Protect Your Small Businesses with Secure Flash Drives

USB flash drives are handy little devices that can cause big security headaches. Even with robust datasecurity policies USBdrives often fall thru the cracks (and out of pockets). These flash drives are often used by employees for both personal and business use which could potentially spread a virus from a home PC to the corporate network.

Additionally, lost USB drives among other devices with storage can cause even bigger headaches resulting in data breaches. A survey by a U.K.-based company found that last year, 4,500 USB flash drives were forgotten in the pockets of clothes left at the dry cleaners and thousands more handheld devices were left in the back seats of taxis.

Computerworld reports a 2007 survey by Ponemon of 893 individuals who work in corporate IT showed that:USB memory sticks are often used to copy confidential or sensitive business information and transfer the data to another computer that is not part of the company’s network or enterprise system. The survey showed 51% of respondents said they use USB sticks to store sensitive data, 57% believe others within their organization routinely do it and 87% said their company has policies against it.

Flash drives can be a security mess. Organizations need to have business security policies in place requiring secure flash drives and never plugging a found stray catinto the network either.

Ensure all data stored on a secure flash drive is encrypted. TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

What is Identity Theft?

Identity theft occurs when someone takes your personally identifiable information (PII), and misuses it, abuses it, and adapts it to his or her own life, often for financial gain. When an identity thief does this, your good name is soiled—the name you have worked so hard to keep in good standing. Rectifying it can be as simple as a phone call, or it can be as difficult as having to prove your innocence to a jury of your peers.

Identity theft, also known as identity fraud, encompasses various types of crimes. The identifying factor is that a criminal has wrongfully acquired and adopted someone else’s personal data. This can include the victim’s name, Social Security Number, address, date of birth, credit card information, bank account number, or any other type of personal information.

When identity theft affects you, it can consume your time and ruin your credit. You become a liability for an employer or a college administrator. You may be perceived as someone who has bad credit as a result of your own doing. You have a black mark on your reputation. In short, it is the victims, not the criminals, who have a difficult time functioning in a credit-driven society.

What follows is a real-world example of this type of crime:

An 18-year-old man was driving in his vehicle, and he rolled through a stop sign. He was pulled over by a police officer who witnessed the offense. When the police officer checked his information, it was determined that there was a warrant out for his arrest for numerous prior violations. After his arrest and subsequent trip to the police station, they learned that his Social Security Number was tied to a man who was 49 years old. This young man learned that his identity had been stolen a number of years ago! The identity thief had opened up several businesses in the young man’s name while he was still a child. Identity theft is the only crime that I am aware of in which you are presumed guilty until proven innocent.

The most efficient way to protect your identity is with an identity theft protection service and get a credit freeze

Robert Siciliano personal and home security specialist to Home Security Source and author of 99 Things You Wish You Knew Before Your Identity Was Stolen. Disclosures.

Vacation Rentals Are Scam Bait

Although it’s been a mild winter people still get itchy to head out for a ski vacation or a tropical one. Many people are searching online classifieds like Craigslist, eBay, newspapers and real estate listings for vacation rentals.

The most suspect site is Craigslist. I’m fully engaged in Craigslist and continually receive scammy communications from supposed buyers. This means scammers are on the site as buyers and sellers full time.

Certainly there are plenty of legitimate ads for vacation rentals however many are suspect. I rented out an apartment I own in the past and a Craigslist scammer set up a duplicate ad with my photos and everything and cut my price in half.

If you choose to engage in a rental and a security deposit is required it is best that you visit the property and hand deliver a check. If you request to visit the property and are denied then the ad is more than likely fraud.

If the property is hundreds or thousands of miles away and visiting isn’t an option then there is a much higher risk. In these circumstances never wire money as there is very little recourse. Using a credit card is a little safer, but no guarantees.  Here is where the honor system comes in. Otherwise your best bet is to deal with a real travel site with positive reviews.

Google the person, their email, the title of the ad and/or property you are considering renting. If something negative pops up, beware. If the property address doesn’t exist, beware.

Your best bet is to search listings on local real-estate sites. A licensed Realtor is 1000 times safer than blindly using Craigslist.

Robert Siciliano personal and home security specialist toHome Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)

Wireless Security:Wi-Fi Hacking Burglars Busted

In Seattle 3 men have been arrested for hacking the wireless networks of over a dozen businesses along with 41 burglaries. They are alleged to have stolen at least $750,000 in funds, computer equipment and other items.

SeattlePIreported their Wi-Fi hacking techniques included “wardriving,” in which hackers mount a high-strength Wi-Fi receiver inside a car and search for networks that can be penetrated. Once a Wi-Fi network is located through wardriving, hackers can remotely watch for information that may reveal the network’s security setup and vulnerabilities”. Police said they used sophisticated electronic equipment to break through networks using a 12-year-old security algorithm — Wired Equivalent Privacy, or WEP protection.

Right out of a Mission Impossible movie these burglars hacked wireless networks and stole employee and client data. Their burglaries involved stealing laptops they used those laptops to crack payroll accounts and steal banking information. Once they turned the data into cash they turned the cash into prepaid debit cards.

Wired Equivalent Privacy was introduced in 1997 and is the original version of wireless network security. But WEP has been cracked, hacked, and decimated.

Home or office Wi-Fi with a WPA encryption is better. Wi-Fi Protected Access is a certification program that was created in response to several serious security vulnerabilities researchers found in WEP, the previous system. WPA and WPA2 are tougher to crack, but not impossible.

Small businesses would fare much better if they also installed a monitored security alarm system with cameras. It’s not enough to lock doors especially if there is thousands of dollars in technology waiting for a burglar to take it.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

5 Smart and Safe eBay Shopper Tips

Shopping is for people with time and money. When I am a consumer, it’s because I need something, and not necessarily the biggest or the best something. I need something practical, safe, and smart. eBay allows consumers to search for exactly what they need, and can be a great place to find hard-to-get items.

Overall, eBay can be a good experience if you know what you are doing. But take it from me: knowing what you are doing takes time and focus. Don’t just jump on eBay and whip out your credit card. You may get burnt in more ways than one.

1. Avoid scams by looking at the sellers’ feedback ratings. A rating of one indicates that the seller is either a “newbie” or a criminal. Certainly, we all have to start somewhere. But personally, I draw the line at sellers with a feedback rating of at least 15, and I still check to see what they’ve bought and sold. If they’ve bought or sold 15 items at $1 each, that’s a red flag. Sellers with higher ratings are generally experienced professionals.

2. Search deeply before bidding. Check to see if the same item is available from a different seller, how the “Buy Now” price varies, and how much others are bidding. The highest bid may be much lower than the “Buy Now” price. Consider how much time is left to bid to help determine what the final sale price may be.

3. Walk before you run. If there are plenty of the item you want available but prices are all over the place, sit back and “Watch” a few to see where the final sales prices end up.

4. Set up alerts. I set up eBay alerts for any items I’m looking for. I receive messages with all the current items for sale, and then only the new ones being listed on eBay each day. This allows me to effectively manage my purchasing.

5. Use Auction Sniper. I never bid on eBay. The more your presence is known the more opportunities there are for criminals to contact you. Protect your identity with Auction Sniper, you bid anonymously the absolute highest dollar amount you’re willing to spend on that item, and walk away. Auction Sniper will snipe the bid for you in the last five seconds while people wonder where the heck you came from.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

Identity Fraud: Stolen Puerto Rican IDs Filter In The Workplace

In the U.S. identity brokers allegedly sold Social Security cards and corresponding Puerto Rico birth certificates for prices ranging from $700 to $2,500 per set, since it can be used to hide illegal immigrants and gain employment. Puerto Rican stolen identities have surfaced in workplace immigration raids all over the country. “Birth certificates have become legal tender,” said Puerto Rico’s secretary of state.

Fifty individuals were recently charged in an indictment unsealed in Puerto Rico with conspiracy to commit identityfraud in connection with their alleged roles in a scheme to traffic the identities of Puerto Rican U.S. citizens and corresponding identity documents. The charges are the result of an extensive identity theft investigation led by U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI), in partnership with other federal, state and local law enforcement agencies.

According to the indictment, from at least April 2009 to December 2011, conspirators in 15 states and Puerto Rico, a U.S. territory, trafficked the identities of Puerto Rican U.S. citizens, corresponding Social Security cards, Puerto Rico birth certificates and other identification documents to undocumented aliens and others residing in the United States.

Businesses hiring illegal immigrants with stolen IDs face possible insider fraud among other legal and liability issues.  One way too effectively vet whether the person being hired is who they say they are, regardless of what documentation they produce is to pull their credit report. Often a credit report will have current and previous addresses. If the job candidate can’t tell you the last few places they lived that’s a red flag. You can also ask them various “knowledge based questions”. The credit report might also help the employer to track down a current phone number and simply call the person whose identity is associated with the credit report.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Protecting Your Customer Data from Hackers

Criminal hackers hack for fun, fame, revenge, trade secrets, or terror, but mostly they hack for financial gain. According to a data breach study, based on 75 incidents in the second half of 2010, 13% of web hacking cases involved leaked client data leading to financial fraud. (The top two reasons hackers attacked websites were site defacement at 15% and site downtime at 33%.)

Once customer information is hacked, it can be used to open new accounts or to take over existing accounts. It often takes only a few hackers to crack a system containing millions of customerrecords. These thieves will then broker and sell the information to other hackers.

The victims find and repair the vulnerabilities in their systems, but the damage has already been done. The individuals whose data has been compromised face an uphill, ongoing battle to protect themselves from financial fraud.

Protecting small business customer data starts with network securitybasics including:

Software: Antivirus, antiphishing, antispyware. Total protection “all access” suites of protection and full disk encryption

Hardware: Routers, firewall security appliances

Physical security: Commercial grade solid core doors, security alarm systems, security cameras.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussing  ADT Pulse on Fox News. Disclosures

 

Credit Card Skimmer Use Portable Point of Sales

A German “computer whizz-kid” was arrested recently while attempting to transport the latest bank scamming technology into Britain.

The 26-year-old married father of two worked at various software companies worldwide, gathering the necessary technologies and components to create a card skimming device designed to replace the real point of sale devices at restaurants or other retail establishments.

In the United States, consumers often hand their credit cards over to waiters or waitresses, for example. A waiter disappears and comes back moments later with a receipt to be signed. Overseas, in Europe and other countries, portable point of sale (POS) devices allow the waiter to charge a credit card right at the table.

In Europe, credit cards use chip and PIN technology, following the global standard known as EMV, which stands for Europay, MasterCard, and Visa. This technology is more secure than regular magnetic stripe cards used in the United States. Nevertheless, the German credit card skimmer possessed 17 devices capable of skimming security and account details from chip and pin card readers.

What’s more, these skimming devices were equipped with wireless technology, which would allow the fraudster to access the stolencredit card data remotely. Had they been successfully implemented on ATMs and POS devices, identity theft criminals would have been able to receive victims’ banking details automatically on laptops or mobile phones up to 100 meters away.

Scary.

This type of credit cardfraud already occurs in the United States in different forms, but online retailers can protect themselves from fraudulent transactions. If a customer’s PC, smartphone, or tablet indicates an abnormally high level of risk, the merchant can reject the purchase in advance. iovation, the global leader in device reputation, has blocked 35 million fraudulent online transactions in the last year.

Prevent credit card skimming and protect yourself from credit card fraud by checking your statements regularly.

Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on Fox News. Disclosures

Shipping Scams Go After Small Business

A colleague with a small business was cleaning out his warehouse of tools and supplies and decided to list many items on Craigslist. I have lots of experience in this process and I can tell you “It’s always something”.

An application called “CraigsPro” allows you to go through your items snapping pictures and creates a simple Craigslist advertisement within a minute.

One item he was selling was a portable generator. He got the following email and sent it to me:

“Thanks for the prompt response,i will like to proceed with the transaction asap and my mode of payment will be via Bank certified check. However, to ease the pick up the item will be picked-up from you by my shipper once you receive and cash the check,i am willing to wait for your bank to verify and clear the check before the shipper pickup the item therefore I’ll need this detail below to mail out the check.

* The Full name on check
* Mailing address (Deliverable Address)
* Phone Number

Proceed to delete the advert of this item if my mode of payment is accepted and get back to me asap with your details to mail out the certified check to you.

Thanks

Keith Lourdeaufewlongsx@XXXX.com”

My friend responded with his address for the “buyer” to send a check. Within 3 days via Federal Express an actual check came in the mail for hundreds of dollars more than the item was listed for. The additional dollars were supposed to pay for the shipping costs.

If my friend was to deposit thebogus check the funds would have shown in his account within a few days, thereby prompting him to mail out a business check to thecraigslist scammers. But once the check was determined a fake by the issuing back the funds would have been removed from his small business account.

To prevent overpayment scams never fall for advanced fee shipping scams. They are so obvious.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Banks Blame Cybercrime Victims for Hacking

It’s Tuesday morning after a long weekend, the bookkeeper comes in a little late but hits the books right away. She comes into your office and asks you about a series of wire transfers you made over the holiday weekend to new employees who apparently live overseas. And then your heart sinks. Because you have heard about how small business bank accounts are hacked, but didn’t think it would happen to you.

It’s happening to the tune of around 1 billion dollars a year. Small business bank accounts are being hacked and the banks are pointing the finger at their customers. Why? Because in many cases there are no actual data breaches at the banks. Cybercrime is often taking place right in the small businesses offices on their own PCs.

Blooomberg reports “Organized criminal gangs, operating mostly out of Eastern Europe, target small companies, school districts and local governments that maintain fat commercial bank accounts protected by rudimentary security measures at community or regional banks. The accounts typically aren’t covered by insurance as individual accounts are.”

However one bank fought back and won. iovation reports “one Michigan judge recently decided in favor of Comerica Bank customers, holding the bank responsible for approximately $560,000 out of a total of nearly $2 million in unrecovered losses. A copy of the bench decision is available from Pierce Atwood LLP, and the firm also outlines significant highlights and observations regarding this cybercrime case.

Small businesses are under siege today and must know their bank accounts are being targeted by cyber-thieves. One solution is certainly a secure IT infrastructure and another, in some cases, may be moving to a bigger bank. Some smaller banks simply can’t handle the loss whereas bigger banks may have the resources to absorb them. If you bank with a small bank now is the time for a heart to heart talk.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures