Fake security Skype scam. This Skype call came in this afternoon. Fortunately I had my iPhone handy and recorded the whole thing. Take a look. Hopefully reporting it as abuse and blocking the call will help.
Archive for Security
Did you know that you could purchase insurance for data loss? Should you?
It depends. I believe in educating our clients about their risks as I see them, not just computer risks, but all of their vulnerabilities. I think that in our industry there is a surprising lack of regulation, especially given the critical information we see everyday.
I recommend that you give quite a bit of thought to your IT person, going so far to do a background check on them. It’s a reasonable and safe step until we can work for better certifications and regulations.
Here are a few certification authorities that test for technical knowledge. But there are NO recognized authorities to test for soft skills and general decency.
CompTIA (A+ and Network+ certifications)
So my husband @wx13 and I were discussing open source software. This became especially poignant during the apparent selling of our search history by @google
Super lame move btw, because I loved their products and was a big fan and promoted the bejesus out of them. No mas free advertising from me.
Below I list the software recommendations we came up with and how it can be used to make your #privacy more functional.
Might I suggest autohotkeys for open windows?
chrome browser: only for gmail and online banking and where ever you want cookies and stored passwords (it’s okay if google knows that you’re a bankofamericagreedybastards customer because the session is SSL so it’s not like they know how poor you are LOL).
firefox: with noscript addon for regular browsing (no script is critical here).
set firefox to clear your cookies at the end of each session.
windows pager for multiple desktops … work vs. personal and separation of those tasks.
Symantec’s remote access product “PC Anywhere” has been compromised. If you are using this product, Symantec has issued a recommendation to stop using the product.
Here’s their whitepaper http://www.symantec.com/connect/sites/default/files/pcAnywhere%20Security%20Recommendations%20WP_01_23_Final.pdf
Recently we have had several clients contact us because they received a suspicious phone call from someone claiming to be from Microsoft. The caller continued on to say that they were calling from “the Microsoft Windows Support” and that the computer was compromised. I’m grateful that our clients were wise and hung up on these callers.
Ryan did a little research and we found this information http://www.microsoft.com/Presspass/press/2011/jun11/06-16MSPhoneScamPR.mspx
The following is Microsoft’s advice and we recommend the same information:
|•||Be suspicious of unsolicited calls related to a security problem, even if they claim to represent a respected company.|
|•||Never provide personal information, such as credit card or bank details, to an unsolicited caller.|
|•||Do not go to a website, type anything into a computer, install software or follow any other instruction from someone who calls out of the blue.|
|•||Take the caller’s information down and pass it to the authorities.|
|•||Use up-to-date versions of Windows and application software.|
|•||Make sure security updates are installed regularly.|
|•||Use a strong password and change it regularly.|
|•||Make sure the firewall is turned on and that antivirus software is installed and up to date.|
You must be thinking about a post it note under my keyboard. But you’d be wrong. I have always been passionate about security. Just ask Dana Epp of Scorpion Software, he’s an Enterprise Security MVP and I stalk him at conferences because he is so brilliantly dialed in to the security issues of today.
My good colleague and fellow MVP Wayne Small over at SBSFAQ.com showed me an incredible password management strategy and I want you to immediately check it out and see if you can make it work for you.
No big $$ investment, no selling your soul to the latest “Security Expert”. Just simple two factor authentication. Here’s the link
Linked In (the social network) has made a change to their default settings which, if left unchanged, allows them to show your photo and name for advertising purposes. You can opt out of this.
1. Click your name on the homepage (upper right corner). On the drop-down menu, click “Settings”.
2. From the “Settings” page, select “Account*”.
3. In the column next to “Account”, click “Manage Social Advertising” .
4. De-select the box next to “LinkedIn may use my name, photo in social advertising” .
It seems that nearly every week there is a new story about data breaches. From Epsilon’s database being hacked into and now Sony. So what’s the lesson here, do we all pull back and refuse to purchase online content as some clients are saying? I don’t think that is the answer. What about simplifying and putting a few protections in place?
1. Have a credit or debit card linked to an account with a certain balance limit, say $500. Use this account strictly for online purchases, such as Netflix, Sony, Xbox Live, etc.
2. Setup an email account just for such purchases.
3. When creating online accounts at sites, use the junk email box and your “online” credit card information. Don’t give your real name, address, age or birthdate where possible.
I think these steps should help. Perhaps you have other ideas to share? Give us your comments!
This is a great article that highlights many of the questions that need to be asked when an employee wants to use a personal device to access corporate data. What do you think? How do you manage this issue at your workplace? Let’s have a policy discussion and perhaps folks can take back some ideas for their situation.
Today’s post comes from Doug Spindler of PacITPros. http://www.pacitpros.org/ Thanks for the great information Doug!
For those of you with laptops using security cables with combination locks, stop using them, they are defective. It turns out there is a part in the combination lock gets worn which changes the combination numbers required to open the lock. This happens after 3-9 months of regular use.
The model with the issue is the Targus DEFCON Combination Notebook Cable Lock. Kensington has a similar product called the ComboSaver Combination Notebook Lock – I don’t know if the Kensington product has the same problem.
What happens is you secure your computer with the combination of numbers you know. As you twist the numbers, the worn part changes the combination required to open the lock. (But you can’t tell.) When you try to open the lock with the combination you know you can’t open the lock. The only way to open the lock is to smash it with a hammer or shatter the lock with bolt cutters. (Lucky for my friend we were at a full service hotel that had bolt cutters.)
Turns out the security cable manufacture knows about the defect and will promptly replace it with another (defective?) combination lock security cable if you send them the one with the shattered lock. If you protest loudly you can get them to send you one with a pad lock instead of a combination lock.
One final note. How long did it take open the lock with the bolt cutters? About half the time it takes to dial in the correct combination of numbers to open the lock.