4 Strategies for CEOs to Win Their Cyber Security Tug of War

 

The cyber security tug of war is never ending even though chief executive officers and board members now get the importance of protecting their companies’ information assets. They’ve learned to fear cyber-security threats because they could lose their jobs.

If this is all true, why then are there incessant, worldwide cyber attacks? Business Web sites are facing an increasingly intense full-court press from cybercriminals – cybercrime now costs businesses $1 trillion.

business,men,metaphors,women,challenges,competing,power struggle,ropes,suits,sunglasses,tug of wars,people,occupationsOstensibly, executives still don’t understand all the nuances and methods used against their companies’ assets. And yet there are plenty of ways to understand the risks.

Companies face cyber-security issues in countless ways — from customer service and finance to human resources.

Often, companies and their employees self destruct. For instance, an epidemic of social-networking attacks represents unprecedented dangers to companies. In just one case, a Facebook user cost her company a $1 million loss.

The uninsured million-dollar loss wouldn’t have occurred if the company incorporated the right safety measures.

While it’s important to secure business assets but CEOs still can’t calculate their returns on security investments.

You’ve heard of the old saying: “Garbage in, garbage out,” right? Human conduct – intentional or otherwise — is the reason for most security risks. But for many people, old habits are hard to break.

CEO leadership is vital

President Harry Truman was famous for saying, “The buck stops here.” That’s true for CEOs in cyber security. The CEO has to see to it that their companies manage the risks and that they stay in close communication with their information technology managers.

But it’s a difficult task because CEOs don’t have reasons to respect their chief information officers. Indeed, CEOs have long complained to me about information technology.

They complain about high-priced consultants, and that IT projects are too expensive and fail to yield a return on investment.

And two studies underscore the need for IT professionals to become more businesslike.

So, CEOs must act.

To guard against cyber risks, here are four must-do strategies:

  1. CEOs must communicate proactively in cyber-risk management. Communication with IT professionals must improve – dramatically. Analysis should include priorities, the potential dangers to information assets and the tradeoffs.
  1. CEOs must direct security initiatives at every level and opportunity. This includes being transparent with customers and potential customers in the marketplace before and after any cyber attack.
  1. CEOs must be role models in security. They must walk the talk in cyber security matters. Only then will they be effective in motivating staff to use security measures.
  1. CEOs must make sure all employees and vendors employ security controls and diligent follow policies. It should be an ongoing process to monitor security issues to insure progress.

Short of implementing these four strategies, companies will not be able to innovate and prosper.

From the Coach’s Corner, here‘s more:

Do BYOD Headaches Outweigh Benefits? Yes — More than half — 53 percent — of surveyed global businesses admit they’re not ready to defend against attacks on their employees’ bring their own device (BYOD) devices. Nearly all say their devices might have been attacked, according to a 2014 study.

4 Recommendations to Avoid Spending Too Much on IT — To take advantage of big cost savings in information technology, a study says businesses need to change their buying habits. Here’s how.

4 Keys So Marketing and IT Can Create Business Revenue — Businesses will generate more revenue if their information technology and marketing professionals strategize more effectively. For instance, success in e-commerce is increasingly challenging for companies that want to dominate in brand preference, customer loyalty and word-of-mouth advertising.

 How to Enhance Security in Your Company’s Wireless Network — Do you take it for granted that your wireless network is secure? Don’t make that assumption. Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues. If you’re really serious about security, WIFI might not be for you.

“Unless and until our society recognizes cyber bullying for what it is, the suffering of thousands of silent victims will continue.”

-Anna Maria Chavez

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

Secure Your Android from Viruses and Malware with 5 Tips

 

Hopefully, you haven’t had the nightmarish inconvenience on your Android from viruses and malware, which have plagued many users.

Countless headlines detail the cyber dangers associated with Android-based devices. However, don’t for a second assume you’d be safer with an iPhone. Cyber criminals chew up Apple products, too.

It’s vital to avoid the applications that hurt your Android’s software with exposure to viruses and malware.

business,cell phones,communications,people,reflections,technology,womenHere are five tips:

1. Do your research before installing apps

Just because you see several promotional messages for an app doesn’t mean it’s a good idea. Advertising scams are skyrocketing.

Four example, advertising scams that prey on Internet consumers have prompted four Internet companies to band together to fight the abuse.

The scams use harmless-looking ads to trick consumers into using phony tech support that actually enable cybercriminals to invade the unsuspecting owners’ devices.

So avoid advertising scams that trick you into asking for tech support.

Meantime, if you’re uncertain of the source for any of the apps, remember the phrase: “When in doubt, don’t.”

2. Install only from Google Play

Avoid the myriad of online download locations. Avoid the temptation to install free apps. For the safest downloads, use Google Play.

3. Prevent installation with the lock system

Uncheck “install from unknown sources.” Your Android should have access to Google Play. It should also have a locking mechanism that prevent apps from downloading on your phone.

In your settings, enable “verify apps from unknown sources.”

4. Read the fine print

You must check out the permissions. Even if you download from Google Play, the app will proclaim permissions. That means permissions to your phones other options.

Such accessibility is important for certain apps, but be sure to read the reasons for the access.

5. Install an anti-virus software

Downloading apps from Google Play isn’t a 100 percent guarantee of safety, despite Google’s precautions. So to be sure, install a reputable anti-virus software.

From the Coach’s Corner, here are more mobile security tips:

Security Steps for Your Mobile Device in Online Banking, Purchases — Almost 90 percent of Americans use a cell phone and more than 50 percent have smartphones, according to published reports. They also indicate 28 percent of smartphone owners use their devices for online banking.

Tips to Prevent Hacking of Your Bluetooth — Bluetooth technology, of course, allows you freedom when talking on your cell phone. But you’ll lose other freedoms if you don’t prevent scammers from exploiting your system via a trend called “bluebugging.” Beware, cybercriminals using software, are able to intercept your Bluetooth signal to hack into your phone.

8 Tips to Avoid Being Victimized by Phishing Scams — Despite all the publicity about phishing scams, even employees at a major health provider and university system are guilty of risking personal data, including medical information and Social Security numbers, for thousands of people.

BYOD, Mobile-Banking Warnings about Security Prove Prophetic — Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

Do BYOD Headaches Outweigh Benefits? Yes — More than half — 53 percent — of surveyed global businesses admit they’re not ready to defend against attacks on their employees’ bring their own device (BYOD) devices. Nearly all say their devices might have been attacked, according to a 2014 study.

We’ve gotten to that perfect crossing point where all of the things which have prevented criminals from leaping into the wireless space have been eroded.

-Gareth Maclachlan 

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

Tips to Avoid Advertising Scams Tricking You to Ask for Tech Support

 

Advertising scams that prey on Internet consumers have prompted four Internet companies to band together to fight the abuse. The scams use harmless-looking ads to trick consumers into using phony tech support that actually enable cybercriminals to invade the unsuspecting owners’ devices.

AOL, Facebook, Google and Twitter formed TrustInAds.org (trustinads.org) to warn consumers about the heinous online ads.

“Among the legitimate online ads offering valuable tech support services to consumers are some from bad actors attempting to prey on unsuspecting internet users,” said Rob Haralson, executive director of TrustInAds.org. “These bad actors, often highly sophisticated, go to great lengths to hide under the radar from the manual reviews and automated filtering technologies used to catch fraudulent ads.”

academic,children,computers,education,daughters,helping,homework,learning,mothers,parents,students,studying,technologyTrustInAds.org keeps consumers informed about advertising scams, will identify trends, and will warn consumer advocates and policymakers.

Typical scams

Facebook and Google learned that cybercriminals were placing ads with them to con people to visit Web sites, which advised them telephone an 800 number for tech support.

Facebook and Google deleted more than 4,000 suspicious advertisers that were tied to more than 2,400 phony tech-support Web sites.

Instead of getting assistance, consumers reached phony tech-support people. The cybercriminals talked the unsuspecting consumers into downloading software that was actually malicious malware.

