Category: Web Security

Don’t let yourself be targeted by cybercriminals: Here are 6 tips for safe holiday shopping

Don't let yourself be targeted by cybercriminals: Here are 6 tips for safe holiday shopping by By .  Available from <http://www.techrepublic.com/article/dont-let-yourself-be-targeted-by-cybercriminals-here-are-6-tips-for-safe-holiday-shopping/.> [ November 22, 2016, 11:30 AM PST] Photo Credit: flickr.com/Don Hankins

Online shopping is easy and convenient, and more people are doing it than ever before. The rise in e-commerce also gives cybercriminals more opportunities to rob you blind. Here’s how to stay safe.

Online shopping is predicted to increase by 8% in 2016, meaning 56% of holiday shopping will be done online. Odds are good that you or someone you know is going to buy at least one gift through a desktop, laptop, smartphone, or tablet. But how do you ensure sensitive information stays secure?

Data breaches tend to make headlines in the news but they’re hardly the only means of identity theft. Countless people have had information stolen by unscrupulous websites, fraud, and hacking. Here are six tips to share with your end users, friends, and family members to help them become smarter online consumers.

1. Pay attention to your browser’s URL

Whenever you’re online there’s a web address in the top bar of your browser. It tells you where you are on the internet, and it can be a good indicator of the legitimacy of the website you’re on.

For shopping purposes, and anything else that involves personal information, you need to be sure the website’s address starts with HTTPS. The S indicates a secure connection and any site trying to earn your business should have it.

2. Watch out for email deals

Regular online shoppers have inboxes filled with digital ads from the places they frequent, and those ads are legitimate. What you need to watch out for are ads from places you aren’t familiar with or that seem too good to be true.

Detecting phishing emails can be tough. If you’re not sure what to watch out for check out CNET’s guide for some good tips.

3. Don’t shop on public WiFi

Public WiFi is great, but it’s not necessarily safe. You don’t know who’s on the network, what they might be doing, or what they’re capable of—they may just be hanging out waiting to steal credit card info.

Shop from home, or from any secure connection. Make sure your home WiFi is secured as well—an openly accessible WiFi network is a serious security risk.

4. Use a password manager

Complex passwords are a must, but even those can be stolen if you type them into a spyware-infected computer. You can beef up security even more by using a password management app.

Not only will these apps allow you to sign in to websites with a single click, they can also generate random passwords that are incredibly secure. All you’ll have to do is use a master password to unlock the app and it will do all the hard work for you. And since you aren’t typing your passwords manually there’s much less risk of theft.

5. Keep your computer and antivirus software up to date

No one likes to be reminded of software updates: They interrupt us, take a long time to install and configure, and sometimes come with bugs that make life harder. That doesn’t mean they aren’t essential, though.

Operating system updates often patch security holes, and antivirus software is completely useless without updated virus definitions. If you’re the kind of person who avoids updating their machine take some time before you start shopping to run all your updates and doing a full scan of your computer.

If you don’t have any antivirus software on your computer now is the time to install some. Free applications like Avast and AVG are both great options.

6. Use Paypal or stick with a single credit card

Paypal and websites like it act as intermediaries to online vendors. Anyone who has ever forgotten their Paypal password knows how many security hurdles you have to jump through—it’s serious about security.

If you don’t want to use Paypal or are buying from a vendor that doesn’t accept it stick to using a single credit card. This isolates your risk to one account and if you pick one with good security features you’ll be alerted as soon as something bad happens.

Don't let yourself be targeted by cybercriminals: Here are 6 tips for safe holiday shopping by By .  Available from <http://www.techrepublic.com/article/dont-let-yourself-be-targeted-by-cybercriminals-here-are-6-tips-for-safe-holiday-shopping/.> [ November 22, 2016, 11:30 AM PST] Photo Credit: flickr.com/Don Hankins

Bigger is better: Symantec announces world’s largest set of threat data

Bigger is better: Symantec announces world’s largest set of threat data by Ashton Young.  Available from <https://securitybrief.com.au/story/bigger-better-symantec-announces-worlds-largest-set-threat-data/> [November 02, 2016 11AM]

Following their acquisition of Blue Coat just three months ago, Symantec recently announced the first positive spin-off.

