Tag
security

What Can You Learn from JP Morgan’s Data Breach

JP Morgan Reports Largest Data Breach Ever Recorded

On the heels of the Home Depot data breach comes another case of customer data being compromised, this time from the largest bank in the United States. JPMorgan Chase reported that information from more than 76 million households and 7 million small businesses may have been compromised when hackers gained access to its systems on an administrative level.

Account holder names, addresses, phone numbers, and email addresses are thought to have been revealed, as well as internal notes about those account holders. JPMorgan Chase asserts that there is no evidence that information like account numbers, passwords, birth-dates, or social security numbers was leaked in the breach.

What This Means for Business

As TechTarget pointed out, in both the Target and JPMorgan Chase data breach, no full-time Chief Information Security Officer (CISO) was overseeing operations. In the wake of these breaches, businesses are beginning to realize the important role risk management and security play in business today. In the coming years, businesses will likely see the CISO role become a very important specialty in the field of technology, attracting higher salaries and the best talent in the field. For small businesses, these duties will be entrusted to the provider, who will staff the best and brightest to oversee cloud servers for a large number of clients.

How to Protect Yourself

Without information like social security numbers and birth-dates the collected information isn’t enough in itself to risk identity theft, experts say. However, a JPMorgan spokesperson points out that consumers should always keep an eye on their accounts. The biggest problems may come from the email addresses that were compromised in the breach, with this information potentially being used to launch phishing attempts. Through these attempts, information such as social security numbers and account passwords could be obtained. Small businesses should remind users to never click on links or download attachments from unknown parties. When they receive an email about an existing account instead of clicking on the link on that email, users should always go to the site on their own and update any information there.

Safeguarding your business’s applications and systems is your business’s top priority, since securing your own customer data is an important part of your long-term success. By ensuring that your employees keep their own passwords as secure as possible by avoiding phishing attempts, you’ll be taking a vital first step. When working with a cloud provider, be sure to ask questions about the role they take in preventing hacking attempts and keeping your data safe.

Tired of Passwords? These Technologies Aim to Help!

Tired-of-Passwords--These-Technologies-Aim-to-Help

With the average user dealing with at least 40 separate online accounts, it’s no wonder many Americans are feeling password fatigue. To try to make things less complicated, some users have chosen to use the same password and username for every account, but this can pose a security danger to both consumers and businesses. Another alternative is to make a list and keep it locked away somewhere, but there’s no guarantee that list won’t become compromised someday.

Technology is offering several different solutions to the problem, making it easy for users to maintain dozens of passwords without risking a data breach or hacking attempt. Here are a few current technologies that could make password management easy.

Smartphone via NFC

With 74 percent of consumers now owning a smartphone, these devices could provide the answer to the world’s password woes. Using Near Field Communication or SMS messaging, a device owner’s smartphone can communicate with a nearby PC using Google’s tap-to-unlock.

Smartphone via Token

With services like Ping Identity, users are authenticated through a one-time token that is sent to a device. A swipe of the finger unlocks the token and lets the user log into any service or system. The technology is targeted to the enterprise environment.

Biometrics

Using fingerprints or iris scans to authenticate users sounds very sci-fi, but the technology is already in use in some places. Fingerprint technology has taken off, appearing in mobile devices and laptops already, but iris scanners are still slow to take off. Both technologies haven’t been proven to be 100 percent foolproof, but consumers love the ease-of-use of both methods.

Digital Tattoo

In the future, a tattoo could be something more than a way to show your personal taste. A digital tattoo is a sticker that lasts a limited number of days and communicates directly with your mobile device. Motorola’s Digital Tattoo costs $1 and lasts up to five days, but experts wonder if consumers will be willing to wear a sticker all day for the luxury of avoiding passwords.

Password Pill

With the password pill, you actually swallow an electronic device that can send signals through your skin. While the pill can make authentication effortless, it’s unlikely most consumers will be comfortable ingesting a device that communicates with their electronics.

