Login
Your home should be a haven that protects you. In the cyber age, however, your router, computers, and TVs, your game consoles and smart devices, are continuously connected to the internet and run the risk of being hacked—usually when you least expect it and often without your knowledge. Not only can cybercriminals invade your privacy, they can steal your data, your money and even your identity—if you don’t put the appropriate security measures in place.
Trend Micro Home Network Security (HNS) is specifically designed to be that key security measure for your home network. Attach the HNS station to your router, download and install the management app, pair them up, and HNS immediately begins protecting all the connected devices in your home against a wide variety of threats. These include network intrusions, risky remote connections, phishing, ransomware, harmful websites and dangerous downloads.
Though setup, configuration, monitoring, and maintenance are pretty straightforward, to get the most out of HNS, we’ve written a three-part series to teach you how to maximize its use:
|
|
Sound good? Let’s get started with Part 1!
Once you take the Home Network Security Station out of its box, setup and connection is quick and easy:
|
|
Configuration Modes
Trend Micro’s Home Network Security station is designed to be a Plug-n-Protect device. Upon being connected to your router, it will attempt to automatically sense and enable the optimal Mode.
However, if you are experiencing network instability or connection issues, you can also choose the Mode manually from one of four Modes available for the best performance with your particular router. In order to select the correct Mode, you should first determine your router’s optimal Mode. Go to the HNS eSupport website to check the compatibility of your router or to search for its brand and model. The optimal Mode is indicated for tested routers.
While most routers support the default setting automatically, a small number may require manual setup. An even smaller number are not compatible with Trend Micro Home Network Security.
Some additional information about HNS’s station Modes:
|
|
If you change the mode, run a Test Status check 5 minutes after changing the settings.
Off to a Good Start
As mentioned, after the initial setup, Trend Micro Home Network Security automatically does a network check to see what devices are on your network. (As part of its improved device recognition in version 2.5, released in November 2019, HNS offers more than 150 device icons to help make managing your devices even easier.) If you tap the View Devices button in the resulting popup, HNS provides you with a list of All Devices on the network. By default these online devices are Unassigned. You can create family member profiles, then assign specific devices to each family member later on. (Further information regarding Family Profiles will be discussed in Part 2 of this article series.)
At any time, tap Check Devices to initiate a manual security scan. Once the scan ends, you may see Action Required items displayed in the Dashboard indicator. Tap them to review them. The Action Required screen indicates any security issues that have been discovered. When you tap the panel, you will be able to obtain the Issue Details and read the Potential Risk description to better understand the issue and what you can do to resolve it—or you can also tap Skip for Now to skip the remediation process.
If you decide to proceed with remediation, the HNS App loads your mobile browser and takes you to the Trend Micro eSupport site, which provides more details on the issue. You can scroll through the page to learn more about the possible risks it poses, what you can do to prevent the problem from happening in the future, and places to go for more answers to any questions you may have.
Back in the Dashboard, you can review the HNS Summary protection results in the Security, Parental Controls, Family Members, Top Attacked Devices, and Network Usage panels. You can either tap individual items—e.g., Vulnerability Found, Network Attacks, Web Threats Blocked, etc.—to reveal information on the various threats by device; or you can tap individual panels to show additional details about particular attacks or threats. For a more detailed look, you can check the Timeline to review individual events, which can be filtered by type, such as Security, Parental Controls, Connections, Action Required and System.
Recommended Network and Security Settings
There are a number of useful features that are disabled by default. You can enable these features to heighten your home network protection and maximize user convenience.
|
|
For now, this should be enough to get you off to a good start with Trend Micro Home Network Security. Watch for Part 2 of our HNS Series, where we help you create profiles for family members and set up Parental Controls.
For more information about HNS, go to Trend Micro Home Network Security. For more online support, go to Trend Micro Home Network Security eSupport.
The post You’re In Safe Hands with Trend Micro Home Network Security appeared first on .
Working with a slow PC is always annoying and frustrating. Enduring sudden frozen windows and stuttered animations can make you want to throw the machine out the window.
Take a deep breath, and consider these 8 tips on how to fix a slow PC running Windows.
Why is my Windows Running Slow?
First, here is a general analysis on why your Windows PC is running slow:
|
|
1. Restart your Computer
Many users are accustomed to keeping their computers running for several weeks. Their PC is either running or sleeping with the processes saved all the time. This means the running programs are occupying and filling up their RAM continuously, which can lead to the PC running extremely slowly. In addition, the computer might suffer from some bugs, which trigger programs to eat up much more RAM than they should. To avoid these troubles, restart your PC by clicking on the Windows button, selecting the ‘Power’ button, and choosing the ‘Restart’ button at least once a week.
A small hint: make sure you have saved your ongoing work before you shut down your computer.
2. Adjust setting modes
This is a very simple but often overlooked way to boost your PC’s performance. However, it sacrifices a bit of standby time. When you are not worrying about the state of charge and just pursuing maximum efficiency, you can consider opening Advanced System Setting in Windows for this trick.
Enter “Control Panel” in the Cortana search box in the taskbar. In the pop-up window, click “System,” and then click “Advanced system settings” in the left window, as shown below:
Click “Settings” in the performance bar, as shown in the following figure:
In the pop-up window, you can see that there are four setting modes, set “Adjust for best performance,” and then click OK, as shown in the following figure:
3. Disable Startup Programs
Startup items are programs that the system will run in the foreground or background once your computer is ON. When you download and install software, the “start-up” is usually a default choice. Therefore, if the software is not commonly used and you do not need to use it every time you start your PC, you can remove the check because it can slow down system speed. If you forgot to remove the check when installing the application, you can also make changes using the Task Manager.
To check and manage your startup programs, open the Task Manager (Ctrl + Alt + Del), then switch to the ‘Startup’ tab. You’ll also see the “Startup impact” of each startup program — either Low, Medium, or High. If you see “Not measured,” that’s because it was recently added and Windows hasn’t had a chance to observe the program’s behavior yet.
To prevent a program from launching on startup just right-click and choose “Disable.”
If you are not sure whether you can safely disable some programs, you can search the program online and learn about its function. If you are a little worried, you can download a PC cleaner app, which can automatically identify and classify these items and help you delete the unnecessary ones in batches. Remember to choose those apps without pop-up advertisements and hidden fees.
In addition, you can see the first tab named “Processes” in the picture above. Too many programs running simultaneously can slow down the system speed as well. Some programs may continue running in the background even after you have closed them. Under the “Processes” tab, you can select them and click ‘End task’ at the bottom right. However, be careful about this action because you might close some important processes needed to run Windows.
4. Turn off windows tips and tricks
When searching ways to speed up your PC online, your PC will ask you to disable the “Visual Effects” feature as they use up your PC’s performance. However, this operation needs you to balance the operating speed and the appearance of your PC, and even adjust those settings many times to achieve satisfying visual effects. Instead, here is an item that you can change without a hitch.
When you use a windows PC, Windows will always pay attention to what you are doing and provide tips on what you may want to do with your computer. You may find these tips unhelpful and even feel offended by its constant virtual viewing over your shoulders.
If you want to speed up your PC, you can ask Windows to stop giving you advice. To do this, click the START button, select the Settings icon, and then go to Systems > Notification & actions. Scroll down to the notifications section and uncheck the box labeled “Get tips, tricks, and suggestions as you use Windows.”
5. Run Disk Cleanup
Do not let that “Disk space is almost full” message pop up and stop your work. Too many junk files, useless big files and duplicate files usually cause insufficient disk space. To save gigabytes of disk space for things you really need, you should clean them regularly to free up space.
Here are steps on how to use the built-in Windows utility to run disk cleanup:
Press “WINDOWS + R” and enter the cleanmgr command with parameters:
cleanmgr /sageset
In the Disk Cleanup Settings window, you can find items you can clean.
Note that this operation is only the setting operation of the checked item. It has not been actually cleaned. After clicking OK, you need to press “WINDOWS + R” and enter “cleanmgr /sagerun:99”, and then it can execute specific cleanup operations.
You can also turn ON the storage sense function to remove unnecessary files automatically.
Enter Settings > System > Storage, and then turn ON the Storage sense function to allow Windows to clean up temporary files automatically. It can be set to run automatically every day, every fortnight, every month, or every two months.
Definitely, some cleanup apps can help you do the work more quickly and accurately. Besides useless files, they can even retrieve and delete similar photos. You can evaluate and download them according to your own needs.
6. Clean out your Registry
Registry is an important database, which is used to store the setting information of system and application program running in Windows. As early as Windows 3.0 introduced OLE technology, the registry has appeared. Windows NT was the first operating system to make extensive use of the registry at the system level. However, since the beginning of the Microsoft Windows 95 operating system, the registry has been a critical database that will continue to play a role in the subsequent operating systems.
The command to open the registry is:
Regedit or regedit.exe, regedt32 or regedt32.exe
Under normal circumstances, you can click the operation in the START menu (WINDOWS + R), and then enter regedit or regedit.exe and click OK to open the registry editor of Windows operating system.
The registry is a very messy thing. For example, when a program is uninstalled, the program’s settings are not always cleared in the registry. So over time, it will be filled with various outdated settings. This may lead to poor performance of your PC system.
A word of caution: Editing the registry manually is risky. A mistake can lead to system-level interruptions. Therefore, to clean the registry, it is recommended that a professional registry cleaner is used.
7. Malware and Virus Infection
As we all know, malware and viruses will infect the computer and make it run more sluggishly. There are a large number of antivirus apps in the marketplace. Trend Micro offers several options to consider.
8. Disable third-party services
If you installed a lot of software on your PC, the system may become chaotic and some unexpected problems might occur. For example, several security applications are running at the same time can create conflicts that make the system misbehave. You can disable all third-party software services and only keep the system itself. The system status will also be called “Clean Boot.”
Here is how to perform a clean boot of Windows:
Press “WINDOWS + R” and type “msconfig”, then click OK. Open System Configuration, go to the Services tab and put a tick in the “Hide all Microsoft services” box at the bottom left before choosing the items and hitting Disable all.
We hope the listed solutions can help you boost your PC performance conveniently. Manually checking what is wrong with your Windows can be time-consuming and painstaking. When those irritating system messages pop up and interfere with your work, it is time to turn to a trusted all-in-one system care utility like Cleaner One. By employing this productive worker, you can retrieve and delete unnecessary items, have less clutter, make your computer more efficient, and optimize your Windows OS with just a few clicks. Why not give it a go?
The post How to Speed Up a Slow PC Running Windows OS appeared first on .
We continue our three-part series on protecting your home and family. If you missed our first part, you can find it here.
Are your kids at that formative age when they’re beginning to use mobile devices? How about at that inquisitive age when they start to discover the wonders of the Internet? Or that age when they tend to be more carefree and self-indulgent?
The Internet and the digital devices our children use are valuable tools when used the right way. They give them access to a wide range of information, pave the way to explore worthwhile ideas, and keep them socially connected with family, relatives and friends. That said, though there are big advantages to kids’ use of the Internet, there are dangers as well. Part 2 of our 3-part series on home network security discusses those dangers to your children and what you can do to protect them, leveraging Trend Micro Home Network Security’s Parental Controls to help you do so.
Gone are the days when simple malware was the focal point for internet safety. Nowadays, children have so many devices giving them access to the internet, unknown dangerous situations have multiplied. As a parent, the challenges include the following:
|
|
Finding the right balance between parenting and controlling the child’s use or possible misuse of the internet is tricky. Here’s where Trend Micro Home Network’s (HNS) Parental Controls can come in. In addition to protecting your home network from security risks and attacks, HNS also provides a robust and flexible parental control system to keep internet usage safe for your children. Controls include:
|
|
Protecting your family members online starts with Adding a Profile.
You can add a new Profile for each Family Member and assign to them the devices they control. To do this, you can just simply tap Family in the Command Menu and choose the family member by tapping Add Someone. This will let you provide the Profile Name and Profile Picture as well as Assign Devices to the person by tapping the device(s) in the Unassigned panel. The devices you select will then be automatically moved into the ownership panel for that person. Tap Done and you’ll be presented with the Settings screen for that child’s Profile, where you can configure Parental Controls as you see fit.
Website Filtering
Next, let’s proceed with the most common component: Website Filtering.
|
|
Content Filtering
Moving on, you can also set up Content Filtering.
|
|
App Controls
To continue, there are apps that parents disapprove of, but there are always those instances when the children try to use them anyway against their parent’s wishes. That’s when you can choose to be informed of the Inappropriate Apps Used by your children.
|
|
Time Limits and Notifications
Even when you try to teach your kids about being responsible about their online time, it’s easier said than done. Thus, parents or guardians can schedule the hours of screen time their children are allowed each day, along with the hours when screen time is available. HNS’s Parental Controls provide both of these features and more.
|
|
Connection Alerts
Last but not least, since it’s tough to keep monitoring when your child is online, tapping Trend Micro HNS’ Connection Alert to toggle it on makes it easier for parents to get notifications when their kid’s digital devices connect to the home network during a specified time period.
In the end, Trend Micro Home Network Security’s Parental Controls can assist parents in dealing with the online safety challenges all children are exposed to in the 21st century. HNS’ flexible and intuitive feature set comprised of Filtering, Inappropriate App Used, Time Limits and Connection Alerts support every parent or guardian’s goal to ensure a safe and secure internet experience for their kids. Coupled with kind face-to-face conversations, where you let your children know your care for them extends to how they use the Internet, HNS becomes your silent partner when ensuring your family’s safety.
For more information, go to Trend Micro Home Network Security.
The post Parental Controls – Trend Micro Home Network Security has got you covered appeared first on .
The past 12 months have been another bumper year for cybercrime affecting everyday users of digital technology. Trend Micro blocked more than 26.8 billion of these threats in the first half of 2019 alone. The bad news is that there are many more out there waiting to steal your personal data for identity fraud, access your bank account, hold your computer to ransom, or extort you in other ways.
To help you stay safe over the coming year we’ve listed some of the biggest threats from 2019 and some trends to keep an eye on as we hit the new decade. As you’ll see, many of the most dangerous attacks will look a lot like the ones we warned about in 2019.
As we enter 2020 the same rules apply: stay alert, stay sceptical, and stay safe by staying protected.
Cybercrime is a chaotic, volatile world. So to make sense of the madness of the past 12 months, we’ve broken down the main type of threats consumers encountered into five key areas:
Home network threats: Our homes are increasingly powered by online technologies. Over two-thirds (69%) of US households now own at least one smart home device: everything from voice assistant-powered smart speakers to home security systems and connected baby monitors. But gaps in protection can expose them to hackers. As the gateway to our home networks, routers are particularly at risk. It’s a concern that 83% are vulnerable to attack. There were an estimated 105m smart home attacks in the first half of 2019 alone.
Endpoint threats: These are attacks aimed squarely at you the user, usually via the email channel. Trend Micro detected and blocked more than 26 billion such email threats in the first half of 2019, nearly 91% of the total number of cyber-threats. These included phishing attacks designed to trick you into clicking on a malicious link to steal your personal data and log-ins or begin a ransomware download. Or they could be designed to con you into handing over your personal details, by taking you to legit-looking but spoofed sites. Endpoint threats sometimes include social media phishing messages or even legitimate websites that have been booby-trapped with malware.
Mobile security threats: Hackers are also targeting our smartphones and tablets with greater gusto. Malware is often unwittingly downloaded by users, since it’s hidden in normal-looking Android apps, like the Agent Smith adware that infected over 25 million handsets globally this year. Users are also extra-exposed to social media attacks and those leveraging unsecured public Wi-Fi when using their devices. Once again, the end goal for the hackers is to make money: either by stealing your personal data and log-ins; flooding your screen with adverts; downloading ransomware; or forcing your device to contact expensive premium rate phone numbers that they own.
Online accounts under attack: Increasingly, hackers are after our log-ins: the virtual keys that unlock our digital lives. From Netflix to Uber, webmail to online banking, access to these accounts can be sold on the dark web or they can be raided for our personal identity data. Individual phishing attacks is one way to get these log-ins. But an increasingly popular method in 2019 was to use automated tools that try tens of thousands of previously breached log-ins to see if any of them work on your accounts. From November 2017 through the end of March 2019, over 55 billion such attacks were detected.
Breaches are everywhere: The raw materials needed to unlock your online accounts and help scammers commit identity fraud are stored by the organizations you interact with online. Unfortunately, these companies continued to be successfully targeted by data thieves in 2019. As of November 2019, there were over 1,200 recorded breaches in the US, exposing more than 163 million customer records. Even worse, hackers are now stealing card data direct from the websites you shop with as they are entered in, via “digital skimming” malware.
Smart homes under siege: As we invest more money in smart gadgets for our families, expect hackers to double down on network attacks. There’s a rich bounty for those that do: they can use an exposed smart endpoint as a means to sneak into your network and rifle through your personal data and online accounts. Or they could monitor your house via hacked security cameras to understand the best time to break in. Your hacked devices could even be recruited into botnets to help the bad guys attack others.
Social engineering online and by phone: Attacks that target user credulity are some of the most successful. Expect them to continue in 2020: both traditional phishing emails and a growing number of phone-based scams. Americans are bombarded by 200 million automated “robocalls” each day, 30% of which are potentially fraudulent. Sometimes phone fraud can shift quickly online; for example, tech support scams that convince the user there’s something wrong with their PC. Social engineering can also be used to extort money, such as in sextortion scams designed to persuade victims that the hacker has and is about to release a webcam image of them in a “compromising position.” Trend Micro detected a 319% increase in these attacks from 2H 2018 to the first half of 2019.
Threats on the move: Look out for more mobile threats in 2020. Many of these will come from unsecured public Wi-Fi which can let hackers eavesdrop on your web sessions and steal identity data and log-ins. Even public charging points can be loaded with malware, something LA County recently warned about. This comes on top of the escalating threat from malicious mobile apps.
All online accounts are fair game: Be warned that almost any online account you open and store personal data in today will be a target for hackers tomorrow. For 2020, this means of course you will need to be extra careful about online banking. But also watch out for attacks on gaming accounts. Not only your personal identity data and log-ins but also lucrative in-game tokens will become highly sought after. Twelve billion of those recorded 55 billion credential stuffing attacks were directed at the gaming industry.
Worms make a comeback: Computer worms are dangerous because they self-replicate, allowing hackers to spread attacks without user interaction. This is what happened with the WannaCry ransomware attacks of 2017. A Microsoft flaw known as Bluekeep offers a new opportunity to cause havoc in 2020. There may be more out there.
Given the sheer range of online threats facing computer users in 2020, you’ll need to cover all bases to keep your systems and data safe. That means:
Protecting the smart home with network monitoring solutions, regular checks for security updates on gadgets/router, changing the factory default logins to strong passwords, and putting all gadgets onto a guest network.
Tackling data-stealing malware, ransomware and other worm-style threats with strong AV from a reputable vendor, regular patching of your PC/mobile device, and strong password security (as given below).
Staying safe on the move by always using VPNs with public Wi-Fi, installing AV on your device, only frequenting official app stores, and ensuring you’re always on the latest device OS version. And steer clear of public USB charging points.
Keeping accounts secure by using a password manager for creating and storing strong passwords and/or switching on two-factor authentication where available. This will stop credential stuffing in its tracks and mitigate the impact of a third-party breach of your log-ins. Also, never log-in to webmail or other accounts on shared computers.
Taking on social engineering by never clicking on links or opening attachments in unsolicited emails, texts or social media messages and never giving out personal info over the phone.
Fortunately, Trend Micro fully understands the multiple sources for modern threats. It offers a comprehensive range of security products to protect all aspects of your digital life — from your smart home, home PCs, and mobile devices to online accounts including email and social networks, as well as when browsing the web itself.
Trend Micro Home Network Security: Provides protection against network intrusions, router hacks, web threats, dangerous file downloads and identity theft for every device connected to the home network.
Trend Micro Security: Protects your PCs and Macs against web threats, phishing, social network threats, data theft, online banking threats, digital skimmers, ransomware and other malware. Also guards against over-sharing on social media.
Trend Micro Mobile Security: Protects against malicious app downloads, ransomware, dangerous websites, and unsafe Wi-Fi networks.
Trend Micro Password Manager: Provides a secure place to store, manage and update your passwords. It remembers your log-ins, enabling you to create long, secure and unique credentials for each site/app you need to sign-in to.
Trend Micro WiFi Protection: Protects you on unsecured public WiFi by providing a virtual private network (VPN) that encrypts your traffic and ensures protection against man-in-the-middle (MITM) attacks.
Trend Micro ID Security (Android, iOS): Monitors underground cybercrime sites to securely check if your personal information is being traded by hackers on the Dark Web and sends you immediate alerts if so.
The post The Everyday Cyber Threat Landscape: Trends from 2019 to 2020 appeared first on .
The world has gone mobile and the US is leading the way. It’s estimated that that the number of smartphone users alone topped 257 million in the States in 2018. That means three-quarters (74%) of households now boast at least one mobile device. And in this new digital world, it’s mobile applications that really matter. They’re a one-click gateway to our favorite videos, live messaging, email, banking, social media and much more.
There are said to be around 2.8 million of these apps on the official Google Play Store today. But unfortunately, where there are users, there are also hackers looking to capitalize. And one of their favorite ways to make money is by tricking you into downloading a malicious app they’ve sneaked onto the marketplace.
Most recently, 42 such apps had to be removed after being installed eight million times over the period of a year, flooding victims’ screens with unwanted advertising. This is just the tip of the iceberg. As more of us turn to mobile devices as our primary internet gateway, the bad guys will follow suit. Trend Micro blocked over 86 million mobile threats in 2018, and we can expect this figure to increase into the future.
So how can you protect your devices and your data from hackers?
Adware ahoy
The latest bunch of 42 apps are from a class of malicious software known as adware. This follows a previous discovery by Trend Micro earlier this year of a further 85 adware-laden apps downloaded eight million times. Cyber-criminals fraudulently make money by displaying unwanted ads on the victim’s device. In the meantime, the user has to contend with annoying pop-ups which can run down the device’s battery and eat up computing resources. Some even silently gather user information.
Ones to watch
Unfortunately, it’s increasingly difficult to spot malicious apps on the Play Store. A popular tactic for hackers is to hide their malware in titles which impersonate legitimate applications. A recent two-year study found thousands of such counterfeits on the Play Store, exposing users unwittingly to malware. Banking apps are a particularly popular type of title to impersonate as they can provide hackers with highly lucrative log-ins to open users’ accounts.
Some malware, like the recently disclosed Agent Smith threat, works by replacing all the legitimate apps on a user’s device with malicious alter-egos.
So, as we hit 2020, what other threats hidden in legitimate-seeming apps should mobile users be looking out for?
|
|
Is Google helping?
The Android ecosystem has always and remains to be a bigger threat than iOS because it’s relatively easier for developers to get their applications onto the official marketplace. Now, it’s true that Google carries out some vetting of the apps on its Play Store and it is getting better and quicker at spotting and blocking malware. It says the number of rejected app submissions grew by over 55% in 2018 while app suspensions increased by over 66%.
However, Google’s Play Protect, which is pre-installed on Android devices, has garnered less than favorable reviews. This anti-malware solution is intended to scan for malicious apps to prevent you downloading them. However, it has received poor reviews for its “terrible malware protection.”
In fact, in independent tests run in July by German organization AV-TEST, Google Play Protect found just 44% of the 3,347 “real-time” online malware threats, and just 55% of the 3,433 malware samples that were collected in the previous month. According to Tom’s Guide, “these scores are all well below the industry averages, which were always 99.5% or above in both categories for all three rounds.”
How do I stay safe?
So how can mobile users ensure their personal data and devices are secure from the growing range of app-based threats?
Consider the following:
|
|
How Trend Micro Mobile Security helps
Trend Micro Mobile Security (TMMS) offers customers comprehensive anti-malware capabilities via its real-time Security Scan function. Security Scan alerts you to any malware hidden in apps before they are installed and suggests legitimate versions. It can also be manually run on devices to detect and remove malicious apps, including ransomware, that may already have been installed.
To use the manual scan, simply:
1. Tap the Security Scan panel in the TMMS Console. The Security Scan settings screen appears, with the Settings tab active by default.
2. Tap Scan Now to conduct a security scan. The result appears.
3. In the example shown, “Citibank” has been detected as a fake banking app, installed on the device before Mobile Security was installed. Apps are recommended for you to remove or to trust.
4. Tap Uninstall to uninstall the fake app. A Details screen defines the security threats.
5. Tap Uninstall A popup will ask if you want to uninstall the app.
6. Tap Uninstall once more to uninstall it. The app will uninstall.
7. If there are more potentially unwanted apps, tap the panel for Apps Removal Recommended to show the list of apps recommended for removal. The Removal Recommended list will show apps to Remove or Trust.
8. You can configure settings via Security Scan > Settings This will allow you to choose protection strength (Low, Normal, and High).
9. In Settings, check the Pre-Installation Scan, which is disabled by default, to block malware from Google Play before it’s installed. It sets up a virtual private network (VPN) and enables the real-time scan.
Among its other features, Trend Micro Mobile Security also:
|
|
To find out more about Trend Micro Mobile Security, go to our Mobile Security Solutions website, where you can also learn about our Mobile Security solution for iOS.
Tags: Mobile Security, Mobile Antivirus, Mobile Antimalware, Android Antivirus
The post Defend Yourself Now and in the Future Against Mobile Malware appeared first on .
Social media has come a long way in a short space of time. In a little over a decade, it’s grown from being the preserve of a relatively small group of online enthusiasts to one of the defining trends of 21st century life. As the undisputed global leader in this field, Facebook now boasts nearly 1.7 billion daily active users.
Not only do we share personal and global news, photos and videos with each other every day on the site, we also log-in to our favorite third-party websites and apps via Facebook to shop, chat, play games and much more. In short, social media makes life more fun, more social, and more connected.
But at the same time, our digital lives have become more complicated. Sometimes we share without realizing the significance of the data we’re showing others — including strangers, trolls and maybe even fraudsters. Sometimes we sign-up for third-party apps/services that take advantage of small print agreements to sell our data on to others — possibly for uses we did not want. And often, the websites we visit independently of Facebook send data on our browsing behavior back to the social network without our knowledge.
Some of us view this kind of tracking as the price we pay for free internet services, and welcome the improved personalization it enables. But others may feel creeped out that their family’s every click and swipe is being silently monitored, logged, and shared.
Time for action
The good news is that Facebook has been listening (to some extent!) to regulators and consumers, and has started the new year by offering users more tools to shine a light on where and how their data is being used, and how they can protect their privacy. But we’re talking here about a platform that has been growing non-stop for the past 15 years. Complexity is everywhere, and it’s not always easy to find the tools you need to enhance your privacy on the site.
That’s why we’ve put together this short guide. It’ll teach you where your privacy is most at risk on Facebook, and what you can do to manage these risks, including an assist by Trend Micro’s own Privacy Scanner tool.
Why should I be worried?
Although social media offers much to enrich and improve our lives, there are multiple levels of privacy risk involved in using it. For many of us, the stakes have risen almost silently in the background over the past few years. We can split these into three basic areas:
Oversharing: At a very basic level Facebook allows you to share news, pictures, stories and more with the world. But would you want your boss, prospective employer, law enforcement, credit agencies and other users to see every little thing about you? Yes, they increasingly use Facebook as a source of intelligence gathering, so you may want to limit who can view your information to just those in your friendship network.
Among the most prodigious collectors and monetizers of our private data are cyber-criminals. A Facebook account is a trove of sensitive personal information: everything from email addresses and phone numbers to partners and political preferences. It could all be leveraged to commit identity fraud or craft convincing phishing emails which trick you into giving away even more details. Something as innocuous as a photo of a family pet could provide hackers with some useful intel for guessing your online passwords. Or what about a real-time update from the beach? It might be all an opportunistic burglar needs to raid your home.
Third-party apps and websites: One of the most controversial aspects of data collection and use on Facebook relates to partner sites and services. Often, users sign-up for these apps without being fully aware of how their data will be used, or even what profile data the app may be gaining permission to harvest. It was data on 87 million Facebook users and their friends collected by a popular third-party personality test app that ended up being sold to Cambridge Analytica. It was then controversially used to target US voters ahead of the last Presidential election.
Following a huge FTC fine, Facebook is now more rigorous in ensuring third-party developers comply with its privacy and data use policies. But some users may still balk at their private data being sold on to third parties.
Other Off-Facebook activity: Apps and websites that you log into with your Facebook ID technically count as “off-Facebook activity”: that is, stuff that happens outside of the social site. But there’s more. Did you know, for example, that Facebook collects data from a huge number of additional sites and apps that aren’t obviously connected to the platform?
It uses code embedded on these sites to track what you do there, in order to make advertising on Facebook more targeted and personalized. So accurate and covert is this technology that it has given rise to a conspiracy theory that Facebook is somehow listening in to its users’ phone calls. It’s not. Users simply don’t know that, when they visit many sites and apps on the web, those same sites are secretly sending data back to Facebook, which then serves up relevant ads. Just bought Season One of your favorite show on a streaming app? You may get an ad for Season Two when you next visit your Facebook account.
Some people may be fine with this trade-off: privacy for a more tailored user experience. But many others may not. It’s one thing monitoring what you bought off an e-commerce site, quite another to track who you swiped left on when you were last on a dating site.
How can I manage my privacy better?
Fortunately, Facebook provides tools to help you to manage your privacy. Let’s go through some of them, from the newest to the oldest.
Off-Facebook
Facebook has just released a way of checking which sites/apps track and send data on your web usage back to the social network, clearing your data sharing history with them, and disconnecting for the future.
