Workplace Safety Tips: Identifying Fire Hazards

The Occupational Safety and Health Administration (OSHA) provide an exhaustive (and exhausting) detailed reference of fire safety standards here. Many states such as IOSHA (Indiana) have adopted these workplace safety tips and summed them up different fire hazards in a convenient way:

General Fire Safety Tips

To eliminate fire hazards, you can install a fire alarm system and look for potential sources of fire ignition which may exist in your facility, such as:

Electrical Failures and Misuse of Electrical Equipment

You can reduce electrical fire hazards by ensuring proper installation, maintenance, and use; conducting regular inspections; and, providing job training to employees. Also, be sure to replace worn electrical cords and avoid overloading electrical circuits.

Housekeeping and Maintenance

You can reduce the potential for fires through attention to housekeeping. Immediately dispose of flammable wastes and scrap in metal containers with metal lids. Avoid excessive stockpiling, and put trash and paper in proper containers.

Path of Travel

Do not store flammable material in any part of a means of egress. If the path that your employees must travel to leave the building is not immediately apparent from any point, mark the route with directional signs

Exit Doors

A door designated as a means of egress must be maintained so that employees can easily exit.

Do not lock exit doors; doing so prevents escape from inside the building.

Doors shall never be chained, barred, bolted, or latched when the building is occupied.

Prohibit the use of locking devices that are difficult to open against door pressure (e.g., slide bolts, hasps, hooks and eyes).

Prevent the door from being blocked by debris, surplus stock, mechanical equipment, or ice and snow.

Maintain all door components in working condition.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

POS Skimming—Bad News for Banks and Merchants

EFTPOS skimming has become increasingly prevalent over the past few years. EFTPOS skimming—which stands for “electronic funds transfers at the point of sale”—involves either replacing the self-swipe point of sale terminals at cash registers with devices that record credit and debit card data, or remotely hacking a retailer’s POS server.

In one such case, Romanian hackers are alleged to have remotely accessed hundreds of small businesses’ POS systems and stealing enough credit card data to rack up fraudulent charges totaling over $3 million. The hackers’ targets included more than 150 Subway restaurant franchises and at least 50 smaller retailers.

Officials report a wave of credit and debit card attacks, involving point of sale terminal swapping, data skimming, and hacking into payment processors. The U.S. Secret Service, for example, will not disclose details about specific cases, but confirmed, “they are conducting a multi-state, multi-country investigation into this string of crimes.”

Meanwhile, the Oklahoma Bankers Association has stated, “It is beyond apparent our bankers are taking great losses on these cards and we also need to explore creative ideas to mitigate these losses. It is in the best interest of retailers, bankers, processors and card providers to find ways to limit these losses so that debit and credit cards can remain a viable method of payment.”

When the use of these stolen credit cards go online, iovation’s ReputationManager 360 helps banks and online merchants avoid fraud losses by detecting high-risk behavior and stopping cybercriminals in their tracks. iovation’s device identification and device reputation technology assesses risk on activities taking place at various points within an online site such as account creation, logging in, updating account information, attempting a purchase, or transferring funds. These checks can be customized and fine-tuned to suit the needs of a particular business, detecting fraudulent and risky behavior in order to identify and block cybercriminals for good.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses POS skimming on CBS. Disclosures.

5 Hiring Tips on How to Spot Resume Fraud

Most of us have read the resume of a friend or family member and did a double take and asked “Is this really you?”

Resumes are designed to express to a potential employer your work history and skill sets. They are designed as a guide for an employer to use as a checklist to evaluate your potential. A well written resume with the right content coupled with a good interview is an interviewees best shot at getting a job.

The problem with resumes is they are created based on the honor system. Resume fraud is on the rise and honesty is in short supply these days. And while a potential employer can certainly conduct due-diligence with a series of reference checks, the information on a resume is often exaggerated and candy coated.

As a small business you can use these hiring tips to see through the smoke and mirrors and get to the point.

#1 Confirm education degrees. Any claims to any qualifications must be vetted by contacting the issuing institution to verify legitimacy and current status. If they say they attended a college be sure it wasn’t just a Springtime Kegger.

#2 Confirm all professional licenses. Most states of licensing boards online that allow for quick checks on the current status of professional licensing. Many national trade associations provide similar services. But make sure the National Association of Supreme Mechanics or whatever is recognized by another familiar organization.

