Is There A Risk With Using My Personal Device For Work?

The day after you get your shiny new mobile or tablet, chances are you’ll take it right to work and request the IT department to set it up with your work email and allow access to the company network. “Bring your own device” (BYOD) has become widely adopted to refer to workers bringing their personal mobile devices, such as smartphones, tablets and PDAs, into the workplace for use and connectivity.

Many of us need a mobile device for work and personal use and don’t want to carry two separate devices, but this can cause security challenges for the company. If you lose your mobile device while on vacation, let your kid download an app which infects your phone and starts spamming your address book, or someone accesses your company email while you’re using a public Wi-Fi connection, this can have big implications for your company in terms of a data breach, loss of intellectual property, public embarrassment and annoyance.

That’s why mobile security should be a priority for both you and your employer. As an increasing number of companies agree to this, they are also requiring you to agree to their terms as well. So you should expect to have to comply with some things like:

You may required to download and install a security and monitoring app that can’t be removed. This app may have a certificate authenticating you and the device to connect to the company network and run company programs.

The installed app will likely provide your company with the ability to remotely control your mobile at some level. I wouldn’t be concerned about this unless of course you’re not abiding by the agreement you signed.

At a minimum, expect the application to have the ability to locate your mobile via the phone’s GPS if it’s lost or stolen, as well as an autolock functionality requiring you to lock your phone locally after 1-5 minutes of downtime. Also, your employer will likely be able to wipe your mobile of any and all data..

Because your employer is liable for potentially lost data, if you BYOD, plan on giving up some liberties.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Geo-tagging: Is Your Smartphone Revealing Your Location?

Location-based services utilize geo-location information tied to your phones GPS and in some cases your carriers connection and even WiFi

Geo-location or geo-tagging can be used on PCs, but is primarily applicable to mobile phones. The geo-location software usually obtains its data from your device’s Internet protocol (IP) address or your global positioning System (GPS) longitude and latitude. Many of today’s social networking sites are now incorporating location-based services that allow users to broadcast their locations via smartphone.

This technology can be useful to predators, thieves, and other criminals, since it makes it so simple to determine where you are, and where you are not.

The BBC reports in Australia masked men, armed with a knife and a club, struck the home of a 17-year-old girl’s mother hours after a teenager posted a photo on Facebook of a large sum of cash. It is not clear how the robbers found the family address. The Facebook image was at the grandmother’s Sydney house.

Someone who is paying unwanted attention to you can see your exact address each time you post a geo-tagged photo and check in.

Thieves use geo-location to determine whether you are home or not, and then use that data to plan a burglary.

To prevent home burglary and protect yourself from broadcasting your location, you should:

Turn off your location services on your mobile phone or only leave it enabled for applications like maps. Most geo-location services are turned on by default.

Be careful on what images and information you are sharing on social networks and when. For example, it’s best to wait until you are home to upload those vacation photos.

Make sure you check your privacy settings on your social networking sites that you’re sharing information on to make sure you are only sharing information with your friends and not everyone.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News. Disclosures

Safe Searching on Your Mobile Device

The web and especially the mobile web can be a minefield of malicious links luring you to click, so bad guys can infect your device. Search engines do their best to filter these sites out but nefarious criminals have found ways to get their scammy pages to the top of search through a process called “Blackhat search engine optimization.”

Criminals create fake websites and then use the same techniques as legitimate online businesses regarding search engine optimization, marketing, and online advertising. They use keywords to boost rankings on Internet search engines, causing their spoofed websites to appear alongside legitimate websites.

It is also much harder to tell if a URL is legitimate since due to the limited screen space, mobile browsers often truncate web addresses. Also, if you’re clicking on a link to a site from an email you received, it’s hard to see the full email sender’s email address making it hard for you to know if it’s coming from a fake person or company.

That’s why going it alone in search isn’t a good idea. Just like it is essential to have antivirus, antispyware, antiphishing and a firewall on your PC, it is equally essential to have protection on your mobile. McAfee Mobile Security provides comprehensive mobile security that includes antivirus, anti-theft, app protection, web protection and call and text filtering.

