How to prepare for Digital Disasters

Editor’s Note: In this week’s guest blog security expert Robert Siciliano explains how to protect your IT systems and your business from hardware failure. To learn more, download our new e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

3DIt is September and that means National Preparedness Month: an ideal time to get involved in your community’s safety. Make plans to stay safe, and this includes keeping ongoing communications alive. National Preparedness Month culminates September 30th with National PrepareAthon! Day.

I can’t believe that people who heavily rely on a computer for business will still suddenly report to clients, “My computer crashed; can you resend me all the files?” What? Wait!

Why aren’t these people backing up their data on a frequent basis? If your computer is central to your business you should back up your data a minimum of once a day to protect against the following threats:

  • Computer hack
  • Unintentional deletion
  • Theft
  • Water or fire damage
  • Hard drive crash

To make daily data backups less daunting, carefully sift through all of your files to rid old, useless ones and organize still-needed ones. A mess of files with a common theme all over the desktop can be consolidated into a single folder.

Protecting your data begins with keeping your computer in a safe, secure, locked location, but this is only the first (and weakest) layer of protection. The next step is to automatically back up data to the cloud. The third layer is to use local backups, ideally use sync software that offers routine backups to multiple local drives. It’s also important to use antimalware security software to prevent attacks from hackers.

Additional Tips for Small Businesses Make de-cluttering a priority by deleting unnecessary digital files. This will help the computer run faster and help your daily backups run more quickly. Take some time to sift through your programs and delete the useless ones.

It’s also a good idea to clean up your disk regularly. Windows users can find the disk cleanup tool by going to the Performance Information and Tools section under the Control Panel.

Go to the control panel and hit “Hardware and Sound.” Then click “Power Options.” Choosing the recommended “balanced” power setting will benefit the hard drive.

Every two to three years, reinstall your operating system to keep your hard drive feeling like a spring chicken.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business against the common accidents of everyday life, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

Work at Home Environment is a Safe, Secure Solution

There was a time when online dating was a novelty, perceived as unsafe. Today, 59 percent of people agree that online dating is a good way to meet others (Pew Research, 2015). In fact, it’s the preferred method of matchmaking. A different online environment with similar views from the public is working from home. People who want to work at home fear its safety and security, understandably. But working from home is already a safe and secure proposition as far as finding a job and creating a safe environment in your home.

12DStart with reputable “outsource” companies.

Avoid the potential of being scammed. Outsourcers are the companies that agents form partnerships. The big, well-known organizations that want the best people at its frontlines go to outsourcers that have already vetted work at home agents. Additionally, outsourcers that provide work at home opportunities often provide clients with secure platforms and the best tools necessary for both agents, clients and customers to be successful in their interactions. Outsourcers often provide the most legitimate telecommuting opportunities. One such provider is Arise Virtual Solutions.

Customer service jobs.

Think of companies that have big customer support departments. Many have opportunities for working at home because, as you may have guessed, this saves companies money. However, work at home opportunities also bring forth an agent who is highly motivated, has a specialized skillset, and provides enhanced customer experiences. Outsourcers work across industries from energy to credit card companies and everything in between that field customer inquiries all day (and night) long.

Do your research to find the right opportunity.

Work-at-Home Sites

These sites specialize in work-at-home listings or leads. Make sure that the site you use has an explicit screening policy to filter out scams. Read about the website itself before diving into the listings. Realize that the listings on these sites may simply be links to other legitimate sites that have listings, rather than a straight path to an opportunity.

Work-at-Home Forums

Here you’ll find what other telecommuters have to say, including their warnings. You may even create a thread to start a discussion or ask for help.

How to Ensure Your Home Workplace Is Safe, Sound and Efficient

Now that you’ve taken the leap and found that perfect work at home solution, it’s time to create a safe and productive environment in your home to get to work.

It is likely the outsourcer you partner with will make numerous recommendations in regards to a safe and comfortable working environment. And, they will want to make sure you are legitimate in regards to your credibility and commitment. Expect to learn and take courses to succeed; you may even pay for courses. Expect to pay for a background check.

To get started they will most likely request fundamentals like effective hardware (computers and telephones/headsets) and software (security software, VPNs, call center software) and basic requirements like a comfortable chair and quiet setting.

