5 Must Have Small Business Security Tools

/in /by

Security Alarm System: No matter what kind of business you are in, there is something of value within your facility that a criminal will fence for drugs. Everything from products you sell, to warehouse items, maintenance tools, phone systems, office furniture, computers and the company safe.

Security Cameras: Whether you are protecting the perimeter of the property from vandals or thieves or protecting the inventory from theft, or even the cash register from sweethearting or robbery, security cameras are an essential component to any small business security system.

Business Continuity: Having a data backup locally is essential. Having a data backup in the cloud is fundamental. And having a backup for all your network operations either at a remote facility or accessible in the cloud is an insurance policy no small business should do without.

Secure Information Technology: A comprehensive information security plan that involves encrypting all sensitive data, ongoing critical security patches, antivirus protection, antispyware, firewalls (both software and hardware) and a secure Internet gateway are critical to preventing costly data breaches.

Secure Mobile Fleet: Managing digital devices such as mobile phones, tablets, thumbdrives and any other portable device that stores or communicates data can be the equivalent of herding cats if not done right. IT managers must have security policies in place to deal with and manage devices attached to the network in some way. Many security vendors provide comprehensive solutions to keep track of, lock down, and secure devices.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Organized Crime Drives Increasing Auto Insurance Costs

/in /by

All over the world, insurance fraud equates to a multi-billion dollar issue. The Guardian reports that in the United Kingdom, “insurance fraud [has] been on the rise since the recession began. Figures to be published by the Association of British Insurers (ABI) are expected to show that these are still on the rise. As it is, the ABI puts the total cost to the industry of undetected general insurance claims fraud at £2bn per year. This adds around £40 a year to the insurance premiums paid by all policyholders.”

Much of this increase is said to be due to the involvement of organized criminals. The most common fraud technique is known as a “crash for cash” scam, in which criminals slam on their brakes in order to cause an accident with the car behind them, leaving the victim’s insurance on the hook for the cost of damages.

One way of minimizing fraud is to stop organized criminals from transacting with a business over the Internet. Online insurance, retail, gaming, and even dating sites can weed out risky accounts based on devices’ reputations using iovation’s device identification service. When PCs, Macs, tablets, or smartphones collude, a pattern can be detected and fraud can be prevented.

By utilizing iovation’s fraud detection service, insurance companies can not only recognize high-risk devices responsible for creating fraudulent online policies, but also avoid paying for frequent “crash for cash” scams and help to reduce the rise in premiums for honest policyholders.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Spotlight on RSA: Latest Security Threats

/in /by

2012’s RSA Conference kicks off February 27th. Executive Chairman, RSA, Security Division of EMC Arthur Coviello, Jr. will present a program focused on the fact that in the past 18 months, organizations throughout the world have been under attack by nation-states, “hacktivists,” and cyber criminals.

PBS NewsHour Senior Correspondent Jeffrey Brown will address “hacktivism”—the use of computers and computer networks to protest or promote a political agenda or ideology—which Brown will argue has reached a tipping point, requiring an adjustment in our approach toward enterprise security.

And Stuart McClure, Chief Technology Officer at McAfee, will discuss the rapid evolution of the threat environment, and how what was once considered theoretical has become reality.

No one is immune, whether you are a soccer mom, small business, major corporation, the federal government, or the president of Syria, whose email account (password: “12345”) was hacked by a collective known as Anonymous, who were able to access hundreds of private email messages. Anyone who attracts the attention of a criminal hacker is a target.

“Hacktivists” are activists who use computer hacking as a weapon against anyone they deem oppressive. There may be hundreds of thousands of hackers operating based on this justification for their hacking, with little to no oversight or guidelines beyond their individual impulses determining their next victim. In some cases, hackers are motivated simply by petty dislike or disagreement.

Protecting your networks starts with a few basics, including:

  • Total, “all-access” protection, including antivirus, anti-phishing, and anti-spyware
  • Full disk encryption
  • Firewall security appliances
  • WPA2 wireless security
  • Up-to-date operating system and software critical security patches

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Prevent Someone From Slipping You a Micky

/in /by

Some call it a Mickey or a roofie but technically they are known as Rohypnoll, Ketamine or GHB. These are drugsdesigned in specific quantities that when taken can cause temporary loss of memory and in some cases cause a person to black out.

Most often the drugs are in pill form but can be ground into a powder that is tasteless and odorless however Rohypnoll has been redesigned to turn blue when in contact with fluids and GHB may be salty to the taste.

When the drugs are dropped in someone’s drink whether it be water or a cocktail they won’t taste it going down. They’re fast acting drugs that in the right quantity will send a person to another dimension within an hour.

The ease in which it is to drop a powder into a drink coupled with the control that a bad person can have over another is what makes this such an attractive crime to many evil doers.  I did a segment on the Tyra Banks show where we set up an actor in a bar who “hit” on 3 different woman we west up to go to a bar. Our actor approached all three of these woman who made it very easy for our actor to either slip them a roofie and or get them to his car where he had duct tape, ropes and other tools to restrain.

The most effective ways to prevent yourself from getting drugged include common sense tactics such as:

Get your own drink: Never let anyone get you a drink. Even if they insist.They can buy you a drink, but you need to get if from the bartender.

Cover your drink with your hand: This means never putting it down and walking away. It also means being somewhat obsessed with having your hand over the opening of the glass or the mouth of a bottle.

Invest in drink detection tools or devices that prevent a Mickey from being inserted here.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

Beware of Ghost Brokers

/in /by

The insurance industry is thoroughly regulated, with numerous checks and balances. In the United Kingdom, however, scammers are able to pose as insurance brokers—or “Ghost Brokers”—offering significantly cheaper insurance than legitimate insurance firms.

The Telegraph reports, “The multi-million pound scam is operated by fraudsters who target drivers who are economising and looking for cheaper motor insurance deals. These motorists are likely to be vulnerable pensioners, young drivers struggling with soaring premiums and those living within communities where English is a second language.”

The scary part of this scam is that when unsuspecting victims purchase policies, they get certificates of insurance that are essentially worthless. In the event of an accident, they will not be covered.

In some cases, the ghosts will contact legitimate insurance brokers and broker deals for insurance policies that they then pay for using stolen credit cards. The victim gets a real certificate of insurance, but it’s been paid for with stolen money. When the fraud is discovered, the policy is cancelled.

These rogue brokers engage in guerilla marketing campaigns involving windshield flyers, classified ads, and professional-looking websites.

Major insurance companies would fare better if they could identify ghost brokers and stop them in their tracks. One anti-fraud service that’s been garnering attention for delivering fast and effective results is iovation’s ReputationManager 360. This SaaS-based fraud prevention solution incorporates device identification, device reputation, and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and abuse in real time by analyzing the computers, smartphones, and tablets being used to connect to websites. iovation’s service can recognize devices that have been involved in scams and help insurance companies stop fraudsters upfront.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

5 Tips To Secure Online Shopping This President’s Day

/in /by

Making a purchase online around Presidents day? Keep in mind criminals are working hard to intercept your credit card numbers in various way.

#1 SCAM: Black-Hat SEO: Criminals create fake websites and then use the same techniques as legitimate online businesses regarding search engine optimization, marketing, and online advertising via Google AdWords. They use keywords to boost rankings on Internet searches, causing their spoofed websites to appear alongside legitimate websites. These same processes are also used to infect unsuspecting users with malware.

SOLUTION: Do business with known sites. Use the exiting e-tailers you’ve done business with. Otherwise install a “SiteAdvisor” that scans websites looking for malware.

#2 SCAM Phishing: emails offering high-end products for low prices. The same applies to any offers received through tweets, or messages sent within social media.

SOLUTION: Common sense says that whenever you receive an unsolicited email offer, you ought to automatically be suspicious. Delete.

# 3. SCAM: Domain squatting: When what looks like a trusted website sends you an email looking like a familiar domain, beware of cybersquatting and typosquatting, in which the address only resembles the legitimate domain, but is a trap.

SOLUTION: Make sure you’ve been taken to the correct URL for the retailer.

#4 SCAM: Unsecured sites. Scammers generally don’t take the time to create secure websites.

SOLUTION: When placing an order online, always look for “https://” in the address bar, signifying that a page is secure. Note that an image of a closed padlock also indicates that a website is secure.

5. SCAM: eBay email scammers. It’s difficult to tell a real eBay email offer from a fake one.

SOLUTION: If you are seeking deals on eBay, go directly to the site itself, and don’t bother responding to emails. If a deal in an email is legitimate, you can find it by searching eBay.

Robert Siciliano personal and home security specialist toHome Security Source discussing home security and identity theft on TBS Movie and a Makeover.

Almost 5% of Smartphones Lost Every Year

/in /by

McAfee and Ponemon Institute recently released “The Lost Smartphone Problem,” a study that attempts to determine how many employees’ smartphones are lost or stolen, and the consequences of these lost cell phones on various organizations. Among the 439 sample organizations, the number of missing smartphones is significant: 142,708 in one year.

Approximately 62% of smartphones are company owned devices assigned to employees for business use. 38% are personally owned and are used for business. Roughly 4.3% of these employee smartphones are lost or stolen each year. Of the 142,706 smartphones reported missing by the 439 businesses surveyed, only 9,298—7%—were recovered. 13% of the missing smartphones were lost in the workplace, 29% were lost while traveling, and 47% were lost while employees were working away from the office, either at home or hotel rooms. Employees were unsure where the remaining 11% were lost. And despite the fact that 60% of missing smartphones are believed to contain sensitive and confidential information, 57% were not protected with available security features.

The industries reporting the highest rate of smartphone loss were health and pharmaceuticals, education and research, and public sector organizations.

Based on the costly consequences of lost data assets, it makes sense to allocate the necessary resources to invest in anti-theft and data protection solutions in order to secure smartphones and the sensitive and confidential information they contain.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Hey, Psst, Wanna Buy A Lifetime of Toilet Paper?

/in /by

I’ve seen lots and lots of scams over the years and many of them involve penny stocks, contractor scams, cash gifting, investment scams, black money and the list goes on. And with each scam you see the question is always asked “How is it that someone could fall for that?” And with some scams it is actually feasible that there is many potential victims for said scam.

A “Toilet paper” scam, well, I guess, could target everyone? Right?

In this particular scam the targets were those who own septic tanks. The ruse was that the federal government is now requiring by law that if you own a septic tank that you need to buy a special toilet paper.

The Miami Herald reported “In phone pitches, salespeople claimed the company was affiliated with the Environmental Protection Agency, the U.S. Food and Drug Administration and the U.S. Department of Agriculture. One product, the $199 Septic Remedy treatment, would eliminate the need to have their tanks pumped, the company claimed.

Victims were also told that they needed special soap, detergent and toilet paper or their septic tanks would not pass federal inspection. But the EPA does not regulate septic tank products, according to the U.S. Attorney’s Office.”

This scam isn’t entirely impossible to believe. And the fact is there are house hold products such as special soap, detergent and toilet paper that is in fact better for the environment and without doing the research probably better for a septic, I can see how these scammer could make a mint on the sales of these products.

Anytime anyone ever calls you, sends an email, snail mail or knocks on your door, do your research. Don’t just automatically believe what someone says, especially if there is money involved.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.

5 Insidious Forms of Auto Insurance Fraud

/in /by

Insurance is intended to have your back in the event that something goes wrong, but some individuals have found loopholes in the system, effectively turning insurance companies into their own personal banks. These scammers have long been known to engage in “slip and falls,” claiming “whiplash,” and engaging in elaborate scams that can take years to uncover and cost insurance companies millions.

Auto insurance scams are some of the most prevalent in the insurance industry, allowing fraudsters to easily obtain policies and take advantage of the “he said, she said” nature of auto accidents.

Here are five major scams plaguing the industry:

1. Ghost brokers: Even in such a heavily regulated industry, scammers are able to pose as legitimate insurance agents, offering steep discounts on consumer policies that are, in fact, worthless.

2. Crash for cash: These are typically rear-end accidents in which the victims unintentionally crash into the scammers. “Crash for cash” scams often occur at roundabouts or rotaries, intersections, and highway on-ramps. See the UK’s top crash for cash hotspots.

3. Soft tissue scams: Scammers may collude with physical therapists, chiropractors, and doctors to fake back pain, neck pain, and other hard-to-prove injuries that can’t be detected on an X-ray.

4. Staging scams: Generally, in this type of scam two or more cars are involved in a preplanned “accident.” The participants have agreed ahead of time to split the proceeds from repairs and injuries.

5. Phantom victims: After either a staged or legitimate accident, people who were not present at the incident are included in the claim.

In most cases, scammers file their fraudulent insurance claims online. The criminals who perpetrate these sorts of online scams tend to repeat their trick over and over, generating a pattern that can easily be detected by iovation’s device reputation service. This service spots online evildoers by examining the computers, smartphones, and tablets being used to connect to a website. If a device is recognized as having previously committed financial crimes, or is a new device but exhibiting high-risk behavior, the website has the opportunity to reject the transaction, preventing losses to the business before they occur.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Redefining Privacy Today

/in /by

Privacy is really -and only- what you say or do within your own home with the shades down that is (generally legal) and between you and your love-ones that is not being communicated, recorded, broadcasted or reproduced in any way online or in a public forum.

In the past 5 years we have learned that everything from the websites we visit, the apps we download, the social networks we belong to, and the mobile phones we carry, pretty much know everything about us down to the text messages we send and receive.

Privacy is a very hot topic and probably one of the most misunderstood since the turn of the century. Over the past decade a battle has been fought by three very distinctive groups and they are as follows:

#1 Privacy advocates: These are your everyday well meaning and well informed people all the way up to privacy professionals who, day in and day out preach the absolutes of privacy and why we need it. They are evangelists of the issues and tell anyone and everyone the importance of privacy whether they want to hear it or not.

#2 Sales, marketers, advertisers, SMB and big business who stand to gain from knowing every last details about what you like, don’t like, who your friends are, your income, and basically your over all demographics defined in 33 bits of data. They offer us all the free stuff we can consume online and build communities that tie us all together. They track us and sell our data and sell advertising targeted directly at you.

#3 The Cattle: These are your everyday people that just go with the herd and aren’t all that concerned about privacy but might care just a little bit. They are more concerned about living happily ever after with as little friction as possible. Ultimately they want to use all the services and websites we have today and don’t want to pay for them if they don’t have to.

Most people are in the herd, which is why privacy is becoming a very different ideal today than it was a decade ago. It’s perfectly OK to fight for your privacy and insist on it by those you do business with. But know that it’s often the decisions and choices we make, (like checking a little ‘I agree’ box) which is why we are where we are today.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.