Security Tip

Should your organization consider The Cloud?

Once upon a time, all software had to be directly installed onto computers—but more and more, vendors are hosting software that users access via the Cloud. Maybe you use Google Drive or Dropbox, Office 365, or a Cloud-based database. Maybe you’re interested in what such hosted services offer, but are worried about the security risks. Moving to the Cloud is not for everyone–how do you know if it’s right for your organization? The answer is simple: by evaluating it against your own particular needs.

Idealware.org, a nonprofit organization helping nonprofits make smart software decisions, has created a free new workbook, Should Your Organization Consider The Cloud, to help you to make decisions about using cloud software.

Read the full article here and receive your free copy of  help to get you started.

Have a scam free vacation

Heading out of town? Make sure you come back with a nice post-vacation glow and not a case of identity theft. Here are some things you can do to lessen the chances you’ll be a victim.

Limit what you carry. Take only the ID, credit cards, and debit cards you need. Leave your Social Security card at home. If you’ve got a Medicare card, make a copy to carry and blot out all but the last four digits on it.

Know the deal with public Wi-Fi. Many cafés, hotels, airports, and other public places offer wireless networks — or Wi-Fi — you can use to get online. Two things to remember:

  • Wi-Fi hotspots often aren’t secure. If you connect to a public Wi-Fi network and send information through websites or mobile apps, the info might be accessed by someone it’s not meant for. If you use a public Wi-Fi network, send information only to sites that are fully encrypted (here’s how to tell), and avoid using apps that require personal or financial information. Researchers have found many mobile apps don’t encrypt information properly.
  • That Wi-Fi network might not belong to the hotel or airport. Scammers sometimes set up their own “free networks” with names similar to or the same as the real ones. Check to make sure you’re using the authorized network before you connect.

Protect your smartphone. Use a password or pin, and report a stolen smartphone — first to local law enforcement authorities, and then to your wireless provider. In coordination with the Federal Communications Commission (FCC), the major wireless service providers have a stolen phone database that lets them know a phone was stolen and allows remote “bricking” so the phone can’t be activated on a wireless network without your permission. Find tips specific to your operating system with the FCC Smartphone Security Checker at fcc.gov.

ATMs and gas stations — especially in tourist areas — may have skimming devices. Scammers use cameras, keypad overlays, and skimming devices — like a realistic-looking card reader placed over the factory-installed card reader on an ATM or gas pump — to capture the information from your card’s magnetic strip without your knowledge and get your PIN. The FBI offers tips to avoid being scammed by a skimmer.

Watch that laptop. If you travel with a laptop, keep a close eye on it — especially through the shuffle of airport security — and consider carrying it in something less obvious than a laptop case. A minor distraction in an airport or hotel is all it takes for a laptop to vanish. At the hotel, store your laptop in the safe in your room. If that’s not an option, keep your laptop attached to a security cable in your room and consider hanging the “do not disturb” sign on your door.

Still, despite your best efforts to protect it, your identity may be stolen while you’re traveling. Here’s what you can do.

http://www.consumer.ftc.gov/blog/scam-free-vacation

eBay Users Should Change Password due to Breach

All eBay users should change their passwords immediately.  Due to a security breach, customer account information for eBay’s millions of users has been compromised.  To reset your password, here is the eBay password-reset page link .

In a post yesterday on the company’s official blog, eBay said the “database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. ”  You can read the rest of the blog here.

According to reports and the company, the breach did not affect PayPal systems.  However, eBay and PayPal are affiliated entities and you might also consider changing your PayPal password.  It is always best to use a unique password for every online account.

Users should be especially wary of “phishing” attacks.  Just like during other major events, criminals will use keywords such as “eBay” and “password change” to lure victims into clicking malicious links in emails.  Don’t get tricked – never click links in emails.  Instead, type the website name into your browser for safety.

Read more City of Seattle Department of Information Security tips at TechTalk.seattle.gov

You’ve been hacked! Now what?

From the City of Seattle, Office of Information Security – Bryant Bradbury

Maybe you opened an e-mail attachment you shouldn’t have and now your computer has slowed to a crawl and other strange things are happening. Or perhaps you’re running an out-of-date, or unpatched, operating system software (such as Windows XP) and have started to see “antivirus warnings.”  Perhaps your bank called, informing you that there has been some unusual activity on your account. Your friends and family may start complaining about spam messages they are purportedly receiving from you. These are all signs that your computer may have been hacked.

If your computer system has indeed been compromised and infected with a virus or other malware, you need to take action to protect your data and prevent your computer from being used to attack others.

Secure Your Computer

Ensure your computer is current with all available patches, fixes, and upgrades. If you do not have your operating system set to automatically update, do so now by visiting your operating system’s website and following the instructions. Links are provided here for Windows users and Mac users.  (In addition, note that support for Windows XP ends effective April 8, 2014. The end of support for Windows XP means that Microsoft will no longer provide new security updates and will therefore become a significant security risk. It is recommended that anyone using Windows XP migrates to products that are supported, such as Windows Vista, Windows 7 or 8.)

Your computer’s security software should also be up-to-date. To check status, click on the icon for the security program on your system. If an update is needed, it will be indicated here. If you don’t have security software installed, you need to get it. Make sure you have anti-virus and anti-spyware software installed and a firewall enabled.

Confirm that your browsers are up-to-date. Tools such as Qualys BrowserCheck or WhatBrowser can help assess status.

Secure Your Accounts

You probably access numerous online accounts, including social media, banking, news sites, shopping, and others. If you’ve been hacked, there is a chance that important passwords have been stolen. Reset your passwords for your critical accounts first, starting with your email account, followed by financial and other critical accounts.  It is important to start with email accounts, since password resets for all of your other accounts are typically sent to your email.

Use separate and unique ID/password combinations for different accounts and avoid writing them down. Make the passwords more complicated by combining letters, numbers, special characters, and by changing them on a regular basis.  If you are unable to log into one of your accounts, contact the service provider or website immediately. Most online providers include an online form, an email address to contact, or a phone number to call.

Secure Your Mobile Device

Our increased reliance on smart devices–including mobile phones and tablets–for everyday activities has resulted in an increased number of hacking attempts against these devices. As we do with our personal computers, we have to ensure that the proper steps are taken to protect our information and devices. This includes installing security software, where available, and keeping all installed software up-to-date.

For More Information

You’ve been hacked, now what?  http://www.net-security.org/article.php?id=1827

Your Email’s Been Hacked! Now What?  http://identitysafe.norton.com/blog/blog/2013/06/03/your-emails-been-hacked-now-what/

You Got Hacked! What Now?  http://www.pcmag.com/article2/0,2817,2403134,00.asp

Hacked: Now What?  http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201209_en.pdf

I’ve Been Hacked! Now What?  http://netsecurity.about.com/od/disasterrecovery/a/I-Ve-Been-Hacked-Now-What.htm

You’ve been hacked! Now What?  http://www.doit.wisc.edu/youve-been-hacked-now-what/

 

Free Security Newsletter

Sign up for Microsoft’s free, monthly email security newsletter that’s packed with valuable information to help you protect your home computer. This newsletter provides practical security tips for you and your family, useful resources and links, and a forum for you to provide feedback and ask security-related questions.

Available in text and HTML formats, the newsletter is a convenient way for you to stay up to date on the latest issues, insights, and events with:

  • How-to articles and security tips
  • Security bulletins and critical updates
  • Answers to frequently asked questions on security topics
  • Information about security trials and downloads
  • Articles on helping to keep kids safe online
  • Tips from our Security Community for Home Users

View the latest security newsletter.

Critical vulnerability in Apple iOS and OS X

The City of Seattle’s Office of Information Security is recommending Apple users immediately update their iPhones and iPads to versions 7.0.6 or 6.1.6, preferably using a non-public network, after Apple announced a major vulnerability allowing hackers to intercept and alter communications.

Apple has not released any patches yet for OS X, so Mac users should avoid using public networks, a step that can thwart many criminal eavesdroppers.

To patch your iOS device(s):

  • Run “Software Update“ from your device’s “settings” menu – OR -
  • Connect your device to your personal computer, open iTunes, select the device you just connected, and click the “Check for update” button.

Read more on our TechTalk blog: here.

Internet safety and kids

Keeping kids safe while online is everyone’s job. Through Get Net Wise, you will find an Online Safety Guide, safety tips for kids, teens and families, and gain a better understand of the risks that youth face when online. There are tools that break down safety concerns and consideration by age and kid-friendly sites as well. Get Net Wise is endorsed by the United States Computer Emergency Readiness Team, otherwise known as US-CERT, a trusted global leader in cybersecurity.

Seven tech-related New Year’s resolutions to pledge right now

Mashable brings together changes you can make that will help keep your information secure in 2014.

  1. Update Security Often: We all emit that groan of despair when our computers need to update their software, but in reality, it’s necessary to keep them running.If you don’t update your security software frequently, it’s easier to get malware or trojan horses that could steal your information and harm your computer. Most programs will schedule updates, but making it a part of your routine is helpful. Set aside ten minutes on a less busy day to update the definitions while you wait for that pizza you ordered or before you brush your teeth.
  2. Schedule Back-Ups to an External Hard Drive: Let’s be honest, backing up your hard drive is the last thing on your to-do list. The only thing that seems to jog your memory is when your computer refuses to turn on, and you realize you haven’t backed anything up for six months. Too little, too late.Like the security software update, make it a part of your routine. Set aside some time while watching Netflix or reading news online. If you use services such as Time Machine, you can schedule updates, but otherwise you’ll have to do manually.
  3. Stop Reusing Passwords: It’s easy to fall into the habit of using the same generic password for all of your online profiles and pages, especially since writing them down is ill-advised. But having the same password for every account can put your entire online presence at risk, since a person only needs to guess correctly once to access them all.Create passwords with numbers, letters and symbols to add diversity, and use a random password generator for a unique combination. If remembering them all is too much work, use one of these password tools.
  4. Use Secure WiFi Networks: The WiFi from the local coffee shop, public park or bookstore seems safe enough, but if you see a network with a dubious name (like “Free Public WiFi”) that doesn’t require a password, you’re better safe than sorry. Even if you’re using a network you can trust, there are some best practices you should adopt: Use the secure browsing extension, turn off sharing and change your settings so you don’t automatically log into WiFi hotspots.
  5. Stay Up-to-Date on Your Privacy Settings: Technology is all about change, so whenever a social network undergoes a major update, the privacy settings may have also changed. This means that your once-hidden and private profile could be out in the open for others to see.Check your own settings regularly, keep an eye out for major site changes or news of a settings update, and learn how to hide your profile again.
  6. Stop Throwing Out Busted Tech: Not only is trashing your tech terrible for the environment, it’s potentially dangerous for you. Old tech can still retain important information, so whoever picks up your old computer off the curb might able to grab sensitive information you thought you erased ages ago.A much better alternative is to recycle your products. It’s less convenient, but there are plenty of resources to help you.
  7. Keep the Clutter Off Your Computer: It’s common to let emails accumulate in your inbox or leave files on your desktop. But there will come a point in time when you’ll have to find key content hidden among the mess, and it will be significantly harder to find.With some good, old-fashioned organization skills, it’s possible to maintain a clutter-free digital life. For emails, answer or delete messages as soon as you can, sort them so you can find important ones faster and download productivity plugins. Save files to appropriate folders when you first create them, and delete duplicates or old files whenever you see them.

Five Tips for Staying Safe While Shopping Online

Shoppers will spend an estimated $2 billion in online sales during Cyber Monday this year.  With that increase in spending comes an increase in potential attacks and exploitations as shoppers flock to the latest deals and trends.

