Keep Your Parents’ Computer Secure: Remotely

If you are like many, you are more technically inclined than your parents. So, they might want to rely on you when they have computer issues. But you can alleviate many of these issues by keeping their device running smoothly, and you can do this all remotely. Here’re some tips:

Teach Them to Fish

Digital literacy might be one of the single most underappreciated aspects of technology. And the more digital literate you and your parents are, the easier your digital life and even your physical life will be. As they say, “Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime”.

So whether you are working on their computer remotely or on site, require them to watch. But be patient, because you can’t expect him to embrace tech the way you do. Nobody is wired the same.

Install Tools Remotely

  • Use a program like Teamviewer, which allows you to connect to your parents’ computer remotely.
  • You can do the work yourself and stop having to give them direction over the phone.

Back Up the Data and Schedule Future Backups

  • It’s best to create more than one backup. In fact, create three.
  • Put these backups in different forms. Save one in a flash drive, one in DropBox or other cloud-based back up. PolarBackup is a very cost effective option. And one on an external hard drive. A Western Digital one terabyte drive is very inexpensive on Amazon
  • Set future backups to occur automatically once a day using a syncing software such as “Goodsync” google it.

Update Operating Systems

  • Set up an automatic update for the operating system. Set this for the middle of the night.
  • Do all updates, even if you think you won’t need them.

Ensure the Computer has Antivirus Software

  • Every device should have antivirus software.
  • Update this software regularly.
  • Run a system scan when you update the software.
  • Free software isn’t great. Pay a little to ensure absolute safety.

Uninstall Any Program They Don’t Need

  • What programs don’t your parents need or use? Uninstall them to speed up the computer.
  • You can download programs like Decrap for Windows, which will remove “crapware” that you don’t need.
  • You can also download Revo Uninstaller if they use Windows or AppCleaner if they use a Mac. They will get any residual things out that Decrap didn’t get. CCCleaner works pretty good, too.

Update All Extensions and Browsers

  • Modern browsers automatically update, so it’s better to make sure there is a good, updated browser on your parents’ computer. Chrome is a good option that automatically updates. Brave is good too, but it sometimes gets hung up on certain websites. Which can be frustrating.
  • Delete any plug-ins or extensions that are not necessary. Make sure that the ones you leave are legitimate. If they are old or outdated, update all of these extensions.

Automate Anything You Can

  • If you can automate something on your parents’ computer, you should.
  • You can automate backups, so do it.
  • You can automate a lot of things, so look into as much as you can.

Improve Speed

  • Run a bandwidth test online at SpeedTest.net
  • This will give you a good idea of what the baseline speed is, which is good to know in case Dad calls and says his computer is running slow.

The best thing to do is to do all of this on your own computer first. It’s even better when your parents devices are running the same operating system as yours. It just makes things more familiar to you and easier.  Have all your backup software on a thumb drive. This way, you have the software readily available, and you know how to do it when you go to do these things on your parents’ computer. You can also set up a Google doc with all of the software keys and passwords. All of this can help you, too, and by taking these steps, you can help to keep yourself and your parents safe from ID theft.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Fake Emails are Becoming a Major Issue for Businesses

You might be surprised to know that more than 3.4 billion fake emails are sent around the globe each day. What does this mean? It means that almost every company out there is vulnerable to cybercrimes in the form of “spoofing” and “phishing.” On top of this, most companies out there have not protected themselves from this type of cyber attack. What’s even more interesting is that the vast majority of these emails are not coming from some foreign land, but they are coming from sources based in the US.

This all sounds pretty dreary, but it’s not all bad. Research is showing that many industries in the US are making strides against these fake emails, though some are working harder than others.

To get the data for this research, companies like Valimail is using data from internal analysis of billions of different email authentication requests. The company also used almost 20 million public records about email to publish its report.

This report shows that email impersonation, which made up 1.2 percent of all emails sent during the first quarter of 2019, is the favorite weapon of cyber criminals to get access to a network. They also try to get access to sensitive information and intellectual property.

Fake emails are a problem, and they are not blocked by cybersecurity defenses that are traditionally used.

These fake emails are one of the biggest sources of cyberattacks. As more businesses recognize email vulnerabilities, organizations should start using authentication technology to protect against fraudulent and untrustworthy senders.

The fact is this: too many cybercriminals are using fake emails to get through these defenses, and better methods to identify senders is needed to make sure that email is more trustworthy both now and in the future.

Protect Yourself

  • The e-mails usually contain at least one link they want you to click. Hover your mouse to see what the URL is. It may appear legit, but note the “http” part.
  • Reputable sites for giant businesses, such as Microsoft and PayPal, will have an “https” in their URL. The phishing link’s URL will usually not have the “s.”
  • A big red flag is if there are typos or poorly constructed sentences, but a phishing e-mail may also have flawless text.
  • Don’t be fooled by company logos, stock imagery, privacy policies, phone numbers and other formalities in the message field. It’s so easy for a hacker to put these elements in there.
  • Be leery of warnings or alerts that don’t sound right. Gee, why would your account be “in danger of being suspended”?

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

10 Internet Security Myths that Small Businesses Should Be Aware Of

Most small businesses don’t put as much focus on internet security as they probably should. If you are a small business owner or manager, not focusing on internet security could put you in a bad spot. Are you believing the myths about internet security or are you already using best practices? Here’s a few of the most common myths…take a look to see where you truly stand:

Myth – All You Need is a Good Antivirus Program

Do you have a good antivirus program on your small business network? Do you think that’s enough? Unfortunately, it’s not. Though an antivirus program is great to have, there is a lot more that you have to do. Also, keep in mind that more people than ever are working remotely, and odds are good that they are working on a network that is not secured.

Myth – If You Have a Good Password, Your Data is Safe

Yes, a strong password is essential to keeping your information safe, but that alone is not going to do much if a hacker is able to get it somehow. Instead, setting up two-factor authentication is essential. This is much safer. Also make sure that your team doesn’t write their passwords down and keep them close to the computer or worse, use the same passwords across multiple critical accounts.

Myth – Hackers Only Target Large Businesses, So I Don’t Have to Worry

Unfortunately, many small business owners believe that hackers won’t target them because they only go after big businesses. This isn’t true, either. No one is immune to the wrath of hackers, and even if you are the only employee, you are a target.

Myth – Your IT Person Can Solve All of Your Issues

Small business owners also believe that if they have a good IT person, they don’t have to worry about cybercrime. This, too, unfortunately, is a myth. Though having a good IT person on your team is a great idea, you still won’t be fully protected. Enlist outside “penetration testers” who are white-hat hackers that seek out vulnerabilities in your networks before the criminals do.

Myth – Insurance Will Protect You from Cybercrime

Wrong! While there are actually several insurance companies that offer policies that “protect” businesses from cybercrimes, they don’t proactively protect your networks, but will provide relief in the event you are hacked. But read the fine print. Because if you are severely negligent, then all bets may be off. In fact, it is one of the strongest growing policy types in the industry.

Myth – Cyber Crimes are Overrated

Though it would certainly be nice if this was false, it’s simply not. These crimes are very real and could be very dangerous to your company. Your business is always at risk. Reports show as many as 4 billion records were stolen in 2016.

Myth – My Business is Safe as Long as I Have a Firewall

This goes along with the antivirus myth. Yes, it’s great to have a good firewall, but it won’t fully protect your company. You should have one, as they do offer a good level of protection, but you need much more to get full protection.

Myth – Cybercriminals are Always People You Don’t Know

Unfortunately, this, too, is not true. Even if it is an accident, many instances of cybercrimes can be traced back to someone on your staff. It could be an employee who is angry about something or even an innocent mistake. But, it only takes a single click to open up your network to the bad guys.

Myth – Millennials are Very Cautious About Internet Security

We often believe that Millennials are very tech-savvy; even more tech-savvy than the rest of us. Thus, we also believe that they are more cautious when it comes to security. This isn’t true, though. A Millennial is just as likely to put your business at risk than any other employee.

Myth – My Company Can Combat Cyber Criminals

You might have a false bravado about your ability to combat cybercrime. The truth is, you are probably far from prepared if you are like the majority.

These myths run rampant in the business world, so it is very important to make sure that you are fully prepared to handle cybercrime.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Top 10 Signs of a Malware Infection on Your Computer

Not all viruses that find their way onto your computer dramatically crash your machine. Instead, there are viruses that can run in the background without you even realizing it. As they creep around, they make messes, steal, and much worse.

Malware today spies on your every move. It sees the websites you visit, and the usernames and passwords you type in. If you login to online banking, a criminal can watch what you do and after you log off and go to bed, he can log right back and start transferring money out of your account.

Here are some signs that your device might already be infected with malware:

  1. Programs shut down or start up automatically
  2. Windows suddenly shuts down without prompting
  3. Programs won’t start when you want them to
  4. The hard drive is constantly working
  5. Your machine is working slower than usual
  6. Messages appear spontaneously
  7. Instead of flickering, your external modem light is constantly lit
  8. Your mouse pointer moves by itself
  9. Applications are running that are unfamiliar
  10. Your identity gets stolen

If you notice any of these, first, don’t panic. It’s not 100% that you have a virus. However, you should check things out. Make sure your antivirus program is scanning your computer regularly and set to automatically download software updates. This is one of the best lines of defense you have against malware.

Though we won’t ever eliminate malware, as it is always being created and evolving, by using antivirus software and other layers of protection, you can be one step ahead. Here are some tips:

  • Run an automatic antivirus scan of your computer every day. You can choose the quick scan option for this. However, each week, run a deep scan of your system. You can run them manually, or you can schedule them.
  • Even if you have purchased the best antivirus software on the market, if you aren’t updating it, you are not protected.
  • Don’t click on any attachment in an email, even if you think you know who it is from. Instead, before you open it, confirm that the application was sent by who you think sent it, and scan it with your antivirus program.
  • Do not click on any link seen in an email, unless it is from someone who often sends them. Even then, be on alert as hackers are quite skilled at making fake emails look remarkably real. If you question it, make sure to open a new email and ask the person. Don’t just reply to the one you are questioning. Also, never click on any link that is supposedly from your bank, the IRS, a retailer, etc. These are often fake.
  • If your bank sends e-statements, ignore the links and login directly to the banks website using either a password manager or your bookmarks.
  • Set your email software to “display text only.” This way, you are alerted before graphics or links load.

When a device ends up being infected, it’s either because of hardware or software vulnerabilities.  And while there are virus removal tools to clean up any infections, there still may be breadcrumbs of infection that can creep back in. It’s generally a good idea to reinstall the devices operating system to completely clear out the infection and remove any residual malware .

As an added bonus, a reinstall will remove bloatware and speed up your devices too.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Computers perfectly forge Handwriting

Handwriting analysts really have their work cut out from them now, thanks to the development of new software that can forge—better than a human can—a person’s handwriting. So if you are worried about identity theft, add one more element to the kettle: a crook getting ahold of this software (developed at the University College London) and perfectly duplicating your signature.

Computer crime concept

Previous attempts to create computer generated forgery that looked real have flopped, a la, “This looks like a computer did it!”

A new algorithm has been invented that very much simulates the way a human creates handwriting. One of the tell-tale signs of computer generated signatures or other cursive is that it looks too perfect, particularly the linking of characters to each other.

The new algorithm captures the human qualities of penmanship, including:

  • The joining of the characters. Note that with those fancy fonts that look handwritten, the joining of each letter is so perfect that you can tell it is computer generated.
  • Varying degrees of thickness of the characters—which results from continuous changes of pressure that a person exerts on the writing implement, as well as varying flow of ink from the pen.
  • Horizontal and vertical spacing of characters.

These variations mimic the handwriting of a human, not robot. All the algorithm needs is one paragraph of someone’s handwriting to calculate and deliver the replication.

And you are probably wondering why this algorithm was developed, aside from maybe the researchers’ hunger for finally figuring out the puzzle to replicating handwriting with a computer. Obviously, this technology can get into the wrong hands, such as those of identity thieves, plaintiffs in personal injury lawsuits who want to forge a doctor’s signature, and other litigants in legal cases.

But this algorithm has a place in the world of good. For instance, for those whose ability to physically generate cursive is impaired can use this tool to create stylish handwriting or writing that looks like theirs used to.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Don’t pick up that USB Drive!

What a very interesting experiment: Researches randomly deposited 297 USB drives (aka USB stick, flash drive, thumb drive) around the University of Illinois Urbana-Champaign campus. They wanted to see just how many, and how soon after dropping them off, they’d be collected by people.

2DTurns out that 48 percent of the drives were taken and inserted into computers. The report at theregister.co.uk says that in some cases, this was done minutes after the drives were left in the public spots.

Picking up a USB drive off the streets and plugging it into your computer is akin to picking up discarded food off a sidewalk and eating it. You just never know what kind of infection you’re going to get.

And what you might get is a virus crashing your computer or stealing your data. That USB stick could contain malware—either left in public as a prank, or innocently lost or discarded without the original owner knowing it’s infected.

Or…it might have been left in a public spot by a hacker with full intent of gaining control of your computer to collect your personal data and committing fraud, such as opening lines of credit in your name or emptying out your bank account.

The USB sticks for the study contained HTML files with embedded img tags. The tags allowed the researchers to track the USB activity, which is how they new that, for instance, one of them was plugged into a computer only six minutes after it was left to be “found.”

Only 16 percent of the people who picked up the sticks actually scanned them to check for viruses before plugging them into their computers. And 68 percent simply inserted them without any regards to what they could get transferred into their computers.

  • Some users trusted that there was no harm.
  • Some plugged in the drive to seek out the owner.
  • Some intended to keep the stick.
  • Conclusion: A cybercriminal could easily take control of a business’s system by leaving a rigged USB drive in the parking lot, let alone get control of a personal computer by leaving the stick in any public place frequented by lots of people.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

2016 Information Security Predictions

No bones about it, 2016 is sure to see some spectacular, news-chomping data breaches, predicts many in infosec. If you thought 2015 was interesting, get your seatbelt and helmet on and prepare for lift off…

4WWearable Devices

Cyber crooks don’t care what kind of data is in that little device strapped around your upper arm while you exercise, but they’ll want to target it as a passageway to your smartphone. Think of wearables as conduits to your personal life.

Firmware/Hardware

No doubt, assaults on firmware and hardware are sure to happen.

Ransomware

Not only will this kind of attack continue, but an offshoot of it—“I will infect someone’s device with ransomware for you for a reasonable price”—will likely expand.

The Cloud

Let’s not forget about cloud services, which are protected by security structures that cyber thieves will want to attack. The result could mean wide-scale disruption for a business.

The Weak Links

A company’s weakest links are often their employees when it comes to cybersecurity. Companies will try harder than ever to put in place the best security systems and hire the best security personnel in their never-ending quest for fending off attacks—but the weak links will remain, and cyber crooks know this. You can bet that many attacks will be driven towards employees’ home systems as portals to the company’s network.

Linked Stolen Data

The black market for stolen data will be even more inviting to crooks because the data will be in sets linked together.

Cars, et al

Let’s hope that 2016 (or any year, actually) won’t be the year that a cyber punk deliberately crashes an Internet connected van carrying a junior high school’s soccer team. Security experts, working with automakers, will crack down on protection strategies to keep cyber attacks at bay.

Threat Intelligence Sharing

Businesses and security vendors will do more sharing of threat intelligence. In time, it may be feasible for the government to get involved with sharing this intelligence. Best practices will need hardcore revisions.

Transaction Interception

It’s possible: Your paycheck, that’s been directly deposited into your bank for years, suddenly starts getting deposited into a different account—that belonging to a cyber thief. Snatching control of a transaction (“integrity attack”) means that the thief will be able to steal your money or a big business’s money.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Eight security tips for travelers with laptop

These days, who doesn’t travel with their laptop? But commonality doesn’t make it inherently safe for your sensitive information that’s stored in the device. In fact, traveling with your laptop is inherently unsecure.

1DWhether you’re traveling for business or to visit family this holiday season, here are some ways to protect your laptop and your personal data:

  • Get a cable lock for your laptop. It’s a great way to deter a potential thief, especially if there are lots of people around.
  • Register with an anti-theft service to track your laptop should it get stolen or “lost.”
  • Carry your laptop in a bag that’s made specifically for these devices. If it’s awkward for you to carry a suitcase in one hand while the laptop bag is slung over the opposite shoulder, consider packing the laptop with lots of tight padding in your suitcase. (But only if the suitcase will be a carry-on that you’ll be gently handling.) This way it’ll be invisible to thieves.
  • If you go with the special laptop bag, don’t leave it unattended while you make a trip to the bathroom or food court. The same goes for a carry-on suitcase. Either belonging should be with you at all times.
  • Whenever you leave your hotel room, hang the “Do Not Disturb” sign. You never know what hotel employee would be tempted to get into your laptop should they enter your room upon thinking nobody’s in it.
  • Never let a stranger use your laptop, even if that stranger looks innocent. The need to protect your sensitive data is more important than the feelings of a stranger.
  • And back up your data—before the trip. Cloud backup such as Carbonite will update your data based on custom settings as frequently as you require.
  • If you absolutely must conduct personal or sensitive online transactions on a public Wi-Fi, use a virtual private network (VPN), as this will scramble your transaction and make it worthless to hackers snooping data streams. One of these snoopers could be sitting in the same coffee house or hotel lobby as you are. Or, they can be a thousand miles away.

Robert Siciliano is a personal privacy, security and identity theft expert to Carbonite discussing identity theft prevention. Disclosures.

What is a Cache?

Perhaps someone has told you that you need to “clear your cache,” but what does this mean and why should you do it? A cache is a folder of recently visited webpages, which is stored on your computer’s hard drive, and maintained by your Internet browser.

1DThe purpose of a cache is to speed up the loading of webpages. Your computer’s hard drive collects data from websites that you visit, so that when you visit them again, certain aspects of the previously visited pages (such as graphics) don’t have to be reloaded the next time, and this makes the loading time a little bit shorter.

But the space your cache has on your hard drive is limited, and over time, it can get congested. Data that hasn’t been accessed for a while gets tossed out to make room for new data from the new pages that you visit.

And sometimes, the cache process doesn’t work properly. The result is an incompletely loaded page, or a page that looks odd because it’s supposed to load new content but it’s showing old content. (Sometimes, page loading problems aren’t caused by a faulty cache, but this is such a common cause that you’ve probably heard people say, “You need to clear your browser’s cache.”)

So, now you know what a cache is, here are some specific steps to clear it on different browsers:

How to clear your cache in Chrome:

  • In the upper right of the browser click the little icon that says “Customize and control Google Chrome” when you hover over it with your cursor
  • Click History
  • Click “Clear browsing data”

How to clear your cache in Internet Explorer:

  • In the upper right of Internet Explorer, click the gear icon or “Tools”
  • Click Internet Options
  • Under “Browsing History” you’ll see a delete button; click that.

If you use another browser, and there are a few, search online for instructions on how to clear your cache.

Another option you have is to use software (free or paid) designed to clean the clutter from your computer and devices. These programs often work well, but sometimes they work too well and clean more than they are supposed to. It’s always a good idea to backup your information before cleaning your computer.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Attention Lenovo PC Owners: Something’s Fishy with Your Computer

Does your Lenovo computer have Superfish VisualDiscovery adware (a.k.a. spyware) installed? It’s possible if you purchased a Lenovo PC any time in September of 2014 and thereafter.

13DThis Superfish software intercepts the Lenovo user’s traffic so that the user sees ads displayed that reflect their browsing habits. The problem with this targeted advertising scheme is that it comes with a vulnerability that makes it easy for hackers to attack.

Superfish enables targeted advertising by installing what’s called a trusted root CA certificate.

Browser-based traffic that’s encrypted gets intercepted, unscrambled and recrypted to one’s browser by a man-in-the-middle attack. Due to the trusted root CA, the user’s browser will not show any warnings that there’s something very fishy going on (i.e., an attack).

The private key of the Superfish software can be easily recovered. This enables a hacker to produce certificates for any website that’s trusted by a system that has the Superfish adware installed.

The hacker can then replicate websites, or spoof them, without the user ever knowing it because the browser won’t know it. The type of attack is called SSL spoofing.

Many Lenovo users, hence, have the perspective of, “How DARE Lenovo preinstall this software?!” Lenovo has received harsh backlash and has claimed they’ve discontinued these installations. But this doesn’t reverse the vulnerability of the PCs that already have the adware.

To find out if your Lenovo has this adware, see if it has an HTTP GET request to superfish.aistcdn.com. And then if it does, uninstall it, along with the root CA certificate—don’t just uninstall the adware only; that certificate is what gets the hackers in.

The Microsoft Windows certificate store, and the Firefox and Thunderbird certificate stores, can guide you in managing and deleting certificates.

Right now, the best thing to do is head to this site: https://lastpass.com/superfish/ and then this site: https://filippo.io/Badfish/ to confirm your device doent have the superfish. If both check out OK, you’re good.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.