5 Digital Security Tips That You Should Always Beware Of

Hackers are out there, and they have their eyes on YOU! So, you are the first line of defense against them. Do you know how to make your smart phone or computer more difficult for hackers to access? Here’s five tips to help:

Password Information

  • You would think that these days, everyone would know how to create and use a strong password, but people don’t. Every online account you have should have a strong, long password made of a combination of symbols, letters, and numbers. You should also use a different password for each account.
  • A good, strong password is at least 8-12 characters in length. It is also made up of both upper case and lower-case letters, symbols and numbers. Make sure it doesn’t spell anything, either. Example: “yi&H3bL*f#2S” However a phrase will do to. Such as iLike1ceCream!
  • Activate two-factor authentication on every account you can. This way, even if your password gets into the wrong hands, the hacker can’t get in unless they also have access to your smartphone.

Understand the Cloud

  • Yes, the cloud is pretty cool, but it is still vulnerable. The cloud, essentially is just internet connected servers that sit in climate controlled secure facilities. These are generally secure. However, if your device doesn’t have the best security, the data in the cloud becomes vulnerable through your device. Example: your bank which is cloud based, is unlikely to get hacked, but your PC is. If you don’t use security software, or if you don’t update your software, cloud security doesn’t matter much.
  • Since the cloud is a huge source of data, a lot can go wrong. So, should you rely on the cloud to protect you or should you protect yourself? Feel good that in general whatever cloud serve you are using is secure. But if you are downloading pirated content and shady software, then cloud security will not protect you.

New Devices Don’t Mean Safe Devices

  • Many believe that if they have a new device that it is perfectly safe. This isn’t true. Androids and Macs need antivirus just like PCs need antivirus. And right out of the box, all devices operating systems, browsers and software should be updated.

Antivirus Software is Great, But Not Perfect

  • Yes, it’s awesome to have good antivirus software, but it’s not the only thing you have to do to keep your device safe. Think of your antivirus software as an exterminator. Like a pest control expert in your home, they get out the vast majority of insects when you call them. However, they can’t 100% eradicate every single egg, larvae, and bug. Free antivirus software is the same. It does a great job for the most part, but it won’t get everything. Free antivirus doesn’t come with a firewall, antispyware, antiphishing or other fundamental security tools. A paid service will generally accomplish this.
  • Ask yourself this: would you want your bank using free antivirus software? Then why do you?

Updating Your System

 It can get annoying when your system alerts you with a pop-up to update your software, but don’t hit “remind me later.” In most cases, this update contains important security patches that you need to install to be safe. It’s best to allow automatic updates on every device.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Smart and Easy Ways to Protect Your Digital Life

Even if you don’t realize it, your identity is all over the internet. Whether you posted to an internet forum in 1996 or you ever had a MySpace page, this information is still out there, and you have to protect it. Here are some simple and easy ways that you can protect your digital life:

  1. Change Passwords – The first thing you should do is make sure you are regularly changing passwords. Make your passwords difficult to guess, and a mixture of letters, numbers, and symbols. Also, make sure that you are protecting your account when resetting passwords. For instance, you should have to answer “knowledge based authentication questions” before making a change.
  2. Take a Look at Account Activity – Many companies allow users to check out their recent activity. Google, Facebook, and Twitter are three examples. If something seems out of place, report it, immediately.
  3. Close Accounts You Don’t Use – Do you have an old MySpace page? Did you start a Blogger and never use it? If so, go and delete those accounts before they get hacked.
  4. Don’t Share Too Much – What do you share online? Are you getting too personal? Hackers can use personal information, such as your birthday, or even favorite sports team, to get into your accounts. This is especially the case if you choose to use this information in your passwords or in your password reset or knowledge based authentication questions.
  5. Use a VPN – With all of the talk about internet security making headlines, the safest way to access public Wi-Fi is through a VPN. A VPN, or virtual private network, encrypts your information.
  6. Don’t share account passwords – STOP THE MADNESS! Though you might think it’s cute to share a social media account with your spouse, it’s also dangerous. The more people who have access to your accounts, the higher the chances of getting hacked.
  7. Choose Trusted Contacts – Make sure to choose a couple of friends or family members as trusted contacts. That way, if you get kicked out of your social media accounts, they (meaning their email or mobile#) can help you get back in.
  8. Update All of Your Software – Finally, make sure that you are updating all of your software such as your OS, apps, or even Office docs when prompted. Don’t let those updates wait. Many of them contain important security updates, too.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Getting Rid of an Electronic Device? Do This First…

