Login
It’s common practice to pull down the window shades at night. Homeowners invest in high fences. You may even cover the PIN pad when you type in your secret four-digit code at ATMs. Privacy is key to going about your daily life comfortably in your surroundings. Why shouldn’t privacy also extend to your digital surroundings?
This Data Privacy Day, round out your privacy protection toolbox with McAfee’s help so you can live your best online life safely.
An easy way to instantly boost the privacy of your every online move is to always connect to a virtual private network (VPN). A VPN scrambles your connected device’s internet session, meaning that it’s impossible for a cybercriminal to eavesdrop on your online comings and goings. VPNs are especially crucial for when you connect to public Wi-Fi networks or networks for which you cannot vouch for their security. Cybercriminals often lurk on public Wi-Fi networks at hotels, coffee shops, and libraries and pounce on users who connect their devices without the protection of a VPN.
Digital privacy not only implies remaining hidden from nefarious eyes, but also from the prying eyes of pesky advertisers. A VPN can assist with that too! When you have a VPN enabled, it confuses advertisers and targeted ads. The less information they have, the more privately you can surf online.
To improve your online privacy, it’s important to first know how safe you currently are. When you can identify your weakest digital privacy habits, you can make targeted improvements to them. Luckily, McAfee Protection Score can help you do just that! Protection Score is a helpful privacy tool that rates your current digital safety. Then, based on your score, the tool offers suggestions on how to boost your score.
For instance, Protection Score searches for your personally identifiable information (PII) on the dark web. If it finds a copy of your government ID or your financial records on a dubious site, your score will tank. While it may be alarming to have a low Protection Score, you can feel good that you’re making positive waves, hopefully before a cybercriminal takes advantage of your PII and uses it to steal your identity.
There are several easy ways to boost your score that require very little effort but have a huge payoff. Connecting to a VPN and running an antivirus scan on your device are just two things you can do and each only takes a few seconds. Changing your habits and turning your online safety around doesn’t have to be overwhelming! In some cases, there are services that’ll even do the work for you, like the service we’ll talk about next.
To round out your privacy protection toolbox, consider signing up for McAfee Personal Data Cleanup. This service is a great companion to Protection Score. While Protection Score identifies all the areas where you can improve your security, Personal Data Cleanup is a service that will remove your information from the web’s riskiest sites.
Did you know that, on average, a person has their PII for sale on 31 sites? Plus, 95% of people haven’t even given their permission and have their personal information for sale on data brokerage sites. Data brokerage sites are legal and anyone can buy your information. Online advertisers are the usual clients, but a cybercriminal can jump in and buy valuable PII, as well.
You should care about data privacy every day not just when the calendar reminds you on Data Privacy Day. Take the steps and invest in the right solutions to shore up your online defenses. McAfee+ Ultimate is an all-in-one service that includes unlimited VPN, Protection Score, a full-service Personal Data Cleanup, and 13 other high-quality identity, privacy, and device security tools.
Live your online life more confidently with McAfee, knowing that cybercriminals are less likely to slip by and damage your credit, identity, or online reputation.
The post 3 Tools to Round Out Your Privacy Protection Toolbox appeared first on McAfee Blog.
Whether you’re standing around the water cooler at work, waiting for your kids at the school gate or sitting around the dinner table, data breaches are without doubt the hot topic of conversation. In late September, we were all shaken when news of the biggest Australian data breach to date broke – a record 10 million Optus customers had their details stolen. But unfortunately, the data breach stories have continued with Medibank, Energy Australia, and, most recently, Woolworths also reporting that private customer data had been stolen.
Inevitably, many of us are feeling vulnerable worrying that our private identifying information (and our family’s) such as our Medicare and Drivers Licence details have potentially been stolen. We’ve all read the stories about victims of identity theft and are, rightly concerned, that it could happen to us. So, if you’re unsure as to what to do next – don’t worry – I’ve got you! In fact – I’m going to give you two action plans. The first is for those who have been personally affected by a data breach (or consider it highly likely they were affected) and the second, is a long-term plan to help you protect yourself and your family’s data online.
