Why Encryption?

For some inexplicable reason I like to carry a usb drive on my key chain chocked full of tools that may be needed and at a moment’s notice. Resulting in the predictable loss of a drive every several months or so. Years back this used to cause me almost unbearable angst. What log files or other data did I have on that drive and who would have access to my coveted technology secrets? I have been saved however from an early grave by implementing a couple fundamental security practices.

The first, and most obvious, is to make certain anything on my precious usb drive is also on my desktop or cloud storage and a part of my backup strategy. Secondly, as a rule mobile data storage should be encrypted whenever possible. I would like to expand more on the later.

Any sensitive data stored on mobile devices such as flash drives, cell phones, tablets and laptops should be encrypted. This should be a particular point interest for employers in this world of BYOD (Bring Your Own Devices) to work. There are a multitude of methods to accomplish this. Vista and beyond professional additions of Windows come with “bitlocker”. Bitlocker gives you the ability to encrypt files and drives with industry standard encryption. If you don’t have the select versions of Windows there are a variety of freeware and pay products available for whatever flavor of your operating system. Lifehacker and GFI can provide some examples. As always, do your homework and see what meets your needs and budget.

Be safe. Get that good night sleep even when that usb drive wonders off.

Posted in Uncategorized

Personal Identifiable Information – Nevada Law

Many small business are not aware of their responsibility or liability when it comes to securing and handling PI (personal information). It would be a good idea in this world of “cybercrime” to become familiar how this impacts you as a business owner. The data breach law in Nevada is NRS 603A “Security Of Personal Information”.

The current law was amended (AB 179) in May of 2015 and went into effect July 1st, 2015. The amendment added the following items as PI when unencrypted and combined with a person’s first name or first initial and last name.

-Driver authorization card numbers

-Medical identification or health insurance identification numbers

-User names, unique identifiers, or email addresses in combination with passwords, access codes, or security questions and answers permitting access to an online account

There are exemptions such as the last four digits of a social security number or “publicly available information”. A review of the bill and discussion of questions with a qualified legal representative would be prudent for business owners.

Posted in Uncategorized

Small Business Security Tips

The internet and cloud computing are powerful tools for small businesses. They enable the small business to stay on competitive footing with larger firms when comes to expanding markets and increasing efficiency. However, along with all the benefits of the web comes the highly publicized danger and inherent risk. Every small business owner should have a comprehensive cybersecurity strategy to protect their business, customers and data. The following are a few areas small business owners.

1. Employee Awareness
Employers and owners need to establish fundamental security policy. All the technology in the world will not help if the human factor is not accounted for. This policy should include but, not limited to password policy and acceptable internet use guidelines. The policy should have teeth and establish penalties violations. Rules and procedures should be in place for handling sensitive and “personally identifiable information”

2. Minimize Your Attack Surface/Protect Your Technology
Get rid of unnecessary software and only keep what is required to perform business task and maintain your devices. Whatever is remaining should be kept updates with the latest patches and fixes. Having the latest security software, web browser and operating system are a defense against viruses, malware and online threats. It is a good practice to run full scans weekly and after updates.

3. Lock Down Physical Access to Computers
Use of should be restricted to business activities. Prevent access or use of to authorized personnel. Each employee should have a separate user account, requiring strong passwords. Administrative privileges should on be given to trusted technical support and key personnel. Mobile devices such as laptops, should be locked up when not in use and data on these devices should be encrypted as they are easy targets for theft

Posted in Business Security

MALVERTISING ??

Posted in Uncategorized

There Is A Process

Business owners and users should be aware of just what the hacking process is to better prepare a defense.

Just as forensic investigations don’t happen as quickly is portrayed in popular CSI television series neither does hacking. There is a time consuming defined process to successful hacks. Although expressed in different terms the basic phases are the same. The methodology and phases will be covered in the next series of post.

The phases are reconnaissance, exploitation, privilege escalation, established persistence, data extraction and covering your tracks. Let’s take a closer look and initial phase and most critical phase, reconnaissance.

The reconnaissance phase can be broken down into two to sub categories. There is passive and active recon.

