October 4th, 2010 by Catherine
Millions have fallen for it, have you? Online criminals are laughing all the way to the bank.
A. Scareware refers to fake sales tactics intended to scare users into thinking their PCs have critical errors/viruses that need to be secured right away. Scareware offers an immediate solution (at a price of course) as a software download. More often than not this installs some kind of spyware or malware onto your PC. This software can make you more vulnerable to fraud and identity theft.
Protect yourself and your PC:
- Don’t click on any pop-ups or ads on websites that mention critical errors/viruses and the like. Even if they say they’re from Microsoft or other well known service providers.
- Purchase reputable software like ZoneAlarm (info here, call Software Paradise on 0800 289 041 to purchase).
- It takes some common sense as these cyber criminals need you to get what they want, be it credit card details, passwords etc.
- These scams can even appear on trusted sites like Google and Twitter – so be wary of everything you click on.
- Keep your operating system and antivirus protection up-to-date.
- If you do receive a scareware pop-up don’t click on it to close it. Use your task manager instead.
Top in IT security headlines has been the threat of ’scareware’. Symantec released a report this week stating that over 40 million people have fallen for scareware scams in the last year. There have even been reports of cybercriminals holding your computer and data at ransom by locking your PC and demanding relatively small amounts of money to get your data and control back. Because the amounts of money are small it is believed that there are many cases out there that have gone unreported.
In the current climate people are increasingly worried about online fraud, identity theft and hackers. This is why scareware scams are on the increase – online criminals know they work.
Tags: scareware
Posted in Cyber Warfare, Data Theft, Email Security, Fraud, News, Q & A | 12 Comments »
September 17th, 2010 by Catherine
The BBC reported that the fines were related to ‘offenses’ in 2007 and 2008. 
The FSA found that HSBC had failed to sufficiently protect confidential details about their customers. Twice, unencrypted customer data was lost in the post. Unencrypted data on CDs was left in open shelves and unlocked cabinets.
They probably didn’t follow the standard practices recommended for handling sensitive data.
A quick reminder:
- Always encrypt data
- Avoid sending information by post, use secure FTP instead
- Make your staff aware of the risks associated with identity theft
- Have a security policy in place referring to the Data Protection Act
Margaret Cole, director of enforcement at the FSA stated: “It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers’ details.”
The fines could have been more, but HSBC came to an agreement in the early stages of the FSA’s investigation, saving an additional £1.5m in fines.
Tags: data security fines
Posted in Data Theft, News | 3 Comments »
August 27th, 2010 by Catherine
This time, from the ISF (Information Security Forum), a leading independent authority on information security, who have just released their predictions for IT security in 2011.
There is a shift predicted to highly organised cyber crime and targeted attacks.
It is important that we keep data safe now and plan for the future.
Chief executive Prof. Howard A. Schmidt at the ISF, states: “Even in today’s financial climate and increased threat environment, we are better placed than ever before to meet these challenges – as long as we have the resolve to strengthen and invest in security rather than reduce it.”
There is still time to put security measures in place, and they needn’t cost a fortune. Common sense, combined with first line of defence physical security and second line basic encryption will go a long way in helping to keep information safe and reduce data loss.
Think about the disgruntled employee
Criminals will be approaching employees that have been affected by the recession for sensitive company data.
Don’t be a victim of Social Engineering
Think back to the Second World War and the nostalgic posters, ‘Loose Lips Might Sink Ships’ and ‘The Walls Have Ears’, and keep information to yourself.
Here are the predicted top ten risks:
- Criminal attacks
- Weaknesses in infrastructure
- Tougher statutory environment
- Pressures on off shoring / outsourcing
- Eroding network boundaries
- Mobile malware
- Vulnerabilities of Web 2.0
- Incidents of espionage
- Insecure user-driven development
- Changing cultures.
Jason Creasey, head of research at the ISF, has stated that the recession is accelerating the changes and advancements in IT threats: “…. fuelled by increasing staff turnover and dissatisfaction; along with the increased involvement of organised criminal groups that see online crime as a lucrative and low risk alternative to other nefarious activities.”
Tags: Data Theft, it security, social engineering
Posted in Cyber Warfare, Data Theft, Email Security, Fraud, Mobile Communication, Mobile Security, News | No Comments »
August 26th, 2010 by Catherine
Jennifer Taylor, IT Security Advisor, Software Paradise: 
A. We use USB ports to transfer files by connecting flash drives, cameras, SD Cards, iPods or any other USB port devices. It is important to protect your USB port in order to protect your computer from malware, viruses and the loss of sensitive data.
It is possible to purchase physical USB port locks. Or, in a corporate environment, you can set-up endpoint security software to centrally manage USB devices.
Tags: usb security
Posted in Data Theft, News, Q & A | 2 Comments »
August 17th, 2010 by Catherine
Social Engineering – the inadvertent disclosure of confidential information by your employees, is every organisation’s weakest security link.
Technology solutions, security policies, and operational procedures cannot work in isolation. People play a key role in an organisation’s security policy success.
Phishing, Pharming and SPAM are recognised examples of social engineering, both carried out for the purpose of profit, but there are more. These profiteers are always one-step ahead; creating and deploying new attacks that we are not yet aware of.
Regularly updated security software will deal with the majority of Phishing and Pharming threats and block the deluge of dodgy SPAM, but there are always those that slip through the net. Only users can decide if they are going to respond or not, and if they do, inadvertently hand over sensitive data.
