Posts

How sharing Files puts You at risk

Okay, so you were taught to share your toys in the sandbox, but little did your parents know that years later, sharing your files could result in disaster.

11DPeople share personal and business files all the time on their computers without realizing the security risks. Not all data breaches occur due to malicious events. An annual Ponemon study reveals that 35 percent of leaked data results from unintentional carelessness of the user and 29 percent from network malfunctions.

Workers and consumers alike, quite frankly, are clueless about safe practices and are using practices that are not approved by their company’s IT department. Let’s look at the specifics.

Tunnel vision. Often, users don’t see the grander scheme of things when sharing files. They have tunnel vision and go for the most convenient, cheapest route without considering security. This is how sensitive material gets put at risk. Such users may also end up getting their personal information cluttered up with other family members data or even co-workers data when bringing your own devices to work.

Public sharing settings. Before you share its important you know what you are doing. Years ago I had uploaded a file to a cloud based storage portal and the default settings at the time were “public”, which I didn’t recognize. Shortly after I connected a social site to this service and definitely didn’t realize that document which had personal information was being shared publicly on the social site. When I realized this I felt stupid, and sick.

P2P file sharing. Sharing files over peer networks, such as pirated music etc. creates a hacking risk. The P2P software is a welcome mat to cyber criminals who want to steal information like credit card numbers and information on secret documents. It’s not surprising that P2P software is often in a system that’s been hacked.

The solution is to avoid having P2P software installed at all, including on any BYOD devices. You don’t want to be “that” employee. Along the same lines, make sure that devices are set so that installation of new software cannot occur without the decision maker’s knowledge.

Using just any cloud services. The typical cloud storage is designed for consumers, not businesses, and unless you look at all the settings they can be a risky way of sharing files. Always insist on a higher-grade type of security and storage rather than settling for the run-of-the-mill file sharing service. Look at what security and encryption they have in place, whether you can manually and easily delete files or if they have an expiration date.

Using e-mail to share files. If you send an important document via e-mail, a troublemaker could “see” it while it’s in transmission unless it’s encrypted. By default the email should read HttpS in the address bar when logged in. And of course if you are on free WiFi encrypt that data with Hotspot Shield to prevent WiFi data sniffers.

Flash drives. Think of these little tools as a syringe injecting a virus into your blood. You stick one of these into your computer, and if the drive has been seasoned with malware, your computer will get infected. Anti-virus software, however, can scan a flash drive and its files and knock out any malware.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Before Getting Rid of Your Old Printer, Say “Goodbye” to Lingering Data

https://safr.me/webinar/  | Robert Siciliano is the #1 Security Expert in the United States with over 25 years of experience! He is here to help you become more aware of the risks and strategies to help protect yourself, your family, your business, and your entire life. Robert brings identity theft, personal security, fraud prevention and cyber security to light so that criminals can no longer hide in the dark. You need to be smarter than criminals yesterday so that they don’t take advantage of you today! If you would like to learn more about Security Awareness, then sign up for Robert’s latest webinar!

_______

In the security business, there’s a lot of talk about protecting your smartphones and computers from malware and viruses, as well as loss and theft. It makes sense. Most of us use our smartphones and computers on a daily basis and keep important information on them like passwords, user names, and credit card numbers. But there are other devices that hold sensitive data that we don’t really talk about. For example, printers.

http://www.dreamstime.com/royalty-free-stock-image-keyboard-recycle-button-green-white-icon-image35645776Some printers have internal hard drives or flash memory that store documents that have been scanned. This means that images of your pay stub, medical records, credit card statements, or any other sensitive documents you once scanned are stored in the printer’s memory and therefore retrievable by someone who knows where to look for it.

Because these hard drives are usually hard to find, they are usually not removed before a printer is resold or recycled. That can be bad news for you if your printer gets into the wrong hands.

If your printer is nearing the end or you are upgrading to a new printer, make sure you delete that important data off your old printer.

How do you get rid of your printer’s data? There are multiple ways.

  • Unplug your printer for a while. This will delete data if there’s no local storage. Check your printer’s  user guide to see how long to leave your printer unplugged until the data is removed.
  • Clear the direct email function. If your printer has this feature, make sure to delete your password before getting rid of the printer.
  • Wipe the disk drive. If your printer has a disk drive feature, use the wipe disk to make sure your data is not accessible by others.
  • Destroy the hard drive. If you decide to trash a printer rather than reselling it, take it apart and find the hard drive. Remove it and hammer it. But remember, safety first. Make sure you wear those safety glasses.

Follow these tips and sell or recycle your printer with peace of mind, knowing that nobody will be able to retrieve your personal information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Protect Your Small Businesses with Secure Flash Drives

USB flash drives are handy little devices that can cause big security headaches. Even with robust datasecurity policies USBdrives often fall thru the cracks (and out of pockets). These flash drives are often used by employees for both personal and business use which could potentially spread a virus from a home PC to the corporate network.

Additionally, lost USB drives among other devices with storage can cause even bigger headaches resulting in data breaches. A survey by a U.K.-based company found that last year, 4,500 USB flash drives were forgotten in the pockets of clothes left at the dry cleaners and thousands more handheld devices were left in the back seats of taxis.

Computerworld reports a 2007 survey by Ponemon of 893 individuals who work in corporate IT showed that:USB memory sticks are often used to copy confidential or sensitive business information and transfer the data to another computer that is not part of the company’s network or enterprise system. The survey showed 51% of respondents said they use USB sticks to store sensitive data, 57% believe others within their organization routinely do it and 87% said their company has policies against it.

Flash drives can be a security mess. Organizations need to have business security policies in place requiring secure flash drives and never plugging a found stray catinto the network either.

Ensure all data stored on a secure flash drive is encrypted. TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures