Top 10 Summer Security Tips

summer security tipsWith the summer season in full swing, you probably have some free time on your hands. If you’re like most people, you’ve probably taken a trip or two (or a staycation) and read some books that had been on your to-do list for awhile. But, the most important thing you should do this summer is follow my top ten summer security tips.

TIP 1
If you travel, whether to a nearby hotel, or halfway around the world, save your photos to share when you return home. Don’t post any photos that indicate you’re away from home. Even if you think only friends and family may see the pics, THEY can share them. Don’t give thieves the opportunity to visit your house uninvited. Automatically upload your photos to iCloud or Google’s photo app after you take them. This way, if you lose your phone, you will still have access to all the photos you’ve taken.

TIP 2
The other half of the first tip is to review and update your privacy settings on your social sites – before you travel, or before you start sharing lots of posts. There is “metadata” imbedded in your photos that will indicate your location, time, and even what device you are using. Follow your device’s instructions on how to eliminate that information.

TIP 3
Create a free email address to use when traveling. That way, you can delete it or forget about it once you return home. Since you don’t know how a faraway hotel, restaurant, or museum will secure its data, play it safe. This way, you can sign up for discounts or giveaways without endangering your real email addresses. This is easily set up using Gmail.

TIP 4
Since it’s best to be safe than sorry, change your passwords regularly – every couple of months. This means, email accounts, social media accounts, financial websites, etc. And don’t use the same password twice. Use a password manager like LastPass to store your passwords and create new ones. This way, you only have to remember only one password.

TIP 5
Clean up the apps on your smartphone and tablet. Do you still play Angry Birds? How many weather apps do you really need? Your may be surprised if, after deleting some apps, your device runs faster. Be sure that you only download apps from your legitimate app store. Using third party app stores can lead to downloading malware, since third party app stores do not necessarily police the apps they host.

TIP 6
With summer sales (including Amazon’s recent Prime Day), you will be tempted to shop online. Rule number one: Don’t ever click on the “Remember Password” option in your browser. Unlike passwords saved in LastPass, or other password managers, they are not protected by encryption and are open for bad guys to see if they get ahold of your browser. To quote Dana Molina of SureTech, “If your device is ever stolen, you’ve just invited a thief into your home, removed their shoes, and given them a foot massage.”

TIP 7
Treat your personal data as if it were cash, and never share it with just anyone. Your Social Security number, credit card numbers, and bank account numbers can be used to steal your money or open new accounts in your name. Therefore, every time you are asked for your personal information, whether in an email, text, phone message, or web form or survey, think about whether you can really trust the request. In an effort to steal your information, scammers will do everything they can to appear trustworthy. This may seem like a strange thing to say, but “when in doubt, LIE” about the information you are providing in a web form or to establish a social media account. For example, don’t use your real birthdate. Instead, use January 1 plus five years younger or older than you really are. Of course, there are official sites that may require your real data, but for everything else, be creative.

TIP 8
Using a public Wi-Fi network not only puts your personal devices at risk, but also exposes your traffic to everyone else using the same network. Cybercriminals can potentially access any information you provide, such as, credit card numbers, confidential information, or passwords. If you are at a place with free Wi-Fi, be sure you use a virtual private network (VPN) to protect yourself online. There are free VPN’s on the market, such as, the updated TOR app, that will enable you to browse safely.

TIP 9
The physical security of your devices is just as important as their technical security. If you need to leave your laptop, phone, or tablet for any length of time, lock them up so no one else can use them. Also use biometrics if your device has the capability, or use a screen saver password, and be sure to turn on the “Find My Device” feature that most wireless devices have. And most important of all, encrypt your device so that if someone does steal it, he or she cannot gain access to your data.

TIP 10 (actually Tip 10 plus an extra tip)
Lastly, I cannot make a security tip list without including the two most important tips in the data breach prevention toolbox: Before any account is hacked and before you lose your data, back up, back up, back up. And as a result of the world we live in, a new mantra has been added; It’s not if you get hacked, it’s when, so be sure to install anti-virus software on all of your wireless devices.