The following are a few things to consider:

  • Make the workstation quiet and free of distractions (internal and external). Think: young kids or baby, sick family member, new puppy, home construction, neighbor’s incessantly barking dog, party next door etc.
  • Make the room temperature comfortable considering windows may need to be closed.
  • Avoid tripping hazards by keeping cords under a desk or secured along the wall.
  • Establish an escape route from the work room should there be a fire or other disturbance.
  • Think home security. Never leave the window open if you’re gone from the room for extended periods. Consider installing a home security system.
  • Keep the work room clean, void of clutter and flammable substances. Don’t smoke in it.
  • Don’t eat at your computer. Keep liquids in spill resistant containers.
  • The computer should be connected to a surge protector.
  • Make sure the workstation is ergonomic including a great chair with good back support or a backless ergo chair.
  • Never be in your chair for longer than one hour at a time. Ideally, take five-minute movement breaks out of the chair for every 30 minutes spent sitting. Consider getting an alternate stand up desk.
  • Use a headset and a quality phone.

It’s really not that complicated. If the job doesn’t directly involve hands on work, tools, or face to face involvement, then for the environment and quality of life, work at home and telecommuting is the best option.

Robert Siciliano is a Personal privacy, security  and identity theft expert to Arise discussing identity theft prevention. Disclosures.

Back to school Tech Security Tips for College Students

Some of us remember college dorm days, when students were envied if they had their own typewriter. These days, college students must have a personal laptop computer, and a smartphone, and their lives revolve around these connected devices.  Such dependency should be proactively protected from loss or theft.  Campus security now means more than just being beware of who might be hiding in the bushes at night.

1SWhen you send your college kid off into the world, you want them to be prepared for life’s curveballs, and unfortunately, the occasional criminal too. How prepared are they? How prepared are you? Do you or they know that if they leave their GPS service on, some creep could be “following” them? Are they aware of how to lock down their devices to prevent identity theft?

For cybersecurity and personal security, college students should:

How might students get hacked and how can they prevent it?

  • They can fall for a scam via a campus job board, the institution’s e-mail system, off-campus public Wi-Fi or on social media. Be aware of what you click on.
  • It’s easy for devices to be stolen; never leave devices alone whether it’s in the library or a café.
  • Shoulder surfing: Someone peers over their shoulder in the study lounge or outside on a bench to see what’s on their computer screen. A privacy filter will make shoulder surfing difficult.
  • Be careful when buying a used device (which can be infected) and simply taking it as is. Wipe it clean and start fresh with the installation of a new operating systems.
  • If you’re not using your devices, consider keeping them in a lockbox or a hidden place instead of exposed in a shared living space like a dorm.
  • All devices should have a password protected screen lock.
  • Data should be backed up every day. Imagine how you’d feel if you lost that term paper you’ve been slaving over!
  • Get a password manager, which will create strong, complex passwords unique to every account. And you won’t have to remember them.
  • Avoid jailbreaking your smartphone, as this increases its hackability.
  • Avoid using public Wi-Fi for transactions involving money or sensitive information, since hackers could easily snoop on the data transmissions. A virtual private network (VPN) will prevent snooping by encrypting transactions.

All devices should have security software that should be updated automatically. Virus scans should be done every day, or at least no less frequently than once a week.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

When a Company Gets Sold, So Does Your Data

When you subscribe to an online service, be careful of how much information you give out about yourself.

1PMost businesses in their terms and conditions, say they “respect your privacy.” But what if these companies go under or are sold? An article from the online New York Times explores this concept. Today’s market-data-hungry-businesses can gather lots of data about subscribers. This data can be transferred to third parties in the event the company is sold or goes belly up.

The New York Times recently analyzed the top 100 U.S. websites, and the revelation is that it’s par for the course for companies to state that subscribers’ data could be transferred as part of a sales or bankruptcy transaction. Companies like this include Google, Facebook, LinkedIn, Amazon and Apple.

On one hand, such companies assure consumers that privacy is important. Next second they’re telling you your data will get into third-party hands if they sell out or fizzle out.

A real-life example is the True.com Texas dating site that attempted to sell its customer database to another dating site. However, True.com’s privacy policy assured members that their personal details would never be sold without their permission. Texas law stopped the attempt.

The Times article points out that at least 17 of the top 100 said they’d notify customers of a data transfer, while only a handful promised an opt-out choice.

