In a recent blog post, we discussed the millions of Americans who are currently struggling to recover after earthquakes, hurricanes, blizzards, fires, floods, mudslides and myriad other natural disasters that devastated residential and commercial properties across the country. Another category of disaster affecting millions, which also requires careful pre-planning and purposeful recovery, pertains to Information Technology (IT). As a prolific blogger, I wonder what we would do without IT? Continue reading “Information Technology Disaster Recovery”
Cybersecurity-breach stories are so common lately, the headlines no longer shock. But don’t let familiarity breed contempt. In 2017, you can’t afford to grow complacent about Internet safety. As the following examples demonstrate, it’s crucial to guard your online data: Continue reading “Internet Safety”
March and April usher in several spring-time events: St. Patrick’s Day, Easter, and another annual American ritual — tax time! I’m so glad I don’t have to file taxes. It’s one of the benefits of being a dog. Unfortunately, tax season is prime time for cyber criminals to strike. The IRS expects more than 150 million individual returns to be filed this year, with four out of five returns (above 80 percent) to be filed electronically. Included within those returns are social security numbers, addresses, phone numbers, birthdates, and financial records for millions of Americans, which leaves the Internet teeming with highly confidential information.
According to a study done by a financial strategy company called Javelin, the total number of identity theft victims in 2015 was 13.1 million, totaling $15 billion. In its most recent report, the Federal Trade Commission (FTC) revealed that, in 2014, they received more than 2.58 million reports of consumer fraud. I wonder how many cats are involved in fraud. They seem pretty suspicious, to me! Among fraud complaints:
- The average amount lost by alleged victims was approximately $2,000.
- The median figure of loss was about $500.
- In total, approximately $1.7 billion was lost by self-reported victims of fraud.
- The most common methods of initial contact by fraud perpetrators was telephone (54%) and email (23%).
If you electronically file your taxes, here are some tips to help keep your data safe:
- Vet the provider who electronically files your return. Authorized e-filers are registered on the IRS website at gov.
- Monitor your social media presence. Google yourself to uncover any bogus Facebook, or LinkedIn information using your name.
- Beware of scam Facebook mess Clicking on a tax-related link in your newsfeed may be convenient. But it could connect you to a phishing site. I think that people who scam with spam are scum.
- Optimize your security. Use the latest, most comprehensive firewalls, anti-spam/virus software. Also, update security patches and choose strong passwords to protect your online return. When possible, enable two-step authentication, which adds an additional security step required for login. Here is a link to comprehensive instructions for installing two-step authentication on a variety of computer platforms: org/2stepsahead/resources
- File your tax return ONLY on secure HTTPS sites. These encrypted sites will safeguard your information. So make sure a picture of a little lock appears in the website address field.
- Beware of Wi-Fi hotspots. If you need to access a bank account while you are out, don’t use public Internet service. Cyber criminals can potentially intercept Internet connections while you are filing highly personal information. Don’t do anything relative to your taxes while using public Wi-Fi. Experian reports that seven percent of people do their taxes while logged into unsecured networks.
- When in doubt, throw it out. Links in emails could direct your computer to malicious sites. If an email appears weird, even if you recognize the sender, delete it.
- Carefully screen emails that appear to have come from your bank. If they do not contain your financial institution’s website domain name, immediately report the breach to your bank. And don’t forget to delete!
- Shred documents that contain personal data. Doing so is worth the hassle, because many criminals dig through trash cans in search of sensitive information.
- Don’t respond to emails claiming to be from the IRS. The IRS does not contact people by mail.
- Never download documents from or click on links in tax-related emails. One click could unleash information-gathering malware on your computer.
- Refrain from doing tax-related researching using your web browser. You could be lured to a malicious site.
This year, taxes must be filed by April 18, because Emancipation Day falls on the regular deadline of April 15. Nice that we get a few days of tax relief because of the holiday! So take the extra few days to make sure you are cyber safe. Remember that Internet safety is a daily priority, not just during tax season. So be sure to think about ways to #BeSafe all of the time. A convenient and affordable way to make sure you are prepared for disasters and emergencies of virtually every kind is to subscribe to the RJWestmore Training System by Universal Fire/Life Safety Services, which has been designed to help improve and save lives. For more information about the best system out there, or to subscribe, click here.
According to Fox News, White House sources “partly confirmed” an alarming report that U.S. government computers—reportedly including systems used by the military for nuclear commands—were breached by Chinese hackers earlier this month. I’m not sure whether a Chinese hacker is someone who has smoked too long or a computer expert. But I guess I should read on. So should you.
