User Power
Value/Post Ratio
515%
- Apr 15, 2016
- 53
- 273
Click bait: Has your data already been stolen? It may already be too late…
How an Internet Slideshow Publicly Exposed 11.5 million documents and billions of priceless business strategy and personal identifying information...
Protect your data. Right now. Since you’re reading this, it applies to you. This is constantly reinforced daily, as recent leaks and disclosures impacting billions in value and trade have occurred mainly through incompetence and insecurity. It’s much easier to establish proactive defenses limiting your victimization.
There’s tremendous value shared in here. Most of it is especially tuned to developing business processes, what really works and what doesn’t, and how to internalize the process, making it your own.
Here’s some that needs to be integrated into your approach to add a general understanding of data protection and cybersecurity. I’ll keep it brief and straight to the point.
Cyber crime and operates just like physical crime, except the scale of digital crime is much more efficient, targeting thousands to millions of computers at the same rate a person/physical place can be targeted.
Connecting all computers or devices into the Internet means that computer or device is communication. This is done through it’s ports. The general rule is: if you can access the outside world, it can access you. Consider the ports your door. Opening them allows you to venture out, but also can allow anything to come through.
The greater your worth, the greater the attacks. Both in scope and scale. You become a bigger target. And experience more attacks.
https://cybermap.kaspersky.com
With the ever increasing digital importance and brand presence, and many businesses existing online (whether solely or having any business conducted online) you need to know some basics regarding the most common exploits.
You don’t need to be paranoid regarding security, but make dang sure that any data leaks or breaches do not occur due to your own incompetence.
Business owners, the key ones behind the curtain, are just as vulnerable to fraud, theft, and threats as anyone else. Don't be a victim.
Most common is through Social Engineering:
Phone calls:
Never give out your passwords over the phone. Bank account numbers, etc. Unless you can verify and control the situation, question it. Measure twice, cut once.
If you are making the inquiry or the transaction, you can always disconnect and have them call you from an identifiable number. Security questions can be assigned, as well as other methods – depending on your organization. Know what they are, don’t share them.
If they won’t, then you can and should go to a local branch of your financial institution.
The link with your phone is an even bigger threat today because of the power and the contents of your handheld computer. The same thing applies for your tablet. Enable two-factor authentication:
Apple
https://support.apple.com/en-us/HT204152
https://www.google.com/landing/2step/
Amazon General:
https://www.amazon.com/gp/help/customer/display.html?nodeId=201962420
Amazon Webservices:
https://aws.amazon.com/iam/details/mfa/
Demand your bank or financial institution provide this service. More and more are switching to this approach.
Always know where your cell phone is. Always. Have more than one – especially if you have invaluable business information on one. You need to be able to afford it, along with everything else on it. And be acutely aware of what cloud services it uses and where that information goes.
Establish a remote wipe possibility if you lose it. That way, if you do lose it, you can wipe your phone.
https://play.google.com/store/apps/details?id=com.lsdroid.cerberus&hl=en
https://support.apple.com/kb/PH2701?locale=en_US
Why is this so Important? Example:
The “iCloud” hack that occurred, hypothetically, those users could be tracked no matter where they went. Switching on the, “Find My Friends” provided locations. Android and Google products also have this as a function. In fact, any GPS tracker does it.
This fact wasn’t well published or disclosed, just imagine if you were a high value target where people can’t wait to get pictures of you, or from your personal storage or find your location. Armed with an active GPS, this information was also included in many of pictures, offering geolocation where they were taken, sometimes exposing who was in them (face) and shared a vulnerability in a compromising situation. Good luck trying to scrub that information from the Internet.
Even the most experienced publicists and branding artists didn’t know how to keep the situation under or out of control.
Email:
Phising emails: they look real but aren’t. This applies to senders, links, and all content within them.
Links in emails can be masked, hidden, and not be what they appear. Copy and paste the address in a separate window or even different Internet browser if in doubt. Don’t just trust the email, even if it looks legit. This is a huge mistake. And even if you’re in the best frame of mind, you can still be easily tricked.
Example Tests & Info:
http://www.sonicwall.com/phishing/phishing-quiz-question.aspx
https://www.opendns.com/phishing-quiz/
http://www.cbsnews.com/news/mcafee-intel-security-phishing-quiz-can-you-spot-a-scam-dont-be-so-sure/
Bonus: Many companies are now using funnels to distribute free tests… that in itself can be a red flag. Make sure you know who you’re dealing with before signing up. It’s another great method to capture information about you. Use throwaway emails when in doubt.
You need to know these things, along with the key stakeholders in your organization and endeavors. Everyone with any access to your infrastructure or information needs to be made aware. The weakest point in an organization will be targeted and exploited. A motivated offender can case and discover who you are, case your organization, and will attack.
Social engineering and phishing are primary methods of data capture, and this is without much technical prowess.
More on the digital side:
Always use a firewall.
PC:
Most use windows firewall. This makes it easier to understand:
http://www.binisoft.org/wfc.php
Mac:
https://www.obdev.at/products/littlesnitch/index.html
https://www.obdev.at/products/microsnitch/index.html
Protect against digital threats: Viri, Malware, Etc.
