Is Email Encryption Right for Your Business?

The Privacy Rights Clearing house currently tallies 542,608,451 records breached in the past 5 years. Unsecure email certainly contributes to the problem. Small business email (or any email) starts off on a secure or unsecure wired or wireless network then travels over numerous networks through secure or unsecure email servers often vulnerable to people who are in control of those servers.

There is also plenty of hacking and cracking tools bad guys (and good guys) use to sniff out that data in plain text.

With criminal hackers, government funded hackers and the various other snoops, email encryption today is essential.

In a recent study by Ponemon Institute, the latest U.S. Cost of a Data Breach report, which was just released today, shows that costs continue to rise. This year, they reached $214 per compromised record and averaged $7.2 million per data breach event. The fact is that individuals still care deeply about their personal information and they lose trust in companies that fail to protect it.

If your business operates under some form of regulation whether it is finance, healthcare, or any other regulation where fines are imposed in the event of a data breach, then email security should be a fundamental layer of your company’s information security protection plan.  Plain and simple if you are concerned about compliance with regulations like HIPAA and the HITECH Act and the numerous state data breach notification laws look to email encryption.

At its basic level PGP encryption is one way to provide email encryption. More on that in the next post.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Data Privacy Day 2012

Lately, it seems that barely a day goes by when we don’t learn about a major Internet presence taking steps to further erode users’ privacy. The companies with access to our data are tracking us in ways that make Big Brother look like a sweet little baby sister.

Typically when we hear an outcry about privacy violations, these perceived violations involve some apparently omnipotent corporation recording the websites we visit, the applications we download, the social networks we join, the mobile phones we carry, the text messages we send and receive, the places we go, the people we’re with, the things we like and dislike, and so on.

How do they do this? By offering us free stuff to consume online and infrastructure for the online communities that tie us together. We gobble up their technologies, download their programs, use their services, and mindlessly click “I Agree” to terms and conditions we haven’t bothered to read.

What’s the point of all this? Sales, marketers, advertisers, other businesses benefit from knowing every last detail about you—the “33 bits of information” necessary to pin down your identity—in order to deliver precisely targeted advertisements to your digital device of choice, whether that’s a computer, tablet, or smartphone.

Should we care? What is the potential danger? “Back in the day,” examples might include telemarketers abusing your phone number by calling incessantly, or direct marketers filling your mailbox with junk mail.

Today, it’s spammers sending unwanted emails, or the same advertisement from the same company popping up again and again on every single website you visit. The concern is that this could go from annoying to frightening.

Privacy advocates are working to prevent the worst and most extreme outcomes of personal data collection. They know that without checks and balances, without consumers knowing their rights and actively protecting their own privacy and personal data, that data could be used unethically.

Privacy is your right. But realize that in our wired, interconnected world, privacy only really consists of what you say and do within your own home, legally, with the shades pulled down, between you and your loved ones, that is not communicated, recorded, broadcast, or reproduced on the Internet or any public forum in any way. Beyond that, especially when taking advantage of various online resources, be sure that you know what it is you’re agreeing to and take precautions to protect yourself.

Saturday, January 28th is Data Privacy Day which promotes awareness about the many ways personal information is collected, stored, used, and shared, and education about privacy practices that will enable individuals to protect their personal information.  This is a good time to check your privacy settings on social networking and other sites you use, ensure you have a strong password and be aware of where and with whom you are sharing your personal data with.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

How To Steal A Car: Hack It!

No more jimmying doors with a Slim Jim, bricks through windows, extracting lock cylinders with a dent puller, or hot-wiring ignitions. Automobiles today are being built to include wireless capabilities that allow for remote unlock, remote start, and of course, there’s global positioning systems (GPS) and services like OnStar and ATX, which offer “telematics,” or information and communications technology. While these services appear relatively secure, researchers in controlled environments are searching for vulnerabilities.

OnStar offers “RemoteLink,” an application for the iPhone or Android, which allows Cadillac, Chevrolet, Buick, or GMC owners to view real-time data including fuel range, gallons of gas remaining, lifetime miles per gallon (MPG), lifetime mileage, remaining oil life, tire pressure, and account information. Chevrolet Volt owners can view their car’s electric range, electric miles, MPG, and the battery’s state of charge. Users can also use the application to remotely perform certain commands, such as unlocking doors.

