Just about everyone is familiar with certain elements of an access control system relating to personnel and vehicles. Anyone who works in an office setting or enters a secure building has to deal with mechanical devices or electronic systems that facilitate “authentication” to enter a protected space, such as an ID card or key fob that is kept on the user’s person, or using a personal identification number (PIN), or code, that must be keyed in for access. The basic objective of such an access control system is to permit entry/exit of authorized persons and deny entry/exit of unauthorized persons, and to maintain records of the access control system activity, user permissions, and facility configuration changes.
The same type of access control is available for network and software systems. According to NIST, “[r]ole based access control (RBAC) (also called “role-based security”) … has become the predominant model for advanced access control” because it reduces the cost of managing large networks and data flows. NIST succinctly summarizes the RBAC process: “Each user is assigned one or more roles, and each role is assigned one or more privileges that are permitted to users in that role.”
bTrade has an enterprise-level managed file transfer software solution, TDXchange, that employs RBAC to limit system access to authorized users. Six user roles have been created, each of which has a predefined collection of read/edit privileges that can be assigned to users based on their job. In addition to the ability to limit access to specific areas, a user’s scope can be restricted to a specific part of the organizational hierarchy.
There is one pre-defined user role in TDXchange, called System Admin, and there can be multiple persons assigned to the System Admin role. Each System Admin has all the permissions and rights to create customized roles for different users. In addition, each System Admin has visibility, via dashboards and alerts/notifications, into system activity, user permissions, and system configuration changes.
If you are interested in discussing role-based access control in connection with your managed file transfer activity, or want to learn more about bTrade’s TDXchange software solution, please contact us at email@example.com.
More cybersecurity news relating to phishing emails, this time affecting banks: https://bit.ly/2LMpiP0.
A Virginia bank got hit TWICE during an eight-month period and the cyber criminals stole more than $2.4 million. The attackers gained access initially when a bank employee opened a booby-trapped Microsoft Word document containing malware.
Once the hackers gained access, they were able to disable and alter anti-theft and anti-fraud protections, such as 4-digit personal identification numbers (PINs), daily withdrawal limits, daily debit card usage limits, and fraud score protections. The hackers were then able to access internal applications used for customer debit card transactions and ATMs, among others.
It should also be noted the hackers were able to conceal their activities by deleting evidence of fraudulent debits from customer accounts. Who are these clever, but devilish hackers? The bank’s forensic experts determined the hacking tools and activity appeared to be of Russian origin.
To protect yourself against phishing emails, here’s a “Cyber Tip” from the US federal government via the Department of Homeland Security: https://bit.ly/2qozh3l.
If you want to learn how a managed file transfer software solution can help with your cybersecurity defenses, please contact our data security experts at firstname.lastname@example.org.
The U.S. federal government, via the US Department of Homeland Security, has a portal to report phishing emails and other cybersecurity incidents: https://bit.ly/2lwRZFW . Why do it? As the portal says, “to protect yourself and others from cybersecurity incidents.”
Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computer with viruses or malware, creating vulnerability to attacks.
Phishing emails may appear to come from an actual, existing institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information like account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access their accounts.
Here’s a recent tweet from the University of Alabama warning of phishing emails offering jobs to college students: https://bit.ly/2JNXCr6. As the tweet says, “don’t fall for it.”
MFT Nation will continue to keep you updated on developments in the rapidly changing world of cybersecurity as and when they occur.
Here’s a research company’s view of cloud transition contained in a single infographic: https://bit.ly/2zwM2Ra . What do you think?
The HITECH Act mandates that the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The list is compiled and published in its “Breach Notification Portal,” which has become known as the “Wall of Shame.”
The Wall of Shame shows that more than 160 breaches have been added so far in 2018, and here’s some trivia gleaned from the Wall of Shame: (1) “unauthorized access/disclosure” breaches are the most common type of incident; (2) second most commonly reported type of breach is hacking incidents, which affect far more individuals than other types of breaches; and (3) 2 dozen breaches involved loss/theft of #unencrypted computing devices.
Stay cyber-safe with #encrypted devises and by using #encryption when transmitting data.