SumTips: 4 Countries Concerned with Cybersecurity in 2017

As 2017 begins to take shape, one thing is clear: this year will not be the year of the massive, unexpected data breach. Rather, it very well could be the year of accepting cybersecurity weaknesses and looking to enact much-needed protective measures. In just the past week, four countries worldwide have highlighted areas in need of cyber attention:

• Australia: Intelligence officials fear Australian political party leaders will be the next victims of cyberespionage. Cyber Security Minister Dan Tehan acknowledged, “The use of cyber to maliciously influence the democratic process is a recent development in statecraft and we need the proper protections in place in Australia to prevent it happening here.”

• Canada: increased opposition to pipelines has only heightened the Canadian Security Intelligence Service’s warning to domestic energy companies about the risk of cyber espionage and attacks. “You should expect your networks to be hit if you are involved in any significant financial interactions with certain foreign states,” stated a CSIS briefing.

• India: A turn to digital payments has brought scrutiny to India’s lack of cybersecurity: “While India does have an early warning system and a national computer emergency response team, there is no clear national incident management structure for responding to cyber-security incidents,” reported the Software Alliance (BSA).

• United Kingdom: a shortage of cybersecurity experts has the potential to put businesses in the UK at cyber risk. Reported Mariano Mamertino, “Sadly the supply of skilled workers isn’t keeping up with employer demand, and Britain’s cyber security skills gap, already the second worst in the world, is getting worse. The problem is fast approaching crisis point, and British businesses will inevitably be put at risk if they can’t find the expertise they need to mitigate the threat.”

Know your risks, surf secure and stay Rando!

---

Image credit of BOLDG/Shutterstock.com.

Want more SumTips? Read on!

• SumTips: Davos' 2017 Guide to Business Cybersecurity
• SumTips: 7 Ways to #StandWithStreep
• SumTips: 11 Countries Where Journalism Still Threatens Personal Safety

Want SumTips sent to your inbox? Sign up for our weekly newsletter ("Security Tips and News" at bottom of page). 

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumTips: Davos’ 2017 Guide to Business Cybersecurity

The annual World Economic Forum in Davos, Switzerland, is underway. While the election of Donald Trump to the American presidency has attendees questioning what else 2017 will bring, one concern remains clear: cybersecurity.

In conjunction with the live event, the Forum offers a host of suggestions for making the coming year cybersecure, for businesses and individuals alike:

 
From “Why being a responsible leader means being cyber-resilient”:

• Cyber risk is a systemic challenge and cyber-resilience a public good. Without security and resilience in our networks, it will be impossible to safely take advantage of the innumerable opportunities that the Fourth Industrial Revolution is poised to offer. Responsible and innovative leaders, therefore, are seeking ways to deal with these risks. In order to meet these challenges and be truly responsive to and responsible for the challenges of digitalization, leaders need tools and partnerships.

From “Defending against cybercrime: how to make a business cyber-resilient”:

• Cyberattacks, cyber-breaches and cybercrime are not new problems and are universally acknowledged to be costly, pervasive and increasingly sophisticated. The best defence against such intrusions is cyber-resilience: building capabilities to protect yourself and your business from cyber threats, and building the ability to rebound from attacks, should they happen.

From “Four steps to protect your business against cybercrime”:

Ask yourself these questions:

• Is the board on board? Security has to be on the board’s agenda. They need to be constantly thinking about the worst case scenario: what would happen if your information were stolen? How badly would your business be damaged if one individual were bribed or blackmailed? What are all the possible ways someone could attack?

• Is security part of your culture? The board members can’t do everything themselves. You need to build security awareness into your organization’s culture by making it part of everyone’s role. Give them responsibility, and encourage them to speak up.

• Have you separated your data? The trick is to make sure you have layers between your systems. If your customer data is behind another wall, it’s safer. You want to make sure your most valuable information is hidden – even from your own employees. You don’t see bank vaults out on the street. They’re behind checkpoints, cameras and closed doors. Do the same with your data.

• Do you have all the basics sorted? Start with making sure passwords are strong and long and ensuring that all the right policies are in place. Encryption should be used across the board and you need a response team ready to deal with attacks and minimize the damage. Spare a moment to think about whether your partners are keeping your data safe. Most importantly, think from a criminal’s perspective: try hacking back into your own business to identify vulnerabilities and then fix them.

Protect yourself, surf secure and stay Rando!

---

Image credit of Shutterstock.com.

Want more SumTips? Read on!

• SumTips: 7 Ways to #StandWithStreep
• SumTips: 11 Countries Where Journalism Still Threatens Personal Safety
• SumTips: 7 Findings From Secure the News' Leaderboard

Want SumTips sent to your inbox? Sign up for our weekly newsletter ("Security Tips and News" at bottom of page). 

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumTips: 9 Cyber Security Awareness Month Events Not to Miss

It’s National Cyber Security Awareness Month, a United States-based event that increasingly attracts the attention of digital citizens worldwide. No matter where in the world you are this October, be sure to check out the following online NCSAM events:

October 6: #ChatSTC Twitter Chat: STOP. THINK. CONNECT.™ - The Basics of Online Safety
This #ChatSTC Twitter chat will discuss simple ways you can protect yourself, your family and your community online and explore how to engage young people in responsible technology use and pursue careers devoted to protecting the internet. Join via #ChatSTC at 3:00PM EDT.

October 11: EDUCAUSE Live! – Top Attack Techniques, Top Human Risks & How to Create a Cyberaware Culture
What are the scariest new attack techniques in 2016? What are the top human risks organizations are currently facing? Join the head of the Internet Storm Center and the director of SANS Securing The Human to discover how you can prepare for threats posed by technologies and people, and leverage that knowledge to create a more "cyberaware" culture on campus. Join via www.educause.edu at 1:00PM EDT.

October 13: Solving the “password1” Problem: Why Businesses Need 2FA
IDC analyst Robert Westervelt and ESET Senior Technical Strategist Ben Reed will be giving a free webinar on two-factor authentication (2FA). Topics to be discussed include the different types of multifactor authentication, why the right 2FA solution helps prevent breaches and how to implement 2FA quickly and easily. Join via www.brighttalk.com at 1:00PM EDT.

October 13: #ChatSTC Twitter Chat: Creating a Culture of Cybersecurity from the Break Room to the Boardroom
This #ChatSTC Twitter chat will discuss how leaders and employees in business, healthcare, academic, government and civil society can keep their organizations safer and more secure during National Cyber Security Awareness Month and year-round. Join via #ChatSTC at 3:00PM EDT.

October 20: Get Smart About Ransomware: Protect Yourself and Your Organization
Do you think you're doing enough to protect yourself against ransomware threats? It's time to start learning how to better protect yourself (and your organization) online. Support NCSAM by attending Security Innovation's free live webinar, which will discuss what ransomware is and how it affects you, real-world examples of ransomware attacks and what we've learned from them, what to do if you or your organization becomes a ransomware victim and how you can avoid ransomware threats to protect yourself and your organization. Join via web.securityinnovation.com at 1:00PM EDT.

October 20: #ChatSTC Twitter Chat: Recognizing and Combating Cybercrime
This #ChatSTC Twitter chat will discuss different kinds of cybercrime, how to better protect yourself against online threats and how you can play a role in the greater effort against cybercrime. Join via #ChatSTC at 3:00PM EDT. 

October 27: #ChatSTC Twitter Chat: Navigating Your Continuously Connected Life
This #ChatSTC Twitter chat will discuss how you can take security precautions and protect your personal information as the world of cutting-edge technologies continues to grow. Join via #ChatSTC at 3:00PM EDT. 

October 28: Digital Citizenship Summit
The Digital Citizenship Summit is a major global event for digital citizenship, featuring well-known and diverse, emerging voices discussing the safe, savvy and ethical use of social media and technology. Kicking off U.S. Media Literacy Week, the flagship Digital Citizenship Summit this year will focus on citizenship, literacy and advocacy. Join via www.digcitsummit.com at 9:00AM PDT.

November 3: #ChatSTC Twitter Chat: Building Cyber Resilience in Critical Infrastructure
As National Cyber Security Awareness Month (NCSAM) comes to a close, National Critical Infrastructure Security and Resilience (CISR) Month begins in November. In this #ChatSTC, we’ll discuss the connection between the cyber and physical worlds, the importance of protecting and securing our Nation’s critical infrastructure, and share simple cyber tips for individuals looking to do their part to protect our critical infrastructure from cyber threats. Join via #ChatSTC at 3:00PM EDT. 

Know your online resources, surf secure and stay Rando!

---

Image credit of Shutterstock.com. 

Want more SumTips? Read on!

• SumTips: 5 Human Rights Violations Not to Be Ignored
• SumTips: 5 Countries on Censorship Watch, According to Ban Ki-moon
• SumTips: 4 Reasons to Beware of the Facebook Algorithm

Want SumTips sent to your inbox? Sign up for our weekly newsletter ("Security Tips and News" at bottom of page). 

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumVoices: Africa Rising - West Africa's Cybersecurity Challenge

Our last installment of SumVoices featured Pakistani lawyer and activist Yassir Latif Hamdani. This month we bring you insight from Ghanaian blogger Ibrahim.

[Source: BOLDG/Shutterstock.com]

Cybersecurity remains a challenge within the West Africa sub-region. Cybersecurity is the protection of information systems from theft or damage to hardware, software, and to the information on them, as well as from disruption or misdirection of the services they provide. The upsurge in cybercrime among West African nations is no longer a mystery but a reality that has come to stay. The growing phenomenon of cyber crime is having a negative impact on socio-economic activities in a way that raises a lot of concerns for stakeholders involved in cybersecurity. As the internet, networked systems, and the use of mobile phones expand throughout sub-Saharan Africa, nations are grappling with multiplying cybercrime threats. Most cyber laws over the period sought to address issues such as mobile security, computer forensics, strengthening national laws, building emergency response teams and ensuring that comprehensive national cybersecurity plans promote internet freedom and respect for civil rights.

The Economist, the International Business Times and organizations such as the African Development Bank (AfDB) have asserted that Africa is home to some of the world’s most rapidly growing economies. This new Africa, captured by the aphorism “Africa rising”, is reflected in the continent’s expanding middle class and rapid adoption of mobile technology. According to recent estimates by the International Telecommunications Union (ITU), the number of mobile subscribers reached 63 percent in 2013, and more than 16 percent of the African population are now using the internet. Furthermore, it is estimated that the global value of web-based retail sales for 2013 amounted to $963 billion, while business to consumer (B2C) e-commerce sales for the same period totaled $1.3 trillion. Although the e-commerce market is dominated by developed economies, the global share of e-commerce for the Middle East and Africa is expected to rise from 1.6 percent in 2011 to 2.3 percent by 2016.

A recent study by the International Data Group Connect investigating the state of cyber threats in various regions of Africa, with particular emphasis on Egypt, Kenya, Nigeria and South Africa, shows that there is a strong correlation between cybersecurity and economic growth. Traditionally, West Africa has a high rate of software piracy. According to a 2011 study, the average rate of software piracy in the region is about 73 percent, with little change in recent years. In addition to the financial loss — $1.785 billion —, the high level of use of unauthorized software is likely to aggravate the region’s virus and malware woes.

The study by the International Data Group Connect estimates that annually, cybercrimes cost the South African economy $573 million, the Nigerian economy $200 million, and the Kenyan economy $36 million. It is important to understand that no one person or institution can have the requisite capacity to deal with cybersecurity. Cybersecurity is not an event but rather a process. As a result, it is not simply a matter of passing legislation, or something that belongs to lawyers only. Members of Parliament, lawyers, the judiciary, intelligence/military, civil society, media, young people and members of the public as key stakeholders should all be involved in efforts to deal with cybersecurity at the earliest available opportunity. It is important to engage all stakeholders to ensure the necessary buying and that they understand the issues and processes involved. 

---

Want more SumVoices? Read on!

• SumVoices: Internet Freedom a Boon for Pakistan's Democracy
• SumVoices: Algeria prevents exam cheating by cutting off the entire internet: Is it the right solution? (English and Arabic)
• SumVoices: Transparency and Data Protection are Tools Venezuela Needs (English and Spanish)

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumTips: 7 Ways to Ensure a Cybersecure August Holiday

[Source: maxuser/Shutterstock.com]

It’s August, which for many means vacation time. Before you head off to a sandy beach or a cobblestone-strewn city, be sure to protect yourself from cybercriminals:

1.    Do not post your travel plans on Facebook, Twitter, Instagram or any other social media site. Doing so risks providing criminals with an opportunity to access devices left behind or invite themselves along on your adventures.

2.    Avoid links and attachments to travel and hotel coupons, as well as local travel websites. The offers may seem enticing, but too often viruses and malware are lurking beneath the surface.

3.    Don’t install mobile tour apps. Any apps beyond those offered in an official online store pose a security threat and leave your device accessible to hackers.

4.    Let your credit card companies know you are travelling. Give yourself a second set of eyes to watch for unexpected activity.

5.    Keep your device with you. Ideally, your smartphone should never leave your sight. However, if a dip in the pool makes such things impossible, store your device someplace secure, such as a hotel room safe.

6.    Minimize ATM and Point-of-Service transactions, especially with machines that appear to have been tampered with or disfigured.

7.    Avoid free, insecure public Wi-Fi. Hackers know to look for personal information wherever there is unprotected Wi-Fi (hotels, coffee shops and train stations). If you do use password-protected public Wi-Fi, be sure to login to your SumRando VPN as well.

Happy travels, surf secure and stay Rando!

---

Want more SumTips? Read on!

• SumTips: 5 Ways the Brazil Olympics Threaten Your Cybersecurity
• SumTips: 10 Statements Worth Repeating from RSA Conference 2016 APJ
• SumTips: 10 Things to Do on SumRando Messenger When WhatsApp is Shut Down

 

Want SumTips sent to your inbox? Sign up for our weekly newsletter ("Security Tips and News" at bottom of page).

 

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumTips: 5 Ways the Brazil Olympics Threaten Your Cybersecurity

It’s no secret that the 2016 Summer Olympics are plagued with problems. Although it’s easy to get wrapped up in talk of the Zika virus, Dilma Rousseff’s impeachment and incomplete construction, everyone’s eyes—whether in Brazil or from afar—need to be focused on the many ways the Games will be leveraged to compromise innocent individuals’ cybersecurity. Take note of:

1.    Malicious Links: Excited to bet on the women’s soccer finals, rewatch the 400m IM swim or receive an invitation to participate in an Olympics ticket lottery? So are hackers. The Games are probably prompting you to spend more time online and in your inbox, but don’t let them distract you from safe browsing practices. Remember: no one can make you click on a malicious link without your consent.

2.    Smartphone Theft: An iPhone 6 is 156% more expensive in Brazil than in the United States. If you are taking yours to Rio, keep it in sight or you might not see it again.

3.    Public Wi-Fi: Where there are tourists, there is public Wi-Fi and the Olympics are no exception. Insecure Wi-Fi should be avoided at all costs, especially near stadiums and hotels, where hackers lay in wait. When using password-protected public Wi-Fi, be sure to also login to your SumRando VPN and to save any sensitive transactions for home.

4.    ATM and Point-of-Sale Machines: One swipe is all a hacker needs to steal your information. Try to minimize transactions, especially if you lack the added security of a “chip” (EMV-backed) card.

5.    Terrorist Recruitment: ISIS has begun producing online propaganda in Portuguese in an attempt to recruit Portuguese speakers. What this could mean for the Olympics is anyone’s guess.

Friday, August 5 marks the opening ceremonies of the 2016 Summer Olympics. Do your part to make it a safe and secure event to remember.

---

Want more SumTips? Read on!

• SumTips: 10 Statements Worth Repeating from RSA Conference 2016 APJ
• SumTips: 10 Things to Do on SumRando Messenger When WhatsApp is Shut Down
• SumTips: 5 Reasons to NOT Download Pokémon Go

 

Want SumTips sent to your inbox? Sign up for our weekly newsletter ("Security Tips and News" at bottom of page).

 

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumTips: 10 Statements Worth Repeating from RSA Conference 2016 APJ

[Source: BeeBright/Shutterstock.com]

RSA’s 4th annual Asia Pacific & Japan Conference took place from July 20th to 22nd in Singapore – and with it came a bleak portrait of cybersecurity today. A series of keynote addresses reinforced what we already know, that it is indeed a hacker’s world:

from K Shanmugam, Minister for Home Affairs & Minister for Law, Singapore:
1.    “[In the UK], the number of crimes committed through the internet has exceeded the crimes committed in the physical space. For us [in Singapore], in the last year, the number of crimes committed under the Computer Misuse Act has increased by 40% over the previous year.”

from Glenn Gunara-Chen, Executive Director, Fraud Investigation & Dispute Services, EY:
2.    According to the EY Global Information Security Survey 2015, 23% of respondents open phishing emails and 11% click on attachments.

3.    “The common denominator across the top four breach patterns [phishing & crimeware, physical theft/loss, misuse of privileges and miscellaneous errors]—accounting for nearly 90% of all incidents—is people.”

4.    “Cybercrime is the new normal.”

from Chris Carlson, Vice President of Product Management, Qualys:
5.    “In January of this year, there was only one recorded case of ransomware in Singapore. In March, 155. And it’s increasing.”
 
from Fang Chao, Director of Alibaba JAQ Security, Alibaba Inc.:
6.    “95% of popular mobile apps have counterfeiting apps.”
   
from Amit Yoran, RCA President:
7.    “$75 billion USD were spent in cybersecurity in 2015 alone.”

8.    “70% of organizations in [Asia-Pacific/Japan] report that they’ve been successfully compromised by an intrusion in the last 12 months—and I’m willing to bet that many of the remainder aren’t able to detect the fact that they’ve become victims.”

9.    “56% of companies say that it’s unlikely or highly unlikely that they’d be able to detect a sophisticated attack.”

10.    “Tools alone won’t win the battle for us. We need super smart, creative humans.”

Be aware, surf secure and stay Rando!

---

Want more SumTips? Read on!

• SumTips: 10 Things to Do on SumRando Messenger When WhatsApp is Shut Down
• SumTips: 5 Reasons to NOT Download Pokémon Go
• SumTips: 7 Signs You're at Risk of a Webcam Hack

 

Want SumTips sent to your inbox? Sign up for our weekly newsletter ("Security Tips and News" at bottom of page).

 

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumTips: 7 Signs You’re at Risk of a Webcam Hack

[Image credit: Facebook]

A recent photo of Mark Zuckerberg revealed something far more noteworthy than Instagram's latest growth milestone: the Facebook founder covers his laptop webcam and microphone with tape—and no one is calling him irrational or paranoid for doing so. In fact, the response to Zuckerberg’s laptop has largely consisted of cybersecurity experts reminding users that the smart thing to do is to take similar precautions. “What’s scariest about it is not who’s doing it but how easy it is to do,” acknowledged the Digital Citizens Alliance’s Adam Benson.

In case you’re wondering if you are at risk of an invasion of privacy via webcam, take note of our 7 warning signs below:

1.    You have a weak wireless password—or none at all. A strong password will keep hackers out of your wireless network. Be sure to always avoid insecure public Wi-Fi without the added protection of a VPN.

2.    You turn off your firewall and/or anti-virus protection. Hackers frequently take over webcams with malware sent via malicious email links. Although even the best security solutions are known to let new viruses through, turning them off entirely—even for a moment—will only increase your risk.

3.    You ignore software updates. “The biggest compromises that have happened over the past six to nine months often happened in an un-patched device that had a security vulnerability, and the patches weren’t applied fast enough,” reported Gerhard Eschelbeck, Google’s head of cybersecurity.

4.    You bought or borrowed a computer from an untrustworthy or unknown source. Before you login at an internet café or boot up the laptop you bought used, know that a previous user could now be spying on you.

5.    You click on attachments in emails addressed to you. Chinese hackers GhostNet took over nearly 1,300 webcams in more than 100 countries by sending out realistic-but-spoofed emails. As soon as users opened their email attachments, a Trojan virus was released and the hackers had complete webcam control.

6.    You spend time in front of your computer. In 2015, a Canadian woman discovered her webcam had been infiltrated when she received photos via Facebook of herself and her boyfriend watching Netflix. Her story is just one of the countless personal events that webcam hackers document when unsuspecting individuals think no one is watching.

7.    You don’t use a SumRando Cybersecurity webcam cover. Zuckerberg used tape, but we have something better: custom-designed SumRando webcam covers for your computer and smartphone. Email us at contact@sumrando.com to receive a complimentary set of 5.