Voice Printing

Through voice recognition, a user can simply speak a passcode and unlock a system. VoiceKeyID from Porticus is available for mobile devices and embedded platforms.

Brainwaves

Imagine being logged in by merely thinking your password. That is exactly what brainwave authentication aims to do. The technology was demonstrated at the University of California Berkeley School of Information, but the user has to wear a headset for it to work.

Major Software Bug Could Affect Your Business

Shellshock

A vulnerability discovered in some Linux and Apple operating systems could put your business’s computers at risk. The bug was found in a software component called Bash, which is part of many instances of these operating systems. Once exploited, this vulnerability could be used by hackers to gain access to your individual systems.

About Shellshock

Going by the name Shellshock, the bug is found in Bash, a shell command line tool in Unix-based systems. Hackers have been able to remotely control users’ systems, with reports stating that exploits are currently under development to take advantage of the open access to so many systems. These exploits will allow hackers to gain user passwords and install DDoS bots.

While Windows-based PCs aren’t among the list of affected devices, businesses should be concerned about their servers, since many servers use Apache. Apache contains the Bash component. In total, experts estimate 500 million machines could be vulnerable to Shellshock.

What Can You Do?

If your machines are behind a firewall, you already have a major protection in place. Apple has assured its users that the vast majority are safe from the vulnerability, since OS X systems are safeguarded by default. Those users who have configured advanced UNIX servers may be vulnerable, however. Apple is working on a patch to safeguard those systems.

Experts are concerned that as users rush to patch affected systems, hackers will make the most of the short window of opportunity to wreak havoc on systems. The most vulnerable systems are likely those servers and applications that are running Bash without administrators being aware of it. For that reason, server administrators must take the extra effort to protect their servers.

Vendor Patches

The first thing a business can do is check with its vendors to see if a patch is available for their products. In the instances where data is stored with a third-party cloud service, businesses should be proactive in ensuring their data and devices are safe from attack. If you’d like to check to see if your computer is running Bash, this article should help.

As more information becomes available about Shellshock, businesses will be equipped to deal with the issues. For small businesses, turning server operations over to a highly-experienced cloud services provider can be a great way to ensure your systems are safe whenever vulnerabilities like Shellshock emerge. Because applications are often built by vendors, however, many businesses are often left uncertain about what technology their systems is actually running when news about vulnerabilities like this one emerges.

5 Million Gmail Usernames, Passwords Hacked! What to Do Now?

 

Gmail Hacker

The news that five million Gmail usernames and passwords were stolen alarmed many in the industry. If Google’s servers aren’t safe, whose are? But Google quickly followed up the news with an announcement that the information was taken from a website not belonging to Google. The company has searched its own systems for signs of a compromise and have found nothing.

What to Do Now

Since Gmail powers many workplace email accounts, it’s important that businesses first protect any email accounts that might contain company data. Even if one employee is using a Gmail account for work duties, that employee should take measures to ensure his account is protected. To be safe, business leaders should send instructions to all employees on safeguarding their Gmail accounts, even if they don’t use them for work purposes.

Protecting your Gmail account is easy. The first step is to change your password, which can be done by clicking the down arrow next to the gear in the top-right corner. Choose Settings, then Accounts and Import. Change Password is at the top. You’ll be prompted to enter your old password and your new one twice. Try to shoot for a “Strong” password rating. Once you’ve changed your password, you’ll be taken to another settings screen. If 2-Step Verification is disabled, click the link to set it up and go through the steps. You’ll be notified via phone call or text message every time someone tries to access your Gmail through an untrusted device.

User Security

To help their own systems remain secure, businesses should urge employees to use passwords that are difficult to guess. Administrators can set this up as a requirement on all applications and file servers, making each employee have a combination of letters, numbers, and special characters in every password.

