Cats, Geotags, and the Risks of Oversharing

CSIDIt’s important to remember that when we’re sharing selfies, back to school photos, and pictures of our kittens on social media, we’re also sharing much more.

I Know Where Your Cat Lives” is a project created by an associate professor at Florida State University, featuring one million Instagram, Twitpic, and Flickr pictures of cats (found through the hashtag #cat) from around the world. The online visualization is possible thanks to geotags, which are provided by photo sharing websites and publicly available APIs. After the initial cuteness of the cats wears off, it’s alarming to realize that these photos reveal the homes and locations of many individuals.

Geotags can be added to many different forms of media, including pictures and video, websites, and SMS messages. These meta tags can include latitude and longitude coordinates, altitude, bearing, distance, place names, and even time stamps. It is this data that makes aggregated sites like IKWYCL possible.

Sharing geotags can pose a risk to your safety and security. Whether you’re tagging animals in your home or your feet in the sand on an exotic vacation, you are alerting friends and strangers to your exact location. It’s important to note that some social platforms by default, like Instagram, do not reveal a user’s location coordinates. However, many users elect to add their location. This may put yourself or your belongings in danger, alerting criminals to your whereabouts.

If you hang around the cat site long enough, you are sure to see a gray box stating “Photo removed by user.” Users unsettled by the location of their cats can change the privacy setting in their apps to remove the data and their images from the site.

Regardless of your favorite social platform, it’s important to be cognizant about the information you’re sharing. Always opt for the strictest security settings to help keep your information safe.

Are you concerned about over sharing on social? Weigh in with us on FacebookTwitter or LinkedIn.

 

By | November 1st, 2016|Online Safety|0 Comments

Friday’s Cyber Attack and Future Threats

CSID

Photo by: DownDetector

Friday was an interesting one for Internet users in the U.S. A large-scale Distributed Denial of Service (DDoS) attack took down a number of sites including Twitter, Netflix, and Amazon for a large part of the day. Many of us were left with a newfound sense of how much we rely on web-based services in our day-to-day lives and a growing unease about how vulnerable these services are.

DDoS attacks are not new and are just one type of cyber attack in a growing arsenal. We’ve compiled a list of some of the types of cyber attacks that are seeing incredible growth, and a description of how each works. You’ll likely be hearing these terms more as these attacks continue to grow in prevalence and scope.

Distributed Denial of Service Attack: Friday’s Internet outage was caused by a DDoS attack on Dyn, a company that monitors and routes Internet traffic. While Friday’s attack did require a fair amount of sophistication (USA Today has a great summary of the details we know to date), most DDoS attacks are easy and inexpensive for hackers to execute. A DDoS attack occurs when a website’s servers are flooded with illegitimate page requests, preventing legitimate requests from getting through. This can often cause the website to crash. Cyber criminals can execute DDoS attacks for as little as $150 a day by purchasing botnets on the online black market. Botnets are a network of computers and connected devices infected by malware and controlled without the owner’s knowledge. Botnets are used to send the page requests, resulting in the overburdened servers. A recent study by CDN services company Akamai found that there has been a 125 percent increase in DDoS attacks year-over-year and a 35 percent increase in their duration.

Zero Day Attacks: A Zero Day vulnerability refers to a hole in a businesses’ software that is unknown to the software provider. A Zero Day attack refers to an incident in which this hole is exploited by hackers before it is discovered and fixed. Because these vulnerabilities are unknown to the developer, cyber criminals can often exploit holes for months before anything is detected. According to Symantec, the number of Zero Day attacks also increased by 125 percent last year.

Domain Name System (DNS) Highjacking: The DNS is a naming system for any resource connected to the Internet that associates various information with domain names. For example, a DNS translates a user-friendly name, like CSID.com, to its corresponding IP address. DNS hijacking, or DNS redirection, is the practice of intercepting and changing the information associated with a DNS record for malicious reasons. The result is a user ends up on a site that has malicious malware or code instead of the site intended.

These are just a few of the cyber attacks we’ll be reading more about in the coming years, especially as the skill set and resources needed to execute them continues to lessen. For businesses, it means strengthening security on their sites and focusing on security against web-based attacks. For consumers, it is about staying informed.

Were you affected by Friday’s DDoS attack? Share your experience with us on social media. Follow CSID on FacebookTwitter or LinkedIn.