Passive reconnaissance is the phase that involves social engineering and collecting information by interacting with the target company. This could also include viewing company web pages and googling employees.

Active reconnaissance is when the hacker uses there technical skills and tools to actively probe target systems. More on that in the next installment.

Posted in Business Security, Personal Security

Sooo? Where Is That Spam Coming From?

Infographic: Most Spam Messages Originate in the US  | Statista
You will find more statistics at Statista

Posted in Uncategorized

Cyber Shopping Tips

Cyber Monday is just around the corner. Spending is expected to reach 3 billion dollars. You know with numbers like those the bad guys will be out in full force as well. Here are a few tips to keep in mind while scooping up those bargains.

-Beware of social media scams, especially Facebook. Scammers are using fake or hacked Facebook accounts to post links to shopping deals that don’t exist. Recently fake post offering free wine and cruises have been discovered.

-Go directly to store’s website instead of using search engines (Google, yahoo etc.) to look for deals. If you do find a deal doing a search, search again placing the exact name of the deal in quotes. That way you can find out if there are any warnings out there.

-Be extra cautious with pop-ups and those digital ads usually on the right side of web page. These could contain fake coupons or redirect you to malicious web sites.

-Delete Cyber Monday emails that contain attachments especially zip files. If you receive an email offering a deal go directly to the stores website instead of using the link in email.

-Look for the padlock in the address bar of your browser to ensure you are using a secure connection. This means the connection between you and the store is private. Also the web address should start with “https://” not http://

-Try to use Credit Cards instead of Debit Cards when possible as Debit Cards provide direct access to your bank account.

-Avoid using public wifi to shop(Starbucks and the like) These networks are not secure.

-Watch out for fake QRC codes . Although some contain addition product information and links to coupons others are printed by scammers and placed over the original.

-If a site starts asking for out of the ordinary information like society security numbers or security questions – Leave.

-As usual make sure your browser, operating system (Window and Apple), anti-virus and applications are all up to date.

NOTE. There are “ad-blocker” apps for Android, Apple and PC that can help filter through some of the clutter.

Posted in Personal Security, Tech Tips

Business Security Tips

Here are a few suggestions to help business protect their sensitive data.

1. When at all possible don’t store sensitive information on your own internal servers. Leave it to the professional. Reputable cloud services can invest a lot more money in protecting data then the typical small business owner.
2. One of the simplest however often overlooked security measures is using a quality anti-virus solution. Don’t settle for “freeware” or the cheapest product.
3. Use reputable payment processing services if you handle credit card transactions. It’s what they do. They have the infrastructure to more effectively protect financial data then the average small business.
4. Employee awareness is fundamental to protecting your business. The most technical and expensive security solutions drastically lose their effectiveness when employees and managers to do not follow fundamental security practices such as password management and email discipline.
5. Make use of the added security tools provided by cloud and software services. The few seconds it takes for two step verification can save lots of heartache downline.
6. Review your current security practices and polices regularly to make certain they work in an ever changing technical landscape. If you don’t have established policy and procedures, today is the time to start getting that in place.
7. Lastly, do your homework and research. There is an abundance of information available online for ways to better protect your business. If you don’t have the time have someone else in your company take care of it or outsource. Remember the saying “an ounce of prevention worth a pound of cure” saying.

Be Safe

Posted in Business Security

Data Breach Laws Nevada

Many small business are not aware of their responsibility or liability when it comes to securing and handling PI (personal information). It would be a good idea in this world of “cybercrime” to become familiar how this impacts you as a business owner. The data breach law in Nevada is NRS 603A “Security Of Personal Information”.

The current law was amended (AB 179) in May of 2015 and went into effect July 1st, 2015. The amendment added the following items as PI when unencrypted and combined with a person’s first name or first initial and last name.

-Driver authorization card numbers

-Medical identification or health insurance identification numbers

-User names, unique identifiers, or email addresses in combination with passwords, access codes, or security questions and answers permitting access to an online account

There are exemptions such as the last four digits of a social security number or “publicly available information”. A review of the bill and discussion of questions with a qualified legal representative would be prudent for business owners.

Posted in Business Security

Windows 10 Business Security

Posted in Business Security