How to Enhance Security in Your Company’s Wireless Network

 

Do you take it for granted that your wireless network is secure? Don’t make that assumption.

Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues.

If you’re really serious about security, WIFI might not be for you. A wired network might be more desirable.

clipped images,computer screens,computers,cropped images,cropped pictures,icons,locked,locks,monitors,padlocks,PCs,PNG,securities,technologies,transparent backgroundAdmittedly what follows isn’t a comprehensive, sure-fire set of strategies; however, there are ways to enhance your chances for a secure wireless network.

Here are eight recommended security steps:

1. Change your default password. It’s easy for hackers to learn your default password. Router vendors’ passwords are widely available to them. When you launch your wireless system, change the router’s default password. If your system is operating buy you haven’t changed the password, do it now.

2. Use WPA2 encryption, not the old WEP encryption. It’s important to encrypt your system to prevent nosy parties from observing your activities. But WPA2 provides better security than WEP.

3. Use a sophisticated passphrase. Don’t use a passphrase that can be easily hacked. Your passphrase should have at least two dozen characters — upper and lower case letters, numbers and symbols.

4. Don’t use ordinary SSID names. SSID, or service set identification, is a name that identifies your wireless network. SSID is a weak form security.

Some IT people mistakenly think all they need to do is  turn off SSID broadcasting. If you have an IT person, don’t let the person make this mistake. Hackers know how to render the action as useless.

So change the default SSID along with the passphrase to make it more difficult for hackers.

5. Disable your WPS, or WIFI protected setup. WPS is a an eight-digit PIN number that’s on the device’s back label. WPS is supposed to be a convenient way to add computers to the network.

But it’s vulnerable and hackers can snare your passphrase to do their dirty deeds.

6. Don’t use MAC address filters. MAC, or media access control, is an identifier for WIFI devices and ethernet ports. It’s designed to filter out wrong MAC addresses.

But its effectiveness is questionable. It’s often inconvenient because it’s easy to misconfigure, especially if you have a lot of devices.

7. Don’t allow administrative access. Otherwise, you’ll make it easier for an outside hacker to mess with your WIFI router.

Instead, use a computer in your network to make any necessary changes to your wireless system.

8. For customers and vendors, consider a guest network. If you feel you want to make wireless available to visiting customers or vendors, don’t give them your passphrase.

Instead, under a second SSID, set up a separate wireless network. You’ll be able to disable or periodically change it’s passphrase without impacting your company’s devices.

From the Coach’s Corner, related content:

Do BYOD Headaches Outweigh Benefits? Yes — BYOD — bring your own device — is the trend in which employees bring their own handheld technology to use at work. They use their hardware on sensitive company-owned databases, e-mail, file services and wireless networks. 

Tips For Internet Security to Prepare you for New Cyber Attacks — According to a Web security study in 2013, Internet attacks have been impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities. 

Information Security: How to Make the Right Choices — More than ever, businesses, government agencies and consumers are learning costly lessons about due diligence in privacy and data security. A nationally known expert tells how to make the right choices in information security. 

Web Security Checklist and Warning about Mobile Banking – Here is an online security checklist and a stern warning about using mobile online services at your bank or credit union. 

Keys to Protect Yourself from Skyrocketing Trend – Tax Identity Theft – Tax identity theft is increasingly victimizing Americans, according to the Internal Revenue Service.

“It’s like the Wild West, the Internet. There are no rules.”

-Steven Wright

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Bookmark and Share

Security Steps for Your Mobile Device in Online Banking, Purchases

 

Almost 90 percent of Americans use a cell phone and more than 50 percent have smartphones, according to published reports. They also indicate 28 percent of smartphone owners use their devices for online banking. 

“Mobile devices are making everyday tasks like banking simpler and easier, and this rise in popularity is making the mobile space more attractive to cybercriminals,” said Ken Marblestone, president of Charter One and RBS Citizens in Ohio. “The precautions that consumers are accustomed to taking on their computers also should be applied to mobile devices.

activities,calendars,Cell phones,communications,electronics,females,PDAs,persons,phones,schedules,scheduling,signs,technologies,telephones,texting,texts,womenMobile banking is a tool banks recommend to lower their costs for attracting customers in their competitive marketplace.