This isn’t as benign as some might think. For example, WhatsApp was sold to Facebook. A user of both services ultimately complained that Facebook, without his consent, accessed his WhatsApp contact list, even though his Facebook account was set to prevent people outside his network from obtaining his phone number.

Another example is Toysmart.com. When it went bankrupt, it tried to sell customer data, which included birthdates and names of children. The company’s privacy policy, however, promised users that this information would never be shared.

To avoid fracases, companies are now jumping on the bandwagon of stating they have the right to share customer/subscriber data with third parties per business transactions.

Don’t be surprised if you read something like: “We value your privacy,” and in another section of the privacy policy, “Upon sale of our company, your personal information may be sold.”

 

Your Stolen Data around the World in 2 Weeks

Ever wonder just what happens to the data in a data breach incident? Does it go into some kind of wormhole in cyberspace, out through the other end? Well, the answer is pretty much so, when you consider that hacked data makes its rounds on a global scale, taking only 14 days to land in 22 countries spanning five continents—according to an experiment by Bitglass.

4HBitglass, a cloud access security broker, did some research, generating over 1,500 fake names, credit card numbers, SSNs and other data that were saved in an Excel spreadsheet.

Then the spreadsheet, which was tagged, was sent out into cyberspace, including to several Darknet sites. The watermark tag sent a signal (which included information like IP addresses) to the researchers every time the document was opened.

This experiment simulated a data breach and provided an idea into just where real stolen data actually goes. This research points fingers at Russia and Nigeria as far as being the location of closely related major hacking rings.

Not only did this spreadsheet make international rounds, but it was opened over 1,200 times within the two weeks. Need it be mentioned that the countries most notorious for hacking rings (e.g., Russia, Nigeria and China) did most of the opening. Other access points included the U.S., Germany, Finland, New Zealand and Italy.

This is sobering information for company leaders who fear a data breach. Bitglass points out that the average data breach takes 205 days to be detected. Wow, just how many access points would there had been in 205 days? Would it be a linear increase or an exponential increase?

Consumers are at a serious disadvantage due to the fact most of the data breaches occur with data out of their immediate control. Fret not however. The best thing a consumer can do is pay close attention to their statements and look for unauthorized activity or invest in identity theft protection which will often make your Social Security number less attractive to a thief.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Tips to destroy and shred

You can’t be too neurotic about shredding sensitive documents to smithereens. For example, some people make a career out of “dumpster diving,” digging through trash in search of bank account information, credit card preapprovals, medical bills, mortgage statements, etc., and then they commit fraud, including creating new accounts with the found information—accounts in the victim’s name.

2PAnd by the way, anything with your signature can be a gem to the dumpster diver, as your signature can be forged.

Diving for Dollars

  • Dumpster diving is legal if the trash can is in a public spot including the big trash bin at your apartment complex.
  • Dumpster divers aren’t necessarily homeless men dressed in rags looking for discarded food. They may be professional identity thieves, and if they’re extra smart, they’ll dress like a vagrant to fool people into thinking they’re looking for food scraps.
  • Your trash can is a goldmine for an identity thief; think of what’s on all the paperwork you toss out, week after week—all sorts of tidbits about your life, from your favorite stores to your kids’ names.
  • A lot of personal details about you come simply from empty envelopes with their return addresses.

Shredding

  • Buy a shredder. There are different kinds that shred at differing dimensions as well as various strengths (some shredders will slice and dice CDs).
  • Don’t buy a “strip-cut” type, as the shreds could be reconstructed. The “micro-cut” shreds at the smallest dimensions.
  • Believe it or not, there are crooks who will take the time to put back together a shredded document, including with the help of Unshredder, a computer program.

Burning

  • Keep a cardboard box handy that you continually fill up with shreddables.
  • Just toss documents that are on deck for burning into this box as you go throughout the day. Then incinerate the box.
  • A large stack of documents will not completely burn, so don’t place these in a motley arrangement so they aren’t “thick”.

Miscellaneous

  • Don’t leave boxes that contained expensive merchandise in plain view at your curb; this is almost the equivalent of sticking a sign there with bright red letters stating: “I just purchased a giant flat screen TV; come on in and steal it.” Destroy/shred

Ask yourself this question: If someone “stole” your trash, would that be a problem? If you say yes, then you toss too much data. For me, I don’t care, nothing I toss is of any value to anyone.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Is your Website and Data secure?

