browser

‘Tis the season for being victimized

November 13, 2018 by securewebsite

Tips for staying safe online this holiday season

Whether you’re sharing plans for your upcoming vacation on Facebook, you’re knocking out holiday shopping online, or you’re a retailer ready to strike while the iron is hot through a virtual store, the holidays can be risky business. Hackers connive year-round to steal important data that can leave you broke or your organization in shambles, but the holidays are an especially profitable time for them.

With modern technology, information is always at our fingertips. What you don’t want is your information being shared as it can put you at risk online and off both as an individual and as a business leader. Here are some things to think about before sharing, shopping, and selling online this season.

Beware & Don’t Overshare
It is hard not to get wrapped up in all the excitement of the holidays and want to share it with others. After all, who wouldn’t want to read about all of the visitors, gifts, and fun from your seasonal gatherings? While you may wish to share photos of your family, talk about your travel plans, and show off your new gifts, you must be wary of sharing too much.

Just as your friends and family enjoy your posts cybercriminals, cyber criminals could be as well. The information you share on social media accounts, especially when your privacy settings are public, can be seen by everyone. Criminals can use this information to misrepresent themselves as someone you know, use the information to crack your account passwords, or even learn when you’re out of town to rob your home or business.

Put a Lock On It
Analysts project that there will be more than three billion active social media users by 2021, according to Statista, a compilation of statistics and studies from more than 22,500 sources. That equates to about 40 percent of the world’s population. Be sure to set your accounts to maximum privacy and carefully choose who you give access to your social media. Here are a few tips to keep you socially savvy during the holiday season:

• Set the privacy settings to be as secure as possible.
• Don’t accept friend or connection requests from people you don’t know.
• Be careful not to overshare on your social media.
• Never announce when you have plans to be out of town on social media.

Online Shopping Set to Boom
When it comes to online shopping during the months of November and December, this year promises to see the largest online holiday sales yet. According to a piece by Shopify, worldwide online holiday sales reached $94.4 billion in 2016 but that jumped to $108.15 billion in 2017. Online purchases peak between Black Friday and Cyber Monday but the entire week of Thanksgiving is one big shop ‘til you drop event for consumers. According to the Shopify article, online spending is set to jump again this year with an estimated $3.35 billion in expected sales on Thanksgiving and $5.8 billion in sales for Black Friday which means people are learning to love shopping from the comfort of home.

Safer Shopping
The thought of dragging yourself to the store, fighting holiday crowds, standing in long lines, and dealing with traffic can make the holiday elf in all of us quickly turn into the Grinch. Avoiding all of that while easily finding the best deals on the gifts we want to give (and get) has become irresistible. Criminals can put a huge dent in your holiday budget though, if you aren’t careful.

To best protect yourself while shopping online, stick to retail websites you already know and trust. Avoid shopping through links on social media and email as they can take you to legitimate-looking sites that are actually fraudulent. If you do find a must-have gift on an unfamiliar site, do some investigative work before handing over your credit card number. Check the company out online, see if they have a social media following, and read customer reviews. You can even contact the business directly and call the Better Business Bureau for more information.

You will also want to ensure that when you sign up for new accounts that you use strong passwords that are unique to each site. You can use a password manager to help you keep track of new accounts. Be sure to use a complex set of lowercase and uppercase letters, numerals, and special characters when creating your passwords.

Be On Alert
Regardless of when you do your holiday shopping online, there are some precautions you should be taking. There is an easy acronym (ALERT) to help you shop smart and stay safer online:

• A– Activate two-factor authentication on all banking transactions. This means that you need to input a one-time password (OTP) which is sent by your bank (via SMS or email) to confirm the transaction. This provides an added level of security as anyone trying to use your cards would also have to have access to your mobile phone or email.
• L– Look for signs that the site you are shopping on is secure. Before you type your card details into a website, look for a small padlock symbol in the address bar and a web address beginning with https:// (the s stands for ‘secure’).
• E– Enter a web address yourself and don’t access it through links. Links in email messages, text, instant messages and pop-up ads can take you to websites that look legitimate but are not.
• R– Review all transactions, check your statements, and SMS notifications to ensure that all debits from your account are familiar. Use credit cards, not debit cards, for online shopping. Credit cards offer better fraud prevention and consumer protection.
• T– Treat your details with care. Don’t save your card details on your computer or in your browser. Be selective as to where you input your details, avoid shared devices, and always make sure your security software is up to date.

If You’re the Store
If your business allows people to shop, pay, or schedule appointments online, then it has a responsibility to protect client data at all times. This is especially true during the holidays when hackers are even more likely to attempt to swipe credit card data or personally identifiable information (PII). To ensure the privacy and protection of your clients, you will want to employ the CIA Triad:

• Confidentiality– Ensure the privacy of data so it can’t be accessed by unauthorized parties.
• Integrity– Ensure the accuracy of data in a manner that guarantees the data is reliable.
• Availability– Ensure data is available and cannot be destroyed either maliciously or accidentally.

