- Protect against viruses, spyware, and other malicious code
Make sure each of your business’s computers are equipped with antivirus software and antispyware and update regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.
- Secure your networks
Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
- Establish security practices and policies to protect sensitive information
Establish policies on how employees should handle and protect personally identifiable information and other sensitive data. Clearly outline the consequences of violating your business’s cybersecurity policies.
- Educate employees about cyberthreats and hold them accountable
Educate your employees about online threats and how to protect your business’s data, including safe use of social networking sites. Depending on the nature of your business, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be informed about how to post online in a way that does not reveal any trade secrets to the public or competing businesses. Hold employees accountable to the business’s Internet security policies and procedures.
- Require employees to use strong passwords and to change them often
Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
- Employ best practices on payment cards
Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.
Are you ready for the shift from magnetic-strip payment cards to safer, more secure chip card technology, also known as “EMV”? October 1st is the deadline set by major U.S. credit card issuers to be in compliance.
- Make backup copies of important business data and information
Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud.
- Control physical access to computers and network components
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
- Create a mobile device action plan
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network.. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
- Protect all pages on your public-facing websites, not just the checkout and sign-up pages
The costs of student loans and fees can be overwhelming. You might see online ads that promise to help lower your payments or get your loans forgiven. But be wary of companies that make those promises, and never pay an upfront fee. Today, the FTC announced it had filed charges against Strategic Student Solutions, Student Relief Center, and related companies for lying to consumers about providing student loan debt relief and charging illegal upfront fees.
According to the FTC’s complaint, Strategic Student Solutions promised consumers loan forgiveness or payment reduction and credit repair services, but they didn’t deliver. They told consumers that their monthly fees would be put toward their student loans. They also charged consumers illegal upfront fees of up to $1,200.
Consumers found out later that they had not been enrolled in forgiveness or repayment programs, that none of their payments had been put towards their student loans, and their credit had not been repaired. In fact, consumers often ended up farther behind on their payments than when they first signed up for the companies’ services.
If you have paid money to Strategic Student Solutions or Student Relief Center, contact your loan servicer immediately. Depending on the type of loans you have, you may want to discuss a repayment plan or other options for your situation.
Remember, you do not have to pay for help with your student loans. Never pay an upfront fee for the promise of debt relief. Learn how to spot a debt relief scheme.
To report a student loan debt relief scam, file a complaint with:
· the FTC at ftc.gov/complaint
· the CFPB at consumerfinance.gov/complaint
Do you have a Google account?
Did you know that you can check a recent activity log for your account?
It will show you from what browsers and devices you’ve accessed it, when and from what IP. If there’s something that you don’t recognize there or an old session from a friend’s computer, you can choose to terminate it.
Same option is available for many other online accounts, such as Facebook, Yahoo or Dropbox. Access it to monitor where your accounts have been used and end any sessions that you don’t recognize.
If you also activate two-factor authentication, your accounts will be more secure against intruders.
In the past, we’ve told you about a group of Jamaican scammers who called people in the US with phony prize, sweepstakes and lottery offers. Just last week, the US Department of Justice (DOJ) announced that eight Jamaicans were extradited to the US and now are in custody in North Dakota. These eight people were charged with using a lottery scam to trick at least 90 people out of more than $5.7 million dollars.This case is part of a law enforcement operation that has taken years of work by the FBI’s Bismarck office, the US Postal Inspection Service, the US Attorney’s Office, DOJ, and the government of Jamaica – which arrested this group last year. Here at the FTC, we want to make sure you know how to spot these scams – and tell us when you spot them.Why do foreign lottery scams work? Because these scammers play on our hopes for good fortune. After all, who doesn’t want to win the lottery? But, if you get a call or letter offering a chance to play – or saying you’ve already won a foreign lottery, know this:
- Playing a foreign lottery is illegal. Both by phone and by mail.
- Never pay for a prize. And never wire money (or give the numbers from a prepaid card or gift card) to anyone who asks you to. These are sure signs of lottery scams.
- Buying even one foreign lottery ticket means your name gets added to lists that scammy telemarketers buy and sell to each other. You’ll get lots more calls and letters with scam offers.
Benjamin Franklin used to say that in this world nothing is certain, except death and taxes. If he were alive today, he would most likely add social scams to the list.
Three common tricks you may come across in the digital world:
– Shocking news or fake celebrity news – Remember the saying “Curiosity killed the cat”? Cyber criminals will use anything that’s hot right then in the media, in order to capture your attention.
– Free stuff. Free mobile phones, free trips, free flight tickets, free beauty products. Always works!
– Urgency. Click here now, the discount is only available today, download this now or never, etc.
In “The Art of War”, Sun Tzu said that you should fully know your enemy and know yourself.
Translating this into secureteeh world plan of attack:
- Do an information assessment list. What type of data do you have stored on your devices? (It can be photos, work documents, but also passwords or account login credentials).
- What online accounts do you have? Which do you use more often?
- After you made the list, evaluate how valuable is the data that you keep on them. What would happen if you wouldn’t have access to them anymore or that information was lost, deleted or leaked online?
- How do you keep the most sensitive information safe? What security measures did you take in order to prevent something to happen to your data?
- What about shared files and devices? Who else has access to that data?
- What backup solutions do you have in place?
You can run, you can hide, but you’ll never be 100% protected against cyber attacks.
Don’t fall for marketing tricks. No matter how much a security product will claim to make your system bulletproof, be warned: that there’s always a fine print written at the bottom. No system is impenetrable.
Of course, this doesn’t mean you shouldn’t take all the necessary measures against cyber criminals. It’s just that you shouldn’t rely completely on them.
Try a multi-layered security approach, onion-style.
If one layer falls, you’ll always have another one set up in place, that will protect you.
Lots of people like to shop online. It’s easy and sometimes faster than finding what you want at the local mall. With just a few clicks, your order is processed and your purchase could be on your doorstep the next day. That is, unless you clicked on an ad that was really a scam.
Online ads that offer deals on luxury items at low prices can be part of a scheme to take your money and give you nothing in return. Scammers falsely use well-known name brands in their ads for clothing, shoes, online games, and other expensive items to entice you. Scammers know that people looking for a good deal may be tempted to click on their links. But if you know how to spot online shopping scams, you can avoid losing your money — and more.
If you like to shop online, keep these tip-offs to rip-offs in mind:
- Anyone can set up an online shop. So before you place an order online, confirm that the shop has a physical address and a phone number where you can reach someone if you have problems with your order.
- Scammers often offer luxury brands at ridiculously low prices to trick you.
- Clicking on pop-up ads can download viruses, spyware, malware, and other unwanted software to your computer. It’s best to avoid them.
- If the seller requires payment through a wire transfer or by you giving them numbers off a gift card or prepaid card, that’s a scam. Legitimate sellers won’t restrict payment to those methods.
For more tips, visit our Shopping & Saving page. While you’re at it, sign up for our scam alerts to help you recognize and report scams and frauds.
Privacy Awareness Week is May 8-12, 2017. It’s an annual initiative of the Asia Pacific Privacy Authorities Forum that combines the efforts of privacy agencies in the region to share information about privacy practices and rules.
If you’ve been following this blog, you know the FTC has tips on how to secure your routers, IP cameras and ‘Internet of Things’ devices, protecting them from hackers and malware attacks. We’ve also reminded you about steps to take to control online tracking by advertisers, as well as how to protect your personal information when connecting mobile devices to a rental car’s infotainment system.
The FTC continues to stay up to date on technologies that affect your privacy. Last year, we hosted the Fall Tech Series, which examined smart TVs, drones, and ransomware. The agency issued the Internet of Things challenge, an invitation to the public to create an innovative tool to protect consumers from security vulnerabilities in connected devices. And in June the Connected Cars workshop will examine privacy and security issues in automated and connected motor vehicles.
The theme of Privacy Awareness Week 2017 is “Share with Care.” You can learn more about safeguarding your information online with the FTC’s information on computer security, protecting your personal information, and limiting unwanted calls, mail and email.
Asia Pacific Privacy Authorities (APPA)
Formed in 1992, APPA is a forum for privacy, security and data protection regulators to collaborate and exchange ideas. For more information about APPA and Privacy Awareness Week, visit www.privacyawarenessweek.org
On the Internet, if it’s free or sounds too good to be true, you should be highly suspicious.
The web is plagued by thousands of scams, some simple, some very elaborate, but all aimed at one thing: getting your money.
And the astonishing fact is that the same, notorious scams still work.
Here’s a quick example: