Monday, December 24, 2012

ADVICE FROM FORTALICE, LLC

PROTECTING YOUR CUSTOMER DATA FROM CYBER CRIMINALS

The “bad guys” go where the action is.  They surf the web looking for winners of contracts for government agencies or companies.  They actively track and profile companies, prominent political figures, celebrities, and people of financial wealth for ill-gotten gains.  They exploit weaknesses, not just in our technology protection, but also in our human nature.  


Cybercreeps and cybercriminals are experts at understanding what makes a person click on a link, open an attachment, or visit a particular website.  They target their victims by mimicking day to day tasks and trap them into letting them into their devices, computers and networks.  It used to be that if you put in place the best, leading edge technology that you could fortify your network and protect your digital assets and then you were “safe”.  That is no longer the case.  


The points of entry are increasingly sophisticated.  Our point of view is that they have the advantage of potential anonymity, scale of attack, time to prepare, and the element of surprise in their favor.  


We have seen cybercriminals that use sophisticated spear phishing, a focused email scam, to target a specific person or entity.  We have also watched some cybercriminals hijack press releases of legitimate companies and convince you to click or download information.  Another set of cybercriminals are particularly expert at poisoning search engine results.  Cybercriminals are fond of using current news events to set their malicious software trap.  Any hot news topic, from the death of Morgan Freeman (who is not dead) to the exploits of Julian Assange at Wikileaks, presents perfect opportunities to poison search results.  Google reported that 1.3% of their search results are infected.  So, if you get 100 potential hits for your search request, that means 1 of them could be a trap.  


So what can you do to protect your customer data?

1.  Educate your staff on the risks and the threats.  Just a conversation about a news headline helps with awareness.

2.  Provide them with written guidelines such as "Never put customer data on a thumb drive" or "Ask someone else at the company before you click on a link in an email and give up company data".

3.  Practice a disaster - "Today, we found out that a cybercriminal made a copy of our customer data and is selling it online....what would we do in the next 60 minutes to recover?"

4.  Create a written policy about confidentiality of customer data and ask your employees to sign it annually.  The policy should include:
a.  not talking about customers by name or industry online or offline
b.  not sending customer data to personal email accounts
c.  whether or not it is okay to have customer data on portable media

We have been advising our customers for over 4 years about the risks of social networking.  Not only do some entities accidentally let the bad guys in but often their staff also provides too much information to the bad guys.  67% of people polled by Sophos, a software security company, said they had been spammed via social networking.  Facebook seems to have a scam story or survey regularly.  In addition, we have been able to reconstruct our client’s whereabouts, company habits, and company information using social networking sites such as Facebook, LinkedIn, Twitter, and FourSquare as well as messaging boards like Microsoft and Cisco.  57% of businesses polled by Sophos said they think their employees share too much online but they do not know how to teach them not to, or how to write policies that would enforce keeping company secrets a secret without encroaching on First Amendment rights.


Even though cyberspace can be unsecure, there are several tactics and strategies that can protect people and entities from cybercriminals that want to conduct any or all of the following activities:  steal sensitive information, take intellectual property, commit cyberhactivism, launder money through accounts, take over identities, commit attacks hiding behind your computer, and/or steal money.


A recent Verizon study revealed that 87% of breaches could have been avoided had adequate security controls been in place. Our aim is to prevent your company from becoming a part of that statistic.  We find that implementing current policies and procedures and providing education and awareness training are two critical pieces in protecting you against the bad guys. 

Friday, December 21, 2012

Social Media Questions for 2012, featuring Theresa Payton


Webnotes by: Theresa Payton, Fortalice, LLC. Taken from a segment for Charlotte's Morning News via  WBT News Talk Radio 1110AM and 99.3FM


Question: What was  your favorite cyber security or social media surprise of 2012?

Answer:  

It's a 4-way tie:
1. That people actually bought Facebook stock.
2. That despite all the warnings, 25% of Facebook users don't use any security or privacy controls at all.  
3. Job postings requiring social media skills rose 87% in 2012
4. Twitter grew so large, that if it were a country, it would be the 12th largest in the world!


