9 Tips for Staying Secure Online – Infographic

May 1, 2012

This infographic by ReversePhoneLookup.org has some great data points – including the sobering stat that 16% of consumers who create passwords still use a person’s first name – but I especially like their 9 tips for staying secure online.

Check it out:

Online Security

Linda


Creating a secure password – Easy Instructions and Infographic

March 4, 2012

Creating passwords that are strong and memorable is easy – once you learn how – yet  it is probably the most frequently asked question I get. Whether you’re young, old, tech-savvy or a novice, everyone has to learn how to create strong passwords or run a very high risk of being hacked.

It’s a new year, so to help you start it off right; here are two resources for you:

The first is my blog Safe passwords don’t have to be hard to create; just hard to guess that walks you through the password creation process. The second is an infographic from Killer Infographics that explains the same concepts through images.

Safe passwords don’t have to be hard to create; just hard to guess

The prospect of changing an internet password or using multiple passwords panics so many people because you believe being safer requires memorizing multiple passwords like Wts4e-_79PBa13^_qnS.  Frankly, if I thought I’d have to memorize a dozen passwords like that I too would be anxious.

The result is that many people find the task so daunting that you still resort to using only one password even though you know it’s unsafe particularly if it is a simple one – if it gets compromised all of your Web information is compromised. Or you use several passwords, but they are all short simple words or include numbers that relate to your life they are still too easy to guess.  Or, if you made hard to remember passwords (probably because your business or a Web site forced you to) then you likely have a list of the passwords right next to your computer – even though you know this also compromises your safety.

There is nothing complicated about making strong yet memorable passwords

In fact it’s easy and can actually be fun – you just have to know how – and the payoff in increased safety is huge.

A few key aspects of a strong password are length; a mix of letters, numbers and symbols; and using no elements that ties to your own personal information.

Look at a few weak passwords:

  • Password – The word “Password” is the most commonly used password and it is pathetically weak – as are ‘default’ and ‘blank’. These are simple words and easily guessed or broken with a dictionary assault on the password.
  • Smith1968 – Though this uses 9 characters and includes letters and numbers, names that are associated with you or your family, or uses other identifying information such as birth year, are easily hacked.
  • F1avoR – Though it mixes up capitols and numbers, it is too short and substituting the number 1 for the letter l is easy to guess.

Look how easy it is to create strong password:

Use a phrase:

  • 2BorNot2B_ThatIsThe? (To be or not to be, that is the question)
  • 2_4_6_8WhoDoYouAppreciate? (from the children’s chant)
  • L8r_L8rNot2day,AllTheLazyPeopleSay (Later, later, not today, all the lazy people say

Incorporate shortcut codes or acronyms:

  • CSThnknAU2day (Can’t Stop Thinking About You today)
  • MyWork@MSFTisOver (My work at Microsoft is over)

Play with your keyboard – you don’t have to    think of it just as the numbers you see, it can also be a canvas to draw on.

  • Make a letter of the alphabet – This W is actually 1qazdrfvgy7, but it’s a lot easier to remember!
  • Or start at one point and make a circle – or smiley face. The circle is 76tgbnm,lo98. The smiley face adds ui (the eyes) and hjk for the smile.

If you want additional information about creating safe passwords, check out:

Now you’re ready to create your own strong, long, mixed-character passwords that people will have a hard time guessing without you needing to break out in a sweat. Have fun and be Safer!

Linda


74% of Consumers Concerned about Security when Making Mobile Payments

October 4, 2011

New research by the Ponemon Institute paints a sobering picture of consumer concerns when conducting transactions via a mobile device.  In addition to the 74% who are concerned about their online security when making mobile payments, 72% were worried about becoming the victim of online fraud.

Other findings:

  • Of those polled, 29% said they used their phones to engage in mobile banking, while 67% believe they are either completely or partially protected when engaged in mobile banking.
  • 51% use mobile transactions for the convenience it offers, and 25% do so because they believe it provides increased security.

The research concludes that consumers attitude regarding their security in online transactions more to do with how active they are online – the more frequently they make online transactions the safer they feel when doing so. Yet the researchers admonish companies that they are not off the hook; noting that the best way to increase consumer confidence is to increase company spending and oversight on providing rigorous security.

