Login
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about one of Microsoft’s largest Patch Tuesday updates ever, including fixes for 120 vulnerabilities and two zero-days. Also, learn about Trend Micro’s new integrations with Amazon Web Services (AWS).
Read on:
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
This week Microsoft released fixes for 120 vulnerabilities, including two zero-days, in 13 products and services as part of its monthly Patch Tuesday rollout. The August release marks its third-largest Patch Tuesday update, bringing the total number of security fixes for 2020 to 862. “If they maintain this pace, it’s quite possible for them to ship more than 1,300 patches this year,” says Dustin Childs of Trend Micro’s Zero-Day Initiative (ZDI).
Trend Micro has discovered an unusual infection related to Xcode developer projects. Upon further investigation, it was discovered that a developer’s Xcode project at large contained the source malware, which leads to a rabbit hole of malicious payloads. Most notable in our investigation is the discovery of two zero-day exploits: one is used to steal cookies via a flaw in the behavior of Data Vaults, another is used to abuse the development version of Safari.
Top Tips for Home Cybersecurity and Privacy in a Coronavirus-Impacted World: Part 1
We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on ‘the new normal’. Part one identifies the scope and specific cyber-threats of the new normal.
Trend Micro enhances agility and automation in cloud security through integrations with Amazon Web Services (AWS). Through this collaboration, Trend Micro Cloud One offers the broadest platform support and API integration to protect AWS infrastructure whether building with Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS Lambda, AWS Fargate, containers, Amazon Simple Storage Service (Amazon S3), or Amazon Virtual Private Cloud (Amazon VPC) networking.
Shedding Light on Security Considerations in Serverless Cloud Architectures
The big shift to serverless computing is imminent. According to a 2019 survey, 21% of enterprises have already adopted serverless technology, while 39% are considering it. Trend Micro’s new research on serverless computing aims to shed light on the security considerations in serverless environments and help adopters in keeping their serverless deployments as secure as possible.
In One Click: Amazon Alexa Could be Exploited for Theft of Voice History, PII, Skill Tampering
Amazon’s Alexa voice assistant could be exploited to hand over user data due to security vulnerabilities in the service’s subdomains. The smart assistant, which is found in devices such as the Amazon Echo and Echo Dot — with over 200 million shipments worldwide — was vulnerable to attackers seeking user personally identifiable information (PII) and voice recordings.
New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls
A team of academic researchers presented a new attack called ‘ReVoLTE,’ that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls. The attack doesn’t exploit any flaw in the Voice over LTE (VoLTE) protocol; instead, it leverages weak implementation of the LTE mobile network by most telecommunication providers in practice, allowing an attacker to eavesdrop on the encrypted phone calls made by targeted victims.
An Advanced Group Specializing in Corporate Espionage is on a Hacking Spree
A Russian-speaking hacking group specializing in corporate espionage has carried out 26 campaigns since 2018 in attempts to steal vast amounts of data from the private sector, according to new findings. The hacking group, dubbed RedCurl, stole confidential corporate documents including contracts, financial documents, employee records and legal records, according to research published this week by the security firm Group-IB.
Walgreens Discloses Data Breach Impacting Personal Health Information of More Than 72,000 Customers
The second-largest pharmacy chain in the U.S. recently disclosed a data breach that may have compromised the personal health information (PHI) of more than 72,000 individuals across the United States. According to Walgreens spokesman Jim Cohn, prescription information of customers was stolen during May protests, when around 180 of the company’s 9,277 locations were looted.
Top Tips for Home Cybersecurity and Privacy in a Coronavirus-Impacted World: Part 2
The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. In the final blog of this two-part series, Trend Micro discusses what you can do to protect your family, your data, and access to your corporate accounts.
What are your thoughts on Trend Micro’s tips to make your home cybersecurity and privacy stronger in the COVID-19-impacted world? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Microsoft Patches 120 Vulnerabilities, Including Two Zero-Days and Trend Micro Brings DevOps Agility and Automation to Security Operations Through Integration with AWS Solutions appeared first on .
Note: This article originally appeared in Verisign’s Q3 2020 Domain Name Industry Brief.
Verisign is deeply committed to protecting our critical internet infrastructure from potential cybersecurity threats, and to keeping up to date on the changing cyber landscape.
Over the years, cybercriminals have grown more sophisticated, adapting to changing business practices and diversifying their approaches in non-traditional ways. We have seen security threats continue to evolve in 2020, as many businesses have shifted to a work from home posture due to the COVID-19 pandemic. For example, the phenomenon of “Zoom-bombing” video meetings and online learning sessions had not been a widespread issue until, suddenly, it became one.
As more people began accessing company applications and files over their home networks, IT departments implemented new tools and set new policies to find the right balance between protecting company assets and sensitive information, and enabling employees to be just as productive at home as they would be in the office. Even the exponential jump in the use of home-networked printers that might or might not be properly secured represented a new security consideration for some corporate IT teams.
An increase in phishing scams accompanied this shift in working patterns. About a month after much of the global workforce began working from home in greater numbers, the Federal Bureau of Investigation (FBI) reported about a 300 percent to 400 percent spike in cybersecurity complaints received by its Internet Crime Complaint Center (IC3) each day. According to the International Criminal Police Organization (Interpol), “[o]f global cyber-scams, 59% are coming in the form of spear phishing.” These phishing campaigns targeted an array of sectors, such as healthcare and government agencies, by imitating health experts or COVID-related charities.
Proactive steps can help businesses improve their cybersecurity hygiene and guard against phishing scams. One of these steps is for companies to focus part of their efforts on educating employees on how to detect and avoid malicious websites in phishing emails. Companies can start by building employee understanding of how to identify the destination domain of a URL (Uniform Resource Locator – commonly referring to as “links”) embedded in an email that may be malicious. URLs can be complex and confusing and cybercriminals, who are well aware of that complexity, often use deceptive tactics within the URLs to mask the malicious destination domain. Companies can take proactive steps to inform their employees of these deceptive tactics and help them avoid malicious websites. Some of the most common tactics are described in Table 1 below.
| Tactic | What is it? |
| Combosquatting | Adding words such as “secure,” “login” or “account” to a familiar domain name to trick users into thinking it is affiliated with the known domain name. |
| Typosquatting | Using domain names that resemble a familiar name but incorporate common typographical mistakes, such as reversing letters or leaving out or adding a character. |
| Levelsquatting | Using familiar names/domain names as part of a subdomain within a URL, making it difficult to discover the real destination domain. |
| Homograph attacks | Using homograph, or lookalike, domain names, such as substituting the uppercase “I” or number “1” where a lowercase “L” should have been used, or using “é” instead of an “e.” |
| Misplaced domain | Planting familiar domain names within the URL as a way of adding a familiar domain name into a complex-looking URL. The familiar domain name could be found in a path (after a “/”), as part of the additional parameters (after a “?”), as an anchor/fragment identifier (after a “#”) or in the HTTP credentials (before “@”). |
| URL-encoded characters | Placing URL-encoded characters (%[code]), which are sometimes used in URL parameters, into the domain name itself. |
Teaching users to find and understand the domain portion of the URL can have lasting and positive effects on an organization’s ability to avoid phishing links. By providing employees (and their families) with this basic information, companies can better protect themselves against cybersecurity issues such as compromised networks, financial losses and data breaches.
To learn more about what you can do to protect yourself and your business against possible cyber threats, check out the STOP. THINK. CONNECT. campaign online at https://www.stopthinkconnect.org. STOP. THINK. CONNECT. is a global online safety awareness campaign led by the National Cyber Security Alliance and in partnership with the Anti-Phishing Working Group to help all digital citizens stay safer and more secure online.
The post Cybersecurity Considerations in the Work-From-Home Era appeared first on Verisign Blog.
As a leader in cybersecurity, we at McAfee understand that every aspect of your digital life has potential weak spots that could make you vulnerable to threats and attacks. By incorporating security into everything you do online, you’re better protected from potential threats. To mount your offense, we’ve enlisted a team of partners that puts your security needs first, seamlessly blending our security with their services so you can live a confident life online. We bring our McAfee security teams together with industry players like PC & smartphone manufacturers, software & operating system developers, and more to make sure we can keep scoring security wins for you.
When was the last time you worried about security while you were shopping for a new PC? You were probably checking out the specs, price, and making sure it had all the capabilities you needed for working remotely, distance learning, and maybe a little gaming. And that’s all in addition to the day-to-day productivity, banking, and browsing you do. Like a strong defensive line, HP, Dell, Lenovo, and ASUS work closely with us to make sure that your personal data and devices are secure, especially as you spend more time online than ever before. That’s why so many new PCs are preloaded with a free McAfee® LiveSafe trial to provide integrated protection from malware, viruses, and spyware from day 1 with minimal impact on performance.
McAfee protection goes beyond just antivirus. We help you keep apps and Windows up to date and patched against vulnerabilities, block intruders with our firewall, and help you clean up cookies and temporary files to minimize the digital footprint on your PC.
We build our security directly into the devices consumers rely on for everything from remote yoga to distance learning, so that they know they’ll be safer online, regardless of what their new normal looks like.
Part of a good defense is understanding how the game has changed. We recognize that our customers are using multiple devices to connect online these days. In fact, their primary device may not even be a computer. That’s why we work with mobile providers to ensure customers like you have access to our comprehensive multidevice security options. Devices like mobile phones and tablets allow users to access social media, stream content, and even bank on their terms. For that reason, our mobile protection includes features like VPN, so that you can connect any time, any place safely and use your apps securely.
Our online and brick & mortar retail partners are also irreplaceable on the field. We understand that shopping for security can be complicated – even intimidating – when faced with a wall of choices. Whether you’re in-store or browsing online, we’ll work together to address your security needs so that your devices and personal data are protected with the solution that works best for you. Many of our retailers offer additional installation and upgrade support so you can have one less thing to worry about.
Your web browser is more than a shortcut to the best chocolate chip cookie recipe; it connects you to endless content, information, and communication. Equally important is your operating system, the backbone that powers every app you install, every preference you save, and every vacation destination wallpaper that cycles through. We partner closely with web browsers, operating systems, and other software developers to ensure that our opponents can’t find holes in our defense. Everything that seamlessly works in the background stays that way, helping stop threats and intruders dead in their tracks. Whether it’s routine software updates or color-coded icons that help differentiate safe websites from phishing scams, we’re calling safety plays that keep our customers in the game.
At McAfee, we work tirelessly to do what we do best: blocking the threats you see, and even the ones you don’t. These days your “digital life” blurs the lines between security, identity, and privacy. So, we go into the dark web to hunt down leaked personal info stolen by identity thieves. We include Secure VPN in all our suites to give you privacy online. It’s these capabilities that strengthen both the offense and defense in our starting lineup of security suites like McAfee® Total Protection and McAfee® LiveSafe.
In short, your protection goes from a few reminders to scan your device to a team of experts helping you stay primed for the playoffs. It’s a roster that includes technology and humans solely devoted to staying ahead of the bad guys, from McAfee Advanced Threat Research (ATR) investigating and reporting like to artificial intelligence and machine learning that strengthens with every threat from every device. In fact, in just the first three months of this year, our labs detected over six threats per second!
Cybercriminals may be taking advantage of this current moment, but together, we can ensure our defense holds strong. After all, defense wins championships.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Together, We Block and Tackle to Give You Peace of Mind appeared first on McAfee Blogs.
2020 has propelled us into a new digital reality – one where we are reliant on technology to help us maintain our way of life. This forced all age groups, from 8-80, to learn how to conduct their day-to-day online. I personally had my mother asking a million questions about how to video conference!
But while we’re all looking to remain connected, we need to also focus on staying protected. For those of us a little more tech-savvy, that means helping our family and friends learn how this new digital reality impacts online security.
Let’s examine what that entails.
Digital healthcare’s rise was predicted back in January when Bain & Company reported that 40% of U.S. physicians expect to start using telemedicine over the next two years. Then came COVID-19, which drove healthcare providers to turn toward digital options to deliver socially distanced patient care. Many PCPs moved almost entirely to telehealth, with half of those surveyed using telemedicine in over 75% of their patient care.
While telehealth significantly increases patient care availability, there are also intrinsic privacy and security risks that go along with it. For example, telehealth requires that patients submit their health information through online platforms – some of which lack the proper data safeguards and don’t meet HIPAA requirements. Like all data transferred over the internet, private health information used for telemedicine could be intercepted by hackers if users don’t take proper security precautions. This means ensuring you and your loved one employ best practices – locking your platform account with a strong password, ensuring you only give your personal information to your doctor or verified resource, etc. These simple steps from McAfee experts are more important than ever before, as the healthcare industry is a preferred target for criminals.
School may be back in session, but it looks pretty different than previous years. For parents, this means navigating the unknown terrain that is a virtual classroom – and how the new environment affects your family’s online security.
Distance learning has led to a substantial spike in online video conferencing tools to conduct virtual lectures – which is only compounded by the fact that kids are already constantly on devices to play and socialize. However, some of the tools they use have proven to lack necessary security measures, which could jeopardize your students’ academic success and online security. Beyond video platform concerns, the combination of increased personal device usage on not-as-secure home networks poses a threat of its own.
Parents must ensure their students succeed – at both school and security. While they’re helping kids adjust to distance learning, parents can help keep them safe online by conducting router firmware updates, changing any default passwords on home networks, and leveraging a VPN. Additionally, parents must teach kids good security hygiene, such as always updating an app or device when an update is available. With parents juggling so much right now, they can also look for some extra support in the form of a comprehensive security solution that covers all their family’s devices with an extra layer of protection.
Many consumers have adopted digital financial services to make contactless payments or participate in online banking – some for convenience, others to help minimize contact in light of recent events. However, as this tech grows, so does the need for up-to-date security.
As users incorporate digital financial services into their everyday lives, they may fall victim to the risks commonly associated with making online payments. My mother, for example, is new to mobile banking and doesn’t know to look out for targeted phishing attacks from hackers who are trying to trick her out of money. Even the most tech-savvy online banking users can fall victim to more sophisticated phishing schemes out there.
To ensure cybercriminals don’t trick my mom into sharing sensitive information by impersonating her bank, we’ve discussed some ways she can identify an attack. Now, she knows to always hover over suspicious links, avoid interacting with messages from unknown senders, and to go directly to her bank’s official website.
We can use technology to adapt and grow during this time, just as long as we all employ security best practices. So, whether it be telehealth, distance learning, or digital finances, your family should always keep the aforementioned tips top of mind.
And remember – you’re not in this alone. You’ve got the support you need during this new digital reality in the form of a comprehensive security solution, McAfee® Total Protection. With this solution, consumers are safeguarded from malware with cloud-based threat protection that uses behavioral algorithms to detect new threats. It includes comprehensive internet security, multi-faceted privacy protection, and our secure VPN to ensure your family is prepared for any potential threat.
With robust, comprehensive security in place, your family’s devices will be consistently protected from the latest threats that came from our digital reality. With all these devices safe, everyone’s online life is free from worry.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Telehealth, Distance Learning, & Online Banking: Securing Digital Frontiers appeared first on McAfee Blogs.
If you’re thinking career change or career shift, there’s a field that has an estimated 4 million jobs open. Cybersecurity.
According to survey and research data from the International Cybersecurity Organization (ICS)2, there’s a cybersecurity workforce gap—a terrifically high volume of jobs left unfilled. Published in 2019, the gap they identified looked like this:
Needless to say, there’s opportunity in the field for both technical and non-technical roles.
Here’s an important thing to keep in mind about cybersecurity:, it’s not solely about understanding technology. It’s about understanding people too and how people and technology interact.
The moment you see cybersecurity through that broader lens, you can see how the field opens widely to encompass a range of roles. Of course, there are analysts and engineers, yet it also includes other roles like digital forensics and cyber investigation, healthcare information security, cryptography, and even cyber law. Additionally, there’s needed expertise in the realms of privacy, governance, ethics, and even digital ethics. And if you take a role with a security company such as ours, the opportunity further extends to positions in account management, marketing, and operations. (In fact, you can drop by our careers page for a look at our current openings and what workday life is like around here.)
There are plenty of reasons. Above that data published in 2019, our unprecedented reliance on the internet to work, learn, and stay connected in 2020, demand for cybersecurity jobs is yet more so on the rise. As so many of us turned increasingly to the internet to get through our day, the same is true for hackers and crooks.
With that, let’s take a quick look at several of the factors working in your favor as you consider a change.
We’ve all seen the news stories of major breaches at big retailers, credit reporting agencies, hotels, and even healthcare providers. It’s not just the private sector that’s been grappling with cybersecurity concerns, there’s need in the public sector as well—like municipalities. In all, every organization needs cybersecurity (just as we all need cybersecurity for our homes), and thus there’s plenty of opportunity out there. Using just one of the many possible cybersecurity roles as an example, the U.S. Bureau of Labor Statistics predicts a 32% increase in demand for information security analysts through 2028—which is far higher than the average of other professions.
In fact, the same (ICS)2 survey discovered that only 42% of current cybersecurity pros said that their first job after higher education was in the field of cybersecurity. In other words, the majority of cybersecurity pros ended up that way by some means of career shift or change. And they got there through certifications and training rather than by way of a degree from a college or university.
Our own Chief Human Resources Officer, Chatelle Lynch, put it quite well in an interview with Business Insider just a few weeks ago: “It’s no secret that the demand for cybersecurity staff has steadily grown over the past decade,” she says. “This means opportunity, so if you don’t have a degree, don’t let that slow you down. You may have unique work experience or relevant certifications, alternative learning, or transferable skills that you need to make sure you highlight when applying and interviewing.”
For example, she goes on to say that prior military service, IT experience, and volunteer or hobbyist activities (even online gaming) are a good foundation for cybersecurity roles.
These skills absolutely apply, and they’re sought after skills as well. The ability to work independently, lead projects, write and document well, and particularly strong people skills are vital for a role where you’ll be interfacing with numerous individuals, departments, and business units. Likewise, as called out above, certain roles focus more on the non-technical side of security solutions.
The beauty of making a career change to cybersecurity is that there are plenty of ways you can get it done at home and on your time.
If you’re just getting started, you can test the waters for free or at relatively low cost with a Massively Open Online Course (MOOC) that gives you the basics on cybersecurity. Future Learn’s “Introduction to Cybersecurity” from The Open University is one example of an intro program, as is the University of Michigan’s “Securing Digital Democracy” class that’s offered through Coursera.
If you’re already an IT pro or have a strong technical background, there are similar MOOC courses available that cater to your current level of knowledge and skill. The University of Maryland’s “Cybersecurity Specialization” and “Usable Security” are geared accordingly.
For a list of cybersecurity programs available online, drop by CyberDegrees.org. Their listing is one of many good places to start.
Other free and low-cost avenues out there include subscribing to some security bloggers, grabbing some hands-on work with coding and IT networking fundamentals from online learning companies like Udemy, Codecademy, and Khan Academy, or joining some online cybersecurity groups for a little professional networking. In all, there’s plenty of opportunity to learn from others, both in structured class settings and in more unstructured peer and mentorship relationships.
When you’re ready to start your job search, there’s a good chance that your interview will be conducted online. Online interviews have been part of the job-hunting landscape for a few years now, yet with many employers enacting work from home measures, it’s the way hiring gets done right now. I expect this to continue, as employers have embraced its many benefits, particularly in the early stages of interviews. If the prospect of an online interview is new to you, I put together a pair of articles this spring that can help.
As you make the jump, here’s the most important thing you’ll need: a love of technology and a desire to protect the people who use it. If you can combine a drive to understand both technology and people better with the further drive to see it all through, you’ll be well on your way. Like any career shift or change, there’s work ahead, yet it’s my impression that our field is a welcoming and supportive one—and very much on a keen lookout for new talent.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Career change? Cybersecurity companies are hiring. appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness in conjunction with the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA). McAfee is pleased to announce that we’re a proud participant.
If there’s ever a year to observe Cybersecurity Awareness Month, this is it.
As millions worked, schooled, and simply entertained themselves at home (and continue to do so) this year, internet usage increased by up to 70%. Not surprisingly, cybercriminals followed. Looking at our threat dashboard statistics for the year so far, you’ll see:
And that doesn’t account for the millions of other online scams, ransomware, malicious sites, and malware out there in general—of which COVID-19-themed attacks are just a small percentage.
With such a high reliance on the internet right now, 2020 is an excellent year to observe Cybersecurity Awareness Month, along with its focus on what we can do collectively to stay safer together in light of today’s threats.
Unified under the hashtag #BeCyberSmart, Cybersecurity Awareness Month calls on individuals and organizations alike to take charge of protecting their slice of cyberspace. The aim, above making ourselves safer, is to make everyone safer by having us do our part to make the internet safer for all. In the words of the organizers, “If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees, our interconnected world will be safer and more resilient for everyone.”
Throughout October, we’re participating as well. Here in our blogs and across our broad and ongoing efforts to boost everyone’s awareness and expertise in cybersecurity and simply staying safe online, we’ll be supporting one key theme each week:
If you’ve kept up with our blogs, this is a theme you’ll know well. The idea behind “If you connect it, protect it” is that the line between our lives online and offline gets blurrier every day. For starters, the average person worldwide spends nearly 7 hours a day online thanks in large part to mobile devices and the time we spend actively connected on our computers. However, we’re also connecting our homes with Internet of Things (IoT) devices—all for an average of 10 connected devices in our homes in the U.S. So even when we don’t have a device in our hand, we’re still connected.
With this increasing number of connections comes an increasing number of opportunities—and challenges. During this weel, we’ll take a look at how internet-connected devices have impacted our lives and how you can take steps that reduce your risk.
As we shared at the open of this article, this year saw a major disruption in the way we work, learn, and socialize online. There’s no question that our reliance on the internet, a safe internet, is greater than before. And that calls for a fresh look at the way people and businesses look at security.
This week of Cybersecurity Awareness Month will focus on steps users and organizations can take to protect internet connected devices for both personal and professional use, all in light of a whole new set of potential vulnerabilities that are taking root.
Earlier this year, one of our articles on telemedicine reported that 39% of North Americans and Europeans consulted a doctor or health care provider online for the first time in 2020. stand as just one example of the many ways that the healthcare industry has embraced connected care. Another noteworthy example comes in the form of internet-connected medical devices, which are found inside care facilities and even worn by patients as they go about their day.
As this trend in medicine has introduced numerous benefits, such as digital health records, patient wellness apps, and more timely care, it’s also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit. Here we’ll explore this topic and share what steps both can take do their part and #BeCyberSmart.
The growing trend of homeowners and businesses alike connecting all manner of things across the Internet of Things (IoT) continues. In our homes, we have smart assistants, smart security systems, smart door locks, and numerous other home IoT devices that all need to be protected. Businesses manage their fleets, optimize their supply chain, and run their HVAC systems with IoT devices, which also beg protection too as hackers employ new avenues of attack, such as GPS spoofing. And these are just a fraction of the applications that we can mention as the world races toward a predicted 50 billion IoT devices by 2030.
As part of Cybersecurity Awareness Month, we’ll look at the future of connected devices and how both people and businesses can protect themselves, their operations, and others.
As Cybersecurity Awareness Month ramps up, it presents an opportunity for each of us to take a look at our habits and to get a refresher on things we can do right now to keep ourselves, and our internet, a safer place. This brief list should give you a great start, along with a catalog of articles on identity theft, family safety, mobile & IoT security, and our regularly updated consumer threat notices.
Given the dozens of accounts you need to protect—from your social media accounts to your financial accounts—coming up with strong passwords can take both time and effort. Rather than keeping them on scraps of paper or in a notebook (and absolutely not on an unprotected file on your computer), consider using a password manager. It acts as a database for all your passwords and stores new codes as you create them. With just a single password, you can access all the tools your password manager offers.
Phishing scams like these are an old standard. If you receive an email or text from an unknown person or party that asks you to download software, share personal information, or take some kind of action, don’t click on anything. This will steer you clear of any scams or malicious content.
However, more sophisticated phishing attacks can look like they’re actually coming from a legitimate organization. Instead of clicking on a link within the email or text, it’s best to go straight to the organization’s website or contact customer service. Also, you can hover over the link and get a link preview. If the URL looks suspicious, delete the message and move on.
Avoid hackers infiltrating your network by using a VPN, which allows you to send and receive data while encrypting – or scrambling – your information so others can’t read it. By helping to protect your network, VPNs also prevent hackers from accessing other devices (work or personal) connected to your Wi-Fi.
In addition, use a robust security software like McAfee® Total Protection, which helps to defend your entire family from the latest threats and malware while providing safe web browsing.
At a time where data breaches occur and our identity is at risk of being stolen, checking your credit is a habit to get into. Aside from checking your existing accounts for false charges, checking your credit can spot if a fraudulent account has been opened in your name.
It’s a relatively straightforward process. In the U.S., the Fair Credit Reporting Act (FCRA) requires credit reporting agencies to provide you with a free credit check at least once every 12 months. Get your free credit report here from the U.S. Federal Trade Commission (FTC). Other nations provide similar services, such as the free credit reports for UK customers.
To track malicious pandemic-related campaigns, McAfee Advanced Programs Group (APG) has published a COVID-19 Threat Dashboard, which includes top threats leveraging the pandemic, most targeted verticals and countries, and most utilized threat types and volume over time. The dashboard is updated daily at 4pm ET.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cybersecurity Awareness Month Helps Us All be #BeCyberSmart appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.
We live in a day and age when even lightbulbs can be hacked.
Perhaps you’ve caught the stories in the news: various devices like home cameras, smart appliances, and other Internet of Things (IoT) devices falling prey to hackers and attacks, such as when the Mirai botnet took out large swathes of the internet in 2016. As posted by Statista, estimates project that the world will have nearly 40 billion IoT devices in the next five years and upwards of 50 billion by 2030. That’s in homes and businesses alike, ranging anywhere from digital assistants, smart watches, medical devices, thermostats, vehicle fleet management devices, smart locks, and yes, even the humble lightbulb—and like our computers, laptops, smartphones, and tablets, they all need to be protected.