While all this new technology provides us with convenience and useful information, it may also leave use open to risk. Researchers in San Francisco have been able to access a car’s central computer processor through an Internet-connected car alarm, and in Seattle, researchers “blacked out the make and model of a car that offered multiple pathways for hackers a thousand miles away to send out GPS coordinates, open the doors, and have a colleague drive away without a key in the ignition.” And a New Jersey man has developed an iPhone app that lets him unlock cars and start engines by voice.

As with most technological advances, functionality and form come well before security. But now that researchers have demonstrated the frightening vulnerabilities inherent in cars’ computers, automobile manufacturers are working with companies like McAfee to develop firewalls that will protect the latest high-tech vehicles from hackers and thieves.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Phishing Scammers Target Macs

On Christmas Day, 2011, Apple product users were targeted by a major phishing attack. The Mac Security Blog reported, “A vast phishing attack has broken out, beginning on or around Christmas day, with emails being sent with the subject ‘Apple update your Billing Information.’ These well-crafted emails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time. The messages claim to come from appleidATidDOTappleDOTcom.”

As in most phishing emails, the template and body of the message mimicked Apple’s logo, design, colors, and font. When users clicked links within the email, they were directed to a spoofed website that also had the same Apple feel. Once users entered their personal information, they might be thanked for “updating” their account, or simply wind up in the Internet abyss.

One way to determine whether an email is legitimate is to hover your curser over any links and look at the text displayed. If a link isn’t something like http://store.apple.com or https://appleid.apple.com, it’s a fake.  To learn more about how to recognize a phishing attempt, watch this video from McAfee.

While I’m on the subject, however, I may as well mention that I don’t recommend clicking any links within emails, regardless of what the domain says. The safest way to determine whether your account needs updating is to log into your Apple account directly, at https://appleid.apple.com. If there is a problem, you will be notified via internal messages within your account. If not, assume the email is a phish and delete!

And remember, just because you are using a Mac, it does not mean that you are safe from web threats, so make sure you stay educated on the latest threats, use comprehensive security software and be wary of things that sound too good to be true.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

5 Digital New Year’s Resolutions For Parents

McAfee recently distributed a press release and the line that caught my eye was, “Now is the time for parents to model good behavior and etiquette.”  it This wasn’t something you’d normally expect to see from a major security company, so intrigued, I read on.

Instruction in etiquette and good behavior is something we could all probably use a little more of. And when I read McAfee’s “5 New Year’s Resolutions,” I realized that even though I have young children, I ought to brush up on some digital etiquette myself. It’s not too late to do your resolutions or start news ones or just brush up on your online safety.

McAfee suggests that parents begin the New Year with resolutions that address their own behavior, so they can model best practices for kids and teens:

When I’m with my children, I pledge not to spend more than 10% of the time on my phone or computer.
Adults spend about 3.5 hours day perusing the Internet or staring at their cell phone each day, according to estimates from eMarketer. This year, make a promise to give your full attention to your children, and develop a plan to limit your use of electronic devices.

I will not communicate with my children via text when they are in the house.
One downside of technology is that fewer people actually speak to one another. A Kaiser study found that children in grades 7-12 spend an average of 1.5 hours a day sending or receiving texts.

I will not give my child access to an Internet browser on a smartphone or tablet that is not safe for them to use.
It’s important for parents to shield children from cyber-danger by filtering explicit content on smartphones and tablets via applications such as McAfee Family Protection or McAfee Safe Eyessoftware. This software can prevent children from establishing or accessing social networking accounts, limit Internet use, and block inappropriate websites or messenger chats.

I will be prepared to have a “texting intervention” if my teen’s thumbs begin to look like tiny body-builders.
Texting may be a quick and easy way to interact with others, but the impersonal nature of the communication and frequency of use can cause problems.

I will have “the talk” with my kids, to discuss what they are doing and with whom they are connecting online.
Children often lack an understanding of online dangers, or they may lack the maturity to make appropriate decisions.