Another trap business users fall into is that of using password keepers. This is a solution to the many passwords we’re all required to keep up with, letting users remember one strong password to access all sites and applications. While acknowledging the usefulness of such tools, it’s important that businesses explore the encryption being used by the particular password keeper being used. If your administrator is responsible for keeping up with everyone’s master password through a console, the security on the console should be investigated, as well.

The Gmail breach is yet another reminder of how vulnerable electronic systems are. If your business employs the best industry-standard software for security and encourages safe password polices, your users can stay safe during large-scale hacking attempts.

Should Your Business Accept Bitcoins?

You’ve probably heard of bitcoins.  But what are they, really?  It’s hard to explain so let’s watch this video.

watch?v=Y-w7SnQWwVA

There’s an old saying that everything is worth what its purchaser will pay.  Bitcoins are a great example of that.  They first started trading a few cents apiece.  As of May 23rd, 2013 they are trading at $126 to one bitcoin.

So the real question is: should your business accept them?  In my personal opinion, I’m going to have to say no.  Recently in the news, bitcoin exchanges have been shut down .  Also, because the volatile nature of bitcoins, you may end up worrying about the market rate rather than running your business.

On the other hand, most businesses that accept bitcoin see such transactions as a very small percentage of their total revenue.   However, the fact that bitcoins are untraceable currency from the ether (most currencies are) attracts less than upstanding citizens.

Is Cloud Accounting Right For You?

Everything seems to be going up into the cloud.  Is accounting in the cloud for you?  Should your books be accessible from anywhere?  Here are a few things you should know before answering those questions.

So Who Owns What?

Unlike desktop versions of software, cloud based products tend to be subscriptions based.  People still run their old versions of Quickbook and Word that ran on Windows 95.  This won’t be the case with cloud based software.  The advantage of this is that with cloud based software like Office 365, you can pick and chose what features you want.  Desktop software tend to come out in one format or a tiered system.  Now you can pick and chose what you pay for.

Where Is Your Data?

If you’re using a cloud based software, then your data is stored offsite.  It’s not on your local hard drive.  It’s some where out there, in the cloud.  So is it secure?  Well, you paying another company to store your data and give you access to it all the time.  This is the biggest crux that the cloud community has to deal with.  But think about your ATM.  You could have all your money stored locally, like in a shoe box under your bed.  Or you give it to your bank and they give you access to your money via tellers, ATMs, etc.

Who Is It for?

In my opinion, cloud based software is really for the medium guy.  If you’re a tiny business and you can count your daily sales on one hand, then this isn’t for you.  A simple double ledger spreadsheet in Excel would do you better.  If you’re a mega-corporation then you would build or higher your own accounting department and have an in-house system.  However, the medium business that is always on the go and in flux will have use for a cloud based accounting system.  As your business grows and changes the cloud is more apt to scale.  It’s going to be easier than making that tough choice to spend a whole lot of money on a software upgrade.

The Curious Case of the Call Center Fraud

As long as there has been money there has been people looking to making by means that are less than ethical.  Now, with all the technology people half a world away can can attempt to pick your pocket.

I happened to come across a new type of call center fraud.  Well, it’s actually a twist on an old trick.  Con-men calling you up at home in an attempt to sell you something you don’t need or to gain personal information is nothing new.

However, the twist is that they try to have you open up a backdoor for them into your personal computer.  They come under the guise of saying that they are calling from Windows Tech Support.

They then usually say that they’ve received reports that your PC is under assault by viruses, from the Internet no less.  After that, they direct you to a web to download some variant of remote access software, programs that let someone else directly control your computer from across the Internet.

There are plenty of legitimate reasons for doing this, like IT support.  But let it be known that IT support will never call you unless you them first.

To stay safe, best to never install software direct to you by someone you don’t know on the phone.  It may sound like common sense, but it can be hard to turn away someone who’s calm, polite, and pretending to help you.

In fact, many of these scammers can be so persistent and calm that there is a whole subculture that revolves around messing with them.  Click here for a laugh.  Trust me, I didn’t cold call you on the phone asking for your credit card number.

