Reasons a Space Heater Can Cause a Fire, & Safety Tips

/in /by

Do you know the three reasons why a space heater can cause a fire, and what the No. 1 reason is?

6HAs a home security specialist, one of the areas of safety that I’m always screaming about during the cold weather is space heater safety, including making sure people know the reasons why such a little device could bring an entire house down in ashes.

The National Fire Protection Association names these three reasons that a space heater can start a fire: The unit is too close to a flammable agent like a mattress or bedding; the space heater is on but not attended; and dirty chimneys.

The NFPA offers these tips for electric space heater safety:

-Require a three-foot childfree zone around space heaters.

-Supervise children when a space heater is going.

-Put the “space” back in space heater: Give it ample personal space—three feet of it—from anything else.

-Make sure the unit has no broken or malfunctioning parts.

-The unit should always be on a flat, solid surface.

-Use only a unit with an automatic shut-off so that it shuts off if knocked over.

-Never use extension cords.

-Never leave a space heater on when absent or asleep.

Here are the NFPA’s tips for fuel burning space heaters:

-Use only the fuel that the manufacturer specifies, and the proper grade if the fuel is liquid.

-Refuel the unit only outside or in a well-ventilated area.

-Keep a window open when the unit is in operation.

-Newly manufactured gas space heaters have a mechanism that shuts it off if it detects low ambient oxygen. If your old unit doesn’t have this feature, replace it.

-Allow at least five minutes to lapse if your gas heater pilot light goes out, before relighting, and light your match before you turn the gas on to avoid a flashback.

-Never light the unit if you smell gas from it. Instead shut off all controls, open the doors and windows, then call a gas service tech.

Knowing the reasons why a space heater can start a fire is just the beginning of safety; you must also mind the rest of these tips.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

What is a Denial-of-Service Attack?

/in /by

You may have heard news reports about popular websites such as CNN, Amazon and Yahoo! being taken down by a DoS attack, but have you ever wondered what DoS means?

3DThis common tech term stands for “denial-of-service,” where an attacker attempts to prevent legitimate users from accessing a website entirely or slowing it down to the point of being unusable.  The most common and obvious type of DoS attack occurs when an attacker “floods” a network with useless information.

When you type a URL for a particular website into your browser, you are sending a request to that site’s computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can’t process your request. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying access to legitimate users.

A distributed denial-of-service (DDos) attack is one where a site is attacked, but not by just one person or machine. DDos are attacks on a site by two or more persons or machines. These attacks are usually done by cybercriminals using botnets (remote computers that are under their control), to bombard the site with requests. Cybercriminals create botnets by infecting a collection of computers—sometimes hundreds or thousands—with malware that gives them control of the machines, allowing them to stage their attack.

There is also an unintentional DoS where a website ends up denied, not due to a deliberate attack by a single individual or group of individuals, but simply due to a sudden enormous spike in popularity. This can happen when an extremely popular website posts a prominent link to a second, less well-prepared site, for example, as part of a news story. The result is that a significant proportion of the primary site’s regular users–potentially hundreds of thousands of people—click that link in the space of a few hours, having the same effect on the target website as a DDoS attack. When Michael Jackson died in 2009, websites such as Google and Twitter slowed down or even crashed.1

While this can be an inconvenience to you, as you may not be able to complete transactions or access your banking site, there’s no real danger for you. But unbeknownst to you, your computer or mobile device could be part of the botnet that is causing a DDos attack.

To make sure you’re not part of a DDos attack:

  • Pay attention if you notice that your Internet connection is unusually slow or you can’t access certain sites (and that your Internet connection is not down)
  • Make sure you have comprehensive security installed on all your devices, like McAfee LiveSafe™ service
  • Be careful when giving out your email address, clicking on links and opening attachments, especially if they are from people you don’t know
  • Stay educated on the latest tactics that hackers and scammers use so that you’re aware of tricks they use

“Web slows after Jackson’s death”BBC News

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

10 Simple Tips to Bank Safely Online

/in /by

One of the issues I’m passionate about, as an online-security analyst, is that of banking safely online; so I recommend the following simple tips to help ensure your security in cyberspace.4H