6 things you can do to be safer when transacting online:

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.
    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use caution on public WiFi hotspots. Do not log onto sensitive sites (banking, shopping…) from an unsecured connection.  When using a public computer, uncheck the box for remembering your information.
  3. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  4. Watch your surroundings. Pay attention to who is around you so that they do not see you type your passwords, credit card numbers, PIN’s, etc., or read sensitive information you may be sharing.
  5. Put a credit freeze on your accounts. Block ID thieves from opening new accounts under your name by freezing or blocking access to your credit files. Learn more about creating a credit freeze here.
  6. Check your credit reports. Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies: Experian – http://www.experian.com/consumer-products/triple-advantage.html, Equifax – http://www.econsumer.equifax.com, TransUnion – http://www.truecredit.com/?cb=TransUnion&loc=2091
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.

Linda


Commtouch’s Internet Threats Q2 Trend Report Another Sobering Read

July 22, 2011

Bad news always outweighs the good when talking about online security, and a new report from Commtouch just underscores this point.

The good news is that spam volumes are down nearly 30%, to a measly 113 billion a day, thanks to the takedown of the Rustock botnet.

That includes a downturn in pharmacy spam though this category still represents 24% of all spam.

The bad news on the spam front is that spammers are now using compromised email accounts – so expect more spam coming from friends and family’s accounts.

Additionally, the report found that zombie activity skyrocketed with an average turnover of 377,000 new zombies per day targeted at sending malware and spam. This represents a 68% increase over zombie volumes in the first quarter of the year. India remains the top zombie producing country now hosting 17% of the global population, followed by Brazil and Vietnam.

Whether or not you think of pornography as ‘dirty’ the websites hosting porn really are dirty. Pornography and sexually explicit content sites rank highest in the most-likely-to-contain-malware contest, followed by parked domains and portals.

Education websites interestingly enough come in fourth place for categories infected with malware ahead of entertainment and business. This may be because scammers are smart enough to suspect users will be less cautious on educational sites, or the reason may be that educational sites aren’t very well protected and make easy targets.

The bottom line

Criminals continue to increase the number and creativity of their exploits; letting your guard down for even a moment increases the likelihood that you’ll be their next target.

Linda


Every 3 Seconds an Identity is Stolen – Don’t Be Next

June 5, 2011

Between careless clicks, falling for scams, and companies’ data breaches, your identity is under escalating threat as crooks find ever more ways to use your information.  In fact, the onslaught is so aggressive that a new Javelin Research 2010 Identity Fraud Survey calculated that a new identity is stolen every 3 seconds.

You are worth a lot of money – even if your wallet is feeling the economic pinch.  It’s not just your financial identity criminals are after, they may also want to impersonate you, steal your medical identity, or go after the identity of your children.

The results of having your identity stolen can be devastating. The FTC’s website lists the following ways in which they are seeing ID thieves use consumers’ personal information:

  • They may call your credit card issuer to change the billing address on your credit card account. The imposter then runs up charges on your account. Because your bills are being sent to a different address, it may be some time before you realize there’s a problem.
  • They may open new credit card accounts in your name. When they use the credit cards and don’t pay the bills, the delinquent accounts are reported on your credit report.
  • They may establish phone or wireless service in your name.
  • They may open a bank account in your name and write bad checks on that account.
  • They may counterfeit checks or credit or debit cards, or authorize electronic transfers in your name, and drain your bank account.
  • They may file for bankruptcy under your name to avoid paying debts they’ve incurred under your name, or to avoid eviction.
  • They may buy a car by taking out an auto loan in your name.
  • They may get identification such as a driver’s license issued with their picture, in your name.
  • They may get a job or file fraudulent tax returns in your name.
  • They may give your name to the police during an arrest. If they don’t show up for their court date, a warrant for arrest is issued in your name.

In addition to these losses, you may have also your social security or other government benefits stolen, your reputation damaged, and your medical records hijacked.

The good news is that you can beat the odds of falling victim with a few basic preventative steps.

What this means to you

Here’s a 12 point checklist to get you started on the road to ID theft protection. If you want more detail, look to http://ilookbothways.com for straightforward practical advice on how to

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.

