10 Tips to Stay Safe Online

/in /by

Hang ten, dude! It’s summertime and surfers are taking to the ocean to go catch some gnarly waves. Experienced surfers know that there are dangers out in the water and are trained to look out for them. These dangers include rip currents, shallow water, and of course, sharks.

4HJust like there are dangers in the ocean, there are many dangers lurking on the Internet. And a savvy web surfer and searcher knows that there’s ways to protect themselves. Here are some tips to keep you safe while you surf the internet.

  1. Know the scams. Read articles and blogs, follow the news, and share this so you can  learn about different kinds of scams and what you can do to avoid them and also help your friends.
  2. Think before you click. Never click on links in messages from people you don’t know or vaguely know. These phishing emails have links that lead to websites that can lure you into giving personal information or download malware to your computer. You should even be wary with emails from people you do know if it looks or sounds suspicious. Hackers can create a malicious email that looks like it came from your best friend’s email account.
  3. Safely peruse. Beware of phony websites. These sites may have an address that’s very similar to a legitimate site, but the page can have misspellings, bad grammar or low resolution images. However, scammers are getting better at replicating sites so make sure. If a site asks for personal information, that you double check the URL and make sure it’s not asking for information it shouldn’t.  McAfee SiteAdvisor is a free download and protects you from going to risky sites
  4. Shop safely. Don’t shop on a site unless it has the “https” and a padlock icon to the left or right of the URL. Also, protect yourself and use a credit card instead of a debit card while shopping online—a credit card company is more likely to reimburse you for fraudulent charges.
  5. Kick-butt passwords. Do away with the “Fitguy1982” password and use an extremely uncrackable one like 9&4yiw2pyqx#. Phrases are good too. Regularly change passwords and don’t use the same passwords for critical accounts. For more tips on how to create strong passwords, go to www.passwordday.org
  6. Protect your info. Keep your guard up. Back up all of your  data on your computer, smartphone and tablet in the event of loss, theft or a crash. Also, routinely check your various financial statements for questionable activity.
  7. Watch your Wi-Fi connectivity. Protect your network by changing your router’s default settings and making sure you have the connection password-protected. For more information on how to protect your Wi-Fi connection, click here.
  8. Install a firewall. A firewall is a great line of defense against cyber-attacks. Although most operating systems come with a firewall, you might want to consider installing McAfee LiveSafe™ service which has a much better firewall than the one that comes built into your operating system.
  9. Keep up to date. The best security software updates automatically to protect your computer. Use the manufacturer’s latest security patches to make regular updates and make sure that you have the software set to do routine scans
  10. Use your noggin. You do not need to be a seasoned computer whiz to know that it’s not smart to open an attachment titled, “Claim Your Inheritance!” Using common sense while surfing the Web can protect you from some hungry cyber-shark.

These are the basics to help you stay safe online. To stay on top of the latest consumer and mobile security threats by following @McAfeeConsumer on Twitter and Like us on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Cyber Security Insurance Difficult for Business to Navigate

/in /by

Cyber insurance is now booming, with about 50 carriers in the industry. An increasing number of companies have cyber insurance to protect against cyber crime. However, businesses claim it’s not easy to get adequate coverage.

4DLosses from data breaches are difficult to quantify. The tangible losses are more easily insured, says a New York Times online report. When it comes to a data breach, there are often related losses such as reputational damage and loss of customer loyalty that are harder to quantify.

Add to this the fact that underwriters don’t yet have sufficient data to estimate the likeliness or cost of an attack; most breaches get missed or aren’t reported publicly.

While an insurance company can tell you the precise odds of a major city office building burning down, nobody knows when the next giant retailer will be hacked. Statistics on hacking risks aren’t constant due to the continuous evolution of cyber crimes.

According to New York Times estimates, companies seeking coverage can only hope for, at best, a $300 million policy, peanuts compared to the billions devoted to property protection. Though this still sounds generous, the cost of a major breach can easily exceed it. Target’s situation is on course for just that, says the New York Times online article. The 2011 Sony breach has already exceeded $2 billion in fallout.

The best policies cover costs associated with alerting customers, plus forensics, call center setups, consumer identity monitoring, legal fees and a crisis management firm. But that may only dent the disaster. Policies don’t address loss in profits due to customers jumping ship. A policy can’t prevent a marred brand reputation. “Although a solid cyber policy will cover notification, crisis management expenses, defense costs, damages and the costs associated with regulatory action, it would not cover other, potentially much larger losses, such as reputational injury and loss of brand and market share,” says Roberta Anderson, an insurance coverage and cybersecurity attorney with the law firm of K&L Gates, LLP.  “Those losses are difficult to value and remain uninsurable in the market today.”

Expect the cyber insurance industry to continue swelling while cyber crime continues to remain several steps ahead of businesses and security systems.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Business Identity Theft; Big Brands, Big Problems

/in /by

Cyber criminals go after brand names like vultures, infiltrating company websites, hijacking mobile applications and tainting online ads, among other tricks.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Some corporate websites aren’t as secure as business leaders think they are—and cyber thieves know this. They use the “watering hole” technique to infiltrate the system. Ever see an animal TV show in which the lions wait in the brush, camouflaged, for their unsuspecting prey to approach the lone body of water? You know the rest.

Think of the company’s website as the watering hole. The company typically uses “landing pages” to entice people to their main site, but leave the landing pages up after they’ve served their purpose. Here’s where trouble starts, fewer resources are devoted to monitoring or updating these pages, allowing hackers to pounce on the vulnerabilities and insert malicious code, luring visitors to malicious sites using the trusted reputation of the brand..

Ultimately, the brand name becomes associated with this. Some examples as reported by Forbes.com:

  • The nbc.com home page was infected with the Citadel/Zeus installation malware.
  • The U.S. Veterans of Foreign Wars’ website was infected with malware.
  • Third-party app stores are a source of downloaded malware, since these are usually un-policed. Apps can be repackaged with mal-code, creating an association of bad with the brand name of that app. The mal-code could gather personal data on the purchaser, which is then sold to data brokers, violating user privacy, making the user think pretty negatively about the brand name.
  • Malvertisements are malicious ads that crooks place on legit websites. These normal-appearing ads spread bad things around, and do NOT have to be clicked to trigger a viral attack.
  • Banner ads can also be the target of injected mal-code.
  • These clever crooks will even pose as an actual name-brand company and put up legitimate ads on a website, but then replace those with mal-ads over the weekend—which go undetected because IT departments are lax on the weekends. After oh, say, a few million computers and mobiles are infected, the thieves stick the original, legit ad back in, which makes their crime difficult to track.

Third-party networks place a lot of ads, making it very hard to hunt down malvertising fraud. This complexity can make it virtually impossible for companies to protect themselves against 100% of malicious attacks.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Healthcare Establishing Customer Security Programs

/in /by

Consumers really get stiffed when there’s a data breach, having to change their passwords, replace credit cards, and other bothersome tasks, not to mention the grief over stolen personal information.

10DHealthcare organizations (a prime target of cyber criminals for several reasons) need to think beyond the approach of, “Here’s how we’re protecting your data,” and shift their way of thinking to, “We are dead serious about our customers’ security.”

This is how healthcare organizations can be truly proactive. While organizations can’t reveal too much information about their security plans (since this can make it easier for exploitation), they DO need to be generous with candid messages about how vital it is to protect consumer data.

Throwing around the same generic, recycled language about “Here’s what we’re doing to protect you” no longer cuts it and doesn’t build a lot of trust in the consumer. Instead, organizations should impress upon consumers their devotion to security in meaningful and understandable ways.

Consumer security should be free to the customer. This will delight consumers and help ease their anxieties over data safety, while setting the organization apart from its competitors. That’s how to put the brand’s reputation at the top and build customer loyalty.

Key Features of a solid customer security program

  • Information must be protected at the time of sign-up/data collection, and protected should data be lost.
  • Being accountable for a data recovery and restoration in the event of a breach; this will build customer loyalty.
  • Financial loss must be recovered.
  • Credit reports must be restored.

According to AllClear ID, here is how healthcare organizations can make an impression on their customers:

  • Implementation of the most current IT practices should be done because it is paramount to secure mobile devices, access points, databases, cloud services, etc., and to better keep tabs on systems for breaches.
  • The security of employees’ personal mobiles and the organization’s devices needs to be stronger.
  • Employee training must be improved, from the bottom up, to reduce mistakes.
  • HIPAA compliance needs to be reinforced.
  • An identity protection plan must be created so that potential customers will have confidence in enrolling and feel less anxious about the fallout of a security breach.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.