Nov 29, 2011

Avoiding the Cyber Crime Holiday

Price Waterhouse Coopers just released a report finding that cyber crime against businesses has soared in 2011.  While Cyber Monday might be over, the online shopping discounts will continue to get better and better as Christmas approaches.  In essence, the holiday ad bombardment won’t stop until the New Year bells have tolled.

The press gives a great deal of attention to consumer protection over the holidays.  I even wrote an article for ABC News on this just this week.  And for good reason.  This year 40% of consumers will have their information misused.

But given the just as staggering figures for online crimes against businesses, what are these companies supposed to do? Are there good practices that businesses should adhere to this holiday season? The short answer is yes.

For any business, consumers are your most important asset.  If your customers don’t trust you, you won’t be in business long. Just as a manufacturers takes steps to ensure that the products they make are safe for consumers, businesses that engage in online sales must give cyber security the same level of importance.  Hackers will check how easy it is to break into a site, so put up the online security locks and force them to go elsewhere.  Note that the bigger you are, the more of a target you become.  Hackers love to make headlines, so be on the ready if you are popular site.

And follow these security tips to get started on the right path to putting your consumer first:

Cyber security basics: Make sure your system is secure by encrypting usernames, passwords, and valuable personal information that belongs to your consumer.  Also, break up personal information, for example, store username separate from full names and addresses.

“Red Team” your site – bring in a team of white hat hackers (a service SSP Blue provides, for example) to do a security assessment – they can find security holes and help you fix them before the bad guys exploit them.

“Red Team” your site again – anytime you change anything on the site – add a feature, for example – make sure it goes through the Red Team process again before going live.  A new feature can sometimes break something else.

Teach secure coding – the best engineers still need training on how to write ‘secure code’.  If you outsource your engineering, demand the outsourced company do the same.

Insert ‘Teachable Moments’ throughout your site – teach your users how to be cautious online and how to navigate safely – so they make it part of their daily routine and trust you more in the process.

Staying alert, engaged, and secure this holiday season isn’t just for consumers.  Businesses need to be on guard as much as consumers do.

A few cyber security steps can make the difference between a prosperous holiday season and a lousy lonely one.

Nov 28, 2011

Cyber Monday: 6 Tips to Avoid Getting Hacked or Scammed

Cyber Monday — which for many stores begins Sunday — is almost upon us. That means that more than any other time of year, we’ll be bombarded with sales and deals and notices and ads. One study found 84 percent of retailers saying they would email consumers about holiday-shopping deals.

Your email inbox will be stuffed like a Thanksgiving turkey with all sorts of offers. Many will be legitimate. An ever-rising number will be scams targeting your identity and money.

Facebook may need you to click in the link in an email so they can verify your login information. UPS may send you an email saying you need to view the attachment to get details about a long-lost package. Your bank may send you an alert that your recent transaction was declined and they need your information immediately to correct the error. And a Nigerian Prince may notify you urgently that you’re about to receive $5,000,000…if you can just send him $500 to get the money out of a closed account.

If you think the only scam is the Nigerian Prince, you’re terribly mistaken. And this mistake can be costly.

According to Javelin Strategy & Research’s 2011 Identity Fraud Survey Report, 40 percent of all identity theft victims had their information stolen while making an online purchase.

Viruses and scams are becoming intertwined these days, and they are more cunning than ever. The latest trend in cyber infections is the active virus — a virus that cons you into taking some action.

Hackers and attackers are sending emails impersonating well-known and commonly used services like Facebook, UPS and your local bank in order to steal your information. They are very good at it. The emails look and sound legitimate even though they are designed to infect your computer or steal your personal and financial information.

How do hackers impersonate something like Facebook? Usually they fill an email with company graphics and links, which are easy enough to find via a Google image search. Often the hackers will go so far as to give you a warning reminding you to “be careful of scammers out there.” They even put privacy information on the bottom to make the email look official.

Among the “good,” legitimate-looking links in the email, there will be a note asking you to click a link to “verify” your login information. The link will take you to a site that’s dressed up to look like Facebook or a UPS page, for example, or it will open an attachment or drop a virus.

