8 Tips to Avoid Being Victimized by Phishing Scams

 

Despite all the publicity about phishing scams, even the University of Washington has still found it necessary to warn its employees.  

“The University of Washington has been a target of some high-profile ‘phishing’ attacks recently, and the Office of the UW Chief Information Security Officer is offering some tips to protect personal, financial and institutional information stored on personal computers,” wrote Bob Roseth at www.washington.edu/news in February 2013.

“Phishing is a form of email or Internet fraud in which cybercriminals entice victims to provide personal information, including login credentials, that can be used to gain access to UW or personal systems, bank accounts and other financial assets, as well as other sensitive information,” he explained.

“Phishing messages often include distressing or enticing statements to provoke an immediate reaction, or they may threaten consequences if you fail to respond,” Mr. Roseth added.

Just as it appeared that phishing has been a heavily publicized topic, the university’s warning serves as a reminder not to be complacent. We can never assume that everyone is cognizant of dangers posed by cybercriminals. The university joins a long list of victimized organizations.

To avoid being victimized, here are eight tips:

1. Take great care in sending e-mails.

You shouldn’t ever e-mail passwords or other sensitive information. If you’re forwarding an important e-mail with a password-protected attachment, make sure it’s challenging for anyone to open it.

2. Be strategic if you’re asked to set up security questions and answers.

Many questions are easy to answer for cybercriminals if they know anything about you, especially if you are active on social media. People put all kinds of information on their Facebook page.

So don’t answer with information that can easily be found by cybercriminals– in other words, don’t answer the questions directly. In other words, if a question is “What was the name of your high school?” answer with the name of your most disliked subject or most-inspirational teacher.

3. Be skeptical when a cybercriminal tries to get your attention.

Mr. Roseth was right when he wrote that authors of phishing methods know how to use fear to get your attention. They also use other methods.

4. Take extra precautions when an e-mail that appears to be a legitimate Web site asks for information.

Savvy organizations don’t send such requests for your information. Many illegitimate Web sites are copycats. Look closely at the URLs and check for slight variations in the spelling.

Better still, I always ignore such requests. Instead, I enter the site’s address in the URL and go to the Web site in-question, just to be sure.

5. When you receive e-mails asking for information or for you to click on a link, first consider the circumstance.

If you don’t recognize the e-mail address, even if it’s supposedly from an acquaintance or your bank, don’t open it. Certainly, don’t click on such links or open attachments.

As this article was being written, I received this cybercrime e-mail:

From: JP Morgan Chase Bank [webexxxoffice42@att.net]

Please open the attachment for more information Mr. James Dimon CEO JP Morgan Chase Bank Fax:1-847-496-8147

Note: the discrepancy between the the alleged bank and e-mail address – a bonafide bank would not have an ATT.net email address.

6. Guard against scams from overseas.

Usually, such scams have grammatical and spelling errors. They’re often been translated poorly into English. They also include weird-looking phrasing or out-of-character letters in e-mails to get past spam filters.

7. As Mr. Roseth stated, phishing scams try to get your attention with urgent statements for you to take action.

Ignore them. They also pretend to send you important personalized information, but they mistakenly reveal that the same e-mail is being sent to others. Often, they don’t address you by name.

Or, they hack Twitter or Facebook and pretend to send you e-mails from your acquaintances. So check the context of such e-mails – they don’t use the same verbiage as your friends.

8. Take precautions with your smartphones, mobile applications and social media.

Watch out for illegitimate apps that want to access your device in order to steal your personal or sensitive information.

Note: Android has had countless security issues. Identity fraud has escalated in smartphones and social media. Once considered perfectly safe, even Macs have had security issues, too.

From the Coach’s Corner, if you want information on other security subjects, chances are you’ll find what you want in this portal’s Tech section. Remember, if you read e-mails carefully and take great care, you’ll minimize any threats.

Be careful about reading the fine print…there’s no way you’re going to like it.

 

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

4 Tips to Defend Against Hackers When Traveling Overseas

 

Feb. 6, 2013

The finger-pointing continues over the sources of cyber attacks on The New York Times and Wall Street Journal. The U.S. government and the publications have accused China of malfeasance. But China’s Ministry of Foreign Affairs and two Chinese academics dispute the allegations.

In citing a Chinese government study, the academics were quoted in several published reports claiming China is a victim – 12,513 Chinese Web sites including 1,167 governmental sites were attacked from April to December of 2011. (To see these articles, Google: “Chinese experts slam U.S. hacking accusations.”)

The government report claimed that 11,851 foreign IPs were responsible for the attacks and that 28.1 percent of them originated in the U.S.

“The accusations are unreasonable and irresponsible,” the publications quoted Professor Zhou Shijian, a senior researcher with the Center for US-China Relations of Tsinghua University in Beijing.

The U.S. accusations were disingenuous “both in legal basis and logics,” claimed Professor Liu Deliang, director of the Beijing-based Asia-Pacific Institute for Cyber-Law Studies. Professor Liu said the attacks on the U.S. publications could have been instigated by individuals, not the Chinese government.

“In the end, the accusation is nothing more than an excuse for the United States to wage wars on network security, and also for its trade protectionism, economic and foreign sanctions purposes,” he claimed. He contends the U.S. wants “hegemony” on the worldwide Web.

My sense is that both professors could be more diplomatic in their reactions.

After all, just ask Google. Given China’s record of censorship, hacking and countless violations of human rights, humor me. The professors’ claims appear to be mere symbolic acts of patriotism.

But whatever the origins of the cyber attacks, they serve as urgent reminders for businesspeople to exercise due diligence.

Protect against hackers when traveling

To defend against overseas hackers when traveling, at the minimum, here are four practical tips:

1. Don’t travel with your notebook computer that contains proprietary information. When you return home, clean your computer.
2. Remember you can’t watch your computer at all times. Your data can be stolen in customs or from your hotel room. Once there, use an encrypted drive and lock your computer in a hotel safe.
3. Don’t take your mobile device. Instead, get a pay-as-you-go phone. Otherwise, you take a big risk. Use a strong password so no one can access your data or e-mails.
4. Don’t use WIFI. And don’t conduct sensitive financial business, such as logging into your bank account.

From the Coach’s Corner, for additional insights, see: 11 Travel Tips – Save Money, Prevent against Cyber Theft, Fraud

It’s not whether you win or you win or lose, but how you place the blame.

 

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Do BYOD Headaches Outweigh Benefits? Yes

 

BYOD — bring your own device — is the trend in which employees bring their own handheld technology to use at work. They use their hardware on sensitive company-owned databases, e-mail, file services and wireless networks.

The pro arguments: Companies save money by not having to buy the devices for their employees. Employees like it because they get to decide what apps to use at work, and they get to use their devices to check their personal e-mail and social media.

By 2016, the typical mobile-device owner will surf the Web six times and download 14 times more megabytes as they did in 2011, according to a March 2012 study.

Such a prediction means the BYOD trend helps raise serious questions:

1. Too much demand on a company’s wireless networks. Experts say such use by the additional handhelds threaten to place too much demand on wireless networks.

2. Privacy is in doubt at many companies. Many businesses have privacy challenges complying with the payment card industry (PCI) and Health Insurance Portability and Accountability Act (HIPAA). Enforcing PCI and HIPAA policies are more difficult with devices not owned by the company.

Consider this alarming HIPAA topic: Lesson about Passwords after Theft of 16,000+ UCLA Patient Records.

3. Security of personal devices connected to your enterprise network is questionable. That’s why many information security professionals derisively refer to BYOD as “bring your own disaster.” Many companies are joining the BYOD trend, but they’re forgetting about security.

Such fears were confirmed in an Onforce poll: “Businesses Allow More Personal Tech But Overlook Security.” The poll featured the opinions of more than 500 IT professionals. More than 50 percent of respondents say there’s been a 25 percent increase in setting up personal handhelds. Just 31 percent say they’ve been asked to implement security for the handhelds.

Staying on top of the dynamic changes – new types of technology – creates overwhelming pressure on IT professionals. It’s a hardship on the techs in workloads and expenses. (See the Onforce-poll press release here.)

Further, Apple products are used most frequently as BYODs. But Apple devices aren’t nearly as secure as a myth indicates.

Given the massive cyber attacks on business, BYOD also creates unnecessary headaches.

From the Coach’s Corner, more security food for thought:

• Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy? 
• Identity Fraud Escalates in Smartphones, Social Media
• Internet Criminals to Pose Bigger Threat than Terrorists – FBI
• 5 Safety Measures to Thwart Mounting Social-Network Attacks

“When you link up to another computer, you’re linking up to every computer that that computer has ever linked up to.”