This triad provides a structured approach to helping businesses appropriately store, transfer, and protect client data as well as their own. In order to do a thorough job of protecting vital, proprietary data, we need to consider data privacy from all angles and the CIA Triad allows us to do just that by encouraging us to think before we click, verify sources of information and requests, ensuring accuracy, and following data security policies.

Keep It Updated
Whether you are an individual or a business, ensure your devices from mobile phones and tablets to laptops and desktops are kept up-to-date. You don’t want to miss any security patches that address vulnerabilities that might make you an easier target for the bad guys. You also want to keep updated on the latest cyber threats, so you know what to watch for and protect yourself against.

Wi-Fi Wisdom
According to Cisco, experts estimate by 2020 there will be 432.5 million public Wi-Fi hotspots. While this relieves your data use when you’re out and about, cybercriminals love them because they can use such public networks to capture PII, credit card credentials, and other profitable data.

Avoid Email Scams
We have all seen them. Those incredible sales and deals that pique your shopping interest, especially during the holidays when we are looking for the perfect gift. Email security is particularly important during the holidays when email scams seem to multiply.

While it’s tempting to click away and open those emails, be careful. Those special offers can lead to computer viruses, malware, and much worse. Play it safe by deleting emails from unknown sources. If you don’t know the company or person sending you an email, simply trash it and definitely don’t open any attachments from unfamiliar businesses or individuals.

Extra Safety Tips for Holiday Shopping, Sharing, and Selling
Here are a few other professional tips to keep your data safer this holiday season:

• You are likely to find yourself in more crowds this time of year. Be careful not to discuss sensitive personal information or business in places such as stores, at parties, or on public transportation.
• Lock your computer screen whenever you walk away from your desk during the workday. When you leave for the evening, log out and shut your computer off as most companies run updates and security scans in off-business hours.
• Don’t disclose sensitive personal or business information on social media.
• Be sure to pick up printed documents immediately from the office printer and clear your desk before leaving it. Don’t leave papers lingering as data can fall into the wrong hands.

Get even more smart security tips online with the Pause, Think and Act security awareness video. You can also contact Oram at any time for extra assistance with ensuring a safe, smart, and successful holiday season for your business. Visit us online or call us now at (617) 933-5060.

October is National Cyber Security Awareness Month

October 9, 2018 by securewebsite

A look at cyber awareness and tips for protecting yourself online

Whether you are turning on the television, checking the daily newsfeed online, or reading a magazine, you’re sure to hear about the breach of a major business such as Yahoo, a data leak by the government, or hackers attacking a local school. Over the last two decades, cybersecurity has been legislated to protect consumers, businesses, and the government alike. There’s a need for greater awareness of cyber security and how people can best protect themselves and their businesses. That is the purpose behind National Cyber Security Awareness Month (NCSAM) which has been celebrated every October for the last 15 years.

The History of NCSAM
Developed as a collaborative effort between industry and the U.S. government, the purpose of NCSAM is to ensure every American has the necessary resources to stay safer and more secure online as well as advance awareness of the threats we all face when we log on. Launched in 2003, NCSAM was conceived by the U.S. Department of Homeland Security and the National Cyber Security Alliance.

According to the National Cyber Security Alliance, the goal was to reach as many people and businesses as possible to educate them about cybersecurity. The target audience consists of consumers, small and medium-sized business, corporations, educational institutions and young people across the country.

STOP. THINK. CONNECT.
This year marks the 8^th anniversary of the STOP. THINK. CONNECT.™ campaign used during NCSAM which offers tips and advice for everyone from the daily internet user to business owners.

The message to consumers of every age is clear. We are all warned to stop and think before connecting which means doing things to protect ourselves before we get online. We are warned to “Keep a Clean Machine,” “Protect Your Personal Information,” and “Connect with Care.” But what does all of this really mean?

Keep a Clean Machine
All of your internet-connected devices should be kept free of malware and other infections such as viruses as they can interrupt your connectivity at home and at work as well as spread to others. A dirty machine can also threaten your safety and the safety of others online. This is especially true when it comes to malware that connects your devices to botnets, which are networks of computers controlled by cybercriminals that can steal your information and make money from it.

There are several things you can do to keep a clean machine including:

Use the Latest Software– Ensure you have the newest security software, web browser and operating systems to offer the best defense against known viruses, malware, and other threats.
Automate Updates– Most software programs automatically update to defend against threats. Keep auto updates turned on and turn your computer off each night so updates will occur when you reboot.
Protect Every Device– In addition to computers, be sure to turn on auto updates for all devices including smartphones, laptops, and tablets.
Plug & Scan– External devices such as USBs can harbor viruses and malware. Use security to scan them before using.
Get Rid of Garbage– Delete links, emails, tweets, posts, etc. that look suspicious. These are ways cybercriminals compromise your computer. If it’s not from a trusted source, trash it. Don’t open it.
Hot Spot Smarts– Limit the business you conduct when away from your home or office. Be sure to adjust the security settings on your device to limit who can access it.
Act Fast– If you think your machine is infected, get help fast to remove viruses and malware before they can spread or cause more damage.

