Posts Tagged ‘Hackers’
Monday, March 28th, 2016
By Dennis Powell, e-Management
Experts say cybersecurity is 90% YOU and only 10% technology. What are you doing to protect yourself from hackers?
Newsflash! There is no privacy on the Internet. I repeat: There is NO privacy on the Internet. Anyone with a web browser can see everything anyone has ever posted online! That’s according to the e‑Management Chief Information Officer (CIO) team (and numerous other cyber experts). Cyber experts say online security is 90% user and 10% technology. I know it sounds like a lot of responsibility. But securing the things stored on your Internet-enabled devices that are important to you (e.g., finances, pictures, intellectual property, work products, family stories) may be easier than you think.
Clearly, you should invest in anti-virus and anti-malware software or services. But that’s just 10% (technology) of the solution. The other 90%, remember, is you. Here are a few simple considerations to help you protect yourself from hackers.
-
Keep work and home separate. We are not talking about a work-life balance here. Keep your work and personal devices separate. Hackers will sometimes target you to steal valuable information about work projects or sensitive customer or client information. Oftentimes, the easiest way to hack a nonprofit, business, or government agency is through the organizations’ staff. Avoid using your smartphone for dual purposes, such as accessing your corporate enterprise network and visiting sites to download apps/games on the same device. Still, it may be best if you talk to your company’s or agency’s information technology (IT) or cybersecurity team about BYOD (Bring-Your-Own-Device) policies and best practices before accessing work products from home or downloading personal-use entertainment on business devices.
-
Be mindful of online phishing and social engineering scams. You’re only human. And that’s what hackers are counting on. They prey on admirable qualities in people, including being helpful and trusting of others. Clever and “social” hackers employ tactics such as having chats with you while claiming to be someone you would normally trust. In reality, their intentions are nefarious—potentially tricking you into giving away clues and facts to obtain sensitive information. Similarly, phishing scam artists carefully craft e-mails and posts on social media sites like Twitter and Facebook. The phishing goal is to get you to click on links that launch malware, which downloads to your device and essentially gives hackers free range to your sensitive information and privacy. To protect yourself, never respond to online requests for personally identifiable information such as your full social security number. In addition, do not complete forms within the body of an e-mail message. And, avoid clicking on the links of sensational posts on social media sites.
-
Avoid tricks that will hold your computer ransom. It’s true. Hackers have an arsenal of malware to infect your computer. Even your cloud files can be destroyed if you’re a victim to ransomware. That’s malware that holds your files hostage and demands payment for you to re-gain access. (As if the anti-virus subscription you paid for was not expensive enough). Hackers have even gone one step further with the encrypted CryptoLocker, which made ransomware headlines last year. How do you get infected? According to a Symantec blog posting, it’s the old enticing e-mail that you just gottah open trick AND then the ransomware infection downloads. The good news is that there is protection for malware/ransomware through security products like Symantec. Also, the e-Management CIO team recommends daily backups of your data to avoid the pain and inconvenience of losing or paying for access to your files.
-
Get training. But before you sign up for a class, accept the fact that you are important enough to be a target for online predators. Next, take advantage of possible free training available to you. Several government agencies such as the Small Business Administration (SBA) offer free training. One best practice is continuous cybersecurity training. At e-Management, for example, we have a commitment to cybersecurity readiness. One of the first things our employees learn in the training is: There is the possibility that someone will deliberately or accidentally attempt to steal, damage, or misuse the data in our computer system(s).
Remember, online security is 90% user and 10% technology. By the way, if your company needs support figuring out where you may be at risk and what you can do to improve your level of readiness, do . We can help.
Knowledge is protection.
You get it. Cybercrime is on the rise and you have to do something to protect yourself from the cyber-crooks. The recently relaunched e-Management blog will focus on technology and cybersecurity, providing useful tips to help you navigate the ever-changing landscape of apps, policy, privacy protection, and consumer tech. So, (1) how do you protect yourself from hackers? (2) Does the organization you work for have clear guidelines around cybersecurity? (3) What are other consumer technology or cyber-focused topics you’d like for the e-Management blog team to tackle?
Tags: CryptoLocker, cybersecurity, Dennis Powell, Hackers, Ola Sage, Phishing, ransomware, social engineering, tech
Posted in Corporate, Information Security, Internet/Intranet, IT Infrastructure, Lifestyle, Social Media | 22 Comments »
Five-Finger Discount?
