Almost 5% of Smartphones Lost Every Year

/in /by

McAfee and Ponemon Institute recently released “The Lost Smartphone Problem,” a study that attempts to determine how many employees’ smartphones are lost or stolen, and the consequences of these lost cell phones on various organizations. Among the 439 sample organizations, the number of missing smartphones is significant: 142,708 in one year.

Approximately 62% of smartphones are company owned devices assigned to employees for business use. 38% are personally owned and are used for business. Roughly 4.3% of these employee smartphones are lost or stolen each year. Of the 142,706 smartphones reported missing by the 439 businesses surveyed, only 9,298—7%—were recovered. 13% of the missing smartphones were lost in the workplace, 29% were lost while traveling, and 47% were lost while employees were working away from the office, either at home or hotel rooms. Employees were unsure where the remaining 11% were lost. And despite the fact that 60% of missing smartphones are believed to contain sensitive and confidential information, 57% were not protected with available security features.

The industries reporting the highest rate of smartphone loss were health and pharmaceuticals, education and research, and public sector organizations.

Based on the costly consequences of lost data assets, it makes sense to allocate the necessary resources to invest in anti-theft and data protection solutions in order to secure smartphones and the sensitive and confidential information they contain.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Ghosting Identity Theft Scams

/in /by

There are generally 2 types of financial identity theft. New account fraud and account takeover.

New account fraud Identity theft can occur when someone opens a new credit card in your name, maxes it out, and doesn’t pay the bill.

Account takeover Identity theft can also occur when a bad guy gets your information, uses it to take over your existing credit or bank accounts, and drains your funds.

But then there is “ghosting”. ID fraud happens when new accounts are opened under names and identities that have been entirely fabricated when thieves easily create fake Social Security numbers.

Here’s how it works. Our system of credit requires a Social Security number as the first and foremost identifier. Lenders issue credit based entirely or almost entirely on the history associated with an applicant’s Social Security number.

When a creditor issues credit based on these invented numbers and reports that information to the credit bureaus, the Social Security numbers become active identifiers that other creditors will recognize in the future. The thieves, now equipped with functional Social Security numbers, can use them to open numerous new accounts.

That first creditor who issued credit to a ghost identity with a newly created Social Security number may have had someone on the inside of the credit issuing organization submitting fraudulent payment or loan information in order to legitimize the fake number.

Businesses who issue credit may unknowingly facilitate these scams if they have employees on the inside who manipulate the system. Never leave employees unsupervised without some form of redundant checks and balances system in place. At least run Social Security numbers through the Social Security Administrations Verification Service to prevent Identity theft. Business scams like these eat at the foundation of credit and cost companies and consumers billions a year.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Do You Have A False Sense of Cybersecurity for Mobile?

/in /by

Nearly three-quarters of Americans have never installed data protection applications or security software on their mobile devices to prevent data loss or defend against viruses and malware. 72% of us have unsecured smartphones, to be exact, even though we are using them more frequently in our digital lives.

A recent survey shows that 44% of Americans use smartphones to access the Internet, and 75% say they access the Internet more frequently on their device today than they did one year ago.

Digital research firm comScore found that close to 32.5 million Americans accessed banking information via mobile device at the end of the second quarter of 2011, a 21% increase from in the fourth quarter of 2010. Approximately 24% of consumers store computer or banking passwords on their mobile devices, according to Consumer Reports’ 2011 State of the Net Survey. More than half of smartphone users do not use any password protection to prevent unauthorized device access. And according to Gartner, 113 mobile phones are lost every minute in the U.S. alone.

With unit sales of smartphones and tablets eclipsing those of desktop and laptop PCs, cybercriminals will continue setting their sights on mobile, and increased mobile Internet use will continue exacerbating security and data breach issues.

Protect yourself:

Use mobile security software and keep it current. Having complete mobile security protection like that offered in McAfee Mobile Security is a primary safety and security measure.

Automate software updates. Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.

Protect all devices that connect to the Internet. Along with computers, smartphones, gaming systems, and other web-enabled devices also need protection from viruses and malware.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Data Privacy Day 2012

/in /by

Lately, it seems that barely a day goes by when we don’t learn about a major Internet presence taking steps to further erode users’ privacy. The companies with access to our data are tracking us in ways that make Big Brother look like a sweet little baby sister.

Typically when we hear an outcry about privacy violations, these perceived violations involve some apparently omnipotent corporation recording the websites we visit, the applications we download, the social networks we join, the mobile phones we carry, the text messages we send and receive, the places we go, the people we’re with, the things we like and dislike, and so on.

How do they do this? By offering us free stuff to consume online and infrastructure for the online communities that tie us together. We gobble up their technologies, download their programs, use their services, and mindlessly click “I Agree” to terms and conditions we haven’t bothered to read.

What’s the point of all this? Sales, marketers, advertisers, other businesses benefit from knowing every last detail about you—the “33 bits of information” necessary to pin down your identity—in order to deliver precisely targeted advertisements to your digital device of choice, whether that’s a computer, tablet, or smartphone.

Should we care? What is the potential danger? “Back in the day,” examples might include telemarketers abusing your phone number by calling incessantly, or direct marketers filling your mailbox with junk mail.

Today, it’s spammers sending unwanted emails, or the same advertisement from the same company popping up again and again on every single website you visit. The concern is that this could go from annoying to frightening.

Privacy advocates are working to prevent the worst and most extreme outcomes of personal data collection. They know that without checks and balances, without consumers knowing their rights and actively protecting their own privacy and personal data, that data could be used unethically.

Privacy is your right. But realize that in our wired, interconnected world, privacy only really consists of what you say and do within your own home, legally, with the shades pulled down, between you and your loved ones, that is not communicated, recorded, broadcast, or reproduced on the Internet or any public forum in any way. Beyond that, especially when taking advantage of various online resources, be sure that you know what it is you’re agreeing to and take precautions to protect yourself.

Saturday, January 28th is Data Privacy Day which promotes awareness about the many ways personal information is collected, stored, used, and shared, and education about privacy practices that will enable individuals to protect their personal information.  This is a good time to check your privacy settings on social networking and other sites you use, ensure you have a strong password and be aware of where and with whom you are sharing your personal data with.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

How To Steal A Car: Hack It!

/in /by

No more jimmying doors with a Slim Jim, bricks through windows, extracting lock cylinders with a dent puller, or hot-wiring ignitions. Automobiles today are being built to include wireless capabilities that allow for remote unlock, remote start, and of course, there’s global positioning systems (GPS) and services like OnStar and ATX, which offer “telematics,” or information and communications technology. While these services appear relatively secure, researchers in controlled environments are searching for vulnerabilities.

OnStar offers “RemoteLink,” an application for the iPhone or Android, which allows Cadillac, Chevrolet, Buick, or GMC owners to view real-time data including fuel range, gallons of gas remaining, lifetime miles per gallon (MPG), lifetime mileage, remaining oil life, tire pressure, and account information. Chevrolet Volt owners can view their car’s electric range, electric miles, MPG, and the battery’s state of charge. Users can also use the application to remotely perform certain commands, such as unlocking doors.

While all this new technology provides us with convenience and useful information, it may also leave use open to risk. Researchers in San Francisco have been able to access a car’s central computer processor through an Internet-connected car alarm, and in Seattle, researchers “blacked out the make and model of a car that offered multiple pathways for hackers a thousand miles away to send out GPS coordinates, open the doors, and have a colleague drive away without a key in the ignition.” And a New Jersey man has developed an iPhone app that lets him unlock cars and start engines by voice.

As with most technological advances, functionality and form come well before security. But now that researchers have demonstrated the frightening vulnerabilities inherent in cars’ computers, automobile manufacturers are working with companies like McAfee to develop firewalls that will protect the latest high-tech vehicles from hackers and thieves.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Phishing Scammers Target Macs

/in /by

On Christmas Day, 2011, Apple product users were targeted by a major phishing attack. The Mac Security Blog reported, “A vast phishing attack has broken out, beginning on or around Christmas day, with emails being sent with the subject ‘Apple update your Billing Information.’ These well-crafted emails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time. The messages claim to come from appleidATidDOTappleDOTcom.”

