Home + Mobile

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

As tax season approaches, beware of tax related scams

Tax season officially began on January 19th, and with tax season comes the inevitable rise in tax-related scams. Identity thieves tend to step up their game a bit during tax season, looking to get the ultimate prize – your Social Security Number. Scammers often use the threat of jail time for unpaid tax debt to trick you into giving out sensitive personal information. As with so many scams, seniors are a major target. Telephone scams are particularly popular, but as more people file their taxes electronically, phishing emails and malicious email attachments have become more prevalent.

Now is a good time to help educate your family members about these types of scams. It is important to pay extra attention to any email that is tax related. Be aware that the IRS will not contact you via email to request any personal or financial information. Don’t click on any links or download any attachments from emails claiming to be from the IRS. If you need tax related information, go directly to the official IRS website at www.irs.gov instead of using a search engine.

For more information on taxes and security, the IRS have provided resources at: https://www.irs.gov/Individuals/Taxes-Security-Together

Cleaning up your Mac

In support of January being Clean Up Your Computer Month and National Privacy Day on January 28th, here are some great tips to start 2016 off right.

Let’s face it, we are all guilty of letting our computers get out of hand from time to time. I, for one, realized this when cleaning up one of my hard drives and discovered that I had 363 games either installed or ready to install. Typically a person will download something they want or need for a given moment, use it and never get rid of it. This can clutter and bog down your hard drive or even worse, leave personal information openly available. Here are a few tips that will help keep your machine clean.

Keep your desktop tidy! For me this is the pet peeve that my fiancée is guilty of and it drives me crazy. If your desktop looks like someone dumped a bucket of icons all over it then you might want to think of condensing and organizing. This can make for faster boot times, and easier navigation. Don’t let your desktop look like this…

Try to keep everything organized!

The download folder can be your worst nightmare on a device. I find this to be the one area that I am horrible at keeping track of. I need a picture for a blog or a gif to send to a coworker… months later I find myself questioning why I have a random gif of a plane crash on my computer. This folder can build and build until it is out of hand. Minimize the amount of files you have in here, if it is old .dmg files then trash them. This will greatly reduce clutter on most people’s macs. The mail downloads folder is another location that people tend to ignore. You can get to it using spotlight and typing in mail downloads or In the Finder, select Go > Go to Folder. Type ~/Library/Containers/com.apple.mail/Data/Library/Mail Downloads in the text field (This is only for people that use the built-in Email app).

Just as most of us adapted to cleaning the cache on Windows, you should do the same for your Mac. This doesn’t just relate to web browser cache, OS X stores lots of information in cache to allow for a faster loading time. You can go to the caches location and do a clean-up yourself (which I only advise for those who know what they are doing) or you can simply go to utilities in Webroot SecureAnywhere and click “Optimize Now”. This will clean up certain caches and logs for you.

Screen Shot 2016-01-05 at 2.45.57 PM

A key to having a clean computer is not just removing known junk but also removing unwanted Apps. Be sure to remove applications that you are no longer in need of. I like keeping a spreadsheet with my license keys, in case I need one of the apps in the future. Unused or unwanted apps can take up massive amounts of hard drive space and can post a threat to your internet security.

My final tip… Most macs come with a microfiber screen cloth… Use it.

A physically dirty computer is something that no one wants to look at. Apple has a page dedicated to recommendations and guidelines for cleaning their products. https://support.apple.com/en-us/HT204172

Quick Tips to Protect Your New (and old) Apple Devices

Apple has projected yet another record holiday for sales, but this should come as no surprise to fellow ‘Macheads’. I myself, am a huge fan of Apple and have been for a quite some time; I still have my iBook, and it still works! My desk is home to an iMac, Macbook, and many other small Apple devices. The one thing that most people believe is that there is no need to worry about security for their beloved Apple devices, which is a bit over inflated. So here are a Full this holiday season.

