Degoo's secure backups are available at a great price.
A new study explores how wearing a face mask affects the error rates of popular facial recognition algorithms.
- The study measured the error rates of 89 commercial facial recognition technologies as they attempted to match photos of people with and without masks.
- Wearing a mask increased error rates by 5 to 50 percent among the algorithms.
- The researchers said they expect facial recognition technology to get better at recognizing people wearing masks. But it's not clear that that's what Americans want.
NIST digitally applied mask shapes to photos and tested the performance of face recognition algorithms developed before COVID appeared. Because real-world masks differ, the team came up with variants that included differences in shape, color and nose coverage.
Credit: B. Hayes/NIST<p>But not all masks thwarted the software equally. For example, black masks led to higher error rates than blue masks (though the researchers said they weren't able to completely explore how color affected the software). Error rates were also higher when people wore wide masks (as opposed to rounder ones) that covered most of the nose.</p><p style="margin-left: 20px;">"With the arrival of the pandemic, we need to understand how face recognition technology deals with masked faces," said Mei Ngan, a NIST computer scientist and an author of the report. "We have begun by focusing on how an algorithm developed before the pandemic might be affected by subjects wearing face masks. Later this summer, we plan to test the accuracy of algorithms that were intentionally developed with masked faces in mind."</p><p>The researchers said they expect facial-recognition software will get better at recognizing people wearing masks.</p><p style="margin-left: 20px;">"But the data we've taken so far underscores one of the ideas common to previous FRVT tests: Individual algorithms perform differently," Ngan said.</p>
American opinion on facial recognition<p>But do Americans even want better facial recognition technology? The answer depends on who's deploying the software. A <a href="https://www.pewresearch.org/internet/2019/09/05/more-than-half-of-u-s-adults-trust-law-enforcement-to-use-facial-recognition-responsibly/" target="_blank">2019 survey from Pew Research Center</a> found that 56 percent of Americans would trust law enforcement to use facial recognition technology responsibly, while 59 percent said it's acceptable for officials to use the software to monitor public spaces for threats.</p><p>Americans are more wary of trusting the private sector with facial recognition. For example, 36 percent of respondents said they'd trust technology companies to use the software responsibly, while only 16 percent said they'd trust advertisers to do the same.</p>
(Photo by Steffi Loos/Getty Images)<p>No matter how Americans feel about facial recognition, it's probably here to stay. After all, the FBI already has a database of more than <a href="https://nymag.com/intelligencer/2019/11/the-future-of-facial-recognition-in-america.html" target="_blank">641 million facial images</a>, many of which simply come from publicly accessible social media posts. And even though cities like San Francisco have banned the technology, police across the country are using it with increasing frequency.</p><p>Georgetown Law School's Center on Privacy and Technology <a href="https://www.perpetuallineup.org/findings/deployment" target="_blank">estimates</a> that "more than one in four of all American state and local law enforcement agencies can run face recognition searches of their own databases, run those searches on another agency's face recognition system, or have the option to access such a system."</p>
Just because your team has gone remote doesn't mean you need to be vulnerable to hacks, breaches, and scams.
- Prior to the COVID-19 outbreak, many enterprises had yet to contemplate a mass work-from-home scenario and were therefore unprepared to support it securely.
- There are practical steps you can take to safeguard confidentiality and cybersecurity with a WFH workforce.
- Applying best security practices to test for vulnerabilities, supervise access controls and password management, secure connections, and apply endpoint encryption can go a long way.
1. Set up a VPN for your employees.<img type="lazy-image" data-runner-src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yMjkzMjAwNC9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTY0NzcxMTcxN30.a0RK7cVfupvPdbhMvIFUXr0G_yQ6-FHhDX0BkgeuT3w/img.jpg?width=980" id="1c63b" class="rm-shortcode" data-rm-shortcode-id="605223fe03ac55182fc3ed7fb9d8eda3" data-rm-shortcode-name="rebelmouse-image" alt="laptop with VPN installed" />
2. Be proactive about testing.<p>Ignorance can be your biggest danger. If you're used to dealing with a secure internal network, you won't always know where your vulnerabilities and weaknesses lie when it comes to remote access.</p><p>This kind of blindness can lead quickly to data breaches that you might not even be aware of until months after the event.</p><p>To resolve this issue, use tools like Cymulate's breach and attack simulation platform, which runs <a href="https://blog.cymulate.com/cyber-risk-assessment" target="_blank">simulated attacks across remote connections</a> to assess your cybersecurity risk levels. This can help you determine the extent to which your settings, defenses, policies, and processes are effective, and where you need to make changes in order to maintain a secure organization. </p>
3. Train (and retrain) to minimize human error.<img type="lazy-image" data-runner-src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yMjkzMjAwNi9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTYxNTY0NjU4Nn0.O_SLWJo3PjU0m1dfm7daqmeKmgbf8URstNH18uCjEo8/img.jpg?width=980" id="20c7a" class="rm-shortcode" data-rm-shortcode-id="ebb965d4cf3a21d1d10d34f7abe39c15" data-rm-shortcode-name="rebelmouse-image" alt="three people looking at computer monitors" />
4. Be strict about access control.<p>Access controls are a vital layer of security around your network. Losing track of who can access which platforms, data and tools means losing control of your security, and that can be disastrous. </p><p>Even in "normal" times, <a href="https://solutionsreview.com/identity-management/thycotic-releases-2018-global-state-privileged-access-management-pam-risk-compliance/" target="_blank">70 percent of enterprises</a> overlook issues surrounding privileged user accounts, which form unseen entrances to your organization. As the WFH situation drags on, it's even more likely that access controls will lag, opening up holes in your perimeter.</p><p>In response, <a href="https://www.imperva.com/learn/data-security/role-based-access-control-rbac/" target="_blank">use role-based access control (RBAC)</a> to allow access to specific users based on their responsibilities and authority levels in the organization. By monitoring and strategically restricting access controls, you can further reduce the risk that human error might undermine your careful cybersecurity arrangements.</p>
5. Use endpoint encryption on devices and apps.<p>Because most companies were not yet set up for remote work when the COVID-19 crisis hit, the lion's share of devices used to connect from new home offices are not owned or configured by employers. </p><p>And with employees more likely to use their own computers when working from home, endpoint attacks become even more serious. <a href="https://labs.sentinelone.com/threat-intel-update-cyber-attacks-leveraging-the-covid-19-coronavirus-pandemic/" target="_blank">SentinelOne</a>, an endpoint security platform, <a href="https://www.raconteur.net/technology/covid-19-cybersecurity" target="_blank">reported a 433 percent rise</a> in endpoint attacks from late February to mid-March. </p><p>Although it can seem difficult to secure endpoints when employees are working remotely, it is possible. <a href="https://www.sentrybay.com/" target="_blank">SentryBay's</a> endpoint application encryption solution takes a different approach, <a href="https://dwaterson.com/2020/03/02/protected-endpoint-applications-provide-common-security-posture-for-enterprise-cloud-ecosystems/" target="_blank">securing apps in their own "wrappers,"</a> as opposed to working on a device security level.</p>
6. Apply multi-factor authentication and strong passwords.<p>Finally, weak passwords are a known gift for hackers. The problem only grows when employees work from home, as the contextual shift makes it easier for them to ignore reminders from your security team. They are also more likely to share or save credentials for faster remote access when it takes time to get a response from a newly remote security team.</p><p>If you don't already use a password manager to force employees to generate strong passwords and avoid sharing or saving credentials, now is the time to begin. CyberArk Enterprise Password Vault requires users to update passwords regularly, enforces multi-factor authentication (MFA) to reduce the chances of hackers entering your network through stolen passwords, and provides auditing and control features so you can <a href="https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/" target="_blank">track when someone uses</a> or misuses an account. </p><p>Consumer password managers like <a href="https://www.lastpass.com/" target="_blank">LastPass </a>and <a href="https://1password.com/" target="_blank">1Password </a>likewise offer business tiers with similar features.</p>
WFH doesn’t have to undermine network security<p>With enterprises unprepared for mass remote working, industries worldwide could face a security nightmare. However, applying best security practices and using advanced tools to test for vulnerabilities, supervise access controls and password management, secure connections, and apply endpoint encryption can go a long way.</p><p>Make sure your employees know your security policies will help harden your attack surface, improve your cybersecurity posture, and prevent COVID-19 from causing a cybersecurity plague. </p>
Video meetings on the popular platform don't seem to offer end-to-end encryption as advertised.
- Despite claims, Zoom's video and audio meetings don't support end-to-end encryption, according to a recent report from The Intercept.
- End-to-end encryption is an especially strong form of security that, in theory, scrambles online data so that it's decipherable only to the sender and receiver.
- Zoom also faces a class-action lawsuit after a Motherboard report showed how the platform passed on user data to third parties.
The Intercept<p>Speaking to The Intercept, a Zoom spokesperson described the platform's definition of "end to end":</p><p style="margin-left: 20px;">"When we use the phrase 'End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point...The content is not decrypted as it transfers across the Zoom cloud."</p><p>Although Zoom might not decrypt data as it transfers across the platform's cloud, it certainly has the ability to do so. "They're a little bit fuzzy about what's end-to-end encrypted," Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, told <a href="https://theintercept.com/2020/03/31/zoom-meeting-encryption/" target="_blank">The Intercept</a>. "I think they're doing this in a slightly dishonest way. It would be nice if they just came clean."</p>
Other privacy concerns<p>Zoom is also facing criticism for passing user data on to third parties. Last week, <a href="https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account" target="_blank">Motherboard published a report</a> showing that the Zoom iOS app was sharing user data with Facebook — even if Zoom users didn't have a Facebook account. On Monday, a Zoom user filed a class-action lawsuit against the company, alleging:</p><p style="margin-left: 20px;">"Upon installing or upon each opening of the Zoom App, Zoom collects the personal information of its users and discloses, without adequate notice or authorization, this personal information to third parties, including Facebook, Inc. ("Facebook"), invading the privacy of millions of users."</p><p>Looking for a video-conferencing platform that does offer end-to-end encryption? Consider looking into Microsoft Teams, Signal, Clickmeeting, and Wire.</p>
Break into the lucrative world of tech with training you can do anywhere.
- Train up in tech sectors where employers are hiring in 2020.
- The training includes AI and machine learning, blockchaining, cybersecurity and more.
- Each course collection is now over 90% off.