Necessary Security Updates for 2012

There are changes coming in the world of security technology. Never before have so many criminals been so organized across borders as they are today. The Internet has spawned international crime syndicates of the best of the best criminal minds, who seek to take from you, your government, and all the merchants we rely on to provide products and services.

Security companies have been preparing for this eventuality, and many are rolling out new and improved versions of their technologies to fight the good fight.

Antivirus: Today’s antivirus protection is not the same as yesterday’s. Over the years, antivirus companies have had to upgrade their detection methods and change the way they recognize malware. And it’s no longer effective to have a free, basic antivirus program installed. Criminals are coming from all angles: attacking your PC’s operating system, various browsers, Macs, mobiles, and any website you visit. In response, antivirus companies now offer “total protection” or “all access” suites of software, to protect all your devices across various operating systems for one low price.

Credit cards: The shift from “magnetic stripe” credit cards to “EMV,” which stands for Euro MC/Visa, or “chip and PIN” is underway in North America. Both Canada and Mexico are going full on EMV and several major banks in the United States are beginning to test and even roll out EMV. EMV cards are far more secure than traditional credit cards, and consumers should embrace these new, more secure cards.

Mobile security: The BlackBerry has always been relatively secure, and hasn’t been prone to viruses that impact PCs. The iPhone has been virtually virus-free, but is not 100% immune. Android is quickly becoming a serious contender for the iPhone’s more than 50% market share, and bad guys are paying attention. There has been a significant increase in Android-related hacking, and Android users must, therefore, download and install all the latest updates and invest in a mobile security product.

Keeping your head up and knowing what to watch out for is job one. By staying security savvy, you can effectively deter the bad guys.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Resolve to Be Digitally Secure This New Year

Let’s get one thing straight: it’s no longer possible to deny that your personal life in the physical world and your digital life are one and the same. Meaning, while you are present here on the ground, you continue existing online, whether you know it or like it or not.

Coming to terms with this reality will help you make better decisions in many aspects of your life.

1. Get device savvy: Whether you’re using a laptop, desktop, Mac, tablet, mobile, wired Internet, wireless, or software, learn it. No excuses. No more, “My kids know more than I do,” or, “All I know how to do is push that button-thingy.” Take the time to learn enough about your devices to wear them out or outgrow them.

2. Get social: One of the best ways to get savvy is to get social. By using your devices to communicate with the people in your life, you inevitably learn the hardware and software. Keep in mind that “getting social” doesn’t entail exposing all your deepest, darkest secrets, or even telling the world you just ate a tuna sandwich. Proceed with caution here.

3. Manage your online reputation: Whether you are socially active or not, whether you have a website or not, there are plenty of websites that know who you are, that are either discussing you or listing your information in some fashion. Google yourself and see what’s being said. Developing your online persona through social media and blogging will help you establish and maintain a strong online presence.

4. Get secure: There are more ways to scam people online than ever before. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Invest in antivirus, anti-spyware, anti-phishing, and firewalls. Getting security-savvy is a great way to start a new year.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Data Theft Doesn’t Always Mean Being Hacked

Recently UCLA announced 16,000 patients were potential victims of identity theft because a doctor’s home office was broken into and burglarized. This is an unfortunate example of an employee taking home a laptop or storage device from the office resulting in a serious data breach. The thief may have no idea what he has in his hands, but the damage is done, the data is breached.

UCLA had to send letters to all 16,000 plus affected warning that there is a possibility their identities could be stolen. On top of that they had to hire an identity theft protection firm to cover each breached record in the hopes the service will mitigate the loss. Data loss like this may cost UCLA hundreds of thousands of dollars by the time the dust settles.

The documents stolen were birth certificates, home addresses, medical documents and numerical medical identifiers. The information breached did not include Social Security numbers or financial information. Meanwhile reports state the data was encrypted, but the password to access the encrypted data was on a piece of paper near the laptop, which hasn’t been located either.

Based on the reports, an identity thief would have a hard time actually using the data stolen to commit new account fraud or account takeover. Nonetheless UCLA’s response has been comprehensive and designed to reduce risk in any capacity.

Data breaches cost big bucks. Smart data security practices if done right are inexpensive and cost effective. Encryption in this scenario failed due to a password on a sticky note near the laptop. The lack of a home security system in the doctor’s home office contributed to the data loss. Putting layers of protection in both a business and home setting is an absolute must.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

 

Security Beyond the Desktop

A defensive posture no longer suffices for the protection of the devices and data that have become ubiquitous in today’s digital world. Rather than simply rushing to install defenses on computers, in networks, and in the cloud, we urgently need to step back and take a broader view of the security landscape, in order to take more calculated preemptive measures.

McAfee Security Journal is a publication intended to keep security executives and technical personnel informed about various cutting edge topics in order to help them make better-informed security decisions. Regular, everyday computer users can increase their security intelligence by having a read. The report details the following highlights on the evolution of cyber threats and the necessity of a more inclusive security strategy:

The human link: There is an ever-widening disparity between the sophistication of networks and the people who use them. When direct attacks on an organization’s defenses fail, cybercriminals often use social engineering toolkits to exploit unsuspecting employees. Educating employees on secure practices is not enough—organizations need to install a proper framework to empower and encourage employees to make a habit of using these practices.

Mobile is everywhere: Mobile attacks are becoming more sophisticated every year. Instead of rendering a device unusable, hackers are now finding ways to steal sensitive personal data that can be lucratively exploited. Hackers are also broadening their target range to include less common mobile systems, such as the GPS system in your car, for example.

Cloud-based apps on the rise: The popularity of cloud-based applications has made them an attractive target for hackers and other cybercriminals. However, the cloud is also a highly efficient way to scale security and protection for a business. Leveraged correctly, the cloud both helps reduce your security costs and can actually increase your overall security posture.

Data is king: Whether it’s stored on a smartphone, in the cloud, or on a network, cybercriminals are after your data. It is crucial that organizations take proper precautions to secure this data.

Learn from mistakes: For those who take the time to study it, history is a great teacher. Analytics help identify patterns, vulnerabilities, and even motives.

Understanding these concepts can help prevent attacks in the future. For a full copy of the McAfee Security Journal: Security Beyond the Desktop, visit McAfee.com.

 

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Securing Your Small Business Like A Bank

Banks know security. They have to, because as Willie Sutton once said “that’s where the money is”.

A bank, for example, has multiple layers of security. First, consider the perimeter of the building, which is often designed to include large windows, so that passerby or law enforcement can easily see any problems occurring inside. The bank’s doors have locks. Of course, there is an alarm system, which includes panic buttons, glassbreak detectors, and motion sensors. These are all layers, as are security cameras, bulletproof glass, and armed guards. Ideally, tellers and management should have robbery response training. Many banks use dye packs or even GPS to track stolen cash.

Each of these layers is designed to make it harder for a robber to do his job.

TicoTimes reported “Banco Nacional installed more than 9,000 security cameras in each of its bank and ATMs this week as part of a new satellite surveillance system. The cameras will provide a live video feed from each bank and ATM location and will be watched by a team of security officials stationed in a monitoring center in San José.”

The installation of the video surveillance system was strategically inaugurated prior to the month of December, which traditionally sees some of the highest numbers of thefts in Costa Rica due to the holiday season and distribution of mandatory Christmas bonuses

Think about what current layers of business protection you have in place and how many more layers can be installed that allow for a seamless customer experience and a secure minded culture.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures