Posts

Tips for backing up and protecting your data while traveling

The season of giving is now upon us — but don’t forget, it’s also the season of stealing — and no, I don’t mean your wallet or the gift package at your doorstep, but your Social Security number, credit card information, medical records and any other highly confidential information that you have stored on your computers.

1DThieves want your data — the information stored in your smartphone, laptop and other devices. People are especially vulnerable to this crime when they travel. Don’t let the hustle and bustle of holiday travel detract you from protecting your data!

  • Make sure your devices have updated security software.
  • Remove all the sensitive data (e.g., medical records) from your device prior to travel — but not before you back it up.
  • One way to protect your data is cloud backup. Protecting your data begins with keeping your computer in a safe, secure, locked location, but when you are traveling, this is simply not an option. Therefore, automatically back up data to the cloud. The third layer is to use local backups; ideally sync software that offers routine backups to an external drive.
  • Before the trip, an IT expert should install disk encryption for your laptop– especially if you’ll be bringing along lots of sensitive data. If the laptop ends up in the wrong hands, the crook will see only scrambled data.
  • Even with the aforementioned security measures in place, you should also use a virtual private network when conducting online transactions at public Wi-Fi spots, so that snooping hackers “see” only encrypted transmissions.
  • All of the above tactics still aren’t enough. “Shoulder surfers” could visually snatch your login credentials while you’re typing away at the airport lobby or coffee shop. “Visual hackers” may also use binoculars and cameras. A privacy filter for your screen will conceal what’s on your screen. If they’re right behind youthis technology will alert you. You should use a privacy filter even when your back is to a wall.

Never let your device out of your sight, and if you must, like at a relative’s dinner gathering, lock it up.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.

Best practices for BYOD data storage

The Bring Your Own Device (BYOD) movement has in some ways saved companies money, but in other ways put customer data at risk. Employees are onsite, telecommuting or traveling on business. This means their devices, and company data could be anywhere at any given moment.

7WA company manager or owner realizes that company use of employee mobile devices brings benefits. But employees also use the devices for personal activities, increasing the risk of hackers getting into company data.

The solution is to train these employees in BYOD, information security and awareness. They must be aware of how risky a data breach is, how to secure data, especially if the device is loaded with company data. An overlooked part of that training is knowing how to deal with old data, back up that data and in some cases, delete it.

Data lives in 3 forms: stored on a local device, backed up in the cloud and deleted. Over time, old data begins to accumulate on devices and that can cause problems.

Here are some key considerations and best practices for dealing with the BYOD phenomenon at your business:

  • Ask yourself when old data no longer needed? Data should have expiration dates set up to indicate this.
  • Businesses should realize that “useless” or “old” data may surprisingly be needed sooner or later. This data can be stored offsite, in the cloud, so that if the device is hacked, at least the old data (which may contain valuable information to the hacker) won’t be accessible.
  • Setting up cloud storage that automatically backs up data will ensure that if a device is lost or stolen, the data is still available. Every bit of data, even if it’s seemingly useless, should be backed up.
  • How do you truly delete data? Don’t think for a second you’ll achieve this by hitting the delete button. In many cases, a hacker could still find it and obtain it from the hard drive. What you can’t see is not invisible to a skilled hacker.
  • Want to just get rid of old data altogether? You must destroy the hard drive. This means put it on the ground and hit with a sledgehammer. Then recycle the guts. Or you can professionally shred it.
  • Deploy Mobile Device Management (MDM) software that gives companies the ability to remotely manage devices. Tasks might include locating, locking or wiping a lost or stolen device. MDM can also be used to update software and delete or back up data.

The planning and prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and the tricks that cyber thieves use.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.

Mother Nature can ruin your business: Get ready for natural disasters now

September is almost over. This means National Preparedness Month is nearing its end. Nevertheless, you must be prepared all year long to stay safe. National Preparedness Month culminates September 30th with National PrepareAthon Day.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294In the boxing ring, if you focus on the knockout punches too much, the quick sharp jabs are what may bring you down. This is how some businesses approach their security. They put too much emphasis on preventing that mountainous data breach, while smaller everyday threats sneak by.

Those smaller threats may be difficult to get at, and they can knock you out for good. A company may have all eyes on that Russian hacking ring, a fire or hurricane. But threats come in all flavors.

A business just can’t use all its artillery against the “big” threats, because this will create non-flexible tactics that unravel in the face of an unexpected threat.

