Are You Having A Technology Emergency?

True North Networks Blog

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

2019 Cybersecurity Trends That Are Here To Stay

2018 has been a good year for cybersecurity so far, for organizations that have recently updated their systems to include automation, orchestration, and case management in acybersecurity 2019 centralized platform relevant to their industry. For the rest - it's fair to say the past two years haven’t been too great.

We witnessed a number of high-profile cyber attacks; including the Emotet malware attack on Allentown City Council, SamSam ransomware attack on the Colorado Department of Transportation, Equifax, Deloitte and the notorious WannaCry ransomware attack. The number of attacks continue to rise regardless of the constant flow of security updates and patches which raises the question - will 2019 be better or worse than 2018 and 2017? It’s best to stay ahead and learn about 2019 cybersecurity trends that are here to stay.

  1. Full-lifecycle incident management

Organizations are now investing in turn-key integrations that primarily intake events from a source system and make them available for incident management, investigation and security operations. The Connectors in these security systems are developed with each partner to ease implementation and provide bi-directional data flow from technology alliances that offer factory support from both sides.

  1. Ransomware

An increasing number of cyber criminals appear to have shifted their attention to ransomware. Ransomware works because it depends on on users’ negligent security practices. Given that a large percentage of internet users do not follow best practices – it’s predictable that most cyber criminals in 2018 are turning to it for their source of income. We shouldn’t undervalue the potential damage IoT ransomware could cause in 2019. For example, hackers may target serious structures such as city power grids. If the target city fails or refuses to the pay the ransom on time, the attackers can completely shut down the grid. Alternatively, since many cities and homes are opting for smart technology in 2018 and 2019 like automatic factory lines, smart TVs and more, hackers can target factory production, smart cars, home appliances such as smart fridges, smart ovens and more.

  1. Attacks powered by Artificial Intelligence

AI/Machine Learning software has the aptitude to ‘learn’ from the consequences of former events to help forecast and classify cybersecurity threats. According to a 2018 report, AI is used by roughly 87% of US cybersecurity professionals. Hence, it works as a double-edged sword as hackers can use the same AI to unveil sophisticated cyber attacks. What can organizations do about this ? Well, the artificial intelligence (AI) built into security systems like D3 transforms incident data and prior responses into a proactive and dynamic security posture. With machine learning and AI-driven response, security teams can automate triage and prioritization, while reducing false positives by up to 91%.

  1. GDPR compliance post 2018

The General Data Protection Regulation (GDPR), which will come into effect on May 25, 2018 is applicable to all organizations no matter where it is headquartered globally, that intentionally screens the behavior of individuals inside the European Union (EU), or offers goods and services to the EU. It offers an innovative framework for data protection with amplified responsibilities and obligations for organizations including elevated rights for data subjects, larger territorial scope and stringent consent laws. For global organizations that fail to adapt to this change, fines for non-compliance can reach up to 20 million Euros or 4% of worldwide annual turnover, whichever is greater. By early 2019, around 80% of multinational companies may fail to comply with GDPR if they do not understand modern Data Protection regulations.

  1. Advanced systems for digital investigations

To manage tasks, deadlines and processes, mix of spreadsheets, email and homegrown solutions will not meet the needs of complex digital investigations in 2019. Companies need to adopt a flexible, end-to-end guided investigation procedure, with automated deadline and SLA tracking, contextual instructions, and stage-based workflows that keep users focused on relevant data and features.

  1. The rise of national level attacks

The rise of national cyber-attacks is one of the most disturbing areas of cyber security. These attacks go beyond financial interests and are politically driven. In the near future, attacks will be designed to obtain intelligence and data to thwart the objectives of any country or political entity. They can be used to target electronic voting systems and user preferences on social media to manipulate public opinion in a particular way. Since national cyber security attacks are sophisticated, targeted, well-funded and have the potential to be extremely disruptive, Governments must safeguard their internal networks by isolating them from the internet and carry out extensive security checks on all staff members. Governments should never acquire and use technology or software from untrusted sources. For example, the U.S. Government banned Kaspersky software in all government agencies over concerns of Russia’s probable influence.

While threats and risks continue to pile up, the good news is the challenges we are about to face in 2019 aren’t insurmountable. The crucial aspect of managing them successfully is staying up-to-date with security systems, understanding possible future threats and pacing back to comprehend big-picture trends that are driving them.

 

Resource taken from: https://www.linkedin.com/pulse/2019-cyber-security-trends-here-stay-marushka-monette-dias/

  0 Comments
0 Comments
Continue reading

Attackers Targeting Lower-Level Management, Proofpoint Reports

In an unexpected shift, attackers are now going after different groups of people than they did last quarter, according to Proofpoint's third-quarter 2018 Protecting People report.

ransomware nov 2018

Cyber-attackers aren't continuously going after the same executive and high-level management; they are actually shifting targets to other individuals within organizations, including lower management, according to a report from Proofpoint released on Nov. 28.

The Proofpoint third-quarter 2018 Protecting People report found that a staggering 99 percent of the most targeted email addresses in the quarter were not even ranked in the second quarter. Additionally, Proofpoint reported that 67 percent of highly targeted malware and phishing attacks are now aimed at lower-level management and individuals.

"While the speed at which cyber-criminals move to lure new and unsuspecting victims has always been quick, we were surprised to see a 99 percent shift over the past quarter in the top targeted individuals within companies," Ryan Kalember, senior vice president of Cybersecurity Strategy at Proofpoint, told eWEEK. "By targeting primarily lower-level employees with access and privilege rather than senior staff, attackers are also widening their pool of potential targets and increasing their chances at successfully infiltrating a company."

The shift toward lower-level management and individuals for attacks doesn't mean that upper-level management shouldn't be concerned. In some cases, attackers are simply looking for a way into an organization so they can move laterally afterwards.

"Lateral movement is certainly very common," Kalember said. "In addition to traditional local privilege escalation and lateral movement via the network, we’ve seen a major increase in compromised accounts being used to send out further phishing or BEC [Business Email Compromise] messages."

BEC are attacks where a fraudster aims to impersonate a legitimate partner or executive to solicit a payment request. Kalember said that when attackers compromise accounts via a BEC attack, they can easily impersonate a trusted employee or partner and slip through security teams’ defenses that are network- and endpoint-focused.

Ransomware on the Decline

Another big shift observed by Proofpoint is the precipitous decline in ransomware over the past year.

"Ransomware appeared in less than 1 percent of email messages bearing a malicious payload, either via a link or attached document," Chris Dawson, threat intelligence lead at Proofpoint, told eWEEK. "A year ago in Q3 2017, ransomware made up 64 percent of the malicious payloads we observed."

