Weak Passwords Mean Data Breaches

/in , /by

Studies across the board indicate that weak usernames and passwords are one of the top causes of data breaches, and I find that information to be unfortunate, because it is preventable. According to a recently concluded survey conducted by uSamp and sponsored by Siber Systems, creators of the RoboForm Password Manager: 70% reported forgetting a password, or had a password become compromised, in their professional life in the US.

  • More organizations are enacting policies where employees can use their own devices and store information on a cloud.
  • This means that it is more important than ever before to protect accounts with strong passwords.
  • A strong password is the first line of defense against scammers and hackers, and it helps to keep data safer.

The Research on Passwords Doesn’t Lie

The data from these studies indicates that there is no organization in any industry that is not vulnerable to a breach of data.

  • Every company, no matter what size, should put in some effort to protect their sensitive data.
  • Many breaches of data could have been prevented by implementing stronger security controls, improving credentials used to long in and employing safety best practices in the workplace.
  • Weak or stolen usernames and passwords are one of the top causes of data breaches, and more than 75 percent of attacks on corporate networks are due to weak passwords.
  • Almost half of all instances of hacking is due to stolen passwords, which are obtained through the theft of password lists.

Know The Risks of Choosing Weak Passwords

Experts have warned for many years that there are risks associated with relying on weak usernames and passwords to restrict the access of data.

  • Verizon estimates that about 80 percent of all data breaches could have been stopped if a stronger, better password was used.
  • Experts, including the IT team of companies, can offer assistance to employees seeking to improve their passwords and reduce risk.
  • Too many companies protect their data with passwords that are too weak or too easy to guess, such as the name of the organization or other obvious words.
  • It is also difficult to enact policies for improved passwords in the workplace because employees are not informed of the facts.
  • The best passwords are long and varied, with symbols, letters and numbers. These passwords should also not be obvious, such as the name of a company, address or company motto.
  • One of the best investments in ones personal security is in a password manager. Frankly, I don’t know how anyone can use a PC and not have a password manager in place.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

Introducing Angee Home Security

/in , /by

Meet Angee.

ANG2Angee (pronounced like Angie) will revolutionize home security in more ways than one. One of the features that sets Angee apart from other home security systems is that this system can learn about you and your family members, and then operate accordingly. Angee is the future, but this future is now here.

Check out what Angee offers:

  • Operates even during a power outage due to a built-in battery and 1.5 Gb storage.
  • Is small and portable, a handsome cylindrical design that can blend in with home decor.
  • Has data military grade encryption.
  • Motion and proximity detection tags that can be quickly and easily placed at all entryways and windows, so you need only one of the small portable units, regardless of the size of your house. Thus, a detection tag in a room on the third floor will allow the Angee unit, which is on the first floor, to tell when someone enters that third-floor room.
  • Recognition of household members’
  • Can connect to your mobile device, tablet or smartwatch.
  • Operation is voice controlled (as well as via smartphone) and includes personal-assistant-type tasks such as answering the phone.
  • Surveillance cameras (which rotate 360 degrees) that will follow intruders by detecting their presence; there’s no escaping “getting caught on tape.” But if you don’t want Angee to watch you during an intimate moment, no problem; just say “Turn away.” And remember, if the burglar says “Turn away,” Angee will disobey because it won’t recognize his voice.
  • Zero subscription fees.
  • The projected retail price will be $429.

The Birth of Angee

Angee Inc., is a start-up company that formed about a year and a half ago. Its founders had an ultra-strong vision and thus, introduced their system on Kickstarter. The founders needed experts in serial production, so hence teamed up with Dragon Innovation.

Who are the founders?

Tomas Turek is a serial software entrepreneur. He and his team have been working tirelessly for over 18 months to bring Angee to life.

If you’d like to support this futuristic layer of home security to bring it to the present, go to the Kickstarter campaign.

Robert Siciliano, personal and home security specialist to Angee. Learn more about Angee in this Video. Support Angee on Kickstarter. See Disclosures.

Choosing a Home Security System

/in /by

Choosing a home security system may be dizzying, what with all the possibilities, but the good news is that there’s a system for every budget and personality.

