iOS Password Risk


Reports are breaking today of a risk to iPhone and iPad users utilizing a very familiar prompt.

iOSPrompt.jpgAs this image shows, we are all used to seeing this prompt to login to the iTunes Store.  The problem is, that a mobile app developer has proved that this pop-up could be generated by an app that is simply attempting to capture your Apple ID password.

This appears to be the first risk that has surpassed Apple’s rigid App Store security.  A seemingly legitimate app could generate this pop-up.  One way to tell if this is a legitimate prompt for your Apple ID password is to press the home button on your phone.  If the prompt disappears, it could be an attempt to steal your password.  If the prompt remains on screen, it’s a legitimate prompt.  Another recommendation is to close this pop-up, go to the Settings app and to your Apple account and enter your password there, if prompted.

I’ll blog on this further if more details come to light.

Being National Cyber Security Awareness Month, I wanted to get this alert out right away.  #CyberAware


Protect and Detect, Steps 2 & 3 #CyberAware


Today I want to highlight Steps 2 & 3 of National Cyber Security Awareness Month‘s focus on Cybersecurity in the Workplace.

Facebook ΓÇô 2 Protect

Step 2 is Protect.

Protection focuses on many of the concepts I have been discussing this month.  The focus is on protecting digital assets, training employees on the basics of cybersecurity and the basics of cyber security hygiene.

Protecting digital assets consists of identifying your digital “crown jewels”.  Once you have, you need to implement appropriate protections for those assets and enforce appropriate cyber hygiene across the organization.

In pushing cyber hygiene, focus on the concepts from last week of locking down logins, backing up data, maintaining device security and limiting access to those “crown jewels.”

From there, put your focus on employee training.  There are several excellent resources for cyber security training in the workplace, and I strongly recommend implementing phishing tests within the company, so you can gauge your exposure and target the training to those who need it most.  It’s something we do extensively with our clients at Onepath.

Facebook ΓÇô 3 Detect.png

Step 3 is Detect.

Detection is all about knowing the threats that your business may be exposed to.  It’s also about having the right tools and services in place to help your detect these threats.  As we have seen from many data breaches over the last few years, hackers often have access to a network for months or longer, before their presence or worse, the damage they have done, is detected.  Having the right people, processes and technology in place is critical in order to detect a hacker.

Follow this link to learn more and explore a wealth of resources available to help you understand detection and what your business needs to be doing to protect itself.