-Dennis Miller

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Identity Fraud Escalates in Smartphones, Social Media

 

Updated – March 30, 2013

Skyrocketing mobile malware threats amid widespread use of BYOD, bring your own devices, will lead to a $1.88 billion services market in 2013. That’s according to ABI Research.

Cybercriminals are successfully attacking vulnerabilities in individual devices and networks to an ABI report.

“Isolated and standalone security solutions will work for the individual consumer, but for organizational applications and carriers, mobile security services will take the lead,” says Michela Menting, ABI Research’s senior analyst in cyber security.

The epidemic isn’t new.

There’s been another global cybercrime assault on smartphones, according to a government task force, which includes the FBI. The Internet Crime Complaint Center (IC3) waived a big red flag. In particular, it’s a threat to Android users. As a result, IC3 issued security tips for users.

Wait, there’s more.

Identity fraud jumped by 13 percent – claiming 11.6 million American adult victims in 2011, according to a study. The report indicates smartphone and social media users were heavily victimized.

The study shows seven percent of smartphone users were affected. Javelin Strategy & Research (www.javelinstrategy.com), a San Francisco bay area firm, conducted the study.

“Consumers must be vigilant and in control of their personal data as they adopt new mobile and social technologies in order to not make it easier for fraudsters to perpetrate crimes,” said James Van Dyke, president of Javelin.

Here’s an excerpt of Javelin’s four main takeaways:

Identity fraud incidents increased, amount stolen remained steady – The number of identity fraud incidents increased by 13 percent over the past year, but the dollar amount stolen remained steady.

Social behaviors put consumers at risk – Specifically, 68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet’s name – all are prime examples of personal information a company would use to verify your identity.

Smartphone owners experience greater incidence of fraud – The survey found seven percent of smartphone owners were victims of identity fraud. This is a one-third higher incidence rate compared to the general public.

Part of this increase may be attributable to consumer behavior: 32 percent of smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen—enabling anyone to access their information if the phone is lost; and 32 percent save login information on their device.

Data breaches increasing and more damaging – One likely contributing factor to the fraud increase was the 67 percent increase in the number of Americans impacted by data breaches compared to 2010. Javelin Strategy & Research found victims of data breaches are 9.5 times more likely to be a victim of identity fraud than consumers who did not receive such a data breach letter.

So, hang onto your smartphone — and consider precautions with your smartphone security and social media sharing.

From the Coach’s Corner, here are related resources:

• Our Mobile-Banking Warnings about Security Prove Prophetic
• Using Starbucks’ WIFI? Security Pro Issues Warning and Security Checklist
• 5 Safety Measures to Thwart Mounting Social-Network Attacks
• Who Profits from Android’s Security Issues? Not Users.
• Internet Criminals to Pose Bigger Threat than Terrorists – FBI
• New Cyber Attacks: Tips For Internet Security
• New Cybercrime Serves as Warning to Take Defensive Precautions
• Lesson about Passwords after Theft of 16,000+ UCLA Patient Records
• Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy?

 

“There’s a lot of weirdos on the Internet.”

-Miss Texas Teen USA (1998 pageant)

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Internet Criminals to Pose Bigger Threat than Terrorists – FBI

 

Updated May 10, 2013

A Web security study finds that the vast majority of organizations that allow employees to freely access the Web are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords.

Web-borne attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities.

Little wonder the U.S. government along with state and local agencies, businesses and consumers should all heed ominous testimony before Congress. FBI Director Robert Mueller warned “the cyber threat will equal or surpass the threat from counter terrorism in the foreseeable future.”

That was his January 2012 message to U.S. House Permanent Select Committee on Intelligence  in discussing the importance of the Internet.

“The theft of intellectual property, the theft of research and development, the theft of the plans and programs of a corporation for the future, of all which are vulnerable to being exploited by attackers,” Mr. Mueller testified.

Mr. Mueller warned it’s imperative for the FBI and federal government to get more proficient in analyzing, gathering and sharing information. He also requested appropriate legislation.

Indeed, we see proof of his admonition in news headlines almost daily, which has prompted countless Biz Coach columns about cyber attacks with tips for Internet security.

The most-read Biz Coach topic of all time quoted Dr. Stan Stahl, a nationally recognized security expert, in using Starbucks’ WIFI? Security pro issues warning and security checklist. Also highly read is our mobile-banking warnings about security prove prophetic.

“In the last several weeks, we’ve seen successful distributed denial of service (DDoS) attacks against banks, governments, law enforcement and the entertainment industry,” said Dr. Stah in Los Angeles.

