Emanuela Campanella
other

WATCH: Why blockchain is more than Bitcoin. Everything you need to know about the technology

You’ve probably heard it before: blockchain is here to stay, and it’s going to revolutionize the way we track our assets. But what, exactly, is blockchain?

Many mistake the technology for bitcoin. While this was its original purpose, blockchain has evolved beyond the realm of digital currency.

In short, blockchain is a continuously updated record of transactions spread out across a vast network of computers.

The term blockchain is shorthand for a whole suite of distributed ledger technologies that can be programmed to record and track anything of value. Think of it like a database that is decentralized and distributed among a whole network of computers.

“What [blockchain] enables is the exchange and storage of assets in digital form, peer-to-peer, without the need for intermediaries like banks and governments,” explained Alex Tapscott, co-founder of the Blockchain Research Institute.

According to Anthony Di Iorio, founder of blockchain startup Decentral and co-founder of Ethereum, blockchain’s main function is to track digital assets.

“It gives you the ability to prove ownership of part of that [blockchain] ledger so that you have control of it to move that asset from one point of the ledger to another point of the ledger,” said Di Iorio.

Picture sending money without banks, handling land disputes without lawyers and voting without the threat of electoral fraud.

But we already have processes in place that track data and assets. What makes blockchain different?

Let’s talk about data

Blockchain stores information in batches, called blocks, which are connected in a continuous chronological line known as a chain.

If you wanted to change information in a block, you couldn’t directly change that block. Instead, the change would be recorded in a new block, showing that A changed to B at a specific time and date. This plays off the centuries-old method of a financial ledger, which tracks data changes over time.

For example, let’s say there’s a dispute between Bob and his sister, Mary, about who will inherit their grandmother’s rare and precious red diamond that’s been in the family for years.

Since blockchain uses the ledger method, there’s an entry in the ledger showing that their grandmother first owned the diamond in 1930. She gave the diamond to her daughter in 1960 as a wedding gift, and Mary then purchased the diamond from her mother in 2011. Each of these changes is reflected in the ledger.

The fact that Mary is the owner of the diamond can be seen in blockchain’s recorded history. But what if Bob wants the diamond and goes behind everyone’s back, hacking into the system to change the record?

Trust in the technology

Blockchain is decentralized and distributed among a huge network of computers. If you tamper with the information, everyone will be able to see what you’re doing.

With each new record, a new block is created, and each block is linked using something called cryptography. When a block is added to a chain, it is sealed by a cryptographic stamp called a hash — a random string of numbers and letters.

In order to create this stamp, a cryptographic riddle needs to be solved by a block creator, also known as a programmer or a miner. The riddle is very hard — it’s like guessing a 20-digit combination lock. A miner has to invest a lot of time and computer power to solve even one of these combinations.

When the block is done, it goes through something called proof of work. Everyone on the network — Bob, Mary and everyone else — need to verify that the stamp or hash is valid. If so, then the new block is accepted into the blockchain.

“What’s important about this technology is that no single actor on the network can change the content of that ledger without the entire network reaching consensus,” Tapscott said.

But why would someone waste time and energy to confirm this kind of information? Money.

By design, a blockchain is programmed so that when a new block is accepted, it automatically releases cryptocurrency to the miner. And every time there is an action — like a change of ownership to Bob and Mary’s grandmother’s diamond — there is a small transaction fee, which also goes to the miner.

From here on, any changes to the block, such as a change in ownership to the diamond, would create a new block, but the old hash code would always connect to the next subsequent block in the chain.

Blocks are resistant to modification because, in order to hack them, you would not only have to rewrite the code of that individual block but also every other block connected to it, which could be hundreds of thousands. Because the blockchain is distributed among millions of computers, you would also have to rewrite the history of commerce for not only one computer but all of them.

As of now, it is believed that no human is capable of such a hack.

“It takes longer than our universe, and that’s why it’s unbreakable; no hacker can live that long,” said Elena Sinelnikova, founder of CryptoChicks.

No middleman

Blockchain also squeezes out the middleman. Think of a typical business — most require trusted intermediaries, such as lawyers, banks and notaries.

These agents go between two parties and build trust by verifying documents and transactions. For example, a lawyer will review documents and conclude with evidence that yes, Mary is, in fact, the owner of her grandmother’s diamond. Or, for instance, a bank might say no, that credit card transaction for a Rolex watch was not yours.

