Sorry, stop posing Kids’ Photos online

/in , /by

Frankly, naked babies shouldn’t be a big deal. If you don’t have naked baby pictures of your kids in the kitchen sink then you aren’t human. BUT….the world has changed. If you compare posting your children’s photos online with whipping out a wallet photo of your toddler daughter in the bathtub to your dinner party guests, I will have a bird.

This is because people just love to post images of their partially or completely naked toddlers and preschoolers online: in bathtubs, those inner tube swimming pools, on beaches or wherever.

Awww, ain’t they purty little young’uns! Well, here’re the problems:

  • One particular image snatches the attention of a roaming pedophile, and he becomes hell-bent on getting his hands on that child—who’s yours.
  • Years after the image goes up, your child is suddenly being ridiculed in school over it.
  • Your child, when older, feels humiliated over the scads of revealing or even gross images (fingers shiny from a thick coat of saliva because they’re halfway in the toddler’s mouth; food smeared all over the mouth; slimy drool hanging from the mouth—yes some parents think this is adorable).

It’s not only not safe to become a post-a-holic of your child’s images, but it’s not smart. Isn’t the whipping out of the print photo at the dinner party or at the workplace break room enough? Must the images go online, where they’ll stay forever, for the entire planet to see?

Many parents don’t bother with Facebook’s privacy settings. And why? Hell if I know. These same parents would never run up to every single person at the grocery store and shove in their face the latest photo of little Mikey in the bathtub. So why share it with the whole world including Mikey’s future classmates?

Would you ever approach the seedy looking man on the street corner and show him a photo of half-naked little Maddelynn on the beach? I didn’t think so. Yet pedophiles really DO peruse Facebook for revealing images, and depending on what else you have up there including the image’s GPS data, the perv can get your home address.

  • Learn Facebook’s privacy settings and set them at their highest.
  • Find out whom your “sharing” images with. Do all of these people meet your approval? Do you know whom they’re sharing them with?
  • It’s not a crime to build old-fashioned photo albums—stored safely on a living room shelf that only visitors to your house can view.

When in doubt, don’t post it. Once it’s up, it’s there forever.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Protect from Personal Loan Scam

/in , /by

Are you thinking of getting a personal loan? Hopefully you have a high credit score, as this will give you a better chance of getting the loan through a legitimate company. But even if your credit is excellent, you need to be aware of the personal loan scams out there.

2DNot Respecting Your Limit

  • You don’t want to do business with a lender that pressures you into borrowing more than you can handle

Upfront Payment

  • You should never have to pay any fees for the application process. If you’re requested to do this, move on.

Pumped up Interest Rate

  • Know what the going interest rate is. A good lender will quote you near this average rate.
  • A bad lender will recognize the desperation of the applicant with bad credit and try to sock them with an abnormally high interest rate.

Us and Only Us

  • Be suspicious of lenders that don’t like the idea of you shopping around for better rates.
  • This is a red flag that they have questionable loan practices.

Location, Location

  • An honest, legitimate lender or bank has a verifiable physical address. Get this confirmed with Google maps.
  • If you can’t, move on. But know that even a predatory lender may have a very solid physical address.

Solicitations

  • As in ones you didn’t request. Watch out for banks that send you unsolicited invitations for a personal loan application.

 

Don’t Be Intimidated

  • Because a seedy outfit may want to scare you into closing on their loan. But they can’t do anything to you, even if they use the term “legal action.”
  • If you want to reject their loan offer, then do so.

SSN

  • Does the lender want your Social Security number? This is fine if they’re wanting to do a credit check.
  • If they’re not doing a credit check but want your SSN, move on.

Signing Empty Documents

  • Do not sign anything that does not have the interest rate, terms, loan amount, monthly payment and other crucial information.
  • Before signing anything, make sure there are no blank areas that can be filled in later.
  • Run if the lender wants you to sign something that’s missing information.

Guaranteed!

  • Is a bank guaranteeing your personal loan? Sounds great, right?
  • Not so fast. They cannot do this if they have not verified your financial history or credit history.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

2016 Information Security Predictions

/in , , , , /by

No bones about it, 2016 is sure to see some spectacular, news-chomping data breaches, predicts many in infosec. If you thought 2015 was interesting, get your seatbelt and helmet on and prepare for lift off…

4WWearable Devices

Cyber crooks don’t care what kind of data is in that little device strapped around your upper arm while you exercise, but they’ll want to target it as a passageway to your smartphone. Think of wearables as conduits to your personal life.

Firmware/Hardware

No doubt, assaults on firmware and hardware are sure to happen.

Ransomware

Not only will this kind of attack continue, but an offshoot of it—“I will infect someone’s device with ransomware for you for a reasonable price”—will likely expand.

The Cloud

Let’s not forget about cloud services, which are protected by security structures that cyber thieves will want to attack. The result could mean wide-scale disruption for a business.

The Weak Links

A company’s weakest links are often their employees when it comes to cybersecurity. Companies will try harder than ever to put in place the best security systems and hire the best security personnel in their never-ending quest for fending off attacks—but the weak links will remain, and cyber crooks know this. You can bet that many attacks will be driven towards employees’ home systems as portals to the company’s network.

Linked Stolen Data

The black market for stolen data will be even more inviting to crooks because the data will be in sets linked together.

Cars, et al

Let’s hope that 2016 (or any year, actually) won’t be the year that a cyber punk deliberately crashes an Internet connected van carrying a junior high school’s soccer team. Security experts, working with automakers, will crack down on protection strategies to keep cyber attacks at bay.

Threat Intelligence Sharing

Businesses and security vendors will do more sharing of threat intelligence. In time, it may be feasible for the government to get involved with sharing this intelligence. Best practices will need hardcore revisions.

Transaction Interception

It’s possible: Your paycheck, that’s been directly deposited into your bank for years, suddenly starts getting deposited into a different account—that belonging to a cyber thief. Snatching control of a transaction (“integrity attack”) means that the thief will be able to steal your money or a big business’s money.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

11 Ways to Mitigate Insider Security Threats

/in , , , /by

Companies are constantly attacked by hackers, but what if those attacks come from the inside? More companies than ever before are dealing with insider security threats.Here are 11 steps that all organizations should take to mitigate these threats and protect important company data:11D

  1. Always encrypt your data If you want to minimize the impact of an insider threat, always encrypt data. Not all employees need access to all data and encryption adds another layer of protection.
  2. Know the different types of insider threatsThere are different types of insider threats. Some are malicious, and some are simply due to negligence. Malicious threats may be identified by employee behavior, such as attempting to hoard data. In this case, additional security controls can be an effective solution.
  3. Do background checks before hiringBefore you hire a new employee, make sure you are doing background checks. Not only will this show any suspicious history, it can stop you from hiring any criminals or those associated with your competitors. Personality tests can also red flag the propensity for malicious behavior.
  4. Educate your staffEducating your staff on best practices for network security is imperative. It is much easier for employees to use this information if they are aware of the consequences of negligent behavior.
  5. Use monitoring solutionsThere are monitoring solutions that you can use, such as application, identity and device data, which can be an invaluable resource for tracking down the source of any insider attack.
  6. Use proper termination practicesJust as you want to be careful when hiring new employees, when terminating employees, you also must use proper practices. This includes revoking access to networks and paying attention to employee actions on the network in the days before they leave.
  7. Go beyond the IT departmentThough your IT department is a valuable resource, it cannot be your only defense against insider threats. Make sure you are using a number of programs and several departments to form a team against the possibility of threats.
  8. Consider access controlsAccess controls may help to deter both malicious and negligent threats. This also makes it more difficult to access data.
  9. Have checks and balances for all staff and systemsIt is also important to ensure there are checks and balances in place, i.e. having more than one person with access to a system, tracking that usage and banning shared usernames and passwords.
  10. Analyze network logsYou should collect, store and regularly analyze all of your network logs, and make sure it’s known that you do this. This will show the staff that you are watching what they are doing, making them less likely to attempt an insider attack.
  11. Back up your data Employees may be malicious or more likely they make big mistakes. And when they do, you’d sleep better at night knowing you have redundant, secure cloud based backup to keep your business up and running.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. See him discussing identity theft prevention.Disclosures.

Everything You need to know about Door Security

/in , /by

“I don’t need to lock my doors all the time; this neighborhood is very safe.” And I have some land in the Caribbean I’d like to sell you.

1BBurglars know that every “safe neighborhood” has a certain percentage of fools who think they’re immune to break-ins. And thieves would rather intrude upon a home with lots of nice things—and these homes are usually in “nice neighborhoods.” Hello?

Big mistakes:

  • Leaving doors unlocked
  • Keeping doors locked—but the lock system sucks

I hope you don’t fall into either of the above categories.

What you see on TV is true: Locked doors CAN be kicked open. Builders of homes don’t have the future resident’s security in mind. They cut corners whenever possible. You can bet a new home has a crappy door lock. And an old home, for that matter. Any determined thief could get past these doors even when they’re locked.

But there’s hope. Lots of it. First of all, keep your doors locked. Even if the lock isn’t too great. After all, many times a thief will give up after learning the door is locked. Many burglars are very impatient and want a quick, quiet job. But since you can’t read the mind of the next crook who prowls your neighborhood, it’s best that you get optimal door security.

 First-Line Door Security

  • The door frame on the lock and hinge sides should be reinforced.
  • Think “door reinforcement” Metal plates reinforcing the door jam is fundamental to door security See Door Devil.
  • Wood doors should be solid hardwood all around.
  • Getting a peephole.
  • Don’t answer the door. Don’t feel you must answer the door every time someone’s there. It’s not a crime to ignore the visitor. If you’re not expecting anyone, it’s safest to just ignore them. It’s extremely unlikely that they’re about to die from dehydration or hemorrhaging; assume whatever they want is not a matter of life and death.
  • If you have a door that’s not visible to people passing by, this door especially needs optimal security.
  • A steel-clad door should have 24-guage steel and a wood lockblock core.
  • Hardened steel deadbolts are a must and should have a five-pin tumbler. Associated screws should be as long as they come for deadbolts. Deadbolts should have wrap-arounds.
  • Consider a vertical deadbolt or multi-lock deadbolt for maximal security.
  • Another layer of maximal security is the grade of door hardware, whereas grade 1 is the highest; grade 2 is moderate; and grade 3 is so-so.
  • Beware of flimsy screws!

Adjuncts to Door Security

  • Use a door brace (metallic pole that has one end fitting under doorknob and the other end securely on the floor, out at an angle, to prevent the door from opening).
  • A door stop or wedge will probably not stop a brute-force push-in, but a door stop can be equipped with an alarm that will trip if someone tries to push their way in.
  • Don’t bother with the door chains that you so often see on TV. We’ve all seen it: The bad guy is on the other side of the door while the apprehensive woman is speaking to him through that small opening. He then pushes on the door and breaks the chain. This can really happen!

Robert Siciliano is a home and personal security expert to DoorDevil.com discussing Anti-Kick door reinforcement on YouTube. Disclosures.