Tuesday, January 6th, 2015
By Dennis Powell, e-Management
More than 3 million smartphones were stolen in 2013 according to Consumer Reports. What are you doing to protect your mobile devices?
Check the Urban Dictionary and you’ll find the phrase “5-finger discount.” The term refers to how stealing requires only one hand or five fingers. Not protecting your smartphone (Windows Phone, iPhone, Android, Blackberry etc.) is essentially allowing cyber predators and real-life thugs to steal your personal information or even your identity. Well, we can all agree that’s not good for anyone. So, we’ve pulled together these…
Five Tips for Protecting Your Smartphone to Counter the 5-Finger Discount
-
Curb Your App-etite: Apps can be practical, useful, fun, and convenient. But apps from shady sources can open you and your phone up to enormous risks. Word of advice from the FCC Smartphone Security Checker is to install apps from “trusted sources” only and be sure to “research” before downloading to determine the legitimacy of the app and app maker. An inability to curb your “app-etite” can lead to malicious software, viruses, stolen information, or a non-functioning smartphone. You’ve been warned!
-
Install Anti-Virus Software: Apps, games, and other fun downloads are popular with most smartphones users. But it is also important to download at least one antivirus app for added protection. If you are an Android user, check out for reviews of security apps. If you’re an iPhone fan, Security Today has a great article, which lists apps designed to safeguard your favorite iPhone or tablet.
-
Make Sure Your Smartphone Opens for Only You: HealthIT.gov offers a few tips for protecting your smartphone. One tip seems like a no brainer: Securing your smartphone by using some method of authentication. Yet, Consumer Reports National Research Center’s 2014 Annual State of the Net Survey shows that only 36% of all smartphone owners use a password, personal identification number, or some other authentication processes to verify the mobile phone user’s identity. Authentication is a simple precaution which locks out potential offline and online threats by requesting a password or some other form of authentication. We strongly recommend it for protection!
-
Turn It Off: offers common sense tips for protecting your phone on its website. One that may surprise you is turning off your Wi-Fi and Bluetooth® when you aren’t using either. Sophisticated hackers can easily connect to your smartphone and steal sensitive information through these connections.
-
Insure It: The CTIA-The Wireless Association® recommends that smartphone users consider insuring their mobile devices. Many wireless providers offer affordable insurance plans directly or through a third party vendor. An insurance plan could mean a free replacement of your phone if it is loss or even damaged. Are you clueless when it comes to anything insurance? Well, check out Suzanne Kantra’s Techlicious about how to go about choosing the best plan for you.
More Tips…
There are certainly more than five ways to protect yourself from theft and cyber breaches. For instance, many smartphone users install tracking apps and software that disables phones when devices go missing. (1) What tips have worked for you in protecting your smartphone investment? (2) How easy is it for others to access your mobile phone? (3) What would you do if your smartphone suddenly disappeared?
Tags: apps, CTIA, CyberRx, cybersecurity, data breach, Dennis Powell, Digital Trends, , Hackers, Ola Sage, Security Today, smartphone, wireless
Posted in Information Security, Internet/Intranet, Lifestyle, Social Media | 27 Comments »
Can you be used as a pawn?
Tuesday, April 20th, 2010
By Douglas Pitcher, e-Management
Today, as the lines between home and work computing continue to blur, organizations need to be concerned with their employees’ security practices on their home wireless networks. The last thing you want is for a hacker to compromise an employee’s computer via an under-secured home wireless connection, and then quickly and efficiently travel down that handy remote user Virtual Private Network (VPN) tunnel straight into your business’s network. Not surprisingly, IT managers are now deploying training on wireless security, specifying wireless router hardware and/or configuration settings, and in some cases, providing firewall/VPN endpoint appliances (managed from the data center) for key employees’ in-home use. Educating employees on the secure use of wireless home networks can be as simple as reviewing the practices of “SAFE WIFI.”
 SSID Broadcasting “OFF”
Activate WPA2 encryption and authentication
Firewalls (and especially proxy-based firewalls) are best
Employ strong passwords
Web controls
Inactivate “automatically connect to non-preferred networks”
Filter MAC addresses “ON”
IPSec VPN as remote connection to the office
SSID broadcasting “OFF”
There is really no reason to broadcast your home wireless network SSID. Liken it to the risk you take when you put a sign outside your house with not only your last name, but the first names of all who live there. In providing your name and address, and given the ease by which criminals can obtain additional information about you on the Internet, you make a good identity theft target.