Web protection comes with McAfee Mobile Security and protects you from potential phishing sites, browser exploits, malicious links within text messages, email, social networking sites, and QR codes. WithMcAfee blocking risky links at the places you visit, you now can click, search and surf worry free. These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats. ―

To help yourself stay protected you should:

Always double-check the web address of a site when doing a search on your mobile phone

Never click on a link in an unsolicited email or text message

If you land on a site that contains poor grammar, misspellings, and low-resolution pictures be
very suspicious

Rather than doing a search for your bank’s website, type in the correct address to avoid running
into any phony sites, or use your bank’s official app

Monitor your monthly bills to make sure there are no suspicious charges

Use comprehensive mobile security like McAfee Mobile Security

Of course, just using common sense and taking the time to closely check the links and messages you receive will go a long way in increasing your mobile security. Remember, if something doesn’t feel right proceed with caution.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Online Gaming Is Lucrative For Organized Gold Farming Rings

So-called “gold farmers” play massive multiplayer online games, not for fun, but to accumulate virtual currency, or “gold,” which can then be sold to other players, despite the fact that most game operators explicitly ban the exchange of in-game currency for cash. Gold farming is so lucrative, people in China and other developing nations can support themselves by working full-time operating gold farming rings.

During an interview with TechRadar’s Dan Griliopoulous, Will Leverett, Senior Manager of Customer Service at South Korea-based online video game company NCsoft, explains,“We’re convinced that groups on the seedier side of the Internet run in parallel to each other, with many offenders in China and Russia. The simplest thing players could exchange for real-world cash was in-game currency, which would then hugely unbalance the in-game economy and auction systems; essentially, those people buying currency were using their real-world wealth to employ a tribe of servants to do their work for them, as opposed to their compatriots who were attempting the same thing by the sweat of their brow.”

Massively multiplayer games that are free-to-play typically feature in-game currency, which can be converted to real cash. This currency drives organized criminals to set up banks of gamers on various IP addresses, manipulating the game in order to accumulate as much currency as possible.

Many leading gaming publishers and MMOs are finding it increasingly necessary to deploy a layered defense to prevent gold farming, chargebacks, virtual asset theft, and, increasingly, account takeovers within gaming environments. By leveraging the power of device identification and device reputation technology, which examines the computers, smart phones, and tablets being used to connect to an online game, the publisher can easily detect patterns of players working together and shut down an entire ring of cheaters at once. In one case, a major gaming publisher implemented Oregon-based iovation’s fraud protection service and was able to take action against 1,000 fraudulent accounts almost immediately.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft for the National Speakers Association. (Disclosures.)

Security Snapshot: How Is EMV Safer?

To understand why EMV credit cards—or “chip and PIN” cards—are safer, first we must understand  standard magnetic stripe cards. The familiar magnetic stripe, which can be seen on all credit cards carried in the United States, has been around for more than four decades.

The security technology behind the magnetic stripe has been compromised, since the availability of card reading and writing tools makes it easy to decipher the data stored on the magnetic stripe. Criminals use these tools to create skimming devices and other hacking methods.

EMV, on the other hand, is a relatively new technology with plenty of built-in encryption. According to the Smartcard Alliance, “[EMV] transactions require an authentic card validated either online by the issuer using a dynamic cryptogram or offline with the terminal using Static Data Authentication (SDA), Dynamic Data Authentication (DDA) or Combined DDA with application cryptogram generation (CDA). EMV transactions also create unique transaction data, so that any captured data cannot be used to execute new transactions.”

In simple terms, the data is thoroughly scrambled.

The cardholder verification process is another factor enhancing EMV card security, by ensuring that the person attempting to make the transaction is, in fact, the legal cardholder. EMV supports four cardholder verification methods: offline PIN, online PIN, signature, or no cardholder verification. With a regular magstripe credit card, the only possible verification option is to check the ID of the person presenting the card, which cashiers only sometimes do, and may even create a false sense of security. The primary verification method for online purchases is to request the CVV or credit verification value, which is visibly printed right on the card itself.

