7 Lies You tell Yourself about Your Wifi

/in /by

…think again, even if most of your wireless network activities revolve around your personal and family life. There are seven lies about wireless protection; have you fallen prey to any of them?

1W#1 “I’m protected with my password.”

Even an amateur hacker can get past a password. Don’t think that WEP (wired equivalent privacy) can keep out hackers. It’s outdated. Its encryption abilities are flawed. Avoid WEP. Use WPA or WPA2. If you are on a free Wifi get Hotspot Shield VPN which protects your entire wireless session.

#2 “My ISP set up my wireless network, so it must be safe.”

Do you really think that big stupid cable company that’s can’t get a simple customer service call right really has your back? Many ISPs and equipment makers often use WEP as default protection—even big ISPs. Technicians who install your service usually do not automatically install a stronger encryption technology, and you end up getting hacked.

Nevertheless, ISPs and equipment manufacturers are slowly coming around to realizing this problem. More recent wireless gateways and also routers are using WPA for the default. If you have WEP, you may need to change it manually. Don’t assume you automatically have WPA. Find out if you have WEP or WPA. If your router is old, you may need to buy a new one to get WPA.

#3 “Breaking into my wireless is too expensive and difficult.”

Not anymore. A determined hacker can use a plain ‘ol laptop to crack long passwords. Tools are available for free or just a few bucks to do all the dirty work. All Mr Hacker needs to get going is to download free tools to carry out the deed.

#4 “Nobody wants to bother hassling around trying to break into my wireless; it’s not worth it.”

It may seem complicated to you, but not to an experienced hacker. Give him just 5-10 minutes and your wireless network could be in his hands. Even a beginner hacker could crack through your network in under an hour, courtesy of online tutorials. You need superb protection, not just good.

#5 “My credits no good, I’m small potatoes. Nobody is paying attention to me. I’m safe.”

A bored hacker who wants some fun doesn’t care if your data is highly sensitive government information or your kid’s soccer team standings. Just knowing he busted into your private life is enough to thrill him.

#6 “I have firewalls and my computer is patched.”

A “man-in-the-middle” attack can gain a hacker invasion of your communications. This type of attack is stealthy and slick, bypassing the victim’s human radar.

#7 “I’ll see a hacker in front of my house and stop him.”

No, you won’t. Your wireless boundaries don’t stop at your front door; they can extend to neighboring space, meaning that your signal “bleeds” out—horizontally and even vertically. Savvy users know they can stretch the bleed into a few blocks’ distance via cheap antennas. So down your street your attacker may be sitting inconspicuously in his car.

Hopefully your awareness of these lies you tell yourself has prompted you to take measures to upgrade your wireless network’s security with the right design and implementation.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Insurance Company fined BIG for Breach

/in /by

Why would an insurance company be fined for a data breach?

2DThere was a security breach at Triple-S Salud, Inc. (TSS), which is a subsidiary of Triple-S Management GTS. The Puerto Rico Health Insurance Administration plans on imposing a $6.8 million fine on TSS.

The breach involved 13,336 of TSS’s Dual Eligible Medicare beneficiaries. The penalty includes suspending all new DEM enrollments and alerting enrollees of their right to back out.

The PRHIA says that Triple-S failed to implement all the required steps in response to the security breach.

TSS sent out a pamphlet last September that unintentionally showed the Medicare Health Insurance Claim Number of some of the recipients. This is a unique number that’s assigned by the Social Security Administration. It’s considered to be protected health information.

An investigation was carried out by TSS, and this subsidiary did report the incident to federal government agencies and Puerto Rico. TSS complied with the PRHIA’s requests for information pertaining to the DEM beneficiaries. TSS also took additional measures, one of which was that of issuing an alert of the breach through local media; all of the affected beneficiaries were notified by mail of the breach.

In the filing, Triple-S affirms that it takes the matter very seriously and is “working to prevent this type of incident from happening again.” However, it’s currently not able to assess the financial impact of the breach on TSS, nor can it estimate the sanctions’ impact.

Triple-S adds that a response is being prepared by TSS to give to the PRHIA, and that TSS has a right to make a request for an administration hearing.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Chip and PIN or Chip and Signature?

/in /by

OK, there’s lots going on here. Read slowly and wrap your brain around this. So which offers more security? Chip-and-PIN or chip-and-signature for your card payments? Chip-and-PIN wins. This is due to two authentication forms: the card and the PIN, which is stored in your head (or should be, anyways, rather than on some small piece of paper crinkled inside your purse).

1CBut chip-and-signature has its virtues for all involved. One reason is that most people don’t know their credit card PIN, something like 5-10 percent knowing it. If credit card payments were only via chip-and-PIN, consumers would memorize their PINs very quickly.

Another issue is that only one-fourth of U.S. POS terminals have a PIN pad. This means a lot of money spent by merchants to accommodate a chip-and-PIN-only environment with updated POS terminals.

On the other hand, this investment can pay off because, says a 2013 Fed Payments Study Summary, PIN debit transactions come with a much lower fraud loss rate than do signature transactions.

A PIN based transaction brings unwanted issues to some merchants, e.g., car rental companies requiring preauthorization transactions prior to the final transaction amount. Car rental and lodging companies, however, better like the signature based transaction because it has a separate authorization and settlement process.

Other merchants, too, must make some big decisions, such as the restaurant industry: To accommodate customers who want to use their mobiles for payments at their table, restaurants will have to pay a pretty penny for terminals.

The chip-and-PIN comes with a human based flaw: If a buyer forgets their PIN, the transaction will be incomplete. The signature based transaction has the signature to complete the transaction.

All of these pros and cons must be carefully considered among consumers, merchants and the card payment industry. But what bankers and merchants seem to agree on is that the magnetic strip is getting very old and needs to be replaced by a more secure technology: the chip.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

How To Stop Criminal Hackers In Their Tracks

/in /by

Do you offer free WiFi? Put these three safeguards in place to protect your customers and your business.

3DOn a recent trip from Boston to New York on an Acela Express train, I was writing blogs and doing some research using Amtrak’s free wireless Internet. “Free” usually translates to “unsecured,” which means a criminal hacker with the right hardware and software could have sniffed out my wireless communications and grabbed my data. That same hacker, depending on my device’s firewall, setup and sharing settings, might also have been able to access my drive and files and even plant a virus on my device.

But I wasn’t worried because I use a virtual private network software that allows me to surf on an unsecured connection.

Amtrak also knows its free wireless is risky for its users, so before you can use it, you have to agree to the terms and conditions of the Wi-Fi’s use that indemnify Amtrak.

Protecting Your Business

Free wireless is everywhere, because Wi-Fi brings in customers and is a great tool to help create customer loyalty as well. Numerous merchants, including hotels, coffee joints, fast food places and numerous others with a storefront, offer free Wi-Fi to attract people and increase sales.

But it has its downsides, too. If you’re offering it in your place of business, you need to understand that your access point can be used for criminal activity—and to hack your own business, too.

So what are criminals looking for? Criminals connect to free Wi-Fi for:

  • Pirating music, movies and software via P2P programs. This criminal activity costs the recording and motion picture industries billions of dollars every year. The Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) are cracking down on any IP address associated with illegal downloading and will come after your business too.
  • Child pornography. Law enforcement spends lots of time in chatrooms posing as vulnerable kids, chatting it up with pedophiles who buy sell and trade in child pornography. If your IP address is used for this purpose, you will get a knock on the door with a battering ram.
  • Criminal hacking. Bad-guy hackers look for vulnerabilities in others’ devices when using free Wi-Fi networks. They steal keystrokes, usernames, passwords and account info, and install spyware and viruses.

You’re not powerless against these hackers. These three safeguards are the first hurdles you can put in place to secure your company’s Wi-Fi:

1. Use a web proxy/filter. IT security vendors sell software that filters out or blocks known websites and prevents the sharing of P2P files. For more details on what kind of information can be accessed, search “internet access control software” to find a suitable vendor.

2. Add an agreeable use policy. There are numerous phrases a small business can incorporate into an agreeable guest use policy. You may want to include such language as “User agrees not to …”

  • Willfully, without authorization, gain access to any computer, software, program, documentation or property contained in any computer or network, including obtaining the password(s) of other persons. Intercepting or attempting to intercept or otherwise monitor any communications not explicitly intended for him or her without authorization is prohibited.
  • Make, distribute and/or use unauthorized duplicates of copyrighted material, including software applications, proprietary data and information technology resources. This includes the sharing of entertainment (e.g., music, movies, video games) files in violation of copyright law.

You may want to search for and read other business’s agreeable use policies in order to help you compose your own. And be sure to have your lawyer or legal department review it before you begin having customers agree to it.

3. Implement a secure Wi-Fi. Wi-Fi that requires users to log in with a username and password to charge even a dollar will then have their credit card number on file. This would mostly eliminate any anonymity, thus preventing numerous e-crimes.

Don’t think for a second something bad can’t happen to your business. Performing due diligence, knowing your options and implementing these barriers will keep both you and your customers from legal troubles and from getting hacked.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.