“This was a spear phishing attack against an unclassified network,” a White House official assured FoxNews.com. “These types of attacks are not infrequent and we have mitigation measures in place.”
Although a law enforcement official who works with members of the White House Military Office confirmed the Chinese attack to FoxNews.com, as of the writing of this blog post, it remains unclear what information, if any, was taken or left behind in the attack, which occurred through an opened email. That’s one of the many reasons I prefer the Twilight Bark to email.
TechTarget.com defines a “spear phishing attack” as “an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.” Real spear fishing, on the other hand…is a great idea. Share your catch with me!
While we have devoted previous RJW blog space to discuss cyber security as it relates to password encryption and security software, we have yet to share information to help our clients and friends take precautions with technological protection as it pertains to email. So, today, in an effort to continue providing helpful information for disaster preparation, let us take a few minutes to offer a few helpful hints which, if observed, should keep your computer running smoothly and safeguard proprietary information.
First, it is worthwhile to note that routine email phishing schemes differ from spear-phishing attacks in that spear phishing messages appear to come from a trusted source such as a large and well-respected company or website with a broad membership base, such as eBay or PayPal. On the other hand, with spear phishing, the source of the email is constructed to look as though it came from within the recipient’s own company…usually a person of authority within the organization. This one is tricky since I always open emails that come from the chief. Guess I should be more careful about that in the future.
The Computer Crime Research Center reports that a West Point teacher and National Security Agency expert named Aaron Ferguson emailed a message to 500 cadets asking them to click a link to verify their grades. Ferguson’s message appeared to come from a West Point colonel. More than 80% of recipients who received the message clicked through, receiving a notification that they had been duped and their failure to exercise caution before clicking could have resulted in downloads to the West Point computer system of spyware, Trojan horse and/or other malware. Or, worse yet…you could be taken to a website that has lots of cat pictures!
Although most people have learned enough about computer use to proceed with caution when opening emails from unknown sources and in responding to unexpected requests for confidential information. We’ve all heard horror stories about Nigerian emails asking for large cash deposits to “help rescue loved ones from African prisons.” We’ve also learned, by and large, to avoid divulging personal data inside email messages—which can be hacked or clicking on links in messages unless we are positive about their source.
However, the average person is ill-equipped to recognize forged emails that seemingly come from people we trust because spear phishing is sophisticated. That’s how employees of Sony managed to unwittingly give away private information regarding their PlayStation Network, Epsilon data was recently breached, and several credit card companies and financial institutions have had to mail apologetic notices to their customer base.
The success of any spear phishing scam generally depends on these things:
1. The apparent source must appear to be known and trusted.
2. The information within the message supports its validity.
3. The request makes sense.
4. The sender doesn’t offer any bacon. (Okay, I’ll admit I added #4.)
So what can you do to avoid being caught unaware?
• The FBI recommends that you keep in mind that most companies, banks, agencies, etc., don’t request personal information via e-mail. If in doubt, give them a call instead of clicking through the email link. (But don’t use the phone number contained in the email which is usually phony.)
• Do not provide personal information, such as a password, a credit card number or any data that can be used to unlock an application or network, in reply to an email.
• Use a phishing filter. Many of the latest web browsers have built-in security software or offer the utility as a plug-in.
• Learn to recognize what your security software warning messages look like. If you get something that looks similar but appears to be a bit “off,” delete the email and block the sender.
• Never follow a link to a secure site from an email. Instead, enter the URL manually into the address bar of your web browser. I prefer browsing the woods with my nose. It’s safer than going anywhere in cyberspace.
• Report suspicious emails to your tech department on a regular basis. Tell employees to call security about anything suspicious and train them not to forward bogus emails.
• Do not open suspicious attachments. When it doubt, block it out.
• If your firm is ever victim to a successful spear phishing attack, assess the damage and recover. Eradicating the malicious software won’t be easy. You will have to backtrack to a clean starting point of your system before it was corrupted.
When a disaster of any kind strikes, prior planning and clear decisive action can help save lives. For the latest emergency management training for facility/building managers, contact RJWestmore, Inc. Our new Version 3.0 system offers the best emergency training system.
You’re on the road to the next sales meeting and absolutely need a coffee. You pop in for 20 minutes and use your laptop to browse the Internet. Everything is copacetic until you later hear about a breach to your company’s back-office financial data. Are you to blame?