So get ready, because “chip and PIN” is coming, and it’s more secure than the cards in your wallet, not to mention the most ubiquitous card outside the United States.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

European Cybercrime Not Slowing Down

Device reputation authority iovation published a report revealing that the number of fraudulent transactions originating from Europe has risen dramatically over the past two years. From April 2011 to April 2012, iovation prevented approximately 15 million fraudulent online transactions in Europe. That’s an increase of 60% over the previous year. The rate of European fraud attempts jumped from 1.3% of total transactions in the first quarter of 2011 to 2.1% in the first quarter of 2012, and has risen steadily throughout the past two years.

iovation stops fraud attempts with their ReputationManager 360 solution, which has the unique ability to determine which online transactions are less trustworthy via patented reputation capabilities. By examining the established reputation of mobile phones, tablets, and computers, and uncovering other device relationships, iovation helps businesses find out ahead of time which online transactions are safe and trustworthy.

Consumers should really be checking their credit card statements monthly, at a minimum. Checking online statements once a week is preferred and setting up alerts such as, “Send me a text or email every time a charge over $100 takes place on my credit card” doesn’t hurt either.

While cybercriminals are everywhere, the countries within Europe where iovation has seen more “denied transactions” as compared to all of the transactions from a particular country include Romania, Lithuania and Croatia. The type of fraud being uncovered includes eCommerce fraud such as the use of stolen credentials or card-not-present (CNP) fraud, financial fraud and bonus abuse on gambling sites, and a plethora of online scams and solicitations being detected in social networks and dating sites.

Scammers who spend their days targeting consumers in the developed world are often blocked by businesses that are using layered fraud prevention technologies. iovation’s real-time device reputation technology detects computers and other Internet-enabled devices that have been involved with financial fraud and other abuses and lets businesses know when those devices are interacting with their websites.

iovation’s network of associations among 950 million devices provides businesses with the ability to know when devices are related to one another, so they can quickly and efficiently shut down sophisticated fraud rings and fraudulent accounts.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft for the National Speakers Association. (Disclosures.)

Summer home security tips before traveling

As you pack your car for your next road trip, realize someone’s probably watching.

Burglars watch. They look for signs you are traveling. They look for outside lights on 24 hours a day. They look for dark homes inside at nighttime. They look for no car in the driveway, mail and newspapers piled up or uncut grass that’s three weeks overgrown.  And they look to see you packing your car before a trip. A bad neighbor or his bad seed of a kid may be peering through their windows when you pack. That kid may end up in your house hours after you leave.

Contrary to what some might suggest, I’ve never thought it was a good idea to place your name on a “stop mail” list at the post office. Because some crack head postal employee now has a list of opportunities.

It’s the same thing with stopping delivery of your newspaper. Once you are on that list, it is known you are away.

The best case scenario for both issues is to have a trusted friend, family member or neighbor grab your mail and newspaper for you.

Never list your vacation plans on social media. The last thing you need to be doing on Facebook is telling the world you are 2000 miles away.

Here are a few home security tips to help protect your home while you are on vacation:

Pack your car in your garage or late at night under the cover of darkness.

Use timers on indoor and outdoor lights.

Let a trusted neighbor and the police know you are traveling.

Unplug garage door openers.

Have a neighbor park their car in your driveway.

Have a landscaper mow your lawn.

Don’t share your travel plans on social media or on a voicemail outgoing message.

Lock everything of significant value in a safe.

Invest in a home security camera system and home security alarm system.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News. Disclosures

Access Control for Small Business Owners

Knowing who enters and exits your business at all times of the day give the business owner greater control. Having the ability to limit unauthorized entry to your business to certain employees, ex-employees at different times of the day are just a few of the benefits of access control systems.

Knowing you can help to protect your employees and business against damage, theft, or potential harm may be a benefit you can’t put a price tag on. Whether your business has only one way access or multiple entry points, access control security systems are scalable and can be customized to fit your business and security needs.

ADT Access Guard

Security access control allows you to limit employee access, manage schedules, and know who’s going where and when. It’s a quick and easy way to help you limit the access to high-risk or sensitive areas of your business.

Public Mode

For gate, vestibule and other low-security access areas.

No limit to the number of cards the reader can recognize.

Private mode

For higher security areas such as:

Cash rooms.

High-security storage.

Server rooms.

Employee access is given to only one user at a time.

ADT Select Entry

The power of complete access control is at your fingertips. Simply point and click a mouse. That’s all it takes for ADT® SelectSM Entry to provide your small business with a robust access control solution.

