Products to keep Kids safe online

/in /by

Some people believe that monitoring your kids’ online activities crosses the line of privacy or trust. But monitoring and controlling online activities is, essentially, no different than controlling access to the cookie jar or TV or even locking a liquor cabinet.

Which brings me to a way that parents can always know exactly what their kids are doing in cyberspace. And control when, too. This is possible due to a type of software known as “parental control” that monitors the goings-on of any connected device in the home network, in concert with a mobile app.

Parental control software is very important to most parents, and they’re always looking for the latest technology. The Pew Research Center’s recent report says that 95% and 93% of U.S. parents have spoken to their teenager about sharing-safety and appropriate online behavior, respectively.

Gadgets like this include Circle and KoalaSafe (easy setup, $99 each). With these, you can even set certain activities to be off limits when you apply filters. When you see your teen daughter’s activity going to a “pro-ana” site, you can bar her from getting on.

Circle

  • Scans all traffic on your home’s network.
  • Traffic data is not stored on Circle’s servers.

KoalaSafe

  • Provides a Wi-Fi just for kids and tracks only that.
  • Uses cloud servers for monitoring.

From your mobile you can watch what your kids are up to in cyberspace, but these gadgets can’t monitor or control 100% their activities (such as Snapchat)—but will do enough for you to know that the cookie jar, figuratively speaking, is bolted shut with a good lock.

Even if your child is a goody two shoes, they may still accidentally get on a site you’d never want to show your grandmother. Circle and KoalaSafe will help control this scenario. This software can also track how much time kids spend with certain activities such as being on Facebook, and you can set time limits.

But remember, parental control software, no matter how good it is, should be seen as an adjunct to one-on-one communication with your kids, not the replacement of it. Parental software isn’t just for “bad” kids, but serves as an extra tool for parents that keeps up with today’s technology.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Can the cloud be trusted?

/in , , /by

Most people have heard of storing information in “the cloud,” but do you know what this means, and if it is even safe?

4HA cloud is basically a network of servers that offer different functions. Some of these servers allow you to store data while others provide various services. The cloud is made of millions of servers across the globe and most are owned by private or public corporations. Many of those corporations are diligent about security, and you are likely using the cloud whether you know it or not.

Most customers using cloud services have faith that their information will remain safe. But there are some precautions you need to take. Here are some questions to ask any cloud service provider before relying on them to store your business data:

  • How often do you clean out dormant accounts?
  • What type of authentication is used?
  • Who can access and see my data?
  • Where is the data physically kept?
  • What level of encryption is in place?
  • How is the data backed up?
  • What’s in place for physical security?
  • Are private keys shared between others if data encryption is being used?

Keeping your company data safe

Over time, a company surely will accumulate data that seems irrelevant, but you shouldn’t be so quick to dispose of this data, especially if it is sensitive. This might include data such as customer or client information, employee information, product information or even old employee records.

The truth is, you just never know when you may or may not need this information, so it is best that you keep it. Digital data should be backed up in the cloud. If it’s paper, convert it to digital and store it offsite. Here are some things to remember when doing this:

  • All data, even if old or irrelevant, should be backed up.
  • Data retention policies should always include an “expiration date” for when this data is no longer useful to you.
  • Companies that want to delete old data should understand that deleting files and emptying the recycle bin, or reformatting a drive may not enough to get files off of your computer. Hackers may still be able to access this data.

If you actually want to remove all of the data on a disk, literally break or smash it. To truly delete a file, you must physically destroy the hard drive.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

11 Ways to Mitigate Insider Security Threats

/in , , , /by

Companies are constantly attacked by hackers, but what if those attacks come from the inside? More companies than ever before are dealing with insider security threats.Here are 11 steps that all organizations should take to mitigate these threats and protect important company data:11D