Social Threats:
Social Engineers are practiced at manipulating employees into compromising corporate security, undermining human judgement so the victim is willing to concede network security, or even let them into an office building, without verifying their identity. They gather information by listening to conversations in public places (cafes, public transport etc), watching people enter passwords and PINs into laptops and at cash points, and even searching through the rubbish.
Awareness:
- If employees don’t know about it, they can’t help!
- Create a strong security culture within the organisation
- Make employees aware of the threats and reinforce that security is everyone’s responsibility, not just that of the IT team
- Point out to employees that they are the last line of defence against hackers who have turned to social engineering because they cannot breach the security systems any other way
- Have regular training sessions/updates about the latest security threats.
Tags: Data Theft, security employees, social engineering
Posted in Data Theft, Fraud, Mobile Security, News | 4 Comments »
August 12th, 2010 by Catherine
The wife of Sir John Sawers (the future head of MI6) had posted personal family information on Facebook.
“I am concerned,” said Nigel Trevena, IT Security Advisor at Software Paradise. 
MI6 employees are bound by rigorous privacy rules, so the fact that these were broken is a worry in itself. Add to that the fact that this ‘incident’ occurred soon after Brown gave the go-ahead for setting up a UK Cyber Security Operations Centre, and it is no surprise that security professionals are once again rolling their eyes.
Tory Ken Clarke said that he doubts Britain’s enemies rely on Facebook for information (BBC News Online). Facebook might not be the first point of call when terrorists are doing their research, but using personal information can be an effective bargaining tool. Not only is the name and face of the future head of MI6 in the public domain, we have also seen the family album and know where they live. Protecting them has got to be a harder task as a result of the Facebook post.
I suggest you ask yourself these 10 questions before you decide to start broadcasting on a social networking site and potentially put yourself, your employer and your employment at risk:
1. Why do I need to broadcast this information?
2. Who can view what I am broadcasting?
3. Is what I’m planning to broadcast personal information?
4. Could someone use this personal information against me?
5. Am I broadcasting information that a friend/colleague/family member wouldn’t appreciate?
6. If I do decide to broadcast, have I ticked all the right boxes to ensure that strangers can’t view the information?
7. How do I ensure that others don’t post personal information on my page?
8. Am I sure I won’t use the site in company time and vent about work?
9. What would my employer think/do if I did this and they found out?
10. If I take a sick day, am I sure my friends won’t mention the beach trip on my page?
If you’re on the London network on Facebook, 200 million people can access your information. If you use MySpace or Bebo, anyone can view your page unless you turn off certain settings.
Is it worth the risk?
Tags: Data Theft, facebook security, mi6
Posted in Data Theft, Fraud, News | No Comments »
July 21st, 2010 by Catherine
Nigel Trevena, IT Security Advisor, Software Paradise
:
A. Confidential data is any information you don’t want others to access without your permission for example, your home address, phone numbers and bank details etc. Most people store this sensitive data on their computers.
If an unauthorised person gained access to this sensitive data, they could potentially alter any information or use it to make purchases or commit identity theft.
Top Tips:
• Only store sensitive information on your computer if it is absolutely necessary.
• Encrypt files containing confidential data.
• Physically secure your computer with a lock to deter and prevent theft.
• Set your computer up to ask for a password at start-up.
Tags: corrupt data, data storage, Data Theft
Posted in Data Theft, News, Q & A | No Comments »
July 1st, 2010 by Catherine
It’s a battlefield out there!
Our everyday use of the web, the IT systems that support it and ever more sophisticated technology has transformed our way of communicating and doing business. We have the freedom to work from multiple locations, but it comes with a red flag – there are lots of threats and dangers ‘out there’ which leave an organisation’s IT system very vulnerable.
Business data needs to be protected so that information remains confidential within the organisation, and intrusion from malware, spyware and viruses prevented.
Security breaches can prove fatal ……. or at best, damage a company’s reputation – which in the current credit crunch could be far worse than in healthier times.
So our advice is to take the 3 steps below
- The first line of defence – implement physical security
Lock down hardware and protect the weak spots. A cable lock and USB blocking device is a good first line of defence. Interestingly, the DTI Information Security Breaches Survey (ISBS) published in 2008 by PricewaterhouseCoopers, reported that 64% of UK businesses rely on physical security alone to protect their laptops and desktop PCs, compared with 56% in 2006. We’re having a sale here: http://www.softwareparadise.co.uk/pages/PC_Guardian_Security_Lock_Sale
- The second line of defence – encrypt company data
Locks and tagging may deter some thieves but this doesn’t rule out the need for encryption and password protection. “Almost 80% of firms that had reported a stolen computer had not encrypted data on the hard drive” (ISBS). It also reports that only 8% of companies encrypt or password-protect their hard disks compared with 13% in 2006.
- Backup out in the field – deploy endpoint security
Don’t neglect security on the move. Lots of people are travelling with laptops and removable media devices – USB’s, Blackberrys etc (endpoints). Traditional IT does not protect endpoints. If there isn’t endpoint security on your network, your company’s computers are vulnerable.
Data and computer theft has increasingly been the subject of press interest – you don’t want to be the next one featured! Examples are the MOD laptop stolen at a McDonalds restaurant and the loss of child benefit discs containing confidential information on 25 million people.
Posted in Data Theft, News | 2 Comments »