The harmful apps included adware, keystroke loggers, spyware and viruses.

“While limited in volume and scope, these tech support ad scams not only present a real problem for victims, but also for advertising platforms, publishers and legitimate advertisers,” added Mr. Haralson. “Internet companies have worked hard to remove these ads from their platform, but they need consumers’ help too.”

If you spot suspicious ads on AOL, Facebook, Google or Twitter, go to trustinads.org/report.

The companies issued four tips:

1. Have a clear understanding from which provider you are soliciting tech support. 

Checking the website of the product’s provider, or calling the provider directly, should always be the first step to solving a tech support issue. However, some may choose to seek support from a third-party provider. Consumers should know who they are seeking support from, as some scammers pose as representatives as official representatives of brand-name companies.

2. Never give a password over the phone and be suspicious when asked to download software.

No legitimate company will ever ask a consumer to provide a password to their account over the phone, and at no point should anyone be required to download a piece of software from a third-party tech support provider in order to solve an issue.

3. Keep operating systems and antivirus software up to date.

Users should always make sure they are running updated security/antivirus software on their computers that can detect problems as soon as they appear.

4. If you become suspicious of an ad or are victimized by a scam, REPORT IT!

One of the best ways companies can defend users from harmful scams and bad ads is through user feedback.

From the Coach’s Corner, here are more cyber security tips:

Tips For Internet Security to Prepare you for New Cyber Attacks – Do you need more evidence to be diligent in using best practices for security on the Internet? According to a Web security study in 2013, Internet attacks have been impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities.

More Cybercrime Serves as Warning to Take Defensive Precautions – Cybercrime is only getting worse. From both sides of the Atlantic Ocean, here are three examples of countless crimes: Authorities including the Secret Service are investigating the hacking of retailer Target in 2013 – hackers stole credit and debit card data from 40 million customers.

Why Many Healthcare Workers Are Alarmingly Responsible for Medical ID Theft – Medical identity theft is skyrocketing. It’s the fast-growing trend in ID thievery.

BYOD, Mobile-Banking Warnings about Security Prove Prophetic – Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

“We worried for decades about WMDs – Weapons of Mass Destruction. Now it is time to worry about a new kind of WMDs – Weapons of Mass Disruption.” 

-John Mariotti

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

How to Enhance Security in Your Company’s Wireless Network

 

Do you take it for granted that your wireless network is secure? Don’t make that assumption.

Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues.

If you’re really serious about security, WIFI might not be for you. A wired network might be more desirable.

clipped images,computer screens,computers,cropped images,cropped pictures,icons,locked,locks,monitors,padlocks,PCs,PNG,securities,technologies,transparent backgroundAdmittedly what follows isn’t a comprehensive, sure-fire set of strategies; however, there are ways to enhance your chances for a secure wireless network.

Here are eight recommended security steps:

1. Change your default password.

It’s easy for hackers to learn your default password. Router vendors’ passwords are widely available to them. When you launch your wireless system, change the router’s default password. If your system is operating buy you haven’t changed the password, do it now.

2. Use WPA2 encryption, not the old WEP encryption.

It’s important to encrypt your system to prevent nosy parties from observing your activities. But WPA2 provides better security than WEP.

3. Use a sophisticated passphrase.

Don’t use a passphrase that can be easily hacked. Your passphrase should have at least two dozen characters — upper and lower case letters, numbers and symbols.

4. Don’t use ordinary SSID names.

SSID, or service set identification, is a name that identifies your wireless network. SSID is a weak form security.

Some IT people mistakenly think all they need to do is  turn off SSID broadcasting. If you have an IT person, don’t let the person make this mistake. Hackers know how to render the action as useless.

So change the default SSID along with the passphrase to make it more difficult for hackers.

5. Disable your WPS, or WIFI protected setup.

WPS is a an eight-digit PIN number that’s on the device’s back label. WPS is supposed to be a convenient way to add computers to the network.

But it’s vulnerable and hackers can snare your passphrase to do their dirty deeds.