There are some caveats. Disconnecting in this way will log you out of any apps/sites you used Facebook to log into. In addition, it will not stop Facebook serving you advertising — you’ll get the same number of ads, except these won’t be as personalized as before. Facebook will also continue to receive information about your interactions on various sites, but this will be anonymized. |
|
Particular apps, games and websites
You can also directly edit the privacy and settings of particular apps, games and websites you’ve logged into with your Facebook account.
|
|
Basic privacy settings
Facebook has also overhauled its most basic privacy settings. Its Privacy Checkup tool features four distinct sections.
|
|
How Trend Micro can help
An easier option for managing your basic privacy on Facebook is the Trend Micro Privacy Scanner, which is available within Trend Micro Security on Windows and Mac, and within Mobile Security on Android and iOS. It automates the process of finding and fixing any potentially risky settings to keep your personal data safe from prying eyes.
It’s turned on by default in Trend Micro Internet and Maximum Security, as well as in Mobile Security.
|
|
Facebook is getting better at privacy, but its controls can be hard to find, and functionality is constantly being updated. That’s why we recommend a privacy audit every few months. Check in with your Facebook Privacy settings directly or via the Privacy Scanner to make sure you’re not leaking personal data. Privacy is subjective, but we’re all getting more critical about how big corporations use our data — and that’s not a bad thing.
Go here for more information on Trend Micro Security and Trend Micro Mobile Security.
The post How to Manage Your Privacy On and Off Facebook appeared first on .
We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.
As you use more internet-connected devices and smart appliances in your home, it’s of utmost importance to make sure your gadgets are properly protected from malware and hackers—and Trend Micro Home Network Security (HNS) helps you do just that. But while it’s easy to set up, connect, and configure (and even to forget!), you reap the most benefit when you’re actively involved with it, maintaining and monitoring its features and controls.
Start by asking the question: Are you sure your home network is secure? As you learn what network security entails, by the end of this blog you’ll be able to answer that question confidently. The more you’re involved with HNS, as the tech-savvy “guru” of the household, the more you’ll know when things are properly secured.
We’ll cover three main topics in Part 3 of our 4-part series, where we help you to test the following features: Threat Blocking, Access Control, and Parental Controls.
To better understand how HNS blocks malware on malicious websites from being downloaded to your devices, open your browser either from your mobile device or PC then proceed to these links:
http://www.eicar.org/download/eicar.com
When you run these tests, the test URL will be blocked, your browser will say “Website Blocked by Trend Micro Home Network Security,” and the payload will not be downloaded to the test device. The HNS app will then notify you that a web threat has been blocked, along with the name of the test device that was able to detect it. In the future, you should monitor the HNS app for such messages, so you can see which malicious sites your family has been accessing and warn them.
Next, there are three aspects of Access Control that you should test to familiarize yourself with the features. They are: Approving and Rejecting Devices, Remote Access Protection, and Disconnecting Devices.
Device control is the first part of access control.
|
|
Based on the decision to Allow Connection, verify the connection status on the new device by navigating to a webpage or using an application that connects to the internet.
For the next test, Remote Access Protection, you’ll use a real-world remote-access program commonly used in tech support scams. Note that remote desktop software such as LogMeIn, AnyDesk, TeamViewer, and others are not inherently harmful, but malicious hackers often use them for nefarious activities, such as tech support scams, where they lure you into downloading such a program, pretending they need it to “solve” your computer problems. Unsuspecting consumers around the world have fallen victim to such scams, often losing a large amount of money in fake support fees and ransoms. Additionally, such hackers can use remote desktop programs to scoop up your private data and sell it on the Dark Web.
Home Network Security gives owners peace of mind by preventing these types of Remote Desktop programs from establishing connections with remote computers.
In this test, we will use the free version of TeamViewer.
|
|
HNS will block the TeamViewer session and the HNS app will receive a notification of a remote access connection attempt, along with the name of the target PC. Once you’ve run your tests and understand how this access blocking works, you can delete the instances of TeamViewer on your devices, if you have no need of them.
Next, you should test Disconnecting Devices.
|
|
As we indicated in our last installment of this series, there are many facets to HNS’s Parental Controls. In this segment we will check the effectiveness of its Website Filtering, Content Filtering, App Controls, Time Limits, and Connection Alert & Notification capabilities.
Testing Website Filtering is easy.
|
|
The browser will show, “Website Blocked by Trend Micro Home Network Security” and indicate the rule that triggered the block, i.e., the Category: Personals/Dating rule in our test. The HNS app will receive a notification indicating HNS prevented your “Pre-Teen device” was from visiting a Personals/Dating site. Tapping the notification will show more details, such as the time and website visited.
Moving forward, Content Filtering is next in our checklist.
|
|
When it’s toggled ON, you can try to search for inappropriate content, such as red band trailersDoing this, the user will see a message that says, “Some results have been removed because Restricted Mode is enabled by your network administrator.” In addition, videos with mature or inappropriate content will not be displayed when you open YouTube’s Home page.
To continue, you can test the Inappropriate App Used functionality. Note that this feature only logs the apps opened in your devices; it does not block those apps from being used by the child.
|
|
Next, on your test mobile device, open any of the apps that correspond to the App Categories you’ve chosen. For instance, when a gaming app is opened, The HNS app should get a notification that a Games App was found in the user’s device. Tapping this notification should open the Report section where more detailed information is presented, such as the name of the app, the amount of time it was used, and the name of the device that triggered the notification.
To test Time Limits, you can set up a simple rule that consists of the chosen days the family member can use the internet, set the internet time limit, and set the time spent on YouTube within the set time period they’re allowed to use the internet, then enable notifications for this rule.
As an example:
|
|
To check if the rule is working, look for when the user attempts to surf and use YouTube beyond what’s permitted by the rule. HNS will block access to the internet and YouTube and provide you with a notification that says the YouTube or internet time limit has been reached by the user account. This notification is also logged in the user profile’s Report section.
Let’s wrap up testing the Parental Control features with enabling Connection Alert. This allows you to receive a notification when a device you choose, like your child’s mobile phone, reconnects to your HNS-secure network after getting home from school.
To do this, from the HNS App’s User Account > Settings, enable Connection Alert to indicate when the devices you have selected connect to the home network, according to your set schedule. You’ll only receive notifications of connections from HNS during that scheduled time.
Is your network secure? As the techie in your household, you’re the designated technical support for the family. As the saying usually goes, “Heavy is the head that wears the crown,” but armed with what you’ve just learned about Trend Micro Home Network Security’s capabilities, your burden will lighten significantly and you and your family will stay safe and secure from constantly evolving network threats.
Go to our website for more information on Trend Micro Home Network Security. And watch for Part 4 of this series, where we wind up with some additional monitoring and maintenance best practices.
Go here for Parts 1 and 2 of our series:
You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration
Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls
The post In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions appeared first on .
Tax season has always been a pretty nerve-wracking time for hard-working Americans. But over the years, technology advances have arrived to gradually make the process a bit easier. The bad news is that they can also introduce new cyber risks and even more stress.
There are two things that cybercriminals are always on the hunt for: people’s identity data from their accounts, and their money. And during the tax-filing season both can be unwittingly exposed. Over the years, cybercriminals have adapted multiple tools and techniques to part taxpayers with their personal information and funds.
Let’s take look at some of the main threats out there and what you can do to stay safe.
What do they want?
Cybercrime is a highly efficient money-making business. Some reports suggest this underground economy generates as much as $1.5 trillion each year. (See Into the Web of Profit, April 2018, McGuire, Bromium.) And tax-related scams are an increasingly popular way for the bad guys to drive-up profits. The Internal Revenue Service (IRS) claims that “thousands of people have lost millions of dollars and their personal information” to such attacks.
The bottom line is that they’re after one of two things: to trick you into wiring funds to them, and/or to get hold of your personally identifiable information (PII), including bank account and Social Security Numbers (SSNs). This personal data can subsequently be used to defraud you or the IRS, or may be deployed in follow-on identity fraud schemes to capture illicit funds from you.
There are various ways cyber-criminals can achieve these goals. The most common is by using social engineering tactics to trick taxpayers into sending money or personal information. But they might also use malware, either delivered to you personally or targeted at your tax preparer. This means you not only have to look after your own cybersecurity but also demand that the third-party businesses you work with store and transmit your sensitive information securely.
Look out for these scams
Here’s a round-up of the most popular tactics used by tax scammers today:
Impersonation: The fraudster gets in touch pretending to be an IRS representative. This could be via email, phone, social media or even SMS. They usually claim you owe the IRS money in unpaid taxes or fines and demand a wire transfer, or funds from a prepaid debit card. Sometimes they may ask for personal and financial details—for example, by claiming you’re entitled to a large tax refund and they just need you to supply your bank account info.
These interactions are usually pushy. The scammer knows the best way of making you pay up is by creating a sense of urgency and, sometimes, shaming the individual into believing they’ve been withholding tax payments. Phishing emails may look highly convincing, right down to the logo and sender domain, while phone callers will use fake names and badge numbers. Sometimes the scammers use personal data they may have stolen previously or bought on the Dark Web to make their communications seem more convincing.
In some impersonation scams, the fraudsters may even pretend to work for charities and ask for personal details to help disaster victims with tax refund claims.
Spoofing, phishing, and malware: In some cases, a text, email or social media message spoofed to appear as if sent from the IRS or your tax preparer actually contains malware. The scammers use the same tactics as above but trick the recipient into clicking on a malicious link or opening an attachment laden with malware. The covert download that follows could result in: theft of your personal information; your computer being completely hijacked by hackers via remote control software; or a ransomware download that locks your computer until you pay a fee.
Fake tax returns: Another trick the scammers employ is to use stolen SSNs and other personal information to file tax returns on your behalf. They can then try to claim a large payment in tax refunds from the IRS. The PII they use to file in your name may have been taken from a third-party source without your knowledge, and the first you might hear of it is when you go to file a legitimate tax return. It can take months to resolve the problem.
Attacks targeting tax preparers: Over half of Americans use third-party tax preparation companies to help them with their returns. However, this offers another opportunity for scammers to get hold of your sensitive information. In one recently discovered campaign, malware deployed on tax preparers’ websites was designed to download to the visitor’s computer as soon as they loaded the page. The IRS warns that businesses large and small are potentially at risk, as scammers are keen to get hold of tax information which enables them to file highly convincing fake returns in your name.
What to do
The good news is that by taking a few simple steps you can insulate yourself from the worst of these scams. Remember: the IRS does not contact taxpayers by email, text messages or social media to request personal/financial information— so if you receive communications that do, they are definitely a scam. It’s also important to remember that scams happen all year round, not just in the run-up to the tax filing deadline. That means, unfortunately, that you need to be on your guard all the time.
Here are a few other recommendations:
|
|
It also pays to demand that your tax preparer take their own precautions to keep your data secure. They should not be sending sensitive data or documents unencrypted in emails and must take steps on their own to combat phishing emails that target employees, since these can cascade to you during your tax preparation process. Whether hosted in the cloud or running on-premises, the servers that hold your data should also have adequate protection—and you have a right (and a duty to yourself) to ask ahead of time what they’re doing to protect it.
According to the IRS tax preparers should put the following internal controls in place:
|
|
How Trend Micro can help
Trend Micro offers a range of security tools to help taxpayers keep their personal and financial information safe from fraudsters.
Our flagship consumer solution Trend Micro Security (TMS) provides the following protections:
|
|
To find out more, go to our Trend Micro Security website.
The post Tax Scams – Everything you need to know to keep your money and data safe appeared first on .
Few national emergencies have the ability to strike panic into the populace quite like a virus pandemic. It’s fortunately something most of us have never had to experience, until now. At the time of writing, the number of global confirmed cases of Coronavirus infection, or COVID-19, has reached nearly 174,000 worldwide. Although the official US total currently remains a fraction of that (around 4,000), problems with testing mean many cases are likely to be going unreported here.
This is a difficult time for many Americans, as it is for citizens all over the world. But unfortunately it’s extraordinary global events like this that cyber-criminals look for in order to make their schemes more successful. True to form, they’re using mass awareness of the outbreak and a popular desire for more information on the virus, to trick users into giving away personal information and log-ins, or to unwittingly install malware on their devices.
As organizations enforce remote working to reduce the impact of the virus, many of you will be logging-on from home or your mobile computing devices, which may have fewer built-in protections from such threats. This makes it more important than ever to know how the bad guys are trying to cash in on COVID-19 and what you can do to stay safe.
Here’s a quick guide to the key online threats and security tips:
Phishing for trouble
Decades before COVID-19 burst onto the scene, a different kind of pandemic was spreading across the globe. Phishing messages have been one of the most popular tools in the hackers’ arsenal for years. In fact, Trend Micro blocked nearly 48 billion email-borne threats in 2019, 91% of the total we detected. Phishing is designed to trick the user into handing over their log-ins or personal and financial details, or persuading them to unwittingly download malware. Cyber-criminals typically achieve this by spoofing an email to make it appear as if sent from a legitimate and trustworthy source.
Once a user has been hooked, they are enticed into clicking on a malicious link or opening a malware-laden attachment. This could be anything from a banking trojan designed to steal online banking log-ins, to a piece of ransomware which will lock the user out of their PC until they pay a fee. It could even be cryptojacking malware which sits on the infected machine, quietly mining for Bitcoin while running up large energy bills and slowing down your PC.
The bad news is that phishing messages — whether sent by email, social media, text or messaging app — are getting harder to spot. Many now feature perfect English, and official logos and sender domains. They also often use current newsworthy events to trick the user into clicking. And they don’t get more high-profile than the COVID-19 pandemic.
Depending on how well protected your computing devices are, you may be more likely to receive one of these scam messages than be exposed to the virus itself. So, it pays to know what’s out there.
Watch out for these scams
The phishing landscape is evolving all the time. But here is a selection of some of the most common scams doing the rounds at the moment:
‘Official’ updates
Many of these emails purport to come from official organizations such as the US Center for Disease Control and Prevention (CDC), or the World Health Organization (WHO). They claim to contain key updates on the spread of the virus and must-read recommendations on how to avoid infection. Booby-trapped links and attachments carry malware and/or could redirect users to phishing sites.
Coronavirus map
Sometimes legitimate tools can be hijacked to spread malware. Researchers have spotted a version of the interactive Coronavirus dashboard created by Johns Hopkins University which was altered to contain information-stealing malware known as AZORult. If emails arrive with links to such sites, users should exercise extreme caution.
Corporate updates
Many big brands are proactively contacting their customer base to reassure them of the steps they are taking to keep staff and customers safe from the virus. But here too, the hackers are jumping in with spoof messages of their own purporting to come from the companies you may do business with. FedEx is one such global brand that has been spoofed in this way.
Donations
Another trick is to send phishing emails calling for donations to help fund research into the virus. One, claiming to come from the “Department of Health” has a subject line, “URGENT: Coronavirus, Can we count on your support today?” A key tactic in phishing emails is to create a sense of urgency like this to rush the reader into making hasty decisions.
Click here for a cure
One scam email claims to come from a medical professional and contains details about a vaccine for COVID-19 which has been “hushed up” by global governments. Of course, clicking through to find the non-existent ‘cure’ will bring the recipient nothing but trouble.
Tax refunds
In the UK, users have received emails spoofed to appear as if sent from the government, and promising a tax refund to help citizens cope with the financial shock of the pandemic. As governments in the US and elsewhere start to take more interventionist measures to prop up their economies, we can expect more of these types of phishing email.
How to stay safe
The good news is that there’s plenty you can do to protect you and your family from phishing emails like these. A blend of the following technical and human fixes will go a long way to minimizing the threat:
|
|
How Trend Micro can help
Fortunately, Trend Micro Security can also help. Among its anti-phishing features are the following:
Antispam for Outlook: includes checks on email sender reputation, employs web threat protection to block malicious URLs in messages, and scans for threats in files attached to email messages.
Fraud Buster: uses leading-edge AI technology to detect fake emails in Gmail and Outlook webmail that don’t contain malicious URLs or attachments, but still pose a risk to the user.
To find out more about how Trend Micro can help keep your family safe from online threats and phishing, go to our Trend Micro Security homepage, or watch our video series: How to Prevent Phishing, Part 1 and Part 2.
The post How to Stay Safe as Online Coronavirus Scams Spread appeared first on .
We’re all getting a little more worldly wise to the dangers that lurk around every corner of our digital lives. We know that the flipside of being able to shop, chat, bank and share online at the push of a button is the risk of data theft, ransomware and identity fraud. That’s why we protect our families’ PCs and mobile devices with security solutions from proven providers like Trend Micro, and take extra care each time we fire up the internet.
But what about the firms that we entrust to handle our data securely?
Unfortunately, many of these organizations still aren’t doing enough to protect our personal and financial information. It could be data we enter online to pay for an item or open an account. Or it could be payment card details that we’ve used at a local outlet which are subsequently stored online. These companies are big targets for the bad guys, who only have to get lucky once to crack open an Aladdin’s Cave of lucrative customer data.
What does this mean? That data breaches are the new normal. Last year in the US there were a reported 1,473 of these incidents, exposing nearly 165 million customer records. The latest affected customers of convenience store and gas station chain Wawa — and it could be one of the biggest ever, affecting 30 million cards.
Let’s take a look at what happened, and what consumers can do to steal a march on the bad guys.
What happened this time?
Wawa first notified its customers of a payment card breach in December 2019. But although the firm discovered malware on its payment processing servers that month, it had actually been sitting there since March, potentially siphoning card data silently from every single Wawa location. That’s more than 850 stores, across Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington DC.
The company itself has so far declined to put a number on how many customers have been affected. However, while cardholders were still wondering whether they’ve been impacted or not, something else happened. At the end of January, a hacker began to upload the stolen cards to a notorious dark web marketplace, known as Joker’s Stash.
They are claiming to have 30 million stolen cards in total, which if accurate could make this one of the biggest card breaches of its kind, placing it alongside other incidents at Home Depot (2014) and Target (2013).
How does it affect me?
Once the data goes on sale on a dark web market like this, it is usually bought by scammers, who use it in follow-on identity fraud attacks. In this case, the stolen data includes debit and credit card numbers, expiration dates and cardholder names, but not PINs or CVV records. That means they can’t be used at ATMs and fraudsters will find it hard to use the cards online, as most merchants require the CVV number.
However, if the cards are of the old magstripe type, they could be cloned for use in face-to-face transactions.
Although Wawa said it has informed the relevant card issuers and brands, the cardholders themselves must monitor their cards for unusual transactions and then report to their issuer “in a timely manner” if they want to be reimbursed for any fraudulent usage. This can be a distressing, time-consuming process.
What should I do next?
This is by no means the first and it won’t be the last breach of this kind. In the past, data stolen from customers of Hilton Hotels, supermarket chain Hy-Vee, retailer Bebe Stores, and restaurant chains including Krystal, Moe’s and Schlotzsky’s has turned up for sale on Joker’s Stash. It can be dispiriting for consumers to see their personal data time and again compromised in this way by cyber-criminals.
Too often in the aftermath of such incidents, the customers themselves are left in the dark. There is no information on whether they’ve definitively had their personal or card data stolen, just an ominous sense that something bad may be about to happen. If the company itself doesn’t even know how many cards have been affected, how can you act decisively?
Credit monitoring is often provided by breached firms, but this is a less-than-perfect solution. For one thing, such services only alert the user if a new line of credit is being opened in their name — not if a stolen card is being used. And second, they only raise the alarm after the incident, by which time the fraudsters may already have made a serious dent in your finances.
Monitoring your bank account for fraudulent transactions is arguably more useful in cases like the Wawa breach, but it’s still too reactive. Here’s a handy 2-step plan which could provide better results:
Step 1: Dark web monitoring works
To get more proactive, consumers need Dark Web monitoring. These tools typically scour dark web sites like Joker’s Stash to look for your personal information. The beauty of this approach is that it can raise the alarm after a breach has occurred, when the data is posted to the Dark Web, but before a fraudster has had time to monetize your stolen details. With this information, you can proactively request that your lender block a particular card and issue a new one.
This approach works for all personal data you may want to keep protected, including email addresses, driver’s license, passport numbers and passwords.
Step 2: Password protection
Once you’ve determined that your data has been part of a breach and is being sold on the dark web, one of the most important things you can do is to change your passwords to any stolen accounts, in order to minimize the potential damage that fraudsters can do.
This is where password manager tools can come in very handy. They allow users to store and recall long, strong and unique credentials for each of the websites and apps they use. This means that if one password is compromised, as in a breach scenario, your other accounts will remain secure. It also makes passwords harder for hackers to guess, which they may try to do with automated tools if they already have your email address.
Following a breach, it also makes sense to look out for follow-on phishing attacks which may try to trick you into handing over more information to the fraudsters. Here are a few tips:
|
|
How Trend Micro can help
Fortunately, Trend Micro has several products that can help you, as a potential or actual victim of a data breach, to proactively mitigate the fallout from a serious security incident, or to foil the fraudsters:
Trend Micro ID Security: checks if your personal information has been uploaded to Dark Web sites by hackers. This highly secure service, available in apps for Android and iOS mobile devices, uses data hashing and an encrypted connected to keep your details safe, alerting when it has found a match on the Dark Web so you can take action. Use it to protect your emails, credit card numbers, passwords, bank accounts, passport details and more.
Trend Micro Password Manager: provides a secure place to store, manage and update your passwords. It remembers your log-ins, so you can create secure and unique credentials for each website/app you need to sign-in to. This means if one site is breached, hackers will not be able to use that password to open your other accounts. Password Manager is available for Windows, Mac, iOS, and Android, synchronizing your passwords across all four platforms.
Trend Micro Fraud Buster: is a free online service you can use to check suspicious emails It uses advanced machine learning technology to identify scam emails that don’t contain malicious URLs or attachments but still pose a risk to the user, because the email (which may be extortionist) reflects the fact that the fraudster probably got your email address from the Dark Web in the first place. Users can then decide to report the scam, get more details, or proceed as before.
Fraud Buster is also now integrated into Trend Micro Security for Windows, protecting Gmail and Outlook webmail in Internet Explorer, Chrome, and Firefox. It’s also integrated in Trend Micro Antivirus for Mac, where it does the same for Gmail webmail in Safari, Chrome and Firefox on the Mac.
In the end, only you can guard your identity credentials with vigilance.
The post The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring appeared first on .
The coronavirus pandemic—the infection officially designated as COVID-19—is causing upheaval across the globe. Aside from the serious economic and public health implications, one very practical impact of shelter-in-place dictums is to force many companies to support remote working where they can. The most recent data tells us that in 2017, eight million Americans worked from home at least some of the week — amounting to around 5% of US workers. However, the events of the past few weeks are driving what is being described in certain sectors as the biggest shift to home working since 9/11.
This will ensure that many companies can continue functioning while helping to achieve social distancing to minimise the spread of the virus. But there are challenges, particularly to smaller businesses who don’t have IT security teams to assist with the transition. Hackers are primed and ready to take advantage of home workers, whose machines and devices may not be as secure as those in the office. There’s also a risk that workers are more distracted by current events when working at home, creating more opportunities for cyber-criminals to strike.
This isn’t just about hackers stealing your personal log-ins and information to sell on the dark web. In a home-working context, corporate data and systems may also be at risk. It takes just one unsecured remote worker to let the bad guys in. The damage they end up doing may be particularly difficult for employers to weather given the extreme economic pressures already on many firms.
With that in mind, therefore, let’s take a look at some of the major threats to home workers and their organizations, and what can be done to keep the hackers at bay.
Phishing messages are by far the number one threat to home workers. Cyber-criminals are using widespread awareness of COVID-19, and a desire for more information on the outbreak, to trick users into clicking on malicious links or opening booby-trapped attachments. Many are spoofed to appear as if sent by trusted organizations such as the US Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). They may claim to offer more information on the spread of the outbreak, tips on staying safe, and even provide details of how to get a non-existent vaccine online.
If you click through on a malicious link, the next stage of the attack could:
|
|
Brute forcing is another way for hackers to hijack your cloud accounts. They use previously breached username/password combos and run them through automation software to try them across billions of websites and apps. Because users reuse passwords across numerous accounts, the bad guys often get lucky and are able to unlock additional accounts in this way. Home workers using Microsoft Teams, Slack, Zoom and other cloud platforms for collaboration and productivity may be targeted.
Malicious smartphone apps are another threat to home workers. These may be disguised to trick the user into believing they’re downloading a COVID-19 tracker, for example. In reality, it could infect the device with ransomware, info-stealers, or other malware. That device could then spread the same malware to the corporate network, if it is connected to it via the home network.
Smart device threats are also a concern for home workers. More and more of us are investing in smart home devices. From voice assistants to smart speakers, connected refrigerators to smart TVs, it’s estimated that there’ll be as many as 128 million smart homes in the US by the end of this year. However, often these consumer-grade devices don’t have strong built-in protection. They may use weak, factory default passwords and/or contain multiple software vulnerabilities which are rarely patched by the manufacturer, if at all. The risk is that hackers could hijack one or more of these devices and use them as a stepping stone into the home and then corporate network – as we’ve demonstrated in previous research.
Friends and family could also introduce new cyber-threats, as they will also be confined largely to the home. That means they’ll be logging on to the home network with their own mobile devices, which may not be as well protected from threats as they should be. Once again, such threats could spread quickly from the home network to infect the enterprise network if it’s connected without adequate security controls. Another risk is of children using unsecured remote learning platforms, which may offer cybercriminals opportunities to hijack accounts, steal information and spread malware onto the network.
Home workers represent an attractive target in their own right. After all, personal information and log-ins (home banking, Netflix, webmail etc) can be easily sold for a profit on dark web marketplaces. However, organizations represent a much bigger, potentially more lucrative pay day for cyber-criminals. While corporate PCs and networks might be fairly well secured, the rush to support home working may have left gaps the bad guys are keen to exploit.
By first compromising the home worker, and then pivoting through unsecured channels to the corporate network, hackers could spread ransomware, steal sensitive company IPs, infect work networks with crypto-mining malware, or steal large volumes of customer data. They may also look to hijack employees’ corporate email or other accounts as the first part of a multi-stage information-stealing attack. There have even been new warnings of Business Email Compromise (BEC) attacks in which employees (usually those working in the finance department) are contacted by someone posing as a senior exec and ordered to wire business funds to a new bank account.
With so many techniques at their disposal, it’s easy to imagine that the bad guys have the upper hand. But by putting a few best practices in place, there are things businesses and employees can do today to reduce home working security risks.
Consider the following:
|
|
We don’t know how long COVID-19 will last. But by adapting to the new reality as quickly as possible, businesses and their home workers can at least close down any security gaps, enabling them to be as productive as possible — while most importantly, staying safe and healthy.
The post COVID-19: How Do I Work from Home Securely? appeared first on .
If we run a contest for Mr. Popular of Amazon Web Services (AWS), without a doubt Amazon Simple Storage Service (S3) has ‘winner’ written all over it. However, what’s popular is not always what is critical for your business to focus on. There is popularity and then there is dependability. Let’s acknowledge how reliant we are on Amazon Elastic Cloud Computing (EC2) as AWS infrastructure led-organizations.
We reflected upon our in-house findings for the AWS ‘Security’ pillar in our last blog, Four Reasons Your Cloud Security is Keeping You Up at Night, explicitly leaving out over caffeination and excessive screen time!
Drilling further down to the most affected AWS Services, Amazon EC2 related issues topped the list with 32% of all issues. Whereas Mr. Popular – Amazon S3 contributed to 12% of all issues. While cloud providers, like AWS, offer a secure infrastructure and best practices, many customers are unaware of their role in the shared responsibility model. The results showing the number of issues impacting Amazon EC2 customers demonstrates the security gap that can happen when the customer part of the shared responsibility model is not well understood.
While these AWS services and infrastructure are secure, customers also have a responsibility to secure their data and to configure environments according to AWS best practices. So how do we ensure that we keep our focus on this crucial service and ensure the flexibility, scalability, and security of a growing infrastructure?
Introducing Rules
If you thought you were done with rules after passing high school and moving out of your parent’s house, you would have soon realized that you were living a dream. Rules seem to be everywhere! Rules are important, they keep us safe and secure. While some may still say ‘rules are made to be broken’, you will go into a slump if your cloud infrastructure breaks the rules of the industry and gets exposed to security vulnerabilities.
It is great if you are already following the Best Practices for Amazon EC2, but if not, how do you monitor the performance of your services day in and day out to ensure their adherence to these best practices? How can you track if all your services and resources are running as per the recommended standards?
We’re here to help with that. Trend Micro Cloud One – Conformity ‘Rules’ provide you with that visibility for some of the most critical services like Amazon EC2.
What is the Rule?
A ‘Rule’ is the definition of the best practice used as a basis for an assessment that is run by Conformity on a particular piece of your Cloud infrastructure. When a rule is run against the infrastructure (resources) associated with your AWS account, the result of the scan is referred to as a Check. For example, an Amazon EC2 may have 60 Rules (Checks) scanning for various risks/vulnerabilities. Checks are either a SUCCESS or a FAILURE.
Conformity has about 540 Rules and 60 of them are for monitoring your Amazon EC2 services best practices. Conformity Bot scans your cloud accounts for these Rules and presents you with the ‘Checks’ to prioritize and remediate the issues keeping your services healthy and prevent security breaches.
Amazon EC2 Best Practices and Rules
Here are just a few examples of how Conformity Rules have got you covered for some of the most critical Amazon EC2 best practices:
|
|
See how Trend Micro can support your part of the shared responsibility model for cloud security: https://www.trendmicro.com/cloudconformity.
Stay Safe!
The post The AWS Service to Focus On – Amazon EC2 appeared first on .
This overview builds on the recent report from Trend Micro Research on cloud-specific security gaps, which can be found here.
Don’t be cloud-weary. Hear us out.
Recently, a major tipping point was reached in the IT world when more than half of new IT spending was on cloud over non- cloud. So rather than being the exception, cloud-based operations have become the rule.
However, too many security solutions and vendors still treat the cloud like an exception – or at least not as a primary use case. The approach remains “and cloud” rather than “cloud and.”
Attackers have made this transition. Criminals know that business security is generally behind the curve with its approach to the cloud and take advantage of the lack of security experience surrounding new cloud environments. This leads to ransomware, cryptocurrency mining and data exfiltration attacks targeting cloud environments, to name a few.
Why Cloud?
