Don’t Be a Victim: How to Prevent Identity Theft (Part Two of Two)

In our last posting, we discussed the different ways that scammers and thieves can obtain information from you so as to steal your identity.  Chances are, you probably have already figured out a few things that you can do to make sure that you don’t become a victim.  But here are more steps to take to prevent identity theft:

  • Never give out personal information in unsolicited emails or over the phone to people you do not know.  The Nigerian lawyer who sent you the nice email and claims to have a million dollars if you will just send in your bank account information is a con artist.  Some of these scammers are getting smart and pretending to send you emails from such high profile companies as Netflix and Amazon, asking you to provide your password to that website for verification purposes.  These companies already have your password.  They don’t need you to email it to them.  If you ever suspect that an email is from a bogus company, call the real company’s customer service line and talk to them.
  • Use multiple passwords that are actually secure.  This doesn’t mean your wife or child’s birthday or anything else that will be easy to guess.  A strong password should have uppercase and lowercase letters and also include numbers and special characters or symbols.  Also, having several different passwords for different sites keeps you protected in case one of your passwords is breached.
  • Keep your anti-virus software updated.  This will prevent viruses from latching on and sending thieves your passwords and other personal information that you transmit.
  • If you must use the internet for financial transactions (and who doesn’t these days), then make sure it is a safe and secure computer that you are using.  Do not log in from work or a public computer like school or the library.  You never know who may have access to this computer and who may be able to get the information.
  • If a company or institution you do business with does suffer a security breach which causes your personal information to be exposed, you should be notified in writing.  If this happens, contact your credit card companies immediately and ask what you should do to prevent your information from being used.  Also, contact credit bureaus for a free copy of your credit report so that you can monitor any new accounts which may be opened in your name.
  • The last tip can also help if you become victim of a skimmer who physically copies your credit card.  Make it a ritual to check your credit card statement for unauthorized purchases as well as your credit report for new accounts.  You may request one free credit report each year from each of the three major credit bureaus.  Additional reports will cost, but the fee is usually nominal so consider this as well.  There is no need to resort to online credit report websites which will charge you a fee to do something you can do yourself for little to no money.
  • Gas station and ATM skimmers can be avoided if you just pay attention to the machines themselves.  If it looks as if the machine has been tampered with, or if the equipment doesn’t seem to fit right or match with the terminal, move on.  Get your gas or make your transaction at another location.  It is better to be safe than sorry.
  • Invest in a good quality paper shredder.  Any papers that you plan to throw away, no matter if they seem harmless, may have identifying information.  Shred them all before you throw them in the trash.
  • Secure your mailbox.  Never leave mail sitting out overnight and, if you are going to be away for a few days, have the mail service stopped until you come back.  Never mail any bills from your home.  Instead, take these directly to the post office and drop them in a secured mailbox.

Following these simple steps won’t guarantee that identity thieves can’t take advantage of you.  But it can make it harder for them to pull off their scams, which will make them move on to their next hapless victim.

Posted in Cyber security, IT and Computer Security, Uncategorized | Tagged , , , , , | Leave a comment

Don’t Be a Victim: How to Prevent Identity Theft (Part One of Two)

Identity theft has become the crime of the new millennium.  Most people have heard of it, but, unfortunately, many people are tragically unaware of the methodology of these criminals and the ways to prevent them.  In this profile, we will discuss how criminals obtain your information and use them for their own purposes.