3HGone are the days in which the only security systems available were the ones with all the clunky wires that had to be put throughout the house. Systems are now offered by Internet providers and cable companies. But choose carefully.

Wireless

  • These often include do-it-yourself installation.
  • The provider may or may not yield an equipment charge.

Get the police involved.

  • Ideally the system should automatically send an alert to a call center who dispatch the police. However some home security companies don’t offer monitoring services that trigger a call to the police when the alarm is tripped. Look into this.

Smartphone

  • For not much more than $25-30 a month, you can have a basic system that includes motion sensors using an application for your phone.
  • With your mobile device connected to your home, you can monitor it in real time, get alerts, control other functions or arm your system if you forget to do it after you leave.

Customer Service

  • The industry of home security systems is highly competitive. Basically they offer the same things, so a good company will try to stand out by offering superior customer service.
  • It would be wise to check out reviews before committing to any service.
  • One thing to keep in mind is that customer service should be available ‘round the clock.

Home-made Security

  • Until you get an official home security system, you can buy security company stickers off of eBay and put them on your windows to fool burglars into thinking your house is protected.
  • Use timed lighting devices so that your house never looks dark and unoccupied.
  • Timed devices can also produce flickering light to simulate a TV being on.
  • Keep shrubbery away from windows so that intruders can’t hide in it.
  • Always keep the lawn well-kempt. An overgrown lawn suggests that the home’s occupants have been away on vacation.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

What are Consumer Reports?

/in /by

You’ve heard the term “consumer report.” Many times, I’m sure. But do you really know what one is? If you’re nodding your head, would you be able to explain it to a Martian? If not, then you probably do not have a solid understanding of what one is.

12DBut lenders, landlords, creditors, employers and insurers certainly know what a consumer report is, because every time they’re about to deal with a new client, they put themselves at risk.

  • Is he in good health?
  • Will she stop paying her mortgage?
  • Will he total his car?
  • Will she be productive on the job?
  • And more questions abound.

An article on privacyrights.org explains that all sorts of businesses need to assess the risk of every new client. However, it would be quite unwieldy for businesses to sit every potential client down and run through a list of 100 questions, then wonder if the applicant is being truthful.

Enter the consumer report.

  • Credit report: Lenders can see the applicant’s financial status and bill payment habits.
  • Fair Credit Reporting Act: Encompasses entire financial status.
  • Miscellaneous companies are targeting consumer reports specifically for landlords, insurers and employers.

The article explains that the businesses that put together these targeted reports are called consumer reporting agencies. Consumer reports don’t just deal with finances and credit. Other types of reports come from nationwide specialty consumer reporting agencies. These other kinds of reports may detail one’s medical history, employment history, history of insurance claims and check writing history.

You are entitled to a free report every 12 months from a nationwide specialty consumer reporting agency.

  • Make your request to each specialty reporting agency; they act independently of each other.
  • Every agency has a toll-free number.
  • Some agencies allow faxed, mail-in or online requests. For online requests, the agency’s site must provide a FAQ or help page.
  • You are entitled to an update on your request’s status.
  • There is no deadline for the agency to honor your request.
  • The agencies gather information on people from a number of sources such as bankruptcy filings, driving records, credit history, public records of court cases and insurance companies.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

How to prevent your Pics from being lifted: Part 1 of 2

/in , /by

You need not be a celebrity or some big wig to suffer the devastating fallout of your online images (and videos) being stolen or used without your permission.

10DSo how does someone steal your image or use it without your permission?

Hacking

  • Hacking is one way, especially if passwords are weak and the answers to security questions can easily be figured out (e.g., “Name of your first pet,” and on your Facebook page there’s a picture of you: “My very first dog, Snickers”).
  • Malware can be installed on your device if the operating system, browser or security software is out of date.
  • But hackers may also get into a cloud service depending on their and your level of security.

Cloud Services

  • In 2014, the images of celebrities and others were stolen from their iCloud accounts. At the time, two factor authentication was not available to consumers.
  • Apple did not take responsibility, claiming that the hackers guessed the passwords of the victims. This is entirely possible as many use the same passwords for multiple accounts. It is reported that Jennifer Lawrence’s and Kate Upton’s passwords really were123qwe and Password1, respectively.