There are many reasons why companies transition to the cloud. Lower costs, improved efficiencies and faster time to market are some of the primary benefits touted by cloud providers.
These benefits come with common misconceptions. While efficiency and time to market can be greatly improved by transitioning to the cloud, this is not done overnight. It can take years to move complete data centers and operational applications to the cloud. The benefits won’t be fully realized till the majority of functional data has been transitioned.
Misconfiguration at the User Level is the Biggest Security Risk in the Cloud
Cloud providers have built in security measures that leave many system administrators, IT directors and CTOs feeling content with the security of their data. We’ve heard it many times – “My cloud provider takes care of security, why would I need to do anything additional?”
This way of thinking ignores the shared responsibility model for security in the cloud. While cloud providers secure the platform as a whole, companies are responsible for the security of their data hosted in those platforms.
Misunderstanding the shared responsibility model leads to the No. 1 security risk associated with the cloud: Misconfiguration.
You may be thinking, “But what about ransomware and cryptomining and exploits?” Other attack types are primarily possible when one of the 3 misconfigurations below are present.
You can forget about all the worst-case, overly complex attacks: Misconfigurations are the greatest risk and should be the No. 1 concern. These misconfigurations are in 3 categories:
|
|
How Big is The Misconfiguration Problem?
Trend Micro Cloud One – Conformity identifies an average of 230 million misconfigurations per day.
To further understand the state of cloud misconfigurations, Trend Micro Research recently investigated cloud-specific cyber attacks. The report found a large number of websites partially hosted in world-writable cloud-based storage systems. Despite these environments being secure by default, settings can be manually changed to allow more access than actually needed.
These misconfigurations are typically put in place without knowing the potential consequences. But once in place, it is simple to scan the internet to find this type of misconfiguration, and criminals are exploiting them for profit.
Why Do Misconfigurations Happen?
The risk of misconfigurations may seem obvious in theory, but in practice, overloaded IT teams are often simply trying to streamline workflows to make internal processes easier. So, settings are changed to give read and/or write access to anyone in the organization with the necessary credentials. What is not realized is that this level of exposure can be found and exploited by criminals.
We expect this trend will increase in 2020, as more cloud-based services and applications gain popularity with companies using a DevOps workflow. Teams are likely to misconfigure more cloud-based applications, unintentionally exposing corporate data to the internet – and to criminals.
Our prediction is that through 2025, more than 75% of successful attacks on cloud environments will be caused by missing or misconfigured security by cloud customers rather than cloud providers.
How to Protect Against Misconfiguration
Nearly all data breaches involving cloud services have been caused by misconfigurations. This is easily preventable with some basic cyber hygiene and regular monitoring of your configurations.
Your data and applications in the cloud are only as secure as you make them. There are enough tools available today to make your cloud environment – and the majority of your IT spend – at least as secure as your non-cloud legacy systems.
You can secure your cloud data and applications today, especially knowing that attackers are already cloud-aware and delivering vulnerabilities as a service. Here are a few best practices for securing your cloud environment:
|
|
To read the complete Trend Micro Research report, please visit: https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/exploring-common-threats-to-cloud-security.
For additional information on Trend Micro’s approach to cloud security, click here: https://www.trendmicro.com/en_us/business/products/hybrid-cloud.html.
The post Cloud Transformation Is The Biggest Opportunity To Fix Security appeared first on .
We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.
We’re now done with familiarizing ourselves with the features of Trend Micro Home Network Security (HNS) It’s now time for you to get a bit more adept at regular monitoring and maintenance, to ensure you’re getting the best protection HNS can provide your connected home.
Once you’re tracking the various internet-capable devices in your home within HNS, as with any security-related device it’s essential to monitor the activities captured by it. In the same way that we need to periodically review the videos taken by our security cameras, to check for any unusual events in or around the home that need our attention; so too, do you need to keep abreast of the goings on in your home network, particularly those of an unusual or suspect nature, as revealed by HNS. This can easily be done in two ways: via Voice Control and Reports.
Voice Control. When you want just a quick overview of the status of your network, you can use HNS’s Voice Control. Voice Control is available as a skill for both Amazon Alexa and Google Home.
Once the skill has been enabled, you can ask Alexa or Google Assistant to control your Home Network Security (HNS) using the following voice commands:
|
|
Reports. On the other hand, if you have more time to spare, you can peruse the Reports for your devices, user profiles, and network usage.
|
|
Now that you’re more acquainted with your home network through HNS, it’s vital that you know what to do when, for instance, you received a Smart Alert notification indicating an unusually high network activity detected on one of your connected devices.
A Range of Network Events. In brief, you’ll need to review the recent activities and perform the required actions to eliminate risks such as the following:
|
|
For more specific information regarding these types of incidents, you may refer to this Technical Support article.
The Home Network Security Station takes care of your home and your family’s security and safety. In return, you should know how to check if it’s in good working condition.
Physical Status. Check whether the physical components (LED, Reset button, Power, and Ethernet ports) of your Station are intact.
Power. Ensure that the Station is powered on. To check if the Station has power supply, just follow these simple steps:
|
|
Offline Notifications. When the HNS Station is offline the user will receive a notification about it. In addition, the HNS app will indicate the Station is offline. This situation can be attributed to loss of either the internet or LAN connections.
Internet Connection. Make sure you have stable internet connection. Checking your internet connection is easy:
|
|
If you are able to connect to the internet, just reconnect your Home Network Security Station to the router.
LAN Connection. Check the connection between the router and the HNS Station.
|
|
Updates. Make sure that you update the HNS App if you receive a notification that indicates, “Update Needed. Please click the button below to get the latest version.” This will guarantee that your HNS is up-to-date with app improvements.
Getting Help. Always remember, if you encounter any questions, issues or concerns that you’re unable to resolve, Help is just a click away.
Home networks are everywhere these days. However, the user knowledge required to secure and maintain our home networks spans from tech newbies to gurus and often seems to be a rather complicated or even confusing task.
To help you maintain and monitor your home network, Trend Micro offers a simple plug-and-protect home network device to protect your smart home and connected devices from being hacked, while keeping the internet safe for your kids on any device. But plug-and-protect doesn’t mean plug-and-forget. As with any security device, ongoing monitoring and maintenance is needed to provide the best protection your home network and family members need and deserve.
For more information, go to Trend Micro Home Network Security.
To read the rest of our series on HNS, go to
You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration
Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls
In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions
The post Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices appeared first on .
The COVID-19 pandemic, along with social distancing, has done many things to alter our lives. But in one respect it has merely accelerated a process begun many years ago. We were all spending more and more time online before the virus struck. But now, forced to work, study and socialize at home, the online digital world has become absolutely essential to our communications — and video conferencing apps have become our “face-to-face” window on the world.
The problem is that as users flock to these services, the bad guys are also lying in wait — to disrupt or eavesdrop on our chats, spread malware, and steal our data. Zoom’s problems have perhaps been the most widely publicized, because of its quickly rising popularity, but it’s not the only platform whose users have been potentially at risk. Cisco’s WebEx and Microsoft Teams have also had issues; while other platforms, such as Houseparty, are intrinsically less secure (almost by design for their target audience, as the name suggests).
Let’s take a look at some of the key threats out there and how you can stay safe while video conferencing.
Depending on the platform (designed for work or play) and the use case (business or personal), there are various opportunities for the online attacker to join and disrupt or eavesdrop on video conferencing calls. The latter is especially dangerous if you’re discussing sensitive business information.
Malicious hackers may also look to deliver malware via chats or shared files to take control of your computer, or to steal your passwords and sensitive personal and financial information. In a business context, they could even try to hijack your video conferencing account to impersonate you, in a bid to steal info from or defraud your colleagues or company.
The bad guys may also be able to take advantage of the fact that your home PCs and devices are less well-secured than those at work or school—and that you may be more distracted at home and less alert to potential threats.
To accomplish their goals, malicious hackers can leverage various techniques at their disposal. These can include:
|
|
Zoom has in many ways become the victim of its own success. With daily meeting participants soaring from 10 million in December last year to 200 million by March 2020, all eyes have been focused on the platform. Unfortunately, that also includes hackers. Zoom has been hit by a number of security and privacy issues over the past several months, which include “Zoombombing” (meetings disrupted by uninvited guests), misleading encryption claims, a waiting room vulnerability, credential theft and data collection leaks, and fake Zoom installers. To be fair to Zoom, it has responded quickly to these issues, realigning its development priorities to fix the security and privacy issues discovered by its intensive use.
And Zoom isn’t alone. Earlier in the year, Cisco Systems had its own problem with WebEx, its widely-used enterprise video conferencing system, when it discovered a flaw in the platform that could allow a remote, unauthenticated attacker to enter a password-protected video conferencing meeting. All an attacker needed was the meeting ID and a WebEx mobile app for iOS or Android, and they could have barged in on a meeting, no authentication necessary. Cisco quickly moved to fix the high-severity vulnerability, but other flaws (also now fixed) have cropped up in WebEx’s history, including one that could enable a remote attacker to send a forged request to the system’s server.
More recently, Microsoft Teams joined the ranks of leading business videoconferencing platforms with potentially deadly vulnerabilities. On April 27 it surfaced that for at least three weeks (from the end of February till the middle of March), a malicious GIF could have stolen user data from Teams accounts, possibly across an entire company. The vulnerability was patched on April 20—but it’s a reminder to potential video conferencing users that even leading systems such as Zoom, WebEx, and Teams aren’t fool-proof and require periodic vulnerability and security fixes to keep them safe and secure. This is compounded during the COVID-19 pandemic when workers are working from home and connecting to their company’s network and systems via possibly unsecure home networks and devices.
So how do you choose the best, most secure, video conferencing software for your work-at-home needs? There are many solutions on the market today. In fact, the choice can be dizzying. Some simply enable video or audio meetings/calls, while others also allow for sharing and saving of documents and notes. Some are only appropriate for one-on-one connections or small groups, while others can scale to thousands.
In short, you’ll need to choose the video conferencing solution most appropriate to your needs, while checking if it meets a minimum set of security standards for working at home. This set of criteria should include end-to-end encryption, automatic and frequent security updates, the use of auto-generated meeting IDs and strong access controls, a program for managing vulnerabilities, and last but not least, good privacy practices by the company.
Some video conferencing options alongside Zoom, WebEx, and Teams include:
|
|
Whatever video conferencing platform you use, it’s important to bear in mind that cyber-criminals will always be looking to take advantage of any security gaps they can find — in the tool itself or your use of it. So how do you secure your video conferencing apps? Some tips listed here are Zoom-specific, but consider their equivalents in other platforms as general best-practice tips. Depending on the use case, you might choose to not enable some of the options here.
|
|
Fortunately, Trend Micro has a range of capabilities that can support your efforts to stay safe while using video conferencing services.
Trend Micro Home Network Security (HNS) protects every device in your home connected to the internet. That means it will protect you from malicious links and attachments in phishing emails spoofed to appear as if sent from video conferencing firms, as well as from those sent by hackers that may have covertly entered a meeting. Its Vulnerability Check can identify any vulnerabilities in your home devices and PCs, including work laptops, and its Remote Access Protection can reduce the risk of tech support scams and unwanted remote connections to your device. Finally, it allows parents to control their kids’ usage of video conferencing applications, to limit their exposure.
Trend Micro Security also offers protection against email, file, and web threats on your devices. Note too, that Password Manager is automatically installed with Maximum Security to help users create unique, strong passwords for each application/website they use, including video conferencing sites.
Finally, Trend Micro WiFi Protection (multi-platform) / VPN Proxy One (Mac and iOS) offer VPN connections from your home to the internet, creating secure encrypted tunnels for traffic to flow down. The VPN apps work on both Wi-Fi and Ethernet connections. This could be useful for users concerned their video conferencing app isn’t end-to-end encrypted, or for those wishing to protect their identity and personal information when interacting on these apps.
The post From Bugs to Zoombombing: How to Stay Safe in Online Meetings appeared first on .
Nowadays, Macs are part of the work-from-home workforce during the COVID-19 pandemic. If you’ve brought a Mac from the office to home, it’s likely your IT department has already set it up to meet your company’s security policies. But what if you’re enlisting a Mac already at home to do duty for your company? You need to outfit it for business, to protect it and your company from infections and snooping, while ensuring it continues to run smoothly over time.
Here are 21 tips for staying secure, private, and productive while working from home on your Mac—while also making sure your personal “helpdesk” is in place, should you run into problems while doing your work.
While good security habits are important for all Mac users (since, contrary to popular opinion, Macs are as vulnerable to malicious attacks as PCs), you need to take special care when working from home on your Mac because you’ll be interacting with your company’s applications and platforms over the internet. Start your “security upgrade” with the Mac itself, to keep it free of viruses and malware. Make sure your security checklist includes the following:
|
|
Trend Micro Mac Endpoint Security solutions include:
|
|
Next, you need to make sure your work remains private. This means creating a “chain of privacy” that extends from your Mac over the internet to your company’s servers, so that each link in the chain is “locked” to ensure your company data remains private.
|
|
Trend Micro Mac Privacy/Security solutions include:
|
|
Working from home means contending with home distractions (though working in the office has its own set of distractions too). Staying productive therefore includes setting good work and break habits, physically optimizing your work-from-home Mac setup, and keeping your Mac in good working order. Effective and productive remote working, when it comes setting up good work habits, using efficiency maximizing tools, and separating work from home activities, is a whole topic in itself. Here we include only those tips that directly affect the healthy operation and optimization of your Mac:
|
|
Trend Micro Performance tools include:
|
|
Finally, should things go wrong at any time with your working Mac setup, you need to make sure to have a work-from-home “Help Desk” in place for when you need it. This can include the following:
|
|
Trend Micro Solutions include:
|
|
That’s it! These tips should get you started on the road to staying secure, private, and productive, while running smoothly, as you work from home on your Mac. During the COVID-19 pandemic, many of us are doing just that. Now is the time to keep your working Mac working for you!
The post 21 Tips to Stay Secure, Private, and Productive as You Work from Home on Your Mac appeared first on .
Some smart devices are not limited to use on the home network; for instance, your child’s mobile phone or tablet. Keeping your kids safe on these on-the-go devices means extending your security policies beyond the home. Trend Micro Home Network Security (HNS) makes it easy with its complementary app, Trend Micro Guardian. Guardian integrates with HNS’s parental control rules via Mobile Device Management technology to extend the rules you’ve applied on your home network to your children’s Wi-Fi / mobile connections outside the home.
Guardian enables the following security and parental controls:
|
|
Setup and Configuration
In order to benefit from these features, the Trend Micro Guardian app must be installed on your child’s device and paired with your Home Network Security Station. It’s recommended that you install Trend Micro Guardian on the child’s device before setting up Parental Controls. However, you may also save the Trend Micro Guardian setup process until after you’ve defined the Parental Control rules for your child. Either way, Guardian accepts the rules defined and applies them to the child’s device whenever they go beyond your home and hook up to public WiFi or their mobile network.
For the Trend Micro Guardian app setup and installation process, you may refer to FAQ: Trend Micro Guardian or the Home Network Security Product Guide for more details.
A Few Additional Notes
|
|
Protection that Goes Where Your Child Goes
Internet safety for kids is a must, whether they’re online at home, or out and about, away from home. Trend Micro Guardian ensures the child will observe and practice the same security rules at home and on the internet anywhere in the world.
For more information on Trend Micro Home Network Security with Guardian, go to Home Network Security.
The post Trend Micro Guardian: Protecting Your Kids On-the-Go appeared first on .
Trend Micro is excited to launch new Trend Micro Cloud One – Conformity capabilities that will strengthen protection for Azure resources.
As with any launch, there is a lot of new information, so we decided to sit down with one of the founders of Conformity, Mike Rahmati. Mike is a technologist at heart, with a proven track record of success in the development of software systems that are resilient to failure and grow and scale dynamically through cloud, open-source, agile, and lean disciplines. In the interview, we picked Mike’s brain on how these new capabilities can help customers prevent or easily remediate misconfigurations on Azure. Let’s dive in.
What are the common business problems that customers encounter when building on or moving their applications to Azure or Amazon Web Services (AWS)?
The common problem is there are a lot of tools and cloud services out there. Organizations are looking for tool consolidation and visibility into their cloud environment. Shadow IT and business units spinning up their own cloud accounts is a real challenge for IT organizations to keep on top of. Compliance, security, and governance controls are not necessarily top of mind for business units that are innovating at incredible speeds. That is why it is so powerful to have a tool that can provide visibility into your cloud environment and show where you are potentially vulnerable from a security and compliance perspective.
Common misconfigurations on AWS are an open Amazon Elastic Compute Cloud (EC2) or a misconfigured IAM policy. What is the equivalent for Microsoft?
The common misconfigurations are actually quite similar to what we’ve seen with AWS. During the product preview phase, we’ve seen customers with many of the same kinds of misconfiguration issues as we’ve seen with AWS. For example, Microsoft Azure Blobs Storage is the equivalent to Amazon S3 – that is a common source of misconfigurations. We have observed misconfiguration in two main areas: Firewall and Web Application Firewall (WAF),which is equivalent to AWS WAF. The Firewall is similar to networking configuration in AWS, which provides inbound protection for non-HTTP protocols and network related protection for all ports and protocols. It is important to note that this is based on the 100 best practices and 15 services we currently support for Azure and growing, whereas, for AWS, we have over 600 best practices in total, with over 70 controls with auto-remediation.
Can you tell me about the CIS Microsoft Azure Foundation Security Benchmark?
We are thrilled to support the CIS Microsoft Azure Foundation Security Benchmark. The CIS Microsoft Azure Foundations Benchmark includes automated checks and remediation recommendations for the following: Identity and Access Management, Security Center, Storage Accounts, Database Services, Logging and Monitoring, Networking, Virtual Machines, and App Service. There are over 100 best practices in this framework and we have rules built to check for all of those best practices to ensure cloud builders are avoiding risk in their Azure environments.
Can you tell me a little bit about the Microsoft Shared Responsibility Model?
In terms of shared responsibility model, it’s is very similar to AWS. The security OF the cloud is a Microsoft responsibility, but the security IN the cloud is the customers responsibility. Microsoft’s ecosystem is growing rapidly, and there are a lot of services that you need to know in order to configure them properly. With Conformity, customers only need to know how to properly configure the core services, according to best practices, and then we can help you take it to the next level.
Can you give an example of how the shared responsibility model is used?
Yes. Imagine you have a Microsoft Azure Blob Storage that includes sensitive data. Then, by accident, someone makes it public. The customer might not be able to afford an hour, two hours, or even days to close that security gap.
In just a few minutes, Conformity will alert you to your risk status, provide remediation recommendations, and for our AWS checks give you the ability to set up auto-remediation. Auto-remediation can be very helpful, as it can close the gap in near-real time for customers.
What are next steps for our readers?
I’d say that whether your cloud exploration is just taking shape, you’re midway through a migration, or you’re already running complex workloads in the cloud, we can help. You can gain full visibility of your infrastructure with continuous cloud security and compliance posture management. We can do the heavy lifting so you can focus on innovating and growing. Also, you can ask anyone from our team to set you up with a complimentary cloud health check. Our cloud engineers are happy to provide an AWS and/or Azure assessment to see if you are building a secure, compliant, and reliable cloud infrastructure. You can find out your risk level in just 10-minutes.
Get started today with a 60-day free trial >
Check out our knowledge base of Azure best practice rules>
Do you see value in building a security culture that is shifted left?
Yes, we have done this for our customers using AWS and it has been very successful. The more we talk about shifting security left the better, and I think that’s where we help customers build a security culture. Every cloud customer is struggling with implementing earlier on in the development cycle and they need tools. Conformity is a tool for customers which is DevOps or DevSecOps friendly and helps them build a security culture that is shifted left.
We help customers shift security left by integrating the Conformity API into their CI/CD pipeline. The product also has preventative controls, which our API and template scanners provide. The idea is we help customers shift security left to identify those misconfigurations early on, even before they’re actually deployed into their environments.
We also help them scan their infrastructure-as-code templates before being deployed into the cloud. Customers need a tool to bake into their CI/CD pipeline. Shifting left doesn’t simply mean having a reporting tool, but rather a tool that allows them to shift security left. That’s where our product, Conformity, can help.
The post Knowing your shared security responsibility in Microsoft Azure and avoiding misconfigurations appeared first on .
Intelligent transportation systems (ITS) require harmonization among manufacturers to have any chance of succeeding in the real world. No large-scale car manufacturer, multimodal shipper, or MaaS (Mobility as a Service) provider will risk investing in a single-vendor solution. Successful ITS require interoperable components, especially for managing cybersecurity issues. See https://www.trendmicro.com/vinfo/us/security/news/intelligent-transportation-systems for a set of reports on ITS cybersecurity.
The good news is we now have a standard for automotive cybersecurity, ISA/SAE 21434. This standard addresses all the major elements of connected car security including V2X, reaching from the internals of ECUs and communications busses including CAN to the broader issues of fleet management and public safety. See https://www.iso.org/standard/70918.html for the current draft version of this standard.
Intelligent transport systems rely on complex, contemporary infrastructure elements, including cloud (for data aggregation, traffic analysis, and system-wide recommendations) and 5G (for inter-component networking and real-time sensing). ITS also rely on aging industrial control systems and components, for vehicle detection, weather reporting, and traffic signaling, some dating back forty years or more. This profound heterogeneity makes the cybersecurity problem unwieldy. Automotive systems generally are the most complex public-facing applications of industrial IoT. Any information security problems with them will erode public trust in this important and ultimately critical infrastructure.
Robert Bosch GmbH began working on the first automotive bus architecture in 1986. Automobiles gained increasing electronic functions (smog controls, seat belt monitors, electric window controls, climate controls, and so on). With each new device, the manufacturers had to install additional point-to-point wiring to monitor and control them. This led to increasing complexity, the possibility for error, extended manufacturing time, more costly diagnosis and repair post-sales, and added weight. See Figure 1 for details. By replacing point-to-point wiring with a simple bus, manufacturers could introduce new features connected with one pair of wires for control. This simplified design, manufacturing, diagnosis, and improved quality and maintainability.
Figure 1: CAN Networks Significantly Reduce Wiring (from National Instruments https://www.ni.com/en-us/innovations/white-papers/06/controller-area-network–can–overview.html)
The bus was simple: all devices saw all traffic and responded to messages relevant to them. Each message has a standard format, with a header describing the message content and priority (the arbitration IDs), the body which contains the relevant data, and a cyclic redundancy check (CRC), which is a code to verify that the message contents are accurate. This CRC uses a mathematical formula to determine if any bits have flipped, and for small numbers of errors can correct the message, like a checksum. This is not as powerful as a digital signature. It has no cryptographic power. Every device on the bus can use the CRC algorithm to create a code for messages it sends and to verify the data integrity of messages it receives. Other than this, there is no data confidentiality, authentication, authorization, data integrity, or non-repudiation in CAN bus messages – or any other automotive bus messages. The devices used in cars are generally quite simple, lightweight, and inexpensive: 8-bit processors with little memory on board. Any device connected to the network is trusted. Figure 2 shows the layout of a CAN bus message.
Figure 2: The Standard CAN Frame Format, from National Instruments
Today’s automobiles have more sophisticated devices on board. The types of messages and the services the offer are becoming more complex. In-vehicle infotainment (IVI) systems provide maps, music, Bluetooth connectivity for smartphones and other devices, in addition to increasingly more elaborate driving assistance and monitoring systems all add more traffic to the bus. But given the diversity of manufacturers and suppliers, impeding security measures over the automotive network. No single vendor could today achieve what Robert Bosch did nearly forty years ago. Yet the need for stronger vehicle security is growing.
The ISO/SAE 21434 standard describes a model for securing the supply chain for automotive technology, for validating the integrity of the development process, detecting vulnerabilities and cybersecurity attacks in automotive systems, and managing the deployment of fixes as needed. It is comprehensive. ISO/SAE 21434 builds on decades of work in information security. By applying that body of knowledge to the automotive case, the standard will move the industry towards a safer and more trustworthy connected car world.
But the standard’s value doesn’t stop with cars and intelligent transport systems. Domains far beyond connected cars will benefit from having a model for securing communications among elements from diverse manufacturers sharing a common bus. The CAN bus and related technologies are used onboard ships, in aircraft, in railroad management, in maritime port systems, and even in controlling prosthetic limbs. The vulnerabilities are common, the complexity of the supply chain is equivalent, and the need for a comprehensive architectural solution is as great. So this standard is a superb achievement and will go far to improve the quality, reliability, and trustworthiness of critical systems globally.
What do you think? Let me know in the comments below or @WilliamMalikTM.
The post Connected Car Standards – Thank Goodness! appeared first on .
The Mac has always been pretty easy to use, but even the most ardent Mac supporters know there comes a time when their Mac is no longer new and they notice slowdowns in its performance, particularly after intensive use. They’d like a handy one-stop tool to help them optimize memory and CPU performance, free up disk space, and generally speed up their Mac, since they don’t want to dig around in the MacOS for buried utilities they don’t know how to use. Fortunately, Trend Micro has a solution for that.
Trend Micro Cleaner One Pro is an easy-to-use, all-in-one disk cleaning and optimization utility that can help you boost your Mac’s performance. Cleaner One Pro includes a number of Mac housecleaning tools such as a Memory Optimizer, a Junk Files cleaner, a Big Files scanner, a Duplicate Files finder, an App Manager, a File Shredder, and a Disk Map. These functions are all rolled into an easy-to-use interface that helps you visualize your Mac’s usage, while freeing up memory and storage on your Mac.
In this two-part blog, we will show you how you can use Cleaner One Pro to make your Mac run faster, walking you through its features. In Part 1, we focus on Quick Optimizer, the Main Console, and the Cleaning Tools. In Part 2, we’ll focus on System and Application Management, Privacy Protection, and some Other Options.
Once you’ve installed Cleaner One Pro, its Quick Optimizer appears in the Apple Menu, with handy tools to speed up your Mac. Click the icon and it displays a Console that monitors your Memory, Junk Files, CPU, and Network Usage, while letting you Optimize your Memory Usage and Clean your Junk Files with just one click. System Optimizer opens a Window onto the contents of your Mac for more detailed management.
Memory Optimizer
There are applications running in the background of your Mac that take up physical memory and affect its performance. The Memory Optimizer gives you control over how your computer consumes its memory resources—and you can free up your Mac’s memory in seconds with just one click on the Optimize button. If you want to see which apps are taking up significant memory, you can click the three-dot icon next to Memory Usage. It will show your Mac’s memory usage by app, in descending order. Click the Information (i) icon in the Memory Usage window for a breakdown of the types of memory being used.
Junk files, temporary files, system files and other non-essential items will accumulate on your Mac over time. These files take up a lot of space on your hard drive and may degrade the performance of your Mac as you reach higher disk usage. Click the Clean button and the Junk Files cleaner quickly removes application cache, system log files, update files, temporary files and hidden leftover files. You can also see the details of the identified Junk Files by clicking the three-dot icon next to Junk Files.
When your computer starts to run slowly it’s helpful to have a snapshot of its CPU usage. With this feature, you can see which apps are using significant CPU resources and how much percentage they’re using. It also let you know how long your computer has been up and running, since system reliability can degrade if it’s been awhile since you restarted your Mac.
If you want to keep an eye on your bandwidth consumption and avoid exceeding data caps, it’s useful to know the real-time download and upload speeds on your Mac. The Network Usage Monitor also provides a view of other network related information such as your Wi-Fi signal quality.
The Main Console is the core workplace in Trend Micro Cleaner One Pro and provides the following features, which are presented here grouped by purpose:
|
|
To access the Main Console, click System Optimizer in the Cleaner One Pro Apple Menu. The first time you do, you’ll need to authorize full access to your disk, so Cleaner One Pro can access more junk files. Simply click Grant Access in the System Optimizer window and watch the video or follow the written instructions. Complete the steps by closing Cleaner One Pro, then reload it. You’re now ready to begin optimizing.
The hard drive on your Mac holds the entire Mac operating system and important files including your data. As you use your Mac, over time its hard drive will accumulate junk files. These junk files are generated by the system and other programs. Cleaner One Pro is equipped with advanced and efficient algorithms that scan and remove junk files within seconds. Click Scan to scan for Junk Files and when the scan is done, either check a whole category or individual items in the category, then click Remove.
You may have a lot of clutter on your Mac in the form of big or old files that you probably no longer need and may have just forgotten about. Removing big unused files can recover a lot of disk space, but it could be time-consuming to delete them if done manually. Also, it is hard to select files for deletion if you don’t know the proper context— where the files are stored or how important they may be.
Big Files scanner provides a big file collector where you can easily spot and remove these files if you don’t need them anymore. Additionally, if you hover your mouse on a file, you’ll see a magnifier and a lock icon. Once you click the magnifier icon, you’ll locate the actual file. If you click the lock icon, the file will be added to the Ignore List, which will be locked.
Disk Map is a significant tool that helps you analyze the usage of your storage in a visual and interactive map. It quickly scans your drive and builds a visualization of files on the target folder of your Mac, allowing you to easily navigate the system. With Disk Map, you can find out the date when the file/folder was created, modified, and last opened. Furthermore, hovering your mouse on a folder then clicking the magnifier icon will direct you to the file’s location.
Another practice that you are probably comfortable doing is backing-up important files, photos, program installation files and apps on your hard drive. While this is a good practice, it creates duplicate files on your Mac that eventually add clutter and consume disk space. It’s also hard to find files in name searches when you have too many of them.
The Duplicate Files function lets you select a source folder where it will inspect and identify duplicate files on your Mac. In the scan results, an option called “Auto Select” helps you automatically select duplicate files. The information provided by “Auto Select” is listed below:
|
|
You can choose Remove to Trash or Delete Permanently on the confirmation page.
Often, you organize pictures of travels and life events, and also keep a copy to ensure you don’t lose those captured moments. But as digital photos pile up, often similar to others on your drive, they take up a lot of space. To assist you cleaning these up, use Similar Photos, and then choose your photo library to scan the photos on your Mac.
