Protecting Your Email

Everyone uses email for personal use and for work. It is the number one channel of communication for most office settings, so it’s no surprise that scammers commonly target inboxes to steal information.

As a reminder, you should never send sensitive information like passwords, social security numbers, or account numbers via email. For more ways to protect yourself from information theft via email, check out our infographic:

untitled-infographic-(1)

US Government Falls Victim to Information Security Breaches, Obama Signs Cybersecurity National Action Plan

Security-Companies-and-Government-Intelligence-476391-2

Cybercrime is on the rise and the government is ill-prepared to protect itself from attacks. If you aren’t convinced, here’s what’s new in government cybercrime just this past week:

Using old-fashioned social engineering, hackers gained access to computers at the Department of Justice and exposed the contact information of nearly 10,000 Department of Homeland Security employees. Those affected were special agents, intelligence analysts, technicians, language specialists and more.

The same group later released information on 22,000 FBI employees including names and job titles, phone numbers, states of residence, and email addresses.

Another group of cyber attackers fooled the IRS’s system into generating more than 100,000 tax return pin codes. These codes could have been used to file fake taxes under stolen social security numbers, had the breach not been discovered.

As the government gathers more and more information on everyday citizens and pushes to gain backdoor access from technology companies, these incidences are a huge cause for concern.

Earlier this week, Obama issued an executive order in an attempt to improve national cybersecurity. The proposal includes a new position: “Chief Information Security Officer” (CISO), a federal privacy council, a $3.1 billion budget to replace outdated systems, and efforts to educate the public on how to protect their personal information. There are also plans to review where the government can cut down on the use of social security numbers as identifiers for citizens. The plan outlines a proposed a $19 billion federal cybersecurity budget for 2017. Shocked by the budget, many are debating whether the proposal is worth the cost.

However, we would argue the executive action is long overdue, and the proposed plan might even be too little too late. Over nine months ago the Office of Personnel Management was hacked for the second time last year. The breach makes this last week’s incidences look like child’s play, affecting 22.1 million people- that’s almost 7 percent of the U.S. population, and revealing social security numbers, financial history, and even the contact information on friends and relatives of intelligence and military personnel who had applied for security clearance. Where was the government’s action plan then?

World’s Biggest Data Breaches Hacks Information is Beautiful
Some perspective on the impact of the breach of the US Office of Personnel Management (via informationisbeautiful.net)

While the proposed cybersecurity plan isn’t perfect, it’s a step in the right direction. More emphasis needs to be placed on education. Cybercrime awareness has improved, yet most individuals aren’t sure what actions they must take to protect their information.

People, not whole government agencies, are at the front lines when dealing with information security threats, and human error is a factor in over ninety percent of cybercrime incidences. Government employees as well as the public should be taught how to recognize threats and take the proper course of action as they arise. Sufficient funds for training and education on social engineering will be critical for prevention.  Information security is everyone’s responsibility, and the stewardship of sensitive information is not to be taken lightly.

For cybersecurity news and strategies you can use to protect yourself today, follow us on Facebook and subscribe to our Cybersecurity Newsletter.

Better Password Protection for Data Privacy Day

Today is Data Privacy Day and we’re celebrating with some do’s and don’ts for better password protection! The most common form of user authentication, passwords protect emails, bank accounts, user profiles and so much more.

In theory it makes sense to choose passwords that are hard to crack and always keep them to ourselves, but in practice, this doesn’t always happen. Here are some password do’s and don’ts.

password-do-s-and-don-ts

Need more specific tips? Here are more ideas for stronger passwords that are also easier to remember:

  1. Use Multiple Languages- Words are easier to remember than random letter groupings, but most hackers use English dictionary words when cracking passwords. Using non-English words can help you remember your password while avoiding common words.
  2. Use A Pattern for Special Characters- Inserting a set of special characters into your password every few letters can help you fulfill the special character requirement, and it’s an easy formulaic way to remember where those characters belong.
  3. Only Use Leet in Phrases- Leetspeak (switching letters in a word for numbers and special characters- for example “hello” becomes “h3110”) is not uncommon among hackers, so this method won’t necessarily help keep a one word password safe. However, using them in a phrase can still be helpful, as it is harder to guess a phrase than a single word.

