Posts

Is Your Privacy a Concern with Biometrics?

When people started using biometric identifiers, many believed that it was all of the security that we needed. However, that was around 15 years ago, and we are still having security and privacy issues. As biometrics become even more common, the chances of hacks are becoming even more common!

Years ago, biometrics was used primarily to fingerprint criminals. Government agencies then started using biometrics to identify federal and state employees, and corporations soon followed. Now, everywhere we look, we can see the use of biometrics in action.

One of the ways that we commonly use biometrics is to access electronic devices, and many of us use biometrics to clock in at work. With all of this use, however, do we have something to worry about?

How Biometrics Have Grown

We are definitely expecting the use of biometrics to skyrocket over the next decade. In fact, estimates are that we could see more than 500 million new scanners being installed. Everywhere we look, there is some type of camera or scanner, but most consumers don’t seem concerned. In fact, a recent survey shows that around 80% of people are more confident in biometrics than they are with passwords…but this is a false sense of security that could pose a big problem.

You Are Not as Secure as You Might Think

 Think about this for a minute; if your password gets stolen, you get a notification that you need to change it. This can be done over and over again with a new password. However, with biometrics, if a hacker accesses your information, there is nothing you can do. They have it forever, and you can’t change your eye scan nor your fingerprint.

Attacks are Here

 Hackers are continuing to get smarter, and they are finding more ways to steal your info. There are more and more attacks that include biometric information, too. Just a couple of years ago, a report from the Office of Personnel Management showed something quite frightening.It reported that millions of government employees had their fingerprint scans stolen. I was actually a victim of that crime as a member of the US Coast Guard Auxiliary.  It is believed that the Chinese government was behind this, and it wasn’t a simple little attack. Many of these people had all 10 of their scans taken, and all of them are still vulnerable, today. Remember; you can’t just change your fingerprints! With this type of a hack, identity theft protection will not help here. But, it’s still good to have that type of protection.

How to Fight Back

Though there are plenty of people who don’t feel very secure with this, it is very important for those who choose to use a biometric scan to know that companies and government agencies must be held responsible with their biometric information. These organizations must do all they can to ensure that these scans remain secure.

Let’s look at Touch ID from Apple. Most people think that the image of your fingerprint is actually stored on your phone. This isn’t the case, though. Instead, it only stores a mathematical representation of your fingerprint. This means that it is totally impossible for someone to create a copy of your fingerprint from this representation. On top of this, there is a chip in these devices that include Secure Enclave, which is an advanced security concept, which protects fingerprint data and passcodes.

This is what companies and the government needs to do when using biometrics, too.

When there is any technology that requires biometrics, consumers must be sure that they are insisting that their information and scans are safe. You don’t have to be afraid, but you do need to be safe, just like you would be if you were doing online banking.

Now that you know all of this, do your loved ones a favor and share it with them. The more people who know, the more we, as a population, are educated and prepared.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Wire Fraud: How Criminal Prey on the Real Estate, Construction, Manufacturing and Art Industries

In any industry where money is transferred or large bills are paid,the door is open for hacks. In manufacturing they pay large vendors for all materials and sometimes overseas. In construction developers pay contractors huge sums of money for labor and materials. You might be buying a home or an expensive piece of art, and either way, these transactions are typically not done in cash. You might think that in well-established industries such as the real estate industry, construction and manufacturing, there are checks and balances, but this isn’t totally the case. The same goes for the art industry.

Most of us won’t be buying multi-million-dollar pieces of art imported from Italy, but many people reading this will buy a home.

As we look at the home buying process and scams, the information is pretty frightening. The Internet Crime Complaint Center, which is part of the FBI, released a report that showed email fraud in the real estate industry rose more than 1,110% from 2015 to 2017. The amount of money lost in real estate fraud rose approximately 2,200%. What does this mean? It means scammers are more efficient than ever before. In 2020 that number jumped another 13%. Recently in a real estate transaction a psychology professor at UC Berkeley, wired $921,235.10 to scammers.

In 2017, almost 10,000 people reported that they were a victim of fraud and identity theft during real estate transactions, and in total, the money lost topped $56 million. Only recently has the real estate community been paying attention to this, but it’s just not enough. Again, the same thing can be said about the art world. Both of these industries are having big issues with fraud.

The Story You Have to Hear

 Every once in a while, I meet someone in my travels who seem to have the perfect life…or at least I would consider it to be pretty great. These people are smart, they have made the right choices, they have worked hard, and they have reaped some amazing awards. A couple of years ago I met a married couple who had this perfect life. The guy was literally into money. His job was to not just handle investments for companies, but for actual countries. He brought in huge commissions for this work, and the pair could literally buy anything that they wanted. However, this also made them a target for scammer.

With all of the money they had, the couple soon got into a new hobby: collecting fine art. Though I don’t know a ton about art, I can tell you that their collection was pretty amazing. They primarily collected at type of art called hyperrealism. Essentially, artists who work in hyperrealism create paintings that look like photographs. Look it up…it’s very cool.

Long story short, the guy decided that he wanted to buy a new painting. It had a price tag of $200,000, and he did this via email. Now typically, this is where alarm bells might go off, but the guy didn’t think this was weird, as he had done it like this several times before. This time, though, things were different.

You see, as he was emailing with the gallery he purchased the paintings from, a hacker was able to intercept the emails because the gallery got hacked. Instead of wiring the $200,000 to the gallery, he wired it directly to the hacker.

Keep in mind, this guy was in finance, and people in this industry are specifically conditioned to know about risk. After talking about it later, he said that there were a couple of things in the emails that could be a sign that something was wrong, but again, doing transactions via email is pretty standard in the art industry as it is in real estate.

Thankfully, his bank noticed the transaction because the account that he wired to was brand new, and the system his bank used was set up to flag any transactions that go to a new account, especially with that amount of money.

Once his bank got in contact with him, he immediately contacted the gallery and they confirmed that they had not gotten the money, and instead, it was probably a fraud. Of course he panicked, and thought his $200,000 was about to vanish. He called anyone and everyone he could think of to stop the transaction.

Finally, he realized that his company had a connection to someone higher up at the bank. He was able to get a personal call in, and they were able to stop the wire from completing. He was very lucky, but not everyone is.

Understanding How the Hack Works

 Though scammers have options at their fingertips, they do tend to like this hack, and they use it to target collectors, art galleries, manufacturers, construction companies, developers, and of course real estate companies, and more. So, if you work in these industries, or you interact with people in these industries, make sure you keep your eyes open.

Essentially, these hackers get information from data breaches, which give them email addresses and passwords from millions of people. So, when the art gallery sends an invoice to the art collector via email, the hacker realizes it, and they will step in.

The hacker takes on the persona of the dealer, the real estate agent, the developers bookkeeper, or the construction companies accountant, and comes up with a story that the client might believe, such as they need to issue a new invoice because there was a typo on it, or they need to change the instructions that the client must follow. They do this so that they can justify a change in the wiring and might even say that they can offer a small discount for the inconvenience. Usually, the buyer or the admin is happy to do this, and once the money is sent, the hacker collects it and disappears.

Victims of These Scams

 When we look at these scams, both the buyer and the seller, and all the companies involved are victims here. They are all left in the dark, and the hacker hijacks the communication. In other words, they control the emails, and they play both of the parts. In the art industry, for instance, when the gallery sends an email to its customer, the hacker intercepts the email and pretends to be the customer. The same thing happens when the customer sends an email to the gallery.

Since the hacker does this, there is plenty of time to cover their tracks and disappear. In the meantime, time and money is lost, and in some cases, the art gallery has even had to shut down for good.

Tips to Keep You Safe

If you work in any of these industries, keep these tips in mind:

  • Email account passwords should be very strong and unique. Don’t ever use the same password for more than one account. When creating a password, use uppercase and lowercase letters, and mix them with characters and numbers…and change them frequently.
  • Use password manager software and have a different password for every account.
  • Set up two-step authentication for your email account. When you log in, you will get a one-time password to your mobile phone, which means someone would need your password and your phone to get into your account.
  • Use an escrow service if you are sending large sums of cash.
  • Pick up the phone and call to confirm every step of the transaction.
  • Keep your anti-virus software updated.
  • When you send an invoice through email, text or call the recipient to check that they got it and that the account number is correct.
  • Talk to your staff about the importance of security, and make sure they understand what phishing scams are. Also, teach them not to click on any attachments or links in an email unless they have confirmed and verified the link or attachment by phone.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

The Significant Risks of the Remote Desktop

Are you one of the millions of Americans who are now working from home? Or have you been working from home for awhile? Either way, it is likely that you are using some type of remote desktop protocol. If you are, there are some things that you should be aware of.

None of us believe that we will be hacked, but we have seen over and over again that it is possible. Even the biggest companies out there have been hacked, and a small company is even more at risk of this. Add the use of a program called Remote Desktop offered by Microsoft or Google Chrome or many other third-party remote access programs, and you need to be aware of some things.

Essentially, Remote Desktop allows you to access a computer remotely. It might be in your home or your office, and you can give access to others who are also working remotely in the form of a “remote assistance scam”. However, when you give access, or have this access, your network may be wide open for hackers. There have been thousands and thousands of cases where people have become victims of various remote desktop/remote assistance scams, and if a hack is successful, it can destroy a small business, wreck a persons bank account or lead to identity theft.

What is Remote Desktop?

Remote Desktop is a very common software, and if you work on a computer with Windows, you probably have this program, and you don’t even know it. Though it’s a great tool, it is not as secure as it should be.

Criminals are well-aware of this, of course, and they have worked to create a number of tools for hacking into the software. When they get access to networks, the hackers can also access company info and steal things like login information. Once they have this information, the hackers can buy and sell them so other hackers can use them. Once they are in, they have access to anything and everything on the network.

You are at Risk

It is estimated that there are more than 3 million businesses out there that have access to Remote Desktop. Most of these are small businesses, and many of them manage their own IT services. If you own a small business and you have an IT department, you fall into this category. Additionally, hackers know that these companies are weaker, and they target businesses like this…and any company that has Remote Desktop is also a target.

What You Can Do About It

At this point, you are probably wondering what you can do to protect your company or yourself from hackers who like to use Remote Desktop to access networks. Here are some tips:

  • If you don’t use Remote Desktop, you should remove it from your computer.
  • Make sure that when there is a Windows Update, that you update it as soon as you possibly can. It’s possible that this update could have a security patch that is imperative for keeping hackers out.
  • Ensure that your wireless connections are encrypted, and also password protected.
  • If you want to keep Remote Desktop, you can, but choose to only use it on a computer that is running on a VPN, or virtual private network.
  • Use a firewall, too, so you can restrict access.
  • Another thing you can do is set up two-factor authentication.
  • Beware of any pop ups or phone calls that lead to someone requesting remote access to our device.
  • Understand that none of this is fool proof. The only way to totally protect yourself from hacks via Remote Desktop is to totally delete the program.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

A Look Ahead: What Challenges Might We Face with Cyber Security in the Next Year?

I was recently talking to a friend. She called me because there was a big issue at work: a ransomware attack. Basically, a hacker installed software that locked down the entire network, and then demanded that her boss pay $8500. Ultimately, against my recommendations, the only choice they determined they had was to pay the money, and in the process, they learned a very valuable lesson about the importance of backing up company data.