While ransomware is fading, web-based social engineering attacks were up by 233 percent year-over-year. Dawson said the majority of these attacks are fake antivirus, bogus browser updates, fake font packs, etc. For example, a user may browse to a web page and be presented with a modal dialog informing them that they need a Flash update to view content on the page. When they click to download the update, they are actually downloading malware. 

DMARC

Attackers are also apparently taking notice of the protective measures in place that organizations have for email security, particularly the use of the DMARC (Domain-based Message Authentication, Reporting and Conformance). DMARC has been mandated for use by the U.S. government and includes email authenticity and integrity check to help limit fraud.

“When implemented, DMARC is a significant barrier to cyber-criminals who launch email fraud attacks that spoof a company’s trusted domains," Ryan Terry, product marketing manager at Proofpoint, told eWEEK. "In our experience, attackers that encounter DMARC protection ultimately move on to more vulnerable targets."

That said, Terry commented that fraudsters can also leverage other fraud tactics such as display name spoofing and lookalike domains, which are tactics that DMARC does not protect against. Proofpoint recommends a solution that includes the implementation of DMARC authentication as well as security controls to help stop the additional fraud tactics, according to Terry. 

Protecting People

Protecting people within ing people within organizations from cyber-threats requires a combination of technology and training. Kalember commented that 90 to 95 percent of advanced attacks begin with the email vector, which underscores the importance of stopping these attacks before they ever reach the inbox. 

"Advanced threat solutions and having visibility into your most attacked employees on a regular basis are essential components within a successful people-centric security strategy," he said. "That said, in addition to technology, it is critical that organizations prioritize educating their employees to spot socially engineered attacks across email, social media and the web and run phishing simulations (fake attacks that use real-world tactics) to understand who in their organization is most likely to fall victim."

What's Next

Looking forward to 2019, Kalember said he expects that 2019 will be the year where targeted individuals in organizations will take center stage in the cyber-security threat landscape. 

"We expect to see a sustained increase in the targeting of people, rather than infrastructure, as attackers continually find new ways to manipulate unsuspecting individuals into becoming unwitting accomplices," Kalember said. "2019 may also be the first year in which we don’t see a single technical vulnerability (i.e. CVE) actively exploited in targeted phishing attacks, given how few we saw in 2017 and 2018. Until organizations shift to better protect its people, cyber-criminals will continue to exploit human vulnerability for financial gain."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Resource taken from: http://www.eweek.com/security/attackers-targeting-lower-level-management-proofpoint-reports

  0 Comments
0 Comments
Continue reading

Microsoft Outlook 2010 Problem Patch

Just what is going on over in Redmond? Just weeks after issuing a Windows 10 patch of doom that started deleting users’ precious files, Microsoft ‘fixed’ Outlook 2010 with aMicrosoft patch November Patch Tuesday update that promptly borked it.

On 13 November, Microsoft released a security update, KB4461529, which fixed four security vulnerabilities. These flaws could allow remote code execution if a user opened a specially crafted Office file, it said. KB4461529 solved this problem for the .msi 64-bit version of Outlook 2010 in the worst way by simply having the program not run at all. It crashed Outlook at startup.

Microsoft advised users not to uninstall the patch. Instead, it suggested they use Outlook Web Access until the problem was resolved. In the meantime, it wrote a second patch which it sent scurrying after the first on 21 November. KB4461585 will fix the crashing problem, it said.

This wasn’t the first Outlook 2010 patch problem for Microsoft users this month. On 6 November it released updates KB2863821 and KB4461522, which fixed the program’s Japanese calendar to support new ‘eras’. These patches also caused Access to crash on startup in some cases, it warned. It removed them.

The Japanese calendar inherited the idea of eras from China in the eighth century. Eras punctuate an emperor’s reign or some other major event. You only get a new one every few years, which is how many Windows users probably wish Microsoft would schedule its software patches right about now.

Microsoft has bungled Office-related patches before. One patch last year caused text to disappear from tables in Word causing users to panic and hassle admins. It followed another patch the previous month that caused a similar problem. Microsoft eventually fixed it in October with yet another patch.

These problems follow a worrying October for Microsoft users, some of whom watched files and settings disappear before their eyes after installing Windows 10 update 1809. Microsoft was forced to pause the update while it fixed things.

Concerns over the quality of Microsoft’s patches surfaced earlier this year when Microsoft Most Valuable Professional Susan Bradley wrote an open letter to the company about the problem.

While Microsoft may seem a bit quick off the mark when issuing some patches, it’s been reluctant to ship others. In May we wrote that it refused to patch a Windows-crashing bug after a security researcher reported it, on the grounds that the exploit needed a USB key and so didn’t meet its standards.

Perhaps the biggest problem here is one of trust. Microsoft wants people to install patches promptly – especially security ones – because it helps to prevent malware infections. Bitter experience with the likes of Conficker and WannaCry has taught Redmond that simply making patches available isn’t enough though, so it likes to install Windows 10 updates by default where it can. But the more patches that it messes up, the more likely users are to push back.

Enterprise users can stop patches by changing settings in the Windows Update Server. Windows 10 Pro and Enterprise users can pause patches. Windows 10 Home users don’t have any choice at all when it comes to installing Windows updates, the company says.

The company doesn’t force Office patches, instead giving users the option to turn on automatic updates. However, the more Microsoft fumbles the ball, the more users may start turning patches off where they can. That would be bad for the security ecosystem in general.

It’s a puzzling issue for a company that is supposed to excel at producing quality software. DevOps and continuous integration practices like automated testing and gating were meant to make software quality problems like these go away. So why are they still happening with such apparent regularity in Redmond?

 

Resource taken from: https://nakedsecurity.sophos.com/2018/11/27/microsoft-patches-patch-tuesdays-outlook-2010-problem-patch/?utm_source=Naked+Security+-+Sophos+List&utm_campaign=2e4fb19cbd-Naked+Security+daily+news+email&utm_medium=email&utm_term=0_31623bb782-2e4fb19cbd-455372845

  0 Comments
0 Comments
Continue reading

Bad Guys Are Now Taking Over Email Inboxes Without Phishing Attacks

According to an alert published earlier this year by the FBI, Business Email Compromise (BEC) and Email Account Compromise (EAC) have caused $12 billion in losses sincephishing October 2013. Traditionally, social engineering and intrusion techniques have been the most common ways to gain access to business email accounts and dupe individuals to wire funds to an attacker-controlled account. These methods play out as follows:

  • Social engineering and email spoofing: Attackers will use social engineering to pose as a colleague or business partner and send fake requests for information or the transfer of funds. These emails can be quite convincing as the attacker makes a significant effort to identify an appropriate victim and register a fake domain, so that at first glance the email appears to belong to a colleague or supplier.
  • Account takeover: Here, attackers use information-stealing malware and keyloggers to gain access to and hijack a corporate email account, which they then use to make fraudulent requests to colleagues, accounting departments and suppliers. They can also alter mailbox rules so that the victim’s email messages are forwarded to the attacker, or emails sent by the attacker are deleted from the list of sent emails.

These techniques have served threat actors well for quite some time. But now we are seeing new, more expeditious methods emerge to gain access to business email accounts. Compromised credentials being offered on criminal forums, exposed through third-party compromises, or vulnerable through misconfigured backups and file sharing services, make the opportunity to profit from BEC easier than ever.

Email inboxes are also being used not just to request wire transfers, but to steal financially-sensitive information stored within these accounts or to request information from other employees. With declining barriers to entry for BEC, and more ways to monetize this type of fraud, we can expect the losses to continue to rise and perhaps even accelerate in the near term.

Here’s how these alternative methods work:

  1. Paying for access. It’s common for accounts to be shared and sold across criminal forums, and the emails of finance departments and CEO/CFOs are no exception. It’s even possible to outsource this work to online actors who will acquire company credentials for a percentage of earnings or a set fee beginning as low as $150.
  2. Getting lucky with previously compromised credentials. As I’ve discussed before, individuals will often reuse passwords across multiple accounts. In our research we’ve detected more than 33,000 finance department email addresses exposed within our own third-party data breach repository, 83 percent of which had passwords associated. With many email and password combinations of finance department email accounts already compromised, cybercriminals can get lucky.
  3. Searching across misconfigured archives and file stores. Inboxes, particularly those of finance departments and CEO/CFOs, are replete with financially-sensitive information such as contract scans, purchase orders, and payroll and tax documents. This information can be used for fraud or re-sold on forums and marketplaces.

The sad reality is that there’s no need to go to a dark web market when sensitive data is available for free on the open web. Employees and contractors sometimes turn to easy, rather than secure, ways of archiving their emails. We identified that more than 12.5 million email archive files and 50,000 emails that contained “invoice”, “payment” or “purchase order ” have been exposed due to unauthenticated or misconfigured file stores.


To learn more, visit the KnowBe4 blog: https://blog.knowbe4.com/heads-up-bad-guys-are-now-taking-over-email-inboxes-without-phishing-attacks

  0 Comments
0 Comments
Continue reading

Cyber Monday Shoppers Will Overlook Past Cybersecurity Breaches For a Good Deal

Some 62% of online shoppers are willing to shop sites vulnerable to breaches for a discount on Cyber Monday, a DomainTools report says.cybermonday

The majority of consumers will shop a site that has faced cybersecurity breaches in the past if it offers a good enough deal, according to DomainTools' Cyber Monday Consumer Survey, released Thursday. Some 62% of respondents said they would be willing to shop on a previously breached website for the sake of a good sale.

With Cyber Monday on the horizon, 70% of respondents said they are preparing to take advantage of the good deals on offer, according to a press release. Some 60% said they go directly to the brand's website to find the best deals, which means retailers must keep their cybersecurity in check. The most popular sites online customers shopped in the past six months were Amazon (90%), Walmart/Sam's Club (55%), and Target (39%), making them hotspots for both deals and cyberattacks, the report said.

The second most common method customers use to access Cyber Monday is email newsletters, said the release, which makes email a very relevant threat vector for phishing attacks targeting holiday shoppers.

When doing online shopping, 49% of shoppers agreed that they don't even think about breaches when shopping on the web, putting themselves especially vulnerable to hackers that are specifically targeting them, the release said.

However, many consumers who are aware of the risks are taking precautions when it comes to their online shopping habits. Customers reported paying closer attention to URL domains and email senders to confirm that emails are coming from a real retailer (61%), checking the email domain to make sure it matches the brand they are shopping (78%), and directly visiting a retailer's site instead of going through emails or social media (54%), according to the release.

"This year's respondents were clear that they are willing to overlook previous breaches in lieu of a Cyber Monday deal," said Corin Imai, senior security advisor at DomainTools, in the release. "As consumers continue to grow vigilant of threat vectors, retailers are being held more accountable to stay ahead of potential threats. Building intelligence around spoofed domains that may impact their brand, becomes more crucial to protecting their reputation and maintaining consumer loyalty not only on Cyber Monday, but all year round."

Resource taken from: https://www.techrepublic.com/article/cyber-monday-shoppers-will-overlook-past-cybersecurity-breaches-for-a-good-deal/

  0 Comments
0 Comments
Continue reading

What Your Cloud Vendor Doesn't Tell You about Data Loss

If you lose data in Office 365, there is no defined process or rules for recovering it. You can call their support team, but the level of help they offer depends on the scenario. In desk CBgeneral, Microsoft support doesn’t have the best reputation for getting people their data back. Their support team is tiered, so the responsiveness will also depend on how much you’re paying for a subscription.

G Suite customers can get online and phone support, but Google still tries to push as many of their customers as possible to the self-service Google Support Forums. Office 365 and Google are selling low-overhead, highly reliable cloud software. They go out of their way to ensure they will never lose your data. That means any data you lose was probably lost by you. And, as we mentioned above, neither Google nor Microsoft nor any other cloud vendor can protect you from yourself -- which makes user error a great big cost center these vendors can’t control.

If Google had to put a support rep at your disposal every time you accidentally delete a Gmail message or Google Doc, G Suite would never make any money. The same is true for any cloud solution.

That tier-based support Microsoft offers is their way of ensuring that only people who really, really want and need to find lost data actually ask for help in recovering it. Google is subtler in trying to force their customers to solve their own data-loss problems, but it too wants to avoid undue responsibility when your data goes missing.

And, lest you think we’re misreading the purpose of these data recovery policies, Salesforce flat-out tells users to perform their own backups. Google recommends you use third-party G Suite backup tools in their own security policy. Cloud vendors want you to be responsible for correcting your own data loss errors. They are explicit about that stance. This is where cloud-to-cloud backup comes in. According to Forrester, leveraging a cloud-to-cloud backup solution is the only true guarantee your critical SaaS business data is protected.

 

To learn more, contact True North Networks today!

 

Resouce taken from: https://www.backupify.com/blog/what-your-cloud-doesnt-tell-you-about-data-loss

  0 Comments
0 Comments
Continue reading

Amazon Suffers Data Breach Days Before Black Friday

Amazon has suffered a data breach just days before Black Friday – and the company was tight-lipped about whether it had notified the British data protection authorities.

Multiple Register readers forwarded us emails sent from Amazon's UK tentacle informing them that the online sales site had "inadvertently disclosed [their] name and email address due to a technical error".

