“A Travelers Guide To Protecting Your Data”

  • 0

“A Travelers Guide To Protecting Your Data”

Dear Blast Readers,

 

When you hear the word “summer”, what is the first thing you think of? Vacation? Travel? Did you know that most people wont leave home without their smartphones, tablets, and/or computers? Have you ever wondered how traveling can compromise your digital security?

 

People tend to think of vacations as a time to get away and un-plug from the world, both the digital world and physical world. But, it is not realistic to believe that you will NEVER go online while traveling. Yes, it is fun to post pictures and status updates on your social media accounts in real time. But, did you know that by doing so, there is a possibility you are opening yourself, and your digital devices, to cyber criminals?

 

When traveling, public Wi-Fi might seem like a great thing. It allows you to check your email, work, and post updates to your social media accounts. But, as convent as it is, connecting to public Wi-Fi can also be dangerous. Cyber Criminals can take over public networks, and logging onto a corrupted network allows cyber criminals access to your:

  • Personal details
  • Credit card numbers
  • Passwords

 

The data that you, as a traveler, bring wherever you go is valuable and desired. It is important that while traveling you do everything in your power to keep your digital information safely out of the reach of cyber criminals.

 

How? Here are a few tips.

  • Only Use Secure Wi-Fi Networks. When connecting to a public network, consider using a Virtual Private Network, or VPN. This will ensure that your confidential information stays private. A VPN will also ensure that your data goes directly from your device to the network that you are connecting to.
  • Update Your Devices. Updating the software on your devices, as well as the applications updates, is important. Even though the constant update reminder can be annoying, it is your devices way of protecting you and your data.
  • Do Not Use Public Computers. Never use public computers when logging into to banking, email and social media accounts. This means computers in hotel business centers, as well as in-room iPads. Crooks can install keylogging software to track your keystrokes.
  • Secure Your Mobile Devices. Set a PIN for your devices. Setting a PIN can protect your device from unauthorized users.
  • Use Cash Whenever Possible. Using cash whenever possible while traveling keeps your credit/debit card safe from fraudsters. But, if you are to use your credit/debit cards, be cautious.
  • Backup all your devices. Before going on your trip, whether it is for business or vacation, it is a good idea to back up your mobile devices. This allows you to be able to retrieve your information if lost, in case of emergency, or stolen.
  • Critical information should be stored in a different location. When traveling, it is a good idea to store any critical and private information temporarily in a different location. Examples of different locations are: Flash Drives, Mobile Devices, or Cloud Storage.
  • Make sure your computer’s firewall is enabled. Enabling your computer’s firewall helps stop hackers from getting into your system, as well as keeping viruses from spreading and safeguards outgoing computer traffic.

 

If you have any questions about Digital Security, Hacking, Cyber Security, Computer Forensics, or Mobile Forensics contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.


  • 0

“Life’s A Breach”

Dear Blast Readers,

 

Does your company use third-party vendors? Do those vendors make data security a priority? Does your company allow third-party vendors to access your companies network?

 

Third-party vendors are companies that offer services that the primary company can not support. It is considered a business necessity with most companies to outsource data management, activity processing, and storage to third-party vendors. But, did you know putting your company’s data into the hands of third-party vendors puts your data at risk of being breached?

 

It is common for hackers to try and use third-party vendors to gain access to a business’s data. Yes, businesses may have their own cyber security protocols in place, but access must be given to third-party vendors. When access to a business’s network spans out to a third-party, this is when possible network security vulnerabilities are created.

 

All businesses are responsible for the data that they collect, transmit, use and process, and they are still responsible for that data even when the data is entrusted to a third party.

 

If a third-party vendor gets hacked the consequences for your business varies, depending on the seriousness of the hack. A less serious hack can cause your business to lose vital data, and confidential employee information can be compromised. If the hack is a serious hack there are a few things that can happen, ranging from intense media attention to bankruptcy.

 

Outsourced contractors are often the primary targets of data breaches. So, it is important for the third-party vendors to takes data security seriously. But, how can you be sure if a third-party vendor is a security-conscious vendor? Some signs that a third-party vendor is security-conscious are:

  • The vendors have comprehensive security policies & disaster recovery plans in place and are updated and reviewed regularly.
  • Data Back-ups and recoveries are performed regularly. In case of hardware failure, the vendor has back-up servers to avoid interruptions.
  • Internal security audits are performed regularly.
  • Employees that have access to company data are vetted carefully (thorough background checks are performed).

 

But, as important as it is to make sure that the third-party vendors take data security seriously. It is also just as important to make sure that the data is secure on your end. To do that it is important to:

  • Have a strong internal security policy.
  • Know what data is sensitive & where it is located on your system. Never give one person access to more than one portion of your sensitive data.
  • Know your responsibilities and rights, as well at know those of your providers.

