DOL’s online security tips. Finally, note that this is just a summary of the major provisions. Consult qualified professionals and the original DOL guidance for essential details.