  • The most obvious method for identity thieves is hacking.  This may come in several forms.  First, hackers can go “phishing” for your information with seemingly innocuous emails asking for personal information.  Other hackers are more subtle and work by putting out software which is infected with spyware and other Trojan viruses.  These programs work under the surface of your computer and allow the hackers to collect personal information such as PINs, passwords, and credit card numbers.  Finally, you will occasionally have the “large-scale hack” where a business or institution has its website breached by hackers who then collect large amounts of data at one time.
  • Another method for identity thieves may not be so obvious.  Almost every day we hand over our credit cards to someone:  a store clerk, a hotel or airport desk attendant, a waiter at a restaurant.  These individuals may then copy down your credit card information and sell it or, if they are more technologically savvy, they may run it through a machine called a skimmer which makes a digital copy of your card and its information.
  • Skimmers are also finding their way into other areas that we usually trust:  namely, bank ATMs and gas station pay-at-the-pump terminals.  Thieves can attach a skimmer to these devices so that when you enter your card and type in the PIN, they get a digital copy of not only the card but also your personal number.  This way, they can then show up later to collect the skimmer and have access to dozens or even hundreds of credit cards that have been used on that machine in a short time period.
  • Some of the more “old-fashioned” con jobs are still around as well.  Individuals posing as telemarketers can entice individuals, particularly preying on the elderly, to turn over information such as credit card or bank account numbers as part of a service that they are supposedly offering.
  • Finally, your own front yard may be a target for identity thieves.  These individuals rifle through homeowner’s trash and mail looking for any scrap of personal data they can find.  A cancelled check, a bank statement, or any personal information thrown in the trash can cause your identity to be stolen.  The same goes for mail which might be stolen giving thieves access to bank statements, and even pre-approved credit cards.

Knowing how you are being targeted is just half the battle in stopping identity thieves.  Be sure to look for our next installment where we will discuss the ways that you can actually avoid having your identity stolen from you.

Posted in Cyber security, IT and Computer Security, Uncategorized | Tagged , , , | Leave a comment

Cyber Security Bill Stalled… But Sponsors Still Push On

Cyber security continues to be an ongoing challenge with no easy answers…

Earlier this month, the senate failed to pass a bill known as the Cybersecurity Act of 2012.  The sponsors of the bill are still pressing the issue with Sen. Jay Rockefeller (D-W. Va.) sending a letter to the CEO’s of Fortune 500 companies asking for their input regarding cybersecurity.

The Hill quotes Rockefeller as saying,

“I would be surprised to learn that many other American companies, most of which recognize that what is good for their bottom lines is also good for the country’s national and economic security, are as intransigently opposed to our cybersecurity legislative efforts as the Chamber of Commerce has indicated they are,” Rockefeller wrote.

Unquestionably, cyber security is an issue that needs to be addressed.

One of the biggest challenges related to broad-sweeping legislation is that, while all companies should be aware of cyber risks, their needs and the protections they should have are different.

The risks associated with a small business owner having their customers’ confidential data, like names, addresses, credit card information, drivers license or social security number, compromised is vastly different than a large company like GoDaddy who recently experienced a denial of service attack.

And, the government’s need to provide protection for national security is even different still.

There is no question that cyber security is a major issue. The biggest question is, what will a breach of cyber security do to your company?

For useful tips regarding cyber security or more information regarding your own cyber security needs, please contact us.

Posted in Cyber security, Ethical Hacking, IT and Computer Security | Tagged , , , | Leave a comment

Should You Put Your Data in the Cloud? Is it Safe?

Google GDrive, Apple ICloud, Amazon Cloud Drive, and dozens of other storage services are campaigning furiously to host your data.  Some of these storage providers are focused on music, videos, books and other entertainment media while others like Box.net, Dropbox, Sugarsync and many others are more generic in their approach and just want to be your “drive in the sky.”  Each of the cloud network storage options out there have both benefits and drawbacks.  However, nearly everyone agrees that cloud storage is here to stay.  Some of the key features you want to look for in a cloud network storage provider:

  1. Price/Storage space ratio – nearly all of the available cloud providers offer a ‘free’ version of their service with a relatively small amount of storage available and the capability to upgrade on a “per gigabyte” basis.
  2. Device support – the real question here is platform availability.  This used to be a limited question of “Windows” or “Mac.”  But now, you need access to your data on your IPad, your Android phone, your Windows PC at work, and your Apple TV at home.  Better device support means more access to your data when and where you need it.
  3. Security/Network Encryption – Many of these providers implement encryption on their servers and even between their servers and your devices.  Some even provide for the client (meaning you as a user) to own/apply the encryption key in each of your clients.  This provides you with better control over who can access your sensitive files.  Depending on your needs, you may also research/implement client-side security for your data – programs like BoxCryptor, TrueCrypt, and CloudFogger to name a few.
  4. Reliability and Redundancy – Most, if not all, cloud network storage providers implement multiple layers of redundancy and backups for your data.  The more robust vendors actually provide built-in versioning support – allowing you to access multiple versions of your files as you’ve uploaded/modified them through your cloud storage service.

