Erase the Data on Your Devices: The Secure Way

With the holidays here, many of us will be receiving new digital devices. And many of those devices may end up on Facebook marketplace or eBay in a secondhand market. And I will buy them so I can find out what data you have left on them. I didn’t study not too long ago where I bought about 30 devices and ran forensics tests on them and found sensitive information on 17 of 30. Enough to steal lots and lots of identities.

data securityHave you sold or recycled an old phone or other device after you got a brand new one? What about an old laptop? Did you sell them to someone else or recycle them? If you have done any of the previous actions, it is likely that you have put yourself at risk.

A study from the National Association for Information Destruction discovered that approximately 40 percent of electronic devices that are sold second-hand still has personal information on them. This includes phones, tablets, and computers.

The data that was discovered on these devices include usernames, passwords, tax information, and credit card information. To make things even worse, the info was collected by using very simple methods; methods that almost anyone with a bit of computer knowledge can use.

Thankfully, there are things you can do to securely erase your device, including the following.

Correctly Prepare Your Device

It doesn’t matter if you are going to throw your device away (which you shouldn’t because that’s horrible for the environment) or sell it, you have to make sure that it is prepared correctly. First, you want to back up the data, and then you can erase the drive.

If you have a Mac, it is easy to do this by using the OS X Disk Utility, and if you have a PC, you can use software like Active KillDisk. If you are trying to do this with a smartphone, you can use software like SafeWiper for Android and then do a factory reset and remove the phone’s SIM card. Also, if you are throwing it away, smash it with a hammer before doing so. Yes, that’s a bit dramatic, but it ensures that people can’t get information on it.

Format the Drives

If you are getting rid of a hard drive or flash drive, or you have recently bought one, you should make sure to format them to get rid of any software that is left on them. Here’s how to do it:

Windows: 

  • Connect the device to your computer.
  • Open up Windows Explorer and find the drive on your system.
  • Right-click the drive and choose the “Format” option.
  • Choose the type of file system you want, and then under “Volume Label,” click “Quick Format” and then “Start.”

Mac 

  • Go to your computer’s Finder, and then click Applications/Utilities, then “Disk Utility.”
  • Click on the drive and choose “Erase.”
  • Next, click “Format,” choose the file system, and then create a name for the drive.
  • Click on “Erase.”

Formatting a Hard Drive on a Computer

To go about formatting a hard drive, you will find that it is a little more complex. To begin, you need a USB drive or a CD, and the goal is to completely erase the drive. Once you do this, you then have to re-install the operating system with the USB drive or the CD. Also, don’t forget to back up your data before you begin, or you will lose everything you have.

When doing this with a Mac, you should select the option on the computer to install from scratch. This will erase the drive. For Windows, you have to use the Windows Installer, and then choose “Drive Options.” Choose “Format,” “Next,” and then install Windows.

Even when this is all done, it is still possible for someone who has the knowledge to get data from your device. This is why it’s so important to educate yourself via security awareness training and remain vigilant.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

What the Equifax Data Breach Can Teach Us About Security Fatigue

If you buy anything, anywhere, you are at risk of a cyber threat. Though you probably know that cyber threats exist, if you are like most of us, you don’t’ know what to do when it comes to being safe online, and if you become a victim, you really don’t know what to do. This is all important as we prepare for the next big breach like the one that happened with Equifax. If you use credit, you are a potential victim here.

According to Equifax, more than 147 million people were affected by the breach, and most of us had or have no idea what we can do about it, or how it might affect us in the future. On top of this, when we look at statistics, we can see that almost 27 billion…not million, but billion…additional records were exposed due to data breaches in 2020, and things are only going to get worse.

The issue is that people are frustrated, scared, and confused, and because these cyber-attacks are so common now, people are just getting apathetic about it. Of course, this is very dangerous. Additionally, there are other issues, too, specifically “security fatigue.”

What does this mean? It means that people just want nothing to do with worrying about computer security at all, and they get annoyed when they hear all of the rhetoric that comes from security experts like “keep an eye out for blah, blah, blah.”

Cyber Attacks are More Common Now Than Ever in the Past

It should be no surprise that cyber attacks are more common today than they were in the past. That also means that the chances of becoming a victim of identity theft are higher. Internet fraud is playing a big role in this, but it’s not just human error and bad passwords that are causing this. Instead, it’s the lack of people doing anything to stop it. And here’s the thing…if you think it can’t happen to you, you are wrong.

Tips for Protecting Yourself Online

It is not difficult to protect yourself online. Here are seven tips to keep yourself safe:

  • Download a program for your browser that tells you if a site you are going to go to is dangerous. These can be seen right from your browser, and if a site is safe, you will immediately know. A full suite of antivirus should include a browser plug-in to serve this purpose.
  • Keep your passwords safe with a password manager. It is very important to use a different password for every account.
  • Get some type of ID theft coverage through your employer, your bank, or other business. It’s not easy to 100% fully protect your identity, but using something like this can make things much, much easier.
  • Set up two-factor authentication and text alerts for sensitive accounts like bank accounts, email, and social media.
  • Freeze your credit. This way, a scammer can’t open any new accounts in your name.
  • Learn more about common internet scams. You should understand what ransomware is, phishing, scareware, and more.

One of the biggest things you should take away from this is to understand that if you become a victim of something like this, it doesn’t just affect you; it also can affect your family, friends, co-workers, and more. Yes, it might be annoying to some to have to take these steps, but it could be the difference between staying safe and becoming a victim.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Second Hand USB’s Could Have Personal Info Still Inside

An unsurprising study was recently released that found even when a portable USB drive is erased, not all of the documents and images are always removed. That, of course, is frightening.

Here’s how the research was done:

Researchers went online to sites like eBay, to second-hand shops, and even auction stores. They bought 200 used USB drives, half from the US and half from the UK. Almost 2/3 of the devices had data on them! This data was, for the most part, personal data, and it can also be used by cybercriminals to steal someone’s identity. On top of that, these USB drives can contain malware.

Removing All Data is Difficult

When someone tries to delete or remove data from a USB device, they rarely have success. In fact, of the 100 USB devices the researchers bought in the US, only 18 of them were totally wiped clean. The rest of them had data that had been deleted, but someone could certainly recover it. The UK devices were similar. What’s so surprising about this is that it is extremely easy…and free…for someone to fully delete their device. But most people just don’t put in the effort, and that could definitely hurt them in the future.

USB Devices Can Be Risky

Using these devices can be risky, not only for average people, but also for businesses. In 2017, for example, a USB device was lost, and it contained sensitive information about Heathrow Airport. The government investigated, and eventually fined the company. The information was not encrypted, nor password protected, and it was found on the street by a random passerby.

Because of these risks, some companies, like IBM, have banned the use of USB devices. Instead, employees must use the company’s cloud. Other companies still allow them, of course, but they could be going down a dangerous road. These devices are really cheap to buy, and people can save almost anything on them, but they are also very easy to lose.

There are other issues with USB devices too. First, of course, you have the data on these drives to deal with, but there is also the fact that potential malware could be on the devices. Most companies don’t have the same rules that IBM has, and most consumers don’t think of this at all. This makes people and small businesses very vulnerable. So, if you use USB drives, there is one very important step that you need to take: encrypt it.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

2017 Was the Worst year for Data Breaches EVER!

It seems like 2017 broke records for all the wrong reasons…one of them being the worst year for data breaches in history.

According to reports, hacking was the most common way to collect this data, but almost 70% of exposures occurred due to accidental leaks or human error. This came down to more than 5 billion records. There were several well-known public leaks, too, including the Amazon Web Services misconfiguration. More than half of the businesses using this service were affected, including companies like Verizon, Accenture, and Booz Allen Hamilton. The scariest part of this, however, is the fact that the number of breaches and the number of exposed records were both more than 24% higher than in 2016.

Big Breaches of Big Data

Another interesting thing to note is that eight of the big breaches that occurred in 2017 were in the Top 20 list of the largest breaches of all time. The top five biggest breaches in 2017 exposed almost 6 billion records.

Part of the reason for the big numbers is because huge amounts of data were exposed from huge companies, like Equifax. There was also a huge breach at Sabre, a travel systems provider, and the full extent of the breach isn’t even known at this point. All we do know is that it was big.

When looking at all of the known 2017 data breaches, almost 40% of the breaches involved businesses. About 8% involved medical companies, 7.2% involved government entities, and just over 5% were educational entities. In the US, there were more than 2,300 breaches. The UK had only 184, while Canada had only 116. However, until now, companies in Europe were not forced to report breaches, so things could change now that reporting is mandatory.

What were the biggest breaches of all time?  Here they are, in order:

  • Yahoo (US company) – 3 billion records
  • DU Caller Group (Chinese company) – 2 billion records
  • River City Media (US company) – 1.3 billion records
  • NetEase (Chinese company) – 1.2 billion records
  • Undisclosed Dutch company – 711 million records

Though none of this is great news, there is a silver lining here: none of the breaches of 2017 were more severe than any other breach in history, and overall, the occurrence of breaches dropped in the fourth quarter.

Because of so many breaches occurring due to human error, it’s very important that businesses of all sizes enact security awareness training, including helping staff understand what makes a business a target and what type of info the hackers want.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Mainstream Email and Data Services Might Be Spying on You

The Internet nowadays flourishes on personal data. Many of the world’s largest companies rely on this intangible commodity that users have been too willing ‘donating’ as an exchange for a ‘free’ service.

As data replaces oil as the new premium commodity, buying and selling data is big business. While some companies do it legitimately, some entities do it illicit.

Let’s look at some stats:

  • Every day, there are more than 10 million hacker attacks
  • Every hour, more than 228,000 data records are lost or stolen
  • In 2017, thousands of data breaches exposed most everything from log-in names and passwords to Social Security numbers

But what is even more alarming, mainstream email and data services collect and then sell the data, such as: location, Internet search history, photos, files, and of course, more sensitive personal information. Sometimes they are compelled to give this information to the authorities without informing the owner of the data.

So, everyone is at risk of being monitored and lose valuable personal data.

However, there are ways to protect your data online.  One of the ways of doing it is by using Secure Swiss Data free encrypted email. This company has created easy-to-use secure email which has the following benefits:

  • End-to-end encryption – data is always encrypted, encryption is happening on a user’s device and data is stored encrypted on the Secure Swiss Data servers.
  • Swiss protection of the data – The servers are located in Switzerland under 320m of granite in the Swiss Alps. In addition, users’ data is protected by Swiss laws. In fact, Switzerland has some of the most stringent privacy laws in the world.
  • No Ads – another benefit is that they never display ads. This means the company has no reason to collect your data. They are not able to reador scan emails nor tracks any location information.
  • Privacy by Design – They use this approach which ensures that privacy is considered throughout the engineering process.

You can download Secure Swiss Data an Android or iOS app, and register a FREE account. With all the updates, so far, you can:

  • Send encrypted emails with attachmentsnot only to Secure Swiss Data users, but also to other third party email users.
  • Set expiration timer for emails so that they are automatically deleted from your and your recipients’ mailboxes after a set period of time.

One system to protect communications online with integrated blockchain

However, it seems that Secure Swiss Data team don’t want to stop there. They want to do more to secure communications and protect privacy online. At the same time they don’t want to depend on any third party or government investment. So, they are now starting a crowdfunding campaign:

To provide the world with a unique single encrypted communications and collaboration system that will include the following features: end-to-end encrypted email, calendar, notes, tasks, file storage, collaboration in encrypted files, and end-to-end encrypted messenger. 

On top of the end-to-end encryption, the Secure Swiss Data team will integrate blockchain in the system and therefore add another layer of security, which would increase customer convenience and quality of data protection online.

The cause – Take control over your data, and protect your Online Privacy

One of the best parts of using the Secure Swiss Data services is that you know where the company stands. They have clearly stated that they believe in privacy as a human right and civil liberty. User’s data should be kept private, and no one should be able to get into those personal accounts unsolicited.

Furthermore, they say: “Privacy is not about having something to hide, it’s about the right to control what you want to share and what you want to keep to yourself.”

So, have an opportunity to make the decision on what to share and what not.

And using services like the one from Secure Swiss Data, you can do just that: have control over your online data and communications.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

The Natural Predatory Nature of Humans

A study published in Nature shows us that both evolution and genetics have made a big impact on the behavior of humans…including in the case of murder. However, as we have become more civilized, these instincts have been muted.

Scientists have looked at the rate of homicide in more than 1,000 species, and they noticed something interesting: The rates of these lethal acts are similar, which means that evolution of each species can give us a good idea of how violent each species really is.

This study states that humans are part of a violent group of similar mammals. These mammals all evolved at the same time, together. Plus, all of these mammals have murderous and violent pasts. So, what does this mean for us? It means that we are violent today because our ancestors were violent.

When you look at all mammals, about three in 1,000 are murderers. However, when you specifically look at humans, the average over time is about 20 in 1,000. Furthermore, when you examine certain time periods, such as the medieval period, this rate rose to about 120 murderers in 1,000. These numbers have fortunately fallen, however, and today, it stands at about 13 murderers per 1,000 people.

So, we are killing each other much less frequently today than we used to 1,000 years ago. However, we are still not as peaceful as other mammals. For instance, killer whales, which we believe to be quite violent, have a murder rate of almost zero against their own species.

We are much more violent than whales, but when we compare our murder rates to those of cougars, baboons, or lemurs, we are less violent. All of these animals have a murder rate of about 100 per 1,000.