The email from Amazon, which included an HTTP link to its website at the end, read:

Amazon breach

 

Amazon's UK press office acknowledged that the email was genuine, saying only: "We have fixed the issue and informed customers who may have been impacted."

The company did not answer our questions as to how many customers had been affected, whether it had informed the Information Commissioner's Office, what the cause of the breach was or how or when it had been spotted.

The ICO acknowledged our phone call seeking comment but has yet to get back to us.

Meanwhile, out in the badlands of Twitter, people from across the world were wondering whether they'd been spammed or whether the email was genuine:

Alden gives his location in his Twitter profile as Phoenix, Arizona, which is in the US. Others tweeting about it include folk in the Netherlands and what appears to be South Korea.

Resource taken from: https://www.theregister.co.uk/2018/11/21/amazon_data_breach/

  0 Comments
0 Comments
Continue reading

Has Microsoft Office 365 Beat Phishing?

Roger Grimes, KnowBe4's Data-Driven Defense Evangelist has something to say about that...Office 365 Phishing 1

"Microsoft recently announced a big update to their Microsoft Office 365 (O365) anti-phishing technical capabilities. According to Microsoft, their “miss phish catch rate” is down to near zero, beating all other O365 anti-phish competitors by orders of magnitude.

Has Microsoft Office 365 (0365) got phishing beat? Well, I wouldn’t get rid of your security awareness training just yet.

I think I have an interesting perspective. Until recently, I worked for Microsoft for over a decade and I still love the company, its people, and products. Microsoft security really is the best in the world. I’m also a long-term 0365 user for my private side work company. I’m now the data-driven defense evangelist for KnowBe4, the world’s largest security awareness training vendor.

I moved from Microsoft to KnowBe4 because I wanted to dedicate the remaining years of my computer security career to making the biggest impact in computer security possible. This isn’t hyperbole. Social engineering and phishing have been the number one way that malicious data breaches happen for over a decade.

If you want to have the biggest impact minimizing computer security risk you might as well jump into the lion’s den. And today, that means fighting social engineering and phishing.

From within Microsoft, I saw how hard Microsoft tried to stop phishing emails for its 0365 customers. Microsoft didn’t like that a majority of its large 0365 customers felt the need to purchase additional email protection. Every third-party anti-phishing purchase was a sign that Microsoft, itself, wasn’t doing enough to stop phishing.

It took years, but if you trust Microsoft’s data (and I have no reason to distrust it right now), it looks like Microsoft 0365 has some pretty solid anti-phishing results. According to their own data, phishing emails that escape detection and prevention are near zero percent. In fact, it’s hard to tell if their graphed data is saying exactly 0 percent or just above 0 percent. It’s that close, graphically.

The question some observers might have is if security awareness training is still worth the cost if Microsoft has “beat” phishing?"

 

Resource: https://blog.knowbe4.com/has-microsoft-office-365-beat-phishing

  0 Comments
0 Comments
Continue reading

Yahoo agrees to pay $50M in damages over biggest security breach in history

Yahoo has said it will pay $50 million in damages and provide free credit-monitoring services to millions of Americans and Israelis following a data breach beginning in 2013 that yahoo 092216gettyled to as many as 3 billion accounts being compromised by hackers.

The Associated Press reports that Yahoo agreed to the restitution as part of a court settlement filed Monday that still awaits the approval of a federal judge.

The case stems from the largest data breach in the history of computing, in which 3 billion Yahoo accounts representing about 200 million people were compromised by hackers, some of whom were linked to Russia by the U.S.

The breach, which occurred in 2013 and 2014 but was not disclosed until December 2016, involved the names, emails, addresses, dates of birth and phone numbers of affected customers.

Yahoo, which is now overseen by Verizon subsidiary Oath, has maintained that passwords, credit card numbers and bank account information was not among the stolen information.

In April, the Securities and Exchange Commission (SEC) fined the company $35 million for failing to properly notify customers and investors in a timely fashion about the data breach.

"Although information relating to the breach was reported to members of Yahoo’s senior management and legal department, Yahoo failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors," the SEC said at the time.

The AP reported that eligible Yahoo accountholders who suffered losses from the security breach and have documentation could ask for up to 15 hours of lost time, or $375.

The free credit monitoring service's value was pegged at about $359 for two years, though the settlement didn't disclose how much Yahoo said it would pay to provide the coverage.

A hearing over the preliminary settlement is scheduled for federal court in California on Nov. 29. 

 

Resource taken from: https://thehill.com/policy/technology/412800-yahoo-paying-50m-in-damages-in-biggest-security-breach-in-history

  0 Comments
0 Comments
Continue reading

How You Treat your Employees Will Determine the Fate of Your Company

One in five CEOs fail within their first 18 months of leading an organization, according to a study published in the Harvard Business Review. One-third of chief executives from treat your employeesFortune 500 companies don't make it past three years.

Achieving goals requires your teams’ support and commitment. If your team is not on board, this could lead to you being unsuccessful in your leadership role. Here are four of the most common pitfalls that can cast you in a negative light and “turn off” your employees thereby rendering your leadership ineffective.

1) The “Marionette” Trap - The challenge for any leader is working within pre-defined parameters, yet being able to apply your own talents to achieve results. In an age of uncertainty, many leaders are yielding to this trap of just playing it safe to preserve their position and privileges. They just follow orders. They never stand up for their team or question policies. The sad part is your employees are listening and seeing everything and are murmuring behind your back. If you have to be continuously directed, you are in fact a puppet.

I know of some boards who only hire managers that they can control. If your only concern is to impress top management you will be surely losing points with your employees. There must be a balance, yes, you want to impress those at the top, but what about your employees? In the end no one takes you seriously, neither the board you are trying to impress nor the employees you have ignored.

2) The “King Kong” Trap - Some leaders when they reach to the top immediately forget where they came from. These type of leaders possess a superiority complex and like to draw the distinction between management and staff. Great leaders don’t talk down to their employees or make them feel inferior. How can you motivate the troops when you are out of sight? Come down from the mountaintop and mix and mingle with your subordinates. Respect is a must. Show respect, not just for your employees, but all those you come in contact with, inclusive of the kitchen attendant, janitor, security guard…etc. Your in-house reputation will quickly spread.

Bill Nuti former CEO at NCR Corp - While the company’s revenues grew to $6.2 billion in 2013 from $6.0 billion in 2012, employees showed a strong dislike of their CEO, Bill Nuti. One current employee, while commenting on Glassdoor, wrote to upper management, “We carry your water every day, and you disrespect us every day, we’re just your minions. You put out surveys, obviously you pay no attention to them or things would begin changing.

3) The “Superman” Trap - They think the organization revolves around them. Some start behaving like they are the owners of the company. This trap includes making all of the decisions soloignoring feedback you don't like and taking the credit. " Try never to be the smartest person in the room. And if you are, I suggest you invite smarter people ... or find another room" ~Michael Dell. Letting your ego get ahead of you and thinking you know it all is a sure path to failure. Be generous with Reward and Recognition and "Thank Yous." Recognize publicly. Use collaborative skills to arrive at solutions. Admit what you don’t know. Showing some vulnerability allows you to strengthen relations with your team. You’ll build trust more easily.

4) The “Taskmaster” Trap - Micromanaging and breathing down someone’s neck all the time can be very disheartening. Sometimes knowing when to step back and let your employees do their work is what they need. Micromanagement suffocates, demoralizes and kills creativity. If you hired someone, it means you believe they are capable of doing the job. Then trust them to get the job done. You don’t need to be constantly monitoring their every movement. The best ideas and advancements are a result of empowering your team. Furthermore, do you brush over your teams’ successes, automatically working towards the next goal with a bland acknowledgement? Is results your only motivator? Continuously drilling employees is a sure way to lose points. If you ignore the wins of your team, you miss a vital opportunity, to not only inspire, but build a more personal connection with your team which can give your leadership personal brand a boost.

Many leaders don’t stop to celebrate their small successes. One notable exception is Richard Branson who, at the Virgin group, integrates work and play. Richard Branson on How to Make Employees Happy - “Don’t forget to celebrate achievements and have some fun while doing so.”

Most businesses put customers first while employees are just secondary. Employees are the branches of a tree that makes a company grow. They are your best ambassadors. If we treat people only as the means to an end, we will never have their loyalty. Don't just consider them as a robot on your cog-like production line. Demonstrate that you value people and they in turn, will take care of customers.

 

Resource taken from: https://www.inc.com/oscar-raymundo/richard-branson-companies-should-put-employees-first.html 

  0 Comments
0 Comments
Continue reading

True North Networks is Proud Sponsor of StartSmart: Birth Gifts with a Purpose

True North Networks is a proud supporter of #StartSmart, as part of Impact Monadnock. Monadnock United Way

startsmart

If you or your company are going to give a gift, you might as well make it a fun, brain-developing gift. The most important thing anyone can do for children (and communities can do for the future!) is invest in brain development at an early age. This gift shows that you care about the parent, the child and your community.

The following organizations have pledged to ensure more books for local kids through the purchase of StartSmart birth gifts:
• C&S Wholesale Grocers
• Cedarcrest Center for Children with Disabilities
• Clark-Mortenson Insurance
• Communicators Group
• Electronic Imaging Materials
• Filtrine Manufacturing Company
• IPG Employee Benefits
• Isis Latham, RVP, Primerica
• Keene Housing
• Monadnock Food Co-op
• Monadnock United Way
• Savings Bank of Walpole
• True North Networks

If your organization would like to join us and be added to this list, please contact im@muw.org.

StartSmart: Birth Gifts with a Purpose is supported by the Impact Monadnock Business Ambassadors, with additional support from generous sponsors.

 

For more information or to learn how to get your business involved, visit their website here: http://www.impactmonadnock.org/startsmart/

  0 Comments
0 Comments
Continue reading

Could the Photos You’re Sharing Online Be Putting Your Child at Risk?

As a parent, you’ve equipped their phones, tablets, and laptops with security software and increased safeguards on devices throughout your home. These efforts go a long way family safety cyber tipsin protecting your family’s privacy from prying eyes. Unfortunately, many parents are part of the problem when it comes down to communicating and sharing photos online of your kids.

Can you relate?

  • 30% of parents post a photo of their child to social media daily.
  • 58% of parents do not ask for permission from their children before posting images of them on social media.
  • 22% think that their child is too young to provide permission; 19% claim that it’s their own choice, not their child’s choice.

The surprising part:

  • 71% of parents who share images of their kids online agree that the images could end up in the wrong hands.
  • Parents’ biggest concerns with sharing photos online include pedophilia (49%), stalking (48%), and kidnapping (45%).
  • Other risks of sharing photos online may also be other children seeing the image and engaging in cyberbullying (31%), their child feeling embarrassed (30%), and their child feeling worried or anxious (23%).

Together, we can dilute the risks of photo sharing, agree to post smarter, and to pause a little longer. We can look out for one another’s privacy, and share in ways that keep us all safe:

Ways to help minimize photo sharing risks:

  • Pause before uploading. Ask yourself: Is there anything in this photo that could be used as an identifier? Have I inadvertently given away personal information such as a birthdate, a visible home addresses, a school uniform, financial details, or potential passwords? Is the photo I’m about to upload something I’d be okay with a stranger seeing? 
  • Review your privacy settings.  You can minimize the scope of your audience to only trusted friends and family by customizing your privacy settings within each social network.  Use the controls available to boost your family privacy.
  • Voice your sharing preferences with others. While it may be awkward, it’s okay to request friends and family to reign in or refrain from posting photos of your children online. This rule also applies to other people’s public comments about your vacation plans, new house, children’s names or birthdates, or any other content that gives away too much data. Don’t hesitate to promptly delete those comments by others and explain yourself in a private message if necessary.
  • Turn off geotagging on photos. Many social networks will tag a user’s location when that user uploads a photo. To make sure this doesn’t happen, simply turn off geotagging abilities on your phone. This precaution is particularly important when posting photos away from home.
  • Be mindful of identity theft. Identity theft is no joke. Consider using an identity theft protection solution that can help protect your identity and safeguard your personal information.

Resource taken from: https://securingtomorrow.mcafee.com/consumer/family-safety/could-the-photos-youre-sharing-online-be-putting-your-child-at-risk/

  0 Comments
0 Comments
Continue reading

Charity Scams Follow Hurricane’s Wake

As Hurricane Michael barrels its way toward Florida's Gulf Coast, scammers continue to con people who want to help those affected by past hurricanes. Case in point: The FTC and its state and local partners are charity scamgetting reports about sham charities following Hurricane Florence’s devastating impact on North and South Carolina.

In recent weeks, a slew of new websites related to Hurricane Florence have popped up. They accept donations on behalf of victims without saying who is running the sites or how the funds will be used. Some sites claim – without any clear way to verify it – that a certain percentage of donations go to certain groups, like first responders. Other sites invoke the names of well-recognized groups like the Red Cross but, again, with no easy way to confirm a relationship.