Top Ten tips for OS X security

  1. Create a standard account (non-admin) for everyday use– Log into the standard account for your everyday activities, and to store your personal information. Whenever an administrator’s password is required, type the admin username, and the appropriate password. This will lead to more password requests than if you were working under an admin account. However these requests should make you think whether you should be entering your password.
  2. Set Gatekeeper to allow Mac App Store and identified developers– Gatekeeper resides under Preferences>Security & Privacy and its main function is to allow the user to control which apps can be run without further escalation and or attention. If you download an application that doesn’t meet the criteria you will not be able to run it.
  3. Stay current with OS X updates– Mac OS X has a built-in software update tool “Software Update”. It’s a good idea to run “Software Update” frequently and install updates when available.
  4. Disable automatic login– Automatic login means that anyone who can access your Mac only needs to start it up to have access to all of your files.
  5. Use the built in Firewall– The firewall can be tuned to your needs whether it be at home, work or travel.
  6. Use a password manager to help prevent phishing attacks– It’s important to create complex, unique passwords, however for most of us, the more complicated the password the easier it is for us to forget it.
  7. Use Mac FileVault for full-disk encryption– FileVault encrypts your entire hard drive using a secure encryption algorithm (XTS-AES 128). You should enable this feature on your Mac because if your hard drive isn’t encrypted, anyone who manages to steal your computer can access any data on it.
  8. Use a Mac anti-virus (WSA)– Let’s face it, Mac malware is real and only getting worse.
  9. Enable iCloud Mac locator and remote wipe– If your system is ever stolen you can log into iCloud.com or use the Find My iPhone app on an iOS device to locate your device, send it a command to lock it, have it issue a sound, or remotely wipe the device.
  10. Use “Secure Empty Trash” to remove data– By default files are simply marked for deletion and not really deleted making file recovery simple. Using Secure Empty Trash things get much more difficult to recover.

Tips to secure your iOS

  1. Enable Passcode Lock. This is one of the key security tips, The stronger the passcode the better. Apple has incorporated a fingerprint scanner in the newer iPhone models which allows users to use their fingerprints for authentication when unlocking their device and making purchases.
  2. Erase all data before selling, trading in, or sending off for repair.
  3. Update. By keeping your apps and operating system up-to-date, you will strengthen the security of your device. You can turn on the automatic downloads feature which will update apps in the background and without the need for you to do anything.
  4. Don’t Jailbreak. Sure, some of the Jailbreak tweaks are cool and can do some fun things but is the lack of security really worth it?
  5. Enable Safari security settings. These settings include blocking pop-ups, disabling autofill, fraud warnings, and the ability to clear cookies/history/cache. Alternatively, you can download Webroot’s secure web browser for iOS.
  6. Disabling Bluetooth/WiFi. There are several freeware tools designed to sniff for Bluetooth and WiFi signals then gather information from open devices. It is also best to not use public WiFi; you don’t really know what the guy sitting at the other table in Starbucks is doing on his computer.
  7. Find my iPhone. This should go without saying, this feature not only helps you find a lost or stolen phone, but it also makes wiping the phone a little harder. I had an iphone stolen and find my iPhone found it five months later… in Canada… someone sold it on ebay.
  8. Disable Siri on Lock screen. Siri is a great tool and assest but she can also talk to much, this will keep her quite until the correct person is able to unlock the device.
  9. Set up a VPN. A Virtual Private Network is a must-have and can bring extra security to anyone who uses their devices on different wireless networks. Some VPN services are free of charge, but some can cost several dollars a week which is more than a fair price for protecting your information.
  10. Turn on two-step verification for Apple ID and iCloud – a great way to prevent issues without someone knowing both the password and the 4-digit verification code.

IT at Home for the Holidays

It’s that magical time of year for all technically minded folks: sysadmins, IT pros, nerds and gamers.  It’s that time where you get to go home to family, gather around the fire, and fix their computers.

