What an awesome presentation I went to at da-com the other day. The speaker was SA Timothy Reboulet of the SS Taskforce for Critical Systems Protection.
Having our own servers, I often worried about some of the questions he answered for the group – especially if they could actually catch and prosecute in other countries.
The Secret Service has agreements with most countries to prosecute and if not, the bad guys are watched and arrested when they leave those countries.
Everyone should know these simple things you can do to protect your privacy so you’re not spending years trying to repair your credit, gain back control over your life and/or retrieve lost information. If you’re informed, you can (as he put it) be in a fender bender instead of being T-boned.
What the hackers are after:
PII – Personally Identifiable Info – 2% (customer records)
Payment card data – 85%
Sensitive company data – 8%
Trade Secrets – 2%
Authentication credentials- 2% (your PIN)
The weak point in using your credit card in any place of business:
From POS (Point Of Sale) swipe to in-house servers, your data is most likely unencrypted.
Use cash or a credit card that gives you limited liability – never a debit card because they can quickly drain your bank account.
The only place a debit card should be used is at an ATM and you should cover your hand with your other hand when typing in your PIN to prevent spy cameras from catching it.
Clicking on ANY embedded link – even on Facebook or in your email, and you risk
1) your computer being taken over and held for ransom (never pay this!)
2) getting a trojan which you may not even know about right away – it may be set to wake up on a certain date to attack your or other computers or send out emails, etc.
3) getting a virus that can literally read through your computer, deleting everything in it’s path
Intrusion Detection:
By Regulatory Agencies – 60%, average of 156.5 days
By Self – 20% – 28 days
By Public – 13% – 87.5 days
By Law Enforcement – 7% – 51.5 days
Tim as not a big fan of paying companies to alert you of fraud when all you have to do is check your credit report regularly – you’ll find out faster than they will notify you.
The new chip and pin credit cards (instead of magnet strips) have stopped credit card fraud in Europe by 85%. This link will tell you what you need to know about it. It’s very interesting that it would cost credit card companies more to upgrade their payment terminals than to protect their customers, so they’re not implementing it until consumers demand it.
The targets that would be attacked to cause a disruption (ex.: terrorism)
Critical systems
Energy systems
Illumination systems
HVAC systems
Security and Observation
Access Control
IT Systems
Safety Systems
Telecommunications
Internal transportation
Audio & visual systems
Control systems
Amazingly, the Target attack was actually achieved through their HVAC system, which was connected to their business servers.
I believe I heard that neither Target nor Shnucks was PCI compliant, which is a very expensive certification for intrusion protection from theft, but Tim says PCI compliance is not enough for high target systems that store massive amounts of credit card info.
A question was asked why Apple is better when it comes to being targeted with viruses with the response that Apple’s security is no better than Windows, they are just a smaller percentage of the market and the hackers go for the quickest, easiest target. That’s why any anti-virus protection is better than none. Make sure it’s up to date.
A router inside of your network that has all ports blocked except for the internet will stop most intrusion attempts Blocking all IP’s outside of the U.S. will also help (ask us for more details).
More tips –
1) We, here at CS Inc., use and resell Vipre Internet Security by GFI because it not only has anti-virus protection, but has an option to alert you if you go to a web site that is trying to access your computer.
2) I open all my email in a free text based email program (Mailwasher) before opening it in Outlook. Hackers can install viruses to run when opening images, so I check to see if it’s a valid email that I want before receiving into Outlook. Don’t use the reading pane as it opens up the email (and possible problems) before you can judge if you want it or not.
3) Don’t use open Wi-Fi connections – if you don’t have to ask for a code to connect, neither do the hackers and they can get into your computer so fast it can make your head spin!
4) Keep your system up to date with updates, especially Windows updates because once the fix is out, that in itself notifies the bad guys that there is a hole to attack.
5) Be careful when updating – look at the URL. If it’s not the domain name of the company that owns the software you’re updating, that’s your sign!
6) Backing up your computer does not mean you can restore anything except the data you backed up, not the operating system or programs themselves, so it may take hours and be very costly to recover from a hack. First you have to clean the disk, then reinstall the operating system, then reinstall all your programs, then apply all the backups and if they’re incremental, this can take a LOT of time.
We recommend doing a disk copy – which, if done correctly on a backup disk drive, can take you only a few minutes to recover and is very inexpensive (ask us).
_____________________________________________________________
What Dawn is passionate about and speaks on:
– How to Run Your SMB like a Large Corporation
– TIP – the Time Invested Principal
– Why Your Website is Not Working!
(Is it just a poster or is it a big, bright LED sign on the highway?)
FEATURED POSTS:
– Tracking and Analysis – the Difference Between SUCCESS and FAILURE
– You Need a TECHNOLOGY PARTNER you can TRUST!
– 99% of ALL Websites Make These 3 MISTAKES
– Are YOU One of the 80% That Will Fail?
– Afraid to Jump? Entrepreneurship Takes a Team!
– Two Easy Ways to Exponentially Increase Profits
– Are you Failing at MLM? There is HELP!
– All Social Media is NOT Created Equal!
– Take your Hobby to a Business
– The Big Secret (to Success) is not a Secret at all!
– Gain 50% More Revenue – Update your Database
– Do It Yourself “Touch” Marketing for Entrepreneurs
– 5 Basic Internet Marketing Ideas for Entrepreneurs
– 10 New Tools for your Internet Marketing Arsenal
– SEO vs PPC – What every Entrepreneur should know!
– The Perfect Web Site – Does it Exist?
– The Decision Dilemma of Entrepreneurs
– Security Tips from the Secret Service
– Google and Facebook are the Bait – YOU are the product!