Covid-19 Remote Desktop Has Significant Risks

Are you newly working from home? Or are you an old pro? Either way, it is likely you are using some form of remote desktop protocol. Those of us who have been working home as our primary means of earning a living, know these tools very well and are accustomed to eliminating the various distractions in our home environment in order to get the job done. There are some precautions to be aware of.

None of us think that we are going to get hacked, even though we have seen time and time again that it is very possible. Even the largest companies in existence have been hacked, and small businesses are even more at risk. You can add even more to this risk if you use a software called Remote Desktop.

Basically, Remote Desktop allows you to access computers remotely in your home or office and give network access to employees who are working remotely. However, when you give or have this access, you are opening up your network to hackers. Thousands of companies and individuals have fallen victim to this, and just one successful hack can be devastating to a small business.

Remote Desktop: What is It?

Remote Desktop, or RDP, is a very common software. In fact, if you have Microsoft Windows, you probably have this software and don’t even realize it. Though it is a very powerful tool for businesses, it is also not very secure.

Criminals know this, of course, and they have created a huge variety of tools to hack into this software. When they get access to the network, criminals can access company information and then take things like log-ins and passwords. Once they have this, they can buy and sell them so that other criminals can use them to access your network. Once they are in, they can do almost anything.

Are You at Risk?

There are estimates that there are over three million companies that theoretically have access to Remote Desktop. Most of them are small businesses and many manage their own IT services in house. If you are a small business and you have an in-house IT department, you could definitely fit into this category. What’s more is that hackers tend to target these businesses, too. Any company that has RDP access enabled is a target of hackers.

What Can You Do About It?

Hopefully at this point you are wondering what you can do to protect your business from hackers who like to access networks through RDP.

  • If you aren’t using remote desktop, then the first thing you should do is to remove Remote Desktop from your network.
  • Make sure to update your operating systems critical security patches which will inevitably update any software around remote desktop protocol.
  • Update all software that could allow remote desktop to be vulnerable
  • Make sure your wireless connections are encrypted which generally means password-protected.
  • If you have a good reason for keeping it, you can also choose to restrict access by setting up a virtual private network, or VPN.
  • Additionally, you can create a firewall to restrict its access
  • Setting up multi-factor authentication is also a good idea if you want to keep this software.
  • Just be aware that none of these solutions are fool proof except totally deleting the software.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

It’s Tax Time: Play it Safe or Lose Your Identity

Once again, tax time has rolled around, and though you technically have until April 15th, it’s always best to file a bit earlier…especially if you want to avoid setting yourself up for ID theft.

How Could Filing Taxes Compromise Your Identity?

Here’s how you could become a victim of ID theft just by filing your taxes: the first method is that a thief uses your Social Security number to file taxes, and then they steal your refund. The second method that they use is they take your Social Security number, get a job while using your Social Security number, and then their employer reports that income to the IRS. When that happens, the IRS gets your return, flags it as suspicious, and you could get a big tax bill in the process.

Of course, in either case, you could face some big problems. You could, for instance, be unable to file your own tax return or collect your refund…at least for a while until the IRS sorts it out. You also might find that the thief has used your Social Security number to get credit cards, loans, or other cash that will wreck your credit.

How do Thieves Get Your Information?

The big question here is this: how do the ID thieves get your Social Security number in the first place? Generally, they do it by hacking. For instance, do you remember the Equifax hack from 2017? Millions of people were affected, and you, too, could have been involved in that. It’s possible that thieves could get your Social Security info from hacks just like this one.

What to Do if You are a Victim

If you learn that you are a victim of tax ID theft, there are some things that you can do.

  • Fill out Letter 5071C – This is a form that the IRS sends if it feels like your tax return is suspicious.
  • Fill out Form 14039 – This form alerts the IRS that you believe you are a victim or potential victim of tax ID or regular ID theft.
  • Get an Identity Protection PIN – This is a number that the IRS can give you to confirm your identity on any future returns.
  • Report to the Federal Trade Commission – You should also file a report at IdentityTheft.gov to alert the FTC of the situation.
  • Contact your state’s tax office – Also, make sure to contact the tax office in your state. It might have other recommendations for you.

