Skip to content

Posts from the ‘Other’ Category

4 days of security

I follow a lot of security blogs and sites to be aware of security topics …. here are some I recommend:

https://staysafeonline.org/

https://www.sans.org/security-awareness-training/ouch-newsletter

Krebs on security

Threatpost.com

Schneier on Security

Naked Security

Internet Storm Center

 

5 days of security

Have you been hit by a ransomware attack?  The best way to recover is having a backup of the data on your computer.

Whether that’s an external hard drive, or a cloud backup, ask yourself, right now….. what if your computer was held hostage?  Would you have the resources to recover?

7 days of security

Are you raising a good digital citizen?  Here are some top things you can do courtesy of StaySafeonline.org’s site:

  • Remain positively engaged: Pay attention to and know the online environments your children use. Surf the web with them. Appreciate your children’s participation in their online communities and show interest in their friends. Try to react constructively when they encounter inappropriate material. Make it a teachable moment.
  • Support their good choices: Expand your children’s online experience and their autonomy when developmentally appropriate, as they demonstrate competence in safe and secure online behavior and good decision making.
  • Keep a clean machine: Safety and security start with protecting all family computers with a security suite (anti-virus, anti-spyware and firewall) that is set to update automatically. Keep your operating system, web browsers and other software current as well, and back up computer files on a regular basis.
  • Know the protection features of the websites and software your children use: All major internet service providers (ISPs) have tools to help you manage young children’s online experience (e.g., selecting approved websites, monitoring the amount of time they spend online or limiting the people who can contact them) and may have other security features, such as pop-up blockers. Third-party tools are also available. But remember that your home isn’t the only place they can go online.
  • Review privacy settings: Look at the privacy settings available on social networking sites, smartphones, apps and other social tools your children use. Decide together which settings provide the appropriate amount of protection for each child.
  • Teach critical thinking: Help your children identify safe, credible websites and other digital content, and be cautious about clicking on, downloading, posting and uploading content.
  • Explain the implications: Help your children understand the public nature of the internet and its risks and benefits. Be sure they know that any digital info they share, such as emails, photos or videos, can easily be copied and pasted elsewhere and is almost impossible to take back. Things that could damage their reputation, friendships or future prospects should not be shared electronically.
  • Help them be good digital citizens: Remind your children to be good “digital friends” by respecting personal information of friends and family and not sharing anything about others that is potentially embarrassing or hurtful.
  • Just saying “no” rarely works: Teach your children how to interact safely with people they “meet” online. Though it’s preferable they make no in-person contact with online-only acquaintances, young people may not always follow this rule. So talk about maximizing safe conditions: meeting only in well-lit public places, always taking at least one friend and telling a trusted adult about any plans they make – including the time, place and acquaintance’s contact information. Remind them to limit sharing personal information with new friends.
  • Empower your children to handle issues: Your children may deal with situations like bullying, unwanted contact or hurtful comments online. Work with them on strategies for when problems arise, such as talking to a trusted adult, not retaliating, calmly talking with the person, blocking the person or filing a complaint. Agree on steps to take if the strategy fails.
  • Encourage your children to be digital leaders: Help ensure they master the safety and security techniques of all technology they use. Support their positive and safe engagement in online communities. Encourage them to help others accomplish their goals. Urge them to help if friends are making poor choices or being harmed.

8 days of security

Are you concerned about automobiles being hacked?  Sure there are headlines about attacks and threats, but is there truth and fact in these attacks?

To be fair there is ample evidence to be concerned about the risks.  There have been clear demonstrations of cars taken over and remotely controlled.  But to be clear these hacks occurred after a long period of investigation.  The risk of cars…to me… is no different than the risk of the internet of things.  We have devices that you don’t normally think of needing updates and patches.  We have devices that are probably hard to patch (one doesn’t normally think of rebooting a car does one?)  We have a thing that most of us can’t service ourselves and must rely on the vendors and “consultants” (car dealers and mechanics) of varying quality that we have to rely on.

Don’t get me wrong, I love the idea of driverless cars, of technology that can drive me automatically to where I want to go, of technology that will ensure that we can be mobile at any age of our lives.  But with every technology we build, there are always people that will want to make that technology not work.

So when you buy a car and there is technology under the hook, ask about how that technology gets serviced.  Is it over the air patching?  Do you have to take the car to the dealer to get boards “flashed”?

It’s time to ask hard questions of all of our vendors.

9 days of security

How many times has this happened to you?  You get a call and the person on the other end of the phone says you have a problem with your [computer, iPhone, apple device, technology].  They usually say that your device is alerting them that it is full of viruses.

Their goal?  To either get on your machine or get your credit card from you and then steal money from you.  As noted on this FTC page,

The scammers may then

Ask you to give them remote access to your computer — which lets them access all information stored on it, and on any network connected to it

Try to enroll you in a worthless computer maintenance or warranty program

Install malware that gives them access to your computer and sensitive data, like user names and passwords

Ask for credit card information so they can bill you for phony services or services available elsewhere for free

Try to sell you software or repair services that are worthless or available elsewhere for free

Direct you to websites and ask you to enter credit card, bank account, and other personal information

How many of you try to play along and keep the scammers online?  I know some folks that purposely keep a virtual machine around and let scammers log into that and pretend to be really really dumb in regards to technology to keep the scammers online as much as possible.  I have often dragged them along for a time and then finally asked them if they feel right scamming people.  They promptly hang up.

If you’ve let them on your system, make sure you scan your system with an antivirus program.  Cancel credit cards if you gave them any financial information.

But just know that Microsoft — or Apple tech support — never calls you, unless you’ve called them first.

10 days of security

Today Tim Cook spoke at a Privacy conference and asked that we set new policies for privacy.

He asked for four things:

1.  the right to have personal data minimized;

2.  the right for users to know what data is collected on them;

3.  the right to access that data;

4.  the right for that data to be kept securely.

Online tracking is a big problem.  Big data is a big problem.  I always say if you don’t pay for something, you are the product.

Watch Tim Cook’s speech here

What do you want from your vendors in regards to privacy?

11 days of security

Have you ever thought about all of the technology in your house?  Not just the technology you may have at your business?  But the technology you use at your home?  Here are some things to think about:

Here are ways to secure your wireless router:

  • Change the name of your router: The default ID – called a service set identifier” (SSID) or “extended service set identifier” (ESSID ) – is assigned by the manufacturer. Change your router to a name that is unique to you and won’t be easily guessed by others.
  • Change the preset password on your router: Leaving a default password unchanged makes it much easier for hackers to access your network. You should change it as soon as possible. A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
  • Review security options: When choosing your router’s level of security, opt for WPA2, if available, or WPA – these levels are more secure than the WEP option.
  • Create a guest password: Some routers allow for guests to use networks via separate guest passwords. If you have many visitors to your home, it’s a good idea to set up a guest network.
  • Firewalls help keep hackers from using your device to send out your personal information without your permission. While antivirus software scans incoming email and files, a firewall is like a guard, watching for attempts to access your system and blocking communications with sources you don’t permit. Your operating system and/or security software likely comes with a pre-installed firewall, but make sure you turn on these features.  If you are using Windows 10, 8.1 or 7, these operating systems have a built in firewall.

12 days of security

Do you ever talk to the other generations around you to determine their level of paranoia and cyber understanding?  Too often I see younger generations and older generations having different criteria for trusting web sites or emails than I do.  Often when I question the person I find that they often don’t realize the settings on their social media gives them the ability to control who sees their posts.  I will often “google” a person and find that their social media postings give much too much information about what they do, where they go and the people they are with.

Sit down with both your children and your parents and show them how their social profile looks to someone else.  Showcase to them that social media can often be used in public searches to determine if someone is worthy for a job or meets the criteria for an organization.

Take the time to teach others about privacy and remind others that what is posted online will last for a lifetime.

13 days of security

Small businesses often have the least amount of resources to help protect them against cyber security attacks.  The website staysafeonline.org recently had a small business series going over several key issues.  This month’s session was about Small Business Scams, many of them even individuals have been targeted.

So take a short 30 minutes and watch was the typical scams are and how you can protect yourself.  One of the key ways I stay aware is always ask yourself “does this sound too good to be true?”  If the answer is yes, then it’s a scam.

Here’s from the Staysafeonline.org web site:

The link to the latest webinar “Small Business Scams: What to look for & how to protect your business” is now live. Slides are also available to download.

Access them here: https://staysafeonline.org/resource/csmb-webinar-small-business-scams/

The entire CyberSecure My Business Webinar series can be viewed online. Visit https://staysafeonline.org/resources/ and select “videos” under the “all types” drop down menu to replay any of the following webinars:

  • Let’s Talk About Ransomware and Phishing
  • Learn to IDENTIFY Key Assets & Data
  • Learn to PROTECT Key Assets & Data
  • Learn to DETECT a Breach
  • Put a RESPONSE Plan in Place
  • Know what RECOVERY looks like
  • Learn How to Choose and Protect Your SMB Website Hosting Service
  • Learn How to Protect Your Business Email Accounts
  • How to Assess Vendor Security
  • Email Authentication Basics
  • SMB Cyber Basics: Where to Start

16 days of security

We’re 1/2 way through our 31 days of security posts in honor of the October Cyber security awareness month.

Today we live in a world where recording devices are ubiquitous.  There are recording devices on public streets, recording devices in the door bells of houses, and in general, there is often a video recording that Authorities can obtain to gain more information.  California has a law that states….

California’s wiretapping law is a “two-party consent” law. California makes it a crime to record or eavesdrop on any confidential communication, including a private conversation or telephone call, without the consent of all parties to the conversation. See Cal. Penal Code § 632. The statute applies to “confidential communications” — i.e., conversations in which one of the parties has an objectively reasonable expectation that no one is listening in or overhearing the conversation. See Flanagan v. Flanagan, 41 P.3d 575, 576-77, 578-82 (Cal. 2002).  A California appellate court has ruled that this statute applies to the use of hidden video cameras to record conversations as well. See California v. Gibbons, 215 Cal. App. 3d 1204 (Cal Ct. App. 1989).

If you are recording someone without their knowledge in a public or semi-public place like a street or restaurant, the person whom you’re recording may or may not have “an objectively reasonable expectation that no one is listening in or overhearing the conversation,” and the reasonableness of the expectation would depend on the particular factual circumstances.  Therefore, you cannot necessarily assume that you are in the clear simply because you are in a public place.

If you are operating in California, you should always get the consent of all parties before recording any conversation that common sense tells you might be “private” or “confidential.” In addition to subjecting you to criminal prosecution, violating the California wiretapping law can expose you to a civil lawsuit for damages by an injured party.

If you have security cameras in a location where there is no expectation of privacy – out in the street in front of your house – you would not be under a wiretapping law.  However if your security cameras are inside your house, there is an expectation of privacy and thus wiretapping laws would come into play.  Now let’s layer on how some of these video cameras have less than stellar security and now layer on the ability to search for such internet of things devices through a specially crafted search browser, it’s no wonder that we’re all a bit paranoid these days.  Make no mistake, video cameras often help law enforcement put evidence together.  Case in point a local homicide in my City was able to spot an assailant’s truck in several videos captured by surrounding homes and businesses and was able to use the video as additional evidence of proof that the assailant was in the area where the homicide occurred.  So video capturing helps a great deal.  BUT… as with all technology – it can be abused both in terms of privacy and as well as being used by attackers.

If you set up a home video camera consider the vendor security features:  Make sure it doesn’t have embedded passwords, demands complex passwords, can be updated relatively easily among other things.

Cameras can help make you safer, but they can also introduce security risks as well.  Be aware of both when you install a video camera in your house.  If you have a camera or security system, ensure that you place the stickers on the windows which inform those entering your home that they just might be recorded.