Posts

Tips to Stay Digitally Safe on Spring Break

Give me a break! In the next month, students will get the week off for spring break—a much needed reward after months of hard work and, for some, gnarly winter weather. Spring break means free time, family vacations, trips with friends, and timeless memories.

7WBut, spring break can pose some risks to your online reputation and your identity. So whether you are going to party it up in the Caribbean or you are taking the kids to Disney World, here are some tips to keep you digitally safe this spring break.

  1. Don’t bring more technology than you have to. Do you really need to bring your laptop, tablet, and smartphone on your beach vacation? The more devices you bring, the more chances for someone to steal or compromise your device and your personal data.
  2. Backup your data. No matter what devices you decide to bring, make sure you back them up before you leave. You don’t know what will happen on your trip, don’t risk your data.
  3. Share when you get home. It’s tempting to share that family picture with Mickey, but it could alert thieves that you aren’t home. Wait until you return home before you share your vacation pictures online.
  4. Review your privacy settings. Just because you aren’t sharing anything from your spring break on social media, doesn’t mean that your friends aren’t. Check up on your privacy settings so you can manage who sees your content, and as best as possible, what others say about you. That embarrassing video of your belly flop doesn’t need to be seen by everyone.
  5. Be careful when using public Wi-Fi. Don’t log on to bank/credit card sites or shop online when using a public Internet connection. You don’t know who else is on your network.
  6. Install security software on all your devices. Use comprehensive security software likeMcAfee LiveSafe™ service to protect your devices no matter where you are.

Have a great spring break!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Everyone is vulnerable to Attack

There’s the war on drugs, the war on terrorism, the war on cancer and the war on cyber threats. In fact, more people are vulnerable to cyber attacks than they are to the first three threats combined.

7WSo pervasive is this threat that President Obama fully recognizes that everyone is at risk. He even signed an executive order recently in the hopes of promoting the sharing of more cybersecurity related data between the government and the private sector.

Recently President Obama presented a speech at Stanford University; the attendees included government officials and leaders in the tech world. He admitted that the government is a bit befuddled over how to provide the private sector with protection from cyber threats. And don’t forget that many hackers operate overseas, making them tougher to track down.

Obama’s message is that it’s difficult for the government to simultaneously protect the public and not be intrusive into peoples’ privacy.

He referred to the cyber world as the “Wild Wild West,” but it sounds more like the Wild Wicked Web. But he likens it to the Old West because people want the government to play the role of sheriff.

With practically the entire world online (even people living in huts along rivers have computers), everyone’s a potential victim.

Obama has really been putting his foot down hard about this, having begun in 2013, when the so-called cybersecurity framework was formulated—a scheme that’s designed to enhance cyber security, and this protocol has been put in place by some major corporations.

But Obama hasn’t stopped there. In January he announced plans for additional protection for the private sector.

Nevertheless, many people, including business decision makers, believe that the Obama Administration isn’t moving fast enough. They want to see these plans in writing, but these executive orders have not been made obtainable, perhaps making some tech leaders feel that Obama isn’t taking things quite as seriously as he says he wants to.

Regardless, the onus of responsibility is on you good reader. Nobody is going to protect your device or data better than you. Keep reading, keep your devices updated and maintain your awareness of various scams because criminals are getting better and better every day.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

Online Data less safe than ever

It’ll get worse before it gets better: online data safety. It’s amazing how many people think they’re “safe” online, while one huge business or entity after another keeps getting hacked to the bone.

1DAnd “safety” doesn’t necessarily mean the prevention of your computer getting infected with a virus, or falling for an online scam that results in someone getting your credit card information. It’s also a matter of privacy. While targeted advertising (based on websites you’ve visited) may seem harmless, it’s the benign end of the continuum—that someone out there is tracking you.

So, do you still think you’re hack-proof?

That you can’t be fooled or lured? That your devices’ security is impenetrable? That you know how to use your device so that nobody can get ahold of your sensitive information?

Consider the following entities that got hacked. They have cyber security teams, yet still fell victim:

  • LinkedIn
  • Yahoo! Mail
  • Adobe
  • Dropbox
  • Sony
  • Target

You may think the hacking is their problem, but what makes you believe that the service you use is immune? Are you even familiar with its security measures? That aside, consider this: You can bet that some of your personal information is obtainable by the wrong hands—if it already isn’t in the wrong hands.

Are you absolutely sure this can’t possibly be? After all, you’re just a third-year med student or recent college grad looking for work, or housewife with a few kids…just an average Joe or Jane…and you use the Internet strictly for keeping up with the news, keeping up with friends and family on social media, using e-mail…innocent stuff, right?