A shocking study by the National Associated for Information Destruction has revealed some terrifying information: 40% of electronic devices found on the second-hand market contains personal information. This information includes usernames and passwords, personal information, credit card numbers, and even tax information. Tablets were the most affected, with 50% of them containing this sensitive information, while 44% of hard drives contained the info.

What does this mean for you? It means that all of those old devices you have laying around could put you in danger.

Deleting…Really Deleting…Your Devices

Many of us will haphazardly click the ‘Delete’ button on our devices and think that the information is gone. Unfortunately, that’s not how it works. You might not see it any longer, but that doesn’t mean it doesn’t exist.

To really make sure your device is totally clean, you have to fully wipe or destroy the hard drive. However, before you do, make sure to back up your information.

Back Up

Whether you use a Mac or a PC, there are methods built into your device that will allow you to back it up. You can also use the iCloud for Apple, or the Google Auto Backup service for Androids. And of course you can use external hard drives, thumb drives or remote backup.

Wipe

Wiping a device refers to completely removing the data. Remember, hitting delete or even reformatting isn’t going to cut it. Instead, you have to do a “factory reset,” and then totally reinstall the OS. There is third party software that can help, such as Active KillDisk for PCs or WipeDrive for Mac.  If you are trying to clean a mobile device, do a factory reset, and then use a program like Biancco Mobile, which will wipe both Android and iOS devices.

Destroy

Wiping will usually work if your plan is to resell your old device, but if you really want to make sure that the information is gone for good, and you are going to throw the device away anyway, make sure to destroy it.

Many consumers and businesses elect to use a professional document shredding service. I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Theft, vandalism, and industrial espionage are ever increasing security problems. Today’s information explosion can be devastating to your business. Most consumers and businesses may not know that they have a legal responsibility to ensure that confidential information is not disseminated.” The reality is, if security is important to you or your company, then shredding should be as well.  

The goal, of course, is to make it impossible for thieves to access the data you have and/or discard.

Recycle

If you want to recycle your device, make sure that you only use a company that is certified and does downstream recycling. Know that recycling offers NO security for your information. They should be part of the R2, or Responsible Recycling program or the e-Stewards certification program. Otherwise, your data could end up in the wrong hands. Also, if you recycle or donate your device, make sure to keep your receipt. You can use it when you file your taxes for a little bit of a return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

10 ways to beef up Digital Security

#1. Keep everything up to date. You know those annoying popups telling you updates are available? Do you ever click out of them? Don’t. Always update at the time these appear.

2D#2. Two-step verification. Two-step verification or authentication should be set up for all your accounts that offer it. A unique one-time code is sent to the user’s phone or via e-mail that must be entered in the login field.

#3. Unneeded browser extensions? Review your browser extensions. Uninstall the ones you don’t use. Too many extensions can slow down your computer.

#4. Encryption. Encryption software will scramble your e-mail and other correspondence so that prying eyes can’t read them, but you and your intended correspondent can. If you must use public Wi-Fi (like at a coffee house), install a virtual private network to encrypt transactions.

#5. Lock screen protection for your mobile device. Your smartphone has lock screen protection in the form of a password to prevent a non-authorized user from gaining access. If you leave your phone lying around or lose it, you’re protected if you have a password. Otherwise you are screwed.

In the same vein, your laptop should have protection from non-authorized users. Set up a password that allows access to using the device, including after hibernation periods.

#6. Check active logins. Some accounts allow you to check active logins to see if any unauthorized users have been in your accounts, such as Twitter, Facebook and Gmail.

