Why Your Business Requires Security

The States and Federal Identity Theft and Privacy Protection Laws now require businesses, agencies and organizations of all sizes to protect all personal information they store, and report to all their customers whenever a breach occurs. The financial ramifications after having a data breach can be very substantial to both present and future business. In some many cases a company never does recover from a breach and is forced to close down. Currently, the average cost on a company is $3.7M per incident.

Phishing Protection Test Made Simple

By · Comments Comments Off on Phishing Protection Test Made Simple

Want an easy way to tell if an email is true or a phishing attack?

phishingI recently received an email that looked like Microsoft was doing a campaign on its 25-year anniversary of Excel. If I submit an article of my best Excel story, according to the email, I could win an X-Box.

My first thought was, “Has it really been 25-years and boy do I have some great stories.” But looking over the email, something just didn’t seem right. Was this a phishing email? So here is my quick an dirty test to determine if the email is a scam.

Quick way to test for a phishing email

Using Outlook, (this may work in other email systems but I don’t use them so I can’t confirm) place your mouse’s cursor on top of any link, button or image (but don’t click). The link address will display by the cursor.

If the address make no sense or looks like it is going to a strange email address then it is probably a phishing attack. Erase the email as fast as you can. The odds are if you click you may download a virus, trojan horse, worm or some other nasty. That’s what phishing is all about. If in doubt, you can always contact the company through their website. What’s the most that will cost?

Hope this helps. If you have some other suggestions on phishing tests I would love to hear them.

Comments Comments Off on Phishing Protection Test Made Simple

Obama Administration Plans Internet ID

By · Comments Comments Off on Obama Administration Plans Internet ID

Internet security today without a Government Internet ID Card

Fox News reported on 1/8/11 that ” Obama Administration Reportedly Plans to Create Internet ID for All Americans“. Obama wants the Commerce Department to create Internet ID for all Americans.

Internet IDWithout getting into the political side, there are some key concerns that arisewith a government issues Internet ID card.  Digital certs will be implemented, but they are difficult to manage. Their main advantage is the non-repudiation feature – ensuring that an individual actual did something and can’t deny it later. But to get that you need a central location to first authenticate that you are who you say you are. With all the fake and stolen ID’s out there can one really be sure of an individual’s identity anymore?  That then may lead to fingerprinting everyone which brings up a whole new area of privacy concerns. Then who is going to check records and issue the cards? How much will they cost, who pays for it, and will it be such that only the “wealthy” can use the internet securely?

Gary Locke, Commerce Secretary, states “We are not talking about a national ID card. We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.”

If what Gary is saying is true, well that password security and management solution already exists with products like Power LogOn from Access Smart. To be up front, that is the product I helped develop and sell. Without going into a marketing/sales post (and I hate them too),  please give me a moment to explain what it does.

So before waiting for a “national Internet ID card for the virtual world”, there are time-tested solutions available today.

Power LogOn is  a secure, multi-authentication smartcard that stores URLs, User Names and Passwords to 100+ sites without the user having to remember or type them. Now with the user out of the logon process, they are protected from phishing, pharming, key loggers and other ID Theft attacks. Then for those companies with servers, Power LogOn can interface with LDAP, Active Directory and such so IT can manage their company’s information. It’s an Internet ID card that the individual or corporate IT Director manages, and not the government.

Passwords are not the problem with online security and identification. It is how we as humans with all our foibles that make accounts insecure. If you are interested in additional cloud security issues, please read my other blogs. So before waiting for a “national Internet ID card for the virtual world”, there are time-tested solutions already on the market that can protect individuals and companies of any size today for a fraction of the cost of a government project.

Comments Comments Off on Obama Administration Plans Internet ID

Phishing emails posing as the IRS

By · Comments Comments Off on Phishing emails posing as the IRS

Phishing Warning from IRS, Aug. 20, 2010:

There is a fraud risk you need to be aware of. It is related to the phishing emails claiming to be from Electronic Federal Tax Payment System (EFTPS)

 This scam is going out to both businesses and individuals.

PhishingThe IRS recently became aware of a fraudulent scheme targeting EFTPS users, the scheme uses an e-mail that claims your tax payment was rejected and directs you to a website for additional information. The website contains malware that will attempt to infect your computer.

If you receive a phishing message claiming to be from the IRS or EFTPS, please:

Do not reply to the sender, access links on the site or submit any information to them.

  1. Forward the message as-is immediately to us at mailto:phishing@irs.gov
  2. How to report and identify phishing, e-mail scams and bogus IRS websites.
  3. If you receive a suspicious e-mail or discover a website posing as the IRS, please forward the e-mail or URL information to the IRS at phishing@irs.gov.
  4. EFTPS is a tax payment system provided free by the U.S. Department of Treasury. Pay federal taxes electronically via the Internet or phone 24/7. Visit EFTPS to enroll.

The IRS does not initiate taxpayer communications through e-mail. Anything your receive claiming to be from the IRS is a Phishing Attack. Whenever in doubt, contact that IRS directly and don’t use any phone numbers or links listed on the Phishing email.

Comments Comments Off on Phishing emails posing as the IRS

Facebook Privacy – Whose fault is it?

By · Comments Comments Off on Facebook Privacy – Whose fault is it?

Does Facebook have a privacy problem, or do we have an information shut-up problem?

Recently, the news has been reporting on Facebook having a privacy problem. While personally I might not like that they sell private info, they are not selling anything that doesn’t already show up on an account. With Facebook’s recent privacy statement and blocking button it still comes down to who’s at fault:

  • The social media and cloud based service companies for making public information viewable;
  • The third party spiderware and bots that can go into sites and collect the information made public; or
  • The individual who puts all their personal information into Facebook, MySpace, Twitter, etc. and thank it is private? Read More→
Comments Comments Off on Facebook Privacy – Whose fault is it?

Tips on how to create a strong password

By · Comments Comments Off on Tips on how to create a strong password

Uniblue (www.uniblue.com) recently posted the following arcticle on password security. While all their points are spot on, there still is one hole: How is someone expected to manage all these security tips? Answer: Power LogOn by Access Smart. (www.access-smart.com).

Uniblue Article:

(October 2010) Choosing a strong password is of great importance to everyone. However, it is not always easy to know what makes a strong and secure password which would leave hackers empty handed and reduce the potential of being a victim of other online threats. Read More→

Comments Comments Off on Tips on how to create a strong password