Posts

Getting Rid of an Electronic Device? Do This First…

A shocking study by the National Associated for Information Destruction has revealed some terrifying information: 40% of electronic devices found on the second-hand market contains personal information. This information includes usernames and passwords, personal information, credit card numbers, and even tax information. Tablets were the most affected, with 50% of them containing this sensitive information, while 44% of hard drives contained the info.

What does this mean for you? It means that all of those old devices you have laying around could put you in danger.

Deleting…Really Deleting…Your Devices

Many of us will haphazardly click the ‘Delete’ button on our devices and think that the information is gone. Unfortunately, that’s not how it works. You might not see it any longer, but that doesn’t mean it doesn’t exist.

To really make sure your device is totally clean, you have to fully wipe or destroy the hard drive. However, before you do, make sure to back up your information.

Back Up

Whether you use a Mac or a PC, there are methods built into your device that will allow you to back it up. You can also use the iCloud for Apple, or the Google Auto Backup service for Androids. And of course you can use external hard drives, thumb drives or remote backup.

Wipe

Wiping a device refers to completely removing the data. Remember, hitting delete or even reformatting isn’t going to cut it. Instead, you have to do a “factory reset,” and then totally reinstall the OS. There is third party software that can help, such as Active KillDisk for PCs or WipeDrive for Mac.  If you are trying to clean a mobile device, do a factory reset, and then use a program like Biancco Mobile, which will wipe both Android and iOS devices.

Destroy

Wiping will usually work if your plan is to resell your old device, but if you really want to make sure that the information is gone for good, and you are going to throw the device away anyway, make sure to destroy it.

Many consumers and businesses elect to use a professional document shredding service. I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Theft, vandalism, and industrial espionage are ever increasing security problems. Today’s information explosion can be devastating to your business. Most consumers and businesses may not know that they have a legal responsibility to ensure that confidential information is not disseminated.” The reality is, if security is important to you or your company, then shredding should be as well.  

The goal, of course, is to make it impossible for thieves to access the data you have and/or discard.

Recycle

If you want to recycle your device, make sure that you only use a company that is certified and does downstream recycling. Know that recycling offers NO security for your information. They should be part of the R2, or Responsible Recycling program or the e-Stewards certification program. Otherwise, your data could end up in the wrong hands. Also, if you recycle or donate your device, make sure to keep your receipt. You can use it when you file your taxes for a little bit of a return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Pay attention to your IoT Device Security

Wow cool! A device that lets you know, via Internet, when your milk is beginning to sour! And a connected thermostat—turning the heat up remotely an hour before you get home to save money…and “smart” fitness monitors, baby monitors, watches…

6DSlow down. Don’t buy a single smart device until you ask yourself these 10 questions. And frankly, there’s a lot of effort in some of these questions. But, security isn’t always easy. Check it out.

  • Was the company ever hacked? Google this to find out.
  • If so, did the company try to hide it from their customers?
  • Review the privacy policies and ask the company to clarify anything—and of course, if they don’t or are reluctant…hmmm…not good. Don’t buy a device that collects data from vendors that fail to explain data security and privacy.
  • Does the product have excellent customer support?
  • Is it hard to get a live person? Is there no phone contact, only some blank e-mail form? Easily accessible customer support is very important and very telling of the product’s security level.
  • Does the product have vulnerabilities that can make it easy for a hacker to get into? You’ll need to do a little digging for this information on industry and government websites.
  • Does the product get cues for regular updates? The manufacturer can answer this. Consider not buying the device if there are no automatic updates.
  • Does the product’s firmware also automatically update? If not, not good.
  • Is the Wi-Fi, that the device will be connected to, secure? Ideally it should be WPA2 and have a virtual private network for encryption.
  • Will you be able to control access to the product? Can others access it? If you can’t control access and/or its default settings can’t be changed…then be very leery.
  • What data does the device collect, and why?
  • Can data on the device traverse to another device?
  • Ask the gadget’s maker how many open ports it has. Fewer open ports means a lower chance of malware slithering in.
  • Is stored data encrypted (scrambled)? If the maker can’t or won’t answer this, that’s a bad sign.
  • Ask the manufacturer how the device lets you know its batteries are low.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

How to recycle Old Devices

When it comes to tossing into the rubbish your old computer device, out of sight means out of mind, right? Well yeah, maybe to the user. But let’s tack something onto that well-known mantra: Out of site, out of mind, into criminal’s hands.