If you or a family member has been contacted by a company and informed that your private details have been compromised, then you need to caffeine up and bring your entire focus to this situation. And if you’re still awaiting the call but you’re thinking it’s likely you’re affected, then my advice is to assume you are. It never hurts to be too cautious when you’re dealing with a potential identity theft situation. So, here’s your plan:
So, now it’s time to think long term. We all know prevention is key. So, what can we do to protect ourselves to minimise the risk of becoming a victim of identity theft (if and when) the next data breach occurs? Here’s your plan:
As we all know, it’s often the simplest things that can have the biggest impact. Ensuring you have a different but super complex password or passphrase for each of your online accounts is one of the best things you can do to protect yourself online. I appreciate that this may take a lot of work to implement but it’s so worth it. And here’s why – if you’re the victim of a data breach and your login details are stolen then you could be in a world of pain if you have just one password for all your accounts. Because within seconds of stealing your details, a hacker could potentially access your bank accounts, credit card accounts and online shopping sites where your credit card is saved – you get the picture! You see why it makes such sense! If it all feels a little overwhelming, why not use a password manager? Password managers can create and remember passwords that no human could even think of – genius!
In summary, Multi-Factor Authentication (MFA) or 2 Factor Authentication (2FA) makes a hacker’s life a lot harder. In short, it requires the user to provide two or more verification factors to gain access to an account or app. This might be a text, email or even a code generated by an authentication app. So, even if a hacker has your password and username, if they can’t access the last piece of the puzzle, then you’re safe!!!
McAfee has just released a super-duper solution to help Aussies protect themselves online. McAfee+ is an all-in-one privacy, identity and device protection solution. Not only does it feature identity monitoring and a password manager but also an unlimited VPN, a file shredder, a protection score and parental controls. And the Rolls Royce version called McAfee+ Advanced, also offers subscribers additional identity protections including access to licensed restoration experts who can help you repair your identity and credit. It also gives subscribers access to lost wallet protection which help you cancel and replace your ID, credit cards if they are lost or stolen.
Limiting your exposure online will also reduce the chance of being affected by a data breach. So, take some time to delete accounts you no longer use. Perhaps you had a side hustle on eBay a few years back but hadn’t bothered to close your accounts – well, now is the time. Close down those old eBay (and PayPal) accounts and any other accounts or subscriptions that you no longer use.
And next time you purchase something from a new website, consider conducting your transaction as a guest only and not creating an account on their website. If there’s no benefit beyond saving a minute or two when you check out, why store your credit card number, address, and other identifying info on a website that may eventually be breached?
If there is ever a time to take the management of your online data seriously, it’s now. Assuming that you won’t be a victim of a data breach and that ‘things like that don’t happen to you’ just doesn’t cut it. So, be proactive: sort out your passwords, turn on 2-factor authentication and practice some good quality cyber hygiene! And do yourself a favour and invest in some top-notch privacy and identity protection program like McAfee+ so you can continue living your best life online!
The post How To Help Your Family Protect Their Online Data appeared first on McAfee Blog.
Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.
One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.
Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.
Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.
“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.
Companies, particularly at risk of being targeted by tailgating scams, include those:
Generally speaking, companies with robust security systems in place — including using biometrics, badges, or other identity and information security measures — are better protected from tailgating and piggybacking attacks.
But that’s not to say that some smooth-talking fraudster can’t talk someone into letting them in or finding some way around those protections.
Common types of tailgating attacks that you should be aware of on the job include:
Protecting yourself from tailgating attacks is partly a matter of learning about the issue, raising your level of awareness on the job, and depending on your employer, putting in place more effective security systems.
Some solutions include:
Many companies know how to train employees to recognize, avoid, and cope with online security issues but may forget to provide the same diligence to physical security. How to spot and deal with threats should be part of this training, plus cultivating an awareness of surroundings and people who might be out of place.