At Superior Solutions – we focus on network security, ethical hacking and cyber security training.  We recognize the value of these new and growing cloud storage network providers and encourage our clients to work with us to develop a cloud storage strategy that (a) makes sense for their business, (b) provides a secure and safe environment for their data.  Contact us today to learn how our consultants can help your business keep it’s most valuable data safe and secure in the Cloud.

Posted in IT and Computer Security, Uncategorized | Tagged , , , , , , , , | Leave a comment

Cyber Bodyguards

The concept of cyber bodyguards may seem far-fetched, but it’s something that corporate America already has adopted.  CEO’s, business owners, and companies working through mergers, acquisitions, and IPO’s routinely use.

This is one area where Hollywood has lagged behind. Celebrities spend big money on bodyguards and home security systems but have to date overlooked the security of their personal devices and accounts.  In the last few years, a string of hacks have revealed photos of Heather Morris, Jessica Alba, Scarlett Johansson, and even the script of Tom Cruise’s musical, Rock of Ages. These are just a few of the reports that have been in the news. Hackers and superstar stalkers are after anything of value from celebrity Facebook and Twitter accounts to prerelease blockbuster scripts and unreleased films.

Why hasn’t Hollywood adopted stronger cyber security?  I think that part of the problem has to do with the mistaken attitude of thinking, why would anyone target me, what do I have of value?   The answer is that revealing photos can be sold, prerelease movies can be pirated, voicemails and sensitive emails can be released.

Hollywood celebrities should consider hiring cyber security experts to review their accounts, security settings, and digital assets. These specialists would be used the same way a trainer is used to get in shape for new movie. Hollywood has to take a tougher stance on security just as the rest of the country has.  The alternative for these well known individuals is to hope that they don’t get hacked and if they do, they must be prepared to deal with the fall out which will be more costly than just simply hiring a cyber security bodyguard upfront.

Posted in Ethical Hacking, Hacking, Training and Education | Tagged , , , , , , , , , | Leave a comment

Is It Ok For My Child To Be On Social Media?

Five years ago, the idea of “social networking” involved going out in the evening to community events to rub shoulders with other people in your area.  And the one thing that you never would have seen at one of these events was children.  But now social networking has moved into the realm of cyberspace with Facebook, Twitter, Flickr, and Tout.  So the question must be asked—is online social media still an adults-only realm or should children be allowed to dip their toes in these waters?

  • Before you allow your child to use one of these social media sites, consider what the drawbacks might be.  Probably most obvious is the potential exposure to strangers and online sexual predators.  Children have a habit of wanting to be nice to people who are nice to them, and this can open them up to online predators trolling for naïve young victims.  But most experts agree that even worse than adult predators is same-age bullying.  Cyberbullying has become a major problem with children targeting other kids to embarrass or harass them in cyberspace.  Being a part of social media can open your child up to this danger and you need to seriously consider if this danger is worth the positives of social media exposure.
  • If you do choose to let your child onto a social media site, make sure that you do a few simple things to keep them safe and secure:
    • First and foremost in online security for your child is sit with them and watch them when they are on these websites.  You wouldn’t allow your eight-year-old to wander alone through downtown.  The same goes for the internet.  Think of it as one big city with plenty of “rough neighborhoods” that you need to monitor your child when they are exploring around.
    • Turn your child’s privacy settings to the maximum level.  No one should be able to view their Facebook page or other website account without being accepted as a “Friend.”  And inform your child that only you will approve friend requests.  Don’t let them accept requests from people on their own.  You should only accept requests from friends and family that you are familiar with and comfortable sharing with.
    • Talk to your child about not sharing private information online.  If a child mentions something like his or her school name or schedule online, then a sexual predator can use this information along with his or her name to track down the child in the real world.  Also, avoid posting pictures that might reveal personal information inadvertently, like a home address.
    • Finally, make sure that any other personal information like phone number, social security numbers and the like are never entered online as these can be used for identity theft and sold on the black market.  A child’s credit rating can actually be destroyed before he or she ever even gets a credit card.