That’s right; it’s not about the turkey or the giving of presents, it’s about cleaning toolbars off grandma’s computer.

For those of you who go through this annual ritual, here’s a few things to make the process easier for everyone:

  1. Facelift: SSD, memory, larger screen.  One of the cheapest ways to give aging hardware a boost is getting easier every day.  SSD prices are bombing like your boss’s jokes at the holiday party, RAM has been cheap for a while, and bigger screens are always cheap around the holidays.  Replacing an HDD with an SSD will make them think you gave them a whole new computer.  For moving the boot drive, I recommend Paragon Software’s Migrate OS to SSD software: https://www.paragon-software.com/technologies/components/migrate-OS-to-SSD/ That way you don’t have to do a fresh install, and you can just leave the migration running while you eat dessert.  Combine that with a USB to SATA cable: http://www.amazon.com/gp/product/B00HJZJI84 and you only have to open up the case once to swap the drive out after the migration is complete.  While the case is open, slap in some extra RAM so that when Chrome tabs gobble up all the memory their computer doesn’t grind to a halt.  And finally those aging eyes will benefit from the jump to a larger screen.  27 inches seems to be the pricing sweet spot lately.  And you can take home the replaced screens to use as second, third, fourth and fifth monitors for yourself while playing Fallout 4.
  2. Auto-reset the internet.  How tired are you of asking people if they’ve tried turning it off and on again?  For one aspect you can now automate the process.  They make plugs that detect when the Internet connection goes down that automatically power cycle the cable modem and/or router: http://www.amazon.com/PI-Manufacturing-Internet-Controllable-Automatic/dp/B006PPISCG That will save you from having to explain to your parents which device they have to try turning off and on again when the Internet goes out.
  3. Setup easier remote access – Have you ever had this conversation: “Go to the address bar.  That thing at the top.  Type in: H-T-T-P-colon-slash – the one that leans to the right, not the left, now another slash.  Yes the same direction as the last one.  Now L-O-G.  No, G as in Get a clue…”  You get the picture.  While you’re home, why not setup a shortcut on the desktop that goes directly to your preferred remote support website?  That way grandma knows what to click on when you have to remote in to uninstall the latest toolbar she installed.
  4. Install antivirus that allows central management – obviously I’m going to recommend Webroot: https://www.webroot.com/us/en/home But no matter what you choose, it’s nice to have something that has a central online console. This allows you to see whether mom’s computer has run a scan in the last decade and how many viruses your younger brother managed to catch while visiting those sites he likes to go to.  With Webroot you can also kick off scans and reboots from anywhere you can get online.
  5. Protect their credit – everyone’s had their information stolen at this point so you might as well put a freeze on your credit.  Mom and dad probably aren’t getting a lot of loans these days therefore this won’t be a big inconvenience for them.   Here’s how to go about it: http://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs This just means they’ll need to call in and unfreeze with their password before they get any more lines of credit, and it will stop the bad guys from taking out loans in their name.  Because face it, they already have all of your personal information.  Protect your inheritance.
  6. Install an ad blocker and privacy protection – ads are a huge vector for malware these days.  I like uBlock Origin to stop ads and Privacy Badger to stop companies following you around the web with tracking cookies.  Put those browser extensions in place and teach mom and dad how to turn them on or off for individual sites for when they break core functionality.
  7. Get them on a better browser – if they’re still using Internet Explorer then you should be ashamed of yourself.  Protip: change the existing IE icon on the desktop to open up Chrome or Firefox instead, so they don’t have to learn to click on anything new.
  8. Power protection – get some cheap UPS and surge protection so that any desktop devices & cable modems won’t go haywire if the power blips: http://www.amazon.com/Eaton-Electrical-3S350-External-UPS/dp/B00906CH8S
  9. Setup online backup – I like Backblaze: https://www.backblaze.com/ $5 a month for unlimited storage on each computer.  Now your baby pictures aren’t in danger of going up in a puff of magic smoke.  Restores are easy and you get email reports letting you know that the backups are successful.
  10. Get better wireless – Ubiquiti has awesome and affordable prosumer APs that will give you a signal from two streets over: http://www.amazon.com/Ubiquiti-Networks-Enterprise-Unifi-UAP/dp/B00HXT8R2O No longer will the neighbor’s Wifi interfere.  I use one to cover an entire three-story house from top to bottom.
  11. Connect the house with powerline Ethernet – save the wireless for devices that move.  For anything static, from streaming devices on your TV to media servers, wired is the way to go.  Powerline Ethernet is now rock solid and you can turn your whole house into a hub by plugging these into any outlet: http://www.amazon.com/TP-LINK-TL-PA4010KIT-Powerline-Adapter-Starter/dp/B00AWRUICG No running cables throughout the house required.
  12. Stop bundleware – next time dad installs an update, you don’t have to worry about uninstalling a toolbar with this one simple trick: http://unchecky.com/ This software automatically unchecks the bundleware checkboxes so that you don’t have to use a cattle prod to train family to uncheck anything.
  13. Install a password manager – anything to get people to use good passwords without having to teach their aging brains to remember anything new.  If you use an online password manager, then you can automatically change their passwords and update the password manager for them whenever there’s a report of a breach on a site your family uses.
  14. Follow Swift on Security on Twitter.  A parody account that is both funny and useful.  Taylor Swift’s Infosec alter ego will keep you up-to-date on the latest security news and breaches, all while serenading you with the latest hits: https://twitter.com/swiftonsecurity/

Hopefully this list will help you get through the holidays at home without having to resort to hiding in the basement.  Make a few of these changes and it should make the next year of family tech support that much easier.  May the force help you live long and prosper.

Black Friday & Cyber Monday Security Tips

With the two most hectic shopping days of the year rapidly approaching, you may be preparing to nab a deal… but identity thieves are just as busy trying to nab your financial information. While you’re out looking for the best deals
online and in retail shops on Black Friday and Cyber Monday, keep these security tips in mind to protect your identity:

  • Try to use a secure payment method whenever possible. This includes Paypal, prepaid limited use debit cards, and credit cards that are separate from your primary bank account. Using a debit card that is tied to your primary bank
    account is the least secure form of payment, as a security breach poses the greatest financial risk.
  • When you purchase something from a small independent business online, make sure that the checkout process is a “Secure Site”. Look for a yellow padlock in the browser bar as well as “HTTPS” at the beginning of the website (as compared to “HTTP” with no “S” at the end, which stands for “Secure”).
  • Make sure that your operating system and security software are up to date. If you use Webroot SecureAnywhere, your software should automatically update itself whenever new versions are released. If you’re interested in using Webroot SecureAnywhere to protect your devices, CLICK HERE for a 14-Day Free Trial.
  • Don’t make online purchases while using public WiFi connections, such as restaurant or mall hotspots, because these networks are prime targets for identity thieves and hackers. Shop only from trusted wireless connections such as home and cellular networks.
  • Never send sensitive information such as Social Security Numbers, passwords, bank account numbers, or credit card numbers through e-mail. This is not a secure way to send sensitive information and legitimate companies will ask you to use some form of secure site to transmit the necessary information.
  • When using an ATM, inspect the card reader before swiping to ensure that it isn’t fake. Lately, identity thieves have been planting card skimmers over ATM card slots in order to trick people into providing their PIN and magnetic strip information, and this technique is on the rise.
  • Watch cashiers for skimming, which is when your card is swiped once at the register and again through a hand-held scanner the size of a cigarette lighter. Most registers allow you to swipe your card yourself; if a cashier asks to swipe your card by hand and turns away or puts both hands out of your sight while holding your card, ask to see a manager.
  • Review your credit card and bank statements to ensure that there are no unusual or fraudulent transactions. If you identify any suspicious activity, contact the appropriate financial institution immediately to address anny accounts that may have been compromised.

We hope that keeping these security tips in mind will allow you to shop with confidence and safety during the upcoming sales events.

Tips for Card Security and Fraud Protection

Cyber-criminals love to hit consumers where it hurts, and I’d say the most vulnerable location would have to be our wallets.

I frequently receive inquiries asking how a consumer can better secure their credit card and financial accounts. This ultimately led to me authoring this blog as a point of reference. Fortunately the industry is beginning to implement better practice and new methods to prevent this, and as always, someone, somewhere, will eventually find a way around that.

I’ve included a few tips here that everyone should acknowledge, and a few that may not be relevant to your environment. Obviously there are a TON of steps you can take to better your security, but if I wrote them all down, we would have a novel as opposed to a blog post. For the sake of being concise, I’ve kept this short and sweet, so to speak.

  • Physical security is important, keep your credit and debit cards in a secure location that only you can access.
  • Never write down your PIN, and make sure it is not personally identifiable information such as birthdays, phone numbers, etc. Cover it up when entering it publicly.
  • Make sure that you add your signature to your card, this is something that most neglect or have neglected to do in the past. I know I’ve certainly been guilty of it.
  • Regularly review your statements for transactions you do not recognize. Cyber criminals will frequently make minuscule charges first to see if you are checking your statements, and if not, make larger transactions. Some of the most successful campaigns such as this have accrued countless amounts of money with charges as small as a penny at a time.
  • Before using your card at a public ATM, ensure that the machine has not been tampered with. Skimmers are becoming smaller and more popular methods for scraping card data.
  • Confirm that when making a withdrawal, the amount on the receipt matches the amount withdrawn. Shred the receipt before disposing of it.
  • If you receive a new card, completely destroy the old one.
  • When purchasing anything online, ensure that the website utilizes HTTPS. Never submit financial or personal data via unencrypted connection.
  • As stated in my previous blog, always log out of a website, app, or platform when you are done using it. Most websites and banking apps now implement a time-out policy that requires re-authentication after a certain time frame.
  • Never write down your entire card number on a physical medium and never mail it.
  • Always keep your card within sight of you. If a teller needs to take it to a machine, request that you accompany them, or ask them to bring the machine to you.
  • Avoid using public computers whenever possible and never make important transactions on an unsecured network.
  • As we move into chipped base cards that offer more protection, cyber criminals now have the ability to scan these cards. While in its early stages and having limited range, this technology will continue to improve. If you utilize one of these cards, invest in an RFID sleeve to prevent your data from being swiped.

There is a lot more that could be added to this and as we see security measures improve, we will also see the technology to compromise them improve as well. What is secure today, may not be tomorrow.

10 Tips for Improving Your Home Router Security

With the recent news of router vulnerabilities, we thought it would be an excellent time to provide a few tips for improving your home router security. While nothing is hack-proof in the world we live in, you can take many steps to deter attackers from targeting you. I have arranged this from easy to do, to increasingly technical.

Simple steps to secure your home router

  • Create a unique login. Most routers use a default login username such as “admin”, and a password that is usually just “password”. Be sure to change the login information (username and password) to something unique to you. Please note that this is different than your WiFi name and password.
  • Create a username and password for your connection (WiFi). Consider changing it from the default to something that is not personally identifiable. Ideally, you DO NOT want your the manufacturer (Netgear. Linksys, etc.) or address as your WiFi name. Choosing WPA2 over WPA or WEP is also advisable. A long passphrase as your password that contains more than 20 characters is important here. REMINDER: you can disable the SSID broadcast so that only users that know your network name can connect. If you plan on having guests, create an entirely different Guest network. It is never advisable to give the credentials to your main connection.
  • Avoid using WiFi Protected Setup (WPS). WPS is a nice convenience, but it leaves your WiFi network vulnerable. Malicious actors can use this to attempt connection with a PIN, possibly leaving you open to brute-force attacks.
  • Keep router firmware up-to-date. Unlike your computer, your router doesn’t send reminders for new updates. It will be up to you to make sure you’re logging into your router regularly to check for updates.

 

Don't Get Hacked

More complex security tips

  • Disable Remote Administrative Access. In addition, consider disabling administrative access over Wi-Fi. An Admin should only be connecting via a wired Ethernet connection.
  • Change the default IP ranges. Almost every router has an IP resembling 192.168.1.1 and changing this can help prevent Cross-Site Request Forgery (CSRF) attacks.
  • Restrict access via MAC addresses. Your router gives you the capability to specify exactly what devices you want to connect so that others are not permitted. You can usually identify the address of the specific device in the Admin Console of the router.
  • Change from the standard 2.4-GHz band, to the 5-GHz band. If the devices you use are compatible, it is generally advisable to make this change. Taking this step will decrease the range of the signal and could stop a potential attacker that is farther away from your router from discovering it.
  • Disable Telnet, PING, UPNP, SSH, and HNAP. You can close them entirely, but I generally advise putting them into what is referred to as “Stealth” mode. This stops your router from responding to external communications.
  • Log out! This does not just apply to routers, though. You should log out of any website, utility, or console when you are done using it.

These router security tips should help protect your WiFi data from cybercriminals desiring to hinder your online activities.

Keep your personal data personal

It’s National Cybersecurity Awareness Month in the US and Stay Smart Online Week in Australia, so you might say that security is on the minds of more people around this time. So as we start taking the lessons in and changing some of our habits, there is another area that could use more attention; our personal data.

With a large variety of social networks available around the world, the opportunities to share are endless, but with that, so is the opportunity for information gathering by malicious parties as well as chances that private information could be revealed in a breach. One way to avoid this from occurring is by being careful with your information and be aware with what information you give out. An example of this can be seen from the recent Ashley Madison scandal where people not only posted their real names and personal details, but also linked their work email in some cases, embarrassing not just themselves but the organisations they work for. Also the less information you give out (like emails and phone numbers) the less likely you’re hit with spam.

And then there comes the personal data that you carry with you, be it from home to the office or on your next big vacation. This data could be stolen and compromised for malicious intent such as stolen identities, financial fraud, or even blackmail.

It’s always handy to encrypt your drive, whether you travel with your device or not. It is vital to encrypt a drive if it has sensitive data on it relating to you or the organisation you work for. There has been quite a few cases in this country where unencrypted devices from organisations go missing with customer data on it, then the Data Protection Commissioner will get involved and likely impose penalties on the organisation. An example of this: http://www.independent.ie/irish-news/three-eircom-laptops-containing-customers-data-including-bank-details-stolen-26820140.html. As well as encrypting your drive, don’t keep sensitive data (passwords, security questions, info you don’t want other people to see, etc.) in unencrypted text files lying around your system. If anyone gets access to the computer these files will be compromised.

In this day and age it can never be too much effort to keep personal data personal, and with a few steps, you can help minimize the risk to that information. While some might take time to get used to, a healthy habit of being aware will only help in the long run.

Bringing Layers of Security to Your Home Computer

When it comes to protecting your personal information in our ever-expanding cyber world, there are many ways to defend yourself. Since the vast majority of attacks originate on the Internet, it is smart to use multiple layers of security to ensure your computer (and the information it contains), stays secure.

One of the most common forms of protection is a Firewall, which is designed to block unauthorized access to the system, while still allowing communication outbound. Microsoft provides a firewall within the Windows OS as a standard security setting.

Along with having a Firewall, it is strongly recommended to have an Antivirus software running as well. This layer provides a defense against known malware and can use behavioural data to determine if a program is acting suspiciously. Of course I recommend Webroot SecureAnywhere, but the general rule is no matter who you have protecting your machine, to keep it updated at all times.

In the case of a successful breach or even just a computer malfunction, having some form of backup (online or external), can be extremely valuable. With an external backup solution, it is important to update it regularly, to ensure any new data or changes are saved. Also ensuring that this backup solution is not constantly connected to your PC helps if any infection does get through, keeping that backup protected. Online backup services usually allow backups to be created at a pre-determined time/day, automatically.

Finally, having the latest version of your preferred Internet browser along with a good Ad-blocking program will aid in keeping your web-browsing experience safe and more enjoyable. With the latest version, it will have many updates to the current security risks, coupled with usability and feature changes.

Each of these solutions has their own strong and weak points, but combined together they cover most of the areas you will have access to while using a computer. With multiple layers of security, you can make your computing experience safer and have the reassurance that your personal information is much more difficult to compromise.

It’s Time To Join The Family

Cybercrime. Remember the days when cybercrime was a word only super nerds and fans of the hilariously bad 1995 film Hackers used to say? No longer. You can hardly go a week without reading about the latest data breach, exploit, or hacktivist plot.

Back in the day, cybercriminals used to primarily fall under the lone wolf category, writing scripts and hunting for exploits without sharing their techniques, because if they did, it might cut into their profits. But, in the last few years, cybercrime has shifted from strings of unrelated, uncoordinated attacks—the digital equivalent of a bank robbery or a mugging—to highly calculated, business-like maneuvers determined to maximize revenue and get the hackers’ branding out there.

It isn’t just businesses that are suffering from these well-planned attacks, either. Even people with no affiliation to the companies suffering from data breaches are having their identities and payment information stolen.

AC-blog-table

The FTC has seen growth in the last several years in reported cases of identity theft and payments fraud among consumers, with the costs also rising each year. With cybercriminals banding together to exploit the masses, it’s time consumers did the same.

Webroot® AntiVirus for PC Gamers takes a new approach to securing your gaming rig. By utilizing a Smarter Cybersecurity® approach to protecting devices, each computer defended by Webroot helps secure the rest of the Webroot network—our own, modern-day digital Family.

In Victorian London, the working-class had to band together to fight against exploitation and crimes perpetrated against the masses. In Assassin’s Creed Syndicate, you will play as twin Assassins Jacob and Evie Frye and fight for their cause. It’s time you did the same today and secured your gaming experiences with the lightest, fastest security in history!

Try Webroot AntiVirus for PC Gamers for FREE today and enter for a chance to win an Origin® EON15-S gaming laptop! Take down enemies of The Family in high-def style on this sleek, performance-driven laptop.

Get rewarded for doing what you already love to do. Sign up at www.assassinscreed.com/rewards to earn credits towards bonus in-game content, enter sweepstakes, and even win an Origin® EON15-S gaming laptop! Check out protect-the-future.com today and earn even more bonus Credits!

Why are we using biometrics as passwords?

After seeing a great presentation on newly discovered biometrics/fingerprint vulnerabilities (“Fingerprints On Mobile Devices: Abusing And Leaking”, by Tao Wei and Yulong Zhang) at Blackhat 2015, I have to wonder why we are even using a lone fingerprint as a password. Wouldn’t fingerprints be better implemented as a username?

When your fingerprint is compromised, it is compromised forever. We’re talking about something associated with criminal records, banking, and other fairly-critical segments of one’s identity. It only makes sense your fingerprint remain part of your identity and not some password you hope to remain secret for the rest of your life. You can’t change them. Not easily, anyways… As your username, it would simply remain a part of your identity, unable to be used against you without the secrets you can more easily hide and change: passwords, pins, etc.

casFingerprints would normally need to be physically gathered, dusting for prints and all that, making their compromise a less-than-likely situation. The issues outlined in the presentation I saw, however, showed it could be possible for their digital counterparts to be gathered remotely and en masse. Imagine if a fingerprint wasn’t the password, but only the login. That wouldn’t be that big of a deal anymore. So they know your username, so what? They still can’t log in. Email addresses are scraped up off the internet all the time. Someone’s email address is bound to be in many places they don’t want it to be, but the threat of compromise is still extremely low if they’re securing their account properly. In reality, a leaked fingerprint is a big deal because you can do things like pay someone via PayPal with it. The fingerprint is the password and the username can be gotten easily (they’re almost always stored insecurely and most of the time it’s just an email address anyways).