Since this research looked at violence by comparing species that are closely related, it is not surprising that these species are similarly violent. It is also interesting that the more closely related a species is, the more similar their instances of violence.

It’s quite difficult to actually calculate the rates of violence among our ancestors, but we are able to get a good idea thanks to archaeological evidence. It was found that by looking at these sites, that violence rates were lower among people who had some type of government or culture. This also suggests that murder rates among a species can be reversed. In fact, this evidence shows that it can decrease or increase based on ecological, cultural, or social factors. This evidence is similar to what was found in a study done at Harvard, which specifically looked at violent crimes including rape and murder.

When looking at these facts, we find that humans are territorial and social, but also naturally violent. As we have developed over time and found more civilized activities, our rates of violence have gotten lower. What’s even more interesting is that most mammals aren’t murderers towards their own species…but some, such as lions, wolves, and primates, which includes humans, engage in violent actions.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Top 12 Tips to Destroy Your Sensitive Data

Believe it or not, you just can’t shred too much. If you aren’t destroying your sensitive data, my best advice is for you to start now. There are people out there who make a living diving into dumpsters in search of credit card info, bank account number, mortgage statements, and medical bills; all things they can use to steal your identity.  

Here are 12 tips that you can use to help you destroy your sensitive data:

  1. Buy a shredder. That said, I don’t own a shredder. I’ll explain shortly. There are a number of different brands and models out there. Some even shred CDs. This is important if you keep your documents saved on a computer, which you then saved to a CD. Don’t, however, try to shred a CD in a shredder that isn’t equipped to do this job. You will definitely break it.
  2. Skip a “strip-cut” shredder. These shredders produce strips that can be re-constructed. You would be surprised by how many people don’t mind putting these pieces together after finding them in trash. Yes, again, people will go through dumpsters to find this information. Watch the movie “Argo” and you’ll see what I mean.
  3. Shred as small as you can using a cross cut shredder. The smaller the pieces, the more difficult it is to put documents together again. If the pieces are large enough, there are even computer programs that you can use to recreate the documents.
  4. Fill a large cardboard box with your shreddables. You can do this all in one day, or allow the box to fill up over time.
  5. When the box is full, burn it. This way, you are sure the information is gone. Of course, make sure that your municipality allows burning.
  6. You should also shred and destroy items that could get you robbed. For instance, if you buy a huge flat screen television, don’t put the box on your curb. Instead, destroy, shred, or burn that box. If it’s on the curb, it’s like an invitation for thieves to come right in.
  7. Shred all of your documents, including any paper with account numbers or financial information.
  8. Shred credit card receipts, property tax statements, voided checks, anything with a Social Security number, and envelopes with your name and address.
  9. Talk to your accountant to see if they have any other suggestions on what you should shred and what you should store.
  10. Shred anything that can be used to scam you or anyone. Meaning if the data found in the trash or dumpster could be used in a lie, over the phone, in a call to you or a client to get MORE sensitive information, (like a prescription bottle) then shred it.
  11. Try to buy a shredder in person, not online. Why? Because you want to see it and how it shreds, if possible. If do buy a shredder online, make sure to read the reviews. You want to make sure that you are buying one that is high quality.
  12. Don’t bother with a shredder. I have so much to shred (and you should too) that I use a professional document shredding service.

I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Most businesses have shredding that needs to be done regularly. We provide free shredding bins placed in your office. You simply place all documents to be shredded in the secure bin. Your private information gets properly destroyed, avoiding unnecessary exposure.”

Does your local service offer that? Shredding myself takes too much time. And I know at least with Highlands equipment (check your local service to compare) their equipment randomly rips and tears the documents with a special system of 42 rotating knives. It then compacts the shredded material into very small pieces. Unlike strip shredding, this process is the most secure because no reconstruction can occur.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Security training: the Human Being is impossible to fix

As long as humans sit at computer screens, there will always be infected computers. There’s just no end to people being duped into clicking links that download viruses.

12DA report at theregister.co.uk explains how subjects, unaware they were guinea pigs, fell for a phishing experiment.

  • Subjects were sent an FB message or e-mail from an unfamiliar sender, though 16 percent of the subjects who ultimately clicked reported they knew the sender.
  • The sender announced they had images from a New Year’s Eve party but not to share them.
  • 43.5% clicked the FB message link and one-quarter clicked the e-mail link.
  • Many of the subjects denied making these clicks, but most who admitted it named curiosity as the reason.
  • 5% claimed they thought their browser would protect them from an attack.

Obviously, there will always be that percentage of the human population who will allow curiosity to preside over common sense and logic. The idea of simply never, never, ever clicking a link inside an e-mail is an impossible feat for them—perhaps more difficult than quitting smoking or losing 50 pounds.