A source called an “ethical hacker” by CBS News says, “Information you’d send to and from your bank, information coming off of your credit card—any of those types of information you’d rather people not have, goes over WiFi.” I’m not sure what an ethical hacker is. Seems like an oxymoron to me. Also according to CBS, security experts estimate hackers can easily take $1,000 worth of data from just one hacked computer.
Unfortunately, little exposes your work to greater security risks than latching onto a public Wi-Fi service. The problem is that most people and pooches don’t realize the risks. And even fewer have the ability to perform the necessary tasks that would fix it. So what’s a modern business person to do?
Here are some tips on browsing safely:
- Just say no. While this might be unreasonable for road warriors who need to access the Internet at airports and hotel lounges, infrequent users are better off avoiding the temptation to hop on unsecured networks. The wife and I have a strict “doghouse only” use rule for our own laptops.
- Use a firewall to guard against incoming threats.
- Conceal your files using encryption, so important documents are not accessible by others who are snooping or phishing on the open network. The RJWestmore Online Training System encrypts all password information, for the safety of all of our clients.
- Turn off your wireless connection when not in use. Perhaps you are at a coffee shop working on a document but you don’t need to check your email. By turning off the wireless connection, unscrupulous individuals will be cut off from gaining prolonged access to your computer files. This is especially important to keep people from poaching your electronic PetSmart coupons.
- Don’t enter your Social Security Number or credit card information while using a public network. If you encounter an emergency and need to purchase something, use only the sites that show the padlock symbol and third-part security verification.
- Find the “S”! On sites such as Facebook, you can change your security settings to only login on “https” enabled pages. While these might run a shade slower than regular connections, they prevent all but the most sophisticated hacking attempts. So check website settings to restriction enabling to this higher security setting.
- Ask IT to show you how to disable your computer so it won’t actively search for hotspots. Windows is too user friendly at times (the same could be said of several overactive canines I know), and will look for wireless networks wherever you take your laptop…whether you are trying to log online or not.
Beyond public Wi-Fi risks, there are myriad other ways your personal or business information can be comprised through carelessness or bad practices. Additional tips for keeping data safe:
- Be careful using USB “thumb” drives, which can be easily misplaced. They also are the perfect carrier for viruses and malware. USB drives were the culprit for the spread of the damaging Stuxnet virus which infiltrated industrial computers, including some at nuclear facilities.
- Use passwords. Protecting access to both the laptop and individual files and folders can slow down or discourage hacking attempts. Every week you hear stories about possible data breaches from stolen or lost or laptops that were unprotected.
- Mobile devices can be protected with security apps that can remotely “lock and “wipe” your device. Or, if you prefer, give me a call and I will be happy to “lick and wipe” your mobile device for free.
- Train employees how to spot phishing and scam emails that might distribute viruses. Some scammers will even spoof their emails to look like they are coming from a company’s HR department.
Using public Wi-Fi properly requires some technical know-how and common sense. When feasible, only look at public non-identifying sites on the public network, and purchase items or do banking when you are back at work or at home. While 24/7 access is nice, you can ask yourself “Do I have to do this now?” Unless pork chops are involved, I am willing to wait for almost anything. If you follow the tips on using public networks and best practices for portable drives and laptops, you will greatly increase your protection from malicious hackers.
When a disaster strikes, prior planning and clear decisive action can help save lives. For the latest emergency management training for facility/building managers, contact RJ Westmore, Inc. Our new Version 2.0 e-based training system offers the best emergency training system with automated and integrated features. Visit RJWestmore.com for more information and remember to BE SAFE.
- Be prepared…for everything and anything! At home and at work, the most important step you can take to ensure your own safety as well as the safety of coworkers, employees, family and friends, is to prepare. For ideas, look to FEMA’s recently announced “Resolve to be Ready in 2011” campaign, which features several suggestions for disaster preparedness. What’s more, our own blog posts provide food for fodder. And, as everyone knows, I love food of any kind…fodder or otherwise.
- Drill. A timely example of how preparation is critical for saving lives occurred at a San Antonio CPS office building which caught fire on December 20. According to news’ reports, all 400 of the building’s occupants were forced to evacuate the building before 9 a.m., at which point the company’s emergency evacuation plans were put into effect. No doubt benefiting from the safety plan and associated regular fire drills, preparation paid off as every employee escaped without injury. I’m a big fan of drills, myself. But the guys at the firehouse didn’t appreciate the Chinese Fire Drill I started when we were on a recent call.
- Protect yourself from cyber-terrorism. As we rely more and more on all things electronic, we must be diligent to guard ourselves against identity theft. Four out of five victims of Identity Theft encounter serious issues as a result of the crime, such as lowered credit scores, bankruptcy, foreclosure, or even prison time. So protect your Internet passwords by creating them randomly and changing them frequently. This isn’t a huge risk for me, personally, since I don’t have opposable thumbs.
- Guard against health risks. Although the flood of sensational news’ stories about Cholera, the Swine Flu and SARS have ebbed, you still run the risk of contracting viruses and bacteria if you fail to take precautions to remain healthy. One of the easiest ways to do this is to regularly and thoroughly wash your hands (or paws, whatever the case.) Also, take advantage of vaccinations designed to protect you against illnesses such as Influenza or Respiratory Syncytial Virus.
- Consider your location. Since different types of disasters occur depending on your location, pay attention to geography and history when you prepare for natural or man-made disasters. If you live on the coast, for example, plan for tsunamis. If you get snow, make winterizing a priority. If you live near a fault line, make sure you are ready for earthquakes. No matter where you live, you should probably stock up on kibble and rawhide chews.
- Heed storm warnings. While some natural disasters, such as earthquakes, come without warning, many others are relatively easy to predict. So, if you live in an area where hurricanes or tornadoes are common, follow forecasts. And when an event is anticipated, take necessary steps to ensure your own safety as well as that of emergency workers, who might be put in harm’s way if they have to brave the elements in order to rescue you. In other words, don’t sit on your roof in a flood. This is especially true if you live in a doghouse.
- Do the right thing. Don’t cut corners. Take a cue from the recent Shanghai Fire, which some believe resulted from contractors who cut corners. Applicable to all areas of life, doing what’s right will help keep everyone safe in 2011 and beyond.
- Go green. You don’t have to be a hippie to understand the importance of protecting our planet. Today, millions of electronics are shipped to developing countries where they are dissembled, often in a crude manner, which exposes workers and the environment to contaminants such as mercury, sulfur, and lead. This practice puts us all at risk. So do your part this year to Reduce, Reuse and Recycle. You can start by sharing your leftovers instead of throwing them away. Every little bit helps! So I’ll do my part to reduce the refuse.
- Travel safely. Try to be patient if you fly. While it might be inconvenient to take off your belt, shoes and jewelry at the security gate, and possibly undergoing a TSA pat-down, these safety measures are in place to keep us safe.
- Fight fire with fire prevention. The surest way to fight fire is to prevent it. The National Fire Protection Association has sponsored Fire Prevention Week each year since the Great Chicago Fire roared through Chicago in 1871. This year’s push is to install smoke alarms. So if you haven’t installed them in your commercial property building or at home, do so today!
- Keep learning. Our corporate mission is to save lives through training with the motto “Be Safe!” The RJWestmore Training System 2.0 is a fully integrated system which allows property management companies to manage one site or an entire portfolio, with all users in the same system.
If you own or manage commercial property, by enrolling in the system, please consider our system, which trains occupants, floor wardens, and fire safety directors. What’s more; all user training and testing is recorded. Get quick access to building-specific Emergency Responder information and other resources. We hope you’ll allow us to do our part to help keep you safe in 2011 and beyond.
When a disaster strikes, prior planning and clear decisive action can help save lives. For the latest emergency management training for facility/building managers, contact RJWestmore, Inc. Our new Version 2.0 e-based training system offers the best emergency training system with automated and integrated features. Visit RJWestmore.com for more information and remember to BE SAFE.
Today’s blog post isn’t about the threat of a natural disaster. We will be discussing a manmade crisis that can potentially affect anyone and can take months or even years to repair. Are we talking about a global shortage of pig ears? Nope. Today’s topic is Identity Theft. Claiming nearly 10 million victims a year, Identity Theft is the number one complaint lodged with the FTC.
According to research from Nationwide Insurance, four out of five victims of Identity Theft encountered serious issues as a result of the crime, such as lowered credit scores, bankruptcy, foreclosure, or even prison time.
A significant threat now that so many of us handle financial matters online, Identity Theft is a crime that is cloaked in mystery, with most of us imagining identity thieves working in dark, secret computer-filled lairs. The truth is that the crime is far less glamorous than they make it out to be in the movies, with far more serious implications for its victims. The good news is that while Internet anonymity is practically impossible these days, you can take steps to make yourself a less inviting target.