#3 Confirm employment history. It’s not enough to know they worked there. You want to know that in-fact they did and why they aren’t.

#4 Inquire about resume gaps. Extensive gaps in employment might be a sign they left a job on bad terms and didn’t notate it on a resume. Background checks may show those previous non-listed jobs.

#5 Google them. Look on LinkedIn, Facebook and elsewhere. An exhaustive search of their given name, nicknames and social media handles/monikers might bring up damaging information that will help you make an effective decision.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

What Are The Risks Of Mobile Spam?

Spammers send unwanted emails or texts that are both annoying and frightening. Most spam messages are useless advertisements selling stuff you don’t need or want.

In 1995, 8,069 unique pieces of malware were detected. One out of 20 emails were spam, and the Melissa virus infected hundreds of thousands. By 2010, 54 million unique pieces of malware were detected and more than 90% of all email was spam.

SMS spam (or spam via texting) is so prevalent today because those sending it are often scammers using robocall techniques that sequentially dial numbers in any area code and extension. An online search for “mass sms software” turns up plenty of free and low-fee programs that facilitate mass texting.

Also, when you enter your mobile number on a website you might end up clicking a terms of service agreement where you allow the company to send you text advertisements. And entering your information on a mobile app is no different. If you are not careful, you could unknowingly be opening yourself up to spam from the app and any third parties they work with.

While spam is mostly annoying, it can also pose some risks to you. You could even be tricked into paying for products and services that turn out to be illegitimate or nonexistent. Spam can also be used to distribute Trojans, spyware, and exploit code that can infect your mobile device or steal your information.

To protect yourself from SMS spam, you should:

Unsubscribe to unwanted text messages – Try to reduce the amount of marketing lists that have your mobile number, If you haven’t signed up to receive text messages from an organization and don’t recognize the sender, don’t open the text or unsubscribe from the list, since this lets the spammer know that your phone is active. The best thing to do is just delete the message.

Protect your mobile phone number – Don’t give your mobile number to companies or people you don’t know. And, if you do need to give out your mobile number, make sure you should understand the company’s privacy policy to see if your information is being shared with any third parties.

Use great caution when opening attachments – Never open unsolicited business emails, or attachments that you’re not expecting—even from people you know.

Watch out for phishing scams. Don’t click on links in text messages. Instead, open your mobile browser and visit the site directly.

Do not reply to spam. Never send your credit card information, Social Security number, and other private information via email or instant message.

Watch your permissions – Make sure you know what information your apps have access to as you may be allowing them to send you text messages by just downloading the app. Read the reviews and privacy policy for the app.

Taking the time to practice some simple steps will help protect you against the risks of spam.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Fraud Perpetrated on Cybercriminal’s Clock

Contrary to popular belief, cybercriminals are hard workers. They work long hours, often through the night. In fact, many are “third-shifters”—up late at night, into the early morning hours.

For example, the number one online fraud offender does his best work at 1:00 am local time in Ghana, or 5:00 pm PST. For the number two fraud offender, it’s 6:00 am Nigerian local time, or 9:00 am PST. And for number three, it’s 3:00 am in the Philippines, 11:00 am PST. That’s just one of many times when “carders,” who steal credit card numbers, take over existing accounts. 

Account takeover occurs when your online bank or credit card accounts are infiltrated and money is siphoned out. A hacked account through phishing attempts or stolen credit cards is often to blame. Criminals use stolen credit card numbers to make unauthorized charges online. Unlike regular storefronts, which may open at 10am and close at 6pm, online retailers are open day and night—in many cases doubling or tripling opportunities for theft.

While cyber fraud is a 24×7 problem, many bad actors conduct their “business” while West Coasters are bright-eyed and bushytailed, from 11:00 am—right before lunch—through dinner at 5:00 pm, and right before many of us head off to bed around 9:00 pm (at least if you’re like me, 43 years old with small kids).

iovation is the company that released these top fraud times, using data gleaned from the billions of transactions protected by their online fraud prevention service, ReputationManager 360, in 2011. The complex device identification technology allows businesses to gain grater flexibility and control over the activity on their websites by incorporating deep intelligence about end-user devices, associated accounts, and shared history.