Management should offer a clearly stated security policy taught to everyone, which might insist that no one be allowed into a secure area without the proper pass or identification. As the security policy is updated, all employees should be aware of changes and additions.
These security measures should be part of an overall protection program, like McAfee+, which includes antivirus software, a firewall, identity monitoring, password management, web protection, and more.
If you have a large business spread over several floors, it can be hard for employees to know who works there and who doesn’t, leaving them susceptible to tailgating and piggybacking attacks. Requiring smart badges and cards to access restricted areas can help cut back on unauthorized intrusions and provide better access control.
Building fully staffed reception areas with dedicated security personnel could also be part of a larger security system.
Biometric scanners are an even more advanced way to provide proper authentication for a worker’s identity. They scan a unique physical or audible feature of a person and compare it to a database for approved personnel.
Examples of biometric security include:
One reason people are vulnerable to physical and cyberattacks is that they lack education on social engineering and the kinds of threats it poses.
Workers need to understand the full range of social engineering techniques and know-how to protect themselves, whether in their social media accounts or physical work environment.
For their part, companies can use simulated phishing emails and tailgating attacks to raise awareness and underline how to follow protocols in dealing with them.
If there are many ways to enter a business, it may make sense to put video surveillance on all entrances. Advanced video surveillance systems can use artificial intelligence (AI) and video analytics to scan the faces of people entering and compare them to a database of employee features.
Whether at work or at home, people want to be secure from attacks by cybercriminals who seek to take personal information.
To add a layer of security to all their connected devices — including computers, smartphones, and tablets — an increasing number of people are turning to the comprehensive coverage of McAfee+
Features range from advanced monitoring of possible threats to your identity, automatic implementation of virtual private networks (VPNs) to deal with unsafe networks, and personal data clean-up, removing your information from high-risk data broker sites.
McAfee protection allows you to work and play online with greater peace of mind.
The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.
Do yourself a favor: Open a new browser tab and head to your search engine of choice. Type in your full name and home address. Then, see what pops up.
Are the results sparking an ember of unease in the back of your brain? Whether you’re a private person online or you’re comfortable sharing your daily life updates on social media, there are likely to be several personal details about you on sites that shouldn’t have that information. Some of these sites may be data brokerage websites.
Data brokerage sites are legal and are mostly used by annoying advertisers, though cybercriminals may also use them maliciously. The average person has their information for sale on 31 data brokerage sites, and 95% of people have their personal information on sale without their permission.
So how do you scrub the internet of your personal details to keep your identity secure? McAfee Personal Data Cleanup is a service that prevents your personal information from being collected and sold online. Here’s why you should consider taking a few easy steps now to give you peace of mind about the security of your personally identifiable information (PII).
Attack surface is a term usually applied to corporate security, but it’s a great visualization for everyday people going about their personal online errands and entertainment. An attack surface is the number of possible entry points a cybercriminal could weasel their way through to get at your valuable and private information. Entry points include your social media profiles, your online shopping accounts, and data brokerage sites. The fewer entry points you have, the harder it is for cybercriminals to find and exploit them.
While Social Security Numbers (SSNs) are generally revered as the piece of PII to guard most closely, a cybercriminal can still damage your identity with just your name and an address, email address, or phone number. For example, they can request new passwords or multifactor authentication one-time passcodes to break their way into online banking or shopping accounts. Security breaches are happening to huge companies all over the world. All it takes is for your SSN to be leaked in one of them, for a cybercriminal to piece together your digital clone and use it to harm your identity or credit.
Personal Data Cleanup minimizes your attack surface by removing as much PII as possible that’s floating around the internet, just waiting for someone to buy it.
When you’re aware of how many unauthorized vendors are selling your PII, it could be the wakeup call you need start adopting more cautious online habits. For instance, oversharing on social media leaks a lot of valuable details that a savvy criminal can then use to take educated guesses at your passwords or craft a social engineering plot catered just to you.
The present is as good a time as any to start protecting your identity for the future; however, getting started is often the most difficult step. It can seem overwhelming to reach out to every data brokerage site individually and request they remove your info. Personal Data Cleanup can be your partner not only in beginning the cleanup process but in monitoring your data security to keep your online presence as minimal as possible. The service scans the internet’s riskiest sites and then, before deleting your information from these sites, runs it by you to confirm. Then, it will continually monitor those same sites, as your information will likely reappear every two to four months.
Do not underestimate the tenacity of a cybercriminal. Even for people who have the attitude that their PII is bound to be somewhere online and that it’s no big deal, McAfee Personal Data Cleanup manages three key steps in the data removal process: scanning, removing, and monitoring. So, even if you’re not convinced that data brokerage sites are a threat, the process is too easy to put off any longer!
For those who are concerned about their online privacy, full-service Personal Data Cleanup is included in McAfee+ Ultimate, which is the complete package to let you live your online life in private. McAfee+ Ultimate also includes identity monitoring and identity theft resolution services, unlimited VPN, credit lock, and much more.
In 2021, more than 1.4 million identity theft complaints were filed to the Federal Trade Commission.1 Identity theft can occur to anyone, so take steps today, starting with data brokerage sites, to live a more secure and more private digital life.
1Federal Trade Commission, “New Data Shows FTC Received 2.8 Million Fraud Reports from Consumers in 2021”
The post McAfee Personal Data Cleanup: Your Partner in Living a More Private Online Life appeared first on McAfee Blog.
Hackers have posted another batch of stolen health records on the dark web—following a breach that could potentially affect nearly 8 million Australian Medibank customers, along with nearly 2 million more international customers.
The records were stolen in October’s reported breach at Medibank, one of Australia’s largest private health insurance providers. Given Australia’s population of almost 26 million people, close to a third of the population could find themselves affected.
The hackers subsequently issued ransomware demands with the threat of releasing the records. With their demands unmet, the hackers then started posting the records in batches, the first on November 8th and the latest dropping on November 14th.
According to Medibank, the records and information could include diagnoses, a list of conditions, and further information such as:
“[P]ersonal data such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for AHM customers (not expiry dates), in some cases passport numbers for our international students (not expiry dates), and some health claims data.”
Medibank continues to keep its customers up to date on the latest developments on its website and further states they will contact customers, via email and post, to clarify what has been stolen and what has been published on the dark web.
Any time a data breach occurs, it means that your personal information could end up in the hands of a bad actor. In the case of Medibank, the hackers posted the stolen information on the dark web, which unfortunately means that the likelihood of a potential scammer or thief obtaining this information is a near certainty.
In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part.
Home Affairs Minister Clare O’Neil called for Australians to “Contact Services Australia if you believe there has been unauthorised activity in your Medicare account.” Further, Australians can take the following additional steps to protect themselves in the wake of identity theft.
With some personal information in hand, bad actors may seek out more. They may follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So as it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for information in some form or other, often in ways that urge or pressure you into acting. Always look out for phishing attacks, particularly after breaches.
If you are contacted by Medibank, make certain the communication is legitimate. Bad actors may pose as Medibank to steal personal information. Do not click on links sent in emails, texts, or messages. Instead, go straight to the Medibank website or contact them by phone directly.
While it does not appear that login information was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly can reduce your risk in the event of a data breach. Namely, a breached password is no good to a hacker if you’ve changed it.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
An identity monitoring service can monitor everything from email addresses to credit cards, bank account numbers and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other bad actors so they can launch their own attacks. McAfee’s identity monitoring service helps you keep an eye on your personal info and provides alerts if your data is found, averaging 10 months ahead of similar services.
When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in your name. This may include identity theft, where someone pretends to be you, generally to gain access to more information or services, and may escalate to identity fraud, where funds are stolen from your account.
Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies in Australia— Equifax, illion, and Experian. This will help prevent bad actors from opening new lines of credit or take out loans in your name by “freezing” your credit report so that potential creditors cannot pull it for reference. Terms of freezing a credit report will vary, so check with each agency for details.
A complete suite of online protection software can offer layers of extra security. Identity thieves generally focus on easy targets to save time. Elevated security across the majority of your data can make you a far more difficult target. In addition to more private and secure time online with a VPN, identity monitoring, and password management, this includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, McAfee offers support from a licensed recovery pro who can help you restore your credit, just in case.
Per Medibank, some victims of the breach may have had their driver’s licence number exposed. Given that a licence number is such a unique piece of personally identifiable information, anyone notified by Medibank that theirs may have been affected should strongly consider changing them. The process for replacing a licence document will vary depending on your state or territory.
The recent Optus breach of September 2022 saw some states and territories propose making exceptions to the rules for attack victims, so look to your local government for guidance.
Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the Medibank breach.
However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, which makes protection a must.
The post The Medibank Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.
“I’ll just Uber home.”
Who hails a taxi anymore? These days, city streets are full of double-parked sedans with their hazards on, looking for their charges. Uber is synonymous with ridesharing and has made it so far into our culture that it’s not just a company name but a verb.
Uber’s reputation has ebbed and flowed since its creation in 2009, and it’s taken another hit recently as more details are coming to light about a massive 2016 cybersecurity breach and the chief security officer’s attempts to cover it up.
In 2016, a ransomware group trawled the internet and gathered Uber’s credentials that opened the door into the company’s server database. The cybercriminals then stole the information of customers and drivers alike and held it for a $100,000 Bitcoin ransom. Joe Sullivan, Uber’s chief security officer at the time, paid the ransom and the criminal group agreed to delete the information they uncovered. While it’s not uncommon for large corporations to give in to cybercriminals and dole out huge ransom payments, Sullivan is facing potential jail time because he didn’t report the incident to the Federal Trade Commission. He was recently found guilty of wire fraud and concealing a felony from authorities.
Uber account holders had their personally identifiable information in nefarious hands without their knowledge. The cybercriminals allegedly downloaded the names, email addresses and phone numbers of 57 million Uber customers and drivers, plus the license plate numbers of 600,000 drivers.1
Organizations have a responsibility to their customers to report any cyberbreaches. With a full name, email address, and phone number, cybercriminals can inflict a lot of damage on an innocent person’s credit, steal money from online accounts, or invade someone’s digital privacy. Customers must act swiftly to put the proper safeguards in place, but they can’t do that if they don’t even know a breach has happened! The longer a cybercriminal has to poke and prod someone’s digital footprint, the more havoc they can wreak and profits they can gain.
Acting swiftly is key to keeping your personally identifiable information (PII) private after a breach, though there are a few measures you can take right now that could prevent your information from being compromised. Here’s what you can do before and after a breach.
One way to shrink your attack surface – or the number of possible entry points into your digital life – is to regularly vet your online accounts and apps. For example, when you’re cleaning your closet, it’s common to donate or trash any clothing you haven’t worn in a year. The same method works for your digital life. If you haven’t logged into a shopping site or mobile gaming app in over a year, it’s unlikely that you will use them anytime soon, so it’s time to say goodbye and delete it.
McAfee credit lock and security freeze are other preventive measures that can keep your credit safe in case your PII is ever compromised. These services make it easy to prevent one or all three major credit bureaus from accessing your credit. In turn, this prevents anyone other than you from opening a bank account, applying for a loan, or making a substantial purchase. If you’re not planning on needing a credit report, it’s a great practice to freeze your credit.
When you first hear of a company’s data leak with which you have an account, the first step you should take is to change your account password. Login and password combinations are often compromised in a data breach. Make sure your new password is strong and is not a duplicate of a password you use elsewhere.
Next, consider running a Personal Data Cleanup scan. Personal Data Cleanup checks risky data broker sites and alerts you if your information appears on any of them. From there, you can take steps to remove your information.
Finally, for the next few weeks, keep close tabs on your financial, online, and email accounts. Watch for suspicious activities like purchases you didn’t make, electronic receipts, notifications, or mailing lists that you didn’t sign up for. McAfee+ Ultimate can help you here with its identity monitoring and full-service Personal Data Cleanup. McAfee+ gives you a partner to alert you and help you recover if your digital privacy is compromised.
Protecting your identity and digital privacy is a two-way street. While identity and privacy protection tools go a long way, individuals also have a responsibility to remain vigilant and take quick action if they suspect their information is compromised. And the ultimate responsibility lies with companies to alert the authorities and their customers after a data leak and to take serious steps to shore up their security to make sure it never happens again.
1The Verge, “Former Uber security chief found guilty of covering up massive 2016 data breach”
The post 57 Million Users Compromised in Uber Leak: Protect Your Digital Privacy and Identity appeared first on McAfee Blog.
A data broker (also known as an information product company) is an organization that makes money by collecting your personal information, analyzing it, and licensing it out to be used by other companies for things like marketing purposes.
Data providers gather data from many different sources to create a profile of who you are. This profile includes things like your interests, hobbies, demographics, and even the products you use.
Generally, data broker companies only deal with customers to collect information. A few of the top data brokerage companies are Epsilon, Acxiom, and Experian, but there are many data brokerages worldwide that make a hefty profit from aggregating and distributing consumers’ personal data.
This article explains everything you need to know about data brokers, including what they do, how they get your information, and what you can do to limit the data they can access from you.
There are several ways information brokers can get your information — both online and offline.
Generally, it’s legal for data brokers to get your information through public sources. However, different locations have different protections in place for consumers and different rules for how data brokers must operate.
Many countries have laws to protect consumers from having their information shared without their consent. For example, the European Union has the General Data Protection Regulation (GDPR) to protect data privacy. The GDPR says data brokers need to get consent from consumers before sharing their information. The law also gives consumers the right to demand that companies delete any personal information that they have stored.
On the other hand, the United States doesn’t have federal privacy laws protecting consumer information from data brokers. It’s up to the states to make their own laws. Some states prioritize consumer privacy more than others. For example, California has the Consumer Privacy Act, which gives customers the right to see what data a broker company has and the ability to delete it.
Typically, companies ask for consent to share your information through the fine print of their agreements. You might not be aware of how much of your personal information you’ve allowed organizations to share.
Data brokering is a huge industry. In fact, data brokers around the world bring in hundreds of billions of dollars a year. Here are some of the largest data brokerage companies that may collect your information.
By using various sources, data brokers can aggregate a lot of information about you. This information can be used to create user categories that businesses can market to. For instance, if you visit websites that sell baby products, the broker might put you into a category like “new parents.”
Some of the information that brokers collect might be things you’d like to keep private. For example, a broker might collect sensitive data about health issues, past bankruptcies, or legal issues.
Sometimes, brokers may place you in the wrong category. Let’s say you’re buying a new cookware set as a birthday gift for your mother. You check out several cooking sites before purchasing your set. If the broker sees that you’ve visited cooking sites and purchased cooking products, they may place you in a category like “cooking enthusiasts” even though you brought the gift for your mother.
Here are some personal details that a broker can collect to create a consumer profile of you:
Businesses are always looking for useful consumer information. Purchasing consumer data from brokers helps them tailor marketing campaigns to the demographics that are most likely to buy their products.
Let’s say you’re a fan of virtual reality (VR) gaming. You’ve watched countless YouTube videos about the subject, and you’ve searched Amazon for VR headsets multiple times. You’d likely be an ideal consumer for a company that manufactures VR headsets or a company that creates VR games.
Other companies might use your data for risk mitigation. For example, a bank might use your personal financial history to determine whether you’re likely to default on a mortgage loan.
