Ah, August is here.
And it’s back to school season where both students and parents are making plans for the big return. For some, technology plays a major role.
So here are some quick tips, parents, for when using tech as a tool:
*Plan a technology routine. By creating consistent tech-usage habits, such as limiting computer use to a certain amount of time per day, kids will learn how to better manage both their time and school workload.
*Don’t let technology interfere with sleep — this is crucial for learning.
*Introduce websites that could compliment learning, like Grammarly for writing help or Khan Academy for online lessons.
*LEAD BY EXAMPLE! If you aren’t always on an electronic device, your kids won’t wanna be either. Remember, they’re sponges.
On a more serious note, in addition to monitoring technology use, the FBI is reminding parents this year to review and monitor howtheir children use smartphones. Cell phones are a great way for parents to keep in touch with their children, but parents and kids alike need to recognize the risks that come bundled with that device.
From scams to cyber bullies—if your child is old enough to have and carry a phone, then it’s also time to have a conversation with him or her about potential risks.
Here are 10 basic phone/computer tips to help keep your child safe:
*The phone should default to a locked setting. The only people who should have that access code are the child and the parent.
*Parents should know every password to every device and every password to every app on that device. Sure, you want your kids to have some privacy as they grow up, but they are still kids. You pay the bill, and as long as that child is a child, he or she is your responsibility.
*Check those accounts — as well as instant messaging programs and texts — for disturbing content on a regular basis. You and your kids should have a non-negotiable understanding that this access is a requirement for continued phone use.
*Parents should make sure their child is using appropriate screen names. “Babygirl2005” and “sweet16” may sound cute and innocent, but they can be a beacon to predators.
*Check the privacy and security settings on the phone and the apps. Check regularly to make sure they are up-to-date.
*Learn about how photos are geo-tagged. Even if you are discreet about what you post, your photos could be tagged in the meta-data with your child’s exact location. Do you want just anybody to know what school your child goes to or what field his team uses for soccer practice? You should be able to turn this feature off in settings.
*Teach your kids to never respond to calls, texts, or emails from unknown numbers or people. Scam artists and predators will victimize anyone, regardless of age.
*Talk early and often to your child about the dangers that they may find on the other end of the line. If your child is old enough to carry a phone to school, they are old enough to have a frank discussion with you. Be open and responsive. If your child does encounter a bully or other disturbing content, you want them to feel like they can come to you to for help.
*Talk to your kids about what constitutes appropriate language and photos. One sexually explicit photo can change a life forever. It is crucial that they understand that just because something starts out as a private communication between two people does not mean that it can’t be shared with thousands of people in mere seconds.
*Teach your children to program the privacy settings on social media feeds to the highest level and to reject any “friend requests” from those they don’t know and trust in a face-to-face relationship. Parents should also consider forbidding any new “friend requests” by their kids, without parent approval.
If it’s not one thing, it’s something else.
This is pretty much how one can describe internet scams at any given point in any given year. There’s always something being thrown at us that progressively gets more and more difficult to detect; scams that threaten our security and our privacy.
At the moment, tech support fraud is out of control. The FBI’s Internet Crime Complaint Center (IC3) says it received roughly 11,000 complaints about tech support fraud in 2017 with claimed losses nearing $15 million. That’s a whopping 86% increase in losses over the numbers reported for 2016!
The IC3 warns that, “Criminals may pose as a security, customer, or technical support representative offering to resolve such issues as a compromised email or bank account, a virus on a computer, or to assist with a software license renewal.” Scary. That’s certainly someone you would want to trust.
Tech support scams can sneak up on you under many different guises — from a hijacked computer browser to a phone call or an email. To protect yourself, you need to know what to look out for. Here is what the IC3 says are the most common scams that try to trick you into thinking you’re dealing with legitimate tech support services:
Fake Website Pop-ups
Suddenly a message pops up in your browser while you’re surfing the web, warning that you have a virus on your computer. It may also include an audio message. It gives you a phone number to call for help. Heck, it may even have a reputable company attached to it like Microsoft! This can be jarring and you may feel like your browser is trapped, but don’t call the number. It connects you to a fraudulent tech support company. The scammer may try to get you to pay up to fix the issue or may try to gain access to your personal information.
Phishing Emails
An email arrives. It looks official. It’s a warning of a compromised bank account or credit card, or an alert about a problem with your computer or an online account. It encourages you to click on a link for assistance or to call a fake support number…
“Once the fraudulent tech support company representative makes verbal contact with the victim, the criminal tries to convince the victim to provide remote access to the victim’s device,” says IC3. As with the fake pop-ups scheme, the scammer may try to get you to pay up to fix the fictional problems with your computer or accounts.
The “Fake Refund”
This is an unusual approach criminals are using to gain access to your online bank account. The scammer contacts a victim to offer a refund for tech support services. To get the refund, the scammer talks you into giving them access to your computer. They then ask you to log into your bank account to process the refund. The criminal then gets access to your account to proceed to process a fake refund. This elaborate scheme involves transferring money among accounts and talking the victim into sending money to the scammer via a wire transfer or prepaid card.
The IC3 calls this particular scam a “widespread issue.”
Unsolicited Phone Calls
Not all scams start through a web browser or email program. The IC3 also cautions about unsolicited phone calls from a person claiming your computer is infected with a virus or who is sending error messages to the caller. Again, this turns into an attempt to extract payment or personal information. “Remember that legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals,” says the IC3.
So if the tech support world is fraught with peril, how does one protect themselves when they need real tech support help? The answer is simple — use a legitimate tech support provider with decades of experience and demonstrated expertise. The 20 is serious about superior IT support. We leverage the combined skills, expertise, and knowledge of hundreds of IT companies to tackle your IT problems quickly so you can simply focus on growing your business.
Don’t be a victim!
Everyone talks about employee onboarding, but what about offboarding? Whether the change in employment is due to termination, a layoff, the end of a contract, or employee choice, the circumstance can elicit a strong emotional response. Even employees who leave on good terms can get curious in the result of their departure. Without proper offboarding, former employees continue to hold the “keys to the kingdom.” Do you really want to risk your organization’s reputation?
Of course not.
Did you know that only 29% of organizations have a formal offboarding process in place? Or that 59% share access credentials with other employees? How about that 52% share access with contractors? Heck, 53% say it’d be easy for a former employee to log in and access data! And 50% report that it can take up to a week or more to remove access to all sensitive systems!
Well, surely you know that 55% of US companies report that their organizations have been breached in the past, and that 44% of them had breaches that together cost millions of dollars…?
You didn’t?! Wow. Well, isn’t that crazy?
Offboarding Checklist
Don’t be one of those statistics. Click here to get our offboarding checklist that you can use to reduce your organization’s security risk.
If you’re in the U.S. and concerned about data privacy, you can now breathe a sigh of relief. The nation’s highest court ruled last week that cellphone location data is protected by the 4th Amendment of the U.S. Constitution.
In the 5-4 decision, the court ruled that police must obtain a valid search warrant before obtaining location data on a suspect from cellular carriers. So, you do have some expectation of privacy while using your phone, despite the objections of law enforcement.
Origin of the Data Privacy Case
The case was brought by Michigan man, Timothy Carpenter, who was convicted of a string of robberies at both Radio Shack and T-Mobile stores. FBI agents obtained several months of location data from Carpenter’s cellular carrier, thus proving he was in the vicinity of each robbery. This piece of evidence was key in his conviction, but Carpenter’s lawyers appealed on the grounds that law enforcement didn’t get a warrant for the location data. As a result, they argued that the evidence and conviction should be thrown out.
Lower courts ruled against Carpenter, arguing that people have no reasonable expectation of privacy in their location data because they voluntarily submit it to 3rd parties (wireless service providers) and so no warrant is necessary.
The high court disagreed, however, stating:
Given the unique nature of cell phone location records, the fact that the information is held by a 3rd party does not by itself overcome the user’s claim to 4th Amendment protection… we hold that an individual maintains a legitimate expectation of privacy in the record of his physical movements as captured through CSLI. The location information obtained from Carpenter’s wireless carriers was the product of a search.
