13 Digital Security New Year’s Resolution Tips for 2013

The best thing about the “New Year” is committing to new or old resolutions and starting fresh. Whether you are an individual or a small business, the following applies:

  1. Delete. Go through your files, deleting and organizing as necessary. Clutter is confusing. Security and “confusing” don’t work well together. Delete!
  2. Back up your data. Back up to a secondary hard drive inside or external of your devices. Utilize cloud-based backups, too. I have my data on four local drives and two cloud-based servers.
  3. Reinstall your operating system. Reinstalling your operating system every year or two eliminates bloat and malware and speeds up your PC.
  4. Get device savvy. Whether you’re using a laptop, desktop, Mac, tablet, mobile, wired Internet, wireless or software, learn it. Take the time to learn enough about your devices to wear them out or outgrow them.
  5. Get social. One of the best ways to get savvy is to get social. By using your devices to communicate with the people in your life, you inevitably learn the hardware and software.
  6. Implement social media policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by providing training on proper use—especially what not do too.
  7. Get digitally secure. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Invest in antivirus, anti-spyware, anti-phishing and firewalls.
  8. Protect your mobile. Bad guys are paying attention to mobiles and creating thousands of viruses meant to steal your data. There has been a significant increase in Android-related hacking, and Android users therefore must download and install all the latest updates and invest in a mobile security product.
  9. Go EMV. EMV, which stands for Euro MC/Visa, also known as “chip and PIN,” is the new more secure credit card and is underway in North America. Both Canada and Mexico are going full-on EMV, and several major banks in the United States are beginning to test and even roll out EMV. EMV cards are far more secure than traditional credit cards, and consumers should embrace these new, more secure cards.
  10. Get physically secure. Security cameras, alarm systems and signage are essential to protect the perimeter of your property from vandals, as well as protecting the inventory from theft, or even the cash register from sweethearting or robbery. Security cameras are an essential component to any small business security system.
  11. Hire honest employees. Unfortunately, too many people lie, cheat and steal—and when they come to work for you, they drain company resources until they are fired. It’s best to use prescreening services.
  12. Upgrade wireless. If your wireless router is more than 2 years old then it’s time to buy new. Security standards continue to be upgraded and old is often not secure.
  13. Don’t’ worry about any of the above! Seriously! Now I didn’t say don’t do it, because you should, but don’t needlessly worry. Take action, get secure, keep on top of it, and have a Happy New year!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

The Social Media Identity Theft of a School Director Via Twitter

We’ve seen this before and it never ends good. This time it’s resulting in an identity theft charge  for Ira Trey Quesenberry III, an 18-year-old student at Sullivan Central High School. A few years ago this would have been looked upon as a victimless prank. But times have changed and as social media sites like Twitter, Facebook, LinkedIn and others have morphed into much more than just recreational websites, it’s not just unacceptable; it’s a crime.

The Twitter account was created with the name and photo of Dr. Jubal Yennie, director of the Sullivan County school district. The account has since been deleted but the tweets sent in Yennie’s name were reported to be of an embarrassing nature and not appropriate for a school administrator. Why would an 18 year old do something like that?

The Smoking Gun reports, “Yennie contacted sheriff’s deputies last Friday to report the phony Twitter account. After investigators linked Quesenberry to the account, the teen reportedly confessed to opening it. Quesenberry was booked today by sheriff’s deputies, and is due to appear tomorrow in General Sessions court.”

Grab your/companies name/products/services, people. Sites like Knowem.com will do this for free or for a small fee. The worst thing you can do is nothing. There are millions of 18-year-olds out there to make you look stupid-er.

Robert Siciliano, personal security and identity theft expert and Advisory Board member to Knowem. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures

How Small Businesses Can Evaluate Their Security Risks in the New Year

Evaluating risk vs. reward is a process most people go through on a daily basis. For example, you are about to make a left-hand turn but a car is coming. You think you can make it but he’s kind of coming fast. The risk, of course, is misjudging his speed and getting into an accident.

At Ready.gov a risk assessment is a process to identify potential hazards and analyze what could happen if a hazard occurs. A business impact analysis (BIA) is the process for determining the potential impacts resulting from the interruption of time sensitive or critical business processes.

A business impact analysis (BIA) predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment. Operations may also be interrupted by the failure of a supplier of goods or services or delayed deliveries. There are many possible scenarios which should be considered.

Risk is a fundamental part of a small business operation. The question is how much attention you pay to each risk and what the reward is for reducing the risk. The cost/benefit key is to effectively recognize risk and reduce it with as little investment as needed.

Define Risk

Be able to define, articulate and be alert to what risks the organization may face in a given year. If any of these risks could cause loss in any way, they need to be addressed far in advance.

Identify Risk

Risk comes in many forms. Create a list of potential threats from your experiences, others’ experiences or from proper risk assessment plans. Threats come from criminal hackers, employees, customers, competitors and more. What’s at risk may include reputations, digitized information, paper documents, physical hardware, and life and limb.

Create a Risk Assessment Chart.

Compile a list of assets (people, facilities, machinery, equipment, raw materials, finished goods, information technology, etc.) in the left column.

For each asset, list hazards that could cause an impact. Since multiple hazards could impact each asset, you will probably need more than one row for each asset. You can group assets together as necessary to reduce the total number of rows, but use a separate row to assess those assets that are highly valued or critical.

For each hazard consider both high probability/low impact scenarios and low probability/high impact scenarios.

As you assess potential impacts, identify any vulnerabilities or weaknesses in the asset that would make it susceptible to loss. These vulnerabilities are opportunities for hazard prevention or risk mitigation. Estimate the probability that the scenarios will occur on a scale of “L” for low, “M” for medium and “H” for high.

Analyze the potential impact of the hazard scenario. Rate impacts “L” for low, “M” for medium and “H” for high.

Information from the business impact analysis should be used to rate the impact on “Operations.”

The “entity” column is used to estimate potential financial, regulatory, contractual, and brand/image/reputation impacts.

The “Overall Hazard Rating” is a two-letter combination of the rating for “probability of occurrence” and the highest rating that impacts people, property, operations,  environment, and entity.

When evaluating risk and determining where funds, energy and attention are allocated to such risks, a risk scoring system can help determine what is a high or low probability vs. what would cost the company irrevocable harm.

The worst thing any organization can do is…nothing. Taking responsibility and using past experience and prediction methods can properly prepare an organization for the inevitable. As they say, if you fail to plan, you plan to fail.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Get Smart─Lock Down Your Apps

Apps are what make smartphones smart. Without apps, smartphones would just be regular feature phones. Apps are what make our smartphones into our most personal computers. And like our computers, we need to protect our smartphones and apps.

Some of the most commonly used apps on the Android platform such as Facebook, LinkedIn and Gmail don’t require a log in each time they’re launched, which is convenient, but from a security standpoint, not smart.

In my world I have these 2 little gremlins that constantly pick at me for my mobile so they can play games.  But they access different applications and my Facebook status can become “Fubawa%^!aaaaasd;ohjvdasBLADOFIN.” And I look like I’m 4-years old or crazy─definitely, not smart.

And what about this scenario? You hand your smartphone to a buddy to show him some pictures and then your phone gets passed around the table and then it eventually makes its way back to you. The next day you find out that someone at the table thought it was funny to post status updates on your profile that you are looking for your true love (when you’re actually married). Not smart.

This is where “App Lock”  comes in. App Lock, included with McAfee Mobile Security (and also McAfee All Access), safeguards against this privacy danger. It allows Android users to protect installed apps against misuse by locking them with the same PIN that’s tied to their McAfee Mobile Security account. Smart!

Make sure you’re protecting your mobile device and your privacy. Lock your apps!

Robert Siciliano is an Online Security Evangelist to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Students Getting Cyberwise to Become Safe and Responsible Digital Citizens

Australian Prime Minister Julia Gillard unveils the new cyber education module, which was developed in partnership with McAfee and Life Education Australia.
This module expands the Life Education Program that is for primary school children across Australia.

Capture

 

 

 

 

 

 

 

 

 

 

A study called “The Secret Life of Teens 2012 report,” (conducted by TNS Research and commissioned by McAfee) shows an alarming 62% of teens have had a negative experience on a social network and 25% said they had been the victim of cyber bullying. bCyberwise is a program designed to help close that gap. The evidence for developing this program was numerous, but some key points are:

Digital media has become a significant and predominantly positive aspect of the education, leisure and social lives of most of today’s children and young people.

The use of digital media also poses some risks to the safety and well being of children and young people. The most harmful of these appears to be cyber bullying

Other contact risks include exploitive communication, sexting, impersonation, humiliation via doctored images, under-age enrollment on social media sites, and exposure to material that is inappropriate, misleading, unacceptable or illegal

Children and young people need opportunities to learn the skills and values that will enable them to be safe online and become good digital citizens

The middle and upper primary years of schooling represent a sensitive and timely period for introducing students to these skills and values

McAfee and Life Education’s new program content will support the class teacher in this regard, providing an opportunity for young students to learn and practice a set of relevant skills and values (technical, thinking, emotional and social) that are fundamental to the promotion of cyber safety and positive cyber citizenship.

The hope is that being “safe and responsible digital citizens” will hopefully be a part of these students’ lives as they grow up. More info can be found at www.mcafeecybered.com

Robert Siciliano is an Online Security Expert to McAfee.  Disclosures.

 

What Security Challenges to Focus on in the New Year

In 2012, security challenges we faced were often the ribbon cuttings and business plans that startup criminal organizations launched. In 2013, those criminal enterprise business plans will come together—and we need to be ready.

Social media is high on criminal hackers radar. Criminals scan social media looking for people who they can scam. One such scam seeks out entire families and usually targets a grandparent. Criminals will pose as the grandchild and call granny asking for money to be wired. They are also looking at your page to crack password resets. Only friend those you know like and trust and lock down your privacy settings.

With Windows 8 out, criminals have set their sights on this new operating system and are seeking out its vulnerabilities. Old Win XP machines will be as vulnerable as ever. Macs are higher on hackers’ radars, too. Protecting your devices with essential security such as antivirus protection and keeping the OS updated are critical.

Mobile also is high on the hackers’ radar. McAfee predicts that as mobile malware grows, we can expect to see malicious apps that can buy additional apps from an app store without your permission. Buying apps developed by malware authors puts money into their pockets. We also expect to see attacks that can happen without you having to install an app, so no interaction on your part is needed to spread the malicious app.

Mobile ransomware quickly is moving from the PC to mobile devices. Criminals hijack your ability to access data on your phone or even use your phone, so you are faced with losing your contacts, calls, photos, etc. or paying a ransom—and even when you pay the ransom, you don’t always get your data back.

Protect yourself by refraining from clicking links in text messages, emails or unfamiliar web pages displayed on your phone’s browser. Set your mobile phone to lock automatically, and unlock it only when you enter a PIN. Consider investing a service that locates a lost phone, locks it and wipes the data if necessary, as well as restoring that data on a new phone. Keep your phone’s operating system updated with the latest patches, and invest in antivirus protection for your phone.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Highschooler Opens Bogus Twitter Account In School Directors Name

We’ve seen this before and it never ends good. This time it’s resulting in an identity theft charge  for Ira Trey Quesenberry III, an 18-year-old student at Sullivan Central High School. A few years ago this would have been looked upon as a victimless prank. But times have changed and as social media sites like Twitter, Facebook, Linkedin and others have morphed into much more than just recreational websites, it’s not just unacceptable, it’s a crime.

The Twitter account was created with the name and photo of Dr. Jubal Yennie, director of the Sullivan County school district. The account has since been deleted but the tweets sent in Yennie’s name were reported to be of an embarrassing nature and not appropriate for a school administrator. Why would an 18 year old do something like that?

The Smoking Gun reports “Yennie contacted sheriff’s deputies last Friday to report the phony Twitter account. After investigators linked Quesenberry to the account, the teen reportedly confessed to opening it. Quesenberry was booked today by sheriff’s deputies, and is due to appear tomorrow in General Sessions court.”

Grab your/companies name/products/services people. Sites like Knowem.com will do this for free or for a small fee. The worst thing you can do is nothing. There are millions of stupid 18 year olds out there to make you look stupid-er.

Robert Siciliano, personal security and identity theft expert and Advisory Board member to Knowem. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

What We Learned About Digital Security In 2012

Sometimes it’s the worst things that can happen that become the eye-opening best things that effect positive change. The year 2012 saw numerous high-profile data breaches, epic hacks, full-on hacktivism and lots of major identity theft ring busts. The best news is the public is more aware, which means they are better equipped to protect themselves and law enforcement is well prepared to take down criminals. Individuals, companies and governments worldwide all have their eyes open and are taking action to protect themselves.

High-Profile Breaches

LinkedIn, Yahoo and many others were hacked—and hacked BIG. Unpatched system vulnerabilities and simple passwords were the common denominator in many of these hacks. It’s not enough to have antivirus protection; you also need antispyware, antiphishing, a firewall, updated critical security patches in your operating system and strong passwords that can’t easily be cracked. The good news is all these things are easy to do.

Epic Hack:

Wired reporter Matt Honan recounts how his connected digital life was used to destroy all his data. From this we learn that even a technologist is vulnerable and that there is no shortage of lessons to be learned from his experience.

“In many ways, this was all my fault. In the space of one hour, my entire digital life was destroyed,” he says. “First my Google account was taken over, then deleted. Next my Twitter account was compromised and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad and MacBook.”

The chance of this happening to you are slim, but knowing it’s possible will make you better prepared.

Hactivism Grows Up

Hackers have evolved significantly over the past 20 years. At first “hacker” meant someone who was inquisitive and tested the boundaries of technology. But then in the late ‘90s, hacker became a bad word as a result of a few hackers going too far and the media latching onto the title. Last year saw groups like Anonymous and others take action not just to disrupt, but also to right what they considered wrong. While their actions are often illegal, many feel they have evolved into a sort of voice for those that don’t have one.

The Long Arm of the Law

There isn’t a week that goes by that news reports of federal law enforcement, assisted by state, local and even foreign governments, takes down a carder ring or organized web mob responsible for stealing hundreds of thousands to millions of dollars. It was the year when the law got smart, savvy and as sophisticated as the criminal hackers, and that’s the best news of all!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

10,000+ Identity Theft Rings In The U.S.

Identity theft is the easiest crime to commit and the hardest crime to get caught for. It has been said numerous times that identity theft is the closest we’ve ever come to the perfect crime.  This explains why a recent study by ID Analytics found more than 10,000 identity fraud rings in the U.S.  An identity fraud ring is a group of people actively collaborating to commit identity fraud. This study is the first to investigate the interconnections of identity manipulators and identity fraudsters to identify rings of criminals working in collaboration.

In a press release, ID Analytics states that many of these fraud rings are made up of two or more career criminals, surprisingly, others are family members or groups of friends. The ring members may be either stealing victims’ identities or improperly sharing and manipulating personal identifying information such as dates-of-birth (DOB) and Social Security numbers (SSNs) on applications for credit and services.

Other findings of the study include:

Hotbeds for Fraud Rings—States with the highest numbers of fraud rings include Alabama, the Carolinas, Delaware, Georgia, Mississippi and Texas. The three-digit ZIP codes with the most fraud rings observed are areas around Washington DC; Tampa, Fla.; Greenville, Miss.; Macon, Ga.; Detroit; and Montgomery, Ala.

Fraud in the Countryside—While many fraud rings occur in cities, a surprisingly high number were also found in rural areas of the country.

Consumers’ best protection against identity theft begins with a credit freeze or identity theft protection. But businesses can do more to protect the public by not allowing stolen credentials to be used for fraud in the first place.

Identity thieves carry out their attacks in very short-time windows to exploit their newly stolen credentials.  For businesses, what might typically look like a single transaction can often be calculated attacks across multiple businesses, according Oregon-based iovation Inc. and the businesses that it protects. One computer (or a group of related Internet-enabled devices including smartphones) may open new credit card accounts, make online retail purchases, and schedule shipment of stolen goods — yet iovation’s view of device-related activity can connect these relationships across multiple businesses, geographies and industries — in order to detect and stop cybercrime, and make the Internet a safer place to interact and do business.

What’s on Your Phone? A Lot More than You Realize.

It’s funny to me that when having conversations about technology people still don’t see the parallel between their smartphone and their computer.

Today, smartphone are connected to the Internet and have much of the same information as the personal computer, if not more. Now Androids and other smartphones have become little mini handheld computers. Carriers are announcing that they’ll be upping the speed of the latest version of their networks, doubling download speeds. And new smartphones will have as much as 64 gigabytes of capacity. That’s more hard drive than my three-year old laptop.

For the next generation of users, the smartphone is replacing the PC as their primary device. Nielsen reports, “We are just at the beginning of a new wireless era where smartphones will become the standard device consumers will use to connect to friends, the internet and the world at large. The share of smartphones as a proportion of overall device sales has increased 29% for phone purchasers in the last six months; and 45% of respondents indicated that their next device will be a smartphone.”

For many of us, your mobile device has already become like your right hand (in my case, my left hand). Not only is it your phone, but it’s used to store some of your most private conversations and confidential information—it’s now your address/phone book, email, digital camera, news source, online banking system and even your wallet—all rolled into one device.

With all this invaluable data and information, and the growth in smartphones and tablets, it’s natural for criminal hackers to see these new devices as a huge opportunity, much like they did with the PC.

So if you have a smartphone or tablet, make sure you take steps to protect yourself.

Never leave your phone unattended in a public place

Put a password on your mobile and set your phone to auto-lock after a certain period of time

When doing online banking and shopping, always log out and don’t select the “remember me” function

Use mobile device protection that provides anti-theft, anti-malware/antivirus, app protection and web protection. McAfee makes this easy with McAfee All Access, a single software solution to protect all of your devices or you can use McAfee Mobile Security to protect your smartphone or tablet.

 

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)