Category Archives: Cyber

What your kids & parents need to learn about cyber security

10 tips to help keep you & your parents safe online

Parents are often out of sync with the latest technology developments, and rarely, if ever, go beyond a simple antivirus. But cyber security is a very dynamic field, so staying updated with the newest threats is always important.

So here are the most important tips that we have in order for you to help keep your parents safe.

Our parents have poor basic security habits

1. They think they have nothing worth the cybercrooks’ interest.

No? Really? What about any work documents? No contracts attached to past emails? Any information they wouldn’t want to be public? No credit cards pins saved in text drafts on desktop? No online shopping on websites that stored credit card details?

How you can help:

Open their eyes. Compile together a list of all their online information assets. Take every account they have: emails (both work and personal), social network profiles, financial accounts, etc.

List everything they have on those accounts, from work documents, photos, personal messages or sensitive information, such as credit cards PINs, passwords or social security number.

Ask them to imagine how much it would cost if they lost that information, was deleted, stolen or leaked online. According to this, have them note how valuable each piece of information is.
You can also have them follow our free, action-ready security plan.

2. They have bad passwords habits.

They set passwords that are easy to guess – it’s usually their kids’ names, birth dates or pets names. Most likely, this kind of information can be found on social networks, such as Facebook profiles, where they are willingly sharing it. This makes cyber criminals’ jobs easier: they only need to glance over the social accounts profiles to find out possible passwords combinations or answers to security questions.

They use the same password everywhere. They don’t take their time to create different passwords for each and every account, they only recycle the same password. And they don’t even think about changing it every few months.

They write their passwords and PIN codes on a paper that they keep in their office desk or in a mail draft. Or worse, in their wallet, next to their credit / debit cards.
They use some of the worst passwords.

How you can help:

Discuss together the importance of passwords, about why and how much they matter. Only a few people really comprehend how easy it is for cyber attackers to crack a password.

An 8 letter random password means 200 billion passwords combinations. How long would it take to break that password? We’ll let you do the math.

Also let them understand why it’s important to have unique passwords for each and every account. Just like they don’t use the same keys for their car and house and bank safe deposit, they shouldn’t be using the same password everywhere. If one of them is breached, then the attacker will have access to all other accounts. And it doesn’t necessarily have to be your parents fault for a password to be leaked, the employees of the companies that manage those accounts can be equally responsible.

Let them know that a good password needs to be at least 14 characters long, random, use non dictionary words, mix uppercase with lowercase, digits and punctuation.

You can also forward them our password security guide 101

3. They don’t understand what two-factor authentication is or why it’s so important to set it up everywhere possible.

What’s even worse, chances are they haven’t even heard about it until your bring it up.

How you can help:

Ideally, two-factor authentication would be a default setting for all major accounts. But until that happens, you’ll just have to help them set it up wherever it’s currently available.

Let them know how easy it is to use it: they just have to log into the account with their usual password, then they’ll receive a text message on their phone with a unique code, they’ll have to put code in and that’s it – safe login!

Start with setting it up for their banking accounts, put in place a second verification for online payments. Move on to the email accounts, as most likely those are the central piece of their online activity and they are linked to all other accounts. Social networks shouldn’t be neglected either – Facebook, LinkedIn, Instagram, Twitter, they all offer the possibility to activate 2FA.

Help them understand how interconnected our online accounts are. If a cyber attacker manages to breach into one of them, then all accounts will be compromised. You can also send them our complete guide to what two-factor authentication is and why they should use it.

4. They leave their mobile phones and computers unattended and with no security barrier set in place.

This way, they could be easily accessed by someone with bad intentions. It could be a thief that stole their mobile phone and thus gained access to other sensitive data. Or, even more likely, a vengeful work colleague that installs a keylogger or Trojan horse on their PC, to spy on them.

How you can help:

Teach them how to set up their phone to lock after a short time, if it’s been idle, and how to set it to require authenticating in order to unlock. If available, use something stronger than a four digit PIN (that’s the easiest one to breach).

Our parents can easily fall for scams & social engineering

5. They can’t identify cyber threats delivered via email.

They fall for all the contests and lotteries that announced them they’ve won. They will click on any email they receive, without second thinking that they might not be from who they think they are.

They are willing to cooperate and give away their personal data. What’s even worse, they’ll click on links or download attachments without giving it any extra thought.

How you can help:

Encourage them to second guess any email they receive before opening it, replying or clicking on any link or attachment. Let them know that just because an email says it comes from the bank or the IRS and uses the company’s logo, it doesn’t mean it really was sent by their representative.

If they still aren’t sure of its authenticity, ask them to forward the email and have you check it.

6. They don’t understand how social media platforms work or what their impact is.

They don’t know how to set up their privacy settings on social networks. They aren’t aware of the possible consequences that might arise from this.

They freely allow any third-apps to connect and access their online accounts, without giving any second thoughts to it.

Most of their friends also lack technical knowledge, so the odds are that one of them will get infected with a Facebook worm and further infect his / her network. They aren’t aware that they shouldn’t click on short links, links that they don’t know where they lead, not even when those links were sent by their friends.

How you can help:

This kind of scams rely on shocking news, use celebrities names or even emotional extortion.
Ask them to be patient and don’t rush into clicking on any links or opening attachments. Before doing any action they should ask their friends what those links are about.

We also recently published an extended guide on social scams, you can forward it to them.

 

7. They share too much information.

They post on social networks photos of their homes, photos from their vacations, so the criminals know how their places look like and when they are gone. They also post tons of photos of babies and children – nephews, cousins, and so on. They aren’t aware that the net is dark and full of terrors – including groups where pedophiles are sharing photos like the ones posted by them + digging for any kind of information on how to locate the kids.

Other potential risks:

Stories of oversharing gone wrong have been rampant in the news, with one of the most extreme examples including a phenomenon called ‘digital kidnapping’ reported on earlier this year.

Parents were shocked to learn that strangers were ‘stealing’ their kids’ online photos and re-sharing them as if the children were their own.

In other cases, children’s photos have become the target of cruel jokes and cyber bullying. Among the most notorious cases in recent years was that of a Facebook group that made fun of ‘ugly’ babies.

How you can help:

Ask them to be more aware of what they share online. While it could be tempting to do what everyone else is doing, as a way to fit in the new modern world, they should also be aware of the dangers of oversharing.

Go together through the privacy settings for each social network account and adjust them to their needs. Have them turn off their location settings – they wouldn’t want others to know where they live, right?

8. They can be easily manipulated by online media.

They think that just because it’s on the internet, then it must be true. They are willing to believe in conspiracies and fake news. They don’t know how to discern between what’s true and what’s exaggerated because of a commercial purpose.

How you can help:

Ask them to always be vigilant. Have them check from three trustworthy sources (legitimate websites) before they believe anything they read. If unsure, ask them to email you so you can help them out.

Our parents don’t realize how vulnerable software & hardware really are

 

9. They place too much trust in an antivirus product.

They believe that just because they installed it and are paying for it, then it will save them from any potential cyber threat.

They believe that their Apple device can’t be hacked. Actually, that’s not true. In 2015, MAC and iPhone OS made it to the top of software with most vulnerabilities. And since we brought up this subject, Linux users aren’t safer than Windows ones.

Take a look over 2015’s list of most vulnerable software:

How you can help:

Help them realize that it’s not enough to have an antivirus (or only use iOS / Linux) and it won’t protect them from all evils that exist out there.

Help them install security software they can trust, such as a traffic-filtering solutions (that sanitize Internet traffic) and automatic software patching solutions that keep their apps up to date.

10. Parents rarelyunderstand the interconnectedness in software and / or hardware.

They have no idea how sophisticated and frequent cyber attacks are. They don’t realize how easy it is to get malware. You don’t even have to click on anything or enter a suspicious website in order to compromise your computer – all it takes is an infected banner on a perfectly legit website.

How you can help:

Let them know that even legit websites can be compromised. Explain how plenty of attacks can happen without their action – they don’t need to click or download anything for their PC to get infected with malware or Trojans. Malicious codes injected in ads will search for vulnerabilities in their system and exploit them.

Just 8 software apps make 99% of computers around the world vulnerable to cyber attacks, so make sure that your parents keep their software updated and patched all the time.

This includes: browsers, browsers plugins and add-ons (Flash, Java) or any other kind of desktop apps (Adobe Reader, VLC player). Go to the software settings and change them all on Auto-Update.

To avoid  the pain of manually updating apps and software, we recommend you use our very own Heimdal FREE, which will automatically update the software for you!

Internet Safety for Kids in 10 Steps

Online protection for children is hard to deliver in just one lesson, but we can present the most important steps a parent can take to keep a child protected from online dangers.

It’s difficult to predict what a cybercriminal can obtain from a child. It could be sensitive financial details from his parents, such as credit card information or online bank account credentials, but there could also be another, more dangerous aspect, the possibility of meeting an online sexual predator.