 

Top Cybersecurity Threats for Business

privacy

Adopting the latest in technology can help businesses get a leg up on the competition, but some forget that with new technology comes a need for updated security. Here’s what’s trending in business technology today and how each topic should affect your plans for information security.

Cloud Computing

Cloud computing enables users to connect to virtual servers from any remote location, operate with less concern about the inherent pitfalls of physical backups, and scale up quickly without crippling hardware expenses.

While the cloud provides many great benefits, every new platform for information comes with a need for new security protocol.

As more businesses move to the cloud, they should take the time to reexamine their network security plan- who has control over data access, what kind of security training users will need, what information is critical and how many layers of authentication will be needed to protect it, etc.

Your security needs will differ depending on what you host on the cloud and how users access that information. A safe way to ensure your information is protected is to consult with a specialist about your current security plans, and see what may be vulnerable with a transition to a new platform.

Remote Work

The internet provides employees great freedom to work from home and while traveling on business trips. While business networks are secured by firewalls, antivirus software, and other layers of protection, this is not the case when employees are not properly set up to work remotely.

Let’s say an employee is working from a cafe in Brazil- they check their email and send over a company file from their smartphone using an unsecure WiFi connection. The data transferred is likely subject to very lax security, and hackers could obtain sensitive company information.

To combat this type of data theft, companies with remote users or even multiple office locations accessing a remote data center should use virtual private networks (VPNs). VPN tunnels are easily set up at little to no cost. These secure connections protect any data transferred through dedicated connections and encryption protocols. Depending on user needs, a wide array of protocols can be implemented including Secure Sockets Layer (SSL) and Transport Layer Security (TLS), IP security (IPSec), Layer 2 Tunneling Protocol (L2TP)/IPsec, Point-to-Point Tunneling Protocol (PPTP), Secure Shell (SSH), and more.

Malware: The Proliferation of Ransomware

You are probably familiar with different types of malware- intrusive software meant to harm your system. These viruses come in the form of worms, trojans, spyware, and more embedded in seemingly harmless files.

Ransomware, a very specific type of malware, has gained popularity among hackers and will continue to be prevalent in 2016. When a system is infected with ransomware, files are encrypted so they cannot be accessed, bringing business to a halt. The system is essentially up for ransom under a certain time limit, and will only be decrypted once the owners pay a large fee to hackers, if the time limit is expired and no payment is made, the files will remain encrypted.

Ransomware prevention comes down to up-to-date security protocols and staff training. A backup plan to restore files in the case of a ransomware infection can help companies save valuable time, money, and the trust of their customers.

Social Engineering and Human Error

According to IBM, in 2014, human error played a role in over 95% of security incidents. Are your employees aware of information sharing protocol? Can they identify a phishing email attempt? Data security should be talked about regularly and often with your employees to ensure they can identify threats and will be prepared to protect your business information. Educating your employees about current security trends through proper training and testing is the best way to avoid data breaches through human error.

As business technology trends change, so will the ways in which hackers try to exploit vulnerabilities in the system. Even with the hardware and software needed to protect sensitive information, a network security plan is incomplete without proper staff training. Ninety-five percent of cybercrime incidents in 2014 occurred due to human error. Being well versed in the different tactics used by information thieves can prepare users to recognize threats, and choose the right plan of action.

If you have questions about your cyber security risks and how you can mitigate them, whether personal or for business, visit our cyber security services page and contact Inverselogic to speak with an expert.

Cybersecurity Trends for 2016

Today we can do just about everything with the help of the internet- view and control bank accounts, peruse and shop from stores around the world, connect with new people or video chat with distant friends and family, even control smart objects like kitchen appliances from afar. The same effect can be observed in business, with more and more day-to-day operations becoming automated or conducted online.

It’s no surprise that privacy and online security is going to be a prolific topic of concern in 2016 and beyond. With all kinds of sensitive information being transferred between different parties, hackers have more opportunity than ever to try and steal information to either sell on the dark web or use for their own financial gain.

There are many precautions consumers and businesses should take to stay in control of their confidential information and protect business assets. For users, get started with our comprehensive Guide to Cyber Security and our Guide to Email Security.

For a general idea of cybersecurity trends, check out our infographic:

 

Cybersecurity 2016

In the coming weeks, we will continue our Cybersecurity series to help inform users of how to protect their information. Stay tuned for more on common social engineering tactics, how to protect your inbox through safe email practices, bolstering information security on mobile devices, and how to control what is shared on social media.

