Posts

Mother Nature can ruin your business: Get ready for natural disasters now

September is almost over. This means National Preparedness Month is nearing its end. Nevertheless, you must be prepared all year long to stay safe. National Preparedness Month culminates September 30th with National PrepareAthon Day.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294In the boxing ring, if you focus on the knockout punches too much, the quick sharp jabs are what may bring you down. This is how some businesses approach their security. They put too much emphasis on preventing that mountainous data breach, while smaller everyday threats sneak by.

Those smaller threats may be difficult to get at, and they can knock you out for good. A company may have all eyes on that Russian hacking ring, a fire or hurricane. But threats come in all flavors.

A business just can’t use all its artillery against the “big” threats, because this will create non-flexible tactics that unravel in the face of an unexpected threat.

Unless company leaders are psychic, they can’t anticipate every possible threat. But being narrowly focused is no good, either. Here are some tips on how to widen that focus and plan for disaster:

  • Certainly, gear up for the “big” threats like natural disasters and brick-and-mortar crimes. This includes having insurance plans, conducting evacuation training, and implementing additional protection like smoke detectors and fire extinguishers.
  • Create a list of as many possible threats you can think of. If you can conceive it, it probably can happen.
  • Come up with a backup location should your primary office location be rendered inoperable.
  • Create a core response team for any kind of disasters, and see to it that the members are easy to reach. Have a secondary team in place in case anyone in the primary core can’t function.
  • Establish post-disaster communication plans for employees, customers/clients and vendors. Have a list of backup vendors.
  • Create security plans that are flexible rather than rigid, and make sure they are regularly updated.
  • Back up all data. Have an onsite data backup as well as cloud backup.
  • Replace computers every 2-3 years. But don’t wait that long if the following symptoms of a croaking computer occur: odd noises during boot-up; things taking way too long; a blue screen.

The preparation and prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business for disasters, download Carbonite’s e-book, “Five Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

How to prepare for Digital Disasters

Editor’s Note: In this week’s guest blog security expert Robert Siciliano explains how to protect your IT systems and your business from hardware failure. To learn more, download our new e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

3DIt is September and that means National Preparedness Month: an ideal time to get involved in your community’s safety. Make plans to stay safe, and this includes keeping ongoing communications alive. National Preparedness Month culminates September 30th with National PrepareAthon! Day.

I can’t believe that people who heavily rely on a computer for business will still suddenly report to clients, “My computer crashed; can you resend me all the files?” What? Wait!

Why aren’t these people backing up their data on a frequent basis? If your computer is central to your business you should back up your data a minimum of once a day to protect against the following threats:

  • Computer hack
  • Unintentional deletion
  • Theft
  • Water or fire damage
  • Hard drive crash

To make daily data backups less daunting, carefully sift through all of your files to rid old, useless ones and organize still-needed ones. A mess of files with a common theme all over the desktop can be consolidated into a single folder.

Protecting your data begins with keeping your computer in a safe, secure, locked location, but this is only the first (and weakest) layer of protection. The next step is to automatically back up data to the cloud. The third layer is to use local backups, ideally use sync software that offers routine backups to multiple local drives. It’s also important to use antimalware security software to prevent attacks from hackers.

Additional Tips for Small Businesses Make de-cluttering a priority by deleting unnecessary digital files. This will help the computer run faster and help your daily backups run more quickly. Take some time to sift through your programs and delete the useless ones.

It’s also a good idea to clean up your disk regularly. Windows users can find the disk cleanup tool by going to the Performance Information and Tools section under the Control Panel.

Go to the control panel and hit “Hardware and Sound.” Then click “Power Options.” Choosing the recommended “balanced” power setting will benefit the hard drive.

Every two to three years, reinstall your operating system to keep your hard drive feeling like a spring chicken.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business against the common accidents of everyday life, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

When a Company Gets Sold, So Does Your Data

When you subscribe to an online service, be careful of how much information you give out about yourself.

1PMost businesses in their terms and conditions, say they “respect your privacy.” But what if these companies go under or are sold? An article from the online New York Times explores this concept. Today’s market-data-hungry-businesses can gather lots of data about subscribers. This data can be transferred to third parties in the event the company is sold or goes belly up.

The New York Times recently analyzed the top 100 U.S. websites, and the revelation is that it’s par for the course for companies to state that subscribers’ data could be transferred as part of a sales or bankruptcy transaction. Companies like this include Google, Facebook, LinkedIn, Amazon and Apple.

On one hand, such companies assure consumers that privacy is important. Next second they’re telling you your data will get into third-party hands if they sell out or fizzle out.

A real-life example is the True.com Texas dating site that attempted to sell its customer database to another dating site. However, True.com’s privacy policy assured members that their personal details would never be sold without their permission. Texas law stopped the attempt.

The Times article points out that at least 17 of the top 100 said they’d notify customers of a data transfer, while only a handful promised an opt-out choice.

This isn’t as benign as some might think. For example, WhatsApp was sold to Facebook. A user of both services ultimately complained that Facebook, without his consent, accessed his WhatsApp contact list, even though his Facebook account was set to prevent people outside his network from obtaining his phone number.

Another example is Toysmart.com. When it went bankrupt, it tried to sell customer data, which included birthdates and names of children. The company’s privacy policy, however, promised users that this information would never be shared.

To avoid fracases, companies are now jumping on the bandwagon of stating they have the right to share customer/subscriber data with third parties per business transactions.

Don’t be surprised if you read something like: “We value your privacy,” and in another section of the privacy policy, “Upon sale of our company, your personal information may be sold.”

 

App Tells Who’s Digging into Your Personal Data

Did you know that sometimes, the apps you use for your smartphone have access to your personal information and are capable of sharing it? Are you aware that your privacy can be invaded across the network board? That includes Twitter, Facebook, Instagram, LinkedIn, Google+ and more.

1PAnd how can you tell which applications can do this? MyPermissions can tell you. Once you load this and do some setting up, you’ll see which apps on your device has access to your information.

For instance, it’s not just a matter of who can get your information, but how often and just what, such as your contact list, photos and more. The more apps you use, the more likely your personal information is getting “shared,” i.e., leaked into cyberspace without your knowledge.

MyPermissions will alert you when an application barges into your sensitive information. It will give you control over who gets access to your data.

Without MyPermissions, it’s like walking through a crowded area and dropping one copy after another of your driver’s license, bank statement, credit card and family contacts.

So let’s suppose you’d like to start with Facebook. You tell MyPermissions you’d like a scan. MyPermissions will use your FB account to look for external connections. You’ll have a dashboard to see who’s getting into your information and you’ll be directed in how to stop this.

Worried if MyPermissions will share your data? Don’t. It will never collect, store or use any of your private information.

A similar application is that of Online Privacy Shield (free from Google Play Store). It will tell you which of your apps are nosing around in your private files and what they’re getting. And you could control who gets what.

Instagram, Twitter, Facebook, LinkedIn, etc., all have different ways for terminating access to your privacy, so bear with that—don’t expect all to terminate with one simple click just because one particular service has a one-click termination.

Be prepared for a shock: Hundreds of apps may have access to your sensitive data. You’ll need to embrace and appreciate the time required to get all of this straightened out. But when all is said and done, you’ll be glad you took that time.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Your Stolen Data around the World in 2 Weeks

Ever wonder just what happens to the data in a data breach incident? Does it go into some kind of wormhole in cyberspace, out through the other end? Well, the answer is pretty much so, when you consider that hacked data makes its rounds on a global scale, taking only 14 days to land in 22 countries spanning five continents—according to an experiment by Bitglass.

4HBitglass, a cloud access security broker, did some research, generating over 1,500 fake names, credit card numbers, SSNs and other data that were saved in an Excel spreadsheet.

Then the spreadsheet, which was tagged, was sent out into cyberspace, including to several Darknet sites. The watermark tag sent a signal (which included information like IP addresses) to the researchers every time the document was opened.

This experiment simulated a data breach and provided an idea into just where real stolen data actually goes. This research points fingers at Russia and Nigeria as far as being the location of closely related major hacking rings.

Not only did this spreadsheet make international rounds, but it was opened over 1,200 times within the two weeks. Need it be mentioned that the countries most notorious for hacking rings (e.g., Russia, Nigeria and China) did most of the opening. Other access points included the U.S., Germany, Finland, New Zealand and Italy.

This is sobering information for company leaders who fear a data breach. Bitglass points out that the average data breach takes 205 days to be detected. Wow, just how many access points would there had been in 205 days? Would it be a linear increase or an exponential increase?

Consumers are at a serious disadvantage due to the fact most of the data breaches occur with data out of their immediate control. Fret not however. The best thing a consumer can do is pay close attention to their statements and look for unauthorized activity or invest in identity theft protection which will often make your Social Security number less attractive to a thief.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Is your Website and Data secure?