Before Facebook (yes, we really had a life before Zuck’s online platform), we didn’t share everything online. We didn’t announce our trips while we were away from home. We didn’t post photos of babies before they left the hospital. And we didn’t post every single status update. So, bottom line, think before posting, and maybe, it would be helpful to consider consequences if a security breach happens and a hacker accessed your email account or your favorite social media account. Would you be in crisis mode, or just shake it off because none of your sensitive data was posted? Hopefully, after reading this post and reviewing your content, you can answer the latter.

What’s your favorite summer security tip?

Image Credit: Sai Kiran Anagani via Unsplash.

Advertisements
Posted in Cybersecurity, Data Security, Email, Mobile Computing, Online Security, Social Media | Leave a comment

Did You Hear? Foursquare Announced a New Privacy Policy!

foursquareHow often do you read email notifications from your frequently used social media sites? When Facebook makes a change to its news feed, how soon are you aware of the change, and better yet, do you care? When Twitter updates its Terms and Conditions, do you read the new terms and conditions page in its entirety? When a social platform changes or updates its privacy policy, do you read the new policy? You know what I would recommend.

Recently, I received an email from Foursquare, the location-tech brand and mobile app. If you use Foursquare, you received the same email. The subject line was straightforward: Foursquare’s Updated Privacy Policy. Upon checking the email address (noreply@legal.foursquare.com), I decided to open the email, which read:

At Foursquare, we love making cities all over the world easier to navigate, and creating products that rely on our industry-leading location tech. In order to keep us doing our best, and because we want to keep you informed, it is time for a little update to our privacy and cookie policies.

What has changed:
• We reorganized our privacy policy into relevant sections to make it easier to read and understand.
• New sections were added to include a policy on our practices in relation to data collected from Foursquare users and individuals other than Foursquare users.
• We updated our collection, sharing, and disclosure practices consistent with corresponding updates we are making to our business model.

We remain dedicated to the protection of our community’s data and do not and will not share data on an individual level. There is no need for you to take action. By continuing to use Foursquare City Guide and/or Foursquare Swarm after 2/28/2018, you agree to our updated Privacy Policy and Terms of Service. If interested in more details about the changes being made, visit: https://foursquare.com/legal/privacy.

While some users may dislike some of Foursquare’s sections and/or conditions, the fact that it presented its policy in a clear and concise manner was admirable as was its form of communication, in this case, a timely email, to users.

All brands can learn from this interaction with customers when addressing such important issues of privacy and security.

 

Image Credit: Foursquare.

Posted in data protection, Data Security, Email, Online Privacy, Online Security, Social Media, Terms of Service | Leave a comment

Top 10 Quotes About Information Security

14855845 - close up view on conceptual keyboard - security (blue key)If you spend your time living and breathing information security, there are some quotes that you share with others on a regular basis. Here are some quotes that provide insight, reminders, and tips.

[1] Scott Nealy, co-founder of computer technology company Sun Microsystems, once said, “You have zero privacy.” Once you post something online, it has the potential to be online forever. So, think before you post. Do you really want that photo to be seen by your boss or by your grandmother? Ask yourself that question before posting anything.

[2] Mike Sullivan, Director of Education for Take Charge America, said “I always tell people that if you haven’t had your identity stolen already, you will. There are just so many outlets and so many ways it can happen.”

[3] According to MIT Information Systems and Technology: “Read website privacy policies. They should explain what is being collected, how the information is being used, whether it is provided to third parties and what security measures the company takes to protect your information. The privacy policy should also tell you whether you have a right to see what information the website has about you. If you don’t see a privacy policy, or you can’t understand it, consider doing business elsewhere.”

[4] Richard Power, Distinguished Fellow, Carnegie Mellon CyLab, wrote, “From cyberbullying to sexting to prowling predators, the Information Age has brought with it a new spectrum of risks and threats for parents to guard their children against, and now that spectrum of threats has expanded to include child identity theft.”

[5] Kevin Mitnick wrote, “Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.” How much time and effort does your business allocate toward regular network security training for all employees?

