Cloud Computing Security: Small Business Data in the Cloud

Over the last decade many computing tasks that were developed to be performed locally on and office PC have now moved to the cloud such as contact managers, office documents, media editing programs, you name it: if there is a software version, there is probably a cloud-based version, and often for free. Just search for the name of the software you use plus “free online.”

“The cloud,” as it relates to technology, refers to millions of internet connected servers, which may be owned and operated by either corporations or private individuals, sitting in homes and offices.

These servers may be used to back-up your small business data, host email, documents, files, and offer up software as a service.

Cloud-based data, just like local PC-based data, is vulnerable to physical theft if the building isn’t properly protected, power outages if there aren’t redundant power backups, natural disasters if Mother Nature decides to have a bad day, and criminal hacking through system weaknesses, phishing, and social engineering.

Most cloud service providers won’t explicitly outline what they do to protect your data because it could offer potential hackers information on how to compromise their networks. But one provider for example promises “strict data security policies, military-grade encryption, and world-class data centers for optimal data protection of your business’ computers and servers.”

The cloud computing security guide from Intel provides practical steps to help IT managers plan cloud computing security, with recommendations for strengthening cloud platform and data center infrastructure implementations.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Identity Theft Tops 2011 Consumer Complaints

The Federal Trade Commission today released its list of top consumer complaints received by the agency in 2011. For the 12th year in a row, identity theft complaints topped the list. Of more than 1.8 million complaints filed in 2011, 279,156 or 15 percent, were identity theft complaints. Nearly 25 percent of the identity theft complaints related to tax- or wage-related fraud.

The report breaks out complaint data on a state-by-state basis and also contains data about the 50 metropolitan areas reporting the highest per capita incidence of fraud and other complaints. In addition, the 50 metropolitan areas reporting the highest incidence of identity theft are noted.

The next nine complaint categories are:

Debt Collection Complaints

Prizes, Sweepstakes, and Lotteries

Shop-at-Home and Catalog Sales

Banks and Lenders

Internet Services

Auto Related Complaints

Imposter Scams

Telephone and Mobile Services

Advance-Fee Loans and Credit Protection/Repair

All of these scams can be avoided when the consumer does their necessary homework and puts systems in place to protect themselves. Some scam can be avoided just by knowing they exist and not falling for them. Others may require some form of a protection service while others simply require a little legwork and research to know your options. Always do searches on companies you do business with, check licenses and IDs, get second opinions and if it seems to good to be true, then you know the story.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.Disclosures.

A look into the cyber security legislation: What does it mean for citizens?

The White House issued a statement in regards to our critical infrastructure – such as the electricity grid, financial sector, and transportation networks that sustain our way of life – have suffered repeated cyber intrusions, and cyber crime has increased dramatically over the last decade. The President has thus made cyber security an Administration priority.

From The Desk of President Obama: “We count on computer networks to deliver our oil and gas, our power and our water. We rely on them for public transportation and air traffic control… But just as we failed in the past to invest in our physical infrastructure – our roads, our bridges and rails – we’ve failed to invest in the security of our digital infrastructure… This status quo is no longer acceptable – not when there’s so much at stake. We can and we must do better.”

Members of both parties in Congress have also recognized this need and introduced approximately 50 cyber-related bills in the last session of Congress. The proposed legislation is focused on improving cyber security for the American people, our Nation’s critical infrastructure, and the Federal Government’s own networks and computers.

#1 National Data Breach Reporting. State laws have helped consumers protect themselves against identity theft while also incentivizing businesses to have better cyber security, thus helping to stem the tide of identity theft.

#2 Penalties for Computer Criminals. The laws regarding penalties for computer crime are not fully synchronized with those for other types of crime.

#3 Protecting our Nation’s Critical Infrastructure. Our safety and way of life depend upon our critical infrastructure as well as the strength of our economy. The Administration is already working to protect critical infrastructure from cyber threats.

#4 Protecting Federal Government Computers and Networks.  Over the past five years, the Federal Government has greatly increased the effort and resources we devote to securing our computer systems.

