Translate

Tuesday, February 14, 2017

Geotagging and the Risks

There can be risks to sharing personal photos from your work-related cell phone device. The cell phone has become the number one device for taking pictures of family, friends, social events as well as business events.  Which poses the question how dangerous is it to store all of our pictures on our handheld devices. Social media and advertising agencies want to collect as much data about people as possible to learn our habits, like, and dislikes.  They want to know our location, for example where we eat drink and more or less socialize.  This type of information build demogragraphs that may be used to promote commercial products to the public but more specifically to you as an individual.

So let's take look at it a different sense, in the terms of security to your business, or the company you work for.  How are terrorist groups or business competitors tracking your daily movements to gain some kind of competitive edge?  Will they use this information for good or evil?  This, of course, would be a case by case scenario.

So back to the risk of Geotagging when it relates to photos.  Smartphones have e built-in GPS features so every time you take a picture the photo is embedded with a geographic location marker (latitude, and longitude).  Phones also have the capability to track your movements daily weekly, and so forth when the GPS feature is activated on your smartphone device.  Have you every been out to a restaurant, and all of a sudden you get a pop-up message asking you to rate the restaurant through social media?  So when you take a picture, that picture is marked with a time, and location.  So just think about the times you traveled for business and left your home unprotected.  This can be a significant concern for executives that travel frequently, and leave family behind. 

How do you protect yourself, and family?  How do very important members of businesses organizations protect their privacy, and reduce the risks to security leaks?

1. Turn off the GPS feature on your phone when it is not needed.

2. Use your business phone for business only.

3. Offload pictures to a cloud-based storage as soon as possible.

Recommended articles:


Monday, February 6, 2017

Identity Fraud

This is still a problem in 2017 and estimating to continue as long as the popularity if Social media continues to rise.  Have you ever been prompted to sign-in a website with you Facebook, or G+ credentials? Sure we all have right?  Single sign-on has made login into multiple servers across multiple platforms easy for people to navigate internal and external networks.

According to Wikipedia Social single sign-on using existing information from a social networking service such as Facebook, Twitter or Google+, to sign into a third party website instead of creating a new login account specifically for that website. If another person has you social sign-in credential just think about the numbers of ways private information could be used to set up commercial acounts on websites like Amazon, or Ebay.

How to protect yourself?

  • Use the least amount of information when registering on websites
  • use login names instead of E-mail addresses
  • never link an social account to sign-in to another website
  • when available set the highest level of security for social sites
  • share information only to friends and family on social media and not public
  • Read and understand website privacy and security policies
  • never give out you social security number (SSN)
  • verify the identity of callers asking to verify your identity based on your date of birth
These are jus a few suggestion to prevent identity theft.  The main idea is to keep what is private private. Store the least amount of personal information electronically as possible.  

Suggested Reading:





Monday, January 13, 2014

SMBS Testing Effectiveness of Anti Virus Software?

Is your current installed virus software protecting your computer system correctly and efficiently?  Many of our clients ask us that every day.  Sophos is a product that organization can use to test the efficiency their current antivirus software without uninstalling it. READ MORE

Firewall Protection in 2014

Next-generation firewallsCloud computing, virtualization and mobility have significantly changed how organizations conduct business. How people want to work has change dramatically in the past few years.READ MORE

Wednesday, December 18, 2013

White House sticks with double duty for NSA director.

The White House's decision, which is part of a wider review of US surveillance policy, comes just days before a presidential task force was expected to submit recommendations that "constitute a sweeping overhaul of the NSA," reported The Wall Street Journal earlier Friday, citing "people familiar with the plans."  READ MORE 

Sunday, December 1, 2013

Understanding Security Threats for Business – Securing Structured and Unstructured Data

Not enforcing a company's intellectual property rights could adversely affect the company's financial results.  Intellectual property rights, including patents, plant variety protection, trade secrets, confidential information, trademarks, trade names and other forms of trade dress, are important to the company's business.

Companies must design and implemented internal controls to restrict access to and distribution of its intellectual property. Despite these precautions, the company's intellectual property is vulnerable to unauthorized access through cyber-attacks, theft, and other security breaches.

Vulnerabilities are aspects of IT infrastructure that can potentially be exploited, leading to unauthorized access, loss or exposure of sensitive data, disruption of services, failure to comply with regulatory requirements, or other unwanted outcomes. Vulnerabilities can stem from many sources, including: software defects, improper configurations, human error.
Malware refers to malicious software or scripts designed to access or harm information technology resources without their owner’s authorization.
Hacking refers to intentional attempts to access or harm information technology resources without authorization by thwarting logical security mechanisms. Hacking is usually conducted remotely, lending itself to attacker benefits of anonymity, automation, and scale.


Typical Threat includes the following:

Blended threats, which are designed to exploit multiple channels for getting end-users to voluntarily give up private information:
·         Phishing refers to seemingly innocuous email that contains links to malicious executables or web sites; corporate, personal and web email are all active targets
·         Spear phishing refers to phishing that is directed at specific companies or specific individuals, in which attackers gather additional information in advance to personalize the email communication and thereby increase their likelihood of success
·         Vishing (a combination of "voice" and "phishing") refers to the use of fake phone sites; e.g., the end-user may receive an email requesting that they call a toll-free number, or they may receive a phone call requesting that they call a toll-free number or visit a website
·         Smishing (a combination of "SMS" and "phishing") refers to the use of short message service (SMS) text messages; e.g., the end-user may receive a text message requesting that they call a toll-free number or visit a website
·         Drive-by downloads, in which end-users unintentionally download and install malicious executables, for example:
·         By end-users merely visiting infected web sites, or by end-users purposely downloading and installing what they mistakenly believe to be legitimate software
·         Attackers are using search engine optimization (SEO) techniques to drive end-users to web sites that are infected with malicious code
·         Shortened URLs make it even easier for attackers to disguise malicious links, and to exploit end-user trust through social engineering
·         Anonymous proxy servers, which access Internet resources on behalf of the original requester, can be used by attackers to hide malicious target URLs from web security monitoring and filtering technologies
·         International domain names that contain no Latin characters have increased the opportunity for attackers to exploit malicious, mixed-character URLs that are visually indistinguishable from their legitimate counterparts


81% of all data breach incidents leveraged hacking, 69% involved malware, and 61% used a combination of both
 97% of data breaches could have been avoided through the use of simple or intermediate controls

By not implementing the right controls for access to data this creates an opportunity for internal threats to occur within a business organization.

The question is “are your employees selling you out to the best bidder or they just plain ignorant to the fact that some activities are leaving company data exposed to theft by a business competitor or opportunistic hacker."

Points of concerns that companies need to be ware of include:
·         Password policies need to be implemented infrastructure wide within an organization.  Complex passwords are the best password to use and should be enforced from an access control perspective allowing very little room for error on an employee’s part.
·         Control access to handheld devices such as Laptop, Smartphone’s, and Tablets.  Install company managed encryption and anti-virus software onto all of these types of devices.
·         Onboard and terminations policies are often neglected and opens the door for disgruntle employees to walk away from a company with trade secrets and confidential information. Restrict access to information through strict access control policies.  Remote wipe handheld devices, and recover laptops from terminated employees immediately.
·         Strict usage policies can prohibit employees from sending sensitive information via insecure e-mail.  E-mail content scanning technology can also help. 

This was just a shortlist of the many concerns companies need to be educated on.  Bringing consultants specialize in the area of Internal company security may be a good idea for SBMs not equipped with an IT security team.

I will be providing comprehensive articles and whitepapers on the security of Structured and Unstructured Data soon. 

What types of security issues are you concerned about in your business?
Recommended Reading:


Sunday, November 24, 2013

Is Bitcoin Technology Secure?

The Bitcoin value reaches an all-time high of more than $800.  Yet the public wants to know how to use the currency and how secure is the technology?   Bitcoin is an online financial network that people use to send payments from one person to another.  In no way can this technology be compared to credit cards or US currency.  The currency is decentralized which means that no one owns or controls the Bitcoin network.  It has a peer-to-peer structure, with hundreds of computers all over the Internet working together to process Bitcoin transactions.  Bitcoin is not regulated by the government.  So who in their right mind would conduct commercial transactions with the use of Bitcoin?

Bitcoin transactions became mainstream in 2011, and seem to becoming more and more popular.  There are almost 12 million bitcoins in existence, so the Bitcoin "money supply" is now worth around $7 billion.  This technology is highly innovative and attracting to interest of many computer geeks and hobbyist alike.   Why not be in a position where you can produce as much currency as you like especially when there are merchants/consumers that are willing to trade in it?  There are reports of 10,000 merchants accepting Bitcoins in 2013.  Bitcoin has been associated with some illicit activity as well.  Suspected to be used in illegal gambling and drug trafficking.  

Bitcoin Security

There are very few off-line Bitcoin transactions occurring across the country.  Do you really know who you are making the transactions with, and will legal agreements stand up in court?  Bitcoins are stored in wallets online or on a person’s local computer.  The files contain encryption keys, or secret codes that allow you to transfer bitcoins to other people.  Bitcoin technology is a prime target for hackers.  Maybe the best option would be to print out the currency by the use of a paper wallet and store the currency in a safety deposit box.  The best practice would be to store the currency on a computer that is never continuously connected to the Internet.

Read more about Bitcoin Technology


For nationwide computer repairs and serving call 1 888 556-6371