Once you’ve entered your identifying information — thinking you’re being smart and keeping up with privacy — the hackers steal your identity and money. Other emails might ask you to download a simple attachment that will actually launch a virus designed to give the hacker access to your computer and everything in it.

How can you avoid falling prey to these scams?

  • Check addresses carefully. Hackers send you messages from addresses that look legitimate and don’t raise alarms. But if the email address is “[email protected],” you can be sure that it’s not from Facebook. So don’t click the link in it. If it’s an official email, it will come from an official, company address.
  • Check the address again! Sometimes hackers even use technical tricks to make the address the email came from end with a legitimate, well-known domain. An example might be “[email protected].” Emails like these often contain infected attachments.
  • Research and use online security tools and services. Some of them are free — a good example is BillGuard, which scans your credit card bills for questionable charges. BillGuard says it has saved consumers more than $500 million in fraudulent charges consumers might otherwise not have noticed
  • Avoid attachments. Unless you personally know the sender of an attachment or email, do NOT download or open the attachment. If you are tempted, at least run the latest anti-virus, anti-phishing and anti-spyware software on your system.
  • Do your research. Most scams are talked about on the Internet somewhere. Google the type or wording of the scam and see what comes up. A site called www.snopes.com offers lots of information about new and old scams. Also, call the company from which the email is allegedly coming. If you’ve gotten an email from a bank and you call the bank but they have no record of your transactions, the email is a scam or a virus.
  • Go with your gut. If an email seems fishy (or “phishy”), it probably is. Use the common sense you use in the real world — it may seem obvious, but for whatever reason many people often suspend their common sense in the online world.

The holidays are all about giving — but not to scammers and hackers.

Nov 4, 2011

The Facebook Revolt

We talk a lot about the impact of social media on commerce and human connections.  The social media platform has the ability to transfer news and ideas faster than news and ideas can even be generated.  Since the start of what the media is calling the ‘Arab Spring’, social media has literally become something quite revolutionary.

Last spring, the conflicts in Bahrain and Egypt showcased the true power of the Internet, particularly of Facebook.  Before the proliferation of the Internet, protestors spread the word of an upcoming rally or demonstration through posters on city center walls and word of mouth.  Sitting governments would try to quell these movements by forbidding posters, declaring curfews, and outright banning demonstrations.

And then, along came the Internet and along came social media sites like Facebook.  Against all odds, Facebook has become one of the most powerful tools for the promotion of freedom.  It has made spreading the word to organize for a cause easier to do, faster to execute, and more far-reaching.  And yet, the best solution to stopping such an upheaval in today’s times is the same as it has been for hundreds of years – silence the protestor’s ability to speak and organize.  For a government, this means removing the newest weapon from the hands of the people, and that weapon is the Internet.

For many of the protests we’ve seen in the last year, the ultimate goal has been to overthrow the oppressive policies and actions of a government through massive civilian uprisings.  Historically, anti-government citizens achieved their goal by various means – organizing peaceful protests, seeking help from international organizations, taking up arms, and sometimes engaging in violent attacks against the government and military.  All of this remains true today, with the added power of the Internet.  For the protestor, the Internet is a powerful tool for increasing strength, gaining greater and broader support, and reaching out to family and friends.

It’s shocking to a great number of people that Facebook would become instrumental in the overthrow of long standing dictatorships or brutal regimes. People of Egypt used it. People of Tunisia used it. People of Bahrain used it.  When the war ‘ended’ and the NATO participation in Libya finally came, it was announced on Facebook.  It seems as if there is no end to the reach of the Internet, social media, and the concomitant power of Facebook.

The importance of the Internet in a revolution goes beyond the individual.  Foreign nation-states play significant roles during an uprising, and the Internet is one of many tools at their disposal. In many cases, providing Internet support and continued access to the Internet has become much like providing artillery support.

At end of the day, the Internet has become one of the most powerful tools for promoting freedom.  Amazingly, a platform that started as a means by which people share photos has evolved to help topple brutal dictators. There’s no telling where all of this could lead civilization.