By combining the two company’s threat intelligence, Symantec has created their Global Intelligence Network (GIN), which they assert is the world’s largest and most diverse set of threat data.

Combined, the companies leverage more than nine trillion elements of security data, applying the data-crunching force of artificial intelligence to enable analysis. Symantec now protects 175 million consumer and enterprise endpoints, 163 million email users, 80 million web proxy users and processes nearly eight billion security requests across these produts every day.

Symantec CEO, Greg Clark says they now have unparalleled visibility into the entire threat spectrum, with views into the darkest parts of the web and malware trade craft.

“By fast-tracking the integration of the threat intelligence capabilities from Symantec and Blue Coat, Symantec products are now blocking 500,000 additional attacks per day for our endpoint, email, and web security customers,” says Clark. “Drawing out those kinds of results from data is only possible by using artificial intelligence, which gives our threat researchers a vastly augmented ability to spot attacks earlier than anyone else.”

According to Symantec, their integration with Blue Coat means that they are now the only vendor to connect endpoint, email and web protection across a single integrated intelligence platform. Symantec asserts that already their new GIN has led to a series of significant protection improvements, in addition to discoveries of new attack campaigns. Examples include:

  • Shared threat telemetry: Because Symantec and Blue Coat productsn are now automatically exchanging millions of malicious files and URL threat indicators daily, more than 500,000 additional attacks are being blocked every day for endpoint, email, and web security customers.
  • Cyber espionage campaign discovered: Despite popular belief that the Chinese cyberespionage group ‘Buckeye’ had largely stopped their operations, the combined threat intelligence of Symantec and Blue Coat was able to determine the group was in fact still highly active. These discoveries enabled Symantec to enhance its protection capabilities against the Buckeye group.
  • Sophisticated financial heists outdone: Symantec and Blue Coat’s combined telemetry led to the revelation that since January 2016, an attack group known as ‘Odnaff’ has stolen millions of dollars from victim financial institutions.
  • Not a great time for phishing: Symantec has developed a technology that analyses new websites in real time by comparing them to screenshots known phishing sites. This technology is applied to more than 1.2 billion web requests every day, and has already fouled 137,000 new phishing campaigns since its release.
Bigger is better: Symantec announces world’s largest set of threat data by Ashton Young.  Available from <https://securitybrief.com.au/story/bigger-better-symantec-announces-worlds-largest-set-threat-data/> [November 02, 2016 11AM]

Smart home vulnerability: Tips for staying internet secure

Smart home vulnerability: Tips for staying internet secure Article by Alex Talevski, Swann Security CTO. Available from <https://securitybrief.com.au/story/smart-home-vulnerability-tips-staying-internet-secure/ > [November 02, 2016 1PM]

Connected Home devices are now a common feature in our everyday lives. Most consumers use smartphones, tablets and smart TVs that are connected with powerful internet driven features.

For this level of sophistication to be available, cloud connectivity is necessary. It enables us to access entertainment, social media, games, fitness applications, recipes, karaoke and many more, on-demand. All of this would not be possible and nearly as rich without the cloud.

Where such devices readily connect to the internet, they are exposed to vulnerabilities and attacks that could directly access other devices in your home, thus the potential to gain access to personal data.

Security around personal data becomes even more tricky where the internet connectivity relates to the smart home. Wherever such a threat exists, it could expose a way to unlock your door or disarm your alarm. Fortunately, the risk of such an intrusion is highly unlikely but it must be carefully managed.

Security is only as effective as the weakest link. Therefore, it is important to secure you entire home network and the devices that connect to it. It will not only save malicious Smart Home concerns but is also great practice to secure all other private data and services.

