Category: cybersecurity

  • These Everyday Objects Can Lead to Identity Theft

    These Everyday Objects Can Lead to Identity Theft

    You wouldn’t think a child’s toy could lead to a breach of your personal data. But this happens all the time. What about your trash can sitting outside? Is it a treasure trove for an identity thief trolling the neighborhood at night?

    Many everyday objects can lead to identity theft. They often get overlooked because people focus on their computers and cloud accounts. It’s important to have strong passwords and use antivirus on your PC. But you also need to be wary of other ways that hackers and thieves can get to your personal data.

    Here are six common things that criminals can use to steal your information.

    Old Smart Phones

    People replace their smartphones about every two and a half years. That’s a lot of old phones laying around containing personal data.

    Just think of all the information our mobile phones hold. We have synced connections with cloud services. Phones also hold banking apps, business apps, and personal health apps. These are all nicely stored on one small device.

    As chip technology has advanced, smartphones have been able to hold more “stuff.” This means documents and spreadsheets can now be easily stored on them. Along with reams of photos and videos.

    A cybercriminal could easily strike data theft gold by finding an old smartphone. They often end up at charity shops or in the trash. Make sure that you properly clean any old phones by erasing all data. You should also dispose of them properly. You shouldn’t just throw electronics away like normal garbage.

    Wireless Printers

    Most printers are wireless these days. This means they are part of your home or work network. Printing from another room is convenient. But the fact that your printer connects to the internet can leave your data at risk.

    Printers can store sensitive documents, such as tax paperwork or contracts. Most people don’t think about printers when putting data security protections in place. This leaves them open to a hack. When this happens, a hacker can get data from the printer. They could also leverage it to breach other devices on the same network.

    Protect printers by ensuring you keep their firmware updated. Always install updates as soon as possible. You should also turn it off when you don’t need it. When it’s off it’s not accessible by a hacker.

    USB Sticks

    Did you ever run across a USB stick laying around? Perhaps you thought you scored a free removable storage device. Or you are a good Samaritan and want to try to return it to the rightful owner. But first, you need to see what’s on it to find them.

    You should never plug a USB device of unknown origin into your computer. This is an old trick in the hacker’s book. They plant malware on these sticks and then leave them around as bait. As soon as you plug it into your device, it can infect it.

    Old Hard Drives

    When you are disposing of an old computer or old removable drive, make sure it’s clean. Just deleting your files isn’t enough. Computer hard drives can have other personal data stored in system and program files.

    Plus, if you’re still logged into a browser, a lot of your personal data could be at risk. Browsers store passwords, credit cards, visit history, and more.

    It’s best to get help from an IT professional to properly erase your computer drive. This will make it safe for disposal, donation, or reuse.

    Trash Can

    Identity theft criminals aren’t only online. They can also be trolling the neighborhood on trash day. Be careful what you throw out in your trash.

    It’s not unusual for garbage to enable identity theft. It can include pre-approved credit card offers that you considered “junk mail.” Your trash can also hold voided checks, old bank statements, and insurance paperwork. Any of these items could have the information thieves need to commit fraud or pose as you.

    A shredder can be your best friend in this case. You should shred any documents that contain personal information. Do this before you throw them out. This extra step could save you from a costly incident.

    Children’s IoT Devices

    Electronic bears, smart kid watches, Wi-Fi-connected Barbies… all toys that hackers love. Mattel’s Hello Barbie was found to enable the theft of personal information. A hacker could also use its microphone to spy on families.

    These futuristic toys are often what kids want. Parents might think they’re cool, but don’t consider their data security. After all, these are children’s toys. But that often means they can be easier to hack. Cybercriminals also zero in on these IoT toys, knowing they aren’t going to be as hard to breach.

    You should be wary of any new internet-connected devices you bring into your home. That includes toys! Install all firmware updates. Additionally, do your homework to see if a data breach has involved the toy.

    Schedule a Home IT Security Audit & Sleep Better at Night

    Don’t let the thought of identity theft keep you up at night. Give us a call today and schedule a home IT security audit. You’ll be glad you did.


    Featured Image Credit

    This Article has been Republished with Permission from The Technology Press.

  • 6 Things You Should Do to Handle Data Privacy Updates

    6 Things You Should Do to Handle Data Privacy Updates

    Once data began going digital, authorities realized a need to protect it. Thus, the creation of data privacy rules and regulations to address cyber threats. Many organizations have one or more data privacy policies they need to meet.

    Those in the U.S. healthcare industry and their service partners need to comply with HIPAA. Anyone collecting payment card data must worry about PCI-DSS. GDPR is a wide-reaching data protection regulation. It impacts anyone selling to EU citizens.

    Industry and international data privacy regulations are just the tip of the iceberg. Many state and local jurisdictions also have their own data privacy laws. Organizations must be aware of these compliance requirements. But they also need to know about updates to these rules.

    By the end of 2024, about 75% of the population will have its data protected by one or more privacy regulations.

    Authorities enact new data privacy regulations all the time. For example, in 2023, four states will have new rules. Colorado, Utah, Connecticut, and Virginia will begin enforcing new data privacy statutes.

    Businesses must stay on top of their data privacy compliance requirements. Otherwise, they can suffer. Many standards carry stiff penalties for a data breach. And if security was lacking, fines can be even higher.

    The Health Insurance Portability and Accountability Act (HIPAA) uses a sliding scale. Violators can be fined between $100 to $50,000 per breached record. The more negligent the company is, the higher the fine.

    Does all that sound scary?

    Don’t worry, we have some tips below for you. These can help you keep up with data privacy updates coming your way.

    Steps for Staying On Top of Data Privacy Compliance

    1. Identify the Regulations You Need to Follow

    Does your organization have a list of the different data privacy rules it falls under? There could be regulations for:

    • Industry
    • Where you sell (e.g., if you sell to the EU)
    • Statewide
    • City or county
    • Federal (e.g., for government contractors)

    Identify all the various data privacy regulations that you may be subject to. This helps ensure you’re not caught off guard by one you didn’t know about.

    2. Stay Aware of Data Privacy Regulation Updates

    Don’t get blindsided by a data privacy rule change. You can stay on top of any changes by signing up for updates on the appropriate website. Look for the official website for the compliance authority.

    For example, if you are in the healthcare field you can sign up for HIPAA updates at HIPAA.gov. You should do this for each of the regulations your business falls under.

    You should have updates sent to more than one person. Typically, your Security Officer or equal, and another responsible party. This ensures they don’t get missed if someone is on vacation.

    3. Do an Annual Review of Your Data Security Standards

    Companies are always evolving their technology. This doesn’t always mean a big enterprise transition. Sometimes you may add a new server or a new computer to the mix.

    Any changes to your IT environment can mean falling out of compliance. A new employee mobile device added, but not properly protected is a problem. One new cloud tool an employee decides to use can also cause a compliance issue.

    It’s important to do at least an annual review of your data security. Match that with your data privacy compliance requirements to make sure you’re still good.

    4. Audit Your Security Policies and Procedures

    Something else you should audit at least annually is your policies and procedures. These written documents that tell employees what’s expected from them. They also give direction when it comes to data privacy and how to handle a breach.

    Audit your security policies annually. Additionally, audit them whenever there is a data privacy regulation update. You want to ensure that you’re encompassing any new changes to your requirements.

    5. Update Your Technical, Physical & Administrative Safeguards As Needed

    When you receive a notification that a data privacy update is coming, plan ahead. It’s best to comply before the rule kicks in, if possible.

    Look at three areas of your IT security:

    • Technical safeguards – Systems, devices, software, etc.
    • Administrative safeguards – Policies, manuals, training, etc.
    • Physical safeguards – Doors, keypads, building security, etc.

    6. Keep Employees Trained on Compliance and Data Privacy Policies

    Employees should be aware of any changes to data privacy policies that impact them. When you receive news about an upcoming update, add this to your ongoing training.

    Good cybersecurity practice is to conduct ongoing cybersecurity training for staff. This keeps their anti-breach skills sharp and reminds them of what’s expected.
    Include updates they need to know about so they can be properly prepared.

    Remember to always log your training activities. It’s a good idea to log the date, the employees educated, and the topic. This way, you have this documentation if you do suffer a breach at some point.

    Get Help Ensuring Your Systems Meet Compliance Needs

    Data privacy compliance can be complex. But you don’t have to figure it all out yourself. Our team is well-versed in compliance needs. Give us a call today to schedule a chat.


    Featured Image Credit

    This Article has been Republished with Permission from The Technology Press.

  • Why You Need to Think Twice Before Using Lensa AI & Other Self-Portrait Apps

    Why You Need to Think Twice Before Using Lensa AI & Other Self-Portrait Apps

    It’s a common theme. You begin seeing these amazing CGI images of your friends on Facebook or Instagram. You think, “How can I make one?”

    Filters and self-portrait apps have come a long way. You can now make yourself look like Hollywood’s version of a character in the next hit animated film. It still kind of looks like you, only a dream version with “perfect” hair, skin, and facial features.

    The latest of these modern vanity marvels to make the rounds is Lensa AI. You upload about 10 photos so the app can feed that data into its AI algorithm. Then, once it maps your facial features, it generates several fantasy selfies of you.