Allows you to limit access to high-risk or sensitive areas.

Helps reduce employee and vendor theft.

Helps improve incident awareness and response.

Helps enhance risk management.

Limit access to restricted areas, allow or restrict the access with different user levels or by time frames,  internal communications and monitor external areas.

Intercom Entry

Intercom systems help you safely identify visitors before they get inside. ADT® Intercom Entry Systems are simple, sophisticated security systems that provide a centrally controlled access for your small businesses.

Visually and/or audibly identifies who is at the door.

Helps restrict and manage business access.

Increases employee safety.

Helps you protect entrances, secure parking lot doors, control internal communications and monitor external areas.

If your business is simply under lock and key, then you are in the dark ages and will soon be a burglary statistic. Check out the above access control systems and get educated on all these time and money saving options to secure your business.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News Live. Disclosures

How to Handle a Credit Card Breach While Abroad

One of the best and worst parts of traveling overseas is being immersed in a different language. My wife and I once got lost in Naples, Italy. When we pulled over and asked a stranger for directions, he answered in rapid Italian, which we don’t speak. We had no idea what he was saying, but were mesmerized just watching him talk. After two minutes he stopped, so we said “Grazie!” and kept moving. Now imagine if you had to deal with credit card fraud in a foreign country, and couldn’t find any English-speakers to assist you.

Fortunately, you only have to deal with your own credit card company, rather than any overseas officials. Victims of fraudulent credit card charges only wind up paying the unauthorized charges if they fail to detect and report the credit card fraud within 60 days. A 60-day window covers two billing cycles, which should be enough for most account-conscious consumers who keep an eye on their spending. During that time, you are covered by a “zero liability policy,” which was invented by credit card companies to reduce fears of fraud no matter where in the world you travel. Under this policy, the cardholder may be responsible for up to $50 in charges, but most banks extend the coverage to include charges under $50.

You can effectively stop fraud in its tracks by checking your statements online every day. If you only check every week or month, you will have to dispute that many more charges if and when your account is eventually compromised. If you fail to recognize and dispute unauthorized transactions on your credit card statements, you take responsibility for the fraudulent charges.

So, to prevent credit card scams, take the time to watch your statements. This extra layer of protection requires special attention. If you check your email daily, you ought to be able to check your credit card statements daily, too, right? Once a week is sufficient, and even once every two weeks is acceptable. Just be sure to refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Are Tablets Just As Vulnerable As Mobile Phones?

With unit sales of smartphones and tablets eclipsing those of desktop and notebook PCs, cybercriminals will continue setting their sights on mobile, and increased mobile Internet use will continue exacerbating security and data breach issues.

McAfee Labs™ points out today’s tablets are more powerful than notebooks were just a few years ago. Although their lack of real keyboards makes them unsuitable for many tasks (editing texts, programming, and design), they are very suitable for browsing the Web, which today is a primary source of malware.

You do need to view tablet computers separately from mobile phones. Tablets mainly differ in the size of the screen, but they share the same software, operating systems, and processors so their security concerns are nearly identical. About the only difference is that some tablets can use USB devices, which increases the attack surface of such devices.

And because like our mobile phone, tablets tend to be portable and one of our most personal computing devices, you need to take steps to protect it. Many of the best practices you use on your computer can be transferred to your tablet.

To help ensure that your tablet is protected, you should:

Always password protect your device and set it to auto-lock after a certain period of time to increase your mobile security

Never leave your tablet unattended in a public place

Don’t click on links on emails and text messages from people you don’t know

Even if you know the company or person, use a browser to search for a link or use the company’s official app to navigate to the site

Always double-check the web address of a site when doing a search on your mobile phone.

If you use online banking and shopping sites, always log out and don’t select the “remember me” function

Before downloading a third-party app, check other users’ reviews to see if it is safe, and read the app’s privacy policy to make sure that it is not sharing your personal information

Use comprehensive mobile security software like McAfee Mobile Security which include antivirus, anti-theft, web protection, privacy protection and call and text filtering. If you have multiple notebooks, netbooks, smartphone and tablets, McAfee All Access provides security for all your devices and helps keep all your stuff safe whenever and wherever you connect.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)