If you employ remote workers, your IT staff has a unique challenge keeping your organization safe. Fortunately, using a combination of best practices for cybersecurity, user awareness campaigns, and a strong policy will help to keep data safe.
New advances in mobile technology and networking have given remote workforces a boost, and while policies for most remote workers generally depend on manager or company preferences, most businesses must accommodate a mobile workforce on some level…and here’s where the challenge lies.
Things such as emails, vulnerable software programs and work documents are all tools that cybercriminals can use to infiltrate your company’s network. These remote workers, no matter how convenient they might be, are the weak link in any company’s security plan. Cybercriminals know this, which is why they often focus on these workers. So, what do you do to find a balance between the convenience of remote workers and the importance of network security? Here are eight way that you can secure your remote workforce:
- Use Cloud-Based Storage – One way to make your remote workers safer is to use cloud services that use two factor authentication. These often have a higher level of encryption, so any data that your workforce uses is not only accessible, but also protected.
- Encrypt Devices When You Can – When giving mobile devices, including laptops, to your remove workforce, make sure that the hard drives are encrypted to protect the data on the machine. However, not all security programs will work with devices that are encrypted, so make sure that you double check all the tech specs before loading them up.
- Set Up Automatic Updates – You can also take the steps to automate any software updates, which means as soon as an update is released, your remote workforce will get the software on their devices. This can also be done via Mobile Device Management software.
- Use Best Practices for Passwords – You should also make sure that you are implementing good practices with passwords. You should, for instance, safeguard against stolen or lost devices by requiring that all employees use strong, complex passwords. You should also request that your team puts a password on their phones and laptops, since these items are easily stolen.
- Create Secure Network Connections – Also, ensure that your remote employees are connecting to your network by using a VPN connection. Encourage your IT staff to only allow your remote workers to connect to the VPN if their system is set up and patched correctly. Also, make sure that they are not connecting if their security software is not updated.
- Increase Awareness – Instead of attempting to restrict personal use of the internet, you should instead encourage education about internet use. Create and enact a cybersecurity policy, ensuring that it covers concepts such as phishing, scams, and social engineering tactics.
- Use Encrypted Email Software – Checking business email offsite is quite common, even among those who work on-site. Thus, it is extremely important to use a secure program for email.
- Use an Endpoint Security Program – Finally, if you haven’t already, implement an endpoint security program. These programs can be remotely launched and managed from one location. This software should also include components to keep unpatched programs, safe.
Yes, remote workers can be a challenge for your IT staff to manage, but when you use a strong policy, good practices in response to cybersecurity, and a comprehensive campaign for user awareness, you and your staff can keep all of your data safe.
Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: online safety online security privacy telemarketing scams
There are a number of misconceptions about cybercrime and those who engage in it. To a cybercriminal, there is no target that is special unless they have a grudge or beef with a particular entity, and as a rule, they will often cast their net wide and then move to attack the easiest prey they find.
Security specialists must never underestimate the actions of a cybercriminal. Records are easily shared and sold, and they are highly valued. This is especially the case when personal and medical information is the focus.
Any plan that the security professionals design must be focused on these types of crimes. They must also be aware of any upcoming threats and ensure that all proper backups of data are in place.
What are the Common Misconceptions Associated with Cybercrime and Cybercriminals
The most common misconception about cybercriminals that is often observed is that these people have diverse experience and skills, which allow them to initiate a huge range of cyberattacks. This would mean that they would earn a large amount of money as a result. However, the truth is, many of the cybercriminals out there use automated software, which means they don’t require much training at all. According to a recent survey, the vast majority only make from $1,000 to $2,000 a month. But as many as 20 percent of cybercriminals are making more than $20,000 a month.
Who are the Criminals Behind Cyber Crimes?
For the most part, those who commit cybercrimes have a clean criminal record and do not have any ties to any organized groups. These criminals usually also have a stable job during the day and participate in these cybercrimes in their free time. Often, these people are introduced to cybercrimes during college, and many remain active in the industry for several years after they begin.
The other cybercriminals have a bit of a different background. These people belong to cybercriminal syndicates that work within a hierarchy. There are highly skilled members of these groups, and each have certain responsibilities to ensure the success of their organization.