    These magical avatars don’t come for free though. While you can download the app for free and use it in a limited fashion, you need to pay to do more. To get unlimited access for one week, it’s $2.99. There are several pricing tiers for its avatar packs and membership access. These range from $3.99 for Avatars Pack 1 to $35.99 for full membership.

    It sounds like a little harmless digital fun, right? That’s what many companies making apps like this like you to think. Vanity is an easy sell, and who doesn’t want to have a fabulous profile pic?

    But for Lensa AI and several similar self-portrait apps, you’re paying more than you know. The cost comes from the data privacy rights you’re giving up. And these can go far beyond the app itself.

    Why Worry About Data Privacy with Lensa AI & Similar Apps?

    Thanks to laws like GDPR, software and app developers need to tell you what they do with your data. Looking at the app at the Mac App Store, a few alarming things jump out.

    Data Used to Track You

    Once you download the Lensa AI app, it can track your phone activity. The app store states that the app may use purchases and unique identifiers to track you. And this doesn’t mean only tracking you while in Lensa AI. It can track you across websites and apps owned by other companies.

    Data Collected

    Lensa AI scours your device for a lot of different data points. By downloading it, you permit it to do this. Some of the tracking links to you personally (such as linked to your name, IP address, or phone number). It collects a lot of other data, but not with your name or another identifier on it.

    Data collected and linked to you:

    • User content (such as the images you upload)

    Data collected, but not linked to you:

    • Purchases you make on websites or apps
    • Usage data for apps, etc.
    • Identifiers (this isn’t specified, but could mean things like city or gender)
    • Diagnostics from your device

    Loss of Rights to Your Uploaded Images

    What apps like Lensa AI do with your data is a grey area. Many tech companies, such as Facebook, have been known to act irresponsibly with user data. Many are purposely vague in their terms and conditions, leaving the door open.

    One section from the Lensa AI Terms that users agree to states the following:

    “…solely for the purposes of operating or improving Lensa, you grant us a time-limited, revocable, non-exclusive, royalty-free, worldwide, fully-paid, transferable, sub-licensable license to use, reproduce, modify, distribute, create derivative works of your User Content, without any additional compensation to you…”

    For the sole purpose of “operating” Lensa, could mean anything. It could mean that to make more money to operate the business, the company needs to use your images. Note that it also states it can modify, distribute, etc. YOUR user content.

    Things You Can Do to Protect Your Data Privacy

    Don’t Immediately Jump on Every Fad

    This one may be hard when you see all your friends using a new app. It’s natural to want to be a part of that. But try waiting a week. Most likely those avatar images from the latest selfie app won’t be blowing up your feed anymore.

    Read App Terms & Conditions

    Take the time to read an app’s terms. You are often giving up more data privacy rights than you realize. This includes giving an app the ability to track just about everything you do on your device. Be aware of what’s at risk before you download a new app.

    Restrict Data Collection

    If you can’t resist an app’s charms, at least make it as secure as possible. This includes taking the time to restrict its data collection features, where possible.

    Use your phone’s privacy and security settings to turn off data sharing. For the Lensa AI app, you can also contact the company to request that it delete your data from its servers. Its privacy policy states to email privacy@lensa-ai.com for questions and concerns.

    Get a Device Privacy Checkup

    The more apps you use, the more complicated data privacy can get. Don’t leave it to chance. We’ll be happy to help. Give us a call today to schedule a device privacy checkup.


    Featured Image Credit

    This Article has been Republished with Permission from The Technology Press.

  • Managed Security Information Management Services

    Managed Security Information Management Services

    Managed Security Information

    Managed Security Information (MIS) is the transmission or distribution of customer-managed data to specified parties. Customers usually control their own networks. They can do this through software applications, which allow for self-service from anywhere there is an Internet connection, which means that the customer data is in the hands of the person who owns it. However, many businesses turn away from this ‘hands off’ method and use the Internet to provide customer-managed information to increase productivity.

    Managed Security Information Management systems act as a central information monitoring system that transmits data about security-related occurrences on the network. Managed Security Information Management functions by showing charts, graphs, and reports of the various data presented to the parties involved. The report may include anything from the number of attacks made on a system to the downtime caused by those attacks. Moreover, the reports are used to make decisions by the management team based on the collected data. As such, decisions based on the threat assessment conducted and on the overall security situation of the organization.

    Companies are using the Internet to supply their own Managed Security Information to their security teams, which allows each security team to view a comprehensive picture of the organization. Security groups may then use the information to prepare an audit of the entire organization. In addition, it allows security teams to make decisions regarding security solutions that would be impossible without the data provided by the Managed Security Information Management system. This data can train security teams in new ways that they would not have learned without the information.

    Many companies have begun utilizing cloud-based security information and event management solutions and a managed solution with a local server. This is because it is more cost-efficient to run cloud-based and managed products on a local server than on a server located elsewhere. Security teams can access the Managed Security Information and Event Management system (MSIEM) directly. They do not have to worry about application compatibility issues or compatibility with applications running on the desktop because they are running on the cloud.

    There are several benefits associated with cloud-based and managed solutions. The first benefit is the speed of accessing the information. With a Managed Security Information and Event Management (MISEM) program, there is instant access to up-to-date and comprehensive information about the organization. Security teams do not have to wait for a download to complete on a remote server before viewing the information. Also, they do not have to travel to the server’s location because everything is stored on the Internet.

    Another advantage of a managed service is that users do not have to install any security solutions on their computers. Moreover, it can save time for IT staff members who need to install the different software and hardware for an in-house solution. Moreover, managed services provide users with real-time updates and options. This means that once a threat has been identified on a computer, it can be dealt with immediately.

    Another benefit of a managed solution is that it provides real-time protection from security threats. By using such a technology, information is updated and shared immediately. This helps in better dealing with security threats as well as minimize downtime for a company. It can also monitor and analyze all data to see if any security threats are present on a system. Therefore, overall security is improved through the use of these programs.

    One of the biggest threats to companies today is cyber-crime and the rapid spread of malicious programs developed and spread online. By offering real-time protection and analyzing these threats, it is possible to stop them before they cause a severe impact on business operations. The best way to keep systems safe from threats is to get an effective Managed Security Information Monitoring (MSIM) solution. This will ensure that security threats are dealt with fast and effectively. Therefore, whether small or large businesses are looking to improve their security posture, it is essential to get a Managed Security Information Solution (MISA) for complete monitoring and analysis of all security threats.

  • The Cybersecurity Concerns of Working Remote

    There is a growing concern among employers that their employees will be susceptible to cybersecurity risks from their own work from home computers. It has been estimated that up to 70% of all corporate work from home workers have been targeted by cyberattacks. The number of these attacks has dramatically increased as the cost of information technology has continued to increase.

    Cybersecurity Risks of Working From Home

    So, what are the cybersecurity working remotely risks? As mentioned earlier, many individuals are now working from home on their own for the foreseeable future. If an employee were to steal company property, steal client information, or perform other criminal activities they could potentially face jail time. This is especially true if the employee is using their personal computer to do work at the workplace. It is therefore important for employees to take measures to prevent their personal computers from being compromised.

    It is also important that the employer considers the cybersecurity working from home data protection risks of their employees. In many cases, this can only be accomplished by having a well-developed employee information security policy. Any time a business owner requires the use of their personal computer (PC) for their business, there is always the risk of it being compromised.

    The main way of protecting your business is by ensuring that the information that you store on your PC can not be accessed by anyone else. To help protect this information it is important to have a data encryption program installed and running on your PC. Even if you have a firewall or some form of anti-virus installed on your system, these programs cannot stop a hacker from gaining access to the necessary information.

    If you do not already have high-quality antivirus software on your PC, you should consider downloading one. While this may seem like a minor change, it can mean the difference between being able to access the information on your work computers and not being able to. Once you have this on your PC, it will monitor for viruses, worms, Trojans, spyware, and malware and remove them before they can do any damage to your company’s network.

    In order to keep a regular antivirus running, there are several steps that you can take. Most antivirus programs will allow you to schedule a scan at a fixed time of day. The reason for this is because it makes it easy for your computer to keep track of updates. The easiest way to do this is to set it so that you don’t have to input anything each time the program updates.

    If you don’t want to schedule a daily scan, then you can still check it regularly using scheduled scanning options. However, this will require some time to set up and can also be time-consuming. It is best to run daily scans to ensure your business is fully protected.

    Employers should also consider the cybersecurity working from home data protection risks of their employees when it comes to keeping their networks up to date and running smoothly. When a computer’s files and folders are outdated or corrupted, it will take longer for them to load and run. If they are corrupt, hackers will have more time to gain access to your system.

    By using a registry cleaner on your computer, you can quickly and easily scan and repair any damaged files so that they are ready to be used again. This also ensures that the antivirus can keep your data secure and can help you run your computer without any issues. The registry can become corrupt as well; by running an antivirus program regularly, it can scan the files on your computer and fix any of the errors it finds.

    The best way to make sure that all security measures are in place is to update the software on your computer. This will ensure that you are taking the most up to date security measures possible and that can protect your data.

    While working from home is convenient and beneficial, it does require a bit of work to keep your work computers protected. Make sure that your antivirus program, firewall and data backup software are all updating to keep your company’s information safe. and keep your work computers secure and running efficiently.