Steve Peplinski

New Challenges for Online Security

Posted on December 31, 2012. Filed under: Steve Peplinski |

You’re probably tired of hearing about what you need to stay safe on line, but just as a refresher, here are the basics:

Desktop Security Basics

  • Install Windows Updates
  • Keep Flash, Java, Adobe Reader and other third party apps updated
  • Don’t click on links in email
  • Keep your antivirus up to date
  • Be careful where you go on the web.  Site rating services like Web of Trust can be a big help with this.
  • Use complex passwords and change them frequently

 But technology doesn’t sit still, and you’ve probably got a new online device that comes with a new set of risks!  That would be your smart phone or tablet computer.  In the last 20 years, access to information has gone from the public library to your desktop computer to a laptop in your shoulder bag to a smart phone in your pocket! 

 So what are the risks, and how can you protect yourself?  Since smart phones are Internet connected computers, they present the same risks that our desktops and laptops present for identity theft and becoming part of botnets.  And since they’re becoming more and more ubiquitous, MalWare writers are putting more efforts into exploiting them, but protecting yourself isn’t all that different. 

 Smartphone Security Basics

  • Update your apps when the vendor releases new versions.  You can check your settings to make sure that your apps are set to AutoUpdate.  Then when your phone notifies you that an update is available, make time to install it.
  • Be careful where you get your apps from.  The Apple Store and Google Play make an effort to ensure that apps you acquire there are safe and free from malware.  If you get an app from another source, you could be putting yourself at risk. 
  • Install antivirus software. 
    • A quick Google search found free apps from Sophos, AVG, and Kaspersky, three reputable companies.
    • Eset has a more robust app that costs $9.99.  It allows you to remotely lock your device, to locate a stolen device by remotely turning on the GPS, or even remotely wipe the device.  $9.99 a year is pretty cheap for peace of mind.
    • If you have a mobile banking app, start thinking of your smart phone the same way you think of your wallet.  Keep it safe so you don’t lose it. 

Don’t ignore the risks, but don’t panic either.  A little knowledge and a little effort can go a long way towards keeping you safe online.

Read Full Post | Make a Comment ( None so far )

Keeping your email account secure

Posted on July 2, 2012. Filed under: Steve Peplinski |

“Urgent Funds Transfer Request!”  This recently arrived from a customer by email along with instructions to wire funds out of their account.  The email was from the customer’s personal account, but since the transfer was out of character for the customer, we called and thus found out that their account had been hacked.  The email was actually an attempt to commit fraud.  We were able to protect the customer, but it raised a lot of questions about the safety of email. It also got me thinking about how vulnerable we all are to identity theft, and what we can do to protect ourselves.  Here are some questions that frequently come up.

Is it dangerous to open email?

Not if you keep your computer up to date, and you don’t give permission to run an add-on or script.  Be wary when you’re asked for your permission.  Getting malware by simply opening an email or going to a website is often referred to as a “Drive By Infection”.  When this type of vulnerability is discovered, software publishers release an update or “patch”.  You can protect yourself by keeping all of your software updated.  This includes your operating system (Windows, Mac, or Linux) as well as third party software (Adobe reader, Microsoft Office, Java, Flash) and anti-virus software.

I just clicked on a link I shouldn’t have!  Am I infected?

It’s unlikely.  Most attacks require that after you click the first link, you take additional steps to get infected.   If you have current Anti Virus software running, and you keep your operating system and third party applications (Adobe Reader, Java, Flash) up to date, you will have some protection.  But make sure you ALWAYS pay attention to warnings that pop up when you click on a link.  On the other hand, if you are careless about keeping your computer up to date, your risk increases dramatically. 

How do hackers crack email passwords?

There are a variety of ways. 