If you have tried to e-file and get a rejection, you should still file a paper return via mail. Also, call the IRS Identity Protection Unit for help. An agent can get you started on taking care of the issue and make sure your taxes are filed appropriately.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

12 Ways To Contain the hack, stop the bleeding & eliminating the threat

Hey YOU, SMB, yeah I’m talking to you. There are a number of things that you can do to not only protect your personal information, but also the information you have in your business:

  1. Hire a professional It is entirely possible the small business was hacked because they did not employ technicians to prevent it in the first place. Therefore 3rd parties that specialize is security and breach mitigation should be contacted immediately.  These IT security professionals specialize in containment. Their role will be to forensically determine the nature of the compromise, remove the vulnerability, update any necessary hardware and software, and ensure a breach such as this does not happen in the future.
  2. Disconnecting every affected device from the Internet temporarily The purpose here is to stop any data from leaving the network and to prevent the hacker from communicating with the server. This may mean disabling internet connections or physically unplugging the internet from connected devices
  3. Change and reset passwords – Many hacks begin with compromised passwords. And the moment a network or device goes back online the hacker will log back in unless all credentials have been changed and updated.
  4. Update all software – Begin by scanning all hardware and software with anti-virus programs and removing viruses. Vulnerabilities are often due to outdated software or operating systems riddled with flaws. Updating with critical patches eliminates these threats.  The breached party should have redundant networked hardware systems in place, backed up data, contingency plans to put duplicate systems online immediately in order to maintain operations.
  5. Update your Companies Hardware– Old outdated hardware simply can’t keep up with the requirements of newer robust software or the security software required to keep networks secure.
  6. Back Up All of Your DataYou have to make sure that you are regularly backing up data to a secure location. This data should also be encrypted.
  7. Manage All IdentitiesYou also must make sure that you are managing identities and access to accounts. You must do this across the board, as just one account being accessed could make you or your network extremely vulnerable.
  8. Use Conditional AccessAdditionally, you should make sure to use conditional access that is based on factors such as location or device.
  1. Utilize Multi-Factor Authentication – You can use multi-factor authentication to keep accounts protected, too. You can use this on its own, or with other conditional access methods to ensure those who are trying to access your data are legitimate.
  2. Security Awareness Training– Assuming employees know what to do and more importantly, what not do, is risky. Providing effecting ongoing security awareness, and in the authors opinion “security appreciation training” is partnering with employees to protect the network.
  3. Patching – Set up a system so that you can always ensure that your hardware and software is always patched and updated on a regular basis. This helps to keep your data safe.
  4. Align Your IT Security with Other Business Security – Those who are in the IT industry often feel as if they are struggling to keep up with changing technology, including security tech. The success of a business is based on keeping it secure, and by keeping all types of security in mind, including IT security, has a direct impact on revenue.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

How to Prevent your Devices From Spying on You

You might not realize it, but your electronic devices may be tracking you. They know what you are doing, what you are reading, and the things you like to do. In almost every case, you give these devices permission to collect this info when you start using them. Here are some tips to help you prevent your devices from spying on you:

Laptops

Macs

If you are using a macOS computer, you can limit the information you are sending to Apple by choosing the Apple menu > System Preferences > Security & Privacy. Click the “Privacy” tab, and then you will see options about what apps can use and share data. If you click “Analytics,” you can do even more. Also, keep in mind that if you install a new app, you have to do those updates, too.

Windows

If you use Windows, you can limit the info you share by going to “Settings,” and then clicking on “Privacy.” You can enable and disable settings for each app. Again, any new apps that you install must be taken care of separately.