  1. Always encrypt your data If you want to minimize the impact of an insider threat, always encrypt data. Not all employees need access to all data and encryption adds another layer of protection.
  2. Know the different types of insider threatsThere are different types of insider threats. Some are malicious, and some are simply due to negligence. Malicious threats may be identified by employee behavior, such as attempting to hoard data. In this case, additional security controls can be an effective solution.
  3. Do background checks before hiringBefore you hire a new employee, make sure you are doing background checks. Not only will this show any suspicious history, it can stop you from hiring any criminals or those associated with your competitors. Personality tests can also red flag the propensity for malicious behavior.
  4. Educate your staffEducating your staff on best practices for network security is imperative. It is much easier for employees to use this information if they are aware of the consequences of negligent behavior.
  5. Use monitoring solutionsThere are monitoring solutions that you can use, such as application, identity and device data, which can be an invaluable resource for tracking down the source of any insider attack.
  6. Use proper termination practicesJust as you want to be careful when hiring new employees, when terminating employees, you also must use proper practices. This includes revoking access to networks and paying attention to employee actions on the network in the days before they leave.
  7. Go beyond the IT departmentThough your IT department is a valuable resource, it cannot be your only defense against insider threats. Make sure you are using a number of programs and several departments to form a team against the possibility of threats.
  8. Consider access controlsAccess controls may help to deter both malicious and negligent threats. This also makes it more difficult to access data.
  9. Have checks and balances for all staff and systemsIt is also important to ensure there are checks and balances in place, i.e. having more than one person with access to a system, tracking that usage and banning shared usernames and passwords.
  10. Analyze network logsYou should collect, store and regularly analyze all of your network logs, and make sure it’s known that you do this. This will show the staff that you are watching what they are doing, making them less likely to attempt an insider attack.
  11. Back up your data Employees may be malicious or more likely they make big mistakes. And when they do, you’d sleep better at night knowing you have redundant, secure cloud based backup to keep your business up and running.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. See him discussing identity theft prevention.Disclosures.

How to recycle Old Devices

/in , , , , , , , /by

When it comes to tossing into the rubbish your old computer device, out of sight means out of mind, right? Well yeah, maybe to the user. But let’s tack something onto that well-known mantra: Out of site, out of mind, into criminal’s hands.

7WYour discarded smartphone, laptop or what-have-you contains a goldmine for thieves—because the device’s memory card and hard drive contain valuable information about you.

Maybe your Social Security number is in there somewhere, along with credit card information, checking account numbers, passwords…the whole kit and caboodle. And thieves know how to extract this sensitive data.

Even if you sell your device, don’t assume that the information stored on it will get wiped. The buyer may use it for fraudulent purposes, or, he may resell to a fraudster.

Only 25 states have e-waste recycling laws. And only some e-waste recyclers protect customer data. And this gets cut down further when you consider that the device goes to a recycling plant at all vs. a trash can. Thieves pan for gold in dumpsters, seeking out that discarded device.

Few people, including those who are very aware of phishing scams and other online tricks by hackers, actually realize the gravity of discarding or reselling devices without wiping them of their data. The delete key and in some cases the “factory reset” setting is worthless.

To verify this widespread lack of insight, I collected 30 used devices like smartphones, laptops and desktops, getting them off of Craigslist and eBay. They came with assurance they were cleared of the previous user’s data.

I then gave them to a friend who’s skilled in data forensics, and he uncovered a boatload of personal data from the previous users of 17 of these devices. It was enough data to create identity theft. I’m talking Social Security numbers, passwords, usernames, home addresses, the works. People don’t know what “clear data” really means.

The delete button makes a file disappear and go into the recycle bin, where you can delete it again. Out of sight, out of mind…but not out of existence.

What to Do

  • If you want to resell, then wipe the data off the hard drive—and make sure you know how to do this right. There are a few ways of accomplishing this:

Search the name of your device and terms such as “factory reset”, “completely wipe data”, reinstall operating system” etc and look for various device specific tutorials and in some cases 3rd party software to accomplish this.

  • If you want to junk it, then you must physically destroy it. Remove the drive, thate are numerous online tutorials here too. Get some safety glasses, put a hammer to it or find an industrial shredder.
  • Or send it to a reputable recycling service for purging.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Protect Your Family Online With WOT

/in , , /by

The web is a dangerous place. Malware, scams and privacy dangers are around every corner, and children can easily find themselves face to face with sites that are not suitable. What can a parent do? One option is to try WOT, Web of Trust, a free browser add-on.

WOT rates each site on the Internet for reliability, privacy, trustworthiness and child safety. When searching a website with WOT, you will see a colored icon, red for bad and green for good, which indicates if a user should proceed. You can also use the WOT rating for every site and read reviews from those who have been on the site.

wot1

WOT offers other features, too. For instance, when visiting a “red site” a large warning appears on the screen. This allows people to choose if they go through or surf away. Additionally, you can also click the WOT button in the browser, and you can see information about the rating of the site, too.

When performing an Internet search and you come across a link that looks fishy, WOT places a red icon next to it. You may also see a yellow icon, which indicates the site may or may not be safe, and gray icons indicate the site is unrated. Hovering over each icon will give you more details about the website, as well as ratings and reviews from users.

WOT2

The latest version of WOT has four levels of safety included. Lite, the lowest level, only shows icons for dangerous websites. The highest level, Parental Control, not only blocks dangerous websites, it also blocks any sites that are not suitable for kids.

Web of Trust is available as a browser add-in for Firefox, Google Chrome, Opera, Internet Explorer and Safari.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. This is a review opportunity via BlogsRelease. Disclosures.

How to unsend or cancel an E-mail

/in , /by

If the person you are sending an e-mail to pretty much instantaneously receives it, how on earth can you unsend or cancel it? Well, you have several options.

emailCriptext

  • This is a browser plug-in that works for Chrome and Safari.
  • Your message including attachments will be encrypted.
  • You will know when it’s been opened.
  • You can recall messages and assign them expiration times. The recall, of course, comes after the recipient has possibly opened the message, but if they’re, for instance, away from their computer when it comes in, and you recall the e-mail, they will never know it was there. Or maybe they will have seen it and decided to open it later, and when that time comes, they see that it has vanished and think they’re going crazy.

UnSend.it

  • Like Criptext, this plug-in will let you know when messages have been opened. In addition, it allows you to recall them and also set expiration times.
  • Missing, however, is the encryption feature.
  • It’s compatible with more browsers than is Criptext.

What about Gmail users?

  • Enable the “Undo Send” feature as follows.
  • In the upper right is a gear icon; click on it.
  • Select Settings to bring up the “General” tab.
  • Scroll to Undo Send.
  • Click checkbox for Enable Undo Send.
  • You can choose a cancellation time of five, 10, 20 or 30 seconds. A grace period of only five or 10 seconds doesn’t make much sense, so you may as well choose 30 seconds unless you routinely need recipients to receive your messages less than 30 seconds after you send them.
  • Hit Save Changes.

Virtru

  • This plug-in is compatible with Chrome and Firefox.
  • Those with Yahoo, Gmail or Outlook accounts can use it.
  • For $2/month, you can have message recall and self-destruction, along with message forwarding.
  • The free version does not offer any kind of recall or cancellation features, only secure messaging.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Keep Accountant happy and Thieves out

/in , , /by

Are you a shredder? I hope so. No identity thief on this planet is going to want to attempt to reconstruct cross-shredded documents.

Computer crime conceptSo what, then, should you make a habit of shredding?

  • All financial documents and information, including financial information you’ve jotted on a Post-it note.
  • Credit card receipts unless you want to file these away for end-of-month calculations, but ultimately, you have your monthly statements so you will not have use for them anyways.
  • Old property tax statements (keep the most current one). But any other tax documents you should retain.
  • Voided checks.
  • Most things with your Social Security number on it that aren’t tax related.
  • Any other piece of paper that has your or a family member’s personal information on it, including envelopes with your address. Never assume “that’s not enough” for a skilled identity thief to use.
  • Ask your accountant what they think.

Now, what kind of shredder should you get for your home or office? There are all kinds of makes and models out there.

  • Do not buy a “strip” shredder that simply slices thin strips in one direction. Identity thieves will actually take the time to reconstruct these.
  • Buy a “cross-cut” shredder. The pieces are sliced and diced too small for an identity thief to want to struggle to tape back together.
  • We can go one step further, in case you are wondering if anyone would actually take the time to lay out all those cross-cut fragments and reassemble them: Buy a micro-cut device. The pieces, as the name suggests, are tiny.
  • Read the features for that micro-shredder, as some models are more heavy-duty than others.
  • You may not want to purchase a machine online; at least you will want to see the various makes and models in person first.
  • But if you can’t locate the type of shredder that you’d like from a brick-and-mortar retailer, then of course, there are plenty online to choose from.

So get yourself a shredder on your next shopping trip; you will be so glad you did.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Career Criminal goes down

/in , , /by

A sharp nine-year-old girl has a biting message to a 51-year-old man, according to an article on myfoxboston.com:

1G“You deserve to stay in jail because you break into peoples houses. Stop breaking into peoples houses and do something with your life.”

This advice was directed to Pedro Gomez, whom police are labeling a career criminal. According to investigators, he attempted to break into over a dozen houses—all within the span of hours.

One of the failed attempts occurred to a house where the nine-year-old was at at the time. Gomez’s floundering break-in attempts occurred in Shrewsbury, Mass. I’m not so sure he’s a true “career criminal,” because he certainly didn’t do things like a prolific burglar would. This sounds more like random, haphazard, desperate, non-calculated attempts to bust into the nearest homes.

Pedro even apparently stacked patio furniture up against windows in one of his break-in attempts.

There are different kinds of robbers, and one of them is that of the unskilled kind who breaks into homes to get whatever cash or small sellable items he could get his hands on to support his next drug fix. This could very well be the type of criminal that Gomez is.

Gomez tripped an alarm when he tried to get in through a slider type of door, continues the myfoxboston.com article. It was there that the police caught up with him. The report says that he had already broken into houses in three other towns.