Always use a VPN when travelling. And sometimes from home. It can protect the information you share to and from your computer, away from your ISP, and keep things more private.
https://docs.google.com/spreadsheet...VzbOigT0xebxTOw/edit?usp=sharing&pref=2&pli=1
Wordpress
The Mossack Fonseca, or Panama Papers, were (reportedly) leaked through a wordpress vulnerability.
https://www.wordfence.com/blog/2016/04/panama-papers-wordpress-email-connection/
If this exploit can happen to them, it can easily happen to you.
11.5 million data files leaked. Countless personal details. A trove of information.
Consider using a password manager.
Whether old school notebook, or digital software, they help.
http://keepass.info
https://lastpass.com
https://agilebits.com
Recommendations:
May seem extreme but is sometimes necessary: Have a computer without Internet access. I wouldn’t recommend a laptop, even though they are convenient, they are extremely easy to have someone walk out with. Encrypt your drive. And make sure that this a computer that never connects to the Internet. Question all inputs that go into it, such as random USB drives.
Useful for personal documents, and keeping your personal and business life separate.
Make a backup. Again, backup your data. Most people skip on this step. You don’t need a huge harddrive, not for most vital documents. Thumbdrives provide adequate space for most businesses and organizations. However, they can be lost. So make a backup and don’t lost it. IN fact, make two. And store one in secure locations that have nothing to do with your residence or place of employment.
Another positive step would be to encrypt your data. See links below for encryption suggestions.
http://lifehacker.com/a-beginners-guide-to-encryption-what-it-is-and-how-to-1508196946
http://gizmodo.com/how-to-encrypt-everything-1586619248
http://hackerspace.kinja.com/a-beginners-data-security-guide-series-part-2-510246053
When disposing of any harddrives – wipe them first.
Free: http://www.dban.org
SSD: Blanco, from dban.
Do not recommend free avenues for obtaining resources for Software etc. It’s just too valuable for you to experience fraud. You can always buy a program and return it within the trial or return period. Or if it’s crap, your credit card provider has protection. Most debit cards don’t offer this guarantee. Use prepaid cards when necessary.
If you need to test software or programs, create a virtual machine (VM). Load up what operating system that you need, test out the program in the VM. Kill the Internet if you have to. Watch your firewall, see where connections are occurring.
I’ve seen users download compromised apps that targeted their personal information and created havoc resulting in a nightmare in business relations.
Amazon sellers, Web Service Users, and : review this:
https://aws.amazon.com/iam/details/mfa/
General Scam Resources:
https://www.consumer.ftc.gov/scam-alerts
https://www.consumeraffairs.com/scam_alerts/scam_alerts.htm
https://www.ncpw.gov/resource-topics/scam-alert
http://www.ic3.gov/media/default.aspx
https://www.usa.gov/scams-and-frauds
https://www.irs.gov/uac/Tax-Scams-Consumer-Alerts
https://www.scamwatch.gov.au
http://www.scambusters.org
Encryption:
http://lifehacker.com/a-beginners-guide-to-encryption-what-it-is-and-how-to-1508196946
http://gizmodo.com/how-to-encrypt-everything-1586619248
http://hackerspace.kinja.com/a-beginners-data-security-guide-series-part-2-510246053
Social Engineering:
http://www.webroot.com/us/en/home/r...ing-banking/secure-what-is-social-engineering
Wikipedia Overview:
https://en.wikipedia.org/wiki/Social_engineering_(security)
Use the left hand side for more resources.
https://www.cl.cam.ac.uk/~rja14/book.html
Scams shared on and from Reddit:
https://www.reddit.com/r/scams
Computer System Security
http://www.av-comparatives.org
https://www.malwarebytes.org
https://www.safer-networking.org
http://www.webroot.com/us/en/
http://www.eset.com/us/products/nod32-antivirus/
https://www.piriform.com/ccleaner/download
More Technical:
https://www.reddit.com/r/netsec/wiki/start
https://github.com/paragonie/awesome-appsec
Other info:
https://www.schneier.com/books/secrets_and_lies/
http://www.hackthissite.org/pages/index/index.php
Bonus: Create your own secret answers for websites and dealings with information that isn’t personal. Just make sure you write down your dummy answers, and know when to use them. Helps put more distance between you and potential hackers.
TL;DR
Protect your assets, your information, your everything digital. Be your best defense.
Social Engineering can bypass the best technical safe guards. Phone & Email interactions are priceless, losing access to your bank accounts sucks.
Use: Firewall, Virus Software, Malware, Spyware Protection, & VPN’s
You are often your own worst data leak.
Clicking yes during an install can add malware that bypasses all system security. Like those annoying google hijackers, and makes your system a super easy target. Download from the source. Pay for your products.
Stay safe. Let me know if you have questions, I’ll check back. I kept this initial post very general and basic.
Razz
P.S. This isn’t a sensationalist headline, nor is the message. Since I do not have much virtual credibility established here, especially with regards to my Speed Points or Rep Bank, I will be glad to submit proof to the mods or through PM.
Dislike ads? Remove them and support the forum:
Subscribe to Fastlane Insiders.
