Category

Data Protection

Security Considerations for Enterprise Remote Access

By | Data Privacy, Data Protection, Information Security | No Comments

Remote-access technologies are top-of-mind for most IT professionals now, and remote work is a trend which is likely here to stay for the long term. If you’re looking to update your organization’s security policy, NIST has recently published an excellent bulletin outlining some of the unique security challenges posed by remote work.

NIST categorizes remote-access technologies into four main categories: Tunneling, Portals, Direct Application Access, and Remote Desktop Access.  With the rise of BYOD (bring your own device) policies and cloud-based applications, it has become common for organizations to employ multiple solutions for remote access, each with their own unique security considerations.   Regardless of which remote-access technologies your organization is using, it is important to continually ensure each is being used in a way that protects data from compromise.

The NIST bulletin highlights a few important points:

  • Organizations should assume that devices used for remote work will be compromised. Make sure that sensitive data is encrypted, or better yet, implement solutions that don’t store any sensitive data on client devices.
  • Devices used in external environments are under greater risk for compromise than devices in enterprise environments, so tighter security controls are advisable. Security controls can also vary widely by device, so you may need to give more specific security guidance for BYOD devices used for remote work.
  • Each additional form of remote access that is exposed increases the risk of compromise. This can be mitigated by implementing tiers of access for different client devices, and by situating remote access servers so they serve as a single point of entry.

Grey Market Labs is a Public Benefit Corporation with the mission to “protect life online”. Our Advisory services can help you navigate the conflicting and overwhelming enterprise privacy and data protection guidance. Our products provide cost-effective and comprehensive privacy-as-a-service, delivering proactive internet protection for remote work and distributed teams. Simply: we prevent data from being compromised, establish trust between users and protect our customers work, online. CONTACT US to see how we can solve some hard problems together.

Not-so-Private Browsing Mode

By | Data Privacy, Data Protection | No Comments

Have you ever used a “private” browsing window before?  You might know it as “Incognito Mode” in Chrome, “InPrivate” in Edge, or “Private Browsing Mode” in Safari & Firefox.  These private modes may do little more than tell the browser to forget what you did once you close the window.  Search history, pages visited, and what you typed in will be deleted when the browser closes.  However, there are many misconceptions about what private means.  A scientific study conducted on the Misconceptions About Private Browsing Mode found that most users grossly overestimate the protections provided by private browsing modes.   A very important aspect to recognize is that these private browsing modes are concerned about privacy within the scope of the device you are using.  For example, users sharing a laptop may want to use a private browsing mode to conceal login credentials and browsing history from other users of the device.  Information sent over the internet, however, is subject to the same scrutiny as any other traffic sent in regular browsing mode and can be tracked.   So that means, your search history that’s not stored by the browser can still be stored and saved by your search provider, e.g. Google, and traced back to you using more advanced fingerprinting techniques which a private browser does not prevent.

The study found that the wording of the various private browsing disclosures by the major browsers led to many misconceptions and overestimation of the level of privacy actually provided.  The paper’s introduction highlights such misconceptions: “This overestimation reaches far; Eric Schmidt, former CEO of Google, once stated, ‘If you’re concerned, for whatever reason, you do not wish to be tracked by federal and state authorities, my strong recommendation is to use incognito mode, and that’s what people do.'”  This statement by Schmidt, falsely implies that incognito mode provides more protections than it actually does.  Assuming the intent was not to mislead then that means even the CEO of Google at that time had grossly overestimated the protections provided by private browsing.

Since even the CEO of one of the biggest companies in the world has misconceptions about the protections provided by one of his company’s most popular pieces of software, we thought we’d put together a list to help you.  Below, we’ve provided a few of the key items that the average private browsing window does and does not protect you from:

Private Browsing does NOT:

  1. Prevent websites from tracking you
  2. Prevent malware and viruses
  3. Hide the websites you visit
  4. Hide your location
  5. Hide your downloads
  6. Block Ads

Private Browsing does:

  1. Prevent your web activity being saved locally by the browser
  2. Prevent most data that is usually saved in non-private browsing sessions from being exposed
  3. Share data between other private browsing tabs during a session
  4. Make you feel safer without providing the level of protection you need to be anonymous

Uses for Private Browsing:

  1. On a shared computer with other users such as a family computer or in a library.
  2. To avoid leaving a trace of past activity on any computer.
  3. To log into the same site with a second account.
  4. To test how a site looks to a new user.

 


 

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online for people and organizations. Our software and hardware products are creating a future with privacy-as-a-service, delivering proactive internet protection from the moment of access to countering exploitation of digital behavior and activity. Simply: we prevent data from being compromised, establish trust between users and protect our customers work, online.

Contact us to see how we can work together.