Steps to Manage a secure online backup

Cyber storage does not always = secure backup. Users of cloud storage have many potential tools at hand to beef up security. And just because cloud services have some loopholes doesn’t mean you should just throw in the towel, as the saying goes, and figure “What’s the point?”. Here are some ways to beef up cloud storage security and manage your online backup.1D

  • Take inventory of what’s stored in your cloud account. Evaluate how important each data item is. If the cloud service can access your data, you may want to make some adjustments, since some of your data might not be compatible with the service’s terms.
  • Consider encrypting your most sensitive data if you don’t want to remove it from the cloud and then back it up locally.
  • Don’t put all your data in one basket, either. Suppose all your data is stored in one cloud service, and that service gets hacked or something else happens and you lose your data—or it’s in the hands of thieves. If you use more than one cloud service, then at least if one gets hacked, you’re not totally screwed. Think of this as being like having your precious jewels locked in several small safes throughout your house, rather than in one giant safe. What are the odds that an intruder will find all the safes and get into all of them?
  • If your cloud account has any devices, services or applications linked, very carefully inspect and modify their settings to optimize security. Discard useless, old, unused connections so they don’t become portals to your data.
  • Use two-factor authentication on every cloud password when available. If the service doesn’t offer two-factor, consider dumping it.
  • Make your answers to security questions crazy-nutty, but also memorable.
  • Assess your cloud passwords. They should be very different from each other. If you can’t handle memorizing a bunch of long, convoluted passwords (which are the best kind), use a password manager.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Is private NSA proof E-mail possible?

You can buy encryption tools to prevent people from reading the contents of your e-mails should they intercept them. But what about those who have NSA-caliber resources and skills?

7WThe problem is that encryption services usually leave wide open the e-mail’s metadata: e.g., sender, recipient, subject line and timestamp.

But a new service, ShazzleMail, delivers e-mail straight from sender to recipient without any metadata.

ShazzleMail software is downloaded, then encrypts e-mails, but your device must be switched on so that the recipient could download the e-mail.

If the recipient doesn’t have ShazzleMail, they’ll get a message headline, “Secure Message from Jack Jones,” plus a message text: “Jack Jones has sent you a secure, encrypted e-mail via ShazzleMail. Click to View.” ShazzleMail is free, though there’s an enterprise version for a monthly fee of $5.

Can a hacker defeat ShazzleMail? Well, without any metadata, how can a hacker track the message’s path? There’s no middleman; the messages go straight from sender to recipient. ShazzleMail says, however, that it’s not fool-proof against the NSA if the NSA wants to really go at it. Nevertheless, ShazzleMail puts a lot more barbed wire on that fence.

And then there’s Enlocked, which offers “military-grade e-mail security” for professionals by encrypting e-mails before they’re sent. However, the metadata is visible. This is a big problem if the mere communication between two parties is significant, or the timeline or whom the parties are is very telling.

Another option is Raellic Systems, which has software that lets users select from three levels of privacy.

Hushmail is another contender. They state: Hushmail can protect you against eavesdropping, government surveillance, unauthorized content analysis, identity theft and email forgery. When you are using Hushmail, the connection between your computer and the Hushmail server is protected by encryption. That means that if someone is eavesdropping on your Internet connection, they will not be able to read the traffic that you send to the Hushmail website. This is especially important if you are using your computer on a public or office network, or if you are using a wireless connection that is not encrypted.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What is an Advanced Persistent Threat?

If you’ve ever seen a movie where the bad guys are using ongoing, invasive hacking to spy on their “enemy,” you have some familiarity with an advanced persistent threat (APT).

11DThis term usually refers to an attack carried out by a group that targets a specific entity using malware and other sophisticated techniques to exploit vulnerabilities in the target’s systems. It is often done for intelligence gathering with political, financial or business motives.

For example, an APT aimed at a corporation could take the form of Internet-based malware that is used to access company systems, or a physical infection, such as malicious code uploaded to the system via a USB drive. These kinds of attacks often leverage trusted connections, such as employee or business partners to gain access and can happen when hackers use spear phishing techniques to target specific users at a company.

Remaining undetected for as long as possible is a main objective with these attacks. It is their goal to surreptitiously collect as much sensitive data as they can. The “persistent” element implies that there is a central command monitoring the information coming in and the scope of the cyberattack.

Even though APTs are not usually aimed at individuals, you could be affected if your bank or another provider you use is the target of an attack. For example, if attackers secretly gather intelligence from your bank, they could get access to your personal and financial information.

Since you could potentially be affected by an APT attack on an entity or company that you do business with, it’s important that you employ strong security measures.

  • Use a firewall to limit access to your network.
  • Install comprehensive security on all your devices, like McAfee LiveSafe™ service, since malware is a key component in successful APT attacks.
  • Don’t click on attachments or links you receive from people you don’t know.
  • Keep your personal information private. Be suspicious of anyone who asks for your home address, phone number, Social Security number, or other personal identifying information. And, remember that once you share personal information online it’s out of your control.
  • Check to see if the websites you share sensitive information with use two-factor authentication. This is a security technique that uses something that you know, such as your password, and something you possess, such as your phone, to verify your identity. For example, your bank may ask for your password online, as well as a code that it has sent via text message to your phone. This is a 2nd layer of protection and should be enabled for sensitive information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Don’t Get Kicked By Football Players Online

The biggest sporting event of the year just kicked off. If you’re not a football fan (that’s soccer for us Yanks), this is the ultimate goal and it’s just getting started. Many fans will head to Brazil to watch these games and their favorite players, but many more fans will flock online to find out information about the players and teams.

Cybercriminals once again are taking advantage of these large numbers and have pounced on the eagerness of fans of the world’s most popular sport. Portugal’s Cristiano Ronaldo dos Santos Aveiro just barely edges other football stars as the world’s riskiest football player to search for online and tops the McAfee “Red Card Club.”

The McAfee “Red Card Club” is a list of eleven Brazil bound players whose web pages are considered to be risky for fans to search for online. Following Ronaldo are Argentina’s Lionel Messi, Spain’s Iker Cassillas, Brazil’s Neymar and Algeria’s Karim Ziani.

The sites most likely to be risky are those offering videos showing the athlete’s skills, and screensaver downloads. These rigged sites are just waiting to trick you into giving up personal information so that the thieves can steal your identity or get ahold of credit card information and max out your cards.

The study uses McAfee® SiteAdvisor® site ratings, which indicate which sites are risky when attached to football players’ names on the Web and calculates an overall risk percentage.

So what’s an excited football fan to do? While it’s probably not feasible for us to stop searching for information about these stars, we can make sure we are safe while doing so. Here are some tips for you to stay safe online:

  • Be suspicious — If a search turns up a link to free content or too-good-to-be-true offers, it usually is.
  • Be extra cautious when searching on hot topics—Cybercriminals set up fake and malicious sites that dominate these time-sensitive search results.
  • Use web protection— Make sure to use a safe search tool that will notify you of risky sites or links before you visit them. McAfee SiteAdvisor software can be downloaded for free here.
  • Check the Web address—Look for misspellings or other clues that the link might be directed to a phony website.
  • Protect yourself—Use comprehensive security on all your PCs, Macs, smartphone and tablets, like McAfee Live Safe™ service, that comes with McAfee SiteAdvisor, a complimentary tool that protects your from going to risky websites and prevents malicious downloads.

Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Teens’ Online Behavior Can Get Them in Trouble

Do you really know what your kids are doing all the time? Probably not, unless you’re a stalker (just kidding). But really, there has to be some element of trust and you can’t physically be everywhere your kids are. And that also applies to the online world. As parents, we need to be aware of what our kids are doing, teach the “rules of the road,” and help them stay safe, but we can’t always be there with them every moment of every day.

But we do need to understand that our kids are doing things online that could expose them to risk. McAfee’s 2014 Teens and Screens study showed that tween and teens continue to interact with strangers online and overshare information, even though they realize that these activities can put them at risk.