  • If you choose an easy to guess password, they may simply guess it by trial and error.  That’s why it’s important to use a password at least 8 characters long, and to use letters (both upper and lower case), numbers, and special characters. 
  • Another way is to steal it from an insecure web site.  For example, lots of web sites request that you register and create a free account just to access their content.  If you use the same password all the time, it could be stolen from one site and then used to compromise your security.  Recently LinkedIn had a data breach and millions of customer credentials were stolen.  If you had used the same password for your LinkedIn account as for your email, that breach would put your email at risk in addition to LinkedIn and any other sites where you used the same password.  Not all web sites that request that you register have top notch security either.
  • If you use public Wi-Fi access points, someone may be eavesdropping.   Passwords are not always encrypted when you enter them, so a hacker could be monitoring a poorly secured Wi-Fi access point and harvesting passwords.
  • They could just ask you for it, and if your guard is down, you may give it to them.  Be careful about providing confidential credentials as you surf the web or if anyone asks you.  It is almost always possible to troubleshoot and provide support without having to know a user’s password.

If they steal my password, what will they do with it?

Within the past year, I have received several suspicious emails from friends.  You know the kind.  Pitching Viagra, or urging me to click on a link to see some “unbelievably interesting” content. That’s a dead giveaway that their account has been hacked. The bad guys then use that account to send spam.  More insidious is the danger you’re exposed to by keeping too much confidential information in your email account.  Would you want a stranger with bad intentions rooting around in your email message store?  Attachments with information about your finances (including account numbers or transaction details) give them fodder to attempt some kind of fraud.

What are some safe practices that I can use to protect myself?

1)      Use a unique, secure password for each on line account.  To keep track of them all, use a password manager that stores them in an encrypted database on your computer. 

2)      Be aware that when you send email, if it is not encrypted (and it’s not by default encrypted) there is always the possibility that some one will eavesdrop.

3)      Don’t use your email account as a database to store confidential information such as bank statements or account credentials.  Instead save that type of information to files on your local hard drive

4)      Make it a practice to keep all of your software up to date.  In addition to Windows, Adobe reader, Adobe Flash, Sun Java and your anti-virus software all need to be kept up to date.

You can protect yourself with a few simple precautions.  Risk is ever present in our lives, and managing it needn’t be terribly scary.

Read Full Post | Make a Comment ( None so far )

Make Security a Habit

Posted on April 5, 2012. Filed under: Steve Peplinski |

As recently as 10 years ago, banks invested hundreds of thousands of dollars in room sized machines to process customers’ checks.  Today, we spend about a thousand dollars for a scanner that’s the size of a loaf of bread.  We take a picture of the check and we don’t worry about the paper original after that except to make sure that it gets destroyed.  Over the years we’ve replaced lots of big expensive equipment with tiny high tech substitutes.  I had sent several of these scanners to a repair depot.  When I got an email titled “Your UPS shipment has arrived”, I thought nothing of opening it and clicking on the link.  I knew I shouldn’t have done it when my Anti-Virus program popped up to tell me that it had quarantined some mal-ware. 

I knew better.  I’m always telling people “Don’t click on links in email – that’s how you get a virus”.  And I’m pretty paranoid about my privacy.  Still, they got past my first line of defense that time.  That’s why it’s so important to have a “layered security system”.  I got tricked, and I clicked without even thinking.  I remain safe and uninfected because my anti-virus program is up to date and is monitoring every file I try to open.

Every computer user needs to be vigilant these days!   But it’s not all that difficult to keep your machine virus free and speedy.

  • Be careful what you click on!  Emails that appear to be from UPS, Fed-Ex, the FDIC,  NACHA are likely to be phishing expeditions
  • Install anti-virus software and keep it up to date. 
  • Download and install software updates for your operating systems and applications as they become available.

Security is never an end point that you can reach and be done with.  It is always an ongoing process.  Keep your self well informed and make security a habit. You manage your auto accident risk by obeying traffic laws, making sure your car is in good working order, and purchasing insurance.  A few simple habits can help you manage your cyber security effectively also.

Read Full Post | Make a Comment ( None so far )

Liked it here?
Why not try sites on the blogroll...