Other situations and issues involving fingerprints being used as a mix authentication and authorization – depending on what app you’re in – are outlined in the presentation as well. In one example, they showed malicious actors’ ability to snag fingerprints in the background, causing you to authorize a payment when unlocking your phone, for instance. Yet another situation where, if the print was your username, there wouldn’t be an issue.

At the very least, there clearly needs to be better security standards around fingerprint data and sensors. Still, making them less powerful (read: not the sole password used to access banking information) would be the best way to go.

Back to School Means Back to Security

Not a week goes by where we are not hearing about, reporting on, or providing comment to another major breach. From big box chains to mom and pop shops, it seems to be a constant source of news. Beyond the commercial and financial industries though are the education sectors, with colleges and private schools under attack at the same rate as their commercial distant-cousins. And with school less than a month away for most students, we think it is time for some reminders on personal security. While you will not be able to impact the local educational institutes security layer, you can add layers to your personal protection.

  • Use two-factor authentication whenever possible.

We talk about this a lot because it is one of the easiest aspects of security to implement. Two-factor authentication adds another layer of security when logging into a website, be it e-mail, banking, or other websites.  Some websites, such as Google, will text you a code when you login to verify your identity, while others have small devices that you can carry around to generate the code.  Authentication apps are also available on all major smartphone platforms. Other types of two-factor authentication do exist as well, so look in the settings of your banking, shopping, and e-mail hosts for the option.

  • Signup for login notifications

This security layer is often used in place of two-factor authentication, including by websites such as Facebook.  If your account is accessed from an unfamiliar location, a notification is sent via e-mail, app, or text-message to the account holder.  This is a great layer of security that offers you on-the-go protection.  This feature, if offered, can usually be found in the security settings of the website, such as banking and social media, you are accessing.

  • Change your passwords before school starts

There is a reason your office requires regular password changes for your e-mail.  Even if your password is compromised, by changing it regularly across all your accounts, you remove the chance of your account being accessed.  A pro-tip would be to set a reminder for every 90 days on your calendar with a link to all your accounts settings pages.  It makes it easiest to click through and make the changes regularly.

  • Increase junk filtering and avoid clicking through on e-mails

You just received an e-mail from a teacher asking for you to login and verify your school credentials.  Many phishing schemes start with something looking very innocent and official, but lead unassuming users to websites designed to collect the information direct from you.  If you receive an e-mail from one of the account-holding websites, or even a known person, open a new tab and go direct to the website instead of clicking the links provided.  It adds only a few seconds to the access, but keeps you out of any legit-looking phishing websites. Most legitimate services will never ask you for your login credentials, so make sure to avoid giving out this information.

  • Use an up-to-date security program

Whether you use Webroot SecureAnywhere or another product on the market today, ensure you have the most up-to-date version and have the correct security settings enabled.  Security programs are designed to keep the malicious files such as keyloggers and data-miners off your computer and the user protected.  This direct layer of security ensures your devices, from phones to tablets to computers, are all protected when you are downloading and accessing files.  Note that some programs, such as Webroot SecureAnywhere, are always up-to-date and require no further action from the user..

While schools will continue to be a target, you can work to minimize any breach impact on your personal data by following these steps. And if you were to receive news that your education institution has been breached, use these steps to go back and conduct a personal audit, while also taking advantage of credit alerts and other tools out there.