So what else did the study unveil? About 75% of tweens and teens friend people whom they know in the real world, however, 59% engage with strangers online. And one out of 12 meet the online stranger in real life. This could be because 33% of them say they feel more accepted online than in real life.

Additional facts to understand:

  • Our tweens and teens overshare personal information – 50% posted their email address, 30% their phone number and 14% (which is 14% too many) posted their home address, even though 77% know that what is posted online can’t be deleted and 80% have had a conversation with their parents on how to stay safe online
  • Social media friends are not always friendly – 52% have gotten into a fight because of social media, 50% have gotten into trouble at home or at school and 49% have regretted posted something.
  • Our kids are still hiding things from us – Although 90% believe their parents trust them to do what is right online, 45% would change their online behavior if they knew their parents were watching, 53% close or minimize their web browsers when their parents walk into the room and 50% clear the history of their online activity

Alarmingly, 24% said that they would not know what to do in the event of cyberbullying (how about stay away from the bully’s page and block the bully from your page?). A whopping 87% have witnessed cyberbullying and 26% have been victims themselves.

So with all these, how do we ensure we help our kids stay can enjoy the benefits of being online, while staying safe online. Here’s my top tips:

  • Establish rules: Parents should establish pinpointed rules about computer activities including sites the kids can visit and what is and isn’t appropriate behavior online, including the fact that online is forever.
  • Check in: Kids should be told to immediately report cyberbullying. whether they are witnessing it or being a victim.
  • Meet their “friends”: If it’s not possible to meet that person in person, then your child shouldn’t be chatting with them online.
  • Learn their technology: You should know more about the various devices that your kids use than your kids do, not the other way around.
  • Get their passwords: Parents should have full access to their kids’ devices and social media accounts at all times; they need the passwords.
  • Have security software on all their devices: Make sure all your kids’ devices and yours have comprehensive security software, like McAfee LiveSafe™ service.

Or you can just relegate your kids to their rooms and never let them out—like I’ve told my girls. Just kidding. But on a serious note – parents, it’s time to make this a priority, for you and your kids.

To join the conversation online, use #TeensNScreens or follow @McAfeeConsumer or like McAfee on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

USB Drives – With Convenience Comes Risk

I’m sure most of us have used a USB drive (or thumb drive) at one point or another. They are super convenient to transfer files, especially when they are too large for email or you don’t have access to an Internet connection.

2DBut it’s this same convenience of being portable, readily available, and inexpensive that make them a prime target for cybercriminals. There’s a number of ways that these devices can fall victim to the underworld.

Because USB drives are primarily used to share and transfer files, it’s an easy target for hackers who are looking to distribute malware. And because most USB drives are set to auto-run (meaning that when you plug it into your computer, it will automatically open up the drive), the malicious software could be automatically transferred to your computer as soon as you plug this in. So once they get you to copy an infected file to the USB drive, it’s easily spread to other computers every time the USB drive is plugged in.

While their small size and portability make them easy to carry in your pocket or pretty much anywhere, it also makes them susceptible to loss or theft. Depending on what type of information is stored on here, losing this device could expose your personal information. A USB drive could easily be misplaced, dropped or taken from a table so it’s important to be careful when using these devices.

Another thing to keep in mind is that files aren’t really deleted, even if you hit the “delete” button to take something off your USB drive. In this case “delete” really means “hide” so unless you run a “wipe” program to really get rid of the files, someone could still retrieve your data, so you still need to make sure you are careful with these devices.

So here’s some tips how can you ensure that you stay safe and protect your information when using USB drives:

  • Watch your USB drive – don’t set it down and make sure you keep track of it so it’s not lost or stolen.
  • Disable auto-run – Turn off auto-run on your computer so that if a USB drive has malware, then it won’t automatically be transferred to your machine.
  • Be careful who you share your USB drives with – Be careful what computers you place your USB drive in and who you let borrow your USB drive.
  • Use comprehensive security software – make sure your security software not only scans your computer for threats, but also any drives that are attached.

