Posts

10 Internet Security Myths that Small Businesses Should Be Aware Of

Most small businesses don’t put as much focus on internet security as they probably should. If you are a small business owner or manager, not focusing on internet security could put you in a bad spot. Are you believing the myths about internet security or are you already using best practices? Here’s a few of the most common myths…take a look to see where you truly stand:

Myth – All You Need is a Good Antivirus Program

Do you have a good antivirus program on your small business network? Do you think that’s enough? Unfortunately, it’s not. Though an antivirus program is great to have, there is a lot more that you have to do. Also, keep in mind that more people than ever are working remotely, and odds are good that they are working on a network that is not secured.

Myth – If You Have a Good Password, Your Data is Safe

Yes, a strong password is essential to keeping your information safe, but that alone is not going to do much if a hacker is able to get it somehow. Instead, setting up two-factor authentication is essential. This is much safer. Also make sure that your team doesn’t write their passwords down and keep them close to the computer or worse, use the same passwords across multiple critical accounts.

Myth – Hackers Only Target Large Businesses, So I Don’t Have to Worry

Unfortunately, many small business owners believe that hackers won’t target them because they only go after big businesses. This isn’t true, either. No one is immune to the wrath of hackers, and even if you are the only employee, you are a target.

Myth – Your IT Person Can Solve All of Your Issues

Small business owners also believe that if they have a good IT person, they don’t have to worry about cybercrime. This, too, unfortunately, is a myth. Though having a good IT person on your team is a great idea, you still won’t be fully protected. Enlist outside “penetration testers” who are white-hat hackers that seek out vulnerabilities in your networks before the criminals do.

Myth – Insurance Will Protect You from Cybercrime

Wrong! While there are actually several insurance companies that offer policies that “protect” businesses from cybercrimes, they don’t proactively protect your networks, but will provide relief in the event you are hacked. But read the fine print. Because if you are severely negligent, then all bets may be off. In fact, it is one of the strongest growing policy types in the industry.

Myth – Cyber Crimes are Overrated

Though it would certainly be nice if this was false, it’s simply not. These crimes are very real and could be very dangerous to your company. Your business is always at risk. Reports show as many as 4 billion records were stolen in 2016.

Myth – My Business is Safe as Long as I Have a Firewall

This goes along with the antivirus myth. Yes, it’s great to have a good firewall, but it won’t fully protect your company. You should have one, as they do offer a good level of protection, but you need much more to get full protection.

Myth – Cybercriminals are Always People You Don’t Know

Unfortunately, this, too, is not true. Even if it is an accident, many instances of cybercrimes can be traced back to someone on your staff. It could be an employee who is angry about something or even an innocent mistake. But, it only takes a single click to open up your network to the bad guys.

Myth – Millennials are Very Cautious About Internet Security

We often believe that Millennials are very tech-savvy; even more tech-savvy than the rest of us. Thus, we also believe that they are more cautious when it comes to security. This isn’t true, though. A Millennial is just as likely to put your business at risk than any other employee.

Myth – My Company Can Combat Cyber Criminals

You might have a false bravado about your ability to combat cybercrime. The truth is, you are probably far from prepared if you are like the majority.

These myths run rampant in the business world, so it is very important to make sure that you are fully prepared to handle cybercrime.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

1 Billion Records hacked

Billions and billions—it’s only a matter of time before this becomes the number of hacking incidents in a single year, because just in 2014, over one billion records were hacked out of 1,500 different hacking incidents, says a recent report.

4DSome other findings from the report:

  • A little over half the breaches involved credit card numbers, Social Security numbers and other personal information.
  • Most hacking incidents occurred in the U.S.
  • 55 percent of the incidents involved retailers, primarily affecting point of sale systems that lack encryption technology.
  • The private sector, combined with the government, took up 17 percent of the hits.

The government has had it; the White House plans on devoting an office entirely to figuring out how to stay ahead of cyber crime. Let’s hope that the White House really dissects cyber attack technology.

What can consumers, the private sector, retailers, banks and the governments do to make it difficult for hackers to cause mayhem?

  • Go through all of their passwords and replace the weak ones with strong ones. A weak password is less than eight characters (some experts advise that it be at least 12), contains actual words or names, contains keyboard sequences and has limited character variety.

    Keep in mind that an eight-character password such as $39#ikPw is strong and superior to the 12-character 123qwertyTom. But maximize the strength by making the password at least 12 characters and a jumble of character gibberish. A password manager can do this all for you.

  • Install antivirus software. This means antivirus, anti-spyware, anti-phishing and a firewall. Then make sure they are always updated. This software should also be installed on your smartphone and tablet.
  • If you’re still using windows XP because you don’t want to part from your comfort zone, get out of it immediately, because it won’t be so comfy when your system gets dismantled by a hacker. Windows XP is no longer subject to security patches and updates by Microsoft. You need a version, such as MS Win 7, that receives regular updates.
  • Your router has a password that’s been set by the manufacturer. Hackers know these passwords. Therefore, you should change it. Next, turn your WPA or WPA2 encryption on. If you don’t know how to do these things, contact the router’s manufacturer or google it. And unless you have encryption while using public Wi-Fi, consider yourself a lone zebra wandering around in the African savanna where prides of hungry lions are watching you. Get a VPN. Google it.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

I’ve been hacked, now what?

You’re not special; a hacker CAN get into your computer or smartphone. Would you know how to clean up this mess?

4DStart by locating the portal through which the hacker got in such as a browser, emal program. Next, disconnect/uninstall this gateway from the Internet so it doesn’t invade other systems.

Check for suspicious activity by looking at your Activity Viewer or Task Manager. Check the CPU usage—if it spikes, you can have a better chance of spotting malicious activity. In fact, get familiar with how your device runs so that you know what’s normal and what’s not.

Once you’ve snipped access from the hackers, assess their damage.

  • Bring up to date your antivirus and anti-malware systems. If any protection system is disabled, enable it. Do a full system scan—using both systems.
  • Remove anything that doesn’t look right. Various malware scanners will locate bad things, but those bad things will continue downloading if there’s a browser plugin or extension. So take a keen look at all the small items that you’ve downloaded.
  • Change all of your passwords. Make them long and unique.
  • After that, log out of every single account. This will force the hackers to figure out your new passwords.
  • Clear out all cookies, the history and cache in your browser.
  • You may still not be out of the woods at this point. Keep an eye out for suspicious e-mails, new addresses in your account and other phantom activities.
  • If things are still going awry, wipe the hard drive and then reinstall your operating system. But first back up all of your data!

Prevention

  • Have a firewall, and one that’s properly configured.
  • Do not click links inside of e-mails, even if the sender’s address is one you know.
  • Do not open attachments from senders you don’t know or from someone you DO know but would never have a reason to send you an attachment.
  • Delete e-mails with urgent-sounding subject lines or claims you won a prize or inherited money.
  • Have both antivirus and anti-malware applications. They are not one and the same but may be packaged together.
  • Know what your security holes are.
  • Can’t be said enough: Make sure all of your passwords are very strong.
  • Keep your operating system and everything else up to date.
  • If you’re on public Wi-Fi, be extremely cautious. Use Hotspot Shield to encrypt your activities. A Wi-Fi with a password doesn’t mean it’s safe.
  • Never let your device out of your sight. Never. If you think you’ll ever need to leave it unattended, first equip the operating system with a lock and strong password.
  • Back your data up routinely.
  • Your device should have a remote wipe option so that you can eradicate data should someone steal the device.
  • Be very cautious about what you share online. Your computer may have all the bells and whistles of security, but all it takes is one lapse in judgment to let a hacker in, such as falling for some Facebook scam claiming you can watch a video of the latest commercial airliner crash caught on tape.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Make Information Security a Priority

Just about everyone has private information that should be protected. Let’s begin with something you’ve surely heard of: antivirus protection.

3DBut this isn’t enough to guard your personal data. A free antivirus service may not even update automatically, and this is very important to keep up with rapidly evolving technology. Your protection is worth the fee for Antivirus, a firewall, antiphishing software and antispyware.

When’s the last time you updated your browser? Hackers love old, outdated browsers. After you finish this article, update your browser and set your computer to automatically download any future update.

The same goes with your operating system. Update!

Don’t miss out on encryption, which scrambles data so that prying eyes can’t make sense of it. Your computer might already have the feature of encrypting folders, files or the whole disk. If not, you can get a third-party encryption program for free.

If your computer were to crash right this instant, how much data would you lose? You shouldn’t lose much if every day you back your data up on an external drive. Another option is a cloud-based storage system, which is encrypted. The fee for that may be $100 annually or less.

We all know that 123qwe is such an easy password to remember, especially if it’s for all gazillion of your accounts. You know whom else finds this very convenient? Hackers!

If it’s easy for you, it’s easy for them! Every account should have a unique password, and if this is too dizzying, then use a password manager. And choose long passwords that include various characters and exclude words that can be found in a dictionary or successive numbers/letters on a keyboard.

That wireless connection of yours is great—for your neighbor if he decides to get a free ride, or even hack into your data. A WPA2 encryption built into the router will protect you. With public WiFi, use a virtual private network like Hotspot Shield.

Your smartphone also needs protection with all the tools mentioned above, and that includes a VPN.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What is Wardriving?

Wireless networks have certainly brought a lot of convenience to our lives, allowing us to work and surf from almost anywhere—home, cafes, airports and hotels around the globe. But unfortunately, wireless connectivity has also brought convenience to hackers because it gives them the opportunity to capture all data we type into our connected computers and devices through the air, and even take control of them.

4WWhile it may sound odd to worry about bad guys snatching our personal information from what seems to be thin air, it’s more common than we’d like to believe. In fact, there are hackers who drive around searching for unsecured wireless connections (networks) using a wireless laptop and portable global positioning system (GPS) with the sole purpose of stealing your information or using your network to perform bad deeds.

We call the act of cruising for unsecured wireless networks “war driving,” and it can cause some serious trouble for you if you haven’t taken steps to safeguard your home or small office networks.

Hackers that use this technique to access data from your computer—banking and personal information—that could lead to identity theft, financial loss, or even a criminal record (if they use your network for nefarious purposes). Any computer or mobile device that is connected to your unprotected network could be accessible to the hacker.

While these are scary scenarios, the good news is that there are ways to prevent “war drivers” from gaining access to your wireless network. Be sure to check your wireless router owner’s manual for instructions on how to properly enable and configure these tips.

  • Turn off your wireless network when you’re not home: This will minimize the chance of a hacker accessing your network.
  • Change the administrator’s password on your router: Router manufacturers usually assign a default user name and password allowing you to setup and configure the router. However, hackers often know these default logins, so it’s important to change the password to something more difficult to crack.
  • Enable encryption: You can set your router to allow access only to those users who enter the correct password. These passwords are encrypted (scrambled) when they are transmitted so that hackers who try to intercept your connection can’t read the information.
  • Use a firewall: Firewalls can greatly reduce the chance of outsiders penetrating your network since they monitor attempts to access your system and block communications from unapproved sources. So, make sure to use the firewall that comes with your security software to provide an extra layer of defense.

Although war driving is a real security threat, it doesn’t have to be a hazard to your home wireless network. With a few precautions, or “defensive driving” measures, you can keep your network and your data locked down.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What is a Firewall?

Most of us may have heard the term, and know it’s related to security in some way, but do you really know what a firewall is? Traditionally, firewalls were built to keep danger at bay—they were doors (or walls) to block fire from coming into another area—hence the name firewall. When you’re thinking in terms of your online security, modern-day hardware and software firewalls are similar. They act as barriers to prevent unauthorized access to your personal information.

6DFirewalls are software programs or hardware devices that filter the information coming through your Internet connection to your computer (and all the devices that are connected to that connection). A firewall protects you and your devices by examining each piece of information that flows between your devices and the Internet.

Hardware firewalls, such as those included with some routers, are usually a good first line of defense against outside attacks, and they require little to no configuration. The one down sides of using only a hardware firewall is that it only protects you if you are at home. So if you take your computer to a cafe or on a trip, your device is no longer protected by the home-based firewall.

Fortunately, software firewalls can catch these kinds of threats because they are running on your computer and can take a closer look at the network traffic. This allows them to intercept a malicious program before it leaves your computer.

Now that you know the purpose of firewalls, follow these tips for greater security online:

  • Make sure you are using a router that includes a firewall as a first layer of protection
  • Use comprehensive security, like McAfee LiveSafe™ service, that includes a two-way firewall that filters both incoming and outgoing traffic, as well as protection for all your devices, your identity and your data
  • Turn off file-sharing and printer-sharing features if you don’t need them
  • Use common sense, don’t click on links or open attachments from people you don’t know—you could unknowingly be giving them access to your device
  • While the bad guys may always be looking to do harm, just remember that we all need to be vigilant about protecting ourselves and our devices, which in turn helps protect everyone else.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Most People Don’t Understand Cyber Threats

Robert Siciliano Identity Theft Expert

Michael Chertoff, who ran the Department of Homeland Security from 2005 to 2009, says there’s a reason that computer security isn’t up to the threat posed by cyber criminals: Doing it right is too complicated for most people.

“You have to offer people solutions that they are comfortable with,” he said.

Cybercrime is a huge problem that the majority of people who have a connection to the internet aren’t prepared to deal with.

While securing ones PC isn’t a daunting task once you understand the process. For most people, protecting ones PC is beyond the capacity of most computer users. The main issue is that the companies that develop this technology aren’t effective at explaining how things work in simple terms.

Educating users on the terminology is like learning a second language and for most people is near impossible due to life’s existing constraints. Which means technology companies have to do a better job of providing solutions that people are comfortable with that require little or no additional skills.

Here is an attempt at increasing your security vocabulary:

1. Run Windows Update: Or it may be called “Microsoft Update” on your PC. This is a free update to your operating system that Microsoft provides. There are two ways to access this. Either click “Start” then “All Programs”, scroll up the menu and look for the link “Windows Update or Microsoft Update.” Click on it. Your browser (Internet Explorer) by default will launch taking you right to Microsoft’s Windows Update web page and will begin the process of looking at your PC and checking to see what security patches you don’t have. Follow the prompts and click “Express” and let it lead you in the direction it wants. The goal here is for XP to end up with “Service Pack 3” installed. Or go to “Control Panel” and seek out “Security Center.” And click “Turn on Automatic Updates” and let Microsoft do this automatically. In Vista the process is similar and your goal is “Service Pack 1.

2. Install Anti-Virus: Most PCs come with bundled anti-virus that runs for free for 6 months to a year. Then you just re-up the license. If you don’t, then every day that the anti-virus isn’t updated, is another opportunity for criminal hackers to turn your PC into a Zombie that allows your computer to be a Slave sending out more viruses to other PCs and turning your PC into a Spambot selling Viagra.

3. Install Spyware Removal Software: Most anti-virus providers define spyware as a virus now. However, it is best to run a spyware removal program monthly to make sure your PC is rid of software that may allow a criminal hacker to remotely monitor you’re keystrokes, websites visited and the data on your PC.

4. Run Firefox: Microsoft’s Internet Explorer is clunky and the most hacked software on the planet. Mozillas Firefox is less hacked and more secure. Maintain the default settings keep the pop-up blockers and phishing filters on.

5. Secure Your Wireless: If you are running an unsecured wireless connection at home or the office, anyone can jump on your network from 300-500 feet away and access your files. Serious. The router has instruction on how to set up WEP or WPA security. WPA is more secure. If this is a foreign language to you, then hire someone or get your 15 year old to do it.

6. Install a Firewall: Microsoft’s operating system comes with a built in firewall. But it is not very secure. Go with a 3rd party firewall that is prepackaged with anti-virus software.

7. Use Strong Passwords: Little yellow stickys on your monitor with your passwords isn’t good. Use upper case, lower case, alpha-numeric passwords that you change up every 6 months.

Robert Siciliano personal security expert to Home Security Source discussing hacked email on Fox News.