[6] Technology author Richard Clarke has said, “If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

[7] Bruce Schneier said, “Computer security can simply be protecting your equipment and files from disgruntled employees, spies, and anything that goes bump in the night, but there is much more. Computer security helps ensure that your computers, networks, and peripherals work as expected all the time, and that your data is safe in the event of hard disk crash or a power failure resulting from an electrical storm. Computer security also makes sure no damage is done to your data and that no one is able to read it unless you want them to.”

[8] James Scott said, “Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact.” Again, how often does your business provide network security training to all employees?

[9] According to Stepahane Nappo, “It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” State of Hawaii, are you listening?

[10] According to Jo Ann Davis, “As our country increasingly relies on electronic information storage and communication, it is imperative that our Government amend our information security laws accordingly.” Legislators, are you listening?

What’s your fave infosec quote, reminder, or tip?

Posted in Business Process, data protection, Data Security, Management and Technology, Network Security | Leave a comment

Who Authorized This Email?

monI recently received an unusual email message to my main email account inbox, and my immediate reaction was, “This would be a good topic for a blog post.” As a member of the infosecurity industry, I practice what I preach and do not open emails from senders I don’t recognize. While I, too, may be curious when an email arrives with a tempting subject, I avoid phishing and spam at all costs. This particular email message, though, was different, and here’s why.

The email’s subject was “Receipt from (the name of a restaurant where I had recently dined).” While I had not provided my email address to the restaurant directly, I DID recognize the name, so the likelihood that the email was spam was very low. The email’s sender was identified as “Name of Restaurant” with the email address of receipts@messaging.squareup.com.

Before opening the email, the following questions went through my mind:
[1] How did the restaurant get my email address?
[2] I did not realize that the restaurant used Square, so how did Square get my email address?
[3] The email address where I received the email had no connection to my credit card, so how did this particular email address receive the Square email?

However, many restaurants, medical providers, retail outlets, and more use Square, so the first line of the email message now made sense: “Square automatically sends receipts to the email you used at any Square seller.”

Upon clicking the “Learn more” link in the email message:
“After your first purchase at a Square seller, you’ll have the option to provide your email address or phone number if you would like to receive digital receipts. Once you provide an email address, you’ll start receiving automatic receipts delivered by Square at that email address for all purchases you make from Square sellers using the same credit card. You can unsubscribe from automatic receipts right from the last emailed receipt that you received from Square.”

The other thing to note about Square is that for some businesses and others that use Square for payment processing, the ONLY way to get a receipt is to provide an email address. There is no choice if you want a receipt.

After satisfying myself that there had not been a security breach, I realized that the restaurant should have done more to alert its customers about its new mobile payment procedures. There could have been a sheet of paper attached to the receipt explaining Square’s involvement; or there could have been a sign at the front entrance with the same message; or lastly, the wait staff could have mentioned Square’s involvement and the future email.

Mobile devices and mobile payment processes are changing the way we all do business.

Image Credit: In Order to Succeed (Twitter: @Order2succeed ).

Posted in Cybersecurity, Email, mobile payments | Leave a comment

Irony and Cyberbullying

schifftrumptweets

Years ago, bullies were big and strong. They pushed us down the stairs, hit us in the nose, and stole our books. Today, they sit at computers or use mobile devices and have evolved into a new type of bully called a cyberbully. Hidden behind their screens at home or in their offices, they use their words to create and post hateful and harmful messages. Too many children, teens, and adults have been affected, and sadly, many have sunk into depression, or worse, some have even committed suicide. We must change and get rid of cyberbullying.

There are many in the mainstream media who talk about this topic. From journalists to business leaders to politicians, there are many in positions of power that CAN make a positive impact.

And then, there are those who wish to continue the trend. We only have to look at the most powerful leader in the world to witness actions that should not be imitated. President Donald Trump regularly posts negative comments about Hillary Clinton, Chelsea Clinton, Adam Schiff, James Comey, Joe Scarborough, Mika Brzezinski, Elizabeth Warren, Nancy Pelosi, and Chuck Schumer – in addition to constantly slamming CNN, The New York Times, and Washington Post.

What makes this situation ironic is that First Lady Melania Trump chose cyberbullying as her initiative. According to the Boston Globe, “Traditionally, First Ladies take up a broader cause and develop programs to bolster it. (For example, Nancy Reagan’s initiative was “Just Say No to Drugs,” and Michelle Obama promoted exercise and wellness.) Cyberbullying, as in putting a stop to people who bully others over the Internet, is Melania Trump’s issue. When announcing the initiative, she said, ‘Technology has changed our universe, but like anything that is powerful, it can have a bad side.’”

“Cyberbullying is a national problem. One study found that over half of young people in the United States have experienced cyberbullying and that 20 percent of them experience it regularly. When Trump fires off tweets that are crude personal attacks, he’s not just playing politics, he’s contributing to the problem. How do you tell teenagers not to bully each other when the President of the United States is doing it?” wrote James Pindell (Twitter: @JamesPindell) in the Boston Globe.

Teachers and administrators are having a difficult time telling students not to bully others. They’re also having difficulty punishing students for that behavior because students say “If the President of the United States does it, so can I.”

Image Credit: Twitter.

Posted in Cyberbullying, Social Media | Leave a comment

Cars Hit a Cybersecurity Speedbump at the #LAAutoShow

speedbumpsAs a technology blogger and gearhead, I was fortunate to get up close and personal to the newest cars and technologies during one of the media days before this year’s Greater Los Angeles Auto Show. What I found, however, was rather scary.

As a whole, the auto industry is launching technologies to “make life easier” for the driver. In your car, you can have anything from remote start, lock and unlock to specific times scheduled for remote start, park assist, and navigation. Some of these capabilities are accessible from a smartphone, and some are built directly into the vehicle.

As someone who also teaches cybersecurity, all of this new technology makes me shudder. Why is this? Because not all concerns regarding the security of vehicle telematics have yet to be addressed. (Telematics is the technology of sending, receiving, and storing information relating to remote objects – like vehicles – via telecommunication devices.)

One of the pre-show media perks was a presentation called, “Cybersecurity Next Steps: Securing the Future.” While the subject of hacking and ransomware came up, malware did not. Some might argue that these are the same thing, but they’re different. While ransomware would hold your car’s controls hostage until you pay, malware would do nefarious things just because it’s designed to do so. Or, it may let a bad actor get access to your vehicle through a back door and allow him to steal the information stored in your vehicle or on your smartphone. Remember from an earlier paragraph, you can access some technology for your car via your smartphone.

Since cars are now multiple computers, imagine if your car starts rebooting, that is, restarting itself in the middle of your driveway, or worse, on the freeway. Or, with drive-by-wire systems, your steering starts to falter or locks up – or worse, your brakes lock up.

The Internet of Things (IoT) may cause many of these headaches. Any device plugged into the Internet and then plugged into your network, in other words, your car, is susceptible to the transference of infection, also known as an attack vector. For example, if your phone gets infected, and you plug it into your car’s entertainment system, it’s possible that your car could also get infected. Currently, there are very few vehicles that have their driver control systems firewalled from their entertainment systems.

Bottom line: In the rush to get these new technologies to market to make life “easier,” manufacturers are using a “get it to market first, and we’ll fix it later mentality.” The problem is, addressing these issues once vehicles are on the road is too late.

Posted in Cybersecurity, Internet of Things, Mobile Malware, Tech Equipment | Leave a comment

When Art Imitates Life – A Review of “I.T.” the Movie

i-t-_themovieRecently, I saw “I.T.” the movie starring Pierce Brosnan as a visionary CEO named Mike Regan. In the movie, Regan is planning to take his company public, and soon after the movie begins, Regan makes a presentation to a large group at his office, but the presentation goes sideways electronically. An IT expert is called in to help, but too often these days, the IT expert is a temporary employee. This IT temp saves the day and gets all the technology working again, so the presentation is able to move forward. Regan is grateful and becomes friendly with the IT temp. The problem, though, is that this techie is a psycho, and when he’s unable to date Regan’s daughter, he becomes determined to destroy Regan’s life.

Thanks to our connected world, the psycho techie does a pretty good job of causing harm to Regan and his way of life, and here’s how: Regan lives in a smart house, he drives an expensive car with the newest infotainment system, and he works in an office with top-of-the-line networking capabilities.

As we know, access negates all other forms of security – and access is what this IT guy got. Regan invited him to his house to check out the speed of the network. But because the house was a smart house and everything was connected, the IT guy was able to gain access to all functions within the house – and he installed a back door. The control pads in the walls were used as cameras for the security systems, music devices, and access to HVAC controls.

In addition, Regan invited the IT guy to sit in the driver’s seat of his extravagant car, and under the guise of giving Regan an “upgrade” to his infotainment system, the IT guy gained access to the car. As the movie progresses, the IT guy is shown seated in his “lair” with at least six large monitors watching the Regan family go about their daily lives. When the daughter goes into the shower, she takes her tablet into the bathroom to listen to music, and IT guy activates the camera. He then posts what he sees online for the world to see.

And all of this is happening without Regan’s knowledge. But once he realizes what’s happening, the IT guy starts the psychological torture. He locks down the house, turns devices on and off, makes music scream out of the speakers, and turns the water on and off. When Regan escapes his house to go to the office, the IT guy speaks to him through his car speaker system and taunts him. If that weren’t bad enough, the IT guy then takes control of the car and crashes it inside a tunnel.

Back at the office, the IT guy enters the company’s network through an electronic back door that he had set up when he worked there. He sends emails to all of the shareholders giving them some bad news about the company. The company has a difficult time disputing the announcement because it came from their IP address. Then, documents arrive at the Securities and Exchange Commission (SEC) showing that Regan’s company had engaged in fraud – it didn’t matter that the documents were fake. But the result was that the SEC stopped the IPO. And the kicker: everything looked authentic because all came from the company’s servers.

By the end of the movie, everything was fixed. But you can substitute this scary psycho IT guy for a malware-laden email that puts a back door into your network or a link that takes you to an infected website. You can also substitute a poorly-made wireless password, or any poorly-made password for that matter, that can be easily cracked. Just like a vampire, once the bad guy is invited into your network, he’s nearly impossible to get out.

New devices are coming online every day, and most of them contain little in the way of security. Millions and millions of Internet of Things (IoT) devices are being added to our homes and to our cars. Our connected homes may offer a convenience to us, the consumers, but more importantly, they offer huge value to the bad guys.

The bottom line is, always be vigilant. NEVER give access to anyone or anything that you’re unsure about. Convenience for you might turn into a goldmine for the bad guys, which might then turn into a major headache, identity theft, or worse, for you.

Image Credit:  Theatrical poster by Source (WP:NFCC#4), Fair use               https://en.wikipedia.org/w/index.php?curid=51229590

Posted in Disaster Recovery, Internet of Things, Mobile Computing, Network Security, Online Privacy, Online Security, Tech Equipment | Leave a comment

Why the Apple-FBI Feud Affects YOU!

feudWhile the eyes of everyone in the technology sector watched the Apple-FBI feud about a key to unlock a terrorist’s iPhone, you should have been watching too. You might wonder why this situation affected you, and the reason is simple. If the government can unlock an allegedly locked phone’s operating system for one phone, it has the potential to unlock anyone’s phone. It’s a slippery slope as to reasons, but there are other things you should consider in this discussion.

What data do you store on your smartphone or other mobile devices? Like most people, you probably store your calendar and the phone numbers, email addresses, and street addresses of your family and friends. But do you store your bank name and account information? Do you store credit card information? Do you store your medical history, medications, surgeries, and list of doctors? Do you have an app that stores all of your passwords? How many apps do you use that can, and possibly do, access your device’s information? Do you enable your GPS so that your location can be tracked as you move from place to place?

When you consider all the information you store on your device or devices, do you really think they should contain so much confidential or personally identifiable information (PII)? What happens if your device is lost or stolen? The potential risk of having your data fall into the wrong hands is the same situation as having your phone unlocked by a government employee.

According to David Pierson, tech reporter for the LA Times, (http://www.latimes.com/business/technology/la-fi-tn-apple-fbi-explainer-20160329-snap-htmlstory.html), “This fight between the world’s biggest company by market cap and federal law enforcement likely won’t be the last of its kind. For tech companies, there’s one clear takeaway: Security can never be strong enough. And for investigators, the case will only reinforce the push for a bigger digital crime-fighting toolbox. Expect an arms race in encryption tools that will continue to frustrate law enforcement – perhaps until legislation sets guidelines for both sides.”