For context: As you go about your everyday life, your mobile phone regularly connects to the nearest cell tower – when you make calls, check your email, or look something up on the web; when an app running in the background makes a connection that you didn’t initiate; and every few minutes just to tell the cell tower, “Here I am, if you need to find me to send messages or connect calls.”
Data Privacy Regarding Cellphone Companies
Some cellphone companies record the date, time and which tower your phone connected to for every one of those contacts; other companies track everything except the “Here I am” check-ins. Either way, your cell company has stored in its databases an elaborate record of what cell towers your phone connected to and when, covering 24 hours a day, 365 days a year. The cell companies retain that information for as long as 5 years. It’s more than enough data to reconstruct where you were – or rather, where your phone was – anytime in that 5-year period. It can pinpoint a physical location pretty closely within a city, and within a couple of miles in a rural area.
The question before the Supreme Court in this case, Carpenter v. United States, was how hard it should be for police to get that information from a cellphone company.
Exactly what this ruling means for privacy in the internet age remains to be seen – and litigated in future cases. These days, people’s most private information doesn’t reside on pieces of paper locked in office or home desk drawers; it lives on internet servers operated by private companies. The federal government has claimed sweeping power to get documents and emails from those companies without a warrant.
The Carpenter ruling has made clear that, at least some of the time, a warrant is needed. The 4th Amendment was designed, the court explained, “to place obstacles in the way of a too permeating police surveillance.” That means that it can’t merely protect people’s physical homes from search. Sometimes it also limits the government’s ability to demand personal information in the hands of 3rd parties.
To be continued…
Ransomware keeps appearing in headlines; attacking hospitals, banks, school districts, state and local governments, law enforcement agencies, as well as businesses of all sizes.
Holy moly. This isn’t good.
It’s reaching an epidemic level. The number of people targeted by ransomware is staggering: in the U.S. alone, 4.1% of the population (13.1 million). Back in 2016, cybercriminals collected $209 million in just the first 3 months from ransomware!
What is ransomware?
So what is it? What is this software wreaking havoc all over the globe?
Ransomware is a form of malicious software (or malware) that, once it’s taken over your computer, threatens you with great harm, usually by denying you access to your data. The attacker demands a ransom from the victim, then promises — though not always telling the truth of course — to restore access to the data upon payment. Users are then shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals typically in Bitcoin.
Ransomware has come to be viewed as an epidemic, expanding to more attacks from PCs to mobile devices and IoT. It is typically delivered through phishing emails, drive-by downloads or malvertising.
There are a few types of ransomware
- Crypto Ransomware
- Locker/Lock-Screen Ransomware
- Rogue Security Software: Fake AVs
Crypto Ransomware are variants that encrypt data on an infected host, and demand ransom in exchange for decrypting it. This is currently the most common ransomware type in the wild. Locker/Lock-Screen Ransomware are variants that deny access to the infected host and extort the victim for money in exchange for “releasing” it. Such variants are particularly popular among mobile ransomware. And finally, Rogue Security Software: Fake AVs are programs that “warn” the user against malware, which has already allegedly infected the host and can only be removed by purchasing the malicious “security software.”
There are several different ways attackers choose the organizations they target with ransomware. Sometimes it’s a matter of opportunity: for instance, attackers might target universities because they tend to have smaller security teams and a disparate user base that does a lot of file sharing, making it easier to penetrate their defenses.
On the other hand, some organizations are tempting targets because they seem more likely to pay a ransom quickly. For instance, government agencies or medical facilities often need immediate access to their files. Law firms and other organizations with sensitive data may be willing to pay to keep news of a compromise quiet — and these organizations may be uniquely sensitive to leakware attacks.
But don’t feel like you’re safe if you don’t fit these categories: some ransomware spreads automatically and indiscriminately across the internet.
Defensive steps to prevent ransomware infection
There are a number of defensive steps you can take to prevent ransomware infection:
- Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
- Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
- Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
- And, of course, back up your files, frequently and automatically! That won’t stop a malware attack, but it can make the damage caused by one much less significant.