Generally, these groups are controlled by a “boss,” who is the mastermind. They are typically highly educated, intelligent, and some are often connected with the banking industry, as they must arrange for things like money laundering. Additionally, these groups often include people who are professional forgers, as they often require fake documents to serve as paperwork to “prove” their schemes, and then the group needs those skilled in hacking, software engineering, and other technical operations. Some of the groups also include those familiar with law enforcement, as they are skilled with things such as gathering information and counter-intelligence.
What is often so surprising is that members of these groups are often highly respected members of their communities, and many are seen as successful people in business. These people are also often connected to hospitality, real estate, or the automotive industry.
These people do not think of themselves as regular criminals, and they rarely cross paths with others whom the general public might deem as “criminal.” They usually hide in the shadows and avoid any actions that might bring attention to them.
To avoid all of this, it is best to use the assistance of a professional. They are familiar with how these communities run and how they react to certain actions. There are a number of way to research the dark web in a secure and safe manner without risking the integrity of your organization, but the professionals are best for this job. It is also important for businesses to utilize security teams. This ensures that they are capable of obtaining the data and stimulating the environment.
Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: cyber crime cybersecurity
Back in August, 2016, Kala Brown and Charles Carver arrived to a 100-acre property in South Carolina for a cleaning job. Charles Carver never made it off the property, and Kala Brown spent more than two months in a metal shipping container, allegedly held captive by Todd Christopher Kohlhepp.
In November of 2016, detectives were searching the property of Kohlhepp when they heard banging coming from the inside of a shipping container. When they opened it, they found Brown chained “like a dog.” According to Brown, she saw Kohlhepp shoot Carver, killing him, and then he took her hostage, chaining and locking her inside of the crate.
Carver’s body was found on the property, and Kohlhepp is suspected of being involved with six more murders.
Brown described her captivity as “hard,” and she said she remained chained for the duration of it. She also says that he did let her walk around a bit, and he fed her one time each day. She was finally found when authorities were searching the property after she was reported missing. Her cell phone was pinging on the property, but it took about two weeks before they could get a search warrant.
Police reported that they had no indication that there was foul play when they began searching. The cargo container was located on the middle of the property next to a garage. After finding the body of Carver, the investigators brought in cadaver dogs to search the property. Additionally, ATV’s, backhoes, and even a helicopter circled the property. The cadaver dogs picked up some scents, and the excavation of the property, began. The investigation found two more bodies, that of Meagan McCraw-Coxie and Johnny Coxie, who had gone missing in 2015.
Since his arrest, Kohlhepp has admitted to killing seven people in total.
Public records show that Kohlhepp is both a licensed pilot and real estate agent. He does, however, also have a record. As a teen in Arizona, he was convicted of kidnapping and crimes against children, and he spent some time in prison for these crimes. He is also on the sex offender registry in South Carolina. This is due to a kidnapping in 1986, which coincides with the incident in Arizona. In total, Kohlhepp served 14 years in prison. According to sources, Kohlhepp kidnapped a girl, aged 14, took her to his home, bound her with duct tape and raped her. He was released in 2001.
As is the case with many serial killers, most people who knew Kohlhepp were shocked by these allegations. One real estate agent that worked with Kohlhepp said that she had known him for a decade, and they had met in college. They had even been study partners for a statistics course. She was in disbelief when she heard that he had admitted the murders.
She also said that most people in the area knew that he was a registered sex offender. However, he told people that it was due to exaggerated charges after he and a girl had gone joyriding and the girl’s father, who was a local official, became angry.
Kohlhepp also had a second home in the area, and neighbors describe his as “private” but “pleasant.” He was also described as “a likable guy.”
All in all, Kohlhepp was charged with a total of seven counts of murder and two counts of kidnapping. He was also charged with three counts of possessing a weapon while committing a violent crime. The relatives of other victims will reportedly file wrongful death lawsuits against Kohlhepp, and Brown has said that she will file a civil lawsuit. Kohlhepp is due in court on January 17th.
Oh, and Jeffrey Lionel Dahmer, also known as the Milwaukee Cannibal, was an American serial killer and sex offender, who committed the rape, murder, and dismemberment of seventeen men and boys between 1978 and 1991. Apparently he was a likeable guy too.
Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: fraud
According to a new study, genetics and evolution have made an impact on the murderous behavior of the human species. However, becoming civilized has tamed some of these instincts.
Scientists have looked at the homicide rate of more than 1,000 species that kill their own, and noticed that there are similar rates of lethal acts. Essentially, this means that the evolution of these species can tell us a lot about how violent the species is.
This study, which was published in Nature, says that humans lie in the middle of a quite violent group of mammals that have all evolved together…and these mammals have a very violent and murderous past. What does this mean for us? It means that humans have likely inherited violent tendencies from our ancestors.
Let’s look at the numbers. When looked at as a group, the rate of all mammals murdering their own is about three in 1,000. However, when we look at our ancestors, and many primates, for that matter, this number is closer to about 20 in 1,000. In certain periods of time, this number even rose to about 120 in 1,000, such as during the medieval era, which ran from around 700 to 1500 A.D. Fortunately, we have seen these numbers fall, and when you take humans, alone, the current rate is about 13 in 1,000. So, we are now much less violent than we were just 1,000 years ago.
It’s true that we, as humans, are killing each other less than we used to, but we are still not as peaceful as some of our mammalian cousins. For example, killer whales, which are one animal that has a high level of intelligence, has a rate of violence against its own of around zero. In fact, most whale species are quite peaceful to their own kind.
So, we are more violent than whales, but when compared to mammals such as baboons, cougars, and lemurs, we are far less violent, as these animals have murder rates closer to 100 per 1,000.
Since this study examined violence in a way that compared closely related species, it’s not a surprise that these species had similar levels when looking at violence. Furthermore, the more closely related a species is to another, the more similar their levels of violence.
It is difficult to calculate rates for lethal violence for our ancestors, but we can get a rough idea based on looking at archaeological findings. What was found after looking at thousands of these sites is that things such as culture and government lower the rates of lethal violence. This also suggests that the level of murder among species is reversible, and that it might increase or decrease based on social, ecological, or cultural factors. These findings are similar to a previous study from Harvard that looked at the history of violent crimes, such as rape, as well as war, murder, and bigotry.
When we look at all of these facts, humans are social, territorial, and naturally violent. But, as modern society has become developed and we have engaged in more civilized activities, the rates of violence have fallen. What’s really interesting is that this study shows that most mammals are not murderous towards their own kind, but others, such as wolves, lions, and primates, including humans, actually do engage in this behavior. What it could come down to is that mammals that are murderous towards their own kind are both territorial and social.
In late 2016, a huge data breach occurred. More than 412 million accounts were affected when hackers got into FriendFinder Networks.
According to sources, approximately a million of those accounts had the password ‘123456,’ and approximately 100,000 has the password that was simply, ‘password.’ This, of course, is despite the efforts from pros about password management and the importance of a strong password.
Complex Passwords are Inconvenient
This data breach is just one of many, and it shows that using passwords alone are risky and have consequences. Additionally, complex passwords are inconvenient, and this means that people often avoid using them, or they write them down, or use them across multiple accounts, meaning there is a great chance that they can be stolen.
Keeping in mind, still, that passwords are flawed. This is not because they are often so easy to guess and easy to hack, it’s because they are quite expensive to maintain. Approximately 20 to 50 percent of calls to the help desk are due to password resets because people forget them.
All of this means that things have only gotten worse when it comes to the usability of passwords over the past few years. So, to keep the control that is necessary to ensure the data is safe in an organization, the IT team must use tools that will address these major security concerns. When you consider all of this, it is truly shocking that so many people are still using passwords such as ‘password’ and ‘123456.’
If you look at all of the data-breaches that have occurred in 2016 and consider the millions of people who have been caught up in these breaches, it’s absurd that people are picking passwords that are so easy to guess.
However, you also should keep in mind that it doesn’t matter what your password is, security experts and IT professionals keep hammering in the importance of changing passwords. Even if you are choosing passwords that are a bit more advanced than ‘123456,’ you should still change your password, often.
You also must consider this: it doesn’t matter how good your password is and how complex you make it; passwords are still vulnerable. What we need is a change in our thoughts about security and a revision of our concept of what a password is and does.