The result will display similar photos and you can choose the ones you don’t need, and the files will be added in the selected list. Click the Remove button to completely delete them from your hard drive.
That’s it for now! The second part of this blog will take up the remaining toolsets of Trend Micro Cleaner One Pro.
Go to Cleaner One Mac for more information or to purchase the app.
The post Cleaner One Pro Speeds Up Your Mac: Part 1 appeared first on .
Migrating to the cloud is hard. The PowerPoint deck and pretty architectures are drawn up quickly but the work required to make the move will take months and possibly years.
The early stages require significant effort by teams to learn new technologies (the cloud services themselves) and new ways of the working (the shared responsibility model).
In the early days of your cloud efforts, the cloud center of expertise is a logical model to follow.
A cloud center of excellence is exactly what it sounds like. Your organization forms a new team—or an existing team grows into the role—that focuses on setting cloud standards and architectures.
They are often the “go-to” team for any cloud questions. From the simple (“What’s an Amazon S3 bucket?”), to the nuanced (“What are the advantages of Amazon Aurora over RDS?”), to the complex (“What’s the optimum index/sort keying for this DynamoDB table?”).
The cloud center of excellence is the one-stop shop for cloud in your organization. At the beginning, this organizational design choice can greatly accelerate the adoption of cloud technologies.
The problem is that accelerated adoption doesn’t necessarily correlate with accelerated understanding and learning.
In fact, as the center of excellent continues to grow its success, there is an inverse failure in organizational learning which create a general lack of cloud fluency.
Cloud fluency is an idea introduced by Forrest Brazeal at A Cloud Guru that describes the general ability of all teams within the organization to discuss cloud technologies and solutions. Forrest’s blog post shines a light on this situation and is summed up nicely in this cartoon;
Our own Mark Nunnikhoven also spoke to Forrest on episode 2 of season 2 for #LetsTalkCloud.
Even though the cloud center of excellence team sets out to teach everyone and raise the bar, the work soon piles up and the team quickly shifts away from an educational mandate to a “fix everything” one.
What was once a cloud accelerator is now a place of burnout for your top, hard-to-replace cloud talent.
If you’ve paid attention to how cybersecurity teams operate within organizations, you have probably spotted a number of very concerning similarities.
Cybersecurity teams are also considered a center of excellence and the central team within the organization for security knowledge.
Most requests for security architecture, advice, operations, and generally anything that includes the prefix “cyber”, word “risk”, or hints of “hacking” get routed to this team.
This isn’t the security team’s fault. Over the years, systems have increased in complexity, more and more incidents occur, and security teams rarely get the opportunity to look ahead. They are too busy stuck in “firefighting mode” to take as step back and re-evaluate the organizational design structure they work within.
According to Gartner, for every 750 employees in an organization, one of those is dedicated to cybersecurity. Those are impossible odds that have lead to the massive security skills gap.
Security needs to follow the example of cloud fluency. We need “security fluency” in order to import the security posture of the systems we built and to reduce the risk our organizations face.
This is the reason that security teams need to turn their efforts to educating development teams. DevSecOps is a term chock full of misconceptions and it lacks context to drive the needed changes but it is handy for raising awareness of the lack of security fluency.
Successful adoption of a DevOps philosophy is all about removing barriers to customer success. Providing teams with the tools and autonomy they require is a critical factor in their success.
Security is just one aspect of the development team’s toolkit. It’s up to the current security team to help educate them on the principles driving modern cybersecurity and how to ensure that the systems they build work as intended…and only as intended.
The post Are You Promoting Security Fluency in your Organization? appeared first on .
In Part 1 of this blog, we introduced Trend Micro Cleaner One Pro, a one-stop shop to help you speed up your Mac, highlighting the Quick Optimizer, the Main Console, and the Cleaning Tools. In Part 2, we resume the discussion of how to make your Mac run faster with the remaining Cleaner One Pro features: System and Application Management, Privacy Protection, and Other Options.
Your Mac may get sluggish after a year or two of usage and you may find that booting up takes a lot longer. Doing a Startup Manager scan can help you reduce slowdown due to unwanted startup programs and services, to help your Mac boot faster.
Upon completing the scan, Startup Manager will identify apps under two categories: Login Items and Launch Agents.
Login Items are apps that run automatically upon login. You can manage these apps by enabling them to run automatically or disabling them to make your Mac more efficient. If you don’t need autorun, you can remove the apps from the list.
Launch Agents are background services that run automatically on System startup for the extension features of apps. You can manage these services by letting them run automatically or by disabling them to make your Mac boot faster. Similarly, you can remove these agents if you don’t need them or they’re broken.
When a user installs an app that doesn’t meet their expectations, they’ll never use it again. In many cases, they remove the app by simply dragging it into the trash, assuming the action completely removes the app, but this is not always true. When you uninstall an app, there are often associated files left on your Mac, even after you have emptied the Trash. They’re known as leftovers.
Leftovers are an app’s associated files and folders that can include different languages, log files, agents, or processes that might try to start an application. App Manager aims to resolve this and helps you clean up your Mac by completely removing app leftovers. App Manager detects all app leftovers automatically so you can remove them with just one click.
Data security and privacy are especially important and managing these applies to anyone collecting and keeping data. Data that has reached its retention limit needs to be permanently removed from your file system and to be sure it can’t be recovered you need to overwrite the file with random series of binary data multiple times. This process is often referred to as shredding. With File Shredder, you can remove sensitive files from your hard disk without worrying that they can be recovered.
Preferences allows you to manage how the Cleaner One Pro app performs. In Preferences, you’ll see General, Notifications, Memory, Duplicates, Whitelists and Auto Select.
On the General tab, you can choose Auto start at login and other options according to how you would like Cleaner One Pro to behave during startup.
On the Notifications tab, you can disable the notification about smart memory optimization.
Cleaner One Pro is also equipped with a Smart Memory Optimization feature on the Memory tab. This feature uses artificial intelligence. You can set auto clean when your available memory is low or when an app is closed.
The Duplicates, Whitelists and Auto Select tabs work when you use the Duplicate Files feature on the main console. When there are too many duplicate files on your Mac, you can set the rules on the minimum file size, as well as which files to exempt or prioritize during deletion.
If you need technical assistance about Cleaner One Pro, click the robot icon either in the Apple Menu window or on the Main Console.
A chat support person will attend to your concerns or suggestions when using Cleaner One Pro. In case there is no available support engineer, you can send an email by clicking Send Email. Make sure to provide the correct email address.
Aside from Cleaner One Pro for Mac, we offer Antivirus One for Mac—as well as Cleaner One for iPhone, which you can download by scanning the QR Code. You can also submit your ideas for Other Tools by clicking the panel.
As you use your Mac over time, you need to maintain it to keep it running smoothly. Trend Micro Cleaner One Pro can clean up your disk space, help boost performance, and solve other Mac issues you might encounter during your daily work. As you consider it for your Mac, you may have remaining questions:
What’s the difference between the Free version and the Paid version? The Free version of Cleaner One Pro includes the Memory Optimizer, basic CPU and Network Monitoring, a Junk Files Cleaner, a Big Files Scanner, a Disk Map, and the Startup Manager. The Paid upgrade of Cleaner One Pro unlocks more features, including more Advanced CPU/Network Monitoring, a Duplicate Finder, a Similar Photos Scanner, an App Manager, and a File Shredder.
Is it safe to use Cleaner One Pro? Cleaner One Pro is notarized by Apple, which assures its users both security and privacy.
How can I download Cleaner One Pro? Cleaner One Pro is distributed via the official Trend Micro website and other authorized channels. Note that Cleaner One Pro is also available for Windows. To make it easy for the readers of this blog series, we’ve provided the download links here: Download Mac Version – Download Windows Version
Go to Cleaner One Windows or to Cleaner One Mac for more information or to purchase the apps.
The post Cleaner One Pro Speeds Up Your Mac: Part 2 appeared first on .
The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. But this brings with it some familiar cyber-risks. In Part 1 of this mini-series, we explained how cyber-criminals are looking to capitalize on these sweeping changes to society to further their own ends.
Now let’s take a look at what you can do to protect your family, your data, and access to your corporate accounts.
The bad guys are laser-focused on stealing your personal data and log-ins and increasingly see the remote worker as an easy target for leapfrogging into corporate networks. That’s not to mention the potential internet safety risks inherent in bored kids spending more time in front of their screens. To respond, you’ll need to create an equally focused “home security plan” governed by sensible policies and best practices. Here are some of the key areas to consider.
Protect your smart home and router
Increasingly, unprotected smart home devices are being targeted by cyber-criminals to turn into botnets to attack others. They might also provide sophisticated attackers with a stepping-stone into your corporate systems, via the home network. The home router, with its known flaws, is (after the modem) the digital front door to the smart home and the basis for your networking, so it should be first in any security strategy. Consider the following when tackling home network security:
|
|
Secure your home office
Cyber-criminals are primed to take advantage of distracted home workers and potentially less secure PCs/devices. Secure this environment by doing the following:
|
|
Stay safe from phishing
Phishing is the number one tactic used by attackers to trick you into installing malware or handing over your log-ins. Emails, text messages, social media messages and more are spoofed to appear as if sent by a legitimate company or contact. In response:
|
|
Use video conferencing safely
New videoconferencing platforms can introduce risk, especially if you’re not familiar with the default settings. Here’s how to stay safe when video conferencing:
|
|
Stay safe shopping and banking
Next, protect your financial information and stay safe from e-commerce fraud by doing the following:
|
|
Think about online safety for kids
They may be under your roof for more hours of the day than usual, but your children are also likely to be spending more time online. That means you need to have a measured conversation with them about internet safety, backed up with parental controls. Consider the following:
|
|
Mobile security best practices
Finally, sheltering at home has limits, particularly for restless kids. When they go to the store or out to the park, facemasks notwithstanding, they’re likely going to use their mobile devices, just as they’ll continue to do at home. Of course, you’re not exempt either from mobile threats. Ensure mobile security by
|
|
When it comes to protecting the home from security and privacy threats during lockdown, leave no stone unturned. Cyber-criminals will always look for the weak link in the chain and focus their efforts there. Network security is important, but it doesn’t replace the need for protection on each individual device. You’ll need to cover your router, network, smart devices, and all endpoints (PCs, laptops, mobiles and other devices). Here’s how Trend Micro can help:
Trend Micro Home Network Security
Trend Micro Home Network Security provides industry-leading protection against any threats to internet-connected devices in the home. The solution
|
|
Trend Micro Security (PC and Mac)
Trend Micro Security, available in various editions (led by Trend Micro Maximum Security), is Trend’s flagship endpoint security product for consumers. Available for both PCs and Macs, it features AI learning to stop advanced threats. Among a wide range of protections, it includes:
|
|
Trend Micro Mobile Security:
Trend Micro Mobile Security provides endpoint security for all your mobile devices, whether Android or iOS-based.
|
|
Additional Trend Micro Tools:
Network and endpoint security should be supplemented with tools that accomplish specific tasks, such as protecting your internet connections, your passwords, and your identity data. Trend Micro provides
|
|
Maintaining your family’s security and privacy on all their devices during the coronavirus lockdown above all means changing your mindset, to take into account the mix of work and play in the household during the “new normal.” Use these tips and tools during lockdown and you’ll be well on your way to ensuring you and your family’s safety from malicious viruses—both digital and natural.
The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2) appeared first on .
Welcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean we all need to get used to new ways of living, working and studying from home. This has major implications for the online safety, security and privacy of our families.
To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on “The New Normal.” Part 1 identifies the scope and specific cyber-threats of the new normal. Part 2 provides security tips and products to help address those threats.
In April, nearly 300 million Americans were estimated to be in government-mandated lockdown. Even as some businesses, municipalities and states begin to relax these rules, experts have warned of subsequent waves of the virus, which could result in new localized lockdowns. In short, a lot of people will continue to work from home, while their children, also at home, attempt to study remotely from their mobile devices.
This has considerable implications for how we spend our time. Without that morning commute to work or school, more of it than ever will involve sitting in front of a desktop, laptop, tablet or smartphone screen. Even the smart TV is enlisted. Dangers include
|
|
Unfortunately, the increase in working from home (WFH), especially for those not used to it, may lead to an increase in risky behavior, such as: using non-approved apps for work; visiting non work-related sites on work devices; and using personal devices to access work resources. Recent global Trend Micro research found that:
|
|
This is not about restricting your freedom to visit the sites you want to visit while at home. It’s about reducing the risk of exposing corporate data and systems to possible malware.
Unsurprisingly, there has also been a major uptick in the volume of cyber-threats targeting home users. With a captive audience to aim at, it’s a huge opportunity for cyber-criminals to steal your log-ins and personal data to sell to fraudsters, or even to steal corporate passwords and information for a potentially bigger pay-off. They are helped by the fact that many home workers may be more distracted than they usually would be at the office, especially if they have young children. Your kids may even share the same laptops or PCs as you, potentially visiting risky sites and/or downloading unapproved apps.
There’s also a chance that, unless you have a corporate machine at home, your personal computing equipment is less secure than the kit you had in the office. Add to that the fact that support from the IT department may be less forthcoming than usual, given that stretched teams are overwhelmed with requests, while themselves struggling to WFH. One recent report claimed that nearly half (47%) of IT security pros have been taken off some or all of their typical security tasks to support other IT-related jobs. In another, only 59% of respondents said they believe their cybersecurity team has the right tools and resources at home to perform their job effectively.
It’s time to step up and take security into your own hands. Stay on the lookout for the following threats.
|
|
So what’s a remote worker/concerned parent to do to protect themselves and the family in the midst of the “new normal?”
Read Part 2 in this mini-series, which we’re publishing simultaneously with Part 1, where we share some best practice advice on how to keep your digital lives and work systems safe from online threats during lockdown—and where we provide tools to help you do just that.
The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1) appeared first on .
The number of VPN users has grown considerably over the past few years. According to the report of Go-Globe, 25% of netizens worldwide have used a VPN at least once in the last 30 days. Recently, VPN usage has surged in many countries and its popularity may see VPN usage surpass the estimated profit of USD$27.10 billion by the end of 2020. The VPN global market only seems to increase as time goes by. So, why is that? What do VPNs provide that make them so attractive?
What is a VPN?
A VPN, or a Virtual Private Network, creates a secure communication “tunnel” from your computer to the internet. It encrypts your connection and prevents others from seeing the data you’re transferring. This keeps your data secure from any spying attempts—including from home over your wired connection, but particularly on public Wi-Fi networks, when you’re out and about in places such as coffee shops, restaurants, airports and hotels. It helps ensure that no one can steal your personal details, passwords, or credit card information.
How does a VPN work and why you need a VPN service?
Among other things, a VPN can conceal your IP address to make your online actions virtually untraceable and anonymous, providing greater privacy for everything you do. In fact, there are so many ways a VPN can protect your privacy and security, we need to take a deeper look at what other benefits a VPN can provide.
|
|
This is the era of mobility and most transactions are being done by people on-the-go using their mobile devices to exchange data over public networks. From online shopping, to mobile banking or simply checking emails and social media accounts, these activities can expose your personal information and sensitive data to hackers and cybercriminals. This particularly applies to users relying on public Wi-Fi. Using a VPN will help to mitigate unwanted leakage or theft by securing data in transit to and from the systems that typically try to collect and store your private data.
|
|
One of the main drivers for using a VPN is to access better streaming content and restricted websites from the region you’re accessing the internet from. This may be true in your own country, but when traveling abroad, there are also chances that you cannot visit a popular website or a social media platform from the country you’re visiting. While using a VPN, you can connect to an IP address in your country and have full access to your favorite media contents and avoid wasting membership fees that you will likely pay for this streaming service.
|
|
Some retail apps, social media platforms, and search engines continuously collect and analyze results of your search history. They keep track of all your browsing activities such as items you viewed, contents you liked, and things you tapped and clicked, so they can provide you with more targeted contents and monetize these by showing the same information in your feed through ads.
Note that, simply clearing your browsing history does not completely remove traces of these searches, and targeted ads can get annoying. This is where a VPN can help enhance your browsing privacy. The VPN hides your browser cached data and location from advertisers, which prevents them from serving up content based on your searches and location.
|
|
Another motivating factor for the use of a VPN is to save on the cost of communicating with families and friends abroad. There are countries implementing restrictions on the use of certain messaging apps, banning their services. If you are planning to visit a country with such a restriction, a VPN can bypass this constraint, which allows you to make use of your trusted messaging app, eliminate the cost of long-distance calls to family and friends while abroad—and at the same time, maintain the level of security and encryption the messaging app provides.
|
|
The internet has evolved into streaming more content—videos, music, and more—and ISPs have responded by making higher data usage and higher throughput (bandwidth) pay-as-you-use-more services. But content is still at issue, particularly after the December 2017 FCC ruling. Potential ISP throttling based on content type, source, or destination (e.g., BitTorrent traffic), which could give priority to business over personal usage, is one of the reasons why everyday people are using VPN services, because a VPN provides more usage anonymity, preventing ISPs from potentially tracking your activities and limiting your bandwidth usage accordingly.
Choosing the right VPN for you
Now that you have some understanding of what a VPN is, and what benefits it can give you, it is also important to choose the right VPN for you.
Due to regulatory requirements and laws governing data privacy and securing personal information online, the demand for VPNs is growing. In response, there are a large number of VPN providers in the market today. So how do you choose a reliable VPN? Here are some criteria to help you pick one that best suits your needs:
|
|
Trend Micro’s Home Division provides two low-cost, safety-focused VPN solutions for everyday users: Trend Micro VPN Proxy One and Trend Micro Wi-Fi Protection, both of which can address light-to-medium VPN needs and meet most of the checklist criteria above.
Trend Micro VPN Proxy One offers fast, secure, stable and anonymous proxy connections for you to access various websites and applications. It connects to the best Trend Micro VPN server intelligently, without you having to do it, and does not limit bandwidth consumption. Trend Micro VPNs do not track your online activities, ensuring you a secure digital life and protecting your online privacy. Trend Micro VPN Proxy One is targeted to Mac and iOS devices.
Trend Micro Wi-Fi Protection turns any public hotspot into a secure Wi-Fi network and VPN with bank-grade data encryption to keep your information safe from hackers. While your VPN is active, Trend Micro Wi-Fi Protection provides exceptional web threat protection and checks websites you visit to safeguard your browsing from online fraud and internet scam. The VPN automatically kicks in when connecting to a Wi-Fi network with low security, such as one with no encryption. Trend Micro Wi-Fi Protection is available for all platforms (PC, Mac, Android, and iOS). Bundles can be purchased for multiple devices and platforms and some bundles can include other Trend Micro products, depending on the region.
Go to the Apple App Store for more details on Trend Micro VPN Proxy One; or for a 30-day trial or to buy, go here: Mac | iOS.
Or visit Trend Micro Wi-Fi Protection for more information, or to buy the multi-platform solution.
The post What is a VPN and How Does it Increase Your Online Security and Privacy? appeared first on .
Coronavirus has caused a major shift to our working patterns. In many cases these will long outlast the pandemic. But working from home has its own risks. One is that you may invite ransomware attacks from a new breed of cyber-criminal who has previously confined his efforts to directly targeting the corporate network. Why? Because as a remote worker, you’re increasingly viewed as a soft target—the open doorway to extorting money from your employer.
So how does ransomware land up on your front doorstep? And what can a home worker do to shut that door?
The new ransomware trends
Last year, Trend Micro detected over 61 million ransomware-related threats, a 10% increase from 2018 figures. But things have only gotten worse from there. There has been a 20% spike in ransomware detections globally in the first half of 2020, rising to 109% in the US. And why is that?
At a basic level, ransomware searches for and encrypts most of the files on a targeted computer, so as to make them unusable. Victims are then asked to pay a ransom within a set time frame in order to receive the decryption key they need to unlock their data. If they don’t, and they haven’t backed-up this data, it could be lost forever.
The trend of late, however, has been to focus on public and private sector organizations whose staff are working from home (WFH). The rationale is that remote workers are less likely to be able to defend themselves from ransomware attacks, while they also provide a useful stepping-stone into high-value corporate networks. Moreover, cybercriminals are increasingly looking to steal sensitive data before they encrypt it, even as they’re more likely to fetch a higher ransom for their efforts than they do from a typical consumer, especially if the remote employee’s data is covered by cyber-insurance.
Home workers are also being more targeted for a number of reasons:
|
|
What’s the attack profile of the remote working threat?
In short, the bad guys are now looking to gain entry to the corporate network you may be accessing from home via a VPN, or to the cloud-hosted systems you use for work or sharing files, in order to first steal and then encrypt company data with ransomware as far and wide as possible into your organization. But the methods are familiar. They’ll
|
|
How can I prevent ransomware when working from home?
The good news is that you, the remote worker, can take some relatively straightforward steps up front to help mitigate the cascading risks to your company posed by the new ransomware. Try the following:
|
|
How Trend Micro can help
In short, to close the cyber front door to ransomware, you need to protect your home network and all your endpoints (laptops, PCs, mobile devices) to be safe. Trend Micro can help via
|
|
With these tools, you, the remote worker, can help shut the front door to ransomware, protecting your work, devices, and company from data theft and encryption for ransom.
The post Ransom from Home – How to close the cyber front door to remote working ransomware attacks appeared first on .
We’ve all been spending more of our time online since the crisis hit. Whether it’s ordering food for delivery, livestreaming concerts, holding virtual parties, or engaging in a little retail therapy, the digital interactions of many Americans are on the rise. This means we’re also sharing more of our personal and financial information online, with each other and the organizations we interact with. Unfortunately, as ever, there are bad guys around every digital corner looking for a piece of the action.
The bottom line is that personally identifiable information (PII) is the currency of internet crime. And cyber-criminals will do whatever they can to get their hands on it. When they commit identity theft with this data, it can be a messy business, potentially taking months for banks and businesses to investigate before you get your money and credit rating back. At a time of extreme financial hardship, this is the last thing anyone needs.
It therefore pays to be careful about how you use your data and how you protect it. Even more: it’s time to get proactive and monitor it—to try and spot early on if it has been stolen. Here’s what you need to know to protect your identity data.
How identity theft works
First, some data on the scope of the problem. In the second quarter of 2020 alone 349,641 identity theft reports were filed with the FTC. To put that in perspective, it’s over half of the number for the whole of 2019 (650,572), when consumers reported losing more than $1.9 billion to fraud. What’s driving this huge industry? A cybercrime economy estimated to be worth as much as $1.5 trillion annually.
Specialized online marketplaces and private forums provide a user-friendly way for cyber-criminals and fraudsters to easily buy and sell stolen identity data. Many are on the so-called dark web, which is hidden from search engines and requires a specialized anonymizing browser like Tor to access. However, plenty of this criminal activity also happens in plain sight, on social media sites and messaging platforms. This underground industry is an unstoppable force: as avenues are closed down by law enforcement or criminal in-fighting, other ones appear.
At-risk personal data could be anything from email and account log-ins to medical info, SSNs, card and bank details, insurance details and much more. It all has a value on the cybercrime underground and the price fraudsters are prepared to pay will depend on supply and demand, just like in the ‘real’ world.
There are various ways for attackers to get your data. The main ones are:
|
|
The COVID-19 challenge
As if this weren’t enough, consumers are especially exposed to risk during the current pandemic. Hackers are using the COVID-19 threat as a lure to infect your PC or steal identity data via the phishing tactics described above. They often impersonate trustworthy institutions/officials and emails may claim to include new information on outbreaks, or vaccines. Clicking through or divulging your personal info will land you in trouble. Other fraud attempts will try to sell counterfeit or non-existent medical or other products to help combat infection, harvesting your card details in the process. In March, Interpol seized 34,000 counterfeit COVID goods like surgical masks and $14m worth of potentially dangerous pharmaceuticals.
Phone-based attacks are also on the rise, especially those impersonating government officials. The aim here is to steal your identity data and apply for government emergency stimulus funds in your name. Of the 349,641 identity theft reports filed with the FTC in Q2 2020, 77,684 were specific to government documents or benefits fraud.
What do cybercriminals do with my identity data?
Once your PII is stolen, it’s typically sold on the dark web to those who use it for malicious purposes. It could be used to:
|
|
How do I protect my identity online?
The good news among all this bad is that if you remain skeptical about what you see online, are cautious about what you share, and follow some other simple rules, you’ll stand a greater chance of keeping your PII under lock and key. Best practices include:
|
|
How Trend Micro can help
Trend Micro offers solutions that can help to protect your digital identity.
Trend Micro ID Security is the best way to get proactive about data protection. It works 24/7 to monitor dark web sites for your PII and will sound the alarm immediately if it finds any sign your accounts or personal data have been stolen. It features
|
|
Trend Micro Password Manager enables you to manage all your website and app log-ins from one secure location. Because Password Manager remembers and recalls your credentials on-demand, you can create long, strong and unique passwords for each account. As you’re not sharing easy-to-remember passwords across multiple accounts, you’ll be protected from popular credential stuffing and similar attacks.
Finally, Trend Micro WiFi Protection will protect you if you’re out and about connecting to WiFi hotspots. It automatically detects when a WiFi connection isn’t secure and enables a VPN—making your connection safer and helping keep your identity data private.
In short, it’s time to take an active part in protecting your personal identity data—as if your digital life depended on it. In large part, it does.
The post Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis appeared first on .
October 2020 marks the 17th year of National CyberSecurity Awareness Month, where users and organizations are encouraged to double their efforts to be aware of cybersecurity issues in all their digital dealings—and to take concrete steps to increase their privacy and security as necessary. The Cybersecurity & Infrastructure Security Agency (CISA), in conjunction with the National Cyber Security Alliance (NCSA) has announced a four-week security strategy under the theme “Do Your Part. #BeCyberSmart”. (You can use the NCSAM hashtag #BeCyberSmart during October to promote your involvement in raising cybersecurity awareness.) Their schedule includes the following:
|
|
Here in Trend Micro’s Consumer Division, we’d like to do our part by providing a breakdown of the security issues you should be aware of as you think about cybersecurity—and to give you some tips about what you can do to protect yourself and your family while working, learning, or gaming at home. To help, we’ve also taken a look back at articles we’ve written recently to address each category of threat—and to provide some quick links to access our library of relevant blogs all in a single place.
As you think about potential threats during Cybersecurity Awareness Month and beyond, keep in mind our basic breakdown of where and how threats arise, which we outlined at the beginning of the year in our Everyday Cyber Threat Landscape blog. An updated summary is given here:
Home network threats: Our homes are increasingly powered by online technologies. Over two-thirds (69%) of US households now own at least one smart home device: everything from voice assistant-powered smart speakers to home security systems and connected baby monitors. But gaps in protection can expose them to hackers. There were an estimated 105m smart home attacks in the first half of 2019 alone. With home routers particularly at risk, it’s a concern that 83% are vulnerable to attack. In the first half of 2020, Trend Micro detected over 10.6 billion suspicious connection attempts on home routers’ unavailable ports—an issue made more worrisome by recent lab-based evidence that home routers are riddled with insecurities, as the Fraunhofer Home Router Security Report 2020 shows. This means you need to take steps to mitigate your router’s weaknesses, while deploying a home network security solution to address other network insecurities and to further secure your smart devices.
Relevant Blogs:
Endpoint threats: These are attacks aimed squarely at you the user, usually via the email channel. Trend Micro detected and blocked more than 26 billion email threats in the first half of 2019, nearly 91% of the total number of cyber-threats. These included phishing attacks designed to trick you into clicking on a malicious link to steal your personal data and log-ins or begin a ransomware download. Or they could be designed to con you into handing over your personal details, by taking you to legit-looking but spoofed sites. Endpoint threats sometimes include social media phishing messages or even legitimate websites that have been booby-trapped with malware. All this means is that installing endpoint security on your PCs and Macs is critical to your safety.
Relevant Blogs:
Mobile security threats: Hackers are also targeting our smartphones and tablets with greater sophistication. Malware is often unwittingly downloaded by users, since it’s hidden in normal-looking mobile apps, like the Agent Smith adware that infected over 25 million Android handsets globally in 2019. Users are also extra-exposed to social media attacks and those leveraging unsecured public Wi-Fi when using their devices. Once again, the end goal for the hackers is to make money: either by stealing your personal data and log-ins; flooding your screen with adverts; downloading ransomware; or forcing your device to contact expensive premium rate phone numbers that they own. The conclusion? Installing a mobile security solution, as well as personal VPN, on your Android or iOS device, should be part of your everyday security defense.
Relevant Blogs:
Identity data breaches are everywhere: The raw materials needed to unlock your online accounts and help scammers commit identity theft and fraud are stored by the organizations you interact with online. Unfortunately, these companies continued to be targeted by data thieves in 2019. As of November 2019, there were over 1,200 recorded breaches in the US, exposing more than 163 million customer records. Even worse, hackers are now stealing card data direct from the websites you shop with as they are entered in, via “digital skimming” malware. That said, an increasingly popular method uses automated tools that try tens of thousands of previously breached log-ins to see if any of them work on your accounts. From November 2017 through the end of March 2019, over 55 billion such attacks were detected. Add these to the classical phishing attack, where email hoaxes designed to get you to unwittingly hand over your data—and your data and identity can be severely compromised. In this category, using both a password manager and an identity security monitoring solution, is critical for keeping your identity data safe as you access your online accounts.
Relevant Blogs:
Trend Micro fully understands these multiple sources for modern threats, so it offers a comprehensive range of security products to protect all aspects of your digital life—from your smart home network to your PCs and Macs, and from your mobile devices to your online accounts. We also know you need security for your email and your social networks, or simply when browsing the web itself.
Trend Micro Home Network Security: Provides protection against network intrusions, router hacks, web threats, dangerous file downloads and identity theft for every device connected to the home network.
Trend Micro Premium Security Suite: Our new premium offering provides all of the products listed below for up to 10 devices, plus Premium Services by our highly trained pros. It includes 24×7 technical support, virus and spyware removal, a PC security health check, and remote diagnosis and repair. As always, however, each solution below can be purchased separately, as suits your needs.
|
|
The post Cyber Security Awareness: A Critical Checklist appeared first on .