 

By | October 24th, 2016|Industry News|0 Comments

The Next Frontier: Cybersecurity in Space

CSIDResearch organization Chatham House made headlines earlier this month with a new report that calls for a “radical review of cybersecurity in space” and points to the rarely discussed, but increasing threat of satellite attacks. As so much of our world’s infrastructure – including GPS navigation, financial transactions, weather and environmental monitoring – relies on satellite data, it’s important to recognize that satellites and other space assets, just as any piece of technology on Earth, are vulnerable to cyber-attack.

According to the report, such attacks might include jamming, spoofing and hacking attacks on communication networks; target control systems or mission packages; and attacks on ground infrastructure like satellite control centers. There are a few reasons why satellites and space systems may be more vulnerable to attack. Here are some of those key factors listed in the report:

  • The first GPS systems were introduced more than three decades ago and technology is evolving at a rapid pace, making it hard to execute a timely response to space cyber threats. Younger individuals are using space-based and cyber communications in ways that older generations – often times the key decision makers – may not understand the range of threats.
  • Backdoor holes in encryption and otherwise secure control systems.
  • Increasing number of individual satellites and constellations providing an ever-increasing number of entry points.
  • Speed to market compromising important security controls.

The researchers leading this project insist that it will take a concerted and collaborative international effort, made up of “able states and stakeholders within the international space supply chain and insurance industry” to combat these growing threats.

But what can we do as consumers? Just as our day-to-day actions impact our security in the Internet of Things, these actions may also impact our security in space. It’s imperative that we take action to secure our personal data (check out some tips on how to help secure your data in five minutes), business owners educate employees on cyber security best practices, and that manufacturers and developers keep security top-of-mind when bringing new products to market.

Where do you think the future of cyber security in space is headed? Share your thoughts with us on FacebookTwitter or LinkedIn.

By | October 20th, 2016|Industry News|0 Comments

All Eyes on Encryption: Facebook Steps Up Its Game

CSIDMore than 900 million people around the world use Facebook’s Messenger app to communicate with friends and family while on the go. The mobile messenger app is a way for users to communicate privately, but until recently, there hasn’t been much public information available around how Facebook is ensuring these messages are kept private and secure.

Recently, Facebook announced that the company is offering encrypted messaging technology to mobile users worldwide in a feature it’s calling “Secret Conversations.” Facebook’s users can opt in to send messages that no one – including Facebook, the government, or intelligence agencies – will be able to read, using Signal Protocol for end-to-end encryption.

This is a big move for Facebook and for social media overall. While other apps like WhatsApp provide encrypted messages, many major social platforms do not. There is the possibility of identity theft via social media, particularly for users who aren’t selective with what they post. Having an additional layer of privacy in messaging could potentially reduce the risk of an attack.

However, in America, as more messaging services offer the ability to encrypt messages, the mindset could shift from whether encryption should be an option to whether it should be the default setting. On Facebook’s Secret Conversations, it’s currently not the default setting. Unless users opt in to the service, their messages will remain unencrypted, and each messaging chain must be selected. In other words, users must actively select which messages they wish to remain private. It’s a similar strategy to Google’s messaging app Allo, which also offers opt-in messaging encryption.

While Facebook Messenger’s new encryption feature is welcome news to privacy advocates in the United States, people in other countries may find themselves in a precarious position. Facebook is a global company, reaching nations across the world. Some of those countries have strict privacy laws, which would interfere with what Facebook is trying to do in offering encryption for all of its global users. Facebook has seen this controversy before when its WhatsApp property made international headlines.

For now, it’ll be interesting to see how many users utilize Secret Conversations. Infrequent or non-technical users may never even be aware of its existence, while others may worry that activating encryption could drive unwanted attention their way. While the messages themselves will be encrypted, the metadata won’t be, so those outside the conversation can see who is messaging each other, and how often they’re doing so.

Will you take advantage of this new encryption feature on Facebook Messenger? Do you use any other apps that offer encryption? Join the conversation and stay up to date on the latest cybersecurity news by following CSID on FacebookTwitter or LinkedIn.