There are definite benefits to allowing a child to use social media, such as an expression of creativity and the opportunity to talk to children of various cultures.  But parents need to carefully weigh these positive attributes with the potentially negative side effects which might put their child in danger the next time they log in.

Posted in IT and Computer Security, Uncategorized | Tagged , , , , | Leave a comment

To Prevent Cyber Hacks Should the U.S. adopt a “No Made-in-China” Policy for Chinese Made Telecom Equipment

Earlier this year, Information Age reported that Cambridge University researchers discovered that a microprocessor used by the U.S. military (made in China) contains secret remote access capability (a “backdoor”) which means that it can be reprogrammed or shutdown without the user’s knowledge.  “The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry,” writes Cambridge University researcher, Sergei Skorobogatov.” It also raises some questions about the integrity of manufacturers making claims about security of their products without independent testing.”

Telecom companies such as Huawei have had disputes with Cisco, Nortel, and others. Huawei has also been under investigation by the House Intelligence Committee for ties to the Chinese military and by the FBI for allegedly reselling U.S. technology equipment to Iran despite the current embargoes. The U.S. government and defense officials have also expressed a number of concerns over the years about Chinese telecom companies close ties to the Chinese government and military. To be fair to the Chinese, the issue of Chinese military backdoors in U.S. telecom equipment has definitely been hyped and politicized, particularly in the middle of an election year. Some might even argue that the United States is only trying to help U.S. firms such as Cisco, a bitter rival of Huawei.

Regardless, there is a growing concern in the U.S. and other countries that telecom gear could be hacked. One fear is that backdoors may be placed in communications software/equipment that could be used to spy on U.S. communications.  Another is that potential adversaries will have the ability to turn off or disable equipment using remote access codes and finally, there is the fear that information might be altered or there could be a loss of integrity.

While Chinese telecom companies such as Huawei and ZTE have repeatedly denied these claims, it has not been enough to satisfy everyone. As an example, earlier this year, the Australian government prevented Huawei from bidding on construction of its nationwide high-speed Internet network. Long term, more openness from Chinese companies, greater public oversight of its practices, and offering third party review of their code is the only way I seen these questions being resolved.

Posted in Ethical Hacking, Hacking, IT and Computer Security, Smart Phone Hacking | Tagged , , , , , , , | Leave a comment

Merchants Need to Prepare – EMV Part 2

In our last blog, we introduced you to EMV cards, the new micro-chip enabled credit cards which have been used widely in Europe and which would soon be debuting in the United States.  Of course, consumers aren’t the only ones who will be impacted by this technology.  EMV USA has compiled several steps for merchants to put together a plan for making the transition to this new format a smooth one.  Here’s a summary of this:

  • Create a transition team—Any time you are making a large change in your business plan, a team should be implemented to look over each step in the process of your plan.
  • Look at business drivers and incentives—Look into internal and external business drivers such as liability shift dates and the need to upgrade POS terminals.  Also, find out if there are any incentives for early conversion that might make it more beneficial for your company.
  • Outline all costs—Do not just take into account new equipment.  Include things like training as an expenditure that you need to plan for.
  • Consider basic day-to-day transaction changes—These can include things that will impact your business like potential fraud, changes to transaction time, keypad placement in your business, and how to handle potential problems like customers forgetting their PIN.
  • Conversion—This will not happen overnight.  Create a timeline of several months for gradual switchover, implementation, and testing.
  • “Future Proof” your conversion—Do not just convert for the “now.”  Consider other long-term conversion issues such as mobile payments, contactless interfaces, offline transactions, and hybrid readers which will make future conversions less painful.
  • Do research—Read as much as you can on this topic and learn all of the terminology you can to know everything about the subject.

Getting involved with this conversion now makes good financial sense for your customers and your business.  Following these steps and doing the necessary research will prove a must in making this a success.

