This Is Security
This series, written by NJCCIC Director Mike Geraghty based on his extensive experience in information security, will provide organizations with no-hype, practical security tips to help them better secure their networks and prevent cyber incidents.
Securing API Keys, Access Tokens, and Secrets
Summary In an increasingly digital society, enterprise systems and software services offer various solutions that address the needs of government entities, organizations, and small businesses. The inner workings of these systems and services rely on vital components such as API keys, access tokens, and secrets to deliver business functionality to ...
DDOS Attack Types and Mitigation Strategies
Distributed denial-of-service (DDOS) attacks are malicious cyber operations that use a network of systems to target a service or network in attempts to overwhelm it or its infrastructure such that it can no longer function properly and shuts down fully or partially. The motivations for DDOS attacks vary. DDOS threats are a common extortion tactic threat actors use against e-commerce sites and online businesses to compel payment in ransomware cases.
User Beware: Your Smartphone Is Tracking Your Every Move
From services to apps, users of smartphones are unwittingly consenting to being tracked in real-time by a multitude of companies for the purposes of providing “requested features, integrations, user experience improvements,” and many other laudable-sounding reasons. What is not known by many users is that detailed information on their precise location and activity is being beaconed out by their phone and collected, shared, and sold to numerous organizations that aggregate these data sources with others to build a user profile that would make spy agencies and repressive governments green with envy.
Tips for Teleworkers, Remote Access Security
Telework Program Fundamentals: For many organizations, telework programs have been in practice for years – whether as part of the organization’s everyday work program or as a component of their business continuity plans. For those organizations, policies, educational programs, technologies, and support services for the remote workforce are well established. ...
The Importance of Multi-Factor Authentication
Knock, Knock – Who’s There? This month, another collection of user ID’s and passwords was released on the dark web. It includes more than 2 billion records that have been compiled from data breaches dating back as far as 2008. Identity and authentication mechanisms - i.e. usernames and passwords - ...
Applying Standards
Solving Cybersecurity Problems Through the Application of Standards In November 1999, Bruce Schneier famously wrote that “complexity is the worst enemy of security” in his essay titled, A Plea for Simplicity – you can’t secure what you don’t understand. As information technology has proliferated throughout society over the past 20 ...
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.