Activate WPA2 encryption & authentication
You have three standard choices for securing your wireless communications. They are, in order of increasing security: WEP, WPA, and WPA2. Also, of course, you could choose to not enable any of these, and then all it would take is someone with the right “tuner” to pick up your radio signal and “listen in” on all of your communications; or worse yet, to use your wireless signal to hack into your computer and other connected networks. WEP provides very little protection. On the other hand, WPA and WPA2 offer encryption for the initial negotiation as well as the later communication packets, with WPA2 offering stronger encryption. It is generally thought that this encryption is likely to be hacked at some point in the future, but for today’s home user, it’s a good security option for now.
Firewalls (and especially proxy-based firewalls) are best
More and more, we are seeing firewalls employed in home networks as an effective way to beef up security. Check to make sure that your wireless router has firewall capabilities, or better yet, add a firewall device in-line for better security. Looking to tighten the wrench one more turn for increased home network security? Then, your firewall should offer “proxy-technology” for true application layer security—a step above standard packet filtering.
Employ strong passwords
Today’s strong passwords are at least 13 characters, they use upper case, lower case, numbers and symbols; they use nonsense words, and have no direct connection to the user. An example of strong passwords would be:
“When U W1sh upon a St@r” or “Yr10Mth03ihtcts4us” (Year 2010 Month 03 i have to change the scheme 4 us)
Web controls
Today’s cyber attackers aren’t just adolescent pranksters. Hackers include organized crime; and it’s big business. Their tactics are sophisticated and they make special efforts to get victims to go to phony web sites that look real. Once there, they get you to enter personal information so that they can steal from you directly. Given today’s’ environment, it just makes sense to limit where you and family members visit on the Internet. Limiting Internet activity to known good areas will help you to achieve a secure home network.
Inactivate “automatically connect to non-preferred networks”
Another way that criminals can gain access to privileged information and then use it to hack into your wireless network is by setting up a rogue access point. In other words, they place an access point in range of your home and then try to get you to log on to the rogue AP. Usually, if they can reduce the signal of your wireless router enough, and you have “automatically connect to non-preferred networks” activated, then you will likely connect to the rogue without even knowing it. Therefore, to reduce threats from rogue access points, you need to inactivate this setting.
Filter MAC addresses “ON”
Another option you have is to set up your wireless router to only allow known computers to connect to the network. It is still possible to “spoof” a MAC address. So, this makes it so much harder for someone to hack into your wireless network. You get enough of these annoyances, and you are just too much trouble for the average hacker. That’s a good “problem” to have.
IPSec VPN as remote connection to the office
Why are hackers interested in your home wireless network? It depends. A few cyber crooks specialize in identity and consumer theft. Others are after bigger fish—namely, your employer. More and more employees are working from virtual or remote home offices and it is perceived that the remote network connection has more lax defenses than other network interfaces. Criminals see this is as an opportunity to penetrate the corporate network perimeter in order to reach a bigger payoff.
Did you know that entire botnet armies are set up to recruit until they find the right path into a target company? For this reason, your home network wireless security and your VPN connection to the network resources both contribute to a safe computing environment.
While there is no guarantee for 100 percent hacker-free security, the “SAFE WIFI” practices package some of the best security that is commonly available with today’s commercial products, to make your home wireless network a less attractive target for criminals. However, this is a rapidly changing environment, and you will want to keep the lines of communication open with reputable resources and your corporate IT manager so that you can enjoy the convenience of wireless communication in the home now and in the future.
Cyber Bad Guys vs. You
So, what steps are you taking to protect your home and office network from cyber bad guys? Have you been a target of hackers? If so, how did you resolve your issues? Do you have any questions for our cyber experts?
Tags: authentication, botnet, cyber attacks, Cyber security, datacenter, Douglas Pitcher, encryption, firewall, Hackers, hardware, infrastructure, IT security, network security, SSID, strong passwords, virtual private network, VPN, web controls, wifi, wireless
Posted in Corporate, Government, Information Security, Internet/Intranet, IT Infrastructure, Uncategorized | 14 Comments »
What’s So ‘Smart’ about the Smart Grid Anyway?