To help protect you from these dangers, here are 10 actionable tips will improve the Internet safety for your kids and bring you peace of mind.

1. Make sure to always have access to your child’s computer.

It doesn’t mean that you need to verify every day what happens on the computer. But once in a few weeks, you can take a look on what websites have been accessed or what kind of content has been downloaded on the system. If you have the possibility, monitor the chat rooms, the IM applications and the received emails.

We need to emphasize that online sex-offenders usually meet their victims by accessing chat rooms. And as soon as the communication has been established, the relationship usually continues by a long time exchange of e-mails.

In the unfortunate case that you discover your child could be the latest target or victim of a sexual offender, there are two actions you can take. First, talk to your child and clarify the situation.

Second, if you discover actual proof of more than sexual innuendo taking place in their conversations, then you really need to do something about it and contact the local authorities.

2. Teach your children about online dangers.

Learning is not a destination, it is a process. In a changing environment we need to establish fast the limits of our liberty to access unfiltered content and the potential dangerous phishing attempts that could pose a threat to our families.

And this is actually the best step you should follow. Teach yourself about malicious software and evil hackers before you develop any action on the Internet or access the online bank account.

The following questions could prove useful for you and your family:

  • How much do we know about safe browsing?
  • Do we know how to secure an online email account?
  • How do we stay safe on Facebook?
  • What security myths should we begin to forget?
  • What security blogs should we access to improve our learning?
  • How do we stay safe from online scams?
  • How do I know my computer is infected?
  • How do we maximize our financial data protection?

These are just a few topics you and your family should address. To find answers to the questions above, simply access the corresponding links.

3. Let them teach you. Or simply listen to them.

Staying online is a risky business and we cannot really predict where a discussion or comment will take us or what type of people we may encounter on a social media platform.

You may check their computers, their smartphones or any other devices they might use to connect to the world wide web. You can find out who they know and whom they listen to.
But how much do we actually know about our children?

In just a few words…not very much, because there will always be ways and methods to evade our attention. So, this time you need to listen and let them teach you about the social media platforms they use or the latest viral on Youtube.

Really now, this is by far the easiest way to obtain information on their online habits, then losing time on spying their computers and trying to understand their browsing history.

So, just listen to them. Pretend that you don’t know too much about this Internet thing and let them start talking. There’s nothing more exciting for children than pretending to be teachers for a little time. Not to mention the trust they gain in themselves and finally, in You.

4. Online actions have real consequences.

It is difficult to understand for a child that Internet is a dangerous location. How could anyone explain a child what a sexual offender is when they didn’t even start their sexual education?

Should we solve this quickly by teaching them to avoid talking to strangers or maybe we can help children improve their intuition on security risks?

Various choices and decisions can be made to increase our family’s security strategy, but we need to establish what is it that we are afraid of. The limits that we impose may increase our online security strategy, but at the same time, we risk to block the natural development process that drives our children forward.

How much do we tolerate and what can we actually control is a different topic that we need to answer, before we can create a security framework for our family.

For the moment, children need to acknowledge that online actions lead to real consequences. Not paying attention to what we choose to access may lead to serious malware infections. Using the parents’ credit cards on any website may

lead to losing money. And if we are here, we need to say it: Cyberbullying should not be accepted by any parent.

5. Install a good antivirus product on the computer.

Are your children using a separate computer from you? Are you using the same computer? It doesn’t really matter. Security is security and each computer should be protected from online threats and malicious software.

Since children are naturally attracted by new things and have less experience, they follow easily dangerous links and untrusty websites. Not to mention the tendency to download and install video games from unknown web locations, a content which could easily infect the entire operating system.

Therefore, you need to have a good antivirus product from a reliable company and this solution must include a real-time scanning engine, a firewall and automatic update.

To help you determine what is the best solution for you and your family, you could access the test results provided by companies in the online industry, like AV Comparatives, PC Magazine, AV-TEST or Virus Bulletin.

6. Use parental control software to monitor your child’s online behavior.

Software companies have already considered the possible issues that could appear from kids’ unrestricted access to online content. For this reason, we find many parental control solutions that address and try to limit this problem.

Should you use such a software or not? How much do you trust your child’s intuition? And how likely is that your child will involve in unsafe activities that could compromise the operating system or your financial situation?