Remember when only desktop computers in our homes had connections to the internet? Thanks to the latest developments in smart device technology, almost everything now can be connected— security cameras, smart TVs, gaming consoles, and network storage, to name just a few. While a home network provides lots of benefits, it can also expose us to safety and privacy risks.
But checking for those risks need not be costly. How about a network security checker available for free? Yes, you read that right. Trend Micro’s free Housecall for Home Networks (HCHN) scans the connected devices in your home network and detects those that pose security risks. And in doing so, it gives you a sense for what real network security entails. We have a solution for that also.
Want to know more?
Trend Micro HCHN uses intelligent network scanning technology to scan the devices connected to your home network for vulnerabilities. These can range from a low risk type—such as an easily identifiable Wi-Fi Name that hackers can use to attack your router and home network—to high risk types, such as SSL-Poodle (for man-in-the-middle attacks), Shellshock (for remote code execution attacks), Heartbleed (which puts website passwords at risk) and WannaCry (which is a Windows ransomware cryptoworm). These and other vulnerabilities can be detected through the help of this handy tool.
In addition, HCHN checks devices for open ports that are usually targeted by hackers and malware and can be exploited for cybercriminal activities. Examples include ports 20 and 21, used via the File Transfer Protocol (FTP) to transfer files between an FTP client (20) and FTP server (21), which can deliver a multitude of vulnerabilities to the internet; as well as port 23, which sends data in Clear Text, which can be used by attackers to listen in, watch for credentials, or inject commands, enabling the hacker to perform Remote Code Executions.
Moreover, HCHN gives you a report about the status of your home network and its connected devices and offers helpful advice for keeping your network and devices secure.
Lastly, HCHN provides you a notification when:
|
|
Ready to install?
HCHN is easy to use and accessible from any device, be it Windows (7, 8 and 10), MacOS (10.12 or later), Android (5.0 or later) or iOS (8.0 or later). For your computer hardware, you just need to have Intel Pentium or compatible processor, a 256MB of RAM (512MB recommended) with at least 50MB available disk space and you’re set.
|
|
Are my home network and connected devices safe?
Here’s a few scans we did–from a Windows PC, then from and Android and iOS devices.
When the scan is complete on a Windows computer it shows two tabs: Home Network and Devices.
The first tab indicates a snapshot of your home network, identifying the devices at risk.
Figure 1. HouseCall for Home Networks – Home Network
The second tab indicates a list of the devices scanned and the details of any device risks found.
Figure 2. HouseCall for Home Networks – Device List
On the Android device, once the scan has finished, the screen will reveal any security risks detected. You can view the issue to see more details of the security risk in your home network. You can then slide to the next panel and check to verify all the connected devices on your network.
Figure 3. HCHN – At Risk Devices
Similarly, upon completing the network scan from an iOS device, the app will display the risk that needs your attention. Just as with the Android device, you can move to the next panel to review the list of connected devices that were identified by Trend Micro HCHN.
Figure 4. HCHN – Needs Attention
A Few Reminders and Recommendations …
|
|
What Home Network Security Provides
While a free network scan helps to determine the underlying dangers in your home network, to fully protect not only your home network but your family, you should consider Trend Micro Home Network Security (HNS) as a permanent enhancement to your network. It can shield your home against a wide variety of threats, including network intrusions, risky remote connections, phishing, ransomware, harmful websites and dangerous downloads. Additional features include the following:
|
|
Download the HNS App on your Android or iOS device to give it a spin. Note that the HNS App, when used by itself, performs the same functions as the HCHN app on those devices.
If you like what you see, pair the HNS App to a Home Network Security Station to get the full range of protections. (Note too that once you do, the HCHN App will be disabled on all your devices and network and replaced by Home Network Security.)
Figure 5. Home Network Security (HNS) App
Figure 6. HNS App Paired with the Home Network Security Station
Final Words
Home networks come with security risks. As the tech-savvy member of your household, you need to be aware of those risks. Using Trend Micro HouseCall for Home Networks (HCHN), you’ll be able to know which devices are connected to your home Wi-Fi network and whether these devices bear security risks that can be exploited by hackers and malicious software. Moreover, you’ll be provided with suggestions, in case your devices are found vulnerable.
However, just knowing the security risks is only half the battle in protecting your home network. You’ll need a more robust system that can automatically block suspicious and malicious traffic and do more— such as protecting your child’s online safety. Trend Micro Home Network Security (HNS) can address your home network’s security, even as it monitors your home network, prevents intrusions, blocks hacking attempts and web threats, and protects your family’s privacy, while keeping the internet safe for your kids.
Download Trend Micro Housecall for Home Networks from the Web, Google Play Store or Apple App Store to give it a try.
Go to Trend Micro Home Network Security to get more details on the solution, or to buy.
The post Trend Micro HouseCall for Home Networks: Giving You a Free Hand in Home Network Security appeared first on .
In an earlier article, we took a look at smartphone alternatives for free-ranging kids. Next up is the follow-on conversation … the time you give them their first, fully functional smartphone—and how to manage having it in your lives.
For children, learning to use a first smartphone is just like learning to ride a bike. And that’s just as true for you just as it is for them.
When a child learns to ride a bike, they take it in steps and stages. Maybe they start tooling around on little kick-bikes, a tricycle, scooter, or so on, just to get their feet under them so to speak. Next, it’s that first bike with training wheels, and then the big day that they come off (complete with a few scrapes and bruises too). They’re on two wheels, and a whole new world has opened up for them—one that you have to monitor and parent as you give them increasing freedom to roam—from the block, to the neighborhood, to your town—as they grow older and more responsible.
Now, apply that same progression to the day your child finally gets their first smartphone. Plenty has led up to that moment: the times when they first tapped around your phone as a toddler, when as a preschooler they watched cartoons on a tablet, and maybe when they got a little older they had some other device, like a smartphone alternative designed just for kids.
Then comes along that first smartphone. And for parents it’s a game-changer, because it opens up yet another new world to them. The entire internet.
As you can see, your child doesn’t enter the world of smartphones entirely cold. They’ve already been on the internet and had the chance to experience selective slices of it under your supervision. But a smartphone—well, that’s another story entirely. A smartphone, out of the box, is a key to the broader internet. And just as you likely wouldn’t let your brand-new cyclist ride five miles to go and buy ice cream in town, there are plenty of places you wouldn’t let your new internet user go.
What follows here are a few words of advice that can ease your child into that new world, and ease you into it as well, so that you can all get the tremendous benefits of smartphone ownership with more confidence and care.
Whether you go with an Android device or iPhone, make sure you protect it. You can get mobile security for Android phones and mobile security for iPhones that’ll give you basic protection, like system scans, along with further protection that steers your child clear of suspicious websites and links. While I recommend protection for both types of phones, I strongly recommend it for Android phones given the differences in the way Apple and Android handle the code that runs their operating systems.
Apple is a “closed platform,” meaning that they do not release their source code to the public and partners. Meanwhile, Android is “open-source” code, which makes it easier for people to modify the code—hackers included. So while Apple phones have been historically less prone to attacks than Android phones, any device you own is inherently a potential target, simply because its connected to the internet. Protect it. (Also, for more on the differences between the security on Android phones and iPhones, check out this article from How-To Geek. It’s worth the quick read.)
Next up on your list is to establish a set of parental controls for the smartphone. You’ll absolutely want these as well. After all, you won’t be able to look over their shoulder while they’re using their phone like you could when they were little. Think of it as the next line of protection you can provide as a parent. A good set of parental controls will allow you to:
• Monitor their activity on their phone—what they’re doing and how much they’re doing it.
• Limit their screen time—allowing you to restrict access during school hours or select times at home.
• Block apps and filter websites—a must for keeping your children away from distractions or inappropriate content.
The great thing about parental controls is that they’re not set in stone. They give you the flexibility to parent as you need to parent, whether that’s putting the phone in a temporary time out to encourage time away from the screen or expanding access to more apps and sites as they get older and show you that they’re ready for the responsibility. Again, think about that first bike and the day you eventually allowed your child ride beyond the block. They’ll grow and become more independent on their phone too.
Unlike those rotisserie ovens sold on late-night infomercials, a smartphone isn’t a “set it and forget it” proposition. Moreover, you won’t find the best monitoring, safety, and guidance software in an app store. That’s because it’s you.
As a parent, you already have a strong sense of what does and does not work for your household. Those rules, those expectations, need to make the jump from your household to your child’s smartphone and your child’s behavior on that smartphone. Obviously, there’s no software for that. Here’s the thing, though: they’ve established some of those behaviors already, simply by looking at you. Over the years, your child has seen your behavior with the phone. And let’s face it, none of us have been perfect here. We’ll sneak a peek at our phones while waiting for the food to show up to the table at a restaurant or cracked open our phones right as we’ve cracked open our eyes at the start of the day.
So, for starters, establishing the rules you want your child to follow may mean making some fresh rules for yourself and the entire household. For example, you may establish that the dinner table is a phone-free zone or set a time in the evening when phones are away before bedtime. (On a side note, research shows that even dim light from a smartphone can impact a person’s sleep patterns and their health overall, so you’ll want to consider that for your kids—and yourself!)
Whatever the rules you set in place end up being, make them as part of a conversation. Children of smartphone age will benefit from knowing not only what the rules are but why they’re important. Aside from wanting them to be safe and well, part of the goal here is to prepare them for the online world. Understanding “the why” is vital to that.
And that leads us to “The Internet Talk.”. In a recent McAfee blog on “What Security Means to Families,” we referred to the internet as a city, the biggest one there is. And if we think about letting our children head into town on their bikes, the following excerpt from that blog extends that idea to the internet:
For all its libraries, playgrounds, movie theaters, and shopping centers, there are dark alleys and derelict lots as well. Not to mention places that are simply age appropriate for some and not for others. Just as we give our children freer rein to explore their world on their own as they get older, the same holds true for the internet. There are some things we don’t want them to see and do.
There are multiple facets to “The Talk,” ranging anywhere from “stranger danger” to cyberbullying, and just general internet etiquette—not to mention the basics of keeping safe from things like malware, bad links, and scams. That’s a lot! Right? It sure is.
The challenge is this: while we’ve grown up with or grown into the internet over the course of our lives, the majority of children are amongst the first waves of children who were “born into” the internet. As parents, that means we’re learning much, if not all, of what we know about digital parenting from scratch.
The good news is that you’re far from alone. Indeed, a good portion of our blog is dedicated entirely to family safety. And with that, I’ve pulled out a few select articles below that can give you some information and inspiration for when it’s time to have “The Internet Talk.”
• Stranger Danger
• Keeping Your Kids Safe from Predators Online
• Building Digital Literacy
• Screen Time and Sleep Deprivation in Kids
• Lessons Learned: A Decade of Digital Parenting
• Social Influencers and Your Kids
• Getting Kids to Care About Their Safety Online
And those are just a few for starters. We have plenty more, and a quick search will keep them coming. Meanwhile, know that once you have The Internet Talk, keep talking. Making sure your child is safe and happy on the internet is an ongoing process—and conversation, which will cover more in a moment.
One reason parents often cite for giving their child a smartphone is its location tracking capabilities that allow parents to see where their children are ranging about with a quick glance. And whether or not you choose to use such tracking features, that’s a decision you’ll have to make. However, consider your child’s privacy when you do. That’s not to say that you’re not in charge or that you shouldn’t track your child. Rather, it’s a reminder that your child is in fact getting older. Their sense of space and privacy is growing. Thus, if you choose to monitor their location, let them know you’re doing it. Be above the board with the intent that if you don’t hide anything from them, they’ll be less inclined to hide anything from you.
The same applies to parental controls software. Many of them will issue a report of app usage and time spent using the app, along with surfing habits too. Go ahead, monitor those early on and then adjust as them as it feels right to you. Let your child know that you’re doing it and why.
Another thing I’ve seen many of the parents I know do is share the credentials to any social media account their child sets up. Doing this openly lets your child take those first steps into social media (when you feel they’re ready) while giving you the opportunity to monitor, correct, and even cheer on certain behaviors you see. Granted, it’s not unusual for kids to work around this by setting up alternate accounts that they hide from their parents. With parental controls in place, you can mitigate some of that behavior, yet vigilance and openness on your part will be the greatest tool you have in that instance.
While you’re at it, go ahead and have conversations with your kid about what they’re doing online. Next time you’re in the car, ask what’s the latest app their friends are using. Take a peek at what games they’re playing. Download that game yourself, give it a try, and play it online with them if you can. This kind of engagement makes it normal to talk about the internet and what’s happening on it. Should the time come to discuss more serious topics or pressing matters (like a cyberbullying event, for instance), you have a conversational foundation already built.
So, as we’ve discussed, technology is only part of the answer when managing that first smartphone in your child’s life. The other part is you. No solution works without your engagement, care, consistent application of rules, and clear expectations for behavior.
So, as you once looked on proudly as those training wheels came off your child’s first bike, you’ll want to consider doing the digital equivalent in those first months of that first smartphone. Keep your eyes and ears open as they use it. Have conversations about where their digital travels have taken them—the games they’re playing, the friends they’re chatting with. While you do, keep a sharp eye on their moods and feelings. Any changes could be a sign that you need to step in and catch them before they fall or pick them up right after they’ve fallen.
In all, your child’s first smartphone is a wonderful moment for any family, as it represents another big step in growing up. Celebrate it, have fun with it, and play your role in making sure your child gets the very best out of it.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post The First Smartphone for Free-Ranging Kids appeared first on McAfee Blogs.
As a leader in cybersecurity, we at McAfee understand that every aspect of your digital life has potential weak spots that could make you vulnerable to threats and attacks. By incorporating security into everything you do online, you’re better protected from potential threats. To mount your offense, we’ve enlisted a team of partners that puts your security needs first, seamlessly blending our security with their services so you can live a confident life online. We bring our McAfee security teams together with industry players like PC & smartphone manufacturers, software & operating system developers, and more to make sure we can keep scoring security wins for you.
When was the last time you worried about security while you were shopping for a new PC? You were probably checking out the specs, price, and making sure it had all the capabilities you needed for working remotely, distance learning, and maybe a little gaming. And that’s all in addition to the day-to-day productivity, banking, and browsing you do. Like a strong defensive line, HP, Dell, Lenovo, and ASUS work closely with us to make sure that your personal data and devices are secure, especially as you spend more time online than ever before. That’s why so many new PCs are preloaded with a free McAfee® LiveSafe trial to provide integrated protection from malware, viruses, and spyware from day 1 with minimal impact on performance.
McAfee protection goes beyond just antivirus. We help you keep apps and Windows up to date and patched against vulnerabilities, block intruders with our firewall, and help you clean up cookies and temporary files to minimize the digital footprint on your PC.
We build our security directly into the devices consumers rely on for everything from remote yoga to distance learning, so that they know they’ll be safer online, regardless of what their new normal looks like.
Part of a good defense is understanding how the game has changed. We recognize that our customers are using multiple devices to connect online these days. In fact, their primary device may not even be a computer. That’s why we work with mobile providers to ensure customers like you have access to our comprehensive multidevice security options. Devices like mobile phones and tablets allow users to access social media, stream content, and even bank on their terms. For that reason, our mobile protection includes features like VPN, so that you can connect any time, any place safely and use your apps securely.
Our online and brick & mortar retail partners are also irreplaceable on the field. We understand that shopping for security can be complicated – even intimidating – when faced with a wall of choices. Whether you’re in-store or browsing online, we’ll work together to address your security needs so that your devices and personal data are protected with the solution that works best for you. Many of our retailers offer additional installation and upgrade support so you can have one less thing to worry about.
Your web browser is more than a shortcut to the best chocolate chip cookie recipe; it connects you to endless content, information, and communication. Equally important is your operating system, the backbone that powers every app you install, every preference you save, and every vacation destination wallpaper that cycles through. We partner closely with web browsers, operating systems, and other software developers to ensure that our opponents can’t find holes in our defense. Everything that seamlessly works in the background stays that way, helping stop threats and intruders dead in their tracks. Whether it’s routine software updates or color-coded icons that help differentiate safe websites from phishing scams, we’re calling safety plays that keep our customers in the game.
At McAfee, we work tirelessly to do what we do best: blocking the threats you see, and even the ones you don’t. These days your “digital life” blurs the lines between security, identity, and privacy. So, we go into the dark web to hunt down leaked personal info stolen by identity thieves. We include Secure VPN in all our suites to give you privacy online. It’s these capabilities that strengthen both the offense and defense in our starting lineup of security suites like McAfee® Total Protection and McAfee® LiveSafe.
In short, your protection goes from a few reminders to scan your device to a team of experts helping you stay primed for the playoffs. It’s a roster that includes technology and humans solely devoted to staying ahead of the bad guys, from McAfee Advanced Threat Research (ATR) investigating and reporting like to artificial intelligence and machine learning that strengthens with every threat from every device. In fact, in just the first three months of this year, our labs detected over six threats per second!
Cybercriminals may be taking advantage of this current moment, but together, we can ensure our defense holds strong. After all, defense wins championships.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Together, We Block and Tackle to Give You Peace of Mind appeared first on McAfee Blogs.
2020 has propelled us into a new digital reality – one where we are reliant on technology to help us maintain our way of life. This forced all age groups, from 8-80, to learn how to conduct their day-to-day online. I personally had my mother asking a million questions about how to video conference!
But while we’re all looking to remain connected, we need to also focus on staying protected. For those of us a little more tech-savvy, that means helping our family and friends learn how this new digital reality impacts online security.
Let’s examine what that entails.
Digital healthcare’s rise was predicted back in January when Bain & Company reported that 40% of U.S. physicians expect to start using telemedicine over the next two years. Then came COVID-19, which drove healthcare providers to turn toward digital options to deliver socially distanced patient care. Many PCPs moved almost entirely to telehealth, with half of those surveyed using telemedicine in over 75% of their patient care.
While telehealth significantly increases patient care availability, there are also intrinsic privacy and security risks that go along with it. For example, telehealth requires that patients submit their health information through online platforms – some of which lack the proper data safeguards and don’t meet HIPAA requirements. Like all data transferred over the internet, private health information used for telemedicine could be intercepted by hackers if users don’t take proper security precautions. This means ensuring you and your loved one employ best practices – locking your platform account with a strong password, ensuring you only give your personal information to your doctor or verified resource, etc. These simple steps from McAfee experts are more important than ever before, as the healthcare industry is a preferred target for criminals.
School may be back in session, but it looks pretty different than previous years. For parents, this means navigating the unknown terrain that is a virtual classroom – and how the new environment affects your family’s online security.
Distance learning has led to a substantial spike in online video conferencing tools to conduct virtual lectures – which is only compounded by the fact that kids are already constantly on devices to play and socialize. However, some of the tools they use have proven to lack necessary security measures, which could jeopardize your students’ academic success and online security. Beyond video platform concerns, the combination of increased personal device usage on not-as-secure home networks poses a threat of its own.
Parents must ensure their students succeed – at both school and security. While they’re helping kids adjust to distance learning, parents can help keep them safe online by conducting router firmware updates, changing any default passwords on home networks, and leveraging a VPN. Additionally, parents must teach kids good security hygiene, such as always updating an app or device when an update is available. With parents juggling so much right now, they can also look for some extra support in the form of a comprehensive security solution that covers all their family’s devices with an extra layer of protection.
Many consumers have adopted digital financial services to make contactless payments or participate in online banking – some for convenience, others to help minimize contact in light of recent events. However, as this tech grows, so does the need for up-to-date security.
As users incorporate digital financial services into their everyday lives, they may fall victim to the risks commonly associated with making online payments. My mother, for example, is new to mobile banking and doesn’t know to look out for targeted phishing attacks from hackers who are trying to trick her out of money. Even the most tech-savvy online banking users can fall victim to more sophisticated phishing schemes out there.
To ensure cybercriminals don’t trick my mom into sharing sensitive information by impersonating her bank, we’ve discussed some ways she can identify an attack. Now, she knows to always hover over suspicious links, avoid interacting with messages from unknown senders, and to go directly to her bank’s official website.
We can use technology to adapt and grow during this time, just as long as we all employ security best practices. So, whether it be telehealth, distance learning, or digital finances, your family should always keep the aforementioned tips top of mind.
And remember – you’re not in this alone. You’ve got the support you need during this new digital reality in the form of a comprehensive security solution, McAfee® Total Protection. With this solution, consumers are safeguarded from malware with cloud-based threat protection that uses behavioral algorithms to detect new threats. It includes comprehensive internet security, multi-faceted privacy protection, and our secure VPN to ensure your family is prepared for any potential threat.
With robust, comprehensive security in place, your family’s devices will be consistently protected from the latest threats that came from our digital reality. With all these devices safe, everyone’s online life is free from worry.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Telehealth, Distance Learning, & Online Banking: Securing Digital Frontiers appeared first on McAfee Blogs.
You get an email from bank0famerica@acc0unt.com claiming that they have found suspicious activity on your credit card statement and are requesting that you verify your financial information. What do you do? While you may be tempted to click on a link to immediately resolve the issue, this is likely the work of a cybercriminal. Phishing is a scam that tricks you into voluntarily providing important personal information. Protect yourself from phishing by reviewing some examples of phishing emails and learning more about this common online scam.
Phishing is a cybercrime that aims to steal your sensitive information. Scammers disguise themselves as major corporations or other trustworthy entities to trick you into willingly providing information like website login credentials or, even worse, your credit card number.
A phishing email or text (also known as SMiShing) is a fraudulent message made to look legitimate, and typically asks you to provide sensitive personal information in various ways. If you don’t look carefully at the emails or texts, however, you might not be able to tell the difference between a regular message and a phishing message. Scammers work hard to make phishing messages closely resemble emails and texts sent by trusted companies, which is why you need to be cautious when you open these messages and click the links they contain.
Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. Check for the following signs of phishing every time you open an email or text:
Even the biggest companies sometimes make minor errors in their communications. Phishing messages often contain grammatical errors, spelling mistakes, and other blatant errors that major corporations wouldn’t make. If you see multiple, glaring grammatical errors in an email or text that asks for your personal information, you might be a target of a phishing scam.
To enhance their edibility, phishing scammers often steal the logos of who they’re impersonating. In many cases, however, they don’t steal corporate logos correctly. The logo in a phishing email or text might have the wrong aspect ratio or low-resolution. If you have to squint to make out the logo in a message, the chances are that it’s phishing.
Phishing always centers around links that you’re supposed to click. Here are a few ways to check whether a link someone sent you is legitimate:
If the URL you discover doesn’t match up with the entity that supposedly sent you the message, you probably received a phishing email.
Phishing messages come in all shapes and sizes, but there are a few types of phishing emails and texts that are more common than others. Let’s review some examples of the most frequently sent phishing scams:
Some phishing emails appear to notify you that your bank temporarily suspended your account due to unusual activity. If you receive an account suspension email from a bank that you haven’t opened an account with, delete it immediately, and don’t look back. Suspended account phishing emails from banks you do business with, however, are harder to spot. Use the methods we listed above to check the email’s integrity, and if all else fails, contact your bank directly instead of opening any links within the email you received.
Two-factor authentication scam
Two-factor authentication (2FA) has become common, so you’re probably used to receiving emails that ask you to confirm your login information with six-digit numerical codes. Phishing scammers also know how standard 2FA has become, and they could take advantage of this service that’s supposed to protect your identity. If you receive an email asking you to log in to an account to confirm your identity, use the criteria we listed above to verify the message’s authenticity. Be especially wary if someone asks you to provide 2FA for an account you haven’t accessed for a while.
We all know how important tax season is. That’s what phishing scammers are counting on when they send you phony IRS refund emails. Be careful when an email informs you that you’ve received a windfall of cash and be especially dubious of emails that the IRS supposedly sent since this government agency only contacts taxpayers via snail mail. Tax refund phishing scams can do serious harm since they usually ask for your social security number as well as your bank account information.
Sometimes, cybercriminals will try to tick you by sending emails with fake order confirmations. These messages often contain “receipts” attached to the email or links claiming to contain more information on your order. However, criminals often use these attachments and links to spread malware to the victim’s device.
You need to be wary of phishing when you’re using your work email as well. One popular phishing scam involves emails designed to look like someone in the C-suite of your company sent them. They ask workers to wire funds to supposed clients, but this cash actually goes to scammers. Use the tips we listed above to spot these phony emails.
Often, hackers look for ways to update old schemes so that they go undetected by users already aware of certain cyberthreats. Such is the case with the latest phishing evasion technique, which detects virtual machines to fly under the radar. Cybersecurity firms often use headless devices or virtual machines (a computer file that behaves like an actual computer) to determine if a website is actually a phishing page. But now, some phishing kits contain JavaScript — a programming language that allows you to implement complex features on web pages — that checks whether a virtual machine is analyzing the page. If it detects any analysis attempts, the phishing kit will show a blank page instead of the phishing page, allowing the scam to evade detection. To help ensure that you don’t fall for the latest phishing scams, stay updated on the most recent phishing techniques so you can stay one step ahead of cybercriminals.
Never click links in suspicious emails. If you click a link you suspect a phishing scammer sent, the link will take you to a web page with a form where you can enter sensitive data such as your Social Security number, credit card information, or login credentials. Do not enter any data on this page.
If you accidentally enter data in a webpage linked to a suspicious email, perform a full malware scan on your device. Once the scan is complete, backup all of your files and change your passwords. Even if you only provided a phishing scammer with the data from one account, you may have also opened the door to other personal data, so it’s important to change all the passwords you use online in the wake of a suspected phishing attack.
Let’s wrap things up with some summarized tips on how to avoid phishing emails:
Phishing emails only work on the unaware. Now that you know how to spot phishing emails and what to do if you suspect scammers are targeting you, you’re far less likely to fall for these schemes. Remember to be careful with your personal information when you use the internet and err on the side of caution whenever anybody asks you to divulge sensitive details about your identity, finances, or login information.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Phishing Email Examples: How to Recognize a Phishing Email appeared first on McAfee Blogs.
With millions of people continuing to work and study remotely, scammers have followed them home—generating an average of 375 new threats per minute so far this year. In response, our enhanced consumer portfolio directly addresses the new needs and new threats people face.
McAfee Labs found that these new threats via malicious apps, phishing campaigns malware, and more, according to its McAfee COVID-19 Threat Report: July 2020, which amounted to an estimated $130 million in total losses in the U.S. alone.
To help people stay safer and combat these threats, today we announced our latest consumer security portfolio. Our enriched products come with better user experiences such as a native Virtual Private Network (VPN), along with new features, including integrated Social Media and Tech Scam Protection—all of which are pressing security essentials today.
Specifically, our product lineup has been updated to include:
Scams involving tech support and product activation have continued to sneak into people’s inboxes and search results, which require a critical eye to spot. Here are some tips on how to identify these scams. We’re making it easier for people to stay safer with new features such as:
With jobs and things that simply need to get done “right now,” security can be an afterthought. Sometimes that desire for convenience has consequences, leading to situations where people’s devices, data, and personal information get compromised. In response, we’re doing our part to make security more intuitive so that people can get things done quickly and safely:
With people’s newfound reliance on the internet, we’ve made new advances that help them live their increasingly connected lives—looking after security and privacy even more comprehensively than before on security and the apps they use:
McAfee is on a journey to ensure security allows users to be as carefree as possible online, now that more time is spent on devices as consumers navigate a new normal of life from home. For more information on our consumer product lineup, visit https://www.mcafee.com/en-us/antivirus/mcafee-total-protection.html
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Evolving Security Products for the new Realities of Living Life From Home appeared first on McAfee Blogs.
According to Statista, 3.5 billion people worldwide are forecasted to own a smartphone by the end of 2020. These connected devices allow us to have a wealth of apps and information constantly at our fingertips – empowering us to remain in constant contact with loved ones, make quick purchases, track our fitness progress, you name it. Hackers are all too familiar with our reliance on our smartphones – and are eager to exploit them with stealthy tricks as a result.
One recent example of these tricks? Suspicious text messages claiming to be from USPS. According to Gizmodo, a recent SMS phishing scam is using the USPS name and fraudulent tracking codes to trick users into clicking on malicious links.
Let’s dive into the details of this scheme, what it means for users, and what you can do to protect yourself from SMS phishing.
To orchestrate this phishing scheme, hackers send out text messages from random numbers claiming that a user’s delivery from USPS, FedEx, or another delivery service is experiencing a transit issue that requires urgent attention. If the user clicks on the link in the text, the link will direct them to a form fill page asking them to fill in their personal and financial information to “verify their purchase delivery.” If the form is completed, the hacker could exploit that information for financial gain.
However, scammers also use this phishing scheme to infect users’ devices with malware. For example, some users received links claiming to provide access to a supposed USPS shipment. Instead, they were led to a domain that did nothing but infect their browser or phone with malware. Regardless of what route the hacker takes, these scams leave the user in a situation that compromises their smartphone and personal data.
While delivery alerts are a convenient way to track packages, it’s important to familiarize yourself with the signs of phishing scams – especially as we approach the holiday shopping season. Doing so will help you safeguard your online security without sacrificing the convenience of your smartphone. To do just that, follow these actionable steps to help secure your devices and data from SMiShing schemes:
Be skeptical of text messages claiming to be from companies with peculiar asks or information that seems too good to be true. Instead of clicking on a link within the text, it’s best to go straight to the organization’s website to check on your delivery status or contact customer service.
Many spammers send texts from an internet service in an attempt to hide their identities. Combat this by using the feature on your mobile device that blocks texts sent from the internet or unknown users. For example, you can disable all potential spam messages from the Messages app on an Android device by navigating to Settings, clicking on Spam protection, and turning on the Enable spam protection switch. Learn more about how you can block robotexts and spam messages on your device.
Prepare your mobile devices for any threat coming their way. To do just that, cover these devices with an extra layer of protection via a mobile security solution, such as McAfee Mobile Security.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Special Delivery: Don’t Fall for the USPS SMiShing Scam appeared first on McAfee Blogs.
