Tag: passwords

Working Securely At Home

Share
Working securely at home curing coronavirus outbreak, shelter-in-place, security risks
Can you identify the security threat?

Have you been working at home as a result of the coronavirus and orders to shelter in place?  Do you have employees working at home? Are you confident you and employees are working securely at home and your company’s secrets are as safe as they need to be?

It’s probably time to take another look at security in your home office.

Of course, you may not have time or resources to set up the perfect work-at-home situation. But the survival of your company may depend on its at-home workforce. You can’t afford a simple mistake that could bring the whole enterprise tumbling down.

The following checklist is meant to be a quick way for you to confirm the strengths of your at-home set-up, and identify any weaknesses that need to be corrected. If you’re the boss, you can apply some of these ideas to your at-home troops. If you’re an employee, you can certainly ask about them

So, here we go.

Good habits for managing remote teams

Do you have a schedule for regularly communicating with your team?

Everyone in your company is experiencing uncertainly and even fear. Not being in regular touch will make that worse.  A daily virtual meeting can keep people in the loop and on track. (Most of the people we talk to are using Zoom. They like seeing the faces of friends and having the advantage of “reading” their emotions.)

Make some of your communications “staff meetings” that deal with business. Other meetings can be “virtual coffee breaks” for informal sharing.

Whether via virtual meetings or email blasts, are you getting frequent factual updates?

These could be about the status of the business, what’s happening politically that will impact your industry, or even health updates for your co-workers, city or state. Of course, your updates need to be as accurate as you can make them. When you find useful, reliable resources, encourage ALL employees to rely on those quality resources so everyone gets the same info. For example, if people are worried that they may be coming down with the virus, they can head for help to https://www.cdc.gov/coronavirus/2019-ncov/if-you-are-sick/index.html

Are employees working securely at home? Are you monitoring security while employees are working from home?

The security you have worked so hard to set up at the office may be impossible to recreate by employees at home. But the risks of user error, data breaches, scams, or cyber-crime remain just as high – or even higher. Working securely at home requires a new security mindset that applies to a whole range of issues.   Which of these suggestions can you and your co-workers implement?

Are computers safe at home?

Are take-home company computers limited to company business only? (That little kid in the image above is just waiting for a chance to press a few keys the minute you step away to go to the bathroom!)

Have you created strong NEW passwords to protect your at-home devices that are used for work? Consider using multi-factor authentication. For sure, don’t let the computer itself store your new business passwords.

Do all at-home devices have anti-virus and malware protection? Here’s an earlier Advisory with more about cyber-crime and passwords.

Are all operating systems and programs updated?

Does your home network use WPA2 or WPA3 for security? Have default usernames or logins been changed?

Are you communicating effectively and professionally with colleagues and clients?

Can you make calls and check voicemails from home?

If you can’t forward calls, have you left an “out of office” message?

Are you avoiding social media platforms (Facebook, LinkedIn, Whatsapp) for business communications?

Are you protecting confidential paperwork? If you don’t have a locking office, make sure confidential work-related papers aren’t spread around the room for visitors to see.

When you participate on a video call with a client or supplier, do you make sure all confidential papers are covered or in a drawer so they are not visible? What about your white board (that happens to have your recent income figures clearly identified)? Do you remind your team before meetings?

On every kind of call, do you protect yourself from listening ears – including Alexa, Siri and Google Home?  

Actually, if you expect to be on the phone a lot, with calls and/or meetings, you may want to consider business headphones with a microphone. A good set dampens the noise of the kids for both you and for the people you are listening to. You can get sets that fit over or in the ears, are wired or operate wirelessly.

Below is a good example of a mid-range headset model . It’s from Jabra, a company with a long history in headsets and electronics. If you think a headset would be useful, click the link to go to Amazon where you will find other models ranging from as low as $30 to well over $300. (As you probably know, we are Amazon Associates.)

Keeping the data secure at home

Do you have the appropriate levels of security set for the company files you and employees need to access, whether on the company server or in the cloud?

Can you support the tech needs of your employees working at home? Do they know who and at what point to call for help? Is that person set up to use remote diagnostic and repair software?

Are you reminding your employees about pfishing and other scams? They may be more vulnerable during this emergency, where everyone is so eager to hear and respond to “good news.” By the way, the official website of the Department of Homeland Security, CISA, wants to hear about security incidents. Report pfishing and malware at https://www.us-cert.gov/report

Is everybody backing up their work? (How often? Where? How do you know?)

If you are used to running a business from home, most of these reminders will be just that — reminders. For employees who haven’t done serious work from home, we hope this will become a to-do list, as appropriate.

Be safe. Stay healthy.

Virginia
Your Emergency Plan Guide team

P. S. Working at home may actually become part of the way you run your business in the future. Keep that in mind as you go through this checklist! Let us know what you would add to it for the perfect office in home.


Password Day – A Reminder About Identity Theft

Share
Scam artist

Identity theft – the fastest-growing crime in America.

Here at Emergency Plan Guide we examine a wide variety of threats to our safety and security, and certainly, identify theft belongs on our list.

Over 16 million people became victims of identity theft in 2017 – nineteen every minute!

So, on World Password Day, it’s worth taking another look at some common frauds from both sides – the scams that threaten us, and the actions we can take to avoid falling prey to them.

A scam is designed to trick or cheat you directly to get your money. When identity theft is involved, the criminal takes your identity to sell the information to a third party or to steal money in other ways, often after a delay.

Who gets scammed?

Most of us know that older people are targeted more than other groups. Most of us don’t know, however, that it’s Millennials who have the highest ratio of actually becoming victims!

The June 2018 issue of Consumer Reports takes a look at victims not by demographics (age, income, etc.) but by personality type. Here are some excerpts from their article that I found valuable.

  • Eager for bargains – These victims are people who willingly open and read emails and snail mail that advertises investments, contests and drawings, special time-limited discounts, even a message or an envelope stamped “You’re a winner!”
    Does this sound familiar? The danger is, every time you respond in any way, you will be identified as potential prey and you are likely to get follow-up letters, phone calls, etc.
  • Susceptible to persuasion – You may get a fund-raising phone call from a veteran’s group or a fire fighter or other special group with an emotional appeal. They ask for and get your personal information along with your donation. Phishing emails work this way, too. You are “persuaded” by well-designed emails that the message requesting your response is coming from a legitimate source – your bank or credit card company or even someone in your own company. A study from the internet security firm F-Secure reports that more than one-third of all security incidents start with phishing emails or attachments sent to company employees.
    Again, their goal is identity theft — stealing your personal information which may include passwords and/or login sequences.
  • Make an immediate decision out of fear or greed – Are you a person who can make a spontaneous purchase without doing any real research about where the offer is coming from, without reading “the fine print” of the contract, etc.?
    I’ve never gotten the famous “grandmother” call (“Grandma, I’ve been in an accident and I need your help!”) — UPDATE as of 10.2019. Yes, I have received this call! Moreover, TODAY I have received 2 separate phone calls from the “Criminal Division of the IRS!” (Slightly different messages, one female voice and one male voice.) This IRS scam has been around since 2016 but apparently is still going strong.
    And I have also been shocked a couple of times by a wildly blinking pop-up on my computer with a message that reads something like — WARNING YOUR COMPUTER IS COMPROMISED CALL IMMEDIATELY FOR TECHNICAL HELP!
    I get the same kind of message by phone, too. “This is the technical department. We can see that your computer is having problems.”

These scams are designed to frighten you into giving out your personal details and your credit card account information.

Ransomware is a variation on the theme of fear. It is malicious software that takes control of your computer, encrypting your files and blocking your access to access them. The thieves tell you to pay a “ransom” in order for the lock on your files to be removed. You can be infected by clicking on links in emails or social media messages or by clicking on links in compromised ads (apparently often those ads that stream video).

With all this danger out there, what can we do?

Recommendations for basic protection against identity theft.

I hope some of this is familiar to you!

On the phone – Don’t answer calls from numbers you don’t recognize. A legitimate caller will leave a message so you can do your research before you call back. If you are called by the IRS or by a computer “technician” or someone announcing you have just won some sort of prize, just hang up.

On the cellphone .–.Same as above, but in addition, if you click on a link in the text of an email or text, the scammer may be able to install malware that can collect personal info from your phone!

On the computer —

(1) Even if a message comes from what looks like a friend, stop before you click on a link or download a document. Check the “from” portion of the email. You may see the name of a friend or colleague, but a closer look at the domain will reveal a completely unknown or a foreign mail service.

(2) Disable pop-up advertising so you don’t accidentally click on a dangerous link.

(3) Keep your operating system and browser software updated.

(4) Back up your files so if you are truly the victim of malware or ransomware attack you will be able to restore your files.

(5) Install good antivirus software and keep it updated.

Which brings us back to celebrating World Password Day!

Take the time TODAY to examine your passwords.

Once again, I  hope this is review for you!  But if not, you can start making some changes today to protect yourself from identity theft.