#7. How easy can someone impersonate you? Could anyone phone your bank or medical carrier and give the correct information to bypass security, such as your “favorite pet’s name”? Who might know this information? Well, if it’s on your Facebook page, anyone who can view it. How much of your personal information is actually online?  Many accounts allow a “secondary password” Ask them.

#8. Simple but powerful layers of protection.

  • Don’t have login information written down on hardcopy.
  • Cover your webcam with tape (yes, cybercrooks have been known to spy on people this way).

#9. Sharing your personal life with the whole world. Set all of your social media accounts to the private settings you desire. Do you really want a potential employer to see you hurling at your late-night party? Make sure images that you post are not geo-tagged with your home address.

#10. Web tools. Check out the various toolbars that you can add to your browser to beef up security. Be selective and check ratings.

Robert Siciliano, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Can Two-Factor Authentication actually fail?

You’ve probably read many times that two-factor authentication is a superb extra layer of protection against a thief hacking into your accounts, because gaining access requires entering a One Time Passcode (OTP)—sent via text or voice—into a login field. In other words, no phone, no access.

7WBut CAN a hacker get the phone? Ask Deray McKesson, an activist with Black Lives Matter. Hackers got his phone.

Now, this doesn’t mean they busted into his home while he was napping and took his phone. Rather, the thief took control of his mobile account.

The thief rerouted McKesson’s text messages – to a different SIM card that the mobile carrier, Verizon, had issued to the thief. This is how the criminal got the two-factor code. Next thing, the imposter was in McKesson’s Twitter and e-mail accounts.

So though two-factor is a pretty well-padded extra layer of protection, it can be circumvented.

“Someone called Verizon impersonating me,” tweeted McKesson on June 10. The crook got a different SIM this way. The flaw isn’t the two-factor system. In this case it was Verizon, allowing this to happen just too easily.

“Today I learned that it is rather easy for someone to call the provider & change your SIM,” says a subsequent tweet. Though Verizon does require the last four digits of the user’s SSN to get a new SIM card, this isn’t enough to filter out imposters, as we see here. McKesson further tweeted he was “not sure” how the imposter knew those last four digits, but that “they knew it.”

Verizon has since implemented additional safeguards.

So what really happened? How did someone get McKesson’s SSN? Did he reveal it somewhere where he didn’t have to? And then the wrong person saw it? Was he tricked into revealing it through a phishing e-mail?

Nevertheless, here’s what to do:

  • Set up a secondary code on your phone’s account.
  • This is a personal identification number that an imposter would have to reveal before any changes were made to the account—even if he gave out your entire SSN to the mobile company rep.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Three ways to beef up security when backing up to the cloud

Disasters happen every day. Crashing hard drives, failing storage devices and even burglaries could have a significant negative impact on your business, especially if that data is lost forever. You can avoid these problems by backing up your data.

Backing up means keeping copies of your important business data in several places and on multiple devices. For example, if you saved data on your home PC and it crashes, you’ll still be able to access the information because you made backups.

A great way to protect your files is by backing up to the cloud. Cloud backup services like Carbonite allow you to store data at a location off-site. You accomplish this by uploading the data online via proprietary software.

Cloud backup providers have a reputation for being safe and secure. But you can’t be too careful. Here are a few ways to beef up security even more when you use a cloud backup system:

  • Before backing up to the cloud, take stock of what data is currently in your local backup storage. Make sure that all of this data is searchable, categorized and filed correctly.
  • Consider taking the data you have and encrypting it locally, on your own hard drive before backing up to the cloud. Most cloud backup solutions – including Carbonite – provide high-quality data encryption when you back up your files. But encrypting the data locally can add an additional layer of security. Just remember to store your decryption key someplace other than on the computer you used to encrypt the files. This way, if something happens to the computer, you’ll still be able to access your files after you recover them from the cloud.
  • Create a password for the cloud account that will be difficult for any hacker to guess. However, make sure that it’s also easy for you to remember. The best passwords are a combination of numbers, letters and symbols.

Cloud backups are convenient and have a good record when it comes to keeping your data safe. It doesn’t require the purchase of additional equipment or the use of more energy. You can also restore data from anywhere, to any computer, as long as there is an Internet connection available.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

Can the cloud be trusted?

