Burglars love doors, because that’s their No. 1 way of gaining entry to a house. When thinking of ways to make your home safer, you should really home in on your doors.
- Solid wood door without a window (ideally with solid wood core)
- Top flight deadbolt (ideally two)
- Reinforced frame and doorjamb
The above elements would make it almost impossible for an MMA fighter to kick the door in. Yes, you should be thinking in terms of kick-proofing your door. By the time we’re 18, we’ve probably witnessed hundreds of door kick-ins on TV shows and in movies. No matter how many unrealistic things we’ve seen on film, one thing stands out as being very true to life: the ease of kicking in a door.
If the door has a window, we have a problem. A crook could smash through it and unlock the door. Here is where a second deadbolt, near floor level, comes in handy. If this can’t be done, then have decorative steel bars placed over the window.
A metal door is also doable for good security, as long as its interior is reinforced and it has a lockblock.
Keep in mind that even a steel door (the most secure type) can be kicked in if the lock’s screws are too short. You get what you pay for; do not cut corners when it comes to purchasing a deadbolt. They are not all the same. A good one extends deep into the doorframe.
I also recommend a one-sided keyless deadbolt for use when you’re home. As its name implies, it can’t be manipulated from the outside (which makes it impossible for an intruder to circumvent).
The doorjamb and frame should be as strong as possible. Don’t just rely on a good deadbolt. The strike plate’s screws should be three inches. Install door reinforcement technology. This beefs up the door jamb to prevent kick-ins. See Door Devil.
What about sliding doors?
- The glass should be reinforced or replaced with polycarbonate.
- The track should have a bar to prevent the door from being forced open.
- Track stoppers also come in the form of small devices that screw onto the track and block the door.
- The door should be equipped with a motion and vibration sensor that triggers an alarm.
Keep a covering over the windows as much as possible. I understand that you want your home to be bright and cheery, but find a happy medium by realizing that a burglar can get a really good look inside your house through uncovered sliding doors. For sure, keep the curtains drawn or the shades down when it’s dark out.Filed Under: home invasion home security home security tips
According to a recent study, online security for most people is too bothersome. The US National Institute of Standards and Technology published the study, which shows that most people who use the internet have just given up and don’t follow the advice given to them about online security.
The result of this is that consumers are engaging in risky online behavior, and according to one survey participant, if “something happens, it is going to happen” and “it is not the end of the world.”
This is concerning to many, including security experts and survey authors. During this survey, approximately 40 people were interviewed in order to understand how those without a technical background feel about computer security. Though this isn’t a total significant sample size, it is a surprising look at how people feel about the information that experts are giving them. Each interview ran from 45 minutes to an hour, and the goal of the researchers was to find out where the average person stands on online security.
The authors of the report were surprised by the resignation of the interviewees during the survey. Essentially, they saw that people just can’t keep up with security changes. The survey participants, overall, believe that online security is too complex, and these people don’t see the benefits of making any efforts.
Some of the people who took the survey seemed to be under the impression that they didn’t have any information that a hacker would want. For example, one person claimed that they don’t work in a government agency and they don’t send sensitive information over email, so if a hacker wants to take their blueberry muffin recipe, they can go ahead and take it.
What’s interesting is what the study’s authors found when comparing those who had experienced identity theft with those who hadn’t. Those who have had an incident with the theft of their identity were much more focused on their online security.
To help the survey participants better understand their risks and to change their minds about internet security, study authors advise that those involved in technology and security must work diligently to help the people using the internet understand the dangers of lax security. They also must work to make it easy for internet users to do the best they can when keeping their accounts safe. It’s important for people who use the internet to make it a habit to remain more secure.
Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: internet safety internet security online safety online security
If you have a cell phone, and you use it in any way associated with accessing online accounts (and many do), you are putting yourself at risk of getting hacked. With only a phone number and a bit of information, which is easy to get through social engineering, a hacker can break into your personal and financial accounts.
This works by getting information about you, such as your birthday, address, or even the last four digits of your Social Security number…information that is readily available…and then creating a plausible story to gain access to your phone account, phone and various online accounts. Once they have access to your accounts, they can change the phone number, get a new sim card and then change account passwords, and you will be unable to access the affected accounts. Below, you will find some tips to help you protect your phone number:
Use a Passcode
If you have the option to put an additional passcode on your phone account, do it. Though this isn’t foolproof, it will certainly help to give you some added protection.
Disable Online Access to Cell Phone Accounts
I’m not doing this, but some should. This might be frustrating, but it will further protect you. If you need to make a change, you can call or go into the store.
Consider Using Google Voice
Google Voice is a safer option for many, and you can even forward your existing number to Google Voice. This helps to mask the calls you make, which means no one would have access to your real number.
Use a Carrier-Specific Email to Access Your Mobile Phone Account
If you are like most people, your email address and phone number help you to access most of your internet-based accounts. Ideally, instead, you should have a minimum of three email addresses: your primary address, one for your mobile phone carrier only, and one for sensitive accounts, such as your bank and social media. This way, if your primary email is compromised, a hacker cannot access your sensitive accounts.
Ask Your Carrier for Account Changes
Finally, you can ask your carrier to only allow account changes in person with a photo ID. Though there is still a chance that a hacker could pose as you with a fake ID, the chances are much lower.
There are also some steps that you can take to protect all of your online accounts:
Create Complex Passwords
One way to protect your online account is to create complex passwords. It’s best to use a password manager that creates random, long passwords. If you don’t use a password manager, create your own password of random numbers, cases, and special characters. These might include “4F@ze3&htP” or “19hpR$3@&.” Try to make up a rule to help you remember them.
Don’t Tell the Truth
Another thing that you can do is to stop being truthful when answering security questions. For instance, if a security question asks what your mother’s maiden name is, make it up. Something like this is too easy to guess…just make sure you remember it!
Don’t Connect Your Phone Number to Sensitive Accounts
You also should make sure that you are not connecting your phone number to any sensitive accounts. Instead, create a Google Voice number and use this for your sensitive accounts.
Use Passcode Generators
Passwords are easily stolen via key loggers, which is software that records keystrokes. You can protect yourself from this by using a one-time passcode generator. This is part of the two factor or multi factor authentication process. These generators are wireless keyfobs that produce a new passcode with heavy frequency, and the only way to know the passcode is to have access to the device that created the passcode.
Use Physical Security Keys
You also might want to consider using physical security keys. To use these, people must enter their passwords into the computer, and then they must enter a physical device into the USB port, proving that they are the account owner. This means, in order to access an account, a hacker must not only know the password, they must have the physical device.
Finally, if you really want to protect your internet accounts, you should use biometrics. You can purchase biometric scanners, such as those that read your iris, fingerprint, or even recognize your voice. When using these, you will be unable to access your accounts unless you provide this biological information. There are a number of devices on the market that do this.
Though these steps might seem a bit time-consuming, they can be the difference between keeping your private and financial information safe and getting hacked.
Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: hackers mobile phone security phone scams
Teenagers across the country are falling into drug dealing, theft, and prostitution in order to eat. This, according to a recent study, which found that poverty has been increasing throughout the U.S.
Researchers at the Urban Institute in Washington, D.C. have taken a close look at the current Census data, and this group estimates that more than 6.8 million Americans between the ages of 10 and 17 struggle to eat, including almost three million who currently have “very low food security.”
During this study, 20 different focus groups of teens were studied in 10 separate communities across the country. In eight out of the 10 communities, the study participants claimed that pre-teens and teens often participated in theft and drug dealing to make ends meet. In all 10 communities, teens claimed that they participated in prostitution. Additionally, in a couple of communities, teens intentionally committed petty crimes and went to jail in order to get a meal.