Use different passwords!

Make sure you aren’t using the same password for more than one account. 60% of people make this foolish mistake – if hackers get ONE of your accounts, they will then have access to others! By the way, here’s a list of the most common passwords, from Keeper Security:

1. 12345610. 98765432119. 555555
2. 12345678911. qwertyuiop20. 3rjs1la7qe
3. qwerty12. mynoob21. google
4. 1234567813. 12332122. 1q2w3e4r5t
5. 11111114. 66666623. 123qwe
6. 123456789015. 18atcskd2w24. zxcvbnm
7. 123456716. 777777725. 1q2w3e
8. password17. 1q2w3e4r 
9. 12312318. 654321 

Note #1. If you’re creating websites, don’t use “admin” as your password!

Note #2. If you are happily installing smart home management devices – voice-activated or smart-phone activated cameras and temperature controls, security systems, etc. – think through the passwords you’re using there, too.

Change out OLD passwords.

Change one today! Many older passwords are probably too simple and easy to guess. Many experts recommend a password made up of at least 16 digits including capital and lower case letters, numbers and symbols.

Read below for a resource to help you come up with longer, stronger passwords.

Add a second layer of security.

Add “multi-factor authentication” to your favorite email, bank or social media apps and websites. This adds a second step to your login – it may be a fingerprint scan on your phone, or a request for a PIN that is sent to your phone for one-time access to your computer account.

Make a plan for tracking your passwords.

One way to keep track of your passwords is simply to write them down. It may be slow, and you’ll have to look them up regularly, but it’s a tried and true and reliable method (as long as you protect your list from fire, flood and theft!)

I own the book shown. I selected it because its pages were large enough actually write in, unlike many of the “notebooks” you’ll find advertised for this same purpose. And it doesn’t advertise “SECRET PASSWORDS” on the cover! Click on the image and you can go to Amazon to check prices and other options.

Find out more about digital security.

There are hundreds of articles and books available on the topic of passwords and identify theft. You can find instructions for creating strong passwords that are easy for you to remember but difficult for anyone else to figure out.

A side note. You may want a way for someone else to get into your accounts if you have been incapacitated. Think about that . . .!

Use a password manager.

Many password products are available, at costs that range from free (simple versions for just one device) to several dollars a month (multiple devices, syncing, etc.) These managers store all your passwords safely, automatically “remember” them so that sign-ins are automated, and some even have a “legacy feature” so someone can inherit your passwords. In any case, you only have to remember the one, master password.

A recent article by PC Magazine compares the top dozen paid password manager products and gives its recommendation for free products, too. https://www.pcmag.com/article2/0,2817,2407168,00.asp

Amazon offers a free download for two of the free popular password managers mentioned in the PC Magazine article: Roboform and LastPass, images shown below. Click and you will go directly there. (Review carefully to be sure you’re getting all you need. You may find that a premium version will suit you better.)

Get and use the best anti-virus programs.

Over the years we have used a number of anti-virus products. For the last 7 years or so we have been using Avast – first the free, and now the Premier version. The company has provided good service in a couple of what I will call “sticky” situations and we feel more secure having them on our side.

I checked costs today and you can save quite a lot of money by buying through Amazon. (We are Associates.) Click on the image for current prices. Be sure to understand exactly which version of the product you are getting, for how many computers and for how long. It’s easy to mis-read the advertising (even though it’s perfectly clearly laid out!).

Disclaimer – This Advisory is not necessarily all you need to improve your security and avoid identity theft. But, it’s a start. If any of the stories or recommendations sound like they might fit you or family members, take the time to find out more about how to protect yourself.

Maintaining password security is an ongoing project. Might as well establish good habits NOW — so you can celebrate next year!

Virginia
Your Emergency Plan Guide Team

Cyber Threats Right Here At Home

Share

Last updated 5-16-2019

Smart home

Smart devices make your home more comfortable . . .

A look back to January 2018 in The Costco Connection shows “some of the smart tech you may want to invest in over the coming months.” The image above suggests 10 different smart technologies – lighting, windows, temperature, door locks, etc.

Note that I said “Costco.” This wasn’t Wired or Popular Science, which you might expect to have articles about the very latest in high-tech gadgetry. No, we’re talking mainstream — in 2018!

Moving forward to 2019, a search for the list of the top smart devices you’d want to have “right here at home” included these members of the IoT (the Internet of Things). How many of them do you have?

  • Smart Speaker
  • Security Camera
  • Light Bulb
  • Smart Thermostat
  • Smart Smoke/Carbon Monoxide Detector
  • Smart Home Hub

While their powerful features open the door to cyber threats.