The reason is simple: your network is only as safe as the weakest device that’s on it. And we’re putting so much more on our networks than ever before. In effect, that means our homes have more targets for hackers than ever before as well. In the hands of a dedicated crook, one poorly protected device can open the door to your entire network—much like a thief stealing a bike by prying open the weak link in a chain lock. Therefore, so goes the saying, “If You Connect It, Protect It.”
What’s challenging is that our IoT devices don’t always lend themselves to the same sort of protections like our computers, laptops, and phones do. For example, you can’t actually install security software directly on them. However, there are things you can do to protect those devices, and the network they’re on too.
Just because that new smart device that’s caught your eye can connect to the internet doesn’t mean that it’s secure. Before you purchase, read up on reviews and comments from other customers. Look for news articles about the device manufacturer too. The fact of the matter is that some IoT device manufacturers are much better at baking security protocols into their devices than others, so look into their track record to see if you can uncover any issues with their products or security practices. Information such as this can help you make an even more informed choice.
One issue with many IoT devices is that they often come with a default username and password. This could mean that your device, and thousands of others just like it, all share the same credentials, which makes it painfully easy for a hacker to gain access to them as those default usernames and passwords are often published online.
When you purchase an IoT device, set a fresh password using a strong method of password creation. And keep those passwords safe. Instead of keeping them on a notebook or on sticky notes, consider using a password manager. It acts as a database for all your passwords and stores new codes as you create them. As always, don’t store them in an unprotected file on your computer, which can be subject to a hack or data loss.
Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to make sure that we’re logging in we really are who we say we are. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own, like your mobile phone. Thus when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.
Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all of your devices—computers, tablets, and phones, along with your IoT devices as well. That means it’s vital to keep your router secure. A quick word about routers: you typically access them via a browser window and a specific address that’s usually printed somewhere on your router. If you’re renting your router or you’ve purchased it through your internet provider, they should have help documentation that can guide you through this the process. Likewise, if you purchased your own, your manual should provide the guidance you need.
As we mentioned above, the first thing to do is change the default password and name of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too. While you’re making that change, you can also check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you’re unsure, reach out to your internet provider or check the documentation that came with your router.
Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices, like computers and smartphones, along with the data and info that you have stored on them. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
Another line of defense that can hamper hackers is using a VPN, which allows you to send and receive data while encrypting your information so others can’t read it. When your data traffic is scrambled that way, it’s shielded from prying eyes, which helps protect your network and the devices you have connected to it.
As with our computers, laptops, phones, tablets, and apps, make sure you have the latest software updates for your IoT devices. The reasons here are the same: one, they’ll make sure you’re getting the latest functionality from your device; and two, updates often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest.
You’ve probably seen that you can control a lot of your connected things with your smartphone. We’re using them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” our smartphones—so protecting our phones has become yet more important. Whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls—in addition to you and the phone as well.
And of course, let’s not forget our computers and laptops. While we’ve been primarily talking about IoT devices here, it’s a good reminder that computers and laptops need protection too. Using a strong suite of security software like McAfee® Total Protection, can help defend your entire family from the latest threats and malware, make it safer to browse, and look out for your privacy too.
We’re connecting our homes and ourselves with IoT devices at an tremendous rate—now at an average of 10 connected devices in our homes in the U.S. Gone by are the days when all we had was a computer or phone or two to look after. Now, even when we’re not in front of a laptop or have a smartphone in our hand, we’re still online, nearly all the time. Take this week to make sure that what you’ve connected is protected. Even that little lightbulb.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cybersecurity Awareness Month: If You Connect It, Protect It appeared first on McAfee Blogs.
These days, work and home mean practically the same thing. Our house is now an office space or a classroom, so that means a lot of our day-to-day happens online. We check emails, attend virtual meetings, help our children distance learn, use social media platforms to check in on our friends and family – our entire lives are digital! This increase in connectivity could mean more exposure to threats – but it doesn’t have to. That’s why this National Cybersecurity Awareness Month (NCSAM) you should learn what it means to be cyber smart.
In our third blog for this NCSAM this year, we examine what that entails. Let’s dive in.
Stay Secure While Working Remote
According to Stanford research, almost twice as many employees work from home than at the office in the U.S. in response to the COVID-19 pandemic. And this new work-from-home economy is probably only going to expand in the future. Your pets and children will continue to make surprise guest appearances on work calls, or you may continue your new job hunt from the kitchen table. But as you work on juggling your work life and personal life at home base, this doesn’t mean that you should have to juggle security threats too.
The new WFH landscape has also brought about increased risk from . Unlike corporate offices – which usually have IT staff responsible for making any necessary network security updates and patches – users’ home network security is in their own hands. This means users must ensure that their Wi-Fi connections are private and locked with a complex password or employ the help of a VPN to prevent hackers from infiltrating your work.
Be Cybersmart While Distance Learning
Work isn’t the only element of consumers’ lives that’s recently changed – school is also being conducted out of many students’ homes as they adapt to distance learning. As a result, parents are now both professionals and teachers, coaching students through new online learning obstacles. But as more students continue their curriculum from home and online activity increases, so does the possibility of exposure to inappropriate content or other threats.
For instance, the transition to distance learning has led to an increase in online students to lose valuable time meant to be spent on their education.
To help ensure that learning from home goes as smoothly as possible, parents must stay updated on the threats that could be lurking around the corner of their children’s online classrooms. Take the time to secure all the devices that power your kids’ learning with a comprehensive security solution.
Of course, everyone needs to find a balance between work, school, and play! These days, that means scavenging the internet for new content to help keep entertained at home. In fact, according to Nielson, there was an 85% increase in American streaming rates in the first three weeks of March this year compared to March 2019 reports. However, causing users to turn to other less secure alternatives such as illegal downloads and links to “free” content riddled with malware. This could open consumers up to a whole host of threats.
Users looking to stream the latest TV show or movie should be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware.
We all need to be cybersmart and aware of the threats that come with our lifestyle changes. By following these pointers, you can block threats from impacting your new day-to-day and ensure security is one less thing to worry about. When looking ahead to the future, incorporate the aforementioned pointers into your digital life so that you are prepared to take on whatever the evolving security landscape brings – now that’s being cybersmart!
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, look out for our other National Cybersecurity Awareness Month blogs, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Stay Connected and Protected During Work, School, and Play appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.
Fitness trackers worn on the wrist, glucose monitors that test blood sugar without a prick, and connected toothbrushes that let you know when you’ve missed a spot—welcome to internet-connected healthcare. It’s new realm of care with breakthroughs big and small. Some you’ll find in your home, some you’ll find inside your doctor’s office, yet all of them are connected. Which means they all need to be protected. After all, they’re not tracking any old data. They’re tracking our health data, one of the most precious things we own.
Internet-connected healthcare, also known as connected medicine, is a broad topic. On the consumer side, it covers everything from smart watches that track health data to wireless blood pressure monitors that you can use at home. On the practitioner side, it accounts for technologies ranging from electronic patient records, network-enabled diagnostic devices, remote patient monitoring in the form of wearable devices, apps for therapy, and even small cameras that can be swallowed in the form of a pill to get a view of a patient’s digestive system.
Additionally, it also includes telemedicine visits, where you can get a medical issue diagnosed and treated remotely via your smartphone or computer by way of a video conference or a healthcare provider’s portal—which you can read about more in one of my blogs from earlier this year. In all, big digital changes are taking place in healthcare—a transformation that’s rapidly taking shape to the tune of a global market expected to top USD 534.3 billion by 2025.
Advances in digital healthcare have come more slowly compared to other aspects of our lives, such as consumer devices like phones and tablets. Security is a top reason why. Not only must a healthcare device go through a rigorous design and approval process to ensure it’s safe, sound, and effective, it also held to similar rigorous degrees of regulation when it comes to medical data privacy. For example, in the U.S., we have the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which sets privacy and security standards for certain health information.
Taken together, this requires additional development time for any connected medical device or solution, in addition to the time it takes to develop one with the proper efficacy. Healthcare device manufacturers cannot simply move as quickly as, say, a smartphone manufacturer can. And rightfully so.
However, for this blog, we’ll focus on the home and personal side of the equation, with devices like fitness trackers, glucose monitors, smart watches, and wearable devices in general—connected healthcare devices that more and more of us are purchasing on our own. To be clear, while these devices may not always be categorized as healthcare devices in the strictest (and regulatory) sense, they are gathering your health data, which you should absolutely protect. Here are some straightforward steps you can take:
Many medical IoT devices use a smartphone as an interface, and as a means of gathering, storing, and sharing health data. So whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls. Additionally, installing it will protect you and your phone in general as well.
Some IoT devices have found themselves open to attack because they come with a default username and password—which are often published on the internet. When you purchase any IoT device, set a fresh password using a strong method of password creation. And keep those passwords safe. Instead of keeping them on a notebook or on sticky notes, consider using a password manager.
You’ve probably come across two-factor authentication while banking, shopping, or logging into any other number of accounts. Using a combination of your username, password, and a security code sent to another device you own (typically a mobile phone) makes it tougher for hackers to crack your device. If your IoT device supports two-factor authentication, use it for extra security.
This is vital. Make sure you have the latest updates so that you get the latest functionality from your device. Equally important is that updates often contain security upgrades. If you can set your device to receive automatic updates, do so.
Your medical IoT device will invariably use your home Wi-Fi network to connect to the internet, just like your other devices. All the data that travels on there is personal and private use already, and that goes double for any health data that passes along it. Make sure you use a strong and unique password. Also change the name of your router so it doesn’t give away your address or identity. One more step is to check that your router is using an encryption method, like WPA2, which will keep your signal secure. You may also want to consider investing in an advanced internet router that has built-in protection, which can secure and monitor any device that connects to your network.
Similar to the above, another way you can further protect the health data you send over the internet is to use a virtual private network, or VPN. A VPN uses an encrypted connection to send and receive data, which shields it from prying eyes. A hacker attempting to eavesdrop on your session will effectively see a mish-mash of garbage data, which helps keep your health data secure.
One recent study found that 25% of U.S. homeowners with broadband internet expect to purchase a new connected consumer health or fitness device within the next year. Just be sure yours is secure. Read up on reviews and comments about the devices you’re interested in, along with news articles about their manufacturers. See what their track record is on security, such as if they’ve exposed data or otherwise left their users open to attack.
Bottom line, when we speak of connected healthcare, we’re ultimately speaking about one of the most personal things you own: your health data. That’s what’s being collected. And that’s what’s being transmitted by your home network. Take these extra measures to protect your devices, data, and yourself as you enjoy the benefits of the connected care you bring into your life and home.
The post Seven Tips for Protecting Your Internet-Connected Healthcare Devices appeared first on McAfee Blog.
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.
Imagine it’s 20 years ago and someone at a dinner party predicts that one day you could pop down to the appliance store and buy an internet-connected fridge. Your year 2000 self might have shook that off and then then asked, “Why would someone ever do that?”
Yet here we are.
Today, so much is getting connected. Our appliances, security systems, and even our coffeemakers too. So far this month, we’ve talked about protecting these connected things and securing these new digital frontiers as Internet of Things (IoT) devices transform not only our homes, but businesses and communities as well.
To wrap up Cybersecurity Awareness Month, let’s take a look ahead at how the next wave of connected devices could take shape by taking a look at the network that billions of them will find themselves on: 5G networks.
You’ve no doubt seen plenty of commercials from the big mobile carriers as they tout the rollout of their new, more powerful 5G networks. And more powerful they are. For starters, 5G is expected to operate roughly 10 times faster than the 4G LTE networks many of us enjoy now—with the potential to get yet faster than that over time.
While mention of faster speeds continues to be the top selling point in ads and the like, 5G offers another pair of big benefits: greater bandwidth and lower latency. Taken together, that means 5G networks can host more devices than before and with a near-instantaneous response time.
The implication of these advances is that billions and billions of new devices will connect to mobile networks directly, at terrific speeds, rather than to Wi-Fi networks. Of those, many billions will be IoT devices. And that means more than just phones.
What will those devices look like?
One answer is plenty more of what we’re already starting to see today—such as commercial and industrial devices that track fleet vehicles, open locks on tractor trailer deliveries based on location, monitor heating and air conditioning systems, oversee supply chains. We’ll also see more devices that manage traffic, meter utilities, and connect devices used in healthcare, energy, and agriculture. That’s in addition to the ones we’ll own ourselves, like wearables and even IoT tech in our cars.
All together, we’ll add about 15 billion new IoT devices to the 26 billion IoT devices already in play today for a total of an expected 41 billion IoT devices in 2025.
Citing those examples of IoT applications underscores the critical need for safety and security in the new 5G networks. This is a network we will count on in numerous ways. Businesses will trust their operations to the IoT devices that operate on it. Cities will run their infrastructure on 5G IoT devices. And we, as people, will use 5G networks for everything from entertainment to healthcare. Not only will IoT devices themselves need protection, yet the networks will need to be hardened for protection as well. And you can be certain that increased network security, and security in general, is a part of our future forecast.
The GSMA, an industry group representing more than 750 operators in the mobile space, calls out the inherent need for security for 5G networks in their 5G Reference Guide for Operators. In their words, “New threats will be developed as attackers are provided live service environment to develop their techniques. 5G is the first generation that recognizes this threat and has security at its foundation.” When you consider the multitude of devices and the multitude of applications that will find their way onto 5G, a “square one” emphasis on security makes absolute sense. It’s a must.
While standards and architectures are taking shape and in their first stages of implementation, we can expect operators to put even more stringent defenses in place, like improved encryption, ways of authenticating devices to ensure they’re not malicious, creating secure “slices” of the network, and more, which can all improve security.
Another consideration for security beyond the oncoming flood of emerging devices and services that’ll find their way onto 5G networks is the sheer volume of traffic and data they’ll generate. One estimate puts that figure of 5G traffic at 79.4 zettabytes (ZB) of data in 2025. (What’s a zettabyte? Imagine a 10 followed by 21 zeroes.) This will call for an evolution in security that makes further use of machine learning and AI to curb a similarly increased volume of threats—with technologies much like you see in our McAfee security products today.
“Siri/Alexa/Cortana/Google, play Neko Case I Wish I Was the Moon.”
We’ve all gotten increasingly comfy with the idea of connected devices in our homes, like our smart assistants. Just in 2018, Juniper Research estimated that there’d be some 8 billion digital voice assistants globally by 2023, thanks in large part to things like smart TVs and other devices for the home. Expect to see more IoT devices like those available for use in and around your house.
What shape and form might they take? Aside from the voice-activated variety, plenty of IoT devices will help us automate our homes more and more. For example, you might have smart sensors in your garden that can tell when your tomatoes are thirsty and activate your soaker hoses for a drink—or other smart sensors placed near your water heater that will text you when they detect a leak.
Beyond that, we’re already purchasing connected lights and smart thermostats, yet how about connecting these things all together to create presets for your home? Imagine a setting called “Movie Night,” where just a simple voice command draws the shades, lowers the lights, turns on the gas fireplace, and fires up the popcorn maker. All you need to do is get your slippers.
Next, add in a degree of household AI, which can learn your preferences and habits. Aspects of your home may run themselves and predict things for you, like the fact that you like your coffee piping hot at 5:30am on Tuesdays. Your connected coffeemaker will have it ready for you.
These scenarios were once purely of the George Jetson variety (remember him?), yet more and more people will get to indulge in these comforts and conveniences as the technology becomes more pervasive and affordable.
One point of consideration with any emerging technology like the IoT on 5G is access.
This year drove home a hard reality: access to high-speed internet, whether via mobile device or a home network is no longer a luxury. It’s a utility. Like running water. We need it to work. We need it to study. We need it to bank, shop, and simply get things done.
Yet people in underserved and rural communities in the U.S. still have no access to broadband internet in their homes. Nearly 6 in 10 of U.S. parents with lower incomes say their child may face digital obstacles in schoolwork because of reduced access to devices and quality internet service. And I’ve heard anecdotes from educators about kids taking classes online who have to pull into their school’s parking lot to get proper Wi-Fi, simply because they don’t have a quality connection at home.
The point is this: as these IoT innovations continue to knit their way into our lives and the way the world works, we can’t forget that there’s still a digital divide that will take years of effort, investment, and development before that gap gets closed. And I see us closing that gap in partnership, as people and communities, businesses and governments, all stand to benefit when access to technology increases.
So as we look to the future, my hope is that we all come to see high-speed internet connections for what they are—an absolute essential—and take the steps needed to deliver on it. That’s an advance I’d truly embrace.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 5G and the IoT: A Look Ahead at What’s Next for Your Home and Community appeared first on McAfee Blogs.
Where would we be without our internet this year?
We’ve shopped, worked, studied and taught, job hunted, and cared for each other online this year in ways we haven’t before—not to mention entertained ourselves plenty too. As so many of us have faced challenges and outright adversity this year, it’s difficult to imagine what this year would have been like without the support of a reliable broadband internet connection. So much so, you can argue that it’s become a necessity.
For that, I’m thankful—and recognize that we have a long way to go before all of us can share in those same thanks. As I’ve mentioned in earlier blogs, fixed broadband internet access at home remains elusive for many. In the U.S. alone, one analysis shows that more than 150 million people do not use the internet at broadband speeds, which is practically half of the U.S. population.
A good question to ask here is what exactly constitutes “broadband?” The Federal Communications Commission (FCC) defines broadband speeds as 25 Megabits per second (Mbps) of download speed and 3 Mbps of upload speed. (Note that the FCC estimates only 21 million people in the U.S. are without broadband, a number widely considered to be low.)
Put in everyday terms, 25 Megabits per second of download speed is baseline figure that should provide a family of two to four people with enough capacity to engage in bandwidth-hungry activities like working from home, schooling online, or even receiving medical care through telemedicine, along with streaming to stay entertained and informed too.
As we look at that figure of 150 million underserved people, we see people who live in remote areas that simply aren’t wired for broadband yet, representing millions of rural residents and people living on tribal lands. Additionally, it also includes people in urban areas who potentially have access to a broadband connection, yet their income levels impact their ability to subscribe to it.
Obviously, a major hurdle in rolling out broadband nationwide is the 1.9 billion acres that makes up our country. The physical, technological, and financial efforts associated with building fixed broadband access across rural and remote terrain are substantial to say the least. Additionally, there are regulatory matters as well, like the rules that govern access to existing utility poles and conduits needed for broadband deployment.
Ultimately, we’re talking about connecting not just homes, but entire communities—people, businesses, libraries, granges, local government, and more. Getting them access to broadband isn’t just a commercial interest, it’s a matter of infrastructure as well. Just as water and electricity are utilities, we can argue that the internet, broadband internet, has long since evolved into a utility. The reasons are clear: education, economic growth, employment and even access to healthcare all stand to improve when broadband is available to a community, as has been seen in communities such as Chattanooga, Tennessee and in Delta County, Colorado. Thus it makes sense that connecting them has become a joint endeavor by the public and private sector.
Meanwhile, last summer, the lack of adequate broadband across Nebraska during the pandemic prompted the state’s governor and legislature to allocate pandemic relief funds and pass bills that would speed the deployment of broadband across the state. As reported by the Omaha World-Herald, one of Nebraska’s rural power district managers said of fixed broadband service, “It goes beyond economic development, it goes beyond watching Netflix, there’s some real business implications here.”
However, even in communities where broadband is physically available, pockets of low-speed connectivity exist as well. According to the Pew Research Center, only 53 percent of adults with an income under $30,000 had broadband access at home. For those with an income of between $30,000 and $100,000, that figure takes a major leap up to 81%. Instead, lower-income Americans turn to their smartphones for all their internet access. From the findings:
“As of early 2019, 26% of adults living in households earning less than $30,000 a year are “smartphone-dependent” internet users–meaning they own a smartphone but do not have broadband internet at home. In contrast, only 5% of those living in households earning $100,000 or more fall into this category in 2019.”
What does a smartphone-only internet life might look like? Pew Research Center put that into perspective in a survey where respondents were asked about job hunting on the internet. Some 32% of people with a reported household income of under $30,000 said that they submitted a job application by phone. For those households making more than $75,000, that figure was just 7%. (Cost is certainly a factor, yet it is encouraging to see that the reported average cost of broadband in the U.S. is dropping—down to $50 a month from just over $67 a month a year ago.)
That’s just one example of a smartphone-only internet, yet you can imagine how difficult it must be to create a resume, complete schoolwork, or work remotely when your internet experience is limited to the small screen of a phone. Contrast that with this year’s need to work and study at home. A low-income household that’s dependent on smartphones misses out. Their internet is a less useful and less productive internet experience. They simply can’t work, learn, and train at home like fully connected households can.
My hope in sharing this issue with you is so that we can all gain a bit of perspective. Far fewer people have access to a broadband internet experience than we might initially think, which results in a lack of connectivity that stunts the benefits and opportunities they and their communities can realize.
Granted, the solution for increasing broadband access largely rests with state-level broadband offices, budgeting and legislation at the federal government level, along with public partnerships and interest groups who are all pushing for improved broadband access. (And, in the states which allow it, municipal broadband solutions.) However, as individuals, we can let this reality shape some of our decision-making on a local level.
When library funding measures come up for approval in your community, consider giving them your “yes” vote, as they may present an opportunity to fund library locations and services where people can access free broadband. Likewise, give school levies your consideration, they may help get a computer in the hands of a student who doesn’t have one. (An 11% increase in PC, Mac, and Chromebook sales this year was largely driven by the education market, which needed to supply computers for in-home learning.) These are just a couple of ways that we can “think global, act local” and help others get access to a full broadband internet experience.
So as Thanksgiving approaches, let’s indeed say thanks for the connectivity and internet experience so many of us enjoy—and how vital that was this year. Likewise, let’s remember that our country and the communities within it still have a way to go before the overwhelming majority of us can benefit from that same experience—so that they can enjoy and be thankful for it too.
Stay Updated
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Thankful for broadband internet, and hopeful for much more appeared first on McAfee Blogs.
And just like that, the holiday shopping season is among us! Like consumers everywhere, you may be trying to plan ahead when it comes to picking out gifts for your friends and family, scouring far and wide to cross items off your list. This year, however, will likely be different than past holiday shopping seasons.
While more than 124 million consumers shopped in-store during the 2019 holiday shopping weekend, findings from McAfee’s 2020 Holiday Season: State of Today’s Digital e-Shopper survey revealed that consumers plan to do more shopping online – and earlier – this holiday season. But how will this increase in online activity impact users’ digital lives?
Let’s explore what this online shopping trend means for consumer security this holiday shopping season.
The onset of the global health emergency caused users everywhere to live, work, play, and buy through their devices – maybe more than ever before. McAfee’s survey shows that general shopping activity has increased, with 49% of respondents stating they are buying online more since the onset of COVID-19. As one could predict, researchers expect these online shopping habits to bleed into the holiday shopping season. In fact, 36% of Americans note that they plan on using digital links to give gifts and spread cheer this year. However, this increase in online activity doesn’t exactly mean an increase in online safety.
Hackers love to take advantage of online trends, so it’s no surprise that they see an increase in online activity as more opportunities to spread threats. In fact, McAfee Labs observed an almost 12% increase in online threats per minute in Q2 2020 compared to the previous quarter.
Increased online activity serves as the perfect opportunity for hackers to interrupt consumers’ merriment and spread malicious misdeeds. And 36% of consumers noted that their online buying habits will increase this holiday season, even though they are aware of cyber risks. This lack of concern is troublesome, especially as hackers get stealthier in how they scam consumers. Take Black Friday and Cyber Monday discounts, for example. Forty-three percent of survey respondents admitted to not checking the authenticity of these so-called deals when going through their emails and text messages. By not taking proper security precautions, users potentially open themselves up to a blizzard of cyberthreats.
While these survey results confirm that cyber-grinches are using their tricks to interrupt the merriment, that doesn’t mean consumers can’t still have a holly, jolly shopping experience. By taking the necessary steps to protect themselves – and their loved ones – this holiday season, consumers can continue to live their digital lives with confidence. To help ensure hackers don’t put a damper on your festive celebrations, follow these security tips:
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification. This reduces the risk of successful impersonation by hackers.
Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify a Black Friday or Cyber Monday offer or track a package’s shipment.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
Hackers often use consumers’ personally identifiable information to make fraudulent purchases – a trick that would certainly interrupt a holiday shopping spree. A solution like McAfee Identity Theft Protection takes a proactive approach to help protect identities with personal and financial monitoring and recovery tools to help keep identities personal and secure.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post ‘Sleigh’ Holiday Shopping by Protecting Your Online Security appeared first on McAfee Blogs.
Free VPNs May Still Come with a Price
If we’re being honest, many of us are consuming a lot of online content these days, whether it be for work, education, or sheer entertainment. I know my family is trying to balance what we need to do online, like meetings and classes, with fun activities like streaming movies, given that we are all spending more time safely at home.
But as a security professional what I’m really concerned about is how we are connecting to all this digital content. There has been a surge in VPN (virtual private network) downloads so far this year, showing that users are concerned about their online privacy, which is a good thing.
As you may know, a personal VPN is simply a piece of software that can establish a secure tunnel over the internet, offering you both privacy and freedom from IP-based tracking. It protects your identity and financial information by encrypting, or scrambling, the data that flows through the tunnel, and can mask your true location, making it appear as though you are connecting from somewhere else.
However, the myriad of VPN options—from free, to paid, to “freemium” (limited products offered on a trial basis for free, hoping customers will invest in more comprehensive, paid versions)—can be confusing and cause some customers to walk away unprotected. This is unfortunate, because here at McAfee we’ve recorded a growing number of network attacks, including targeted attacks against a variety of business and educational enterprises.
These threats mean that we need to do our best to ensure that our sensitive information stays safe, which is why I’d like to take a look at the difference between free VPNs and premium VPNs.
Sometimes a VPN is included in more robust security software, as it is in McAfee® Total Protection, but often it is a standalone tool, that is offered either at a monthly subscription rate, or for free. While it may be tempting to go for a free option, there are some serious considerations that you should take to heart.
Since free VPNs are not making money directly from their users, many make revenue indirectly, through advertising. This means that not only are users bombarded with ads, they are also exposed to tracking, and potentially malware. In fact, one study of 283 free VPN providers found that 72% included trackers. This is not that surprising, given that advertisers depend on gathering your personal data to better target their ads.
But beyond the frustration of ads, slowness, and upgrade prompts is the fact that some free VPN tools include malware that can put your sensitive information at risk. The same study found that 38% of the free VPN applications in the Google Play Store were found to have malware, such as keyloggers, and some even stole the data off of users’ devices.
Also concerning is how these free providers handle your data. In one worrying incident, a VPN provider exposed thousands of user logs and API access records openly on the web, including passwords and identity information.
VPNs are critical tools for enhancing our privacy and shouldn’t be an avenue for potentially opening the door to new risks. That’s why I always advise users to look for a paid VPN with the following features:
Unlimited Bandwidth —You want your network connection to stay secured no matter how much time you spend online.
Speedy Performance—We all know how frustrating a sluggish internet connection can be when you are trying to get things done. Whether connecting for productivity, education, or entertainment, we are all dependent on bandwidth. That’s why it’s important to choose a high-speed VPN that enhances your privacy, without sacrificing the quality of your connection.
Multiple Device Protection—These days many of us toggle between mobile devices, laptops, and computers, so they should all be able to connect securely.
Less Battery Drain—Some free mobile VPNs zap your battery life, making users less likely to stay protected. You shouldn’t have to choose between your battery life and safeguarding your privacy.
Ease of Use— As I’ve written recently, for technology to really work it has to be convenient. After all, these technologies should power your connected life, not serve as a hindrance.
Fortunately, we don’t have to sacrifice convenience, or pay high prices, for a VPN that can offer a high level of privacy and protection. A comprehensive security suite like McAfee Total Protection includes our McAfee® Safe Connect standalone VPN with auto-renewal and takes the worry out of connecting, so you can focus on what’s important to you and your family, and enjoy quality time together.
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Free VPNs May Still Come with a Price appeared first on McAfee Blogs.
You wake up, log in to your Outlook, and find an email waiting in your inbox from support@irs.gov. Much to your confusion, the email claims that you have an outstanding account balance that you must pay immediately, or you will face legal charges.
As it turns out, you’re not the only one to receive this message. According to Bleeping Computer, a phishing campaign was recently discovered impersonating the IRS, with 70,000 spoofed emails reaching users’ inboxes. Let’s unpack how this scheme works.
This scam targets Microsoft 365 users and threatens to press legal charges unless the recipient settles an outstanding account balance. And while some of the telltale signs of a phishing scam are grammar errors and misspellings throughout the body and address of the email, this threat is a little more sophisticated. To make this threat appear more credible, scammers use the email support@irs.gov, causing recipients to believe that the email actually did originate from the IRS. The email also appears to have no spelling errors at first glance, further increasing its legitimacy to an unsuspecting user.
This scam is not foolproof, however. Upon further investigation, a recipient would see that the email’s header reveals the real sending domain: shoesbagsall.com. What’s more, the reply-to field redirects the replies to legal.cc@outlook.com instead of the IRS support mailing address.
To further entice users into falling for this scheme, scammers threaten arrest or other legal charges and tell recipients that they will forward the emails to their employer to withhold the fake outstanding amounts from their wages. Additionally, the emails also instruct the targets to immediately reply with payment details to avoid having their credit affected.
The best way to stay protected from phishing scams? Knowing how to spot them! Follow these security tips and best practices to prevent falling for fraudsters’ tricks:
Be skeptical of emails or text messages claiming to be from organizations with peculiar asks or information that seems too good to be true. Instead of clicking on a link within the email or text, it’s best to go straight to the organization’s website or contact customer service.
If you receive an email or text asking you to download software or pay a certain amount of money, don’t click on anything within the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
If you accidentally respond to a phishing email with your personal data, change the passwords to any accounts you suspect may have been impacted. Make sure your new credentials are strong and unique from your other logins. For tips on how to create a more secure password, read our blog on common password habits and how to safeguard your accounts.
A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 70,000 Phishing Emails Sent Impersonating the IRS: How to Stay Protected appeared first on McAfee Blogs.
This year has thrown a lot of challenges at us, and our digital lives were not immune. As millions of people around the world suddenly switched to working and learning online from home during the pandemic, digital threats spiked, making security and performance essential.
At McAfee, we are hyperaware of what our users are going through this year, with changes to their work, school, and lifestyles. At the same time, we are keeping our eyes on the threats aimed at taking advantage of the situation.
For example, we know that publicly disclosed security breaches increased by 41% in the first quarter of 2020 compared to the previous quarter. And, COVID-related threats are also on the rise. But with everything going on, it’s easy to see how technology users can become overwhelmed. That means that security not only has to protect against a wide range of threats, but also be seamless.
While you’ve been busy keeping up with all the changes this year has brought, we have been working on providing comprehensive security that protects you from existing and emerging threats so you can have peace of mind. In fact, Austria-based AV-Comparatives recently gave McAfee® Total Protection their highest three-star, “Advanced +” rating for malware protection measured against 16 competitors, and the German anti-malware test lab AV-Test awarded McAfee Total Protection with the TOP Product rating because of its 100% protection scores.
AV-Test also gave McAfee Mobile Security for Android its highest rating in terms of protection, performance, and usability against 14 competitors.
These labs also test for “false positives.” False positives happen when antivirus software identifies legitimate files or processes as malware by mistake. In recent tests, our products have also scored well when it comes to avoiding false positives. AV-Test showed that McAfee Total Protection and McAfee Mobile Security flagged zero false positives during testing.
Both of these independent antivirus testing organizations specifically look for how well security products protect their users against various threats, which is critically important given today’s threat landscape.
One of the key ways we keep on top of threats is through continuous product development. We don’t stop working on our software tools just because they are released to the public. Our products are continuously updated with new features and enhancements when they become available because security isn’t static. Regardless of if you bought your product in 2019 or early 2020, we make sure that you have the latest protection installed through automatic product updates.
Underscoring our dedication to continual product improvement, U.K.-based SE Labs recently named McAfee the 2020 winner for “Best Product Development.”
SE Labs’s slogan is “testing like hackers” because it evaluates a product’s effectiveness at various stages of attacks, from malicious emails and keystroke loggers, to full-on network attacks and system harm. All of these assessments are important to ensure that we can protect our users in real-world settings.
I’ve written before about how security software has to be convenient, and not get in the way of our productivity. Given the climate, it’s more important than ever that we offer comprehensive security tools that are lightweight and easy to manage.
For instance, I know how important these days are for my kids to meet with their teachers in online classes. If our security software was taking up so much of our computer’s resources that it kept them from being able to stream video while taking notes, it wouldn’t just be frustrating, but detrimental.
McAfee has consistently received some of the best scores in performance tests, while having a minimal impact on users’ systems. Just this month, AV-Comparatives awarded McAfee Total Protection the highest possible ADVANCED+ rating yet again, for the ninth time in a row!
This is great news for us, but even more important for our users since it shows that they do not have to sacrifice protection or performance, whether on their computers or mobile devices.
Of course, we know the threat landscape is continuously evolving, and we need to evolve with it.
By offering you tools that can guard against the latest risks while allowing you to be productive and connect with family and friends, we hope to be a strong ally in your digital life. It’s great to see that these three independent testing organizations recognize our accomplishments so far in protection efficacy and performance. We promise to keep it up so you can live a carefree digital life.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Putting Protection to The Test appeared first on McAfee Blogs.
And just like that, the holidays are here! That means it’s time to grab your devices and credit cards for some online holiday shopping. But while you plan to share the merry and shop for gifts, criminals are preparing some not-so-festive tricks of their own.
Let’s unwrap the top four phishing scams that users should beware of while making online purchases this week and through the rest of the year. Remember, there’s still time to shop for cybersecurity protection this holiday season.
It might surprise you to see that a tactic as old as email phishing is still so widely used today. Well, that’s because many people still fall for email phishing scams, as the criminals behind these attacks up the ante every year to make these threats more sophisticated.
Scammers also tend to take advantage of current events to trick unsuspecting consumers into falling for their tricks. Take earlier this year, for example, when many users received phishing emails claiming to be from a government entity regarding financial support due to the global health emergency. Cybercriminals will likely use similar, timely tactics leading up to the holidays, posing as famous retailers and promising fake discounts in the hope that a consumer will divulge their credit card details or click on a malicious link.
Like email phishing, spear phishing has been around for quite some time. With spear phishing attacks, hackers pretend to be an organization or individual that you’re familiar with and include a piece of content—a link, an email attachment, etc.—that they know you’ll want to interact with. For example, cybercriminals might claim to be charitable organizations asking for donations, knowing that many families like to donate during the holidays. The email might even include the recipient’s personal details to make it seem more convincing. But instead of making a generous contribution, users find that they infected their own system with malware by clicking on the fraudulent link.
No, that’s not the sound of Santa coming down the chimney – it’s the sound of voice phishing! “Vishing” attacks can be highly deceiving, as hackers will call a user and trick them into giving up their credentials or sharing other personal information. For example, a scammer could call an individual telling them that they won a large amount of cash as part of a holiday contest. Overjoyed with the thought of winning this so-called contest, the user may hand over their bank information to the criminal on the other end of the phone. But instead of receiving a direct deposit, all they find is that their banking credentials were used to make a fraudulent purchase.
SMS phishing, or “SMiShing,” is another threat users should watch out for this holiday season. This tactic uses misleading text messages claiming to come from a trusted person or organization to trick recipients into taking a certain action that gives the attacker exploitable information or access to their mobile device.
Due to the current global health emergency and the desire to do more digitally, consumers will likely rely on online shopping this holiday season. To take advantage of this trend, scammers will probably send fraudulent text messages disguised as online retailers. These messages will likely contain fake tracking links, shipping notices, and order confirmations. But if an unsuspecting user clicks on one of these links, they will be directed to a fake website prompting them to enter their credentials for the attackers to further exploit.
To prevent cybercriminals from messing with the festive spirit via phishing schemes, follow these tips so you can continue to make merry during the holiday shopping season:
If you receive an email, call, or text asking you to download software or pay a certain amount of money, don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify a holiday shopping offer or track a package’s shipment.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
The post Top Phishing Lures to Look Out for This Holiday Season appeared first on McAfee Blog.
Whether you’re working, banking, shopping, or just streaming a few shows online, these quick tips will make sure you’re more secure from hacks, attacks, and prying eyes.
Start with the basics: get strong protection for your computers and laptops. And that means more than basic antivirus. Using a comprehensive suite of security software like McAfee® Total Protection can help defend your entire family from the latest threats and malware, make it safer to browse, help steer you clear of potential fraud, and look out for your privacy too.
Aside from using it for calls and texting, we use our smartphones for plenty of things. We’re sending money with payment apps. We’re doing our banking. And we’re using them as a “universal remote control” to do things like set the alarm, turn our lights on and off, and even see who’s at the front door. Whether you’re an Android owner or iOS owner, get security software installed on your smartphones and tablets so you can protect all the things they access and control.
Get a fresh start with strong, unique passwords for all your accounts using a strong method of password creation. And keep those passwords safe—don’t store them in an unprotected file on your computer, which can be subject to a hack or data loss. Better yet, instead of keeping them on a notebook or on sticky notes, consider using a password manager. It can actually create strong passwords for you, store them as you create them, and automatically use them as you surf, shop, and bank.
Make sure you have the latest software updates for your computers, laptops, phones, tablets, and apps, and internet of things (IoT) devices like camera and alarm systems. Updates are important for two reasons: one, they’ll make sure you’re getting the latest functionality from your app or device; and two, they often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest.
Hackers love playing the role of imposters to get a hold of sensitive info and account logins—because it’s often so effective. If you get what appears to be a suspicious request from a recruiter, co-worker, vendor, friend, or family member, verify the message with that person directly before opening or responding. Remember that an employer will never request sensitive information such as social security numbers or bank routing numbers over email or text.
When searching, give the results a good look before clicking. Ask yourself if the website you want to click is legitimate—are there any red flags, like a strange URL, an unfamiliar name, a familiar brand name with an unusual addition to it, or a description that simply doesn’t feel right when you read it. If so, don’t click. They could be malware sites. Better yet, use a built-in browser advisor that helps you search and surf safely. It’ll call out any known or suspected bad links clearly before you click.
To ensure that only invited attendees can access your video or audio conference call, make sure your meeting is password protected. For maximum safety, activate passwords for new meetings, instant meetings, personal meetings, and people joining by phone. To keep users (either welcome or unwelcome) from taking control of your screen while you’re video conferencing, select the option to block everyone except the host (you) from screen sharing.
If you receive an email asking to confirm your login credentials or that’s asking for any personal info, go directly to the company’s website or app—even if the email looks legitimate. Phishing attacks are getting more and more sophisticated, meaning that hackers are getting pretty good at making phishing emails look real. Don’t open any attachments or click any links in these emails. Instead, check the status of your account at the site or in your app to determine the legitimacy of the request.
Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to make sure that we’re logging in we really are who we say we are. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own, like your mobile phone. Thus when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.
Another line of defense you can use to hamper hackers is a virtual private network (VPN), which allows you to send and receive data while encrypting your information so others can’t read it. When your data traffic is scrambled that way, it’s shielded from prying eyes, which helps protect your network and the devices you have connected to it. If you’re working from home, check with your employer to see if they have a corporate VPN that you can use.
Stay even more secure with these free resources
Find out plenty more about working and schooling from home, health and well-being, in addition to articles on healthcare and dating online too. Drop by McAfee’s Safer Together site for a wealth of free articles and resources.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Top Ten Tips for Protecting Your Identity, Finances, and Security Online appeared first on McAfee Blogs.
Every few weeks, there seems to be breaking news about large-scale data breaches that affect millions – but what about the lesser-known threats that lurk quietly in the shadows? Oftentimes, these are the scams that could wreak havoc on our day-to-day digital lives.
Adrozek malware is just that: a new strain that affects web browsers, stealthily stealing credentials through “drive-by downloads,” or a download that happens without your knowledge.
Let’s unpack how this malware works, who it targets, and what we can do to protect our browsers from this sneaky threat.
According to Threatpost, Adrozek is infecting several web browsers (including Google Chrome, Microsoft Edge, Mozilla Firefox, and Yandex) on Windows machines with the help of a browser modifier that hijacks search results. To find its way onto our devices, the malware uses “drive-by downloads” once you load one of its several malicious web pages. In fact, a huge, global infrastructure supports Adrozek – one that is made up of 159 unique domain names, each hosting an average of 17,300 unique URLs, which in turn hosts more than 15,300 unique malware samples.
Once it makes its way onto your machine, the malware changes the device’s browser settings to allow Adrozek to insert fake ads over real ones. If you do happen to click on one of these fraudulent ads, the scammers behind this threat earn affiliate advertising dollars for each user they deceive. This not only takes money away from advertisers who are unaware that malware is increasing their traffic, but it also pays cybercriminals for their crimes. What’s more, the malware extracts data from the infected device and sends it to a remote server for future exploitation. In some cases, it even steals saved passwords from Firefox. These features allow the cybercriminals behind Adrozek to capitalize on the initial threat by collecting data that could be used against everyday users like you and me when we least expect it.
Aside from being supported by a vast infrastructure, Adrozek is powerful for another reason: it’s difficult to spot. Adrozek is a type of polymorphic malware, or malware that is programmed to constantly shift and change its code to avoid detection. As a result, it can be tricky to find and root out once it’s infected your browser.
To help protect your devices from falling victim to the latest theats, follow these tips to help protect your online security:
Software developers are actively working to identify and address security issues. Frequently update your browsers, operating systems, and apps so that they have the latest fixes and security protections.
Because Adrozek actively steals saved passwords from Firefox, it’s crucial to practice good password hygiene. When updating your credentials, you should always ensure that your password is strong and unique. Many users utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials.
You can typically get rid of browser-hijacking malware by resetting the browser. But because Adrozek will hide itself on your device, extra measures should be taken to get rid of it. If you suspect that Adrozek may have found its way onto your device, delete your browsers, run a malware scan, and reboot your device. Run the malware scan a second time and reinstall your browsers.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Adrozek Malware is Wreaking Havoc on Web Browsers: How to Stay Protected appeared first on McAfee Blogs.
Like many of you, I spent a lot of time at home this year, but it came with an unexpected upside: an excuse to upgrade all my home tech! With so many great new products on the market, from 5G devices to smart TVs, cameras, and more, there’s a lot to choose from this holiday season, and into the New Year.
In fact, the smart home market is set to grow by nearly 12% over the next five years, to $135 billion, so I’m sure even more devices are coming. But for now, here are the devices on my wish list, and how to protect them once they’re unboxed.
Smart Thermostats—These have been around for a while, but the newest additions include features that keep your home comfortable, and eco-friendly, by giving you greater control over your energy use. Some thermostats can detect your habits, and heat or cool different areas of your home, depending on which rooms you are using. And others now connect to smart speakers, allowing you to stream your favorite music and podcasts, or receive calendar alerts.
Bluetooth Speakers—Speaking of high-tech speakers, this category has taken off in recent years, but now there are more options for different types of users. While some people like the voice command features that turn their speakers into personal assistants, other users just want portable speakers with great sound quality and a sleek style. Now you can find a variety of different designs, sizes, and price points.
Smart TVs—With the explosion of streaming content services, and the demand for more in-home entertainment during the pandemic, smart TVs have become a must-have item for many. The latest offer 4K streaming video, which gives you higher resolution, although you need to stream 4K content to get the benefit. It may be worth the investment for other new features, however, such as a faster user interface, and a built-in universal search engine that will allow you to easily locate a favorite movie, actor, or genre.
IP Cameras— Internet-connected cameras can be an affordable security option, and the latest versions offer extra surveillance with wide-angle lenses, night vision, and wireless options for outdoors. Some cameras even do motion tracking, and offer facial recognition, in case you want to know right away if the person on your property is a known entity or a stranger. Just keep in mind that to get the advanced features you usually need to sign up for a subscription service as well.
Gaming Router—As the father of two school-aged children, I know a lot of parents are wary of online gaming, but here’s why a gaming router may be a great gift, even if there are no hardcore gamers in the house. These routers aim to give you a more reliable internet connection, while allowing multiple devices to simultaneously receive data streams, which could be a game changer if your whole family is trying to work and learn online from home.
Some routers even offer Wi-Fi 6, which is a huge jump in potential speed to 9.6 Gbps from the current 3.5 Gbps. This also means that all the devices connected to your network could see a significant speed increase, but only if you have devices that can take advantage of it.
Here are a few more great holiday gifts ideas:
While the best smart home devices can certainly make your home more convenient, safe, and fun, they do open the door to some risk. You may have read about IP cameras being hacked, or other ways in which home networks are vulnerable to attacks. This is because most Internet of Things (IoT) devices come with little built-in security, making them an easy target for hackers.
Here’s how to secure both your network and your devices so you can enjoy them without worry.
By taking these precautions as soon as you unwrap your smart home devices, you’re setting yourself up for a fun, and safe, tech-filled New Year.
The post Best Smart Home Devices for a Connected New Year appeared first on McAfee Blogs.
No doubt, we have a lot to be hopeful for as we step into the New Year. We’ve adapted, survived, and learned to thrive under extraordinary circumstances. While faced with plenty of challenges, families successfully transitioned to working and learning from home like pros. So, as we set our intentions for 2021, we will need that same resolve to tackle growing cyber threats.
The good news: With a COVID-19 vaccine making its debut, we’re trusting there’s an end in sight to the pandemic of 2020, which may help curb a lot of our emotional as well as digital stressors.
The not-so-good-news: According to McAfee’s latest Quarterly Threat Report, pandemic-themed threats that began in 2020 will continue, specifically, phishing and malware scams targeting people working from home. According to the recent report, bad actors are especially taking advantage of the mass remote workforces.
According to Raj Samani, McAfee Fellow and Chief Scientist, “What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs, attacks on cloud users and capable threat actors leveraging the world’s thirst for more information on COVID-19 as an entry mechanism into systems across the globe.”
This report points inspires a few best practices for families as we launch a new year: Stay informed and keep talking about the threats and — as grandma might advise — dress in layers to protect against the elements (in this case, digital threats).
Safe Family Tips
• Use 2FA passwords. Regularly changing passwords and adding two-factor authentication (2FA) is proving to be the most effective way to thwart hackers. If you work from home, 2FA is a more secure way to access work applications. This password/username combo requires you to verify who you are with a personal device only you own puts an extra barrier between your data and a creative hacker.
• Use a VPN. If you travel or choose to work in a coffee shop, a Virtual Private Network (VPN) will give your family an encrypted channel that shields your online activity from hackers.
• Security software. If you’ve been cobbling your security plan together, consider one comprehensive security solution to help protect you from malware, phishing attacks, and viruses. Leading products such as McAfee Total protection will include safe browsing and a VPN.
The past year, while difficult, also gave us several gifts to carry into 2021. For families, it connected us with our resilience and creativity. It made us wiser, braver, and more ready for the challenges ahead, be they online or within the ebb and flow of everyday life. That’s something we can all celebrate.
The post 4 Ways to Help Your Family Combat Cyber Threats in the New Year appeared first on McAfee Blogs.
2020 was unexpectedly defined by a global pandemic. Throughout the year, we have all had to figure out how to best live our lives online – from working from home to distance learning to digitally connecting with loved ones. As 2020 comes to a close, we must ask: will this new normal continue into 2021, and how will it affect how we connect – both with each other and with our online world?
McAfee assessed the cybersecurity landscape as we head into the New Year, highlighting the key takeaways we should keep in mind to help protect our digital lives:
Home is a safe space – or is it? With more consumers living and working from home, we have seen an increase in connected devices within the home. In fact, since the onset of the coronavirus pandemic, McAfee Secure Home Platform device monitoring shows a 22% increase in the number of connected home devices globally and a 60% increase in the U.S. These trends are also carrying over into mobile shopping habits. Almost 80% of shoppers have found themselves using their IoT devices to make more purchases since the beginning of the pandemic. The evolving world of the connected lifestyle gives hackers more potential entry points to homes and consumers information- through devices, apps and web services- and in 2021, we will be monitoring how this trend evolves.
With more of us working remotely, distance learning, and seeking online entertainment, cybercriminals will look to exploit our vulnerabilities. For example, remote employees are more likely to use personal devices while working and log onto home networks that are not fully secured. What’s more, many of the systems behind consumer networks have not had their passwords changed from the default settings since it was first introduced into the home . If a criminal can use the default credentials to hack the consumer’s network infrastructure, they may also gain access to other network devices – whether they are used for school, work, or leisure.
Touchless solutions for payments are becoming more popular as we all navigate the curveballs of COVID-19. Mobile payment apps provide the convenience of both paying for services and receiving payments without the hazards of touching cases or credit and debit cards. However, fraudsters are also following the money to mobile, as research by RSA’s Fraud and Risk Intelligence team shows that 72% of cyber fraud activity involved mobile in the fourth quarter of 2019. McAfee predicts an increase in “receive”-based exploits in 2021, since they provide a quick and easily entry for fraudsters to scam unsuspicious consumers by combining phishing with payment URLs.
Imagine receiving an email stating that you’re receiving a refund for a concert that was canceled due to COVID-19. The email instructs you to click on the URL in the next message, fill in your bank information, and “accept the refund.” But instead of getting your money back, you find that you’ve handed over your financial data to scammers. As we continue to adopt mobile payment methods in 2021, it’s important to remember that hackers will likely take advantage of these convenient touchless systems.
With the pandemic, more industries have QR codes to make our lives easier- with Statista reporting that over 11 million US households are expected to scan QR codes by 2020. From restaurants to personal care salons to fitness studies, QR codes help limit direct contact with consumers – you easily scan the code, see services/items offered, and select and purchase your desired items. But do you stop and think about how this might be putting your personal data at risk? As it turns out, QR codes provide scammers with a new avenue for disguising themselves as legitimate businesses and spreading malicious links.
Scammers are quick to exploit popular or new technology for their malicious tricks, and QR codes are no different. In fact, McAfee predicts that hackers will find opportunities to use social engineering to gain access to our personal data in a single scan. Take restaurant owners looking to make QR codes that give us quick access to their menus. Knowing that these business owners are looking to download apps that generate QR codes, bad actors are predicted to entice them into downloading malicious apps that pretend to do the same.
But instead of generating a code, the app will steal the owner’s data, which scammers could then use to trick loyal diners like you and me. Once a hacker gains access to the restaurant’s customer database, they can use this information to launch phishing scams under the guise of our favorite local eateries.
To help ensure that you are one step ahead of cybercriminals in the upcoming year, make a resolution to adopt the following online security practices and help protect your digital life:
If you receive an email, call, or text asking you to download software, app, or pay a certain amount of money, do not click or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without clicking. This will allow you to see a link preview and check for any typos or grammatical errors – both of which are typical signs of a phishing link. If the URL looks suspicious, don’t interact with it and delete the message altogether.
When setting up a new IoT device, network, or online account, always change the default credentials to a password or passphrase that is strong and unique. Using different passwords or passphrases for each of your online accounts helps protect the majority of your data if one of your accounts becomes vulnerable.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Top Security Threats to Look Out for in 2021 appeared first on McAfee Blogs.
Typically, the International Consumer Electronics Show (CES) gives us a sense of where technology is going in the future. However, this year’s show was arguably more about technology catching up with how the COVID-19 pandemic has reshaped our lives. While gathering in person was not an option, we still had the opportunity to witness incredible technological feats virtually – primarily those meant to help us better adapt to the new normal.
From devices aimed at making the world more sanitary to new work-from-home solutions, here are some of the highlights from this year’s first ever virtual CES:
Every year, CES introduces a plethora of smart home devices aimed at making our lives easier. But now that our homes have expanded beyond where we live to function as a workplace and classroom, companies have developed new gadgets to improve our lives while we stay at home. In fact, the smart home market grew 6.7% from 2019 to 2020 to $88 billion and is expected to reach $246.42 billion by 2025.
This year, Kohler showed off voice control features for its sinks and other fixtures, so homeowners can turn on faucets without touching them. And while every CES is paved with an array of flashy new TVs, LG drummed up lots of excitement with its new 55-inch transparent TV that you can see through when it’s turned off.