Imagine a lifeguard at the beach sitting on his perch. His job is to patrol and monitor for signs of trouble. He sees a surfer being attacked by a shark. Wow, a lot of good it does that he’s in a completely helpless position; by the time he scrambles off his perch and runs towards the water, the victim has bled out. Ouch.

2DThis is the same concept behind cyber crime. By the time a business or everyday Internet user realizes they’ve been hacked…major damage has been done. We can’t just be reactive. We have to be preventive.

The damage can destroy a business, not to mention take down the everyday persons website who did not have their prized and sensitive data, blogs, or photos backed up.

Forbes points out that over 60 percent of small businesses, after a serious data breach, go belly-up within a year, cyber crime is a major threat to medium-size businesses as well.

Companies worry a lot about their product and service, but are slowly coming around to the idea that a potent draw to potential customers and clients is the advertising of powerful IT security to fight off data breaches.

Customers and clients (and potential) want to know what a company is doing for prevention, not just what it’ll do after the attack.

What if you can’t afford a top-flight IT team? There are still things you can do for your business’s safety as well as for your home computer’s safety.

  • First off, back up all of your data.
  • Use antivirus software and make sure it’s always updated.
  • Use antispyware, antiphishing and a firewall and make sure that’s always updated as well.
  • If you have a website, scan that with your antivirus/malware or have your host provider do it. A website and web applications can be attacked by hackers.
  • Update to the latest version of the sites primary software and plugins.
  • An unexplained spike in traffic to or from your network is a red flag.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Everyone is vulnerable to Attack

There’s the war on drugs, the war on terrorism, the war on cancer and the war on cyber threats. In fact, more people are vulnerable to cyber attacks than they are to the first three threats combined.

7WSo pervasive is this threat that President Obama fully recognizes that everyone is at risk. He even signed an executive order recently in the hopes of promoting the sharing of more cybersecurity related data between the government and the private sector.

Recently President Obama presented a speech at Stanford University; the attendees included government officials and leaders in the tech world. He admitted that the government is a bit befuddled over how to provide the private sector with protection from cyber threats. And don’t forget that many hackers operate overseas, making them tougher to track down.

Obama’s message is that it’s difficult for the government to simultaneously protect the public and not be intrusive into peoples’ privacy.

He referred to the cyber world as the “Wild Wild West,” but it sounds more like the Wild Wicked Web. But he likens it to the Old West because people want the government to play the role of sheriff.

With practically the entire world online (even people living in huts along rivers have computers), everyone’s a potential victim.

Obama has really been putting his foot down hard about this, having begun in 2013, when the so-called cybersecurity framework was formulated—a scheme that’s designed to enhance cyber security, and this protocol has been put in place by some major corporations.

But Obama hasn’t stopped there. In January he announced plans for additional protection for the private sector.

Nevertheless, many people, including business decision makers, believe that the Obama Administration isn’t moving fast enough. They want to see these plans in writing, but these executive orders have not been made obtainable, perhaps making some tech leaders feel that Obama isn’t taking things quite as seriously as he says he wants to.

Regardless, the onus of responsibility is on you good reader. Nobody is going to protect your device or data better than you. Keep reading, keep your devices updated and maintain your awareness of various scams because criminals are getting better and better every day.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

What is private Information and what is not?

Data Privacy Day was Wednesday, January 28, and these days the concept of “privacy” can be ambiguous, generic or confusing. What you might think of as private actually isn’t. The definition of personal identifying information, by the U.S. privacy law and information security, is that of data that can be used to contact, identify or locate an individual, or identify him in context.

1PThis means that your name and address aren’t private, which is why they can be found on the Internet (though a small fee may be required for the address, but not always). Even your phone and e-mail aren’t private. What you post on Facebook isn’t private, either.

So what’s private, then? An argument with your best friend. A bad joke that you texted. Your personal journal. These kinds of things are not meant for public use. What about vacation photos that you stored in a cloud service? Well…they’re supposed to be private, but really, they’re at significant risk and shouldn’t be considered totally private.

And it’s not just people on an individual scale that should worry about privacy. It’s businesses also. Companies are always worrying about privacy, which includes how to protect customers’ sensitive information and company trade secrets.