Consider if all the personal information described in the next few sentences were available to casual hackers, the government, or criminals?

  • Smart phones – Shoot 4k video so you can play it back on your TV; recognize your fingerprint as password; track your blood alcohol level; track where you’ve driven and find your car; diagnose why it’s not starting. (Is your phone synced to your home computer so all this info is transferring?)
  • Smart watches – Receive text, email and tweets from friends; capture your fitness info; give you directions or track your run via GPS; lock, unlock, and start your car.
  • Smart homes – Respond to voice or touch commands to adjust air and water temperature, lights, locks and cameras; “learn” family habits and schedules; report on current traffic conditions along your route to work; read and adjust solar panels; start the laundry. (Are all the devices interconnected?)
  • Smart TVs – Connect to social media platforms; follow voice and gesture commands; display photos and videos from your phone.

Even if you don’t understand exactly where the threats lie, or will lie, you can recognize the threat.

How do these vulnerabilities come about?

A recent Advisory reviewed home and business security systems – all of which were internet connected — and in doing that research I read many, many advertisements and reviews. Not one had anything to say about security. But when I dug into broader background on the Internet of Things, I got a whole load of warnings.

  • Like every other product, IoT products are hurried to market to beat the competition. (Think Apple.) They don’t have time to spend on developing sophisticated layers of security that interact with every other device’s layers of security.
  • Device manufacturers may be as interested in selling information about you and how you use the product as in selling the product in the first place. So, the price their device ridiculously low. And they conveniently overlook certain aspects of security. (Remember the TVs that were capturing info about their viewers’ choices? And the “Talking Barbies” that stored and transmitted what the children said to their dolls? And very recently, the scandal of Amazon’s Alexa picking up on conversations in one home and sending them to another?)
  • Many IoT products are complex, combining software, hardware and services often provided by more than one supplier. Not infrequently, one or more of the suppliers sells out or even goes out of business somewhere along the line. A broken link in the chain is a hacker’s opportunity.
  • And IoT users – that is, us consumers – are not following smart security practices!

So what can we do to protect ourselves from these cyber threats?

Seven recommendations for your personal IoT devices as of May 2019.

1-Enable security features on all smart devices.
Not sure if there ARE security features? If the device connects to your home network, there had better be usernames and passwords that you can change from the default! In fact, the instructions should remind you to make those changes. Remember that default usernames and password combinations are published online and thus easily available to hackers. (The book mentioned at the end of this article has a suggestion for memorable passwords that won’t be hackable!)

2-Use strong passwords.
Are your children using the devices? Don’t give them an easy password so they can operate the thing. A simple password makes it easier for every hacker to break into the device!

3-Check for and reconnect or remove dead devices.
Some IoT devices are treated by the family or employees as toys, and after a while they lose interest in them. These neglected devices are precisely the ones that may provide an opening for a hacker. Take a regular inventory and clean up your IoT.

4-Schedule battery replacement.
Many of these devices operate using battery power. Batteries die – and when they do, you could cause a security risk. (Door lock won’t open? Fire alarm won’t go off?) Check all devices regularly until you know just how long their batteries will last, and then build a schedule for ongoing maintenance – with dates and numbers and types of batteries required.

5-Update firmware (operating systems) and apps.
If you find the updates on your phone or computer to be a nuisance, imagine having an entire collection of devices with apps that need updating! But it’s through updates that holes are stopped up and vulnerabilities are fixed. Watch for updates and apply them. (Not sure exactly how you’ll be notified of updates? Find out, so you don’t miss out.)

6-Be sure updates and/or network communications are encrypted.
You don’t want strangers listening in on your baby monitor, measuring your blood pressure or noting the hours when the house is empty! If your smart device sends unencrypted info across your home network and the internet, you are vulnerable.

7-Are any ports left open?
Some devices – particularly hubs or routers – need open ports to allow connections to the internet. The more ports that are open, the more vulnerable you may be to hackers. By and large, your firewall software will allow or block connections based on the profile you’ve set up. If you haven’t set up firewall software, do it. (If you aren’t sure how to find out about the status of your ports, you can get additional software to check on them.)

A next step for non-tekkies.

If you’re interested in getting a lot more familiar with IoT and IoT Security, plan on either spending a lot more time online or spending some money on one or more of the books available via Amazon or other book stores. Most of these books seem to be directed to IT professionals and have professional prices.

But here’s a fantastic book written by an expert, for ordinary internet users, in a clever and captivating way. In fact, I just finished reading it myself and HAD to put it up here!

