News Recap: Cyber Information Sharing Act Moves Past Senate

By | July 11th, 2014|Uncategorized|

SenateThis week, the Senate Select Committee on Intelligence approved the Cyber Information Sharing Act (CISA). While some consider this bill to be a big step towards improving cyber security, others find it controversial.

Gregory McNeal of Forbes explains, “the bill is intended to help companies and the government thwart hackers and other cyber-intrusions. The bill passed by a 12-3 vote, moving it one step closer to a floor debate.” While it was passed with a fairly significant margin, McNeal reports, “Lawmakers have been struggling for years to move cybersecurity legislation. Civil liberties advocates have opposed CISA, arguing that it fails to adequately shield Americans’ privacy. Proponents of the bill say it will help stop attacks by encouraging data-sharing between businesses and the government. The bill achieves data-sharing by protecting businesses from lawsuits if they voluntarily disclose cyberthreat details for the purpose of assisting government or industry partners.”

Russell Brandom of The Verge reports the aim of the bill is to require businesses and government to share information on potential “cyber threat indicators.” Brandom continues by explaining, “Once a company makes a report to the government with information about a threat indicator, CISA would require broad sharing across federal agencies, including with the NSA, which would be given a more central role in threat management under the new scheme. Companies would also be encouraged to monitor their networks to gather more information about the threat.”

Will this legislation be effective in preventing cyber attacks? Should the consumer privacy be a more important part of the legislation? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

For more information on the legislation read, The Latest on Cyber Security Legislation.

News Recap: The White House’s Cybersecurity Secrets

By | May 2nd, 2014|Uncategorized|

White HouseThis week, the White House joined the conversation about the current state of cybersecurity when it shared its policies on alerting the public to threats and vulnerabilities.

According to David Sanger of The New York Times the discussion started when Michael Daniel, White House cybersecurity coordinator, published a post to the White House blog discussing the process for making cybersecurity flaws public knowledge. Sanger writes, “The Heartbleed incident had cast a light on a balancing test the White House has until now declined to discuss in any detail: When should the government reveal flaws that it discovers.”

The Verge’s Jacob Kastrenakes sheds light on the purpose of withholding the news from the public with this quote from Daniel: “Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack, stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks.”

Dara Kerr of CNET comments on the government policy saying, “Several government agencies have put together a set of principles they use when deciding whether to disclose vulnerabilities. If the government does decide to keep a security flaw secret, it goes through a series of questions about why it made that decision, including the possible risk, exploitability, and reach of the bug.”

Jon Fingas of Engadget lends perspective to any critics of the NSA’s policies with an additional comment from the White House on the matter; “The White House… has a vested interest in speaking up when possible; it suffers like everyone else if critical infrastructure goes down, after all. It’s at least clear from the statements that the government doesn’t make its choices lightly.”

Is the government doing the right thing by keeping cybersecurity flaws a secret? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Interactive Cyberthreat Map by the Kaspersky Lab

By | April 11th, 2014|Uncategorized|

MapWhile many dedicate their careers to spreading the word about cyber security, this week’s news about the Heartbleed vulnerability has put cyber security in the spotlight, giving the world a new found perspective on just how susceptible the Internet can be.

Farhad Manjoo of The New York Times said “the bug known as Heartbleed… is a stark reminder that the Internet is still in its youth, and vulnerable to all sorts of unseen dangers, including simple human error.” He compares the technology industry with other industries that saw rapid growth, but remarks that the tech industry is ultimately unique and will require additional efforts beyond regulation and industry-wide cooperation. Computer security expert at Princeton University Edward Felten believes that “Heartbleed is further evidence that we don’t have our house in order when it comes to Internet security.”

Help Net Security further discussed the global threat by sharing an interactive map released by the Kaspersky Lab. The interactive cyberthreat map visualizes cyber security incidents occurring worldwide in real time. Help Net Security showed how the map detects and monitors a variety of malicious objects across the web, and comments, “In today’s world of cyberthreats, it only takes a few minutes to spread new malicious applications or spam.”

CNET’s Leslie Katz explained how the interactive map works:

“You spin the 3D globe using a mouse and zoom in or out with a scroll wheel. Click on a country, and you’ll see the number and type of threats detected there since 12 a.m. GMT and the position that nation holds on the world’s “most-infected” list… Different types of threats tracked by the Kaspersky Antivirus and Internet Security Multi Device software shoot around the map like colored lasers. Viruses found in email appear as orange, for example, and yellow represents malicious executable files.”