In some form or another, passwords have existed as a way to secure information for centuries. For most of this time, they have worked well. However, with technology changing the world, this old form of security needs to be refreshed to meet the needs of the time.
More Security is Necessary
To overcome all of the issues that are associated with passwords, companies should take time to look at different forms of security. All you are doing now is wasting time and money by changing passwords and making them stronger. On top of this, when your business experiences a data breach, you could be facing a fine and of course, embarrassing questions. Instead, it’s time to drop this concept of using passwords as the only means of security.
We need an approach that eliminates passwords altogether. Using, for instance, two factor or multi factor authentication or better, un-hackable security tokens is one way to ensure that no passwords are stored, created, or transmitted. This will help us all to remain safe.
It doesn’t matter who you are or where you live, your home is at risk of being burglarized. According to numerous studies, in the US alone, a burglary occurs about once every 18 seconds, which equates to about 5,000 a day.
Fortunately, you can secure your home or business against burglary, and it doesn’t have to cost you a fortune. Here are 5 ways that you can get peace of mind on the cheap:
- Repurpose Your Smartphone
If you are like most, you probably have an old smart phone hanging around just collecting dust in a drawer. For free or a small fee, you can download apps for both Android and iPhone devices that allow your smart phone to become a surveillance system with almost no effort on your part. Simply search “Surveillance app” in your devices app store.
- Speaking of Cameras…
Of course, you can always just buy a surveillance camera for your business or home. These are often network cams and are easy to use and affordable. These low cost security cameras are often motion-activated cameras that sends a live stream and alerts to the user’s smartphone via the cameras app. Some of the features to look for include:
- Night Vision
- Wide-angle lens
- Automatic detection of animals
You can buy the systems at major retailers, and it start as low as $50.00.
- Set Up Some Tripwires
Sometimes simple and traditional is best, and tripwires can really do a nice job of protecting your home or business, and you can get them for as little as $20. In fact, with a bit of ingenuity, you can even make your own. Some of them have a loud sound, too, similar to a gunshot, which will seriously scare anyone who is sneaking around where they shouldn’t be. These are low-tech and perfect for anyone wanting to beef up their other security systems, as a multi-layer approach to security is best. Search “trip wire alarm” on eBay or YouTube for all kinds of options.
- Get a Guard Dog
If the traditional approach appeals to you, consider a guard dog. People have been using guard dogs to protect their property since the time of Ancient Rome, and one of the most popular breeds for this type of work is the German Shepherd, Doberman or Belgian Malinois. These dogs are large, strong, and intimidating, and you definitely wouldn’t want to cross paths with one that was trained to keep you off its property. Just keep in mind, whatever breed you choose, that you must get a professional trainer for the best results.
- Make a Pact With Your Neighbors
One of the best ways to protect your property is to work with your neighbors and keep an eye on each other’s homes. For example, if you know your neighbor is going on vacation and you have more than one car, park one of them in their driveway. This way, it looks as if someone is home. You also should take their mail in because burglars know if there is a lot of mail in the box, the home or business owner likely isn’t around.
A Massachusetts man is on trial. His crime? Stalking. But, it’s probably not what you think. The 48-year-old was chatting and sharing photos with a 16-year-old girl, and these chats and photos were “sexual in nature.” The pair met on social media, and when the girl asked to stop these exchanges, the man threatened to send the shared photos to her friends. This is a case of sextortion.
The Definition of Sextortion
Sextortion is a type of sexting that can have serious consequences. Sexting, of course, at a basic level, is the sharing of nude or sexually explicit photos and chat, usually from one cell phone to another or on social media. The practice is legal when done between consenting adults, but when those under 18 are involved, child pornography and sexual exploitation laws come into play.
Sextortion usually refers to the act of extorting someone by using digital photos that are sex-related. The party doing the extorting will usually demand something like property, money, sex, or another service from the victim. If the victim doesn’t meet the demands, the one doing the extorting threatens that they will share or distribute the sexually explicit photos.
What Can You Do If You are Being Sextorted?
If you believe that you are being sextorted, there are some things that you can do depending on the conditions. First, if you are under 18, you are protected by child pornography and child sexual exploitation laws will come into play. If you are over the age of 18, you might be protected by various laws including stalking, sexual harassment, extortion, or wiretapping.