To make sure your donation counts, and to avoid fraud, follow these tips:

  • Check out the charity with the Better Business Bureau's (BBB) Wise Giving AllianceCharity NavigatorCharity Watch, or GuideStar.
  • Find out if the charity or fundraiser must be registered in your state by contacting the National Association of State Charity Officials. If they should be registered, but they're not, consider donating through another charity.
  • Don’t assume that charity messages posted on social media are legitimate. Research the organization yourself.
  • When texting to donate, confirm the number with the source before you donate. The charge will show up on your mobile phone bill, but donations are not immediate.
  • If you know the charity is legitimate and you are ready to donate, designate the disaster so you can ensure your funds are going to disaster relief, rather than a general fund that the charity could use for any of its work.

If you think you’ve donated to a sham charity, report it to the FTC at ftc.gov/complaint. Your complaints help us stop rip-off artists and scammers.

 

Resource taken from: https://www.consumer.ftc.gov/blog/2018/10/charity-scams-follow-hurricanes-wake?utm_source=govdelivery

  0 Comments
0 Comments
Continue reading

Voya pays $1 million to settle SEC charges over cybersecurity breach

Voya Financial Advisors will pay $1 million to settle Securities and Exchange Commission charges regarding a data security breach that compromised the personal information of thousands of customers.medical cyber security breaches

An SEC order says that over a period of six days in April 2016, criminals impersonating independent advisers called the firm's support line and requested new passwords. The passwords gave the intruders access to the personal information of 5,600 Voya Financial customers, the SEC alleges.

The imposters used this information to create new online customer profiles. They also obtained access to three customers' account documents.

Within hours of the first fraudulent reset request, the targeted adviser received an email notification and informed Voya. According to the SEC order, VFA took steps to respond to the intrusion but did not prevent the attackers from accessing the VFA portal through other compromised adviser logins.

The SEC claims the intruders gained access through weaknesses in VFA's cybersecurity procedures, some of which had previously been exposed in similar frauds. In two instances when the intruders called VFA's support line, they used phone numbers previously identified as being associated with fraudulent activity.

The order says VFA also failed to apply its procedures to systems used by independent contractors, who make up the largest part of VFA's workforce.

(More: How a hacker led to Finra censuring and fining a broker-dealer)

"This case is a reminder to brokers and investment advisers that cybersecurity procedures must be reasonably designed to fit their specific business models," Robert A. Cohen, chief of the SEC enforcement division's cyber unit, said in a statement. "They also must review and update the procedures regularly to respond to changes in the risks they face."

It's the SEC's first action charging violations of its "identity theft red flags rule," which requires firms to develop and implement a written program to prevent identity theft. VFA was also charged with violating the "safeguards rule" on protecting customer records and information.

A company spokesperson released a statement saying that the firm is pleased to have resolved the matter, that no personal information was downloaded from its systems and that there was no evidence of financial harm to consumers.

(More: Cybersecurity remains top RIA compliance concern)

"Voya promptly addressed and reported the incident when it occurred 2 years ago, and we notified the individuals who were involved," the spokesperson wrote. "We have also enhanced our measures so that a similar situation does not reoccur."

The firm also acknowledged that independent advisers and other third parties are increasingly targets for fraud.

"As part of our efforts, Voya continues to work with and support these partners to help protect their identify and client information," according to the statement.

(More: Trading apps expose investors to cybercriminals, report finds)

Sid Yenamandra, CEO of cybersecurity firm Entreda, expects to see more violations of the identity theft rule in the future because many firms haven't been focusing on risks from independent contractors or other third parties. Mr. Yenamandra said it is an operational challenge to enforce security rules for entities that aren't in-house.

He hopes enforcement actions like this one will get broker-dealers and RIAs to take the issue more seriously.

"When there's no police on the highway, folks are going to speed," Mr. Yenamandra said. "The minute you see an enforcement action like this, the issue becomes front and center."

 

Resource taken from: https://www.investmentnews.com/article/20180926/FREE/180929934/voya-pays-1-million-to-settle-sec-charges-over-cybersecurity-breach

  0 Comments
0 Comments
Continue reading

Worried about data breaches? Now you can freeze your credit for free

Freezing your files at the big three credit reporting agencies — Equifax, Experian and TransUnion — is one of the best ways to protect yourself from financial identity theft. Starting Sept. 21, everyone can do it —data breaches for free.

Until now, it could cost as much as $10 to freeze your file at each credit bureau, depending on your age and where you live. That same fee applied to unfreeze or “thaw” the file, if you wanted to apply for credit. And then, you had to pay again to refreeze it.

In the wake of the last year’s Equifax mega-breach of nearly 148 million personal records, Congress passed a law that requires the credit bureaus to offer this important fraud protection free of charge. Now, you can freeze and thaw and refreeze your account as many times as you want, and it won’t cost anything.

“We're very hopeful consumers will take advantage of this new legislation,” said Eva Velasquez president and CEO of the non-profit Identity Theft Resource Center. “This is one of the most proactive consumer-protection steps people can take.”

A recent national survey by NerdWallet, a financial advice website, found that only 10 percent of Americans froze their credit files after the Equifax breach.

“Even though people say they are very concerned about their financial security, they're not actually taking steps to protect themselves,” said Kimberly Palmer, NerdWallet’s personal finance expert. “Some people feel they're just too busy or it's too much effort, or it could be the cost that was holding people back.”

Seventy-five percent of the 2,005 adults responding to the NerdWallet survey said they’d be likely to freeze their credit when a breach involved their information, if doing so were free.

HOW DOES IT WORK AND WHAT WILL IT DO?

A security freeze restricts access to your credit file, to prevent anyone from opening new accounts or taking out loans in your name — even you. To apply for credit, you’ll need to thaw the account. It’s also important to know that:

  • A credit freeze does not impact current financial relationships, so it does not affect your existing credit card accounts, loans or mortgage.
  • A freeze does not hurt your credit score.

To secure your credit files, you’ll need to request a freeze at each of the three bureaus. After verifying your identity and answering some challenge questions, you’ll be issued a PIN for that account that must be used to freeze or thaw it.

Keep in mind: The credit bureau websites are designed to sell you products and services, so use these direct links:

The new law also requires a quick response to your requests:

  • Ask for a freeze online or by phone and the credit reporting agency must put the freeze in place no later than the next business day.
  • If you want to lift the freeze, that has to happen within an hour.

Equifax, Experian and TransUnion told NBC News BETTER they’ve prepared for the new law by making it easier for people to initiate a freeze or thaw.

“A freeze may not be for everyone, but we want to make the process as simple as possible,” said Rod Griffin, director or public education at Experian. “With the problem of identity theft today, it's critical that people be engaged in the process and know what's going on with their credit report.”

TransUnion is the only bureau to provide an app to control the process. Using the free myTransUnion app for both Android and iOS devices, you can instantaneously freeze or thaw your account. You can even schedule an automatic refreeze, so you don’t forget to do it.