Remember just as with being online, we need to make sure our conveniences don’t expose us to risk.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Spring Clean Your Online Reputation

Spring is fast approaching, which means that spring break and college graduation are not too far away. Things could get ugly if your friends take photos of you acting foolish and then post them online for everyone to see.

14DWhether you’re searching for your next career move or are on the verge of graduation and feverishly sending out your resume, like it or not, potential employers are going online and Googling you. (Yes, Googling is considered a verb now.) Every time they find something online that is appropriate, they print it out and attach it to your resume. While I can’t confirm whether or not people are pulling your past and laughing at your expense, let’s just say I’d put money on it.

When was the last time you cleaned up your online (especially on social media) profile so that prospective employers can’t discover “bad” things about you? McAfee conducted a study, and the results show that 13.7% of people ages 18-24 know someone who was given the pink slip, courtesy of online postings.

Job seekers and upcoming college graduates take note: Difficulty getting or keeping a job due to negative social media content is a reality. I assure you anything on your social media profile that makes you look less than desirable as an employee, even an innocuous comment such as, “I always have trouble being on time,” can kill your chances at getting that dream job.

Tips on how you (the job seeker) can make your online profile look good:

DON’T:

  • Don’t friend someone you don’t know, just so you can crank up that friend-total tally. (Wow, 8,000 friends! Really?)
  • Don’t let anyone photograph or video you holding alcohol, smoking, being promiscuous or aggressive, shirtless, using vulgar gestures, or even doing something perfectly legal but stupid looking like the seflie fishy face.
  • Don’t use offensive language online, even if your privacy settings are at the highest. If you really need to get your point across, use “fudge,” “freakin,” “effing,” etc.
  • Don’t log on when your judgment may be compromised by raging hormones or alcohol/drugs.
  • Don’t negatively comment online about any person in authority (your boss, former boss, parents, a political candidate). Exception: The object of your scathing remark is a puppy beater.

DO:

  • Make sure your social network privacy settings are on high, but remember that this doesn’t give you the green light to be inappropriate.
  • Look at the past year of what you’ve posted on social media profiles. Delete every photo, video and comment that is even remotely off color.
  • Google your name, address, phone number, email address and pseudonyms to see what’s out there about you. If it’s bad and it’s deleteable, then delete.
  • If it’s not deleteable, but under the control of someone else, see what your options are to have them remove it. Email, call, beg and plead if you must.
  • Once you’ve removed what you can then start the process of pushing out good stuff. This means propagating social and search with digital content that would make your mother actually proud she spawned you. The more good stuff that shows on the first few pages of search, the more the bad stuff will be pushed down into the abyss.

If you are saying “I’m not concerned, my life is an open book, if a potential employer doesn’t want to hire me because of who I am, then I don’t want that job anyway.” Fine. But when it comes time to pay the bills, you’ve been forewarned.

You may be a college grad with a 170 IQ or a businessman with 10 years of experience, but to a prospective employer, your fishy face selfie makes you look like a tool. Be careful what you do online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

6 Tools to protect your Privacy Online

The more advanced that communications become, the more likely your personal information is getting leaked out—every time you search the Web, send texts or e-mails, etc. Your private data is literally “out there.” However, there are six software programs to protect your privacy online.

1PExpiration date tag. Files, photos and messages are tagged with an extinguish date, then erased from your smartphone. The iOS and Android application for this is Wickr and it’s free. The only content that passes the wire is encrypted. The user’s device will encrypt and decrypt.

Block the intrusion. Where you go on the Web is tracked so that advertisers know what to market to you, but this technology is intrusive. How would you like to return the favor? You can with the free Ghostery service, an extension for the main Web browsers. It records who’s tracking your online activity, providing you information on these entities. You can instruct Ghostery to block such activity.