In a recent blog post, WatchGuard Technologies Director of Security Strategy outlines the five most common threats that online shoppers face on today’s web. As outlined in the blog post, shoppers are at risk from these five threats:

  1. Seasonal email phishing scams –This is a great time for cyber criminals to leverage seasonal phishing scams to lure victims to malicious sites or malware. Some of the most common malicious emails during the holidays are fake UPS, FedEx, or DHL messages claiming a delivery failed, bogus flight notices, and even phony secret Santa messages. Avoid clicking links and attachments in unsolicited emails.
  2. Fake product giveaways – Every year the holiday shopping bonanza brings us at least one or two “must-have” items for the holiday season and cyber criminals always seem to recognize these popular consumer items early. We’ve already seen phishers trying to steal personal information from victims by tricking them into filling out details to win one of the new next-generation gaming consoles. While some of these giveaways might be legit, be careful where you share information.
  3. Dastardly digital downloads – Attackers can easily theme free download offers from whatever holiday or pop culture event they want, be it Thanksgiving, Christmas, and so on. If it sounds too good to be free, it probably is. As always, be careful what you download.
  4. Fraudulent e-commerce sites – The bad guys are great at faking websites. They can fake banking sites, social networks and even online shopping sites that have suspiciously good deals for that one hot ticket item. Of course, if they can lure victims to their replica sites, they can leverage that trust to steal information. Pay close attention to the domain names and vet online retailers before ordering.
  5. Booby-trapped Ads and Blackhat SEO – Two popular new techniques are malicious online advertisements and evil search engine optimization (SEO) tricks. By either buying online ad space, or hacking online ad systems, hackers can inject fake advertisements into legitimate web sites, which redirect back to malicious sites. They can also leverage various SEO tricks to get their websites to show up in the top results for popular searches. As you consider clicking ad links or following search results, be aware of the domains and URLs you click on.

Falling victim to an attack is easy. Make sure you are safe and read WatchGuard’s latest blog post that outlines five simple tips users can follow, including:

  • Updating your software
  • Do not click on unsolicited links or attachments
  • Look for the padlock while shopping online
  • Use password best practices on shopping sites
  • Vet online merchants before clicking buy

To get the details on these five tips and the latest in cyber security threats, read the in-depth blog post at: http://blog.watchguard.com/2013/11/27/avoid-the-top-five-holiday-shopping-cyber-threats .

Microsoft Security Essentials Review

By Elena Opris at Softpedia.com.  Please visit their site for the full article.

Microsoft Security Essentials (MSE) represents Microsoft’s initiative to offer a free antivirus to users who do not want to pay for such a service, while still taking advantage of powerful features. It includes a real-time guard against various types of malware, like viruses, spyware, Trojans and rootkits.

The application offers support for Windows XP, Vista and 7, whereas Windows Defender is the built-in antivirus program in Windows 8 (they share the same virus definitions). Although it is widely regarded as entry-level security software, MSE has some advanced settings under the hood.

The Good

Microsoft Security Essentials implements a shell extension for scanning custom files, folders or drives when exploring the computer. The real-time guard can be disabled from the Settings panel. The interface is incredibly easy for novices to figure out. Resources usage is generally low when the real-time layer is activated and no scans are running.

The Bad

The notification system is intrusive. Too many messages keep popping up from the bottom-right corner of the screen when no actions need to be taken. During tests, confirmation for cleaning the same threats was often requested by Security Essentials.

When the tool is applying selected actions on infections, you cannot cancel the task, navigate MSE’s interface or minimize the window. The progress bar in the “Potential threat details” panel is frequently misleading when removing or quarantining files, aside from the fact that the job takes too long. It starts filling the meter rapidly and progressively decreases in speed.

The History tab does not include reports for each scan job, nor total scan time. Furthermore, it is not possible to schedule custom scans or definition updates, look for only particular file types, or specify the default action for real-time protection and scan methods individually.

The Truth

The bottom line is that MSE is a suitable security solution only for casual users who don’t venture too often in the Internet’s darkest corners. More advanced (or courageous) people will need to take the next rational step: upgrading to a more powerful product.