This method of business has always added a layer of security, but experts say it can be costly and time-consuming.

“It is a far more secure and far more efficient method of moving, storing and managing value than any system we’ve ever devised,” Tapscott said.

If Mary’s ownership information on the diamond was registered in a blockchain, she may not need a lawyer to verify her information against Bob, who is also claiming ownership. Instead, the information lives on the blockchain database — all Mary would have to do is show her brother.

We now know that any information or record added to a blockchain has been verified and encrypted and cannot be tampered with. We also know the blockchain is distributed across many computers and transparent for everyone to see.

Experts say this type of peer-to-peer interaction with our data is changing the way we access, interact and make transactions with one another.

“That is a paradigm shift that is going to have a big influence and impact on basically every single industry in the economy,” Tapscott Early days for blockchain

 

Early days for blockchain

The future understanding and use of blockchain may be similar to our current use and understanding of the internet — we may not know the exact details of how it works, but we all use it.

That’s how experts envision blockchain’s future over the next decade; they expect it will become so ingrained in our day-to-day activities that we’ll simply use it without realizing. The problems blockchain faces right now are also similar to the early days of the internet: before search engines like Google, it was a lot more challenging to get around the world wide web.

It wasn’t so long ago you had to use a phone line to get online — and even low-resolution images took a while to download.

“In the early 1990s, people in the newspaper industry said the internet will never pose a challenge to the newspaper business because it takes a minute to download a webpage and it takes only a second to open a newspaper,” Tapscott said.

“We are seeing the same thing here. People are saying, ‘Well, the usability is not intuitive. My grandmother can’t use it.’ Well, this is 1994 for blockchain.”

Just like the early days of the internet, Tapscott says blockchain has not yet gone through its “digital revolution.”

Blockchain does not have an easy-to-use interface — for now. Already, techies across the world are competing to create a more user-friendly interface that will bring the technology out of its early days and into the mainstream.

© 2018 Global News

Why you should choose to care about online security

other

Reports show that 70 to 90 percent of cyber attacks are against individuals and small and medium businesses (SMBs).

For every small and medium business (SMB) that has not been the target of a cyber attack, one has been. Yes, 50 percent of SMBs have experienced cyber attacks.

And it makes sense. While breaching a major company might reap major rewards for the attacker, security tends to be far more sophisticated. That’s not so much the case with smaller businesses. In fact, Endurance International Group’s 2015 Small Business & CyberSecurity survey shows that 83 percent small business owners manage their cybersecurity efforts rather than have in-house or outsourced IT for the job.

When attacks are successful, and a data breach occurs, the typical cost to repair the damage is more than $36,000. Worse still, as much as 60 percent of small businesses crumble within six months following.

But take note—there is a huge difference between being the target of a cyber attack and being successfully breached. What keeps someone in the former group and out of latter often comes down to simple oversights.

Steps to prevent a cyber attack (or its success)

“Cybersecurity lapses have common trends and problems that can be traced back to laziness, lack of knowledge, and awareness of how common pitfalls can be leveraged against an individual or organization,” explains Morey Haber, VP of Technology at BeyondTrust.

For instance, the National Cyber Security Alliance reports that over 75 percent of employees leave their computers unsecured.

For the safety of yourself, your coworkers, and your customers and clients, read through the following cybersecurity tips. Then, commit to practicing them and help others by passing the advice to your organization.

Stop mixing work and play

Don’t mix work and play. Just don’t. Separate profiles, accounts, storage mediums for work and personal life. Just keep things compartmentalized. Don’t make it easy by being lazy. -Robert Nicholson of Concept Shifts

Delete old login emails

If you never delete the (probably hundreds) of login detail emails from your email account, you have created a gold mine for hackers. All they have to do is get into your email and then they have access to every service or website you’ve used. -Emmanuel Schalit, CEO of Dashlane

Think before you click

Think before you click. Today’s scams look very convincing, coming in the form of voicemails, eFaxes, invoices, social media, ADP theme or from the IRS. -Anurag Sharma, Principal of WithimSmith+Brown’s Cyber & Information Security Services

Be pickier about where you download and install software from

Try to use things like Microsoft Store or the Mac App Store for your desktops and iTunes and Google Play for your mobile devices. Again, this isn’t an absolute. You can more gradually move toward better practices, and each step you take will make you more secure. –Jeffrey Goldberg, Chief Defender Against the Dark Arts at AgileBits, the makers of 1Password