Does this interactive map help consumers visualize how fast threats move across the globe? How can businesses use this interactive map for security purposes? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Security Implications – and Solutions – of Mobile Ecommerce

By | December 12th, 2013|Uncategorized|

Mobile Security PicMore than half of the U.S. adult population has a smart phone, the Pew Internet & American Life Project reports, and 25 percent of Americans older than 15 own a tablet. So it’s no surprise that more and more Americans are making purchases with their mobile devices. In fact, IBM found that mobile sales exceeded 17 perfect of total online sales on Cyber Monday this year, which was an increase of 55.4 percent compared to the year prior. What does this mean for mobile security? What are the implications for businesses when consumers make transactions via mobile devices? The risks are many, but there are solutions and prevention tips businesses can use to avert security mishaps.

Mobile malware has grown extensively this year. In the third quarter of 2013 alone, the F-Secure Mobile Threat Report found that the number of mobile malware threats rose 16 percent. When consumers make mobile purchases on a device plagued with malware, cyber criminals can gain access to their login credentials and other personal information stored on their phone or in your email. This can lead to stolen credentials and unwarranted purchases. Additionally, consumers’ poor password habits – especially on mobile devices – can also lead to unwanted cyber attacks.

To circumvent security risks, businesses can require shoppers to create strong login credentials and passwords. On average, it takes a hacker 11 minutes to crack a password with numbers and letters; when you add punctuation, it could take them years to hack. Businesses can also require users to use multi-factor authentication, or a second step to log into an account, such as responding to an email, text message or security question before logging into your site. Lastly, businesses should always monitor customers’ information online. If a hacker has breached a major organization, you may have mutual customers who have used repeat passwords. If this is the case, the hackers may use the compromised customers’ login information to access information on your site. Use a monitoring service to keep an eye on customer data in the depths of the Internet.

What additional tips do you have for businesses regulating against mobile ecommerce threats? Do you anticipate that this mobile ecommerce trend will continue to rise? Let us know what you think on Twitter or Facebook, and take a look at our news Tumblr.

The Breach Heard Around the World

By | November 25th, 2013|Uncategorized|

A recent security breach at Adobe put millions of user accounts, encrypted passwords and email addresses in the hands of hackers. But according to Ammon Bartram of SocialCam, what was “even more disturbing was the number of people who used the same password for their bank accounts, email, Facebook and home garage door codes as a password on the Adobe website. Some even used their Social Security numbers as passwords.” Plus, in a survey last year we found that 61% of consumers reuse passwords across multiple websites.

So why is password reuse one of the most alarming parts of the Adobe breach?

If you use the same account credentials across websites, when those credentials are compromised for one website, they will also be compromised for the others. With readily available technologies, hackers can easily determine for which sites you reuse those credentials. This puts you and those third party websites at additional risk. Thus, a breach can affect more than just the initial company and their customers; the impact can spread like wildfire.

Eventbrite 2PandoDaily is calling the Adobe breach the “security breach heard ‘round the world.” In fact, many third party website are taking action secure their own customers and their own sites. For instance, EventBrite sent notices to their users encouraging them to check if their email addresses were on Adobe’s list, and to change their EventBrite passwords no matter what. Facebook, too, took action. “Facebook users who used the same email and password combinations at both Facebook and Adobe’s site are being asked to change their password and to answer some additional security questions,” according to notable security expert Brian Krebs.

As a business owner or employer, take note of what these companies are doing, and consider reaching out to your customers and employees as well. For advice on creating secure passwords, see our white paper, webinar and infographic on the topic.

Do you ever reuse credentials across websites? Have you seen any other companies taking action to protect their own customers in wake of Adobe breach? Let us know what you think! As always, join the conversation on Twitter and Facebook.

Security Insights: Email Security – Internet and Email Scams

By | September 12th, 2013|Uncategorized|

emailEmail and internet scams are just some of the top ways cyber criminals manipulate everyday users to click on a malicious link or visit a hacked website. These scams not only put individuals users at risk, companies are also at risk as these scams often target employees at all types of companies. About.com recently put together a list of the top 10 internet and email scams of 2013 – take a look at the list below as well as tips to protect yourself and your company.

The Top 10 Internet/Email Scams of 2013

1. The Nigerian Scam, Also Known As 419 – Most of you have received an email from a member of Nigerian family with wealth. In every variation, the scammer is promising obscenely large payments for small unskilled tasks. This scam, like most scams, is too good to be true. Yet people still fall for this money transfer con game.

2. Advanced Fees Paid For A Guaranteed Loan Or Credit Card – If you are thinking about applying for a “pre-approved” loan or credit card that charges an up-front fee, ask yourself: “why would a bank do that?” These scams are obvious to people who take time to scrutinize the offer.

3. Lottery Scams – Chances are you will receive at least one intriguing email from someone saying that you did indeed win a huge amount of money. This scam will usually come in the form of a conventional email message. It will inform you that you won millions of dollars and congratulate you repeatedly. The catch: before you can collect your “winnings”, you must pay the “processing” fee of several thousand dollars.

4. Phishing Emails And Phony Web Pages – This is the most widespread Internet and email scam today. “Phishing” is where digital thieves lure you into divulging your password info though convincing emails and web pages. These phishing emails and web pages resemble legitimate credit authorities like Citibank, eBay, or PayPal.

5. Items For Sale Overpayment Scam – This one involves something you might have listed for sale such as a car, truck or some other expensive item. The scammer finds your ad and sends you an email offering to pay much more than your asking price. The reason for overpayment is supposedly related to the international fees to ship the car overseas. In return, you are to send him the car and the cash for the difference. The money order you receive looks real so you deposit it into your account. In a couple of days (or time it takes to clear) your bank informs you the money order was fake and demands you pay that amount back immediately.

6. Employment Search Overpayment Scam – You have posted your resume, with at least some personal data accessible by potential employers, on a legitimate employment site. You receive a job offer to become a “financial representative” of an overseas company you have never even heard of before. You will be paid 5 to 15 percent commission per transaction. If you apply, you will provide the scammer with your personal data, such as bank account information, so you can “get paid”. Instead, you will experience some, or all, of the following: identity theft, money stolen from your account, or may receive fake checks or money orders for payments which you deposit into your account but must send 85–95 percent of that to your “employer”.

7. Disaster Relief Scams – What do 9-11, Tsunami and Katrina have in common? These are all disasters, tragic events where people lose their lives, lose their loved ones, or everything they have. Scammers set up fake charity websites and steal the money donated to the victims of disasters.

8. Travel Scams – You will receive an email with the offer to get amazingly low fares to some exotic destination but you must book it today or the offer expires that evening. If you call, you’ll find out the travel is free but the hotel rates are highly overpriced.

9. “Make Money Fast” Chain Emails – A classic pyramid scheme: you get an email with a list of names, you are asked to send 5 dollars (or so) by mail to the person whose name is at the top of the list, add your own name to the bottom, and forward the updated list to a number of other people. Should you risk to participate, you risk being charged with fraud.

10. Turn Your Computer Into a Money-Making Machine! – You send someone money for instructions on where to go and what to download and install on your computer to turn it into a money-making machine… for spammers.

Read the full article on The Top 10 Internet/Email Scams from About.com.

How to protect yourself and your company

The best way to protect yourself and your company is to stay aware of these types of email and Internet threats and stay educated on how to mitigate them. The following tips are for handling suspicious emails:

  • Pay attention to sender and message subject
  • If an email is from an unrecognized sender or domain, consult someone from your IT or Security department, as they will verify the type of email and if it should be deleted
  • NEVER Open or forward a suspicious email
  • Pay attention to filenames attached to emails
  • Do not open email attachments from people that you do not know or trust and/or that look suspicious
  • Be aware that files can come as email attachments in the format of zip files in order to trick your anti-virus
  • Do not download executable (.exe) files that are sent to you

– Kristin Badgett, CSID Information Security Officer

Be sure to check out our other blog posts on security. Share your tips for protecting your business with us on Facebook and Twitter.

National Internet Safety Month: Keeping Children and Teens Safe on Mobile

By | June 27th, 2013|Uncategorized|

internet_safetyThis June, organizations across the country are celebrating National Internet Safety Month, a nationwide effort to spread awareness on Internet dangers and provide resources to educate children, teens and adults on preventative measures.

National Internet Safety Month was passed as a resolution in 2005 by the U.S. Senate to raise awareness of the need for online safety, especially among children and teens. The Internet safety landscape has changed since 2005, thanks to the rise of smartphones and social media. Now children and teens are connected to the Internet more than ever with mobile devices, putting themselves at higher risk for identity theft and child predators. In fact, 78% of teens now have a cell phone and almost half (47%) of them own smartphones according to Pew Research’s Teens and Technology 2013 Report. That’s a large increase compared to just 23% having smartphones in 2011. Additionally, teens are connected to tablets just as often as adults.