  1. Wired ethernet link. This offers more security than does a powerline or Wi-Fi network. In fact, the powerline carries your data via electrical wires—not secure at all. Data from wires can leak into adjacent homes, and Wi-Fi signals are out in the open, literally. An ethernet attack, however, may require a home break-in by the crook, and then he has to set up his device.
  2. Nevertheless, powerline and Wi-Fi do come with encryption capabilities; encryption scrambles data for safer online banking. Any attacker would need your password to infiltrate. But remember this: Wi-Fi’s WEP, which is obsolete, can be hacked into, even though it’s still offered as an option for router setup.
  3. Do not leave a router on its default password. Otherwise, crooks can get in and redirect your traffic to who knows where.
  4. Never trust third-party Wi-Fi hotspots.
  5. Make sure that the financial site you visit has a padlock icon and “https” before the URL address; this means it’s secure and legitimate. “Http” (no “s”) is not secure.
  6. Keep up to date on security updates for your browser and operating system. This will protect against a crook who uses a keylogger to track your keystrokes. With a keylogger, a hacker can get your keystroke pattern and will figure out your passwords.
  7. Never click on links in e-mails. Even if it’s supposedly from your bank. Never.
  8. To really beef up online banking security, use a separate computer just for online banking.
  9. Enable your financial institution’s two-step verification. This is typing in a password that’s one-time, that gets texted to you. Unfortunately, many banks don’t have this tactic. But if you’re concerned with banking safely on the Internet, see if your institution does. If you can’t find this information on their web site, call them.
  10. One more simple tip about safe online banking: Hotspot Shield VPN service guards your entire online experience when you’re using unprotected networks, such as at coffee houses, hotels, airports, etc., be they wired or wireless.

You can have peace of mind that your web sessions (downloads, filling out forms, shopping, banking) are safe and secure with the https-protected tool. With Hotspot Shield, all mobile data is encrypted. Hotspot Shield also has a mobile version, and it compresses bandwidth so that you can download nearly double the content at the same cost. This VPN service has saved 102.9 million megabytes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Meeting a Stranger: Safety Tips for Online and In-Person

/in /by

A simple yet comprehensive guide to staying safe when meeting a stranger in person or dealing with one online.

1SDI have been involved in the security industry for years, and one of the most common questions I get is how to be safe when meeting a stranger online or in person.

Safety Tips for Online Stranger Encounters

  • When online, give out as little info as possible.
  • If possible, meet people on sites that scrutinize their users, though even an extensive profile can be convincingly faked. Do your homework on these sites.
  • Don’t rely only on profiles. Seek out their name online to see what comes up.
  • Use a disposable e-mail address (or phone number) service or app.
  • Speak on the phone first; it’s harder for a man to pretend he’s a woman this way.

In-Person Safety Tips with Strangers

  • Use your smartphone to share where you’ll be with family and friends. There are apps that will let trusted people view where you’re at.
  • Choose more than one meeting place (well-lit, very public). This is because you may want to go to a second location if it’s a date, or if it’s a buy-sell, the other person may get lost.
  • For a buy-sell, bring someone with you.
  • For dating or business, bring minimal cash, only the amount you expect to pay for an item. Keep extra cash (for haggling) separate and unseen by the stranger.
  • If the stranger must come to your home to view an item you’re selling, leave your front door open. Try to have someone with you.
  • Do a background check on anyone whose house you’re going to (such as to clean or babysit).

Safe Strategies with Strangers

  • Never get into a car with a stranger.
  • Arrange a nearby meeting place for you and trusted friends, after your blind date or business meeting. If it’s a blind date, your friends could be across the street having dinner; only one text message away.
  • Stick to your meeting place plans; don’t veer off-course.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Health Care Information Breaches rise

/in /by

Medical errors can also mean medical identity theft—accounting for 43 percent of all 2013 identity theft in the U.S., says the Identity Theft Resource Center. Medical identity theft kicks other forms of ID theft to the curb: banking, finance, government, military and education.

2DFraudsters invade health data to illegally obtain prescription drugs, services or devices and to get insurance reimbursements.

Making the situation stiffer is the Affordable Care Act, as the implementation of federal and state health insurance exchanges involved malfunctioning online marketplaces. Plus, the Act promotes digitizing medical records, and you know what that means.

What about an honor system?

HIPAA—Health Insurance Portability and Accountability Act (now you know why it’s not “HIPPA”)—and the HITECH Act define what health care providers must do to protect patient privacy. Violations of these acts can net stiff fines including up to 10 years’ prison time.

However, HIPAA has exceptions, such as “public health activities” and “health oversight activities” in which confidential information is shared.  People who know that HIPAA isn’t airtight can be turned off from revealing they have an STD or a psychiatric disorder to their doctor unless absolutely necessary.

Patients must be notified by their health plan, medical institution or medical provider when it’s been determined that their health information has been breached, says HITECH law. The Department of Human Health must also be notified. The Department will reveal breaches that involve at least 500 patients.

The discovery, though, doesn’t solve the problem that has already occurred: the fallout from the leak. It’s fairly straightforward to have the right information put back in a patient’s files, but another story to get the fraudulent information taken out, due to fear of medical liability.

Take action:

The time is now to bring attention to how a business is protecting their clients’ data. The public wants to know their information is safe and the companies they hand it over to are doing everything possible to protect it.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Prowler Alert issued

/in /by

Two men, impersonating San Jose police officers, waltzed through the unlocked door of a woman’s home and told her they were there to check on her welfare. This happened in the early evening, and the men were described as being Hispanic and 5-7 and 155 pounds. They presented the woman with identification but she smelled a fish.