This is only one of the things that we are going to be facing in the upcoming year. Here are some more that everyone should be aware of:

More Ransomware

We are definitely going to be seeing more ransomware attacks. These cyber criminals are getting even more greedy and they know that the data they are holding for ransom is very valuable. So, expect even higher priced demands.

More Built-In Security

For those in the security industry, there is going to be a lot of work ahead. There are new challenges coming up all of the time, and there are still the old issues that haven’t been solved. People in the industry will have to go way beyond home computers and cell phones. With so many products connecting to the internet, there are millions of ways for cyber criminals to launch an attack.

Intelligence-Based Security

We also can expect to see more artificial intelligence-based security approaches, since the technology we have now just isn’t doing the job. There needs to be more advanced analytics and monitoring, and this will help to prevent more identity theft incidents than ever before. Artificial intelligence just keeps on getting more prominent, and we are seeing computers actually learning without any help from humans. If these computers start to learn enough, they can start helping criminal hackers too.

A More Vulnerable Internet of Things

It’s also a huge possibility that there are going to be big issues in regard to the Internet of Things. Often called “end points” more devices than ever before are connecting to the internet, and more people are using them. This makes us more vulnerable to attacks, so we need to lock this down. Before you buy anything that connects to the internet, you must do your research.

More Phishing, Too

We can also expect more phishing attacks. Hackers are certainly planning more of this, and honestly, these attacks are easy to pull off. Why would they stop?

Credential Theft is Here to Stay

Attacks that occur for the purpose of stealing banking credentials and payment cards will also continue. Don’t ever click on a link in emails, and don’t open any attachment before you open them.

Credential Stuffing

There are billions of stolen credentials floating around the Internet ready for the taking and hackers are plugging this data into well-known websites and gaining access to email, ecommerce, banking, financial, you name it. Change up your passwords.

Security with Smartwear

We are also seeing new threats in regard to wearable devices. These can be bad news for consumers and businesses because they can easily be portals for infecting a home network. Keep these devices updated and change the passwords from the default if you can.

Governments Could be Targets

Cyber-attacks on governments will surely continue, too. These might be inside jobs, or they could be from foreign sources. Even if you think your devices and data is secure, the government might not be. This is another reason you need to have ID theft protection.

Smarter Cars

We also are going to see smarter cars; cars that are more connected than we have ever seen. There are close to 100 ECUs, electronic control units, in cars these days. Some of these are connected to the internet, too, so think of what this might mean. Technically, a hacker could do things like control the car’s brakes. Thankfully, manufacturers are adding more security, but consumers really have to do their homework, too, and understand their cars’ capabilities.

DDoS Attacks

Distributed denial of service attacks, or DDoS attacks, is when manipulation occurs to make something unavailable to people, like a website. We will certainly see more of this.

Disinformation Proliferation

There has never been a time when dis-information was so easily spread by so many, for so many reasons. When government officials at the very top become the primary spreaders of this information, such as dictators in Banana Republic’s and even those in the USA, you know we have a significant problem. Get your facts straight, publications like the New York Times or the Wall Street Journal have no reason to lie. Fact check before you share and spread misinformation.

Conclusion

Here’s the situation; we cannot fully protect ourselves from all of the fraud and scams that are out there, no matter how hard we try. With so many devices that are connecting to the internet, hackers have a ton of opportunity to take advantage of their victims. We need better security and more awareness, so as we move into the new year, keep all of this in mind.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

The Ultimate Guide to Spotting Fake News

Do you know when something is “fake news?” If you have half a brain, you should. However, when someone in authority makes a claim, the masses who elected that person into that authoritative position, automatically trust what has been said and spread that fake news. That needs to stop. My mother one said believe nothing of what you hear and half of what you see. And today no matter what, don’t automatically believe what you read.

fake newsThere has been a lot of talk about fake news since the 2016 presidential election, and a lot of controversy from those who spread fake stories for the purpose of influencing hearts and minds and of course the outcome of the election. This is dangerous for dozens of reasons, many of which threaten our democracy and in many cases can lead to people getting killed which has happened many times this year.