Don’t forget about healthcare. It’s vital to understand why many healthcare workers are responsible for an alarming trend: Medical ID theft. Here’s a lesson about passwords after the theft of 16,000+ UCLA patient records.

“We’ve seen Israeli and Palestinian cyber-vigilantes launch DDoS attacks against each other’s web sites,” he explained.

“What happens when radical organizations discover they can launch a DDoS attack against their enemies?” he asked. “We should not be surprised to see the Internet become a battleground in America’s culture wars.”

Key questions

Dr. Stahl recommends that all organizations answer four key questions:

1. Are we gathering the information we need to understand our cyber threat and the quality of our cyber defenses?
2. Are we effectively analyzing this information, using it to better secure our information?
3. Are we sharing it with the necessary parties?
4. In particular, is management getting the information they need to proactively manage information risk?

“One highly critical defensive measure, for example, is to rigorously keep software patched,” he added. One of the easiest ways for a cyber criminal to take control of a computer is to exploit a vulnerability in unpatched software.”

Dr. Stahl’s firm, Citadel Information Group, is regularly asked to help businesses.

“Patching needs to be on the weekly must-do list of every IT department and IT vendor,” he explained. “Yet, when we assess the patch levels of organizations, we are not surprised to often see more than 100 unpatched vulnerabilities on desktops.”

Questions for IT departments

To information technology departments, he poses these five questions:

1. Does IT gather vulnerability information?
2. Do they analyze it, taking appropriate action to keep vulnerabilities to a minimum?
3. Is it shared with senior management?
4. Does senior management know that IT must patch vulnerabilities to comply with laws like HIPAA HITECH or contractual obligations like the payment card industry’s data security standard?
5. Does senior management regularly monitor “weekly vulnerability trends?”

“Human nature being what it is, cyber crime and hacktivism will likely get worse before things get better,” he concluded. “While we can hope to avoid cybergeddon, we also have to remember that hope is not a strategy.”

Amen. You can keep yourself updated by subscribing to Dr. Stahl’s Weekend Patch and Vulnerability Report.

From the Coach’s Corner, here are more Internet security resource links:

• Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy?
• 5 Safety Measures to Thwart Mounting Social-Network Attacks
• Security Precautions to Take Following Citibank’s Second Reported Online Breach

“Security is, I would say, our top priority because for all the exciting things you will be able to do with computers…organizing your lives, staying in touch with people, being creative…if we don’t solve these security problems, then people will hold back. Businesses will be afraid to put their critical information on it because it will be exposed.”

-Bill Gates

 

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Tips For Internet Security to Prepare you for New Cyber Attacks

 

Updated June 3, 2013

Do you need more evidence to be diligent in using best practices for security on the Internet?

Consider four examples:

1. According to a Web security study in 2013, Internet attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities.

2. As much as $1 million was reportedly stolen and given to charity after thousands of credit card numbers and other personal information were hacked from security think tank Stratfor by the furtive cyber group calling itself Anonymous. (Of course, all it did was hurt the charities because they had to expend valuable resources – time and money – in refunding money to the credit card holders.)

3. Bloomberg reported that commerce is active on criminal trading sites – as much as $3.50 is paid for each stolen credit card.

4. US-CERT reports that spear-phishing attacks have been launched on members of the United States Automobile Association (USAA). Cybercriminals are trying to trick USAA members into opening e-mails by using “Deposit Posted” in the subject line. The e-mails are designed to trick USAA members into opening attachments that contain malware. Once unleashed, the activated malware invades the victims’ computers searching for their sensitive personal information.

“Readers should remain on alert to keep safe from attacks by following the following three basic rules,” writes nationally recognized security expert, Dr. Stan Stahl of Citadel Information Group in Los Angeles.

His basic rules:

1. Do not open attachments in emails unless the email is expected. Do not click on links in unexpected emails. Attachments and links can be booby-trapped. When in doubt check with the sender.
2. Keep systems updated with the latest software versions.
3. Keep anti-malware solutions up-to-date. Consider moving to advanced host-based intrusion prevention.

You can sign up for his “Weekly Patch and Vulnerability Report” and his blog at www.citadel-information.com.

Actually, most small businesses make you vulnerable to credit card fraud and identity theft. So businesses need to be diligent, too, and prepare with precautions and response philosophy.

(Note: I’m very familiar with Dr. Stahl’s expertise. He is a fellow member of Consultants West, www.consultantswest.com, a roundtable of veteran consultants in the Los Angeles area.)