We live in a world in which webcam hacking is a real threat for everyone from Facebook founders to everyday internet users. Take necessary precautions, surf secure and stay Rando!

---

Looking for some ways to enhance your cybersecurity? Read on!

• SumTips: 3 Ways Brexit Will Influence Your Cybersecurity
• SumTips: Eight Ways to Protect Your Mobile Device When Traveling

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumTips: 3 Ways Brexit Will Influence Your Cybersecurity

[Image source: Hamdi Bin Zainal/Shutterstock.com]

As the initial shock in response to Brexit (Great Britain’s vote to exit the European Union) wears off, in its place are legitimate questions about what this change could mean for cybersecurity worldwide. The process of exiting the EU will take a minimum of 2 years, and some argue it could take as long as 6 years or even never come to fruition at all.

If and when Brexit does occur, however, there is little to fear in terms of data protection: it is predicted that Britain would elect to conform to the standards established by the EU’s highly regarded General Data Protection Regulation (GDPR), effective May 2018.

The trouble that Brexit will bring for cybersecurity are the problems that erecting new borders always brings:

1.    Less information sharing and cybercrime collaboration. Brexit would limit the United Kingdom’s access to EU agencies such as Eurojust (judicial cooperation regarding criminal matters) and Europol (law enforcement intelligence) and complicate its ability to extradite foreign suspects. However, in a world where governments often double as cybercriminals, it remains to be seen whether less collaboration would help or harm the average digital citizen.

2.    Less innovation. The United Kingdom’s talent pool will inevitably shrink, leaving the country even less able to compete with the United States’ already-dominant tech industry. Further concerns include the loss of UK government investment in EU cybersecurity startups (currently, the government invests in both EU and UK enterprises) and whether UK-based companies with EU employees will choose to relocate elsewhere.

3.    Greater insecurity in general. Brexit has created more questions than answers, which is a dangerous place to be, cybersecurity-wise. “Security always suffers in times of uncertainty. What’s happened is unprecedented and there is a lot of confusion as to the next steps. This is the kind of chaotic environment in which insecurity thrives,” reported A.N. Ananth, CEO of EventTracker.

We have yet to see what exactly Brexit will bring, but in the meantime it serves as a valid reminder of the fragility of cybersecurity and the need for individuals to continue to protect themselves online.

---

Want the latest freedom of speech and cybersecurity news from around the world? Read on!

• SumTips: Eight Ways to Protect Your Mobile Device When Traveling
• Myanmar Knows Not to Censor. Do You?
• Report Lists 91 Countries Requesting Facebook Account Data and Content Restrictions

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumTips: Eight Ways to Protect Your Mobile Device When Traveling

[Image credit: Rawpixel.com/Shutterstock.com]

Solstice has arrived, which means it’s summer in the north, winter in the south and travel time for individuals everywhere.

Before you board your next flight, however, remember that cybercrime is a problem far from being solved. McAfee recently estimated that the annual global cost of all cybercrime exceeds $400 million and a United Nations study found digital theft to affect between 1 and 17% of the online population (as a comparison, physical crime affects less than 5%). Significantly, these stats are based on reported incidents, yet 80% of cybercrime goes unreported.

Airports and hotels are two of cybercrime’s biggest targets, so when planning your next trip, take a moment to protect your digital security:

• Disable auto-configuration so your device does not automatically connect to an open network without your approval.

• Update your device's operating system and security software to the latest versions. Cybercriminals love to exploit old software before it is patched. 

• Keep your device with you. Don’t leave your device in your hotel room—not even in the safe—and don’t set your phone on a bar or restaurant table. For additional protection, keep a hand on your device while chatting with your barstool neighbor and make sure your device is password protected. One more tip: Use only your device and not public computers. Cybercriminals know to install keylogging software on accessible computers, allowing them to learn your keystrokes and break the strongest of passwords. 

• Only use password-protected public Wi-Fi. Remember that free access points are routinely established with malicious intent. Even when logged into authentic public Wi-Fi, further protect yourself by refraining from sending sensitive information like banking or financial transactions.   

• Confirm your hotel’s Wi-Fi network and make sure it is properly secured. Hackers are stealing holidays of their own by creating bogus hotspots with similar or vague names ("Hotel Free Wi-Fi," for example) that show up alongside authentic networks and even installing malware through pop-up windows on hotel networks. 

• Use secure browsing. If a URL doesn’t have https://, it isn’t encrypted and shouldn’t be used. 

• Use SumRando VPN. Never use public Wi-Fi without a VPN. Our free 1 GB plan will protect your data throughout your holiday travel, whether you’re on Windows or Android. 

• Use SumRando messenger to communicate securely with loved ones back home. Our encrypted messenger is free and allows you to chat without worrying about eavesdropping government censors or cybercriminals.

Happy Solstice, Randos!

---

Want the latest freedom of speech and cybersecurity news from around the world? Read on!

• Myanmar Knows Not to Censor. Do You?
• Report Lists 91 Countries Requesting Facebook Account Data and Content Restrictions
• World Press Freedom Day 2016 Highlights What Journalism Needs

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumVoices: Digital Security Starts With Contextual Risk Assessment

Our last installment of SumVoices featured an anonymous contributor from Algeria, in English and Arabic. This month we bring you Venezuelan digital rights activist and digital security trainer, Marianne Díaz Hernández, in English and Spanish.