Interested in protection for your business? Visit our website to learn more about our cybersecurity services and contact Inverselogic to speak with an expert.

Consumer Security: Malware Ads on Forbes

The annual Forbes 30 Under 30 list highlights a select few in various industries from music to healthcare- these individuals are up-and-coming influentials under the age of 30. Naturally, the 30 Under 30 franchise receives much attention and its pages garner hundreds of thousands of online views.

Many consumers are just becoming aware of how vulnerable their privacy is online, progressively more so with coverage of recent breaches at companies and even government organizations like Apple, the IRS, and Ashley Madison. It’s natural that this year’s 30 Under 30 list include a few names in security. The article mentions:

Ryan Ozonian, 27, created encrypted messaging app CyberDust that he says is safer than SnapChat. Javier Agüera Reneses, 23, created the encrypted smartphone BlackPhone (in partnership with security firm Silent Circle) and now serves as Silent Circle’s chief scientist. Reyad Allie, 26, is Uber’s Global Intelligence Analyst and keeps the $50 billion car service’s driver and user data safe.

 

This nod to advancement in data security only makes it more surprising that Forbes served malware to visitors who wished to view the article and disabled their Adblocker software.

 

Producing quality content accrues a cost, and like other publishers, Forbes pays for this through serving ads or a subscription model. Those who wish to view content without a subscription are asked to disable their Adblocker software for an “ad-light” experience. Forbes claimed this strategy helps monetize millions of impressions that would have otherwise been blocked.

The choice to disable the software is in the hands of consumers, and Forbes’ strategy seemed like a bona fide solution meant to help generate revenue. Forbes has also disabled the poisoned ads since becoming aware of the problem. However, there is a glaring problem with the system when a host cannot monitor exactly what is being served to its visitors. Even Adblocker does not protect users from all malware.

Forbes (and lesser known sites) sometimes have little control over (or knowledge of) what ads are being served to visitors. Until this is resolved, the responsibility for keeping information safe online ultimately falls on the consumer. Stay tuned for more in the future on how you can protect your data.

Voice Control is as Distracting as Taking Your Eyes Off Road

Twenty seven seconds is a long time- try patiently counting down twenty-seven seconds in your head. Now imagine driving your car along your everyday morning commute and taking your eyes off the road for that amount of time. Scary?

Driving while using a smartphone can be just as distracting. You might think you’re in the clear with voice control- we all know better than to pick up our phones behind the wheel. However, a recent study shows that drivers who use voice control are still dangerously distracted- sometimes only coming back to full attention after twenty-seven seconds.

vc

This is an alarming finding considering hands-free phone usage is completely legal and consumers are sold on the idea that it is safer than tactile use. Though voice recognition technology has drastically improved since its introduction, this has not translated into distraction-free phone use while driving.

Study Design: the University of Utah in partnership with the American Automobile Association tasked participants with calling contacts, dialing phone numbers, sending texts, and changing music while driving in 10 model 2016 vehicles equipped with infotainment systems. These attempts were made via Microsoft Cortana, Apple Siri and Google Now smartphone personal assistants. Participants drove along a

To measure levels of distraction, a head-mounted LED light flashed red every three to five seconds in the peripherals of a driver’s left eye. Drivers were instructed to press a thumb switch every time they saw the light. Researchers measured how voice interactions reduced drivers’ reaction times and accuracy at seeing the flashing lights.

PHOTO CREDIT: AAA Foundation for Traffic Safety
PHOTO CREDIT: AAA Foundation for Traffic Safety

Some takeaways from the study:

  • Drivers were still distracted by fifteen seconds even while using the least distracting systems and voice assistants
  • Least distracting voice assistant: Google Now
  • Least distracting systems: Buick Lacrosse and Chevy Equinox
  • Least distracting activity: listening to the radio

Driving involves taking responsibility for the safety of far more people than just the driver. So while researchers suggest that developers improve the design of the infotainment systems- dumbing down these basic activities so they aren’t any more distracting than listening to music, it’s obvious that the safest way to avoid distracted driving is to cut out unnecessary distractions altogether.

For more on the study, visit the University of Utah‘s page.

Own a Drone in the U.S.? You May Need to Register Soon

Drone technology has improved significantly in recent years. Greater device range, lower pricing, and wider availability in general have all fueled the rise of drone enthusiasts. The results are amazing aerial footage taken in places that we haven’t been able to film before- at least not without a hefty budget.

drone

Unfortunately, it has also led to some drones flying too close to aircraft and becoming a threat to others’ safety. Prompted by a few too many close calls, the Department of Transportation and the Federal Aviation Administration just announced plans to require drone registration by end of this year.

Mandatory drone registration would require drone owners to learn airspace rules before flying their devices. It will also help solve a common problem with drones- law enforcement usually has no difficulty in tracking down the drones violating air traffic protocol- it’s linking the device to the offending operator that’s an issue.

Some key points from U.S. Secretary of Transportation, Anthony Foxx’s announcement:

  • Small unmanned aircraft systems deemed a low-safety risk (like toys) will be exempt
  • Current drone owners must register within a given grace period or pay a penalty
  • New and current pilots will not need a license to fly

The current limits for recreational use are:

  • The device must fly within operator eyesight
  • They must fly below 400 feet
  • Drones may not fly within 5 miles of airport or air traffic without prior FAA notification

You can find more comprehensive guides to safe flying on the FAA’s site: Know Before You Fly. A taskforce of 25-30 representatives will be accepting recommendations for registration rules through mid-November, and a set of official rules is expected to be in place by mid-December.

Intel Introduces the Arduino 101

Programmers and DIYers familiar with the Raspberry Pi and other microprocessors will soon have a new option for their maker projects. Intel’s Arduino 101 will be available for sale by Q1 of 2016, and over 300 schools taking part in Arduino’s Creative Technologies in the Classroom program have already signed up for their own.

Arduino 101

The Arduino 101 will be available for just $30, making it the most affordable ready-to-program board of its kind. It will be as small as a credit card and packs the following features:

“32-bit Intel® Quark™ microcontroller for minimal power consumption, 384 kB of flash memory, 80 kB of SRAM (24kB available for sketches), an integrated DSP sensor hub, Bluetooth* Low Energy radio, and 6-axis combo sensor with accelerometer and gyroscope.”(Arduino Blog)

Its size, price, features, and processing power to make it perfect for educational use- think hardware hacking and basic programming. Read more about Arduino, their products, and projects on their site.

Eliminating Mobile Ads with Adblock Browser and What it Means for Advertisers

Pop-up ads can be irritating on desktop, but they can be absolutely maddening on the limited screen real-estate of mobile devices. Mobile advertisers have been slow to recognize how some ads distract and detract from most visitors’ experience, even eliciting negative reactions; but there may still be hope. Just a couple months ago, Google eliminated “door slam” ads for mobile after tests confirmed that subjects responded more positively to subtler banner ads.

Google Webcast

 

While advertisers seek to learn about mobile users in attempts to improve mobile ads, it may be too late to reach some. A more extreme response to aggressive mobile advertising is blocking ads altogether. Adblock has launched their own free mobile browser for iOS and Android, giving mobile users the ability to browse the internet from their phones and tablets ad-free.

adblock logo

The default setting on the app is to block all ads on the browser. If you are feeling generous, you can whitelist sites that you visit regularly to continue viewing related offers. Since ads require data use and can cause pages to load slower, Adblocker claims that using their browser can conserve battery life by up to 20% and prevent unnecessary data usage. An added bonus to it all is the app’s ability to protect mobile devices from malware.

adblock 2

The ad-filtering browser is not a revolutionary technological development; in fact, ad blocking extensions for Android have been around for years, and the next version of iOS 9 will also follow suit with content blocker extensions for the first time. However, the creation of the browser in reaction to demand for the service signals to an ongoing shift in modern media. In the past, consumers had no other option but to watch content that they were spoon-fed, but today they are becoming highly selective in what they choose to see.

There are more options for entertainment than ever before thanks to the internet. This, paired with an increasing freedom for consumers to select what they view, where they view it, and how (via YouTube, subscription services like Netflix, catch-up subscription TV with Hulu, apps and shows on Apple TV, and many more); makes it harder and harder for content providers (and advertisers) to reach their audiences.

It will be interesting to see how advertisers adapt to the changing media landscape. Hopefully more will see it as an opportunity to craft messaging with out-of-the-box ideas and reach audiences with more useful promoted content. After all, the best ads are those that are unrecognizable as such.

Until advertisers figure out a better way to reach mobile users without annoying them, there is now Adblock Browser and the option to opt out.