From monitors to keyboards and Wi-Fi upgrades to charging stations, plenty of the gadgets coming out of this year’s show were designed to improve the remote work experience. Take Dell’s UltraSharp 40-inch Curved Ultrawide U4021QW Monitor, for example. Ultrawide is the functional equivalent of two 4K monitors side-by-side, but without the seam. Belkin and Satechi also brought their latest charging stations to CES 2021 to improve the home office, allowing users to charge multiple devices at once. With so many companies creating innovative devices to make our work-from-home lives more manageable in the long run, it’s clear that remote work is likely here to stay.
CES 2021 also brought us a whole new lineup of technology designed to help us monitor our health at home. Fluo Labs debuted Flō, a device that stops your body from releasing histamines when pollen, dust, and other allergens enter your body. HD Medical also introduced HealthyU, a device smaller than a GoPro that includes a seven-lead ECG, a temperature sensor, a pulse oximeter, microphones to record heart and lung sounds, a heart rate monitor, and a blood pressure sensor. HealthyU is designed for people with heart issues to keep tabs on their health every day and send that information to their doctors remotely. Not only will these devices enable us to take better care of ourselves if we can’t physically go to a doctor’s office, but they will also enhance our awareness of ourselves and our loved ones.
In 2020, we became hyper-aware of germs and how they can easily spread – one of those ways being on digital devices. While disinfecting these surfaces with an alcohol solution can help, many look to taking a different approach to avoid germ-spreading: touchless technology.
While no one technology can win the battle against the virus, many companies are doing their part to promote a cleaner, healthier future. For example, Plott built a doorbell called the Ettie that can take people’s temperature before they’re allowed to enter. Another company, Alarm.com, created a Touchless Video Doorbell to cut down on the transmission of bacteria and viruses that we otherwise often leave on places we touch. Kohler also built a toilet that flushes with the wave of a hand. As we head further into 2021 and beyond, be on the lookout for more voice-activated and touchless devices to help slow the spread of germs and help us live our lives free from worry.
We’ve become more reliant on technology than ever before to stay connected with loved ones from afar, work from home without missing a beat, participate in distance learning, and find new forms of digital entertainment. But with this increase in time spent online comes a greater risk of cyberthreats, and we must stay vigilant when it comes to protecting our online safety. Hackers continue to adapt their techniques to take advantage of users spending more time online, so we must educate and protect ourselves and our devices from emerging threats. This way, we can continue to embrace new technologies, while we live our digital lives free from worry.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post CES 2021: Highlights From the “Cleanest” Show Yet! appeared first on McAfee Blogs.
A baby can leave their first footprints internet even before they’re born.
The fact is that children start creating an identity online before they even put a little pinky on a device, let alone come home for the first time. That “Hello, world!” moment can come much, much sooner. And it will come from you.
From posting baby’s ultrasound pic to sharing a video of the gender reveal celebration, these are the first digital footprints that your child will make. With your help, of course, because it’s you who’ll snap all those photos, capture all those videos, and share many of them on the internet. Yet even though you’re the one who took them, those digital footprints you’ve created belong to your child.
And that’s something for us to pause and consider during this wonderful (and challenging!) stretch of early parenthood. Just as we look out for our children’s well-being in every other aspect of their little lives, we must look out for their digital well-being too. Babies are entitled to privacy too. And their little digital lives need to be protected as well.
Babies lives are more connected than you might think. Above and beyond the social media posts we make to commemorate all their “firsts,” from first solid food to first steps, there’s digital information that’s associated with your child as well. Things like Social Security Numbers, medical records, and even financial records related to them all exist, all of which need to be protected just like we protect that same digital information as adults.
Likewise, there’s all manner of connected devices like Wi-Fi baby monitors, baby sleep monitors, even smart cribs that sense restlessness in your baby and then rocks and soothes those little cares away. Or how about a smart changing table that tracks the weight of your child over time? You and your baby may make use of those. And because all these things are connected, they have to be protected.
This is the first of two articles that takes a look at this topic, and we’ll start with a look at making good choice about purchasing “smart devices” and connected baby monitors—each pieces of technology that parents should investigate before bringing them into their home or nursery.
As a new parent, or as a parent who’s just added another tyke to the nest, you’ll know just how many products are designed for your baby—and then marketed toward your fears or concerns. Before buying such smart devices, read reviews and speak with your health care provider to get the facts.
For example, you can purchase connected monitors that track metrics like baby’s breathing, heart rate, and blood-oxygen levels while they sleep. While they’re often presented as a means of providing peace of mind, the question to ask is what that biometric information can really do for you. This is where your health care provider can come in, because if you have concerns about Sudden Infant Death Syndrome (SIDS), that’s a much larger conversation. Your provider can discuss the topic with you about and whether such a device is an effective measure for your child.
Another question to ask is what’s done with the biometric data that such devices monitor. Is it kept on your smartphone, or is it stored in the cloud by the device manufacturer? Is that storage secure? Is the data shared with any third parties? Who owns that data? Can you opt in or opt out of sharing it? Can you access and delete it as needed? Your baby’s biometrics are highly personal info and must be protected as such. Without clear-cut answers about how your baby’s data is handled, you should consider giving that device a hard pass.
How do you get those answers? This is another instance where you’ll have to roll up your sleeves and read the privacy policy associated with the device or service in question. And as it is with privacy policies, some are written far more clearly and concisely than others. The information is in there. You may have to dig for it. (Of note, there are instances where parents consented to the use of their data for the purposes of government research, such as this study published by the U.S. National Institutes of Health.)
Related, here’s the advice I share on every connected “smart” device out there, from baby-related items to smart refrigerators: before you purchase, read up on reviews and comments from other customers. Look for news articles about the device manufacturer too. The fact of the matter is that some smart device manufacturers are much better at baking security protocols into their devices than others, so investigate their track record to see if you can uncover any issues with their products or security practices. Information such as this can help you make an even more informed choice.
An online search for “hacked baby monitor” will quickly call up several unsettling stories about hackers tuning into Wi-Fi baby monitors—scanning the camera about the room at will and perhaps even speaking directly to the child. Often, this is because the default factory password has not been changed by the parents. And a “default password” may as well be “public password” because lists of default passwords for connected devices are freely available on the internet. In fact, researchers from Ben Gurion University looked at the basic security of off-the-shelf smart devices found that, “It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand.”
The three things you can do to prevent this from happening to your Wi-Fi baby monitor, along with other connected devices around your home, are:
What about “old-style” baby monitors that work on a radio frequency (RF) like a walkie-talkie does? Given that they’re not connected to the internet, there’s less risk involved. That’s because hacking into an RF monitor requires a per person to be in close physical proximity to the device and have access to the same broadcast frequency as your device—a far less likely proposition, yet a risk none the less. Some modern RF baby monitors even encrypt the radio signal, mitigating that much more risk.
Next up, we’ll take a closer look at baby’s privacy online. Yes, that’s a thing! And an important one at that, as taking charge of their privacy right now can protect them from cybercrime and harm as they get older.
Feel free to read on right here.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post The Connected Lives of Babies: Protecting First Footprints in the Digital World, Part 1 appeared first on McAfee Blogs.
Picture an infant with a credit card.
In her name. With a $10,000 limit.
Well, it happens. As recent as 2017, it was estimated that more than 1 million children in the U.S. were victims of identity theft. Of them, two-thirds were under the age of seven, and the total losses connected to all this fraud weighed in $2.6 billion dollars.
As I mentioned in part one of our article on the connected lives of babies, babies can make their first digital footprints before they’re even born. What’s more, the moment a child enters this world along with a unique ID like a Social Security Number, they become a tempting target for cybercriminals. The reason is this: babies and very young children are effectively a blank slate, upon which crooks can write their own illicit history of fraud. And it can be years before you or your child find out, long after the damage to their credit has been done.
So, let’s pick up where we left off in part one by taking a close look baby’s privacy and how you can protect it.
There’s rightfully a great deal of conversation out there about the things we can do to protect our identity from theft. What’s talked about less often is protecting children from identity theft. In fact, little ones are high-value targets for cybercriminals is because we typically don’t run credit reports on children. In this way, a crook with the Social Security Number of a child in the U.S. can open all manner of credit and accounts and go undetected for years until that child attempts to rent an apartment or open his or her first credit card.
To protect your family from this kind of identity theft, the major credit reporting agencies suggest the following:
I. Check your child’s credit regularly. If your child indeed has a credit report against their name, there’s a strong chance that their identity has been stolen. You can work directly with the credit reporting agency to begin resolving the issue. If there is theft, file a report with the appropriate law enforcement agency. You’ll want a record of this as you dispute any false records.
II. Freeze your child’s credit. A freeze will prevent access to your child’s report and thus prevent any illicit activity. In the U.S., you’ll need to create a separate freeze with each of the three major credit reporting agencies (Equifax, Experian, and TransUnion). It’s free to do so, yet you’ll have to do a little legwork to prove that you’re indeed the child’s parent or guardian.
III. Secure your documents and keep personal info close to the vest. Along with things like a passport, insurance cards, and birth certificates, store these items in a safe location when you’re not actively using them. That goes extra for Social Security cards. Likewise, doctor’s offices often ask patients for their Social Security Number, which typically helps with their billing. See if they can accept an alternative form of ID, use just the last four digits, or simply forgo it altogether.
Getting your kiddo a website is probably low on your list of priorities, yet it’s a sound move to consider. Here’s why: it carves out a piece of digital real estate that’s theirs and theirs alone.
Whether you opt for a dot-com or one of several hundred other extensions like .net, .us, and .me, a personal URL gives you and your child ownership of yet another piece of their digital identity. No one else can own it as long as you’re paying the fee to maintain it. Think of it as an investment. Down the road, it could be used for a personal email address, a professional portfolio site someday, or just a side project in web design. With internet URLs being a finite resource, it’s wise to see if spending a relatively small fee each a year is worth securing this piece of your child’s identity.
We all have one—that picture from our childhood that we absolutely dread because it’s embarrassing as all get-out. Now contrast that with today’s digital age, where an estimated 95 million photos are posted each day on Instagram alone. We’re chronicling our lives, our friends’ lives, and the lives of our families at an incredible rate—almost without thinking about it. And that opens a host of issues about privacy and just how much we share. Enter the notion of “sharenting,” a form of oversharing that can trample your child’s right to privacy.
For babies, we have to remember that they’re little people who, one day, before you know it, will grow up. How will some of those photos that seemed cute in the moment hold up when baby gets older? Will those photos that you posted prove embarrassing some day? Could they be used to harm their reputation or damage their sense of privacy and trust in you?
With that, let’s remember a couple things when it comes to sharing photos of our children:
• The internet is forever. Work on this basic assumption: once you post it, it’s online for good.
• Babies have a right to privacy too. It’s your job to protect it while they can’t.
So, before you post, run through that one-two mental checklist.
Sharenting can also lead to identity theft. In 2018, Barclay’s financial services estimated that oversharing by parents on social media will amount to more than 7 million cases of identity theft a year by 2030—just shy of a billion dollars U.S. worth of damage. This includes all the tips and cues that crooks can glean from social media posts and geographic metadata that’s captured in photographic files. Things like birthdays, pet names, names of schools, favorite teams, maiden names, and so forth are all fodder for password hacks and targeted phishing attacks. The advice here is to keep your digital lives close to the vest:
I. Set all social media accounts to private. Nothing posted on the internet is 100% private. Even when you post to “friends only,” your content can still get copied and re-shared.
II. This way, the general public can’t see what you’re posting. However, keep in mind that nothing you ever post online is 100% private. Someone who has access to your page could just as easily grab a screenshot of your post and then continue to share it that way.
III. Go into your phone’s settings and disable location information for photos. Specifics will depend on the brand of your phone, but you should have an option via the phone’s “location services” settings or within the camera app itself. Doing so will prevent the geographic location, time, date, and even device type from appearing in the metadata of your photos.
IV. Above all, think twice about posting in the first place. “Do I really need to share this?” is the right question to ask, particularly if it can damage your child’s privacy or be used by a scammer in some form, whether today or down the road.
Like new parents don’t have enough to think about already! However, thinking about these things now at the earliest stages will get you and your growing family off on a strong and secure start, one that you can build on for years to come—right up to the day when they ask for their first smartphone. But you have a while before that conversation crops up, so enjoy!
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post The Connected Lives of Babies: Protecting First Footprints in the Digital World, Part Two appeared first on McAfee Blogs.
The holidays have come and gone, and students returned to the virtual classroom. But according to the FBI, cyberattacks are likely to disrupt online learning in the new year. As of December 2020, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and MS-ISAC continue to receive reports from K-12 educational institutions about the disruptions caused by cyberthreats, primarily ransomware and Distributed Denial of Service (DDoS). To protect their education and digital lives, distance learners will need to stay vigilant when it comes to ransomware and DDoS attacks. Let’s dive into the impact these threats have on the K-12 education system now that more people are plugged in as a result of distance learning.
Of all the attacks plaguing K-12 schools this year, ransomware has been a particularly aggressive threat. Ransomware attacks typically block access to a computer system or files until the victim pays a certain amount of money or “ransom.” The FBI and the CISA issued a warning that showed a nearly 30% increase in ransomware attacks against schools. In August and September, 57% of ransomware incidents involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July. And it’s unlikely that hackers will let up anytime soon. Baltimore County’s school system was recently shut down by a ransomware attack that hit all of its network systems and closed schools for several days for about 111,000 students. It wasn’t until last week that school officials could finally regain access to files they feared were lost forever, including student transcripts, first-quarter grades, and vital records for children in special education programs.
According to to ZDNet, the five most active ransomware groups targeting K-12 schools are Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil. Furthermore, all five of these ransomware families are known to run “leak sites,” where they dump data from victims who don’t pay the ransom. This creates a particularly dangerous problem of having student data published online. To prevent distance learning disruption, students and educators need to understand the effects of ransomware on school systems and take steps to prevent the damage caused by this threat.
An increase in ransomware attacks isn’t the only problem that K-12 schools are facing. The CISA and the FBI warned those participating in distance learning to protect themselves against other forms of cyberattacks such as Distributed Denial of Service (DDoS). DDoS is a method where hackers flood a network with so much traffic that it cannot operate or communicate as it normally would.
According to Dark Reading, Miami-Dade County Public Schools experienced significant disruptions during their first three days of distance learning for the 2020-2021 school year, thanks to a series of DDoS attacks. The school system stated it had already experienced more than a dozen DDoS attacks since the start of the school year. Sandwich Public Schools in Massachusetts were also knocked offline by a DDoS attack. When school systems fall victim to DDoS attacks, students can lose access to essential documents, files, or online platforms that they need to complete assignments. And with many students relying heavily on distance learning systems, losing access could put them behind.
In an effort to create a standardized framework for dealing with ransomware attacks across verticals – including education – McAfee has teamed up with Microsoft to lead the Ransomware Task Force, along with 17 other security firms, tech companies, and non-profits. And while we’re taking critical actions to decrease the threat of ransomware attacks, there are other steps you can take to prevent ransomware and DDoS attacks from interrupting your distance learning experience. Follow these tips to take charge of your education and live your digital life free from worry:
Many ransom notes seem convincing, and many only request small, seemingly doable amounts of money. Nevertheless, you should never pay the ransom. Paying does not promise you’ll get your information back, and many victims often don’t. So, no matter how desperate you are for your files, hold off on paying up.
With ransomware attacks locking away crucial data, it’s important to back up your files on all your machines. If a device becomes infected with ransomware, there’s no promise you’ll get that data back. Ensure you cover all your bases and have your data stored on an external hard drive or in the cloud.
Use decryption tools
No More Ransom – an initiative that teams up security firms, including McAfee, and law enforcement – provides tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then, check out No More Ransom’s decryption tools and see if one is available for your specific strain.
Your Wi-Fi router is the gateway to your network. Secure it by changing the default password. If you aren’t sure how to do this, consult the internet for instructions on how to do it for your specific make and model, or call the manufacturer. Solutions like McAfee Secure Home Platform, which is embedded within select routers, can help you easily manage and protect your network from DDoS attacks and more.
A lot of internet of things (IoT) devices come with default usernames and passwords. After taking your IoT device out of the box, the first thing you should do is change those default credentials. If you’re unsure of how to change the default setting on your IoT device, refer to setup instructions or do a bit of research online.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Ransomware and DDoS is on the Rise: Tips for Distance Learning in 2021 appeared first on McAfee Blogs.
A baby can leave their first internet footprints even before they’re born.
The fact is that children start creating an identity online before they even put a little pinky on a device, let alone come home for the first time. That “Hello, world!” moment can come much, much sooner. And it will come from you.
From posting baby’s ultrasound pic to sharing a video of the gender reveal celebration, these are the first digital footprints that your child will make. With your help, of course, because it’s you who’ll snap all those photos, capture all those videos, and share many of them on the internet. Yet even though you’re the one who took them, those digital footprints you’ve created belong to your child.
And that’s something for us to pause and consider during this wonderful (and challenging!) stretch of early parenthood. Just as we look out for our children’s well-being in every other aspect of their little lives, we must look out for their digital well-being too. Babies are entitled to privacy too. And their little digital lives need to be protected as well.
Babies lives are more connected than you might think. Above and beyond the social media posts we make to commemorate all their “firsts,” from first solid food to first steps, there’s digital information that’s associated with your child as well. Things like Social Security Numbers, medical records, and even financial records related to them all exist, all of which need to be protected just like we protect that same digital information as adults.
Likewise, there’s all manner of connected devices like Wi-Fi baby monitors, baby sleep monitors, even smart cribs that sense restlessness in your baby and then rocks and soothes those little cares away. Or how about a smart changing table that tracks the weight of your child over time? You and your baby may make use of those. And because all these things are connected, they have to be protected.
1) Buying smart devices for baby, Part One: Connect with your care provider
As a new parent, or as a parent who’s just added another tyke to the nest, you’ll know just how many products are designed for your baby—and then marketed toward your fears or concerns. Before buying such smart devices, read reviews and speak with your health care provider to get the facts.
For example, you can purchase connected monitors that track metrics like baby’s breathing, heart rate, and blood-oxygen levels while they sleep. While they’re often presented as a means of providing peace of mind, the question to ask is what that biometric information can really do for you. This is where your health care provider can come in, because if you have concerns about Sudden Infant Death Syndrome (SIDS), that’s a much larger conversation. Your provider can discuss the topic with you about and whether such a device is an effective measure for your child.
2) Buying smart devices for baby, Part Two: Do your security research
Another question to ask is what’s done with the biometric data that such devices monitor. Is it kept on your smartphone, or is it stored in the cloud by the device manufacturer? Is that storage secure? Is the data shared with any third parties? Who owns that data? Can you opt in or opt out of sharing it? Can you access and delete it as needed? Your baby’s biometrics are highly personal info and must be protected as such. Without clear-cut answers about how your baby’s data is handled, you should consider giving that device a hard pass.
How do you get those answers? This is another instance where you’ll have to roll up your sleeves and read the privacy policy associated with the device or service in question. And as it is with privacy policies, some are written far more clearly and concisely than others. The information is in there. You may have to dig for it. (Of note, there are instances where parents consented to the use of their data for the purposes of government research, such as this study published by the U.S. National Institutes of Health.)
Related, here’s advice I give on every connected “smart” device out there, from baby-related items to smart refrigerators: before you purchase, read up on reviews and comments from other customers. Look for news articles about the device manufacturer too. The fact of the matter is that some smart device manufacturers are much better at baking security protocols into their devices than others, so investigate their track record to see if you can uncover any issues with their products or security practices. Information such as this can help you make an even more informed choice.
3) Secure your Wi-Fi baby monitor (and other smart devices too)
An online search for “hacked baby monitor” will quickly call up several unsettling stories about hackers tuning into Wi-Fi baby monitors—scanning the camera about the room at will and perhaps even speaking directly to the child. Often, this is because the default factory password has not been changed by the parents. And a “default password” may as well be “public password” because lists of default passwords for connected devices are freely available on the internet. In fact, researchers from Ben Gurion University looked at the basic security of off-the-shelf smart devices found that, “It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand.”
The three things you can do to prevent this from happening to your Wi-Fi baby monitor, along with other connected devices around your home, are:
What about “old-style” baby monitors that work on a radio frequency (RF) like a walkie-talkie does? Given that they’re not connected to the internet, there’s less risk involved. That’s because hacking into an RF monitor requires a per person to be in close physical proximity to the device and have access to the same broadcast frequency as your device—a far less likely proposition, yet a risk none the less. Some modern RF baby monitors even encrypt the radio signal, mitigating that much more risk.
4) Protect baby’s identity
There’s rightfully a great deal of conversation out there about the things we can do to protect our identity from theft. What’s talked about less often is protecting children from identity theft. In fact, little ones are high-value targets for cybercriminals is because we typically don’t run credit reports on children. In this way, a crook with the Social Security Number of a child in the U.S. can open all manner of credit and accounts and go undetected for years until that child attempts to rent an apartment or open his or her first credit card.
To protect your family from this kind of identity theft, the major credit reporting agencies suggest the following:
5) Register a URL for your child
Getting your kiddo a website is probably low on your list of priorities, yet it’s a sound move to consider. Here’s why: it carves out a piece of digital real estate that’s theirs and theirs alone.
Whether you opt for a dot-com or one of several hundred other extensions like .net, .us, and .me, a personal URL gives you and your child ownership of yet another piece of their digital identity. No one else can own it as long as you’re paying the fee to maintain it. Think of it as an investment. Down the road, it could be used for a personal email address, a professional portfolio site someday, or just a side project in web design. With internet URLs being a finite resource, it’s wise to see if spending a relatively small fee each a year is worth securing this piece of your child’s identity.
6) Sharenting, Part One: Think of baby’s future
We all have one—that picture from our childhood that we absolutely dread because it’s embarrassing as all get-out. Now contrast that with today’s digital age, where an estimated 95 million photos are posted each day on Instagram alone. We’re chronicling our lives, our friends’ lives, and the lives of our families at an incredible rate—almost without thinking about it. And that opens a host of issues about privacy and just how much we share. Enter the notion of “sharenting,” a form of oversharing that can trample your child’s right to privacy.
For babies, we have to remember that they’re little people who, one day, before you know it, will grow up. How will some of those photos that seemed cute in the moment hold up when baby gets older? Will those photos that you posted prove embarrassing some day? Could they be used to harm their reputation or damage their sense of privacy and trust in you?
With that, let’s remember a couple things when it comes to sharing photos of our children:
So, before you post, run through that one-two mental checklist.
7) Sharenting, Part Two: Identity Theft
Sharenting can also lead to identity theft. In 2018, Barclay’s financial services estimated that oversharing by parents on social media will amount to more than 7 million cases of identity theft a year by 2030—just shy of a billion dollars U.S. worth of damage. This includes all the tips and cues that crooks can glean from social media posts and geographic metadata that’s captured in photographic files. Things like birthdays, pet names, names of schools, favorite teams, maiden names, and so forth are all fodder for password hacks and targeted phishing attacks. The advice here is to keep your digital lives close to the vest:
Like new parents don’t have enough to think about already! However, thinking about these things now at the earliest stages will get you and your growing family off on a strong and secure start, one that you can build on for years to come—right up to the day when they ask for their first smartphone. But you have a while before that conversation crops up, so enjoy!
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post The Connected Lives of Babies: Protecting Their First Footprints in the Digital World appeared first on McAfee Blogs.
McAfee is headquartered in the U.S. and with our impressive global footprint protecting over 600 million devices protecting users’ connected lives isn’t just a priority for one location, but for the entire world that we serve. As Site Leader of our Consumer Ontario offices, when it came time to reflect on the past year, we knew it was important to gather findings for the communities we protect including those in Canada.
In 2020, we abruptly transitioned from offices to home workspaces, participated in distance learning, and figured out how to stay connected with friends and family from afar. We sought out new forms of entertainment by streaming countless movies and TV shows and found new ways to stay active with at-home workouts. None of this would’ve been possible without our devices and the technologies we rapidly adopted. In fact, data shows that we accelerated five years forward in digital adoption during the first two months of the pandemic alone. And according to findings from our 2021 Consumer Security Mindset Report, Canadian consumers plan to stick with this digital-first lifestyle in the new year and beyond.
In the past year, many of us started to use or increased our use of various online tools. In Canada, online banking surged to 78%, personal shopping to 63%, and social engagements to 59%. We’ve adapted to the convenience of these online alternatives and have used them to replace activities that were once primarily in-person. In fact, 70% of survey respondents indicated that they now use or have adopted common features designed for convenience, such as text and email notifications, web or mobile applications versus desktop sites, and more.
Online alternatives will continue to replace activities in people’s lives that were once in-person. According to our survey, the top digital activities that will remain part of our routines even as social distancing and stay-at-home restrictions lift include online banking, social engagements, and personal shopping. But as we continue to rely on technology to complete these tasks, how are we adapting our security habits to greater time spent online?
The more time we spend online interacting with various apps and services, the greater our exposure is to potential c
ybersecurity risks and threats. So, as we continue to adapt to and embrace our new digital world, hackers are simultaneously taking notes. Survey results show that 67% of respondents are most concerned about their financial data being stolen or compromised, while 65% are concerned that their personal information could get hacked.
A heightened sense of security is of the utmost importance so we can continue to live our digital lives free from worry. But 45% of survey respondents don’t feel very confident about their ability to prevent a cyberattack and believe that they don’t have what they need to ward one off.
Even with these concerns, there still appears to be a discrepancy between our perceptions around online security ver
sus our actions. While 66% of respondents stated that they purchased at least one connected device in 2020, only 42% bought security software, and only a quarter admitted that they check if their security software is up to date. But to preserve our digital wellness as we adopt new technology into our lives, we must upgrade our security habits in tandem. After all, it’s better to prevent a problem than be in a position of having to fix it.
To help prevent a hacker from striking, it helps to think about why they would want your data in the first place. However, 61% of Canadian respondents admitted that they never considered how much their online data is worth. Hackers are always looking for ways to exploit others for money. By scavenging and stealing our personally identifiable information over the internet, hackers can piece together our identities – a valuable asset and can be resold for a lot of cash.
To stay one step ahead of hackers and protect your digital wellness into the new year and beyond, continue to work on your own online habits and follow these security tips:
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by criminals who may have uncovered your information by keyboard snooping.
