Posts

ISPs invading Subscriber’s Privacy

It’s hard to keep track of the news of politics these days, and even if you can, how do you know it’s even real? The political landscape has greatly changed since January, and there have been a lot of laws passed that will affect us all, including the repeal of a law that protected your privacy on the internet. Basically, with this repeal, your internet service provider, or ISP, can sell your browsing history to anyone.

If you use the internet, you will be affected by this law. Not only will this change allow your ISP sell your browsing history to the highest bidder, it could also make it easier than ever before to access information about your family, your finances, and your health. Your ISP can now sell this information to companies, and they don’t need your permission to do so.

So, what does this mean for you? After all, you might not think it really matters that much. In simple terms, it means that your ISP can collect data about your browsing habits, create a record of this, and then sell it to advertisers. Think about your browsing history yesterday. If you want, open it up right now from your browser. One minute, you might have been buying dog food on Amazon, and then next, reading the latest news from the Kardashians. Regardless of if you want advertisers to know that you are a Kardashian fan, or not, to them, your data is a gold mine.

Now, think about your browsing history over the past few weeks or months, and then consider that your ISP knows each and everything you have searched for. It knows about that weird smell coming from your laundry room that you checked out online, and it knows that you have listened to that catchy new pop song a few times. It also knows your deepest worries, your sexual preferences, your political leanings, and what you are feeding your family. This information is invaluable to advertisers, but do you really want it getting out?

Luckily, you have options, one of which is called a VPN, or Virtual Private Network, which will encrypt data. Some of these, such as Hotspot Shield VPN, a client, is a good option. Also, start paying attention to those cookies and delete them.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Smart and Easy Ways to Protect Your Digital Life

Even if you don’t realize it, your identity is all over the internet. Whether you posted to an internet forum in 1996 or you ever had a MySpace page, this information is still out there, and you have to protect it. Here are some simple and easy ways that you can protect your digital life:

  1. Change Passwords – The first thing you should do is make sure you are regularly changing passwords. Make your passwords difficult to guess, and a mixture of letters, numbers, and symbols. Also, make sure that you are protecting your account when resetting passwords. For instance, you should have to answer “knowledge based authentication questions” before making a change.
  2. Take a Look at Account Activity – Many companies allow users to check out their recent activity. Google, Facebook, and Twitter are three examples. If something seems out of place, report it, immediately.
  3. Close Accounts You Don’t Use – Do you have an old MySpace page? Did you start a Blogger and never use it? If so, go and delete those accounts before they get hacked.
  4. Don’t Share Too Much – What do you share online? Are you getting too personal? Hackers can use personal information, such as your birthday, or even favorite sports team, to get into your accounts. This is especially the case if you choose to use this information in your passwords or in your password reset or knowledge based authentication questions.
  5. Use a VPN – With all of the talk about internet security making headlines, the safest way to access public Wi-Fi is through a VPN. A VPN, or virtual private network, encrypts your information.
  6. Don’t share account passwords – STOP THE MADNESS! Though you might think it’s cute to share a social media account with your spouse, it’s also dangerous. The more people who have access to your accounts, the higher the chances of getting hacked.
  7. Choose Trusted Contacts – Make sure to choose a couple of friends or family members as trusted contacts. That way, if you get kicked out of your social media accounts, they (meaning their email or mobile#) can help you get back in.
  8. Update All of Your Software – Finally, make sure that you are updating all of your software such as your OS, apps, or even Office docs when prompted. Don’t let those updates wait. Many of them contain important security updates, too.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to Digitally Secure The Remote Teleworker

If you employ remote workers, your IT staff has a unique challenge keeping your organization safe. Fortunately, using a combination of best practices for cybersecurity, user awareness campaigns, and a strong policy will help to keep data safe.

New advances in mobile technology and networking have given remote workforces a boost, and while policies for most remote workers generally depend on manager or company preferences, most businesses must accommodate a mobile workforce on some level…and here’s where the challenge lies.

Things such as emails, vulnerable software programs and work documents are all tools that cybercriminals can use to infiltrate your company’s network. These remote workers, no matter how convenient they might be, are the weak link in any company’s security plan. Cybercriminals know this, which is why they often focus on these workers. So, what do you do to find a balance between the convenience of remote workers and the importance of network security? Here are eight way that you can secure your remote workforce:

  1. Use Cloud-Based Storage – One way to make your remote workers safer is to use cloud services that use two factor authentication. These often have a higher level of encryption, so any data that your workforce uses is not only accessible, but also protected.
  2. Encrypt Devices When You Can – When giving mobile devices, including laptops, to your remove workforce, make sure that the hard drives are encrypted to protect the data on the machine. However, not all security programs will work with devices that are encrypted, so make sure that you double check all the tech specs before loading them up.
  3. Set Up Automatic Updates – You can also take the steps to automate any software updates, which means as soon as an update is released, your remote workforce will get the software on their devices. This can also be done via Mobile Device Management software.
  4. Use Best Practices for Passwords – You should also make sure that you are implementing good practices with passwords. You should, for instance, safeguard against stolen or lost devices by requiring that all employees use strong, complex passwords. You should also request that your team puts a password on their phones and laptops, since these items are easily stolen.
  5. Create Secure Network Connections – Also, ensure that your remote employees are connecting to your network by using a VPN connection. Encourage your IT staff to only allow your remote workers to connect to the VPN if their system is set up and patched correctly. Also, make sure that they are not connecting if their security software is not updated.
  6. Increase Awareness – Instead of attempting to restrict personal use of the internet, you should instead encourage education about internet use. Create and enact a cybersecurity policy, ensuring that it covers concepts such as phishing, scams, and social engineering tactics.
  7. Use Encrypted Email Software – Checking business email offsite is quite common, even among those who work on-site. Thus, it is extremely important to use a secure program for email.
  8. Use an Endpoint Security Program – Finally, if you haven’t already, implement an endpoint security program. These programs can be remotely launched and managed from one location. This software should also include components to keep unpatched programs, safe.

Yes, remote workers can be a challenge for your IT staff to manage, but when you use a strong policy, good practices in response to cybersecurity, and a comprehensive campaign for user awareness, you and your staff can keep all of your data safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to erase Yourself from your Job

You shouldn’t leave any digital trace of yourself after you leave a job. Hopefully, you’ll be leaving voluntarily and thus have the time to first make backups before you delete anything. This may seem easy, but you need to take inventory to make sure you get EVERYTHING.

3DNote: make sure that every suggestion below is allowed via a company’s internal policies.

An article at wired.com gives these recommendations:

  • Use a flash drive for smaller amounts of data.
  • An alternative is a personal account with Dropbox or Google Drive.
  • For more data use an external hard drive.
  • Don’t include company information in your backups.
  • Forward e-mails you want to save to your personal e-mail.
  • Delete all e-mail files, then close down your e-mail account.
  • Check USB slots.

Your Computer

  • Clear out your personal data if you don’t have authority to wipe the device.
  • Delete all your passwords, usernames, etc., that are stored in the computer.
  • Browsers like Chrome and Firefox will save passwords and tie them to Google ID or Firefox Sync. Don’t just close out of the browser; log out so that nobody sees your passwords. Do what you can to make the browser forget your passwords.
  • In Chrome is “Manage Saved Passwords” in the settings. Use this to delete passwords from any Google account you’ve used. Warning: Hopefully you don’t use the same password and username for workplace Chrome as you do for home, but if you do, deleting this information at workplace Chrome will also clip them at your home computer.
  • In Safari, go to “Preferences,” then “Passwords” and delete.
  • For Microsoft Edge, click the three dots in the upper right; go to “Settings” and then “View Advanced Settings.” Click “Manage Saved Passwords” and delete.
  • If you’re allowed to, wipe the computer.
  • The wired.com article recommends KillDisk and DP Wipe.

Your Phone

  • Wipe your mobile device that’s provided by the company, assuming you have permission.
  • If you don’t have permission, ask the IT team to do this. Just make sure you’re logged out of all applications.
  • Shut your company voicemail down—after you delete remaining messages.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Jihadis using easy to get Privacy Software

Over the past two years, the media has tended to sensationalize jihadists’ rapid adoption and strategic use of social media. Despite perpetual news coverage on the issue, the public, by and large, continues to be relatively in the dark about the intricate ways in which many jihadists maintain robust yet secretive online presences.

To accomplish their goals — ranging from propaganda dissemination and recruitment to launching attacks — jihadists must skillfully leverage various digital technologies that are widely advertised and freely accessible online.

Just as smartphones and portable devices have transformed the way much of the world communicates and interacts, jihadists, too, have rapidly adopted and availed themselves of these technologies.

Their grasp of technology, which is quite savvy, yields one of the most frequently asked questions about the jihadists today: What is in their digital toolbox and how do they exploit these technologies to benefit their activities? This report explores these questions.

ISIS is no exception to the many entities out there, good and evil, who want a strong grasp on technical savvy, particularly software that can oppose surveillance. The Dark Web is abuzz with jihadist threads about how to beat surveillance systems. And they’re learning a lot, says a report from Flashpoint, a cybersecurity firm.

For instance, ISIS knows how to use Tor and Opera to scavenge the Web undetected. That’s just the beginning of their software knowledge. Jihadists also use:

In short, ISIS is very well keeping up with communications technology. Evil can be technologically savvy, too. Do not underestimate the technical prowess of jihadists, even though it seems as though some of them live rather primitively.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

10 Ways to Protect your WordPress Site or Blog from Hackers

As much as you try, the unfortunate truth is that hackers are going to try to attack and access your WordPress website or blog, whether you like it or not. So, it is up to you to make sure you make the hacker’s job as difficult as possible. Here are some tips:

2D1. Use Plugins

One way to make your WordPress account less appealing is to use security plugins. These vary in quality, and you might have to purchase some of them, too. Just make sure to do some research before buying them, and when you do, only buy them from a trusted marketplace.

2. Choose The Right Password and Change It Often

When choosing a password for your account, make sure it is a minimum of 8 characters, and mix it up with letters, numbers and symbols. Also, change your password about every 2-3 months.

3. Change Your Defaults

Also, make sure that you are changing the default user name and password that you are given for your hosting account.  It’s best, in fact, if you change any detail that you are allowed to change, simply because you don’t know how secure your host’s servers are.

4. Only Choose Secure Hosting

Use a secure hosting company. There is no better tip that that. If you go with a free package, understand that you will get what you pay for.

5. Install All Updates

Make sure you are installing any updates you get from WordPress. These often contain security features that can protect you.

6. Consider Hosting Company Security Options

Many good hosting companies offer security options for their clients, and if you have this option, do it. Just make sure you are not paying too much, and look for coupon codes, if possible.

7. Delete What You Are Not Using

If you have unused images or plugins in your account, delete them. They waste space and can put your account and site at risk.

8. Back Up Everything

Your best defense against hackers is to make sure you are backing up everything, and do it often. You can delete any old backups to save space.

9. Watch the Powers You Give Contributors

Though it might be tempting to allow authorized contributors to post their own blogs and articles, don’t give them any more access to your site than you have to.

10. Use Security suites

There are a variety of web based security products designed to proactively monitor your site and block unauthorized activity. Check out Cloudbric. This all-inclusive solution helps in preventing web attacks including DDoS, while also providing SSL and CDN services.

Robert Siciliano is a personal privacy, security and identity theft expert to Cloudbric discussing identity theft prevention. Disclosures.

Before you die, do This

“Nobody likes to do it, but it has to be done.” You’ve heard that before. This time, it applies to 26 documents that you should have all bundled up in a folder that trusted family members have access to (someplace where fire and water won’t damage them). But first let’s go over some details about what should be in that bundle.

1PEssential Documents

  • Your will: Some say not a copy, but the original, accompanied by instructions. Supplying everyone in your will a copy is also advised by others.
  • A completed power of attorney form that your benefactors have access to, should you become rendered impaired.
  • Complete list of loans you’ve made to others, and debts.
  • Proof of ownership of the following if you have them: owned property/housing, vehicles, cemetery plots, savings bonds, stock certificates, brokerage/escrow mortgage accounts and partnership/corporate operating agreements.
  • Last three years’ of tax returns might seem excessive, but if you can, do it.

Bank Accounts

  • Name of bank and phone number, account numbers, online login information
  • Register a family member or spouse’s name with the bank; have them sign the registration document to allow them access to your accounts.
  • A list of safe deposit boxes if you have them

Retirement List

  • Pensions
  • Annuities
  • IRAs
  • 401ks

Medical

  • Power of attorney form. If you become incapacited, who will make medical care decisions for you? This should also be IN your will.
  • Choose your POA attorney while you’re of sound mind.
  • Have it spelled out how you’d like to be treated in the event of incapacitation (and this includes what should be done if you end up in a persistent vegetative state). Who pulls the plug?

Marriage & Divorce

  • Does your spouse know where your marriage license is?
  • If you’re divorced, make sure there are documents spelling out child support, alimony and any property settlements and financial divisions. To avoid disputes, include bank account numbers for the appropriate settlements.
  • Keep copies of life insurance documents.
  • Last but not least is the qualified domestic-relations order, that can prove your spouse got a share of your retirement accounts.

Life Insurance

  • Family members should have copies of life insurance documents and contact information for the carrier.

In a Nutshell, the Top 26

  1. Marriage license
  2. Divorce papers
  3. Living will (what should be done if you’re alive but incapacitated)
  4. Personal/family medical history
  5. Authorization to release medical care information
  6. Durable healthcare POA
  7. Do-not-resuscitate (DNR) order
  8. Tax returns
  9. Housing, land and cemetery deeds
  10. Escrow mortgage accounts
  11. Proof of loans made and owed debts
  12. Titles for vehicles
  13. Stock certificates, savings bonds and brokerage accounts
  14. Partnerships and corporate operating agreements
  15. Life insurance policies
  16. IRAs
  17. 401ks
  18. Pension documents
  19. Annuity contracts
  20. Bank account list
  21. List of bank usernames and passwords
  22. Safe-deposit box list
  23. Will
  24. Letter of instruction for the will
  25. Trust documents
  26. Updated passwords document for all your critical accounts.

Do you have docs you think should be on this list? Please provide in the comments.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Three Quarters of a Billion Records breached

Last year, says the security firm Gemalto, over 700 million records were breached. Or, to put it another way, this translates to two million stolen or lost records every day.

3D2015 Breach Level Report

  • 1,673 hacking incidents
  • 398 were triggered from the inside of the attacked company: employees and even IT staff who were tricked (social engineering) by hackers into clicking on malicious links or attachments
  • Government agencies suffered the greatest data leaks.
  • Following that were nation states and healthcare enterprises (remember the big Anthem breach?)

Gemalto also says that the U.S. is the leading target of cyber attacks, with the UK, Canada and Australia following behind in that order. But don’t let Australia’s fourth place standing fool you. It reports only 42 publically reported incidents, while the U.S. has reportedly had 1,222.

How can you tell your computer has been compromised by an attack?

  • Your computer is running slowly; you’re not simply being impatient—the device really is moving at a crawl. This is a possible sign the computer is infected.
  • Another possible sign of infection: Programs open up without you making them, as though they have a mind of their own.

Protecting Your Computer

  • First and foremost, businesses need to rigorously put their employees through training. This includes staged phishing attacks to see if any employees can be tricked into revealing sensitive company information. Training for workers must be ongoing, not just some annual seminar. A company could have the best security software and smartest IT staff, but all it takes is one less-than-mindful employee to let in the Trojan horse.
  • If you receive an e-mail with a link or attachment, never rush to open them. Pause. Take a few breaths. Count to 10. No matter what the subject line says, there is always plenty of time to make sure an e-mail is from a legitimate sender before opening any attachments or clicking any links.
  • Use firewall and anti-virus software and keep them updated.
  • Use a virtual private network to scramble your online activities when you’re using public Wi-Fi so that cyber snoopers see only scrambling.
  • Use the most recent version of your OS and browser.
  • Regularly back up your data.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

2016 Information Security Predictions

No bones about it, 2016 is sure to see some spectacular, news-chomping data breaches, predicts many in infosec. If you thought 2015 was interesting, get your seatbelt and helmet on and prepare for lift off…

4WWearable Devices

Cyber crooks don’t care what kind of data is in that little device strapped around your upper arm while you exercise, but they’ll want to target it as a passageway to your smartphone. Think of wearables as conduits to your personal life.

Firmware/Hardware

No doubt, assaults on firmware and hardware are sure to happen.

Ransomware

Not only will this kind of attack continue, but an offshoot of it—“I will infect someone’s device with ransomware for you for a reasonable price”—will likely expand.

The Cloud

Let’s not forget about cloud services, which are protected by security structures that cyber thieves will want to attack. The result could mean wide-scale disruption for a business.

The Weak Links

A company’s weakest links are often their employees when it comes to cybersecurity. Companies will try harder than ever to put in place the best security systems and hire the best security personnel in their never-ending quest for fending off attacks—but the weak links will remain, and cyber crooks know this. You can bet that many attacks will be driven towards employees’ home systems as portals to the company’s network.

Linked Stolen Data

The black market for stolen data will be even more inviting to crooks because the data will be in sets linked together.

Cars, et al

Let’s hope that 2016 (or any year, actually) won’t be the year that a cyber punk deliberately crashes an Internet connected van carrying a junior high school’s soccer team. Security experts, working with automakers, will crack down on protection strategies to keep cyber attacks at bay.

Threat Intelligence Sharing

Businesses and security vendors will do more sharing of threat intelligence. In time, it may be feasible for the government to get involved with sharing this intelligence. Best practices will need hardcore revisions.

Transaction Interception

It’s possible: Your paycheck, that’s been directly deposited into your bank for years, suddenly starts getting deposited into a different account—that belonging to a cyber thief. Snatching control of a transaction (“integrity attack”) means that the thief will be able to steal your money or a big business’s money.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Protect Your Family Online With WOT

The web is a dangerous place. Malware, scams and privacy dangers are around every corner, and children can easily find themselves face to face with sites that are not suitable. What can a parent do? One option is to try WOT, Web of Trust, a free browser add-on.

WOT rates each site on the Internet for reliability, privacy, trustworthiness and child safety. When searching a website with WOT, you will see a colored icon, red for bad and green for good, which indicates if a user should proceed. You can also use the WOT rating for every site and read reviews from those who have been on the site.

wot1

WOT offers other features, too. For instance, when visiting a “red site” a large warning appears on the screen. This allows people to choose if they go through or surf away. Additionally, you can also click the WOT button in the browser, and you can see information about the rating of the site, too.

When performing an Internet search and you come across a link that looks fishy, WOT places a red icon next to it. You may also see a yellow icon, which indicates the site may or may not be safe, and gray icons indicate the site is unrated. Hovering over each icon will give you more details about the website, as well as ratings and reviews from users.

WOT2

The latest version of WOT has four levels of safety included. Lite, the lowest level, only shows icons for dangerous websites. The highest level, Parental Control, not only blocks dangerous websites, it also blocks any sites that are not suitable for kids.

Web of Trust is available as a browser add-in for Firefox, Google Chrome, Opera, Internet Explorer and Safari.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. This is a review opportunity via BlogsRelease. Disclosures.