Protect Your Personal Information
Each one of us has the responsibility of protecting our personally identifiable information (PII) online. If your personal information ends up in the wrong hands, there could be serious consequences from a breach in your social media or theft from your business to your identity being stolen and your bank account being wiped out.

While you may have worked hard to protect that information, all of us must still assume our personal information has been leaked because hacks happen all of the time. Here are some tips for protecting your PII online from the New York Times:

Use Different Passwords– Across multiple sites from Facebook to your bank account, NEVER use the same password in more than one place. Doing this allows a hacker that gets your password in one place to use it in another. Password managers such as 1Password or LastPass can help you keep track of them all.
Never Your Social- Never use your social security number as a username or password. This is especially true in the face of the recent Equifax breach.
Be Suspicious- Treat everything online with an abundance of suspicion. Hackers send emails, notices, letters, etc. posing as people you know and businesses you solicit to gain information. Contact a business or individual requesting PII online by calling them directly before deleting the email as they may need it to press charges or stop the cybercriminal from targeting others.
Use Stronger Passwords- Sites such as LastPass can help you create unique passwords for each site you visit and save them for you in a protected database. If you create your own, be sure to use uppercase and lowercase letters, numerals, and special characters in each password.
Employ Extra Security- Passwords are not enough. If a site allows you to use secondary or two-factor authentication, enable those features. When you enter your password, you will receive a message with a one-time login code to allow you to finish logging in.

Connect with Care
Many web users are very quick to click whether it be on an email, a link, or an attachment. Slow down and take time to examine what it is you are about to click before you do so. Ensure you know who an email is from before opening it. If you don’t know the sender or aren’t expecting an email, delete it without opening it.

If you receive an email from a person or business you know and the email address looks familiar, feel free to open it. Once open, look at the email itself. Does it sound like it’s from the sender or does it seem odd? If the English is suddenly broken, the business logo is not right or is missing, or something else is off about the email, do not click on any links or attachments. Contact the person or business directly to see if they have sent you something via email.

Use care when connecting to public Wi-Fi. This is especially true if you are conducting business such as banking or shopping online. Use only trusted secure connections when using portable devices outside of the home or office.

Be Web Wise
Personal information about anyone is now easy to find online. This is especially true with the advent and use of social media. That means we all have to be wise when it comes to using the web. The first thing you should know is how your information gets online. Here are some ways you may inadvertently be sharing your personal information:

Posting on social media
“Checking in” through social location sites such as Foursquare
Commenting on blogs or shopping sites
Creating online wish lists online at sites like Amazon or Pinterest
Sharing videos or photos online
Using online games
Giving location data when uploading photos online

If you are on social media, check to see if you can change your privacy settings to limit what others can see about you or who has access to your information. Be sure to read the privacy policy of any company before sharing your information with them to ensure they don’t sell it to third parties. You’ll also want to ensure that your data is backed up at home and at the office in the event of ransomware, other cyber attacks, or even a computer shutdown.

Be a Good Online Citizen
Being a good online citizen involves employing the Golden Rule of treating others online the way you would like to be treated and using common sense. Don’t visit unsecured sites and don’t forward emails from unknown sources to others.

Be aware of how the action of one person can damage an entire online community. For example, one employee surfing unsecured sites through your business network can open the door for malware, viruses, and cybercriminals. Have common expectations in your home and office about what is an acceptable use of the network and what types of sites should be avoided.

Report cybercrime and breaches immediately. These should be reported not only to your internal technology personnel but to law enforcement as well. By reporting such issues, you are helping others avoid becoming victims, too, and stopping cybercriminals in their tracks.

Own Your Online Presence
This means safeguarding your own personal information and activity. For example, data should be treated like money. It should be protected. This means everything from your birthdate and personal address to the names of your children and pets which are often used as passwords. It can be easy for a hacker to get into your accounts with such personal information floating around on the web.

Be careful about who you share information with. For example, you may get “friend” requests from people you don’t know on social media. Simply delete the request. This is not being rude, it’s being prudent. Also, don’t send login information via email. Email can easily be hacked without the proper, updated security in place. If you get a request for information from a business online, call them to see if the request was really from them and provide any data they may need that way.

Lock Down Your Login
One of the main points of the STOP. THINK. CONNECT.™ campaign is to Lock Down Your Login. There are several ways you can ensure your login information stays secure. Here are six tips to get you there:

Protect accounts with strong authentication
Keep security software updated
Avoid phishing by thinking before clicking
Use unique passwords for every site
Protect your mobile devices
Employ trusted security tools

Our Responsibility
Staying safe online and protecting those we are connected with is everyone’s responsibility. Because the world has become so digital, we are more interconnected than ever before. From our desktops to our tablets, phones to laptops, we find ourselves working, playing, learning, and living online. That means all of us has a responsibility to try to stay as safe as possible by adhering to the advice of cyber experts.

National Cyber Security Awareness Month is a chance for us all to become more aware of the threats we face online and ways to protect ourselves and others. For more information, safety tips, and ways to get involved in NCSAM, visit the National Cyber Security Alliance online or contact Oram at (617) 933-5060.