Posts

Social Networking Security Awareness

One in five online consumers has been a victim of cybercrime in the past two years. Social networking is a direct link to the problem. While social networks allow you to keep in touch with family and friends, there are issues to be concerned about.

Most concerns revolve around online reputation management, identity theft, or physical security issues. Social networking creates a risk of posting content that will be damaging to yourself, your profile being hacked or your credentials being compromised, or inviting burglars to your home by publicizing your whereabouts.

Facebook faces a security challenge that few companies, or even governments, have ever faced: protecting more than 500 million users of a service that is under constant attack. I’m a huge proponent of “personal responsibility,” and that means that you are ultimately responsible for protecting yourself.

Keep your guard up. Cybercriminals target Facebook frequently. Every time you click on a link, you should be aware of the risks.

Be careful about making personal information public. Sharing your mother’s name, your pet’s name, or your boyfriend’s name, for example, provides criminals with clues to guess your passwords.

Technology can help make social networking more secure. The most common threats to Facebook users are links to spam and malware sent from compromised accounts. Consumers must be sure to have an active security software subscription, and not to let it lapse.

Get a complimentary antivirus software subscription from McAfee. Simply “like” McAfee’s Facebook page, go to “McAfee 4 Free,” and choose your country from the dropdown menu to download a six-month subscription to McAfee’s AntiVirus Plus software. The software protects users’ PCs from online threats, viruses, spyware, other malware, and includes the award-winning SiteAdvisor website rating technology. After the six-month McAfee AntiVirus Plus subscription period, Facebook users may be eligible for special discount subscription pricing.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss hackers hacking social media on Fox Boston. (Disclosures)

Virus Hijacks Online Banking Session

Online banking is great. I highly recommend it. But if you aren’t careful to keep your computer secure, getting hacked can turn your online banking session into a nightmare.

OddJob Trojan is the latest in malware and yet another reason to beef up your computer’s security. OddJob hijacks online banking sessions, keeping users’ accounts open after they think they’ve quit. Hackers can then access the open account to make fraudulent transactions.

When your computer’s security is lax, you’re vulnerable to malware or malicious software. An old, outdated, or unsupported browser, operating system, or antivirus program leaves you open to a virus designed to steal your sensitive personal data.

Are you seeing a theme here? Get new, up-to-date operating systems, browsers, and antivirus programs. If you use a PC, I’d strongly recommend Windows 7 with Internet Explorer 9, Firefox 4, or Chrome. All four can be set to update critical security patches and software updates automatically.

I recommend paying for the latest in antivirus protection. If your software license has expired, pay for a new one. If you use a free antivirus program, upgrade to a paid version. You should do this because free antivirus software relies on manual settings rather than automatic scans and updates.

The OddJob Trojan slipped past antivirus software. Keeping your computer’s security updated with the latest definitions is the best way to add layers of protection.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses online banking security on CBS Boston. Disclosures

Choosing an Enterprise eBanking Security Solution

In Gemalto’s eBanking Security Guide, a question is asked: “Banking is changing, are you?”

Banking is a changing business. Since the early 1980’s banking has been going digital and moving online. During the last 10 years, we’ve seen a major shift in the services offered and the behavior of customers.

Gemalto’s Senior Vice President of online banking, Hakan Nordfjell, says, “Secure and convenient eBanking is a key factor in the future of banking.”

The convenience of online banking is what makes it so vulnerable to security threats. And in order to prevent fraud, online banking security must be convenient.

Recent technological advances have been vast and rapid. But after 15 years, online banking remains relatively immature, and this immaturity is reflected in a sometimes-inadequate security posture. You’re ebank is part of your business strategy, ebanking has security issues, therefore security should be a part of your business strategy too.

The security solution you choose should not merely function: it should contribute to realizing that strategy. You might want to offer other online security services remotely associated with people being able to identify themselves. Address change notifications, contract signing and more.

Experience shows that a reliable security solution opens up new business opportunities.

Today we worry about malware, spyware, root kits, phishing, social engineering, and a multitude of scams resulting in account takeover, new account fraud, and identity theft. It’s been less than a decade since the widespread use of broadband Internet took online commerce mainstream, and losses resulting from cyber fraud have already topped a trillion dollars.

Enterprises under siege by criminal hackers need qualified professionals to help plan and develop online banking solutions and to ensure that client information is secure.

These professionals know that most security problems are easily solved, but solutions often sacrifice a certain degree of user friendliness. Securing a system as thoroughly as possible would place unreasonable expectations on customers, demanding that they jump through too many hoops to make a purchase.

The ideal system design finds a happy medium, and incorporates functionality, appearance, and scalability.

When launching any security solution, explain to your customers why the change is necessary, and strive to make changes appealing for users. Be sure that your customer support is adequately prepared. Provide clear information and, if possible, allow customers to select which device to use.

When choosing a security solution for your business, consider a resource that offers more than standalone security technology. A real solution takes future needs and potential threats into account, and, crucially, offers a positive user experience.

Visit www.ebankingsecurity.net to learn how to enhance the security of your online banking system.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

 

Organized Web Mobsters Getting Jobs Inside Corps

In 2009, there were a reported 140 million records compromised, compared to 360 million in 2008. In 2010 there have been almost 13 million records stolen. But don’t have a party just yet. Criminals are fine-tuning their craft and getting better. The industry just isn’t making it as easy. 97% of those records were stolen using malware – malicious software designed to attack the target’s existing systems and software in place.

A reported 50% of the malware was installed remotely. Almost 20% came from visiting infected websites and almost 10% was installed when employees clicked infected links that conned or “socially engineered” them.

A recent Verizon report stated, “Over the last two years, custom-created code was more prevalent and far more damaging than lesser forms of customization, the attackers seem to be improving in all areas: getting it on the system, making it do what they want, remaining undetected, continually adapting and evolving, and scoring big for all the above.”

This may be also attributed to an inside job. A rogue employee on the inside always has the advantage of knowing exactly how to remain undetected.

The report further stated that organized crime rings may “recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score, the smaller end of these schemes often target cashiers at retail and hospitality establishments while the upper end are more prone to involve bank employees and the like.”

In the past three years that’s a total of 513 million records. On average, every citizen has had his or her data compromised almost twice. Where’s your Social Security number in that mix?

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)