By | October 13th, 2016|Industry News|0 Comments

Industry News Recap: National Cyber Security Awareness Month

CSIDNational Cyber Security Awareness Month (NCSAM) kicked off this month and as a result, more eyes than ever are on cybersecurity. This week, we’re spotlighting a few recent national stories we expect to be a key part of the conversation among those participating with us in the month-long celebration.

Cybersecurity and the 2016 Election
For the first time in history, cybersecurity has emerged as a major topic in the 2016 general election. In the first presidential debate, both candidates talked about cybersecurity, especially in regard to alleged recent state sponsored cyber attacks. Both candidates agreed that the US should have strong cybersecurity capabilities to combat such threats.

National cybersecurity will continue to be in the news as Election Day itself approaches. Politico recently reported that hackers have probed voter registration systems in more than 20 states. In the wake of this news, more and more voters are becoming concerned as they prepare to head to the polls. Fortunately, many states are now working diligently with the Department of Homeland Security to ensure that their voting systems are properly secured for Election Day.

IoT Breaches On The Rise
The Internet of Things (IoT) continues to grow steadily, and organizations of all kinds are learning to adapt to the new technology ecosystem. However, security flaws in the IoT remain as a concern that has not been adequately addressed. Powerful DDOS, or “distributed denial of service” attacks via IoT devices have made headlines in recent weeks. DDOS attacks are a tried and true type of threat, but what we’re beginning to see is cyber criminals using compromised IoT devices to augment the size of an attack.

As part of NCSAM, the Online Trust Alliance released a checklist of steps for ensuring the security of IoT devices. Just as for most online risk mitigation, consumers should regularly update privacy settings on home and wearable devices in order to remain secure. Additionally, users should create long and strong passwords for all of their devices, and update them regularly.

Security Skills Gap
As we discussed a few weeks ago, the shortage in trained cybersecurity professionals is a problem. New reports show that the problem is continuing to grow. More than 209,000 U.S.-based cybersecurity jobs remained unfilled, a figure that is up 74 percent since 2011. Overall, the state of the cybersecurity skills shortage continues to pose a threat to the industry.

In spite of these issues, 79% of current cybersecurity professionals say that they are happy in their career path. It’s a fulfilling career, especially for today’s tech savvy population. Additionally, more and more schools globally are establishing programs and scholarships that directly address the cybersecurity skills gap by sparking curiosity and inspiring younger generations to get involved in the field.

To stay up to date with all the industry news shaping up during NCSAM, be sure to follow us on FacebookTwitter and LinkedIn

By | October 7th, 2016|Online Safety|0 Comments

We’re Gearing Up for National Cyber Security Awareness Month

CSIDCyber security is a shared responsibility. That’s why every October, businesses, government agencies, universities, associations, nonprofit organizations and individuals come together to participate in National Cyber Security Awareness Month (NCSAM) to promote online safety awareness. NCSAM was created as a collaborative effort between government and industry to ensure all digital citizens have the resources they need to stay safer and more secure online, while also protecting their personal information.

We’ve participated the last several years and are proud to once again be registered as an official NCSAM Champion, where we’ll join the conversation on how to stay safe online and build a culture of cyber security awareness nationwide. Here are some ways you and your organization can take part in all of the activities throughout the month:

Become a Champion: Whether you’re an individual interested in getting involved or representing your organization, find out more about how to become a NCSAM Champion. You’ll be joining a large community from around the country dedicated to promoting a safer and more secure Internet.

Get Involved with Events – Onsite or Online: Browse Stay Safe Online’s list of events and mark your calendar for conferences and panel discussions in your area. There are also a number of virtual events, like webinars and Twitter chats, taking place throughout the month. Here are a few we’re looking forward to in particular:

  • October 6: #ChatSTC Twitter Chat – The Basics of Online Safety
  • October 13: #ChatSTC Twitter Chat – Creating a Culture of Cybersecurity from the Break Room to the Boardroom
  • October 20: #ChatSTC Twitter Chat – Recognizing and Combatting Cybercrime

Stay Informed: Stay up to date with all NCSAM news by following our friends at Stay Safe Online on Twitter and check out their resources for helpful tips and tricks around online security.

We’ll be actively involved in many of the NCSAM activities across all our social channels, so be sure to follow us on FacebookTwitter and LinkedIn.