Imagine a lifeguard at the beach sitting on his perch. His job is to patrol and monitor for signs of trouble. He sees a surfer being attacked by a shark. Wow, a lot of good it does that he’s in a completely helpless position; by the time he scrambles off his perch and runs towards the water, the victim has bled out. Ouch.

2DThis is the same concept behind cyber crime. By the time a business or everyday Internet user realizes they’ve been hacked…major damage has been done. We can’t just be reactive. We have to be preventive.

The damage can destroy a business, not to mention take down the everyday persons website who did not have their prized and sensitive data, blogs, or photos backed up.

Forbes points out that over 60 percent of small businesses, after a serious data breach, go belly-up within a year, cyber crime is a major threat to medium-size businesses as well.

Companies worry a lot about their product and service, but are slowly coming around to the idea that a potent draw to potential customers and clients is the advertising of powerful IT security to fight off data breaches.

Customers and clients (and potential) want to know what a company is doing for prevention, not just what it’ll do after the attack.

What if you can’t afford a top-flight IT team? There are still things you can do for your business’s safety as well as for your home computer’s safety.

  • First off, back up all of your data.
  • Use antivirus software and make sure it’s always updated.
  • Use antispyware, antiphishing and a firewall and make sure that’s always updated as well.
  • If you have a website, scan that with your antivirus/malware or have your host provider do it. A website and web applications can be attacked by hackers.
  • Update to the latest version of the sites primary software and plugins.
  • An unexplained spike in traffic to or from your network is a red flag.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

What is Shoulder Surfing?

The next time you’re in a public place and glued to your smartphone or tablet — whether it’s at the gym, a coffee house, the airport, or just a park bench— know that someone might be peering over your shoulder to see what you’re doing. The snooper could just be curious, or they could be trying to capture your login information so they can use it to access your accounts impersonating you later on.

4DThis behavior is called “shoulder surfing”, but it doesn’t always mean that someone is literally looking over your shoulder. It can also be done from far away, using binoculars or even a small telescope.

That’s why you should always work with your back tightly against a wall. If that’s not possible, be aware of who’s around you, or behind you, and try to shield your screen. Of course, shoulder surfing can also occur at the workplace where giant computer screens are facing outward for anyone walking by to see.

And it isn’t just the screen contents that the thief wants. A skilled thief can watch the user’s finger movements to pick up on passwords and login information.

Shoulder surfing can be completely concealed in settings where people are normally packed together, such as on public transportation, airplanes, concert halls, or even a busy emergency room.

Think of how easy it would be for you to watch what the person next to you is typing, especially if they’re wearing a headset and oblivious to their surroundings.

The fact that this is an easy way to steal information is what makes it so common. A study of commuters in the UK found that 72 percent shoulder surfed—mostly out of boredom rather than for fraudulent intent, but that just goes to show how easy it really is.

Here’s some simple ways to protect yourself from should surfing when entering or accessing personal data on your devices:

  • Look for an area where your back is against a wall.
  • Be aware of your surroundings at all times, not just people but also video cameras.
  • Consider using a screen protector to obscure the visibility of the display.
  • Save your personal, business and financial matters for when you are in the privacy of your own home.

So whether you’re just surfing social media sites at a coffeehouse, or an executive trying to catch up on work on a plane, make sure that you keep an eye out for anyone whose eyes are glued to your screen.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

4 Tips for Spring Cleaning Your Digital Life

Spring is in the air (if you’re in the northern hemisphere) and it’s traditionally a time to clean every nook and cranny and get rid of excess stuff in your house. But it’s also a good time to clean up your digital life. Just like your house, your digital life needs a good cleaning once in a while, but sometimes this can seem like a daunting task, so here’s some tips for you to get started.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294First, begin by emptying your trash or recycle bin on your computer and clearing your browser cache of temporary files and cookies, both of which will free up valuable space on your hard drive, then follow these tips for cleaning your digital presence.

  1. Clean up apps and files. Are some of your apps gathering dust? Do you have files from high school (and it’s been years since you graduated)? If you’re not using these items, think about deleting them. Clearing out old, outdated and unused apps, programs and files leaves more space and memory on devices to fill with things you use.
  2. Back up your data. Our devices are a treasure trove of family memories like pictures and videos and they also often include key documents like tax forms and other sensitive information. None of us would want to lose any of these items, which is why it’s important to back up your data, and often. Back it up to both a cloud storage service and an external hard drive—just in case
  3. Review privacy policies. Are your accounts as private as you want them to be? Take the time to review the privacy settings on your accounts and your apps so you understand how they use your data. This is important for your social media accounts so you can choose what you want or don’t want to share online. For a good resource on social media privacy, see this article. This is also critical for your apps as many apps access information they don’t need. In fact, McAfee Labs™ found that 80% of Android apps track you and collect personal info–most of the time without our knowledge.
  4. Change your passwords. It’s always a good to idea to change your passwords on a regular basis and there’s no better time during a digital spring cleaning. To help you deal with the hassle of managing a multitude of usernames and passwords required to manage your digital life, use True Key™ by Intel Security. The True Key app will create and remember complex passwords for each of your sites, make them available to you across all of your devices, ensure that only you can access them simply and securely using factors that are unique to you, and automatically logs you in when you revisit your sites and apps—so you don’t have to.

So before you consider yourself done with your spring cleaning, make sure you finish this last bit of spring cleaning with these tips, and you’ll be well on your way to cleaning up your digital life.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Tips to Stay Digitally Safe on Spring Break

Give me a break! In the next month, students will get the week off for spring break—a much needed reward after months of hard work and, for some, gnarly winter weather. Spring break means free time, family vacations, trips with friends, and timeless memories.

7WBut, spring break can pose some risks to your online reputation and your identity. So whether you are going to party it up in the Caribbean or you are taking the kids to Disney World, here are some tips to keep you digitally safe this spring break.

  1. Don’t bring more technology than you have to. Do you really need to bring your laptop, tablet, and smartphone on your beach vacation? The more devices you bring, the more chances for someone to steal or compromise your device and your personal data.
  2. Backup your data. No matter what devices you decide to bring, make sure you back them up before you leave. You don’t know what will happen on your trip, don’t risk your data.
  3. Share when you get home. It’s tempting to share that family picture with Mickey, but it could alert thieves that you aren’t home. Wait until you return home before you share your vacation pictures online.
  4. Review your privacy settings. Just because you aren’t sharing anything from your spring break on social media, doesn’t mean that your friends aren’t. Check up on your privacy settings so you can manage who sees your content, and as best as possible, what others say about you. That embarrassing video of your belly flop doesn’t need to be seen by everyone.
  5. Be careful when using public Wi-Fi. Don’t log on to bank/credit card sites or shop online when using a public Internet connection. You don’t know who else is on your network.
  6. Install security software on all your devices. Use comprehensive security software likeMcAfee LiveSafe™ service to protect your devices no matter where you are.

Have a great spring break!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Everyone is vulnerable to Attack

There’s the war on drugs, the war on terrorism, the war on cancer and the war on cyber threats. In fact, more people are vulnerable to cyber attacks than they are to the first three threats combined.

7WSo pervasive is this threat that President Obama fully recognizes that everyone is at risk. He even signed an executive order recently in the hopes of promoting the sharing of more cybersecurity related data between the government and the private sector.

Recently President Obama presented a speech at Stanford University; the attendees included government officials and leaders in the tech world. He admitted that the government is a bit befuddled over how to provide the private sector with protection from cyber threats. And don’t forget that many hackers operate overseas, making them tougher to track down.

Obama’s message is that it’s difficult for the government to simultaneously protect the public and not be intrusive into peoples’ privacy.

He referred to the cyber world as the “Wild Wild West,” but it sounds more like the Wild Wicked Web. But he likens it to the Old West because people want the government to play the role of sheriff.

With practically the entire world online (even people living in huts along rivers have computers), everyone’s a potential victim.

Obama has really been putting his foot down hard about this, having begun in 2013, when the so-called cybersecurity framework was formulated—a scheme that’s designed to enhance cyber security, and this protocol has been put in place by some major corporations.

But Obama hasn’t stopped there. In January he announced plans for additional protection for the private sector.

Nevertheless, many people, including business decision makers, believe that the Obama Administration isn’t moving fast enough. They want to see these plans in writing, but these executive orders have not been made obtainable, perhaps making some tech leaders feel that Obama isn’t taking things quite as seriously as he says he wants to.

Regardless, the onus of responsibility is on you good reader. Nobody is going to protect your device or data better than you. Keep reading, keep your devices updated and maintain your awareness of various scams because criminals are getting better and better every day.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.