7WYour discarded smartphone, laptop or what-have-you contains a goldmine for thieves—because the device’s memory card and hard drive contain valuable information about you.

Maybe your Social Security number is in there somewhere, along with credit card information, checking account numbers, passwords…the whole kit and caboodle. And thieves know how to extract this sensitive data.

Even if you sell your device, don’t assume that the information stored on it will get wiped. The buyer may use it for fraudulent purposes, or, he may resell to a fraudster.

Only 25 states have e-waste recycling laws. And only some e-waste recyclers protect customer data. And this gets cut down further when you consider that the device goes to a recycling plant at all vs. a trash can. Thieves pan for gold in dumpsters, seeking out that discarded device.

Few people, including those who are very aware of phishing scams and other online tricks by hackers, actually realize the gravity of discarding or reselling devices without wiping them of their data. The delete key and in some cases the “factory reset” setting is worthless.

To verify this widespread lack of insight, I collected 30 used devices like smartphones, laptops and desktops, getting them off of Craigslist and eBay. They came with assurance they were cleared of the previous user’s data.

I then gave them to a friend who’s skilled in data forensics, and he uncovered a boatload of personal data from the previous users of 17 of these devices. It was enough data to create identity theft. I’m talking Social Security numbers, passwords, usernames, home addresses, the works. People don’t know what “clear data” really means.

The delete button makes a file disappear and go into the recycle bin, where you can delete it again. Out of sight, out of mind…but not out of existence.

What to Do

  • If you want to resell, then wipe the data off the hard drive—and make sure you know how to do this right. There are a few ways of accomplishing this:

Search the name of your device and terms such as “factory reset”, “completely wipe data”, reinstall operating system” etc and look for various device specific tutorials and in some cases 3rd party software to accomplish this.

  • If you want to junk it, then you must physically destroy it. Remove the drive, thate are numerous online tutorials here too. Get some safety glasses, put a hammer to it or find an industrial shredder.
  • Or send it to a reputable recycling service for purging.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Dust off your digital devices inside and out

Hackers know small companies are more vulnerable to data breaches due to limited resources. Cybersecurity should always be a high priority. But when a company’s IT staff consists of maybe 1-2 people who are provided limited budgets and are constantly solving other tech problems, the focus on security suffers. And hackers aren’t the only problem. One significantly overlooked part of the security process “cleaning” the IT infrastructure.

4HIT staff being and small business owners must keep on top of:

  • Networked systems
  • PC and mobile hardware
  • Multiple device software
  • Local and cloud data

The best way to manage the “cleaning” process is to keep a checklist and break the workload down into small bites. Complete the following tasks to clean up your business’s digital life and add layers of protection:

  • Rule #1: Automatically back up your data before, after and always. No matter what you are doing to your devices, make sure they are backed up.
  • Use automatically updated security tools including anti-virus, anti-spyware, and firewall software.
  • Use a virtual private network for public Wi-Fi activity. Check to see if the VPN auto-updates.
  • Take an inventory of your e-mail files. Depending on the nature of a business, it may be prudent to keep everything backed up for years. In other cases, consider deleting useless messages. Create folders for messages pertaining to certain topics. Delete old folders, etc.
  • Go through all of your devices’ programs and uninstall the ones you’ll never use.
  • Carefully sift through all of your files and get rid of useless ones.
  • Separate out media so that there are files specifically for images, video, docs, etc.
  • Integrate desktop icons that have a commonality. For instance you may have several related to a certain product or service you provide. Create a main folder and put all of these in it. Icon clutter may slow boot-up time and makes things look and feel, well, cluttered.
  • Take a look at all your passwords. Replace the crackable ones with long and strong ones. An easily crackable password: contains real words or proper names; has keyboard sequences; has a limited variety of characters. If you have a ton of passwords, use a password manager.
  • Have multiple backups for your data including on premise and cloud storage.
  • Defragment your hard drive.
  • Reinstall your operating system. Of course, first make sure all your data is backed up beforehand.
  • Operating systems pick up temporary files over time, slowing the computer and making it vulnerable. The free CCleaner tool will clean up your system’s registry.
  • Install program updates. Your OS should automatically do this, but check just to be safe.
  • Review the privacy settings of social media accounts to make sure you’re not sharing information with more people than you’d like.
  • Make sure your business is protected by a security alarm system that includes video surveillance. Hackers get the spotlight, but we can’t forget about the common burglar.

The prevention tactics above apply to businesses and really, everyone. Be sure to train your employees on proactive security and inform them about tricks that cyber thieves use. For more information visit: http://www.dhs.gov/national-cyber-security-awareness-month. If you’re looking for a secure backup solution, check out Carbonite. Sign up before the end of October and receive two free bonus months when you enter code “CYBERAWARE” at checkout.

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

How to plan for Digital Disasters

In this day and age, we should never hear someone proclaim, “Oh my God, my computer crashed! I lost everything!” You can’t lose something that’s been properly backed up.

11DSo many people, including ones with businesses that rely upon cyber communication, continue to avoid backing up their digital data.

Nobody is exempt from the No. 1 rule of backing up your data. Anything could happen:

  • Hard drive crash
  • Accidental deletion
  • Water damage
  • Fire
  • Theft (offline)
  • Ransomware

The planning for digital disasters begins with first going through all of your files to clear out any “junk” or data that you know for sure you no longer need. Then delete it.

Next, make sure all of your files are organized, not scattered haphazardly, and properly labeled. See if you can consolidate some files.

You then must commit to regular backups, and this may be every day for some files. There are programs that can make the hassle of backing up much easier. They will automatically perform backups on everything, keeping a spare copy of all your files.

But what if your computer is physically stolen? A lot of good the prior-mentioned backups will do. And carrying around with you a flash drive is cumbersome and you may forget it at home—the day your computer is stolen—along with the flash drive.

This same principle applies to fire or water damage. The flash drive could be destroyed or lost. Furthermore, it’s not realistic to think you would place your computer in a fireproof safe every time you log off, though maybe every time you go out, that’s more realistic.

You could keep your computer located in a safe place that’s least likely to be damaged by a flood or fire, but that’s a thin layer of protection.

It may seem that the obvious tactic is to back your data up in a cloud service. And you’re right; this would be part of a multi-layer plan. A cloud service may also offer incremental backups.

As for that flash drive, it will sure help to make it a habit to back everything up every day—just the files you changed for that day. What are the odds that your flash drive will get stolen or burned to a crisp?

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

15 tips to Protect your Digital Life

How much of “you” is stored inside your smartphone? For some of you, the answer will be “My entire life.” And that’s practically true. For many, all sorts of highly private, sensitive information, including photos, are stored in that little device called a smartphone.

7WBut here is a better question: Did you know that “you” can be hacked into or in some other way stolen? And remotely at that? And some hacking methods can be very sly and sneaky. Even if your device is tethered to your waist every second, you still need to protect it from remote thieves. Here’s how to protect your smartphone.

  1. Customize your mobile so that if some smart-azz at a party snatches it, they won’t be able to figure out how to get your information. Use a custom lock screen and ambiguous icons for nameless applications—the dork-head won’t have a clue. Do you really want to have an icon sitting on your screen labeled “Finances,” “Banking Info” or “Hot Pics”? Remove default apps too. This won’t stop a skilled hacker, but it will stop the typical doofus in his tracks.
  2. Avoid public Wi-Fi such as at airports, hotels and coffee houses unless you are using a VPN from Hotspot Shield.
  3. Disable your GPS to keep your location hidden.
  4. Stay clear of unofficial versions of the popular applications. These are often found on 3rd party sites.
  5. If you use Google maps, disable or don’t enter your home address.
  6. If you’re not using the Internet, get offline.
  7. Keep far from applications that require some kind of strange permission.
  8. Don’t save your passwords in your browser, even though this is convenient. Instead use a password manager; this is more secure.
  9. Enable a passcode on your device. If you have an Android, customize your lock screen. For the iPhone, use a longer passcode, not a PIN.
  10. Go through all of your apps to make sure that they don’t have access to personal information that you don’t want them to have access to. Pay close attention to all of those checkboxes you click for the “agreement” portions of installing apps. Every month, audit your apps.
  11. Never save a password in a very private application like that of your bank’s. Having to log in every time is a small fee to pay for the security this brings. Similarly, always log out completely from your e-mail every time you’re done using it.
  12. Use cloud encryption for your personal information. The Android allows encryption for all data on the device.
  13. Keep the phone’s operating system and app software updated. Don’t get lax with this.
  14. Anti-theft software. Enable the remote wipe function. This kind of app will help you locate a lost or stolen smartphone, but don’t delay in setting this up.
  15. Keep a backup of all of your device’s data.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to safely and securely recycles Devices

Don’t just throw out your old devices; take measures to protect your personal information.

13DBack Up

Before ridding your device, back up everything on it—everything. Use an automated PC service and/or a flash drive. For the iOS and Android, activate Apple’s iCloud or the Google Auto Backup service.

Wipe

Wiping refers to removing all your data. Simply hitting “delete” or reformatting the hard drive won’t do. I purchased 30 used computers off Craigslist, scoured their hard drives with a forensics expert, and discovered that half of the devices—that had been reformatted—still had personal information.

To wipe Windows PCs, you can use Active KillDisk. For Macs, use the OS X Disk Utility or WipeDrive. “A factory reset should be enough to secure most recent smartphones, provided that you remove any SIM cards that could contain personal info. To be super safe, use Blancco Mobile to wipe the iOS or Android.

Destroy

If you can’t wipe the device, destroy it if you don’t plan on donating or reselling. For example, I recently recycled a laptop that was missing its power supply, so there was no way to turn it on and wipe the disc. Instead I removed the hard drive with a screwdriver, and then took a sledgehammer to it. (Aside from protecting my personal data, it was also a lot of fun.)

Recycle
Ask the recycling company just who does the downstream recycling so that your e-waste doesn’t find its way into a foreign landfill. Make sure the company is part of R2 (Responsible Recycling) or e-Stewards certification programs.

Keep Records

Make sure you document donations with a receipt so that the IRS can give you a little return.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Why it’s Critical to Protect Data on Digital Devices

When devices are lost or hacked and your data is exposed, not only is this a pain to deal with, but you could become a victim of identity theft. Not only do victims of identity theft suffer loss of time  but they also lose money that may not be able to be recovered . In McAfee’s recent study, they found on average that people have over $35,000 worth of digital assets stored on their digital devices, further demonstrating the need to protect your personal data on all of your digital devices.

Studies show that identity theft can take anywhere from one hour to 600 hours to rectify, and so dealing with multiple breaches can potentially add up to several wasted years of your life. Other studies have shown that as many as 25% of victims never fully restores his or her compromised identity. The victim has to deal with it for life. It’s just a constant administrative process that never goes away.

For some people, the consequences of identity theft include financial ruin, wrecked marriages, lost jobs or emotional distress. It can be like a recurring plague. Identity theft is not something you want to happen to you or anyone you love.

What are the most effective ways to protect the data on your devices?

Be careful what you store on your devices. Passwords, driver’s license numbers, credit cards, tax statements—all of these can be used to steal your identity.

Be vigilant about what you post online—Remember online is forever and also hackers use online properties to find out information about you and then use this information to try and lure you to giving them more information through phishing and other tactics.

Use strong passwords—this is often the first line of defense against hackers. Remembers passwords should be at least ten characters in length and ideally use a combination of upper and lower case letters, numbers and symbols and not spell any words or use things like pets’ names or birthdays.

Protect all your devices—PCs, Macs, tablets and smartphones with comprehensive security, likeMcAfee® LiveSafe that includes:

Basic security like antivirus, anti-spyware, anti-phishing, anti-spam and a firewall

Remote locate and lock software to track and lock your PCs, tablets and smartphones if they are lost or stolen.

Password management software to help you securely manage all your usernames/passwords and with one click securely login to any site from any of your devices.

Secure online storage for your most sensitive documents that is only accessible with your face and voice.

Our use of digital devices bring great flexibility and convenience that most of us have come to rely on. It’s up to us to also take steps to make sure we are protecting ourselves and our family, our data and identity.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Cross-Device Security Means “All Access”

You may have a laptop, desktop, netbook, notebook, Ultrabook, tablet, Mac, or mobile phone. You might be single, married, or have ten kids. Either way, you probably have at least one, if not six or more, devices requiring comprehensive security. My family of four has 12 devices, all of which I do my best to lock down like the digital equivalent of Fort Knox.

In order to manage multiple devices “cross-platform,” wherein one device may run Mac OS X while another runs Windows, while your phone is completely different, you need a security solution that is comprehensive, affordable, and straightforward.

PC Magazine selected McAfee All Access for its Editors’ Choice Award, scoring the product with 4.5 stars out of 5 and praising the thoroughness of the protection offered, for any and all devices an individual or a household might own.

McAfee All Access Wins Editors’ Choice Award

In contrast to traditional consumer security products that only offer per-device subscriptions, McAfee All Access is the first solution that uniquely protects all of the PCs, Macs, smartphones, and tablets owned by an individual or household. By providing consumers with a simple, cost-effective means to holistically safeguard all of their devices, McAfee All Access also represents a fundamental shift in the way consumers think about security.

McAfee All Access users can download, activate and manage essential protections from a central console, enabling them to safeguard personal data, defend against malware, and protect kids as they browse online by allowing parents to filter inappropriate content, including YouTube videos and explicit music lyrics, and monitor the use of social media.

Learn more about McAfee All Access.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

 

What Are Your Digital Assets Worth?

Digital assets include: entertainment files (e.g. music downloads), personal memories (e.g. photographs), personal communications (e.g. emails), personal records (e.g. health, financial, insurance), and career information (e.g. resumes, portfolios, cover letters, contacts), as well as any creative projects or hobbies involving digital files.

If your PC crashes or is hacked and your data is not properly backed up, how devastated will you be? Whether for personal use or for business, chances are you have a collection of documents, music, and photos that, if compromised, would almost feel as if your house and all your belongings had been burned up in a fire.

A recent survey found that 60% of respondents own at least three digital devices per household, while 25% own at least five. (Digital devices are mainly desktop or laptop computers, tablets, and smartphones.) As many as 41% of those surveyed spend more than 20 hours per week using a digital device for personal use. Admittedly, I’m online for at least 16 hours a day.

Photographs and similar memorabilia are the main digital asset that most people (73%) consider irreplaceable, should they be lost without having been backed up. Respondents valued personal memories at an average of $18,919, compared to $6,956 for personal records, $3,798 for career information, $2,848 for hobbies and projects, $2,825 for personal communications, and $2,092 for entertainment files.

Consumers estimate the total value of all their digital assets on multiple devices at an average of $37,438, yet more than a third lack protection for those devices.

According to Consumer Reports, malware destroyed 1.3 personal computers and cost consumers $2.3 billion in the last year. Not only have hackers continued to target PCs, with the increased popularity of tablets, smartphones, and Macs, threats are becoming both more common and more complex for non-PC devices. For example, according to McAfee Labs, malware targeted at Android devices has jumped 76% in the last three months.

Many people protect their PCs and digital assets from malware by installing antivirus software. When it comes to smartphones, tablets, and Macs, however, they leave the doors open to criminals. Bad guys are now targeting these devices, as they have become the path of least resistance. Now more than ever, a multi-device security strategy is necessary.

McAfee understood this and solved the complexity and cost pain points by developing a product called McAfee All Access (www.mcafee.com/allaccess) This is the first full security offering for Internet connected devices — from smartphones and tablets to PCs and netbooks. Basically you can get a single license for a great price to secure all of the devices you own!

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)