Pretty scary, huh?  Thieves, child predators and other criminals can easily find where you live, where you like to eat lunch, what park you take your kids to play in, etc.

This is not something new, but it’s shocking how many people are unaware of this threat and expose themselves to criminals.

Now that I have your attention, I have some good news. There is an easy way for you to disable geotagging on your cellphone pictures, while leaving it on for applications that need it, like your phone’s GPS.

Here are easy-to-follow instructions for your phone.  Don’t delay – Disable picture geotags now!

iPhone: Go to Settings, select General, then Location Services, and set the camera to off.

Blackberry: Open the camera, select the settings, and set Geotagging to off.

Android:  Open the camera, select the location icon, select off.

To get an even better idea of this threat, view the following news report, it’s eye-opening.

Stay Safe from CyberStalking: Disable Picture Geotags on your Cellphone

Simple and Useful Google Search Tips

Wait, I know… There is no shortage of articles about Google search tips on the web. Frankly, most give you too much information – you’re just never going to remember it all.

So I decided to go through them all and come with five tips that are so simple and useful, you’re bound to remember them.

1) Phrases: Perhaps the most powerful tool that I’m amazed more people don’t know about is the use of double quotes around phrases. Let’s say you are searching for cars that double as boats.

cars that double as boats  –  Without the quotes, you’ll get a wide variety of search results – most not what you’re looking for.

“cars that double as boats”  – With the quotes, you get the results you want.

Five Simple And Really Useful Google Search Tips

Prime Target: Small Businesses

As a small business owner, most state laws will put the responsibility completely on you if you are a victim of cybertheft. If your company bank account is hacked and your money is stolen, tough luck – you should have had better controls in place. Surprised?

Conversely, if your personal account suffers a similar fate, most state laws will hold the banks responsible.

The general reasoning here is that companies should be more sophisticated and knowledgeable than individuals and should have the proper controls and security measure in place.  Of course, we all know the reality of the situation is that there is a big difference between a large company with it’s own I.T. staff and a small business. Hackers and cybethieves know this as well and are exploiting the vulnerability of small businesses with fervor. Small businesses have proven to be “soft targets” for cybercriminals.

The Wall Street Journal has been all over this this topic lately and I encourage any small business owner to read the following articles referenced. The knowledge and awareness you gain could very well save you from experiencing a major cybertheft incident.

First came an article about the general problem of hackers targeting small businesses.  Standing out in that article is this quote:

About 72% of the 855 data breaches world-wide analyzed last year by Verizon’s forensic analysis unit were at companies with 100 or fewer employees.”

Are you looking over your shoulder yet? Are you wondering how this can happen?  Here is a case study of a company that had 1.2million wiped from it’s accounts by cyberthieves in the course of several hours. They thought they had protections in place (firewall and anti-virus), but the systems were not all current and they had no controls on their online banking accounts that would restrict such large withdrawals.  (Call your bank NOW and discuss what controls can be implemented)

As we mentioned in the beginning of this article, historically small businesses have been left to fully bear the burden of cybertheft committed upon them. But there is some good news. Two recent court rulings went in favor of small businesses suing their banks to recover funds lost due to cybertheft.

From that article is this quote that sums up the problem small businesses face: “The truth is there are millions of small businesses that have no clue of the sophistication of the threat that is out to get them,” says Brian Krebs, author of Krebs on Security, a blog that covers cybercrime and Internet security. “You’ve got one lady who’s in charge of payroll, and she works nine to five and…God bless her, she’s up against the Russian mob.”

So what can small businesses do? I’ll tackle that topic fully in my next post, but in the meantime, call your bank and put some controls in place that would limit your exposure to theft.

Cyberthieves Hit Owners:

Hackers & Cyberthieves Continue to Target the Under-Protected: Small Businesses

In today’s hyper-competitive marketplace, the companies that are thriving are the ones that are truly technology-driven. Investments in technology boost productivity and profits. Falling behind in use of technology has been the final tipping point for many failed companies.

While this could certainly be considered a self-serving position, that doesn’t mean it’s without value. What brought this topic to mind was an article in today’s Wall Street Journal, called “Cut Those Costs! (But Not Tech).”

The article lays out the new landscape that companies are presented with; how to cut costs without losing your competitive edge and hurting the business. One example given is an Engineering firm in Colorado, CH2M Hill. From the article:

 The Englewood, Colo., engineering firm is cutting back on expenses like corporate events and bonuses for employees, yet it plans to boost its $100 million-a-year information-technology budget by as much as 20% this year. In part, the money will go to fund new systems that will make it easier for workers to use a variety of mobile devices on the job.

“We’re very concerned about the economy and trying to take some measures to cut costs,” says Mike Lucki, CH2M’s chief financial officer. “But this is an investment that we need to make to stay competitive. If you don’t do it, you’re not in the game.”

Mr. Lucki is not alone. A recent survey by Baruch College’s Zicklin School of Business found that CFO’s are planning to increase IT spending on average by 10% in 2012. Compare this to 2008, when plans were to hold even or decrease spending. Needless to say, the tech explosion has opened more than a few eyes of financial decision-makers who were once quick to make technology their sacrificial lamb.

That doesn’t mean it’s easy or fool-proof. Increasing IT spending in tough times requires careful planning and even more careful evaluation of specific technologies and the potential returns to the business. But if you’re not thinking this way now, as Mr. Lucki says in the article, you’ll never make it to your 2015 plan. I recommend you read the whole article (link above). It’s a worthwhile 5 minutes out of your day.

Cut IT Spending in Tough Times? Not so fast.

The odds are very good that every  of us will come across such a scam over the next few weeks. How we handle the situation could make the difference between a joyous holiday season and a sad one. Here are some tips to help keep your Holidays happy ones:

1) Learn to identify fake web sites in emails.

You get an email from “Amazon.com” that says you can get a free Apple ipad if you spend $1000 on Amazon. Or they are selling them for $100 below the regular price. First thing to do is STOP and THINK. What are the odds Amazon is giving away ipads? zero. What are the odds they are selling them at $100 below normal price? zero. Apple controls pricing and their products are not discounted. These are just some simple examples, but the point is, just a little common sense is often all it takes to smell a  scam.

But suppose the offer you get is thoroughly believable  or you don’t know enough about the items to know what is reasonable. Before you click on the link in that email that says “Buy on Amazon.com,” just put your mouse cursor on the link without clicking. Somewhere on your screen (depends on which email program you use), the actual URL of the link will appear. Sometimes it will be an obvious fake, ( like usamza.com). But many times, they will includes words in the URL that can fool you. (amazon.com.ipad.store.usamza.com/online_store).  Look carefully at what the last .com (or .net, .biz, .info, etc.) says. That will tell you the real domain name for the link you are about to click on. In this case, it’s usamza.com. The “amazon.com.ipad.store” at the beginning is just there to trick you.

Note: This is also a very common tactic when it comes to online payment sites, like PayPal. You are bound to get emails saying they are from PayPal and you need to login to your account to fix a problem.  Two things: First, remember to closely inspect the link and second, the real PayPal will probably never send you such an email.

2) Beware of  store emails with attachments.

Chances are good you are on some mailing lists from legitimate stores and shopping sites.  Chances are just as good that they will never send you an email with an attachment. For example, you get an email claiming to be from Macys.com, and it tells you to open the attached PDF file for details on a specials friends and family sale – STOP right there and immediately delete the email. Legitimate retailers do not send emails with attachments.

Keep in mind that often times the emails look quite authentic. They’ll have the Macy’s logo, and links to legitimate pages on the real Macy’s site, all designed to make you believe the email is legitimate. It is not.

3) Don’t use store links from search engines.