This constant connection to the Internet means that parents and educators have a responsibility to teach children and teens how to stay safe online, especially on their mobile devices. Here are 5 tips for keeping your child’s identity and device free from cyber criminals.

  1. Teach children how to identify email and text phishing scams: Frauds will send you a text or email that looks like it is from a familiar source in order to squeeze personal information out of you. Do not click on any links and never respond with personal information such as your phone number or home address. Personal information should only be given in person.
  2. Don’t use public Wi-Fi: Some smartphones may be set to automatically connect to Wi-Fi, giving hackers a chance to steal information from your phone. Show your children how to turn off that setting to avoid using unsafe public hotspots.
  3. Disable GPS identifiers on social media apps: Children and adults alike should turn off GPS identifiers on social media apps, including location stamps on Facebook posts, tweets and Instagram pictures. Geotagged information can compromise privacy and reveal personally identifiable information (PII) to identity thieves.
  4. Prevent mobile malware by downloading credible apps: Mobile malware can slow down your phone’s processing abilities, steal your photos, spam your contacts and hack into your email. Help your children prevent malware from getting onto their mobile devices by allowing them to download only credible apps from known app marketplaces.
  5. Protect devices with anti-virus software: Though iOS does not have anti-virus software for mobile devices, Android users can download extra protection for their phone.

What are some additional ways you protect your children and yourselves online? Be sure to share with us on Facebook and Twitter and don’t forget to take a look at our blog post “5 pieces of information kids should not share online” for more child identity theft protection tips.

Safer Internet Day: Practice Safe Online Habits

By | February 7th, 2013|Uncategorized|

computer_loginThis Tuesday was Safer Internet Day – a day dedicated to honoring safe Internet habits. In the past year, we’ve seen our fair share of data breaches in the news, so it’s important to be aware of your online habits, and what you’re doing to protect yourself and your business.

So what better way to honor this day then to hear from us – the experts in global identity fraud protection – on our tried and true methods for protecting yourself online.

Break poor password habits
Are you guilty of using the same password across multiple sites? Break the habit now. An email or password compromised from one company’s data breach can open up vulnerabilities across a multitude of completely unrelated websites such as banking, financial, online retailers and the like. Creating a strong, alphanumeric password will help reduce the risk of a company data breach. And remember to change your passwords frequently.

Keep your devices clean
It may seem obvious, but many forget to keep the software up-to-date on their laptops, smart phones and tablets, and out-of-date software can increase security risks for these devices. You keep your car engine clean, so why wouldn’t you keep your mobile devices clean? Set up automatic updates, if applicable.

Don’t click that link
Be wary of clicking links on unsecured or unknown websites that can be malicious, or through email phishing scams – where you receive an email from what appears to be a legitimate merchant, but is, in fact, misspelled or “too good to be true.” Hackers are also able to embed malicious links or ads into legitimate sites (drive-by malware), so always make transactions across secure web pages where the link uses an HTTPS address.

Surf Wi-Fi safely
Traveling for business and need to access a Wi-Fi hotspot? Think again. Airport Wi-Fi is a goldmine for cybercriminals. Never send classified documents or valuable information across a public Wi-Fi network. Try a using a virtual private network (VPN) if it is a must.

What’s your number one tip for securing yourself on the Internet? Have any more tips you’d like to share? Feel free to tell us below in the comments section or on Twitter and Facebook.

Tumblr News Recap: Data Privacy Day

By | February 1st, 2013|Uncategorized|

We’re adding another element to our blog – a weekly news recap of the week’s hottest industry news stories from our Tumblr page to help you stay on top of what’s happening now.

This week was a hot one for privacy news as Monday was Data Privacy Day. Here are a few of our favorite privacy stories. 

Happy Data Privacy Day
Larry Keating of No Panic Computing discusses the importance of Data Privacy Day as a reminder to raise awareness for data privacy. What security policies do you think businesses should establish to protect employees and customers?

Internet, social media least trusted industries for privacy
CNET’s Lance Whitney covered the release of the Ponemon Institute’s recent survey, “2012 Most Trusted Companies for Privacy.” Turns out that the Internet and social media ranked at the bottom of the list. Do you agree with these rankings? Where would you rank social media?

What was your favorite privacy story of the week? Do you have any privacy tips? Feel free to tell us below in the comments section or on Twitter and Facebook.  Also, be sure to check out our Tumblr page for the latest industry news stories.

Load More Posts