“We want people to feel like they have control and can protect themselves, but we also want to take any friction out of this process for consumers,” said John Danaher, president of consumer interactive at TransUnion. 

NOTE: If you’ve already frozen your files, there’s nothing to do. The bureaus will simply stop charging you. If you have a Fraud Alert in place (not as robust as a freeze) that will now be extended for one year from the date it was initiated.

NEW LAW MAKES IT EASIER TO PROTECT YOUR KIDS

Most children don’t have credit files, but they can still be targeted by identity thieves who want to use that unblemished credit history for their nefarious purposes. More than 1 million children in the U.S. were ID theft victims last year, resulting in losses of $2.67 billion, according to the 2018 Child Identity Fraud Study by Javelin Strategy & Research.

Congress made it easier for parents and guardians to protect minors by taking a patchwork of state laws making the process uniform and free for everyone. You can do this online by going to the EquifaxExperian and TransUnion websites.

A FREEZE VS. A LOCK — AND WHAT ABOUT CREDIT MONITORING?

TransUnion and Equifax offer a free credit lock, which is similar in many ways to a security freeze. Consumer advocates contacted by NBC News BETTER all recommend going with the freeze, now that it’s free.

“Credit freezes are a right mandated by law and not conditional on terms set by companies the way credit locks are,” said Mike Litt with U.S. PIRG. “Your rights as a consumer are on firmer ground with credit freezes.”

If you sign up for the free credit lock at Equifax or TransUnion, your information can be used for marketing purposes. They can’t do that with a freeze, Litt said.

Don’t confuse a freeze — or even a lock — with credit monitoring which looks for potential signs of fraudulent activity.

“A security freeze is the most effective measure you can take to prevent identity theft,” said Chi Chi Wu, staff attorney for the National Consumer Law Center. “If you get credit monitoring for free, it doesn't hurt to combine it with a freeze, but credit monitoring doesn’t prevent identity theft – it simply alerts you to a problem. It doesn’t keep the horse from getting out of the barn; all it does is tell you the horse is gone.”

A FREEZE ISN'T A SILVER BULLET

A security freeze is an important fraud-fighting tool, but it doesn’t stop all forms of identity theft, just the creation of new financial accounts in your name. You’re still vulnerable to existing account fraud, where a crook steals your credit or debit card number and starts buying things. 

That’s why you need to do several other things to protect yourself:

  • Check your bank and credit card accounts at least once a week and look for any suspicious activity.
  • Set up alerts on your bank and credit card accounts to give you real-time notification of what’s happening to your accounts.
  • Get your free credit reports once a year and check for errors or anything questionable.
  • Monitor your credit score for unexplained and dramatic changes that could signal fraud.

Resource taken from: https://www.nbcnews.com/better/business/worried-about-data-breaches-now-you-can-freeze-your-credit-ncna911101 

  0 Comments
0 Comments
Continue reading

Social Engineering Tricks and Why CEO Fraud Emails Work

Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.

Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria, by essentially playing along with the scheme to fool the attacker into revealing his truesocial engineering whereabouts.

Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We’re letting them (the scammers) give us all the information about themselves,” he said.

The email scheme SecureWorks dealt with involved a fraudster impersonating a CEO in what’s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer’s bank account.

Although a business can train its employees to learn how to spot these suspicious emails, that won’t necessarily stop the attack, especially since it’s easy for anyone to continually bombard a victim with emails, SecureWork said.

Instead, a business’ IT security staff can actually fight back and disrupt the scammer’s operations. They can do this, by first replying to an email scam and pretending to act like a gullible victim. 

This was how SecureWorks managed to eventually identify an email scammer from Nigeria that targeted a U.S. technology company back in November. SecureWorks was brought in to investigate and decided to fool the fraudster into thinking his scheme had worked.  

The scammer had tried to trick the U.S. technology firm into wiring funds to a bank account by impersonating its CEO. SecureWorks pretended to comply, which caused the scammer to turn greedy.

Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.

Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria, by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts.

Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We’re letting them (the scammers) give us all the information about themselves,” he said.

The email scheme SecureWorks dealt with involved a fraudster impersonating a CEO in what’s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer’s bank account.

Although a business can train its employees to learn how to spot these suspicious emails, that won’t necessarily stop the attack, especially since it’s easy for anyone to continually bombard a victim with emails, SecureWork said.

Instead, a business’ IT security staff can actually fight back and disrupt the scammer’s operations. They can do this, by first replying to an email scam and pretending to act like a gullible victim. 

This was how SecureWorks managed to eventually identify an email scammer from Nigeria that targeted a U.S. technology company back in November. SecureWorks was brought in to investigate and decided to fool the fraudster into thinking his scheme had worked.  

The scammer had tried to trick the U.S. technology firm into wiring funds to a bank account by impersonating its CEO. SecureWorks pretended to comply, which caused the scammer to turn greedy.

  0 Comments
0 Comments
Continue reading

Scam Of The Week: "The Boss Needs iTunes Gift Cards for Customers...NOW"

If you ever wondered if those iTunes gift card phishes really work, see the below email exchange.maxresdefault Yep, that overzealous employee actually drove around town from store to store picking up iTunes gift cards for the bad guys because there was a limit on the number of cards that could be bought at any one store at one time. All told, poor Emily bought TWENTY $100.00 iTunes gift cards for these criminals. Still worse, she put them ON HER OWN PERSONAL CREDIT CARD! Wonder if her company will reimburse her? Kinda feel sorry for her. Sometimes it helps to get security awareness training from your organization. Emily was not trained. Don't be Emily. :-) Here is the email exchange in chronological order. Note the time stamps are the originals and from different time zones. Names are changed to protect the innocent. John Carpenter is the C-level executive of "distracted . com" and was spoofed by the bad guys. We even have pictures of the gift cards. Blow-by-blow at the blog: https://blog.knowbe4.com/scam-of-the-week-the-boss-needs-itunes-gift-cards-for-customers...-now

 

Resource taken from: https://blog.knowbe4.com/cyberheistnews-vol-8-37-scam-of-the-week-the-boss-needs-itunes-gift-cards-for-customers...now

  0 Comments
0 Comments
Continue reading

Denver printing company blames closure on ‘recent Ransomware attack’

A 5-year-old Denver printing company that was purchased in summer 2017 has shut down and blames a ransomware attack for its closing.9 14 2018 11 28 25 AM

Colorado Timberline, which operated at 11351 E. 45th Ave. in northeast Denver, sent an announcement to customers and suppliers Wednesday, saying it was immediately ceasing operations.