2BWhile the men were there, she called the Petaluma police dispatch center. One of the men was brazen enough to tell the dispatcher he was checking on the 66-year-old woman’s well-being, then hung up. The men then left the property.

The San Jose police said they had no officers in the Petaluma area, and are urging residents to keep their doors locked—no excuses—at all times. They should also request a photo ID of anyone claiming to be a police officer who’s in plain clothes.

Simple Home Security Guidelines

  • If a stranger is at your door, never speak to that person through an open door or screen door. Talk to them through a locked door.
  • Never allow children to answer the door.
  • Not all home invaders ring the doorbell or knock. Some barge in unexpectedly, so always have the alarm system on, even if it means having to always remember to turn it off when you step out.
  • And of course, get the home alarm system.
  • Have a 24-hour video surveillance system installed. The site of a camera usually scares off a would-be intruder. Cameras should point to all your doors and other access points.
  • Consider getting a German shepherd or other large breed that has a natural guarding instinct and innate territoriality. You may fret at the thought of having to take a dog for walks every day, cleaning up after it, feeding it, etc., but that will be more exercise for you (who doesn’t need more exercise?), a great companion that offers unconditional love, and a superb deterrent to a home invasion or burglary attempt.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Kidnapping’s 3 Stages: Lure, Induction, Captivity

/in /by

As a security and safety expert, I often lecture about all the facets of a kidnapping. There are three basic stages or phases of the kidnapping experience.

 http://www.dreamstime.com/royalty-free-stock-image-police-line-image27267376The Lure

Kidnappers premeditate and precalculate every move. Months of planning could go into an abduction that takes only seconds. The circumstances have to be perfect, like a solitary female at night in a barren area. The kidnapper has honed his charm skills and knows who will fall for his sob story to gain his trust.

On the other hand, some kidnappers don’t use charm or a ploy; they pounce out of the blue and take the victim by force.

Induction

At this point in a kidnapping, the charm or force is dropped because the victim is in the kidnapper’s domain. The victim is made to feel powerless.

But don’t forget that the kidnapper knows ahead of time who’s most likely to psychologically succumb to a feeling of hopelessness. Kidnappers often have excellent radar for feeling out perfect victims. Even then, the kidnapper will often torture the victim to further fragment them, including using elaborate restraints. The victim learns to be helpless.

Captivity

The de-powered victim may still try to escape, but feebly: a tap on a window rather than hurling a chair at it. The fear of punishment for a more aggressive escape attempt becomes greater than the will to escape. The victim’s mind morphs to adapt to the harrowing situation, sometimes to the extent of sympathizing with the kidnapper (Stockholm syndrome).

The victim may have many chances to escape, but fail to even flinch when the opportunity arises, such as the case of Shawn Hornbeck, who, during “captivity” for several years by the man who repeatedly raped him, was permitted to ride a bike throughout the neighborhood. We hear about extraordinary cases such as these, but cases in which the victim escapes (sometimes using aggression) after only two hours of captivity don’t get as much attention.

The three phases of a kidnapping do have subphases, but those presented above are the main elements.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Data Breach Notification Bill goes to the House

/in /by

H.B. 224, a newly introduced data breach notification bill for New Mexico, would mandate that organizations notify breached individuals within 10 days of breach discovery (unencrypted credit card data); and within 10 business days notifying the state attorney general if more than 50 NM residents are affected.

4DThe bill allows for a shorter notification deadline and for card carriers to sue for recovery costs linked to the breach; and customers can sue for statutory damages.

Companies operating in NM will also have additional data security and data disposal requirements, due to the bill. Enacting H.B. 224 would make New Mexico join 46 states who have data breach alert laws.

Payment Card Breach

  • Within two business days: Time allowed for card issuers facing a breach to notify all the merchants “to which the credit card number or debit card number was transmitted,” according to H.B. 224.
  • H.B. 224 would also set a risk of harm threshold regarding when an alert is required for card breaches.
  • If the magnetic strip data or other information is revealed, yielding harm or risk of harm to the cardholder and compromise of access device data, the bill would require notification. The card issuer would not need to give approval or direction.
  • Card issuers can sue for recovery of administrative costs if a card reader is breached or if there’s a problem with strip data.

Data Security and Disposal

  • The bill would make companies “implement and maintain reasonable” security measures to ensure protection of personal identifying information from illegitimate access or other fraudulent action.
  • Businesses would also have to include these data security standards in contracts involving “non-affiliated third parties” that they share personal information with.
  • Personal data, however which way it’s contained, be disposed of such that personal identifying information would be impossible to read or decipher.