By modeling good behavior and ensuring that children’s experiences on Internet-connected devices is a safe and healthy one, parents can ensure a 2012 that is free of digital drama.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Beat the January Blues by Updating and Upgrading Your Digital Technology

A new year is always a welcome opportunity to start fresh, clean up, clean out, update, and upgrade. I’ve always believed that if you aren’t moving forward, you’re moving backward. Staying still in one spot really means that the people and the world around you are passing you by.

This philosophy also relates to the management of your digital life. Old technology isn’t necessarily outdated, but it may need updating, while obsolete technology certainly needs upgrading.

Old PCs: Thanks to “the cloud,” even an old Windows XP machine can have a new lease on life. Reinstalling the operating system and using it for cloud-based applications like mail and Google docs can allow a relic to function better than its old self ever did.

New PCs: I have a Windows 7 desktop that drags a bit, does weird things, and makes the occasional funny noise. It’s about two years old and still in relatively good shape, despite the random glitches. It’s just a matter of time, however, until it degrades to a point where it either stops working or becomes too frustrating for me to deal with. So, while that one is still functioning, I bought another desktop for about $500 that’s better, faster, and has more of everything I want in a work machine. I’ll load the new computer up with all my software and when it’s 100% ready, I’ll make the switch. Meanwhile, the old computer will still work well as a media center.

Old mobiles: If you are still using a feature phone, that’s fine. For many people, all a phone needs to do is be a phone. But make sure to at least consult the manufacturer’s website, because their may be upgrades to your phone’s operating system that can improve its functionality or security.

New mobiles: The technology in smartphones today is just astounding. Whether you use an iPhone, Android, or even a BlackBerry, having the world at your fingertips makes getting things done far more efficient. Besides the obvious benefits of communications, multimedia, and online shopping, a smartphone is a great way to save money. Just the other day, I went to a store to make a purchase and was floored by the cost of an item that I usually buy every two or three years. I immediately went online via my smartphone and found what I was looking for, for 90% less than what I had almost paid. Frankly, I don’t know how brick-and-mortars survive when consumers have this kind of access to price comparisons.

Modem: Your ISP-issued modem starts dying right out of the box. It’s just a matter of time until it starts acting up. If you’ve had it for over a year, take it to your local service center and get a new one.

Router: If you are on a wireless G and all your devices can talk to N, upgrade to N. This process is not for the faint of heart. Depending on the sophistication of your network, this could be a bear. However, by taking screenshots of all your settings and starting fresh, you will have a better Internet experience. If you are happy with the current brand you have, simply upgrade to the newest model for a smoother transition.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Cross-Device Security Means “All Access”

You may have a laptop, desktop, netbook, notebook, Ultrabook, tablet, Mac, or mobile phone. You might be single, married, or have ten kids. Either way, you probably have at least one, if not six or more, devices requiring comprehensive security. My family of four has 12 devices, all of which I do my best to lock down like the digital equivalent of Fort Knox.

In order to manage multiple devices “cross-platform,” wherein one device may run Mac OS X while another runs Windows, while your phone is completely different, you need a security solution that is comprehensive, affordable, and straightforward.

PC Magazine selected McAfee All Access for its Editors’ Choice Award, scoring the product with 4.5 stars out of 5 and praising the thoroughness of the protection offered, for any and all devices an individual or a household might own.

McAfee All Access Wins Editors’ Choice Award

In contrast to traditional consumer security products that only offer per-device subscriptions, McAfee All Access is the first solution that uniquely protects all of the PCs, Macs, smartphones, and tablets owned by an individual or household. By providing consumers with a simple, cost-effective means to holistically safeguard all of their devices, McAfee All Access also represents a fundamental shift in the way consumers think about security.

McAfee All Access users can download, activate and manage essential protections from a central console, enabling them to safeguard personal data, defend against malware, and protect kids as they browse online by allowing parents to filter inappropriate content, including YouTube videos and explicit music lyrics, and monitor the use of social media.

Learn more about McAfee All Access.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

 

FBI Needs Your Help to Take Down Cyber Fraud

Public–private partnership (PPP) describes a government service or private business venture which is funded and operated through a partnership of government and one or more private sector companies.

