11 Ways to Mitigate Insider Security Threats

/in , , , /by

Companies are constantly attacked by hackers, but what if those attacks come from the inside? More companies than ever before are dealing with insider security threats.Here are 11 steps that all organizations should take to mitigate these threats and protect important company data:11D

  1. Always encrypt your data If you want to minimize the impact of an insider threat, always encrypt data. Not all employees need access to all data and encryption adds another layer of protection.
  2. Know the different types of insider threatsThere are different types of insider threats. Some are malicious, and some are simply due to negligence. Malicious threats may be identified by employee behavior, such as attempting to hoard data. In this case, additional security controls can be an effective solution.
  3. Do background checks before hiringBefore you hire a new employee, make sure you are doing background checks. Not only will this show any suspicious history, it can stop you from hiring any criminals or those associated with your competitors. Personality tests can also red flag the propensity for malicious behavior.
  4. Educate your staffEducating your staff on best practices for network security is imperative. It is much easier for employees to use this information if they are aware of the consequences of negligent behavior.
  5. Use monitoring solutionsThere are monitoring solutions that you can use, such as application, identity and device data, which can be an invaluable resource for tracking down the source of any insider attack.
  6. Use proper termination practicesJust as you want to be careful when hiring new employees, when terminating employees, you also must use proper practices. This includes revoking access to networks and paying attention to employee actions on the network in the days before they leave.
  7. Go beyond the IT departmentThough your IT department is a valuable resource, it cannot be your only defense against insider threats. Make sure you are using a number of programs and several departments to form a team against the possibility of threats.
  8. Consider access controlsAccess controls may help to deter both malicious and negligent threats. This also makes it more difficult to access data.
  9. Have checks and balances for all staff and systemsIt is also important to ensure there are checks and balances in place, i.e. having more than one person with access to a system, tracking that usage and banning shared usernames and passwords.
  10. Analyze network logsYou should collect, store and regularly analyze all of your network logs, and make sure it’s known that you do this. This will show the staff that you are watching what they are doing, making them less likely to attempt an insider attack.
  11. Back up your data Employees may be malicious or more likely they make big mistakes. And when they do, you’d sleep better at night knowing you have redundant, secure cloud based backup to keep your business up and running.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. See him discussing identity theft prevention.Disclosures.

Ins and Outs of Call Center Security

/in , , /by

Companies that want to employ at-home workers for their call centers to save money and reduce the hassles of office space have to look at security considerations. In addition to thorough vetting of the agents and their equipment, organizations also need to ensure that the security is top-notch. A cloud-based contact center combats these issues. 3DHere are some considerations:

  • Will it anger customers to have an agent who can’t speak clear English? Not only does poor speech of the employee drive some customers away, it also concerns customers who are accessing their data over seas.

When choosing an outsourcer, organizations look for important factors including: (1) agent language capabilities, (2) security capabilities, and (3) financial stability of the outsourcer. – Study conducted by Ovum

  • There comes a point where businesses need to put customer comfort first, especially when it comes to security, such as in the case of healthcare and financial concerns—more complex issues. “Homeshoring” eliminates the awkwardness that sometimes arises when someone is trying to bushwhack through the broken English of the customer support. Though homeshoring will cost companies more, this will be offset by lower turnover rates, small learning curve and a higher rate of first-call resolution.
  • Telecommuters (agents) should be screened vigorously, including (as a minimum) a background check for Social Security Number, criminal history and citizenship.
  • Then, a contract should be drawn up that should include an agreement to customer confidentiality as well as learning specifications.
  • A system should allow the customer to enter, via phone keypad, sensitive information such as credit card number—but without the agent seeing this entry.
  • Sessions between agents and customers can be infringed upon by hackers who want to gain access or snoop, creating a need for an end-to-end security system.
  • Zero-day attacks, which give hackers access, are a big threat. To prevent this, companies must have regularly updated and patched-up systems.
  • A firewall is a must, for server protection and back-end systems.
  • Also a must is two-factor authentication. This superb verification method includes the factor of device location and other identifiers. An agent must have a way of receiving a one-time code sent by the company to gain access to a critical system. A hacker, for instance, won’t be in possession of an agents cell phone to receive the texted code.
  • In tandem with two-factor authentication, the cloud service should require a very uncrackable password so that only at-home agents can gain access. A strong password is at least eight characters (preferably 12) and contains caps and lower case letters, plus numbers and other characters like #, $ and @.
  • Cloud services should be 100 percent PCI Level 1 compliant. To enhance security, have a minimum of two PCI-compliant data centers.

Offshoring and outsourcing for call center agents places an even higher demand for security—which is already greatly needed by virtue of the at-home, virtual workplace. When choosing an outsourcing solution consider all of the above. Ask lots of questions and get quality references.

Robert Siciliano is a Personal privacy, security  and identity theft expert to Arise discussing identity theft prevention. Disclosures.

What is a Cache?

/in , , /by

Perhaps someone has told you that you need to “clear your cache,” but what does this mean and why should you do it? A cache is a folder of recently visited webpages, which is stored on your computer’s hard drive, and maintained by your Internet browser.

1DThe purpose of a cache is to speed up the loading of webpages. Your computer’s hard drive collects data from websites that you visit, so that when you visit them again, certain aspects of the previously visited pages (such as graphics) don’t have to be reloaded the next time, and this makes the loading time a little bit shorter.

But the space your cache has on your hard drive is limited, and over time, it can get congested. Data that hasn’t been accessed for a while gets tossed out to make room for new data from the new pages that you visit.

And sometimes, the cache process doesn’t work properly. The result is an incompletely loaded page, or a page that looks odd because it’s supposed to load new content but it’s showing old content. (Sometimes, page loading problems aren’t caused by a faulty cache, but this is such a common cause that you’ve probably heard people say, “You need to clear your browser’s cache.”)

So, now you know what a cache is, here are some specific steps to clear it on different browsers:

How to clear your cache in Chrome:

  • In the upper right of the browser click the little icon that says “Customize and control Google Chrome” when you hover over it with your cursor
  • Click History
  • Click “Clear browsing data”

How to clear your cache in Internet Explorer:

  • In the upper right of Internet Explorer, click the gear icon or “Tools”
  • Click Internet Options
  • Under “Browsing History” you’ll see a delete button; click that.

If you use another browser, and there are a few, search online for instructions on how to clear your cache.

Another option you have is to use software (free or paid) designed to clean the clutter from your computer and devices. These programs often work well, but sometimes they work too well and clean more than they are supposed to. It’s always a good idea to backup your information before cleaning your computer.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Everyone is vulnerable to Attack

/in , , , , , /by

There’s the war on drugs, the war on terrorism, the war on cancer and the war on cyber threats. In fact, more people are vulnerable to cyber attacks than they are to the first three threats combined.

7WSo pervasive is this threat that President Obama fully recognizes that everyone is at risk. He even signed an executive order recently in the hopes of promoting the sharing of more cybersecurity related data between the government and the private sector.

Recently President Obama presented a speech at Stanford University; the attendees included government officials and leaders in the tech world. He admitted that the government is a bit befuddled over how to provide the private sector with protection from cyber threats. And don’t forget that many hackers operate overseas, making them tougher to track down.

Obama’s message is that it’s difficult for the government to simultaneously protect the public and not be intrusive into peoples’ privacy.

He referred to the cyber world as the “Wild Wild West,” but it sounds more like the Wild Wicked Web. But he likens it to the Old West because people want the government to play the role of sheriff.

With practically the entire world online (even people living in huts along rivers have computers), everyone’s a potential victim.

Obama has really been putting his foot down hard about this, having begun in 2013, when the so-called cybersecurity framework was formulated—a scheme that’s designed to enhance cyber security, and this protocol has been put in place by some major corporations.

But Obama hasn’t stopped there. In January he announced plans for additional protection for the private sector.

Nevertheless, many people, including business decision makers, believe that the Obama Administration isn’t moving fast enough. They want to see these plans in writing, but these executive orders have not been made obtainable, perhaps making some tech leaders feel that Obama isn’t taking things quite as seriously as he says he wants to.

Regardless, the onus of responsibility is on you good reader. Nobody is going to protect your device or data better than you. Keep reading, keep your devices updated and maintain your awareness of various scams because criminals are getting better and better every day.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

Consumers Eager for Connected Technology

/in /by

Many of us are familiar with the Jetson’s TV cartoon that showed the life of a family in 2026 and how technology is a part of their everyday life. If you’re like me, some of the gadgets that George and his family had are probably things you thought were cool or would be convenient to have, especially the automatic meals that could be selected and then delivered with the push of a button or the flying cars. While we’re not quite at the level of George Jetson, technology advancements are only going to continue.

With that in mind, McAfee commissioned MSI for a study, “Safeguarding the Future of Digital America in 2025,” that looks at how far technology will be in 10 years. And also looking at how all this technology and interconnectedness affects our privacy and security—something George Jetson never had to worry about with Rosie (his robot maid), or while he video chatted.

What is interesting to see from the study is what people believe will be prevalent in 2025 (some of which are Jetson-esque) such as:

  • 60% believe that sooner or later, robots and artificial intelligence will be assisting with their job duties
  • 30% believe they’ll be using fingerprints or biometrics to make purchases
  • 69% foresee accessing work data via voice or facial recognition
  • 59% of people plan to have been to a house that speaks or reads to them.

There’s no reason to doubt all of these advances won’t soon be reality, but there will also be new considerations for consumers to be aware of. The more “connected” you are, the more you’re at risk. But while consumers seem to be embracing these new conveniences, 68% of them are worried about cybersecurity so it’s imperative that all of us know how to protect ourselves today and into the future.

How can you protect yourself?

  • Do your research before purchasing the latest gizmo. Read the manufacturer’s, app’s or site’s security and privacy policy. Make sure you fully understand how the product accesses, uses and protects your personal information and that you’re comfortable with this.
  • Read customer reviews. There’s hardly a product on the market that doesn’t have some kind of rating or customer feedback online. This unsolicited advice can help you determine if this is a device you want to own.
  • Password protect all of your devices. Stop putting this off. Don’t use the default passwords that come with the device or short, easy ones. Make sure they’re unique, long and use a combination of numbers, letters and symbols. Complex passwords can also be a pain to remember, that’s why using a password manager tool, like the one provided by McAfee LiveSafe™ service is a good idea.
  • Don’t have a clicker finger. Be discriminating before you click any links, including those in emails, texts and social media posts. Consider using web protection like McAfee® SiteAdvisor® that protects your from risky links.
  • Be careful when using free Wi-Fi or public hot spots. This connection isn’t secure so make sure you aren’t sending personal information or doing any banking or shopping online when using this type of connection.
  • Protect all your devices and data. McAfee LiveSafe service you can secure your computers, smartphones and tablets, as well as your data and guard yourself from viruses and other online threats.

Make sure you’re not like George calling out to his wife Jane saying “Jane…stop this crazy thing!” as he’s ready to fall off his electronic dog walker that’s gone out of control! Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

MCAI

To join the conversation use the hashtag #FutureTech or follow McAfee on Twitter or like them on Facebook.

To download the infographic, click here or click to read the press release.

How do I protect Myself engaged in the Internet of Things?

/in /by

The Internet of Things—IoT—is a formal term referring to distinctly identifiable objects (cars, kitchen appliances, smartphones) and their cyber-representations on the Internet.

3DBy 2020, it’s projected by at least one expert that there will be over 30 billion “things” represented virtually. All of this gives rise to increased security risk that seems almost paranormal.

The virtual world seems to be closing in on the physical world. Gee, sensors that track food purchases, for instance, can reveal if someone’s on a diet or is of a particular religion.

The IoT is expected to evolve in the following ways:

  1. Making dumb objects smart. Imagine house keys that don’t need to be taken out of one’s purse or pocket to open a door, or a gadget that you can scan dairy products in your refrigerator for expiration dates, and the sensor will then remind you of these dates.

    Go one step further: A mouse that can click links—not controlled by hand movements, but by thought. Well, that may be a century off, but you get the idea.

  2. “Things” that make changes by sensing changes in the environment. Imagine a garage door that opens because a sensor in it “knows” that the homeowner is approaching from 100 feet away.

    These “things” will react according to data received about what those things are virtually connected to. But if this technology is centralized, imagine what a hacker can do: The whole town’s garage doors won’t open. A national centralization will even be worse.

  3. Devices with independent autonomy. This sounds fantastic: Technology won’t require an intermediary device (like a smartphone) to take action when it “senses” a change in the environment.

    Imagine a “thing” sensing a change in your body (via sensory technology and apps) and then responding by dispensing medication. But this also sounds frightening: Imagine what a malicious hacker can do with this technology.

Security Issues

  • Ownership of data. Passing the buck for security responsibility is a major issue. Who’s responsible if a device gets hacked? The maker of the device? The owner? The hacker? Who should have secured it? This type of responsibility needs to be defined.
  • Transfer of information. Vulnerabilities exist when data is enroute. Data may sit stored in a local data collation hub where it awaits uploading, but meantime can be stolen.
  • Sensitivity of data. Varying tiers of security are needed to correspond to varying kinds of data being transferred. For example, a data stream about the amount of humidity in a greenhouse doesn’t need security, while medical record information definitely does.
  • Death by hacker. With increasing advances in the realm of IoT, hacking can become a life-and-death matter, not just the nuisance of some baby monitor getting hacked and the hacker spewing out lewd comments for mommy to hear. For instance, it’s only a matter of time before a doctor, hundreds of miles away, remotely controls a patient’s implanted heart arrhythmia controller. What if a hacker gains access and demands ransom or else?
  • IT infrastructure. Cloud security concerns will only deepen as the IoT proliferates. Data access, ID and authentication, legislative boundary constraints and other issues must be considered. And should data be stored publically or privately, is another big question to answer.
  • Unprotected wireless. Making sure any wireless connections are protected by a VPN is essential. Hotspot Shield VPN is a great option and it’s free.

At this point, nobody really knows how all of this will pan out. Regulation and legislation will be very challenging. The IoT may very well leave legislation for data protection in the dust.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

McAfees 10 Tips To Secure New Devices and Guard Against Cybercrime in 2011

/0 Comments/in , , /by

Here are some practical tips from McAfee to ensure optimal Internet safety and security in 2011:

Be aware that threats aimed at mobile phones are growing – Use software that backs up smart devices and use strong discretion when storing, saving or editing personal information on your smartphone or device. Don’t keep all of your personal passwords on your device, and avoid using it to store financial information like credit card and bank account numbers.

Keep in mind that gaming and entertainment devices are now Internet-connected – Many people don’t realize that their new gaming console may represent another port of entry for cybercrooks into their household. Some Internet TV applications can expose personal information, so be sure to install anti-virus software, two-way firewalls, anti-spyware, anti-phishing, and safe search capabilities, just as you would on a PC. Block free browser access via these devices and use parental controls wherever possible to ensure the safety of children who play interactive games.

Use technologies to protect information on USBs – Secure USB sticks by encrypting information, making it unreadable to someone who has taken or found it. In addition, install security software to protect portable hard drive devices and never leave such devices unattended.

Make sure that you are using a comprehensive security software platform for your PC– Free point solutions may work well for specific concerns and known threats, but it won’t protect you against emerging threats and is usually only being offered to get you to buy more comprehensive software. Ensure that it is comprehensive – meaning it has anti-virus with cloud computing, a two-way firewall, anti-spyware, anti-phishing and safe search capabilities.

Invest in identity theft protectionYour identity is you’re your most valuable asset. And with all your information contained and transmitted on your devices you need comprehensive coverage to protect you from identity thieves.

Make sure to transfer your PC best practices to all of your Internet-connected devices If you have an Apple device, Apple’s MobileMe service is available, providing tools for synching, backing up and securing data. Consider installing security software for new Internet connected devices such as smartphones, and make sure the device’s Wi-Fi is connected to a secure network.

Pay attention to your children’s online activities Communicate with children about cybercrimes, monitor their web activity and consider keeping the family computer in a common space to minimize their exposure to inappropriate content. For additional advice on child safety, visit the McAfee Family Internet Safety Center at www.mcafee.com/family and 10-Step Internet Safety Plan For Your Family.

Search and shop safely Before submitting credit card numbers or other personal information, always read the online vendor’s privacy and security policy. Consider using a trusted website safety advisor, such as McAfee® SiteAdvisor® software, included in all of McAfee consumer security suites, to determine which ecommerce sites are safe. Also, look for the McAfee SECURE™ trustmark before heading to the check-out counter.

Back up critical information Guard against data loss by utilizing a regular back-up software program to ensure that all critical information and personal files are safe in case of emergency.

STOP. THINK. CONNECT. is the first-ever coordinated message to help all digital citizens stay safer and more secure online. The message was created by an unprecedented coalition of private companies, nonprofits and government organizations

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)