Unless company leaders are psychic, they can’t anticipate every possible threat. But being narrowly focused is no good, either. Here are some tips on how to widen that focus and plan for disaster:

  • Certainly, gear up for the “big” threats like natural disasters and brick-and-mortar crimes. This includes having insurance plans, conducting evacuation training, and implementing additional protection like smoke detectors and fire extinguishers.
  • Create a list of as many possible threats you can think of. If you can conceive it, it probably can happen.
  • Come up with a backup location should your primary office location be rendered inoperable.
  • Create a core response team for any kind of disasters, and see to it that the members are easy to reach. Have a secondary team in place in case anyone in the primary core can’t function.
  • Establish post-disaster communication plans for employees, customers/clients and vendors. Have a list of backup vendors.
  • Create security plans that are flexible rather than rigid, and make sure they are regularly updated.
  • Back up all data. Have an onsite data backup as well as cloud backup.
  • Replace computers every 2-3 years. But don’t wait that long if the following symptoms of a croaking computer occur: odd noises during boot-up; things taking way too long; a blue screen.

The preparation and prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business for disasters, download Carbonite’s e-book, “Five Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

How to prepare for Digital Disasters

Editor’s Note: In this week’s guest blog security expert Robert Siciliano explains how to protect your IT systems and your business from hardware failure. To learn more, download our new e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

3DIt is September and that means National Preparedness Month: an ideal time to get involved in your community’s safety. Make plans to stay safe, and this includes keeping ongoing communications alive. National Preparedness Month culminates September 30th with National PrepareAthon! Day.

I can’t believe that people who heavily rely on a computer for business will still suddenly report to clients, “My computer crashed; can you resend me all the files?” What? Wait!

Why aren’t these people backing up their data on a frequent basis? If your computer is central to your business you should back up your data a minimum of once a day to protect against the following threats:

  • Computer hack
  • Unintentional deletion
  • Theft
  • Water or fire damage
  • Hard drive crash

To make daily data backups less daunting, carefully sift through all of your files to rid old, useless ones and organize still-needed ones. A mess of files with a common theme all over the desktop can be consolidated into a single folder.

Protecting your data begins with keeping your computer in a safe, secure, locked location, but this is only the first (and weakest) layer of protection. The next step is to automatically back up data to the cloud. The third layer is to use local backups, ideally use sync software that offers routine backups to multiple local drives. It’s also important to use antimalware security software to prevent attacks from hackers.

Additional Tips for Small Businesses Make de-cluttering a priority by deleting unnecessary digital files. This will help the computer run faster and help your daily backups run more quickly. Take some time to sift through your programs and delete the useless ones.

It’s also a good idea to clean up your disk regularly. Windows users can find the disk cleanup tool by going to the Performance Information and Tools section under the Control Panel.

Go to the control panel and hit “Hardware and Sound.” Then click “Power Options.” Choosing the recommended “balanced” power setting will benefit the hard drive.

Every two to three years, reinstall your operating system to keep your hard drive feeling like a spring chicken.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business against the common accidents of everyday life, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

When a Company Gets Sold, So Does Your Data

When you subscribe to an online service, be careful of how much information you give out about yourself.

1PMost businesses in their terms and conditions, say they “respect your privacy.” But what if these companies go under or are sold? An article from the online New York Times explores this concept. Today’s market-data-hungry-businesses can gather lots of data about subscribers. This data can be transferred to third parties in the event the company is sold or goes belly up.

The New York Times recently analyzed the top 100 U.S. websites, and the revelation is that it’s par for the course for companies to state that subscribers’ data could be transferred as part of a sales or bankruptcy transaction. Companies like this include Google, Facebook, LinkedIn, Amazon and Apple.

On one hand, such companies assure consumers that privacy is important. Next second they’re telling you your data will get into third-party hands if they sell out or fizzle out.

A real-life example is the True.com Texas dating site that attempted to sell its customer database to another dating site. However, True.com’s privacy policy assured members that their personal details would never be sold without their permission. Texas law stopped the attempt.

The Times article points out that at least 17 of the top 100 said they’d notify customers of a data transfer, while only a handful promised an opt-out choice.

This isn’t as benign as some might think. For example, WhatsApp was sold to Facebook. A user of both services ultimately complained that Facebook, without his consent, accessed his WhatsApp contact list, even though his Facebook account was set to prevent people outside his network from obtaining his phone number.

Another example is Toysmart.com. When it went bankrupt, it tried to sell customer data, which included birthdates and names of children. The company’s privacy policy, however, promised users that this information would never be shared.

