Cell Number Security

cyber-crime

Digital privacy goes hand-in-hand with digital security … and there’s an increasingly-used piece of information which you control which the bad guys are after … it’s your cell phone number. More and more they are being used by the bad guys as a way to personal information that’s kept by nearly all corporations, financial institutions, and, yes, social media networks.

Your cell phone number is a gateway to your identity. It provides an entrance to all the data contained on your phone, and can connect your other information to you – your email address, physical address—everything. In a company’s database, your phone number becomes another piece of personally identifying data. But unlike our Social Security numbers, the number is not regulated, and no companies are mandated to keep it private.

Mobile phone numbers them become a target for attackers. Most of us have gotten wise to phishing and email breaches. Now there is SMiShing (pronounced “smishing”) … the act of sending a text message containing questionable links to harmful websites. Once the bad guys get your credentials, they can log into your banking site as you. Then, we all know what can be done: Monies transferred. Checks written. Stocks sold.

Even seemingly innocuous requests like the one from a sales clerk can lead to trouble. The fact that they now have it means it could be hacked. Customer phone numbers have been stolen from Anthem, Citigroup, JPMorgan Chase, Walgreens, and Yahoo.  

What you can do: 

  1. Use common sense: If you’re asked for your phone number, ask why.
  2. Get a virtual phone number: Google Voice gives you a free phone number for calling, text messaging, and voicemail. It works on smartphones and computers, and syncs across your devices so you can use the app while on the go or at home. Check out https://voice.google.com
  3. Enable two-factor or multi-factor authentication on all your devices:
  4. Sign up for the “do not call” lists, which are helpful for run-of-the-mill solicitations.
  5. Choose which private data you are willing to share: Maybe an email address, zip code or just your name as a way to identify you. It’s worth asking about with the person asking for data.

Achievable Security

cyber-crime

Personal on-line security is obviously  needed, and I’m sure you’ve been meaning to clean up some things up for awhile. On a daily basis spamming, phishing, man-in-the-middle attacks, and ransom ware pose serious threats. Passwords continue to leak in rather large corporate breaches, and people own more and more devices that can be compromised. Do you sometimes feel like you’re tightrope walking without a net?

The overwhelming challenge of protecting yourself is only apparent, and is not reason to give up on security. It’s true that adding more internet security does require some work. Note the operational term here is “some”. It’s a relative word. So do it!

The first step is to check off the really simple tasks that only take a few minutes, noted in a prior blog post. Once you’ve got that baseline set, read on for the slightly more time-consuming tasks. Do one, do all … Do it for yourself, then generate some positive personal karma and do it for your relatives or a friend, too.

Set Up a Password Manager

The nice thing about setting up a password manager is that once you put in the time to get it up and running it will genuinely make your life easier beyond just improving your security. You won’t have to go through password resets all the time, risk being locked out of accounts after too many failed entry attempts, or need to stretch your brain with complicated password mnemonics. Everything will just be there behind one long and strong master password. Once you get going it easily becomes part of the daily routine, and you’ll eventually you’ll wake up one morning and realize that you’ve had your password manager for years. Promise!

Enable Two-Factor Authentication

This measure, which usually requires you to enter temporary codes sent to or generated on your phone along with your regular password, helps protect you from attack if your passwords fail. Not all services have two-factor authentication, and many that do call it by similar but confusing names. Setting it up for important accounts, though, provides another defense layer.

Make Backups

This is such an obviously great idea that the point will not be belabored here. Whether you’re storing backups locally on a hard drive or in the cloud, you can add an additional layer of protection by encrypting your data and password protecting it before doing the backup. With this in place your data has increased defense even if your cloud provider is hacked or your external hard drive is lost/stolen.

Know How to Use a VPN

Once you are connected to the internet, VPNs create an encrypted connection between your device and a secure server. With this connection in place you can browse and use the internet, protected from eavesdropping. All you need to do to use the VPN day to day is log in through a “VPN client,” an application or web portal. If you’re doing something sensitive or browsing on unprotected public Wi-Fi, like at a coffee shop, turning on your VPN helps ensure that the data you send and receive is encrypted and can’t be spied on.

Use End-to-End Encrypted Chat App

Apps with full end-to-end encryption are safe from prying eyes, whomever they may be. By convincing your friends and family to switch to chat apps like WhatsApp and Signal, you reduce the chance that your communications will be intercepted. As with password managers or anything else, there is never a guarantee of perfect security, but taking the step to use services that place a high priority on security is better than not doing it.

For the average person who’s just looking to make some positive changes, adding these five precautions to your digital life will make a significant difference in the quality of your defense, and your ability to recover from common attacks.

Watch a Google video: Does two-factor authentication protect me from hackers?

Steganography 101

images

Steganography is the practice of hiding secret messages in otherwise non-secret mediums. It has been used in various ways for years – writing Revolutionary War messages in invisible ink, as an example. In the digital world, even something as benign as an image may be stealthily encoded with information. As an example, the pixel values, brightness, and filter settings can be manipulated by a hacker using a secret code to embed a message.

Through this technique hackers are deceiving internet users and smuggling malicious payloads past security scanners and firewalls. Steganography’s goal is to hide the fact that the content exists at all by embedding it in something else. The hidden code can then be used in all sorts of malicious attacks.

Various reports indicate that steganography is being used more than ever … although it is possible that the good guys are just getting better at detecting it. Steganography is being detected not only in sophisticated hacks, but in the attacks of low-level cyber criminals as well: malvertising; phishing; and malware distribution. This may be in part to the sale of steganographic instructions, allowing the technique to trickle down to the bad guys who may not have thought of a particular attack.

For individuals and small businesses, the way to protect yourself from steganographic attacks is to continuously work on security overall. Whether a phishing or a malvertising attack incorporates steganography or not, it still requires you to click on a link or download a file. If you’re aware of these types of attacks, looking out for them, and securing your accounts with protections like two-factor authentication, you’ll reduce your risk and have defenses in place if you are attacked.

Overwhelming, isn’t it? The Network Division at 2-Way communications can help. We’ll provide you with the integrated Security Awareness Training and Simulated Phishing platform used by more than 8,000 customers nation-wide. Contact The Network Division for more information or to set an appointment today. Give them a call (603-431-6288) or send an email to NetworkSolutions@2-Way.biz.

New Ransomware in the wild

images

It should be obvious to all that hackers and cybercriminals are becoming more innovative and stealthy seemingly every day. New forms of cybercrime are regularly discovered, and, no surprise here, the cyber criminal’s techniques are more clandestine, coming with a myriad of attack vectors with low detection rates.
I read an article in The Hacker News regarding a new fileless ransomware with code injection ability. The article went into detail about the ransomware and how it infected enterprise servers and endpoints. The most important part of the article for me, though, was the section entitled “Ways to Protect Against Ransomware Attacks”. The entire article is here.
The three most important items on the list of to-dos for the SMB owner, or town admin organization were:

1. Keeping your system and network up-to-date.
2. Backing up your data regularly.
3. Adopting a cyber security-aware workforce.

If you haven’t gotten started on this yet, or have but feel you could protect yourself better with professional help, call the Network Division at 2-Way Communications Services (800-441-6288 x1746). Their remote manages services and security awareness training will help keep your organization’s network safe.

Digital Spring Cleaning

images

I recently had the chance to read “How To Spring Clean Your Digital Clutter To Protect Yourself” by LH Newman in WIRED. I thought the article was not only timely, but informative as well, and so worthwhile sharing.
The basic idea: Even though you may be following all the best practices to protect your digital self (strong, unique passwords; watchful for phishing attacks; using two-factor authentication) you can help yourself further by deleting “digital junk”. Here the author is referring to old email accounts, thumb drives tucked in a desk, a chock-full downloads folder. Any of these (and more) may be lost and/or stolen (hacked), exposing you to any number of risks.
The additional proactive steps you can take to protect yourself are to protect yourself are:

Review your physical devices – destroy old CDs, thumb drives, external hard drives, and any other device (an old PC, perhaps) that may contain personal information. Back up what you truly need, wipe the rest. On your current devices, delete old docs (credit card statement pdfs …) or back them up to a secure device and wipe it.

Review your applications – email (most of all). Delete the ones you no longer need, export the ones you have to save. Don’t forget old (Yahoo, Google) email accounts that are still out there. What is in the free storage you use … Box, Google Drive, Dropbox? Again, save what’s important, wipe the rest.

Cancel unused or duplicate accounts – How many applications do you have that are no longer used? Get rid of them. Before you do … close the account with the company. How many locations do you use to store images/videos/documents? Consolidate and clean up.

After you’re done with the Digital Spring Cleaning, stay proactive. Think twice about downloading an application you want, but don’t need. Back up what you must save, then delete before you move on. The more control you exercise over a digital footprint, the more secure you’ll be.
You can read the original article here.

 

Achievable Security Resolutions for the New Year

Personal on-line security is obviously  needed, and I’m sure you’ve been meaning to clean up some things up for awhile now. Given recent hacking history, 2017 is the year to make changes. Spamming, phishing, man-in-the-middle attacks, and ransom ware pose real daily threats. Passwords continue to leak in rather large corporate breaches,and people own more and more devices that can be compromised. Could be seen as a recipe for disaster, right?

The overwhelming challenge of protecting yourself is only apparent, and is not reason to give up on security altogether. There’s no disputing that adding more internet security does require some work. Note the operational tern here is “some”. So do it!

The first step is to check off the really simple tasks that only take a few minutes, noted in a prior blog post. Once you’ve got that baseline set read on for the slightly more time-consuming stuff. Do it for yourself, then generate some positive personal karma and do it for your relatives or a friend, too.

5 resolutions that are definitely doable, and doable right now, are:

Set Up a Password Manager

The nice thing about setting up a password manager is that once you put in the time to get it up and running it will genuinely make your life easier beyond just improving your security. You won’t have to go through password resets all the time, risk being locked out of accounts after too many failed entry attempts, or need to stretch your brain with complicated password mnemonics. Everything will just be there behind one long and strong master password. Once you get going it easily becomes part of the daily routine, and you’ll eventually you’ll wake up one morning and realize that you’ve had your password manager for years. Promise!

Enable Two-Factor Authentication

This measure, which usually requires you to enter temporary codes sent to or generated on your phone along with your regular password, helps protect you from attack if your passwords fail. Not all services have two-factor authentication, and many that do call it by similar but confusing names. Setting it up for important accounts, though, provides another defense layer.

Make Backups

This is such an obviously great idea that the point will not be belabored here. Whether you’re storing backups locally on a hard drive or in the cloud, you can add an additional layer of protection by encrypting your data and password protecting it before doing the backup. With this in place your data has increased defense even if your cloud provider is hacked or your external hard drive is lost/stolen.

Know How to Use a VPN

Once you are connected to the internet, VPNs create an encrypted connection between your device and a secure server. With this connection in place you can browse and use the internet, protected from eavesdropping. All you need to do to use the VPN day to day is log in through a “VPN client,” an application or web portal. If you’re doing something sensitive or browsing on unprotected public Wi-Fi, like at a coffee shop, turning on your VPN helps ensure that the data you send and receive is encrypted and can’t be spied on.

Use End-to-End Encrypted Chat App

Apps with full end-to-end encryption are safe from prying eyes, whomever they may be. By convincing your friends and family to switch to chat apps like WhatsApp and Signal, you reduce the chance that your communications will be intercepted. As with password managers or anything else, there is never a guarantee of perfect security, but taking the step to use services that place a high priority on security is better than not doing it.

For the average person who’s just looking to make some positive changes in 2017, adding these five precautions to your digital life will make a significant difference in the quality of your defense, and your ability to recover from common attacks.