You’ve never even posted so much as a picture online and say you don’t use a credit card online either.

  • But hey, if your passwords aren’t strong, this ALONE qualifies you as a potential hacking victim.
  • So, what is your password? Is it something like Bunny123? Does it contain your name or the name of a sport? Keyboard sequences? The name of a well-known place? The name of a rock band?
  • Do you use this password for more than one account? That gets tacked onto your risks of getting hacked.
  • You need not be someone famous to get hacked; just someone who gets lured into filling out a form that wants your bank account number, credit card number, birthdate or some other vital data.
  • If you just ordered something from Amazon, and the next day you receive a message from Amazon with a subject line relating to your order…did you know that this could be from a scammer who sent out 10,000 of these same e-mails (via automated software), and by chance, one of them reached someone at just the right time to trick you into thinking it’s authentic?
  • People who know you may want your information to get revenge, perhaps a spurned girlfriend. Don’t disqualify yourself; nobody is ever unimportant enough to be below the scammer’s radar.
  • Did you know that photos you post in social media have a GPS tag? Scammers could figure out where the photo was taken. Are you announcing to all your FB friends about when your next vacation is? Did you know a burglar might read your post, then plan his robbery? Between the GPS tags and your vacation dates…you’re screwed.

Well, you can’t live in a bubble and be antisocial, right? Well, it’s like driving a car. You know there are tons of accidents every day, but you still drive. Yet at the same time, if you’re halfway reasonable, you’ll take precautions such as wearing a seatbelt and not driving closely behind someone on the highway.

Most of your fate is in your hands. And this applies to your online safety. You won’t be 100 percent immune from the bad cyber guys, just like you’re not 100 percent immune from a car wreck. But taking precautions and having the right tools really make a tremendous difference.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Data Breach Aftermath

Haste certainly doesn’t make waste if you’ve suffered from an entity getting hacked resulting in a data breach. Don’t waste a single minute delaying notifying affected accounts! In the case of a credit card company, they will investigate; you won’t have to pay the fraudulent charges. The breached card will be closed, and you’ll get a new one. And there is more.
11D
All sounds simple enough, but the experience can be a major hassle. Below is what you should do upon learning your card has been breached:

  • If a SSN is breached, place a credit freeze or fraud alert with the three big credit bureau agencies. Placement of the credit freeze or fraud alert will net you a free copy of your credit reports; review them.
  • See if you can find companies that have accounts in your name—that you didn’t set up. Notify and cancel them. Make a list of entities that might be affected by your ID theft, then contact them.
  • If your identity is actually stolen, you may need documents to show creditors proof of your ID theft, you should file a report with the police and FTC.
  • Keep vigilant documentation of all of your relevant correspondence.

If your credit card was compromised, you also must contact every company or service that was on autopay with the old card. This includes quarterly autopays (e.g., pesticide company) and yearly autopays, like your website’s domain name. Don’t forget these! You now have to transfer all the autopays to your new card.

But you also must consider the possibility that your credit card breach is only the beginning of more ID theft to come. You now must be more vigilant than ever. If it can happen once, it can happen again.

  • Check every charge on every statement. If you don’t remember making that $4.57 charge…investigate this. Thieves often start with tiny purchases, then escalate.
  • Use apps that can detect anomalous behavior with your credit card account. These applications are free and will alert you if there’s a purchase that’s out of the norm, such as there’s a charge to the card in your home town, but an hour later another charge occurs 800 miles away.
  • See if your card carrier will let you set up account alerts, such as every time a purchase exceeds a set amount, you get notified.
  • Never let your card out of your sight. The thief could have been someone to whom you gave your card for a payment—they used a handheld “skimming” device and got your data. If you don’t want to hassle with, for instance, the restaurant server who wants to take your card and go off somewhere to get your payment, then pay cash (if possible).
  • Never use public ATMs; ones inside your bank are less likely to be tampered with with skimming devices.

