Sales Staff Targeted by Cyber Criminals

Companies that cut corners by giving cybersecurity training only to their technical staff and the “big wigs” are throwing out the welcome mat to hackers. Cyber criminals know that the ripe fruit to pick is a company’s sales staff. Often, the sales personnel are clueless about the No. 1 way that hackers “get in”: the phishing e-mail. Salespeople are also vulnerable to falling for other lures generated by master hackers.

11DIn a recent study, Intel Security urges businesses to train non-technical (including sales) employees. Sales personnel are at highest risk of making that wrong click because they have such frequent contact in cyberspace with non-employees of their company.

Next in line for the riskiest positions are call center and customer service personnel. People tend to think that the company’s executives are at greatest risk, but look no further than sales, call center and customer service departments as the employees who are most prone to social engineering.

It’s not unheard of for businesses to overlook the training of sales employees and other non-technical staff in cybersecurity. Saving costs explains this in some cases, but so does the myth that non-technical employees don’t need much cybersecurity training.

Intel Security’s report says that the most common methods of hackers is the browser attack, stealth attack, SSL attack, network abuse and evasive technologies.

In particular, the stealth attack is a beast. Intel Security has uncovered 387 new such threats per minute. IT teams have their work cut out for them, struggling to keep pace with these minute-by-minute evolving threats. This doesn’t make it any easier to train non-technical staff in cybersecurity, but it makes it all the more crucial.

Training non-technical staff, particularly those who have frequent online correspondence and have the gift of cyber gab, is the meat and potatoes of company security.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Don’t Be Lazy With Your Passwords

It can be tough being a responsible adult sometimes, and managing these responsibilities isn’t always a chore that I want to deal with. Can you relate? Managing life takes focus and effort, and managing your online life is no different. Most of us are lazy with our online accounts, especially when it comes to our passwords. It is easy to use the same password for every account, but this also makes it very easy for hackers to access your passwords.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294You Need a Password Manager

Most of us have several online accounts that require different passwords. However, trying to remember all of these passwords is difficult, so it is no wonder that people choose to only use one password for every account. How can you avoid this? You should use a password manager.

  • Password managers will help a person not only create a password that is safe and secure, but all of the passwords you choose can be stored and managed by using a master password.
  • A master password allows you to get access to all of your accounts by using only one password.
  • When you have a password manager, you will no longer have to reset passwords, and your online accounts will be more secure than ever before.

Making Passwords Strong and Secure

There are a number of ways to make your passwords secure and strong. But don’t just take my word for it, according to Bill Carey, VP Marketing for the RoboForm Password Manager “The number one thing a user can do to protect themselves online is use a strong unique password for every website”

  • Passwords should be a minimum of eight characters long.
  • All passwords should also have letters, numbers and characters that do not spell another word.
  • Make sure to use different passwords for different accounts. This is especially the case for banking and other websites that contain sensitive information.
  • Passwords should be changed frequently to ensure safety and security.

Those who have weak passwords are more susceptible to hacks and scams. Make sure to take these tips to heart and protect your sensitive online information.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

How Passwords Get Hacked

If I wanted to crack one of your passwords, I could probably make a series of educated guesses and get pretty close. Why? Because people tend to stick with simple, easy to remember passwords, but these are the passwords that are easy to hack. According to Bill Carey, VP Marketing for the RoboForm Password Manager “Users need to take personal responsibility for their passwords and not assume that companies will keep them safe.”

4DHackers Have Many Ways to Get Into Your Accounts

There are many ways that a hacker can get into an online account.

  • A brute force attack is one of the simplest ways to gain access to information, and is generally done when a hacker writes a special code to log into a site using specific usernames and passwords.
  • A hacker usually focuses on websites that are not known for security, such as forums…and if you are like most people, the same password and username you use on your favorite gardening site is the same you use at your bank…or at least a version of it.
  • The hacker instructs the code to try thousands of different username and password combinations on the target site, such as your bank.
  • What makes this easier? Your computer stores cookies, which have information on your login credentials, in a neat, orderly unencrypted folder on the cache of your web browser. As soon as this is accessed, it can be used to get into online accounts.

