Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Smart and Easy Ways to Protect Your Digital Life

0
Pin It

Even if you don’t realize it, your identity is all over the internet. Whether you posted to an internet forum in 1996 or you ever had a MySpace page, this information is still out there, and you have to protect it. Here are some simple and easy ways that you can protect your digital life:

  1. Change Passwords – The first thing you should do is make sure you are regularly changing passwords. Make your passwords difficult to guess, and a mixture of letters, numbers, and symbols. Also, make sure that you are protecting your account when resetting passwords. For instance, you should have to answer “knowledge based authentication questions” before making a change.
  2. Take a Look at Account Activity – Many companies allow users to check out their recent activity. Google, Facebook, and Twitter are three examples. If something seems out of place, report it, immediately.
  3. Close Accounts You Don’t Use – Do you have an old MySpace page? Did you start a Blogger and never use it? If so, go and delete those accounts before they get hacked.
  4. Don’t Share Too Much – What do you share online? Are you getting too personal? Hackers can use personal information, such as your birthday, or even favorite sports team, to get into your accounts. This is especially the case if you choose to use this information in your passwords or in your password reset or knowledge based authentication questions.
  5. Use a VPN – With all of the talk about internet security making headlines, the safest way to access public Wi-Fi is through a VPN. A VPN, or virtual private network, encrypts your information.
  6. Don’t share account passwords – STOP THE MADNESS! Though you might think it’s cute to share a social media account with your spouse, it’s also dangerous. The more people who have access to your accounts, the higher the chances of getting hacked.
  7. Choose Trusted Contacts – Make sure to choose a couple of friends or family members as trusted contacts. That way, if you get kicked out of your social media accounts, they (meaning their email or mobile#) can help you get back in.
  8. Update All of Your Software – Finally, make sure that you are updating all of your software such as your OS, apps, or even Office docs when prompted. Don’t let those updates wait. Many of them contain important security updates, too.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: digital security

Busting Down the Door: 12 Ways to Stop Burglars from Entering Your Home

0
Pin It

There is no such thing as a home that is fully burglar-proof, but there is also no such thing as burglars who have the skills of Ethan Hunt from Mission Impossible. With the right security in place, you can get your home almost burglar-proof.

When most people think of security, they only think of a few devices, and though they are great to have, they don’t protect you fully. Yes, you might have fake looking cameras that deter thieves, but what about those who try to get in anyway. Kicking the door in, which is an easy way a criminal gets into a locked home, can still be done. The only thing separating a burglar from getting in through a locked door is half inch pine molding. A 12 year old boy can kick in a door easy enough. You need to beef up your doors.

Here are some door reinforcement devices that can help:

  • Deadbolt/door knob wraps – these strengthen the immediate area around the lock
  • Door bar jammer – fits snuggly under the doorknob
  • Door brace – device that makes it more difficult to kick a door down
  • Door frame reinforcement – installed on the door jamb and made of steel

You can also use commercial kits like the Door Devil. This is a kit that contains a device made of heavy steel. It is installed over the door jamb, and is screwed directly into the frame. The system is easy to install, and it will add another level of protection to your home. When you combine this with other types of security, such as motion detection lights, surveillance cameras, and a security system, it will be very difficult for burglars to enter.

Here are some more general tips to keep your home more secure than ever before:

  1. Always keep your doors locked. Keep them locked when you are home and even during the day.
  2. Always keep your windows locked. This includes those on the second floor. A burglar can certainly climb.
  3. Keep the blinds and curtains closed. This helps to ensure that no one can look into your home to check out your valuables.
  4. Use top-flight locks and door reinforcements.
  5. Install security films on your windows. These will help to give the panes strength and will prevent penetrating objects from coming in, such as crow bars and baseball bats.
  6. Collect your mail and newspapers as soon as possible when they arrive.
  7. Give your home that ‘lived-in’ look with a system for home automation turning lights on and off.
  8. Place men’s work boots at the front or back door and make sure they look worn and scuffed. If you park your car out in the drive, place men’s gloves on the dash. If burglars see this, they will think twice as they will believe there is a large man in the home.
  9. Place a large dog bowl by the door, and make sure to make it look realistic. Add chewed up dog toys or a leash to the area, too.
  10. Make sure to trim shrubs that are hiding home entry points.
  11. Go to Google News. Type in your city and state along with the phrase “door kicked in.” You will likely be shocked by what you find. This will be more motivation to protect yourself.
  12. Make the investment into a beefy home security system. The best systems offer full alarm and police station monitoring along with cameras providing a clear view of what is happening in your home when you aren’t there. You can watch right on your mobile device.

Robert Siciliano is a home and personal security expert to DoorDevil.com discussing Anti-Kick door reinforcement on YouTube. Disclosures.

Filed Under: home security home security system home security tips

Hire an Ethical Hacker NOW!

0
Pin It

You might think it’s crazy to actually hire a hacker, but if you don’t have an ethical hacker on your security team, you could be playing a dangerous game.

Ethical hackers are called “white hat hackers” and are legal hackers, that help businesses find security problems in their networks. Developer and security teams, who build out codes, should have a white hat hacker on their side. This way, they will know from the start if the code is vulnerable. This is also known as “application security”.

How Important are Ethical Hackers?

How important is this? It’s so important that even the largest companies in the world are using this practice. Take Microsoft, for instance. They host a competition for white hat hackers, and challenge them to find any bugs present in their codes. This is called a “bounty”. On participant, was able to bypass every single security measure that Microsoft had in place. Can you imagine what would happen if he was one of the bad guys?

This type of security solution should be the first line of defense for your company, as they expose the risks that your company might have. Additionally, many companies used white hat hackers to ensure that they are complying with legal standards, such as HIPAA.

Wouldn’t Security Audits Work?

A security audit is basically a checklist for what a network has and doesn’t have in place. There’s not rubber on the road. Ethical hacking is a real world test. A security audit isn’t. The job of a white hat hacker is to find as many holes in the code as possible, and then report them back to the company. Another benefit of using an ethical hacker is that the information they provide helps to enhance the detection quality of products. An audit probably wouldn’t find this information.

What Does it Mean For Your Company?

Before anything, it’s important that you realize that an ethical hacker can help you and your business. A strong security program must focus on both the security of the code and the program’s security as it runs. This is where an ethical hacker will be most beneficial. Of course, it’s best to get the coding right the first time, but mistakes happen, and this is where a white hat hacker can make a huge difference.

So, the next time you talk about staffing, remember to bring up the addition of a white hat hacker. It could be the difference between keeping your data safe or being the victim of a real hacker.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: hackers

The Best Gmail Phishing Scam Ever!

0
Pin It

If you use Gmail, pay attention! Security experts have announced that there is a very effective phishing scam out there, and you are a target. This scam, which has only been growing over the past couple of months, is also hitting other email providers, too. However, it’s quite difficult to detect.

According to researchers at WordFence, who make a security tool for WordPress, this is a pretty serious attack and can have quite an impact, even for those who are up on security.

Here’s how it works:

You get an email from someone you trust…like a friend or family member or Google. The email, however, is actually not from them. It just looks like it is. Attached to the email is an attachment, which, when opened, links to a fake Google sign-in page. Everything about this Google sign-in page looks legit…but the address in the address bar is not…and here’s where it gets tricky. The address bar actually has a URL that looks real: https://accounts.google.com. However, before that address is whats called a “data URI”. Google it. This is NOT a URL. Instead, it allows the hackers to get your username and password as soon as you enter them into the fake login screen. To make things even worse, once they sign into your actual inbox, they use your information, including attachments and emails, to target your contacts.

Protecting Yourself From This Scam

If you are a Google Chrome user, you can protect yourself by taking a look at the address bar before clicking anything. A green lock symbol is your indicator that it is safe to browse. However, there are some scammers out there who have created their own site that are HTTPS-protected…which also means they will have a green lock. So, also take a look at the address.

Another thing that you can do is add in two-step authentication, which is an extra layer of security. Ultimately, it will help to lower the odds that your account will be compromised. You also might want to consider a security token, as well. If you don’t use two-step authentication with every account that offers it (Facebook, Twitter, iCloud etc), you’re a bit foolish my friend.

Google is aware of the issue, and they are working on improving security for their users. In the meantime, remain vigilant as you browse.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Phishing phishing emails

Top 12 Tips to Destroy Your Sensitive Data

0
Pin It

Believe it or not, you just can’t shred too much. If you aren’t destroying your sensitive data, my best advice is for you to start now. There are people out there who make a living diving into dumpsters in search of credit card info, bank account number, mortgage statements, and medical bills; all things they can use to steal your identity.  

Here are 12 tips that you can use to help you destroy your sensitive data:

  1. Buy a shredder. That said, I don’t own a shredder. I’ll explain shortly. There are a number of different brands and models out there. Some even shred CDs. This is important if you keep your documents saved on a computer, which you then saved to a CD. Don’t, however, try to shred a CD in a shredder that isn’t equipped to do this job. You will definitely break it.
  2. Skip a “strip-cut” shredder. These shredders produce strips that can be re-constructed. You would be surprised by how many people don’t mind putting these pieces together after finding them in trash. Yes, again, people will go through dumpsters to find this information. Watch the movie “Argo” and you’ll see what I mean.
  3. Shred as small as you can using a cross cut shredder. The smaller the pieces, the more difficult it is to put documents together again. If the pieces are large enough, there are even computer programs that you can use to recreate the documents.
  4. Fill a large cardboard box with your shreddables. You can do this all in one day, or allow the box to fill up over time.
  5. When the box is full, burn it. This way, you are sure the information is gone. Of course, make sure that your municipality allows burning.
  6. You should also shred and destroy items that could get you robbed. For instance, if you buy a huge flat screen television, don’t put the box on your curb. Instead, destroy, shred, or burn that box. If it’s on the curb, it’s like an invitation for thieves to come right in.
  7. Shred all of your documents, including any paper with account numbers or financial information.
  8. Shred credit card receipts, property tax statements, voided checks, anything with a Social Security number, and envelopes with your name and address.
  9. Talk to your accountant to see if they have any other suggestions on what you should shred and what you should store.
  10. Shred anything that can be used to scam you or anyone. Meaning if the data found in the trash or dumpster could be used in a lie, over the phone, in a call to you or a client to get MORE sensitive information, (like a prescription bottle) then shred it.
  11. Try to buy a shredder in person, not online. Why? Because you want to see it and how it shreds, if possible. If do buy a shredder online, make sure to read the reviews. You want to make sure that you are buying one that is high quality.
  12. Don’t bother with a shredder. I have so much to shred (and you should too) that I use a professional document shredding service.

I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Most businesses have shredding that needs to be done regularly. We provide free shredding bins placed in your office. You simply place all documents to be shredded in the secure bin. Your private information gets properly destroyed, avoiding unnecessary exposure.”

Does your local service offer that? Shredding myself takes too much time. And I know at least with Highlands equipment (check your local service to compare) their equipment randomly rips and tears the documents with a special system of 42 rotating knives. It then compacts the shredded material into very small pieces. Unlike strip shredding, this process is the most secure because no reconstruction can occur.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Data Breaches Data Security data theft

Malware Hack Attacking the Grid…BIGLY

0
Pin It

For more than four years, malware has been posing as legitimate software and infecting industrial equipment across the globe.

The malware, which looks just like the Siemens control gear software, has affected at least seven plants in the US. According to security experts, the malware was specifically designed to attack this industrial equipment, but what it does is not totally known. It is only described as a type of “crimeware.”

The malware was first hinted at in 2013, but at that time, it was not seen as dangerous, and many anti-virus programs were flagging it as dangerous, but it was considered a false positive. Eventually, it was seen as a type of basic malware, and upon further inspection, it was found that there are several variations. The most recent flag was in March 2017.

This particular infestation is only one of many malware infections that target industry. Approximately 3,000 industrial locations are targeted with malware each year, and most of them are Trojans, which sometimes can be brought in by staff on found or compromised USB sticks.

Most of these programs aren’t extremely harmful, meaning they won’t shut down production. However, what they could do is pave the way for more dangerous threats down the road. It also allows for sensitive information to be released.

It is not easy for hackers to infiltrate an industrial plant, and it takes good knowledge of layout, industrial processes, and even engineering skills to pull something like that off. This goes way beyond a simple malware attack.