Multi-prong privacy features. This free program produces disposable e-mail addresses; e-mails are forwarded to the user’s main address, but a detection of spam will shut off e-mails; a login and password manager will keep track of multiple passwords and also help generate strong new passwords.

These features come with an extension for the Firefox and Chrome browser and is called MaskMe. Additional masking features come for $5/month, such as a one-time credit card number.

Easy encryption setup. If that can ever be easy, GPG Suite has made it so. With this Mac-only software, you can set up public and private encryption keys. The encrypted message, which works with Apple’s Mail, is sent by clicking a lock. The GPG Keychain Access component searches for and stores another user’s public key, plus import and export keys. The suite is supported by donations.

Stay anonymous. Today’s technology can identify you simply based on your online search history. Your search terms are retained by search engines, but if this data gets in the wrong hands, it could spell big trouble, or more likely, just be plain embarrassing.

DuckDuckGo is the alternative, as it does not record your search terms or leave them with the site you visit. It doesn’t record your computer’s IP address or the browser’s user agent string.

 VPN Use a VPN to be protected from cookies that track where you’ve visited. Knowledge of where you’ve visited can be used against you by insurance companies and lawyers, to say the least; you just never know what can happen when something out there knows your every online move.

A VPN will encrypt your online sessions with an HTTPS security feature, protecting you from non-secure Wi-Fi such as at airports and hotels. VPN will mask your IP address from tracking cookies. Hotspot Shield is a VPN provider that’s compatible with Android, iOS, Mac and PC, running in the background once installed.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to keep your Kids safe Online

Every parent should know all the ways they can keep their kids safe in the online world. In McAfee’s 2013 study, Digital Deception: Exploring the Online Disconnect between Parents and Kids it was found that:7W

  • 86% of kids think social sites are safe and post personal information such as their email addresses (50%) and phone numbers (32%)
  • 48% have looked at content their parents would disapprove of
  • 29% of teens access pirated illegal digital media
  • 12% of teens met a stranger online and then in the physical world
  • 54% of kids say their parents aren’t involved in their digital lives at all
  • 42% say their parents simply don’t care what they are doing online
  • 17% of parents believe the online world is as dangerous as the offline world
  • 74% of parents have thrown in the towel and are exhausted with their kids digital lives.

That last stat isn’t just scary, it’s sad. Because protecting your kids online isn’t an option, it’s a requirement. This isn’t a technology issue, it’s a parenting issue. And parent who say “I give up” are giving up on protecting their children from harm.

Here’s a basic road map of what to be aware of:

Dirty sites. This just doesn’t mean a porn site that a teen decides to check out after accidentally stumbling upon it. There are sites that promote weapons, drugs, school cheating, even how to starve down to dangerously low body weight.

Harmful contacts. Your child can be in contact with anybody in the world, without you even knowing it, and this contact may be a pedophile building up trust in your child—a trust that leads to an in-person meeting.

Information overload. Do your kids know what and what not to blab about in the cyber world? Going away on vacation soon? The whole world may find out (and the whole world includes burglars) after your chatty kid tells all on Facebook.

Sitting sickness. Sitting at the computer for hours on end not only can interfere with sleep and disrupt alertness the following school day, but excessive sitting can result in weight gain and bad posture, plus proneness to snacking on junk food.

Online bullying. Yes, words (even typed) really CAN hit harder than a fist. Cyberbullying leaves marks that are just as invasive as a swollen black eye.

Pirated content. If your kid has no money, but tons of digital files like movies and music, he may be a pirate. Law suits are being filed against parents who don’t take control of their kids online activities.

Hacking. Today kids are either hacking other or being hacked themselves. Knowing what your kids are doing and how to protect your devices is essential.

What can parents do?

Treat your kids as you’d want them to be treated. This includes online. Lay down specific rules regarding computer use and where they can visit online. Instruct your kids to promptly report any threatening or insulting online behavior.

Consider installing parental control software. A parental control program in its fundamental form will allow a parent to decide which category of sites are off-limits and how much time a child can spend online. The software is designed to prevent the child from disabling it. McAfee Family Protection allows parents access from any PC.