How to Improve Your Passwords

There are a number of expert tips that will help to improve your passwords:

  • Substitute numbers for letters that look similar, such as @ for O, i.e. M@delTFord.
  • Throw in a random capital letter where it usually shouldn’t be, i.e. PaviLlion723.
  • Have a different username and password combination for every account.
  • Consider using a password manager to keep track of all of your account credentials. This way, you won’t have to worry about remembering all of the symbols and letters. These password managers also automatically fill passwords in on web pages or on devices.
  • Test your password strength with an online tester, but make sure it is from a reputable source, such as Microsoft or even beter use the experts over at password manager RoboForm – http://www.roboform.com/how-secure-is-my-password.

Don’t learn a hard lesson when it comes to your passwords. Take the steps today to update your log in credentials, and have a safer tomorrow.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

How to prevent your Pics from being lifted: Part 2 of 2

There are many reasons someone might right-click on your image and “Save image as…”

Porn, Sex and Dating Sites

  • A woman might steal your blog headshot and use it for her dating site profile.
  • A perv might take the picture of your child off your Facebook page and put it on a porn site.
  • A person who runs a racy dating site might take your image and use it to advertise his service.

Scams

  • Someone might use, without your knowledge, a photo of your house for a rental scam.
  • Your motorcycle, jet ski, boat, puppy…you name it…could be used for scam for-classified sale ads.
  • Your avatar may be used for a phony Facebook account to then be posted in the comments section of news articles pitching some get-rich-quick scheme.

Fantasy Lives

  • Your image could be used by a lonely person to create a fictitious Facebook account.
  • A person with a real Facebook account may be so desperate for friends that they use your photo to create a fake account to then add as a friend.
  • Someone you know may steal your photo (such as an ex-lover) and create a social media account in your name, then post things on it that make you look really bad.

How can you protect your digital life?

  • For your social media accounts, make sure your privacy settings are on their highest so that the whole world can’t see your life.
  • Watermark your images so that they have less appeal to image thieves, but keep in mind that they’ll have less appeal to you too.
  • It’s one thing when an image of your house was stolen for a rental scam, but it’s a whole new animal if an image of your naked body or you engaged in a sex act was stolen. So don’t put racy images online. Never.
  • Explain to your kids about the risks of stolen images.
  • Make sure their social media privacy settings are high.
  • It’s possible your smartphone automatically stores pictures you take online. Turn off this feature.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention.

Dept. of Homeland Security Computers Vulnerable

There’s a problem on the home front: security lapses in the computers of the Secret Service and Immigration and Customs Enforcement, says a report on townhall.com. These departments were recently audited, and weaknesses were revealed.

1DRecently, hackers got into the White House, State Department and the Office of Personnel Management, among other entities. And this has caused the public to wonder about just how strong cybersecurity is for the U.S. government. So thus, the audit was carried out.

The root of the problem may be inadequate training of the investigators and analysts for the Department of Homeland Security. This seems to have stemmed from Congress cutting corners with the training budget. The internal websites for the Secret Service and ICE were shown to be deficient.

How many employees are in the Department of Homeland Security? 240,000. That’s a lot of potential for inadequate training to result in the accidental opening of a back door for hackers.

The audit made nine recommendations to the DHS. The DHS has reported that it’s been making efforts to address these recommendations.

  • The Secret Service and ICE are responsible for coming down on financial fraud, money laundering, identity theft and fraud involving banks and credit cards.
  • The National Protection and Programs Directorate (NPPD) was also audited, and this entity is responsible for the security of government computers.
  • ICE, the Secret Service and the NPPD blame Congress for the security lapses. They point out that Congress has a stop-and-go style of funding for cybersecurity, because Congress will not authorize ongoing funding throughout the year.
  • In fact, an ICE analyst revealed that he had to pay out of pocket for cybersecurity training, and thanks to the limited budget for this, was not able to attend formal training in four years.

The report states that employees may not be able to perform assigned incident responses to a cyber attack, nor efficiently investigate such an incident, as long as training was come-and-go and only peppered throughout the DHS instead of being department-wide.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How to Set Up a Password Manager

If you have made the decision to use a password manager for your personal cybersecurity, which I highly recommend, you will quickly find that you online world is safer, easier and more secure than ever before.

7WAccording to a recently concluded survey conducted by uSamp and sponsored by Siber Systems, creators of the RoboForm Password Manager, 63% of respondents reported forgetting a password, or had a password become compromised, in their professional life.  But it doesn’t need to be this difficult.

What Does a Password Manager Do?