However, these attacks have also brought to light the issue of how many legitimate files are being flagged as malware and vice versa. This means that the files can be used by the bad guys, who can then target a specific industrial site. There are thousands of these programs out there, ripe for the picking by observant hackers.

What can they do if they get this information? They could find out where the site is, who operates it, the layout and configuration, what software they have, and even what equipment they are using. Though this wouldn’t give them everything they need, it would be enough to plan a bigger, more dangerous attack.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: malware

Second Hand and Discarded Devices Lead to Identity Theft

0
Pin It

A new study was just released by the National Association for Information Destruction. What did it find? Astonishingly, about 40% of all digital devices that are found on the second-hand market had personal information left on them. These include tablets, mobile phones, and hard drives.

The market for second hand items is large, and it’s a good way to find a decent mobile device or computer for a good price. However, many times, people don’t take the time to make sure all their personal information is gone. Some don’t even understand that the data is there. This might include passwords, usernames, company information, tax details, and even credit card data.  What’s even more frightening is that this study used simple methods to get the data off the devices. Who knows what could be found if experts, or hackers, got their hands on them. It wouldn’t be surprising to know they found a lot more.

Here are some ways to make sure your devices are totally clean before getting rid of them on the second-hand marketplace:

  • Back It Up – Before doing anything, back up your device.
  • Wipe It – Simply hitting the delete button or reformatting a hard drive isn’t’ enough. Instead, the device has to be fully wiped. For PCs, consider Active KillDisk. For Macs, there is a built in OS X Disk Utility. For phones and tablets, do a factory reset, and then a program called Blancco Mobile.
  • Destroy It – If you can’t wipe it for some reason, it’s probably not worth the risk. Instead, destroy the device. Who knows, it might be quite fun to take a sledge hammer to your old PC’s hard drive, right? If nothing else, it’s a good stress reliever!
  • Recycle It – You can also recycle your old devices, just make sure that the company is legitimate and trustworthy. The company should be part of the e-Stewards or R2, Responsible Recycling, programs. But destroy the hard drive first.

Record It – Finally, make sure to document any donation you make with a receipt. This can be used as a deduction on your taxes and might add a bit to your next tax return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Identity Theft

Getting Rid of an Electronic Device? Do This First…

0
Pin It

A shocking study by the National Associated for Information Destruction has revealed some terrifying information: 40% of electronic devices found on the second-hand market contains personal information. This information includes usernames and passwords, personal information, credit card numbers, and even tax information. Tablets were the most affected, with 50% of them containing this sensitive information, while 44% of hard drives contained the info.

What does this mean for you? It means that all of those old devices you have laying around could put you in danger.

Deleting…Really Deleting…Your Devices

Many of us will haphazardly click the ‘Delete’ button on our devices and think that the information is gone. Unfortunately, that’s not how it works. You might not see it any longer, but that doesn’t mean it doesn’t exist.

To really make sure your device is totally clean, you have to fully wipe or destroy the hard drive. However, before you do, make sure to back up your information.

Back Up

Whether you use a Mac or a PC, there are methods built into your device that will allow you to back it up. You can also use the iCloud for Apple, or the Google Auto Backup service for Androids. And of course you can use external hard drives, thumb drives or remote backup.

Wipe

Wiping a device refers to completely removing the data. Remember, hitting delete or even reformatting isn’t going to cut it. Instead, you have to do a “factory reset,” and then totally reinstall the OS. There is third party software that can help, such as Active KillDisk for PCs or WipeDrive for Mac.  If you are trying to clean a mobile device, do a factory reset, and then use a program like Biancco Mobile, which will wipe both Android and iOS devices.

Destroy

Wiping will usually work if your plan is to resell your old device, but if you really want to make sure that the information is gone for good, and you are going to throw the device away anyway, make sure to destroy it.

Many consumers and businesses elect to use a professional document shredding service. I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Theft, vandalism, and industrial espionage are ever increasing security problems. Today’s information explosion can be devastating to your business. Most consumers and businesses may not know that they have a legal responsibility to ensure that confidential information is not disseminated.” The reality is, if security is important to you or your company, then shredding should be as well.  

The goal, of course, is to make it impossible for thieves to access the data you have and/or discard.

Recycle

If you want to recycle your device, make sure that you only use a company that is certified and does downstream recycling. Know that recycling offers NO security for your information. They should be part of the R2, or Responsible Recycling program or the e-Stewards certification program. Otherwise, your data could end up in the wrong hands. Also, if you recycle or donate your device, make sure to keep your receipt. You can use it when you file your taxes for a little bit of a return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: digital security

Phishing is Getting Fishier

0
Pin It

If you are like most of us, you have undoubtedly received an email that has asked you to click on a link. Did you click it? If you did, you are like 99% of internet users because clicking links in normal. But in some situations you may have found that the link took you to a new or maybe spoofed website where you might be asked to log in. If you ever did this, you may have been the victim of a likely phishing attack, and these attacks are getting fishier all of the time.

A What? Phish? Fish?

It’s called a phishing attack, and yes, it’s a play on words. When you fish, you throw a hook and worm into the water and hope you catch something. Hackers do the same when they phish. Except, their hook and worm, in this case, is an interesting looking email that they hope you are going to click on…its then, that they can reel you in. There are a few different types of phishing:

  • Spoofed websites – Hackers phish by using social engineering. Basically, they will send a scam email that leads to a website that looks very familiar. However, it’s actually a spoof, or imitation, that is designed to collect credit card data, usernames and passwords.
  • Phishing “in the middle” – With this type of phishing, a cybercriminal will create a place on the internet that will essentially collect, or capture, the information you are sending to a legitimate website.
  • Phishing by Pharming – With phishing by pharming, the bad guys set up a spoof website, and redirect traffic from other legitimate sites to the spoof site.
  • Phishing leading to a virus – This is probably the worst phish as it can give a criminal full control over your device. The socially engineered phish is designed to get you to click a link to infect your device.

Can You Protect Yourself from Phishing?

Yes, the standard rule is “don’t click links in the body of emails”. That being said, there are emails you can click the link and others you shouldn’t. For example, if I’ve just just signed up for a new website and a confirmation email is then sent to me, I’ll click that link. Or if I’m in ongoing dialog with a trusted colleague who needs me to click a link, I will. Otherwise, I don’t click links in email promotions, ads or even e-statements. I’ll go directly to the website via my password manager or a Google search.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Phishing phishing emails

Parents Beware of Finstagram

0
Pin It

You have surely heard of Instagram, the photo sharing social network, but what about “Finstagram?” If you are like most parents, you have rules about the social media practices of your kids. However, once you learn about Finstagram, those might all go out the window.

When you combine the words “fake” and “Instagram,” you get Finstagram. Essentially, these are fake, or alternative, Instagram accounts that are created by teens, for the most part. These accounts can be used for harmless laughs, such as sharing embarrassing pictures with your close circle of friends, or for harmful deeds, such as hiding alcohol or drug use from parents. Finstagram accounts are also commonly used for bullying.

You can look at your child’s Instagram account and see the innocent angel that you believe you have raised. But, do they have a Finstagram account that shows a different side? It’s possible, and you might even be able to find it by using the Find Friends feature on the software. Of course, it’s possible that your child has linked their Finstagram to a new email address or even name.

On top of all of this, kids are using Finstagram accounts to do things that would never be acceptable on their “real” Instagram accounts. For instance, there have been instances where these fake accounts are used to post inappropriate or altered photos of their classmates in inappropriate situations. In some cases, things get so serious that the schools, themselves, have to contact Instagram to get the accounts shut down.

Even if you think that you have nothing to worry about with your own kids, it might be worth it to do a check on them. You can certainly ask your child if they have an account, and they might be forthcoming and tell you. Odds are, however, that they won’t. In fact, about 90% of Finstagram accounts are unknown, so it is the parent’s responsibility to look for the signs.

Parent should have all passcodes to access the device and its applications. Or the child can’t have a phone. Non-negotiable. Done deal.

Sit down with your child to talk about their usage of social media, and the repercussions of their actions on social media. You also might want to talk to other parents you know about Finstagram accounts. These accounts might be for innocent fun, but they could also ruin someone’s life.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: social media privacy
Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in
Browse by Month

Browse by Category