Keep in mind that not all people who spread or start fake news stories are propagandists, some are thieves and even more are advertisers. Some people just want you to come to their website so they can get clicks and traffic. Advertisers use fake news, as a way to get more clicks. This isn’t really dangerous to you, but someone is getting money because you are clicking on their site.

Other people use fake news, too, including those who want to facilitate identity theft. There are fake news sites that you click on, and then when you visit the site, you get a virus. From there, a hacker can get access to your personal information including your logins and passwords, bank account information, or even your Social Security number.

Here are some things to look out for:

  • Use common sense when looking at fake news stories. If it sounds too sensational, it probably is fake.
  • If a story is an obvious parody, it’s also obviously a fake news story.
  • If you already know some of the facts of the story, and something seems weird about the story you are reading, it’s very possible that the news is fake.
  • Look at the URL where the story is found. If it looks strange, the story is likely fake. For example, if you see a URL ending with “.com.co,” it’s a website from Colombia.
  • If there is a photo and the photo looks fake, the story is likely fake, too. But, this isn’t always the case.
  • Don’t just automatically trust.
  • The main stream media has been vilified over the past four years. And while their news is often “biased”, it’s not fake. It’s based on fact, but again those facts may be slanted in favor of the readership. Fake and biased are definitely not the same thing.

Look Closer at the Photos

Many fake news stories have photos that accompany them. Here’s how to test if a realistic photo is accompanying a fake news story.

  • Take a screenshot of the photo, making sure to exclude any graphics that are not relevant.
  • Open Google Images.
  • Upload or drag the screen shot to the search area in Google Images.
  • You will then see information about the “best guess” for the image. If the information doesn’t correlate to the story, you are probably reading a fake news story.

You can use this trick in other ways, too. For instance, if you do online dating, you can see if the person you are talking to is actually who they say they are. If not, they are a faker.

Additionally, you can do this with any image that you have. If the Google Image search gives you information that doesn’t correlate with what you think it does, it is likely a scam. Keep in mind that crooks like identity thieves often steal images and use them as their own.

When you are in doubt, it is always best to do a search on the item to see if other news sources are reporting on it, too. If the only place the story is seen is on a no-name site, you should suspect that it’s fake. If it’s not also being reported by the New York Times or Wall Street Journal, it’s probably fake.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Election Civil Unrest: Plan Ahead for Turbulent Times

We all know that the election could lead to turbulent times, and there are going to be risks out there. What can you do if you come across some type of violence or protesting? Let’s start with some general tips to keep yourself safe:

  • Don’t wear candidate-specific clothing. You are only bringing attention to yourself.
  • Stay away from areas where there are demonstrations
  • Check out the situation before you head out
  • Things can change very quickly so have a plan to get out of violent situations.
  • Keep up with local news
  • Don’t go near large gatherings
  • Stay home if you hear about demonstrations in your area
  • If you come upon a protest, leave the area as quickly as possible.
  • If you have to go where there are protests, bring a friend and stay together.
  • If you see police trying to settle a situation, leave.

Protests and Demonstrations – Safety Tips

If you want to participate in a protest or demonstration, here are some tips:

  • Don’t get involved if civil unrest breaks out. You could get jailed, hurt, or even killed.
  • Don’t take videos or photos. Law enforcement might see it as threatening.
  • Leave if things get violent.

Unexpected Civil Unrest – Safety Tips

If you find yourself in the middle of unexpected civil unrest, here are some tips:

  • If things get violent, do your best to get out quickly. Try to find a safe, public place like a museum, hospital, church, or hotel.
  • Plan a few routes out of the area. Keep in mind that roads could be closed.
  • Curfews might be imposed, and it’s best to follow them.
  • Try to get to the edge of the crowd, and as soon as you can get away, you should.
  • Walk and try not to run. Running can bring unwanted attention
  • If you get arrested, don’t resist, even if you are totally innocent. You can work it out later.
  • Stay away from glass windows and try to move with the flow of the crowd.
  • Avoid banks, fast food places, government buildings and police stations, as they are often targets during uprisings.
  • If you get into a tight spot, grab your wrists and push your elbows out. This will give you a bit of air.
  • If you are pushed or fall to the ground, try to get close to a wall and roll into a ball. Cover your head.
  • If shots ring out, drop to the ground and cover your neck and head.
  • Don’t try to drive a car through a crowd.
  • If you do end up in a crowd while driving, turn down the nearest side street, turn around, or reverse.
  • If you can’t move, park, lock it, and leave the car. If you can’t get out, turn off the engine and lock the doors.

Stuck in a Hotel or Your Home – Safety Tips

If you are home or in a hotel when violence occurs, here are some tips:

  • Stay inside and don’t leave
  • Reach out to your family and police to let them know where you are.
  • Stay away from windows, draw the blinds, and lock all windows and doors.
  • Find a place to sleep in the center of the home or hotel room.

Following Civil Unrest – Safety Tips

Once things have settled down, keep the following in mind:

  • Stay where you are safe until you know it’s okay to leave.
  • If you are hurt, get medical attention
  • Report damage to police
  • Reach out to family to let them know where you are
  • Report damage to your insurance company

Shut Downs – Tips

Shut downs can happen during times of unrest. Keep the following on hand:

  • Cash
  • Water
  • Food
  • Medication
  • First aid kits
  • Baby and pet supplies
  • Radios and batteries
  • Flash lights
  • Gas in your vehicle
  • Phones, laptops, and chargers
  • A bag with a couple of days of clothes for everyone in your family
  • Essential documents
  • Emergency contacts

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Kids Home? Rethink Their Digital Security or it Will Bite You

If you had asked me a few months ago what I felt about “screen time” and kids, I would have told you that I wouldn’t give my kids their own devices or allow social media accounts until they were 15. But things have changed. Now, I’m happy to let the kids on the family tablet, and even allow them to use things like FaceTime, games, and email. Why? Because I want to make sure that they have some type of connection to the outside world.

However, this didn’t happen without some ground rules, not only to keep the kids safe, but to make sure they don’t totally fall headfirst into cyberspace. Here’s some tips:

No Social Media

Oh you didn’t think I was gonna give you a pass did you? No, my 14-year-old is still not on social media, and she doesn’t complain about it, she doesn’t miss it, and she’s better off for it. First of all, it’s a time suck, it’s often a cesspool of BS, misinformation, disinformation, and just plain mean-ness.

Sure my kids might get the occasional TikTok video from one of their friends, but they don’t have the app, they’re not spending any time on it, and while they might learn a TikTok dance or two, they’re certainly not recording one and posting it online.

Teach Your Kids to Respect Digital Devices

There are a number of ways that you can do this, including setting a rule that they must ask permission before they use the device or go online. By doing this, you are making them conscious of their actions.

Set Rules on When They Can Have Access to Certain Apps or Devices

Another thing you can do is make sure that you set rules about when your kids can access certain devices or aps. For instance, maybe make a rule that they must use devices in common areas, or they can only use game apps after dinner. Whatever the case, you should be checking in on what they are doing.

Create a Schedule

Only allow your kids to use devices when you are available to help or when you know they can’t get in trouble. Allow them to watch Netflix while you are in an online meeting but bring the remote with you.

Create an Agreement

Also, think about a “tech agreement” for your kids. If they break the rules, there will be consequences, just like they have with other rules in your home.

Discuss Online Privacy and Tone

One of the most important things to do is discuss online privacy and tone. Kids don’t always realize that what goes on the internet can stay there forever. Suggest, perhaps, telling your kids not to do anything they wouldn’t do or say with grandma in the room. It works.

Tell Them Your Expectations

Talk to your kids about what you are comfortable with…or not…when they are online. For instance, if you don’t want them talking to strangers, there are email programs that allow you to approve and email that is sent and received. There are similar chat programs.

Is it Time to Talk About Pornography?

This might be the perfect time to talk about pornography, too. Experts say conversations about this should start around kindergarten. To minimize the chances your kid will access it, use parental controls or kid-friendly browsers.

Understand that Kids Will be Kids

Finally, take a deep breath and realize that kids will be kids. As long as they are being safe and polite, allowing them access to these things might be the best way to get through these nationwide quarantines.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Keeping Your Zoom Event Secure and Private

There are many public forums out there, and wherever you are or whatever you are using, anyone with some smarts can disrupt an event that is meant for bringing people together. Here are some tips on keeping your next Zoom meeting secure and private:

You definitely don’t want anyone taking control of your screen or sharing information with the group. Thankfully, you can restrict this by controlling screen sharing. Preventing participants in your meeting from sharing is done by using the host controls before starting the meeting.

You also might want to familiarize yourself with the features and settings available from Zoom. The Waiting Room, for instance, has a number of controls available, and is a setting you should always be using. It essentially allows you to control who comes in. As a host, you can customize all of these settings, and even create a message for people waiting for the meeting to start, such as meeting rules.

You shouldn’t use your PMI, or Personal Meeting ID for hosting public events. You also only want to allow users who are signed in to join your meeting. You can also lock the Zoom meeting. This means that no new participants can join, even if they have the meeting ID and the password.

Another thing you can do is set up your own version of two-factor authentication. With this, you can generate a random Meeting ID, and then share that with participants, but then only send the password via a direct message.

If there are disruptive or unwanted participants in your meeting, you can also remove them via the Participants menu. Is a removed participant wants to rejoin, you can also do that by toggling the settings that you did in the first place. This is helpful if you remove the wrong person.

You can also put anyone in the Zoom meeting on hold. This means that the video and audio connections of the attendees are disables. To do this, you can click on a video thumbnail and select “Start Attendee On Hold.” Totally disabling the video is also possible. This will allow you, as the host, to turn off someone’s video. You can also block things like inappropriate gestures or distracting behavior.

Muting participants is also a possibility during a Zoom meeting. This allows you to stop the sounds of barking dogs and crying kids during these meetings. If you have a large meeting, you can also choose to mute everyone by choosing Mute Upon Entry.

File transfers are a possibility during Zoom meetings, but you might not want to allow this. In this case, you can turn off the file transfer capabilities before starting the meeting. Additionally, you can turn off annotation, which allows people to markup shared documents or doodle. Finally, you can also disable private chat. This will stop people in the meeting form talking to each other, which helps to cut back on any distractions that they might have during the course of the meeting.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Covid-19 Remote Desktop Has Significant Risks

Are you newly working from home? Or are you an old pro? Either way, it is likely you are using some form of remote desktop protocol. Those of us who have been working home as our primary means of earning a living, know these tools very well and are accustomed to eliminating the various distractions in our home environment in order to get the job done. There are some precautions to be aware of.

None of us think that we are going to get hacked, even though we have seen time and time again that it is very possible. Even the largest companies in existence have been hacked, and small businesses are even more at risk. You can add even more to this risk if you use a software called Remote Desktop.

Basically, Remote Desktop allows you to access computers remotely in your home or office and give network access to employees who are working remotely. However, when you give or have this access, you are opening up your network to hackers. Thousands of companies and individuals have fallen victim to this, and just one successful hack can be devastating to a small business.

Remote Desktop: What is It?

Remote Desktop, or RDP, is a very common software. In fact, if you have Microsoft Windows, you probably have this software and don’t even realize it. Though it is a very powerful tool for businesses, it is also not very secure.

Criminals know this, of course, and they have created a huge variety of tools to hack into this software. When they get access to the network, criminals can access company information and then take things like log-ins and passwords. Once they have this, they can buy and sell them so that other criminals can use them to access your network. Once they are in, they can do almost anything.

Are You at Risk?

There are estimates that there are over three million companies that theoretically have access to Remote Desktop. Most of them are small businesses and many manage their own IT services in house. If you are a small business and you have an in-house IT department, you could definitely fit into this category. What’s more is that hackers tend to target these businesses, too. Any company that has RDP access enabled is a target of hackers.

What Can You Do About It?

Hopefully at this point you are wondering what you can do to protect your business from hackers who like to access networks through RDP.

  • If you aren’t using remote desktop, then the first thing you should do is to remove Remote Desktop from your network.
  • Make sure to update your operating systems critical security patches which will inevitably update any software around remote desktop protocol.
  • Update all software that could allow remote desktop to be vulnerable
  • Make sure your wireless connections are encrypted which generally means password-protected.
  • If you have a good reason for keeping it, you can also choose to restrict access by setting up a virtual private network, or VPN.
  • Additionally, you can create a firewall to restrict its access
  • Setting up multi-factor authentication is also a good idea if you want to keep this software.
  • Just be aware that none of these solutions are fool proof except totally deleting the software.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

12 Ways To Contain the hack, stop the bleeding & eliminating the threat

Hey YOU, SMB, yeah I’m talking to you. There are a number of things that you can do to not only protect your personal information, but also the information you have in your business:

  1. Hire a professional It is entirely possible the small business was hacked because they did not employ technicians to prevent it in the first place. Therefore 3rd parties that specialize is security and breach mitigation should be contacted immediately.  These IT security professionals specialize in containment. Their role will be to forensically determine the nature of the compromise, remove the vulnerability, update any necessary hardware and software, and ensure a breach such as this does not happen in the future.
  2. Disconnecting every affected device from the Internet temporarily The purpose here is to stop any data from leaving the network and to prevent the hacker from communicating with the server. This may mean disabling internet connections or physically unplugging the internet from connected devices
  3. Change and reset passwords – Many hacks begin with compromised passwords. And the moment a network or device goes back online the hacker will log back in unless all credentials have been changed and updated.
  4. Update all software – Begin by scanning all hardware and software with anti-virus programs and removing viruses. Vulnerabilities are often due to outdated software or operating systems riddled with flaws. Updating with critical patches eliminates these threats.  The breached party should have redundant networked hardware systems in place, backed up data, contingency plans to put duplicate systems online immediately in order to maintain operations.
  5. Update your Companies Hardware– Old outdated hardware simply can’t keep up with the requirements of newer robust software or the security software required to keep networks secure.
  6. Back Up All of Your DataYou have to make sure that you are regularly backing up data to a secure location. This data should also be encrypted.
  7. Manage All IdentitiesYou also must make sure that you are managing identities and access to accounts. You must do this across the board, as just one account being accessed could make you or your network extremely vulnerable.
  8. Use Conditional AccessAdditionally, you should make sure to use conditional access that is based on factors such as location or device.
  1. Utilize Multi-Factor Authentication – You can use multi-factor authentication to keep accounts protected, too. You can use this on its own, or with other conditional access methods to ensure those who are trying to access your data are legitimate.
  2. Security Awareness Training– Assuming employees know what to do and more importantly, what not do, is risky. Providing effecting ongoing security awareness, and in the authors opinion “security appreciation training” is partnering with employees to protect the network.
  3. Patching – Set up a system so that you can always ensure that your hardware and software is always patched and updated on a regular basis. This helps to keep your data safe.
  4. Align Your IT Security with Other Business Security – Those who are in the IT industry often feel as if they are struggling to keep up with changing technology, including security tech. The success of a business is based on keeping it secure, and by keeping all types of security in mind, including IT security, has a direct impact on revenue.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.