#5 New Framework to Protect Individuals’ Privacy and Civil Liberties. The Administration’s proposal ensures the protection of individuals’ privacy and civil liberties through a framework designed expressly to address the challenges of cyber security.

Our Nation is at risk. The cyber security vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity.

Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

The Internet is incredibly powerful tool that must be used intelligently and cautiously. Do your part to protect your little network and we will all be that much safer.

Use antivirus software, spyware removal, parental controls and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web especially when using unsecured public networks.

Protect your identity too. The most valuable resource you have is your good name. Allowing anyone to pose as you and let them damage your reputation is almost facilitating a crime. Nobody will protect you, except you.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Dirty Dozen Tax Scams for 2012

The Internal Revenue Service today issued its annual “Dirty Dozen” ranking of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud. Here are 4:

Identity Theft

Topping this year’s list Dirty Dozen list is identity theft. In response to growing identity theft concerns, the IRS has embarked on a comprehensive strategy that is focused on preventing, detecting and resolving identity theft cases as soon as possible. In addition to the law-enforcement crackdown, the IRS has stepped up its internal reviews to spot false tax returns before tax refunds are issued as well as working to help victims of the identity theft refund schemes.

Phishing

Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information. Armed with this information, a criminal can commit identity theft or financial theft.

Return Preparer Fraud

About 60 percent of taxpayers will use tax professionals this year to prepare and file their tax returns. Most return preparers provide honest service to their clients. But as in any other business, there are also some who prey on unsuspecting taxpayers.

False Form 1099 Refund Claims

In this ongoing scam, the perpetrator files a fake information return, such as a Form 1099 Original Issue Discount (OID), to justify a false refund claim on a corresponding tax return. In some cases, individuals have made refund claims based on the bogus theory that the federal government maintains secret accounts for U.S. citizens and that taxpayers can gain access to the accounts by issuing 1099-OID forms to the IRS.

Protect yourself!

Protect your information. Secure all data from the moment it arrives in your mailbox. Secure means that your mailbox and file cabinet have locks, or even storing important documents in a fire-resistant safe.

Shred non-essential paperwork. Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.

Go paperless. Whenever possible, opt to receive electronic statements in your inbox. The less paper in your life, the better.

File early. The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund. Only file your tax return with the help of a local, trusted, professional accountant whom you know, like, and trust.

Protect your PC. A computer’s operating system should always be updated with the latest critical security patches and you should use comprehensive security software that provides antivirus, anti-spyware, anti-phishing, anti-spam and a 2-way firewall.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.Disclosures.

Social Media Security Tips for Small Business

Corporations know there are long-term marketing benefits of social media and they also know the security issues with employees continue to be a problem.

Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time.

Follow these social media security tips for small business to prevent security issues:

#1 Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do too.

#2 Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like a tiny URL decoder.

#3 Limit social networks. In my own research about social media security, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure.

#4 Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed with social media security risks.

#5 Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure your business network is up to date.

#6 Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

#7 Companies who eliminate access to social media open themselves up to other business security issues. Employees who are bent on getting access, often skirt security making the network vulnerable.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Be Aware of Tax Time Scams

The Internal Revenue Service has issued its annual “Dirty Dozen” ranking of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud.

An IRS notice informing a taxpayer that more than one return was filed in the taxpayer’s name or that the taxpayer received wages from an unknown employer may be the first tip off the individual receives that he or she has been victimized.  While identity theft complaints increased last year and complaints pertaining to stolen tax returns have increased significantly—from 11,010 complaints in 2005 to 33,774 in 2009, according to an analysis of more than 1.4 million identity theft records from the U.S. Federal Trade Commission. That’s nearly 300%.

Be aware of these scams this tax season:

Phishing scams. If you receive an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), report it by sending it to phishing@irs.gov. Never respond or click on links within unsolicited emails requesting that you enter personal data or visit a website to update account information, especially from the IRS as they do not send emails out to consumer.

IRS scams. Beware of scammers posing as IRS agents. They contact targets via phone or email, and are often prepared with a few personal details, which they use to convince targets of their IRS affiliation. This data may actually have been gleaned from public records or even your trash. This type of scammer may offer you a tax refund, and will generally pressure you to comply with their request.

Rogue tax preparers. Questionable return preparers have been known to skim off their clients’ refunds, charge inflated fees for return preparation services and attract new clients by promising guaranteed or inflated refunds.  Anyone can hang out a shingle and claim to be a credible accountant. That shouldn’t be enough to persuade you to disclose all your financial records.

Signals to watch for when you are dealing with an unscrupulous return preparer would include that they:

Do not sign the return or place a Preparer Tax identification Number on it.

Do not give you a copy of your tax return.

Promise larger than normal tax refunds.

Charge a percentage of the refund amount as preparation fee.

Require you to split the refund to pay the preparation fee.

Add forms to the return you have never filed before.

Encourage you to place false information on your return, such as false income, expenses and/or credits.

Here are some suggestions to protect yourself and make sure that you get your return:

Protect your data. This means that all sensitive documents, including anything that includes tax or investment records, credit, debit, or bank account numbers, or a Social Security number, must be secured from the moment they arrive in your mailbox. Secure means that your mailbox and file cabinet have locks, or even storing important documents in a fire-resistant safe.

Shred non-essential paperwork. Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.

Go paperless. Whenever possible, opt to receive electronic statements in your inbox. The less paper in your life, the better.

File early. The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund. Only file your tax return with the help of a local, trusted, professional accountant whom you know, like, and trust. If you file online, you should use a secure PC and a secure Internet connection. If you submit your taxes through the mail, you should bring them directly to your local post office.

Protect your PC. A computer’s operating system should always be updated with the latest critical security patches and you should use comprehensive security software that provides antivirus, anti-spyware, anti-phishing, anti-spam and a 2-way firewall.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

How to Protect Your Privacy From “Leaky” Apps

Back in 2010, The Wall Street Journal was already warning us about app developers’ lack of transparency with regard to their intentions.

“An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.”

And since then, our level of engagement with mobile apps has only increased (with over 10 billion apps downloaded), while there has not been a lot of movement to prevent applications from accessing your data.

So what to do? Privacy concerns are justified, but there is a limit to what how this information can be utilized. If you feel the urge to free yourself from data tracking, you could delete and avoid apps, or you could provide false information, but that could violate terms of service and might not be effective, anyway.

When downloading an application, make an effort to consider what you are giving up and what you are getting in return, and to consciously decide whether that particular tradeoff is worthwhile.

You can also use mobile security software like McAfee Mobile Security that scans your installed apps to determine the level of access being granted to each of them. This feature then alerts you to apps that may be quietly siphoning data and enjoying unnecessarily extensive control of device’s functionality and then you can decide if you want to keep the app or delete it.

With better insight, you can take more your mobile security and privacy into your own hands.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

What Are the Latest Identity Theft Statistics?

The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier, released by Javelin Strategy & Research, reports that in 2011 identity fraud increased by 13 percent. More than 11.6 million adults became a victim of identity fraud in the United States, while the dollar amount stolen held steady.

Approximately 1.4 million more adults were victimized by identity fraud in 2011, compared to 2010. Countering this rise is the successful effort to combat identity fraud coupled with greater consumer awareness of the issue. While the number of fraud incidents increased, the total amount lost remained steady.

One of the key factors potentially contributing to the increase in incidents was the significant rise in data breaches. The survey found 15 percent of Americans, or about 36 million people, were notified of a data breach in 2011. Consumers receiving a data breach notification were 9.5 times more likely to become a victim of identify fraud.

According to the survey the three most common items exposed during a data breach are:

— Credit card number

— Debit card number

— Social Security number

What Are the Latest Identity Theft Statistics?

Here are some eye-opening statistics:

•           500 million—the number of consumers from 2005 to 2009 whose personal and financial data has been exposed as a result of corporate data breaches—events the victims cannot control despite taking personal safety measures

•           400%—victims who found out about their identity theft more than six months after it happened incurred costs four times higher than the average

•           165 hours—the average amount of time victims spent repairing the damage done by creation of new fraudulent accounts

•           58 hours—the average amount of time victims spent repairing the damage done to existing accounts

•           43%—the percentage of identity theft occurring from stolen wallets, check-books, credit cards, billing statements, or other physical documents

•           1 in 4—number of American adults who have been notified by a business or checkbooks, credit cards, billing statements, or other physical documents

•           Once every three seconds—how often an identity is stolen

The most efficient way to protect your identity is with an identity theft protection service and get a credit freeze.

Robert Siciliano personal and home security specialist to Home Security Source and author of 99 Things You Wish You Knew Before Your Identity Was Stolen. Disclosures.

Computer Failure – Top Warning Signs Your PC is dying

Computers are like humans in that in some ways they can tell you when they are sick or they don’t feel good. But computers are also like pets who may not be able to speak, but if you are paying attention, they begin to behave in ways that alert you to problems. There are numerous built in warning signs that alert you to their failings. As business PC’s age they start to express themselves in ways telling you they are approaching their end of life and it’s time to check your back-up strategies.

The following computer failures indicate your computer may be close to death:

A blue screen is often a sign of a driver conflict or hardware issue. When your formerly fully functional PC displays a blue screen informing you that a serious error has occurred, it could mean total failure, or require a simple reboot.

Lengthy start up or shut down times may mean that your computer is overwhelmed by too much software, or particular programs are not shutting down properly. Or it could mean that motherboards or hard drives are not long for this world.

If you hear strange noises, like beeping, whirling, or grinding, during startup or when computing, this may be a sign of hardware failure.

Error messages as pop ups or in the device manager pointing out hardware of software failure or conflicts.

Computer data logging is the process of recording events, with an automated computer program, in a certain scope in order to provide an audit trail that can be used to understand the activity of the system and to diagnose problems.

Logs are essential to understand the activities of complex systems particularly in the case of applications with little user interaction (such as server applications).

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Protect Yourself from Vishing

“Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your mobile phone.

The term is a combination of “voice,” and “phishing,” which is, of course, the use of spoofed emails to trick targets into clicking malicious links. Rather than email, vishing generally relies on automated phone calls that instruct targets to provide account numbers. Techniques scammers use to get your phone numbers include:

Wardialing: This is when a visher uses an automated system to target specific area codes with a phone call involving local or regional banks or credit unions. When someone answers the phone a generic or targeted recording begins, requesting that the listener enter a bank account, credit, or debit card number and PIN.

VoIP: Voice over Internet Protocol, is an Internet-based phone system that can facilitate vishing by allowing multiple technologies to work in tandem. Vishers are known to use VoIP to make calls, as well as to exploit databases connected to VoIP systems.

Caller ID Spoofing: This is the practice of causing the telephone network to display a false number on the recipient’s caller ID. A number of companies provide tools that facilitate caller ID spoofing. VoIP has known flaws that allow for caller ID spoofing. These tools are typically used to populate the caller ID with a specific bank or credit union, or just with the words “Bank” or “Credit Union.”

Social Engineering: Social engineering is a fancier, more technical form of lying. Social engineering (or social penetration) techniques are used to bypass sophisticated security hardware and software. The automated recordings used by vishers tend to be relatively professional and convincing.

Dumpster Diving: One time and tested “hack” is simply digging through a bank’s dumpster and salvaging any lists of client phone numbers. Once a visher has the list, he can program the numbers into his system for a more targeted attack.

To protect yourself from these scams you should:

Educate yourself – Knowledge is the key to defending yourself from vishing. The more you understand it, the better off you’ll be, so read up on vishing incidents, and if your bank provides information about vishing online or in the mail, sit up and pay attention. As this crime becomes more sophisticated, you’ll want to stay up to date.

If you receive a phone call from a person or a recording requesting personal information, hang up. If the call purports to be coming from a trusted organization, call that entity directly to confirm their request.

Don’t trust caller ID, which can be tampered with and offers a false sense of security.

Call your bank and report any fraud attempts immediately. The sooner you do, the more quickly the scam will be squashed.

Document the call, noting what was said, what information was requested, and, if possible, the phone number or area code of the caller, and report this to your bank.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube. (Disclosures)