Here’s an example of “public-private partnerships”: Six Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised—or that the malicious software rendered their machines vulnerable to a host of other computer viruses.

Beginning in 2007, the cyber fraud ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA.

The FBI further states “A complex international investigation such as Operation Ghost Click could only have been successful through the strong working relationships between law enforcement, private industry, and our international partners.”

The private partnerships refer to corporations just like yours who may have been affected by a virus or play a role in information security that help track down the bad guys.  “PPP involves a contract between a public sector authority and a private party, in which the private party provides a public service or project and assumes substantial financial, technical and operational risk in the project.” 

As President John F Kennedy once said “Ask not what your country can do for you – ask what you can do for your country”.  Today that may mean taking down international cyber criminals.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

 

 

Which Will Make a Bigger Splash in 2012, Mobile Wallet or EMV?

During the latter half of the past decade, a heated battle has been fought around the world to determine which payment method will take center stage in the coming years. Many believe mobile payment will leapfrog what is known as EMV, which stands for Euro MC/Visa, or chip and PIN credit card technology, and that soon enough chip and PIN technology will go the way of the magnetic striped credit card.

Certainly, there are many major companies that have wagered heavily on the presumed success of their chosen technology, and these companies have a vested interest in the failure of their rivals. Personally, I think there is more than enough room for both Mobile Wallet and EMV.

Google recently introduced Google Wallet, a mobile app that turns your phone into a wallet by securely storing your credit cards on your phone, as well as promotional offers. When you make a purchase from a brick-and-mortar store that accepts Google Wallet, you can pay and redeem offers quickly by simply tapping your phone at the point of sale.

Google Wallet facilitates online shopping by securely storing your credit cards for use on the Internet as well. Paying is quick, easy, and safe when you make a purchase from an online merchant that accepts Google Wallet.

Meanwhile, Visa has announced plans to “accelerate the migration to EMV contact and contactless chip technology in the United States.” The company intends to encourage investments in infrastructure necessary to accept and process both new forms of payment technology. Jim McCarthy, Visa’s global head of product, explains, “We will speed up the adoption of mobile payments as well as improve international interoperability and security. As NFC mobile payments and other chip-based emerging technologies are poised to take off in the coming years, we are taking steps today to create a commercial framework that will support growth opportunities and create value for all participants in the payment chain.”

The fact that Visa has opted to recognize and support the development of both mobile payment and EMV affirms the likelihood of both technologies’ success.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Safe Banking On Your Mobile Device

Mobile banking has experienced rapid growth over the last three years, in the U.S., more than doubling from 5% of online adults in 2007 to 12% by June 2010. Furthermore, Forrester predicts that one in five–or 50 million–U.S. adults will be using mobile banking by 2015.

However, identity theft is a major concern and studies show that many Americans are still uncomfortable with mobile banking, citing security as a top concern. In fact, 35% of US online adults said that they do not use their device to do banking for this reason.

Responding to these concerns, banks have been working to improve mobile security by offering a consistent sign-on experience for both their online and mobile channels, including multi-factor authentication programs for mobile.

While banks are trying to do their part, users have to take additional steps to make sure that their mobile data is protected. Consumer Reports estimates that almost 30% of Americans that use their phones for banking, accessing medical records, and storing other sensitive data, do not take precautions to secure their phones.

So, here are some tips for mobile bankers of all ages to keep you safe while banking on the go:

Connect to your bank’s mobile site or app securely by making sure that your wireless network is secure. Never send sensitive information over an unsecured wireless network, such as in a hotel or café.

Download your bank’s mobile application, so you can be sure you are visiting the real bank every time, not a copycat site.

Configure your device to auto-lock after a period of time.

Don’t store data you can’t afford to lose on an insecure device.

Use mobile security protection like McAfee Mobile Security™ that offers layers of protection including: antitheft, antivirus, antispyware, antiphishing and app protection.

Robert Siciliano is an Online Security Evangelist to  McAfee. See him discuss mobile phone spyware on Good Morning America(Disclosures)