Social Media

  • Got a pretty avatar for your Facebook page? Do you realize how easy it is for someone to “Save image as…”?
  • Yup, someone could right-click on your provocative image, save it and use it for some sex site.
  • And it’s not just images of adults being stolen. Images of children have been stolen and posted on porn sites.
  • Stolen photos are not always racy. A stolen image could be of an innocent child smiling with her hands on her cheeks.
  • The thief doesn’t necessarily post his loot on porn or sex sites. It could be for any service or product. But the point is: Your image is being used without your authorization.

Sexting

  • Kids and teens and of course adults are sending sexually explicit images of each other via smartphone. These photos can end up anywhere.
  • Applications exist that destroy the image moments after it appears to the sender.
  • These applications can be circumvented! Thus, the rule should be never, ever, ever send photos via smartphone that you would not want your fragile great-grandmother or your employer to view.

How can you protect your digital life?

  • Long, strong passwords—unique for every single account
  • Change your passwords regularly.
  • Firewall and up-to-date antivirus software
  • Make sure the answers to your security questions can’t be found online.
  • If any of your accounts have an option for two-factor authentication, then use it.
  • Never open attachments unless you’re expecting them.
  • Never click links inside e-mails unless you’re expecting them.

Stay tuned to Part 2 of How to prevent your Pics from being lifted to learn more.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How to use two-factor authentication for critical accounts

/in /by

Have a small business? Great. Have two-factor authentication for your accounts? If you’re not sure of the answer to that question, you could be in trouble. October is National Cyber Security Awareness Month, the perfect time to learn more about cyber security. As a small business owner, you certainly have thought about data breaches. They don’t just happen to giants like Target and Sony. The common thread in many data breaches is that the hackers got the password.

5DOnce a hacker has a password, they often can get into the account, even if a username or other information is required. But suppose the hacker, mouth drooling as he’s about to break into your business accounts with your password and username, types in this login information and then sees he’s blocked unless he enters a one-time passcode? That’s a form of two-factor authentication. Game over for Joe Hacker.

Two-factor authentication may mean a different login, every time you login, even on the same day, and only YOU have it. It’s sent to your e-mail or phone. Setting up two-factor authentication differs from one platform to the next. See the following:

PayPal

  • Click “Security and Protection” in the upper right.
  • At bottom of next page, click “PayPal Security Key.”
  • Next page, click “Go to register your mobile phone” at the bottom. Your phone should have unlimited texting.
  • Enter your phone number; the code will be texted.

Google

  • At google.com/2step click the blue button “Get Started.” Take it from there. You can choose phone call or text.

Microsoft

  • Go to login.live.com. Click “Security Info.”
  • Click “Set Up Two-Step Verification” and then “Next.” Take it from there.

LinkedIn

  • At LinkedIn.com, trigger the drop-down menu by hovering over your picture.
  • Click “Privacy and Settings.”
  • Click “Account” and then “Security Settings.”
  • Click “Turn On” at “Two-Step Verification for Sign-In.”
  • To get the passcode enter your phone number.

Facebook

  • In the blue menu bar click the down-arrow.
  • Click “Settings.”
  • Click the gold badge “Security.”
  • Look for “Login Approvals” and check “Require a security code.”

Apple

  • Go to appleid.apple.com and click “Manage Your Apple ID.”
  • Log in and click “Passwords and Security.”
  • Answer the security questions to get to “Manage Your Security Settings.”
  • Click “Get Started.” Then enter phone number to get the texted code.

Yahoo

  • Hover over your photo for the drop-down menu.
  • Click “Account Settings.”
  • Click “Account Info.”
  • Go to “Sign-In and Security” and hit “Set up your second sign-in verification.”

Type in your phone number to get the texted code. If you have no phone you can get receive security questions via e-mail.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use.

Being cyber aware also includes backing up your data to a secure offsite location. Back it up with Carbonite, and receive 2 free bonus months with purchase of any subscription through the end of October by entering code “CYBERAWARE” at checkout.

Robert Siciliano is a personal privacy, security  and identity theft expert to Carbonite discussing identity theft prevention. Disclosures.