Parental controls also come in hardware form, but can’t provide more sophisticated control. Parental control apps exist for mobiles, yielding stronger control than software that’s filtered at the router level. Apps are available for Android, iOS or both.

What’s illegal for your boss at work to do to you is perfectly legal for you to do to your kids: use spyware to track their keystrokes, take screenshots, snag passwords, etc. Spector Pro and PC Pandora are examples. However, for most kids, this level of control isn’t necessary. But they’re invaluable if a troubled child may be interacting with a pedophile, or if your very curious child is just plain rebellious.

Install security software. It’s not enough to have antivirus, antispyware, antiphising and a firewall. You must also protect all wireless communications with Hotspot Shield VPN which locks down their devices Wifi preventing hacks.

Know who they are communicating with. At any given point and time it should be required that parent can check devices and openly discuss any conversations being had. If the parent can’t meet the person or the persons parents, then the child shouldn’t be talk talking to them.

Require device and account passwords. No matter where they go online or whatever devices they own, the parent should have full access at all times.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

6 ways College Grads can Protect Online Reputations

Here’s what you, the new college grad, can do to clean up and protect your reputation in the online world.

14DThese days, it’s crucial for college grads seeking jobs to have an online reputation that’s as clean as a whistle. I’m an online-security and ID theft expert, so trust me when I say that yes, employers DO take into account what you did at that party during your sophomore year.

How College Grads Can Clean up Their Online Reputation

A prospective employer will likely Google your name, then read the sites it’s on. And don’t assume that you’re protected by a “Joe Smith” kind of name. An astute employer will find the right Joe Smith.

One of the first things a new college grad should do, to prepare for a job interview, is to prepare for what the person hiring is likely to do (either before or after the interview): look you up online.

Find out what people are saying about you in cyberspace. Use a tool like Google Alerts, Tops, Social Mention and Sysmosys, among others. Monitor these on a daily basis.

If your own search turns up nothing bad about you on Facebook, Twitter, YouTube, LinkedIn and other biggies, this doesn’t mean nothing bad exists. Go deeper into the search results. Type in your middle name or just initial, or some associative fact like hometown name, to see if that alters results.

Cleaning up your online reputation, then, begins with seeing if it needs to be cleaned up in the first place. This is more important for a college grad than, say, getting that perfect manicure for job interviews or that perfect hair tinting job.

The prospective employer these days may be more interested in what your name pulls up in search engines than how perfectly coordinated your shoes are with your power suit.

Being digitally proactive keeps your online presence clean.

  1. Digital security is a must. We’ve all read about politicians, celebrities, news organizations and major corporations who’ve been hacked and negative stuff was posted from their accounts. Even when you regain control of your hacked account those unwanted posts can leave searchable breadcrumbs.  Make sure your devices are protected with antivirus, antispyware, antiphishing and a firewall. Secure free Wifi connections with Hotspot Shield VPN.
  2. New college grads should invest time picking apart their Facebook page and any other kind of social media where they have the ability to change what’s on it. Delete anything relating to drinking, sex, drugs, being tired all the time, political and religious views, use of offensive words, anything that fails to benefit your reputation online.
  3. Even a comment like “Old people are bad drivers” can kill your chances of landing a job. Think before you post.
  4. Unfortunately, if someone has posted something negative about you on their blog, there’s nothing you can do unless you want to pay something like $2,000 to hire a company to knock negative Google results deep into the search pages (a prospective employer probably will not go past a few pages deep once they locate information about you). But paying someone is a viable option you should consider.
  5. A college grad can protect their online reputation by never using their name when signing up for a forum board where they may make posts that, to a prospective employer, make the job seeker look bad. If you want to post on the comments page for Fox Sports, for instance, don’t use your real name.
  6. Don’t even use your real name for signing onto support sites for medical conditions, for that matter. You just never know what may rub a prospective employer the wrong way.

The college grad’s reputation needs to appear as perfect and “pure” as possible in the online world.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.