This is the battle that businesses have with their employees, which is how businesses get hacked into and massive data breaches result.

However, says the report, rigid training of employees may backfire because valid e-mails may be ignored—though it seems that there has to be a way for companies to get around this—perhaps a phone call to the sender for verification if the company is small. For large businesses, maybe executives could just resort to the old-fashioned method of reaching out to employees; how was this done before the World Wide Web was invented?

Digital signing of e-mails has been suggested, but this, too, has a loophole: some employees misinterpreting the signatures.

Nevertheless, security training is not all for nothing; ongoing training with staged phishing e-mails has been proven, through research, to make a big difference. Unfortunately, there will always exist those people who just can’t say “No” to something as mundane as images from a New Year’s Eve party from a sender they’ve never even heard of.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Three Quarters of a Billion Records breached

Last year, says the security firm Gemalto, over 700 million records were breached. Or, to put it another way, this translates to two million stolen or lost records every day.

3D2015 Breach Level Report

  • 1,673 hacking incidents
  • 398 were triggered from the inside of the attacked company: employees and even IT staff who were tricked (social engineering) by hackers into clicking on malicious links or attachments
  • Government agencies suffered the greatest data leaks.
  • Following that were nation states and healthcare enterprises (remember the big Anthem breach?)

Gemalto also says that the U.S. is the leading target of cyber attacks, with the UK, Canada and Australia following behind in that order. But don’t let Australia’s fourth place standing fool you. It reports only 42 publically reported incidents, while the U.S. has reportedly had 1,222.

How can you tell your computer has been compromised by an attack?

  • Your computer is running slowly; you’re not simply being impatient—the device really is moving at a crawl. This is a possible sign the computer is infected.
  • Another possible sign of infection: Programs open up without you making them, as though they have a mind of their own.

Protecting Your Computer

  • First and foremost, businesses need to rigorously put their employees through training. This includes staged phishing attacks to see if any employees can be tricked into revealing sensitive company information. Training for workers must be ongoing, not just some annual seminar. A company could have the best security software and smartest IT staff, but all it takes is one less-than-mindful employee to let in the Trojan horse.
  • If you receive an e-mail with a link or attachment, never rush to open them. Pause. Take a few breaths. Count to 10. No matter what the subject line says, there is always plenty of time to make sure an e-mail is from a legitimate sender before opening any attachments or clicking any links.
  • Use firewall and anti-virus software and keep them updated.
  • Use a virtual private network to scramble your online activities when you’re using public Wi-Fi so that cyber snoopers see only scrambling.
  • Use the most recent version of your OS and browser.
  • Regularly back up your data.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How much is your Data worth online?

Cyber crime sure does pay, according to a report at Intel Security blogs.mcafee.com. There’s a boom in cyber stores that specialize in selling stolen data. In fact, this is getting so big that different kinds of hot data are being packaged—kind of like going to the supermarket and seeing how different meats or cheeses are in their own separate packages.

10DHere are some packages available on the Dark Net:

  • Credit/debit card data
  • Stealth bank transfer services
  • Bank account login credentials
  • Enterprise network login credentials
  • Online payment service login credentials

This list is not complete, either. McAfee Labs researchers did some digging and came up with some pricing.

The most in-demand type of data is probably credit/debit card, continues the blogs.mcafee.com report. The price goes up when more bits of sub-data come with the stolen data, such as the victim’s birthdate, SSN and bank account ID number. So for instance, let’s take U.S. prices:

  • Basic: $5-$8
  • With bank ID#: $15
  • With “fullzinfo” (lots more info like account password and username): $30
  • Prices in the U.K., Canada and Australia are higher across the board.

So if all you purchase is the “basic,” you have enough information to make online purchases—and can keep doing this until the card maxes out or the victim reports the unauthorized charges.

However, the “fullzinfo” will allow the thief to get into the account and change information, thwarting the victim’s attempts to get things resolved.

How much do bank login credentials cost?

  • It depends on the balance.
  • $2,200 balance: $190 for just the login information
  • For the ability to transfer funds to U.S. banks: $500 to $1,200, depending on the balance.

Online premium content services offer a variety of services, and the login credentials to these are also for sale:

  • Video streaming: $0.55 to $1
  • Cable channel streaming: $7.50
  • Professional sports streaming: $15

There are so many different kinds of accounts out there, such as hotel loyalty programs and auction. These, too, are up for sale on the underground Internet. Accounts such as these have the thief posing as the victim while carrying out online purchases.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.