Perhaps, this situation is the impetus you need to re-evaluate the data stored on your device. Use it to do a spring cleaning of sorts and remove the data that you don’t access on a regular basis. Delete apps you don’t use on a regular basis. Review privacy policies of apps you regularly use.

Make your mobile device something that works for you, rather than a mini version of you and your confidential data.

Image Credit: Stuart Miles via FreeDigitalPhotos.net

Posted in data protection, Data Security, Mobile Computing, Online Privacy, Online Security, Privacy Rights, Tech Equipment, Terms of Service | Leave a comment

Five Social Media #Security Tips

SMSecurityTipsMany of the previous posts on this blog have been geared toward midsize businesses to assist them with their information security strategies and to keep their data safe. However, with the widespread use of social media, this post focuses on security concerns when an individual uses social media.

Recently, I visited a grocery store in Southern California, and the unimaginable happened. All computer systems went down. The cashiers said customers could pay with cash – no credit or debit cards. While I paid for my items in cash, I wondered, what if this crisis happened at a Starbucks store where many customers use their Starbucks app to pay for their favorite latte? What procedures does Starbucks have in place? How would this situation impact the security of mobile pay?

With those questions in mind, here are five security tips to keep in mind as you navigate social media on a personal level:

MOBILE APPS
Everyone loves Angry Birds and Farmville, but before you download the next great mobile app, ask yourself, what stood out from the Privacy Terms? Did you even read the Privacy Terms? Did you read the terms of service? These terms are important and should not be ignored. They relay important information regarding the type of information that an app accesses on your smartphone: contacts, calendar, photos, etc. Do you really want a game’s developers to access your confidential information? If the app is free, ads will probably bombard you, and even worse, your data is at risk.

PROFILE NAME
While you may be aware that Coca-Cola has trademarked the names of all of its other brands, do you use the same name across all of your social media channels? I know people who use one account name for Facebook, another for Twitter, and a totally different version of their name for LinkedIn. While this may make sense, if you have a middle initial included on one site, or a nickname included on another site, what you think is clever may actually be a goldmine of data to a hacker. I highly recommend that you choose a single profile name and then be consistent as you set up all of your social networks. If you use a variety of account names, i.e., different iterations of your name, it becomes easier for a hacker to impersonate you because YOU have not provided consistency in using your name.

PASSWORDS
Everyone knows that “123456” and “password” are ridiculous options, but so are your pet’s name, your street address, and your favorite color. Think complex, perhaps, adding numbers and letters into an easy-to-remember phrase. Always use lower and upper case letters, and special characters, make the password at least 12 digits in length. If you’re unsure as to the strength of a password, use the Microsoft Password Checker. And, no matter how easy it seems, don’t use the same passwords for all social sites. Tweak them according to the site, but make sure they are different. If someone hacks your account, you don’t want all of your sites hacked.

EMAIL ADDRESS
When you sign up for a social media account, most of the time, you are asked to provide an email address. Before you hand over your main email address though, consider creating a gmail or yahoo email address specifically for your social media activities. If a hacker gains access to your social media account, and your email is compromised, your life doesn’t end. You can always forward the gmail/yahoo account’s emails to your main address/account.

CONNECTED ACCOUNTS
Are your Facebook and Twitter accounts connected? Are your Pinterest and Facebook accounts connected? Are your LinkedIn and SlideShare accounts connected? Is your blog connected to Google Plus? There may be reasons why you want to connect one or more sites, but the marketing gurus would all agree that you should post different content on all your sites, so why would you want to connect the accounts? I won’t chime in on the content angle, but from the security angle, I definitely think the sites should not be connected. Again, if one is hacked, the likelihood of the connected sites rises exponentially, and anyone who follows you will see content that may not be appropriate. You never know the objective of a hacker, so it’s best to err on the side of caution and disconnect accounts. Use them separately.

And lastly…
Remember the quote from Scott Nealy that “You have zero privacy.” Once you post something online, it has the potential to be online forever. So, think before you post. Do you really want that photo to be seen by your boss or by your grandmother? Ask yourself that question before posting anything.

