Entries in hacking (10)
(via ABC-13 News)
Look at this alarming report on hackers and their interest in sneaking into computers and viewing webcams. It's a definite possibility, and a real worry as webcams become ubiquitous. It's even possible to hack into a webcam without the user ever knowing. It is a real concern, and something we should all be thinking about.
According to the Privacy Rights Clearinghouse, more than 19 million records have been involved in a data breach so far this year. Protection of data requires multiple layers of defense, and the use of encryption to secure sensitive data is a critical tool in this multi-layered approach.
Encryption scrambles a message or file so only the sender and the authorized individual with the decryption key can decode it. Encryption solutions generally encompass two types: hardware and software. Examples of hardware encryption include a pre-encrypted USB device or hard drive; software encryption consists of a program installed on a machine that encrypts some or all of the data on the system.
A bug recently found in Oracle's Java software, which is installed on many machines, that may allow a hacker to obtain unauthorized access to your machine. It is important that everyone update their Java software (and ensure that all your other software is updated as well!).
How many times do you access your bank account online? How many email addresses do you own? Do you play online video games? How many social networking sites do you access?
These questions are all factors in determining your exposure to identity theft.
According to the Federal Trade Commission, it takes people an average of six months and 200 hours to recover from identity theft.
So how do you know if you're at risk?
You can start by using the Online Identity Risk Calculator.
We partnered with our friends and NCSA Board Member Company EMC2/RSA to bring you the Online Identity Risk Calculator.
The Online Identity Risk Calculator is game that allows people to find their personal identity risk score and get practical tips on keeping their online identity protected.
Players answer 10 questions to discover how their online activities – from banking to shopping to social networking – can potentially make them more vulnerable to identity theft and fraud.
When you’re done playing, make sure to check out the “Helpful Hints” section, where you’ll find STOP. THINK. CONNECT. tips and advice and links to other helpful websites.
We think the Online Identity Risk Calculator is fantastic, interactive way to learn how you can protect yourself and your family from identity theft.
For more ways to stay safe online, visit http://staysafeonline.org/stay-safe-online/protect-your-personal-information/id-theft-and-fraud.
Mat Honan is a senior reporter at the technology blog Gizmodo. Last weekend, Mat experienced just how easy it is for anyone to be hacked, but not in the way we generally think. Because of lax policies from the technical support at companies he frequented, a hacker was able to seize control of one account of his after another, causing havok for Mat. By the end of it all, his iPhone and Macbook had been remotely wiped, his Twitter account had been seized, and his e-mail would not longer let him in. He writes in Wired:
In the space of one hour, my entire digital life was destroyed... Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
This kind of incident details how important computer security is and how easily it can slip away from you. There is a detailed video podcast detailing the hack on Security Now, a weekly show on the TWiT network of technology-related shows. Here is that video in its entirity:
Most workplaces have cyber security policies, processes, and technologies. You can create a more cyber-secure environment at home by implementing similar strategies.
At home, determine:
- A central location for your computer so you can monitor your children's activities online.
- Whether you allow access to certain sites. You may choose to use parental control settings to block access to inappropriate sites.
- Acceptable online behavior and expectations. Clearly explain the rules and expectations regarding online behavior. Include issues such as cyber bullying, keeping personal information private (not posting it online), and treating people met online as the strangers that they are.
- Your monitoring strategy. How will you assure your family complies with your "Acceptable Use Policy?" You may choose to monitor your family's online activities, and let them know their activity is being monitored.
To create a more cyber-secure enviornment at home, implement and maintain the following processes:
- Develop strong passwords and change them every 60 to 90 days. Passwords should be changed periodically to reduce the risk of disclosure. The more critical the account, such as banking or e-mail, the more frequently the password should be changed. Use a minimum of eight characters with a combination of upper and lower case letters, numbers and special characters. Have different passwords for each account for which you provide personal information. Do not re-use work passwords for any personal accounts.
- Backup your information. Determine what needs to be saved, how frequently it needs to be saved, how to perform the backups, how to save the backups so you can restore information when needed, and to test the backups to make sure they work properly.
Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities, and other public places are convenient, but they’re often not secure. When using a hotspot, it’s best to send information only to websites that are fully encrypted.
You can be confident a hotspot is secure only if it asks you to provide a WPA password. If you're not sure, treat the network as if it were unsecured. Here's what you should do.
By Lesley Fair
What’s in your file cabinet right now? Tax records? Payroll information? And what’s on your computer system? Financial data from your suppliers? Credit card numbers from your customers? To a busy marketer, those documents are an everyday part of doing business. But in the hands of an identity thief, they’re tools for draining bank accounts, opening bogus lines of credit, and going on the shopping spree of a lifetime — at the expense of your company, your employees, and the customers who trust you.
Sophisticated hack attacks make the headlines, but many security breaches could be prevented by commonsense measures that cost companies next to nothing. That’s why the Federal Trade Commission (FTC) has publishedProtecting Personal Information: A Guide for Business, a plain-language handbook with practical tips on securing sensitive data. The specifics depend on the size of your company and the kind of information you have, but the basic principles remain the same. Whether you work for a multinational powerhouse with branches around the world or a start-up based in a home office, a sound information security plan is built on these five key practices:
- Take stock. Know what personal information you have in your files and on your computer. Understand how personal information moves into, through, and out of your business and who has access — or could have access to it.
- Scale down. Keep only what you need for your business. That old business practice of holding on to every scrap of paper is “so 20th century.” These days, if you don’t have a legitimate business reason to have sensitive information in your files or on your computer, don’t keep it.
- Lock it. Protect the information you keep. Be cognizant of physical security, electronic security, employee training, and the practices of your contractors and affiliates.
- Pitch it. Properly dispose of what you no longer need. Make sure papers containing personal information are shredded, burned, or pulverized so they can’t be reconstructed by an identity thief.
- Plan ahead. Draft a plan to respond to security incidents. Designate a senior member of your team to create an action plan before a breach happens.
Get your copy of Protecting Personal Information: A Guide for Business at business.ftc.gov. While you’re there, download copies for your IT manager, your human resources department, your sales staff, and anyone else who comes in contact with customer or employee information.
Lesley Fair is an attorney in the FTC’s Bureau of Consumer Protection who specializes in business compliance.
Facebook worked with the National Cyber Security Alliance, the Anti-Phishing Working Group, and the Stop. Think. Connect. public awareness campaign on this security quiz.
Do your part by taking the quiz and testing your knowledge. Once you're done, post a badge to your Wall and share tips with your friends so they can be more secure as well.
This is a wonderful opportunity to see what you know. Spread the word about cyber security to all your Facebook friends!
Here is a clip from CNBC discussing cyber security and the new level of sophistication needed to projtect companies from hack attacks, with Joe Sullivan, Facebook chief security officer.