Other than tampered ATMs and retail clerks taking your card out of your view to collect payment, there are tons of ways your personal information could get into a thief’s hands. Here are steps to help prevent that:

  • Shred all documents with any of your personal information, including receipts, so that “dumpster divers” can’t make use of them.
  • When shopping online, use a virtual credit card number; your bank may offer this feature.
  • When shopping, patronize only sites that have “https” at the start of the Web address.
  • Never save your credit card number on the site you shop at.
  • If a retail site requires your SSN in order to make the purchase, withdraw from the site and never go back.
  • Never give your credit card or other personal information to online forms that you came to as a result of clicking a link in an e-mail message. In fact, never click links inside e-mail messages.
  • Make sure all your computer devices have a firewall, and antivirus/antimalware software, and keep it updated.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Protect your Data during Holiday Travel

You’re dreaming of a white Christmas, and hackers are dreaming of a green Christmas: your cash in their pockets. And hackers are everywhere, and are a particular threat to travelers.
http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813

  • Prior to leaving for your holiday vacation, have an IT specialist install a disk encryption on your laptop if you plan on bringing it along; the hard drive will have encryption software to scramble your data if the device it lost or stolen.
  • Try to make arrangements to prevent having to use your laptop to handle sensitive data. If you must, then at least store all the data in an encrypted memory stick or disk encryption as stated above. Leave as much personal data behind when you travel.
  • Before embarking on your vacation, make sure that your devices are equipped with comprehensive security software such as antivirus, antispyware, antiphishing and a firewall so that you can have safe online connections.
  • If your device has a virtual private network (VPN), this will encrypt all of your transmissions when you use public Wi-Fi. Hackers will see gibberish and thus won’t have any interest in you. Don’t ever connect to an unprotected Wi-Fi network!
  • Always have your laptop and other devices with you, even if it’s to momentarily leave the hotel’s lobby (where you’re using your device) to get some water. When staying at friends or family, don’t leave your devices where even other guests in the house you’re staying at can get to them, even if they’re kids. Just sayin’.
  • Add another layer of protection from “visual hackers,” too. Visual hackers peer over the user’s shoulder to see what’s on their screen. If they do this enough to enough people, sooner or later they’ll catch someone with their data up on the screen.
  • Visual hackers can also use cameras and binoculars to capture what’s on your screen. All these thieves need to do is just hang nearby nonchalantly with your computer screen in full view, and wait till you enter your data. They can then snap a picture of the view.
  • This can be deterred with 3M’s ePrivacy Filter, when combined with their 3M Privacy Filter. When a visual hacker tries to see what’s on your screen it provides up to 180 degree comprehensive privacy protection. Filters provide protection by blackening the screen when viewed from the side. Furthermore, you’ll get an alert that someone is creeping up too close to you. The one place where a visual hacker can really get an “in” on your online activities is on an airplane. Do you realize how easy it would be for someone sitting behind you (especially if you both have aisle seats) to see what you’re doing?

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

Should You Use Near-Field Communications?

Have you ever wondered what kind of superpower you’d have? I’ve always wanted to send messages and ideas with my mind to others. My dream can sort of come true with near-field communications (NFC).

7DYou’ve might not have heard of NFC, but if you have a smartphone, there’s a good chance you’ve used it. If you have ever used Apple Pay or bumped your Galaxy smartphone with your buddy’s to send pictures, you have used NFC. By definition, NFC allows smartphones and similar devices to establish radio communication with each other by bringing them close together, usually no more than a few inches or centimeters. It’s an exciting technology that has a lot of promise, but there are a few concerns too. Let’s take a closer look at the pros and cons of NFC.

Pros

  • Convenient. In a busy digital world, people like transactions that are quick and easy. That is one of NFC’s greatest strengths. No more digging around a wallet or purse for a debit or credit card, all you need is your phone. The technology is intuitive—bring your phone close to the reader and a simple touch and bam! Transaction completed. Think about how much time that would save at coffee shops, grocery stores, etc.
  • Versatile. NFC can be used for many situations and in many different industries. In the future, NFC technology could allow you to use your phone to unlock your car, access public transportation, or launch applications depending on where you are (bedside table, work desk, etc.).
  • Safe. If your wallet is stolen, thieves immediately have access to your information. With a smartphone, your data can be protected by a password and/or PIN. But the biggest strength is that with NFC payment, retailers no longer have access to your credit card information.

Cons

  • Security. Although NFC technology is more secure than magnetic strip credit cards, there are still security concerns. As people use this technology to purchase items or access cars, there is more incentive for hackers to break into smartphones to steal financial and personal information.
  • Usability. NFC will only succeed if merchants and companies adopt it as the way of the mobile commerce future. Although the technology is consumer-friendly, it is expensive to purchase and install related equipment. And it still may take years before there are enough smartphone users for NFC to add enough value to merchants to implement.