For the last six years, I have been a digital rights activist in Venezuela and a great amount of my work has been focused on digital security training aimed at audiences at risk: activists, journalists and young students who are beginning to defend their civil rights. In my experience, a concept that is often disregarded in the digital security training arena is that of risk assessment. While in certain contexts, risk assessment is something of a cliché term to throw around—a buzzword, like "entrepreneurship" or "synergy", in those contexts where it's frequently overlooked, we are often missing something very important: the fact that tools and tactics are not universally applicable, and thus the fact that we might be aiming at the wrong target when choosing certain tools without having a complete understanding of the nature of risks present.

This is something that becomes particularly important not only for those of us who conduct trainings aimed at different audiences, but also for those who design training materials, handbooks, and software that is going to be used by people at risk. Understanding the nuances of risk when looking at different scenarios can often mean the difference between designing a handbook or app that is going to be used by many people in many contexts versus creating something that only those with the same background as us are going to be able to use.

Points to consider when creating strategies that are applicable to many different scenarios include:

• What is the scope of internet availability? What speed and quality of connection is available?: When recommending streaming apps like Periscope in the South American context--particularly in Venezuela, where we currently deal with one of the worst, slowest and most expensive internet connections in the world, we are often faced with the fact that internet connections are not reliable and upload speeds are sorely lacking, not to mention the fact that connection is often paid for by the megabyte and extremely expensive. Some people cannot count on internet access at home, and some can only connect once a week or once a month.

• What technology is available? Is what I’ve created compatible?: This is often overlooked when creating apps that work exclusively in iOS environments and thus cannot be used by the many people who lack economic resources and are most at risk. Compatibility is also overlooked when creating apps that only work with newer versions of some operating systems, disregarding the fact that most people in developing countries only have access to the previous, often out-of-date versions of operating systems that come with cheaper devices.

• Is it legal to use? Should I warn users of possible legal consequences?: Technologies like encryption and practices like anonymity are illegal or outlawed in many countries. For example, anonymity is forbidden in Venezuela and encryption is illegal in Russia and Tunisia. If someone is going to make the decision to use technology that could put them at further risk, this decision should be made from a place of informed awareness.

• Is it understandable? Is it accessible? Does it make sense in a given cultural context?: In many places, particularly in those where indigenous languages still survive and coexist, language is a barrier that can keep people from accessing certain tools and materials. In my experience with training Venezuelan indigenous populations at risk, the trainings have to be conducted in Spanish, which is the legal language of the country, but not the mother tongue of the audience. Even when trying, sloppy translations have the potential to become a hazard instead of an aid. Considering cultural aspects also means considering the risks of taking out a cellphone in the street in certain places, or simply carrying it while out and about.

Even though it's impossible to list every aspect that we should consider, more often than not, just being aware of differences and being open to asking questions and listening to answers is a good place to start. As in many other circumstances, the ability to fight preconceived notions and assumptions is the key to opening a door that will lead us to more diverse solutions for digital security.

Venezuelan lawyer and digital rights activist Marianne Díaz Hernández is involved in initiatives including Creative Commons Venezuela and Acesso Libre. She also contributes to Global Voices and guest blogs for Amnesty International. Follow her @mariannedh.

---

Want more SumVoices? Read on!

• SumVoices: Cybercrime in Algeria - Phenomenon on the Rise
• SumVoices: Unauthorized Access to Private Data Common in Pakistan
• SumVoices: Problems Without End in Algeria's Internet

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumVoices: La seguridad digital comienza con el análisis de riesgos contextual

Our last installment of SumVoices featured an anonymous contributor from Algeria, in English and Arabic. This month we bring you Venezuelan digital rights activist and digital security trainer, Marianne Díaz Hernández, in English and Spanish.

Durante los últimos seis años, he sido una activista por los derechos digitales en Venezuela, y una parte importante de mi trabajo se ha enfocado en entrenamientos de seguridad digital dirigidos a audiencias en riesgo: activistas, periodistas y estudiantes que están comenzando a defender sus derechos civiles. En mi experiencia, un concepto que se deja de lado a menudo en el campo del entrenamiento en seguridad digital es el del análisis y evaluación de riesgos. Mientras que en ciertos contextos, el análisis de riesgos es más bien un término cliché que se deja caer—una suerte de palabra clave, como “emprendimiento” o “sinergia”, en otros contextos donde a menudo es pasado por alto, solemos estar perdiendo algo muy importante: el hecho de que las herramientas y las tácticas no son universalmente aplicables, y por tanto, el hecho de que podríamos estar apuntando al objetivo equivocado al elegir ciertas herramientas sin tener un entendimiento completo de la naturaleza de los riesgos que están presentes.

Esto es algo que se vuelve particularmente importante no sólo para aquellos entre nosotros que llevamos a cabo entrenamientos dirigidos a diferentes audiencias, sino también para aquellos que diseñan materiales de entrenamiento, manuales y software que será usado por personas en riesgo. Comprender los matices del riesgo cuando observamos diferentes escenarios puede a menudo significar la diferencia entre diseñar un manual o una aplicación que será usada por muchas personas en muchos contextos, en vez de crear algo que sólo aquellos con el mismo ambiente que nosotros podrán usar.