“We have recently been plagued by several IT events, unfortunately we were unable to overcome the most recent Ransomware attack and as a result this unfortunate and difficult decision was made,” the company said on its website. “We greatly appreciate the support and loyalty from each of you over the years.”

Calls and emails to the company were not returned. The doors were locked at the company’s site, with its closure announcement printed out in English and Spanish on its doors.

The LinkedIn page for Colorado Timberline said it was founded in 2013, and shows 55 employees. Outside the company’s shuttered facility on Wednesday, however, a woman who identified herself as an employee said more than 100 employees worked for the company.

In summer 2017, Timberline Colorado was acquired by Chicago-based Frontenac and Connecticut-based Charter Oak Equity, according to a press release. Neither firm returned requests for comment.

Timberline Colorado’s printing projects included large format printing, laser etching and vinyl printing. The company was able to print graphics and designs on apparel, large exhibition banners and home goods such as glassware, according to the company’s website.

Owner Dan Greene left the company in May, according to an auto response from his company email account.

 

Resource taken from: https://businessden.com/2018/09/13/denver-printing-company-blames-closure-on-recent-ransomware-attack/ 

  0 Comments
0 Comments
Continue reading

Could the Photos You’re Sharing Online Be Putting Your Child at Risk?

Confession time. I’m a mom that is part of the problem. The problem of posting photos of my kids online without asking for their permission and knowing deep down that I’m so excited about sharing, I’m not paying much attention at all to the risks.

  • sharing photos risks

Why do I do it? Because I’m madly in love with my two wee ones (who aren’t so wee anymore). Because I’m a proud parent who wants to celebrate their milestones in a way that feels meaningful in our digital world. And, if I’m honest, I think posting pictures of my kids publically helps fill up their love tank and remind them they are cherished and that they matter. . . even if the way I’m communicating happens to be very public.

Am I that different than most parents? According to a recent McAfee survey, I’m in the majority.

Theoretically, I represent one of the 1,000 interviewed for McAfee’s recent Age of Consent survey* that rendered some interesting results.

Can you relate?

  • 30% of parents post a photo of their child to social media daily.
  • 58% of parents do not ask for permission from their children before posting images of them on social media.
  • 22% think that their child is too young to provide permission; 19% claim that it’s their own choice, not their child’s choice.

The surprising part:

  • 71% of parents who share images of their kids online agree that the images could end up in the wrong hands.
  • Parents’ biggest concerns with sharing photos online include pedophilia (49%), stalking (48%), and kidnapping (45%).
  • Other risks of sharing photos online may also be other children seeing the image and engaging in cyberbullying (31%), their child feeling embarrassed (30%), and their child feeling worried or anxious (23%).

If this mere sampling of 1,000 parents (myself included) represents the sharing attitudes of even a fraction of the people who use Facebook (estimated to be one billionglobally), then rethinking the way in which we sharephotos isn’t a bad idea.

We know that asking parents, grandparents, friends, and kids themselves to stop uploading photos altogether would be about as practical as asking the entire state of Texas to line up and do the hokey pokey. It’s not going to happen, nor does it have to.

But we can dilute the risks of photo sharing. Together, we can agree to post smarter, to pause a little longer. We can look out for one another’s privacy, and share in ways that keep us all safe.

Ways to help minimize photo sharing risks:

  • Pause before uploading. That photo of your child is awesome but have you stopped to analyze it? Ask yourself: Is there anything in this photo that could be used as an identifier? Have I inadvertently given away personal information such as a birthdate, a visible home addresses, a school uniform, financial details, or potential passwords? Is the photo I’m about to upload something I’d be okay with a stranger seeing? https://securingtomorrow.mcafee.com/wp-content/uploads/2018/09/shutterstock_1043328181-300x200.jpg 300w, https://securingtomorrow.mcafee.com/wp-content/uploads/2018/09/shutterstock_1043328181-768x512.jpg 768w, https://securingtomorrow.mcafee.com/wp-content/uploads/2018/09/shutterstock_1043328181-750x500.jpg 750w" sizes="(max-width: 332px) 100vw, 332px" style="box-sizing: border-box; border: 0px; vertical-align: baseline; margin: 0px 0px 0px 1.5em; padding: 0px; font: inherit; max-width: 100%; height: auto !important; display: inline; float: right;">
  • Review your privacy settings. It’s easy to forget that when we upload a photo, we lose complete control over who will see, modify, and share that photo again (anywhere they choose and in any way they choose). You can minimize the scope of your audience to only trusted friends and family by customizing your privacy settings within each social network.  Platforms like Facebook and Instagram have privacy settings that allow you to share posts (and account access) with select people. Use the controls available to boost your family privacy.
  • Voice your sharing preferences with others. While it may be awkward, it’s okay (even admirable) to request friends and family to reign in or refrain from posting photos of your children online. This rule also applies to other people’s public comments about your vacation plans, new house, children’s names or birthdates, or any other content that gives away too much data. Don’t hesitate to promptly delete those comments by others and explain yourself in a private message if necessary.
  • Turn off geotagging on photos. Did you know that the photo you upload has metadata assigned to it that can tell others your exact location? That’s right. Many social networks will tag a user’s location when that user uploads a photo. To make sure this doesn’t happen, simply turn off geotagging abilities on your phone. This precaution is particularly important when posting photos away from home.
  • Be mindful of identity theft. Identity theft is no joke. Photos can reveal a lot about your lifestyle, your habits, and they can unintentionally give away your data. Consider using an identity theft protection solution like McAfee Identity Theft Protection that can help protect your identity and safeguard your personal information.

Resource taken from: https://securingtomorrow.mcafee.com/consumer/family-safety/could-the-photos-youre-sharing-online-be-putting-your-child-at-risk/ 

  0 Comments
0 Comments
Continue reading

Let's Talk About Cyberbullying

Last week, the FTC joined several other agencies and the First Lady for an important conversation about cyberbullying.

Cyberbullying is a tough subject for both parents and educators. That’s why most of our materials are built around having conversations, in small doses, and in your own language.Cyber bullying 01

Here are some easy ways to start these conversations:

  • Watch this video with your kids and then talk about it. Ask if they have ever seen cyberbullying happen – and talk about what to do to prevent cyberbullying.
  • Talk with them about how to intervene when they see someone else getting bullied.
  • Ask your kids what sites or apps they use – and check out the comments on them. Cyberbullying often involves mean-spirited comments. Periodically check back on these sites and apps to look for signs of cyberbullying.

Looking for more resources? Check out stopbullying.gov, a site from the Department of Health and Human Services that offers detailed information on how to confront cyberbullying.

Resource: https://www.consumer.ftc.gov/blog/2018/08/lets-talk-about-cyberbullying

  0 Comments
0 Comments
Continue reading
TOP