The stigma that surrounds hunger and poverty often stops many teens from reaching out for help. It’s true that some rely on friends, family, neighbors, or teachers, but too many face criminal acts to survive.
In the communities with the highest rates of poverty, these teens are often desperate and not only steal food for themselves, but also for their family. Teens in all of the studied communities, and in 13 out of the 20 focus groups, mentioned that several teens are “selling their body” or having “sex for money.” Mostly girls, the teens who are doing this are feeling pressed to the extreme to get the basic resources for their basic needs.
Many instances of having sex for money came in the form of girls regularly seeing a man, generally one who was much older, in exchange for food and other items. This, in turn, has opened these teens up to forms of sexual exploitation, with both men and boys harassing girls in the neighborhood. This includes everything from catcalls to stalking. Other girls gave sexual favors for cash or even stripped to make money to get food, and these acts took place in locations including flea markets and abandoned homes.
Looking at a case in Chicago, an 11-year-old girl dropped out of school to make money for her family in the sex industry. A group of boys in LA confirmed that the same thing happens there, and even claim that girls in middle school are sharing flyers in public to advertise their offerings.
Having food insecurity has had a significant effect on these teens, as they are at an extremely important stage in their physical and mental development. For those who do not have enough to eat, it undermines their emotional and physical growth, academic achievement, job performance, and stamina. This gets even worse when you look at the quality of the food that is available to them.
All of these actions including sex work, shoplifting, and drug dealing, severely affect the future of these teens. They risk dropping out of school, arrest, bodily harm, incarceration, and criminal records that might inhibit their future opportunities for employment.
There are a few solutions that could address this crisis, including offering more food from federal programs and more job opportunities for these teens. Counseling and informing the teens could also have a positive impact.
In the long run, making an investment in ending poverty is the only solution. This means that expanding housing assistance, creating more jobs, improving the access to existing jobs, and offering more cash assistance is necessary. To do this, however, will require some daring steps to make a big difference.
Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: drugs
Fake news is a problem that is taking the internet by storm, and it ran rampant during the 2016 Presidential Election. In fact, many believe that fake news stories had a strong impact on the outcome of the election. In a survey following the election by the Pew Research Center, a whopping 64 percent of polled Americans said that fake news has given them a “great deal of confusion” about current events.
All of us have been fooled by fake news, and it doesn’t seem to be going anywhere, anytime soon. But, there are some lessons that we can learn from it: Here are five of those lessons:
Fear and the Unknown are Perfect for Fake News
One of the lessons that we can learn from fake news is that any event that causes fear or the unknown is the perfect breeding ground for fake stories. We live in a world where competition for attention is rampant, and headlines are written to make you click. Remember, anyone can write up a fake news story and make it look legitimate, and in many cases, these stories are based on fact. For instance, you might recall the stories of creepy clowns walking through neighborhoods earlier this year, which was actually real news. However, you might also recall that these clowns were going on murdering sprees. This is fake…it never happened, but because these stories appear on legitimate looking sites, people believe it.
Some Stories Fool Us All…
Another lesson to learn about fake news is that some stories are so good or so believable, that they fool us all. You might remember a meme that was shared stating that Donald Trump said that Republicans are the “dumbest group of voters in the country.” Due to the fact that Donald Trump doesn’t exactly keep his views silent and has made a habit of insulting people, most people took this for truth. It wasn’t. He never said it, but many believed it.
Most Fake Stories are Obviously Fake When You Actually Read Them
Most of us are tricked by fake news stories because we never actually read past the headlines. Writers of these stories make sure that these headlines are eye-catching and believable, in addition to viral. When we read a headline of a fake story, we often get the wrong impression of what the story is about. This is on purpose. If you actually click these stories and read them, you will often find that they have a lot of incorrect facts and are poorly written.
