Mobile Employees Are a Security Risk

Not too long ago, the office computer filled an entire room. Now, it fills the palms of one-third of employees—those workers who use only the mobile device for their jobs. Security, however, lags behind in keeping up with this growing trend. This is the BYOD generation: bring your own device (to work).

8DIT departments need to keep one step ahead of this fast-growing trend. It’s here to stay, and one reason is because it’s responsible for significantly pumping up productivity. Employers love this. More productivity = higher profits. You’d think that some of these increased profits would be reinvested in security training that correlates to the BYOD movement, since the BYOD movement strongly correlates with an increase in data breaches and risks of breaches.

But it’s not. Organizations still aren’t seeing the light.

A recent Ponemon Institute survey reveals that for a large portion of employees, the mobile device is a first-line medium for conducting business. That one-third figure mentioned earlier is forecasted to jump to 50 percent over the next 12 months.

With all the improvements in productivity comes a corresponding jump in the risks of data breaches—both intentional and accidental. The survey reveals that 52 percent of the participants said that security training for smartphones was shelved in the name of sharpening worker productivity.

Another finding: One-third of businesses don’t even have existing security programs for the BYOD’ers. About three-quarters of respondents said that their existing security was lax. And don’t think that security risks mean only computer viruses, phishing e-mail scams, being lured to malicious websites, being tricked into downloading malware, etc.

There’s a huge risk in the form of roving eyes. A “visual hacker” uses his eyes, and sometimes with the assistance of binoculars or a mobile device camera, to prowl for unguarded computer screens in public like at airports, hotels and coffee houses. He swipes sensitive data by recording it with a camera or seeing it and then writing down what he sees or even memorizing it. Workers can prevent “shoulder surfing” with the ePrivacy Filter software by the 3M company. Combine this software with a 3M Privacy Filter, and the user will be able to thwart a hacker hovering over his or her shoulder from virtually any angle.

The typical business, says the survey, handles 20,000 mobiles, and that number is fast-rising. This will heap on the pressure to implement solid security plans. Managing each device won’t be cheap, either, but a pricey stitch in time will save an obscene expense times nine.

Sixty percent of the survey takers said that mobiles have made employees rather lazy with security awareness. There’s definitely a human factor involved with all of this that businesses must address.

If employees want to use mobiles to conduct business, they should also embrace the responsibility that comes with the use of these devices—that of being willing to learn how to keep the sensitive data that’s stored in these devices safe, and also being willing to learn how to recognize social engineering and other cyber criminal tricks.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

The Futuristic secure and Smart automated Home is here

A burglary occurs every 15 seconds. The chance of your home being broken into is higher than you’d think. The good news is that today’s alarm systems are “not your father’s alarm.”

BeOnTwenty years ago, a contractor had to spend a week tearing up your walls ceilings, and windows to retrofit a messy, hardwired security system. These alarms were so expensive that they were mainly used by businesses and rich people.

Since then, home security systems have dropped in price. They are now mostly wireless, right down to the cellular phone signal. But what makes home alarms even more exciting is that the majority of the functions are intuitive and smart.

Here’s how you can put together a home security system without the klunk and expense of 20 years ago.

  1. Did you know that a non-reinforced door can be kicked open by a 105 pound woman? The point is that a non-reinforced door is worthless even if it’s locked. Doors should have a guard plate. Next, they should have a door jam reinforcement made of steel. Make sure you have a top-flight deadbolt system. These days, deadbolts come with amazing features.
  2. If you have lots of shrubbery around doors and windows, trim them back so that they don’t conceal prowlers. Also add lighting to these areas.
  3. Years ago I witnessed some teen punks hurl bricks at a house down the street in the dark. I heard windows shattering. On the market today is shatter-proof film that will stop a brick from penetrating a window. Even if a blood-thirsty burglar manages to crack a filmed window, he’s not going to get in.
  4. Consider a wireless garage door opener that you can control with your smartphone. Otherwise, never leave your garage door opener in view inside your car.
  5. With your smartphone, you can watch your house in real time to see if there’s any suspicious activity. Wi-Fi monitoring systems will alert you via phone if the surveillance cameras detect movement or sound. Then you can see if someone is creeping around on your deck—even if you’re a thousand miles away.
  6. One of the best ways to deter crime is to make your house look occupied. You’ve certainly heard of timed lighting systems, but BeOn takes this a few steps further. Install BeOn and it will “figure out” your family’s light usage pattern, then duplicate this when the house is empty, tricking burglars who’ve been watching your house into thinking you’re still home. Now that’s smart! Check out their Kickstarter campaign and invest in the future of smart security.
  7. In addition, leave a TV or stereo on loud enough for any prowlers to hear. BeOn is developing a sounder module that will also make the home seem occupied during the day (similar to leaving TV or stereo on as previously mentioned).

Robert Siciliano personal and home security specialist to BeOn Home Security discussing burglar proofing your home on NECN. Disclosures.

15 Simple Secure Home Holiday Travel Tips

The holidays are here, and burglars are ready for you. Are you ready for them? One of the best ways to deter home robbery is to make the burglar think you’re inside the house. Here’s how to do that: 2H

  1. The first thing to do is enforce the burglar’s favorite point of entry: the front door. Though movies usually show intruders bashing through windows (for dramatic effect), the vast majority get in through the front door. The door should be protected with a full-scale deadbolt/lock device, ideally with a built-in alarm—which can be controlled remotely.Piper, which is controlled from your iOS or Android mobile device, has a 105db alarm that can be triggered to go off when the door or window has been opened or when motion has been detected.
  2. There are “door reinforcement” devices out there that beef up your door jams from kick-ins. Google them and get them!
  3. Burglars, of course, do make break-in attempts through windows, including second story, so keep them locked at all times.
  4. Make sure the garage is always locked. Unplug garage door openers if you are gone for a while.
  5. Never pack up your vehicle for vacation in plain view; do it inside the garage with the door down. If there’s not enough room, do it late at night in the dark.
  6. Put a vacation hold on your mail and newspaper delivery.
  7. If you plan on being on vacation, arrange to have your lawn mowed (unattended lawns look like you haven’t been home for a long time) and any snowfall shoveled while you’re gone.
  8. Have a trusted person park their car in your driveway to make it seem like you’re home.
  9. Whether or not you have a dog, leave out signs that you have a large dog, but don’t be stagey about it. A large, unlabeled bowl with a few “uneaten” bits of food is more convincing than a perfectly clean bowl labeled “THOR.”
  10. Use light timing devices rather than leaving a light on the entire time while you’re gone. Piper home automation capabilities can be set up to turn lights on and off and allow you to remotely view all home activity from your mobile device.
  11. Don’t display holiday gifts to the outside world; the pile under the tree should be impossible to see from outside.
  12. And just in case someone does break in, make it hard for them to find any valuables. For instance, place your jewelry in a fast food bag in a fake wastebasket. It’s not likely a crook will think to check it for diamonds.
  13. Don’t announce your vacation plans on Facebook until after you’ve returned.
  14. Don’t say anything on your voice mail welcome that suggests you’re out, such as “we will return soon.” Instead say, “We’re unable to answer right now; please leave a message.” Better yet, say something like, “We are home, but busy right now; I’ll return your call immediately.”
  15. Get a home security system that’s remotely controlled. Piper doesn’t require a monthly monitoring fee so you can save a few bucks around the holidays.

Robert Siciliano, personal and home security specialist for Piper, the All-In-One Home Security, Video Monitoring and Automation Device, discussing burglar proofing your home on Fox Boston. Disclosures.

10 Tips to avoid Scams when traveling

Vacationers and tourists provide a vast feeding ground for all sorts of crooks: from the simple pick-pocketing specialist to the hotel room burglar to the e-thief: credit card skimming and computer crimes. You can even have your identity stolen while sunning on that white beach.

9DAvoid Traveling Scams with These Tips

  • Don’t post your vacation or other travel plans on social media. Thieves peruse social media to see who will be out of town and when.
  • Protection begins before the trip. Put a vacation hold on your snail mail.
  • Beware of hotel room scams. A person posing as front desk staff will call random hotel rooms to sucker travelers into giving up their credit card number. Never give private information over the hotel phone.
  • When using public Wi-Fi, encrypt your activities so that hackers can’t pluck them out of the air.
  • Always know where your mobile phone is, and have it protected with a password.
  • Must you always pay with a credit or debit card? Cold cash can’t be hacked into. But I still prefer credit over debit cards (and even cash).
  • Don’t withdraw more cash than you need. Don’t take out wads of high bills because you “might” spend a lot of money. And use an ATM at a bank, not a public kiosk.
  • When you do use a card (credit, not debit!), do not let the server or sales clerk walk out of your sight with it. You just never know who might be an “inside” thief.
  • As soon as you can upon returning from traveling, check your credit card statements for suspicious activity.
  • Leave the expensive jewelry, handbags, etc. at home. A thief has a lot of interest in a well-dressed person who acts like a tourist. If you want everyone to see how exorbitantly styled you are, you’ll have to include muggers and other thieves in that group.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

The Credit Card Fraud Mob Boss

There once was a guy named Albert Gonzalez who dressed like a woman—but not because he got off on this, but because he wanted to conceal his actual appearance while he used a ream of phony cards to steal money from an ATM in 2003. A cop noticed the activity and didn’t quite buy the disguise.

2CThe police officer nabbed the thin, disheveled Gonzalez, and it turned out he possessed a computer at his New Jersey home loaded with stolen card data. He was also a moderator for Shadowcrew.com, a site for cybercriminals on how to hone their skills.

Gonzalez wasn’t arrested, but instead, the 22-year-old, who was unfortunately a drug addict at the time, was so smart at his craft that he was hired by the Secret Service. They even paid his living expenses. Over time he got off drugs and looked healthier and became clean shaven.

With his help, the Secret Service caught over a dozen Shadowcrew members. Gonzalez then moved to his hometown of Miami, at the urging of his superiors, in the name of evading revengeful Shadowcrew members who might suspect him of being the leak to the government.

Gonzalez became a paid informant for the Secret Service in 2006. He spoke at conferences and seminars and was seemingly living the life.

But while he aided the Secret Service, he led a criminal team that cracked into 180 million payment-card accounts of major corporate databases, among them being Target, JCPenney, OfficeMax and TJ Maxx.

“The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled,” his chief prosecutor said. What a shame: A genius who used his talents to live a life of crime.

Gonzalez was sentenced to two consecutive 20-year terms, the longest for any U.S. cybercriminal.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Visual Hacking is High Tech Shoulder Surfing

A visual hacker can infiltrate you—from the outside in. Quite literally, a person (ranging from a snoop to a cyber criminal) can peer over your shoulder while you’re using your computer or mobile (“shoulder surfing” or “visual hacking”), and collect your personal information—whatever you have up on the screen.

4DThis is so easy to observe Go to any airport or café and you’ll see scores of people using their laptops, headset on, head nodding to some beat, totally oblivious that a world exists beyond their little comfy spot.

However, shoulder surfing can also happen from a distance, e.g., a thief using binoculars or a small telescope. He can be nearby aiming his high-quality smartphone camera at the user. A cheap camera can be hidden near a spot where people often settle down with their devices, aimed right where people most often open their laptop or whip out their mobile.

You might be able to prevent shoulder snoopers by covering your screen with a hand, but this isn’t practical. If you’re working remotely, you should think about setting yourself up so that passers-by can’t see your screen, such as sitting up against a wall. However, these maneuvers aren’t always possible and you know that you need protection every single second to prevent information you are working on from a potential leak.

A recent survey of IT professionals found that 82 percent had little to zero confidence that employees were capable of concealing their device’s screen from peeping eyes; 82 percent believed it was possible that data had already been viewed off of their screens by the wrong eyes; and 85 percent reported being able to view sensitive data on a screen that they were not supposed to be looking at. So why aren’t more people – and more importantly, more organizations – taking the necessary precautions to protect their visual privacy?

From login credentials to company directories to confidential financial figures – data that can be visually hacked is vast and what a hacker can do with that information is even more limitless. To prevent people from handing over the proverbial “keys to the kingdom” through an unwanted visual hack 3M now offers its ePrivacy Filter software. When paired up with the traditional 3M Privacy Filter, which blacks out side views and helps prevents hackers from stealing a glance at your screen, the ePrivacy Filter notifies you when someone is peering over your shoulder. You can now protect your visual privacy from nearly every angle.

Not only do thieves try to see what’s on the screen, but they’ll also study the user’s fingers at key times, such as right after they open the laptop. This could be the password they’re typing in to gain access to the device. A skilled visual hacker can determine which group of keys was pressed, then confine a brute-force attack to those characters to crack the password.

If you think shoulder surfing is uncommon and more so the product of overactive imaginations, think again. Take yourself, for example. Imagine being on a long flight. You’re wide awake but drained from using your device and reading magazines. Sooner or later (and you know this), your eyes will drift towards the stranger seated next to you—to see what’s on their screen. Since you, an honest, non-criminal person, is apt to do this, imagine how tempting it is for thieves.