The Sherlock Holmes Handbook for the Digital Age: Elementary Cyber Security

As a writer myself, I appreciate a story — hard to manage, sometimes, when the topic is technology. Author Alan Pearce puts you right in Sherlock Holmes’ living room in telling this story of”cyber threats right here at home” to his friend Dr. Watson.

Sherlock Holmes goes into the IoT and then takes Watson on a journey into the dark web. If you read this book you won’t become an instant cyber-security expert, but you will be a lot more savvy – and a lot more wary!

Virginia
Your Emergency Plan Guide Team

P.S. This is the kind of information that everyone should be aware of. Please forward this Advisory to friends and family and share with your neighborhood group. If just a few people take a few actions they will be safer than they were before.

Confident About the Security of Your Passwords?

Share
Lock requiring password
So what’s the combination?

There is no such thing as complete security. All precautions and security devices are nothing more than time delays. You are not immune from hackers or malicious software bugs, identity thieves or unscrupulous “ransom ware” extortionists.

You can, however make yourself and your business a harder target and significantly reduce the likelihood that you will be a victim.

The first line of defense is usually the password.

At last count, I have close to 100 passwords I have to retain and use periodically, some more frequently than others and some more complex than others. Virginia has an equal portfolio with a few overlapping with mine. That’s too many unique and nonsensical combinations of numbers and characters to rely on memory alone.

We understand all too well how unlikely it is that you will approach your computer and on-line security with enthusiasm.

It’s just human nature to look for shortcuts.

I accept this and, in fact, I have some institutional experience that I’ll share with you that may help motivate you to reexamine how you approach this important subject. It’s not a long story, but it’s one I think you’ll find both entertaining and enlightening.

A true and embarrassing story of security shortcuts.

Some years ago, I was serving our country with the US Army as a Special Agent for Counterintelligence. I assure you that, while there were exciting times and even dangerous assignments, there were many more tasks that some (me included) would consider mundane and tedious. Among the latter was the responsibility of conducting periodic inspections of Army units in their handling, storing and protecting of classified information.

(And, yes, this required that we put on our expressionless “face” and make sure we came across as serious “spooks.”)

One thing we did that relieved the tediousness of these inspections was to ask early in the process to see how documents were stored. We also wanted to know who was in charge to “make sure” they had the proper level of clearance.

Storage in those days was typically in a bank of four-door file cabinets with a rod inserted through the handles, secured with an impressive Sargent-Greenleaf combination padlock at the top.

As part of our inspection, and always with the handful of personnel (including the Unit Commander, officers and non-coms in the “audience”) we would begin attempting to open the padlocks by turning the dials without anyone providing us with the actual combination/s.

Imagine, if you can, the looks of surprise and embarrassment on the faces of the soldiers as, one-by-one, we deftly opened most – and sometimes all – of the locks on the file cabinets.

“How in the hell did you do that?!?” was the typical reaction.

Actually, it was quite simple. Before the actual inspection, we examined the personnel records of the people in charge. We jotted down birthdays, wedding dates, serial numbers, etc. With few exceptions, we would find that at least half of the locks could be opened by treating these dates as combinations because they were an easy way for the people to remember the sequence of numbers.

In some of the more dramatic encounters where we opened ALL of the locks, it was usually where the same sequence of numbers was used on all the locks.

The point of this story is to illustrate that the convenient ways you create passwords is typical. Most “crackers,” if not “hackers,” will have search scripts that can readily break these normal code patterns.

Avoid normal code patterns as passwords!

There are a number of ways to pick passwords that will foil eager agents, friendly or not so friendly.  Here are three:

  1. Use a password generator. Typically, these programs will create totally random combinations of capital and lower case letters, numerals and symbols, often as long as 16 digits.
  2. Save these passwords so you can retrieve them, since you won’t be able to remember them. Password manager programs include Keeper, RoboForm and LastPass.
  3. Not happy with having all your passwords stored on your desktop? You can write them down on paper and store or seal it well away from prying eyes.

If these ideas seem too few, or too paltry, we recommend you click on Consumer Reports: 66 Ways to Protect your Privacy Right Now. In 14 pages it discusses passwords but also covers email, devices, privacy, software updates, two-factor authentication, PINs, travel, encryption, settings, wifi, phishing, and ransomware!

Joe Krueger
Your Emergency Plan Guide Team

P.S. We continually update information like this, though we can’t beat the story about the padlocks! If you’re interested in security, check out this recent Advisory about Cyber Security Threats.