Good luck out there.
The Dark Web… sounds scary, doesn’t it?
And what is it? Like that Experian commercial you see on TV that promotes “free Dark Web scans” – WHAT ARE THEY TALKING ABOUT?
Where is the Dark Web?
Well, there are basically 3 parts to the world wide web:
- The Surface Web is everything that’s publicly available and accessible through search engines or typing a URL into your browser.
- The Deep Web is all the content on the web that is not indexed by standard search engines, such as email clients and online banking websites.
- The Dark Web refers to heavily-encrypted sites that cannot be accessed with your average, run-of-the-mill browser. As a result, these sites are often used as a black market, and as a source for hacked data. They can have a number of other purposes as well, but, without the right software, you may never know they exist.
The anonymity of the Dark Web
The main characteristic of the Dark Web is its anonymity. It’s widely used as an instrument for illegal activities as a result. These activities include child pornography, drug dealing, firearm sales, and trading stolen credit card numbers.
The most famous example of illegal Dark Web activity was Silk Road, which used a combination of Bitcoins and the Dark Web to exchange drugs internationally. Law enforcement agencies took down the online marketplace in 2013 and arrested its alleged founder — and again, in 2014.
All the common dangers of a traditional black market exist on the Dark Web. However, there are also some unofficial dangers to be a wary of. Many of those who operate in the Dark Web have no problem exploiting you in any way they can — and since many of them are hackers or at least know how to use hacking tools, they can be dangerous.
As a result, there are many tales of blackmail peppering the Dark Web, from people who are somehow identified there, or tricked into giving their information. Downloads also tend to be even more suspect in the dark corners of the internet, so your computer may be in danger as well.
10 most common pieces of information on the Dark Web
Speaking of Experian, they compiled a list of the 10 most common pieces of information sold on the Dark Web and the general range of what they sell for:
- Social Security number: $1
- Credit or debit card: $5-$110
- Online payment services login info (e.g. Paypal): $20-$200
- Loyalty accounts: $20
- Subscription services: $1-$10
- Diplomas: $100-$400
- Driver’s license: $20
- Passports (US): $1000-$2000
- Medical records: $1-$1000
- General non-Financial Institution logins: $1
Frightening, isn’t it? A bit overwhelming? Well, it’s important to be aware of what is going on so you can protect yourself.
What Dark Web threats can do with Social Security numbers and medical records
And you have to ask yourself what these things are worth to you. Especially your Social Security number and medical records. If there is a breach, hackers can potentially blackmail you for a lifetime. If your medical record contains sensitive protected health information (PHI) such as cancer diagnoses, sexually transmitted diseases, or psychological conditions, you could be subject to public embarrassment or political assassination. During the 2016 election, fake electronic health records for Democratic candidate Hillary Clinton were publicized that raised questions about her health and may have contributed to her loss.
Protecting yourself from the Dark Web
There are several measures you can take to protect your own personal information such as:
- Maintaining healthy password practices
- Not sharing your personal information unless it’s necessary
- Utilizing two-factor authentication
- Making sure that you keep your antivirus software and software updated on all devices (computer, laptop, tablet, phone) current.
The 20 can help you with all of these – locate an IT provider today!
I thought I had a bad weekend. Then I heard about the Chili’s Data Breach.
Turns out Brinker International had issues that far outweigh the problems from sleeping on a 10-year-old mattress. The parent company of the Dallas-based Chili’s Bar & Grill said it learned of a data breach on Friday that included payment card information possibly being compromised between March and April of this year.
Brinker International responds to the Chili’s data breach
According to a press release on Brinker International’s website, the company said the following:
Based on the details of the issue currently uncovered, we believe that malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident.
Chili’s does not collect certain personal information (such as social security number, full date of birth, or federal or state identification number) from Guests. Therefore, this personal information was not compromised.
Brinker apologized to those who may be affected and said it is working with third-party forensic experts to investigate. “We sincerely apologize to those who may have been affected and assure you we are working diligently to resolve this incident,” Brinker said in a written statement on its website.