Source:  http://www.emv-usa.com/PDF/emvusa/merchant-documents/best_emv_practices.pdf

Posted in IT and Computer Security, Uncategorized | Tagged , , | Leave a comment

Americans, A New Credit Card is Coming to Town – EMV Part 1

American consumers need to get ready as a new type of credit card is on its way to their shores.  The EMV card (which stands for Europay, Mastercard, and Visa) has been in use in Europe for some time and is due to be phased in to the United States within the next few years.  An EMV card appears to be a standard credit card, with one major exception.  Itincludes a 3 by 5 mm microchip embedded into it which will make some significant differences when it comes to how the card is read and verified.

  • The Chip-Enabled Point-of-Sale—The first major difference a customer will notice is the point-of-sale.  When taking a purchase to the cash-register which is enabled with the chip-enabled technology, the card will either be inserted into the credit card machine and left there for the remainder of the transaction, or tapped against the machine to “scan” the card.  There will no longer be the need to scan the magnetic stripe on the back of the credit card.
  • Customer Verification—Currently, standard credit cards are verified using the customer signature.  Some stores go the further step for security by also asking for a picture ID.  With the EMV card, the verification step is provided by the use of a PIN which is entered at the point-of-sale.  No further verification is needed since only the card holder will be aware of the card’s unique PIN.
  • Fraud Prevention—The EMV card is being implemented as a way of staying one step ahead of criminals who have found ways to scam customers and businesses by copying magnetic stripe credit cards.  Under current business practices, if a card is used fraudulently, the customer can contact his or her card company and they will waive the purchases.  Once EMV cards become standard, the onus will fall to the customer to prove the fraud or to prove that they did not make the purchase.  If they cannot, then the customer will still be responsible for the purchases.

Now that American Express has signed on to the EMV system, the way has been paved for all of the major credit card companies to introduce this system in the United States.  Check out our next post where we will look at what this will mean more specifically for merchants who will need to make the switch over with software and hardware as well as training to make the change a success.

Posted in IT and Computer Security, Uncategorized | Tagged , , , | Leave a comment

Is Your Child Safe at Home?

Sending a child out into the world is probably one of the scariest ideas facing parents. But today, that fear is compounded without the child ever leaving home thanks to the internet. Just as the internet can open your child up to the wonders of education, interactivity, and socialization with other people across the world, it can also let in everything from relatively minor risks such as viruses and mal-ware on your computers to the larger dangers such as predators, bullying, and identity theft.

The Federal Bureau of Investigation has compiled a comprehensive guide to how to identify if your child has been contacted by internet predators (http://www.fbi.gov/stats-services/publications/parent-guide/parent-guide). Other guidelines to maintaining internet security with your children include:

  • Anti-Virus/Malware—Keep your computer’s anti-virus and malware software updated and speak to your children about how these programs work. Many sites today use “free” versions of popular gaming characters including Mario Brothers and Sonic the Hedgehog to entice kids in while secretly making you the victim of a cyber attack. Once these viruses take hold, your household network security may be compromised. Talk to your children and educate them about stayingaway from these kind of sites and always informing you when the anti-virus software identifies something that they are doing as a potential hazard or threat.
  • Content-Control Software—Another quite affordable software option is content-control software. This is sometimes referred to as “net nanny” software after one of the first and most popular companies to produce this type of product, but there are many to choose (http://en.wikipedia.org/wiki/List_of_content-control_software). These programs can provide a variety of services including blocking pornographic websites, limiting total internet usage, and also blocking PC and online game activity.
  • Supervision and Communication—Perhaps the greatest tool parents have in fighting off these dangers is themselves. Talk with your children about the dangers that they may face when on-line. Inform them never to give out personal information such as home phone numbers, addresses, or even school names as predators can use this information to locate a child. Also, strongly consider limiting the physical location of a computer to a shared family room or den where you can look over and see what the child is doing online. He or she is more likely to engage in risky online behavior if he or she has a computer in a private bedroom.

These simple tasks can help to maintain a healthy and safe home computing environment.

Posted in IT and Computer Security, Uncategorized | Tagged , , , , , | Leave a comment