But mobile banking is not a practice I recommend because identity fraud has escalated in smartphones.

Certainly, bankers are aware of the dangers.

“Any device used to connect to the Internet is potentially at risk, so we urge users to follow these basic safety measures to keep their information safe,”  Mr. Marblestone added in a press release.

But if you must engage in mobile banking, the American Bankers Association provides this guidance:

1. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.

2. Log out completely when you finish a mobile banking session.

3. Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.

4. Use caution when downloading apps. Only download apps from the official stores – App StoreSM and Google PlayTM Store. Third party stores may make it possible for malicious software, worms and viruses to be downloaded. And, beware of apps that ask for unnecessary “permissions.”

5. Download the updates for your phone and mobile apps as soon as they become available. You may also enable automatic app updates on your device to ensure timely acceptance.

6. Avoid storing sensitive information like passwords or a social security number on your mobile device.

7. Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re entering sensitive information.

8. Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.

9. Report any suspected fraud to your bank immediately.

Further, I would add this counsel: Don’t use a mobile browser to access your bank account. It’s best to download your banking app directly from your financial institution’s Web site and avoid fake apps that trick you out of your login and password.

From the Coach’s Corner, here are more security tips:

Who Profits from Android’s Security Issues? Not Users.  — A government task force, the Internet Crime Complaint Center (IC3) has issued a dire warning about malware. In particular, it’s a threat to Android users. 

Surprise — Cyber Criminals Chew up Apple Products, too — For years in terms of security, Windows has been considered inferior to Macs. But no longer thanks to malware security epidemics. 

Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft — A whopping 79 percent of companies in the U.S. and U.K. experienced Web-borne attacks in 2012, according to data released in 2013.  

Tips to Prevent Hacking of Your Bluetooth — Bluetooth technology, of course, allows you freedom when talking on your cell phone. But you’ll lose other freedoms if you don’t prevent scammers from exploiting your system via a trend called “bluebugging.” 

“If we continue to develop our technology without wisdom or prudence, our servant may prove to be our executioner.” 

-Omar Bradley

 

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Bookmark and Share

8 Tips to Avoid Being Victimized by Phishing Scams

 

Despite all the publicity about phishing scams, even employees at a major health provider and university system are guilty of risking personal data, including medical information and Social Security numbers, for thousands of people.

The Franciscan Health System notified more than 12,000 patients nationwide in March 2014 their personal information may have been shared with computer scammers who accessed staff email accounts. About 8,000 are in the Pacific Northwest.

Similarly, the University of Washington found it necessary to warn its employees.  

The University of Washington has been a target of some high-profile ‘phishing’ attacks recently, and the Office of the UW Chief Information Security Officer is offering some tips to protect personal, financial and institutional information stored on personal computers,” wrote Bob Roseth at www.washington.edu/news in February 2013.

“Phishing is a form of email or Internet fraud in which cybercriminals entice victims to provide personal information, including login credentials, that can be used to gain access to UW or personal systems, bank accounts and other financial assets, as well as other sensitive information,” he explained.

“Phishing messages often include distressing or enticing statements to provoke an immediate reaction, or they may threaten consequences if you fail to respond,” Mr. Roseth added.

Just as it appeared that phishing has been a heavily publicized topic, the university’s warning serves as a reminder not to be complacent.

We can never assume that everyone is cognizant of dangers posed by cybercriminals.

Franciscan and the UW joined a long list of victimized organizations.

To avoid being victimized, here are eight tips:

1. Take great care in sending e-mails.

You shouldn’t ever e-mail passwords or other sensitive information. If you’re forwarding an important e-mail with a password-protected attachment, make sure it’s challenging for anyone to open it.

2. Be strategic if you’re asked to set up security questions and answers.

Many questions are easy to answer for cybercriminals if they know anything about you, especially if you are active on social media. People put all kinds of information on their Facebook page.

So don’t answer with information that can easily be found by cybercriminals– in other words, don’t answer the questions directly. In other words, if a question is “What was the name of your high school?” answer with the name of your most disliked subject or most-inspirational teacher.

3. Be skeptical when a cybercriminal tries to get your attention.

Mr. Roseth was right when he wrote that authors of phishing methods know how to use fear to get your attention. They also use other methods.

4. Take extra precautions when an e-mail that appears to be a legitimate Web site asks for information.

Savvy organizations don’t send such requests for your information. Many illegitimate Web sites are copycats. Look closely at the URLs and check for slight variations in the spelling.

Better still, I always ignore such requests. Instead, I enter the site’s address in the URL and go to the Web site in-question, just to be sure.

5. When you receive e-mails asking for information or for you to click on a link, first consider the circumstance.

If you don’t recognize the e-mail address, even if it’s supposedly from an acquaintance or your bank, don’t open it. Certainly, don’t click on such links or open attachments.

As this article was being written, I received this cybercrime e-mail:

From: JP Morgan Chase Bank [webexxxoffice42@att.net]

Please open the attachment for more information Mr. James Dimon CEO JP Morgan Chase Bank Fax:1-847-496-8147

Note: the discrepancy between the the alleged bank and e-mail address – a bonafide bank would not have an ATT.net email address.

6. Guard against scams from overseas.

Usually, such scams have grammatical and spelling errors. They’re often been translated poorly into English. They also include weird-looking phrasing or out-of-character letters in e-mails to get past spam filters.

7. As Mr. Roseth stated, phishing scams try to get your attention with urgent statements for you to take action.

Ignore them. They also pretend to send you important personalized information, but they mistakenly reveal that the same e-mail is being sent to others. Often, they don’t address you by name.

Or, they hack Twitter or Facebook and pretend to send you e-mails from your acquaintances. So check the context of such e-mails – they don’t use the same verbiage as your friends.

8. Take precautions with your smartphones, mobile applications and social media.

Watch out for illegitimate apps that want to access your device in order to steal your personal or sensitive information.

Note: Android has had countless security issues. Identity fraud has escalated in smartphones and social media. Once considered perfectly safe, even Macs have had security issues, too.

From the Coach’s Corner, if you want information on other security subjects, chances are you’ll find what you want in this portal’s Tech section. Remember, if you read e-mails carefully and take great care, you’ll minimize any threats.

Be careful about reading the fine print…there’s no way you’re going to like it.

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

Who Profits from Android’s Security Issues? Not Users.

 

A government task force, the Internet Crime Complaint Center (IC3) has issued a dire warning about malware. In particular, it’s a threat to Android users. As a result, IC3 issued security tips for users as early as 2011.

There’s also a version of the OpFake malware for Android – it’s incorporated in the Opera Mini mobile browser, according to ZDNet. Users don’t know anything’s wrong until they use the legitimate software.

Android user beware: other security applications are fakes, too – they’re Zeus malware. Known as “Android Security Suite Premium,” they confiscate new SMS messages to the Android user.

Messages can include passwords and other sensitive data, according to Kapersky Lab Security News Service.

Countless headlines detail the cyber dangers of Android-based devices, which is why it was announced that 22 applications were taken off the market by Google. The operating system’s issues stemmed from malware infections.

So who can benefit? Certainly it isn’t Android users.

“We continue to advise readers to be very cautious in downloading Android applications,” wrote Stan Stahl, Ph.D., on his blog. “Applications should be downloaded only from ‘official’ stores and only after they have been ‘vetted’ as legit,” wrote the nationally known security expert.

Google removed the apps from its Android market after they fooled users into accepting hidden, fraudulent charges.

The biggest operating-system competitor to Google’s Android: Apple’s iOS.

Published reports indicate Microsoft is actively pursuing opportunities to capitalize on Android’s woes.

Research in Motion (RIM) has its woes with Blackberry profitability. New products are slow to market. As RIM’s phones age and need to be replaced by business users, Apple’s products might become even more attractive in the corporate world.

And if the vulnerabilities aren’t resolved, both Apple and Microsoft should be in a position to profit.

From the Coach’s Corner, security resource links:

“Distrust and caution are the parents of security.”

-Benjamin Franklin

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Bookmark and Share

Risk Management – Picking the Best Cloud Storage Provider

 

There’s been quite a buzz about using the cloud. Personally, I’m still not sold on using cloud services for many businesses. There have been too many problems, and I prefer to maintain controls to alleviate uncertainty in business.

Not to mention one of the lessons I learned very early — when there’s a lot of hype like there is with the cloud — go slow with due diligence.

clipped images,clouds,cloudy,cropped images,cropped pictures,icons,nature,PNG,transparent background,weatherFrankly, I’m not alone. A heavily credentialed expert performed a study and provides this surprise: Open source technology is preferable to the cloud.

But if you feel you must go the cloud route, remember choosing the right cloud storage provider is a must for risk management.

You have a vast array of options. Cost is important, of course, but so are your company’s risk-management needs – just like the federal government.

It’s taken two years, but now the government has launched FedRamp, the federal risk and authorization program. It established security standards for providing cloud services to the government.

FedRAMP also provides agencies with monitoring tools to insure continuous compliance with security standards. Those are important considerations.

So what about cloud risk-management for your business?

Here are basic questions to ask of your potential cloud provider:

  1. If they’re a large provider, has the vendor been qualified by FedRAMP?
  2. What is the company’s financial situation? Bankruptcies are prevalent. Have a frank discussion with the supplier. Find out if they expect to gain or lose business in the next year. And ask about their cash flow, and for references regarding the status of their banking relationships.
  3. What would be their total charges? Is it a flat fee? What are the additional costs for storing each gigabyte or for transferring data?
  4. What about the security of their services, privacy commitment and data protection, and what does their service level agreement (SLA) provide? Keep in mind commitments for performance and reliability, and what happens if they fail to perform according to the SLA.
  5. What do they provide in the way of data availability each month? What will be the percentage of time you will be able to get into your data or add new data?
  6. What do they provide in data transfer rates? Data storage is important, but so is your ability to rapidly transfer your data.
  7. What level of data durability do they offer? That is the amount of potential data loss from data corruption.
  8. Does the vendor provide data shuffle or bare metal service? This service is a hard copy backup. Will you be able to present a hard-drive data copy to the cloud or will you be able to retrieve a copy of your data?
  9. What do they support in operating systems? Make certain they’re capable of working with all your operating systems.
  10. What are their backup services? You’ll have problems if they simply backup your data. You’ll also want assurances that they will back up all your computer applications and operating system, and will provide virtual servers for crashed systems.

From the Coach’s Corner, here’s a recommended article: How Small Businesses Can Capitalize on Cyber Strategies for Profit.

“It’s not a faith in technology. It’s faith in people.”
-Steve Jobs

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry. 

 

Bookmark and Share

Lesson about Passwords after Theft of 16,000+ UCLA Patient Records

 

Unfortunately, we’ve learned another lesson about passwords at the expense of 16,288 patients who’ve been treated at UCLA’s network of hospitals and clinics.  The patients’ sensitive information are in the wrong hands following a burglary of a doctor.

The information was on the computer hard drive stolen from a doctor’s home, according to an article in the The New York Times (UCLA Health System Warns About Stolen Records). Medical records of the patients included addresses, birth dates and medical information covering July 2007 to July 2011.

The possible good news: The personal medical data was encrypted. But the alarming news: A piece of paper containing the password to the medical records was missing from the doctor’s home.

“Rule 1 is never write down passwords,” warns nationally known security expert Stan Stahl, Ph.D., of Citadel Information Group in Los Angeles. 

“Rule 2 is – if you’re going to break Rule 1 – do it securely,” he adds.

“If you must write a password down, write it on a piece of paper the size of a credit card and keep it in your wallet with your credit cards and your driver’s license,” explains Dr. Stahl. “And just write the password: write ‘15Blah-blah-blah’ not ‘my laptop password is ‘15Blah-blah-blah’.”

You can get more of Dr. Stahl’s insights on his security blog and his Web site. (Note: Dr. Stahl is a fellow member of Consultants West, www.consultantswest.com, a roundtable of veteran consultants in the Los Angeles area.)

From the Coach’s Corner, here are additional cybersecurity tips:

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

-White House Cybersecurity Advisor, Richard Clarke

 

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

Why Many Healthcare Workers Are Alarmingly Responsible for Medical ID Theft

 

Medical identity theft is skyrocketing. It’s the fast-growing trend in ID thievery.

Health-care providers apparently can’t trust their employees to use best practices in observing The Health Insurance Portability and Accountability Act (HIPAA), which has been in effect since 1996. You hear the acronym a lot in healthcare.

However, at issue is whether health-care workers keep their mobile devices secure, according to the 2013 HIMSS Security Survey. Security breaches often occur at nurses’ stations and behind reception desks because of snooping my employees with financial and medical identity theft not far behind.

doctors,healthcare,medicine,men,occupations,patients,people,physicians,stethoscopes,women,writingsHospitals are securing their devices. But most employee devices aren’t secure, and 88 percent of respondents in a Benchmark Study on Patient Privacy and Data Security say employees are allowed to use their private mobile devices to access patient records.

The growing trend of allowing employees to BYOD — bring their own devices — isn’t healthy. It’s bad for the medical profession as well as for other sectors.

More than half — 53 percent — of surveyed global businesses admit they’re not ready to defend against attacks on their employees’ personal devices. Nearly all say their devices might have been attacked, according to a 2014 study (see Do BYOD Headaches Outweigh Benefits? Yes.)

Employees ostensibly assume their iPhone and Android devices are secure, but they’re not. (See: Surprise — Cyber Criminals Chew up Apple Products, too and Who Profits from Android’s Security Issues? Not Users.)

The problem of medical identity theft has been growing for years.

Data shows it adversely impacted 1.42 million Americans in 2010. That’s according to a 2011 study by PricewaterhouseCoopers (PwC) that shows medical ID theft aggregately cost more than $28 billion.

“The root cause of the fraudulent use of someone else’s medical identification is that protected medical information is widely dispersed in multiple information systems where it all too often is inadequately secured,” says nationally known security expert, Stan Stahl, Ph.D.

He’s president of Citadel Information Group, Inc. in Los Angeles, and he authoritatively writes about security issues on his blog.

MedPage Today sheds a bright light on the issue in this article: Medical Identity Theft a Growing Problem.

It reported the three most-common identity breaches:

1. Employees who act unprofessionally – improper use of patients’ data in doctors’ offices, hospitals, insurance company and life sciences companies. They’ve even been caught posting comments about patients on Facebook.

2. Almost 40 percent of hospitals and physicians report they have caught patients using another person’s identity when they seek treatment.

3. Twenty-five percent of insurance companies acknowledge the improper transfer of information in patients’ health files. Unauthorized persons viewed such files.

“Every organization that collects or stores personally identifiable medical information – hospitals, doctors, clinics, pharmacies, billing offices, insurance companies, even employers – has a legal and ethical obligation to properly secure that information,” asserts Dr.Stahl.

In public reports, theft was responsible for 66 percent of medical ID breaches in the last two years. The thefts include notebook computers, smartphones, using another person’s personal information for fraudulent claims, and people using others’ names.

More shocking news

Authors of the PwC study indicated most healthcare organizations aren’t equipped to prevent medical ID theft – despite the growing use of information technology in the medical profession.

“Most breaches are not the result of [information technology] IT hackers, but rather reflect the increase in the risks of the knowledgeable insider related to identity theft and simple human error – loss of a computer or device, lack of knowledge or unintended unauthorized disclosure,” said James Koenig, director of the Health Information Privacy and Security Practice at PwC in a press statement.

More than 50 percent of the study’s respondents who work for healthcare organizations said they knew of at least one privacy breach since 2009.

“Doctors need to take measures to assure their patients are who they say they are,” recommends Dr. Stahl. “That can include checking referrals.”

What can patients do?

“Patients need to treat their medical information with the same care that they treat their financial information, including periodically checking with their insurance company to identify fraudulent activity,” advises Dr. Stahl.

The PwC study indicated that most healthcare organizations admit they haven’t even begun to adequately deal with privacy and security issues in this digital-information age.

Obviously, as a business-performance consultant, here’s my sense:

1. The medical profession should emphasize and implement stronger security precautions.

2. All medical employees should undergo privacy-confidentiality sensitivity training.

After all, shouldn’t healthy precautions be part of medical care?