Chromebook

Google collects a ton of data, so Chromebook users should pay attention. Got to My Activity, and then delete what you want. You can also turn off some of the data collecting by clicking “Manage your Google Activity,” and then “Go to Activity Controls.”

Phones

You can do similar things to stop data collecting on your phone, too.

iOS

If you have an iPhone, there is a Privacy setting in the Settings menu. Open it, and then click on “Analytics,” to see what you share with Apple. If you don’t want to share this, simply toggle it all off. You can go back to “Privacy,” and then take a look at what the settings are for every app you have downloaded to your phone.

Android

If you have an Android phone, you can choose Google, then go to “Personal Info & Privacy.” Choose the “Activity Controls” screen, and then pick and choose what you want to share. Again, you have to also go to change settings for each app, too.

Fitness Trackers

Your fitness tracker is also spying on you. Apps like Strava and FitBit can be controlled through the Settings and Privacy options on your phone. You can do more, though:

Strava

Click on “Menu,” if you have Android or “More,” if you have iOS. Choose “Settings,” and then “Privacy Controls.”

FitBit

With FitBit, tap your profile, and then your account name. Tap “Personal Stats,” and then “Settings” followed by “Privacy.”

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

What is Synthetic Identity Theft?

Identity theft is when a person steals another person’s private and personal information, generally to make money from it. You probably already knew this, but have you heard of synthetic identity theft? This is a bit different.

With synthetic identity theft, a person creates a new and very fake identity by combining the real information from a person with made-up information. You might not think this is a big deal, but it can be very bad for anyone who has their identity stolen.

Here are three ways that ID thieves can create synthetic identities:

Creating a New Credit Profile

The most common way to create a synthetic identity is to create a new credit profile using the victims SSN but a different name. Basically, they apply for credit using these fake identities. Generally, the application will be denied, but in the process, it creates a credit profile. Then, they can apply to companies that cater to people with poor or no credit. Though the card limits are typically small, less than $500, it still gives them money.

The Piggyback

Another thing that people do to create a synthetic identity is the piggyback. Basically, they look for people who have good credit, and then add a fake person as an authorized user to the account. They do not use the account, however. Instead, they let it sit for a few months. The credit agencies create a report of the synthetic identity, who now has an excellent credit rating and can get high limit credit cards.

Data Furnishing

The third tactic is called data furnishing. This is quite effective and sophisticated and requires the participation of someone from some type of business. Basically, they need a small business owner or manager who is willing to help with this fraud. The company is already vetted and is then approved to offer information on customers. They allow fake IDs, or synthetic identities, for malicious duties. This generally takes several months to set up, but the thieves can make a ton of money.

Right now, it’s hard to really pinpoint the financial impact of what these synthetic identities have, though it is believed that it has caused billions in losses. That means, however, for an ID thief, there are billions to be made. Fortunately, there are some things you can do to protect yourself including being very careful about the information you are sharing, especially on social media. Also, make sure you have a credit freeze and identity theft protection and that you are regularly checking your credit report.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

How a Wi-Fi Hacker Snoops on Your Laptop and Mobile

You have likely heard of the dangers of using unsecure public Wi-Fi, so you know that hackers are out there snooping. It is pretty easy to hack into a laptop or mobile device that is on a public Wi-Fi connection with no protection. Hackers can read your emails, steal passwords, and even hijack your website log ins.

Let’s imagine that you are in a local coffee shop with your laptop. All someone has to do is download a wireless network analyzer, which usually has a free trial, and with the right hardware and additional software they can often see what everyone is viewing online…unless they are protected. In some cases they can also read your emails that are going out and received, as well as texts you might be sending. Scary, right?

Tips on How to Use a Wi-Fi Hotspot Safely

You now know what you are up against when you connect to a public Wi-Fi spot, but you should also know that you can use them with some safety in mind. Here are some tips:

  • When you log onto a website, only use an encrypted connection. This means use the URL that begins with HTTPS, not HTTP. Keep an eye on that as you move from page to page because some sites will send you to an unsecured page, which makes you vulnerable.
  • There are also many websites out there that will allow you to encrypt your browsing session automatically. Facebook, for instance, has this. To turn it on, go to your “Security” settings on the site, and then enable “Secure Browsing.”
  • If you are going to check your email, login to your web browser and then ensure that your connection to your email client is encrypted. (Check by looking at HTTPS). If you are using Outlook, or another email client, make sure that your settings are set for encryption.
  • Don’t use any service that is not encrypted when you are on a public Wi-Fi connection.
  • Consider using a VPN when you are connecting to a public Wi-Fi connection. There is a small fee for this, but it’s well worth it.
  • Beware of “evil twins” which are rogue networks designed to mimic legitimate networks. Example “ATT WiFi” my be “Free ATT WiFi”. Other than downloading special software that detects evil twins, the best case is to ask someone who’s knowledgeable as to which network is the safest.
  • If you are on a private network, make sure you realize that they are also vulnerable. Anyone who knows how can spy on the network. Again, use WPA or WPA2 security so the connection is encrypted. However, if someone guesses or knows the password, they can still spy on any device that is connected

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Raising a Boy to Be a Man, not a Sex Predator

If you looked at a photo of a baby boy, could you ever predict that he would grow up to become a sexual predator? Probably not. However, a study shows that men who commit sexual crimes are more likely to have something called an “anxious attachment” to their mothers due to feeling rejected as children when wanting attention. As adults, this makes those men unable to create a healthy attachment to women. Research also shows that men who talk to other men known to harass women are even more likely to engage in this behavior.

safr.meThe big question here is how to prevent our young sons from growing up an becoming predatory men. Psychology tells us that the core of all painful behaviors are two feelings: not feeling worthy and feeling shameful. So, to stop creating predators, we must eliminate these feelings. Here are some things that we can do to start raising boys to be men and not sexual predators:

Change the Meaning of Power

Living in a society where “power” means being better than another person only leads to humiliation and judgement. When we are humiliated, we feel shamed, and that, in turn, raises the odds that a child would become a sexual predator.

Stop Associating Sex and Power

Both men and women are raised, in most cases, to believe that they can stop feeling shame if they are attractive. Women tend to do this with making themselves skinny, often with eating disorders. Men overcome shame by feeling attractive too, but also by being successful. Both genders find affirmation of this through sex, but if a person already feels humiliated, sex can make them feel even less worthy.

Celebrate our Differences

A cultural shift to celebrate our differences, including those between men and women, men and men, women and women, and those who identify as them, their, they would certainly help, too. Many men began to wonder how they could cause their maleness to be appreciated, too. However, we have to learn that we are different in regards to certain things, and to understand that it is totally possible to express differences of tolerance while still celebrating our differences.

Learn to Really Love

We also have to teach children that real empowerment comes from unconditional love. This is love that is given with joy and given without necessarily getting love in return.

Push an Evolution of Society

Research shows that when we live with an attitude of love and compassion, we feel less fear. So, we have to change the way we look at life and connect with our core ability to be loving and compassionate.

OK, so will all of the above solve our sex predator problem? NO. But, there’s definitely something to being more loving, compassionate, and mindful to others. So as my wife always says to me “Just be nice”.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Your Uber Driver May be a Criminal

Do you Uber? If you do, you probably feel pretty safe getting into the car of a stranger. However, you might not be as safe as you think.

Most people take for granted that Uber does background checks on its drivers, but there are actually a number of shady drivers who have recently been accused of crime, and it’s definitely not the first time they have had run ins with law enforcement. Some of these people are accused of committing crimes against their passengers, and that’s where things really get scary.

CNN recently took a look at both Uber and Lyft and found that both companies approved hiring thousands of drivers who have criminal records. Uber responded to this report by saying it knows that there were some hiring mistakes in the past, but they have improved the way they hire, and in 2017, rejected more than 200,000 people because of issues on the background check. However, both companies are not keen to adopt more scrutiny in the screening process.

Several state and local law enforcement agencies are pushing the companies to put more focus on potential drivers. Right now, for instance, they don’t do any fingerprinting nor federal background checks. Instead, both Uber and Lyft use a third-party background check company. It uses the name and Social Security number of potential drivers to check the national sex offender database, local court records, and suspected terrorist databases. The goal is to get drivers on the road as soon as possible, and many of these checks are instant.

Currently, there are 43 states that require screening for rideshare services, but these laws don’t say that the companies have to use a specific company or screen in a certain way. Instead, 42 of these states allow rideshare companies to take responsibility for the screening. Only Massachusetts requires a company background check and an additional check, which is done by the state. Only New York City requires rideshare drivers to have fingerprinting done.

It’s also worth mentioning that just because a company does background checks that include fingerprinting, it isn’t always fool proof. The FBI system that is used for this has incomplete records and it is not meant to be used in this way.

As someone who uses Uber, it’s important that you keep all of this on the back of your mind before you take your next ride. Yes, there is some type of background check done, but don’t let that fool you; your Uber driver could still be a criminal.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Quick and Dirty Disaster Prep Guide

How prepared are you for a disaster? Most of us are not prepared, at all, yet two-thirds of us live in an area where we are at a moderate to very high risk of experiencing a natural disaster. Here are a few things you should do, today, to start preparing for a “just in case” situation:

Be Aware

Think about your home and where you live. What disasters are likely to occur? Fire, of course, could happen to any of us, and statistics show that there is a 25% chance that you will experience a major fire in your lifetime. Fires are not the only thing to consider, though. Flooding, winter storms, earthquakes, tornados, and volcanoes are all things that can affect us in the US.

Examine Your Home

In the event of a disaster, do you know where the gas, water, and electric shut-offs are? Are your CO2 and smoke detectors working correctly? Do they have fresh batteries? Do you have fire extinguishers available? Where can you get water? Do you have flashlights and batteries? A first aid kit? A battery-operated radio to get information? All of these things are essential in a disaster situation.

Prepare and Practice

Talk to your family about emergency preparedness. Consider practicing what to do, too, such as in the case of a fire. You might even want to talk to your neighbors about it. Do you have an elderly neighbor or someone who might have extra difficulties during a disaster? Talk to them, too, and help them make a plan.

Other Quick and Dirty Tips for Disaster

Here are some other quick tips for disaster preparedness:

  • Choose a trusted distant contact. It is often easier to make a long-distance call than a local one in a disaster.
  • Consider buying a landline phone if you don’t have one. This gives you two options for calls.
  • Get a waterproof container for documents. Consider laminating these documents or storing them in heavy duty sandwich bags.

Create an Emergency Supply Kit

Finally, create an emergency supply kit including the following:

  • Water – About a gallon per person, per day, and rotate it every six months
  • Food – Enough for each person for three days. Try to find food that doesn’t need to be
  • First Aid Kit – Basic first aid supplies, and any necessary prescription drugs.
  • Batteries – Have extra batteries available. Generic brands are usually okay, but alkaline batteries tend to be better than non-alkaline.
  • Knife – Having a multi-tool knife, like a Swiss Army Knife, can be indispensable.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Creating an Effective Business Continuity Plan

Most of us have no idea when a disaster is about to strike, and even if we do have a little warning, it’s very possible that things can go very wrong.

This is where you can put a business continuity plan to good use. What does this do? It gives your business the best odds of success during any disaster.

What Exactly is Business Continuity?

Business continuity, or BC, generally refers to the act of maintaining the function of a business as quickly as possible after a disaster. This might be a fire, a flood, or even a cyber-attack. With this plan in place, you can refer to it for specific instructions and procedures that need to be done following these disasters.

Some people believe that a disaster recovery, or DR, plan is the same as a BC plan, but that’s not the case. A DR plan focuses specifically on the IT side of things. In fact, the DR plan is one part of a full BC plan.

