KnowBe4 is a great business partner, focusing on end user security training to keep employees safe online. They have released a great video, just in time for the holiday shopping season. Watch this quick video for five simple tips to help keep you safe through the holidays and all year long.
Apple has acknowledged a flaw in the latest version of the Mac operating system, OSX, also known as High Sierra.. Simply put, if you did not set a “root” password when you setup your Mac, your computer may be vulnerable to hacker being able to take advantage of root account to perform malicious activity.
Apple has released a patch as of this morning and it is recommended that all users who have updated to the latest version of OSX apply this patch right away. Here is the link to Apple’s article on this issue:
If you are a Mac user, please apply this fix ASAP.
So Thanksgiving has come and gone, as has Small Business Saturday. Tomorrow is Cyber Monday. The deals keep coming and the enticement to shop online and retail is at its height for the year. So how do you ensure you shop safely? Here are a few recommendations, not just for the holiday season, but throughout the year.
When shopping retail, your largest risk is at checkout. Whether you are writing a check, using a debit or credit card, it’s important to know your risks and the technologies available to mitigate them. Checks are tough. Some people swear by them, others avoid them at all cost. I can’t remember the last time I wrote a check. Frank Abignale, the FBI security expert of “Catch Me If You Can” movie fame, never writes a check. He believes checks are the easiest transaction to forge and he would know. If you haven’t seen the movie about his story, you may want to watch it. His words carry the weight of experience and some hard lessons learned.
When it comes to debit and credit cards, Abignale recommends never using a debit card as it has direct access to your bank account. Instead, he advocates for using a credit card and paying it off every month. Now there’s the trick, paying it off every month. For many, this is easier said than done, but his point is well taken. Credit cards have consumer protections that safeguard you against fraudulent charges. Debit cards do not. Once the money is pulled from your bank account, it’s very difficult, if not impossible to recover.
Whichever type of card you use, be sure you use the chip feature and don’t swipe the card. Magnetic readers are easy to hack or replace with what’s called a skimmer. A skimmer reads the cards magnetic stripe, sends the payment information to a hacker while still passing the transaction through to the point of sale terminal where you swiped your card. It’s one of the most common forms of debit and credit card theft out there.
Several consumer advocacy and law enforcement agencies have warned of point of sale terminal hacking this holiday season. If a store you shop at has been hacked, even if their credit card machine itself has not been compromised, a hacker may still be able to grab your payment information. Chip technology safeguards against this by using on-chip encryption for your payment card data and each transaction done with the card. If a retailer is not accepting chip, tell them you have to shop elsewhere. There’s no reason not to and their credit card processors are charging them a higher fee for not using the chip.
, PayPal and similar payment services. Especially if all you have is a debit card, linking that card to these services will insert a layer of encryption and security to your transactions that the debit card alone cannot. These are more secure ways to pay and will help protect you, online and offline.
When shopping online, there is ample technology available to safeguard you. Be sure you take advantage of it. First and foremost, be sure you are only shopping at websites that have https and not just http. The “s” indicates the site is secured with secure socket layer encryption, or SSL. If a site is not SSL, everything you enter in to your browser is clearly available to anyone who may be intercepting your Internet traffic as it travels from your web browser to the site.
I also recommend not clicking on the millions of ads and links you receive in your email. Sophisticated hackers will impersonate legitimate companies and offers, in an effort to get you to click their link, which would bring you to a fake site, setup to steal your identity and payment data. Instead, just enter the site address in your browser and get to the site this way. Once on the site, search for the deal you are looking for. Chances are, if it’s a legitimate offer, you will be able to find it right from the website’s homepage.
A few other considerations for shopping safely online include using a VPN and privacy mode in your web browser. A Virtual Private Network connection to servers on the Internet masks your online activity for prying eyes. If you connect securely to a company network for work, chances are you may be doing so via a VPN. The same principal holds true for a VPN for Internet access. Think of the Internet as a four lane highway and think of a VPN as a tunnel that gets placed over one of the lanes and that is the lane you travel in. No one can see where you are going and where you enter and exit the highway. This is what a VPN does for your Internet use. Don’t use a free VPN as you get what you pay for. No one is so altruistic that they put this technology out there for free. They are capturing something of value from you. Instead, subscribe to a reputable VPN service if you decide to go this route. It’s well worth the modest cost.
Finally, consider using privacy mode in your web browser. All browsers have this and it does a decent job of masking your online activity, avoiding ad trackers and cookies, technologies that make you wonder how that ad showed up in your browser for something you were thinking of shopping for. When you want to be sure what you do online remains private, privacy mode is the way to go.
I hope I haven’t scared you away from shopping this holiday season. That is not my intent. Instead, I hope I have given you some good ideas to protect your identity and your bank account this holiday season and throughout the year. Happy shopping!
It’s here. The Black Friday deals have already kicked off and the Turkey coma is still in full swing. Most retailers opened their doors at 6 PM Thanksgiving Day to kick off their Black Friday deal. Small Business Saturday and Cyber Monday are right around the corner. The next four days are the most active shopping days of the year. Unfortunately, they are also prime targets for cyber criminals, so be sure you stay safe this holiday shopping season.
I’m sure you have been inundated with Black Friday and Cyber Monday emails offering all sorts of deals. While most will be legitimate, you have the stay on the lookout for those that are not. My recommendation is not to click through on any links in these emails. Instead, open your web browser and type in the address yourself and go directly to the web site and search for the deal. You don’t want to fall prey to a hacker who impersonates a known seller and tricks you into visiting a fake site that looks like the real thing.
One Small Business Saturday, take note if the retailer you visit makes you use your chip, instead of swiping your credit card. The chip system has been in place long enough now, that there is no excuse for anyone to not require you use the chip. The chip is more secure as your credit card information and every transaction are encrypted and significantly harder to hack than when you swipe. If you see a retailer who still makes you swipe, you should not think twice about telling them you are not comfortable with their security and may have to shop elsewhere if they don’t implement chip technology. There are several warning circulating from consumer advocacy groups to law enforcement, warning about vulnerabilities to point of sale terminals that are not using chip technology. Don’t let a lazy retailer put your safety at risk.
Also don’t forget about Apple Pay, Samsung Pay and similar payment methods that you can securely use with your smartphone. Using these payment methods will always be more secure than using your card, so when available, use them.
On Cyber Monday, just like Black Friday, go right to the site and don’t click through on ads you see on other web sites or links in email offers that you receive. While it may be a bit less convenient to type in the site URL and then navigate the site to find the deal you are looking for, it’s a simple and effective step to help protect your online shopping activity.
Once you’ve made your purchase, be mindful of the many shipping confirmation messages you may receive and be mindful of what you have experienced in the past compared to what you may receive in your email inbox now. Fake shipping confirmation messages are a favorite of hackers to trick you in to entering some personal information in to a fake online form or tricking you to open an attachment which may then infect your computer without you knowing it. Once infected, a hacker could capture everything from access to your bank to passwords to all of your online accounts. Again my recommendation is to go directly to the web site where you made your purchase and look up your order and check the shipping information from there.
Another good practice for online shopping is to use a service like PayPal, Visa Checkout or other secure online payment service. This adds a layer of protection to your shopping to protect your payment information, which is the crown jewel of what most hackers want to steal. As always, keep a close watch on your credit card and bank statements. Picking up an unauthorized charge is always a sure way to know a hacker has stolen your identity or payment information. If your bank or credit card company offers it, setup alerts for any charge or withdrawal, so you get real-time awareness to what may be happening with your accounts.
Enjoy the holiday shopping season and Happy Thanksgiving! I’m thankful for you subscribing to my blog for updates.
Wrapping up Week 4, there are some excellent resources available to parents, teachers and business people, to help expose kids to the careers available in the growing field of cybersecurity.
We have between 1 – 2 million unfilled IT jobs in the United States and that number is likely to continue growing. Increasing awareness of cybersecurity threats has made cybersecurity one of the fastest growing disciplines within the broader technology space.
I have long argued that our public schools are not doing a good job educating their students about career paths in technology. The focus in most public school systems has and remains, coding. Software coding is just one of several career paths worth knowing about. With the continued heavy investment in broadband and cloud services, a workforce skilled on the needs of companies providing these services presents a tremendous opportunity.
Please review the following resources and consider getting involved, at home, in your community and in your schools:
CyberPatriot helps to inspire students towards careers in #cybersecurity and other STEM disciplines. https://www.uscyberpatriot.org/.
Parents and Teachers! Learn about the “educational steps” to a career in #cybersecurity at GenCyber. #CyberAware https://www.gen-cyber.com/.
Parents! Check out NCSA’s Parent Primer for Guiding Kids to #Careers in #cybersecurity. https://staysafeonline.org/resource/ncsas-parent-primer-guiding-kids-careerscybersecurity/.
Sorry to be a little late with my Week 4 post. I was traveling for a family wedding and to celebrate my wedding anniversary, so I’m just now getting back to my blog.
This is Week 4 of National Cyber Security Awareness Month and this weeks theme is all about careers in cyber security. There is a national deficit in IT talent in this country. Some estimates put the number of open jobs in IT at over 1 million. Add to that the growing needs for expert skills in cyber security and you start to get a sense for the issue at hand.
Most schools have historically focused on software coding when it come to exposing students to IT. As we know, IT is about a lot more than just coding. The skills gap is wide and we need to take steps to narrow and erase the gap or we will lose our competitive edge.
Cyber security skills are unique and that is why this week has been dedicated to exploring ways to get more people interested in careers in cyber security.
Review this infographic to learn more about critical skills, jobs and more details about career opportunities in cyber security.
This theme is very timely this week as news broke of a wireless encryption vulnerability called KRACK, that could allow a hacker to infiltrate a secure wireless network. It sounds bad, and it is. However, for this vulnerability to work, the hacker needs to be in close proximity to both your wireless device and the wireless access point. It also requires robust computing capabilities, but it could do serious damage if successful.
Most vendors have already released patches to protect against the KRACK vulnerability. The question then becomes, have you installed those updates? Hopefully you subscribe to a proactive Managed Services program like those that the company I work for, Onepath, delivers to our clients. We proactively notified our clients of this vulnerability and fast tracked the testing and deployment of the updates to fix it.
The most important thing you can do to protect your wireless network is to choose a strong wireless password, or better yet, passphrase. Secure your wireless network with a phrase like “We want to do everything possible to secure this network.” That is hard to crack as the longer the passphrase, the more computing power required to break it. Most hackers are criminals of opportunity. If it’s easy to break, they will come at you. If it looks to be difficult to break, most will move on and look for an easier target. These are also often lazy hackers in some respects.
Another consideration to keep in mind regarding wireless networks is understanding the risks of public wifi. You should never do anything sensitive on a public wifi hotspot. It is extremely easy for a hacker to create a “man in the middle” attack and sit on the public wifi and get in between your device and the network to snoop on your activity or steal your username, password or account numbers.
One way to protect yourself is to use a VPN, either provided by your company or one that you subscribe to. These VPN’s will secure your activity on the wireless network by encrypting the traffic from your device, across the wireless network and online. Another option is to use the personal hotspot feature on your smartphone. Using the cellular data network is inherently safer than using public wifi.
Check out this tip sheet for more suggestions to keep your safe on wireless networks and more.