- When it comes to selecting a password for your online bank account or email accounts, don’t choose “password,” “1234” or “Fido.” Also avoid easily detectable data such as your child’s first name, your birthday, your anniversary, your dog’s name or your street address. This type of data is easily accessible for even casual hackers.
- No matter how much you hate the hassle of changing and forgetting your passwords, you need to change them periodically. Experts recommend changing passwords on every online account at least every three to six months. People who work with extremely sensitive data change passwords hourly. When we paper-trained JR, we had to switch out the papers every 15 minutes.
- Check “privacy settings” on social media websites. Recent problems regarding privacy settings on Facebook highlighted the need to carefully consider how public you should be with details about your life. I used to have a profile page, but I started to get too many friend requests from litter-mates. No, I don’t want to play FarmVille. Leave me alone! Review your settings and carefully read the “terms of service” on every site you use. Also, look at the amount of data on your social network profiles and determine if certain identifying information should be deleted or altered.
- Do you like to use WiFi and other public area internet access networks? Take steps to ensure security of your laptop or mobile device when sending information over shared networks. Don’t let the leather chair and tasty beverage lull you into thinking you are at home when you are using your computer at Starbucks.
- Create truly random passwords. Some popular “systems” for randomizing passwords involve thinking of a phrase such as “I love rolling around in dirt piles” and taking the first letter from each word: ILRAIDP. Another idea is to swap out the second and fourth letters with characters, so the password is I*R#IDP. Randomization and picking phrases only you would know are the keys to real password security.
- Even if your passwords are difficult to decipher, you might be surprised by how easily experienced hackers can access even complicated encryptions. Fortunately, several applications and software offer secure password management tools. If you do not have access to these tools, consider using a completely random number. And don’t store it near your computer or in your purse or doghouse.
Also, don’t forget about offline methods that thieves can use to steal your identity. Not every identity thief is a hacker holed up in a basement with five computers and three monitors. Some still take a more old-fashioned but no less harmful approach to assuming someone else’s identity.
- Don’t leave mail hanging out of your mailbox or dispose of it in the trash can at the post office! The amount of information contained on some of your bills is staggering. Thieves who commit the felony of stealing your mail would have access to your full name, address, phone number, account numbers, bank routing numbers and more. For security, deposit important mail into a USPS drop box.
- Don’t forget about the trash. I’m not referring to the kitchen trash. I plan on knocking it over and eating whatever I can find. I mean that you should shred any and all documents that contain personal information before you toss away any paperwork…including junk mail.
- Take a good look at your wallet or purse. Is it a good idea to carry your social security card, checks, paystubs, insurance information and a letter with your mother’s maiden name on it, conveniently located all in one place for the taking? Photos of your pets, however, are probably safe to keep on hand!
What steps should business owners and manager take to guard customer and/or employee personal information?
- Computer data is hard to erase! If your sell or donate old computer equipment, clicking “delete” on files and folders won’t be sufficient. Purchase an application that can completely wipe the hard drive. Or, better yet, take computers to a trusted source so the hard drive can be erased. All data on CD, DVD or backup tapes should be removed and then destroyed so files are completely unreadable. Here’s another idea. I am willing to chew on your old CDs for free. Let me at ‘em.
- Don’t lose your laptop! (As if you would plan otherwise.) What I mean to say is to take extremely good care of your computer. And store sensitive data on secure servers or in the computing “cloud,” behind firewalls, instead of stored on a portable machine.
- Have old-fashioned paper files? Outsource your document retention services to an established company that will shred or store, as needed. Also, don’t throw boxes of data with sensitive client information into your building’s unsecure storage basement! Invest in a heavy-duty shredder and use it often.
- Don’t adopt “It Won’t Happen to Me Syndrome.” According to the FTC, in the past five years alone, 27.3 million people were victims of identity theft. In fact, it actually happened to me! A Border Collie tried to pass himself off as RJ the Firedog. You aren’t fooling anyone, Rex!
We often discuss the benefits of proactive prevention. And dealing with Identity Theft is no exception. When a disaster strikes, prior planning and clear decisive action can help save lives. For the latest emergency management training for facility/building managers, contact RJWestmore, Inc. Our new Version 2.0 e-based training system offers the best emergency training system with automated and integrated features. Visit RJWestmore.com for more information and remember to BE SAFE.