Algunos puntos a considerar al crear estrategias que sean aplicables a diferentes escenarios incluyen:

• ¿Cuál es el alcance de la conexión a Internet? ¿Qué velocidad y calidad de conexión está disponible?: Cuando recomendamos aplicaciones de transmisión en directo, como Periscope, en el contexto latinoamericano—particularmente en Venezuela, donde actualmente lidiamos con una de las peores conexiones, más lentas y más caras del mundo, a menudo nos enfrentamos al hecho de que las conexiones a Internet no son confiables y las velocidades de carga se quedan muy cortas, sin mencionar el hecho de que la conexión es a menudo pagada en megabytes y extremadamente costosa. Algunas personas no pueden contar con acceso a Internet en sus hogares, y algunas sólo pueden conectarse una vez a la semana o al mes. 

• ¿Qué tecnología está disponible? ¿Es compatible esto que he creado?: Esto a menudo se deja de lado al crear aplicaciones que funcionan exclusivamente en ambientes iOS, y por tanto no pueden ser empleadas por muchas personas que carecen de recursos económicos y son quienes se encuentran en riesgo más a menudo. La compatibilidad es también dejada de lado al crear aplicaciones que sólo funcionan en versiones más recientes de algunos sistemas operativos, haciendo caso omiso del hecho de que muchas personas en países en desarrollo sólo tienen acceso a las versiones más recientes, a menudo obsoletas, de sistemas operativos que vienen con dispositivos más económicos.

• ¿Es legal usarlo? ¿Debería advertir a los usuarios sobre posibles consecuencias legales?: Tecnologías como el cifrado y prácticas como el anonimato son ilegales en muchos países. Por ejemplo el anonimato está prohibido en Venezuela, y el cifrado es ilegal en Rusia y Túnez. Si alguien va a tomar la decisión de usar tecnología que pudiera ponerlos en un riesgo mayor, esta decisión debería ser tomada desde una posición de conciencia informada.

• ¿Es comprensible? ¿Es accesible? ¿Tiene sentido en un contexto cultural determinado?: En muchos lugares, particularmente en aquellos donde todavía sobreviven y coexisten lenguas indígenas, el idioma es una barrera que puede evitar que las personas accedan a ciertas herramientas y materiales. En mi experiencia entrenando poblaciones indígenas en riesgo en Venezuela, los entrenamientos tienen que ser llevados a cabo en español, que es el idioma legal del país y es a menudo el idioma del entrenador, pero no es la lengua materna de la audiencia. Incluso cuando lo intentan, las traducciones de mala calidad tienen el potencial de convertirse en un peligro en lugar de una ayuda. Considerar los aspectos culturales también significa tener en cuenta los riesgos de sacar un celular en la calle en ciertos lugares, o simplemente de llevarlo consigo cuando salen de sus hogares.

Aunque es imposible enumerar cada uno de los aspectos que debemos considerar, a menudo simplemente estar atento y consciente de las diferencias y estar abierto a hacer preguntas y a escuchar las respuestas es un buen comienzo. Al igual que en muchas otras circunstancias, la capacidad de luchar contra nociones preconcebidas y presunciones es la clave para abrir una puerta que nos llevará a soluciones más diversas en seguridad digital.


Venezuelan lawyer and digital rights activist Marianne Díaz Hernández is involved in initiatives including Creative Commons Venezuela and Acesso Libre. She also contributes to Global Voices and guest blogs for Amnesty International. Follow her @mariannedh.

---

Want more SumVoices? Read on!

• SumVoices: Cybercrime in Algeria - Phenomenon on the Rise
• SumVoices: Unauthorized Access to Private Data Common in Pakistan
• SumVoices: Problems Without End in Algeria's Internet

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Internet Security Depends on Human Behavior, Says RSA’s Amit Yoran

Each year, the RSA Conference provides a place for information security experts from around the world to delve deeply into global cybersecurity problems and solutions. This year was no exception, with a record 40,000 individuals in attendance at the 25th anniversary event.

Amidst the sea of technological solutions presented, the keynote address of one man, RSA President Amit Yoran, stood out. His message was clear: until human behavior changes, the Internet will continue to be the insecure place it currently is and hackers will continue to win the cybersecurity war. For three reasons, it is human behavior, not technology, that must change:


Reason #1: The Internet is inherently insecure.

“The general purpose computing paradigms that we operate under cannot be secured. A collection of incredibly complex, interconnected systems, our digital environments, are at their core not deterministic. And with the emergence of IoT, our challenges are only going to get exponentially worse. And yet we continue to push all of our communication, collaboration, and commerce online, pretending that preventative technologies like anti-virus, malware sandboxing, firewalls and even next generation firewalls, will keep us safe when we know that they won’t. Intellectually, we get it, but that’s not translating into changed behavior fast enough.”

Reason #2: Smart creatives today become hackers, not cybersecurity professionals.

“Think about our “game” of cybersecurity. Our opponent isn’t playing the same game and they surely aren’t following the same rules. In fact, our opponents don’t have rules. So in real life, who is sitting across our game board? If you could unveil our opponents, we would likely see creative human beings who are changing the rules as they play.

