Security Center

Findings from a new McAfee survey reveal the risky habits of online shoppers, including using unsecured Wi-Fi for online shopping and purchasing items from online retailers they are not fully confident are genuine (51 percent). This highlights the need for consumers to slow down and consider the risks of unsafe purchasing behavior that could lead to identity theft or financial loss.

ObserveIT surveyed more than 1,000 U.S. employees ages 18 – 65+ who have traveled with corporate devices in the past year and found that the majority are putting connectivity and efficiency above security; using public Wi-Fi and unauthorized devices to access work email and/or files on the go.

While they may not have malicious intent, the negligent actions of employees caused 64 percent of all insider threat incidents in the past 12 months (Ponemon Institute). And, though breaches caused by accidental insiders can happen at any time, there’s heightened risk when employees are outside the office, using public workspaces or personal devices to remain connected.

The survey confirms that employees are, in fact, jeopardizing corporate information while they’re traveling, and employers aren’t doing enough to mitigate these risks.

Connectivity is valued more than security

More than three fourths (77 percent) of respondents say they connect to free or public Wi-Fi while traveling. Further, with 63 percent of people saying they’re using public Wi-Fi to access work emails and files, they’re presenting an easy opportunity for cybercriminals to infiltrate and exploit sensitive data.

Organization-wide guidelines are unclear

Organizations aren’t doing enough to educate employees about cybersecurity best practices. Almost half of those surveyed (49 percent) said they’re either unaware of any organization-wide travel-related cybersecurity guidelines, or, their company doesn’t have any. This can result in employees engaging in risky behavior – for example, only 17 percent of respondents said they always use a VPN to connect securely outside the office.

Holiday travel poses additional risk to organizational security

The survey also found that 55 percent of people plan to bring a work device along with them while traveling this holiday season. As the data indicates, people value convenience over security, so creating cybersecurity awareness around year-end travel will be critical to ensuring sensitive data isn’t leaked unintentionally.

“Not only does this research confirm that cybersecurity isn’t top of mind while employees are traveling, but it also highlights a major gap in security awareness training around mitigating the threats posed by remote work,” said ObserveIT CEO Mike McKee. “While technology has enabled people to be productive regardless of location, it’s also creating new ways for hackers to infiltrate otherwise secure systems. Organizations can’t just focus on what’s happening within their four walls. Rather, they need to take a holistic approach that puts security first, wherever work is getting done.”

High-tech threats are everywhere, from the data breaches at retail stores to the Internet security issues like the "Heartbleed" bug that's dominating the nightly news.

But a little knowledge, and common sense, can go a long way toward helping protect you from identity theft and financial loss.

Phishing

An email that appears to be from your financial institution or another business you deal with asks you to click a link that directs you to a web page that looks legitimate. On this web page, you may be asked to verify personal information, such as your account number, password or Social Security number. The email may include an attachment, which it urges you to open.

Don't bite. It's a scam to snatch your personal data. HLSB and other reputable companies never gather information this way. If you are suspicious of an email from HLSB, forward it to admin@hlsb.com, then permanently delete the message.

Vishing

Think of this as phishing over the phone. The "v" is for voice. Instead of sending a bogus email, the criminals call you, claiming to be from your bank or another institution you trust, such as the local court system calling about jury duty.

Even if an email or phone call appears to be legitimate, be suspicious. If they ask for a Social Security number or other personal information, think twice. Hang up and call the organization's customer service number to double-check.

Smishing

This variant of the phishing concept uses text messages to lure you into clicking links that provide your personal information or download infected apps on your phone.

Don't respond to text messages or automated voice messages from unknown or blocked numbers on your mobile phone.

Internet Safety

Pop-up ads are especially bad, since clicking on them could trigger your computer to download a nasty virus or spyware  software that gathers personally identifiable information, including email addresses and passwords, from your computer without your knowledge. The same goes for attachments or links that come in unsolicited emails or in unsolicited Facebook, Twitter or other social networking messages.

Once a malicious code is on your machine, it can hijack your computer's operating system, send spam and malware to other computers, launch unrelenting pop-up ads, or even record your keystrokes and report back to its controller.

Defend your computer with anti-virus, anti-spam, anti-spyware and pop-up blocker programs: Also consider researching alternative browsers that utilize additional security features. Remember, when you're in unfamiliar territory on the Internet, trust no one.

Laptop/Phone/Tablet Theft

It may sound old-fashioned and boring, but theft of devices remains the most common computer crime because it requires zero know-how to pull off. Tablets are increasingly popular as they are easily resold on the black market.

To help protect yourself, use a laptop cable lock whenever possible, and keep important gear out of sight unless you're using it. Store briefcases in your trunk, not the passenger seat of your car, and make sure you use strong passwords and encryption (if available) on all your devices in case they fall into the wrong hands.

According to sources like the NY Daily News, CNN, and CNET, more than 90% of Americans now own cell-phones, and roughly 50% of those phones are ‘smartphones’, capable of accessing the internet and running small gaming and productivity applications known as ‘apps’. 

With a 90% market penetration, chances are you’ve probably heard all of that before. But just in case, now you know.

As with any widely adopted technology, there always follows a plethora of individuals seeking to misuse said technology for less-than-ethical personal gain.  Companies like Kaspersky Labs, Avast and McAfee who provide mobile antivirus solutions have reported a sharp increase in mobile malware attacks within the last year. These attacks range from stealing and/or damaging private information to hijacking other applications, and even taking complete control over a user’s phone and placing calls, sending SMS messages, turning on the phone’s microphone or cameras, spamming contacts, or simply locking the user out, and holding the device hostage until a ransom is paid. 

When it comes to mobile malware, the attacks are widely varied, and seemingly limited by nothing more than the hacker’s imagination. However, there do seem to be some common threads in the attacks:

1) The majority of mobile malware attacks appear to target Android based devices by quite a significant margin.

2) Apple devices are rarely infected unless the device is jail-broken.

3) Roughly 99.86% of malicious or infected apps are downloaded from third party app stores (app stores other than iTunes and Google Play).

4) Mobile Antivirus solutions appear to do a pretty decent job of combating most infections.

These statistics do not mean that everybody should throw their android devices in the garbage and go buy an Apple i-something. In fact, the current estimated infected device percentage for the U.S. Market is still thought to be less than 1%. However, experts agree that this number is growing.

So what should you do?

All USB devices share a common and potentially harmful flaw. Hackers know that computers are typically set up to listen for what type of USB device is plugged in. This means that criminals can reprogram USB devices to pretend to be something other than what it really is. That device can then be used to spy on you, capture passwords, or do permanent damage to your system. This activity goes undetected by antivirus programs since it is not a running program but actual hardware.

This potential risk is called USB duping and the only complete safeguard against potential infection is to disable USB ports altogether. This practice has already been implemented by the U.S. military in sensitive areas, along with banning all USB drives. Awareness is the most important factor in thwarting an attack of this type, so remember to be wary of strangers asking to charge a cell phone or borrow a USB drive.