Hackers tend to lurk in the shadows on public Wi-Fi networks to catch unsuspecting users looking for free internet access. If you have to conduct transactions on a public Wi-Fi network, use a virtual private network (VPN) like McAfee® Safe Connect to help keep you safe while you’re online.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
When using third-party tools like video conferencing platforms, adjust your security settings by password protecting your meetings and blocking other meeting attendees from sharing their screens. You can also adjust your device’s app permissions to only access your location when actively in use, or enable safe browsing options to protect you from malicious websites.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post New Year, New Digital You: Canadian Survey Findings from McAfee appeared first on McAfee Blogs.
2020 was a year unlike any other. We transitioned from the corporate office to the home office, participated in distance learning, and figured out how to communicate with one another from afar. We sought out new forms of entertainment by streaming countless movies and TV shows and found new ways to stay active with at-home workouts. But none of this would’ve been possible without our devices and the technology we rapidly adopted. In fact, data shows that we accelerated five years forward in digital adoption during the first two months of the pandemic alone. And according to findings from our 2021 Consumer Security Mindset Report , online alternatives will continue to replace activities in people’s lives and routines that were once in-person.
In the past year, many of us started to use or increased our use of various online tools. For example, online banking usage increased from 22% in 2020, online fitness classes increased by 7%, and virtual doctor’s appointments increased by 9%. We’ve adapted to the convenience of these online alternatives and have used them to replace activities that were once primarily in-person. Additionally, 77% of survey respondents indicated that they now use or have adopted common features designed for convenience, such as text and email notifications, web or mobile applications versus desktop sites, and more.
Online alternatives will continue to replace activities in people’s lives that were once in-person. According to our survey, the top digital activities that will remain part of our routines even as social distancing and stay-at-home restrictions lift include online banking, social engagements, and personal shopping. But as we continue to rely on technology to complete these tasks, how are we adapting our security habits to greater time spent online?
The more time we spend online interacting with various apps and services, the greater our exposure is to potential cybersecurity risks and threats. So, as we continue to adapt to and embrace our new digital world, hackers are simultaneously taking notes. Survey results show that 71% of respondents are most concerned about their financial data being stolen or compromised, while 68% are concerned that their personal information could get hacked.
A heightened sense of security is of the utmost importance so we can continue to live our digital lives free from worry. But 29% of survey respondents don’t feel very confident about their ability to prevent a cyberattack and believe that they don’t have what they need to prevent one. And while another 40% is confident in their ability to prevent an attack, they think they could better understand how to identify or combat threats.
Even with these concerns, there still appears to be a discrepancy between our perceptions around online security versus our actions. While 70% of respondents stated that they purchased at least one connected device in 2020, only 50% bought security software, and only a quarter admitted that they check if their security software is up to date. But to preserve our digital wellness as we adopt new technology into our lives, we must upgrade our security habits in tandem. After all, it’s better to prevent a problem than be in a position of having to fix it.
To help prevent a hacker from striking, it helps to think about why they would want your data in the first place. However, over half of U.S. respondents admitted that they never considered how much their online data is worth. Hackers are always looking for ways to exploit others for money. By scavenging and stealing our personally identifiable information over the internet, hackers can piece together our identities – a valuable asset and can be sold for a lot of cash.
To stay one step ahead of hackers and protect your digital wellness into the new year and beyond, continue to work on your own online habits and follow these security tips:
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by criminals who may have uncovered your information by keyboard snooping.
Hackers tend to lurk in the shadows on public Wi-Fi networks to catch unsuspecting users looking for free internet access. If you have to conduct transactions on a public Wi-Fi network, use a virtual private network (VPN) like McAfee® Safe Connect to help keep you safe while you’re online.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
When using third-party tools like video conferencing platforms, adjust your security settings by password protecting your meetings and blocking other meeting attendees from sharing their screens. You can also adjust your device’s app permissions to only access your location when actively in use, or enable safe browsing options to protect you from malicious websites.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post New Year, New Digital You: Consumer Security Findings from McAfee’s Latest Report appeared first on McAfee Blogs.
One of the positive trends that we’ve seen in recent years is governments and users pressuring companies to simplify their privacy policies and security settings. This comes after a slew of concerning incidents, such as widespread data breaches and data sharing by social media companies.
The spotlight on these issues is beginning to take effect, as Facebook’s latest “Access Your Information” tool shows, and users are feeling more empowered. Furthermore, in November 2020, Californians voted in favor of the new California Privacy Rights Act to strengthen privacy protections for consumers. This is also reinforced by more and more states and countries considering or debating the introduction of comprehensive privacy legislation.
In fact, a recent study found that 71% of respondents checked their social media platform’s advanced privacy settings when they joined. This is great progress, but we can do more. We know from our research that only 39% of users make sure the site or service they’re using is legitimate, and a mere 12% use a dark web monitoring service. This year’s International Data Privacy Day, January 28th, is the perfect opportunity to make sure that your sensitive information stays as safe as possible.
The data we are looking to protect, known as Personal Data or Personally Identifiable Information (PII), can be anything that relates to your identity. And although many technology users feel that protecting this information is beyond their control, we actually have a lot of simple and effective ways to safeguard our PII. So, let’s start this new year by owning our privacy with a closer look at our social media accounts.
After all, we take pains to safeguard our finances, and the personal data we share on social channels is similar: it has value, and it’s up to us to make sure we take the right steps to keep it protected. Security tools like antivirus software and password managers help enormously in boosting our overall security, but when it comes to social media in particular it’s essential to know what kind of data we’re generating, and how it is used and shared.
First we need to recognize that where we click, “like” and login, all leave a digital footprint that can be used to reveal more about your identity and habits than you would think. For example, just using Facebook, Amazon, or Google to login to third-party sites generates an enormous amount of information about where you go and what you do. Many users choose this route because it is easier than creating and remembering passwords to each individual site.
Another way your data gets scattered around is through sharing—whether you intentionally post on social media sites, or use a website, app, or service that permits third-party access of user information. Many users unwittingly agree to this access because it’s buried somewhere in a thick privacy policy.
Now that we know a little more about how your PII gets out, let’s learn how to protect it.
Avoid oversharing—When it comes to social media accounts, set them to share with “friends only.” This should give you some control, but it’s also important to realize that your photos and data can still travel beyond your immediate network, so our best advice is not to post anything you wouldn’t want a future boss to see, for example.
For your other sensitive accounts, check to see which information is being shared, and with whom. If you’re not comfortable with the terms, you can decide to opt out, or close your account.
Check for linked logins—If you use your Facebook or Google login credentials to log in to other accounts, it’s a good idea to revise the list of sites that have access to your information and pare it down. In many cases you may have visited a site just once, and there is no reason for the third-party site to hold onto your data. Delete the linked information by visiting the website you used to login in the first place, and create unique login credentials for the sites you visit frequently.
Keep a careful eye on your apps—Mobile apps have become a key vector for hackers, so you want to make sure that you only download and install apps from reputable providers that have positive reviews.
For the apps that are already on on your phone or tablet, check the security settings to see if they are accessing more information than they need to work properly. For instance, a mapping app needs your exact physical location, but a gaming app may not. McAfee® Mobile Security can safeguard your devices from malicious files, and help prevent you from oversharing data with apps.
Lose what you don’t use—If you have accounts for apps or services that you no longer use, it’s time to get rid of them. This prevents them from potentially leaking your information in the future. Just remember that deleting an app doesn’t mean that your data is deleted. For that, you’ll need to close your account.
For the apps you want to keep, make sure they are updated, since updates often contain security fixes. You may also want to recheck the settings to ensure that your data is only being shared if you explicitly allow it.
Let tech tools help—Of course, I always recommend that you download security software, and a holistic solution like McAfee Total Protection includes dedicated privacy tools, like a virtual private network (VPN), which scrambles your data while it flows over the network, ensuring that no one else can see it. It also includes safe browsing tools to keep you safer from malicious sites and downloads, and dark web monitoring to help you keep tabs on your personal data.
McAfee also recently released a personal protection app (in beta) that monitors the dark web to see if your login credentials have been leaked. If so, it alerts you, so you can change your passwords immediately. It also includes a VPN.
Be careful where you click—Even the most savvy users can still accidentally click on a dangerous link, so consider using the free McAfee® WebAdvisor to alert you to risky links and downloads that may be hiding in your newsfeeds and timelines, before you click on them.
Stay aware of the latest scams—Part of owning your privacy includes staying informed about the latest threats. These blogs are a great resource.
This Data Privacy Day make a resolution to take back control of your personal information, and help others do the same. For more information visit the National Cyber Security Alliance.
Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.
The post This Data Privacy Day Own Your Privacy, Even On Social Sites appeared first on McAfee Blogs.
The events of 2020 didn’t just set significant lifestyle changes in motion. According to a recent study, it also influenced our mindset about our online security.
McAfee’s 2021 Consumer Security Mindset Report highlights our collective shift to a Digital-First mindset and the increased risks that come with it.
This study is essential to families for several reasons. First, because it gives us a snapshot of reality, and when we understand reality, we can take steps to improve it. Second, it’s a reminder to us as parents that helping our kids build their digital skills is a process subject to cultural shifts that will require continuous recalibration.
In short, the study reveals that we’re online more and, for convenience’s sake, we’re taking more chances with our security. In step with this increase in digital activity, online scams are on the rise. And, while most of us admit to being worried about our online security and, many still don’t have the digital habits they need to protect themselves.
How do we respond to this new and seemingly ongoing reality? We can say we need better cyber safety skills, or we can implement them.
To help you do just that, here are ten easy peasy steps your family can take today to strengthen the protective circle around your digital life. Note: You don’t have to be tech savvy to do these things. They are easy, effective ways to build up your family’s digital defenses. Here we go!
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 10 Easy Ways to Build Up Your Family’s Online Security appeared first on McAfee Blogs.
Meet ShinyHunters, a hacker who recently leaked 10 new databases this past month from companies including:
• Pixlr.com
• Bonobos.com
• Wognai.com
• Tesspring.com
• Tunedglobal.com
• Buyucoin.com
• Wappalyzer.com
• Chqbook.com
• Rooter.io
• MeetMindful.com
But this isn’t the first time they’ve made headlines. It all started in May of 2020 when ShinyHunters attempted to sell several stolen databases on the Dark Web. They also leaked several other databases between April and July. In October, they proceeded to leak the database of the meal kit delivery company, HomeChef. Not one to be easily satisfied, ShinyHunters continued their antics by exposing sixteen other databases in November, where personal user records and information were publicly shared. Prominent companies who fell victim to this wave of data breaches include gaming site Animal Jam, online marketplace Minted, and coupon company ShopBack, among others.
Personal data released ranges from contact information and addresses, dates of birth, passwords, and financial information. Not including the latest data breach, a total of 129,406,564 user records were exposed. Given the alarming size of the exposure, this gives way to rising concerns for when ShinyHunters will strike again. What’s more, this group seeks notoriety from their misdeeds, hoping to claim credibility for the number of attacks they can execute—a troubling thought for everyday users like you and me.
You never know when or if a breach will occur, which is why we must take precautions to protect our data in the case of a security breach. In the past year alone, we have seen a record number of data breaches, posing unforeseen security concerns and bringing light to new priorities for data protection. That’s why we must learn from these occurrences by proactively protecting our private information in 2021 and beyond.
There’s no way of knowing whether your personal information will fall into the wrong hands or that it will be used maliciously, but ShinyHunters has indicated that they are on the lookout for opportunities to expose more databases, so we must take the necessary steps to protect our personal information before the damage is done.
Not knowing what data was stolen can make it significantly more difficult to pinpoint what threats you may become subject to. If you realize a company you buy from fell victim to a data breach, start investigating. Use this tool to see if the breach affects you.
Great passwords are usually the first line of defense against personal data exposures, so it’s important to update them as soon as they are compromised. Additionally, use different passwords or passphrases for each of your online accounts which helps protect the majority of your data if one of your accounts becomes vulnerable. One route you can take is to use a password manager that not only lets you create strong passwords but can let you manage them efficiently with added security and peace of mind.
On top of updating your credentials, you’ll want to secure your log-in process by enabling 2-Factor Authentication. So, if a hacker has access to your stolen passwords, they’ll still have to bypass an added security layer that is time sensitive. This makes it even more difficult for them to access your information.
Like regular phishing attempts, spear-phishing attempts will try to steal your information by posing as an authentic entity to target unsuspecting victims. However, spear phishing attempts can be harder to spot because the attempt is modified to target a specific individual, often in the form of a personalized email. If you receive an email, call, or text asking you to download software, app, or pay a certain amount of money, do not click or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If you find that your credit card information has been exposed, keep an eye on your bank records and validate each transaction. In the above cases for a site like MeetMindful, where Facebook authentication tokens and user IDs were stolen, it’s always best to keep an eye on other social accounts for fraudulent activity.
For maximum financial protection, freeze your credit to prevent hackers from opening new accounts in your name. Placing a freeze on your credit is free for consumers and won’t affect your credit score. Simply contact the three major credit bureaus—Equifax, Experian, and TransUnion—to set up a freeze to secure your credit file until you decide to lift it.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post ShinyHunters Exposes Over 125 Million Online Credentials appeared first on McAfee Blogs.
Love finds a way. Even in a pandemic.
Across this year and last, a growing number of couples are sticking to their wedding dates as planned, yet with a twist—they’re holding them online.
Whether to comply with local guidance, accommodate friends and family who cannot travel, or some mix of both, online weddings are indeed happening. They take many forms—from streaming a small ceremony at a church or venue, to a couple in their home with an officiant in another location and attendees viewing online, love is indeed finding a way.
I was intrigued and ultimately moved by the story of one couple, Irene and Troy, which I read in an article about couples who have opted to hold an online wedding. According to the article, Irene said that the timing could not have been better. “My father, who is older in age, was especially thrilled to join our wedding from the comfort of his home, and virtually shared his sentiments on video for all to see. One of our guests who watched the virtual marriage shared: ‘We were moved and uplifted by it all… by your love to each other, your commitment, your generosity. We all needed it [at this time]: the affirmation of life and beauty and faith. It made us all happy. And, in a way, fulfilled.'”
That’s absolutely wonderful and a testament to the way a wedding can lift us all, particularly now—the embodiment of commitment, resilience, and love.
With more and more articles and services taking shape that describe the planning of an online wedding, I’d like to share a few of my thoughts about the technical and security considerations that will inevitably come up as couples plan and hold their online wedding ceremonies.
First off, you’ll need an official wedding license and to make sure that your locality recognizes an online wedding. Earlier in the pandemic, several states and localities issued legal orders to allow couples to get their wedding licenses online and even conduct their wedding online with a recognized officiant. Naturally, the answer as to whether you can hold an official wedding will vary where you live and what the exact requirements are. The best advice here is to consult with your local officials or family law practitioner to determine what options are legally available to you—from obtaining a wedding license either by mail or online, to who must officiate and witness the ceremony and how.
If you’re livestreaming your ceremony, a strong and reliable internet connection will top your list of must-haves. If it turns out that your location has so-so Wi-Fi or no internet at all, you can look into a mobile hotspot device. Available as either as a prepaid device or as a rental, the advantage of using a mobile hotspot device over the hotspot on your phone is that it can host multiple devices, have a better connection range than your phone, and last much longer than your phone in terms of battery usage.
Of course, the performance of a mobile hotspot will be influenced by the network that’s available to it. Check the specs of the device and the coverage in the area to see if it can support streaming reliably.
Given that 5G mobile connectivity is making its first appearances, you may find that your 5G-ready phone is a better choice than a 4G LTE mobile hotspot device. If this sounds like a bit much to you, or if you’d simply rather focus on other things for your big days, this is an area where you may want the help of a producer to coordinate this aspect of your online wedding.
An online wedding is a live streaming event, just like a show, your show, and it’s one you’ll want to have go off seamlessly so you and everyone else can bask in the moment. If you’ve been working, studying, or socializing online, you know what kind of headaches can crop up with video conferencing—bad lighting, bad sound, or simply the dreaded bad internet connection. That’s where a producer can help, both on the big day and well in advance of it too.
Depending on the size and experience you want for an online wedding ceremony, you can hire a dedicated producer who can oversee the technical aspects of your ceremony and even act as a digital emcee who can orchestrate the flow of your big day by making introductions, playing music, controlling the microphones of guests, or even setting up a digital receiving line so that everyone can get some dedicated time with the couple. They can help you select the streaming platform for your needs as well.
Online services like Wedfuly and SimplyEloped offer a variety of plans that can handle details such as these for you, from getting the right tech and camera angles in place to rehearsals just like an in-person ceremony—with the bonus of troubleshooting any issues. Other options include looking into local DJ services, as some of them have adapted to run online weddings too. As with any such service or wedding vendor like your photographer or florist, do your research. Look for testimonials from other couples and their guests to get a sense if the service and the experience they provide is the right fit for you.
Just like you need to keep any sort of video conference secure, that goes extra for your online wedding. My earlier advice on keeping video conferences secure still holds sway, yet I’ll add a few more things specific to weddings:
The mailed wedding invitation will always be an elegant and personal touch, yet the online wedding begs another kind of invitation—the sharing of a link and a password. As mentioned above, you can include this in your R.S.V.P. process by requesting your guests to share their email with you to receive the link and password. Another option is to use a shared spreadsheet in the cloud, like a Google Sheets or an Excel document in Office 365. You can direct invitees to the document and have them fill out their email address, number of attendees, and so on. This way, you can email your guests the secure link and password to your wedding when you’re ready.
If you’re feeling extra confident with online tools, you can set up an account with Mailchimp and deliver a mass email invite (designed with your colors and photos too) to your friends and family in one fell swoop. Similarly, there are yet more options for paperless invites. Check out this article for a rundown of other couple-friendly wedding invitation resources.
Contemporary wedding etiquette has taken shape over dozens of years, and once again it has adapted to the times. Some tips about online wedding etiquette are obvious. Like wearing sweatpants below dress attire is a no-no. However, some are a bit more subtle. From gift-giving to receptions to when to mute or unmute your mic, this article touches on many of the basics.
And don’t be shy to ask the couple or their coordinator questions if you’re uncertain about how the day will unfold or how you should dress. Just as with any wedding, some may be more formal or more casual than others. You can take a cue from the couple. In all, putting some extra effort into dressing up and maybe putting some flowers or a nice setting in the background will appear on the happy couple’s screen in wonderful ways. Imagine the look on their faces when they see you and your space looking joyful too!
If you’re looking for tips on how to get your devices and viewing space working and looking great, check out my earlier article on “Setting the Stage for Your Job Interview.” While it’s certainly focused on online interviews, much of the advice applies to setting up your device and your space for attending a wedding too.
For those of you who have your big day circled on the calendar, or soon will, congratulations! Whether you’re planning a ceremony that’s completely online or some manner of hybrid for your guests, I hope that what I’ve shared here will make your online wedding safer, more secure, and, above all, that much more memorable in the best of ways.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Digital Marriage—Making Sure Your Online Wedding is Safe and Secure appeared first on McAfee Blogs.
With Safer Internet Day upon us, it’s time to have “The Talk.” The internet talk, that is.
What’s the internet talk? It’s a candid conversation about how safe we’re really being when we go online, as opposed to how safe we think we’re being. Indeed, there can be a sizable gap between the two, and our 2021 Consumer Security Mindset Report shows us just how significant it is:
I don’t know about you, but I was struck by the fact that only 50% of people are purchasing security software when they buy a new device. If that’s so, then it’s indeed time for the talk.
Whether we have the talk with our kids, our parents, or even have it with ourselves, this is a chance to make sure we’re protecting the things that matter when we go online—our families, our privacy, our finances, our data, and, of course, our stuff too—like our computers, tablets, smartphones, and other connected things too.
Plenty. However, let’s look at Safer Internet Day as a way to take some important first steps by asking a handful of questions that can lead to a much safer you online.
Given that security software statistic mentioned above, let’s start at square one. Holistic security solutions will provide you with strong antivirus protection and much more on top of that. It can steer you clear of malicious downloads and links, intercept phishing emails before they hit your inbox, and protect your privacy as well—just to name a few. Additionally, it can protect your smartphones and tablets too, whether you have an Android or iOS devices. Don’t forget to cover those things too, as chances are you do about half of your browsing on them.
If you’re using simple passwords or repeating the use of the same password with little or no variation, it’s time to make a change. Strong, unique passwords protect you in this age of data breaches and hacks, where passwords are stolen and then sold on the black market. If creating strong and unique passwords for each of your accounts sounds like a lot of work, consider using a password manager to create and securely store passwords for you.
A firewall acts as a digital barrier that blocks unauthorized access to your computers and devices, which is a must these days (and has been for some time now). It’s often included with comprehensive security software (one more reason why having comprehensive security software is far superior to having “just” antivirus).
A virtual private network (VPN) is software that creates a secure connection over the internet, so you can safely connect from anywhere. You may want to use it at home when you’re looking for extra protection while banking or handling finances. And you’ll most certainly want to use it when logged into public Wi-Fi at places like airports, hotels, and cafes because so-called “free Wi-Fi” is often unsecured, making it easier for hackers to access your device or the information you’re sending and receiving.
It may come as surprising, but hackers can piece together a great deal of information about you from social media and use it as the means for all manner of attacks. That includes identity theft, social engineering attacks where they impersonate you or someone you know, and even password theft. Avoid oversharing on social media by keeping details like addresses, school names, and other personally identifying information to yourself. Also, set you profiles to private so that only friends and family can see them.
When you’re shopping, banking, or passing along any sort of sensitive information, make sure the site address starts with “https” instead of “http.” The “s” stands for secure, and many browsers will represent that with a little padlock icon to indicate use of https, which uses encryption to scramble and help secure data from prying eyes.
Another form of protection from malicious sites is McAfee Web Advisor, which can help you steer you clear of adware, spyware, viruses, phishing scams, and sketchy downloads.
Updates do more than keep your apps and software current with the latest features, they often include security improvements as well. When and where possible, set your devices and software to update automatically. And when prompted to update, say yes. The few moments you spend here can prevent major headaches down the road should your app or software open an avenue to an attack.
Now that’s the $50,000 question. And I say that only half-jokingly. Where would you be without your photos, files, tax records, finances, projects, and so on? The answer is probably “a world of hurt.” Losing it could set you back personally and financially. Back up your data. I suggest doing so with a combination of a reputable cloud storage service and a local physical device like an external hard drive that you store in a safe location.
Another option for particularly sensitive data and files is use encrypted storage. For example, our File Lock feature allows you to create password-protected encrypted drives on your PC that only appear when you’ve unlocked them, perfect for storing sensitive files like tax returns and financial documents.
Sometimes asking the right question can set things in motion, and I hope that’s what this little talk does by helping you identify and patch up any gaps you find in your security. Go ahead and set aside some time to have “The Talk.” You and anyone you have it with will be safer for it.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Lets Have “The Talk” About the Internet: 7 Conversation-Starters for Staying Safer Online appeared first on McAfee Blogs.
Whether they’re attending regular work meetings or catching up with extended family across the globe, many people leverage video conferencing to better connect with others – a process that will likely continue as our world only becomes more digital. But as the rapid adoption of video conferencing tools and apps occurs, potential threats to online safety emerge.
Agora is one of these tools for connection. The company’s video conferencing software is included in apps like MeetMe, Skout, Nimo TV, temi, Dr. First Backline, and Talkspace, across more than 1.7 billion devices globally. According to McAfee Advanced Threat Research (ATR), Agora’s video software development kit (SDK) until recently included a vulnerability that could have allowed an attacker to spy on ongoing video and audio calls.
In accordance with McAfee’s safe vulnerability disclosure policy, ATR provided Agora with details of its thorough research into the issue so that the software developer could take action to address it with a software update.
But let’s take a look at what a vulnerability like this could mean for users.
So, how exactly could this vulnerability allow others to spy on private calls?
The McAfee ATR team discovered that the Agora vulnerability stemmed from an error of incomplete encryption – the process of converting information or data into seemingly random output to prevent unauthorized access. Agora’s SDK implementation did not allow applications to securely configure the setup of video/audio encryption, thereby leaving a potential for hackers to snoop on them.
Therefore, if exploited, this particular vulnerability could’ve allowed a criminal to launch man-in-the-middle attacks, which occur when a hacker secretly intercepts and possibly alters the communications between two unsuspecting users. Aka, they could spy on users’ private video calls.
The vulnerability discovery and mitigation cooperation between McAfee and Agora illustrates why it’s so important for threat researchers to work closely and constructively with app developers to make our digital lives as safe as possible.
As a consumer, however, it’s important to realize what exactly you’re getting into when downloading applications for video conferencing and other tools that help you stay connected.
While the security community encourages developers to write software code with security in mind, software apps tend to struggle with bugs and vulnerabilities in their early days. Consumers should by all means download and enjoy the hottest new apps, but they should also take steps to protect themselves from any undiscovered issues that might threaten them.
Here are a few tips that can help ensure your safety while connecting with others online:
It’s easy to click “Install later” when software updates pop up on your screen. However, these updates often come with security patches for vulnerabilities like the ones mentioned above. To ensure that your software and apps have the latest security fixes, update them immediately or select the option update automatically if available.
Until a patch is created, you should operate under the assumption that a hacker could compromise your video calls. Avoid using vulnerable apps until developers make a software security update available to help protect your calls from being infiltrated.
In order to protect yourself and your loved ones from potential risks, make sure you have a holistic security solution in place, such as McAfee Total Protection, which can help block risky downloads with McAfee WebAdvisor, protect you from malicious mobile apps, and help update Windows and your apps all in one place with Vulnerability Scanner.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Hang Up on Hackers: Protect Yourself from Mobile App Video Conferencing Vulnerabilities appeared first on McAfee Blogs.
We’ve all come to a realization that we don’t go anywhere without our phone. It’s a utility that helps us navigate our daily lives: directions, schedules, shopping, discounts, banking, and so on. And as our reliance on our smartphone continues to grow, it’s no wonder that hackers have taken notice. This time, it’s another case of an app gone rogue.