As in most phishing emails, the template and body of the message mimicked Apple’s logo, design, colors, and font. When users clicked links within the email, they were directed to a spoofed website that also had the same Apple feel. Once users entered their personal information, they might be thanked for “updating” their account, or simply wind up in the Internet abyss.

One way to determine whether an email is legitimate is to hover your curser over any links and look at the text displayed. If a link isn’t something like http://store.apple.com or https://appleid.apple.com, it’s a fake.  To learn more about how to recognize a phishing attempt, watch this video from McAfee.

While I’m on the subject, however, I may as well mention that I don’t recommend clicking any links within emails, regardless of what the domain says. The safest way to determine whether your account needs updating is to log into your Apple account directly, at https://appleid.apple.com. If there is a problem, you will be notified via internal messages within your account. If not, assume the email is a phish and delete!

And remember, just because you are using a Mac, it does not mean that you are safe from web threats, so make sure you stay educated on the latest threats, use comprehensive security software and be wary of things that sound too good to be true.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

5 Digital New Year’s Resolutions For Parents

/in /by

McAfee recently distributed a press release and the line that caught my eye was, “Now is the time for parents to model good behavior and etiquette.”  it This wasn’t something you’d normally expect to see from a major security company, so intrigued, I read on.

Instruction in etiquette and good behavior is something we could all probably use a little more of. And when I read McAfee’s “5 New Year’s Resolutions,” I realized that even though I have young children, I ought to brush up on some digital etiquette myself. It’s not too late to do your resolutions or start news ones or just brush up on your online safety.

McAfee suggests that parents begin the New Year with resolutions that address their own behavior, so they can model best practices for kids and teens:

When I’m with my children, I pledge not to spend more than 10% of the time on my phone or computer.
Adults spend about 3.5 hours day perusing the Internet or staring at their cell phone each day, according to estimates from eMarketer. This year, make a promise to give your full attention to your children, and develop a plan to limit your use of electronic devices.

I will not communicate with my children via text when they are in the house.
One downside of technology is that fewer people actually speak to one another. A Kaiser study found that children in grades 7-12 spend an average of 1.5 hours a day sending or receiving texts.

I will not give my child access to an Internet browser on a smartphone or tablet that is not safe for them to use.
It’s important for parents to shield children from cyber-danger by filtering explicit content on smartphones and tablets via applications such as McAfee Family Protection or McAfee Safe Eyessoftware. This software can prevent children from establishing or accessing social networking accounts, limit Internet use, and block inappropriate websites or messenger chats.

I will be prepared to have a “texting intervention” if my teen’s thumbs begin to look like tiny body-builders.
Texting may be a quick and easy way to interact with others, but the impersonal nature of the communication and frequency of use can cause problems.

I will have “the talk” with my kids, to discuss what they are doing and with whom they are connecting online.
Children often lack an understanding of online dangers, or they may lack the maturity to make appropriate decisions.

By modeling good behavior and ensuring that children’s experiences on Internet-connected devices is a safe and healthy one, parents can ensure a 2012 that is free of digital drama.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Cross-Device Security Means “All Access”

/in /by

You may have a laptop, desktop, netbook, notebook, Ultrabook, tablet, Mac, or mobile phone. You might be single, married, or have ten kids. Either way, you probably have at least one, if not six or more, devices requiring comprehensive security. My family of four has 12 devices, all of which I do my best to lock down like the digital equivalent of Fort Knox.

In order to manage multiple devices “cross-platform,” wherein one device may run Mac OS X while another runs Windows, while your phone is completely different, you need a security solution that is comprehensive, affordable, and straightforward.

PC Magazine selected McAfee All Access for its Editors’ Choice Award, scoring the product with 4.5 stars out of 5 and praising the thoroughness of the protection offered, for any and all devices an individual or a household might own.