Thursday, January 21st, 2010
Satellite image shows the Northeast Blackout of 2003, which affected more than 55 million people in the USA and Canada. Will smart grid tech make blackouts a thing of the past?
by Dennis Powell, e-Management
By most accounts, the smart grid will be the best thing since Seinfeld ruled Thursday nights back in the 1990s. Okay, maybe not that good. But really, what’s so “smart” about that grid anyway? Well, it’s a modernized electricity delivery system, which uses two-way digital technology that can monitor, track, and control energy used by appliances and devices. The smart grid promises to save businesses, governments, and consumers money; reduce energy consumption; and be less susceptible to brownouts and blackouts. Sounds smart.
Even the sometimes hard-to-please environmentalists are on board with the smart grid. They say the smart grid will help reduce global carbon emissions, and integrate other forms of sustainable energy production. Unsurprisingly, President Obama also says the modernized electricity system is smart for America. His administration has led the way to at least $4.5 billion to help smart grid technology become a reality in the U.S.
But is the smart grid an intelligent solution for all of us? Are there any hidden threats that would leave us feeling like: “Is this really better than what we had?”
What about Those Smart Hackers?
Since the smart grid is a computerized system, this opens you, business, and government organizations to cyber attacks. A smart grid is supposed to make blackouts less likely, but some experts are saying not so fast. According to them, smart grid technology has vulnerabilities that must be addressed in order to protect us from terrorist plots. For instance, a savvy hacker or terrorist organization could hack into the grid and shut it down causing massive blackouts. The results of such an attack could be devastating, especially if they were accompanied by coordinated physical security threats. The cyber experts are recommending that before a smart grid is built, cyber security safeguards need to be put in place.
What about Smart Costs?
The smart grid price tag to consumers is another real concern under the modernized system. Case in point, a pilot payment program led by a Massachusetts utilities company recently came under fire when the energy provider proposed a pay-in-advance plan for nearly 800 low-income households. Another proposed plan would charge a premium beyond basic energy usage such as laundry, heating, and cooking needs. According to the utilities company, the rationale is to promote and introduce energy efficiencies to consumers. The fear from opponents, however, is that such plans could leave low-income households without energy if they were to run out of credits, and the proposed payment plans could even circumvent state laws designed to protect consumers from being left in the dark because of slow payment or lack of payment. Nevertheless promoters across the U.S. of pay-in-advance programs cite that consumers actually use less energy than others who have traditional plans. Still, there is evidence that is only the case for more affluent users.
What about Smart Benefits?
Is it possible the sheer benefits of the smart grid outweigh the concerns of some its detractors? In addition to cool things to come from the smart grid discussed earlier, proponents say consumers will use less energy because the technology promotes consumer choice and greater efficiencies. Arguably, consumers currently use more energy than they need. In contrast, the smart grid may give the consumer more awareness of their total consumption in real-time, which may lead to “smarter” energy usage. Since power outages are theoretically less likely under a smart grid system, low-income consumers and others who are especially vulnerable if there is a loss of power can sleep easier at night during extreme weather conditions.
According to a 2006 study by the Ernest Orlando Lawrence Berkley National Laboratory, power outrages costs the U.S. $80 billion every year. So there is also an obvious financial benefit for business and government organizations that must deploy resources under duress to deal with power failure, and its immediate fallout (e.g., public health issues, national security issues, downtime of financial systems, additional pay for overtime).
Another “cool” benefit, which may resonate with consumers, is that the smart grid really is “smart.” During times when there is less demand for energy, the grid could automatically activate a home heating system. Likewise, at peak hours, the smart grid could turn off less essential appliances or devices such as an mp3 charging deck or lamps.
Is There a Smart Future?
Clearly, there are a few people who have some reservations regarding smart grid technology, and others who are all for it. If the modernized grid is to be successful, industry and government must plan ahead to address issues of cyber security safety as well as to ensure scalable systems. Additionally, legislative bodies may have to reconsider pricing and payment enforcement practices that safeguard consumers from big utilities, and if necessary enact laws to protect the mutual interests of users and providers.
Looking Forward to Your Smart Comments…
We want to hear from you. Smart grid: cool idea or just plain dumb? Is implementing smart grid technology worthwhile? Are we rushing into it? Once in place, how do you think pricing will play out for consumers? Will cost savings realized by electricity companies trickle down to you? Will our government organizations be ready for cyber terrorists’ plots to take advantage of the network vulnerabilities of the modernized grid?