 Question: Do you have a prediction involving social media and your expertise of cyber security  that you might have for 2013?

Answer:

2013 technology will provide another reason why digital devices don't belong in the bedroom or bathroom!  
As we start to use more digital devices throughout our home and for everyday tasks, cybercriminals will pop into our lives in unexpected ways, such as through our "smart" digital TVs, monitors, and kitchen appliances.   
The recent Samsung TV issue that allowed researchers to "spy" on people is just a warning for things to come.   

and...

I predict that Pinterest, whose Facebook fan page "likes" recently registered at 97% women, is going to market hard to attract male users.  

and...

Social TV will be hip and almost expected.  This is where you will interact with TV and social media at the same time.  Shows will encourage interaction through hashtags, follows and likes during shows or commercial breaks.  Commercial ads will interact in real time with viewers.  

and...
"Out" - checking in on location software will be on the way out and "in" - checking in and giving a recommendation, sometimes for an incentive, via Pinterest, Instagram or other social media venues

Be Wary Of Shipping Scams This Season!!

Holiday shipping scams are everywhere this season, so, as always, be careful where you click!! See this extremely convincing email below!



Thursday, December 13, 2012

WHAT DOES INTERNET SAFETY MEAN TO YOU?

Recently, we asked students in 2nd through 6th grade via our Charlotte S.A.F.E kids classes to draw what Internet Safety means to them.  All participants received thumb drives with safety information and games. Below are the entries we received. Congratulations to everyone who got involved! We are so proud of your efforts!

2ND GRADE:

3RD GRADE:
 



 4TH GRADE:




5TH GRADE:













6TH GRADE:









Friday, December 7, 2012

WHAT HAPPENS WHEN THE TRACKERS BETRAY YOU?



Webnotes by: Theresa Payton, Fortalice, LLC. Content also covered on WBTV's "Protecting Your Cyberturf" segment featuring Theresa Payton and Kristen Miranda.

Sounds like a little piece of heaven doesn’t it?  A new device that helps you track every object you typically can’t find.  Keys, tablets, phones, wallet, checkbook.
And this new technology is a bluetooth powered sticker thinner than a quarter.

Whenever you have a technology that makes life easier, you have to ask yourself, could this technology betray me?  In the wrong hands, could making my wallet or kesy easier to find do the same for a bad guy?  Cyber expert, Theresa Payton asks, “What happens when the trackers betray you?”


HOW IT WORKS:
1.  The trackers can now be made as small as stickers!
Their internal batteries last roughly 12 months, and they are bluetooth enabled.
2.  You tag the object that you don’t want to lose by placing the sticker on it and then you can see them on an app
3.  The app notes the distance and if you decide an object is too far away, you can tap the app and the sticker on the object will light up and buzz
4.  Criminals are testing how to break into bluetooth enabled devices every day and are prepared to capitalize on this technology.  They call this bluesnarfing when criminals “listen in” on your bluetooth broadcasts

HOW TO PROTECT YOURSELF:
It’s okay if you decide to use this time saving and potentially device protecting technology.  Just ask your manufacturer first how they protect the bluetooth signal so it doesn’t broadcast to everyone and only you.

WORD OF THE WEEK:
Replyallpocalypse
You hit “reply all” but type a message that you really only intended for 1 person.  For example, it might be a snarky message regarding a memo your boss just wrote or your best friend sent, it could be your replyallpocalypse!  Protect yourself from a replyallpocalypse by following the golden rule (do unto others as you would have them do unto you) and double check the options you chose for a reply before hitting send.

WEB RESOURCES:
Bluetooth finder as small as a sticker is in development.  See it on Mashable at:
http://mashable.com/2012/12/05/sticknfind-tracking-stickers/


See a video:  http://www.indiegogo.com/sticknfind


The National Institute of Standards and Technology recently wrote a paper on how to protect bluetooth:  http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf

"Helpful" Photo Saving Feature on Facebook



Webnotes by: Theresa Payton, Fortalice, LLC. Content also covered on WBTV's segment "Protecting Your Cyberturf" featuring Theresa Payton and Kristen Miranda.
We have warned you before about reading and thinking before you click on “ok” when you are asked to turn on location or enable a feature.  There’s a reason, sometimes these features are helpful but sometimes you are opting in to give up some of your privacy.  The new feature on Facebook could be helpful but you want to know what you are getting into before you use it.