Think of your own organization. Do you have a plan in place to get sales up and running immediately? What about HR? Manufacturing? Customer service? If your physical business was leveled in a tornado, how would your CS reps handle calls from customers? If you have no idea, you probably need to think about a BC plan.

Why Having a BC Plan Matters

It doesn’t matter if you have a small business or large corporation, it’s very important that you remain competitive. It is imperative that you keep your current customers while also bringing in new ones…and there is no better test for you than a disaster.

Making sure that your IT capabilities are restored is critical, and there are a number of solutions available. You can certainly rely on your IT team to do this, but what about the rest of the company functions? The future of your company depends on you getting back on track quickly. If not, you can see your value plummet and customer confidence tumble.

Your company can also experience losses. These include financial losses, but also legal losses, and, of course, your company’s reputation.

The Parts of a BC Plan

If your business doesn’t have any type of BC plan in place, you should start by assessing all of your business processes. Take a look at and point out all of the vulnerable areas, and what your losses might be if you lose function in those areas for a day…a couple of days…a week, or even more.

Next, you want to start developing a course of action. There are six steps here, in general, including:

  • Step #1 – Identify what you need to do with this plan
  • Step #2 –Choose your key areas to focus on
  • Step #3 – Pick what functions are critical
  • Step #4 – Look for dependencies between different areas and functions of your business
  • Step #5 – Calculate how much downtime is acceptable for all critical functions
  • Step #6 – Make a plan to keep your company going

One of the best tools that you can have for a BC plan is a checklist that includes all of your equipment and supplies, the location of all of your backups, who should have the plan, and any contact information regarding emergency contacts, important personnel, and backup providers.

Remember, a disaster recovery plan is only one part of the BC plan, so if you don’t have a DR plan, this is a perfect time to do it. If you already have a DR plan, don’t assume that it’s going to work in with your BC plan. You need to make sure that all parts align together.

As you work to create this plan, think about meeting with people who have successfully gone through a disaster with success. They can give you some great insight and valuable information.

You Need to Test Your BC Plan

It is very important that you make sure your plan works before a disaster strikes, and the only way to do that is to test it. The best test, of course, is a real incident, but you can also create a controlled environment and test your plan.

You want to make sure that your BC plan is totally complete and that it will meet your needs in the event of a disaster. You don’t want to take the easy way out, either. Any testing you do should be a challenge for the plan. You also have to make sure that the objectives you have are able to be measured. If you just try to “get away with it,” you will have a weak plan and no success when a disaster strikes.

It is recommended that you test your BC plan a few times a year, especially if there have been any changes, such as a change in key personnel or new equipment. Doing things like walk-throughs and simulations can help everyone on your team practice, and make sure you are all ready should a disaster hit.

Always Review and Improve Your BC Plan

The efforts your put into testing your BC plan cannot be stressed enough. Once that is done, some organizations leave it and focus on other tasks. However, this is when things get stale.

Evolution is happening all of the time with both your personnel and your technology, so it’s imperative that your plan is updated to reflect that. So, you should, at least annually, bring your key personnel together to review the plan and point out any areas that might need modification. You also might want to get some feedback from your staff, too, which you can add to your plan. If you have different branches, make sure to include them in this, too.

Ensuring Your BC Plan is Supported

Having a casual attitude towards your BC plan is a sure-fire way to have it fail. Every BC plan must have the support of all staff from the CEO on down. Senior management, especially, must take a role in supporting the plan, as they can delegate to their teams. Additionally, the plan has better odds of staying fresh in the mid of everyone when it is a priority for management.

Finally, it is also very important that senior management promotes user awareness of the BC plan. After all, if your staff doesn’t know about it, how can they act during a disaster when every second of action counts? Plan distribution and training can help here, too, so consider some type of HR-led initiative to bring all employees onboard with it. This way, your staff will know how important a plan like this is, plus you make sure that they see it as a credible part of the business.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.