McAfee All Access Wins Editors’ Choice Award

In contrast to traditional consumer security products that only offer per-device subscriptions, McAfee All Access is the first solution that uniquely protects all of the PCs, Macs, smartphones, and tablets owned by an individual or household. By providing consumers with a simple, cost-effective means to holistically safeguard all of their devices, McAfee All Access also represents a fundamental shift in the way consumers think about security.

McAfee All Access users can download, activate and manage essential protections from a central console, enabling them to safeguard personal data, defend against malware, and protect kids as they browse online by allowing parents to filter inappropriate content, including YouTube videos and explicit music lyrics, and monitor the use of social media.

Learn more about McAfee All Access.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

 

Safe Banking On Your Mobile Device

/in /by

Mobile banking has experienced rapid growth over the last three years, in the U.S., more than doubling from 5% of online adults in 2007 to 12% by June 2010. Furthermore, Forrester predicts that one in five–or 50 million–U.S. adults will be using mobile banking by 2015.

However, identity theft is a major concern and studies show that many Americans are still uncomfortable with mobile banking, citing security as a top concern. In fact, 35% of US online adults said that they do not use their device to do banking for this reason.

Responding to these concerns, banks have been working to improve mobile security by offering a consistent sign-on experience for both their online and mobile channels, including multi-factor authentication programs for mobile.

While banks are trying to do their part, users have to take additional steps to make sure that their mobile data is protected. Consumer Reports estimates that almost 30% of Americans that use their phones for banking, accessing medical records, and storing other sensitive data, do not take precautions to secure their phones.

So, here are some tips for mobile bankers of all ages to keep you safe while banking on the go:

Connect to your bank’s mobile site or app securely by making sure that your wireless network is secure. Never send sensitive information over an unsecured wireless network, such as in a hotel or café.

Download your bank’s mobile application, so you can be sure you are visiting the real bank every time, not a copycat site.

Configure your device to auto-lock after a period of time.

Don’t store data you can’t afford to lose on an insecure device.

Use mobile security protection like McAfee Mobile Security™ that offers layers of protection including: antitheft, antivirus, antispyware, antiphishing and app protection.

Robert Siciliano is an Online Security Evangelist to  McAfee. See him discuss mobile phone spyware on Good Morning America(Disclosures)

Security Beyond the Desktop

/in /by

A defensive posture no longer suffices for the protection of the devices and data that have become ubiquitous in today’s digital world. Rather than simply rushing to install defenses on computers, in networks, and in the cloud, we urgently need to step back and take a broader view of the security landscape, in order to take more calculated preemptive measures.

McAfee Security Journal is a publication intended to keep security executives and technical personnel informed about various cutting edge topics in order to help them make better-informed security decisions. Regular, everyday computer users can increase their security intelligence by having a read. The report details the following highlights on the evolution of cyber threats and the necessity of a more inclusive security strategy:

The human link: There is an ever-widening disparity between the sophistication of networks and the people who use them. When direct attacks on an organization’s defenses fail, cybercriminals often use social engineering toolkits to exploit unsuspecting employees. Educating employees on secure practices is not enough—organizations need to install a proper framework to empower and encourage employees to make a habit of using these practices.

Mobile is everywhere: Mobile attacks are becoming more sophisticated every year. Instead of rendering a device unusable, hackers are now finding ways to steal sensitive personal data that can be lucratively exploited. Hackers are also broadening their target range to include less common mobile systems, such as the GPS system in your car, for example.

Cloud-based apps on the rise: The popularity of cloud-based applications has made them an attractive target for hackers and other cybercriminals. However, the cloud is also a highly efficient way to scale security and protection for a business. Leveraged correctly, the cloud both helps reduce your security costs and can actually increase your overall security posture.

Data is king: Whether it’s stored on a smartphone, in the cloud, or on a network, cybercriminals are after your data. It is crucial that organizations take proper precautions to secure this data.

Learn from mistakes: For those who take the time to study it, history is a great teacher. Analytics help identify patterns, vulnerabilities, and even motives.

Understanding these concepts can help prevent attacks in the future. For a full copy of the McAfee Security Journal: Security Beyond the Desktop, visit McAfee.com.

 

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)