Most people have heard of storing information in “the cloud,” but do you know what this means, and if it is even safe?

4HA cloud is basically a network of servers that offer different functions. Some of these servers allow you to store data while others provide various services. The cloud is made of millions of servers across the globe and most are owned by private or public corporations. Many of those corporations are diligent about security, and you are likely using the cloud whether you know it or not.

Most customers using cloud services have faith that their information will remain safe. But there are some precautions you need to take. Here are some questions to ask any cloud service provider before relying on them to store your business data:

  • How often do you clean out dormant accounts?
  • What type of authentication is used?
  • Who can access and see my data?
  • Where is the data physically kept?
  • What level of encryption is in place?
  • How is the data backed up?
  • What’s in place for physical security?
  • Are private keys shared between others if data encryption is being used?

Keeping your company data safe

Over time, a company surely will accumulate data that seems irrelevant, but you shouldn’t be so quick to dispose of this data, especially if it is sensitive. This might include data such as customer or client information, employee information, product information or even old employee records.

The truth is, you just never know when you may or may not need this information, so it is best that you keep it. Digital data should be backed up in the cloud. If it’s paper, convert it to digital and store it offsite. Here are some things to remember when doing this:

  • All data, even if old or irrelevant, should be backed up.
  • Data retention policies should always include an “expiration date” for when this data is no longer useful to you.
  • Companies that want to delete old data should understand that deleting files and emptying the recycle bin, or reformatting a drive may not enough to get files off of your computer. Hackers may still be able to access this data.

If you actually want to remove all of the data on a disk, literally break or smash it. To truly delete a file, you must physically destroy the hard drive.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

Pay attention to your IoT Device Security

Wow cool! A device that lets you know, via Internet, when your milk is beginning to sour! And a connected thermostat—turning the heat up remotely an hour before you get home to save money…and “smart” fitness monitors, baby monitors, watches…

6DSlow down. Don’t buy a single smart device until you ask yourself these 10 questions. And frankly, there’s a lot of effort in some of these questions. But, security isn’t always easy. Check it out.

  • Was the company ever hacked? Google this to find out.
  • If so, did the company try to hide it from their customers?
  • Review the privacy policies and ask the company to clarify anything—and of course, if they don’t or are reluctant…hmmm…not good. Don’t buy a device that collects data from vendors that fail to explain data security and privacy.
  • Does the product have excellent customer support?
  • Is it hard to get a live person? Is there no phone contact, only some blank e-mail form? Easily accessible customer support is very important and very telling of the product’s security level.
  • Does the product have vulnerabilities that can make it easy for a hacker to get into? You’ll need to do a little digging for this information on industry and government websites.
  • Does the product get cues for regular updates? The manufacturer can answer this. Consider not buying the device if there are no automatic updates.
  • Does the product’s firmware also automatically update? If not, not good.
  • Is the Wi-Fi, that the device will be connected to, secure? Ideally it should be WPA2 and have a virtual private network for encryption.
  • Will you be able to control access to the product? Can others access it? If you can’t control access and/or its default settings can’t be changed…then be very leery.
  • What data does the device collect, and why?
  • Can data on the device traverse to another device?
  • Ask the gadget’s maker how many open ports it has. Fewer open ports means a lower chance of malware slithering in.
  • Is stored data encrypted (scrambled)? If the maker can’t or won’t answer this, that’s a bad sign.
  • Ask the manufacturer how the device lets you know its batteries are low.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Dust off your digital devices inside and out

Hackers know small companies are more vulnerable to data breaches due to limited resources. Cybersecurity should always be a high priority. But when a company’s IT staff consists of maybe 1-2 people who are provided limited budgets and are constantly solving other tech problems, the focus on security suffers. And hackers aren’t the only problem. One significantly overlooked part of the security process “cleaning” the IT infrastructure.

4HIT staff being and small business owners must keep on top of:

  • Networked systems
  • PC and mobile hardware
  • Multiple device software
  • Local and cloud data

The best way to manage the “cleaning” process is to keep a checklist and break the workload down into small bites. Complete the following tasks to clean up your business’s digital life and add layers of protection:

  • Rule #1: Automatically back up your data before, after and always. No matter what you are doing to your devices, make sure they are backed up.
  • Use automatically updated security tools including anti-virus, anti-spyware, and firewall software.
  • Use a virtual private network for public Wi-Fi activity. Check to see if the VPN auto-updates.
  • Take an inventory of your e-mail files. Depending on the nature of a business, it may be prudent to keep everything backed up for years. In other cases, consider deleting useless messages. Create folders for messages pertaining to certain topics. Delete old folders, etc.
  • Go through all of your devices’ programs and uninstall the ones you’ll never use.
  • Carefully sift through all of your files and get rid of useless ones.
  • Separate out media so that there are files specifically for images, video, docs, etc.
  • Integrate desktop icons that have a commonality. For instance you may have several related to a certain product or service you provide. Create a main folder and put all of these in it. Icon clutter may slow boot-up time and makes things look and feel, well, cluttered.
  • Take a look at all your passwords. Replace the crackable ones with long and strong ones. An easily crackable password: contains real words or proper names; has keyboard sequences; has a limited variety of characters. If you have a ton of passwords, use a password manager.
  • Have multiple backups for your data including on premise and cloud storage.
  • Defragment your hard drive.
  • Reinstall your operating system. Of course, first make sure all your data is backed up beforehand.
  • Operating systems pick up temporary files over time, slowing the computer and making it vulnerable. The free CCleaner tool will clean up your system’s registry.
  • Install program updates. Your OS should automatically do this, but check just to be safe.
  • Review the privacy settings of social media accounts to make sure you’re not sharing information with more people than you’d like.
  • Make sure your business is protected by a security alarm system that includes video surveillance. Hackers get the spotlight, but we can’t forget about the common burglar.

The prevention tactics above apply to businesses and really, everyone. Be sure to train your employees on proactive security and inform them about tricks that cyber thieves use. For more information visit: http://www.dhs.gov/national-cyber-security-awareness-month. If you’re looking for a secure backup solution, check out Carbonite. Sign up before the end of October and receive two free bonus months when you enter code “CYBERAWARE” at checkout.

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

How to prepare for Digital Disasters

Editor’s Note: In this week’s guest blog security expert Robert Siciliano explains how to protect your IT systems and your business from hardware failure. To learn more, download our new e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

3DIt is September and that means National Preparedness Month: an ideal time to get involved in your community’s safety. Make plans to stay safe, and this includes keeping ongoing communications alive. National Preparedness Month culminates September 30th with National PrepareAthon! Day.

I can’t believe that people who heavily rely on a computer for business will still suddenly report to clients, “My computer crashed; can you resend me all the files?” What? Wait!

Why aren’t these people backing up their data on a frequent basis? If your computer is central to your business you should back up your data a minimum of once a day to protect against the following threats:

  • Computer hack
  • Unintentional deletion
  • Theft
  • Water or fire damage
  • Hard drive crash

To make daily data backups less daunting, carefully sift through all of your files to rid old, useless ones and organize still-needed ones. A mess of files with a common theme all over the desktop can be consolidated into a single folder.

Protecting your data begins with keeping your computer in a safe, secure, locked location, but this is only the first (and weakest) layer of protection. The next step is to automatically back up data to the cloud. The third layer is to use local backups, ideally use sync software that offers routine backups to multiple local drives. It’s also important to use antimalware security software to prevent attacks from hackers.

Additional Tips for Small Businesses Make de-cluttering a priority by deleting unnecessary digital files. This will help the computer run faster and help your daily backups run more quickly. Take some time to sift through your programs and delete the useless ones.

It’s also a good idea to clean up your disk regularly. Windows users can find the disk cleanup tool by going to the Performance Information and Tools section under the Control Panel.

Go to the control panel and hit “Hardware and Sound.” Then click “Power Options.” Choosing the recommended “balanced” power setting will benefit the hard drive.

Every two to three years, reinstall your operating system to keep your hard drive feeling like a spring chicken.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business against the common accidents of everyday life, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.