“For some perspective on tackling the cybersecurity challenge, let’s take a step back and come at our problem from a different angle. Our problem is not a technology problem. Our adversaries aren’t beating us because they have better technology. They’re beating us because they are being more creative, more patient, more persistent. They’re single-minded. They have a target – no prescribed path to get there, no overarching rules limiting them, and a virtually limitless number of pathways to explore.”

Reason #3: Governments continue to fight for security reducing measures, such as weakening encryption.

“We frequently see governments muddying the waters by allowing intelligence communities or law enforcement to dominate national cybersecurity policy and initiatives. Their perspective and agendas are radically different from those trying to defend networks.

“Some policy proposals, like weakening encryption, are so misguided as to boggle the mind. In an era where cybersecurity is consistently cited as the single greatest threat to our way of life, above terrorism and all else, how can we possibly justify a policy that would catastrophically weaken our infrastructures? And contrary to the going dark rhetoric, we live in a golden age of surveillance, more so than at any other point in human history. Weakening encryption is solely for the ease and convenience of law enforcement when pursuing petty criminals. No credible terrorist or nation state actor would ever use technology that is knowingly weakened. However, if we weaken our encryption you can sure bet that the bad guys will use that and exploit it against us. Such a policy would also harm US economic interests on an already suspicious world stage, as well as unconscionably undermine those trying to defend our digital environments in every single industry.”

Yoran began and ended his speech with a reminder that, in today’s world of cybersecurity, actions speak louder than intentions. We simply cannot wait for technology to change or for experts and government officials to catch up. Take matters into your own hands and make a VPN, secure messenging, unique passwords and HTTPS part of your daily Internet routine.

---

Want the latest freedom of speech and cybersecurity news from around the world? Read on!

• This International Women's Day, Celebrate the Words of Women
• Journalist Hunger Strike Seeks a Culture of 'Peaceful Protest' in Sudan
• SumRando Cybersecurity Has Relocated to Mauritius

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Cybersecurity in Ghana: A Promising Work in Progress

In a world of cybersecurity problems, Ghana is one country actively seeking solutions.

In 2015, the West African nation embraced a National Cyber Security Policy and Strategy, in which it first laid out a long list of concerns:

• Cyber cafes, a primary source of Internet access for many Ghanaians, have become “fertile” for cyberattacks.

• The growth of smart phone usage as well as M-commerce has led to increased mobile phone cybercrime.

• Multiple government websites have also fallen victim to cyberattacks.

• “Sakawa,” Internet fraud that takes advantage of traditional and religious rituals to gain money, continues to be popular and to be under-prosecuted due to an under-resourced and untrained police cybercrime unit and a lack of laws against such acts.

• A coordinated structure for reporting cyber incidences does not exist.

With a vision of creating, “A secure and stable connected Ghana with Internet users working and creating wealth in a safe cyber space, with a well-researched and trained academic and professional community protecting Ghana’s cyber space equipped with global standards and responding swiftly to cyber incidents, and with up-to-date laws and systems in place to efficiently prosecute cyber criminals,” it is clear that the Ghana National Cyber Security Policy and Strategy aims to remedy the aforementioned issues.

Such change, however, won’t happen overnight.

To achieve this vision, Ghana is focused on nine policy pillars, set to be achieved in a 5-year strategic plan between now and 2020. The pillars are: effective governance, a legislative and regulatory framework, a cyber security technology framework, a culture of security and capacity building, research and development towards self-reliance, ensured compliance and enforcement, child online protection, cyber security emergency readiness and international cooperation.

Although Ghana’s nine pillars remain a work in progress, last month’s inaugural Data Protection Conference in Accra demonstrated Ghana’s commitment to work in the present towards a more secure cyber space. The conference, themed, “Creating the Right Balance between the Need for Information and Data Protection,” strived to raise awareness about data protection issues and statutory obligations for data controllers and processors.

The event reminded the hundreds in attendance to adhere to the provisions set out in 2012’s Data Protection Act (Act 843), legislation that has been widely applauded for directly addressing the need for data privacy. Of note, the act establishes data protection principles and guarantees user rights regarding personal information, including the right to access and amend your personal information, to prevent processing of your personal information and to complain to the Data Protection Commission. Unfortunately, Act 843 is not without flaws. The Data Protection Act includes a vague exemption to all provisions of personal data processing when for the good of “public order, public safety, public morality, national security or public interest.” Such loosely defined terms can be—and frequently are—used to infringe upon individuals’ rights.

In the words of Ghanaian Chief Justice Georgina Theodora Wood at the conference, “Privacy fortifies our human dignity and guarantees other key values such as freedom of association and freedom of speech in our society. Our fundamental right to privacy as enshrined under Article 18(2) of the 1992 Constitution cannot and should not be compromised, especially today.”

We agree. The National Cyber Security Policy and Strategy and the Data Protection Act collectively establish Ghana as a leader in cybersecurity and protection of free speech. As we wait to see what that brings, remember your privacy and security remain in your own hands.

---

Want to know more about data privacy around the world? Read on!

• Karisma Advises Colombia to Dismantle Data Retention Regime
• SumRando's Guide to a Secure Brazilian Carnival Experience
• Happy Data Privacy Day, Randos!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!