In the early days of the COVID-19 pandemic, another pandemic of sorts took root—this one an “infodemic.” Whether designed to mislead, instill fear, capitalize on crank remedies, or push phony cures that caused harm or worse, millions of outright false stories about COVID-19 proliferated across the internet. And continue to do so.
Now, with our upcoming election in the U.S., there’s concern that this infodemic of misinformation about COVID-19 will keep people away from the polls or from working at them. Particularly elders.
With this blog, my aim is to point you toward trustworthy resources online that can help you get your vote cast and counted safely.
First, a word about COVID-19 misinformation in general.
Since the initial outbreak, we’ve monitored online threats and scams related to COVID-19. As shown in our July 2020 Threat Report, the first three months saw the number of malicious and scam websites related to COVID-19 jump from 1,600 to more than 39,000, along with a wave of spam emails and posts that peddled bogus sites for protective gear, masks, and cures. Now, in mid-September, our threat detection team has uncovered three million online threats related to COVID-19 and counting. (See the daily tally here for the latest figures.)
Elsewhere, global and national public health officials have worked diligently to counter these waves of misinformation, such as the World Health Organization’s COVID-19 “mythbuster” site, in addition to further mythbusting from major news outlets around the world and yet more mythbusting from respected science publications. However, instances of misinformation, both big and small, persist and can lead to negative health consequences for those who buy into such misinformation.
Whether you’ll vote in person or by mail, these links provide a mix of trustworthy information about voting and the latest verified information about the virus:
Be aware that our collective understanding of COVID-19 continues to evolve. The pandemic isn’t even a year old at this time, and new research continues to reveal more about its nature. Be sure to check with these resources along with your local public health resources for the latest on the virus and how to stay safe.
If you’re considering voting by mail, the following is for you. Published by U.S. News and World Report, this article breaks down how you can vote by mail in your state. While all 50 states allow for mail-in voting in some form or fashion, specifics vary, and some states make it easier to do than others. (For example, a handful of states like Texas, Indiana, and Louisiana currently do not allow COVID-19 concerns as a valid reason for requesting a mail-in ballot.)
Note that this article was published at the end of August, so be sure to follow the links for your state as published in the article for the absolute latest information. Yet don’t wait to look into your absentee or mail-in options. As noted above, each state has its terms and deadlines, so it’s best to review your options now.
Meanwhile, five states— Colorado, Hawaii, Oregon, Washington state, and Utah already conduct their elections entirely by mail. Such practices have proven to be successful alternatives to voting in person, they have slightly increased voter turnout while minimizing the risks of voter fraud.
Get your vote out safely. Whether it’s by visiting the polls following the safety guidelines or by way of mail as also allowed by your state, it can be done—particularly when you have trusted information sources at hand.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post U.S. Election 2020 – Don’t Let COVID-19 Misinformation Suppress Your Vote appeared first on McAfee Blogs.
If you’re thinking career change or career shift, there’s a field that has an estimated 4 million jobs open. Cybersecurity.
According to survey and research data from the International Cybersecurity Organization (ICS)2, there’s a cybersecurity workforce gap—a terrifically high volume of jobs left unfilled. Published in 2019, the gap they identified looked like this:
Needless to say, there’s opportunity in the field for both technical and non-technical roles.
Here’s an important thing to keep in mind about cybersecurity:, it’s not solely about understanding technology. It’s about understanding people too and how people and technology interact.
The moment you see cybersecurity through that broader lens, you can see how the field opens widely to encompass a range of roles. Of course, there are analysts and engineers, yet it also includes other roles like digital forensics and cyber investigation, healthcare information security, cryptography, and even cyber law. Additionally, there’s needed expertise in the realms of privacy, governance, ethics, and even digital ethics. And if you take a role with a security company such as ours, the opportunity further extends to positions in account management, marketing, and operations. (In fact, you can drop by our careers page for a look at our current openings and what workday life is like around here.)
There are plenty of reasons. Above that data published in 2019, our unprecedented reliance on the internet to work, learn, and stay connected in 2020, demand for cybersecurity jobs is yet more so on the rise. As so many of us turned increasingly to the internet to get through our day, the same is true for hackers and crooks.
With that, let’s take a quick look at several of the factors working in your favor as you consider a change.
We’ve all seen the news stories of major breaches at big retailers, credit reporting agencies, hotels, and even healthcare providers. It’s not just the private sector that’s been grappling with cybersecurity concerns, there’s need in the public sector as well—like municipalities. In all, every organization needs cybersecurity (just as we all need cybersecurity for our homes), and thus there’s plenty of opportunity out there. Using just one of the many possible cybersecurity roles as an example, the U.S. Bureau of Labor Statistics predicts a 32% increase in demand for information security analysts through 2028—which is far higher than the average of other professions.
In fact, the same (ICS)2 survey discovered that only 42% of current cybersecurity pros said that their first job after higher education was in the field of cybersecurity. In other words, the majority of cybersecurity pros ended up that way by some means of career shift or change. And they got there through certifications and training rather than by way of a degree from a college or university.
Our own Chief Human Resources Officer, Chatelle Lynch, put it quite well in an interview with Business Insider just a few weeks ago: “It’s no secret that the demand for cybersecurity staff has steadily grown over the past decade,” she says. “This means opportunity, so if you don’t have a degree, don’t let that slow you down. You may have unique work experience or relevant certifications, alternative learning, or transferable skills that you need to make sure you highlight when applying and interviewing.”
For example, she goes on to say that prior military service, IT experience, and volunteer or hobbyist activities (even online gaming) are a good foundation for cybersecurity roles.
These skills absolutely apply, and they’re sought after skills as well. The ability to work independently, lead projects, write and document well, and particularly strong people skills are vital for a role where you’ll be interfacing with numerous individuals, departments, and business units. Likewise, as called out above, certain roles focus more on the non-technical side of security solutions.
The beauty of making a career change to cybersecurity is that there are plenty of ways you can get it done at home and on your time.
If you’re just getting started, you can test the waters for free or at relatively low cost with a Massively Open Online Course (MOOC) that gives you the basics on cybersecurity. Future Learn’s “Introduction to Cybersecurity” from The Open University is one example of an intro program, as is the University of Michigan’s “Securing Digital Democracy” class that’s offered through Coursera.
If you’re already an IT pro or have a strong technical background, there are similar MOOC courses available that cater to your current level of knowledge and skill. The University of Maryland’s “Cybersecurity Specialization” and “Usable Security” are geared accordingly.
For a list of cybersecurity programs available online, drop by CyberDegrees.org. Their listing is one of many good places to start.
Other free and low-cost avenues out there include subscribing to some security bloggers, grabbing some hands-on work with coding and IT networking fundamentals from online learning companies like Udemy, Codecademy, and Khan Academy, or joining some online cybersecurity groups for a little professional networking. In all, there’s plenty of opportunity to learn from others, both in structured class settings and in more unstructured peer and mentorship relationships.
When you’re ready to start your job search, there’s a good chance that your interview will be conducted online. Online interviews have been part of the job-hunting landscape for a few years now, yet with many employers enacting work from home measures, it’s the way hiring gets done right now. I expect this to continue, as employers have embraced its many benefits, particularly in the early stages of interviews. If the prospect of an online interview is new to you, I put together a pair of articles this spring that can help.
As you make the jump, here’s the most important thing you’ll need: a love of technology and a desire to protect the people who use it. If you can combine a drive to understand both technology and people better with the further drive to see it all through, you’ll be well on your way. Like any career shift or change, there’s work ahead, yet it’s my impression that our field is a welcoming and supportive one—and very much on a keen lookout for new talent.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Career change? Cybersecurity companies are hiring. appeared first on McAfee Blogs.
Today, there are so many different avenues where we receive information.
Personally, I prefer finding out what’s going on in the world by scanning my favorite news channels’ websites and by receiving personalized feeds and notifications to my phone. My wife, however, scans social media platforms – from Facebook to Twitter to Instagram – to discover the latest happenings. My teenage daughter spends 2+ hrs a day on social media platforms engaging with her friends.
While were initially meant to help us stay connected, they come with their own handful of security implications. Let’s explore what these threats are and how to stay protected.
Users rely on social media to feel connected. So while the world was social distancing, social media grew more popular than ever before – as of March 2020, people are on social media 44% more worldwide. However, with these platforms being so popular, they’ve become a hotspot for cybercriminal schemes.
There’s a variety of potential threats on social platforms, including misinformation, account takeovers, and phishing scams. The latter threat is all too common, as these platforms have become a popular avenue for cybercriminals to spread troublesome links and websites.
To lure unsuspecting users into clicking on these links, hackers often tap into what consumers care about. These topics have ranged from fake tech support scams to getting verified on Instagram.
At McAfee, we want users to enjoy a safe online social life. That’s why we created a new McAfee® WebAdvisor feature that scans for dangerous links across six major social media sites – Facebook, Twitter, YouTube, Instagram, Reddit, and LinkedIn – so users can scroll their feeds with confidence. To do this, McAfee WebAdvisor now color codes links across these social platforms, as it has always done for online searches, to show which ones are safe to visit.
It’s important to take advantage of new technologies that help us adapt and grow into security superstars. My family and I are excited to see this new feature roll out across our existing McAfee® Total Protection subscription. That way we can keep up with the latest news and trends, as well as stay connected with family and friends without worrying about any potential threats. I can sleep much better at night knowing that my whole family will be both connected and protected.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Stay Connected & Protected: Weaving Security Into Our Social Media Habits appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness in conjunction with the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA). McAfee is pleased to announce that we’re a proud participant.
If there’s ever a year to observe Cybersecurity Awareness Month, this is it.
As millions worked, schooled, and simply entertained themselves at home (and continue to do so) this year, internet usage increased by up to 70%. Not surprisingly, cybercriminals followed. Looking at our threat dashboard statistics for the year so far, you’ll see:
And that doesn’t account for the millions of other online scams, ransomware, malicious sites, and malware out there in general—of which COVID-19-themed attacks are just a small percentage.
With such a high reliance on the internet right now, 2020 is an excellent year to observe Cybersecurity Awareness Month, along with its focus on what we can do collectively to stay safer together in light of today’s threats.
Unified under the hashtag #BeCyberSmart, Cybersecurity Awareness Month calls on individuals and organizations alike to take charge of protecting their slice of cyberspace. The aim, above making ourselves safer, is to make everyone safer by having us do our part to make the internet safer for all. In the words of the organizers, “If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees, our interconnected world will be safer and more resilient for everyone.”
Throughout October, we’re participating as well. Here in our blogs and across our broad and ongoing efforts to boost everyone’s awareness and expertise in cybersecurity and simply staying safe online, we’ll be supporting one key theme each week:
If you’ve kept up with our blogs, this is a theme you’ll know well. The idea behind “If you connect it, protect it” is that the line between our lives online and offline gets blurrier every day. For starters, the average person worldwide spends nearly 7 hours a day online thanks in large part to mobile devices and the time we spend actively connected on our computers. However, we’re also connecting our homes with Internet of Things (IoT) devices—all for an average of 10 connected devices in our homes in the U.S. So even when we don’t have a device in our hand, we’re still connected.
With this increasing number of connections comes an increasing number of opportunities—and challenges. During this weel, we’ll take a look at how internet-connected devices have impacted our lives and how you can take steps that reduce your risk.
As we shared at the open of this article, this year saw a major disruption in the way we work, learn, and socialize online. There’s no question that our reliance on the internet, a safe internet, is greater than before. And that calls for a fresh look at the way people and businesses look at security.
This week of Cybersecurity Awareness Month will focus on steps users and organizations can take to protect internet connected devices for both personal and professional use, all in light of a whole new set of potential vulnerabilities that are taking root.
Earlier this year, one of our articles on telemedicine reported that 39% of North Americans and Europeans consulted a doctor or health care provider online for the first time in 2020. stand as just one example of the many ways that the healthcare industry has embraced connected care. Another noteworthy example comes in the form of internet-connected medical devices, which are found inside care facilities and even worn by patients as they go about their day.
As this trend in medicine has introduced numerous benefits, such as digital health records, patient wellness apps, and more timely care, it’s also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit. Here we’ll explore this topic and share what steps both can take do their part and #BeCyberSmart.
The growing trend of homeowners and businesses alike connecting all manner of things across the Internet of Things (IoT) continues. In our homes, we have smart assistants, smart security systems, smart door locks, and numerous other home IoT devices that all need to be protected. Businesses manage their fleets, optimize their supply chain, and run their HVAC systems with IoT devices, which also beg protection too as hackers employ new avenues of attack, such as GPS spoofing. And these are just a fraction of the applications that we can mention as the world races toward a predicted 50 billion IoT devices by 2030.
As part of Cybersecurity Awareness Month, we’ll look at the future of connected devices and how both people and businesses can protect themselves, their operations, and others.
As Cybersecurity Awareness Month ramps up, it presents an opportunity for each of us to take a look at our habits and to get a refresher on things we can do right now to keep ourselves, and our internet, a safer place. This brief list should give you a great start, along with a catalog of articles on identity theft, family safety, mobile & IoT security, and our regularly updated consumer threat notices.
Given the dozens of accounts you need to protect—from your social media accounts to your financial accounts—coming up with strong passwords can take both time and effort. Rather than keeping them on scraps of paper or in a notebook (and absolutely not on an unprotected file on your computer), consider using a password manager. It acts as a database for all your passwords and stores new codes as you create them. With just a single password, you can access all the tools your password manager offers.
Phishing scams like these are an old standard. If you receive an email or text from an unknown person or party that asks you to download software, share personal information, or take some kind of action, don’t click on anything. This will steer you clear of any scams or malicious content.
However, more sophisticated phishing attacks can look like they’re actually coming from a legitimate organization. Instead of clicking on a link within the email or text, it’s best to go straight to the organization’s website or contact customer service. Also, you can hover over the link and get a link preview. If the URL looks suspicious, delete the message and move on.
Avoid hackers infiltrating your network by using a VPN, which allows you to send and receive data while encrypting – or scrambling – your information so others can’t read it. By helping to protect your network, VPNs also prevent hackers from accessing other devices (work or personal) connected to your Wi-Fi.
In addition, use a robust security software like McAfee® Total Protection, which helps to defend your entire family from the latest threats and malware while providing safe web browsing.
At a time where data breaches occur and our identity is at risk of being stolen, checking your credit is a habit to get into. Aside from checking your existing accounts for false charges, checking your credit can spot if a fraudulent account has been opened in your name.
It’s a relatively straightforward process. In the U.S., the Fair Credit Reporting Act (FCRA) requires credit reporting agencies to provide you with a free credit check at least once every 12 months. Get your free credit report here from the U.S. Federal Trade Commission (FTC). Other nations provide similar services, such as the free credit reports for UK customers.
To track malicious pandemic-related campaigns, McAfee Advanced Programs Group (APG) has published a COVID-19 Threat Dashboard, which includes top threats leveraging the pandemic, most targeted verticals and countries, and most utilized threat types and volume over time. The dashboard is updated daily at 4pm ET.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cybersecurity Awareness Month Helps Us All be #BeCyberSmart appeared first on McAfee Blogs.
Forecasts predict that roughly 80 million votes will get cast by mail-in ballots—double the number cast by mail in the 2016 election. Here are a couple tips to make sure your vote counts for the 2020 election.
Smart use of the internet will help you cast a mail-in ballot that counts.
Projections abound, yet forecasts predict that roughly 80 million votes will get cast by mail-in ballots—double the number cast by mail in the 2016 election. While we’ll only know the final tally of mail-in voters sometime after election day, what we know right now is that nearly 75% of U.S. voters will be able to vote by mail in the 2020 election
If you’re one of those voters, or know someone who is, this quick five-point primer of online resources should help.
Pew Research found that Americans are split 50/50 as to whether voting in the 2020 election will be “easy” or “hard.” Compare that to the 2018 figures where 85% said that voting would be “easy” in that election. We can chalk that up to several factors this year, most notably the effect of the pandemic on voting, which I touched on in my blog last week.
However, there are other concerns at play. We’ve seen concerns about mail-in ballot fraud, along with confusion about how to get a mail-in ballot, and yet further confusion as to who is eligible to get a mail-in ballot in the first place… just to name a few.
These concerns all share a common remedy: the facts.
Good information, direct from your state election officials, will point the way. Skip social media altogether. It is not a trusted resource. In all, it’s a mistake to get any election information on social media, according to F.B.I. Director, Christopher Wray. Instead, let’s point ourselves in the right direction.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Election 2020 – Five Tips to Secure a Mail-In Ballot That Counts appeared first on McAfee Blogs.
We live in a world where convenience is king. Personally, I don’t know what I would do without my calendar alerts popping up on my smartphone, ensuring that I don’t miss any important meetings (or birthdays). I can also use a variety of apps to make appointments with my family’s doctor and check up on my kids’ educational progress while they are at home distance learning. While this technology is great and convenient, it has led to increased connectivity which tends to cause security implications. At what point do we draw the line between convenience and online security, and is there a way to ultimately have both? Let’s take a look.
Consumers want to live their lives fast. They are constantly on the go, prioritizing speedy technology and convenience – sometimes more than safety. As a result, basic security hygiene, like updating passwords, has fallen by the wayside. In fact, a recent survey conducted by YouGov in April of 2020 revealed that consumers are overconfident in the level of protection that their credentials provide. 77% believe that their banking credentials are the most secure, followed by online shopping (74%), and work network logins (71%). Due to consumers’ overconfidence in the strength of their credentials, over half of online shoppers admitted that they have no plans to update their login details – and even more admitted to not updating bank and work passwords. As someone who just recently wrote a blog on common password habits and how they can affect our online safety,
As today’s users are trying to grasp what the “new normal” means for them and how they live their lives, many are branching out from the typical ways they used to order food, take workout classes, and more. Consumers are using food delivery sites that they’ve never used before and signing up for online fitness classes on new platforms to stay healthy while social distancing. But by using these unfamiliar websites to establish a sense of normalcy, users might forget to take basic security precautions like making sure these websites have the standard https:// security clearance or using a VPN. Paying attention to these security measures while exploring new platforms will allow users to enjoy the convenience of these tools without putting their online safety at risk.
According to McAfee Labs, more than 113,000 websites have been published that used COVID-19 to lure internet users into giving up their personal details. But despite the risks associated with poor security hygiene, consumers appear to be pretty indifferent. When asked if COVID-19 and increased fraud influenced them to use alternative banking or shopping apps/websites with more secure options, over three-quarters of U.S. consumers stated no, or that they didn’t know. At the onset of the pandemic when consumers were under pressure to buy scarce, staple items, 26% of consumers in the U.S. admitted to overlooking online security concerns by using third-party merchants to buy things like toilet paper and disinfecting products.
Today’s users already have so much to worry about – I can’t blame them if their online security is falling by the wayside to allow physical health and wellness to take precedent. It’s times like these when people need to prioritize their health and basic survival above all else that consumers benefit most from intrinsic security that is constantly working in the background, so they can have peace of mind.
The good news: convenience and security don’t have to be mutually exclusive. I can still use my healthcare provider’s app to schedule appointments and check in on my kids as they distance learn without risking our family’s privacy. When it comes to balancing convenience and online security, you and your family should use trusted solutions that will allow you to enjoy all that the internet has to offer by providing security that is easy, convenient, and empowers you to enjoy a safe and private digital live.
Users can enjoy a comprehensive, yet holistic approach to protection by employing the help of a security solution like McAfee® Total Protection. Consumers are safeguarded from malware so they can continue to use their devices and web browsing to stream live workout classes, catch up with family over video conference, and more. The software’s detection capabilities are constantly being updated and enhanced without compromising users’ device performance.
McAfee Total Protection also includes McAfee® WebAdvisor – web protection that enables users to sidestep attacks before they happen with clear warnings of risky websites, links, and files. McAfee WebAdvisor allows consumers to online shop or order food from their favorite restaurant while giving them the peace of mind that they’re on a safe website.
McAfee Total Protection also includes our secure VPN to ensure your family is prepared for potential threats that could be lurking around the corner. By enabling a VPN on your device, you can feel confident that the next time you bank or pay bills online, your connection is secure. With solutions like McAfee Total Protection and McAfee WebAdvisor in place, consumers can strike a balance between convenience and security, without sacrificing either.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Convenience vs. Online Security: Have Your Cake and Eat It Too appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.
We live in a day and age when even lightbulbs can be hacked.
Perhaps you’ve caught the stories in the news: various devices like home cameras, smart appliances, and other Internet of Things (IoT) devices falling prey to hackers and attacks, such as when the Mirai botnet took out large swathes of the internet in 2016. As posted by Statista, estimates project that the world will have nearly 40 billion IoT devices in the next five years and upwards of 50 billion by 2030. That’s in homes and businesses alike, ranging anywhere from digital assistants, smart watches, medical devices, thermostats, vehicle fleet management devices, smart locks, and yes, even the humble lightbulb—and like our computers, laptops, smartphones, and tablets, they all need to be protected.
The reason is simple: your network is only as safe as the weakest device that’s on it. And we’re putting so much more on our networks than ever before. In effect, that means our homes have more targets for hackers than ever before as well. In the hands of a dedicated crook, one poorly protected device can open the door to your entire network—much like a thief stealing a bike by prying open the weak link in a chain lock. Therefore, so goes the saying, “If You Connect It, Protect It.”
What’s challenging is that our IoT devices don’t always lend themselves to the same sort of protections like our computers, laptops, and phones do. For example, you can’t actually install security software directly on them. However, there are things you can do to protect those devices, and the network they’re on too.
Just because that new smart device that’s caught your eye can connect to the internet doesn’t mean that it’s secure. Before you purchase, read up on reviews and comments from other customers. Look for news articles about the device manufacturer too. The fact of the matter is that some IoT device manufacturers are much better at baking security protocols into their devices than others, so look into their track record to see if you can uncover any issues with their products or security practices. Information such as this can help you make an even more informed choice.
One issue with many IoT devices is that they often come with a default username and password. This could mean that your device, and thousands of others just like it, all share the same credentials, which makes it painfully easy for a hacker to gain access to them as those default usernames and passwords are often published online.
When you purchase an IoT device, set a fresh password using a strong method of password creation. And keep those passwords safe. Instead of keeping them on a notebook or on sticky notes, consider using a password manager. It acts as a database for all your passwords and stores new codes as you create them. As always, don’t store them in an unprotected file on your computer, which can be subject to a hack or data loss.
Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to make sure that we’re logging in we really are who we say we are. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own, like your mobile phone. Thus when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.
Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all of your devices—computers, tablets, and phones, along with your IoT devices as well. That means it’s vital to keep your router secure. A quick word about routers: you typically access them via a browser window and a specific address that’s usually printed somewhere on your router. If you’re renting your router or you’ve purchased it through your internet provider, they should have help documentation that can guide you through this the process. Likewise, if you purchased your own, your manual should provide the guidance you need.
As we mentioned above, the first thing to do is change the default password and name of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too. While you’re making that change, you can also check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you’re unsure, reach out to your internet provider or check the documentation that came with your router.
Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices, like computers and smartphones, along with the data and info that you have stored on them. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
Another line of defense that can hamper hackers is using a VPN, which allows you to send and receive data while encrypting your information so others can’t read it. When your data traffic is scrambled that way, it’s shielded from prying eyes, which helps protect your network and the devices you have connected to it.
As with our computers, laptops, phones, tablets, and apps, make sure you have the latest software updates for your IoT devices. The reasons here are the same: one, they’ll make sure you’re getting the latest functionality from your device; and two, updates often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest.
You’ve probably seen that you can control a lot of your connected things with your smartphone. We’re using them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” our smartphones—so protecting our phones has become yet more important. Whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls—in addition to you and the phone as well.
And of course, let’s not forget our computers and laptops. While we’ve been primarily talking about IoT devices here, it’s a good reminder that computers and laptops need protection too. Using a strong suite of security software like McAfee® Total Protection, can help defend your entire family from the latest threats and malware, make it safer to browse, and look out for your privacy too.
We’re connecting our homes and ourselves with IoT devices at an tremendous rate—now at an average of 10 connected devices in our homes in the U.S. Gone by are the days when all we had was a computer or phone or two to look after. Now, even when we’re not in front of a laptop or have a smartphone in our hand, we’re still online, nearly all the time. Take this week to make sure that what you’ve connected is protected. Even that little lightbulb.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cybersecurity Awareness Month: If You Connect It, Protect It appeared first on McAfee Blogs.
McAfee “Most Famous to Most Dangerous to Search for Online” 2020 MDC Sweepstakes
Terms and Conditions
NO PURCHASE OR PAYMENT OF ANY KIND NECESSARY TO ENTER OR WIN. A PURCHASE WILL NOT INCREASE YOUR CHANCES OF WINNING.
THIS SWEEPSTAKES IS INTENDED FOR PLAY IN THE UNITED STATES ONLY AND VOID IN FLORIDA, NEW YORK, AND RHODE ISLAND, AND WILL BE GOVERNED BY U.S. LAW. DO NOT ENTER IF YOU ARE NOT BOTH ELIGIBLE AND LOCATED IN THE UNITED STATES, EXCLUDING FLORIDA, NEW YORK AND RHODE ISLAND, AT THE TIME OF ENTRY.
The McAfee “Most Famous to Most Dangerous to Search for Online” 2020 MDC Sweepstakes (the “Sweepstakes”) begins at 8:00:00 AM Pacific Daylight Time (“PDT”) on 10/6/2020 and ends at 5:00:00 PM PDT on 10/25/2020 (“Sweepstakes Period”). The Sweepstakes Administrator’s computer will be the official timekeeping device.
During the Sweepstakes Period, visit https://www.mcafee.com/en-us/consumer-support/2020-most-dangerous-celebrity.html (the “Website”), or the appropriate McAfee social handles listed below, and complete the following to receive the corresponding entries into the Sweepstakes:
| Action | # Entries Received | Detail |
|
Social Comment – Facebook or Twitter
@McAfee https://www.facebook.com/McAfee/
@McAfee_Home https://twitter.com/mcafee_home?lang=en
|
1 (per comment) | Go to the website to review the instructions and terms & conditions.
Click through to the applicable McAfee social page(s).
Follow that McAfee social handle.
Find the social posts using the campaign hashtag (#RiskyCelebSweeps)
Comment only on those posts for means of entry.
1 comment = 1 entry into the sweepstakes for a chance to win.
Commenting on any of the sweepstakes specific posts (using #RiskyCelebSweeps) during the sweepstakes time frame allows for an entry for a chance to win the grand prize.
|
The Sweepstakes is open to legal residents of the United States, excluding residents of Florida, New York and Rhode Island and where otherwise prohibited by law, who are 18 years of age or older at the time of entry. Employees of McAfee, LLC, and each of their respective parents, subsidiaries, affiliates, prize suppliers, and advertising and promotional agencies, their immediate families (spouses, parents, children, and siblings and their spouses), and individuals living in the same household as such employees are ineligible.
There will be one grand prize winner. The prize winner will be selected at random from the final pool of entrants (commenters) on the applicable sweepstakes social posts. Anyone who comments on any of the sweepstakes posts, within the sweepstakes time period, is included in the Prize entry pool. Limit one (1) prize per person per household. By participating, entrants acknowledge the McAfee Privacy Notice and agree to be bound by the Official Sweepstakes Rules and the decisions of the Sponsor which shall be final and binding in all respects. The odds of winning depend on the total number of eligible entries received.
Prize winner will be notified the week of 10/26/20. No winners will be announced prior to this time. All winners will be notified by the official McAfee Facebook (https://www.facebook.com/McAfee/ ) or McAfee_Home Twitter (https://twitter.com/McAfee_Home) page. McAfee will not ask you to provide any credit card information to claim a prize. Prize winner will be required to sign an Affidavit of Eligibility and Liability/Publicity Release (where permitted by law) to be returned within (4) days of written notification, or prize may be forfeited. If a prize notification is returned as unclaimed or undeliverable to a potential winner, if potential winner cannot be reached within four (4) calendar days from the first notification attempt, or if potential winner fails to return requisite document within the specified time period, or if a potential winner is not in compliance with these Official Rules, then prize may be forfeited. Sponsor is not responsible for any change of email address, mailing address and/or telephone number of entrants. Sponsor reserves the right to select an alternative winner should the first winner fail to claim the prize.
GRAND PRIZE – Approximate ARV = $900
Limit one (1) prize per person per household. Prizes are non-transferable and no cash equivalent or substitution of prize is offered. Subscriptions are subject to the terms and conditions available at https://www.mcafee.com/en-us/consumer-support/2020-most-dangerous-celebrity.html. If a prize, or any portion thereof, cannot be awarded for any reason, Sponsor reserves the right to substitute prize with another prize of equal or greater value. Prize winner will be solely responsible for all federal, state and/or local taxes, and for any other fees or costs associated with the prizes they receive, regardless of whether it, in whole or in part, are used. Since the prize value exceeds $600, the prize winner will be issued a W-9 form to fill out and return prior to receiving their prize. The sweepstakes Sponsor must mail a copy of the 1099-MISC form postmarked by January 31st of the year following the year in which the winner won the prize.