By | September 30th, 2016|Online Safety|0 Comments

How Companies Can Stay Secure When Introducing BYOD Policies

CSIDBring your own device (BYOD) policies continue to grow in popularity. Employees and employers alike are enjoying the flexibility of using their own devices for work, so much so that we’re starting to see the workplace itself evolve. While we’ve seen many benefits to these policies (productivity, cost savings), it’s important to note that creating a BYOD policy without security in mind may put company data at risk.

BYOD policies may mean an increased risk for employee error. For example, a recent survey found around 40 percent of respondents said they never change their passwords on devices except when prompted to do so. Forty percent also said they use the same passwords across multiple websites. Such poor employee password habits can leave the door wide open for criminals, as we demonstrated last year, when hackers were able to infiltrate our fictional small business, Jomoco, in less than an hour.

However, a thorough understanding of the strengths, preferences and limitations of the average employee can address these security gaps. Here are best practices and recommended tools to implement effective BYOD security measures for your company:

BYOD best practices:

  • Develop a BYOD policy in partnership with IT, risk management, and legal counsel. Keep an open line of communication with IT so they can quickly communicate new and emerging threats of which employees should be aware of.
  • Educate employees on BYOD security best practices regularly. It should never be assumed that your employees understand all the guidelines spelled out in your policy.
  • Require your employees to create long, strong and unique passwords, and encourage employees to take advantage of two-factor authentication wherever possible.
  • Require that employees password protect their mobile device if it hosts company information.
  • Require your employees to update their software on devices when prompted. These updates typically address security vulnerabilities.
  • Require that employees quickly report any lost or stolen devices. Swift response allows you to mitigate the risk of sensitive information falling into the wrong hands.

BYOD tools:

  • Use a secure alternative to open Wi-Fi networks. Provide employees with access to a VPN or hotspot.
  • Create and provide standard antivirus, anti-malware protection for all types of devices.
  • Consider enlisting the support of a proactive monitoring service for your company. By proactively monitoring for employee credentials on the dark web, businesses can determine when an employee’s personal information may have been compromised.

As a closing thought, always keep in mind that threats are constantly evolving, so a good BYOD policy is never complete. Just like any business process, BYOD polices should be reviewed and updated on a regular basis.

To stay up to date with all business security news, be sure to follow us on FacebookTwitter and LinkedIn.

 

By | September 23rd, 2016|Business Security|0 Comments

CSID Bolsters Social Media Monitoring Product to Help Keep Children Safe Online

CSIDToday, we’re pleased to announce that our Social Media Monitoring product now includes child-monitoring services. This important addition, which can be rapidly deployed and customized through our Identity Management Center (IMC), lets our partners enable subscribers to monitor privacy and reputational risks, cyber bullying, weapons references, and sexual predator activity for their child’s Facebook, Twitter, and Instagram accounts.

Ninety-two percent of teens go online daily. Ninety-one percent of these individuals share photos of themselves, and 71 percent share the name of the city or town in which they live. It’s more important than ever for parents to be vigilant of the security risks facing their children across social media. Not only can a child’s social media activity put them risk for identity theft or fraud, it can also impact his or her future success. In fact, 35 percent of admissions officers reported that when checking on a student’s online presence, they found something that negatively impacted an applicant’s chances of getting in, a figure that has nearly tripled from last year.

Here’s what CSID President and Co-Founder, Joe Ross, had to say about the news:

In today’s world where children and teens are constantly connected, they may be sharing information that puts them at risk for identity theft, reputation damage, or worse. The new child monitoring services added to our Social Media Monitoring product will allow businesses to provide subscribers peace of mind, knowing that they’ll be alerted if their children are sharing any information or engaging in activities via social media that puts them at risk.

For more information on CSID’s Social Media Monitoring product, visit https://www.csid.com/socialmonitoring/ and to stay up to date with all CSID news, be sure to follow us on FacebookTwitter and LinkedIn.

By | September 20th, 2016|Company News, Online Safety|0 Comments

Cybersecurity Tips for Working Remotely

CSIDFor 3.7 million Americans, waking up and logging onto a computer from the comfort of their home marks the start to their workday. According to Global Workplace Analytics’ 2016 study, 50 percent of the US workforce is now permitted the luxury to partially telework during the workweek. This trend continues to edge toward the norm. In fact, the ability to work remotely, for the greater, non-self-employed population, has grown 103 percent since 2005.

While more opportunities to work remotely may reflect the emerging modern workplace, there are several factors employers and employees should weigh and discuss to ensure security is top of mind.

If your job allows employees to work remotely, consider the following:

Employees: Protect Your Home

  • Use strong, cryptic passwords on all of your work and personal accounts. Resist the urge to duplicate passwords.
  • Use two-factor authentication whenever offered for both work and personal accounts.
  • Personal and work devices should be equipped with the latest antivirus software, web filtering, firewalls, and encryption. Always make sure your devices and software have the most up-to-date versions to help safeguard information.
  • Work with your company’s IT department to set up a virtual private network, or VPN, to add another layer of security to your home’s internet.

Employees: Working Elsewhere

  • Employees should keep personal and work devices password protected in the event they are stolen or misplaced.
  • Avoid accessing sensitive company accounts on public Wi-Fi or unsecured networks. Public Wi-Fi can increase the risks of signal sniffing and compromise personal accounts, as well as professional networks. Many hackers set up accounts that mimic the names of frequented locations, hoping to steal from unknowing users. Consider using a VPN to access company data, or using your cell phone as a hotspot.
  • Be aware of your surroundings. Consider a screen protector and make sure sensitive calls are made in private.

Employers: Create a Cybersecurity Policy for All Employees
To help foster a conversation and environment committed to cybersecurity, organizations should create a cybersecurity policy and make staff training and security education a priority. In a recent episode of Firewall Chats, Michael Kaiser, executive director at the National Cyber Security Alliance, discussed creating a culture of cybersecurity at work.

“[Policies need] to be reinforced,” Kaiser said. “It can’t be a one and done kind of thing. It has to really be periodic. … Reminding people of the value of the information that an organization holds and the responsibility they have to protect it. When people give you their information, they expect you to protect it.”

To create a cybersecurity policy:

  • First, identify the security risks and threats that may affect your business
  • Develop clear policies and procedures for all employees, whether on-site or off-site
  • Train all employees on your new (or existing) cybersecurity policies
  • Create and maintain a process to help reward policy followers and address offenders
  • Define and address third party and vendor risks
  • Work closely with your IT department to detect and address unauthorized activity

Creating a culture of cybersecurity will help safeguard employees and company data, regardless of where they work. Employees, do you have the ability to work remotely? Are you aware of the security steps needed to help keep your company safe? Share your experiences on Facebook, Twitter and LinkedIn.

 

By | September 16th, 2016|Business Security|0 Comments

The Real Cost of Identity Theft

CSIDUnfortunately, identity theft can happen to anyone and has far-reaching consequences for its victims. According to the US Department of Justice (DOJ)’s most recent study, 17.6 million people in the US experience some form of identity theft each year. This includes activities such as fraudulent credit card transactions or personal information being used to open unauthorized accounts.

The most obvious consequence that identity theft victims encounter is financial loss, which comes in two forms: direct and indirect. Direct financial loss refers to the amount of money stolen or misused by the identity theft offender. Indirect financial loss includes any outside costs associated with identity theft, like legal fees or overdraft charges. The DOJ’s study found that victims experienced a combined average loss of $1,343. In total, identity theft victims lost a whopping $15.4 billion in 2014.

Beyond money lost, identity theft can negatively impact credit scores. While credit card companies detect a majority of credit card fraud cases, the rest can go undetected for extended periods of time. A criminal’s delinquent payments, cash loans, or even foreclosures slowly manifest into weakened credit scores. Victims often only discover the problem when they are denied for a loan or credit card application. Last year, CSID found that these types of fraud take the longest time to resolve.

Identity theft doesn’t just impact victims financially; it also often takes a significant emotional toll. A survey from the Identity Theft Research Center found that 69 percent felt fear for their personal financial security, and 65 percent felt rage or anger. And, almost 40 percent reported some sleep disruption. These feelings increased over time when victims were unable to settle the issue on their own, according to the report, which can result in problem as work or school, and add stress to relationships with friends and family.

Thankfully, consumers are getting smarter about the best ways to protect their information, like using monitoring services or following security best practices. How are you protecting yourself against identity theft? Join the conversation and stay up to date on the latest identity theft news by following CSID on FacebookTwitter or LinkedIn.

By | September 9th, 2016|Identity Protection|0 Comments
Load More Posts