What is an Alarm Duress Code?

Ever consider the idea that a home intruder may force you to turn off your home alarm? Ever think that there’s a way you could secretly signal this to the authorities when you turn off the alarm while your captor is watching?

3HThere is: the alarm duress code. This code is entered on the keypad, sending a silent signal to the monitoring station of the system provider. This does not disable the system. But to your captor, you’re simply obeying his command to disable the system. He may not even know there’s even a such thing as an alarm duress code, and thus won’t have a clue what you’re really doing.

Most ADT systems’ default duress code is 2580. Call your provider if you don’t have ADT to see if it has a duress code. If you don’t yet have a security system installed, inquire about this with the technician as well as the company.

Duress codes are effective. However, they also provide peace of mind for any homeowner.

The problem with default duress codes is that if a burglar/home invader knows it, he’ll know you are signaling distress. So find out if your system has a default duress code. The user’s manual usually won’t tell you; the technician’s manual usually has this information. If there’s a default code, immediately change it. Of course, if there’s none, take measures to get one.

Other Kinds of Duress Codes

A duress code need not be electronic. It can be by voice if you’re on the phone. Your captor actually may permit you to make a call (such as to get a PIN). Of course, you’ll already have your secret word or phrase confirmed with those you trust.

The code must not be obvious to the captor, but so well-confirmed that there’s no doubt you’re in trouble. For example, everyone knows you hate sushi: “I’m about to order sushi and I forgot my cash.”

Any duress code should be simple enough to always remember, but not “discoverable.” Make sure everyone has it memorized; it should never be written down anywhere.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

5 Considerations Before Buying a Home Security System

There are numerous considerations to be made when investing in a home security system today. While the options for the type and scope of system have been narrowed down, it’s the nuances of price, service, contracts and if it’s a do-it-yourself (DIY) project, among other things, that can all make or break the long-term satisfaction rating you’ll have.

  1. Costs: You get what you pay for. Bells and whistles add up to more fees up front and with monthly monitoring. Some alarms cost little up front and have larger monitoring fees. Others cost more up front and may be a DIY job, but with smaller monitoring fees. Do the math.
  2. Remote control: For a few bucks more, most systems are equipped with the ability to control them from your smartphone, tablet or PC. Straight up, it’s worth every penny.
  3. Invest in monitoring: An alarm system that triggers a breach always sets off a siren. And while noise is a good deterrent, it’s not nearly as effective as gun-wielding police being dispatched and showing up in your driveway. Spend the few extra bucks for the monitoring.
  4. Customer service: Alarms have many little parts that “brick.” Over time, they fail, parts break, things go wrong, and alarms need replacement parts or service. Check out the reviews of a company’s ability to service its customers before you sign on the dotted line. There’s nothing more frustrating than bad customer service.
  5. Installation: Are you a do-it-yourselfer? If so, you can often save lots of money in the long term. If you need hand holding and don’t know how two-sided tape works, then having an alarm company do the installation may be your best option. Keep in mind that with a DIY job, you do it on your own time. With an alarm company doing it, you will have as many as five service installers traipsing through your house for up to three days.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Credit Card Processors Targeted In Hacker Attacks



A European hacker broke into a U.S. company’s computer network and stole 1,400 credit card numbers, account holders’ names and addresses, and security codes. The hacker, nicknamed Poxxie, sold the stolen credit card data to other cyber criminals through his own website, CVV2s.in, for $3.50 per credit card.

The malicious software or virus cyber criminals used in these hacker attacks are often known as “sniffer” software used to intercept credit and debit card numbers.  “Sniffer” software or “malware” malicious software, acts like a virus attaching itself to a network and often spreading. The software allows the criminal hacker backdoor access to all the data in the server and provides remote control functionality.

Other hacker attacks targeting credit card processors are called “spear phishing”. When an employee receives a spear phishing email and clicks the link, a program beings to download disabling the company’s anti-virus and defeating all network security measures. This is why one must never click links in the body of an email. There are hardly ever links in emails that can’t be worked around either in the favorite menus or via manually typing in the browser.

Protecting small business customer credit card data starts with PCI Compliance and basic network security tips including:

Software: Antivirus, anti-phishing, antispyware. Total protection “all access” suites of protection and full disk encryption

Hardware: Routers, firewall security appliances

Physical security: Commercial grade solid core doors, security alarm systems, security cameras.

Email Security: NEVER click links in an email of a person or company you are unfamiliar with or have not requested information from. It’s shear laziness, naiveté or foolishness when someone clicks links in the body of an email from an unfamiliar address.

Ethical hackers: Get yourself and ethical hacker to test your network and see what damage he can do before the bad guy does.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussing ADT Pulse on Fox News. Disclosures

Top 13 Halloween Safety Tips

The fall is here and Halloween is right around the corner. Fortunately for me I have two kids which means I’m going trick or treating and eating 20lbs of chocolate on November 1st.  Don’t worry I’ll give them a few pieces!

To prepare you and your family for a safe and secure Halloween follow these child safety tips from the Center for Disease Control:

  1. One basic Halloween safety tip is to avoid trick-or-treating alone. Walk in groups or with a trusted adult.
  2. Fasten reflective tape to Halloween costumes and bags to help drivers see you.
  3. Examine all treats for choking hazards and tampering before eating them. Limit the amount of Halloween treats you eat.
  4. Hold a flashlight while trick-or-treating to help you see and others see you. Always WALK and don’t run from house to house.
  5. Always test make-up in a small area first. Remove it before bedtime to prevent possible skin and eye irritation.
  6. Look both ways before crossing the street. Use established crosswalks wherever possible.
  7. Lower your risk for serious eye injury by not wearing decorative contact lenses.
  8. Only walk on sidewalks whenever possible, or on the far edge of the road facing traffic to stay safe.
  9. Wear well-fitting masks, costumes, and shoes to avoid blocked vision, trips, and falls.
  10. Eat only factory-wrapped treats. For your child’s safety, avoid eating homemade treats made by strangers.
  11. Enter homes only if you’re with a trusted adult.
  12. To prevent fires, never walk near lit candles or luminaries. Be sure to wear flame-resistant costumes.
  13. (Because 13 is a scary number) When I was a teen kids would be foolish and dangerous and douse someone’s head with hair removal products.  It’s dangerous, stupid and can cause irreversible damage to the eyes, and is poisonous if ingested.

Robert Siciliano personal and home security specialist toHome Security Source discussing ADT Pulse on Fox News. Disclosures

Social Media Security in the Workplace

Why someone would set up a fake social media profile? The answer correlates with news of cyber-attacks on businesses and other organizations being targeted with advanced persistent threats which has risen sharply over the past two years.

The Register reports “Social engineering via platforms such as Facebook can be one of the early stages of an advanced persistent threat (APT), the latest buzz word on the information security scene and a technique commonly linked to cyber spies operating from China.”

One highly publicized cyber-attack was on Supreme Allied Commander Europe (SACEUR) Admiral James Stavridis NATO’s most senior military official.

It is believed the social media account in his name was “attempt to trick colleagues, friends and family into giving away his personal secrets on the social network”

These cyber-attacks on social media are often used to gather intelligence to crack a password or to gain insight to knowledge based questions or challenge questions. For example:

  • What’s your favorite food?
  • Where did you honeymoon?
  • Your first pets name?
  • Name of your first car?
  • The name of your elementary school?
  • Your father’s middle name?
  • Your mother’s maiden name?

All these questions are meant to bypass social media security and replace that used-to-be-secret-obscure word that only you and your parents would know the answer to.

Officers of a company or anyone in a pivotal position like HR or accounting, need to recognize IT security risks and realize while they may not be a NATO commander they do have access to company and client data that may be worth serious money to a thief, competitor or foreign government.

Below are a few social media security tips on how to prevent cyber-attacks

  • Keep social media profiles all business
  • Limit “lifestyle” information and set your privacy setting to high
  • Don’t just friend anyone
  • Be cognizant that someone’s always watching and might be using what you post to access your company data

Robert Siciliano personal and small business security specialist toADT Small Business Security discussing ADT Pulse on Fox News. Disclosures

Internet Privacy Tools for Online Safety

Drug dealers, child pornographers, terrorists and criminal hackers, are often sharing the same Internet privacy tools as law enforcement, domestic violence victims and citizens of oppressive governments who most likely use a “darknet” which is an anonymous secret internet designed to cover their tracks and protect them from internet surveillance. The “darknet” is used by both good and bad people with various intentions.

These internet security tools are designed to work like a private tunnel through the internet.

And then there’s the government funded “Tor” project. The Boston Globe reports “Tor stands for ‘the onion routing’ project, initiated by the US Naval Research Laboratory in the 1990s to camouflage government communications by sending messages through a system of computers. The project was expanded in 2001 by two Massachusetts Institute of Technology students who made the technology more accessible to civilians.”

Government officials say they support the project because it provides potentially life-saving online safety and privacy for the people who need it most.  “Tor is a publicly available tool. It is used by activists and bloggers, by average US citizens protecting against identity theft, and by military and law enforcement officers conducting investigations and intelligence gathering,’’ a State Department spokesman said.

Just because internet privacy tools can be used for bad reasons by bad people doesn’t mean they are bad. A baseball bat can be used for bad reasons too.

For someone who is a victim of a stalker or domestic violence, a privacy tool like this can be a lifesaver.


Robert Siciliano personal and home security specialist toHome Security Source discussing ADT Pulse on Fox News. Disclosures

Preventing Identity Theft of the Deceased

Identity theft of the deceased is so wrong, and so easy, thanks in part to the availability of public records. In the 1990s, a provision in a federal welfare reform law created a loophole allowing swindlers to obtain Social Security numbers of the recently deceased.

Some states’ records and statistics registries include Social Security numbers on all certified death certificates. And for $18, you or anyone else can obtain a death certificate.

Experian, one of the three largest credit bureaus, was asked, “My wife has died. Should I give Experian the details, to prevent her name being used for identity fraud?”

Experian responded, “It is certainly a good idea to alert Experian and the other credit reference agencies to your wife’s passing. Remarkably, some fraudsters do target the identities of the recently deceased. We will check to make sure all her credit agreements have been closed down and also make it clear on our records that she has passed away.” For more details on how to report the death of a relative to prevent social security scams, lease read Experian’s advice HERE.

Deaths are generally reported to the Social Security administration in a relatively timely fashion, but not always. As far as I can tell, there is no IRS form designed specifically for this purpose, although the IRS does demand “a final accounting,” a responsibility that falls to the survivors or executor. When a taxpayer dies, a new taxpaying entity—the taxpayer’s estate——is born to ensure no taxable income falls through the cracks.

The three credit bureaus maintain a list of the deceased based on data from the Social Security Administration. But it can take months for these bureaus to update their databases with the latest social security information and prevent identity theft. By contacting the credit agencies directly, you can report a death with confidence that the information will be recorded immediately.

Robert Siciliano personal and home security specialist toHome Security Source discussing ADT Pulse on Fox News. Disclosures

Social Media Security Risks for Small Business

For more than a decade, cyber criminals have launched countless attacks on banks’ online infrastructure, successfully one-upping security professionals and their clients by creating viruses that bypass existing security measures.

In response, computer security companies have continuously updated their technologies to address new cyber threats.

However, one major variable that technology cannot control is the human element. Sure, many of existing computer security technologies help protect consumers, banks and small businesses from human errors like accidentally downloading a virus, or social engineering tricks designed to fool targets into clicking infected links, by warning users about potentially dangerous webpages and phishing emails. But no computer security technology or privacy policy can prevent people and employees from exposing all their lives’ details on social media websites.

When internet criminals target an organization, they start by looking for vulnerabilities in the network’s infrastructure. Beyond that, they target a business’s employees and customers by using information freely provided on the corporate site and collected through social media.

Once they have gathered enough information about a target, hackers use that data to circumvent all the IT security technologies meant to protect users. Below are some things you can do as a small business owner to reduce your social media security risks.

Implement IT Security Policies.

Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do too.

Train IT Personnel.

Effective online security policies begin from the top down. Those responsible for managing technology need to be fully up to speed with social media security risks.

Maintain UpdatedITSecurity.

Whether hardware or software, anti-virus or critical IT security patches make sure your business network is up to date.

Lock Down Online Privacy Settings.

Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave your computer security wide open for attack.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussing ADT Pulse on Fox News. Disclosures

Internet Fraud: Online Dating Scams Cost Millions

All over the world, online dating sites are riddled with internet scammers. For example the Australian government has collected reports from 1600 internet fraud victims who reported losing a total of 17 million dollars to online dating scams in 2011.

“These scams typically involve a genuine user of a dating website being contacted by a potential admirer who is a scammer in disguise. After forming a relationship with the victim, the scammer plays on emotional triggers to get the victim to provide money, gifts or personal details,” said the ACCC, which is encouraging online dating websites to help protect users from these kinds of internet scams by warning them of the risks and verifying dating profiles.

Meanwhile, Mashable reports a 150% increase in global online dating fraud in 2011

If you use an online dating service, be on guard for internet fraud and follow these internet safety tips:

  • Stick to legitimate, well-known online dating sites, and get referrals from friends who have successfully met romantic partners online.
  • When creating your internet dating profile, never post personal information, including your middle name, full address, phone number or entire birth date.
  • To vet potential online dates, look for information about them elsewhere online, and confirm that it matches the information in their online dating profiles.
  • If a potential online date asks for a loan or any financial information, report them to the online dating website immediately. Discussion of money or loans in any capacity is a red flag.
  • When it comes to internet fraud, no matter who someone is, what they say, or how they look, don’t automatically trust them.
  • Don’t let your heart get in the way of basic common sense.


Robert Siciliano personal and home security specialist toHome Security Source discussing ADT Pulse on Fox News. Disclosures

How to Defend your Small Business against Cybercrime

Brilliance, historically, is often expressed in the simplest of technologies; the wheel and the light bulb are perfect examples. Today, brilliance is often attributed to advances in technologies that cure illnesses, solve problems, and make our lives easier.

Over the past decade, coders, programmers, and hackers of all kinds have come up with some of the simplest and most brilliant inventions—inventions with the power to transform life as we know it. Unfortunately, when it comes to network security it’s the cyber criminals that seem to be the smartest in the room.

Forbes reports, “ZeuS, SpyEye, Sunspot, OddJob, Gameover. Villains in the next James Bond movie? No. These are names for sophisticated and dangerous crime-ware used by real villains—internationally organized gangs of cyber criminals—to hijack online bank accounts and steal money.” According to the Anti-Phishing Working Group, when it comes to online security an estimated 45% of all computers are now infected with malicious software designed to steal.

When banks began building out their IT infrastructure to allow for online banking, they didn’t anticipate the thousands of ways in which bad guys would scheme to separate banks and their clients from their cash.

One bank actually sued an accountholder who lost $800,000 to a digital heist in order to determine who shoulders the legal responsibility to protect online bank accounts from fraud. (The bank was able to recover $600,000 of the $800,000, which Italian and Romanian hackers had removed via unauthorized wire transfers.) The bank sought a legal acknowledgement of their systems’ security, while the accountholder argued that online security measures were inadequate.

In a similar case, a Michigan judge decided in favor of Comerica Bank customers, holding the bank responsible for approximately $560,000 out of a total of nearly $2 million in unrecovered losses.

Small businesses and banks are losing money via cyber-attacks on their online banking accounts. One way this happens is a cybercriminal send an e-mail with a link to a malicious site or download to employees who handle their company’s bank accounts. These malicious links either install one of the software programs detailed above or steals the username and passwords the employees use to log in to their online banking accounts.

Surfing pornography websites increases your risk, as does frequenting gaming websites hosted in foreign countries. Downloading pirated content from P2P (peer-to-peer) websites is also risky.

Computers with old, outdated, or unsupported operating systems are extremely vulnerable to cybercrime. Systems using old or outdated browsers such as IE 5, 6, or older versions of Firefox offer the path of least resistance.

Follow these essential computer security tips to protect your small business against cybercrime. Update your operating system to XP SP3 or Windows 7. Make sure to set your antivirus software to update automatically. Keep your critical online security patches up-to-date by setting Windows Update to run automatically as well. Don’t engage in risky online activities that invite cyber-attacks.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussing ADT Pulse on Fox News. Disclosures