Safeguarding Your Security and Privacy at Work and at Home
Total Page:16
File Type:pdf, Size:1020Kb
SECURITY TM SmartNEWSLETTER SAFEGUARDING YOUR SECURITY AND PRIVACY AT WORK AND AT HOME Mobile Phone Do’s and Don’ts Whether using your mobile device for business or pleasure, make security a priority. Now that many organizations are allow- Connect to the Internet using a phone V. Jay LaRosa, senior director of ing employees to use their own mobile via an untrusted wireless hotspot. You’re converged security, architecture, devices for work, keeping those devices not using your own, so you have no idea Automatic Data Processing Inc. secure has become imperative for both who’s listening in on that. It’s so easy for personal and professional reasons. In someone in a car to listen in with a very DO: Set up your mobile device with addition to learning and adhering to simple and cheap device. a PIN and a remote wipe service. Most enterprises require this, but this can your employer’s policies when using Bill Thirsk, vice president of IT and also be done for your personal device your device for work purposes, take CIO, Marist College into account the following tips from with apps like “find my iPhone.” If your security experts: DO: Set the device to auto-lock. This device is ever lost or stolen you want to works in combination with the passcode. make sure it is hard to get into. Richard Greenberg, information If the device is inactive for a few minutes, DON’T: Respond to or click links in security officer, Los Angeles County setting the auto-lock will require the unsolicited text messages. If your pro- Public Health passcode to be entered to gain access to vider will allow you to block text DO: Most obvious, or it should be it again. The timeout should be short; a messages from certain numbers, use obvious, is password protect the phone. minute or two is best. that feature to stop future unwanted This is too often forgotten, resulting in Set the device to auto-wipe after messages from specific numbers. Once potential identity theft. several invalid password attempts. This you respond [to text messages], the Set up the remote wipe capability built will remove all user data. Enabling this people on the other end may barrage into many phones, which is great for feature will effectively prevent unauthor- you with more unwanted messages, peace of mind in case of a lost device. ized use, prevent access to your data or sell your live number. Some phones have this capability; with and block repeated attempts to crack Jailbreak your phone [modify it to others it has to be downloaded. a passcode. avoid limitations placed on it by your Make sure you have access to data DON’T: Leave the phone unattended. carrier]. You are opening yourself up to backup systems from the phone, and It only takes a few seconds for a thief a world of unknowns. If you venture make sure to back up data regularly. If to pick up a phone. You should always outside of the protections that the the only place you have the data is on have your phone with you, even if provider affords, you are putting your the phone, it could be lost permanently. you’re just stepping away for a few device at additional risk from unknown DON’T: Rely on mobile banking. I seconds in a public setting. Keeping vulnerabilities or opening additional would recommend people do their your phone physically secure will go a access that could not normally be banking from a PC they trust. long way toward protecting your data. exploited by an attacker. To purchase an individual subscription, email [email protected] for more information. SUMMER 2013 Security Smart 1 Take Out Cash Safely Preserve and Protect Card skimming at ATMs is an increasingly popular Keep company information out method for stealing money. Know what to watch for of the wrong hands. when you withdraw funds. You are your company’s first line of de- Depositing or withdrawing money ATM you are familiar with so fense against loss of intellectual property. from an ATM is so routine that that you’re more likely to notice Con artists are often very cunning, but your mind might be tempted to if something is amiss. Also, keep you can arm yourself with techniques to wander while you wait for your in mind that ATMs inside banks spot them. First and foremost, you need to bills to come shooting through tend to be safer, and stand-alone, know what information you should never the slot. But letting your guard non-bank-related ATMs are the surrender to outsiders, says Lynn Mattice, down can let unwanted criminals most vulnerable, such as those at managing director of Mattice and Associ- into your bank account. So-called convenience stores. ates, a consultancy specializing in enter- card skimmers work by modifying ➤ Protect your PIN. Skim- prise risk assessment. Here’s what he says the ATM’s hardware or software mers can also try to grab PIN you need to keep to yourself: or adding a separate card reader info by installing hidden cameras ❶ Information affecting the company’s that looks like the real thing. Their somewhere inside the machine, future that has not been made public. This equipment records the data from in the wall or even inside one of could be targets for mergers, acquisition the bank card’s magnetic stripe those racks of innocent-looking or divestiture, as well as new product de- and may also steal a customer’s pamphlets that sit off to the side. velopment or strategic new markets that PIN. This information lets them Get into the habit of covering your the company is developing. create dummy cards that they use PIN with your hand, even when ❷ Market or financial performance to drain the victim’s account. you are alone. Doing so may pre- data that hasn’t been officially released to Card-skimming is surprisingly vent a camera from detecting your the public. common and affects both con- code and may also stop another ❸ Personally identifiable information sumers, who lose their money, and type of nontechnical scam: shoul- about a customer, employee (including banks, who suffer a blow to their der surfing, which occurs when you) or anyone else affiliated with the reputation if one of their machines a person lurks nearby and simply company. is hijacked. watches as you punch in your PIN. ❹ Trade secrets. So how can you protect your- ➤ Avoid overly helpful ❺ Any information beyond what has self from card skimmers? people. Beware the good Sa- been authorized by the company for pub- ➤ Check for fake readers. maritan hanging out near the ATM lic release. What should you do if people Criminals might install fake read- who offers to help. In this scam, ask you for this type of information? Ask ers over the slot where the card is a doctored machine captures the them some questions. “Obtain sufficient swiped that can capture the card card and the victim is perplexed information from the individual making information. Another ruse is plac- as to why the machine is having the request to validate that they have a ing a fake PIN pad over the real problems. A helpful bystander right or a need to know the information,” one that can record PIN informa- will offer to help and ask for the says Mattice. tion as you type it in. person’s PIN. Once he has it, the If you know what to look for, card is as good as his. DID YOU KNOW? you can often spot these devices. ➤ Monitor your accounts. Thirty-five percent of For starters, see if you can wiggle Stay on top of your own financial data breaches the reader. A legit one should be records. Each month, check your in 2012 were the result of negligence sturdy. Criminals also might put bank statement for any withdraw- or human error and 29 percent were up signs that say “No Tampering” als that you didn’t make, and attributable to system glitches, according on machines they themselves have notify your bank immediately if to a recent study. However, malicious tampered with, to discourage any- you find any errors. Reporting attacks remained the single highest one who senses a problem from fraudulent activity quickly ensures cause of breaches, at 37 percent. trying to explore further. the best possible chance that you Source: The eighth annual Ponemon “Global Cost of a Data Breach” study Your best bet is to use an can recover your funds. SUMMER 2013 Security Smart 2 Online Stolen Credit-Card Ring Exposed Vietnam-based conspirators allegedly had data on more than 1.1 million cards. Law enforcement agencies in the United States, Vietnam provided to retailers when shopping online and paying via and the United Kingdom recently disbanded a crime ring credit cards, according to the office of the U.S. attorney for that had allegedly been selling online credit card details the district of New Jersey. since 2007. Data relating to more than 1.1 million cards was ob- The ring, which sold the credit card information through tained through hacking of commercial entities, the United two websites, is said to have caused more than $200 million Kingdom’s Serious Organized Crime Agency said. The peo- in fraudulent charges on credit cards issued in the United ple charged are alleged to have illegally obtained personal States and Europe. information, including purchasers’ names, addresses, credit Charges have been brought in a federal court in card information and Social Security numbers, from victims New Jersey against Duy Hai Truong, 23, of Ho Chi Minh City, in New Jersey, according to U.S.