A favorite tactic of cyber crooks is creating entire fake web sites that are mirror images of a real site. This has been done with banking sites, hoping you will enter your real BankofAmerica username/password on a fake BankofAmerica site they have created that looks just like the real thing. The same tactic is used with shopping sites. If they can create a fake “buy.com” and get you to go there and put in your real buy.com password, they can then go to buy.com and buy things using your account.

The problem for cyber crooks is, how to get you to go to the fake site? One way is with faked emails, as described in #1 above. Another is through search engine results. Let’s say you are looking for a special cooking utensil as a gift for a friend. You do a google search, and one of the first matches is a link for “cooking.com”. You click on the link and are taken to a web site that says Cooking.com” all over the page. You probably wouldn’t notice that the actual URL says “cookingz.com”. It’s a complete fake. Once you are on the fake, they can try to gather personal information or just install malicious software on your computer.

What should you have done? When a search result for cooking.com came up, instead of clicking on the link in the search results, you should open another browser tab or window and manually type in cooking.com. Now you know you are at the real cooking.com. Then, once you’ve used a web site and you know it’s legitimate, add it to your favorites and only use the favorite link to go there in the future.

4) Only enter your credit card info on a secure web site.

The Better Business Bureau online shopping division highly recommends that you ALWAYS use credit cards when purchasing online (built-in fraud protection) and ONLY use web sites that use SSL (Secure Sockets Layer) on their payment page. You’ll know you are on a secure page if the page URL starts with “HTTPS://”  instead of “HTTP://.”  The data transfers on secure pages are encrypted, which protects your confidential  information, even if the data is intercepted by a malicious program on your PC that is “listening in” on the transaction.

5)  Use internet security software.

This may seem kind of obvious to some of you, yet you wouldn’t believe how many home PCs we see  that either have no security software installed or have an old, un-updated version that has expired. Seriously folks, it’s almost 2012. You’re being seriously irresponsible if you are not running some type of security software. Here are 3 I recommend for home use. Two even have basic FREE versions, so you have NO excuse. However, I highly recommend you spend some $$ on the more comprehensive paid versions.

Avast (my favorite free program): http://www.avast.com/free-antivirus-download

AVG: http://free.avg.com/us-en/free-antivirus-download

F-Secure (what I use at home): http://www.f-secure.com/en/web/home_us/protection/internet-security/trial

Be SMART and be SAFE.

Online Holiday Shopping Security Tips – Beware of Cyber Crooks and Scams

First, there’s the issue of privacy. Just last April, a security researcher revealed that Apple iPhones were tracking user’s locations and transmitting the information back to Apple. Apple called it a “bug” and quickly fixed it in their next update and gave users the option to opt out of location services. This however, gave pause to many as they were left to wonder what other information is being collected by their cellphone providers. Government officials are wondering also, having opened a federal grand jury investigation looking into mobile apps and whether they are illegally collecting users’ private information.

Secondly, there is the growing concern over the appearance of mobile trojans and malware. Many business professionals use their mobile devices like portable PCs, yet they take few if any of the security measures they use on their PCs.  Apps containing trojans have appeared in several online marketplaces, including Android’s own.  Google had to remotely remove these rogue apps from user’s phones using Android’s “kill switch.”

Just as millions of smartphone owners have begun to regularly use their devices for business and banking, criminals are finding cracks in mobile security practices. The primary targets are online banking accounts, credit card numbers, email communications that may contain confidential information, even photographs.

What can you do? Here are some tips from F-Secure, a well-respected international security research and software firm:

1. Keep your system updated

Don’t take this for granted. Keeping your mobile operating system updated not only allow you to enjoy the latest offerings, but also helps to protect your security. Similar to a good practice with your personal computer, having your system up-to-date could prevent malicious attacks that take advantage of unpatched security holes or vulnerabilities.

2. Install a security application in your phone

As your mobile device functioning more like a mini computer, it becomes an increasingly attractive target for attacks or theft. And that situation calls for a need to protect your physical device and the data it contains. Our Mobile Security application for instance, offer features that help to safeguard your data, protect against threats and locate your lost or stolen phone.

