Daily Archives: June 3, 2016

How to Ensure Your Social Profiles Will Never Get Hacked

Posted on June 3, 2016 | Leave a comment

Facebook notifications

Getting hacked can cause an unlimited number of problems for you and your reputation. The last thing you need is to see your profiles fall into the hands of someone else. The key is not to act when it happens but to act before it happens. This guide is going to show you everything you need to know about preventing your social profiles from getting hacked.

The Password Issue

To begin with, you need to make sure that you are crafting the right passwords. A weak password is the front door into your social media accounts. Many hackers will use the brute force method, which is where they simply attempt to guess your password. Automated software will continually try different combinations until it finds something that works.

The only way you can defend against this is through using upper and lower case letters, along with numbers and symbols. This password should be changed on a regular basis. Just make sure that you don’t come up with a password that you yourself can’t remember.

When storing your passwords, you should make sure you have adequate storage methods. Don’t keep them in a place online or offline where they can be immediately accessed.

The key here is to share your passwords with the smallest number of people possible. They should be kept on a strictly need to know basis.

Sign-In Technology

You may not have heard of sign-in technology before. It’s a fairly recent invention and it allows people to access your social media accounts without knowing the password. The way it works is that employees click the sign-in software and it will automatically allow them to access the social media account in question.

This technology will only be able to be accessed on certain company computers. This will allow you to keep all information centralized with one person. That means you always have one or two people to take full responsibility for the company’s passwords.

It doesn’t cost a lot to utilize this technology. There are many software bundles that will provide free services like this. It only takes a few minutes to install this technology on your computer.

The Most Common Path – The Email Hack

Despite the fact that spam detectors have become more proficient than ever before, hackers will still use emails in order to capture people’s information. As soon as you click on the offending link, you will be redirected to a page that looks remarkably similar to a genuine page. Once you enter your information, the hacker will capture that information. They may even attempt to install Spyware on your computer.

The emails that reach your inbox will contain links that you have to click on; usually in relation to a compromised account.

So how do you know whether something is genuine?

There are two ways to do this. First of all, you can mouse over the link and in the bottom right of your browser it will show you the full link. There will always be a slight change in the URL that will reveal it as a link you should avoid. But the best way to check if an email is genuine is to access the relevant website manually, like you would normally.

One other option you have to get around this entirely is to use a platform like Sprout Social or HootSuite to access your social media accounts through a third-party platform. It acts as a shield so your accounts cannot be hacked directly, since you are never accessing them directly.

Your Computer’s Security Arrangements

You can have the strongest password in the world. None of that is going to matter if your computer or network is vulnerable to attack, though. There are hackers who can install software on your computer that can allow them to take control of it remotely.

Then they can use things like sign-in technology against you because they can click the buttons without your input. Install the best anti-virus system you can, update it regularly, and be willing to pay for the best. This is not an area where you should compromise.

How will you protect your social media accounts from hackers today?

 

This article was written by Abdullahi Muhammed from Business2Community and was legally licensed through the NewsCred publisher network.

Leave a comment

Posted in Cyber Security, Data Breach, Encryption, Malware, Security

Tagged , ,

How to Protect Personally Identifiable Information from Ransomware Attacks

Posted on June 3, 2016 | Leave a comment

Cybercriminal
Personally Identifiable Information (PII) is defined as any information that can be used on its own or combined with other information to identify, contact or locate an individual. This can include information maintained by an agency that could be used to discover or trace an individual’s identity. Some examples of PII include your full name, date and place of birth, social security number, mother’s maiden name, or biometric records. PII also includes information that can be linked to an individual such as medical, educational, financial or employment information.

Why do Cybercriminals Want my PII?

Cybercriminals are making a great deal of money by selling your PII on the dark web and those who purchase the data use it in identity theft. Your PII can be used to file false tax returns, open lines of credit or to make fraudulent purchases under your name.  This is just a few examples of what cybercriminals can do with your PII. The price for pieces of your PII has come down significantly over the last two years. In late 2015 Trend Micro reported that the price for PII has dropped from $4 to $1. There are supply and demand economics at work in the criminal world, too.

 “There’s actually a big surplus of PII currently available in the cybercriminal underground. This has caused its price to drop significantly, from $4 last year to $1 this year,” the study found. – Trend Micro

It doesn’t seem like cybercriminals are making a lot of money at $1 per record when you are considering just your own PII.  However, cybercriminals are infiltrating large companies like Anthem and stealing millions of records at a time. Millions of records stolen at even $1 a record is a large sum of money. Cybercriminals can make more money selling PII from one major breach than you have probably earned in your lifetime.  Not too bad for a day’s work.

Credit Cards, EBay Accounts – Going Once, Going Twice, SOLD !

CreditcardsCredit card numbers, eBay accounts, and mobile phone accounts are also being sold on the dark web for a significant profit for cybercriminals. Login credentials for bank accounts are going for $200 to $500 per account. The larger the available balance of a bank account, the more money a cybercriminal can demand for it. Mobile phone accounts are selling for $14 per account and PayPal and EBay accounts can go for $300 each.

What is interesting about Trend Micro’s report “Dissecting Data Breaches and Debunking the Myths” is their finding that the main reason for a data breach is not due to cybercriminals at all but in fact a product of the user. 41 % of data breaches were the result of a user losing or having their device stolen, while 25% was due to hacking and malware.

It’s important that companies scrutinize and secure the sensitive information that is stored on their employee’s devices like mobile phones, laptops, and flash drives. If any of these devices are lost or stolen, they become an easy way to steal data.

Doesn’t Ransomware Only Encrypt Data?

It is true that so far ransomware variants have encrypted data and held it ransom. Having PII stolen in a ransomware attack has not happened yet, but I believe that is the next evolution of ransomware.  Once the cybercriminals have copied your data offsite, they can demand a ransom over and over again.

I believe the next variant of ransomware will encrypt your data locally and in addition, will use exfiltration to copy your data offsite and hold it for ransom. If cybercriminals get your PII, they can collect the ransom from you to decrypt the data and further profit from selling the PII on the dark web.

How Can I Protect my PII?

There are a number of things you can do today to protect your PII. I recommend all businesses who collect and store customer PII to read the DHS guidelines for dealing with PII.

Thoroughly Inspect All Emails Received

Ransomware attacks are primarily delivered through email campaigns where the cybercriminals spoof a fax delivery, bank statement or utility bill.  Clicking on the link or attachment starts the crypto ransomware infection, and the end user doesn’t even know they are infected until after the ransomware has encrypted their data. Only after the data is encrypted do you get at least two pop-up messages with the ransom demand.

Encrypt Data on Devices

Do not transport any data that contains PII unless that device has been encrypted. Do not remove sensitive PII from the workplace unless instructed by a manager. Never leave sensitive PII in hard copy unattended and unsecured.

Use Two-Factor Authentication

Two-Factor Authentication is an excellent security mechanism that adds another layer to your complex passwords already in use. With Two-Factor Authentication, a user not only has to provide their password but they also need to input another component which is usually something that the user knows, something that the user possesses or something that is inseparable from the user. For example, you might use a product like Google Authenticator.  After supplying your account password, you will get prompted for a six digit code supplied by the authenticator app. The App generates a new and unique random code every 30 seconds.

Good luck and stay safe out there with you “Private Information” !!

Leave a comment

Posted in Cyber Security, Data Breach, Encryption, Hacking