If you were always worried about the plug-ins you use and the security threat they might pose, Google seems to agree and has just announced that it is going to limit certain plug-ins with its Chrome browser. Social Media also poses a security threat according to the Ponemon Institute.
Chrome To Block Old Plug-ins
Security news from Google and in particular Chrome. According to the Chrome blogspot, Google is to block insecure plug-ins from running on top of the Chrome browser to ensure that it cannot be exploited by malicious websites that have inserted bugs into the plug-ins.
The blog says that the only way to deal with the problem is to stop it from happening in the first place as once they get in, hackers can take just about everything including banking passwords as well as access to sensitive enterprise information.
Many advanced attacks involve finding undisclosed vulnerabilities in the browser. Despite being harder, there has been a lot of user damage due to exploitation of non-public bugs in browsers. With this in mind Google Chrome in future will:
- Refuse to run certain out-of-date plug-ins
- Disable individual plug-ins or to operate in a “domain whitelist” mode whereby only trusted domains are permitted to load plug-ins
- Warning before running infrequently used plug-ins
This follows earlier security measures including the introduction of auto update for Adobe Flash Player and an integrated PDF viewer plug-in running inside Google Chrome’s sandbox.
Social Media And Data Theft
And with theft in mind, the Ponemon Institute (news, site) has recently published new research that shows where social media users are leaving themselves and their enterprise vulnerable to data and personal information theft.
Although more than 80 percent of study respondents expressed concern about their security while using social media, more than half of these same individuals admitted they do not take any steps to actively protect themselves.
Other key findings from the survey include the following:
- 65% of users do not set high privacy or security settings in their social media sites.
- 40% of all respondents share their physical home address through social media applications.
Even though most respondents expressed concern about online security and privacy, nearly 90 percent did not feel that identity theft is a likely risk from using social media sites. Accordingly, individuals continue to use social media despite acknowledged potential dangers. It also shows:
- 60% of users are not confident of their social media provider’s ability to protect their identity.
- 44% of individuals said if they discovered that a social media provider did not adequately protect their privacy or security, they would continue to use the site.
The question now is to what extent enterprise users, given that they are almost certainly amongst the surveyed population, are disregarding enterprise security safeguards and exposing the enterprise to data theft.
Modulo Upgrades GRC software
Meanwhile, GRC specialist Modulo has also upgraded its GRC products with the availability of its next generation IT Governance, Risk and Compliance Management (IT GRCM) solution.
Modulo Risk Manager NG is an evolution of the company’s management software and is now also available in the cloud as a SaaS solution.
This new release of Risk Manager also comes with support for multiple languages as well as an easy-to-use web-based interface and platform. Modulo Risk Manager NG gives enterprises the visibility they need to manage both business and IT processes using a standardized approach.
Major enhancements of this new release include:
- Multi-language web-based platform
- Improved user portal, role based access control and dashboards
- Advanced “what if” modeling
- Enhanced policy management
It also comes with GRC Integration Service Foundation Application Program Interface (API) to enable the integration of home grown and commercial applications.
Automated, Compliant Records Management
Meanwhile, ASG Software Solutions has just released a new Records Manager which gives organizations the ability to improve business processes and reduce operational costs, all while ensuring compliance and mitigating risk.
By transparently managing all of an organization’s records, no matter where they are stored, in one consolidated view, Records Manager is meant to handle high-volume record environments. In fact, it was specifically designed to simplify information management for organizations wading (or drowning) in an increasingly complex information landscape (or landslide!).
However, one of the big advantages is that it automates capture, classification, retention and disposal of electronic content in keeping with the compliance demands of highly-regulated industry.
Not only does ASG Records Manager make it easy for organizations to search, locate and produce content, it also provides a repeatable and systematic retention management system, which monitors activity, reducing the risk of untimely data destruction and spoilation allegations.
Symantec Tool Assesses SMB Risk
The Symantec Small Business Check-up is a simple-to-complete online questionnaire that enables small businesses to benchmark themselves against survey results from 700 small businesses across Europe, the Middle East and Africa (EMEA).
The comparison allows participants to assess their organisation’s relative vulnerability to data risk and add information about their own environments to the benchmarking tool. The tool then provides them with an analysis of any gaps or inconsistencies that might cause exposure.
The Symantec Small Business Check-up has already revealed that smaller companies share a number of serious vulnerabilities including the fact that the majority of small businesses are just as susceptible to information risks as large organizations.
According to the research, 80 percent of small businesses have ‘medium’ to ‘high’ sensitivity to risk. This figure is based on amalgamating their exposure to risk factors including whether they are governed by industry regulation, hold sensitive information, would be disrupted by regulatory breaches or use mobile technology.
If you’re interested in finding out more go to the Symantec Small Business Check.