Enforcement

  • The bill would authorize the state attorney general to seek injunctive relief and recovery of damages via court.
  • Failure of a company to notify of the breach could result in harsh fines, if the bill is enacted.
  • Customers could sue for damages of $100 to $300, depending on circumstances.

Being accountable:

It may be just a matter of time before the Federal government steps in and decides PCI Standards might not fix client data protection problems. Businesses who see the writing on the wall are being proactive and making smarter investments in their customers security.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

7 Social Media Security Tips To Protect Your Business

/in /by

Your employee’s online life could open your business to some serious dangers.

1SMany small businesses recognize the benefits of having a social media presence for customer service and long-term marketing purposes. However, many are slow to recognize social media’s security issues and how employees’ own social presence can add to the company’s security issues.

Some companies restrict internal access. Others may prevent employees from having any corporate association outside of work on their own social platforms. This is due to the fact that whatever an employee says outside of work publicly can have a significant impact on the organization.

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer.

Last year I presented a robbery response program to a credit union. My presentation came after a mock robbery was staged, using real cops acting as masked robbers with guns. The robbers came in, guns blazing and screaming profanities, and, quite frankly, were very disturbing in their delivery. Some tellers cried, others cowered. Pregnant women were not allowed to participate and for good reason: Cops make great robbers!

At the end of the robbery, we all circled and discussed what happened. The teller who received the robbery note read it aloud, stating: “Your husband works at the Main Street Garage. We intercepted him when he was opening this morning. He is in a trunk at an undisclosed location. If you hit the silent alarm and the police come, we will kill him.”

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer. Once done, they looked up her spouse’s place of employment. They were able to learn what time he opened and closed the shop. Scary.

Follow these social media security tips for small business to prevent security issues just as scary:

Institute a policy. Social media policies must be in place to regulate employee access and establish guidelines for appropriate behavior. Policies must specifically state what can and cannot be said, referring to slang, abusive language, etc. Employers should train their employees on proper use, as well. At this point, many of the mistakes have already been made; a quick search for “social media policy” will return lots of great ideas.

Consider a no-employment disclosure. Request employees leave their employment status blank when setting up a social site profile. Employees represent their employer 24/7/365, so what an employee says on or off the job and online directly reflects on his or her employer and, as stated in my credit union story, can be used against the organization.

Limit access to social networks. There are numerous social networks serving different uses, from wine and recreation to music to movies, used for everything from friending to finding a job. Some are more or less appropriate, and others are less than secure. Employee association with a social network that is considered off-color in any way will come back and haunt the company.

Train IT personnel. Policies and procedures begin from the top down. Managers and IT personnel responsible for managing technology need to be fully up to speed with social media security risks and set leadership examples.

Maintain ongoing monitoring and security. Once a policy is in place, it needs to be updated and enforced, and employees’ online lives must constantly be scrutinized. Invest in consulting, hardware, software and anti-virus protection, and update critical security patches for your operating system to make sure your business network is up to date.

Lock down social settings. Require employees to learn about and incorporate maximum privacy settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

Don’t completely eliminate social media. Eliminating access to social media opens an organization up to other business security issues. Employees who want access will get it—and when this happens, they sometimes go around firewalls, making the network vulnerable.

How do you ensure social media security in your business? Share your experiences in the comments.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Be your Family’s Chief Security Officer

/in /by

Schlage is all about safety and security. But you need not be in the profession of security analyst to be vigilant about your home and family’s security. And when it comes to security, this doesn’t just mean protection from home invasions and burglaries, but anything and everything, such as online security and guarding against viruses, hackers and other fraudulent invasive cyber crimes that can really mess things up for you or a family member.

1HBe your family and home’s Chief Security Officer, even if your job outside the home is unrelated to security measures. Make sure everything is safe and sound inside your home. This includes child-proofing the house; senior-proofing if there are elderly occupants; and just in general, making the environment safe—e.g., cleaning up spills on the floor to prevent a disastrous fall.

I won’t lie: This kind of vigilance requires a lot of thought to get it rolling. It’s not second nature to many people, but they can work on that element and improve over time so that it’s automatic to put the alarm system on when going to bed.

You must be fierce so that fires don’t start in your home, and so that you don’t end up in the news as a victim of a crime.

Sometimes, a person’s greatest enemy is themselves. So you have all the windows penetration-proofed, triple bolts on all the doors, maybe a protection dog and an extensive video surveillance system…but one second…you get lazy and don’t lock your doors and after you leave and you took the dog with you, then some bad guy chooses your home simply because he saw you leave. Locking your doors, that little extra effort might have saved all kinds of heartache.

So it takes a little extra time to create a safety system, and then stick with it, to prevent bad things from happening. If you can’t make time for safety and security, you’ll have to make time for catastrophe. When you make security a habit, it really doesn’t require that much effort after a while. Lead your family and home as its Chief Security Officer.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.