It’s funny because this new Facebook feature helps you save your photos so you never lose a photo again when your tablet or phone crashes.  And in this case, unlike their usual tactics, Facebook didn’t just turn the feature on without asking.  But cyber expert, Theresa Payton says, there’s a risk to your privacy and security if you don’t tweak it before you use it.  

Theresa is worried about 3 things:  your data plan, privacy, and security



TIPS:

1.  You may see a “Get started” message on  your device

2.  When you “Get started”, Facebook will automatically upload the last 20 photoss and will then automatically upload EVERY PHOTO you take from that point forward.  

3.  Even though you still have to allow that photo to be seen by others, Facebook can still “look” at the photo to mine it for information (geo codes for location or facial recognition for example)



WORD OF THE WEEK:  DOCKSTER.

Dockster is a malware made for the Mac.  The malicious software was recently spotted infecting machines when unsuspecting people visited the Dalai Lama’s website.



Did you accidentally turn this feature on and want to change that?  You can turn off the Facebook Photo Sync:  
instructions

Do you have the “Dockster” Mac malware?  Not sure?  Try going to Sopho’s web site for a free tool to check and remove it:  
anti-virus tool.

Flaws in a traffic monitoring system that could expose drivers’ travel habits!


Webnotes by: Theresa Payton, Fortalice, LLC. Content also covered on WBTV's "Protecting Your Cyberturf" segment featuring Kristen Miranda and Theresa Payton.

There’s a new warning that the technology that is supposed to help you know how to avoid a traffic jam could put your driving patterns at risk.  The roadway sensors used to help guide traffic reports reads data emitted by cars.  But the Department of Homeland Security has issued a warning about this practice.  It’s spooky and strange and there’s not much  you can do about it.  These roadway sensors actually pick up signals from bluetooth equipment on your car and use it to count cars.  However, cyber expert, Theresa Payton explains that the data is not protected like it should be so hackers could eavesdrop on the system.

WHAT’S THE PROBLEM AND IS IT BEING FIXED?

1.  A hacker could break into the traffic monitoring system and read your traffic.  
2.  The good news?  First of all, this vulnerability was found by the good guys.  Researchers from the University of California at San Diego and the University of Michigan found the issue and alerted the industry so they could fix it.  
3.The companies that create software for monitoring are taking notice and making changes to better protect your driving habits.
4.  There are no confirmed hacks of this vulnerability It is not known if hackers have actually taken advantage of this breach but often it’s just a matter of time or the hackers are so skilled and stealthy, we just do not ever know they are there.

HOW THE SYSTEMS AND THE HACK COULD WORK:
1.  Newer cars have a unique ID number called a MAC address that is part of your Bluetooth system
2.  Your car emits this MAC address “out loud” in a broadcast to your other equipment on board like your cell phone.  The problem is, it also emits it to ANYTHING outside your car like the traffic sensors on the highway.  
3.  Sensors grab the MAC address as you drive by and can tell how many times you’ve been by, how many other cars (MAC addresses) are close to you, and even notes your speed.

PROTECTION IS LACKING:
1.  Car manufacturers, phone manufacturers, tablets are more need to pay attention to the practice of “bluesnarfing”.  Bluesnarfing is when criminals eavesdrop on bluetooth broadcasted messages.  Ask your manufacturer how they protect your bluetooth traffic.
2.  Traffic sensors also need to heed these warnings from the researchers - and so far, they say they are!

WORD OF THE WEEK:
SPEAK2TWEET:  In events where the internet is completely down, Google and Twitter, created Speak-to-tweet to give victims in an area a way to get their message out by using a simple phone call.