To avoid fracases, companies are now jumping on the bandwagon of stating they have the right to share customer/subscriber data with third parties per business transactions.

Don’t be surprised if you read something like: “We value your privacy,” and in another section of the privacy policy, “Upon sale of our company, your personal information may be sold.”

 

App Tells Who’s Digging into Your Personal Data

Did you know that sometimes, the apps you use for your smartphone have access to your personal information and are capable of sharing it? Are you aware that your privacy can be invaded across the network board? That includes Twitter, Facebook, Instagram, LinkedIn, Google+ and more.

1PAnd how can you tell which applications can do this? MyPermissions can tell you. Once you load this and do some setting up, you’ll see which apps on your device has access to your information.

For instance, it’s not just a matter of who can get your information, but how often and just what, such as your contact list, photos and more. The more apps you use, the more likely your personal information is getting “shared,” i.e., leaked into cyberspace without your knowledge.

MyPermissions will alert you when an application barges into your sensitive information. It will give you control over who gets access to your data.

Without MyPermissions, it’s like walking through a crowded area and dropping one copy after another of your driver’s license, bank statement, credit card and family contacts.

So let’s suppose you’d like to start with Facebook. You tell MyPermissions you’d like a scan. MyPermissions will use your FB account to look for external connections. You’ll have a dashboard to see who’s getting into your information and you’ll be directed in how to stop this.

Worried if MyPermissions will share your data? Don’t. It will never collect, store or use any of your private information.

A similar application is that of Online Privacy Shield (free from Google Play Store). It will tell you which of your apps are nosing around in your private files and what they’re getting. And you could control who gets what.

Instagram, Twitter, Facebook, LinkedIn, etc., all have different ways for terminating access to your privacy, so bear with that—don’t expect all to terminate with one simple click just because one particular service has a one-click termination.

Be prepared for a shock: Hundreds of apps may have access to your sensitive data. You’ll need to embrace and appreciate the time required to get all of this straightened out. But when all is said and done, you’ll be glad you took that time.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Your Stolen Data around the World in 2 Weeks

Ever wonder just what happens to the data in a data breach incident? Does it go into some kind of wormhole in cyberspace, out through the other end? Well, the answer is pretty much so, when you consider that hacked data makes its rounds on a global scale, taking only 14 days to land in 22 countries spanning five continents—according to an experiment by Bitglass.

4HBitglass, a cloud access security broker, did some research, generating over 1,500 fake names, credit card numbers, SSNs and other data that were saved in an Excel spreadsheet.

Then the spreadsheet, which was tagged, was sent out into cyberspace, including to several Darknet sites. The watermark tag sent a signal (which included information like IP addresses) to the researchers every time the document was opened.

This experiment simulated a data breach and provided an idea into just where real stolen data actually goes. This research points fingers at Russia and Nigeria as far as being the location of closely related major hacking rings.

Not only did this spreadsheet make international rounds, but it was opened over 1,200 times within the two weeks. Need it be mentioned that the countries most notorious for hacking rings (e.g., Russia, Nigeria and China) did most of the opening. Other access points included the U.S., Germany, Finland, New Zealand and Italy.

This is sobering information for company leaders who fear a data breach. Bitglass points out that the average data breach takes 205 days to be detected. Wow, just how many access points would there had been in 205 days? Would it be a linear increase or an exponential increase?

Consumers are at a serious disadvantage due to the fact most of the data breaches occur with data out of their immediate control. Fret not however. The best thing a consumer can do is pay close attention to their statements and look for unauthorized activity or invest in identity theft protection which will often make your Social Security number less attractive to a thief.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Is your Website and Data secure?

Imagine a lifeguard at the beach sitting on his perch. His job is to patrol and monitor for signs of trouble. He sees a surfer being attacked by a shark. Wow, a lot of good it does that he’s in a completely helpless position; by the time he scrambles off his perch and runs towards the water, the victim has bled out. Ouch.

2DThis is the same concept behind cyber crime. By the time a business or everyday Internet user realizes they’ve been hacked…major damage has been done. We can’t just be reactive. We have to be preventive.

The damage can destroy a business, not to mention take down the everyday persons website who did not have their prized and sensitive data, blogs, or photos backed up.

Forbes points out that over 60 percent of small businesses, after a serious data breach, go belly-up within a year, cyber crime is a major threat to medium-size businesses as well.

Companies worry a lot about their product and service, but are slowly coming around to the idea that a potent draw to potential customers and clients is the advertising of powerful IT security to fight off data breaches.

Customers and clients (and potential) want to know what a company is doing for prevention, not just what it’ll do after the attack.