Before choosing a password manager and setting up an account, you may be curious to see exactly what they do:

  • A password manager stores the passwords for your online accounts in one, easy to access place, as long as you have access to the master password.
  • The passwords are stored and encrypted by the password manager software, and the information is controlled by a master password.
  • The password manager will allow you to create a strong password for every account without the need to have to remember them.
  • Many password managers can sync across devices and platforms, as well as browsers, so you can use it with almost any online account you have.

Setting Up a Password Manager is Easier Than You Think

Setting up a password manager is typically easy, and the process begins by downloading the manager onto your device.

  • Setting up the account is no different than sitting up any other account. You will need a user ID, password, name and email address in most cases.
  • Each device you use should have the password manager installed onto it.
  • The data will automatically sync from device to device as it is updated according to information from RoboForm.com.
  • As long as the master password is kept safe, the data stored within the password manager is secure.
  • To start saving passwords to the password manager, log into websites as you normally do, and then the program will ask if you want to save the log in information. Once the information is saved, each time you go to the site and attempt to log into your account, the password manager will automatically enter your information.

As you can see, using a setting up a password manager is quite simple, and it is likely easier than you ever thought in the past. It can be done in minutes and will keep you safe for many years to come.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

Do It yourself home security getting easier

How would you like a home security system that’s also your personal assistant? Angee Inc., a new company out of San Francisco, knows you’d like one.

ANG2Features of the Angee Device

  • Smartphone controlled
  • Has a Full HD camera with night vision.
  • Learns habits of and senses presence of household members to automatically arm and disarm.
  • Camera rotates 360 degrees—and does so as it detects motion; intruders will not be able to get out of view while they’re burglarizing.
  • Security tags provide security of a property’s entire perimeter, so that entrance via a tagged door or window will be detected.

Furthermore, says an article on gizmag.com:

  • The Angee system is portable, is powered by a battery and has local data storage.
  • So if there’s a power outage, Angee will be able to keep monitoring your home for at least eight hours.
  • Angee can record about an hour of high definition footage, and longer at lower quality.
  • Footage can also be stored in the cloud. However, Angee can distinguish between benign activity and suspicious activity, so there shouldn’t be any useless footage time.

How can Angee tell suspicious activity from normal activity?

  • It learns to recognize the movement patterns of household members. Intruders move differently.
  • Burglars also enter and exit their target homes in a peculiar manner.
  • If the burglar has an accomplice, there’s likely to be conversation, and Angee will detect these unfamiliar voices.
  • Angee will recognize familiar people by their voice or by a Bluetooth signal that connects with their smartphone.
  • If the Angee user has an iOS or Android, they will receive an alert when Angee detects suspicious activity; Angee will then stream video of this activity.

The gizmag.com article further explains that Angee can be controlled by voice commands, including recognition of vocal passwords. Angee is practically human, as it can even remind you to close windows if rain is predicted. It can also check your calendar and answer the phone. There are many ways the user can “program” Angee to behave, and Angee also gets smarter and more personalized the longer you have it in your home.

Through a Kickstarter campaign, Angee Inc., has raised over $260,000 and is still going. The unit is projected to retail at $429, and the expected delivery date is October of 2016.

Robert Siciliano, personal and home security specialist to Angee. Learn more about Angee in this Video. Support Angee on Kickstarter. See Disclosures.

Internet of Things and Home Security

Hah, that dual chamber deadbolt and the door jamb reinforcement! Yup, they’re good at keeping thieves from getting to your jewelry box and stash of $100 bills, but what about your bank accounts and identity?

5HIf you have any “smart” gadgets in your house, cybercriminals may be able to hack into these and burrow straight to your financial information, credit card information, Social Security number and everything else about you—and rip you off like no masked man picking your front door lock can.

In vulnerable devices, a hacker can gain access to your bank account number, passwords, usernames, etc., through your “connected” thermostat, baby monitor, even home security system. The Internet of Things is a godsend to cyberthieves. In short, if something in your house is wireless, it’s hackable, says a report on forbes.com.

Now this isn’t to say that you’d better toss that smart baby monitor or milk-spoilage detector, but it simply means that now is as good a time as ever to be aware of how hackers could exploit these gadgets. And that people should weigh the benefits and risks of convenience vs. hackability.

For example, will your life really be easier if your connection to the Internet is activated by your voice rather than finger on a mouse? So rather than go the route of convenient gadgets that don’t consider security, choose security devices that come with “smart” security features too.

