Safeguarding Your Security and Privacy at Work and at Home

SECURITY TM

SmartNEWSLETTER SAFEGUARDING YOUR SECURITY AND PRIVACY AT WORK AND AT HOME Mobile Phone Do’s and Don’ts Whether using your mobile device for business or pleasure, make security a priority.

Now that many organizations are allow- Connect to the Internet using a phone V. Jay LaRosa, senior director of ing employees to use their own mobile via an untrusted wireless hotspot. You’re converged security, architecture, devices for work, keeping those devices not using your own, so you have no idea Automatic Data Processing Inc. secure has become imperative for both who’s listening in on that. It’s so easy for personal and professional reasons. In someone in a car to listen in with a very DO: Set up your mobile device with addition to learning and adhering to simple and cheap device. a PIN and a remote wipe service. Most enterprises require this, but this can your employer’s policies when using Bill Thirsk, vice president of IT and also be done for your personal device your device for work purposes, take CIO, Marist College into account the following tips from with apps like “find my iPhone.” If your security experts: DO: Set the device to auto-lock. This device is ever lost or stolen you want to works in combination with the passcode. make sure it is hard to get into. Richard Greenberg, information If the device is inactive for a few minutes, DON’T: Respond to or click links in security officer, Los Angeles County setting the auto-lock will require the unsolicited text messages. If your pro- Public Health passcode to be entered to gain access to vider will allow you to block text DO: Most obvious, or it should be it again. The timeout should be short; a messages from certain numbers, use obvious, is password protect the phone. minute or two is best. that feature to stop future unwanted This is too often forgotten, resulting in Set the device to auto-wipe after messages from specific numbers. Once potential identity theft. several invalid password attempts. This you respond [to text messages], the Set up the remote wipe capability built will remove all user data. Enabling this people on the other end may barrage into many phones, which is great for feature will effectively prevent unauthor- you with more unwanted messages, peace of mind in case of a lost device. ized use, prevent access to your data or sell your live number. Some phones have this capability; with and block repeated attempts to crack Jailbreak your phone [modify it to others it has to be downloaded. a passcode. avoid limitations placed on it by your Make sure you have access to data DON’T: Leave the phone unattended. carrier]. You are opening yourself up to backup systems from the phone, and It only takes a few seconds for a thief a world of unknowns. If you venture make sure to back up data regularly. If to pick up a phone. You should always outside of the protections that the the only place you have the data is on have your phone with you, even if provider affords, you are putting your the phone, it could be lost permanently. you’re just stepping away for a few device at additional risk from unknown DON’T: Rely on mobile banking. I seconds in a public setting. Keeping vulnerabilities or opening additional would recommend people do their your phone physically secure will go a access that could not normally be banking from a PC they trust. long way toward protecting your data. exploited by an attacker.

To purchase an individual subscription, email [email protected] for more information. SUMMER 2013 Security Smart 1 Take Out Cash Safely Preserve and Protect Card skimming at ATMs is an increasingly popular Keep company information out method for stealing money. Know what to watch for of the wrong hands. when you withdraw funds. You are your company’s first line of de- Depositing or withdrawing money ATM you are familiar with so fense against loss of intellectual property. from an ATM is so routine that that you’re more likely to notice Con artists are often very cunning, but your mind might be tempted to if something is amiss. Also, keep you can arm yourself with techniques to wander while you wait for your in mind that ATMs inside banks spot them. First and foremost, you need to bills to come shooting through tend to be safer, and stand-alone, know what information you should never the slot. But letting your guard non-bank-related ATMs are the surrender to outsiders, says Lynn Mattice, down can let unwanted criminals most vulnerable, such as those at managing director of Mattice and Associ- into your bank account. So-called convenience stores. ates, a consultancy specializing in enter- card skimmers work by modifying ➤ Protect your PIN. Skim- prise risk assessment. Here’s what he says the ATM’s hardware or software mers can also try to grab PIN you need to keep to yourself: or adding a separate card reader info by installing hidden cameras ❶ Information affecting the company’s that looks like the real thing. Their somewhere inside the machine, future that has not been made public. This equipment records the data from in the wall or even inside one of could be targets for mergers, acquisition the bank card’s magnetic stripe those racks of innocent-looking or divestiture, as well as new product de- and may also steal a customer’s pamphlets that sit off to the side. velopment or strategic new markets that PIN. This information lets them Get into the habit of covering your the company is developing. create dummy cards that they use PIN with your hand, even when ❷ Market or financial performance to drain the victim’s account. you are alone. Doing so may pre- data that hasn’t been officially released to Card-skimming is surprisingly vent a camera from detecting your the public. common and affects both con- code and may also stop another ❸ Personally identifiable information sumers, who lose their money, and type of nontechnical scam: shoul- about a customer, employee (including banks, who suffer a blow to their der surfing, which occurs when you) or anyone else affiliated with the reputation if one of their machines a person lurks nearby and simply company. is hijacked. watches as you punch in your PIN. ❹ Trade secrets. So how can you protect your- ➤ Avoid overly helpful ❺ Any information beyond what has self from card skimmers? people. Beware the good Sa- been authorized by the company for pub- ➤ Check for fake readers. maritan hanging out near the ATM lic release. What should you do if people Criminals might install fake read- who offers to help. In this scam, ask you for this type of information? Ask ers over the slot where the card is a doctored machine captures the them some questions. “Obtain sufficient swiped that can capture the card card and the victim is perplexed information from the individual making information. Another ruse is plac- as to why the machine is having the request to validate that they have a ing a fake PIN pad over the real problems. A helpful bystander right or a need to know the information,” one that can record PIN informa- will offer to help and ask for the says Mattice. tion as you type it in. person’s PIN. Once he has it, the If you know what to look for, card is as good as his. DID YOU KNOW? you can often spot these devices. ➤ Monitor your accounts. Thirty-five percent of For starters, see if you can wiggle Stay on top of your own financial data breaches the reader. A legit one should be records. Each month, check your in 2012 were the result of negligence sturdy. Criminals also might put bank statement for any withdraw- or human error and 29 percent were up signs that say “No Tampering” als that you didn’t make, and attributable to system glitches, according on machines they themselves have notify your bank immediately if to a recent study. However, malicious tampered with, to discourage any- you find any errors. Reporting attacks remained the single highest one who senses a problem from fraudulent activity quickly ensures cause of breaches, at 37 percent. trying to explore further. the best possible chance that you Source: The eighth annual Ponemon “Global Cost of a Data Breach” study Your best bet is to use an can recover your funds.

SUMMER 2013 Security Smart 2 Online Stolen Credit-Card Ring Exposed Vietnam-based conspirators allegedly had data on more than 1.1 million cards.

Law enforcement agencies in the United States, Vietnam provided to retailers when shopping online and paying via and the United Kingdom recently disbanded a crime ring credit cards, according to the office of the U.S. attorney for that had allegedly been selling online credit card details the district of New Jersey. since 2007. Data relating to more than 1.1 million cards was ob- The ring, which sold the credit card information through tained through hacking of commercial entities, the United two websites, is said to have caused more than $200 million Kingdom’s Serious Organized Crime Agency said. The peo- in fraudulent charges on credit cards issued in the United ple charged are alleged to have illegally obtained personal States and Europe. information, including purchasers’ names, addresses, credit Charges have been brought in a federal court in card information and Social Security numbers, from victims New Jersey against Duy Hai Truong, 23, of Ho Chi Minh City, in New Jersey, according to U.S. authorities. Vietnam, who is suspected to be one of the ringleaders. People wanting to purchase victims’ credit card informa- Additionally, three men were arrested in London and seven tion either accessed the hackers’ fraudulent websites or people were arrested in Vietnam in connection sent them an email requesting data, according to the FBI with the case. complaint. If convicted, Truong, who is charged with con- The alleged conspirators, who were based in Vietnam, spiracy to commit bank fraud, faces a maximum of 30 years obtained personal identifying information that consumers in prison and a fine of at least $1 million. On the Road with Your Computer These pointers will help you work productively and securely when you and your laptop travel together.