    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use caution on public WiFi hotspots. Do not log onto sensitive sites (banking, shopping…) from an unsecured connection.  When using a public computer, uncheck the box for remembering your information.
  3. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  4. Watch your surroundings. Pay attention to who is around you so that they do not see you type your passwords, credit card numbers, PIN’s, etc., or read sensitive information you may be sharing.
  5. Put a credit freeze on your accounts. Block ID thieves from opening new accounts under your name by freezing or blocking access to your credit files. Learn more about creating a credit freeze here.
  6. Discuss online safety with your family and friends.  Decide together how you will help protect each other’s identity online and set rules that reflect your choices. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here https://ilookbothways.com/?s=bcc.
  7. Be selective about who you interact with online and what information you make public.
    1. The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
    2. Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
  8. Pay attention to messaging risks.
    1. Think twice before you open attachments or click links in messages -even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to messages asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in messages, unless you are sure of the sender. Instead, use a search engine to find the website yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  9. Don’t trade personal information for “freebies.”   Online freebies come in two forms:
    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  10. Check your credit reports.  Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies: Experian – http://www.experian.com/consumer-products/triple-advantage.html, Equifax – http://www.econsumer.equifax.com, TransUnion – http://www.truecredit.com/?cb=TransUnion&loc=2091
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
  11. Trust your instincts.   Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  12. Shred sensitive documents. Do not just throw bank statements, bills, or other sensitive material in the garbage.

If your identity has been stolen or compromised, take action.

If your identity has been stolen or compromised, act immediately.

  1. Contact your credit card companies and financial institutions of all affected accounts. Monitor your accounts closely for any fraudulent charges or withdrawals and notify the companies immediately.  Check to ensure charges are removed from your account, and retain documents of the incidents.
  2. If your Social Security number has been compromised, contact the Social Security Administration Inspector General, they will determine if you need to get a new number.
  3. Alert the credit bureaus and request a fraud alert be placed on your accounts. This will require that companies call you before opening a line of credit.
  4. Report the incident to the police. You should be asked to fill out an identity theft report, and you’ll want to keep a copy of that report as you may need to show this to prove to creditors that your identity was indeed stolen.
  5. If the problem is large, consider hiring a service that helps restore your credit.
  6. Recognize the emotional impact ID theft may have on you.  Given the severity of an incident, and whether you knew the person who stole your identity or not, the emotional toll of dealing with ID theft can be high. Be sure to take care of yourself and to reach out to others for support if needed.

Additional Resources:

Linda


McAfee Threats Report: Second Quarter 2010

September 16, 2010

I am continuing my practice of sharing recent internet safety research pieces:

Excerpt

Study by McAfee:

This edition of the McAfee Threats Report examines the second quarter of 2010 and finds some very different results compared with previous quarters. Last quarter we saw a leveling off in some threat vectors while in others we saw some new developments. This quarter we find malware has resumed its usual rapid growth while the increase in spam has slowed. We see some very interesting geographical breakdowns for spam and botnets that we have not seen before. More threats have become specific and unique to those victims, both corporate and consumer, in different parts of the world.

This quarter we also see the global breakdown of malware to be quite different from that of previous quarters. From January to March we found the top malware to be the same around the world, a phenomenon we had not observed previously; but this quarter’s breakdown shows specific threats tend to plague specific regions. We look very closely at growth trends for fake-alert software, password stealing Trojans, social networking malware such as Koobface, as well as malware that abuses USB and other storage devices.

We examine event and keyword abuse through search engines as well as which vulnerabilities were most frequently exploited throughout the quarter. It should come as no surprise that events such as the FIFA World Cup in South Africa and incidents in the Middle East were highly abused by both cybercriminals and political hacktivists. Remember: the bad guys read the same news as we do. We report on web and network threats such as phishing and malicious website growth and see what parts of the world are engaging in the most SQL-injection attacks.

We finish with an overview of the quarter’s most interesting incidents in both cybercrime and hactivism. We hope you find this edition of the McAfee Threats Report instructive.

Click here to learn more: McAfee Threats Report: Second Quarter 2010

Linda