For ideal security, all of a home’s connected devices should communicate with each other. This can’t happen if gadget 1 is from Company A; gadget 2 from Company B, and so on.

Again, there’s no need to fear that the connected baby monitor will give a hacker in Russia access to your savings account, but the Internet of Things has reached a point where we must give some pause to all of the possibilities.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Credit Card vs. Debit Card Fraud

One difference between a credit card and a debit card is that if there’s an unauthorized charge on your credit card, you just get a little sting. It’s a hassle to straighten out. But no money is taken from you.

2CBut if someone gets ahold of your debit card information, the second they use it, depending on the nature of the transaction, your bank account will be drained. And in some cases, you can kiss that money goodbye; you got scorched. More than ever, crooks are using others’ debit card data and sucking dry their bank accounts via ATMs—in an instant.

An article on blogs.wsj.com outlines the differences between a credit card and a debit card:

  • Federal law protects you from unauthorized charges made with your credit card number rather than with the actual card.
  • In the event the credit card is in a thief’s hands, you’ll be liable, but only for a maximum of $50, provided you report the problem to the credit card company. However, in many cases a “zero liability” policy may kick in.
  • Debit cards fall under a different federal law than credit cards. Regulation E, the Electronic Fund Transfer Act, says after two days, you could be liable for up to $50. After 2 days liability jumps to 500.00. Beyond 60 days, you could be liable for all unauthorized transactions. Otherwise, federal rules are on the bank’s side.
  • Beyond 60 days, there’s likelihood you’ll never see your money again.

How does the thief get one’s card information in the first place?

  • The thief places a “skimmer” in the swiping device of an ATM or other location such as a gas pump or even the swiping device at a checkout counter. The skimmer snatches card data when the card is swiped.
  • The thief returns at some point and retrieves the skimmer, then makes a fake card.
  • Thieves may capture PINs with hidden cameras focused on the ATMs keys. So when entering PINs, conceal the activity with your free hand.
  • A business employee, to whom you give your card to purchase something, may be the thief. He disappears from your sight with your card to swipe it at some unseen location. While away from you, he skims the data.
  • The thief sends out mass e-mails designed to look like they’re from the recipient’s bank, the IRS or retailers. The message lures the recipient into clicking a link inside the e-mail.
  • The link takes them to a site set up by the thief, further luring the victim into typing in their card’s information.
  • The thief calls the victim, pretending to be the IRS or some big outfit, and lures the recipient into giving out card information.

It’s obvious, then, there are many things that can go wrong. Your best solution is to pay close attention to your statements, online or via a mobile app, frequently.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

How to Choose a Home Security Safe

Home safes aren’t just for expensive jewels and wads of $100 bills. They can be for anything you’d be crushed about if it were stolen, lost or burnt in a fire. This could be a birthday card that your child made for you when they were five, or a photo of you and your grandmother.

4HHome safes come in all sorts of designs and sizes. An article on community.homeclick.com provides tips in choosing the home safe that best suits your needs. Let’s first look at the three types of locking mechanisms: keypad combination, cylinder dial and keyed lock.

Keypad Combination

  • Fast access
  • Can be customized
  • Uses batteries (which means replacement is necessary).
  • This type of safe may be small enough for a burglar to just carry away, intending to figure out how to open it later. Bolt it to the floor.

Manual Dial

  • Requires knowledge and skill (including a screwdriver) to change the combination.
  • Because of this, most people settle for the manufacturer’s preset combination.

Keyed Lock

  • Some models/brands can be easily picked with paperclips; YouTube is full of tutorials. Buyer beware.
  • No thief is intimidated by this kind of locking system. At worst, he’ll just take the safe with him and deal with getting it open once he’s home. Bolt it to the floor.
  • Nevertheless, these safes can protect from water and fire damage.

A big heavy safe with a good locking mechanism is not inviting to a burglar. Ideally, the safest safe is big, heavy and has a digital or manual dial locking system. Even if you have only a few valuables, a big hulking safe will deter a burglar. But if you’re not concerned about burglars, at least be concerned about fire protection—or rather, slowing down a fire.

The ability of a safe to withstand searing heat varies. They are rated for this ability. For example, says the community.homeclick.com article, a common rating is that of one hour at 350 degrees. But this rating probably will not protect sensitive electronic items in a house fire. All safes have a fire and water protection rating.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.