 

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Mobile and Phishing – Why It’s More Dangerous

Phishing occurs when scammers send emails that appear to have been sent by legitimate, trusted organizations in order to lure recipients into clicking links and entering login data and other credentials. SMiShing is a version of phishing in which scammers send text messages rather than emails, which, as with phishing emails, appear to have been sent by a legitimate, trusted organization. The terms reference a scammers’ strategy of fishing for personal information.

For instance, you could receive an email or text message from someone posing as your credit card company, asking you to confirm your account numbers or passwords.  It’s much easier to fall for these tricks on your mobile device because a lot of the things you can do to check if an email is legitimate are not available.

For instance, because of the limited screen space on your mobile device, you probably can’t see a site’s full web address, or an email sender’s full return address. Without being able to see a full address, it’s difficult to tell if the website or sender is legitimate. You also can’t “hover over” a link like you can from your computer and get a preview of a linked word or graphic.

Another factor is the “always on” nature of mobile devices. Most mobile users are more likely to immediately read their email messages and forget to apply their security practices, such as checking to see if an email is from someone they know and if any included links appear real. Because messages are checked continuously, you are more likely to encounter phishing attacks within the first few hours of launch, before security filters have a chance to mitigate the threat.

If you do click on a dangerous search result or stumble upon a malicious webpage, you could wind up accidentally downloading malware onto your phone, or simply run into inappropriate content.

To protect yourself from a mobile phishing scam, you should:

Don’t click on any links from people or companies you don’t know

Even if you do know the person or company who sent the email or text, take the time to double-check a website’s address and make sure that it appears legitimate.

Be wary of any retail site with deeply discounted prices, and always check other users’ comments and reviews before purchasing online.

Rather than doing a search for your bank’s website, type in the correct address to avoid running into any phony sites, or use your bank’s official app.

Use a comprehensive mobile security product such as McAfee® Mobile Security, which offers mobile antivirus protection, safe search, backup and restore functions, call and text filtering and the ability to locate your phone and wipe personal information in the case of loss.

The best protection from this scam is awareness. Once you understand how it works, you are better positioned to recognize mobile phishing, and how to avoid clicking links within emails or text messages or otherwise responding to such ruses.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Energy Saving Tips for Small Business

Going “Green” isn’t a fad, it’s necessary to save the planet. If you have watched any of the documentaries on the Discovery Channel about how the polar icecaps are melting then you might have the same sick feeling in the pit of your stomach like I do.  Conservatively, sea levels will rise around 2 feet in the next 100 years, and that’s just the beginning.

The Small Business Administration and numerous other resources are available to help small business go green.

Whether you own or lease your building, you typically need lighting, heating, air conditioning, power for office equipment, and other services to stay in business. This guide will help your business be more energy efficient.

Become Energy Efficient: Virtually any small business can improve its energy efficiency easily and cost-effectively, using the numerous resources that are available both from ENERGY STAR and a wide variety of other organizations.

Energy Saving Tips: Good energy management is good business. The prudent and conservative use of energy is one of the easiest and most cost effective steps you can take to cut operating costs and increase profitability.

Calculate Energy Savings: Get tools and resources to help you calculate energy savings from your energy efficient upgrades.

Sustainable Business Practices: After making energy efficient upgrades, you may also want to consider taking additional steps to implement sustainable business practices that help protect the environment.

Energy Efficient Upgrades: Learn about energy efficient upgrades you can make to your facilities to lower energy costs and conserve energy.

For Specific Businesses: The types of energy efficiency upgrades that provide the largest cost savings depend on the kind of business you are running.

State and Local Energy Efficiency Programs: Here you will find a listing of state, local and regional programs that help small businesses become energy efficient. These programs offer financial assistance in the form of grants and loans for making energy efficient upgrades.

The clock is ticking. The time is now. Let’s work together to save our planet.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

50 Million Fake Facebook Accounts

Just about anyone can set up a fake account on just about any website. Facebook and other social media sites are popular targets due to the amount of traffic they get and the variety of scams that can be perpetrated against legitimate users.

Facebook estimates that as of December 31, 2011, false or duplicate accounts represented approximately 5-6% of monthly active users, but also stated, “This estimate is based on an internal review of a limited sample of accounts and we apply significant judgment in making this determination, such as identifying names that appear to be fake or other behavior that appears inauthentic to the reviewers. As such, our estimation of false or duplicate accounts may not accurately represent the actual number of such accounts.”

Why would anyone set up a fake Facebook account?

To steal your clients or potential clients. To squat on your name or brand. To post infected links while posing as legitimate individuals or businesses. To offer deals with links to spoofed websites in order to extract credit card numbers. To damage your name or brand. To harass you or someone you know. To co-opt a name or brand that has leverage in order to obtain privileged access.

Social media websites could go a long way in protecting their users by incorporating device reputation management. Rather than relying solely on information provided by a user (who could be an impersonator), device reputation goes deeper, identifying the computer or other devices being used, so that known scammers and spammers are exposed immediately, and potentially threatening accounts are denied and users abused.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media Facebook scammers on CNN. Disclosures.

Free Mobile Apps = Drained Battery

Go through your smartphone right now. Look at each app and seriously consider whether you need it. If not, delete it. Then, determine which of the free apps are worth upgrading to the paid versions, since free apps that contain advertising that puts an additional drain on your battery.

Using a special energy-profiling tool, researchers from Microsoft and Purdue University found that when a mobile is run over a 3G connection, Android and Windows Mobile apps operating third-party ad services dedicate up to 75% of their power requirements to ads rather than game play.

Applications often communicate with their sources, transferring data back and forth between your mobile phone and the app’s home server. This information could be about you, gleaned from your mobile use, or it could be new advertising. The most effective way to deal with this is to either delete the app, or in some cases you are given an option to prevent it from running in the background.

But don’t stop there. There are numerous other battery drains affecting your smartphone. To preserve battery life:

Set your phone to lock automatically after being idle for one minute

Disable Wi-Fi and Bluetooth when they are not in use

Disable all unnecessary notifications

Disable any unused location services

It’s also a good idea to get yourself set up with extra chargers for your car, travel bag, and various rooms of your home. I like getting a mix of extra long and very short cables for different applications. They can often be found inexpensively on eBay.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Fire Safety Rules for your Business

A week doesn’t go by where we see news reports of a single house fire, small or large multi family building go up in flames. Dozens of people are displaced and often, someone dies. But when you think about it, fires in businesses seem to be less common.

This is probably due in part to businesses being more regulated along with having better fire safety rules in place to recognize and prevent vulnerabilities. According to the Bureau of Labor Statistics’ Census of Fatal Occupational Injuries Charts for 1992-2007, fires and explosions accounted for 3% of workplace fatalities in 2007.

IOSHA (Indiana) have adopted Federal OSHA fire prevention guidelines and summed up a fire safety checklist.

Fire Exits

Employers must provide a means of egress for employees’ use in case of fire, explosion, or natural disaster. A means of egress refers to the route your employees are to follow through the building, the exit door, and away from the building.

Fire Exit Signs

Be sure that exits are designated by a sign that is readily visible and identifiable from the distance that employees will have to travel. Fire exit signs must have letters at least six inches high and three-fourths (3/4) of an inch wide and must be illuminated by a light source or internally illuminated.

Portable Fire Extinguishers

These rules establish the minimum requirements for provision and maintenance of portable fire extinguishers. Different types of extinguishers are required based on the type of hazard at the location. As the employer, you must be aware of circumstances in your workplace that determine whether unique conditions exist that create a greater fire hazard. Contact your local fire department or fire marshal to obtain additional information or assistance with this determination.

The type of fire extinguisher needed depends on the type of fire hazard present. A fire is classified based on what fuels it. Extinguishers are rated by which types of fire they can put out, as follows.

Fire Extinguisher Classes

Class A:   For use on wood, paper, cloth;

Class B:  For use on gasoline, paints, oil;

Class C: For use on electrical wiring, fuse boxes; or

Class ABC:  For use in extinguishing fires from a variety or combination of fuel types.

Employee Training

Train employees on evacuation procedures to follow in case of a fire or other emergency.

Also, provide directions on proper use of fire extinguishers, if employees will be expected to use them. Most fire extinguishers follow this technique (pull, aim, squeeze, and sweep):

1. Pull the pin or release other locking device.

2. Aim the extinguisher nozzle (horn or hose) at the base of the fire.

3. Squeeze or press the handle.

4. Sweep from side to side at the base of the fire. Watch for reflash. Discharge the contents of the fire extinguisher.

Check the instructions for the extinguishers in your facility, as foam and water extinguishers require slightly different action.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures