Posts

Keeping Your Zoom Event Secure and Private

There are many public forums out there, and wherever you are or whatever you are using, anyone with some smarts can disrupt an event that is meant for bringing people together. Here are some tips on keeping your next Zoom meeting secure and private:

You definitely don’t want anyone taking control of your screen or sharing information with the group. Thankfully, you can restrict this by controlling screen sharing. Preventing participants in your meeting from sharing is done by using the host controls before starting the meeting.

You also might want to familiarize yourself with the features and settings available from Zoom. The Waiting Room, for instance, has a number of controls available, and is a setting you should always be using. It essentially allows you to control who comes in. As a host, you can customize all of these settings, and even create a message for people waiting for the meeting to start, such as meeting rules.

You shouldn’t use your PMI, or Personal Meeting ID for hosting public events. You also only want to allow users who are signed in to join your meeting. You can also lock the Zoom meeting. This means that no new participants can join, even if they have the meeting ID and the password.

Another thing you can do is set up your own version of two-factor authentication. With this, you can generate a random Meeting ID, and then share that with participants, but then only send the password via a direct message.

If there are disruptive or unwanted participants in your meeting, you can also remove them via the Participants menu. Is a removed participant wants to rejoin, you can also do that by toggling the settings that you did in the first place. This is helpful if you remove the wrong person.

You can also put anyone in the Zoom meeting on hold. This means that the video and audio connections of the attendees are disables. To do this, you can click on a video thumbnail and select “Start Attendee On Hold.” Totally disabling the video is also possible. This will allow you, as the host, to turn off someone’s video. You can also block things like inappropriate gestures or distracting behavior.

Muting participants is also a possibility during a Zoom meeting. This allows you to stop the sounds of barking dogs and crying kids during these meetings. If you have a large meeting, you can also choose to mute everyone by choosing Mute Upon Entry.

File transfers are a possibility during Zoom meetings, but you might not want to allow this. In this case, you can turn off the file transfer capabilities before starting the meeting. Additionally, you can turn off annotation, which allows people to markup shared documents or doodle. Finally, you can also disable private chat. This will stop people in the meeting form talking to each other, which helps to cut back on any distractions that they might have during the course of the meeting.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Covid-19 Remote Desktop Has Significant Risks

Are you newly working from home? Or are you an old pro? Either way, it is likely you are using some form of remote desktop protocol. Those of us who have been working home as our primary means of earning a living, know these tools very well and are accustomed to eliminating the various distractions in our home environment in order to get the job done. There are some precautions to be aware of.

None of us think that we are going to get hacked, even though we have seen time and time again that it is very possible. Even the largest companies in existence have been hacked, and small businesses are even more at risk. You can add even more to this risk if you use a software called Remote Desktop.

Basically, Remote Desktop allows you to access computers remotely in your home or office and give network access to employees who are working remotely. However, when you give or have this access, you are opening up your network to hackers. Thousands of companies and individuals have fallen victim to this, and just one successful hack can be devastating to a small business.

Remote Desktop: What is It?

Remote Desktop, or RDP, is a very common software. In fact, if you have Microsoft Windows, you probably have this software and don’t even realize it. Though it is a very powerful tool for businesses, it is also not very secure.

Criminals know this, of course, and they have created a huge variety of tools to hack into this software. When they get access to the network, criminals can access company information and then take things like log-ins and passwords. Once they have this, they can buy and sell them so that other criminals can use them to access your network. Once they are in, they can do almost anything.

Are You at Risk?

There are estimates that there are over three million companies that theoretically have access to Remote Desktop. Most of them are small businesses and many manage their own IT services in house. If you are a small business and you have an in-house IT department, you could definitely fit into this category. What’s more is that hackers tend to target these businesses, too. Any company that has RDP access enabled is a target of hackers.

What Can You Do About It?

Hopefully at this point you are wondering what you can do to protect your business from hackers who like to access networks through RDP.