NFC is a new and blossoming technology with lots of potential. Whether you decide to use it or not, there are always things you can do to keep your personal and financial information safe. For tips and ideas, check out Intel Security’s Facebook page and Twitter feed.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Study Shows 67% of Employees Expose Sensitive Data Outside the Workplace

IDC, an IT analyst firm, estimates that the mobile worker population could reach 1.3 billion by 2015, meaning, they access workplace data outside the workplace. This is risky because it exposes data to hackers.

2DIn fact, the safety of what’s displayed on the computer screen in public is of huge concern. The 3M Visual Data Breach Risk Assessment Study provides some troubling findings.

First off, 67 percent of workers expose company data beyond the workplace, including very sensitive information. Typically, the employee has no idea how risky this is. It’s as easy as the crook capturing data, that’s displayed on a screen, with a smartphone camera as he passes by or secretly looks on continuously from nearby.

And there’s little corporate policy in place to guard against this. The study says that 70 percent of professional employees admitted their company lacked any explicit policy on conducting business in public. And 79 percent reported that their employer didn’t even have a policy on privacy filter use.

Either communication about policies with employees is feeble, or attention to visual policy from the decision makers is lacking.

An increasing number of people are taking their online work to public places, but if they knew that company data was properly protected from roving snoops, they’d be more productive. Companies need to take more seriously the issue of visual privacy and this includes equipping employees with tools of protection. Below are more findings.

Type of Data Handled in Public

  • Internal financials: 41.77%
  • Private HR data: 33.17%
  • Trade secrets: 32.17%
  • Credit card numbers: 26.18%
  • SSNs: 23.94%
  • Medical data: 15.34%

Only three percent of the respondents said that there were restrictions imposed on some corporate roles working in public. Eleven percent didn’t even know what their employer’s policy was.

One way to make headway is a privacy filter because it blocks the lateral views of computer screens. Eighty percent of the people in the study said they’d use a device with a filter.

Another factor is that of enlightening workers about the whole issue. An enlightened employee is more likely to conduct public online business with their back to a wall.

Additional Results

  • In general, work is not allowed in public: 16%
  • No explicit policy on public working: 70%
  • To the worker, privacy is very important: 70%; somewhat important: 30%; not very important: 4%; not important at all: 1%.
  • Only 35 percent of workers opted to use a kiosk machine with a privacy filter when presented with two machines: one with and one without the privacy filter.

The study concludes that businesses are sadly lacking in security tactics relating to data that’s stored, transmitted, used and displayed. This is a weak link in the chain of sensitive information. Any effective IT security strategy needs to address this issue and take it right down the line to the last employee.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

Cloud Data Breaches mo’ Money

IT people need to beef up their opinions about cloud security, says a recent report by the Ponemon Institute called “Data Breach: The Cloud Multiplier Effect.”

3DYes, data breaches occur in the cloud. In fact, it can be triple the cost of a data breach involving a brick and mortar medium.

The report put together data from the responses of over 600 IT and IT security people in the U.S. The report has three observations:

  • Many of the respondents don’t think that their companies are adequately inspecting cloud services for security.
  • The cost of a data breach can be pricey.
  • When a business attempts to bring its own cloud, this is the costliest for high value intellectual property.

More Results

  • 72% of the participants thought that their cloud service providers would fail to notify them of a breach if it involved theft of sensitive company data.
  • 71% believed this would be the same outcome for customer data breaches.

Many company decision makers don’t think they have a whole lot of understanding into how much data or what kind is stored in a cloud.

  • 90% thought that a breach could result when backups and storage of classified data were increased by 50 percent over a period of 12 months.
  • 65% believed that if the data center were moved from the U.S. to a location offshore, a breach could result.

All of these findings mentioned here are the result of self-estimations rather than objective analysis of real breaches.

Ponemon also determined that if a breach involved at least 100,000 records of stolen personal data, the economic impact could jump from an average of $2.4 million to $4 million, up to $7.3 million. For a breach of confidential or high-value IP data, the impact would soar from $3 million to $5.4 million.

In addition to the self-reporting loophole, the report had a low response rate: Only 4.2 percent of the targeted 16,330 people responded, and in the end, only 3.8 percent were actually used. Nevertheless, you can’t ignore that even self-estimated attitudes paint a dismal picture of how cloud security is regarded.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 ways to protect your Devices and Data

Gee, it used to be just your desk computer that needed protection from cyber thugs. Now, your connected thermostat, egg tray monitor, teen’s smartphone, garage door opener, even baby monitor, are all game for cyber creeps.

7WCan’t be said enough: Install antivirus software. This software really does make a huge difference. Malware scanners are not enough, by the way. You need both: antivirus, anti-malware, though malware usually targets laptops and PCs. But don’t bet on it staying this way; Macs, mobiles and tablets are vulnerable. Don’t wait to get security applications for your smartphone and tablet. Android is particularly vulnerable.

Enrich your Wi-Fi. Turn on your WPA or WPA2 encryption. Change your router’s default password to something really unique. Update the router’s firmware. Register any new routers online. Contact the router manufacturer’s site for helpful information on making things more secure. Whenever using free public WiFi recognize your data can be sniffed out. Use Hotspot Shield whenever logging in at airports, hotels, internet cafés and more.

Don’t use outdated software. Are you still on Windows XP? Time to switch to 7 or 8. Security holes in outdated applications will not get plugged if there’s no longer support.

Power passwords. You wear a power suit; you take a power lunch, a power nap and a power walk, but do you have a power password? A power password is extremely difficult to crack. It’s at least 12 characters long, contains no dictionary words or keyboard sequences, and has a variety of symbols. You can also use a password manager to create and encrypt passwords.

OS updates: often. Many people fail to keep their operating systems updated. Big mistake. An update means that a security hole, through which a hacker could get in, has been patched. Lots of holes mean lots of entry points for hackers. If Windows alerts you to an available update, then run it. Learn about your system’s update dynamics and get going on this.

Patch up your software. Have you been getting update alerts for Adobe Reader? Take this seriously, because this software is highly vulnerable to hacking if it has unpatched holes. Any reminder to update software must be taken seriously. Don’t wait for an attack.

Wipe old hardware. Got any defunct laptops, tablets, flash drives, hard drives, etc.? Before reselling them, strip them of your data. If you want to discard them, literally hammer them to pieces.

Two-factor authentication. A long, strong password is not 100 percent uncrackable. If a hacker cracks it, but then finds he must apply a second factor to get into your account…and that second factor requires your smartphone to receive a one-time code, he’ll move on.

Don’t get duped. Never click links in e-mails. Don’t click on something that seems too good to be true (a link to naked photos of your favorite movie star). Avoid suspicious looking websites.

Stop blabbing on social media. Information you post on Facebook, for instance, could contain clues to your passwords or security questions for your bank account. Sure, post a picture of your new puppy, but leave the name a mystery if it’s the answer to a security question.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Before Getting Rid of Your Old Printer, Say “Goodbye” to Lingering Data

https://safr.me/webinar/  | Robert Siciliano is the #1 Security Expert in the United States with over 25 years of experience! He is here to help you become more aware of the risks and strategies to help protect yourself, your family, your business, and your entire life. Robert brings identity theft, personal security, fraud prevention and cyber security to light so that criminals can no longer hide in the dark. You need to be smarter than criminals yesterday so that they don’t take advantage of you today! If you would like to learn more about Security Awareness, then sign up for Robert’s latest webinar!

_______

In the security business, there’s a lot of talk about protecting your smartphones and computers from malware and viruses, as well as loss and theft. It makes sense. Most of us use our smartphones and computers on a daily basis and keep important information on them like passwords, user names, and credit card numbers. But there are other devices that hold sensitive data that we don’t really talk about. For example, printers.

http://www.dreamstime.com/royalty-free-stock-image-keyboard-recycle-button-green-white-icon-image35645776Some printers have internal hard drives or flash memory that store documents that have been scanned. This means that images of your pay stub, medical records, credit card statements, or any other sensitive documents you once scanned are stored in the printer’s memory and therefore retrievable by someone who knows where to look for it.

Because these hard drives are usually hard to find, they are usually not removed before a printer is resold or recycled. That can be bad news for you if your printer gets into the wrong hands.

If your printer is nearing the end or you are upgrading to a new printer, make sure you delete that important data off your old printer.

How do you get rid of your printer’s data? There are multiple ways.

  • Unplug your printer for a while. This will delete data if there’s no local storage. Check your printer’s  user guide to see how long to leave your printer unplugged until the data is removed.
  • Clear the direct email function. If your printer has this feature, make sure to delete your password before getting rid of the printer.
  • Wipe the disk drive. If your printer has a disk drive feature, use the wipe disk to make sure your data is not accessible by others.
  • Destroy the hard drive. If you decide to trash a printer rather than reselling it, take it apart and find the hard drive. Remove it and hammer it. But remember, safety first. Make sure you wear those safety glasses.

Follow these tips and sell or recycle your printer with peace of mind, knowing that nobody will be able to retrieve your personal information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.