No One is Immune From Fake News
You will also find that no one is immune from fake news, and sometimes this news crosses over into the real world. Take the Pokemon Go phenomenon of this summer. There was a fake new story of a man who was stabbed while playing Pokemon Go in a bad neighborhood. However, a few days later, a man really WAS stabbed while playing the game.
There were also fake news stories that Hilary Clinton was given debate questions in advance. It was untrue. However, a few weeks later this actually happened.
Politics is a Huge Factor in Fake News
There is no question that politics are emotional, and this is not just the case in the U.S. It is also similar in Europe. Thus, the emotions of politics helps to make fake news extremely believable.
Many people simply do not trust the mainstream media, so they seek out other news sources. However, these news sources are extremely biased, highly believable, and generally fake.
You have probably noticed that many of these news stories over the past several months have focused on accusing the two Presidential candidates of crimes. There were also many stories about violence between supporters of the opposing parties. The vast majority of these stories were fake, and if you believed them, sorry to say, you were duped.
In our current climate of fear, anger, and hate, the facts are being clouded by emotions, and this is why we are so ready to believe the stories that fall in line with our beliefs. Facebook is not a trustworthy news site. Do your own research, go to trusted sites written by those who are fully researched. You will quickly see that fake stories become transparent once you have the facts.
Think about hackers breaking into accounts. If you think they need top-notch computer skills, you would be wrong. These days, instead of requiring skills behind a keyboard, hackers generally rely on strategy…specifically a strategy called social engineering. This means that hackers don’t have to be technical, but they DO have to be clever and crafty because they are essentially taking advantage of people and “tricking” them into giving information.
There are four main ways that hackers use social engineering:
- Phishing – where hackers use email tricks to get account information
- Vishing – similar to phishing, but through voice over the phone
- Impersonation – the act of getting information in person
- Smishing – getting account info through text messages
Phishing accounts for 77 percent of all social engineering incidents, according to Social Engineer, but in vishing attacks, alone, businesses lose, on average, $43,000 per account.
Here are the top scams that all consumers and businesses should know about as we move into 2017:
Scam Using the IRS
Starting from the holiday season stretching through the end of tax season, there are scams involving the IRS. One such scam uses caller ID to change the true number of the caller and replaces it with a number from Washington, D.C., making it look like the number is from the IRS. Usually, the hacker already knows a lot about the victim, as they got information illegally, so it really sounds legit.
In this scam, the hacker tells the victim that they owe a couple of thousands of dollars to the IRS. If the victim falls for it, the hacker explains that due to the tardiness, it must be paid via a money transfer, which is non-traceable and nonrefundable.
BEC or Business Email Compromise Scam
In the business email compromise, or BEC scam, a hacker’s goal is to get into a business email account and get access to any financial data that is stored within. This might be login information, back statements, or verifications of payments or wire transfers.
Sometimes a hacker will access the email by using an email file that contains malware. If an employee opens the file, the malware will infect the computer and the hacker has an open door to come right in.
Another way that hackers use the BEC scan is to access the email of a CEO. In this case, they will impersonate the CEO and tell the financial powers that be that he or she requires a wire transfer to a bank account. This account, of course, belongs to the hacker not the business. When most people get an email from their boss asking them to do something, they do it.
Finally, hackers are also commonly using ransomware to hack their victims. In this case, the hackers are working towards convincing targets to install dangerous software onto their computer. Then, the computer locks out the data and the victim cannot access it…until he or she pays a ransom.
At this point, they are informed that they can get access back when they pay a ransom. This might range from a couple of hundred to several thousands. Usually, the hackers demand payment by bank transfer, credit card, bitcoin, PayPal, or money transfer services. Victims are usually encouraged to go to a certain website or call a certain number Unfortunately, too often, once the victim pays the ransom, the hacker never opens up the system. So now, the hacker has access to the victim’s computer and their credit card or financial information.