Though he didn’t exactly hang his head upon being arrested, he will have plenty of time in prison to reflect upon the advice of the nine-year-old girl.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to pwn Anyone

/in , /by

Define Pwn: Pwn is a slang term derived from the verb own, as meaning to appropriate or to conquer to gain ownership. The term implies domination or humiliation of a rival. And when it’s done by hacking email, the person is effectively pwned. No matter how “private” you are on the Internet, no matter how infrequently you post on your Facebook page—even if you don’t have a Facebook account—your life can be hacked into as long as you own just one password—and the ability to be tricked.

11DSuch was the case of Patsy Walsh, reports an article at bits.blogs.nytimes.com. She gave a few white hat hackers permission to try to hack into her life, and they accomplished this in under two hours, without even entering her house. She figured it would be next to impossible because she had no smart gadgets in the home and rarely posted on her Facebook page.

The “ethical” hackers, part of a security start-up, quickly found Walsh’s Facebook page (which presumably contained personal information such as her town, since there’s many “Patsy Walsh” accounts).

The scarcely posted-to account, however, revealed that she had liked a particular webpage. Based on that information, the hackers phished her and she took the bait, giving up a password, which happened to be for many of her accounts.

The good guy hackers were then invited into her home where they easily obtained her garage door opener code with the brute force attack, but even scarier, cracked into her DirecTV service because it didn’t have a password. Such a breach means that the hacker could control the TV remotely: Running a porn movie while the homeowner’s grandmother is visiting.

They also found Walsh’s passwords tacked onto her computer’s router. The exposed passwords allowed them to get into Walsh’s and her daughter’s e-mail accounts. From that point they got ahold of Walsh’s Social Security number, PayPal account, insurance information and power of attorney form.

She was probably thinking, “Well of course! They’re professional hackers and I let them inside!” But the hackers also discovered that there were about 20 malicious programs running on her computer. Their recommendations to Walsh:

  • New garage door opener
  • Password for DirecTV
  • Password manager to create unique passwords for all of her accounts
  • Security software always kept updated
  • Two-step authentication when offered
  • A nice lecture on phishing attacks

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Is that Viral Story real?

/in , /by

The Internet has almost as many videos as there are stars in the heavens. And you know that some have to be hoaxes. Sometimes it’s obvious, while other times it’s easy to be fooled. For example, the hoax of the “angel” intercepting a truck just about to run over a bicyclist is obviously fake. Isn’t it?

1DBut what about the video of the man cut in half by a bus while riding a bicycle, lying on the ground, staring at his intestines, talking for a full five minutes, while his pelvis and legs lie catty-corner to him? That video looks eerily real.

And so did the enormously viral one of the Syrian refugees holding the ISIS flags and assaulting German police officers.

There are free, non-techy ways to check if a video or image is a fake, from an article at gizmodo.com:

“Reverse Image”

Simply right-click an image, and a selection box will appear. Click “Search Google for this image.” Different sources for the same image will appear, but this won’t necessarily rule out a hoax.

For example, multiple links to the man cut in half appear, and the dates of postings differ, but there’s no way to rule out a hoax based on just this information.

However, suppose there’s a photo of a female ghost crashing a funeral photo. A reverse image search shows that ghost’s face as identical to the image of a mommy blogger on her blog; it’s safe to assume the ghost image is a hoax (aren’t they all?).

YouTube DataViewer

Go to YouTube DataViewer. Plug in the suspect video’s URL. Any associated thumbnail image plus upload time will be extracted. You now can find the earliest upload and see if anything is suspicious. Alongside that you can do a reverse image on the thumbnails and see what you get.

FotoForensics

FotoForensics can detect photoshopping or digital manipulation. If you want to pursue a video, you’ll need to plug in the URL of a still shot, like the ones you see after a video has ended that clutter up the video space. FotoForensics uses a tool called ELA, and you’ll have to do some reading on it before understanding how it works.

WolframAlpha

WolframAlpha can look at weather conditions at a certain time and location, such as “weather in Davie, Florida at (time) and (date). So if the weather in a suspect image with a date and location doesn’t match what Wolfram turns up, consider it a fake.

Jeffrey’s Exif Viewer

Images taken with smartphones and digital cameras contain tons of data called EXIF, including date, time and location of image shoot. See if the date, time and location don’t jive with what the suspect image conveys. Jeffrey’s Exif Viewer is one such EXIF reader.

Google Street ViewGoogle Earth and Wikimapia are tools for mapping out the truth, such as matching up landmarks and landscapes.

So, did your ex really take a trip to Paris, as she stands there with the Eiffel Tower behind her? And is her new beau for real, or was he “shopped” in off of a male fitness model site?

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.