Retirees Prime Targets for Identity Theft

/in /by

Is it easier for crooks to prey on senior citizens, or is it that most targets are the seniors?

Well, one thing’s for sure: A disproportionate percentage of identity theft complaints come from people 50-plus (though I’m sure some readers would hardly consider 50-somethings to be seniors—but you get the point).

Some scammers go after seniors because they know that many older people have a lot of money saved up. And it’s also no secret that many seniors aren’t as sharp as they used to be, and also are not caught up on technology.

Some common scams that target the elderly:

  • A caller pretending to be “your favorite grandson.” This lures the victim into announcing the name of that grandson, and then the crook identifies himself by that name. If the victim has hearing loss, he can’t tell that the caller’s voice doesn’t sound like his grandson.
  • The caller then gives a sob story and asks Gramps to wire him some money.
  • Retirement home employees access resident records for their Social Security numbers and other data, then sell these to crooks.
  • An e-mail supposedly from the victim’s bank (or IRS or FBI) warns them that something is wrong and that they must act immediately to resolve the issue—and the action involves typing in their Social Security number, bank login information, etc.
  • Scam mortgage companies. These fraudsters will get ahold of applicants’ Social Security numbers, other data and even their deeds to commit identity theft.

How to Help Prevent Identity Theft

  • Some seniors are active on social media. Be very careful what you post on Facebook, Instagram, etc. Don’t post anything that could reveal your location or when you’re away from home.
  • If you’re looking for employment, refuse to take any job in which the “employer” wants you to cash checks through your account or get involved with wire transfers.
  • Don’t keep sensitive information in your wallet/purse.
  • Don’t leave your cell phone, wallet, etc., out in public where some punk could skate by and snatch it.
  • Use a shredder for all personal and financial documents.
  • Automatically delete, without ever opening, e-mails that seem to have come from your bank, the IRS or FBI. Same for e-mails announcing you won a prize or say something very suspicious in the subject line such as “Dear Blessed One” or, “I Need Your Help.”
  • Never conduct financial transactions on a site that has only an “http” in the URL, but instead, an “https” and a yellow lock icon before it.
  • Use Hotspot Shield VPN when on Free WiFi. Free WiFi is often unencrypted and vulnerable to hackers.
  • Make copies of your credit cards and other crucial documents and keep them in an easy-to-remember place in case any of these cards, etc., get stolen or lost, so you can quickly cancel the cards, etc.
  • If you want to mail a letter that contains sensitive data, deposit it at a post office collection box.
  • Believe it or not, crooks will get information out of obituaries to commit identity theft. Leave out details like date of birth, birth town, name of schools, etc., and just note age of passing and give details that an ID thief can’t use, such as, “She loved doing volunteer work with children.”
  • Check your bank and credit card statements every month for suspicious charges.

Retirees don’t have to be victims of fraud as long as they are paying attention to various scams and recognize their responsibilities regarding preventing identity theft. By putting systems in place fraud doesn’t need to happen.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Why You Should Use a Password Manager

/in /by

Most experts in cybersecurity suggest that computer users utilize a password manager, and I think they have a great point. These managers ensure that you can use a unique, strong password for all online account. On the flip side, there are naysayers that state a password manager isn’t as safe as you might think, as if the master password is discovered, it could give someone access to all of your information. So, who is right?

3DAccording to a recently concluded survey conducted by uSamp and sponsored by Siber Systems, creators of the RoboForm Password Manager, only 37% of survey participants use passwords that contain both letters and numbers. And only 8% report using a password management system, which can automatically create strong passwords for every site and change them frequently.

Here are some things to keep in mind:

Singing Praises for Password Managers

Why do some experts sing the praises for password managers?

  • Password managers allow you to use the most secure passwords, and allow you to use a different password for every account.
  • Since most websites have their own requirements for a password, you won’t become frustrated every time you log in, and you won’t have to remember if the ampersand is before or after the capital “S.” Besides, no one can remember every single password and username combination.
  • These password managers can work across all devices and on all browsers.

The Possible Downside of Password Managers?

Though there are certainly benefits of using a password managers, some people share their concerns with this software and state some of the following reasons:

  • There is a chance of a hack, albeit a small one, and if someone discovers a master password, they have access to everything including banking and personal information.
  • You also don’t know how secure these password managers really are, especially if it is an online password manager, such as one associated with a web browser, as the data may not be encrypted properly.

Looking At Both Sides of the Fence

When looking at expert opinion, you will typically find that most of them fall somewhere in the middle when it comes to using a password manager. These people see password managers as useful, but people should use them with caution.

  • Only use applications that have good reputations and those that do not rely on third parties
  • Use password managers that alert you immediately of a breach
  • Remember, a password manager is only as strong as the master password. This password should be strong, unique and changed often.

Good or bad, it’s probably better to be safe, rather than sorry. As with anything, be smart with your password manager, and you should have no issue with its effectiveness.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

Self-Monitored Security System Market heating up

/in /by

The Angee home security system is the only one with a video camera that rotates 360 degrees as it detects motion. And this high definition camera has smart zones; you can set up specific zones for monitoring. But Angee is more than just a video surveillance setup. It’s a self-monitored home security system, points out an article on securitygem.com.

ANG1Angee isn’t the first self-monitored home security system that allows the user to view a crime at their home in real-time. However, one feature in particular distinguishes Angee from other similar systems. And that is the versatility of the security tags.

So let’s say the small cylindrical Angee unit is on a cocktail table in your living room, and you have numerous windows throughout the house’s many rooms, and other door entries. Just slap a tag on these other windows and doors. When a tag detects activity it will send an alert to your smartphone (Angee comes with an app for this).

  • The tags will detect motion via two motion sensors including the one that fitness researchers use to measure a person’s daily physical activity: the accelerometer.
  • The motion sensors will also detect open and close movement, such as that from a window.
  • The tags, along with the base unit, will detect movement.
  • You can also activate or deactivate Angee with your voice alone, and if someone else who’s unauthorized speaks the same password, Angee will reject it.

Though one of Angee’s competitors also uses tags, its tags don’t provide the extent of operation that Angee’s does, such as the detection of motion or voice arm/disarm. Angee is also the only such system that can answer your phone.

Unlike one of its competitors, Angee lacks a flood sensor and a few other features like an outdoor smart switch. Angee also does not integrate with other online services yet.

But if you’re primarily interested in home security, the absence of some of these other features won’t be a big deal. Angee makes up for this absence with some cool features like night vision and sound detection (though it’s not the only system that has these features), plus limited free cloud storage.

Robert Siciliano, personal and home security specialist to Angee. Learn more about Angee in this Video. Support Angee on Kickstarter. See Disclosures.

Butthead Burglar buttdials Cops

/in , /by

You know what a “buttdial” is. This is when a person has a seat somewhere, and the ensuring pressure of their butt against the seat accidentally presses upon the keypad of the phone that’s in their pocket. Or they don’t lock their phone and their fingers indiscriminately just call someone. Happens a lot.

What are the odds that the numbers that are pressed actually dial someone’s number? It’s pretty small, but it’s happened so much that the term “pocket dial” is now official English vernacular.

Here’s a better question: What are the odds that a buttdial dials 9-1-1? Next question: What are the odds that the buttdialer, at the time he butt dials, is talking about committing a burglary, and the 9-1-1 dispatcher overhears this?

Well, it happened.

Usatoday.com reports that a butt dial call came in to Somerset County dispatchers in New Jersey recently, and the inadvertent call allowed them to overhear burglary plans.

Scott Esser, 42, is now in jail on $100,000 bail after butt dialing on July 27. Nobody knows exactly what he did to accidentally place this call. All we know is that it rung 9-1-1, and dispatchers heard men discussing a burglary but were not able to track the location.

However, that evening, a burglary occurred in Branchburg. And by then, the cell phone company had learned that the butt call had been made by a phone assigned to Esser.

So detectives put out surveillance on Esser, following him as he drove to a home. Once he got out, the police lost sight of him. But he returned, and the detectives went to the home—and saw that it had been burglarized. They caught up with the butthead and arrested him.

His car contained jewelry and some pricey electronics, a gun, $11,300 worth of U.S. bonds, and burglary tools. Esser was then charged with burglaries not only in Branchburg, but in Stafford and Berkeley Heights. The butthead was busted.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.