From the Coach’s Corner, you might consider these security-resource links:

How to Enhance Security in Your Company’s Wireless Network – Do you take it for granted that your wireless network is secure? Don’t make that assumption. Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues. If you’re really serious about security, WIFI might not be for you. A wired network might be more desirable.

BYOD, Mobile-Banking Warnings about Security Prove Prophetic – Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later.

11 Travel Tips – Save Money, Prevent against Cyber Theft, Fraud — The most vulnerable travelers are businesspeople. That’s because they have to use Internet and e-mail. They’re in danger expressly from vulnerabilities, such as from wirelessly accessible passports to using WIFI.

“If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees.”

-Kahlil Gibran

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Bookmark and Share

Internet Lesson — ‘Big Brother Is Watching You’

 

There are salient principles in two famous books written by an English author, Eric Arthur Blair. Writing under a pen name, Mr. Blair lived from 1903 to 1950.

Among a myriad of honors after his passing, Time Magazine named one of Mr. Blair’s books among the 100-best English novels. In 1983, Mr. Blair made the cover of Time Magazine. The book is also No. 31 on the Modern Library list of best 20th century novels.

Mr. Blair was a strong advocate of freedom. During World War II, he also worked for BBC to combat the sinister propaganda emanating from Nazi Germany.

Eric Arthur Blair 

“Freedom is the right to tell people what they do not want to hear,” he wrote.

In his most-honored book, “Animal Farm: A Fairy Story,” the author’s allegorical novel told about the events leading to the era of Joseph Stalin and Communism.

In another noteworthy book, “Nineteen Eighty-Four,” he wrote a fictional account of an oligarchical dictatorship.

“Big Brother is watching you,” he wrote.

The author’s pen name: George Orwell.

So in being mindful of the books’ themes and of my career experience that includes being a government watchdog as a journalist, the prospect of a proposed federal legislation raised red flags.

The House of Representatives bill, H.R. 1981, would have required Internet service providers to keep records of their customers for one year. The ultimate goal was to identify users via their IP addresses. Sponsors claimed they want to protect children.

Privacy issue

Ordinarily, the goal of protecting children is a terrific idea. But the means to the end were unacceptable. Violating the privacy of Internet users is an abhorrent thought.

“The data retention mandate in this bill would treat every Internet user like a criminal and threaten the online privacy and free speech rights of every American, as lawmakers on both sides of the aisle have recognized,” says attorney Kevin Bankston of the Electronic Frontier Foundation in an article on Threatpost.com.

“Requiring Internet companies to redesign and reconfigure their systems to facilitate government surveillance of Americans’ expressive activities is simply un-American,” he adds. “Such a scheme would be as objectionable to our Founders as the requiring of licenses for printing presses or the banning of anonymous pamphlets.”

An ISP client told me such record-keeping costs would not have adversely affect his firm.

“When investigators develop leads that might result in saving a child or apprehending a pedophile, their efforts should not be frustrated because vital records were destroyed simply because there was no requirement to retain them,” Threatpost quoted Rep. Lamar Smith (R-TX), a bill sponsor.

“This bill requires ISPs to retain subscriber records, similar to records retained by telephone companies, to aid law enforcement officials in their fight against child sexual exploitation,” he added.

Fortunately, not everyone in Congress agreed with Rep. Lamar, according to Threatpost.

“The problem arises when data retention is government mandated,” says Rep. Jim Sensenbrenner (R-Wisc.). “It is the government’s role to conduct criminal investigations through the established legal process, but it is not the role of government to mandate how private businesses arrange storage procedures independent of the legal process.

“Simply put, the decision to store data should be a business decision and not a government decision,” concluded Rep. Jim Sensenbrenner.

As in all Internet-security matters, I checked with arguably the nation’s leading authority, Stan Stahl, Ph.D., (www.citadel-information.com).

“The devil is always in the details,” says Dr. Stahl. “I sure would like the ability to go back and find out who was at a particular IP address on a certain date and time when a client of mine received an email carrying the Zeus Trojan from that IP address.”

Questions arise

However, Dr. Stahl raised some questions: “Just how much pedophilia is there and exactly how is this going to control it? Is this a real problem or is this a candidate for budget cutting? Why one year? Why not 6 months? Or 18 months?  Is there anything more than a random guess as to why we’re doing this?

“All this law will do is drive all but the dumbest of them to simply cover their tracks through things like advanced tunneling, anonymization and encryption,” added Dr. Stahl. “Survival, as always, will go to those who adapt.”

He, too, raises privacy concerns.

“Those of us old enough to remember the 60s can only hazard a guess as to the consequences of the government having the ability to track our every move on the Internet,” adds Dr. Stahl. “Americans have a deep history of not trusting government; not all of this is irrational.”

The debate seemed to be in vain. Dr. Stahl said pedophiles already have a tool to stay under the radar. He cited an MIT article.

How true.

(Note: Dr. Stahl has been my go-to security expert since 1984. I was introduced to his expertise via our mutual membership in Consultants West, www.consultantswest.com).

From the Coach’s Corner, here are two informative links:

See Dr. Stahl’s security blog: here

Mr. Orwell’s iconic book: Nineteen Eighty-Four

“The only sure bulwark of continuing liberty is a government strong enough to protect the interests of the people, and a people strong enough and well enough informed to maintain its sovereign control over the government.”    

-Franklin D. Roosevelt

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Bookmark and Share

Internet Security Is an Issue, but 2010 Was a Year of Historic Malware Levels

 

You might be getting spam and malware these days, but fortunately it isn’t nearly as bad as it was from 2009 to 2010. On “Patch Tuesday” in August of 2010, Microsoft issued an alarmingly massive security update.

Meanwhile McAfee was publicizing its second-quarter date. It showed malware permeating the Internet on a mega scale in 2010, according to Website Magazine.

The magazine reported McAfee isolated six million malware cases in Q2 – that’s 10 million for the first half of 2010, alone.

circuitry,monitors,computers,eyes,metaphors,PCs,technologiesMicrosoft’s security update included 14 security bulletins. Eight were designated as “critical” and six were deemed “important.”

In all, there were 34 vulnerabilities in Microsoft Office, Microsoft Windows, Internet Explorer, Silverlight, Microsoft XML Core Services and Server Message Block.

“The most frequently used malware included threats on portable storage devices, fake anti-virus software, software specifically targeted at social media users, AutoRun malware and password-stealing Trojans,” wrote Linc Wonham, Website Magazine’s associate editor. “McAfee reported that approximately 55,000 new pieces of malware appeared every day around the world.”

He reported spam was down after peaking at almost 175 billion messages per day in Q3 2009.

“The most popular forms of spam in the U.S. were delivery status notifications or non-delivery receipt spam, which was also the case in Great Britain, China, Australia, Italy, Spain, Germany and Brazil. Argentina had the world’s highest number of different spam topics with 16, according to McAfee’s report,” he explained.

The moral:

Whenever Microsoft hasn’t updated your computers, get busy. Manually download the security update.

By the way, Microsoft and Windows aren’t the only targets now. Cyber criminals chew up Apple products, too. Identity theft has escalated in smartphones and social media. That includes Google’s security issues with its Android products. 

From the Coach’s Corner, for more tech-security information, see:

The New Face of $1 Trillion in Cybercrime on Business – Account Takeovers, Credit Card Fraud Business Web sites are facing an increasingly intense full-court press from cybercriminals – the aggregate cost of cybercrime annually, which includes prevention strategies, has exceeded $1 trillion.

Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft – A whopping 79 percent of companies in the U.S. and U.K. experienced Web-borne attacks in 2012, according to data released in 2013. These incidents continue to represent a significant threat to corporate brands.

What Your Company Can Do to Combat the Malware Epidemic – The nation’s leading Internet security expert, Stan Stahl, Ph.D. agrees with McAfee that an epidemic of malware has been unleashed on the Web, and he provides solutions.

“Everything yields to diligence.”
-Antiphanes

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Bookmark and Share

Biz Coach Terry Corbell – the business-performance consultant – provides Proven Solutions for Maximum Profits.

Switch to our mobile site