Since parental control solutions are in use by quite some years now, you may find useful having a software that acts like an online guardian. These solutions can help monitor the Internet usage, keep track of visited websites,

control the Internet connection time, block malicious or porn websites, block games and report any unusual online activities.

This website can help you choose a free parental control software for your family.

7. Keep your child’s software up-to-date.

Make sure the Windows operating system used by your child has all the latest security patches installed. These updates are important because they contain stability and security fixes that shield the system against cyber-criminals attempts.

It has been proven that hackers usually gain access to operating systems by using security holes in software, like Adobe Flash, Java or popular browsers like Internet Explorer, Mozilla Firefox and Google Chrome.

That’s why you need to check the PC used by your children and make sure they have the necessary security patches.

But updating your software one by one can be very tedious and boring, so we recommend you use a specialized software to do that, such as our very own Heimdal FREE.

8. Don’t let them go online without anti-spyware protection.

Spyware is a software program that monitors your private Internet connections. But, as everybody knows there are many signs of alarm that could indicate such an infection on the system.

So, if you hear your child complaining about slow-down issues, pop-ups all over the screen, new toolbars, a different default engine or random error messages, this could mean a spyware issue that you need to address.

To stay safe from such a problem, talk to your child and teach him a few basic things to keep things clear:

  • don’t click suspicious links or pop-up windows
  • don’t answer to unexpected questions
  • don’t involve in chat sessions with strangers
  • be careful to drive-by downloads in free applications

Even better, use popular anti-spyware products available online, like Malwarebytes or Spybot Search and Destroy.

9. Secure your Home Wireless network.

The home Wi-Fi network is usually accessed only by members of the same household, but that doesn’t mean that dangers don’t exist and additional steps should not be followed to increase the home network security level.

Access our dedicated article to home network protection and follow a few simple, but vital steps like imposing a password for the network and another one for the network administrator, or using a good firewall to block hackers from accessing the network computers.

It is important to protect the home network and the computers that are part of it, because a security breach on one computer could compromise the entire network. And this is something parents should be aware of.

10. Pay attention to Wi-Fi networks outside your home.

Your children may be safe at home, but with so many Wi-Fi public networks they connect to, how can we be sure they will remain safe?

The free public Wi-Fi networks are everybody’s favorite places to stay up-to-date and check their social media accounts. And it’s not just children, we all do it.

We go everywhere and enjoy a coffee at Starbucks, without even thinking about the online dangers or hackers that could wait for our connection to start. Even if we can’t be anywhere, there are still a few things we can do to greatly improve their online security.

First, make sure the laptop they use has some sort of protection, like anti-spyware or antivirus protection and an update solution to keep the software sealed against exploits and security breaches.

Second and more important, information is the secret for your kids’ online safety, no matter where they are, so read this article or better yet, have them read it.

Conclusion

There are some aspects of cybersecurity that our parents and kids can’t do by themselves, and that’s why we recommend you do it for them.

Good News: Android’s Huge Security Problem Is Getting Less Huge

This article is from Wired:
URL:https://www.wired.com/2017/03/good-news-androids-huge-security-problem-getting-less-huge/

Good News: Android’s Huge Security Problem Is Getting Less Huge

Author: Andy Greenberg. Andy Greenberg Security

Wanna Get Away – Generals Password

This article is from infosecblog:
infosecblog.org

Wanna Get Away – Generals Password – Roger’s Information Security Blog

I see this was posted 3 months ago to Youtube, but its new to me.

This being blogging, lets over-analyze.

The General’s password is ihatemyjob1.

Not a bad password.  Using a passphrase is easy to remember.  Easy to type.
No doubt he should have capitalized the “I”.  Most systems can handle spaces, which would add some length.  Putting in a “@” in for a and a “0” in for o would add some complexity.  If the password file is compromised, this wouldn’t be enough to prevent breaking the hash.  But its good for a day-to-day logon.  For accounts where a password safe can be used to ease login, random would be better.  But that doesn’t work for every account.

The General’s password is echoed to the screen.   Typical security controls require that your password not be displayed on the screen.  It should be replaced by asterisks.  The General would also have been better entering it himself and not telling a subordinate the password.  He could have turned off the output of the computer to the big screen temporarily to prevent the room from seeing the password.

In pressure situations, its easy to take actions that compromise our security.  This is the type of feeling that phishers, and fraudsters often try to create so you just act and not thinking about if what you are doing makes sense.

Yes, it’s just a funny commercial.  But it can also be used as a teachable moment.  Hopefully without sucking all the fun out of the commercial