  • If you aren’t using remote desktop, then the first thing you should do is to remove Remote Desktop from your network.
  • Make sure to update your operating systems critical security patches which will inevitably update any software around remote desktop protocol.
  • Update all software that could allow remote desktop to be vulnerable
  • Make sure your wireless connections are encrypted which generally means password-protected.
  • If you have a good reason for keeping it, you can also choose to restrict access by setting up a virtual private network, or VPN.
  • Additionally, you can create a firewall to restrict its access
  • Setting up multi-factor authentication is also a good idea if you want to keep this software.
  • Just be aware that none of these solutions are fool proof except totally deleting the software.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

12 Ways To Contain the hack, stop the bleeding & eliminating the threat

Hey YOU, SMB, yeah I’m talking to you. There are a number of things that you can do to not only protect your personal information, but also the information you have in your business:

  1. Hire a professional It is entirely possible the small business was hacked because they did not employ technicians to prevent it in the first place. Therefore 3rd parties that specialize is security and breach mitigation should be contacted immediately.  These IT security professionals specialize in containment. Their role will be to forensically determine the nature of the compromise, remove the vulnerability, update any necessary hardware and software, and ensure a breach such as this does not happen in the future.
  2. Disconnecting every affected device from the Internet temporarily The purpose here is to stop any data from leaving the network and to prevent the hacker from communicating with the server. This may mean disabling internet connections or physically unplugging the internet from connected devices
  3. Change and reset passwords – Many hacks begin with compromised passwords. And the moment a network or device goes back online the hacker will log back in unless all credentials have been changed and updated.
  4. Update all software – Begin by scanning all hardware and software with anti-virus programs and removing viruses. Vulnerabilities are often due to outdated software or operating systems riddled with flaws. Updating with critical patches eliminates these threats.  The breached party should have redundant networked hardware systems in place, backed up data, contingency plans to put duplicate systems online immediately in order to maintain operations.
  5. Update your Companies Hardware– Old outdated hardware simply can’t keep up with the requirements of newer robust software or the security software required to keep networks secure.
  6. Back Up All of Your DataYou have to make sure that you are regularly backing up data to a secure location. This data should also be encrypted.
  7. Manage All IdentitiesYou also must make sure that you are managing identities and access to accounts. You must do this across the board, as just one account being accessed could make you or your network extremely vulnerable.
  8. Use Conditional AccessAdditionally, you should make sure to use conditional access that is based on factors such as location or device.
  1. Utilize Multi-Factor Authentication – You can use multi-factor authentication to keep accounts protected, too. You can use this on its own, or with other conditional access methods to ensure those who are trying to access your data are legitimate.
  2. Security Awareness Training– Assuming employees know what to do and more importantly, what not do, is risky. Providing effecting ongoing security awareness, and in the authors opinion “security appreciation training” is partnering with employees to protect the network.
  3. Patching – Set up a system so that you can always ensure that your hardware and software is always patched and updated on a regular basis. This helps to keep your data safe.
  4. Align Your IT Security with Other Business Security – Those who are in the IT industry often feel as if they are struggling to keep up with changing technology, including security tech. The success of a business is based on keeping it secure, and by keeping all types of security in mind, including IT security, has a direct impact on revenue.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

How to Prevent your Devices From Spying on You

You might not realize it, but your electronic devices may be tracking you. They know what you are doing, what you are reading, and the things you like to do. In almost every case, you give these devices permission to collect this info when you start using them. Here are some tips to help you prevent your devices from spying on you:

Laptops

Macs

If you are using a macOS computer, you can limit the information you are sending to Apple by choosing the Apple menu > System Preferences > Security & Privacy. Click the “Privacy” tab, and then you will see options about what apps can use and share data. If you click “Analytics,” you can do even more. Also, keep in mind that if you install a new app, you have to do those updates, too.

Windows

If you use Windows, you can limit the info you share by going to “Settings,” and then clicking on “Privacy.” You can enable and disable settings for each app. Again, any new apps that you install must be taken care of separately.

Chromebook

Google collects a ton of data, so Chromebook users should pay attention. Got to My Activity, and then delete what you want. You can also turn off some of the data collecting by clicking “Manage your Google Activity,” and then “Go to Activity Controls.”

Phones

You can do similar things to stop data collecting on your phone, too.

iOS

If you have an iPhone, there is a Privacy setting in the Settings menu. Open it, and then click on “Analytics,” to see what you share with Apple. If you don’t want to share this, simply toggle it all off. You can go back to “Privacy,” and then take a look at what the settings are for every app you have downloaded to your phone.

Android

If you have an Android phone, you can choose Google, then go to “Personal Info & Privacy.” Choose the “Activity Controls” screen, and then pick and choose what you want to share. Again, you have to also go to change settings for each app, too.

Fitness Trackers

Your fitness tracker is also spying on you. Apps like Strava and FitBit can be controlled through the Settings and Privacy options on your phone. You can do more, though:

Strava

Click on “Menu,” if you have Android or “More,” if you have iOS. Choose “Settings,” and then “Privacy Controls.”