ª Internet Connections The trickiest bit rechargeable power pack. A spare battery then affix the lock. Most use keys, though of a business trip is often getting Internet is a simple fix, though it can be a hassle some come with combination locks. connectivity. While Wi-Fi hotspot access is to keep both charged. Rechargeable While the Kensington lock can deter generally fine, it can sometimes be flaky power packs cost more than replacement some thieves, it’s not much protection due to congestion or misbehaving wireless batteries, but their use of interchangeable against one who has some time alone access points in public locations, and there power tips means that they can be useful with your laptop. That’s why all data on can be security concerns. If a Wi-Fi hotspot even if you switch to a new laptop. a laptop should be properly encrypted with robust full disk encryption (FDE) isn’t working right, devote no more than ª Pack a Mouse and Keyboard Cover technology, a last line of defense against 10 minutes and one system restart to Despite the popularity of the touch data leaks should a laptop end up in the resolving the problem. After that, change interface, many people still prefer an wrong hands. Before you travel, check venues or switch to a mobile hotspot to external mouse. Standard optical mice in with the IT staff to make sure you’re make better use of your time. don’t track well on glossy tabletops, protected. ª DIY Hotel Wireless however, and it’s frustrating to pack a Depending on the hotel, Internet may be mouse and not be able to use it. Some ª Pick the Right Laptop Bag delivered to rooms using a wired Ethernet higher-end mice can track on reflective or A bag or case that’s designed to hold a port or Wi-Fi. Wireless offers convenience transparent surfaces, but budget-conscious laptop offers built-in padding to protect for laptop users, especially since many new travelers should bring a mouse pad. against bumps. The most versatile option laptops no longer have an Ethernet port. A keyboard cover will protect against is a bag with a detachable shoulder sling. Whether wired or wireless, a software cookie crumbs and coffee spills. These aren’t ideal for long treks, though, utility can create a separate Wi-Fi network ª A Lock Is Not Enough and they may attract attention in unsavory to deliver Internet access to tablets and Given the cost of a laptop and how easily areas. Backpacks designed for laptops are smartphones (ask your employer’s IT staff one can be spirited away, it makes sense to more comfortable to carry, but they don’t for help with this). Setting up a personal physically secure yours whenever possible. look as good with business attire. wireless connection can save you money Most have the Kensington lock—a small Frequent air travelers will want a bag on roaming charges. slot on the side that is specially designed with a slip pocket for sliding a bag over ª Bring Another Battery to prevent laptops from being stolen. a luggage trolley handle. Easy access Laptop batteries are not designed for To secure a laptop, loop the lightweight is necessary, too, as airport security longevity. To substantially increase running reinforced cable portion of a Kensington procedures often require fliers to place time, you need a spare battery or a lock around a fixture such as a table leg, laptops in a separate tray.

SUMMER 2013 Security Smart 3 Social Networks for Private People For privacy-minded folks who want to important dates, drawings and videos, those photos with your friends and family. communicate with friends and fam- along with regular text messages. Path. Perhaps the best-known private ily but aren’t interested in broadcast- Family Wall. If you’re looking for a social network is Path. This smartphone- ing their photos and thoughts, social slightly larger social network, FamilyWall based social network limits your friends networking options other than the helps you keep track of your entire fam- list to 150, the maximum number of ubiquitous Facebook and Twitter can be ily. In this private, Facebook-like social friends a human being can realistically very appealing. To share photos, videos network for families, you can add dates keep track of, according to studies. and status updates, check out these and events, photos, videos, contacts, Nextdoor. If you want to restrict your social networks that are designed for messages and even Foursquare-style social network communication to people close-knit groups who want to connect check-ins. You can also add “family you know in real life, the neighborhood with each other. landmarks” such as schools, doctors and social network Nextdoor might be right fitness centers. Couple. Formerly known as Pair, for you. Nextdoor requires all mem- Couple is a smartphone-based network 23snaps. Instead of posting photos on bers to verify their address (the service designed expressly for couples. In fact, Facebook or Instagram, try posting them sends a physical postcard with a code you can only have one friend on Couple: to 23snaps, a smartphone-based social on it) before allowing them to join their your significant other. Couple features network that lets you create a unique, pri- neighborhood group. As a result of this a timeline that’s a bit like a souped-up vate online photostream. 23snaps lets you structure, the only people you can talk text message exchange—you and your add photos, videos, and status updates to on Nextdoor are those who live within partner can add photos, reminders, to a special photostream and then share shouting distance of you.

Ten Tips to Reduce Your Risk of ID Theft Skipping the mall in favor of the Internet is the norm ❽ Monitor your credit statements monthly for any for many shoppers, but online credit-card users could fraudulent activity. be setting themselves up for identity theft if they ❾ Report unauthorized transactions to your bank aren’t careful. Here are 10 tips from the Internet Crime or credit card company as soon as possible. Complaint Center (IC3), a partnership between the FBI Review a copy of your credit report at least once and the National White Collar Crime Center: ❿ a year. ❶ Ensure websites are secure prior to submitting your credit card number. Look for the padlock icon in the URL. BUSTED ❷ Do your homework to ensure the website is legitimate. A phishing gang that stole and spent a British ❸ Make sure the business you are dealing with has woman’s life savings of $1.6 million has been handed a physical address, not just a P.O. box. heavy sentences by a London judge. The three gang members will spend four to eight ❹ Never throw away credit card or bank statements in usable form. years in prison, and the ringleader must pay back the stolen money. Be aware of missed bills that could indicate your ❺ The conspirators spent most of the money on a account has been taken over. lavish three-day shopping trip. Photos showed the

❻ Be cautious of scams requiring you to provide your gang leader posing with a “cash sandwich”—bills personal information. inserted between slices of bread—and holding up ❼ Never give your credit card number over the phone champagne bottles. unless you are the one who made the call.