 

Another important aspect of a data breach is the reporting requirements. Reporting requirements differ depending upon the state in which the breach occurs. Additionally, if a breach involves information of clients across state or country lines, other reporting requirements will come into effect. It is vital to know your state’s cyber security breach reporting requirements.

 

If you have any questions about Data Breaches, Cyber Security, Computer Forensics, or Reporting requirements contact FDS Global. You can reach us at our office at (954)727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.


  • 6

“IoT Devices Beware: The BrickerBot”

Dear Blast Readers,

 

Do you leave your IoT (Internet of Things) Devices connected to the internet? Did you know that if you leave you IoT devices connected to the internet, even when you are not using them, it opens doors allowing hackers more time to gain control of your devices? Did you know that there is a form of malware that leaves your device impossible to use once infected?

 

A BrickerBot is a form of malware that has been created to infect a collection of devices. The “Bricker” in “BrickerBot” is referring to rendering a device, or devices, completely useless or inoperable, like a brick used as a paperweight. This is accomplished when the BrickerBot corrupts the device’s storage capabilities.

 

The way in which BrickerBots behave do not always match up with the behavior of traditional botnets. A botnet is a network of devices that have been infected. Their purpose is to keep the infected devices around for as long as possible.

 

Most botnets can be used for:

  • Sending out spam.
  • DDoS Attacks (also known as “Distributed Denial of Service Attacks”).
  • Phishing Attacks.

 

BrickerBot Malware uses a “Permanent Denial of Service” attack or PDDoS attack. This is when the BrickerBot physically disables the device.

 

How?

 

The device is physically disabled when the BrickerBot corrupts the firmware on the devices. Usually the only way to fix this is to replace the device, or if possible re-install the firmware.

 

BrickerBots use a set of commands to help accomplish their end goal of “Bricking” your smart devices. These commands will:

  • Render Flash storage useless by writing random bits to the storage drives on the devices.
  • Disabling TCP Time stamps, leaving connectivity vulnerable.
  • Limiting the processes that the devices can run at once.

 

How are you supposed to protect yourself from a BrickBot?

To protect yourself and your IoT Devices from BrickBots, you should:

  • Change your login information (BrickBots come with a dictionary containing default login information).
  • Limit the internet connectivity your device has. (Leaving your IoT devices connected, especially when you are not using them, gives hackers more time to take control and infect your devices.)
  • Install updates as frequently as they become available.

 

It is important to remember:

  • Every device that is smart and/or has internet connectivity should have STRONG PASSWORDS.
  • Take security into your own hands, do not rely on default security from the manufactures. (Remember: BrickBots come with a dictionary that contains default login information. Changing your login information should make your devices harder to hack.)

 

If you have any questions relating to IoT Devices, IoT Security, Hacking, Cyber Security or Computer Forensics contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.


  • 0

“Is Your Next Lawyer Going To Be A Person or A Computer?”

Dear Blast Readers,

Every day, Technology is becoming increasingly smarter, and a more integrated part of our everyday life. Our refrigerators can now tell us when we are running low on eggs. We live in an age that some refer to as “The Fourth Industrial Revolution” or “Technological Revolution”. This fourth industrial revolution has brought the following to fruition:

  • Effectively unlimited computer power
  • Artificial Intelligence that is gaining more knowledge every day.
  • Artificial Intelligence communicating with unaware people on social media.

A combination of these aspects will challenge the definition of being a worker, as well as what it means to be a human.

Warnings have been coming for centuries about this revolution and what it will bring our society. Albert Einstein once said, “I fear the day that technology will surpass our human interaction. The world will have a generation of idiots.”

Albert Einstein’s quote should give most of you an uneasy feeling. In Japan there is a phenomenon in which cyber-girlfriends are replacing many human-to-human relationships.

This revolution has promised that Artificial Intelligence (AI) and Automation will indeed remove the need to work, and/or (a less favorable option) take away people’s jobs.

There is currently AI that is starting to replace Lawyers. Currently this AI is filling out some of the more mundane and simple forms, but it’s developers are committed to add more advanced functionalities.

There are two categories of skills in which most everyday actives both professionally and personally fall into. Those are hard skills and soft skills.

Hard Skills, include: Cognitive and Mathematical reasoning and are things that machine learning and AI technology will find easy to do.

Soft skills, such as: motivation, teamwork and social skills are much more difficult for a machine to recreate. These are the type of skills that play a vital role in the economy (they are not skills that are just “nice to have”).

If you have any questions on anything mentioned in this week’s Blast please, feel free to contact us by email at rmoody@fds.global or give our office a call at (954) 727-1957. Please visit our website at www.FDS.Global.