To mitigate risk, Swann Security solutions use the following security provisions;

  • Multi factor authentication
  • Bank grade data encryption
  • Unique device keys and passwords
  • Closed network device access
  • Hidden user and home details
  • Finally, we frequently update devices Over The Air (OTA) to address new vulnerabilities and threats

Malicious attacks can be prevented by applying the following 6 tips and tricks for each applicable device in a Secure Home;

1. Use strong and unique passwords for all accounts and users: Use a number, capital letter and symbol to make a unique device key and password.

2. Change passwords frequently (once every 3 months is good practice) and enable multi-factor authentication to make it harder for your systems to be hacked.

3. Do not share your network, smartphone and device credentials with others. Hide the user and homes details in your settings to prevent any breaches. Creating a separate network for devices and your security system can be an additional precaution.

4. Set your smartphone to lock and require authentication for unlocking. Try to use a strong PIN. Swann Security systems, their security provisions include bank grade data encryption to assist with your pin security.

5. Use good anti-virus and anti-malware scanners and enable closed network device access.

6. Frequently Backup all data on PCs, tablets and phones. As well as update to ensure is up to date. If you have a Swann product, this can be done through their ‘Over the Air’ (OTA) abilities to address new vulnerabilities and threats

*Swann Security Customer Survey – March 2016

Smart home vulnerability: Tips for staying internet secure Article by Alex Talevski, Swann Security CTO. Available from <https://securitybrief.com.au/story/smart-home-vulnerability-tips-staying-internet-secure/ > [November 02, 2016 1PM]

How to stay safe on the internet

How to stay safe on the internet Press Release from Oconee Co. Sheriff's OfficePublished:

With much of our lives centered around computers, technology and the internet, the Oconee County Sheriff’s Office is offering these tips to help keep you and your family safe.

“The Sheriff’s Office has committed itself to providing helpful information to help you and your family from becoming a victim,” according to Oconee County Sheriff’s Office Public Information Officer Jimmy Watt. “This includes updates periodically on various types of scams but also information, such as is contained in this press release, on how you protect yourself while you enjoy visiting the internet and your favorite sites and staying in touch with family and friends.”

The Sheriff’s Office is offering the following internet safety tips:

• If anyone calls claiming to be from a technology company and you did not initiate the call and they say that your computer contains viruses or malware or has some type of problem and if you pay money they will repair your computer or remove the harmful items, it is a scam and if you allow those individual(s) remote access to your computer, then your computer could be compromised and any personal or financial information could be compromised and other information could be erased or held for ransom. If someone from the outside gains remote access to your computer in this way, contact your local law enforcement agency immediately and do not pay any ransom, as this could further embolden the scammers. Also, make sure you have your files backed up in a virtual cloud environment and/or on some type of thumb drive.

• Change you passwords on a frequent basis and use different passwords for each internet account you have. The more unique you make them and the more difficult to guess, the better the chance you have from becoming a victim.

• You may also want to consider using two-factor authentication, which provides an additional layer of security by using a second known device. For example, when you change something on your account, such as a password, a text can be sent to you phone advising you of the change.

• Set your internet and social media accounts on the highest security level possible and post as little personal information as you can. Anything could be potentially used by individuals looking to scam and/or steal personal and financial information.

• If someone sends you an e-mail with an attachment and/or a link to another site and you do not know that person, do not open the attachment and/or click on the link as this is a way for viruses, malware or Trojans to be downloaded on your computer or allow someone to gain remote access to your computer.

• Be careful in regards to the sites you log into while in public places that offer Wi-Fi service as those hotspots may not provide enough security.

• Make sure you have your computer’s firewall turned on at all times and keep your antivirus software updated and current. Also make sure that the critical updates on your operating system for your computer are current.

• Look out for social media scams that offer gifts cards, for example, as a prize for taking a survey or for online shopping scams that offer merchandise at discounted prices. If an offer sounds too good to be true, more often than not it is and it could be used to steal personal or financial information.

How to stay safe on the internet Press Release from Oconee Co. Sheriff's OfficePublished:

3 tips to help make and manage complex passwords

3 tips to help make and manage complex passwords by Nick Ismail.  Available from <http://www.information-age.com/3-tips-complex-passwords-123462571/> [October 11, 2016] Photo: AdobeStock_21942031-634x0-c-default.jpeg

Passwords, despite the rise of biometrics, are still the most common form of user protection. It is important, therefore, to understand the best methods of producing and managing the most secure passwords possible

Every platform, every service we use requires a password or some other form of authentication.

Remembering dozens, perhaps hundreds, of unique passwords and usernames and keeping all of our devices up to date is difficult, to say the least, and these necessities conflict directly with our desire for maximum convenience.

Most people are guilty of re-using simple passwords across services and of writing them down to make them easier to recall when needed.

In the balancing act between security and convenience, convenience currently has the upper hand at the cost of immeasurable amounts of our most private data.

How can we begin to manage this growing list of passwords in a secure way? Here are 3 key tips and tricks you can use when it comes to password generation and management.

Apply mnemonics

You are probably aware of the rules of password best practice: Passwords must be long; they must contain a mix of characters; they should not be easily guessable; you should never share them; change your passwords often; use different passwords for different applications. The list goes on.

Satisfying all of these criteria can be a challenge, especially when considering that if you create a different password for each service you use you will somehow need to remember each one and avoid writing them down.

An easy way to approach this problem is by applying mnemonics to generating passwords.

For example, take the phrase ‘I would love to fly British Airways first class to Singapore!’ I can easily remember this phrase because it is true and it is not personal.

Also, it doesn’t include a name, an employer, a home location, or any other information about a person that’s easy to guess.

From this phrase, someone can formulate a password by using the first letter(s) of each word, numbers, capitalisation, and special characters.

Suddenly, this sentence creates a strong password that satisfies all the length and complexity requirements set forth by most services: IWLtoFBA1stCtoS!

You can also use other forms of mnemonics, such as misspelling common dictionary words, as a basis for your password instead of just the first letter. Be creative—the important factor is creating a complex password that you can actually remember!

Use a password manager

Though now you know an effective technique for creating passwords, you might still be struggling to remember enough different phrases to cover every account you own.

To help avoid re-using passwords across accounts, you can use password management applications or your web browser’s ability to save and remember passwords.

Password managers typically store passwords in the cloud and secure them all with a master password.

If you or your employer are not comfortable with cloud solutions, some password managers offer local storage as an alternative, giving you control and full responsibility over your password store.

However, bear in mind that though password managers are becoming increasingly feature rich, they can be vulnerable just like any other service.

For example, last year password manager LastPass experienced “suspicious activity” and urged users tochange their passwords.

As an alternative, saving passwords in your web browser is also convenient, as some browsers allow you to set a master password as an extra layer of protection, preventing your password from potentially being displayed in clear text.

Add more layers of protection

As well as passwords, you can add other forms of authentication to the data protection mix.

Authentication can be something you know (password), something you have (smart card, token, or mobile device app), or something you are (fingerprint).

On their own, each form of authentication has its weaknesses, but using multiple forms together – known as multi-factor authentication – strengthens the process.

So, even if your passwords are compromised, a malicious actor still needs another authenticator to access your data. Unless they also have access to that second factor, your data remains secure.

Everyone’s responsibility

Effective cybersecurity is not just a matter of installing the right software.

Technical ability alone is not enough to resolve the issue. If it were, breaches wouldn’t occur in such great numbers and with such frequency.

Only a holistic security stance will enable you to limit the opportunities cyber criminals have to steal your organisation’s data.

Preventing breaches requires encouraging secure behaviour at all levels across your organisation.

Every employee, contractor, third party vendor, intern or volunteer should understand the basics of password protection, as well as the basics of identifying, deflecting and reporting potential threats.

That way, if someone succeeds in breaking through your defences, which unfortunately seems inevitable, having a well-educated and aware user base will only help reduce the damage and identify the problem sooner.
Sourced by Stuart Clarke, chief technical officer, cybersecurity, Nuix

3 tips to help make and manage complex passwords by Nick Ismail.  Available from <http://www.information-age.com/3-tips-complex-passwords-123462571/> [October 11, 2016] Photo: AdobeStock_21942031-634x0-c-default.jpeg