The way social engineering works in this scam is varied:
One way is this…imagine you are browsing the internet, and then you get a popup warning that looks quite official, such as from the FBI. It might say something like “Our programs have found child pornography on your computer. You are immediately being reported to the FBI unless you pay a fine.” When you click the popup to pay, the program actually downloads a program called spyware to your computer that will allow the hacker to access your system.
Another way that social engineering works with ransomware is through voice. In this case, you might get a phone call from someone saying they are from Microsoft and the representative tells you that they have scanned your computer and have found files that are malicious. Fortunately, they can remotely access the machine and fix the problem, but you have to install a program to allow this. When you install it, you give them access to everything, including personal and financial information, and they can do what they want with it.
Finally, you might get an email offering a free screen saver or coupon, but when you open it, the software encrypts your drive and takes over your computer.
Small businesses are hardly immune to attacks by hackers.
- The illusion of low attack risks comes from the publicity that only huge corporations get when they are breached, like Target, Sony and Anthem. These are giants, so of course it makes headline news.
- But when a “ma and pa” business gets attacked, it’s not newsworthy.
If you own a small business, ask yourself just how the mega-giant Target got infiltrated by cybercriminals in the first place. Answer: a ma and pa HVAC vendor of Target’s!
Cybercriminals thrive on the myth that only big companies get attacked. They know that many small outfits have their guards down; have only rudimentary security measures in place. Never assume you know everything that a hacker wants—or doesn’t want.
Think of it this way: Which burglar is more likely to make off like a bandit? One who attempts to infiltrate a palace that has a 10-foot-high stone wall, surrounding a moat that surrounds the palace, with motion sensors everywhere that set off piercing alarms; an army of Dobermans; and a high tower where guards are keeping a lookout?
Or the burglar who tries to break into a small townhome with only a deadbolt and window screens for security? Sure, the palace has millions of dollars worth of wall art alone, but what chances does the burglar have of getting his hands on it? The little townhome just might have some electronics and jewelry he can sell underground.
No business is too small or its niche too narrow to get a hacker’s attention; just like any burglar will notice an open ground floor window in that little townhome at 3 a.m.
- Never use lack of funds as an excuse to cut corners on security.
- Share security information with competitors in your niche.
- Consider the possibility that a cyber attack can be an inside job in your little company—something relatively easy to pull off (e.g., every employee probably knows the direct e-mail to the company owner).
- Get cyber attack insurance. A halfway-sized cyber attack could cripple any small company and have tangential fallout.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: cyber crime cybersecurity
Tags: social media, Social Media privacy, social media scams, Social Media security
Leave personal details off your Facebook page.
Does the whole world—or even your private circle, many of whom you haven’t seen in person for years, or even at all—have to know you’re laid up from hernia surgery (i.e., vulnerable, defenseless)?
Try this experiment for a week: Assume that the only visitors to your Facebook are 1) future possible employers, 2) master gossip spreaders and reputation bashers, and 3) your future in-laws (if you’re not married). This should really change the game plan of how you post.
Never send naked photos of yourself.
Not even to your significant other. After all, in many cases of leaked nude images…the significant other is the leaker! If your lovey-dove wants to see you in your birthday suit, then present yourself that way in person—after you know for sure all the cameras in the room are turned off.
Enough with the selfies.
It’s gotten to a point where all selfies look alike: Some doofus holding up the phone and staring INTO the phone. Whatever happened to the nice images of yesteryear, where someone, posing nicely, was facing the viewer? Selfies are fine if you’re showing off your abs when the selfie next to it of 90 days ago shows the Pillsbury Dough Boy, but please, nobody is special enough to justify endless selfies, including those for which you corralled a bunch of people to take part in it.
Instagram is not for food images.
Don’t waste your time. Think “borrrrrring!” Who really wants to see your beet salad? If you want to promote your recipe skills, start a website.
“Like” only recent posts.
Nobody pays attention to likes on old posts.
Cross out cross-posting.
Post an item on your Snapchat story, then put it in a private message…NOT.
No ODRs, no oversnapping.
Avoid opening but not replying on Snapchat. Avoid double-snapping someone.
Say no to screengrabbing.
Read that again. Don’t grab a Snapchat unless you want the sender to know who did it.
Be mindful of commenting on your teenagers’ pages. Be sincere if you must, like a congratulations for qualifying for the state wrestling finals.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: social media privacy
Recently, says a report at wired.com, it’s been unveiled that the obscure Israel-based NSO Group has been selling spyware delivered to smartphones through vulnerabilities in Apple’s iOS operating system.
“Pegasus” spyware can put a surveillance out on nearly everything including keystrokes, e-mails, video feeds and phone calls. Apple says that the three vulnerabilities with this spyware (“Trident”) have been patched.
In short, NSO Group’s spyware has been reverse engineered for the first time—achieved by the security research firm Lookout, which discovered Pegasus. Also getting credit for the discovery is Citizen Lab.
- Ahmed Mansoor, a well-known human rights activist with a history of being targeted by surveillance spyware, sent the security firms the suspicious SMS text messages he had received.
- Mansoor’s mobile device was running iOS’s latest version when two phishing texts came in with links. He had refused to click them.
- Instead he sent screenshots to Citizen Lab. The links led to a blank Safari browser page. The analysis then began.
- The spyware was intended to jailbreak the phone.
Jailbreaking an iPhone means the user can bypass Apple’s plan and customize the experience. However, in the Pegasus case, remote hackers wanted this control.
Citizen Lab and Lookout took their analysis to Apple, who made the patches within 10 days. The recommendation is to regularly download the latest iOS versions to help protect the device from attacks. The latest iOS version will stop Pegasus. However, it’s possible for NSO to infiltrate other phone operating systems like Android with the spyware, says Citizen Lab and Lookout.
NSO Group has no website, and supposedly, earns $75 million a year, with governments as the typical clients, and may have up to 500 employees. It won’t be any surprise if a new and similar threat follows soon, as the NSO Group is quite advanced, with a solid software development organization.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.Filed Under: hackers online security spyware
You shouldn’t leave any digital trace of yourself after you leave a job. Hopefully, you’ll be leaving voluntarily and thus have the time to first make backups before you delete anything. This may seem easy, but you need to take inventory to make sure you get EVERYTHING.
Note: make sure that every suggestion below is allowed via a company’s internal policies.
An article at wired.com gives these recommendations:
- Use a flash drive for smaller amounts of data.
- An alternative is a personal account with Dropbox or Google Drive.
- For more data use an external hard drive.
- Don’t include company information in your backups.
- Forward e-mails you want to save to your personal e-mail.
- Delete all e-mail files, then close down your e-mail account.
- Check USB slots.
- Clear out your personal data if you don’t have authority to wipe the device.
- Delete all your passwords, usernames, etc., that are stored in the computer.
- Browsers like Chrome and Firefox will save passwords and tie them to Google ID or Firefox Sync. Don’t just close out of the browser; log out so that nobody sees your passwords. Do what you can to make the browser forget your passwords.
- In Chrome is “Manage Saved Passwords” in the settings. Use this to delete passwords from any Google account you’ve used. Warning: Hopefully you don’t use the same password and username for workplace Chrome as you do for home, but if you do, deleting this information at workplace Chrome will also clip them at your home computer.
- In Safari, go to “Preferences,” then “Passwords” and delete.
- For Microsoft Edge, click the three dots in the upper right; go to “Settings” and then “View Advanced Settings.” Click “Manage Saved Passwords” and delete.
- If you’re allowed to, wipe the computer.
- The wired.com article recommends KillDisk and DP Wipe.
- Wipe your mobile device that’s provided by the company, assuming you have permission.
- If you don’t have permission, ask the IT team to do this. Just make sure you’re logged out of all applications.
- Shut your company voicemail down—after you delete remaining messages.