Staying Safe This Holiday Shopping Season

It’s that time of year again.  Whenever you walk into a big box store you hear that music playing, people are ringing bells outside, and you’re looking for gifts online.  Now, more than ever one must be careful when making purchases.  However, you can thwart these thieves and scam artists hoping to cash in on your holiday cheer by following a few simple rules.

1. When Purchasing always look for the SSL

SSL stands for Secure Socket Layer.  It’s security method that restricts other computers from accessing information during a transfer.  You can see if SSL is enabled by looking for a padlock symbol or by checking if the URL (address bar) is preceded by HTTPS:// which indicates a secure portal.  This isn’t a sure fire way, but it’s a start.

2. Never give out your credit or debit card numbers over e-mail

No reputable retailer asks for credit card information via e-mail.  If they’re worth their two cents then they’ll set-up a secure portal like the one mentioned above.  Honest retailers will also never ask for your social security number.  The more information someone is asking for, the more likely they are phisher, an online data miner looking to steal and sell personal information.

3. Above all else: Use common sense

The greatest defense against an online thief is common sense.  With the number of online retailers there are out there, the moment you sense something fishy just move on.  Look online for reviews of companies to make sure they are on the level.  The Better Business Bureau is an excellent resource.  If it looks too good to be true, it probably is.

Happy Holidays.

Don’t Get Caught in the Malnet!

The prefix mal comes from the Latin for bad.  Anything with mal in it is bad news, malcontents, malnutrition, Mal Reynolds.  Now there are malnets.  Malnets are complex systems of servers and domains that are continuously on the attack.

It is estimated that this year, the majority of all spam will come from these malnet systems.  For example, Rubol a known malnet was found to have 476 unique domain names.  That’s a lot of vectors of attack.  A malnet was found to be the culprit in the MySQL.com attack.

So what do you do?  How can you protect your businesses infrastructure against such an organized malware ecosystem?

Most malnets are actually nets, malicious traps.  Don’t fall into the trap.  Rubol’s 476 domain names were fronts, mainly offering deals or quick cash.  You might be thinking only a fool would fall for a something that’s too good to be true.  However, some of these sites disguise themselves as legitimate businesses offering good deals.

The next step is to really isolate your sensitive data from the Internet as much as possible.  The easiest way to do that is move customer data onto a removable storage device.

Keeping your security software up-to-date is also a boon to the safety of your data.  And last of all, when in doubt, don’t click on it.

 

 

Mountain Lion Arrives

The newest Apple operating system, OX Mountain Lion, is now available, and, while it doesn’t represent a huge departure from previous Macintosh systems, the consensus among reviewers is that the upgrade is well worth the $19.99 price tag.

One of the most significant new features from the predecessor Lion operating system is Gatekeeper, a security system designed to keep out malware. Aside from screening for known threats, it lets users choose their level of security by instructing the computer to open apps downloaded from the Mac App store only, from the app store and Apple-approved developers, or from anywhere.

Mountain Lion also takes a step closer to the iOS software found on iPhones and iPads. Like those mobile devices, computers with the new system will have access to iCloud functions, giving users easy access to the same apps, message services and games from all their devices. The OS also features a Notification Center that pulls updates from various apps together in one place.

Unlike Windows 8, Mountain Lion is more of an update than a whole new product. Still, PC World has an interesting list of features that the Windows system might be well advised to copy from it. That includes the Notification Center, access to text messages and voice dictation, and AirPlay Mirroring, which makes it easy to send video from one device to another.

In the spirit of the internet’s increasing dominance of all computing functions, Mountain Lion can only be purchased at the Mac App store and isn’t available on any physical media. Of course new Macs will come with the operating system installed.

Page 1 of 212

Subscribe To Our Monthly Newsletter

Thank you, your sign-up request was successful! Please check your e-mail inbox.
Given email address is already subscribed, thank you!
Please provide a valid email address.
Please complete the CAPTCHA.
Oops. Something went wrong. Please try again later.