With over 10 million downloads, the Barcode Scanner app provided users with a basic QR code reader and barcode generator, useful for things like making purchases and redeeming discounts. Then, most likely in a recent update, the app began to deliver ad-producing malware onto users’ phones – with the malware being traced back to the Android Barcode Scanner app. While Barcode Scanner was previously benign, it is believed that a hacker injected malicious code into the app before the latest update, pushing malware onto Android devices. Once installed, the malware hijacks your default web browsers and redirects you to random advertisements.
In a typical case of malvertising, or malicious advertising, fraudsters submit infected graphic or text ads to legitimate advertisement networks, which often can’t distinguish harmful ads from trustworthy ones. Under the guise of everyday pop-ups, these malicious ads push fake browser updates, free utilities, or antivirus programs in the hope that unsuspecting users will click. Depending on what kind of programs the malicious ads succeed in downloading, hackers might steal your data, encrypt or delete your information, or hijack your computer functions – as is the case with the Barcode Scanner’s malware.
While Google has taken down the Barcode Scanner from its store, it has not been deleted from infected devices. So, if you have the app on your phone, it’s time to uninstall it from your device manually…ASAP.
We all need to reflect on the state of our digital health, especially as hackers continue to target us through the device we use most – our phones. To help protect your data, family, and friends, check out these security tactics to keep sneaky mobile threats out:
While some malicious apps do make it through the app store screening process, most attack downloads appear to stem from social media, fake ads, and other unofficial app sources. Before downloading an app to your device, do some quick research about the origin and developer.
Reviews and rankings are still a suitable method of determining whether an app is legitimate. However, watch out for assessments that reuse repetitive or straightforward phrases, as this could be a sign of a fraudulent review.
Developers are actively working to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections.
Holistic security solutions across all devices continues to be a strong defensive measure to protect your data and privacy from online threats like malware.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Millions Affected by Malware Attributed to Android Barcode-Scanning App appeared first on McAfee Blogs.
Only 57% of women in the U.S. are working or looking for work right now—the lowest rate since 1988.
That telling data point is just one of several that illustrate a stark contrast in these stark times: of the millions who’ve seen their employment affected by the pandemic, women have been hardest hit.
According to the U.S. Bureau of Labor Statistics (BLS), some 2.3 million women left the workforce between the start of the pandemic and January 2021. Meanwhile, the BLS statistic for the number of men who left the U.S. workforce in that same period was 1.8 million. With International Women’s Day here, it’s time we ask ourselves how we can stem this inordinately sized tide of hard-working and talented women from leaving the workforce.
A broader BLS statistic provides a further perspective: a total of 4,637,000 payroll jobs for women have been lost in total since the pandemic began in the U.S. alone. That ranges from executive roles, jobs in retail, and educators, to work in public service and more. Of those jobs lost, about one third of women aged 25-44 cited that childcare was the reason for that unemployment.
Combine that with the fact that globally women carry out at least two and a half times more unpaid household and care work than men, and a global gender pay gap of 23%, it’s easy to see why millions of women have simply dropped out of the workforce to manage children and home schooling—even in the instances where employment is available.
Not that this should surprise us. For example, just a few years before the pandemic, research showed that few Americans wanted to revert to the traditional roles of women at home and men in the workplace. However, when push came to shove, the Pew Research showed that women most often made compromises when needs at home conflicted with work. And now we’ve seen that sentiment come home to roost. On a massive scale.
Put plainly, when the pandemic pushed, women’s working lives predominantly went over the edge.
Within these facts and figures, I’d like to focus on the women who are working remotely while caring for their families, whether that’s their children, elders in their lives, or even a mix of both. What can we do, as employers, leaders, and co-workers in our businesses to better support them?
As early as June, Forbes reported that women were reducing their working hours at a rate four to five times greater than men, ostensibly to manage a household where everything from daycare, school, elder care, and work all take place under the same roof. The article went on to cite ripple-effect concerns in the wake of such reductions like the tendency to pursue less-demanding work, greater vulnerability to layoffs, and reduced likelihood for promotion. In fact, one study conducted in the U.S. last summer found that 34% of men with children at home say they’ve received a promotion while working remotely, while only 9% of women with children at home say the same.
In an interview with the BBC, Melinda Gates, the Co-Chair of the Bill and Melinda Gates Foundation, stated her views on the situation succinctly: “I hope Covid-19 forces us to confront how unsustainable the current arrangement is—and how much we all miss out on when women’s responsibilities at home limit their ability to contribute beyond it. The solutions lie with governments, employers, and families committed to doing things more equitably.” I agree. This is a problem for us to solve together.
As for the role of employers and leaders in the solution, some thinking presented in The Harvard Business Review caught my eye. The article, “3 Ways Companies Can Retain Working Moms Right Now” focuses on what employers can do to better support the women in their workforce. The three ingredients the authors propose are:
If we think about the stressors we all face, this simple recipe actually reveals some depth. It takes knowing, and engaging with, employees perhaps more greatly than before. One sentence in the conclusion struck me in particular:
“It is no longer an option for managers to pretend that their employees do not have lives outside of their jobs, as these evaporated boundaries between home and work are not going away anytime soon.”
I see this every practically every day when I meet with my team. I’m sure you’ve seen it as well. With our laptop cameras on for sometimes hours a day, we’ve all caught glimpses into our coworker’s lives outside the office, seen that 7am meeting rescheduled for 8am to accommodate a busy breakfast rush with the family, or even kiddos pop into the frame during a call to say “hi.” What we may not see is just how much of a struggle that could be for some in the long haul.
Enter again those notions of providing certainty and clarity, rightsizing job expectations, and showing empathy. While not the end-all-be-all answers, they provide a starting point. As employers and leaders, if we can minimize the x-factors, adapt the workloads, and show compassion as we navigate the road to recovery, we can retain employees—and at least mitigate some of the stressors that are pushing women out of their jobs and careers during this pandemic. Exceptional employers and leaders have always done this. And now, in exceptional times, I believe it must become the norm.
Likewise, for co-workers, it’s absolutely okay to check in with people on your team, your vendors, your clients, and other people in your network and simply ask how they’re doing. I’ve had many meetings where we informally go around the horn and talk about what’s going on outside of work. The shared experience of working remotely has a way of creating new norms, and perhaps starting a meeting with an informal check-in way on occasion is one of them.
This is an opportunity to listen, simply so someone can feel better by being heard, and so that we can pinpoint places where we can come in and offer some support.
Some challenges women are facing are beyond our capacity to help firsthand, yet we can identify them when we see them. If you or someone you know is struggling, here are a few resources in the U.S. that can help:
The Office on Women’s Health, part of the U.S. Department of Health & Human services, offers a wealth of resources on its website, along with a help line that can provide further resources as well.
The National Institute of Mental Health has an extended list of articles, resources, and links to services that can provide immediate help for people who are struggling to cope or who are in crisis.
A Better Balance is a nonprofit legal advocacy group that “uses the power of the law to advance justice for workers, so they can care for themselves and their loved ones without jeopardizing their economic security.” They offer a confidential help line that can provide people with information about their workplace rights.
The National Women’s Law Center offers complementary legal consultations and with questions about accessing paid sick leave and paid leave to care for a child whose school or childcare provider is closed because of COVID-19.
As women leave the workforce worldwide, we’ve seen organizations lose precious talent, and we’ve seen women sacrifice their livelihoods and career paths. As such, the pandemic has exacted hard and human costs, ones that have fallen on women in outsized ways.
A problem of this scope is one for us to solve collectively. Apart from the bigger, broader solutions that may be forthcoming, as the employers and co-workers of women, there’s something we can do right now: reach out, listen, and act. These days call for more empathy and adaptation than ever before, particularly for the hard-working women who are doing it all—and then some.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Supporting the Women Most Affected by the Pandemic appeared first on McAfee Blogs.
It’s tax time in the United States, and even if you’re pretty sure you did everything right, you’re worried. Did I file correctly? Did I claim the right deductions? Will I get audited? Unfortunately, tax season brings out scammers eager to take advantage of your anxiety.
First, know that you’re probably doing a good job with your taxes. Less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if you address them promptly.
Still, wariness of the IRS and intricate tax laws makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include fake emails, phone calls from crooks posing as IRS agents, and even robocalls that threaten jail time. With the information they get from you, hackers can take things a step further by stealing your identity and filing tax claims in your name.
As if we didn’t have enough to worry about at tax time.
The good news is that you have plenty of ways to protect yourself from hackers. Check out these tips to stay safe this tax season.
Straight from the authority itself, the IRS has published its top 12 tax season scams with new warnings brought on by the events of 2020.
For example, new to this year are scams associated with stimulus checks sent out by the government. The IRS says they have seen “… a tremendous increase in phishing schemes utilizing emails, letters, texts and links. These phishing schemes are using keywords such as “coronavirus,” “COVID-19” and “Stimulus” in various ways.”
This is very important: The IRS does not use email. If you get an email from someone saying they are the IRS and they want to talk with you about a problem, it is a scam.
Here’s what the IRS has to say:
The IRS will never initiate contact with taxpayers via email about a tax bill, refund, or Economic Impact Payments. Don’t click on links claiming to be from the IRS. Be wary of emails and websites − they may be nothing more than scams to steal personal information.
Social media attacks also made the IRS Dirty Dozen. In a social media attack, scammers harvest information from social media profiles. Hackers use the information to gain access to your online accounts in social media and beyond, like your bank account. Make it hard for them. Make your social media profiles private so that only friends and family can see them. Also consider so you can be safer from these kinds of crimes.
When a hacker poses as an IRS agent, they try to get personal information from you, like your social security number. They might demand payment, sometimes under the threat of penalties or even jail time. These strong-arm tactics are a dead giveaway that the email or phone call is fake.
What will the IRS do? Usually, the IRS will first mail a bill to any taxpayer who owes taxes. IRS collection employees might call on the phone or make an unannounced visit to your home or business. If they require a payment, the payment will always be to the U.S. Treasury. Read about other ways to know what the IRS won’t do when they contact you.
And remember: the IRS does not use email to contact you about tax problems.
A good defense is a good offense. File early. Protect yourself by filing your claim before they have a chance to file one as you. You don’t want to be one of those identity theft victims who finds out you’ve been scammed when you file your taxes only to get a notice in the mail saying your tax claim has already been filed.
Here’s other tool that can help you fight identity theft. And get this: it’s not only helpful, it’s free. Through the Federal Trade Commission, you are entitled to a free copy of your credit report from each of the three major credit reporting companies once every 12 months. In this report, you can find inaccuracies in your credit or evidence of all-out identity theft.
Keep in mind that you get one report from each of the reporting companies each year. That works out to three reports total in one year. Consider this: if you request one report from one credit reporting company every four months, you can spread you free credit report coverage across the whole year.
The idea is that, just like with your physical wellness, there are lots of steps you can take to protect your digital wellness. We’ve covered some of those steps in this blog. Consider one more: protect your digital life with a holistic security solution like McAfee Total Protection so you can enjoy life online knowing your precious data is protected. Tax time or otherwise, security software is always a smart move.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Who loves tax season besides accountants? Hackers appeared first on McAfee Blogs.
Technological advancements continually emerge that make our lives easier. Right? As beneficial and convenient as emerging tech is, it can pose serious risks to our online safety and privacy—risks that you might find yourself ill-prepared to handle. In fact, according to our 2021 Consumer Security Mindset research, 45% of Canadian respondents don’t feel very confident about their ability to prevent a cyberattack and believe that they don’t have what they need to ward one off.
With many of us turning to online platforms for things we used to do in-person, activities like banking, shopping, taxes, and more, the need for broader online privacy protection has never been greater. As we continue to integrate technology into our everyday lives, we must learn to recognize the risks they pose and understand how to safeguard our online security.
Telehealth visits have opened the door for many to get the medical care they need when visiting the doctor or going to the hospital isn’t feasible. Digital health platforms have demonstrated many benefits for optimizing time and cost efficiencies for both patients and providers, but at what cost?
Despite efforts to address barriers to virtual healthcare adoption, Canada currently lacks a national framework for governing virtual care. As a result, many healthcare providers are left to act on their best judgements regarding patient data interoperability across provinces and providers. The lack of a pan-Canadian governance framework also makes it difficult for digital health platforms to operate with the assurance of certain security protocols, leaving many of us to wonder how to best protect our data in the face of an ambiguous virtual healthcare system. The risk is made all the more severe when factoring in sensitive biometric data from monitoring devices that can be used for malicious purposes when in the hands of cyber attackers. Those of us who take advantage of digital health devices must understand how to secure our data privacy and control its usage to mitigate further risks.
The first line of defense to ensure your data remains protected is to understand the security policies put in place by your healthcare provider and any third-party digital platforms that they leverage. Additionally, you’ll want to ensure that your healthcare provider uses a telehealth platform that integrates data encryption. Take matters into your own hands by enabling two-factor authentication and use strong passwords across all devices and accounts. Using a VPN and running anti-malware and anti-virus scans can also mitigate the risk of security threats during telehealth visits and while using integrated medical devices.
Student privacy is a top concern as households turn to remote learning. In a rush to optimize remote learning experiences in the face of a rapidly evolving digital landscape, many educators and remote learners may not realize the hazards that put student privacy at risk.
We’re almost a year into distance learning and schools have now adopted a range of technologies to optimize the digital classroom, including virtual learning platforms, holistic learning solutions, and even social media applications. However, many of these digital platforms are not designed for child usage, nor do they have privacy policies in place to ensure that the student data gathered is protected. Many learning platforms may even treat student data as consumer data, raising more red flags regarding student data privacy and compliance. Online learning has also garnered the attention of cybercriminals looking to exploit student data, resulting in online bullying, identity theft, and more.
For educators and parents alike, knowledge is the greatest asset to mitigating the risks of remote learning. IT teams and educators must understand the implications of the student data they collect, govern access to it, and control its usage to comply with child privacy regulations. Parents can take proper precautions by discussing the importance of privacy with their children. Keeping learning platforms up to date and monitoring their children to prevent them from downloading suspicious apps or straying to unknown websites are all ways to ensure safer remote learning environments.
Remote work has become commonplace nowadays as more companies permit their employees to work from home long-term and, for some, permanently. Given the abrupt shift to remote workplaces in the past year, companies have found themselves severely unprepared to handle the security and logistical concerns that accompany a distributed remote workforce.
In a recent Fenwick poll among HR, privacy, and security professionals across industries, approximately 90% of employees now handle intellectual property, confidential, and personal information in their homes. Endpoint security, or the protection of end-user devices such as our laptops and mobile devices, poses more of a concern as employees trade in office networks for their in-home Wi-Fi. If these devices and networks are unsecured or if the data is not encrypted, employees run the risk of exposing sensitive information to hackers. A lack of proper employee security training opens additional opportunities for online threats to take advantage of unsuspecting victims through common phishing scams.
Those of us working from home can help ensure the safety of our company’s confidential information by boosting our awareness of security threats and prevention measures via company-mandated security trainings. Additionally, we can promote a safer remote working environment by practicing basic digital hygiene like keeping all devices and software up to date, using a VPN and a strong password across devices.
With the limited availability of in-person exercise classes, many of us have turned to virtual fitness experiences to augment our personal health regimens. Some have even taken their fitness routines one step further to include and high-tech equipment like at-home spin bikes or other wearable devices to track and monitor progress.
Although these devices create a more engaging experience and connect users across the globe through online sharing, there are risks, too. Wearables and other devices embedded with sensors and software that collect and share data across an interconnected network are considered Internet of Things (IoT) technology. IoT devices don’t have the same stringent security protocols as laptops and mobile devices, making them more susceptible to cyberthreats.
To prevent cyber attackers from infiltrating IoT devices connected to your home network, start by securing your network router. Change the default name and password of your router so hackers can’t identify the make and model. Create an additional layer of security by enabling the highest level of encryption to secure your Wi-Fi network. We also suggest creating a guest network for your IoT devices so that even if someone does infiltrate your IoT device, they won’t be able to access other devices like laptops and mobile devices.
Some of the platforms I use the most allow me to keep track of and manage my finances. Whether it’s my mobile banking app or taking advantage of online tax filing, there is such a convenience in having the ability to pay bills, deposit checks, and more, all with the devices I use every day. But many of us may not realize just how much trust we put into these platforms to protect our online privacy, especially when we don’t have a clear picture of who exactly is on the other end of our online transactions.
While recognizing the signs of online banking and tax-related fraud helps ease the burdens associated with these schemes, there are multiple steps users can take to prevent becoming a victim of these scams in the first place. If you receive a call regarding your taxes, make sure the caller is a CRA employee before handing over money or personal information on the phone. You can also double-check your tax account status and make sure the CRA has your current address and email. This will also show whether you owe a balance if a hacker does try to trick you into paying up. By being mindful of how cybercriminals take advantage of the platforms we use out of convenience, we can better protect against threats to our personal privacy.
Digital devices are part of how we live our lives every day, whether we’re taking conference calls on our laptops, tracking the latest mile on our smartwatches, or banking on the go. Although our everyday digital devices make our lives that much more convenient, securing them makes our lives that much safer by minimizing online threats to ourselves and those around us. Safeguarding the digital platforms we use for work, school, fitness, you name it, is the first step to ensuring our private information remains just that—private.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Privacy in Practice: Securing Your Data in 2021 and Beyond appeared first on McAfee Blogs.
In the eyes of hackers, scammers, and thieves, your online privacy and identity look like a giant jigsaw puzzle. One that they don’t need every piece to solve. They only need a few bits to do their dirty work, which means protecting every piece you put out there—a sort of holistic view on your personal security. One that protects you, not just your devices.
Here’s what’s at stake: we create and share loads of personal information simply by going about our day online, where each bit of information makes up a piece of that giant jigsaw puzzle. Some pieces directly identify us, like our tax returns, bank account information, or driver’s licenses. Other pieces of information indirectly identify us, like the IP addresses assigned to our computers, tablets, and phones—or device ID numbers, location information, and browsing history. And bad actors only need a few key pieces to do you harm, such as committing identity crime in your name or selling your personal information on sketchy websites or the dark web.
While people show great concern about their personal information, who has it and what’s done with it, our research shows that 70% of people feel like they have little or no control over the data that’s collected about them. However, you have plenty of ways that you can indeed take control—ways that can prevent, detect, and correct attacks on your privacy and identity. That’s where holistic protection comes in.
You can think of holistic protection as layers of shields that protect you and the devices you use. It gives you three layers in all—a Prevention Layer, Detection Layer, and a Correction Layer.
A holistic and comprehensive security solution like McAfee+ combines those three layers in a way that protects your personal information and keep your identity private, showing you how it does it along the way, so you can see exactly how safe you are. Let’s take a quick look of some of the protections you’ll find in each layer …
In the Prevention Layer, you’ll see:
In the Detection Layer, you have …
In the Correction Layer, several other protections have your back …
These are just a few examples of the protections in each layer. And you’ll find our most comprehensive holistic protection in McAfee+ Ultimate, covering your privacy, identity, and devices.
While your online privacy and identity may look a jigsaw puzzle, protecting it shouldn’t be as complicated. With a holistic security solution for your personal protection, you can minimize your exposure with layers of security that do much of the work for you.
Antivirus on your PC is not enough. It has not been enough for many decades now. And this becomes more evident as we continue to spend more time online, with the average person spending 6 hours and 54 minutes online each day, leaving clouds of personal information in their wake.
While standalone apps like a password manager, a VPN app, and an identity solution from different vendors can be piecemealed together with your device security, these are difficult to keep track of and burdensome to maintain.
We have combined the important tools you need into a seamless and comprehensive experience because good security software is something that you use daily to feel safer online. This is why we are working on your behalf to redefine security, so you can enjoy your connected life with confidence.
The post True Security Requires a Holistic Approach appeared first on McAfee Blog.
You flick through some reels and an ad for “a more private phone” crops up. You scroll through your news feed and catch wind of yet another data breach at a major retailer. You see a post from a friend who says their social media account was hacked. Maybe you don’t think about security every day, but when you do, it can feel … overwhelming. We’re here to solve that. We’re here to make security easy.
As security providers, we have to offer protection against a wide variety of threats without adding more complexity to your already busy life. Managing your security should be easy, and even enjoyable.
Enjoyable?
Yes. We want you to have a sense of accomplishment, both knowledge and a feeling that you’re safer than you were before.
With these things in mind, we set out to make your security software work better for you. We streamlined the experience to simplify what you see, while still offering robust protection. After all, true security is the security that you benefit from every day, and it’s up to us as providers to make it smooth and easy as possible.
Our new setup process now includes easier navigation, fewer screens, and clearer action items and alerts. It smoothly moves you through setting up protection across all the ways you interact online and your compatible devices. This way, you know that we’re helping to keep you safe whether you’re messaging, browsing, or shopping and banking online.
Another area where we put a lot of focus is the new home screen. This is your home base, where we clearly show you what your current protection status is in the areas that matter the most to you. This includes making it easier to monitor your personal information and strengthen protections you already use, like passwords.
The home screen is also where you come to perform essential tasks, such as running an antivirus scan. It guides you to take actions when needed, giving you proactive protection, and a clear view of your overall security in one convenient place. From here you can access details on the status of your PC, web, and identity protection.
While we’re always focused on helping you feel confident and protected online, we realize that making our tools easy to use is just as important. The digital security landscape will continue to be a complicated one, with more than a million new and unique threats cropping up each day, but we can and are making security simpler, and therefore, more effective.
With easier setup and protection that turns on automatically at the right moments, we want to make security easier for you so that you can feel safer online. We’ve heard your feedback about how we can improve, and we’ll bring all that goodness in a product that you can use every day.
You’ll find this interface across our McAfee+ family of products, along with continual upgrades and improvements as we roll out more features that will keep you safer online.
The post Let’s Make Security Easy appeared first on McAfee Blog.
In a year where people relied on their digital lives more than ever before and a dramatic uptick in attacks quickly followed, McAfee’s protection stood strong.
We’re proud to announce several awards from independent third-party labs, which recognized our products, protection, and the people behind them over the course of last year.
The Cybersecurity Excellence Awards is an annual competition honoring individuals and companies that demonstrate excellence, innovation, and leadership in information security. We were honored with four awards:
Further recognition came by way of three independent labs known for their testing and evaluation of security products. Once more, this garnered several honors:
As the threat landscape continues to evolve, our products do as well. We’re continually updating them with new features and enhancements, which our subscribers receive as part of automatic product updates. So, if you bought your product one or two years ago, know that you’re still getting the latest award-winning protection with your subscription.
We’d like to acknowledge your part in these awards as well. None of this is possible without the trust you place in us and our products. With the changes in our work, lifestyles, and learning that beset millions of us this past year, your protection and your feeling of security remain our top priority.
With that, as always, thank you for selecting us.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post McAfee Awarded “Cybersecurity Excellence Awards” appeared first on McAfee Blogs.
When gyms were forced to close last year, you likely looked for other ways to get some exercise and stay active during quarantine. From investing in a few pairs of dumbbells or perhaps downloading an app or two to help you track your workouts, you found alternatives to help you break a sweat. As an accessible, easy way to release endorphins, running quickly grew in popularity along with the platforms that help runners stay accountable. According to Runner’s World, there was a 34% uptick in outdoor miles logged by common fitness apps between March and September 2020 compared to the same stretch in 2019. But are these tools potentially endangering your privacy?
According to TechCrunch, running apps could potentially threaten your security if the data they collect ends up in the wrong hands. Let’s explore the functionalities of these apps and how they could pose a threat to your online safety.
Running apps are solid companions for advanced and amateur runners alike, allowing you to track the length of your run and set a pace for yourself. These apps learn a lot about you the more you use them by gathering health data like your height and weight and even your location. But similar to the threats that exist when you overshare on other online platforms, this data could pose a serious threat to your privacy. For example, location data could identify where you live or where you work – information that you definitely wouldn’t want in the hands of a stranger. If a cybercriminal is able to hack into your account, they could exploit this information to commit identity theft or craft a phishing email disguised as your employer.
Additionally, many of these apps lack basic security measures to prevent hackers from breaking into accounts or from health and fitness data from spilling out. For example, many popular running apps allow the most basic passwords like “qwerty” and “password.” Oftentimes, hackers automate their attacks by targeting accounts with easy-to-crack passwords like the ones mentioned. This allows them to exploit the most accounts with as little effort as possible. Furthermore, these apps do not have the option to set up two-factor authentication, which creates an additional barrier to prevent hackers from exploiting reused passwords.
No matter where you are in your fitness journey, it is essential to take the necessary precautions to minimize the risks of the platforms you use to hold yourself accountable – running apps included. If you are looking to hit your stride while keeping security and privacy top of mind, follow these tips:
Your password is your first line of defense, so it is important that you use one that is strong and unique to your other account credentials. If a hacker does manage to guess your password for one of your online accounts, it is likely they will check for repeat credentials across multiple sites. By using different passwords or passphrases, you can feel slightly more at ease knowing that the majority of your data is secure if one of your accounts becomes vulnerable.
You can also use a password manager to help you create strong passwords, remove the hassle of remembering numerous passwords, and log on to websites automatically.
Some running apps are configured to publicly share user data by default. After you download an app, spend some time researching how to change these settings so your data is not shared with strangers without your permission.
If your running app of choice does undergo any security updates, make sure that they are installed as soon as possible. Developers actively work to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections. The easiest way to do this is to enable automatic software updates on your mobile device.
Next time you go for a run with your location services on, think again about what risks this poses to your virtual security and your physical safety. Enhance your security by only enabling the features that are necessary to optimize your fitness performance. This will help prevent hackers from using your location as a vehicle to invade your privacy.
Since the data collected on running apps involves sensitive health and location information, it is worth reviewing the privacy policies for all of the fitness platforms you regularly use to see how your data might be affected. To ensure that you can keep moving toward your fitness goals while protecting your online safety, stay educated on the tools you use to track your progress and implement the necessary security measure to do so with security in mind.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Remain Secure While Using Running Apps appeared first on McAfee Blogs.
Cybersecurity is often used as a blanket term to address online safety. Cybersecurity can refer to the software used to protect your devices, but it can also refer to the processes you put in place to protect yourself from online threats. Whether you’re implementing best practices, building awareness of security threats, or installing security software, taking a holistic approach to online security is crucial to remain secure and protected at all times.
Here are three tips for a holistic online security approach.
Efficient online protection ultimately begins with you, the end-user, and the steps you take to secure your devices.
The first step to ensure your device is secure is never to leave it unattended. Whether you’re at the grocery store or at home, always keep an eye on your devices. All it takes is a few minutes for someone to steal them or for kids to click on a malicious link while your attention is diverted. Make sure you have a contingency plan in case your device is compromised. For example, if someone steals your device, wipe the information on the device remotely. Revert it to the factory setting, so the thief can’t access your personal information. Regularly back up your data in the event of a lost or compromised device to ensure you retain important documents.
In some instances, you can also recover deleted files at any time given the right tools. Regularly shred unwanted documents for the files that you want permanently deleted. Install security measures across all devices and your networks to protect your data and privacy. Always lock your device before stepping away and layer your device security with multi-factor authentication to ensure you are the only one who can access your sensitive information.
Passwords are the gateway to your device and play just as critical a role in securing your personal information. Follow password best practices to prevent cybercriminals or mischievous children from infiltrating files and data. Use long and complex passwords and never reuse them across accounts. You can also use a password manager to keep track of your passwords in one centralized and secure location.
Strengthen your protection strategy by layering your physical device security with an enhanced awareness of relevant threats. Start by first taking a step back to assess your online persona. In other words, who are you? Are you a college student or a remote working parent who teleconferences frequently? Do you own an iOS device? Understand what your online devices and habits say about you as a person, as this will affect why and how cybercriminals target you.
For example, if you frequently teleconference for work or medical visits, you need to be aware of the teleconferencing risks of remote work or telehealth. Remote workers and telehealth patients face threats such as phishing emails or disrupted video conference calls. As a result, users must know the importance of using a video conferencing tool with end-to-end encryption and not sharing sensitive information through chat features.
Once you know the risks you face as an online user, consider the specific daily best practices for online safety. One good habit includes regularly updating your devices and software. Updating laptops, mobile devices, and routers ensure that existing bugs are fixed and security flaws are patched. Devices not equipped with the latest software are vulnerable to hackers.
Additionally, many cybercriminals will use social media to identify victims and target them through social engineering tactics. For example, they will send phishing emails to steal personal information and sell it on the dark web or hold it for ransom. Once you know what to look for, phishing emails are easy to spot. From there, you can send malicious messages straight to your trash folder and sidestep the threats that lie within. Check your privacy settings to control who can view your posts and ensure you receive notifications about suspicious activity on your account. Don’t respond to unknown messages and think twice before revealing sensitive information online. Practice better awareness by keeping up with new viruses and vulnerabilities. Use monitoring tools to check if your email or phone number is released in a recent data breach. Keep an eye on your financial accounts and consider freezing your credit to prevent hackers from taking out loans and opening new accounts in your name. Read reports such as McAfee Labs Threats Report and stay informed through credible news sources to stay one step ahead of the latest threats.
Also, stay aware of online fraud tactics since they are a significant risk for many Canadians. According to a CPA Canada Fraud Study conducted in January, almost three in four of those surveyed have received fraudulent requests including email and telemarketing requests. Evade online fraud by screening for unknown calls and steering clear of unsecured websites asking for sensitive information such as personal identification numbers and bank information.
The final component of a holistic security strategy involves implementing a complete security suite, such as McAfee Total Protection, across all your devices. Leveraging software security tools is one of the best ways to protect your devices and personal information from online threats. This software takes a multi-layered approach to security to prevent virus infection, detect vulnerabilities and minimize the risk of viruses.
For example, tools like a VPN and antivirus software take a preventive approach to online security. A VPN encrypts your data, so even if someone were to get their hands on your information, they would not be able to make much sense of it. Antivirus software guards against malware and monitors online traffic and activities for malware.
Detection and correction capabilities are also crucial to a well-rounded security suite. Identity theft protection is a critical part of this solution to ensure the integrity of your credit, as well as your court and criminal records, remain intact. Report missing ID cards and conduct a background if you suspect someone is impersonating you. The right security solution will be able to monitor your accounts and notify you when it detects unusual activity. It will also be able to guide you through the remediation process to restore your privacy and identity.
Effective cybersecurity requires a multifaceted approach to create a holistic security strategy. This approach should integrate layered protection starting with your devices, expanding to your threat awareness, and ending with the software tools you leverage to enhance your digital security. With a strategic framework in place, you can rest assured knowing that you are well equipped to handle whatever malicious threat comes your way.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 3 Tips to a Holistic Online Security Approach appeared first on McAfee Blogs.
There are more online users now than ever before, thanks to the availability of network-capable devices and online services. The internet population in Canada is the highest it has been, topping the charts at 33 million. That number is only expected to increase through the upcoming years. However, this growing number and continued adoption of online services pose increasing cybersecurity risks as cybercriminals take advantage of more online users and exploit vulnerabilities in online infrastructure. This is why we need AI-backed software to provide advanced protection for online users.
The nature of these online threats is ever-changing, making it difficult for legacy threat detection systems to monitor threat behavior and detect new malicious code. Fortunately, threat detection systems such as McAfee’s Antivirus and Threat Detection Defense adapt to incorporate the latest threat intelligence and artificial intelligence (AI) driven behavioral analysis. Here’s how AI impacts cybersecurity to go beyond traditional methods to protect online users.
Most of today’s antivirus and threat detection software leverages behavioral heuristic-based detection based on machine learning models to detect known malicious behavior. Traditional methods rely on data analytics to detect known threat signatures or footprints with incredible accuracy. However, these conventional methods do not account for new malicious code, otherwise known as zero-day malware, for which there is no known information available. AI is mission-critical to cybersecurity since it enables security software and providers to take a more intelligent approach to virus and malware detection. Unlike AI–backed software, traditional methods rely solely on signature-based software and data analytics.
Similar to human-like reasoning, machine learning models follow a three-stage process to gather input, process it, and generate an output in the form of threat leads. Threat detection software can gather information from threat intelligence to understand known malware using these models. It then processes this data, stores it, and uses it to draw inferences and make decisions and predictions. Behavioral heuristic-based detection leverages multiple facets of machine learning, one of which is deep learning.
Deep learning employs neural networks to emulate the function of neurons in the human brain. This architecture uses validation algorithms for crosschecking data and complex mathematical equations, which applies an “if this, then that” approach to reasoning. It looks at what occurred in the past and analyzes current and predictive data to reach a conclusion. As the numerous layers in this framework process more data, the more accurate the prediction becomes.
Many antivirus and detection systems also use ensemble learning. This process takes a layered approach by applying multiple learning models to create one that is more robust and comprehensive. Ensemble learning can boost detection performance with fewer errors for a more accurate conclusion.
Additionally, today’s detection software leverages supervised learning techniques by taking a “learn by example” approach. This process strives to develop an algorithm by understanding the relationship between a given input and the desired output.
Machine learning is only a piece of an effective antivirus and threat detection framework. A proper framework combines new data types with machine learning and cognitive reasoning to develop a highly advanced analytical framework. This framework will allow for advanced threat detection, prevention, and remediation.
Online threats are increasing at a staggering pace. McAfee Labs observed an average of 588 malware threats per minute. These risks exist and are often exacerbated for several reasons, one of which is the complexity and connectivity of today’s world. Threat detection analysts are unable to detect new malware manually due to their high volume. However, AI can identify and categorize new malware based on malicious behavior before they get a chance to affect online users. AI–enabled software can also detect mutated malware that attempts to avoid detection by legacy antivirus systems.
Today, there are more interconnected devices and online usage ingrained into people’s everyday lives. However, the growing number of digital devices creates a broader attack surface. In other words, hackers will have a higher chance of infiltrating a device and those connected to it.
Additionally, mobile usage is putting online users at significant risk. Over 85% of the Canadian population owns a smartphone. Hackers are noticing the rising number of mobile users and are rapidly taking advantage of the fact to target users with mobile-specific malware.
The increased online connectivity through various devices also means that more information is being stored and processed online. Nowadays, more people are placing their data and privacy in the hands of corporations that have a critical responsibility to safeguard their users’ data. The fact of the matter is that not all companies can guarantee the safeguards required to uphold this promise, ultimately resulting in data and privacy breaches.
In response to these risks and the rising sophistication of the online landscape, security companies combine AI, threat intelligence, and data science to analyze and resolve new and complex cyber threats. AI-backed threat protection identifies and learns about new malware using machine learning models. This enables AI-backed antivirus software to protect online users more efficiently and reliably than ever before.
AI addresses numerous challenges posed by increasing malware complexity and volume, making it critical for online security and privacy protection. Here are the top 3 ways AI enhances cybersecurity to better protect online users.
The most significant difference between traditional signature-based threat detection methods and advanced AI-backed methods is the capability to detect zero-day malware. Functioning exclusively from either of these two methods will not result in an adequate level of protection. However, combining them results in a greater probability of detecting more threats with higher precision. Each method will ultimately play on the other’s strengths for a maximum level of protection.
AI enables threat detection software to think like a hacker. It can help software identify vulnerabilities that cybercriminals would typically exploit and flag them to the user. It also enables threat detection software to better pinpoint weaknesses in user devices before a threat has even occurred, unlike conventional methods. AI-backed security advances past traditional methods to better predict what a hacker would consider a vulnerability.
AI can help users understand the risks they face daily. An advanced threat detection software backed by AI can provide a more prescriptive solution to identifying risks and how to handle them. A better explanation results in a better understanding of the issue. As a result, users are more aware of how to mitigate the incident or vulnerability in the future.
AI and machine learning are only a piece of an effective threat detection framework. A proper threat detection framework combines new data types with the latest machine learning capabilities to develop a highly advanced analytical framework. This framework will allow for better threat cyber threat detection, prevention, and remediation.
The post The What, Why, and How of AI and Threat Detection appeared first on McAfee Blogs.
Kids are online now more than ever, not just during free time, but also during school time. It is impossible to always peek over their shoulder, and depending on their age, they may grow tired of a POS (aka parent over shoulder). The internet can be a dangerous place, but with the right education, kids can navigate hazards and remain safe and calm while online.
Check out this online safety guide on how to keep your children engaged while learning about cybersecurity and imparting lessons that stick. This guide will work for children ages 6 through 18 with variations.
The first tip to teaching kids about online safety is making sure that your lessons are relatable. For example, if the day’s lesson is about phishing, do not illustrate it with an example of a major corporation’s folly. Instead, liken it to stranger danger. Just like kids know not to talk to strangers on the sidewalk and to distrust strangers who say they have candy, tell them that the same rule applies to online strangers: Walk right by and do not accept anything you are offered. That means not clicking on any links the online stranger sends you, especially when they say you have won a prize. Thirty-four percent of Canadians have encountered a phishing attack since the beginning of the pandemic, according to Statistics Canada. This prevalence means that it is likely someone in your family will receive a phishing message. Warn children that phishing and other social engineering attempts are likely to play with their emotions to make them feel happy, excited, mad, or scared. Encourage your children to always stay calm online and let an adult know when they are approached by strangers.
Along the lines of keeping cybersecurity lessons relatable, make sure that children also know what is at stake if they are irresponsible online. In the case of clicking on suspicious links, tell children that this could make their device ill. When computers are infected with a virus, or are sick, they work slowly and could shut off when they are in the middle of a school assignment. Also, make note of the prevalence of viruses, and how children should stay on guard for them constantly. Over 800,000 Canadian devices had encounters with malware in the last 30 days, at the time this article was written.
In extreme cases, children can have their identities stolen due to irresponsible online behavior. A stolen identity could affect their credit card eligibility and set them off on the wrong foot in adulthood. Stress the severity of identity theft and the specific consequences. Teenagers who have their sights set on financial freedom, buying a car, or setting up their own bank account could be severely affected. The best way to keep your identity safe is by keeping your Social Insurance Number completely private, never sharing your banking information, and not oversharing online. Canada’s Centre for Digital and Media Literacy explains that preteens especially have a hard time judging the accuracy of online information and are vulnerable to filling out forms that ask for their personal information. When possible, try to keep all internet-connected devices in communal areas of your home so you can periodically check in on your kids.
When teaching children about online safety, make sure you don’t use fear tactics. Be firm about the potential consequences, but emphasize that kids have your support, the right online literacy skills, and the support of antivirus software and identity theft protection to catch any threats that fall through the cracks.
Passwords are a thing of the past. The hippest new way to protect your accounts is with complex, yet memorable, passphrases. The Government of Canada defines a passphrase as “a memorized phrase consisting of mixed words with or without spaces.” When kids are old enough to be responsible for their own accounts, such as a school login, email address, or social media profile, impart the lesson of passphrases. Thinking up passphrases can turn into a fun exercise.
When it is time to create a passphrase, have your kids brainstorm some of their favorite things that loosely relate to the account the passphrase is for. For example, a social media site’s passphrase could be about friends, like “A$hleyIsMy#1Fr13nd!” and a school login could be along the lines of “$0cial$tud!esR0ck$!” A loose association may make the passphrase easier to remember.
If they are gamers, kids may already be familiar with leet, or using symbols in place of letters. Encourage children to practice their leet fluency and substitute as many letters for symbols as they would like. The Government of Canada recommends that passphrases be at least 15 characters long.
As hard as it might be, never write down passphrases on paper, do not share your password with other people, and do not reuse passphrases. Instead, leverage a password manager, like McAfee True Key, to keep them safe for you. If your child is old enough, encourage them to set up their own account and protect it with two-factor authentication.
Encourage kids to ask questions! Part of your cybersecurity lessons should be to alert an adult when they are not sure if something is quite right. For example, they received an email from grandma, but there is a weird link hidden inside it. Children should know that they can come to you for questions and caution is better than rolling the dice. Questions can then lead to advanced lessons, like how to hover over links to see where they redirect and if the links look fishy.
The cybersecurity lessons you impart on children now will set a solid foundation for sound cyber literacy for a lifetime. No one is ever too old or too young to learn the basics and then put them into practice. Who knows? Maybe you will learn something along the way.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Teach Kids About Online Safety: A Guide appeared first on McAfee Blogs.
Every day you place your personal information in the hands of companies and trust that it will remain safe. However, what happens when external threats jeopardize your personal data security, especially while working remotely?
The transition to remote work environments and consumers’ online habits have made it more difficult for Canadian employees and consumers to protect their personal information. This challenge is primarily due to ransomware. To protect yourself, you need to first understand how cybercriminals take advantage of users’ online behaviors to launch strategic attacks against employees and consumers through the information they glean from stolen company data.
Ransomware has been on the rise this past year with attacks increasing 62% in 2020 according to Statista. In fact, 78% of Canadian cybersecurity professionals said that attacks increased due to employees working remotely in a recent VMware report. Cybercriminals target remote workers primarily through malicious links sent through phishing emails — in fact, over one third of Canadian respondents in a recent survey said they experienced at least one phishing attempt in the last year.
Hackers pose as legitimate organizations and prompt individuals to take action: say you decide to check your personal email on your work laptop during your lunch break. You open a message that claims to be from one of your favorite retailers claiming that you just won $500 in shopping credit – all you need to do is click on the link and fill out your banking information. This is an example of a phishing attack that could not only wreak havoc on your personal security, but your company’s as well. If the link in the message downloads a credential-stealing malware on your work laptop, there is a good chance that your organization’s private data or network could be compromised.
Knowing that many employees will be communicating virtually instead of face-to-face, hackers can take advantage of the remote work environment by posing as employees from finance departments and sending fake invoices for products or services. The goal of these fake invoices is for employees to call a support phone number to investigate, whereby hackers attain credit card numbers or other information they can leverage in spear-phishing scams. Hackers can also spoof phone calls to make it look like it is coming from a legitimate number within the organization. Revealing too much information to an unverified contact is a risk that remote workers must learn to identify and avoid.
Ransomware is always evolving, making it critical to understand the nature of these threats so you can better avoid them.
Cybercriminals are constantly finding new ways to automate their attacks and increase their profits. Here is a look at five active ransomware variants cybercriminals use today—and how they deploy them.
By the end of 2020, McAfee Labs observed a 69% increase in new ransomware, which Cryptodefense largely drove. This virus is similar to CryptoLocker, a trojan virus that spreads through email phishing to infiltrate hard drives and files. Both spread ransomware, use high levels of encryption to compromise users’ files, and claim that these files cannot be decrypted without a decryption key.
Maze ransomware has been active since November of 2019 and is operated by hackers notorious for leaking victim data upon non-payment. Maze operators first gain access to a network by using valid credentials. It will then scan the network for user devices, check these devices for additional credentials, and compromise user files.
In a Ransomware Task Force interview with an affiliate of the REvil/Sodinokibi syndicate, the interviewee revealed that companies with cyber insurance are prime targets since the chances of a payout are high. This ransomware spreads through software vulnerabilities, phishing scams, and exploit kits. Once it infiltrates a device, it spreads through escalated privilege to compromise user files and systems.
Ryuk has been around since August of 2018 and targets large companies, critical infrastructure, and hospitals. This ransomware is almost always spread through a banking trojan called Trickbot, used by hackers to steal financial and banking credentials. The operators behind this ransomware demand higher ransoms compared to other groups. They also use opensource tools and manual hacking techniques to bypass detection and infiltrate private networks.
The operators behind SamSam ransomware gain access through Windows servers using a Microsoft protocol that allows remote connections to other computers. Operators will then elevate their privilege to include admin rights once inside a network to infect servers with malware, requiring no action or authorization on the victim’s part.
Ransomware can affect anyone, regardless of whether you are an employee or a customer of a targeted company. Keep these tips in mind to reduce your risk of a ransomware attack and know what steps to take if you fall victim.
Phishing emails are one of the most common methods a hacker will use to infect devices and spread ransomware. They will send links through seemingly legitimate emails to trick users into clicking on them and downloading malicious files. Knowing how to spot one is the first step to prevent infection. If you receive an email you suspect is a phishing scam, start by analyzing its structure: common indicators of a phishing scam may include:
Once you identify a phishing email, don’t click on any links or download attachments. Simply delete it and carry on with your day.
Keep in mind that the cybercriminals behind Maze ransomware gained access to private networks through valid credentials. Hackers typically obtain these credentials through a “password spray” technique where they attempt to log in to accounts using a list of commonly used passwords. However, hackers have a higher chance of guessing valid passwords if they are too short or not complex enough. Additionally, a hacker is more likely to infiltrate multiple accounts if they share the same password.
Strong passwords help ensure that a hacker cannot access your private network, gain administrative rights to your device, or infect another device you are connected to. Create a password that is strong enough to withstand simple guess-and-check attempts by making them long, difficult, and unique. Multi-phrased passwords or passphrases also help to prevent hackers from breaking into your accounts, such as “P3anutbutter&J3lly.” Avoid reusing passwords across multiple accounts and change them periodically, especially after an account has been breached. Even if a hacker does steal your credentials, multi-factor authentication adds an extra validation layer to prohibit unauthorized sign-in attempts.
Your device is more susceptible to ransomware and viruses without the right security tools to help mitigate the chances of infection. Avoid the risk of a ransomware attack by employing a quality security solution like McAfee Total Protection. A holistic security solution can help you stay vigilant of cyber threats by monitoring for ransomware viruses in addition to malware and spyware. Security software can also monitor your internet connection and network traffic through regular scans to flag malicious activity and provide guidance on how to sidestep these threats. If a hacker attempts to launch an attack on your device, you can rest assured your security software will promptly alert you of the intrusion.
In addition to social engineering tactics, hackers will leverage vulnerabilities in software to create a back door through which they can infiltrate user devices. A way to keep cyber criminals out is to keep your software applications and devices up to date. This includes the apps on your mobile device as well as apps on your desktop. Regular updates ensure that the proper security patches are implemented, the right bugs are fixed and that hackers cannot exploit these vulnerabilities.
If worse comes to worst and your device is infected with ransomware, the first thing to do is isolate the device and disconnect from shared networks. Disconnecting the infected device ensures that ransomware cannot spread to other devices on that same network.
Immediately gather evidence on what type of malware you are dealing with so you can accurately report it to authorities and determine what your options are for remediation. You can then choose to remove it or wipe your system completely which is the most assured way to eliminate ransomware from your device. Afterwards you can reinstall your operating system and, provided you perform regular backups, restore your files to a previous version.
No one is truly out of the danger zone when hackers strike. Ransomware is on the rise, and online users must understand how to bypass these viruses to avoid the ramifications of a compromised device. By understanding online security best practices, users can safeguard their online presence and defend against ransomware threats.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 5 Ransomware Threats Canadians Need to Know appeared first on McAfee Blogs.
Surprise! Just because you’re a Millennial or Gen Zer doesn’t mean you’re savvier when it comes to technology. Especially when it comes to cybersecurity.
Turns out, Millennials aren’t quite as tight with their security as the older generations are. That’s according to one study about working from home that focused on younger adults and their older cohorts. It’s perhaps no surprise that nearly half of them said that they enjoyed working from home. What is surprising is that while working from home, “Gen Zers (38%) and Millennials (23%) said they had four or more [technology] issues, on average, every week,” according to the research.
For comparison, the research also showed that only 12% of employees aged 45 to 54, 4% aged 55 to 64, and 13% of seniors said that they had four or more issues per week.
Talk about a stereotype-buster!
Aside from technology issues in general, they found themselves dealing with security issues as well. The top three culprits …
If this survey is any indication, we could be a lot safer out there, particularly while we’re doing things like paying bills, checking our bank balances, or splitting dinner with friends via a payment app.
That’s what’s at stake. Millennials have among the highest rates of online shopping by generation at more than 86% (compared to Boomers at just over 62%). They also use social media the most and 50% of them self-describe themselves as being online “almost constantly” (a figure that drops sharply with age). Taken together, that’s a significant level of exposure to potential threats online. So, if there’s one place where Millennials can get a bit savvier, it’s with their cybersecurity.
The good news is that it doesn’t take a whole lot to improve your safety online. With a few straightforward steps, you can protect yourself better than before—and perhaps spare you some of those technology headaches in the process. Let’s take a quick look:
As always, this is “square one” advice when it comes to keeping yourself safe online. Comprehensive security software will do more than protect your stuff. It’ll protect you by making it safer while you use your apps, breeze through some videos, or take care of your finances—practically anything that involves you, your identity, your money, and your data online. And because we do so much of that on our phones, go ahead and add security software on your phone, too. That’ll make you far safer when you’re moving money around online or simply going about your day.
Yup, keeping track of all those passwords is a pain. Resetting them when you forget them is a pain too. And even bigger pain is reusing passwords, getting one account hacked, followed by a bunch of others getting hacked too because they use the same password. It happens. And hackers count on lazy password habits. Going online with strong, unique passwords is a must (even if it’s a bit of a pain), yet using a password manager makes it far easier and far more secure. Typically included with comprehensive security software, it can create and safely store strong, unique passwords for each of your accounts.
What’s lurking behind that link? A sketchy site? A scam looking to steal your personal info? Sometimes it’s tough to know, until you click that link and find out the hard way. A web advisor can identify those bad sites and links for you without clicking. And further, it can block a mistaken click, giving you an extra level of protection. Often available with your security software, you can also get our own McAfee® Web Advisor for free.
By way of an app, a VPN helps keep your personal data safe as you use the internet. More than just protecting your browsing, it further protects you while using apps because of the way it creates a secure connection. Using a VPN is a smart move when using public Wi-Fi because that connection is, well, public, meaning anyone can potentially spy on your activity—potentially lifting passwords, data, and other personal info. A VPN is also a great idea any time you want extra privacy any time, particularly when you’re doing things like banking or shopping online.
It seems like nearly every day some of your apps and devices will prompt you for an update. Take a moment to follow through on those alerts and install them. In a few moments, you’ll be up to date, which often includes security fixes that can improve your level of protection. Also, those alerts are a good time to ask yourself, “Do I really use that app anymore?” If you don’t, just go ahead and delete that app, along with any account or data associated with it. This leaves you with one less target that hackers can zero in on, thus making you that much safer (and with a less cluttered device to boot).
Once you get up and running with these tips, you’ll find that you’re safer than before. Plus, you’ll also find that apps like security software and password managers can take care of a lot of time-consuming tasks for you, practically automatically. Giving you one less thing to worry about.
The post Younger, But Not Savvier: 3 Cybersecurity Threats Plaguing Millennials appeared first on McAfee Blog.
When it comes to crime, what do people worry about most? Having their car stolen? A break-in while they’re not at home? Good answers, but not the top answer by a long shot. In this U.S.-based survey, hacker-related crime weighed in at 72%, with a home burglary at 35% and auto theft at 34%, indicating that people’s concerns about cybercrime are very much front and center.
The good news is that plenty of cybercrime can be prevented, or at least made less likely, provided you protect yourself online, much in the same way you take steps to protect your car or home. And that’s the focus of this year’s Cybersecurity Awareness Month. With the theme of “Do Your Part. #BeCyberSmart,” it reminds us of how we can take charge of our own safety—the ways we can look out for ourselves and others as we enjoy our time online.
Throughout October, we’re participating in Cybersecurity Month here on our blogs and across our social media channels, posting a host of ways that you can help keep cybercrooks away from your digital doorstep. Each week, we’ll tackle a different aspect of online protection:
Maybe it comes as no surprise to hear it, yet one recent study shows the average person spends nearly eight hours a day online. With that, we’re taking this week to focus on the family, how they spend their time online and how they can be safer when they do.
Whether they come by email, text, or DM, phishing attacks account for the most common types of reported cybercrime, according to the FBI Internet Crime Complaint Center. This week, we’ll show you how you can indeed fight the phish!
This sentiment sums up the best of the internet in so many ways. Getting out there, discovering, catching up with friends online. Our focus this week is helping you enjoy it all without any of the bad apples out there spoiling your fun.
We wrap it up with a look at some of the top priorities so everyone in the family can #BeCyberSmart—online banking, app scams, privacy, identity theft, and more—along with plenty of straightforward tips that can help you stay safer.
We hope our posts throughout Cybersecurity Awareness Month help you get a little sharper and feel a little safer so you can enjoy your time online, free from hassles or headaches. Look for more from us throughout October!
The post Cybersecurity Awareness Month: Taking Charge of Your Safety Online appeared first on McAfee Blog.
The latest gadget on the tech and fashion streets is Ray-Ban Stories, a sunglasses collaboration between Facebook and Ray-Ban. These pair of shades feature two cameras that capture video, audio, and photos and sync to a mobile app. Social media fanatics are excited about this new ability to capture and share hands-free content.
Do gadgets like Ray-Ban Stories make you immediately think, “Cool, but what about the security and privacy red flags?” If so, you may be suited to a career in cybersecurity. Everyone benefits from implementing cybersecurity best practices into their daily lives, and those who enjoy a career in the field experience many benefits.
Check out these four benefits of a career in cybersecurity and discover if this might be the path for you.
One of the best things about working in cybersecurity is you go to work every day knowing that you’re helping people. Nightly news broadcasts are littered with reports of major disruptions caused by cyberattacks, such as the Colonial Pipeline incident. Sometimes, even people’s lives are at stake in the cybersecurity realm, as in the case of connected pacemaker security vulnerabilities.
Cybersecurity professionals can feel good that their work gives people the confidence to go about their daily lives without worrying. The fear of identity theft, phishing, and malware stop people from enjoying their connected devices and the internet to the fullest. Technology is capable of incredible feats, and everyone should be able to use it enthusiastically.
Saving the world from cybercriminals is financially rewarding as well as personally rewarding. Cybersecurity professionals are in high demand as nearly every business in every sector is at risk of a breach, DDoS, or ransomware attack at any time. Average entry-level positions begin over $80k CDN. Seasoned professionals can make six figures. Additionally, cybersecurity professionals are in high demand, so you will likely enjoy solid job security.
3. Work in a Global Industry
Another benefit of a career in cybersecurity is the opportunity to work in a global industry. You’ll get to meet coworkers and clients all over the world. The diversity of outlooks and backgrounds can make every day a learning experience.
If you’re a keen traveler, working in cybersecurity allows you to explore the world. First, much of the work you would be completing can be done remotely. As long as you have a secure and strong internet connection and are OK with time zone differences, you may be able to work from anywhere. Also, there are opportunities for trips to international conferences and meetups with satellite offices or clients.
Working in a global industry means that you can be a cybersecurity ambassador for your home country. For example, if your home country has devised an innovative new technology, you may have the opportunity to teach others abroad. Or, if another country has developed an exciting new technology, you can learn about it and perhaps tailor it to your location.
Cybersecurity is a highly specialized field, which means there is definitely a branch of it that plays to your strengths and interests you. Also, if you get tired of one aspect of the field, you can likely stay with your same company but move to a different department.
Here are a few areas of cybersecurity specializations that may speak to you:
McAfee can help you achieve your cybersecurity career aspirations. It’s an exciting, fast-paced field, and McAfee is at the forefront of new innovations. Check out current McAfee career openings and embark on your new career today!
The post How to Start a Career in Cybersecurity appeared first on McAfee Blogs.
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.
In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about.
Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include:
What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.
In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including:
Facebook – 2019: Two sets of data exposed the records of more than 530 million users, including phone numbers, account names, and Facebook IDs.
Marriott International (Starwood) – 2018: Half a million guests had names, email and physical mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, dates of birth, and other information about their stays exposed.
Equifax – 2017: Some 147 million records that included names, addresses, dates of birth, driver’s license numbers, and Social Security Numbers were exposed, along with a relatively small subset of 200,000 victims having their credit card information exposed as well.
As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants.
When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, there are multiple steps you can take to help protect yourself from the potential side effects.
One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals.
File a police report and a Federal Trade Commission (FTC) Identity Theft Report. This will help in case someone uses your Social Security number to commit fraud, since it will provide a legal record of the theft. The FTC can also assist by guiding you through the identity theft recovery process as well. Their site offers a step-by-step recovery plan that you can follow and track your progress as you go.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well.
Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency.
Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as one you’ll find in comprehensive online protection software.
A solution such as this will help you to monitor your accounts and alert you of any suspicious activity. Specifically, our own Identity Protection Service will monitor several types of personally identifiable information, alert you of potentially stolen personal info, and offer guided help to neutralize the threat. Also, it can help you steer clear of some types of theft with preventative guidance that can help keep theft from happening in the first place. With this set up on your computers and smartphone you can stay in the know and address issues immediately.
To use your credit card safely online to make purchases, add both a VPN and password manager into your toolbox of security solutions. A VPN keeps your shopping experience private, while a password manager helps you keep track of and protect all your online accounts. Again, you’ll find a VPN as part of comprehensive online protection software.
The post Affected by a Data Breach? Here Are Security Steps You Should Take appeared first on McAfee Blogs.
For over a decade, the Internet Corporation for Assigned Names and Numbers (ICANN) and its multi-stakeholder community have engaged in an extended dialogue on the topic of DNS abuse, and the need to define, measure and mitigate DNS-related security threats. With increasing global reliance on the internet and DNS for communication, connectivity and commerce, the members of this community have important parts to play in identifying, reporting and mitigating illegal or harmful behavior, within their respective roles and capabilities.
As we consider the path forward on necessary and appropriate steps to improve mitigation of DNS abuse, it’s helpful to reflect briefly on the origins of this issue within ICANN, and to recognize the various and relevant community inputs to our ongoing work.
As a starting point, it’s important to understand ICANN’s central role in preserving the security, stability, resiliency and global interoperability of the internet’s unique identifier system, and also the limitations established within ICANN’s bylaws. ICANN’s primary mission is to ensure the stable and secure operation of the internet’s unique identifier systems, but as expressly stated in its bylaws, ICANN “shall not regulate (i.e., impose rules and restrictions on) services that use the internet’s unique identifiers or the content that such services carry or provide, outside the express scope of Section 1.1(a).” As such, ICANN’s role is important, but limited, when considering the full range of possible definitions of “DNS Abuse,” and developing a comprehensive understanding of security threat categories and the roles and responsibilities of various players in the internet infrastructure ecosystem is required.
In support of this important work, ICANN’s generic top-level domain (gTLD) contracted parties (registries and registrars) continue to engage with ICANN, and with other stakeholders and community interest groups, to address key factors related to effective and appropriate DNS security threat mitigation, including:
To better understand the various roles, responsibilities and processes, it’s important to first define illegal and abusive online activity. While perspectives may vary across our wide range of interest groups, the emerging consensus on definitions and terminology is that these activities can be categorized as DNS Security Threats, Infrastructure Abuse, Illegal Content, or Abusive Content, with ICANN’s remit generally limited to the first two categories.
Behavior within each of these categories constitutes abuse, and it is incumbent on members of the community to actively work to combat and mitigate these behaviors where they have the capability, expertise and responsibility to do so. We recognize the benefit of coordination with other entities, including ICANN within its bylaw-mandated remit, across their respective areas of responsibility.
The ICANN Organization has been actively involved in advancing work on DNS abuse, including the 2017 initiation of the Domain Abuse Activity Reporting (DAAR) system by the Office of the Chief Technology Officer. DAAR is a system for studying and reporting on domain name registration and security threats across top-level domain (TLD) registries, with an overarching purpose to develop a robust, reliable, and reproducible methodology for analyzing security threat activity, which the ICANN community may use to make informed policy decisions. The first DAAR reports were issued in January 2018 and they are updated monthly. Also in 2017, ICANN published its “Framework for Registry Operators to Address Security Threats,” which provides helpful guidance to registries seeking to improve their own DNS security posture.
The ICANN Organization also plays an important role in enforcing gTLD contract compliance and implementing policies developed by the community via its bottom-up, multi-stakeholder processes. For example, over the last several years, it has conducted registry and registrar audits of the anti-abuse provisions in the relevant agreements.
The ICANN Organization has also been a catalyst for increased community attention and action on DNS abuse, including initiating the DNS Security Facilitation Initiative Technical Study Group, which was formed to investigate mechanisms to strengthen collaboration and communication on security and stability issues related to the DNS. Over the last two years, there have also been multiple ICANN cross-community meeting sessions dedicated to the topic, including the most recent session hosted by the ICANN Board during its Annual General Meeting in October 2021. Also, in 2021, ICANN formalized its work on DNS abuse into a dedicated program within the ICANN Organization. These enforcement and compliance responsibilities are very important to ensure that all of ICANN’s contracted parties are living up to their obligations, and that any so-called “bad actors” are identified and remediated or de-accredited and removed from serving the gTLD registry or registrar markets.
The ICANN Organization continues to develop new initiatives to help mitigate DNS security threats, including: (1) expanding DAAR to integrate some country code TLDs, and to eventually include registrar-level reporting; (2) work on COVID domain names; (3) contributions to the development of a Domain Generating Algorithms Framework and facilitating waivers to allow registries and registrars to act on imminent security threats, including botnets at scale; and (4) plans for the ICANN Board to establish a DNS abuse caucus.
As early as 2009, the ICANN community began to identify the need for additional safeguards to help address DNS abuse and security threats, and those community inputs increased over time and have reached a crescendo over the last two years. In the early stages of this community dialogue, the ICANN Governmental Advisory Committee, via its Public Safety Working Group, identified the need for additional mechanisms to address “criminal activity in the registration of domain names.” In the context of renegotiation of the Registrar Accreditation Agreement between ICANN and accredited registrars, and the development of the New gTLD Base Registry Agreement, the GAC played an important and influential role in highlighting this need, providing formal advice to the ICANN Board, which resulted in new requirements for gTLD registry and registrar operators, and new contractual compliance requirements for ICANN.
Following the launch of the 2012 round of new gTLDs, and the finalization of the 2013 amendments to the RAA, several ICANN bylaw-mandated review teams engaged further on the issue of DNS Abuse. These included the Competition, Consumer Trust and Consumer Choice Review Team (CCT-RT), and the second Security, Stability and Resiliency Review Team (SSR2-RT). Both final reports identified and reinforced the need for additional tools to help measure and combat DNS abuse. Also, during this timeframe, the GAC, along with the At-Large Advisory Committee and the Security and Stability Advisory Committee, issued their own respective communiques and formal advice to the ICANN Board reiterating or reinforcing past statements, and providing support for recommendations in the various Review Team reports. Most recently, the SSAC issued SAC 115 titled “SSAC Report on an Interoperable Approach to Addressing Abuse Handling in the DNS.” These ICANN community group inputs have been instrumental in bringing additional focus and/or clarity to the topic of DNS abuse, and have encouraged ICANN and its gTLD registries and registrars to look for improved mechanisms to address the types of abuse within our respective remits.
During 2020 and 2021, ICANN’s gTLD contracted parties have been constructively engaged with other parts of the ICANN community, and with ICANN Org, to advance improved understanding on the topic of DNS security threats, and to identify new and improved mechanisms to enhance the security, stability and resiliency of the domain name registration and resolution systems. Collectively, the registries and registrars have engaged with nearly all groups represented in the ICANN community, and we have produced important documents related to DNS abuse definitions, registry actions, registrar abuse reporting, domain generating algorithms, and trusted notifiers. These all represent significant steps forward in framing the context of the roles, responsibilities and capabilities of ICANN’s gTLD contracted parties, and, consistent with our Letter of Intent commitments, Verisign has been an important contributor, along with our partners, in these Contracted Party House initiatives.
In addition, the gTLD contracted parties and ICANN Organization continue to engage constructively on a number of fronts, including upcoming work on standardized registry reporting, which will help result in better data on abuse mitigation practices that will help to inform community work, future reviews, and provide better visibility into the DNS security landscape.
It is important to note that groups outside of ICANN’s immediate multi-stakeholder community have contributed significantly to the topic of DNS abuse mitigation:
Internet & Jurisdiction Policy Network
The Internet & Jurisdiction Policy Network is a multi-stakeholder organization addressing the tension between the cross-border internet and national jurisdictions. Its secretariat facilitates a global policy process engaging over 400 key entities from governments, the world’s largest internet companies, technical operators, civil society groups, academia and international organizations from over 70 countries. The I&JP has been instrumental in developing multi-stakeholder inputs on issues such as trusted notifier, and Verisign has been a long-time contributor to that work since the I&JP’s founding in 2012.
DNS Abuse Institute
The DNS Abuse Institute was formed in 2021 to develop “outcomes-based initiatives that will create recommended practices, foster collaboration and develop industry-shared solutions to combat the five areas of DNS Abuse: malware, botnets, phishing, pharming, and related spam.” The Institute was created by Public Interest Registry, the registry operator for the .org TLD.
Global Cyber Alliance
The Global Cyber Alliance is a nonprofit organization dedicated to making the internet a safer place by reducing cyber risk. The GCA builds programs, tools and partnerships to sustain a trustworthy internet to enable social and economic progress for all.
ECO “topDNS” DNS Abuse Initiative
Eco is the largest association of the internet industry in Europe. Eco is a long-standing advocate of an “Internet with Responsibility” and of self-regulatory approaches, such as the DNS Abuse Framework. The eco “topDNS” initiative will help bring together stakeholders with an interest in combating and mitigating DNS security threats, and Verisign is a supporter of this new effort.
Other Community Groups
Verisign contributes to the anti-abuse, technical and policy communities: We continuously engage with ICANN and an array of other industry partners to help ensure the continued safe and secure operation of the DNS. For example, Verisign is actively engaged in anti-abuse, technical and policy communities such as the Anti-Phishing and Messaging, Malware and Mobile Anti-Abuse Working Groups, FIRST and the Internet Engineering Task Force.
As a leader in the domain name industry and DNS ecosystem, Verisign supports and has contributed to the cross-community efforts enumerated above. In addition, Verisign also engages directly by:
An important concept and approach for mitigating illegal and abusive activity online is the ability to engage with and rely upon third-party “trusted notifiers” to identify and report such incidents at the appropriate level in the DNS ecosystem. Verisign has supported and been engaged in the good work of the Internet & Jurisdiction Policy Network since its inception, and we’re encouraged by its recent progress on trusted notifier framing. As mentioned earlier, there are some key questions to be addressed as we consider the viability of engaging trusted notifiers or building trusting notifier entities, to help mitigate illegal and abusive online activity.
Verisign’s recent experience with the U.S. government (NTIA and FDA) in combating illegal online opioid sales has been very helpful in illuminating a possible approach for third-party trusted notifier engagement. As noted, we have also benefited from direct engagement with the Internet Watch Foundation and law enforcement in combating CSAM. These recent examples of third-party engagement have underscored the value of a well-formed and executed notification regime, supported by clear expectations, due diligence and due process.
Discussions around trusted notifiers and an appropriate framework for engagement are under way, and Verisign recently engaged with other registries and registrars to lead the development of such a framework for further discussion within the ICANN community. We have significant expertise and experience as an infrastructure provider within our areas of technical, legal and contractual responsibility, and we are aggressive in protecting our operations from bad actors. But in matters related to illegal or abusive content, we need and value contributions from third parties to appropriately identify such behavior when supported by necessary evidence and due diligence. Precisely how such third-party notifications can be formalized and supported at scale is an open question, but one that requires further exploration and work. Verisign is committed to continuing to contribute to these ongoing discussions as we work to mitigate illegal and abusive threats to the security, stability and resiliency of the internet.
Over the last several years, DNS abuse and DNS-related security threat mitigation has been a very important topic of discussion in and around the ICANN community. In cooperation with ICANN, contracted parties, and other groups within the ICANN community, the DNS ecosystem including Verisign has been constructively engaged in developing a common understanding and practical work to advance these efforts, with a goal of meaningfully reducing the level and impact of malicious activity in the DNS. In addition to its contractual compliance functions, ICANN’s contributions have been important in helping to advance this important work and it continues to have a critical coordination and facilitation function that brings the ICANN community together on this important topic. The ICANN community’s recent focus on DNS abuse has been helpful, significant progress has been made, and more work is needed to ensure continued progress in mitigating DNS security threats. As we look ahead to 2022, we are committed to collaborating constructively with ICANN and the ICANN community to deliver on these important goals.
The post Ongoing Community Work to Mitigate Domain Name System Security Threats appeared first on Verisign Blog.
Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning itself off and on again. Perhaps it’s running hot, so hot it’s hard to hold. Likewise, you might see outgoing calls that you never dialed or strange spikes in your data usage. Signs like these could mean that your smartphone’s been hacked. Learn how to protect your smartphone with McAfee Mobile Security
Several signs of a potential smartphone hack can look like a technical issue, at least on the surface. Yet the fact is that these issues may be a symptom of a deeper problem, such as malware installed on your smartphone. Malware can eat up system resources or conflict with other apps and your operating system, all of which can cause your phone to act sluggish or erratically.
Yet, in a way, that’s good news. Because malware can run inefficiently on your phone and create hiccups both large and small, it can tip you off to its presence. And with all the important information we carry in the palms of our hands nowadays, that’s good news twice over. Knowing the signs, subtle or otherwise can alert you to an otherwise largely invisible problem.
Whether hackers physically sneak it onto your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
Maybe you’ve seen some of the signs we mentioned earlier. Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your phone’s resources.
Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your phone to run hot or even overheat.
If you find apps you haven’t downloaded, or calls, texts, and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your phone to send premium-rate calls or messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.
Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your smartphone has been hacked.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blog.
Did you just get word that your personal information may have been caught up in a data breach? If so, you can take steps to protect yourself from harm should your info get into the hands of a scammer or thief.
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.
In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about.
Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include:
What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.
In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including:
As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants.
When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, you can take several steps to protect yourself from the potential side effects.
One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals.
Our credit monitoring service can help you keep an eye on this. It monitors changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Breached and stolen information often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your information was caught up in such marketplaces, yet now an identity monitoring service can do the detective work for you.
Our service monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services. From there, you’ll get guidance that you can act on, which can help protect your info and accounts from theft.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well.
Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency.
You can centrally manage this process with our security freeze service, which stops companies from looking at your credit profile, and thus halts the application process for loans, credit cards, utilities, new bank accounts, and more. A security freeze won’t affect your credit score.
Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as the one you’ll find in comprehensive online protection software.
If the unfortunate happens to you, an identity theft coverage & restoration service can help you get back on your feet. Ours offers $1 million in coverage for lawyer fees, travel expenses, and stolen funds reimbursement. It further provides support from a licensed recovery expert who can take the needed steps to repair your identity and credit. In all, it helps you recover the costs of identity theft along with the time and money it takes to recover from it.
You can take this step any time, even if you haven’t been caught up in a data breach. The fact is that data broker companies collect and sell thousands of pieces of information on millions and millions of people worldwide, part of a global economy estimated at $200 billion U.S. dollars a year. And they’ll sell it to anyone—from advertisers for their campaigns, to scammers who will use it for spammy emails, texts, and calls, and to thieves who use that information for identity theft.
Yet you can clean it up. Our personal data cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and, with select products, even manage the removal for you.
Comprehensive online protection software will offer you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account information. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your information. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.
The post How to Protect Yourself From Identity Theft After a Data Breach appeared first on McAfee Blog.
The internet is meant for all to enjoy. And that’s who we’re looking out for—you and everyone who wants to enjoy life online.
We believe it’s important that someone has your back like that, particularly where some of today’s hacks and attacks can leave people feeling a little uneasy from time to time. You’ve probably seen stories about data breaches at big companies pop up in your news feed. Or perhaps you or someone you know had their debit or credit card number hacked. Problems like these are out there, unfortunate thorns in the side of the internet we’ve come to love. Yet while these issues persist, there’s plenty you can do to avoid them.
That’s where we have your back—doing all we can to make life online enjoyable for everyone, with protection that helps people finally feel safe and stay that way.
The reality is that nobody wants to deal with hackers, malware, and other attacks crop up on the internet. And while it’s important to be aware of those things, we’d rather that you didn’t have to worry about them. Protection should come easy. Whether it’s keeping your banking, shopping, and streaming secure, along with your privacy and personal info too, protection should feel simple and tailored to you. That’s what we strive for.
So as you think about protecting your life online, take a moment to consider what you’re protecting. As you do, you’ll see that it means far more than protecting your computers, phones, and other devices. Ultimately, it’s about protecting you, and all the important things connected to you. You can think of it in three ways …
What’s among the top things people say they want to protect? Their photos. Not far behind photos are all manner of digital treasures that people like to keep close, which ranges anywhere from music they’ve downloaded to old voicemails of their children, nieces, and nephews that they’ve saved over the years. Without a doubt, we have plenty of things stored on our computers and phones that we simply couldn’t do without.
Protecting these things means protecting the devices you use to store and access them. Installing comprehensive online protection software like ours is the first step. In addition to award-winning antivirus software and firewall protection to help keep hackers at bay (and away from your photos and other precious files), it goes a step further.
Our new Online Protection Score shows you just how safe you are and guides you through simple steps that can seal up gaps and improve your protection overall. In all, it’s a personalized and simple way to make sure you’re protected as possible and continually make improvements as they’re needed. It’s a way of getting expert protection without being an expert.
There’s also the “Important Stuff” in life, like our financial records, tax returns, and all the banking that we do on our phones and computers. And let’s throw shopping into mix because shopping’s important too! You can protect the important things like this, which can help hackers out of your business.
For starters, you can protect your important files three ways with our online protection by using a combination of the McAfee® File Lock and Shredder features to manage your privacy:
You can lock down your privacy even further with a VPN that can shield you automatically from snooping attacks online, whether at home or when using public Wi-Fi. It creates an encrypted connection that works like a private tunnel that hides your IP address and the things you’re doing online from cybercrooks. It’s ideal for keeping your sensitive personal information like your financial data, passwords, and browsing history hidden from both hackers and websites.
And here’s another big help. A password manager. You likely have dozens of passwords, plus a few more that you’ve probably forgotten about. You can protect your passwords and the accounts associated with them with a password manager that creates and securely stores a strong, unique password for each of your accounts. Plus, you can use it to update those passwords on the regular. Few things make it tougher for hackers than strong, unique passwords that get changed often. In a time of data breaches and account theft, a password manager is a great call.
While it’s important to focus on protecting things like laptops, phones, photos, files, and data, you’re ultimately protecting something far greater You. Your privacy, your personal information, your accounts, all the things that taken together make you—you. The thing is that our lives are more fluid and mobile than ever before. One moment we’re banking on our laptop, the next we’re splitting the cost of dinner with a payment on our phone. The constant here is you. You’re at the center of all this activity regardless of the device you’re using. The same goes for your family and the people you care about.
That’s why we protect people, not just their devices.
McAfee Identity Protection Service monitors the dark web for your personal info such as emails and associated passwords, up to 60 different types of critical info. If we detect that your data was stolen, you’ll get immediate alerts on the devices of your choice and guidance on how to secure your info quickly and effectively. In all, you can keep tabs on your identity any time you’re connected to the internet, and if an issue crops up you can click, solve, and carry on.
Extended identity protection offers up the extra comfort of knowing that you have licensed recovery pros on the case if identity theft does happen to you. This includes monitoring and restoration services, along with identity theft insurance for lawyer fees, travel expenses, lost wages, and more.
While that’s just a few of the ways McAfee has your back, we hope it gives you a good sense of what online protection should do—how it should protect you and all the things connected to you. And on today’s internet, that’s quite a bit. There’s so much to experience online today, and we believe you should enjoy all of it, freely and with the confidence that comes from knowing you’re safe.
The post The Internet is for Everyone to Enjoy—We’re Helping See to It appeared first on McAfee Blog.
When Aussie school opened their doors this year, the lifespan of parents around the country drastically improved. The combination of homeschooling, working from home, and not going anywhere has completely drained many Aussie working parents, me included!! Many of us have been in survival mode – just focusing on the basics to get through!
Well, now we’re getting back to some sort of normal and we have a little more time to breathe, it’s time to focus on those overdue jobs and that includes doing an audit of your family’s online safety. Now, I know it might seem boring, but I promise you it’s worth the effort. So, I thought I’d share with you a checklist of what you need to do to ensure your family is as safe as possible when online. Let’s get started:
1. Passwords
Your first task is to ensure every family member has a different password for each of their online accounts. Yes, I know – that sounds completely overwhelming. But hear me out. If you have the same password for all your online accounts and you get hacked, then you could be in a world of pain – as the hacker now has access to all your online accounts!! So, this is very much worth sorting out.
Now, there are many ways of managing a long list of passwords. You could write them down in a special, secret book. You could call on your Mensa level memory and try to remember 50 plus passwords – unfortunately, that’s not me! So, let me give you the best solution – a password manager. Password Managers can both generate and remember super complex passwords that no human could even concoct. Check out McAfee’s True Key – it’s free and a complete no-brainer, my friends!
2. Software Updates
Before my life as Cybermum, I used to think software updates were a massive inconvenience. Something else to add to the never-ending list. But how wrong was I! A software update addresses security flaws or bugs in the current version of the app or program. Their goal is to protect the user. So, if you’re serious about protecting your family, these updates can’t be ignored. The easiest way to manage this is to set updates to be automatic, where possible. You can also do this with apps on your phone – for both Apple and Android devices.
3. Ensure Location Services Are Off
Most apps, networks, and devices have geotagging features which means your whereabouts can be widely communicated if your location’s services are turned on. And don’t forget that digital photos can also give away your location as they contain metadata which is information about the time, date, and GPS coordinates of where the pic was taken. So, your job here is simple – ensure all devices have geotagging turned off. And while you’re at it, ensure your kids understand why it’s critical to keep it that way! Nothing worse than pesky strangers knowing your whereabouts!
4. Security Software
Not having security software installed on your devices is no different from leaving your front door unlocked. It is essential. A top-shelf security software system will detect and shut down security attacks on your system. Many will also have a firewall that constantly filters the data that both enters and leaves your computer and will block and restrict your network from viruses and hackers. It will also keep an alert to malicious software and if detected will remove issues such as viruses, worms, and Trojans. It will also stay alert to spyware that you may unintentionally download onto your system and will block and delete it if found. See what I mean? It’s essential. Check out McAfee’s Total Protection which will give you peace of mind.
Unfortunately, there are no guarantees in life however there are definitely ways to minimize risk. Following the above 4 steps will have a significant positive impact on your family’s online safety and most importantly, means you can enjoy a little peace now the kids are back to school!
Till Next Time
Alex x
The post Kids Back To School – The Perfect Time to Audit Your Family’s Online Safety appeared first on McAfee Blog.
FreshRSS 