Tags: appliances, ARRA, blackout, carbon emissions, consumers, Cyber security, electricity, Energy, ENERGY STAR, Going green, Government, Government Spending, green IT, Hackers, national security, power, smart grid, sustainability, technology, terrorists
Posted in Corporate, Economy, Energy, Government, Green Computing, IT Infrastructure, IT Strategy & Management, The American Recovery and Reinvestment Act (ARRA), Uncategorized | 10 Comments »
The Department of Homeland Security Would Like to Add You as a Friend? How Weird is That?
Tuesday, June 2nd, 2009
by Dennis Powell, e-Management
Social networking sites attract hundreds of millions unique visits per month according to Internet media tracker comScore. Among the most popular is Facebook. The site started out as a place for college students to connect with other computer science majors at Harvard University. Today, it seems like everyone is embracing the site from your little nephew Billy to grandma Davis. Facebook mania is everywhere.
Much to the chagrin of rival site MySpace and their loyal fan base, Facebook is quickly becoming the preferred social network site in the USA. In fact, Facebook has over 200 million users worldwide. What’s more, Facebook’s membership eclipses the populations of Brazil, Pakistan, Nigeria, Russia, and Japan. Okay, you get the picture. Facebook is an online hit. So guess who has jumped on the Facebook band wagon? You guessed it, your friendly neighborhood government agency.
Why has government embraced 3rd party social networking technologies?
Depending on who you asked, there is certain to be a different answer. But for the sake of argument, government officials might say they are adopting Facebook and other social media sites to:
- Become more accountable and transparent as directed by the new Obama Administration
- Encourage more engagement with government agents, elected officials, etc., for the purpose of alerting you to new policy, public health information as well as a myriad of other issues and activities
- Save money by taking advantage of technology already in place and tested to connect with diverse audiences
- Take advantage of tens of millions of other Americans who are already using the cutting-edge technologies of Facebook and other social networking sites, which make “marketing” and information dissemination seamless
Let’s face it, social networking sites are cool and government has a serious image problem. Federal agencies are often seen as the enemy, wasteful, slow to act, etc. Perhaps social media agreements with the “Feds” are a step in the right direction for government agencies looking to transform their image into something more likeable, relatable, and yes “awesome.”
So is government adoption of Facebook and other social media sites risky?
Absolutely. And here’s why according to some of the biggest critics of government/3rd party social networking technologies agreements.
- Social networking sites are hot-beds for phishing scams. Will government be liable for cyber attacks against citizens who are a part of its network?
- Facebook, for instance, has in the past been infiltrated by hackers who have been able to steal personal information including e-mail, date of birth and passwords—information that in the wrong hands could results in fraud or identity theft.
- Information provided on social networking sites might have to be captured and retained as “.” Do “friends” of government agencies constitute official records?
- Personal Use vs. Official Use: Will the public know that a private citizen who works for the government (and has a social networking presence) is different from an official government agent acting on behalf of an agency?
Mitigating the Risks around Government Adoption of 3rd Party Social Networking Technologies
Some government agencies have taken steps to mitigate their risks. Leading the charge to the social networking gold rush is the General Services Administration (GSA). Over the past year, GSA has announced agreements with the two leading online social networks Facebook and MySpace as well as YouTube, blip.tv, and Slideshare, among others. According to the service agreements, federal employees apparently will be able to use many of the features of these popular social networking sites and stay within compliance of statutes and laws.
The GSA agreements with social networking providers make it easy for other agencies to quickly deploy public outreach efforts with these popular technologies. Since GSA’s agreement at least deals with risks particular to government agencies such as liability, freedom of information act (FOIA), active policy, promotions, and endorsements, adoption of social networking technologies may be less of a big deal than some are making it out to be. On the other hand, some critics have said that if the government wants to get into the social media “business,” it should build its own ultra-secure technology.
Online Social Media for Government: Friend or Foe?
So, what’s your take on the new marriage between government and 3rd party social networking sites such as Facebook? Do you think it is a good idea? What extra steps must government take to ensure successful implementation of online social media tools? Is it conceivable that enemies of the state could use these sites to launch cyber attacks? Should the government abandon 3rd party social networking technologies altogether?
Everyone is invited to discuss this topic. Be sure to check earlier blog threads as well as our recent Webinars.
Tags: Accountability, continuous risk management, Cyber security, , federal, Federal government, Government, GSA, Hackers, MySpace, Phishing, Records, Social Media, Social networking, Transparency, YouTube
Posted in Government, Risk Management, Social Media | 16 Comments »
|
|