What if you can’t afford a top-flight IT team? There are still things you can do for your business’s safety as well as for your home computer’s safety.

  • First off, back up all of your data.
  • Use antivirus software and make sure it’s always updated.
  • Use antispyware, antiphishing and a firewall and make sure that’s always updated as well.
  • If you have a website, scan that with your antivirus/malware or have your host provider do it. A website and web applications can be attacked by hackers.
  • Update to the latest version of the sites primary software and plugins.
  • An unexplained spike in traffic to or from your network is a red flag.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

What is Shoulder Surfing?

The next time you’re in a public place and glued to your smartphone or tablet — whether it’s at the gym, a coffee house, the airport, or just a park bench— know that someone might be peering over your shoulder to see what you’re doing. The snooper could just be curious, or they could be trying to capture your login information so they can use it to access your accounts impersonating you later on.

4DThis behavior is called “shoulder surfing”, but it doesn’t always mean that someone is literally looking over your shoulder. It can also be done from far away, using binoculars or even a small telescope.

That’s why you should always work with your back tightly against a wall. If that’s not possible, be aware of who’s around you, or behind you, and try to shield your screen. Of course, shoulder surfing can also occur at the workplace where giant computer screens are facing outward for anyone walking by to see.

And it isn’t just the screen contents that the thief wants. A skilled thief can watch the user’s finger movements to pick up on passwords and login information.

Shoulder surfing can be completely concealed in settings where people are normally packed together, such as on public transportation, airplanes, concert halls, or even a busy emergency room.

Think of how easy it would be for you to watch what the person next to you is typing, especially if they’re wearing a headset and oblivious to their surroundings.

The fact that this is an easy way to steal information is what makes it so common. A study of commuters in the UK found that 72 percent shoulder surfed—mostly out of boredom rather than for fraudulent intent, but that just goes to show how easy it really is.

Here’s some simple ways to protect yourself from should surfing when entering or accessing personal data on your devices:

  • Look for an area where your back is against a wall.
  • Be aware of your surroundings at all times, not just people but also video cameras.
  • Consider using a screen protector to obscure the visibility of the display.
  • Save your personal, business and financial matters for when you are in the privacy of your own home.

So whether you’re just surfing social media sites at a coffeehouse, or an executive trying to catch up on work on a plane, make sure that you keep an eye out for anyone whose eyes are glued to your screen.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

4 Tips for Spring Cleaning Your Digital Life

Spring is in the air (if you’re in the northern hemisphere) and it’s traditionally a time to clean every nook and cranny and get rid of excess stuff in your house. But it’s also a good time to clean up your digital life. Just like your house, your digital life needs a good cleaning once in a while, but sometimes this can seem like a daunting task, so here’s some tips for you to get started.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294First, begin by emptying your trash or recycle bin on your computer and clearing your browser cache of temporary files and cookies, both of which will free up valuable space on your hard drive, then follow these tips for cleaning your digital presence.

  1. Clean up apps and files. Are some of your apps gathering dust? Do you have files from high school (and it’s been years since you graduated)? If you’re not using these items, think about deleting them. Clearing out old, outdated and unused apps, programs and files leaves more space and memory on devices to fill with things you use.
  2. Back up your data. Our devices are a treasure trove of family memories like pictures and videos and they also often include key documents like tax forms and other sensitive information. None of us would want to lose any of these items, which is why it’s important to back up your data, and often. Back it up to both a cloud storage service and an external hard drive—just in case
  3. Review privacy policies. Are your accounts as private as you want them to be? Take the time to review the privacy settings on your accounts and your apps so you understand how they use your data. This is important for your social media accounts so you can choose what you want or don’t want to share online. For a good resource on social media privacy, see this article. This is also critical for your apps as many apps access information they don’t need. In fact, McAfee Labs™ found that 80% of Android apps track you and collect personal info–most of the time without our knowledge.
  4. Change your passwords. It’s always a good to idea to change your passwords on a regular basis and there’s no better time during a digital spring cleaning. To help you deal with the hassle of managing a multitude of usernames and passwords required to manage your digital life, use True Key™ by Intel Security. The True Key app will create and remember complex passwords for each of your sites, make them available to you across all of your devices, ensure that only you can access them simply and securely using factors that are unique to you, and automatically logs you in when you revisit your sites and apps—so you don’t have to.

So before you consider yourself done with your spring cleaning, make sure you finish this last bit of spring cleaning with these tips, and you’ll be well on your way to cleaning up your digital life.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.