3. Watch where you click and land

We anticipate that scams and phishing to obtain personal or credit card information will be the most active attacks on mobile users. Social engineering methods would be used to lure users into clicking on malicious links or to trick them into surrendering valuable information. So, check out if a website starts with “https” before you enter sensitive information.

4. Refrain from doing transactions on a public network

A public network is useful and may help you save on data charges. However, keep in mind that the public Wi-Fi that your phone is connected to might not be secure. Just to stay on the safe side, limit your activity to browsing and avoid committing any important transactions.

5. Install or obtain applications from trusted source

Part of the fun (and convenience) in having a smartphone is making use of various applications which let you do a lot of things. There are plenty of applications out there, and some are offered through independent, unmonitored channel. Be careful of what you installed and watch out for the source. Some of the sources may contain repackaged apps that contain malicious content.

6. Make it a habit to check each applications’ data access on your phone

Some applications may have access to your data or personal information. Be wary of the access that is outside of the scope or purpose of the applications. For example, a game application that has the access to SMS (read, write and send), calling, phonebook entries, and system files should trigger your suspicion for why it requires such access. If you have any doubt about an application, do not install it.

The days of worry-free mobile phone use are over. You are most vulnerable when connected to unsecured wireless networks. I highly recommend against doing any online banking or making credit card purchases under those conditions.

Smartphone Security: It’s Time to be Smart About It

Hackers Target Small Business:

Hackers know that small businesses often don’t have the resources or expertise to properly secure their systems. Whether it’s  your own network or your hosted website, they are being scanned non-stop by potential thieves looking for weak passwords or security holes. Once they gain access, they will often install difficult to detect software that will intercept all data being transmitted and forward it on to their own site.

Stealing credit card information that can be re-sold or used to make purchases is the primary goal. Identity theft and gaining access to online bank accounts are  close behind.

A 2010 survey by the National Retail Federation and First Data Corp. of small- and medium-size retailers in the U.S. found that 64% believed their businesses weren’t vulnerable to card data theft and only 49% had assessed their security safeguards. Talk about nice, ripe low-hanging fruit for the hackers…

On the web site front, current statistics estimate that every .65 seconds, a web page is infected with malware.

An agent in the FBI’s cyber division says that hackers targeting small businesses are a “prolific problem.” And, “It’s going to get much worse before it gets better.”

Proper security is all about creating multiple levels that have to be broken through. Think of a burgler approaching two houses. One is protected by a ten foot wall. The other has a ten foot wall, a ten foot barbed wire fence and a moat with man-eating piranha swimming in it. Which house will he try to break in to?

So, if you own or manage a small business, what do you do?

1) First priority should be installing a proper firewall, which does not mean a $99 home firewall you bought in the local office supply store. It also means hiring a professional IT technician to install and configure it. This is NOT a do-it-yourself job.

2) Don’t be lazy with passwords. Use strong passwords that are combinations of letters, numbers and special characters.

3) Every system needs to be running anti-virus and anti-malware software. While no one program is perfect, running without it is the equivalent of a hole in your barbed-wire fence.

4) Don’t skimp on backups – back up your systems daily at the minimum. And that includes your web site. Is your site being backed up? How often? Look into a free service from CodeGuard.

5) Talk to an IT security professional. In this technology crazed, always-connected world we live in, many people feel they know enough to  “do it themselves and save money.”  There are many areas where that may be true, but this isn’t one of them.

For the most part, you’ll only hear about computer security breaches when they involve large companies and thousands of potential “victims.” There may only be a handful of these every year. But every day, smaller businesses are being hacked and in many cases, enough damage is inflicted to close down the business. Don’t let that happen to you.

If you would like to read some more about this topic, including some real world examples of small businesses under siege, here are some good articles to check out:

Hackers Shift Attacks to Small Firms – Wall Street Journal

New Cyberattacks Target Small Businesses – USA Today

Don’t Think Hackers Target Small Business? Think Again…

With the help of a program called Firesheep, (details here) anyone on the same wireless network can take over your accounts and cause mayhem. They can send profane messages as you, send links to virus-infected web pages to your friends and business associates, or just make you look like a fool.

While Firesheep requires the hackers be using acomputer, there is now a program for Android phones called FaceNiff (details here)  that will allow a hacker to do the same things right from his mobile device.

Fortunately, there is something very simple you can do to prevent this from ever happening: Turn on secure browsing.

How to turn on secure browsing in Facebook:

(Warning: This feature may slow your Facebook browsing experience. So you may not want to use it if you are in a secured network or use a VPN. )
Go to Account.
Go to Account Settings.
To the right of  “Account Security” click on “Change”.
Under “Secure Browsing (https)”, click the box that says “Browse Facebook on a secure connection (https) whenever possible”.

Note that if you use Facebook apps (a bad idea, in my opinion), they do not support secure browsing. So, when you use an app, you’ll see this message:

“WARNING: If you click continue, you are no longer in secured browsing. Whoops.”

When you are done using the app, you’ll have to repeat this process.

How to turn on secure browsing in Twitter:

While logged in to Twitter via a web browser, go to settings.
Next to “HTTPS Only ” click the box that says “Always use HTTPS. ”
Click “Save”.

How to secure your Facebook and Twitter Accounts

If you work in information security, you don’t need our help. For the rest of you, where do you begin? The task can seem daunting to the average user.

Fortunately, there are plenty of resources to help you, even too many, probably. So where do you start?

Well, how about from the people responsible for securing the nation’s information – the National Security Agency (NSA).

From the NSA Mission Statement:

The Information Assurance mission confronts the formidable challenge of preventing foreign adversaries from gaining access to sensitive or classified national security information. The Signals Intelligence mission collects, processes, and disseminates intelligence information from foreign signals for intelligence and counterintelligence purposes and to support military operations. This Agency also enables Network Warfare operations to defeat terrorists and their organizations at home and abroad, consistent with U.S. laws and the protection of privacy and civil liberties.

Surprisingly enough, this agency that lives and breathes secrecy, publishes a wide range of security guides that are completely yours to use for free.

Whether you are an Apple, Windows or Linux user, there are two guides specifically for you at these links:

Operating Systems.

Best Practices for Securing a Home Network

For the main page where you can browse all of the guides (categories on the left), go to:

Security Configuration Guides

These guides are good starting points. Be proactive – don’t wait for something bad to happen.

Handy Computer Security Tips From People Who Should Know – the NSA

There are two possible scenarios.

1) You want to make some folders accessible only when you are logged on with your user account.

2) You want to make some folders inaccessible to anyone without a password, including administrator.

Scenario 1:
•Open My Computer
•Double-click the drive where Windows is installed (usually drive (C:), unless you have more than one drive on your computer).
•If the contents of the drive are hidden, under System Tasks, click Show the contents of this drive.
•Double-click the Documents and Settings folder.
•Double-click your user folder.
•Right-click any folder in your user profile, and then click Properties.
•On the Sharing tab, select the Make this folder private so that only I have access to it check box.

Note

•This option is only available for folders included in your user profile. Folders in your user profile include My Documents and its subfolders, Desktop, Start Menu, Cookies, and Favorites. If you do not make these folders private, they are available to everyone who uses your computer.
•When you make a folder private, all of its subfolders are private as well. For example, when you make My Documents private, you also make My Music and My Pictures private. When you share a folder, you also share all of its subfolders unless you make them private.
•You cannot make your folders private if your drive is not formatted as NTFS. For information about converting your drive to NTFS, check here.

Scenario 2:

My Private Folder is a free Microsoft utility that can be used to password protect one folder per user (profile) applying encryption without resorting to full fledged EFS Windows Encrypting File System.

My Private Folder can be downloaded here, and the install is straightforward. The utility places a shortcut to the password protected folder in C:\Documents and Settings\ on your desktop.

Creating Private Folders in Microsoft Windows XP