Securing your Mobile Devices

Mobile devices such as smart phones and tablets have become a major part of a lot of our lives. Devices including Android phones, Iphones, and Ipads can do just about anything a normal computer can do, so they are vulnerable to most of the same things. Many people also link their mobile device to their work somehow. If you have your work email connected to your phone or tablet, chances are that you have private and/or confidential data on your device.

With the rise of popularity of these mobile devices, hackers have begun to target them. Some viruses will have your phone make calls to premium numbers thereby directly giving hackers your money. Other viruses will steal your phone or email contacts making spammers jobs that much easier. As stated above, your phone may have private and/or confidential data and you would be surprised how much that information can be worth to some people.

There are things you can do to protect yourself.

1. The first thing you should do is set a screen lock for your phone. Usually the options for this is require a pattern, pin, or password to unlock your phone. The pattern is the least secure of these options while the password is the most secure.
2. Download an antivirus program. While these programs are not as sophisticated as the AV programs on your PC, they do a great job. Most of the major AV companies provide mobile protection so you can pick your favorite. There are also free choices as well as paid programs.
3. Download the Lookout Security https://www.mylookout.com/ mobile app. This is a free app that can also provide premium services for a fee. The services are:
• Scanning Apps for Malware or Spyware. This is done as you download apps and on-demand.
• Data Backup. Regular backup of your data.
• Missing device protection. This service can locate, lock, scream or even wipe your device in the event is goes missing. This is done from the Lookout website.
• Privacy Adviser (Premium). This will scan your apps and let you know what information they can access.
• Safe Browsing (Premium). This will help protect you from malicious content will browsing the web.
4. Review the permissions you are giving an app when downloading it. If your downloading a magazine app and one of the permissions include making calls or reading contact information, this can indicate a problem. Use your best judgement when downloading apps. You should also do some research before downloading apps on your phone or tablet.

By taking these simple steps, you can have the peace of mind knowing that data belonging to you, your employer and even your customers and business partners are more secure.

General Windows PC Security

This week I will describe general safety and security that everyone with a computer should be implementing. This includes running antivirus, using passwords, and keeping programs up to date. These are the things that should be done at a minimum to keep your computer secure.

Antivirus ( or AV ) should be run at all times. This is a program that specializes in finding viruses ans quarantining them. Most AV programs can be bought such as Mcafee and Norton. If you do not want to pay for AV then there are great options such as Avast! Antivirus ( www.avast.com ) Things to consider with your AV is keeping it up to date and running periodic scans. The easiest way to handle this is to automate this. What I mean by that is that there are usually options to make it automatic. So you can set it, then forget it.

Passwords is a topic that often comes up in my blog so I hope you can see it is important. Passwords should be set for all your accounts. This can be done in Control Panel -> User Accounts. This will keep people from accessing your computer when you don't want them too. For more information on passwords, see my earlier post.

The last item I will discuss is keeping programs up to date. This is where people start to shy away since it can get complicated so I will try to demystify it. The reason you want to keep programs up to date is because hackers constantly find new ways to get in to your system and programs release "security updates" to "patch" these vulnerabilities. If you are not patched, you are vulnerable to known "holes" into your system. Here is what you should keep up to date at a minimum:

• Windows OS.
• This is done via Control Panel -> Windows updates
• Microsoft Office
• This is done via Control Panel -> Windows updates
• Your Web Browser
• This varies between browsers but I suggest using something like Google Chrome that updates itself.

To wrap up I would like to suggest that you download Baseline Security Analyzer. This will scan your computer for the items I mentioned above plus more and tell you how to fix it. Get it here http://technet.microsoft.com/en-us/security/cc184923.

Facebook Security

This week I thought I would take some time to talk about Facebook. Facebook is so commonly used, it is no surprise that hackers would target it and the users on it. The question is, what do they want and how do they get it?

The short answer, they want access to your account. There are several reasons for this. Many people have weak passwords and weak security settings. Until recently, Facebook did not help much in securing your profile.

Hackers want to use your account to:

1. Spam
2. Spread Viruses
3. See your personal information
4. Much more

Secure Yourself

There are several things you can do to protect yourself. The three main things are strong password practices, Facebook security settings, and minimizing the amount of personal information on available.

Passwords should not be weak. They should be hard to guess, and meet the requirements of hard passwords.  It should also be unique in that the password is not used for other accounts. As always, don't ever tell anyone your password. Getting your password is the easiest way for hackers to access your account. For more information on passwords, see my earlier blog post.

You should be careful about what programs or apps you give permissions to.

Facebook offers security settings under Account, then Account Settings, then Security. I encourage you to explore all of these settings, but I will go over the ones I think are most important.  

• Secure Browsing. You should enable this. This basically encrypts your session. Without this, everything you do goes over the wire in "clear text", which means anyone can watch what your doing. Hackers can also "hijack" your account if your on a public network. This allows them access to your account without even a password. 
• Activate Login notifications and you will know whenever someone accesses your account. You can also activate login approval to add an extra layer of security. 
• You should periodically check Active Sessions. This will let you know who is currently logged on and if you don't recognize it, you can end the session.

For privacy, there are a few things you can do. The first is to realize that anything you put on the web can be viewed by other people. So keep that in mind when posting things on Facebook. On that subject, remember that prospective employers will often check your Facebook. The next is limit the information available on Facebook. Keep your phone number, address and other information that can be used against you off there. Lastly, do not go around clicking every link you see. There are many malicious links out there.

I've Been Hacked!

The section is what to do if your account does get hacked. 

First, end all active sessions as described above. Next change your email password and your Facebook password. Why your email password? It is possible that a hacker could have your email password and will just reset your Facebook password after you change it.

Next, if you haven't already, follow the tips above about the Security Settings.

Erase anything that was posted on your wall that you did not put there. If you see these "bad" links on your friends walls, first Report the link, then let your friend know about it.

Last, scan your computer for viruses and clean them.

There is much more you can do to secure your Facebook account and protect yourself. Check this out to start: 

https://www.facebook.com/security

As always, feel free to contact me with questions.

Avoid Spam

As a follow up to last weeks post, here is how to avoid getting spam in our inbox from the start. This list is not exhaustive but should be a very effective start in reducing the amount of spam you receive.

A. Don't visit questionable websites.
 1. This is good advice to begin with. There are a lot of sites out there with malicious intents.
 2. This includes not clicking links that you don't know about or are unsure of, especially from emails.

B. Don't give out your email address.
 1. If you do happen to visit one of the questionable sites just mentioned, just don't give out your email address.
 2. Once someone has it, they often sell it to spammers.
 3. Stores will often ask for your email as well. This is not needed at all. There have been cases where stores have sold email addresses or their list was stolen by hackers.

C. Make a secondary email account designated for junk.
 1. If you do feel compelled to fill out the forms at websites you're unsure of, a secondary email address is well suited for this.
 2. This can also be the address you make public to people on your web page.

D. Do not publish your email address.
 1. It is easy for someone to send you spam when your address is made public.
 2. As I just stated above, you can use your secondary address when you have or want to do this.

E. Remove from List
 1. Most commercial emails have a link at the bottom to remove yourself from the distribution list.
 2. This is usually very small, so look hard for it.

F. Report the Spam
 1. Most email clients have a way for you to report the email as spam.
 2. This will help that client filter spam better in the future.

G. Edit Settings
 1. Sites like Facebook or others associated with your email should have settings that determine how much mail they send you.
 2. You can also sometimes decide whether your email is visible or not.
 3. You should also read website's Privacy Policy before giving your email address

How to deal with Spam

Spam is a big problem that anyone with an email address has to deal with. Although I title this post about spam, I am going to discuss any unwanted email. Spam can be defined as unwanted electronic mail or disruptive messages. There are several reasons to spam including advertising, obtaining information, or being destructive. Spamming is also a multi-million dollar business. It is estimated that spam takes up about 80 to 90 percent of the total email sent today.

Here are some of the types of spam.

• Commercial spamming is the most common type of spam. It is simply meant to get attention to a product. 
• "Phishing" attempts are another type of spam. These are emails that are meant to scam or trick you into providing some kind of information. 
• Malicious spam are emails that try to spread viruses or get you to go to a malicious website.

So what do you do about it? Spammers are good at getting past filters so sometimes a spam email can get into your inbox and it's obvious spam. If you see these, simply do not open it and delete it. If  you receive an email from someone you do not know and you weren't expecting it, it is usually junk. Next, do not give out personal information in response to emails. Spammers have many methods to trick you and are professional scammers. Information spammers want are your name, position, address, phone number, passwords, credit card numbers, and much more. When in doubt, do not reply with this information.

Another thing to know is that even though an email may come from someone you know, it can still be malicious. If something looks out of the ordinary, it may indicate your friend has a comprised email address.

Malicious emails are very difficult to deal with. Once again, if you know it's spam, just delete it. Some other things to keep in mind are attachments and links. If you were not expecting an email with an attachment, do not download it. Executable files (.exe) are the most dangerous, there is almost no reason to send an exe file except to send a virus. Microsoft Office files (Word and Excel for example) can also be dangerous. As for links, don't click them. Simply going to a website can give you a virus.

If you do get spam at work, this can be more serious. Workplaces usually have some kind of enterprise spam filter. Therefore, if you are getting spammed a lot, telling your IT staff about it is a good idea. If you suspect a phishing attempt where they are trying to get confidential work information, you can let your manager know.

If you want any more information on this topic, please feel free to ask.

Password Management Made Simple

I felt it appropriate to make my first blog posting on passwords. Password exploitation is one of the most common techniques hackers use. Today, you can hardly go to a website without it asking you for a username and password. While this is a good thing for security, it can make things very inconvenient for you. The problem is, if your password is easy to guess, and used on multiple sites, a hacker can quickly have access to everything about your life. 

As an example, lets say you commonly use your dog's name as your password. You make a log in on a site that you use once and completely forget about. Little do you know that this site does nothing to secure customer information. A year later, a hacker steals the password file for this site. He starts to examine yours and realizes you use it for everything, including your banking website. Next thing you know, there's money missing off your account and you have no idea how. 

This happens more often than people may think.

I have a few simple steps you can use to protect yourself from a situation like this.

1. Don't make your passwords easy to guess.
• Don't use things like your pet's name, your child's name, or your favorite sport. 
• Don't use individual words for your passwords. There's an attack called a "dictionary attack" where a hacker will try every word in the dictionary as your password.
• Your passwords should, at a minimum be 8 characters long with one capitol letter, one lower case letter, one number and one special character.
2. Don't reuse passwords
• As described in the example above, if you reuse passwords, a hacker only needs to compromise one site to have access to many of your other accounts.
• Remember, if someone gets a hold of your email account, they can probably reset most of passwords pretty easily.
• If you forget it, you will lose access to many sites.
3. Don't tell others your passwords. Ever.
• Your boss, IT, or important sounding person on the phone do not have any reason to know your password. Social Engineering is a common technique hackers use where they may call or email you pretending to be one of those people. Even if you know for sure that the person is who they say they are, they still do not need your password.
• When you log in and do something, that something gets logged and this leaves an audit trail. If someone does something malicious with your credentials, you will have a hard time proving it wasn't you.
4. Change your password every 3 - 6 months.
• If your password does get compromised without you knowing it, changing it on a regular basis can suppress some of the damages.
• Don't just change a "1" to a "2" when changing your passwords. Hackers know all about this technique. 
5. Consider using a password manager.
• A password manager keeps track of your passwords. The advantage is you only have to remember one master password, all your passwords can be different, and all your passwords can be more secure.
• There are many available from open source KeePass http://keepass.info/ to in the cloud LastPass https://lastpass.com/. 
• The initial set up may take a some work (maybe 10 minutes) but in the long run, this will save you a lot of time. 

As you can see, at first glance, password management looks intimidating but there are many things you can do to protect yourself and keep the process simple. There is more to lose than you may realize and you can be targeted. I hope this helps keep you more secure and gives you better peace of mind.

Introduction to my blog

The purpose of this blog is to give advice and educate everyday computer users about how to protect their computers and even sensitive data. The reason this is important is because most people think it is the job of IT to keep computers and networks secure. While this is true, it is everybody's duty to protect the things they own or are responsible for. A common example I use is that even though most people aren't physical security experts, they still lock their doors at night. Often times, hackers take advantage of the weakest link in the computer security chain, the non-technical people.

Organizations give sensitive information to almost every employee they have. The amount of ways to get to that information has increased also. Smart phones, email, WiFi, and much more. I would like to give the knowledge to people to secure this information and fight back. The best part about this is that you do not need to have technical knowledge to accomplish these tasks.