Don’t ignore security updates

We have all seen the nagware to update Adobe and Java, and we click ignore or remind me next month. The same is absolutely true for operating systems and MS Office Updates. [Overcoming] the laziness to apply the patches and reboot is the best method, above anything else, to ensure you are not exploited by a common vulnerability. Although it takes time to apply them, the few minutes it takes is well worth securing your system. -Morey Haber, BeyondTrust

Often just switching to automatic updates where that is available will make the task easier for you and keep you safe…And this isn’t an all or nothing thing. The more things you keep up to date the better, but you will start reducing your risks with each thing you keep up to date. I would recommend starting with your operating system, but look for little improvements where you can. –Jeffrey Goldberg, AgileBits / 1Password

Beware of free USB drives

Don’t ever fall for the free USB device drive—a very popular tradeshow giveaway these days—which when plugged in can easily deliver a malware or virus onto your computer. -Anurag Sharma, WithimSmith+Brown

Raise employee awareness about device theft

Often, IT has no insight into the types of data stored on their devices—devices that are left in taxis, hotel rooms, and stolen at airports. In fact, according to Gartner, one laptop is stolen every 53 seconds in US airports. And hotel safes are as secure as hiding the laptop under your mattress!

Encourage employees to be vigilant about physical device security but have a plan B because mistakes and unfortunate incidents are inevitable. Choose security solutions with geotechnology so you can monitor devices, set geofences, and receive alerts to activities that could mean a device was compromised, lost, or stolen. -Chris Covell, Chief Information Officer at Absolute

Prevent shoulder surfing

Screen guards should be employed to limit the potential for ‘shoulder surfing,’ in which an attacker stands near an employee and notes everything they are displaying on their screen. Better yet, do not allow employees to store sensitive business information on their devices in the first place, if at all possible—this will also protect secret data should the device ever be lost or stolen. -Lee Munson, Security Researcher for Comparitech

Ditch the dated machines

If are you still running Windows XP or Windows Server 2003 within your home or business, all security professionals know they are end-of-life and no longer receiving any maintenance including security patches. So, if the best method to secure your system is applying security patches, and you are still running older systems, then they are wide open for attack with minimal mitigation strategies available to thwart an attack. You, or your business, should consider replacing these systems as soon as possible to ensure they can be maintained properly. Many times this is a combination of laziness and money, but being breached and cleaning up the mess could be much more costly than replacing the systems in the first place. -Morey Haber, BeyondTrust

Limit unnecessary admin privileges

Are you providing everyone in your company unfettered access to all data so when your least technical savvy employee gets hacked, all that data is exposed? -Greg Kelley, CTO of Vestige Digital Investigations

Employees should be able to access only those systems and data that they absolutely need to perform their jobs. So that all activity can be traced to a particular user, each employee should have a unique access ID and should be authenticated using a strong password or passphrase, biometrics, or a token device or smart card. Strong cryptography should be used to render all passwords unreadable during storage and transmission. Physical access to systems and consumer data should also be restricted to prevent employees and building visitors from accessing or removing devices, data, systems, or hardcopies. -Mike Baker, Founder of Mosaic451

Limit remote access

Many businesses leave their firewalls open to outside entry by allowing access for managers working remotely or vendors who routinely perform maintenance on systems…Always change default firewall settings to allow only essential access, and limit remote access to secure methods such as VPN. – Kevin Watson, CEO of Netsurion

Password protect and encrypt sensitive info

This is especially important with regards to data stored on portable devices such as laptops and USB sticks, which can potentially be stolen, or lost. There are many encryption applications that achieve this, however, when choosing there are several aspects to consider:

1. How easy is the application to use? Could the CEO, who doesn’t have any IT skills, use it? If the application is hard to set up and use, it’s not a good solution for a small business.
2. Does the application interrupt the user’s workflow? Is there a wait time every time the user wants to access the encrypted file? If so, employees will do their utmost to avoid using the application.
3. Does the application automatically lock the data when the user stops working on the protected files? If not, this could be a security issue, as users are bound to forget to manually lock their documents.
4. What is the cost? Clearly, small businesses cannot afford an enterprise solution.

-Sandra Styskin, Co-founder & Developer at Safeplicity

Implement a password policy and multi-factor authentication

It’s tempting to use your dog’s name for every password, but it makes you very vulnerable to cyber criminals. Not only do you need to change your passwords often, you should use different passwords for every site, service or app you use. -Emmanuel Schalit, Dashlane

All companies, specifically SMBs, should implement a password policy for all employees and use multi-factor authentication. The password policy should at a minimum require employees to change the passwords every 90 days and they should always use multi-factor authentication to verify identity. The verification of identities when accessing work files and information is critical. I suggest implementing a solution similar to Okta or PingIdentity. -Ray McKenzie, Founder and Principal at Red Beach Advisors

Two-Factor Authentication (2FA), where users are required to put in a second form of information in addition to a password, like a PIN or security question, allows for only the intended user to access accounts. From password protected documents and accessing the network to staff’s personal and company accounts on company desktops, adding 2FA to accounts requiring passwords strengthen security. While sites like Gmail already implement this, many password managers also offer this as an additional feature to sites that don’t. -Kevin Shahbazi, CEO of LogMeOnce

Use a password manager

One of the impossible things that people like me tell the world is that everyone needs to have a unique password for each site. If I use the same password on a dozen different sites and services, then it takes only one of those to be broken into for the attacker to have my password for all of them.

Asking people to remember a different password for each site and service is absurd. Nobody will do that. (Ok, I once met someone with an eidetic memory who actually did do that for more than 70 sites.)  This is what password managers are for. They remember your passwords for you so that you don’t have to. Once you start using a password manager — and doing so will already make things easier for you — you can slowly start chipping away at password reuse. Sure it will be a while before you get to truly having a unique password for each site and service (I still don’t), but each time you change one password on some site to a new and unique one you are making a real improvement in your own security. -Jeffrey Goldberg, AgileBits / 1Password

Learn where you fall in the food chain of cyber security attacks

Banks and the financial sector are the number one targets, hospitals and the healthcare industry are number 2, universities number 3, and so on. There is a lot of online data and statistics on this topic. By understanding where your industry falls on the spectrum, you can understand generally what level of hacker you will be dealing with and the types of cyber attacks that they are capable of. -Regan Marock, CEO of SPC Cybersecurity

Make upkeep the #1 priority

Have you ever heard the phrase, Upkeep is cheaper than replacement? This adage applies closely to cybersecurity. One of the most important things SMBs can do to keep their systems safe is continually update them, perform routine maintenance, and ensure they’re clean. By regularly performing software updates on company devices and continually patching any discovered vulnerabilities, many basic cyber threats can be stopped or lessened significantly. -Stephen Coty, Chief Security Evangelist at Alert Logic

Don’t just take IT’s word for it

Business management must not take we have it handled as an appropriate answer from IT. I had a client come to me once that was told by his IT that their vital data was backed up daily. When the server containing that data crashed, the client said let’s restore the data only to find out that the backups were stored on the same machine! That story is replayed over and over today because organizations do not go through the process of executing a test plan to recover from disaster or hacking. A plan for recovery from hacking (especially ransomware) must be thought out, planned, and tested. -Greg Kelley, Vestige Digital Investigations

Embrace the human element

I will tell you one of the most tragic mistakes companies make regarding data security is to only approach data privacy from the perspective of the company as a whole, which is a very general perspective. The employees of your company don’t understand how data theft and data privacy is relevant to them. Good people can easily leak data, or cause leaks in security by simply being careless or leaving it unprotected. All privacy starts with the employees. -Anthony R. Howard

Know who to contact for help

Contact the right person for help. If you are a victim, if you encounter illegal Internet content (e.g. child exploitation) or if you suspect a computer crime, identity theft or a commercial scam, report this to your local police. If you need help with maintenance or software installation on your computer, consult with an IT professional. -Mark Grabowski, internet law professor at Adelphi University

Laziness is not an excuse for not knowing

Learning to protect ourselves online is just as painful as sitting through a defensive driver’s education class or jury duty. We do it because we have to, and for many, they will do anything they can to get out of a class on cybersecurity. The realization is no one is immune to an attack, and learning how you can be hacked and how to protect yourself is really important, and laziness or boredom is no excuse for skipping the class. -Morey Haber, BeyondTrust

©2018 SaneBox Blog