Cloud-Based Contacts Managers: To Use or Not to Use?

The old adage, “It’s not what you know, it’s who you know,” still rings true today. Without a network of “trust agents,” influencers, or simply good contacts, it’s hard to get anything accomplished. Getting a new job, making sales, or simply finding a good accountant requires a network of people you know, like, and trust to make a recommendation so you won’t get fleeced.

So how do you manage your contacts? How do you stay in touch and up-to-date with relevant names, addresses, and phone numbers? Many people still use a notepad, others use a subscription service or software such as ACT!, and even more use Outlook. More and more people are using cloud-based contact managers today than ever before. Some are free, while others cost as little as $5 or up to hundreds per month.

I’ve tried them all and can tell you there are a variety of options. The goals of any contact management system are ease of use, portability, accessibility, customization, and backup. If the contact manager you choose is in the cloud, then security is also an important consideration.

Social media: Many people are now using cloud solutions such as Facebook and LinkedIn to manage contacts, which can also be made available on your smartphone, but lack customization, calendars, or note functions. Check out LinkedIn’s Profile Organizer and Gist.

Cloud-based email: Yahoo and Gmail both offer contact managers. Gmail’s is the most comprehensive and includes a section for notes. Gmail contacts can also sync with an iPhone and Android in real time portability. If Gmail could link your calendar with your contacts, it would be a perfect contact manager.

Customer relationship managers (CRMs): These are full-blown contact managers that make contacts, calendars, and notes accessible from smartphones and computers. CRMs are generally used by businesspeople that need to manage clients.

A true CRM keeps track of emails and calls, along with calendar notifications. Some will make a phone call via Skype or a landline with the click of a button.

There are many to choose from and most cost upwards of $300 per year or much more.  Check out Zoho CRM, Free CRM, SugarCRM, Microsoft Dynamics CRM, Highrise, and the most popular, Salesforce.com, which I still find cumbersome and clunky.

What do I use? I use ACT! locally, and I use Gmail’s contacts and calendar in the cloud. The hybrid works for me and is either cheap or free, with no annual fee.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

What Are Your Digital Assets Worth?

Digital assets include: entertainment files (e.g. music downloads), personal memories (e.g. photographs), personal communications (e.g. emails), personal records (e.g. health, financial, insurance), and career information (e.g. resumes, portfolios, cover letters, contacts), as well as any creative projects or hobbies involving digital files.

If your PC crashes or is hacked and your data is not properly backed up, how devastated will you be? Whether for personal use or for business, chances are you have a collection of documents, music, and photos that, if compromised, would almost feel as if your house and all your belongings had been burned up in a fire.

A recent survey found that 60% of respondents own at least three digital devices per household, while 25% own at least five. (Digital devices are mainly desktop or laptop computers, tablets, and smartphones.) As many as 41% of those surveyed spend more than 20 hours per week using a digital device for personal use. Admittedly, I’m online for at least 16 hours a day.

Photographs and similar memorabilia are the main digital asset that most people (73%) consider irreplaceable, should they be lost without having been backed up. Respondents valued personal memories at an average of $18,919, compared to $6,956 for personal records, $3,798 for career information, $2,848 for hobbies and projects, $2,825 for personal communications, and $2,092 for entertainment files.

Consumers estimate the total value of all their digital assets on multiple devices at an average of $37,438, yet more than a third lack protection for those devices.

According to Consumer Reports, malware destroyed 1.3 personal computers and cost consumers $2.3 billion in the last year. Not only have hackers continued to target PCs, with the increased popularity of tablets, smartphones, and Macs, threats are becoming both more common and more complex for non-PC devices. For example, according to McAfee Labs, malware targeted at Android devices has jumped 76% in the last three months.

Many people protect their PCs and digital assets from malware by installing antivirus software. When it comes to smartphones, tablets, and Macs, however, they leave the doors open to criminals. Bad guys are now targeting these devices, as they have become the path of least resistance. Now more than ever, a multi-device security strategy is necessary.

McAfee understood this and solved the complexity and cost pain points by developing a product called McAfee All Access (www.mcafee.com/allaccess) This is the first full security offering for Internet connected devices — from smartphones and tablets to PCs and netbooks. Basically you can get a single license for a great price to secure all of the devices you own!

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

Cloud Home Security is Here

A burglary occurs every 15 seconds. The chance of your home being broken into is higher than you’d think. The good news is that today’s alarm systems are “not your father’s alarm.” Twenty years ago, a contractor had to spend a week tearing up your walls, ceilings, and windows to retrofit a messy, hardwired security system. These alarms were so expensive that they were mainly used by businesses, rather than in private homes.

Since then, home security systems have dropped in price. They are now mostly wireless, right down to the cellular phone signal. But what makes home alarms even more exciting is that the majority of the functions are cloud-based.

I have the “ADT Pulse,” which marries home security with automation. From almost anywhere — on the road, in your office, or even at the beach — you can access your cloud-based smart home system. Depending on the plan you select, this system can provide an unprecedented level of control with Z-Wave wireless technology, your own personal command center, compatible mobile phone, and interactive touch screen security system.

Using my iPhone or any computer, I can access a cloud-based server that allows me to watch live footage from each of the 16 cameras I have installed in and around my property. The cameras also begin recording automatically whenever motion is detected, and that footage is stored in the cloud and available to me anywhere, any time. It’s amazing how often I access these cameras when I’m on the road.

With home automation, I can use the cloud to remotely switch lights on and off and adjust the temperature control system. I also get alerts in the event of an intruder or even a broken water pipe!

Having a cloud-based, Internet-connected home security system certainly provides an excellent layer of protection, not to mention peace of mind.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

The Cloud of Clouds: Amazon Web Services

Amazon Web Services is a cloud-based service hosted by Amazon.com, which provides numerous tools for web-based businesses. The service’s primary function is to help businesses of any size compute and store data.

Solutions available to both businesses and consumers include:

  • Application Hosting
  • Backup and Storage
  • Content Delivery
  • Databases
  • E-Commerce
  • Enterprise IT
  • High Performance Computing
  • Media Hosting
  • On-Demand Workforce
  • Search Engines
  • Web Hosting
  • Media and Entertainment
  • Life Sciences

Let’s say you run a small business that is rapidly expanding. You probably already have a basic website, and perhaps a local or national company to handle your data traffic. But when your traffic is suddenly growing exponentially and you find yourself needing more bandwidth, that’s where Amazon Web Services comes in. Their cloud is ready and waiting to handle whatever your clients can throw at it.

But what really makes Amazon’s cloud stand out from the rest is that it isn’t just a “server.” The features listed above include software and other tools that allow developers to work seamlessly with Amazon’s platform. They have created a service that almost any business can plug into, right out of the box.

Security is paramount. Amazon states: “In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best practices, provides appropriate security features in those services, and documents how to use those features.” More here.

Google has applications and user-friendly web services that we, as employees or consumers, use on a daily basis to administer, communicate, and organize information.

Apple has their proprietary platform, and they make certain code open to developers who create games and software for iPhones and iPads.

Amazon Web Services provides cloud-based platforms and software, which makes it possible not only for businesses to function, but for developers to create exciting new technologies. That’s what makes their cloud the cloud of clouds.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Regulation E Protects Consumers, Not Businesses

Consumers enjoy a certain level of protection that business bank accounts do not, and it’s called “Regulation E.”

Here is Regulation E in black and white:

ELECTRONIC FUND TRANSFERS (REGULATION E)

Limitations on amount of liability. A consumer’s liability for an unauthorized electronic fund transfer or a series of related unauthorized transfers shall be determined as follows:

1. Timely notice given. If the consumer notifies the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $50 or the amount of unauthorized transfers that occur before notice to the financial institution.

2. Timely notice not given. If the consumer fails to notify the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $500 or the sum of:

(i) $50 or the amount of unauthorized transfers that occur within the two business days, whichever is less.”

Businesses do not get this kind or protection. So when business accounts are compromised, they often have to fight for their money. And today, more than ever, they are losing. But banks are losing, too. The only winners here are the criminal hacking enterprises.

In order to meet the Federal Financial Institutions Examination Council’s compliance guidelines by January of 2012, banks must implement multiple layers of security. Called out in the recent FFIEC guidance was using complex device identification and moving to out-of-wallet questions. 

Financial institutions and their clients aren’t only losing millions to fraud; they are losing millions more fighting each other. It makes more sense for banks to beef up security (all while properly managing friction for legitimate customers) than to battle with their customers.

Financial institutions could protect users and themselves by incorporating device identification, device reputation, and risk profiling services to keep cyber criminals out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360, which is used by leading financial institutions such as credit issuers and banks, to help mitigate these types of risk in their online channel.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Fox News. Disclosures

Cloud-Based ATMs Coming Your Way

Criminals often target cash machines, as well as various other automated kiosks that dispense DVDs, tickets, or other merchandise. They have discovered numerous techniques for compromising these devices. According to the ATM Industry Association (ATMIA), ATM fraud alone results in over a billion dollars in losses each year.

But manufacturers are fighting back.

Diebold, a security systems corporation and the largest ATM manufacturer in the US, has developed a prototype for a “virtualized ATM.” The new machines will utilize cloud technology to enhance security, mitigate fraud, and improve operational efficiency, delivering an optimal consumer experience.

Unlike traditional ATMs, these new machines will contain no onboard computer. Instead, each individual terminal will be connected to a single, central server, which will provide resources to a fleet of cloud-based ATMs.

This advancement will give banks and ATM operators greater control over multiple machines. Servicing the new ATMs will be easier and more efficient, with more updates and less downtime.

For consumers, the most noticeable differences will be better service and security. Over time, the savings in operating cost can be put toward upgrades in card technologies, near field communication, and possibly even biometrics.

The emergence of cloud technologies will speed up the adoption of many new, more convenient and streamlined offerings. The future is here, and it’s fun!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

The Evolution Of Online Fraud Prevention

Around 1994, when I operated a small mail order catalog business, it was very difficult to obtain “merchant status,” or approval to accept Visa, MasterCard, Discover, and American Express cards. It was easier if you had a storefront, but payment processors made mail order businesses jump through more hoops.

Their main concern was that companies could set up shop, accept tons of credit card charges, and then vanish, leaving the banks short. Mail order fraud was also big. A stolen credit card could be used to place orders over the phone, and when the fraudulent charges were discovered, merchants would suffer from chargebacks.

At the time, it wasn’t even necessary to provide a correct expiration date, as long as the card wasn’t already expired. Then credit card companies began verifying billing addresses to authenticate mail orders. Eventually, an additional verification code was added to cards, referred to as a CVC or CVV. We still use these codes today, but they can be fraudulently obtained in a number of ways.

When merchants moved from catalogs to websites, IP addresses were used to track transactions. But bad guys figured out how to spoof them.

Now we have a number of new technologies designed to fight credit card fraud. The most effective and widely implemented is device reputation, an effective online fraud prevention method that helps protect retailers from fraudulent CNP transactions by examining the computer or other device for a history of unwanted behavior, plus any suspicious activity at the time of transaction.

If a customer’s PC, smartphone, or tablet indicates an abnormally high level of risk, the merchant can reject the purchase in advance. iovation, the global leader in device reputation, flagged 35 million online transactions as high-risk in the last year for its clients and will flag 50 million or more by the end of 2011.

Protect yourself from credit card fraud by checking your statements regularly. Set up your own email alerts so that at a minimum, you are notified of any transactions over your specified amount occur on your account.  Businesses set up triggers and alerts to protect themselves, shouldn’t you?

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

It Takes Sharing and Organization to Fight Organized Crime

The amount of money made and lost due to fraud is surpassing the illegal drug trade. A digital arms race has law enforcement officials nipping at the criminals’ heels. Retailers and banks continue to fight criminal hackers, but are being bombarded by advanced, persistent threats that eventually make their way into the network.

There are data breaches every week, and I’d bet every day, but we may not hear about the majority. All of these breaches have a method, signature, or feature in common, which retailers and banks can learn from.

Criminals are organizing like never before. They are learning from each other, sharing information and strategies. When one publicizes an exploit, other criminals execute it, leading law enforcement off in a new direction. It’s like a vicious game of whack-a-mole.

Today, governments around the world are organizing to fight fraud. But what’s even more exciting is that competing banks, retailers, and small businesses are all sharing fraud information to help each other out. These fraud targets are finding strength in numbers.

Oregon-based iovation Inc. has created an exclusive network of global brands across numerous industries, with thousands of fraud professionals reporting more than 10,000 fraud and abuse attempts each day. iovation’s shared database contains more than 700 million unique devices including PCs, laptops, iPhones, iPads, Android, Blackberries—practically every Internet-enabled device that exists.

Many leading banks and big brand retailers use this device reputation service to detect fraud early by not only customizing their own real-time rules to set off triggers, but they leverage the experiences of other fraud analysts to know if the device touching them at this moment has been involved in chargebacks, identity theft, bust-outs, loan defaults, and any other kind of online abuse you could imagine.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

Cars in the Cloud

People love their cars. My 80-year-old mother-in-law goes nutty at the thought of not being able to drive. “Take my car and you take my freedom,” she says. I understand where she is coming from. Personally, I don’t like to drive. But I do like riding my Harley!

Many consider cars synonymous with freedom. Cars allow you to go places and have experiences that you otherwise wouldn’t. That’s why it’s so exciting that cars are now being equipped with lots of new features, including technology that can essentially meld your car with the Internet!

Ford recently unveiled the Evos, a car that learns your driving preferences and uses its Internet connection to provide traffic information and other useful details. It can tailor the suspension and driving modes based on your driving style and ability. It can also detect the driver’s heart rate. The Evos is a concept car, but Ford plans to release a similar model within the next several months.

OnStar offers “RemoteLink,” an application for your iPhone or Android, which allows Cadillac, Chevrolet, Buick, or GMC owners to view real-time data including fuel range, gallons of gas remaining, and lifetime MPG, lifetime mileage, remaining oil life, tire pressure, and account information. Chevrolet Volt owners can view their car’s electric range, electric miles, MPG, and the battery’s state of charge, as well. Users can also remotely perform certain commands, such as unlocking doors, with this application.

The New York Times reports that Google “has been working in secret but in plain view on vehicles that can drive themselves, using artificial-intelligence software that can sense anything near the car and mimic the decisions made by a human driver.”

The benefit of this technology is the potential for Internet-connected vehicles to communicate through the cloud, working in tandem to prevent accidents, conserve fuel, and facilitate a more efficient flow of traffic.

Sounds like a big stretch from my heavy old 1970 Chevy Impala!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Dumb Ankle Monitor Wearing Home Invader Busted

If you ever decide to get all hopped up on drugs and seek some extra cash to feed your fix, I’d suggest not wearing your governmental department of corrections court ordered previously installed GPS ankle-monitoring bracelet to your next home invasion.  Chances are you’ll get caught.

But as tongue and cheek funny this may be, this home invader “leveled a shotgun at a young couple and their infant child.”

It’s scary to know that hardened criminals are only tethered by a “signal” and don’t care about getting caught.

Companies that provide ankle bracelets set up their products to send a signal to a GPS satellite every minute to track its location. That information is logged into a data base. If the “tracker” which could be a parole officer or law enforcement has the system set to notify them if the criminal is outside of their required boundaries, police are dispatched.

But in many situations criminals with GPS ankle bracelets can roam free. It’s only when they cut the bracelet off that a signal is sent to the devices last location.

Here are 5 tips to help keep you safe and prevent a home invasion:
1. Never talk to strangers via an open or screen door. Always talk to them through a locked door.

2. NEVER let children open the doors. Always require and adult to do it.

3. Install a home burglar alarm and keep it on 24/7/365. With a home alarm system on, when someone knocks on the door, a conscious decision has to be made to turn off the alarm. Most people will keep it on.

4. Not all home invaders knock, some break in without warning.  Just another reason to have that alarm on.

5. Install a 24-hour camera surveillance system. Cameras are a great deterrent.  Have them pointed to every door and access point.

Robert Siciliano personal and home security specialist toHome Security Source discussing ADT Pulse on Fox News. Disclosures