What can I do to protect the financial and personal data that I gave a company that I no longer want them to have?

Last year due to a complicated tax scenario (for my skills), I used an online tax website recommended by a friend to do my taxes. They were efficient in their job and I wanted to use their services again this year to save time. I had forgotten my password so tried to reset it. Turns out, they stored my password in plain text. Apparently that was to enable their staff to update any information that I provided in case it was incorrect.

I am worried about the financial data that I have already provided to them. I think as a user I have to consider it compromised. But I am a bit optimist so wondering if I can do anything to protect my data.

They don’t seem to be GDPR compliant so I don’t think they will simply delete my data but I definitely am going to request for it.

How to protect my code from “insider” threats when hiring my first employee?

For the most part this is not a technical problem but a human problem. So while technology has a role to play it has limits.

If the employee will be working from home supervision is more difficult. If you’ll be monitoring his/her activity you don’t want to be in breach of applicable privacy laws.

The computer has to be secured obviously but the rest of the environment is important too. If you have a corporate LAN there should be adequate protections like an IDS/firewall. But the equipment is often useless without somebody keeping an eye on the logs and the alerts.

Since you mentioned Visual Studio, the developer may need to be at least a local admin to work in optimal conditions. If you cripple their environment they may be tempted and even forced to find workarounds and defeat your security measures which is what you want to avoid.

I’m afraid we all have to trust other people and take risks. The more you monitor your employees, the more you make it obvious to them that you don’t trust them and make them feel untrustworthy. At some point the surveillance effort becomes counter-productive because you frustrate and demotivate them. They may become less productive, less loyal.

Security training may be beneficial too. The employee could be honest and acting in good faith but vulnerable to social engineering, and unwittingly jeopardize the company and its assets. Naïveté can be as dangerous as malicious intent. I would say that many developers lack cybersecurity awareness.

Perhaps you should order a penetration test against your company and learn from it. Thus your security posture will improve and you’ll be better equipped to fend off attacks.

Employees are often the weakest link but you should also consider the threat of hackers and unethical competitors. In other words don’t focus too much on your employees, but develop a 360° security approach for your company.

Physical security is important too. A lost laptop should be no big deal if the hard drive is encrypted and has a strong password. But your backups should be in a safe place. Consider the risk of burglary.

Yes backups are extremely important. Make sure you have a solid backup plan in place, test it from time. Prepare a disaster recovery plan. What would happen if your office burns with all your computer equipment ? You need to protect your source code but also plan for business continuity. Hint: insurance.

If you have valuable IP you could consider applying for patents. Again, this is a lawyer’s job here.

Probably you can find insurance to cover the risk. The question is whether it’s worth paying for a low risk.

I would also offer shares or some equity in the company. Then your employees have less incentive to go rogue and sabotage your enterprise.

To sum up: there are so many possible risks, I think you are putting too much emphasis on the insider threat. You are more likely to get hacked, than sack someone for misconduct.
Your employees must be your allies and considered as such – not as potential foes.

How to protect my galaxy S9 from data recovery after factory reset?

I have a Galaxy S9 that I will send to Samsung in a couple of days for the trade-in program and I want to delete everything on it in a way that it cannot be recovered even after a factory reset.

From my limited research, there are people who recommend encrypting the phone before doing the reset as this will ensure the data is just noise and unreadable after the reset. But there is no option on my S9 to encrypt the phone as I saw on the youtube videos, and after a quick search I found out that S9’s are encrypted by default.

So is it safe to just factory reset it since it’s encrypted by default anyway?

I’m not that good when it comes to tech and stuff, what would you guys recommend I do?

Thanks for the response.

Order Swissns GmbH Cyber Protect – Turn key solution for protecting your systems | Proxies123.com

At swissns GmbH, we strive to drive innovation and excellence in service in our core markets with the focus being on security, infrastructure and big data. We know just where we want to go, and we are getting there! At swissns GmbH, we are working to make IT more secure. swissns GmbH offers a comprehensive range of IT and security related solutions and services that allow organizations to fully realize their aspirations for a safe and secure network and data infrastructure. swissns GmbH was formed in 2013. Alexander Baltazzis is the CEO and Managing Director of the company, with 20+ years experience in the IT, Telecommunications, ISP and Security Industry.

===>> Coupon code: YVHVN55NFL – gives 20% discount, valid till July 31st!

Check out our Cyber Protect services:

Acronis Protect Cloud – Turn key solution for protecting your systems with real-time protection against viruses and malware as well as backup and restore on the cloud (CH) or your premises. Great DR solutions and more! ==>> READ MORE!

Acronis Backup Cloud – State of the art backup & restoration software for any type of device along with active protection from malware which identifies and blocks any ransomware encryption attempt on the fly! ==>> READ MORE!

End User Backup – The basic yet essential protection for End Users includes backup of PC / laptop, phone & tablet as well as Active Protection against ransomware. A must have to protect our digital lives! ==>> READ MORE!

Mobile Backup from CHF 2.30 Per Month
Mobile Devices (1 included)
Cloud Storage (5GB included)
==> Build your plan

End User Backup from CHF 8.60 Per Month (Recommended)
Workstations (1 included)
Mobile devices (1 included)
Office 365 seats
Gmail
Website
Cloud Storage (10GB included)
==> Build your plan

Workstation Backup from CHF 6.60 Per Month
Workstations (1 included)
Cloud Storage (10GB included)
==> Build your plan

Contact Info:
swissns GmbH
Hofstrasse 1
6004 Luzern – Switzerland
+41 41 588 0270
(email protected)

Please contact us if you need any further information!

You can Like our Facebook Page: https://www.facebook.com/swissns.ch
Besides, you can follow us via Twitter Account: https://twitter.com/swissns

swissns GmbH Team

application design – How do app developers protect their app when a user decompiles it

Once someone has a copy of your app, they can do anything with it. Your security model has to assume that nothing in your app is secret, and that actions that look like they have been made by your app might actually be malicious. As an approximation, a native app is about as secure as a web app.

That means that you must not store any API tokens or similar in your app. If you need to keep something secret, you have to write a server backend to manage the secret stuff and have your app talk to this backend. FaaS approaches might also work if you’re not expecting many requests.

Firebase does have server-side authentication capabilities that e.g. prevent a user from modifying other user’s data – if you configure everything appropriately. You can also apply some amount of validation to see that the data sent by the user makes sense. But in general, once a user has access to a document per some rules they can change whatever they want. Please read the Firebase security documentation carefully to avoid security breaches.

On mobile devices that haven’t been rooted, apps can enjoy some basic security guarantees, for example it is possible to check that they are actually running on a specific device and that the app has not been modified. This e.g. means that 2FA apps or banking apps can be pretty secure, but this doesn’t ensure that you can defend against decompilation. You must still ensure that your backend never trusts anything from the client.

Protect USB from reading by using PC identity

Is there any way (software or hardware solution) to create a usb drive that can make its contents readable only on specific PCs using their hardware serial numbers?

air travel – Protect laptop (and fellow passengers) from turbulence?

I’ve seen stretchy hair bands used for this before – and in one case, someone had used their (hopefully washed) boxer shorts to make sure the laptop didnt move (the laptop and tray “wore” the boxer shorts, with the elastic toward the screen – I must admit, it kept the laptop in place!)

How to protect HTTP requests coming from mobile from CORS attacks?

HTTP request coming from mobile comes from localhost domain, however White Listing localhost in backend open up chances for CORS attacks.
How to secure or filter HTTP request coming from mobile devices?

[ Politics ] Open Question : Hey, Liberal; when the rioters are done in the city and head into the suburbs where you live, what are you going to do to protect yourself?

[ Politics ] Open Question : Hey, Liberal; when the rioters are done in the city and head into the suburbs where you live, what are you going to do to protect yourself?

rest – Protect API from being tampered?

What if the attacker decides to tamper the “from:id” such that it could send arbitrary messages to anyone from any user?

Create a session, and use the session identifier as identifier, not the user ID directly. E.g. let user send credentials, and upon successful validation, return a (short lived) session handle, that can be used in future messages.

Validate that the session exists and is active, and map it back to user server-side.

What if the attacker builds a script that spams millions of messages by taking advantage of the “to:id” field?

Rate limit users server side. For instance, disallow sending messages to more than ten different users a minute. This will probably not bother legitimate users, but will hamper spammers efforts. Tuning of the limit may obviously be needed – and it may be an idea to raise it for trusted users, based on behavior, and lower it upon receiving reports about spam from users.