Sponsor and others are not responsible for interrupted or unavailable network server or other connections; for miscommunications; failed telephone or computer transmissions; for jumbled, scrambled or misdirected entries or transmissions; for phone, electrical, network, computer hardware or software or program malfunctions, failures or difficulties; for other errors, omissions, interruptions, or deletions of any kind, whether human, typographical, mechanical or electronic; or for any damage to any person’s computer related to participating in the Sweepstakes. Sponsor and others are not responsible for illegible, unintelligible, late, lost, stolen on entries not received; for incorrect or inaccurate entry information, whether caused by Website users or by any of the equipment or programming associated with or utilized in the Sweepstakes; or for any typographical, technical or human errors which may occur in the processing of any entries in this Sweepstakes. Persons found tampering with or abusing any aspect of this Sweepstakes as solely determined by Sponsor will be disqualified and may be subject to prosecution. Any person attempting to enter using multiple email addresses, multiple identities, any bot, robotic or any other device or artifice to enter multiple times with different identities or email addresses or to interfere with the proper play of this Sweepstakes or to be otherwise behaving in an unsportsmanlike manner as determined by Sponsor will be disqualified from participation in the Sweepstakes. If in the judgment of Sponsor, the Sweepstakes is compromised by virus, bugs, non-authorized human intervention or other causes beyond the control of Sponsor, which corrupts the administration, security, fairness or proper play of the Sweepstakes, Sponsor reserves the right, in its sole discretion, to modify, discontinue, suspend or terminate the Sweepstakes and randomly award the prizes from among all eligible, non-suspect entries received prior to any such modification, discontinuation, suspension or termination. Should multiple users of the same email account enter the Sweepstakes and a dispute thereafter arise regarding the identity of the entrant, the authorized account holder of said email account at the time of entry will be considered the entrant. “Authorized account holder” is defined as the natural person who is assigned an email address by an Internet access provider, online service provider or other organization which is responsible for assigning email addresses or the domain associated with the submitted email address. In the event of a dispute as to the identity of an entrant based on his/her Facebook or Twitter account, the authorized Facebook or Twitter account holder submitted at time of entry will be deemed the entrant. Please see the privacy notice located at http://www.mcafee.com/us/about/privacy.html or details of Sponsor’s policies regarding the use of personal information collected in connection with this Sweepstakes. If you are selected as a winner, your information may also be included in a publicly-available winners list.
CAUTION: ANY ATTEMPT TO DELIBERATELY DAMAGE ANY WEBSITE OR UNDERMINE THE LEGITIMATE OPERATION OF THE SWEEPSTAKES IS A VIOLATION OF CRIMINAL AND CIVIL LAWS. SHOULD SUCH AN ATTEMPT BE MADE, THE SPONSORS RESERVE THE RIGHT TO SEEK DAMAGES OR OTHER REMEDIES (INCLUDING WITHOUT LIMITATION ATTORNEYS’ FEES) FROM ANY SUCH PERSON(S) RESPONSIBLE FOR THE ATTEMPT TO THE FULLEST EXTENT PERMITTED BY LAW.
By participating in the Sweepstakes, each entrant releases and agrees to indemnify and hold harmless Sponsor, Prize Providers and others from and against any and all costs, claims, damages, (including, without limitation, any special, incidental or consequential damages), or any other injury, whether due to negligence or otherwise, to person(s) or property (including, without limitation, death or violation of any personal rights, such as violation of right of publicity/privacy, libel, or slander), due in whole or in part, directly or indirectly, to participation in the Sweepstakes, or arising out of participation in any Sweepstakes-related activity, or the receipt, enjoyment, participation in, use or misuse, of any prize.
By accepting a prize, the winner agrees to allow Sponsor and Sponsor’s designees the perpetual right to use his/her name, biographical information, photos or likeness, and statements for promotion, trade, commercial, advertising and publicity purposes, at any time or times, in all media now known or hereafter discovered, worldwide, including but not limited to on the Internet, without notice, review or approval and without additional compensation except where prohibited by law. Any collection of personal information from entrants will be governed by the McAfee Privacy Policy.
EACH ENTRANT AGREES THAT ANY DISPUTES, CLAIMS, AND CAUSES OF ACTION ARISING OUT OF OR CONNECTED WITH THIS CONTEST OR ANY PRIZE AWARDED WILL BE RESOLVED INDIVIDUALLY, WITHOUT RESORT TO ANY FORM OF CLASS ACTION, AND EXCLUSIVELY BY THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF DELAWARE OR THE APPROPRIATE STATE COURT LOCATED IN DOVER OR WILMINGTON, DELAWARE. THESE OFFICIAL RULES ARE GOVERNED BY THE LAWS OF THE STATE OF DELAWARE WITHOUT REGARD TO CHOICE OF LAW OR CONFLICT OF LAWS RULES. YOU WAIVE ANY AND ALL OBJECTIONS TO JURISDICTION AND VENUE IN THESE COURTS AND HEREBY SUBMIT TO THE JURISDICTION OF THOSE COURTS.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE SPONSOR OR THE RELEASED PARTIES BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF USE, LOSS OF PROFITS OR LOSS OF DATA, WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, ARISING OUT OF OR IN ANY WAY CONNECTED TO YOUR PARTICIPATION IN THE CONTEST OR USE OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE CONTEST OR ANY PRIZE, EVEN IF A RELEASED PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE AGGREGATE LIABILITY OF THE RELEASED PARTIES (JOINTLY) ARISING OUT OF OR RELATING TO YOUR PARTICIPATION IN THE CONTEST OR USE OF OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE CONTEST OR ANY PRIZE EXCEED $10. THE LIMITATIONS SET FORTH IN THIS SECTION WILL NOT EXCLUDE OR LIMIT LIABILITY FOR PERSONAL INJURY OR PROPERTY DAMAGE CAUSED BY PRODUCTS RENTED FROM THE SPONSOR, OR FOR THE RELEASED PARTIES’ GROSS NEGLIGENCE, INTENTIONAL MISCONDUCT, OR FOR FRAUD.
Winner’s List: For a list of winners, mail a self-addressed, stamped envelope to: “Most Famous to Most Dangerous to Search for Online” to 100 Crown Street, New Haven, CT 06510. Requests must be received by 11/30/20.
Sponsors: McAfee Corporate Headquarters, 2821 Mission College Blvd., Santa Clara, CA 95054
Administrator: Response Marketing, 100 Crown Street 3rd Floor, New Haven, CT 06510
The post Most Dangerous Celebrity 2020 Sweepstakes appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information.
Known for his BAFTA-winning celebrity chat show and BBC radio show, the UK’s national treasure, Graham Norton, has found himself at the top of McAfee’s 2020 Most Dangerous Celebrities list.
Graham Norton is a household name thanks to his hugely popular talk show, The Graham Norton Show, which has seen him interview A-listers including Nicole Kidman, Hugh Grant and Helen Mirren. He is also known for his BBC radio show, as well as his inimitable Eurovision commentary. Not shy of celebrity friends, Norton is joined in the top ten list by fellow national treasures such as Ricky Gervais (No.2), and Idris Elba (No.7) and Mary Berry (no.10). Also included in the top ten list are British actor Tom Hardy (No.3) and Gavin and Stacey star, Ruth Jones (No.4). Rounding out the rest of the top ten are UK’s very own Mick Jagger (No.5), Aussie actress Margot Robbie (No.6) and models Kate Moss (No.8) and Bella Hadid (No.9).
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for celebrity gossip and new shows or movies to watch. For example, given Graham is strongly associated with malicious search terms, indicates that online criminals are using Britain’s love for celebrity gossip and the Eurovision for personal gain. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity film, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
Refrain from using illegal streaming sites
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Check Out the McAfee Most Dangerous Celebrity 2020 appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information.
Thanks to her recent starring roles, American actress Anna Kendrick has found herself at the top of McAfee’s 2020 Most Dangerous Celebrities list.
The Top Ten Most Dangerous Celebrities
You probably know Anna Kendrick from her popular roles in films like “Twilight,” Pitch Perfect,” and “A Simple Favor.” She also recently starred in the HBO Max series “Love Life,” as well as the 2020 children’s film “Trolls World Tour.” Kendrick is joined in the top ten list by fellow actresses Blake Lively (No. 3), Julia Roberts (No. 8), and Jason Derulo (No. 10). Also included in the top ten list are American singers Mariah Carey (No. 4), Justin Timberlake (No. 5), and Taylor Swift (No. 6). Rounding out the rest of the top ten are American rapper Sean (Diddy) Combs (No. 2), Kate McKinnon (No. 9), and late-night talk show host Jimmy Kimmel (No. 7).
Lights, Camera, Security
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows and movies to watch. However, people must understand that torrent or pirated downloads can lead to an abundance of cyberthreats. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity film, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyber threats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information. Owing to his international popularity and fan following that well resonates in India, Cristiano Ronaldo takes the top spot on the India edition of McAfee’s 2020 Most Dangerous Celebrities list.
Ronaldo is popular not only for his football skills, but also for his lifestyle, brand endorsements, yearly earnings, and large social media following, with fans devotedly tracking his every movement. This year, Ronaldo’s transfer to Juventus from Real Madrid for a reported £105M created quite a buzz, grabbing attention from football enthusiasts worldwide. Within the Top 10 list, Ronaldo is closely followed by veteran actress Tabu (No. 2) and leading Bollywood actresses, Taapsee Pannu, (No. 3) Anushka Sharma at (No. 4) and Sonakshi Sinha (No. 5). Also making the top ten is Indian singer Armaan Malik (No. 6), and young and bubbly actor Sara Ali Khan (No. 7). Rounding out the rest of the top ten are Indian actress Kangana Ranaut (No. 8), followed by popular TV soap actress Divyanka Tripathi (No. 9) and lastly, the King of Bollywood, Shah Rukh Khan (No. 10).
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows, sports, and movies to watch. For example, Ronaldo is strongly associated with malicious search terms, as fans are constantly seeking news on his personal life, as well as searching for news on his latest deals with football clubs. In addition, users may be streaming live football matches through illegal streaming platforms to avoid subscription fees. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity related news, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
Refrain from using illegal streaming sites
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Protect your online safety with a cybersecurity solution
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Use parental control software
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
Stay Updated
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List appeared first on McAfee Blogs.
Where do you get your news? There’s a good chance much of it comes from social media.
In 2019, Pew Research found that 55% of American adults said they get their news from social media either “often” or “sometimes,” which is an 8% rise over the previous year. We can visualize what that mix might look like. Some of their news on social media may come from information sources they’ve subscribed to and yet more news may appear via articles reposted or retweeted by friends.
So, as we scroll through our feeds and quickly find ourselves awash in a cascade of news and comments on the news, we also find ourselves wondering: what’s true and false here?
And that’s the right question to ask. With the advent of the internet, anyone can become a publisher. That’s one of the internet’s greatest strengths—we can all have a voice. Publishing is no longer limited to newspaper, TV, and radio ownership bodies. Yet it’s one of the internet’s greatest challenges as well—with millions of publishers out there, not everyone is posting the truth. And sometimes, people aren’t doing the posting at all.
For example, last May, researchers at Carnegie Melon University studied more than 200 million tweets about the current virus. Of the top 50 most influential retweeters, 82% of them were bots. Some 62% of the top 1,000 retweeters were bots as well. What were they retweeting? Researchers said the tweets revolved around more than 100 types of inaccurate stories that included unfounded conspiracy theories and phony cures. Researchers cited two reasons for this surge: “First, more individuals have time on their hands to create do-it-yourself bots. But the number of sophisticated groups that hire firms to run bot accounts also has increased.”
With the sheer volume of news and information we wade through each day, you can be assured that degrees of false and misleading information make their way into people’s social media mix. And that calls for all of us to build up our media literacy—which is our ability to critically analyze the media we consume for bias and accuracy.
What follows are a few basics of media literacy that can help you to discern what’s fact and what’s fiction as you scroll through your social media feed for news.
When talking about spotting truth from falsehood on social media, it helps to first define two types of falsehood: unintentional and the deliberate.
First off, there’s unintentional misinformation. We’re only human, and sometimes that means we get things wrong. We forget details, recall things incorrectly, or we pass along unverified accounts that we mistakenly take for fact. Thus, misinformation is wrong information that you don’t know is wrong. An innocent everyday example of this is when someone on your neighborhood Facebook group posts that the drug store closes at 8pm on weeknights when in fact it really closes at 7pm. They believe it closes at 8pm, but they’re simply mistaken.
That differs entirely from deliberate disinformation. This is intentionally misleading information or facts that have been manipulated to create a false narrative—typically with an ulterior motive in mind. The readiest example of this is propaganda, yet other examples also extend to deliberate untruths engineered to discredit a person, group, or institution. In other words, disinformation can take forms both large and small. It can apply to a person just as easily as it can to a major news story.
Now, let’s take a look at some habits and tactics designed to help you get a better grasp on the truth in your social media feed.
Some of the oldest advice is the best advice, and that holds true here: consider the source. Take time to examine the information you come across. Look at its source. Does that source have a track record of honesty and dealing plainly with the facts? Likewise, that source has sources too. Consider them in the same way as well.
Now, what’s the best way to go about that? For one, social media platforms are starting to embed information about publications into posts where their content is shared. For example, if a friend shares an article from The Economist, Facebook now includes a small link in the form of an “i” in a circle. Clicking on this presents information about the publication, which can give you a quick overview of its ownership, when it was founded, and so forth.
Another fact-finding trick comes by way of Michael Caufield, the Director of Blended and Networked Learning at Washington State University. He calls it: “Just Add Wikipedia.” It entails doing a search for a Wikipedia page by using the URL of an information source. For example, if you saw an article published on Vox.com, you’d simply search “Wikipedia www.vox.com.” The Wikipedia entry will give you an overview of the information source, its track record, its ownership, and if it has fired reporters or staff for false reporting. Of course, be aware that Wikipedia entries are written by public editors and contributors. These articles will only be as accurate as the source material that they are drawn from, so be sure to reference the footnotes that are cited in the entry. Reading those will let you know if the entry is informed by facts from reputable sources as well. They may open up other avenues of fact-finding as well!
A single information source or story won’t provide a complete picture. It may only cover a topic from a certain angle or narrow focus. Likewise, information sources are helmed by editors and stories are written by people—all of which have their biases, whether overt or subtle. It’s for this reason that expanding your media diet to include a broader range information sources is so important.
So, see what other information sources have to say on the same topic. Consuming news across a spectrum will expose you to thoughts and coverage you might not otherwise get if you keep your consumption to a handful of sources. The result is that you’re more broadly informed and have the ability to compare and contrast different sources and points of view. Using the tips above, you can find other reputable sources to round out your media diet.
Additionally, for a list of reputable information sources, along with the reasons why they’re reputable, check out “10 Journalism Brands Where You Find Real Facts Rather Than Alternative Facts” published by Forbes and authored by an associate professor at The King’s College in New York City. It certainly isn’t the end all, be all of lists, yet it should provide you with a good starting point.
Has a news story you’ve read or watched ever made you shake your fist at the screen or want to clap and cheer? How about something that made you fearful or simply laugh? Bits of content that evoke strong emotional responses tend to spread quickly, whether they’re articles, a post, or even a tweet. That’s a ready sign that a quick fact check could be in order.
There’s a good reason for that. Bad actors who wish to foment unrest, unease, or simply spread disinformation use emotionally driven content to plant a seed. Whether or not their original story gets picked up and viewed firsthand doesn’t matter to these bad actors. Their aim is to actually get some manner of disinformation out into the ecosystem. They rely on others who will re-post, re-tweet, or otherwise pass it along on their behalf—to the point where the original source of the information is completely lost. This is one instance where people readily begin to accept certain information as fact, even if it’s not factual at all.
Certainly, some legitimate articles will generate a response as well, yet it’s a good habit to do a quick fact check and confirm what you’ve read. This leads us right back to our earlier points about considering the source and cross-checking against other sources of information as well.
You’ve probably seen headlines similar to this before: THIS FAT-BURNING TRICK HAS DOCTORS BAFFLED! You’ll usually spot them in big blocks laden with catchy photos and illustrations, almost to the point that they look like they’re links to other news stories. They’re not. They’re ads, which often strike a sensationalistic tone.
The next time you spot one of these, look around the area of the web page where they’re placed. You should find a little graphic or snippet of text that says “Advertisement,” “Paid Sponsor,” or something similar. And there you go. You spotted some sponsored content. These so-called articles aren’t intentionally developed to misinform you. They are likely trying to bait you into buying something.
However, in some less reputable corners of the web ads like these can take you to malicious sites that install malware or expose you to other threats. Always surf with web browser protection. Good browser protection will either identify such links as malicious right away or prevent your browser from proceeding to the malicious site if you click on such a link.
So, let’s say you’ve been following these practices of media literacy for a while. What do you do when you see a friend posting what appears to be misinformation on their social media account? If you’re inclined to step in and comment, try to be helpful, not right.
We can only imagine how many spoiled relationships and “unfriendings” have occurred thanks to moments where one person comments on a post with the best intentions of “setting the record straight,” only to see tempers flare. We’ve all seen it happen. The original poster, instead of being open to the new information, digs in their heels and becomes that much more convinced of being right on the topic.
One way to keep your friendships and good feelings intact is this: instead of entering the conversation with the intention of being “right,” help people discover the facts for themselves. You can present your information as part of a discussion on the topic. So while you shouldn’t expect this to act like a magic wand that whisks away misinformation, what you can do is provide a path toward a reputable source of information that the original poster, and their friends, can follow if they wish.
Wherever your online travels take you as you read and research the news, be sure to go out there with a complete security suite. In addition to providing virus protection, it will also help protect your identity and privacy as you do anything online. Also look for an option that will protect your mobile devices too, as we spend plenty of time scrolling through our social media feeds on our smartphones.
If you’re interested in learning more about savvy media consumption, pop open a tab and give these articles a read—they’ll give you a great start:
Bots in the Twittersphere: Pew Research
How to Spot Fake News: FactCheck.org
Likewise, keep an eye on your own habits. We forward news in our social media feeds too—so follow these same good habits when you feel like it’s time to post. Make sure that what you share is truthful too.
Be safe, be well-read, and be helpful!
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Spot Fake News and Misinformation in Your Social Media Feed appeared first on McAfee Blogs.
On September 22nd, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about the potential threat from foreign actors and cybercriminals attempting to spread false information. Their joint public service announcement makes a direct statement regarding how this could affect our election:
“Foreign actors and cybercriminals could create new websites, change existing websites, and create or share corresponding social media content to spread false information in an attempt to discredit the electoral process and undermine confidence in U.S. democratic institutions.”
Their call to action is clear—critically evaluate the content you consume and to seek out reliable and verified information from trusted sources, such as state and local election officials. Not just leading up to Election Day, but during and after as well.
Here’s why: it’s estimated that roughly 75% of American voters will be eligible to vote by mail, potentially leading to some 80 million mail-in ballots being cast. That’s twice the number from the 2016 presidential election, which could prolong the normal certification process. Election results will likely take days, even weeks, to ensure every legally cast ballot is counted accurately so that the election results can ultimately get certified.
That extended stretch of time is where the concerns come in. Per the FBI and CISA:
“Foreign actors and cybercriminals could exploit the time required to certify and announce elections’ results by disseminating disinformation that includes reports of voter suppression, cyberattacks targeting election infrastructure, voter or ballot fraud, and other problems intended to convince the public of the elections’ illegitimacy.”
In short, bad actors may attempt to undermine people’s confidence in our election as the results come in.
Our moment to act as smart consumers, and sharers, of online news has never been more immediate.
Before we look at how we can combat the spread of false information this election, let’s see how it cascades across the internet.
It’s been found that false political news traveled deeper and more broadly, reached more people, and was more viral than any other category of false information, according to a Massachusetts Institute of Technology study on the spread of true and false news online, which was published by Science in 2018.
Why’s that so? In a word: people. According to the research findings,
“We found that false news was more novel than true news, which suggests that people were more likely to share novel information … Contrary to conventional wisdom, robots accelerated the spread of true and false news at the same rate, implying that false news spreads more than the truth because humans, not robots, are more likely to spread it.”
Thus, bad actors pick their topics, pumps false information about them into social media channels, and then lets people spread it by way of shares, retweets, and the like—thanks to “novel” and click-baity headlines for content people may not even read or watch, let alone fact check.
Done on a large scale, false information thus can hit millions of feeds, which is what the FBI and CISA is warning us about.
The FBI and CISA recommend the following:
If there’s a common theme across our election blogs so far, it’s trustworthiness.
Knowing which sources are deserving of our trust and being able to spot the ones that are not takes effort—such as fact-checking from reputable sources like FactCheck.org, the Associated Press, and Reuters or researching the publisher of the content in question to review their credentials. Yet that effort it worthwhile, even necessary today. The resources listed in my recent blogs can help:
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Election 2020 – Keep Misinformation from Undermining the Vote appeared first on McAfee Blogs.
When you spot a .GOV web domain tacked onto the end of a U.S. election website, that’s a strong sign you can turn to it for trustworthy election information. However, the overwhelming majority of local county election websites fail to use the .GOV domain.
Recent research by McAfee found that more than 80% of the 3,089 county election administration websites in the U.S. don’t use a .GOV domain. The concern behind that stat is this: the lack of .GOV domain usage could allow bad actors to create fake election websites—which could in turn spread disinformation about the election and potentially hamper your ability to cast a valid ballot.
Moreover, nearly 45% of those 3,089 sites fail to use HTTPS encryption, a security measure which can further prevent bad actors from re-directing voters to fake websites that can misinform them and potentially steal their personal information.
And it appears that a number of fake sites have cropped up already.
Let’s take a closer look at what’s happening and what you can do to protect your vote.
Not anyone can get a .GOV domain. It requires buyers to submit evidence to the U.S. government that they represent a legitimate government entity, such as a local, county, or state election administrative body. Thus, .GOV sites are quite difficult to fake.
Compare that to elections site that use publicly available domains like .COM, .ORG, and .US. A bad actor could easily create fake election sites by purchasing a URL with a similar or slightly mis-typed name to the legitimate election site—a practice known as typosquatting—and use it spread false information.
Typosquatted election sites are more than a theory. Just this August, it was reported that the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) issued a warning bulletin to election officials that stated, ““The FBI between March and June 2020 identified suspicious typosquatting of U.S. state and federal election domains, according to recent FBI reporting from a collaborative source.”
And just last week, the Feds issued another warning about the risk of fake websites exploiting the lack of .GOV in the names of election websites.
What makes this approach of mimicry and typosquatting so attractive to bad actors? Rather than clear the much more difficult hurdle of meddling with ballots and other vote-tabulating infrastructure, bad actors can take the relatively easier route of faking websites that pass along incorrect voter information, all in an effort to keep people from casting a valid vote in the first place.
While we have no direct control over the use of the .GOV domain and HTTPS encryption by our local election sites, there are still steps we can take to protect our vote. Here’s what you can do:
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Election 2020 – Fake Election Websites: Five Tips So You Don’t Get Fooled appeared first on McAfee Blogs.
These days, work and home mean practically the same thing. Our house is now an office space or a classroom, so that means a lot of our day-to-day happens online. We check emails, attend virtual meetings, help our children distance learn, use social media platforms to check in on our friends and family – our entire lives are digital! This increase in connectivity could mean more exposure to threats – but it doesn’t have to. That’s why this National Cybersecurity Awareness Month (NCSAM) you should learn what it means to be cyber smart.
In our third blog for this NCSAM this year, we examine what that entails. Let’s dive in.
Stay Secure While Working Remote
According to Stanford research, almost twice as many employees work from home than at the office in the U.S. in response to the COVID-19 pandemic. And this new work-from-home economy is probably only going to expand in the future. Your pets and children will continue to make surprise guest appearances on work calls, or you may continue your new job hunt from the kitchen table. But as you work on juggling your work life and personal life at home base, this doesn’t mean that you should have to juggle security threats too.
The new WFH landscape has also brought about increased risk from . Unlike corporate offices – which usually have IT staff responsible for making any necessary network security updates and patches – users’ home network security is in their own hands. This means users must ensure that their Wi-Fi connections are private and locked with a complex password or employ the help of a VPN to prevent hackers from infiltrating your work.
Be Cybersmart While Distance Learning
Work isn’t the only element of consumers’ lives that’s recently changed – school is also being conducted out of many students’ homes as they adapt to distance learning. As a result, parents are now both professionals and teachers, coaching students through new online learning obstacles. But as more students continue their curriculum from home and online activity increases, so does the possibility of exposure to inappropriate content or other threats.
For instance, the transition to distance learning has led to an increase in online students to lose valuable time meant to be spent on their education.
To help ensure that learning from home goes as smoothly as possible, parents must stay updated on the threats that could be lurking around the corner of their children’s online classrooms. Take the time to secure all the devices that power your kids’ learning with a comprehensive security solution.
Of course, everyone needs to find a balance between work, school, and play! These days, that means scavenging the internet for new content to help keep entertained at home. In fact, according to Nielson, there was an 85% increase in American streaming rates in the first three weeks of March this year compared to March 2019 reports. However, causing users to turn to other less secure alternatives such as illegal downloads and links to “free” content riddled with malware. This could open consumers up to a whole host of threats.
Users looking to stream the latest TV show or movie should be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware.
We all need to be cybersmart and aware of the threats that come with our lifestyle changes. By following these pointers, you can block threats from impacting your new day-to-day and ensure security is one less thing to worry about. When looking ahead to the future, incorporate the aforementioned pointers into your digital life so that you are prepared to take on whatever the evolving security landscape brings – now that’s being cybersmart!
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, look out for our other National Cybersecurity Awareness Month blogs, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Stay Connected and Protected During Work, School, and Play appeared first on McAfee Blogs.
Maybe you’ve seen videos where Robert Downey Jr. and other cast members of The Avengers follow the yellow brick road after they swap faces with the cast of 1939’s The Wizard of Oz. Or how about any of the umpteen videos where the face of actor Nicolas Cage is swapped with, well, everybody, from the cast of Friends to Forrest Gump. They’re funny, uncanny, and sometimes a little too real. Welcome to deepfakes, a technology that can be entertaining, yet one that has election year implications—now and for years to come.
Deepfakes are phoney video or audio recordings that look and sound real, so much so that the best of them can dupe people into thinking they’re the real thing. They’re not unlike those face-swapping apps your children or nieces and nephews may have on their phones, albeit more sophisticated. Less powerful versions of deepfaking software are used by the YouTube channels that create the videos I mentioned above. However, more sophisticated deepfake technologies have chilling repercussions when it comes to public figures, such as politicians.
Imagine creating a video of a public figure where you literally put words into their mouth. That’s what deepfakes effectively do. This can lead to threat tactics, intimidation, and personal image sabotage—and in an election year, the spread of disinformation.
Deepfakes can make you question if what you’re seeing, and hearing, is actually real. In terms of an election year, they can introduce yet another layer of doubt into our discourse—leading people to believe that a political figure has said something that they’ve never said. And, conversely, giving political figures an “out” where they might decry a genuine audio or video clip as a deepfake, when in fact it is not.
The technology and security industries have responded by rolling out their own efforts to detect and uncover deepfakes. Here at McAfee, we’ve launched McAfee Deepfakes Lab, which provides traditional news and social media organizations advanced Artificial Intelligence (AI) analysis of suspected deepfake videos intended to spread reputation-damaging lies about individuals and organizations during the 2020 U.S. election season and beyond.
However, what can you do when you encounter, or think you encounter, a deepfake on the internet? Just like in my recent blog on election misinformation, a few tips on media savvy point the way.
While the technology continually improves, there are still typical telltale signs that a video you’re watching is a deepfake. Creators of deepfakes count on you to overlook some fine details, as the technology today largely has difficulty capturing the subtle touches of their subjects. Take a look at:
This is important. Like I pointed out in my recent article on how to spot fake news and misinformation in your social media feed, deepfake content is meant to stir your emotions—whether that’s a sense of ridicule, derision, outrage, or flat-out anger. While an emotional response to some video you see isn’t a hard and fast indicator of a deepfake itself, it should give you a moment of pause. Listen to what’s being said. Consider its credibility. Question the motives of the producer or poster of the video. Look to additional credible sources to verify that the video is indeed real.
How the person speaks is important to consider as well. Another component of deepfake technology is audio deepfaking. As recently as 2019, fraudsters used audio deepfake technology to swindle nearly $250,000 dollars from a UK-based energy firm by mimicking the voice of its CEO over the phone. Like its video counterpart, audio deepfakes can sound uncannily real, or at least real enough to sow a seed of doubt. Characteristically, the technology has its shortcomings. Audio deepfakes can sound “off,” meaning that it can sound cold, like the normal and human emotional cues have been stripped away—or that the cadence is off, making it sound flat the way a robocall does.
As with all things this election season and beyond, watch carefully, listen critically. And always look for independent confirmation. For more information on our .GOV-HTTPS county website research, potential disinformation campaigns, other threats to our elections, and voter safety tips, please visit our Elections 2020 page: https://www.mcafee.com/enterprise/en-us/2020-elections.html
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Election 2020 – How to Spot Phony Deepfake Videos this Election appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.
Fitness trackers worn on the wrist, glucose monitors that test blood sugar without a prick, and connected toothbrushes that let you know when you’ve missed a spot—welcome to internet-connected healthcare. It’s new realm of care with breakthroughs big and small. Some you’ll find in your home, some you’ll find inside your doctor’s office, yet all of them are connected. Which means they all need to be protected. After all, they’re not tracking any old data. They’re tracking our health data, one of the most precious things we own.
Internet-connected healthcare, also known as connected medicine, is a broad topic. On the consumer side, it covers everything from smart watches that track health data to wireless blood pressure monitors that you can use at home. On the practitioner side, it accounts for technologies ranging from electronic patient records, network-enabled diagnostic devices, remote patient monitoring in the form of wearable devices, apps for therapy, and even small cameras that can be swallowed in the form of a pill to get a view of a patient’s digestive system.
Additionally, it also includes telemedicine visits, where you can get a medical issue diagnosed and treated remotely via your smartphone or computer by way of a video conference or a healthcare provider’s portal—which you can read about more in one of my blogs from earlier this year. In all, big digital changes are taking place in healthcare—a transformation that’s rapidly taking shape to the tune of a global market expected to top USD 534.3 billion by 2025.
Advances in digital healthcare have come more slowly compared to other aspects of our lives, such as consumer devices like phones and tablets. Security is a top reason why. Not only must a healthcare device go through a rigorous design and approval process to ensure it’s safe, sound, and effective, it also held to similar rigorous degrees of regulation when it comes to medical data privacy. For example, in the U.S., we have the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which sets privacy and security standards for certain health information.
Taken together, this requires additional development time for any connected medical device or solution, in addition to the time it takes to develop one with the proper efficacy. Healthcare device manufacturers cannot simply move as quickly as, say, a smartphone manufacturer can. And rightfully so.
However, for this blog, we’ll focus on the home and personal side of the equation, with devices like fitness trackers, glucose monitors, smart watches, and wearable devices in general—connected healthcare devices that more and more of us are purchasing on our own. To be clear, while these devices may not always be categorized as healthcare devices in the strictest (and regulatory) sense, they are gathering your health data, which you should absolutely protect. Here are some straightforward steps you can take:
Many medical IoT devices use a smartphone as an interface, and as a means of gathering, storing, and sharing health data. So whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls. Additionally, installing it will protect you and your phone in general as well.
Some IoT devices have found themselves open to attack because they come with a default username and password—which are often published on the internet. When you purchase any IoT device, set a fresh password using a strong method of password creation. And keep those passwords safe. Instead of keeping them on a notebook or on sticky notes, consider using a password manager.
You’ve probably come across two-factor authentication while banking, shopping, or logging into any other number of accounts. Using a combination of your username, password, and a security code sent to another device you own (typically a mobile phone) makes it tougher for hackers to crack your device. If your IoT device supports two-factor authentication, use it for extra security.
This is vital. Make sure you have the latest updates so that you get the latest functionality from your device. Equally important is that updates often contain security upgrades. If you can set your device to receive automatic updates, do so.
Your medical IoT device will invariably use your home Wi-Fi network to connect to the internet, just like your other devices. All the data that travels on there is personal and private use already, and that goes double for any health data that passes along it. Make sure you use a strong and unique password. Also change the name of your router so it doesn’t give away your address or identity. One more step is to check that your router is using an encryption method, like WPA2, which will keep your signal secure. You may also want to consider investing in an advanced internet router that has built-in protection, which can secure and monitor any device that connects to your network.
Similar to the above, another way you can further protect the health data you send over the internet is to use a virtual private network, or VPN. A VPN uses an encrypted connection to send and receive data, which shields it from prying eyes. A hacker attempting to eavesdrop on your session will effectively see a mish-mash of garbage data, which helps keep your health data secure.
One recent study found that 25% of U.S. homeowners with broadband internet expect to purchase a new connected consumer health or fitness device within the next year. Just be sure yours is secure. Read up on reviews and comments about the devices you’re interested in, along with news articles about their manufacturers. See what their track record is on security, such as if they’ve exposed data or otherwise left their users open to attack.
Bottom line, when we speak of connected healthcare, we’re ultimately speaking about one of the most personal things you own: your health data. That’s what’s being collected. And that’s what’s being transmitted by your home network. Take these extra measures to protect your devices, data, and yourself as you enjoy the benefits of the connected care you bring into your life and home.
The post Seven Tips for Protecting Your Internet-Connected Healthcare Devices appeared first on McAfee Blog.
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.
Imagine it’s 20 years ago and someone at a dinner party predicts that one day you could pop down to the appliance store and buy an internet-connected fridge. Your year 2000 self might have shook that off and then then asked, “Why would someone ever do that?”
Yet here we are.
Today, so much is getting connected. Our appliances, security systems, and even our coffeemakers too. So far this month, we’ve talked about protecting these connected things and securing these new digital frontiers as Internet of Things (IoT) devices transform not only our homes, but businesses and communities as well.
To wrap up Cybersecurity Awareness Month, let’s take a look ahead at how the next wave of connected devices could take shape by taking a look at the network that billions of them will find themselves on: 5G networks.
You’ve no doubt seen plenty of commercials from the big mobile carriers as they tout the rollout of their new, more powerful 5G networks. And more powerful they are. For starters, 5G is expected to operate roughly 10 times faster than the 4G LTE networks many of us enjoy now—with the potential to get yet faster than that over time.
While mention of faster speeds continues to be the top selling point in ads and the like, 5G offers another pair of big benefits: greater bandwidth and lower latency. Taken together, that means 5G networks can host more devices than before and with a near-instantaneous response time.
The implication of these advances is that billions and billions of new devices will connect to mobile networks directly, at terrific speeds, rather than to Wi-Fi networks. Of those, many billions will be IoT devices. And that means more than just phones.
What will those devices look like?
One answer is plenty more of what we’re already starting to see today—such as commercial and industrial devices that track fleet vehicles, open locks on tractor trailer deliveries based on location, monitor heating and air conditioning systems, oversee supply chains. We’ll also see more devices that manage traffic, meter utilities, and connect devices used in healthcare, energy, and agriculture. That’s in addition to the ones we’ll own ourselves, like wearables and even IoT tech in our cars.
All together, we’ll add about 15 billion new IoT devices to the 26 billion IoT devices already in play today for a total of an expected 41 billion IoT devices in 2025.
Citing those examples of IoT applications underscores the critical need for safety and security in the new 5G networks. This is a network we will count on in numerous ways. Businesses will trust their operations to the IoT devices that operate on it. Cities will run their infrastructure on 5G IoT devices. And we, as people, will use 5G networks for everything from entertainment to healthcare. Not only will IoT devices themselves need protection, yet the networks will need to be hardened for protection as well. And you can be certain that increased network security, and security in general, is a part of our future forecast.
The GSMA, an industry group representing more than 750 operators in the mobile space, calls out the inherent need for security for 5G networks in their 5G Reference Guide for Operators. In their words, “New threats will be developed as attackers are provided live service environment to develop their techniques. 5G is the first generation that recognizes this threat and has security at its foundation.” When you consider the multitude of devices and the multitude of applications that will find their way onto 5G, a “square one” emphasis on security makes absolute sense. It’s a must.
While standards and architectures are taking shape and in their first stages of implementation, we can expect operators to put even more stringent defenses in place, like improved encryption, ways of authenticating devices to ensure they’re not malicious, creating secure “slices” of the network, and more, which can all improve security.
Another consideration for security beyond the oncoming flood of emerging devices and services that’ll find their way onto 5G networks is the sheer volume of traffic and data they’ll generate. One estimate puts that figure of 5G traffic at 79.4 zettabytes (ZB) of data in 2025. (What’s a zettabyte? Imagine a 10 followed by 21 zeroes.) This will call for an evolution in security that makes further use of machine learning and AI to curb a similarly increased volume of threats—with technologies much like you see in our McAfee security products today.
“Siri/Alexa/Cortana/Google, play Neko Case I Wish I Was the Moon.”
We’ve all gotten increasingly comfy with the idea of connected devices in our homes, like our smart assistants. Just in 2018, Juniper Research estimated that there’d be some 8 billion digital voice assistants globally by 2023, thanks in large part to things like smart TVs and other devices for the home. Expect to see more IoT devices like those available for use in and around your house.
What shape and form might they take? Aside from the voice-activated variety, plenty of IoT devices will help us automate our homes more and more. For example, you might have smart sensors in your garden that can tell when your tomatoes are thirsty and activate your soaker hoses for a drink—or other smart sensors placed near your water heater that will text you when they detect a leak.
Beyond that, we’re already purchasing connected lights and smart thermostats, yet how about connecting these things all together to create presets for your home? Imagine a setting called “Movie Night,” where just a simple voice command draws the shades, lowers the lights, turns on the gas fireplace, and fires up the popcorn maker. All you need to do is get your slippers.
Next, add in a degree of household AI, which can learn your preferences and habits. Aspects of your home may run themselves and predict things for you, like the fact that you like your coffee piping hot at 5:30am on Tuesdays. Your connected coffeemaker will have it ready for you.
These scenarios were once purely of the George Jetson variety (remember him?), yet more and more people will get to indulge in these comforts and conveniences as the technology becomes more pervasive and affordable.
One point of consideration with any emerging technology like the IoT on 5G is access.
This year drove home a hard reality: access to high-speed internet, whether via mobile device or a home network is no longer a luxury. It’s a utility. Like running water. We need it to work. We need it to study. We need it to bank, shop, and simply get things done.
Yet people in underserved and rural communities in the U.S. still have no access to broadband internet in their homes. Nearly 6 in 10 of U.S. parents with lower incomes say their child may face digital obstacles in schoolwork because of reduced access to devices and quality internet service. And I’ve heard anecdotes from educators about kids taking classes online who have to pull into their school’s parking lot to get proper Wi-Fi, simply because they don’t have a quality connection at home.
The point is this: as these IoT innovations continue to knit their way into our lives and the way the world works, we can’t forget that there’s still a digital divide that will take years of effort, investment, and development before that gap gets closed. And I see us closing that gap in partnership, as people and communities, businesses and governments, all stand to benefit when access to technology increases.
So as we look to the future, my hope is that we all come to see high-speed internet connections for what they are—an absolute essential—and take the steps needed to deliver on it. That’s an advance I’d truly embrace.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 5G and the IoT: A Look Ahead at What’s Next for Your Home and Community appeared first on McAfee Blogs.
Election 2020: Make Sure Your Voice is Heard with These Tips & Best Practices
Last year, India exercised one of the greatest feats of democracy, trying to enable over 900 million people to vote in their general election. My mom lives in India, and I remember talking with her about their ambitious plans to reach every voter, no matter how remote their location. They sent poll workers deep into the jungle, and across rivers, to reach just a handful of voters. The result: a record turnout at over 67%.
In the United States, we too have an opportunity to fulfill our civic duties, with various options available to us to make sure our votes are heard. While many people choosing to mail in their votes for the very first time, there’s also a lot of confusion around election rules and security, not to mention a flood of misinformation online to be wary of.
Here at McAfee, we want to help you vote with confidence in this critical election. That’s why we’ve put together a number of tools, resources, and best practices to empower voters. Our hope is that every voice can be heard.
Demystifying Mail-In Voting
Let’s start with some questions you may have around mail-in voting, since twice as many people plan to mail in their ballots this year, compared to 2016. Of course, with the COVID-19 pandemic still active, it’s understandable that many people, especially the vulnerable, would prefer to mail their ballot, rather than go to a polling station. I personally got my mail-in ballot and am ready to mail it this week. If you haven’t decided on how to vote, you still have time to decide.
To get accurate information on mail-in voting, go directly to your state and local websites for guidance, including how to fill out your ballot, and when to turn it in. Rules vary state to state, but one thing we do know is that mail-in voting has proven to be a reliable and secure way to have your voice heard.
It’s great to see long lines to vote in some states already. If you are still concerned about election security and online scams, my colleague Judith Bitterli has written a great guide for locating reliable sources and protecting your vote (Key tip: always look for a .gov domain name).
She also has advice for making sure that your mail-in ballot counts.
Safe Election Surfing
When looking online for election resources, be aware that scammers and cybercriminals are always trying to take advantage of trending topics to misdirect users to dangerous websites and links. In fact, the FBI recently warned that bad actors have been setting up fake election websites, in an attempt to steal voters’ personal information, or get them to download dangerous files.
The Bureau suggests that you visit the U.S. Election Assistance Commission website for accurate information in a variety of languages. If you are concerned about clicking on risky links during the election or year-round, one smart action you can take is to install McAfee WebAdvisor, which warns you of risky sites before you click on them.
Although it can be tempting to believe election information posted on social media, especially by friends and family members, know that business school MIT Sloan says “fake news is at its peak” during online presidential years, and even your loved ones can be fooled.
But whether information is clickbait, or legitimate, it can still be posted to risky websites designed to steal your information, or download malware. That’s why McAfee released a new social media protection tool as part of WebAdvisor. Using color codes, the tool shows you which links are safe or risky right in your social feed, and can be used across all six major social media platforms. This makes it easier to avoid dangerous links posted on social channels. Given the increase in phishing we’ve observed in the last few months across PC and mobile platforms, a comprehensive security solution like McAfee® Total Protection can help keep your personal information and devices safe.
In-Person Voting
If you still plan to vote in person, or even better, volunteer as a poll worker, make sure that you have reliable information on voting times and locations. You’ll probably also want to look into local rules on health and safety precautions, so you are well prepared.
False and misleading information about COVID 19 has been swirling since the start of the pandemic, so it’s important that you seek verified information about the virus. Here again are some great tips from Judith on how to keep COVID misinformation from suppressing your vote.
Exercise Your Right
Now that you know how to sidestep misinformation, find trusted resources, and plan your vote — either through the mail or in person— I hope that you will exercise your right, with confidence.
The post Election 2020: Make Sure Your Voice is Heard with These Tips appeared first on McAfee Blogs.
Spooky season is among us, and ghosts and goblins aren’t the only things hiding in the shadows. Online threats are also lurking in the darkness, preparing to haunt devices and cause some hocus pocus for unsuspecting users. This Halloween season, researchers have found virtual zombies and witches among us – a new trojan that rises from the dead no matter how many times it’s deleted and malicious code that casts an evil spell to steal users’ credit card data.
Let’s unlock the mystery of these threats so you can avoid cyber-scares and continue to live your online life free from worry.
Just like zombies, malware can be a challenge to destroy. Oftentimes, it requires a user to completely wipe their device by backing up files, reinstalling the operating system, and starting from scratch. But what if this isn’t enough to stop the digital walking dead from wreaking havoc on your device?
Recently, a new type of Trojan has risen from the dead to haunt users no matter how many times it’s deleted. This zombie-like malware attaches itself to a user’s Windows 10 startup system, making it immune to system wipes since the malware can’t be found on the device’s hard drive. This stealthy malware hides on the device’s motherboard and creates a Trojan file that reinstalls the malware if the user tries to remove it. Once it sets itself up in the darkness, the malware scans for users’ private documents and sends them to an unknown host, leaving the user’s device in a ghoulish state.
A malware misfortune isn’t the only thing that users should beware of this Halloween. Cybercriminals have also managed to inject malicious code into a wireless provider’s web platform, casting an evil spell to steal users’ credit card data. The witches and warlocks allegedly responsible for casting this evil spell are part of a Magecart spin-off group that’s known for its phishing prowess. To pull off this attack, they plated a credit card skimmer onto the wireless provider’s checkout page. This allowed the hackers to exfiltrate users’ credit card data whenever they made a purchase – a spell that’s difficult to break.
While these threats might seem like just another Halloween trick, there are other forces at play. According to McAfee’s Quarterly Threats Report from July 2020, threats like malware phishing and trojans have proven opportunistic for cybercriminals as users spend more and more time online – whether it be working from home, distance learning, or connecting with friends and loved ones. In fact, McAfee Labs observed 375 threats per minute in Q1 2020 alone.
So, as hackers continue to adapt their techniques to take advantage of users spending more time online, it’s important that people educate themselves on emerging threats so they can take necessary precautions and live their digital lives free from worry.
Fortunately, there are a number of steps you can take to prevent these threats from haunting your digital life. Follow these tips to keep cybersecurity tricks at bay this spooky season:
Zombie malware is easily spread by phishing, which is when scammers try to trick you out of your private information or money. If you receive an email from an unknown user, it’s best to proceed with caution. Don’t click on any links or open any attachments in the email and delete the message altogether.
Look over your credit card accounts and bank statements often to check whether someone is fraudulently using your financial data – you can even sign up for transaction alerts that your bank or credit card company may provide. If you see any charges that you did not make, report it to the authorities immediately.
Add an extra layer of protection with a security solution like McAfee® Total Protection to help safeguard your digital life from malware and other threats. McAfee Total Protection also includes McAfee® WebAdvisor – web protection that enables users to sidestep attacks before they happen with clear warnings of risky websites, links, and files.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Trick or Treat: Avoid These Spooky Threats This Halloween appeared first on McAfee Blogs.
As the news and conversations leading up to Election Day intensify, and with early voting already in full swing, the flood of misinformation and outright disinformation online continues—and will undoubtedly continue in the days after as the results are tabulated and announced.
Perhaps you’ve seen some instances of it yourself. For instance, one recent news story reported that numerous legitimate social media accounts have shared misinformation about the vote. An example: photos of old, empty election envelopes that were properly disposed of after the 2018 election, used to make the false claim that they were uncounted votes from the 2020 election. It’d be naïve for us to think that postings like this, and others, would suddenly come to a halt on Election Day.
I touched upon this topic in my earlier blog about how misinformation online can undermine our election, yet it’s worthy of underscoring once again. It’s easy for our attention to focus on the days leading up to the election, however, this election stands to be like few others as the high volume of mail-in ballots may keep us from knowing who the certified victor is for possibly weeks after Election Day.
How that timeline plays out in practice remains to be seen, yet we should all prepare ourselves for a glut of continued misinformation and disinformation that aims to cloud the process. Feeds will get filled with it, and it’ll be up to us to make sense of what’s true and what’s false out there.
Sadly, much of onus for fact-checking will fall on us, particularly when 55% of Americans say they “often” or “sometimes” get their news via social media. There are a few reasons why:
• First, social media platforms are new to fact-checking and their processes are still developing, particularly around the transparency of their fact-checking methodology;
• Secondly, corporate leadership of the two major social media platforms have stated differing views about fact checking on their platforms;
• And third, the sheer volume of posts that these platforms pump out in any given day (or minute!) make it difficult to fact-check posts at scale.
Where does that leave us? In unprecedented times.
Historically, we’ve always had to be savvy consumers of news, where a balanced diet of media consumption allowed us to develop a clearer picture of events. Yet now, in a time of unfiltered social media, news comes to us from a multitude of publishers, bloggers, and individuals. And within that mix, it’s difficult to immediately know who the editorial teams behind those stories are—what their intentions, credentials, and leanings are—and if they’re drawing their information from bona fide, verified sources. The result is that we must read and view everything today with an increased level of healthy skepticism.
That takes work, yet my recent blog on How to Spot Fake News and Misinformation in Your Social Media Feed offers you a leg up with several pointers to help you sniff out potential falsehoods.
In addition, here’s a short list of fact-checking resources that you can turn to when something questionable comes up in your feed. Likewise, they make for good browsing even if you don’t have a specific story that you want to check up on. You can keep these handy:
• PolitiFact from the Poynter Institute
• FactCheck.org from the Annenberg Public Policy Center
• AP News Fact Check from the Associated Press
• Reuters Fact Check from Reuters News
• Snopes.com from Snopes Media Group
With the election just days away and a result that may not be declared at the end of Election Day, we all need to scrutinize the news that presents itself to us, particularly on social media. Fact-checking what you see and read, along with cross-referencing it with multiple, reputable sources, will help you get the best information possible—which is absolutely vital when it comes time to cast your ballot.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Election 2020: Lookout for Fake News Before and After the Election appeared first on McAfee Blogs.
(pictured credit: axel 795, Pixabay)
If you have teens and you haven’t yet heard of ‘Among Us’ then I guarantee it won’t be long. Among Us is an online deception and strategy game that is having a real moment worldwide. Over the last six months, it has amassed 85 million players on both PC and mobile. In September, it broke the all-time record-setting peak player ceiling on Steam when nearly 400,000 people played it simultaneously and, Google Trends reports that there were 50 times more Google searches for it at the beginning of October, as compared to the beginning of August.
Among Us is an online multi-player game that is set on a failing spaceship. Suitable for up to 10 players, it has been compared to ‘Murder in the Dark’ or ‘Murder Wink’ – the old-school party game you may have played as children.
At the start of the game, you’re advised whether you are a regular crew member or an imposter. Crew mates are tasked with completing small tasks that benefit the spaceship eg cleaning our air-conditioning ducts whereas imposters (between 1-3 players) create havoc on the spaceship and seek out victims to kill – without letting anyone know.
Every time a dead body is found, a crewmember will call a meeting to workshop who they think the imposter is. This is one of the few times players can talk to each other. As you can imagine, this can get very heated (and entertaining) as players try to implicate others and remove themselves from focus. All players then vote on who they think the imposter is – and the player with the most votes is ejected from the spaceship’s airlock.
Crewmates win by managing to repair the ship and eject all the imposters while the imposter wins by killing all the crewmates before they complete their jobs.
Among Us was actually launched in 2018 but to little fanfare. But the planets have aligned for the developers at InnerSloth and it has become one of the biggest online games ever. In fact, it’s so successful that the developers have abandoned plans for a sequel and are instead, investing their resources into perfecting the original.
There’s no doubt that pandemic life has contributed to the popularity of Among Us with many touting it as the ultimate group party game. In fact, some believe it brings all the energy and pizazz of board game night – just virtually.
It is extremely easy to learn. So, if you aren’t a gamer with years of experience (that’s me) you can absolutely play. This concept has been described by popular YouTube gamer Pegasus as ‘ingenious’ for its simplicity, and praised for its ‘extremely social’ nature.
The game is also very well priced. In fact, it’s free on mobile – but you will have to view some ads. And it’s only around $7 on a PC – so much cheaper than anything my kids have played in years!
The Classification Board here is Australia gives Among Us a PG rating which means the content is mild in impact. But they do state that PG rated content is ‘not recommended for viewing by people under the age of 15 without guidance from parents, teachers or guardians.’
In Australia, the game is rated as suitable for 9+ on the App Store. On Google Play it is nominated as suitable for ages 10+.
The role of the imposter in the game to hunt and murder players is aggressive and violent. Yes, it is a cartoon-like visual which does reduce the impact but there are still bodies left lying around after the deed is done.
Parents know their children the best. Absolutely take heed of the advice, but ultimately, you need to decide what’s suitable for them. If you do decide to let your younger children play – or they’ve already discovered it – please talk about violence in video games. Does watching violent images make them feel scared or more aggressive? Do they feel better if they talk about it or, in fact, choose to watch something less violent?
There is opportunity to chat with strangers in the game but it is less than most online games. Players can chat in the online waiting room before a game starts and of course, there is also interaction in the meetings during which the group tries to work out who the imposter is. Enabling the censor chat mode is a good option here – this limits word and aims to block out expletives however I understand that isn’t completely fool proof.
But you can choose to play the game offline, locally, which means you play only with people you know. You simply share a generated code with the players you want to join the game. I highly recommend this for younger children and teens or if you want to play the game as a family. The game can be played with as few as four players which makes an offline game far easier to get happening.
Both trust and deceit are at the core of this game. Learning who to place your trust in is part of being a successful crewmember in Among Us whilst being a master of deceit will win you the game as an imposter.
You could argue that these themes are no different to playing Murder in the Dark or even the old classic Cluedo. However, I would absolutely have a conversation with your kids about the difference between real life and online (or gaming) life. Why not weave it into your dinnertime conversation?
My boys are really enjoying playing Among Us, in fact – we have earmarked this weekend for a family game. But please ensure you are comfortable with the game before you give your kids the green light. And if you do, be assured that one of the reasons this game is so popular is because players feel like they are part of a community – and isn’t that what we all need at the moment?
‘till next time.
Alex xx
The post What You Need to Know About Among Us appeared first on McAfee Blogs.
Where would we be without our internet this year?
We’ve shopped, worked, studied and taught, job hunted, and cared for each other online this year in ways we haven’t before—not to mention entertained ourselves plenty too. As so many of us have faced challenges and outright adversity this year, it’s difficult to imagine what this year would have been like without the support of a reliable broadband internet connection. So much so, you can argue that it’s become a necessity.
For that, I’m thankful—and recognize that we have a long way to go before all of us can share in those same thanks. As I’ve mentioned in earlier blogs, fixed broadband internet access at home remains elusive for many. In the U.S. alone, one analysis shows that more than 150 million people do not use the internet at broadband speeds, which is practically half of the U.S. population.
A good question to ask here is what exactly constitutes “broadband?” The Federal Communications Commission (FCC) defines broadband speeds as 25 Megabits per second (Mbps) of download speed and 3 Mbps of upload speed. (Note that the FCC estimates only 21 million people in the U.S. are without broadband, a number widely considered to be low.)
Put in everyday terms, 25 Megabits per second of download speed is baseline figure that should provide a family of two to four people with enough capacity to engage in bandwidth-hungry activities like working from home, schooling online, or even receiving medical care through telemedicine, along with streaming to stay entertained and informed too.
As we look at that figure of 150 million underserved people, we see people who live in remote areas that simply aren’t wired for broadband yet, representing millions of rural residents and people living on tribal lands. Additionally, it also includes people in urban areas who potentially have access to a broadband connection, yet their income levels impact their ability to subscribe to it.
Obviously, a major hurdle in rolling out broadband nationwide is the 1.9 billion acres that makes up our country. The physical, technological, and financial efforts associated with building fixed broadband access across rural and remote terrain are substantial to say the least. Additionally, there are regulatory matters as well, like the rules that govern access to existing utility poles and conduits needed for broadband deployment.
Ultimately, we’re talking about connecting not just homes, but entire communities—people, businesses, libraries, granges, local government, and more. Getting them access to broadband isn’t just a commercial interest, it’s a matter of infrastructure as well. Just as water and electricity are utilities, we can argue that the internet, broadband internet, has long since evolved into a utility. The reasons are clear: education, economic growth, employment and even access to healthcare all stand to improve when broadband is available to a community, as has been seen in communities such as Chattanooga, Tennessee and in Delta County, Colorado. Thus it makes sense that connecting them has become a joint endeavor by the public and private sector.
Meanwhile, last summer, the lack of adequate broadband across Nebraska during the pandemic prompted the state’s governor and legislature to allocate pandemic relief funds and pass bills that would speed the deployment of broadband across the state. As reported by the Omaha World-Herald, one of Nebraska’s rural power district managers said of fixed broadband service, “It goes beyond economic development, it goes beyond watching Netflix, there’s some real business implications here.”
However, even in communities where broadband is physically available, pockets of low-speed connectivity exist as well. According to the Pew Research Center, only 53 percent of adults with an income under $30,000 had broadband access at home. For those with an income of between $30,000 and $100,000, that figure takes a major leap up to 81%. Instead, lower-income Americans turn to their smartphones for all their internet access. From the findings:
“As of early 2019, 26% of adults living in households earning less than $30,000 a year are “smartphone-dependent” internet users–meaning they own a smartphone but do not have broadband internet at home. In contrast, only 5% of those living in households earning $100,000 or more fall into this category in 2019.”
What does a smartphone-only internet life might look like? Pew Research Center put that into perspective in a survey where respondents were asked about job hunting on the internet. Some 32% of people with a reported household income of under $30,000 said that they submitted a job application by phone. For those households making more than $75,000, that figure was just 7%. (Cost is certainly a factor, yet it is encouraging to see that the reported average cost of broadband in the U.S. is dropping—down to $50 a month from just over $67 a month a year ago.)
That’s just one example of a smartphone-only internet, yet you can imagine how difficult it must be to create a resume, complete schoolwork, or work remotely when your internet experience is limited to the small screen of a phone. Contrast that with this year’s need to work and study at home. A low-income household that’s dependent on smartphones misses out. Their internet is a less useful and less productive internet experience. They simply can’t work, learn, and train at home like fully connected households can.
My hope in sharing this issue with you is so that we can all gain a bit of perspective. Far fewer people have access to a broadband internet experience than we might initially think, which results in a lack of connectivity that stunts the benefits and opportunities they and their communities can realize.
Granted, the solution for increasing broadband access largely rests with state-level broadband offices, budgeting and legislation at the federal government level, along with public partnerships and interest groups who are all pushing for improved broadband access. (And, in the states which allow it, municipal broadband solutions.) However, as individuals, we can let this reality shape some of our decision-making on a local level.
When library funding measures come up for approval in your community, consider giving them your “yes” vote, as they may present an opportunity to fund library locations and services where people can access free broadband. Likewise, give school levies your consideration, they may help get a computer in the hands of a student who doesn’t have one. (An 11% increase in PC, Mac, and Chromebook sales this year was largely driven by the education market, which needed to supply computers for in-home learning.) These are just a couple of ways that we can “think global, act local” and help others get access to a full broadband internet experience.
So as Thanksgiving approaches, let’s indeed say thanks for the connectivity and internet experience so many of us enjoy—and how vital that was this year. Likewise, let’s remember that our country and the communities within it still have a way to go before the overwhelming majority of us can benefit from that same experience—so that they can enjoy and be thankful for it too.
Stay Updated
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Thankful for broadband internet, and hopeful for much more appeared first on McAfee Blogs.
Video conferencing has really taken off this year. With more people working and learning from home than ever before, video calling has rapidly become the mainstream method for remote communication, allowing users to stay connected. But very few may realize that they might be giving away their passwords on video calls through their body language. According to Tom’s Guide, call participants can guess a user’s passwords through the arm and shoulder movements they make while they type.
Let’s unpack how this threat works so you can continue to connect via video calls worry-free.
Keyboard snooping, or a keyboard interference threat, occurs when an attacker is present on a video call and observes the target’s body and physiological features to infer what they are typing. To pull off this attack, the hacker would need to record the meeting or video stream and feed it through a computer program. This program eliminates the visual background and measures the user’s arm and shoulder movements relative to their face. From there, the program analyzes the user’s actions to guess which keys they are hitting on the keyboard – including passwords and other sensitive information.
So, how accurate is this program, anyway? While this shows that the program was only correct 20% of the time when subjects were on their own devices in an uncontrolled environment, the program’s accuracy increased to 75% if their password was one of the one million most commonly used passwords. And suppose the program already knew their email address or name. In that case, it could decipher when the target was typing this information during the video call (and when their password would immediately follow) 90% of the time. The less complex the target makes their password, the easier it is for the program to guess what they’re typing.
Keystroke inference attacks can have potentially dangerous effects, since the text typed can often contain sensitive or private information even beyond passwords, like credit card numbers, authentication codes, and physical addresses. It’s also important to note that any video conferencing tool or videos obtained from public video sharing/streaming platforms are susceptible to this attack.
Therefore, to prevent your meeting attendees from snooping on what you’re typing, follow these tips for greater peace-of-mind:
Avoid giving keyboard snoopers the upper hand by making your password or passphrase as unique as the information it’s protecting. If a hacker does manage to guess your password for one of your online accounts, they will likely check for repeat credentials across multiple sites. By using different passwords or passphrases for your online accounts, you can remain calm and collected knowing that the majority of your data is secure if one of your accounts becomes vulnerable.
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by criminals who may have uncovered your information by keyboard snooping.
Take your security to the next level with a password manager, like the one included in McAfee Total Protection. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords, and log you on to websites automatically.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Prevent Keyboard Snooping Attacks on Video Calls appeared first on McAfee Blogs.
FreshRSS 