Research results that were released last year revealed that 72 percent of commuters in the UK peer over the shoulder of fellow commuters. But don’t think that shoulder surfing is confined to the public; it can also take place right inside your office building. This can be particularly true for offices with an open floor plan design. With more and more screens out in full view and not enough attention paid to the types of data being accessed for all to see, you can never let your guard down when it comes to protecting confidential and sensitive information.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

How The Internet of Things can go very wrong

The Internet—one of history’s greatest inventions—is also one of history’s greatest platforms for crime. Here are ways things can go very wrong with the Internet of Things.

2DMed-hacking. Researchers have hacked many medical devices. Though it apparently hasn’t happened in the real world, yet, but it looks like it’s only a matter of time before medical equipment becomes hacked, such as automatic insulin pumps and pacemakers. The FDA is quite new to looking into this potential.

Sauna house. It’s possible for a hacker, if not currently, then in the near future, to get into your connected thermostat and kick it up to 120 degrees. Yes, it’s great to control the thermostat when you’re away from home…but someone else who has too much time on his hands might think that’s great, too!

Smartphones. Maybe one day it will be smarter to go back to the dumb phone. At least a dumb phone can’t be used by a hacker to turn things upside down for you, such as getting ahold of your financial account numbers or sensitive photos.

Your printer can get hacked. Someone could remotely bust into it and view your documents. A crook can infect your home printer with a Trojan to not only spy, but install malware. And if your printer is potentially a target for hackers, imagine what else around your house could be, such as your router and any other gadget that’s connected to the Internet.

From carjack to car-hack. A connected car can be hacked via its wireless enabled radio, with commands then going to the steering wheel or brakes. Know any computer geniuses who hate you and know your car is connected?

Satellite airline equipment is vulnerable to malicious invasions; this has potential repercussions to the communications involving airplanes and ships. This kind of hacking can go as far as tricking a plane to redirect its course.

The TSA carry-on baggage scanner can be hacked into and then used to get weapons past TSA checkpoints. There’s even a feature that can show fake images on the X-ray screen.

So, don’t worry about any of this. But DO something about it. At a minimum lock down your wireless with encryption. Routers come with WPA/2 security and it should be activated. Otherwise deploy antivirus, antispyware, antiphishing and a firewall.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 Get Smart Home Security Tips

The season to give is also the season to steal. Burglars are always looking for great deals—you know—the house that looks like nobody’s ever home; the house that has lots of shrubbery crowding out the doors and windows so that nobody can see the prowler spending 20 minutes trying to break in; the house with the huge Christmas tree in the window and a three-foot-high pile of gifts engulfing it.

BeOnHere’s how to make your house look very unappealing to burglars:

  1. Make it look occupied at all times. When you leave, leave some lights on. Leave a TV on so that the flickering can be seen from outside. Better yet, check the preventative BeOn burglar deterrent home security system that adds a layer of security using light and sound as deterrents to stop break-ins before they happen. Their Kickstarter campaign is rocking two Boston sports celebrities, check it out! Backing BeOn on Kickstarter helps accelerate development of these features to make the occupied home even more convincing.
  2. Don’t just automatically open the door when the doorbell rings unless you know who’s on the other side. And, it is not rude to ignore someone at your door! “But it might be a neighbor!” You’re not obligated to answer your door if you don’t know who it is. Unless you can clearly see it’s a trust person, don’t answer.
  3. When you order something to be delivered to your house, make an effort to be there to receive it so that a casing burglar doesn’t see an unattended package and think, “Nobody’s home.” Its also a good idea to set up a UPS and Fedex account to be notified of such deliveries.
  4. Keep the gifts that are under the tree invisible to the outside.
  5. If you travel, put your newspaper and mail delivery on vacation hold.
  6. If you’re traveling, notify the police that you’ll be out of town; ask them if they can drive by every so often to make sure things look okay.
  7. If you have a dog, see if you can arrange to have someone house sit so that the dog can stay at the house to bark in response to any prowlers.
  8. Don’t leave the boxes, that expensive items came in, sticking out of your rubbish at the curb. Tear them down so that they can be concealed inside the trash cans.
  9. Do not reveal your travel plans online, and instruct your kids not to.
  10. If you have a security system, put their stickers on all your windows and their sign in your yard. If you don’t have a system, get ahold of some stickers and signs anyways and put them up.

Robert Siciliano personal and home security specialist to BeOn Home Security discussing burglar proofing your home on NECN. Disclosures.

15 tips to Securing your Home for the Holidays

You know who really loves that ever-so-annoying “fall back” time change November 1? Burglars. Because it gives them an earlier start on their criminal activities because they love to work in the dark. And burglars get busier as daylight becomes shorter and the holiday season nears.

1SMany people will take precautions to prevent fires started by Christmas lights, yet will ignore security measures that can prevent a home robbery. Very strange. Though fire prevention is important, your home is, statistically, far more likely to be burglarized during the holidays than go up in smoke. So here are ways to keep the thieves away.

  1. Keep all windows locked, even on the second floor. Yes, some burglars learn climbing skills.
  2. Put security films on your windows that prevent penetration from a crow bar or baseball bat.
  3. Keep all doors locked, even in broad daylight when you’re home.
  4. Use top-flight locks and door reinforcements.
  5. Keep curtains or shades/blinds closed so that nobody can peek in and see your valuables or your hardly-imposing 120 pound frame.
  6. Always collect your mail, newspaper delivery, as soon as they arrive.
  7. Give your house that lived in look even when your home. Piper’s home automation technology, controlled viayour iOS or Android mobile device,can be set to turn your lights on and off at specific times.
  8. Put a large dog bowl on the front deck or by the front door. But don’t make it look staged by labeling it “Bear,” “Bruno” or “King.” Make it more realistic by adding a large chew toy and putting the bowl on top of a small mat. Maybe put a big leash nearby.
  9. Place a pair of men’s size 12 work boots near the door (scuff them up to make them look worn) or get them from an Army Navy surplus store.
  10. If your car is always parked outside because you don’t have a garage, place a pair of mans gloves on the front dash. Casing thieves will think twice if they think a man’s inside.
  11. Make sure no shrubbery crowds around entry points.
  12. If you have a garage, always pack and unpack gifts and stuff so nobody sees what’s going on.
  13. Don’t blab on social media about stuff you buy or that you are heading to the mall. Many crooks scan social media to see who’s doing what and when.
  14. Invest in a home security system like Piper, which requires minimal setup, no contracts and provides a clear view (via your mobile device) of what’s going on in your home when you’re not there. With its built-in motion sensor and siren, you can arm Piper to deter and alert you to intruders.
  15. Put Piper devices near your front door and back door and monitor them on your smartphone or tablet.

Robert Siciliano, personal and home security specialist for Piper, the All-In-One Home Security, Video Monitoring and Automation Device, discussing burglar proofing your home on Fox Boston. Disclosures.

What is a Computer Worm?

Worms. Most of us probably think of them as those squirmy invertebrates we dissected as a kid or found on the sidewalk after a storm. You might have used them as bait for fishing (not phishing), to pull a prank or have even eaten them (no judgment).

6DWhether you like worms or not, there’s one kind of worm that definitely isn’t your friend—the computer worm. This kind of worm is a computer program that can replicate and send copies of itself to other computers in a network. Worms are considered a subset of viruses, but unlike viruses they can travel without any human action.

Most worms are designed to exploit known security holes in software, although some spread by tricking Internet users. Mass-mailing worms, for instance, spread via email or instant message (IM). They arrive in message attachments and once you download them the worm silently infects your machine. Peer-to-peer (P2P) networks are another avenue for worms: cybercriminals upload infected files with desirable names to entice users into downloading them. And once you download the file your computer is infected.

Once your machine is infected, the worm can corrupt files, steal sensitive information, install a backdoor giving cybercriminals access to your computer, or modify system settings to make your machine more vulnerable. They can also degrade your Internet connection and overall system performance.

The good news is there are steps you can take to keep your computer from being infected:

  • Don’t download or open any files on P2P sites.
  • Since some worms now have a phishing component—meaning that they try to trick users into running the malicious code—do not click on links in unexpected emails and IMs, or download attachments connected to them.
  • Use comprehensive security software, like McAfee LiveSafe™ service, with a software firewall to block unauthorized traffic to and from your computer. Make sure to keep your security software updated.

If you fear that your machine is already infected, immediately run a security scan.

Of course, given the fast-moving nature of Internet worms, your best bet is to be cautious and take steps to avoid getting infected in the first place.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.