From the Coach’s Corner, here are more resource links:

• Security Precautions to Take Following Citibank’s Second Reported Online Breach
• Why Many Healthcare Workers Are Responsible for Alarming Trend: Medical ID Theft
• Lesson about Passwords after Theft of 16,000+ UCLA Patient Records 

“You can’t hold firewalls and intrusion detection systems accountable. You can only hold people accountable.”

-Daryl White

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Who Profits from Android’s Security Issues? Not Users.

 

Updated – Oct. 16, 2012

The security hits on Androids just keep on comin’. A government task force, the Internet Crime Complaint Center (IC3) has issued a dire warning about malware. In particular, it’s a threat to Android users. As a result, IC3 issued security tips for users.

There’s also a version of the OpFake malware for Android – it’s incorporated in the Opera Mini mobile browser, according to ZDNet. Users don’t know anything’s wrong until they use the legitimate software.

Android user beware: other security applications are fakes, too – they’re Zeus malware. Known as “Android Security Suite Premium,” they confiscate new SMS messages to the Android user.

Messages can include passwords and other sensitive data, according to Kapersky Lab Security News Service.

Countless headlines detail the cyber dangers of Android-based devices, which is why it was announced in late 2011 that 22 applications were taken off the market by Google. The operating system’s issues stemmed from malware infections.

So who can benefit? Certainly it isn’t Android users.

“We continue to advise readers to be very cautious in downloading Android applications,” wrote Dr. Stan Stahl on his blog. “Applications should be downloaded only from ‘official’ stores and only after they have been ‘vetted’ as legit,” wrote the nationally known security expert.

Google removed the apps from its Android market after they fooled users into accepting hidden, fraudulent charges.

The biggest operating-system competitor to Google’s Android: Apple’s iOS.

Published reports indicate Microsoft is actively pursuing opportunities to capitalize on Android’s woes.

Research in Motion (RIM) has its woes with Blackberry profitability. New products are slow to market. As RIM’s phones age and need to be replaced by business users, Apple’s products might become even more attractive in the corporate world.

And if the vulnerabilities aren’t resolved, both Apple and Microsoft should be in a position to profit.

From the Coach’s Corner, security resource links:

• New Cybercrime Serves as Warning to Take Defensive Precautions
• Why Many Healthcare Workers Are Responsible for Alarming Trend: Medical ID Theft
• Our Mobile-Banking Warnings about Security Prove Prophetic

“Distrust and caution are the parents of security.”

-Benjamin Franklin

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Risk Management – Picking the Best Cloud Storage Provider

 

There’s been quite a buzz about using the cloud. Personally, I’m still not sold on using cloud services for many businesses. There have been too many problems, and I prefer to maintain controls to alleviate uncertainty in business.

Not to mention one of the lessons I learned very early — when there’s a lot of hype like there is with the cloud — go slow with due diligence.

Frankly, I’m not alone. A heavily credentialed expert performed a study and provides this surprise: Open source technology is preferable to the cloud.

But if you feel you must go the cloud route, remember choosing the right cloud storage provider is a must for risk management.

You have a vast array of options. Cost is important, of course, but so are your company’s risk-management needs – just like the federal government.

It’s taken two years, but now the government has launched FedRamp, the federal risk and authorization program. It established security standards for providing cloud services to the government. FedRAMP also provides agencies with monitoring tools to insure continuous compliance with security standards.

Those are important considerations.

So what about cloud risk-management for your business?

Here are basic questions to ask of your potential cloud provider:

1. If they’re a large provider, has the vendor been qualified by FedRAMP?
2. What is the company’s financial situation? According to federal data, there were 1,467,221 bankruptcies last year. Of which, 49,895 were business bankruptcies. Have a frank discussion with the supplier. Find out if they expect to gain or lose business in the next year. And ask about their cash flow, and for references regarding the status of their banking relationships.
3. What would be their total charges? Is it a flat fee? What are the additional costs for storing each gigabyte or for transferring data?
4. What about the security of their services, privacy commitment and data protection, and what does their service level agreement (SLA) provide? Keep in mind commitments for performance and reliability, and what happens if they fail to perform according to the SLA.
5. What do they provide in the way of data availability each month? What will be the percentage of time you will be able to get into your data or add new data?
6. What do they provide in data transfer rates? Data storage is important, but so is your ability to rapidly transfer your data.
7. What level of data durability do they offer? That is the amount of potential data loss from data corruption.
8. Does the vendor provide data shuffle or bare metal service? This service is a hard copy backup. Will you be able to present a hard-drive data copy to the cloud or will you be able to retrieve a copy of your data?
9. What do they support in operating systems? Make certain they’re capable of working with all your operating systems.
10. What are their backup services? You’ll have problems if they simply backup your data. You’ll also want assurances that they will back up all your computer applications and operating system, and will provide virtual servers for crashed systems.