But even if the company’s IT team came up with the most foolproof security in the world against hacking…it still wouldn’t protect 100 percent. Somewhere, somehow, there will be a leak—some careless employee, for instance, who gets lured by a phishing e-mail on their mobile phone…clicks the link, gives out sensitive company information and just like that a hacker has found his way in.

Even when employees are trained in security awareness, this kind of risk will always exist. An insider could be the bad guy who visually hacks sensitive data on the computer screen of an employee who was called away for a brief moment by another employee.

Tips for Training Employees on Security Savvy

  • Make it fun. Give giant chocolate bars, gifts and prizes out to employees for good security behaviors.
  • Post fun photos with funny captions on signage touting content from the company’s security policy document. It’s more likely to be read in this context than simply handed to them straight.
  • Show management is invested. Behavior changes start from the top down,
  • Get other departments involved. Even if they’re small, such as HR, legal and marketing, they will benefit from security training.
  • Stop visual hackers. Equip employees with a 3M Privacy Filter and an ePrivacy Filter which helps bar snooping eyes from being able to see what’s on the user’s screen from virtually every angle.
  • Don’t forbid everything that’s potential trouble. Rather than say, “Don’t go on social media,” say, “Here’s what not do to when you’re on social media.”
  • Make it personal. Inform workers how data breaches could damage them, not just the company. A little shock to their system will motivate them to be more careful.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

Online Data less safe than ever

It’ll get worse before it gets better: online data safety. It’s amazing how many people think they’re “safe” online, while one huge business or entity after another keeps getting hacked to the bone.

1DAnd “safety” doesn’t necessarily mean the prevention of your computer getting infected with a virus, or falling for an online scam that results in someone getting your credit card information. It’s also a matter of privacy. While targeted advertising (based on websites you’ve visited) may seem harmless, it’s the benign end of the continuum—that someone out there is tracking you.

So, do you still think you’re hack-proof?

That you can’t be fooled or lured? That your devices’ security is impenetrable? That you know how to use your device so that nobody can get ahold of your sensitive information?

Consider the following entities that got hacked. They have cyber security teams, yet still fell victim:

  • LinkedIn
  • Yahoo! Mail
  • Adobe
  • Dropbox
  • Sony
  • Target

You may think the hacking is their problem, but what makes you believe that the service you use is immune? Are you even familiar with its security measures? That aside, consider this: You can bet that some of your personal information is obtainable by the wrong hands—if it already isn’t in the wrong hands.

Are you absolutely sure this can’t possibly be? After all, you’re just a third-year med student or recent college grad looking for work, or housewife with a few kids…just an average Joe or Jane…and you use the Internet strictly for keeping up with the news, keeping up with friends and family on social media, using e-mail…innocent stuff, right?

You’ve never even posted so much as a picture online and say you don’t use a credit card online either.

  • But hey, if your passwords aren’t strong, this ALONE qualifies you as a potential hacking victim.
  • So, what is your password? Is it something like Bunny123? Does it contain your name or the name of a sport? Keyboard sequences? The name of a well-known place? The name of a rock band?
  • Do you use this password for more than one account? That gets tacked onto your risks of getting hacked.
  • You need not be someone famous to get hacked; just someone who gets lured into filling out a form that wants your bank account number, credit card number, birthdate or some other vital data.
  • If you just ordered something from Amazon, and the next day you receive a message from Amazon with a subject line relating to your order…did you know that this could be from a scammer who sent out 10,000 of these same e-mails (via automated software), and by chance, one of them reached someone at just the right time to trick you into thinking it’s authentic?
  • People who know you may want your information to get revenge, perhaps a spurned girlfriend. Don’t disqualify yourself; nobody is ever unimportant enough to be below the scammer’s radar.
  • Did you know that photos you post in social media have a GPS tag? Scammers could figure out where the photo was taken. Are you announcing to all your FB friends about when your next vacation is? Did you know a burglar might read your post, then plan his robbery? Between the GPS tags and your vacation dates…you’re screwed.

Well, you can’t live in a bubble and be antisocial, right? Well, it’s like driving a car. You know there are tons of accidents every day, but you still drive. Yet at the same time, if you’re halfway reasonable, you’ll take precautions such as wearing a seatbelt and not driving closely behind someone on the highway.

Most of your fate is in your hands. And this applies to your online safety. You won’t be 100 percent immune from the bad cyber guys, just like you’re not 100 percent immune from a car wreck. But taking precautions and having the right tools really make a tremendous difference.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.