FitBit

With FitBit, tap your profile, and then your account name. Tap “Personal Stats,” and then “Settings” followed by “Privacy.”

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

A Guide to How Hackers Hack

You have surely heard of hackers, but do you really know how they work? Hackers are well known for being bad guys, though there are certainly good hackers out there too. Here’s a brief guide to help you understand how a hacker can hack:

Directions for Hacking are Easy to Come By

Hackers don’t have to look far for help, especially if they don’t know much about hacking. First is a well-known website known as Kali Linux. It has a ton of tools available for hackers, and the site features many links to other hacking resources. Of course, people who want to hack often go to YouTube, and there are more than 300,000 videos there that teach people how to hack. There are also thousands of other websites out there with easy to follow hacking instructions, and you can find them in about a minute.

Software is Easy to Find, too

Directions for hacking is one part of it, but there is also software available that makes the job of hacking quite easy. Here are some of the options available:

  • Cain & Able – This tool helps a hacker intercept traffic on a network, and then can use that information to get passwords, which helps them get into accounts. More than 400,000 people have downloaded this software.
  • Burp Suite – Hackers use this tool to map out the structure and pages of a website, and then they use the information to attack the site.
  • John the Ripper – People use this tool for dictionary attacks. Basically, it takes text strings, encrypts them, and then uses the information for an attack.
  • Angry IP Scanner – This is a free tool that allows the user to scan a network for open ports. Once they find one, they can easily gain access.

Hackers Also Use Hardware

In addition to downloading software for hacking, it’s also possible for hackers to use hardware. One is called Wi-Fi Pineapple, which is a small, portable object that the hacker can use with any hotspot. They use it to find a laptop that is searching for an access point. Once the Pineapple sees an open connection, the hacker can read texts, emails, and see what websites you are viewing.

Protect Yourself from Hacks

There are many things that you can do to protect yourself from hackers. First, make sure you are using an encrypted website, one with HTTPS instead of HTTP in the address. Also, consider using a VPN when browsing. This encrypts your data so a hacker cannot read it. There’s a ton more to do. Go here: https://safr.me/blog/

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Fake Emails are Becoming a Major Issue for Businesses

You might be surprised to know that more than 3.4 billion fake emails are sent around the globe each day. What does this mean? It means that almost every company out there is vulnerable to cybercrimes in the form of “spoofing” and “phishing.” On top of this, most companies out there have not protected themselves from this type of cyber attack. What’s even more interesting is that the vast majority of these emails are not coming from some foreign land, but they are coming from sources based in the US.

This all sounds pretty dreary, but it’s not all bad. Research is showing that many industries in the US are making strides against these fake emails, though some are working harder than others.

To get the data for this research, companies like Valimail is using data from internal analysis of billions of different email authentication requests. The company also used almost 20 million public records about email to publish its report.

This report shows that email impersonation, which made up 1.2 percent of all emails sent during the first quarter of 2019, is the favorite weapon of cyber criminals to get access to a network. They also try to get access to sensitive information and intellectual property.

Fake emails are a problem, and they are not blocked by cybersecurity defenses that are traditionally used.

These fake emails are one of the biggest sources of cyberattacks. As more businesses recognize email vulnerabilities, organizations should start using authentication technology to protect against fraudulent and untrustworthy senders.

The fact is this: too many cybercriminals are using fake emails to get through these defenses, and better methods to identify senders is needed to make sure that email is more trustworthy both now and in the future.

Protect Yourself

  • The e-mails usually contain at least one link they want you to click. Hover your mouse to see what the URL is. It may appear legit, but note the “http” part.
  • Reputable sites for giant businesses, such as Microsoft and PayPal, will have an “https” in their URL. The phishing link’s URL will usually not have the “s.”
  • A big red flag is if there are typos or poorly constructed sentences, but a phishing e-mail may also have flawless text.
  • Don’t be fooled by company logos, stock imagery, privacy policies, phone numbers and other formalities in the message field. It’s so easy for a hacker to put these elements in there.
  • Be leery of warnings or alerts that don’t sound right. Gee, why would your account be “in danger of being suspended”?

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Deepfakes and the Impact on Cybersecurity Now and in the Future

Can you believe what you see in a video? Most people say ‘yes,’ but the truth is, you no longer can. We all know that photos can be altered, but videos? Thanks to artificial intelligence, these, too, are being altered at a very quick rate.

These videos, known as “deepfakes,” are out there, and they are doing a number on cybersecurity. In fact, leaders in the cybersecurity sector are warning consumers that high tech video alteration is here, and it is very difficult to tell with the naked eye whether or not a video is real or fake.

Leaders in cybersecurity shared an example of how this works. Basically, they created a video of a man, Steve Grobman, an executive from McAfee, speaking. However, the words he was speaking were not his own; they were the words of Celeste Fralick, a female data scientist, who had created this deepfake video to make a point. This might seem like a fun trick to play on your friends, but in reality, it could have a huge impact on cybersecurity, as things like phishing and social engineering will become easier than ever for hackers.

Deepfakes and artificial intelligence can also be used for audio too. Meaning a person’s words can be spliced together seamlessly to create full sentences. Joe Rogan the comedian and podcaster who has 1300+ podcasts was used as a demo. But even more disturbing is Joe Rogans voice with Taylor Swifts face.

What could this mean for you? Well, since it’s so relatively easy to make a video like this, it could cause some real issues for the public. One way that it could be used is to start with a photo, and then change a very small part of it. This change would be unable to be noticed by a human, but the change would be enough for AI to see the photo as something else. So, if you can confuse something like artificial intelligence, you could certainly confuse the systems that are built to stop cybersecurity.

This could have a lot of negative impact on all of us, and it could really give a boost to those who make a living in taking advantage of others via cybercrimes.

The good news is that though this type of technology could be used for bad, artificial intelligence could also be used for good things. For example, the technology could be used to create a crime map of where crimes have happened and where arrests could be made, which would make our streets, safer. At the same time, it could also be used by criminals to know where they could commit a crime without being arrested. You could also look at it like this. During World War II, more than two million people were killed by bombs that were dropped from airplanes. Based on that information, Orville Wright, the inventor of the airplane, was asked if he regretted this invention. He said ‘no.’ Why? Because he looked at the airplane as similar as to fire; it could cause terrible destruction, but at the same time, it is so very useful. This new technology is the same, and it will be interesting to see how it comes to truly be used in the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Young Kids Getting Sexually Exploited Online More Than Ever Before

An alarming new study is out, and if you are a parent, you should take note…children as young as 8-years old are being sexually exploited via social media. This is a definite downturn from past research, and it seems like one thing is to blame: live streaming.

Robert Siciliano Quora Breach

YouTube serves up videos of kids, in clothing, that pedophiles consume and share as if it is child porn. It’s gotten so bad that YouTube has had to disable the comments sections of videos with kids in them.

Apps like TikTok are very popular with younger kids, and they are also becoming more popular for the sexual predators who seek out those kids. These apps are difficult to moderate, and since it happens in real time, you have a situation that is almost perfectly set up for exploitation.

Last year, a survey found that approximately 57 percent of 12-year olds and 28% of 10-year olds are accessing live-streaming content. However, legally, the nature of much of this content should not be accessed by children under the age of 13. To make matters worse, about 25 percent of these children have seen something while watching a live stream that they and their parents regretted them seeing

Protecting Your Children

Any child can become a victim here, but as a parent, there are some things you can do to protect your kids. First, you should ask yourself the following questions:

  • Are you posting pictures or video of your children online? Do you allow your kids to do the same? A simple video of your child by the pool has become pedophile porn.
  • Do you have some type of protection in place for your kids when they go online?
  • Have you talked to your children about the dangers of sharing passwords or account information?
  • Do your kids understand what type of behavior is appropriate when online?
  • Do you personally know, or do your kids personally know, the people they interact with online?
  • Can your kids identify questions from others that might be red flags, such as “where do you live?” “What are your parents names?” “Where do you go to school?”
  • Do your kids feel safe coming to you to talk about things that make them feel uncomfortable?

It is also important that you, as a parent, look for red flags in your children’s behavior. Here are some of those signs:

  • Your kid gets angry if you don’t let them go online.
  • Your child become secretive about what they do online, such as hiding their phone when you walk into the room.
  • Your kid withdraws from friends or family to spend time online.

It might sound like the perfect solution is to “turn off the internet” at home, but remember, your kids can access the internet in other ways, including at school and at the homes of their friends. It would be great to build a wall around your kids to keep them safe, but that’s not practical, nor is it in their best interest. Instead, talk to your child about online safety and make sure the entire family understands the dangers that are out there.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

Who Has Access to Your Personal Info? The Answer Might Surprise You

Are you aware that many people probably have access to your personal info? If you have ever gotten an apartment, have insurance, or applied for a job, someone has done a background check on you, and you might be shocked by what’s in there, including your debts, income, loan payments, and more. On top of this, there are also companies collecting information on you including:

  • Lenders
  • Employers
  • Government agencies
  • Volunteer organizations
  • Landlords
  • Banks/credit unions
  • Insurance companies
  • Debt collectors
  • Utility companies…and more

Thanks to the Fair Credit Reporting Act (FCRA), you can get a copy of these reports every year for a small fee, and they are free if there has been any type of adverse action against you. You can also get this information from certain organizations including the following:

Credit Agencies

Most people know the main credit reporting bureaus, Experian, TransUnion, and Equifax. The reports that these companies give you can include your loan and credit card payment history, how much credit you have, info from debt collectors, and other information.

Employment Screening

If you have applied for a job, you might have gone through employee screening. These employers have access to things like your salary history, credit history, education, and even criminal history.

Housing/Tenant Screening

If you have ever rented an apartment or home, your landlord might have done a background check, too. This might include prior evictions and other negative information.

Banking and Check Screening

Your bank also might have information on you, which could include your banking history, such as negative balances on your checking account or unpaid bills.

Medical Insurance

Finally, if you have medical insurance, your insurance company has probably also done a background check on you. These policies include life insurance, health insurance, long-term care insurance, critical illness insurance, or disability insurance.

Lifehacker and the Consumer Financial Protection Bureau’s 2019 report compiled a pretty amazing list below. Check it out.

The nice thing about these things, however, is that you have a right to access all of these reports, too. In most cases, these reports are free. You can ask these organizations what background check companies they are using, and then you might be able to request a free report. Again, if there is any negative information on these reports that cause you to, for instance, not be hired by an employer, you will automatically get a free copy of this report so you can see the derogatory information for yourself, and then take any steps you can to change it.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How To Determine a Fake Website

There are a lot of scammers out there, and one of the things they do is create fake websites to try to trick you into giving them personal information. Here are some ways that you can determine if a website is fake or not:

How Did I Get Here?

Ask yourself how you got to the site. Did you click a link in an email? Email is the most effective ways scammers direct their victims to fake sites. Same thing goes with links from social media sites, Danger Will Robinson! Don’t click these links. Instead, go to websites via a search through Google or use your bookmarks, or go old school and type it in.

Are There Grammar or Spelling Issues?

Many fake sites are created by foreign entities using “scammer grammar”. So their English is usually broken, and they often make grammar and spelling mistakes. And when they use a translating software, it may not translate two vs too or their vs there etc.

Are There Endorsements?

Endorsements are often seen as safe, but just because you see them on a site doesn’t mean they are real. A fake website might say that the product was featured by multiple news outlets, for instance, but that doesn’t mean it really was. The same goes for trust or authenticating badges. Click on these badges. Most valid ones lead to a legitimate site explaining what the badge means.

Look at the Website Address

A common scam is to come up with a relatively similar website URL to legitimate sites. Ths also known as typosquatting or cybersquatting. For instance, you might want to shop at https://www.Coach.com for a new purse. That is the real site for Coach purses. However, a scammer might create a website like //www.C0ach.com, or //www.coachpurse.com.  Both of these are fake. Also, look for secure sites that have HTTPS, not HTTP. You can also go to Google and search “is www.C0ach.com legit”, which may pull up sites debunking the legitimacy of the URL.

Can You Buy With a Credit Card? 

Most valid websites take credit cards. Credit cards give you some protection, too. If they don’t take plastic, and only want a check, or a wire transfer, be suspect, or really don’t bother.

Are the Prices Amazing?

Is it too good to be true? If the cost of the items on a particular page seem much lower than you have found elsewhere, it’s probably a scam. For instance, if you are still looking for a Coach purse and find the one you want for $100 less than you have seen on other valid sites, you probably shouldn’t buy it.

Check Consumer Reviews

Finally, check out consumer reviews. Also, take a look at the Better Business Bureau listing for the company. The BBB has a scam tracker, too, that you can use if you think something seems amiss. Also, consider options like SiteJabber.com, which is a site that collects online reviews for websites. Just keep in mind that some reviews might be fake, so you really have to take a broad view when determining if a site is legit or one to quit.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.