From the Coach’s Corner, here’s a recommended article: How Small Businesses Can Capitalize on Cyber Strategies for Profit.

“It’s not a faith in technology. It’s faith in people.”
-Steve Jobs

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry. 

More Cybercrime Serves as Warning to Take Defensive Precautions

 

Updated Sept. 20, 2012

Cybercrime is only getting worse.

From both sides of the Atlantic Ocean, here are two examples:

In New York, six Estonians and one Russian were charged by authorities with cybercrimes on a massive scale. Victims include the National Aeronautics and Space Administration, other government agencies, businesses and 500,000 people. 

In the U.K., 13 people were sentenced to jail terms over their use of malware in banking fraud totaling 2.9 million British pounds, or $4.6 million. Hundreds of people were victimized. 

These stories are another lesson to take cybercrime seriously.

For best practices in thwarting cybercriminals, I always turn to nationally recognized security expert, Dr. Stan Stahl, of Citadel Information Group in Los Angeles.

His tips:

1. Keep systems patched with the latest updates. (His security blog, Weekend Vulnerability and Patch Report, lists major updates for software typically found in small offices and home computers.)
2. Run up-to-date anti-virus anti-malware software – or what is even better, a strong intrusion detection and prevention solution.
3. Use strong passwords for access to sites with sensitive information. Password length is more important than randomness; size matters. ‘2HelloPepper#’ is a much stronger password than “Ab$%16vF” plus it’s a lot easier to remember.

“Be extremely sensitive to social engineering attacks,” Dr. Stahl adds. “Don’t open email attachments or click on links in emails unless the email is from someone you know and is expected.”

For more of Dr. Stahl’s insights, visit his Web site.

(Note: Dr. Stahl is a fellow member of Consultants West, www.consultantswest.com, a roundtable of veteran consultants in the Los Angeles area.)

From the Coach’s Corner, here are more security strategies:

• Security Precautions to Take Following Citibank’s Second Reported Online Breach
• Why Many Healthcare Workers Are Responsible for Alarming Trend: Medical ID Theft
• Lesson about Passwords after Theft of 16,000+ UCLA Patient Records
• Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft – Study
• Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy?

“Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers.”

-Chris Pirillo

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry. 

 

Lesson about Passwords after Theft of 16,000+ UCLA Patient Records

 

Updated – Oct. 20, 2012

Unfortunately, we’ve learned another lesson about passwords at the expense of 16,288 patients who’ve been treated at UCLA’s network of hospitals and clinics.  The patients’ sensitive information are in the wrong hands following a burglary of a doctor.

The information was on the computer hard drive stolen from a doctor’s home, according to an article in the The New York Times (U.C.L.A. Health System Warns About Stolen Records).

Medical records of the patients included addresses, birth dates and medical information covering July 2007 to July 2011.

The possible good news: The personal medical data was encrypted.

But the alarming news: A piece of paper containing the password to the medical records was missing from the doctor’s home.

“Rule 1 is never write down passwords,” warns nationally known security expert Dr. Stan Stahl, of Citadel Information Group in Los Angeles. 

“Rule 2 is – if you’re going to break Rule 1 – do it securely,” he adds. 

“If you must write a password down, write it on a piece of paper the size of a credit card and keep it in your wallet with your credit cards and your driver’s license,” explains Dr. Stahl. “And just write the password: write ‘15Blah-blah-blah’ not ‘my laptop password is ‘15Blah-blah-blah’.” 

You can get more of Dr. Stahl’s insights on his security blog and his Web site.

(Note: Dr. Stahl is a fellow member of Consultants West, www.consultantswest.com, a roundtable of veteran consultants in the Los Angeles area.)

From the Coach’s Corner, here are additional cybersecurity tips:

• Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft – Study
• Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy?
• Security Precautions to Take Following Citibank’s Second Reported Online Breach
• Our Mobile-Banking Warnings about Security Prove Prophetic

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

-White House Cybersecurity Advisor, Richard Clarke

 

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Next Page »