Additional information about the breach can be found on the Brinker International site.
Brinker International shares so far are down 0.87% as a result.
Upon further investigation, I found that Brinker International recently brought on a company called Red Hat solutions to offer support for its guests across its mobile app, website, in-restaurant table kiosks, and curbside dining. By using Red Hat solutions, according to their website, “Brinker built a unified e-commerce environment to support faster development and deployment, scale to meet peak traffic demands, and ensure the protection of guest data.”
Red Hat published a Brinker International case study shortly thereafter and stated that, “This is a guest-facing platform that takes credit card transactions, so it’s got to be highly secure… with a Red Hat-based container, we know it’s from a trusted partner and know it meets all PCI [Payment Card Industry] requirements, while letting developers and other internal users to spin up environments quickly.”
Could the Chili’s data breach have been prevented?
Not to place blame, and this is highly speculative, but did Brinker International or Chili’s themselves drop the ball by not fully utilizing its tools? With Red Hat meeting the requirements of PCI compliance, did Brinker or Chili’s overlook something? Too many false positives? How vulnerable were they? Was payment information shared and stored somewhere it shouldn’t have been? Obviously without any information provided from the forensic investigation, it’s all speculation at this point. But it just goes to show how important it is to have all of your ducks in a row. There is no substitute for having your I’s dotted and your T’s crossed when it comes to data protection. I’m sure there’s another cliché I could come up with, but I think you get the point.
Data breaches have been all too common in today’s cybersphere. A series of notable ― and massive ― data breaches occurred last year. Equifax, Uber, the Dallas emergency siren network and state election systems were just a few of the targets of successful hacks.
The title seems a bit obvious, right? Of course data privacy is important. I mean, how could not keeping your data private be a good thing? Spoiler alert: it can’t. There’s only a downside.
Well what “data” are we speaking of, first off? That seems pretty vague…
For us as individuals, data can simply refer to what makes us all identifiable. This can include our address, our Social Security number; health and medical records to take it a step further. For the business sector, it can mean proprietary research and development data, or financial information that shows how a company is spending and investing its money.
And all of this information should be guarded based on relative importance. An example being that you probably wouldn’t think too much about sharing your name with someone you’ve never met before, while introducing yourself to them at a party. But then there’s other information you wouldn’t share with them, at least not initially, until you got to know that person a lot better. If you’re opening a new bank account, however, you’ll probably be asked to share quite a bit of personal information, that goes well beyond your name, and that’s okay.
Digital everything amplifies the importance of data privacy
But in 2018, everything is digital. We’ve digitized everything. This may not technically apply to everyone (shout out to all the senior citizens out there!), but by and large, it does. And if you’re reading this blog, it absolutely does.
When data that should be kept private gets in the wrong hands, bad things can happen. A data breach at a government agency can put top secret information in the hands of the enemy. A breach at a corporation can put proprietary data in the hands of a competitor. And so on and so forth; you get the point.
The Online Trust Alliance (OTA) in 2016 found that 34% of data breaches happen through external means. This is the traditional idea of hacking, where a perpetrator gains access to a system from the outside. About 7% of breaches occurred because of lost or stolen devices, and another 9% occurred because of lost, stolen or misplaced documents. While some of these issues happen by accident, others are planned attacks by hackers to acquire data.
Securing information is key to data privacy
Data security can only work in concert with strong preventative policies to back up the technology. While data security measures can be quite effective, important strategies such as keeping up with patches and utilizing encryption can help ensure that the technology actually works.
Securing information will continue to play a massive role in not only our personal lives, but in business and government. At The 20, our IT Management Platform, 24/7 Help Desk, and Network Operations Center (NOC) are 100% US-based so client information stays secure and in compliance with federal and industry regulations. Our nationwide group of IT companies support almost any technology we come across in the field, which gives us a competitive advantage that no other IT company can touch.
What are you doing to keep your data private?
IS YOUR #SMALLBIZ SAFE?
Small businesses are the target of almost two-thirds of all cyber attacks.
Download our infographic on the negative effects data breaches can bring to a company.