For those who are under 18, the first thing to do is tell a parent or adult. However, keep in mind that some people are “mandated reporters,” such as teachers. This means that they are required by law to report any instance of sexual victimization of anyone under the age of 18. Keep in mind charges in some cases can be brought against anyone involved, even hypothetically, whether they are guilty of a crime, or not. I’ve seen cases where two 15 year olds consented to sending each other sexting pics and each of them were charged, and each were victims, even though they consented, but were under age. So, it’s better to work directly with a parent or other close adult.
Your Options for Sextortion Help
You have a number of options when seeking out help for sextortion:
- Contact a Crisis Hotline – There are crisis hotlines and chat services available that will allow you to remain anonymous during this process. Usually, these organizations will refer you to local people who can help.
- Contact a Victim Advocate – Many counties, police stations, and crisis centers have victim advocates and social workers available for these situations. These people can help you put together a plan and get a protection order against the person who is threatening you.
- Contact a Legal Aid Organization – Simply doing a Google search will help you to find a local legal aid organization. In this case, just search “legal assistance” or “legal aid.”
- Reach Out to a Lawyer – If you have a case and have gotten legal advice and evidence, you can contact a lawyer. They will help you to remove any photos that have been posted online.
- Contact the Police – File a report by contacting local law enforcement.
- Tell a School Counselor – You will get the wheels turning when telling a school counselor. Remember, they are required by law to report the incident.
Advice for the Parents of Victims
Many young people are reluctant to tell adults about sextortion and sexting for several reasons. They might believe they will make the situation worse or they might believe that they will be judged. Some might also believe that they will face criminal actions, too.
If your child does tell you about possible sextortion, make sure that they know you are there for them no matter what. With this type of loving and supportive communication, you will be able to deal with this situation as a team.
Ask your child to tell you their side of the story, and then take it from there. You might want to communicate with people you both have trust in. This way you can fill the gaps. You might also consider contacting any social media services where photos were shared, such as Facebook. They will usually help. It is also a good idea to contact a victim advocate, as they know what type of evidence to look for that can be used in court. Finally, make sure to report the person via social media, which will help to block the accused account.
This post isn’t exactly a “how to” but if your current employment isn’t bringing in the bacon, I’m sure your criminal mind can figure it out. In the biggest digital advertising fraud in the history of the U.S., it was recently found that a group of hackers is bringing in from $3 million to $5 million a day from media companies and brands. That’s some scratch!
White Ops, an online fraud-prevention firm, uncovered this campaign, which they have called “Methbot,” and the firm found that the campaign is generating more than 300 million video ad impressions each day.
AFT13, which is a cyber criminal gang, has worked to develop the Methbot browser, which spoofs all of the interactions that are necessary to initiate and carry out these ad transactions.
The hackers, which are allegedly Russia-based, have registered more than 250,000 distinct URLs and 6,000 domains, all of which impersonate US brand and companies, including Vogue, ESPN, Fox News, Huffington Post, and CBS Sports. They then take these sites and sell fake ad slots.
The cybercriminals that are behind Methbot are using their servers, which are hosted in Amsterdam and Texas, to give power to almost 600,000 bots. These have fake IP addresses, most of which belong to the US, and this makes it look like the ads are being viewed by visitors in the US. The criminals then get video-ad inventory, which they display on the fake media website that they have created. They get top dollar for this, and they trick the marketplace into believing that this content is being seen by legitimate visitors. In reality, however, these ads are being “viewed” by fake viewers thanks to an automated program that mimics a user watching an ad.
To make the bots look even more real, the group also uses methods such as fake clicks, mouse movements, and even social network login info. White Ops has also found that this fake army of viewers has amassed about 300 million ad views each day, and it has an average payout of about $13 per every 1000 views. If you multiply this by the compromised IP addresses out there, the money is rolling in.
White Ops believes that the Methbot empire has created from 200 to 300 million fake video ad impressions each day, which targets about 6,000 publishers. In a 24-hour period, this is generating somewhere between $3 and $5 million in each 24-hour period.
While the operation has its headquarters in Russia, White Ops can’t say for sure that Methbot has Russian origins. The good guys have been in contact with the FBI, and together, they have been working towards stopping this scam for several weeks.
It can be truly terrifying to fall through ice on a frozen lake, but if you remain calm, it can save your life. Most people don’t realize that you have more time than you think, according to experts. This is due to the concept of thermoregulation and how your body deals with the shocking cold that immediately encompasses the body.
As you first hit the freezing water, you will almost immediately gasp and start hyperventilating. It is important that you remember to get control of your breath and do not thrash around. It can help to remember something called the “1-10-1 principle.” This means that it takes about one minute to gain control of your breathing, and then you have 10 minutes to move before you get too cold. The final one is to remind you that it will take one hour before you become unconscious. Again:
- 1 minute to control your breath
- 10 minutes of meaningful movement
- 1 hour before unconsciousness sets in
Take that initial minute and fully focus on your breathing. Slow it down, and then look around to see if you can locate the thickest area of ice. Typically, this is in the direction of the way you were coming from, as the ice was thick enough, at least for a time, to hold your body weight. When you locate the ice, stretch your arms over the surface, and then begin to flutter-kick until your body becomes horizontal with the surface. Kick hard and use your arms and hands to pull yourself onto the ice. As soon as you are able, begin to roll away from the hole, and then crawl upon the ice until you can safely stand up. To learn more about this, and to see it in action, there are videos online that demonstrate this technique.
Keep in mind that once your body temperature falls below 95 degrees Fahrenheit, officially you are hypothermic. When it falls below 86 degrees, it is likely that you will be unconscious, but not actually lifeless. In fact, people have been revived from body temperatures as low as 56.7 degrees, which is when the body will show the clinical signs of death, such as not breathing and not having a pulse.
It is possible that you can live for several hours after passing out if you can get out of the frigid water. This, however, does require some planning. You only have about 10 minutes after falling in before your muscles and nerves become too cold to work. If you feel too weak to go on and you cannot get out, place your arms over the surface of the ice and just remain still. The point is to encourage your coat to freeze to the ice, so that if you lose consciousness, you will keep your head above water. Additionally, you will remain visible for rescue, even if you pass out.
Burglars love doors, because that’s their No. 1 way of gaining entry to a house. When thinking of ways to make your home safer, you should really home in on your doors.
- Solid wood door without a window (ideally with solid wood core)
- Top flight deadbolt (ideally two)
- Reinforced frame and doorjamb
The above elements would make it almost impossible for an MMA fighter to kick the door in. Yes, you should be thinking in terms of kick-proofing your door. By the time we’re 18, we’ve probably witnessed hundreds of door kick-ins on TV shows and in movies. No matter how many unrealistic things we’ve seen on film, one thing stands out as being very true to life: the ease of kicking in a door.
If the door has a window, we have a problem. A crook could smash through it and unlock the door. Here is where a second deadbolt, near floor level, comes in handy. If this can’t be done, then have decorative steel bars placed over the window.
A metal door is also doable for good security, as long as its interior is reinforced and it has a lockblock.
Keep in mind that even a steel door (the most secure type) can be kicked in if the lock’s screws are too short. You get what you pay for; do not cut corners when it comes to purchasing a deadbolt. They are not all the same. A good one extends deep into the doorframe.
I also recommend a one-sided keyless deadbolt for use when you’re home. As its name implies, it can’t be manipulated from the outside (which makes it impossible for an intruder to circumvent).
The doorjamb and frame should be as strong as possible. Don’t just rely on a good deadbolt. The strike plate’s screws should be three inches. Install door reinforcement technology. This beefs up the door jamb to prevent kick-ins. See Door Devil.
What about sliding doors?
- The glass should be reinforced or replaced with polycarbonate.
- The track should have a bar to prevent the door from being forced open.
- Track stoppers also come in the form of small devices that screw onto the track and block the door.
- The door should be equipped with a motion and vibration sensor that triggers an alarm.
Keep a covering over the windows as much as possible. I understand that you want your home to be bright and cheery, but find a happy medium by realizing that a burglar can get a really good look inside your house through uncovered sliding doors. For sure, keep the curtains drawn or the shades down when it’s dark out.Filed Under: home invasion home security home security tips