6. Don’t use MAC address filters.

MAC, or media access control, is an identifier for WIFI devices and ethernet ports. It’s designed to filter out wrong MAC addresses.

But its effectiveness is questionable. It’s often inconvenient because it’s easy to misconfigure, especially if you have a lot of devices.

7. Don’t allow administrative access.

Otherwise, you’ll make it easier for an outside hacker to mess with your WIFI router.

Instead, use a computer in your network to make any necessary changes to your wireless system.

8. For customers and vendors, consider a guest network.

If you feel you want to make wireless available to visiting customers or vendors, don’t give them your passphrase.

Instead, under a second SSID, set up a separate wireless network. You’ll be able to disable or periodically change it’s passphrase without impacting your company’s devices.

From the Coach’s Corner, related tips:

Do BYOD Headaches Outweigh Benefits? Yes — BYOD — bring your own device — is the trend in which employees bring their own handheld technology to use at work. They use their hardware on sensitive company-owned databases, e-mail, file services and wireless networks. 

Tips For Internet Security to Prepare you for New Cyber Attacks — According to a Web security study in 2013, Internet attacks have been impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities. 

Information Security: How to Make the Right Choices — More than ever, businesses, government agencies and consumers are learning costly lessons about due diligence in privacy and data security. A nationally known expert tells how to make the right choices in information security. 

Web Security Checklist and Warning about Mobile Banking – Here is an online security checklist and a stern warning about using mobile online services at your bank or credit union. 

Keys to Protect Yourself from Skyrocketing Trend – Tax Identity Theft – Tax identity theft is increasingly victimizing Americans, according to the Internal Revenue Service.

“It’s like the Wild West, the Internet. There are no rules.”

-Steven Wright

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

Security Steps for Your Mobile Device in Online Banking, Purchases

 

Almost 90 percent of Americans use a cell phone and more than 50 percent have smartphones, according to published reports. They also indicate 28 percent of smartphone owners use their devices for online banking. 

“Mobile devices are making everyday tasks like banking simpler and easier, and this rise in popularity is making the mobile space more attractive to cybercriminals,” said Ken Marblestone, president of Charter One and RBS Citizens in Ohio.

activities,calendars,Cell phones,communications,electronics,females,PDAs,persons,phones,schedules,scheduling,signs,technologies,telephones,texting,texts,women“The precautions that consumers are accustomed to taking on their computers also should be applied to mobile devices,” he warned.

Mobile banking is a tool banks recommend to lower their costs for attracting customers in their competitive marketplace.

Don’t, but if you must

But mobile banking is not a practice I recommend because identity fraud has escalated in smartphones.

Certainly, bankers are aware of the dangers.

Again, they encourage mobile banking because it’s a source of profits.

“Any device used to connect to the Internet is potentially at risk, so we urge users to follow these basic safety measures to keep their information safe,”  Mr. Marblestone added in a press release.

But if you must engage in mobile banking, the American Bankers Association provides this guidance:

1. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.

2. Log out completely when you finish a mobile banking session.

3. Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.

4. Use caution when downloading apps. Only download apps from the official stores – App StoreSM and Google PlayTM Store. Third party stores may make it possible for malicious software, worms and viruses to be downloaded. And, beware of apps that ask for unnecessary “permissions.”

5. Download the updates for your phone and mobile apps as soon as they become available. You may also enable automatic app updates on your device to ensure timely acceptance.

6. Avoid storing sensitive information like passwords or a social security number on your mobile device.

7. Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re entering sensitive information.

8. Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.

9. Report any suspected fraud to your bank immediately.

Further, I would add this counsel: Don’t use a mobile browser to access your bank account. It’s best to download your banking app directly from your financial institution’s Web site and avoid fake apps that trick you out of your login and password.

From the Coach’s Corner, here are more security tips:

Who Profits from Android’s Security Issues? Not Users.  — A government task force, the Internet Crime Complaint Center (IC3) has issued a dire warning about malware. In particular, it’s a threat to Android users. 

Surprise — Cyber Criminals Chew up Apple Products, too — For years in terms of security, Windows has been considered inferior to Macs. But no longer thanks to malware security epidemics. 

Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft — A whopping 79 percent of companies in the U.S. and U.K. experienced Web-borne attacks in 2012, according to data released in 2013.  

Tips to Prevent Hacking of Your Bluetooth — Bluetooth technology, of course, allows you freedom when talking on your cell phone. But you’ll lose other freedoms if you don’t prevent scammers from exploiting your system via a trend called “bluebugging.” 

“If we continue to develop our technology without wisdom or prudence, our servant may prove to be our executioner.” 

-Omar Bradley

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

8 Tips to Avoid Being Victimized by Phishing Scams

 

Despite all the publicity about phishing scams, even employees at a major health provider and university system are guilty of risking personal data, including medical information and Social Security numbers, for thousands of people.

The Franciscan Health System notified more than 12,000 patients nationwide in March 2014 their personal information may have been shared with computer scammers who accessed staff email accounts. About 8,000 are in the Pacific Northwest.

Similarly, the University of Washington found it necessary to warn its employees.  

The University of Washington has been a target of some high-profile ‘phishing’ attacks recently, and the Office of the UW Chief Information Security Officer is offering some tips to protect personal, financial and institutional information stored on personal computers,” wrote Bob Roseth at www.washington.edu/news in February 2013.

“Phishing is a form of email or Internet fraud in which cybercriminals entice victims to provide personal information, including login credentials, that can be used to gain access to UW or personal systems, bank accounts and other financial assets, as well as other sensitive information,” he explained.

“Phishing messages often include distressing or enticing statements to provoke an immediate reaction, or they may threaten consequences if you fail to respond,” Mr. Roseth added.

Just as it appeared that phishing has been a heavily publicized topic, the university’s warning serves as a reminder not to be complacent.

We can never assume that everyone is cognizant of dangers posed by cybercriminals.

Franciscan and the UW joined a long list of victimized organizations.

To avoid being victimized, here are eight tips:

1. Take great care in sending e-mails.

You shouldn’t ever e-mail passwords or other sensitive information. If you’re forwarding an important e-mail with a password-protected attachment, make sure it’s challenging for anyone to open it.

2. Be strategic if you’re asked to set up security questions and answers.

Many questions are easy to answer for cybercriminals if they know anything about you, especially if you are active on social media. People put all kinds of information on their Facebook page.

So don’t answer with information that can easily be found by cybercriminals– in other words, don’t answer the questions directly. In other words, if a question is “What was the name of your high school?” answer with the name of your most disliked subject or most-inspirational teacher.

3. Be skeptical when a cybercriminal tries to get your attention.

Mr. Roseth was right when he wrote that authors of phishing methods know how to use fear to get your attention. They also use other methods.

4. Take extra precautions when an e-mail that appears to be a legitimate Web site asks for information.

Savvy organizations don’t send such requests for your information. Many illegitimate Web sites are copycats. Look closely at the URLs and check for slight variations in the spelling.

Better still, I always ignore such requests. Instead, I enter the site’s address in the URL and go to the Web site in-question, just to be sure.

5. When you receive e-mails asking for information or for you to click on a link, first consider the circumstance.

If you don’t recognize the e-mail address, even if it’s supposedly from an acquaintance or your bank, don’t open it. Certainly, don’t click on such links or open attachments.

As this article was being written, I received this cybercrime e-mail:

From: JP Morgan Chase Bank [webexxxoffice42@att.net]

Please open the attachment for more information Mr. James Dimon CEO JP Morgan Chase Bank Fax:1-847-496-8147

Note: the discrepancy between the the alleged bank and e-mail address – a bonafide bank would not have an ATT.net email address.

6. Guard against scams from overseas.

Usually, such scams have grammatical and spelling errors. They’re often been translated poorly into English. They also include weird-looking phrasing or out-of-character letters in e-mails to get past spam filters.

7. As Mr. Roseth stated, phishing scams try to get your attention with urgent statements for you to take action.

Ignore them. They also pretend to send you important personalized information, but they mistakenly reveal that the same e-mail is being sent to others. Often, they don’t address you by name.

Or, they hack Twitter or Facebook and pretend to send you e-mails from your acquaintances. So check the context of such e-mails – they don’t use the same verbiage as your friends.

8. Take precautions with your smartphones, mobile applications and social media.

Watch out for illegitimate apps that want to access your device in order to steal your personal or sensitive information.

Note: Android has had countless security issues. Identity fraud has escalated in smartphones and social media. Once considered perfectly safe, even Macs have had security issues, too.

From the Coach’s Corner, if you want information on other security subjects, chances are you’ll find what you want in this portal’s Tech section. Remember, if you read e-mails carefully and take great care, you’ll minimize any threats.

Be careful about reading the fine print…there’s no way you’re going to like it.

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

Surprise — Cyber Criminals Chew up Apple Products, too

 

For years in terms of security, Windows has been considered inferior to Macs. But no longer thanks to malware security epidemics.

If you’ve got an iPhone, get busy. Apple continues to have security issues. Apple was forced on Feb. 21, 2014 to fix a vulnerability with iOS 7.0.6 (Apple releases OS X 10.9.2 update, patches severe SSL bug and Why Apple’s Recent Security Flaw Is So Scary – Gizmodo).

Apple was under increasing pressure starting in 2012 to take preventative security measures by cyber experts in the wake of 600,000 malware-infected Macs.

apple cores,apples,food,fruits,nature,photographs“Myths die hard,” writes nationally known security guru Stan Stahl, Ph.D. “Users can no longer naively claim that they don’t need to be concerned with security because they use a Macintosh.”

Cybercriminals don’t discriminate

He believes cybercriminals see no difference between Mac OS X and Windows.

“It’s cold comfort that this particular vulnerability surfaced in Java-so well known as a source of attack exploits that we recommend users disable it,” he writes.

“The lesson we need to take away from the Mac OS X story is humility in the face of software complexity,” he adds.

As one of the nation’s leading authorities, Dr. Stahl is a principal at Citadel Information Group, www.citadel-information.com, in Los Angeles.

“In the 1980s I was a staff security engineer at TRW when my manager gave me a piece of wisdom that applies to the myth of Mac security,” he writes:

“There are three kinds of knowledge,” he said. “There’s what you know that you know you know. There’s what you don’t know that you know you don’t know. And there’s what you don’t know that you don’t know that you don’t know.”

Dr. Stahl warns about the dangers of the third category of what we don’t know.

“It’s this third category that is most dangerous – what we don’t know that we don’t know we don’t know,” he writes. “This-our hidden ignorance – is what gets us into trouble. Believing the myth of Mac security-jumping to the conclusion that Macs are secure because we don’t know about their insecurities-is dangerous because the myth keeps us from taking the actions necessary to protect sensitive information on our Macs.”

More about myths

“There is the myth that IT can effectively manage cyber security; that senior management doesn’t need to get involved,” believes Dr. Stahl. “There is the myth that antivirus and anti-malware solutions provide sufficient security.

“There is the myth that ‘we have nothing of interest to a cyber criminal.’ And the most dangerous myth of all-that we can be secure if we simply do A, B and C, whatever A, B and C happen to be,” he warns. “It is these and other myths that keep us from being open to what we don’t know that we don’t know we don’t know.”

His parting shot:

“When it comes to cyber security management, myths are particularly dangerous,” he writes. “Our greatest security weakness-our greatest vulnerability-lies in the security myths we believe. That’s why the stories of more than 600,000 Macs infected by the Flashback malware is so important, for it serves as a warning about the dangers of all cyber security myths.”

From the Coach’s Corner, here are more security insights:

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

-Richard Clarke 

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

Who Profits from Android’s Security Issues? Not Users

 

A government task force, the Internet Crime Complaint Center (IC3) has issued a dire warning about malware. In particular, it’s a threat to Android users. As a result, IC3 issued security tips for users as early as 2011.

There’s also a version of the OpFake malware for Android – it’s incorporated in the Opera Mini mobile browser, according to ZDNet.

Users don’t know anything’s wrong until they use the legitimate software.

Android user beware: other security applications are fakes, too – they’re Zeus malware. Known as “Android Security Suite Premium,” they confiscate new SMS messages to the Android user.

Messages can include passwords and other sensitive data, according to Kapersky Lab Security News Service.

Countless headlines detail the cyber dangers of Android-based devices, which is why it was announced that 22 applications were taken off the market by Google. The operating system’s issues stemmed from malware infections.

So who can benefit? Certainly it isn’t Android users.

“We continue to advise readers to be very cautious in downloading Android applications,” wrote Stan Stahl, Ph.D., on his blog. “Applications should be downloaded only from ‘official’ stores and only after they have been ‘vetted’ as legit,” wrote the nationally known security expert.

Google removed the apps from its Android market after they fooled users into accepting hidden, fraudulent charges.

The biggest operating-system competitor to Google’s Android: Apple’s iOS.

Published reports indicate Microsoft is actively pursuing opportunities to capitalize on Android’s woes.

Blackberry, of course, has problems with profitability. New products have been slow to market. As Blackberry’s phones age and need to be replaced by business users, Apple’s products might become even more attractive in the corporate world.

And if the vulnerabilities aren’t resolved, both Apple and Microsoft should be in a position to profit.

From the Coach’s Corner, security resource links:

BYOD, Mobile-Banking Warnings about Security Prove Prophetic – Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

New Cybercrime Serves as Warning to Take Defensive PrecautionsCybercrime is only getting worse. From both sides of the Atlantic Ocean, here are three examples of countless crimes: Authorities including the Secret Service are investigating the hacking of retailer Target in 2013 – hackers stole credit and debit card data from 40 million customers.

Identity Fraud Escalates in Smartphones, Social Media – Skyrocketing mobile malware threats amid widespread use of BYOD, bring your own devices, will lead to a $1.88 billion services market in 2013. That’s according to ABI Research. Cybercriminals are successfully attacking vulnerabilities in individual devices and networks to an ABI report.

Tips to Prevent Hacking of Your Bluetooth – Bluetooth technology, of course, allows you freedom when talking on your cell phone. But you’ll lose other freedoms if you don’t prevent scammers from exploiting your system via a trend called “bluebugging.” Beware, cybercriminals using software, are able to intercept your Bluetooth signal to hack into your phone.

Why Many Healthcare Workers Are Alarmingly Responsible for Medical ID Theft – Medical identity theft is skyrocketing. It’s the fast-growing trend in ID thievery. Health-care providers apparently can’t trust their employees to use best practices in observing The Health Insurance Portability and Accountability Act (HIPAA), which has been in effect since 1996. You hear the acronym a lot in healthcare.

“Distrust and caution are the parents of security.”

-Benjamin Franklin

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

Risk Management – Picking the Best Cloud Storage Provider

 

There’s been quite a buzz about using the cloud. Personally, I’m still not sold on using cloud services for many businesses. There have been too many problems, and I prefer to maintain controls to alleviate uncertainty in business.

Not to mention one of the lessons I learned very early — when there’s a lot of hype — go slow with due diligence.

Frankly, I’m not alone.

clipped images,clouds,cloudy,cropped images,cropped pictures,icons,nature,PNG,transparent background,weatherCritical cloud study

A heavily credentialed expert performed a study and provides this surprise: Open source technology is preferable to the cloud.

But if you feel you must go the cloud route, remember choosing the right cloud storage provider is a must for risk management.

You have a vast array of options. Cost is important, of course, but so are your company’s risk-management needs – just like the federal government.

It’s took two years, but the government launched FedRamp, the federal risk and authorization program.

It established security standards for providing cloud services to the government.

FedRAMP also provides agencies with monitoring tools to insure continuous compliance with security standards. Those are important considerations.

Risk-management for your business

Here are 10 questions to ask of your prospective cloud provider:

1. If they’re a large provider, has the vendor been qualified by FedRAMP?

2. What is the company’s financial situation? Bankruptcies are prevalent. Have a frank discussion with the supplier. Find out if they expect to gain or lose business in the next year. And ask about their cash flow, and for references regarding the status of their banking relationships.

3. What would be their total charges? Is it a flat fee? What are the additional costs for storing each gigabyte or for transferring data?

4. What about the security of their services, privacy commitment and data protection, and what does their service level agreement (SLA) provide? Keep in mind commitments for performance and reliability, and what happens if they fail to perform according to the SLA.

5. What do they provide in the way of data availability each month? What will be the percentage of time you will be able to get into your data or add new data?

6. What do they provide in data transfer rates? Data storage is important, but so is your ability to rapidly transfer your data.

7. What level of data durability do they offer? That is the amount of potential data loss from data corruption.

8. Does the vendor provide data shuffle or bare metal service? This service is a hard copy backup. Will you be able to present a hard-drive data copy to the cloud or will you be able to retrieve a copy of your data?

9. What do they support in operating systems? Make certain they’re capable of working with all your operating systems.

10. What are their backup services? You’ll have problems if they simply backup your data. You’ll also want assurances that they will back up all your computer applications and operating system, and will provide virtual servers for crashed systems.

From the Coach’s Corner, here are recommended articles:

The New Face of $1 Trillion in Cybercrime on Business – Account Takeovers, Credit Card Fraud – Business Web sites are facing an increasingly intense full-court press from cybercriminals – the aggregate cost of cybercrime annually, which includes prevention strategies, has exceeded $1 trillion. 

Security Steps for Your Mobile Device in Online Banking, Purchases – Almost 90 percent of Americans use a cell phone and more than 50 percent have smartphones, according to published reports. They also indicate 28 percent of smartphone owners use their devices for online banking.

How to Enhance Security in Your Company’s Wireless Network – Do you take it for granted that your wireless network is secure? Don’t make that assumption. Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues. If you’re really serious about security, WIFI might not be for you. A wired network might be more desirable. 

How Small Businesses Can Profit from Cyber Strategies – Yes, it’s become important for small businesses to capitalize on cyber strategies for profit. Small and even regional retailers should be cognizant of three realities: Potential customers probably think that national chains have easier-to-shop Web sites. Big retailers have lower prices.

“It’s not a faith in technology. It’s faith in people.”
-Steve Jobs

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry. 

Bookmark and Share

Lesson about Passwords after Theft of 16,000+ UCLA Patient Records

 

Unfortunately, we’ve learned another lesson about passwords at the expense of 16,288 patients who’ve been treated at UCLA’s network of hospitals and clinics.  The patients’ sensitive information are in the wrong hands following a burglary of a doctor.

The information was on the computer hard drive stolen from a doctor’s home, according to an article in the The New York Times (UCLA Health System Warns About Stolen Records). Medical records of the patients included addresses, birth dates and medical information covering July 2007 to July 2011.

The possible good news: The personal medical data was encrypted. But the alarming news: A piece of paper containing the password to the medical records was missing from the doctor’s home.

“Rule 1 is never write down passwords,” warns nationally known security expert Stan Stahl, Ph.D., of Citadel Information Group in Los Angeles. 

“Rule 2 is – if you’re going to break Rule 1 – do it securely,” he adds.

“If you must write a password down, write it on a piece of paper the size of a credit card and keep it in your wallet with your credit cards and your driver’s license,” explains Dr. Stahl. “And just write the password: write ‘15Blah-blah-blah’ not ‘my laptop password is ‘15Blah-blah-blah’.”

You can get more of Dr. Stahl’s insights on his security blog and his Web site. (Note: Dr. Stahl is a fellow member of Consultants West, www.consultantswest.com, a roundtable of veteran consultants in the Los Angeles area.)

From the Coach’s Corner, here are additional cybersecurity tips:

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

-White House Cybersecurity Advisor, Richard Clarke

 

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

Next Page »

Biz Coach Terry Corbell – the business-performance consultant – provides Proven Solutions for Maximum Profits.