Before Facebook (yes, kids, we really had a life before Mark Zuckerberg), we didn’t share everything online. We didn’t announce our trips while we were away from home. We didn’t post photos of babies before they left the hospital. And we didn’t post every single status update. So, bottom line, think before posting, and maybe, it would be helpful to consider consequences if a security breach happened and a hacker accessed your account – would you be in crisis mode, or just shake it off because none of your sensitive data was posted? Hopefully, after reading this post and reviewing your content, you can answer, the latter.

If you want to read a painful account of a Twitter hack, meet Mat Honan:
http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

What’s your fave social media security tip? Please chime in.

Image Credit: Master isolated images via FreeDigitalPhotos.net

Posted in Cybersecurity, data protection, Data Security, Email, Social Media | Tagged , , , , | Leave a comment

When Making Your New Year’s Resolutions, Don’t Forget Your InfoSec Resolutions

NewYear2016

There are the common New Year’s resolutions like unplugging more often, planning more vacations or staycations, reading more books, writing a book, and losing weight. But, in today’s connected and always plugged in world, it’s easy to ignore technology. So, in keeping with the spirit of the season, here are five resolutions that should not only be part of a list of resolutions to celebrate the New Year but should also be part of a regular security awareness plan for every midsize business.

[1] CHANGE PASSWORDS REGULARLY
If you have one key password or several, change them every couple of months or at least quarterly. Use Microsoft’s Password Strength Checker (https://www.microsoft.com/security/pc-security/password-checker.aspx) to determine the strength of your password, and don’t forget to use lower case letters, capital letters, and symbols – and preferably 10 or more characters. Don’t use any information that other people could figure out about you, such as, the names of significant others, kids, pets, or streets. And if you have so many passwords that you cannot remember them all, consider using a cloud-based password manager program. Check out reviews online before downloading or purchasing.

[2] DON’T CLICK ON ABBREVIATED LINKS
Abbreviated links may be synonymous with social media, but don’t click on any short links before seeing the link it its entirety first. Here are two options to convert an abbreviated link back to its full link: http://checkshorturl.com and http://urlxray.com. Here’s an example of what can happen if you don’t check out a link before clicking: a co-worker clicked on a link she thought was sent by a reputable person, but the abbreviated link led her straight to a contaminated site, and before she knew it, her computer had been compromised, and her hard drive had to be reformatted. Her IT admin was not happy, but at least, the entire network was not affected. Learn from this person’s mistake – and don’t let it happen to you or your business.

[3] PASSWORD-PROTECT IMPORTANT FILES
Do you have important spreadsheets on your computer: anything from a list of passwords to a confidential customer list? No matter what important files you may have, consider password-protecting them. This will add a layer of protection to the information in the event that a breach happens – and be realistic, a breach will happen eventually.

[4] VIRUS PROTECTION
ALWAYS use virus protection. Always allow auto-updates. For an additional layer of security, consider Malwarebytes Anti-Malware. (http://www.malwarebytes.org) It’s always good to have a second opinion of a file’s security.

[5] BACK UP, BACK UP, BACK UP
Everyone who knows me knows that this is my mantra, but I know people who swore that they had no need to back up their systems. With electrical surges, storms, tsunamis, earthquakes, etc., who wouldn’t agree that it’s better to be prepared than to have to re-create all your files and documents? And what about photos, illustrations, or other images? Today, most of us keep photos on our computers, laptops, tablets, and smartphones. If your system got corrupted, how would you recreate those photos and images? How would a business recreate its archives containing years of product images? So, once a week, or even more often, back up your entire system. Even if you’re not a system admin, add the back up to your smartphone or other mobile device calendar.

If you follow these practices on a regular basis, and not just at New Year’s, you’ll be one step ahead of the cyber criminals who want access to your data or to turn your system into a tool for cybercrime. Happy New Year, and make it cybercrime-free.

Image Credit: Stuart Miles via FreeDigitalPhotos.net

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, BYOD, Cloud Computing, corporate data, Cybersecurity, Data Breach, data protection, Data Security, Disaster Recovery, Management and Technology, Network Security, Online Security, Tech Equipment | Tagged , , , , | Leave a comment