There are a variety of public records and sources that data brokers can use to gather information about you. The good news is that there are some things you can do to limit the amount of personal information they can access:
There are also a few organizations you can join to protect your information:
Data brokers are always looking for ways to get their hands on your personal information. Many reasons businesses want access to your personal data aren’t malicious. They simply want to provide you with a targeted advertising experience and introduce you to products you might like.
However, the more your personal information gets shared online, the more chances cybercriminals have to get their hands on it. There might also be some sensitive information you don’t want to share with businesses in general. If you’re careful about what you post and take steps to protect your cybersecurity, you’ll greatly reduce the amount of data that a broker can collect from you.
With McAfee’s Total Protection services, you can get a secure online experience for your whole family. Our all-in-one protection suite comes with features like a secure VPN, premium antivirus software, identity monitoring, and up to $1 million in identity insurance and restoration.
McAfee can help you safeguard data like financial records and health care information so you can have less stress online. You’re meant to enjoy the internet — and we’re here to help make that a reality.
The post What Is a Data Broker? appeared first on McAfee Blog.
Here’s one way you can help reduce your chances of identity theft: remove your personal information from the internet.
And chances are, you have more personal information posted online than you think.
According to the U.S. Federal Trade Commission (FTC), consumers registered 1.4 million identity theft complaints in 2021, all part of a year where consumers reported losing $5.8 billion to fraud overall—a 70% increase over the year prior.
What fuels all this theft and fraud? Access to personal information.
Scammers and thieves can get a hold of personal information in several ways, such as through phishing attacks that lure you into handing it over, malware that steals it from your devices, by purchasing your information on dark web marketplaces, or as a result of information leaked in data breaches, just to name a few.
However, scammers and thieves have other resources to help them commit theft and fraud—data broker sites, places where personal information is posted online for practically anyone to see. Which makes removing your info from them so important, from both an identity and privacy standpoint.
Think of data broker sites as huge repositories of personal information. Search your name and address online and you’ll see. You’ll likely find dozens of sites that turn up information about you, some of which offer a few pieces for free and others that offer far more information for a price.
Data brokers collect and then aggregate personal information from several sources, including:
Data brokers also buy personal information from other data brokers. As a result, some data brokers have thousands of pieces of data for billions of individuals worldwide.
What could that look like? A broker may know how much you paid for your home, your education level, where you’ve lived over the years and who your lived with, your driving record, and possibly your political leanings. A broker may also know your favorite flavor of ice cream and your preferred over-the-counter allergy medicine thanks to information from loyalty cards. Further, they may also have health-related information from fitness apps. The amount of personal information can run that broadly, and that deeply.
With information at this potential level of detail, it’s no wonder that data brokers rake in an estimated at $200 billion U.S. dollars worldwide every year.
On the legitimate side, it’s used by advertisers to create targeted ad campaigns. With information sold by data brokers, they can generate lists based on highly specific criteria, such as shopping histories, personal interests, and even political leanings as mentioned above. Likely without you being aware of it—and likely with no way to contest that information if it’s incorrect.
Other legitimate uses include using these sites for background checks. Law enforcement, reporters, and employers will use data brokers as a starting point for research because the leg work has largely been done for them. Namely, data brokers have aggregated a person’s information already, which is an otherwise time-consuming process.
If this seems a little shady, it’s still legal. As of now, the U.S. has no federal laws that regulate data brokers or require data them to remove personal information if requested. A few states, such as Nevada, Vermont, and California, have legislation in place aimed at protecting consumers. Meanwhile, the General Data Protection Regulation (GDPR) in the European Union has stricter rules about what information can be collected and what can be done with it. Still, the data broker economy thrives.
On the darker side, scammers and thieves use personal information for identity theft and fraud. With enough personal information gathered from enough sources, they can create a high-fidelity profile of their victims. One that gives them enough information to open new accounts in their name.
So, from the standpoint of both privacy and identity, cleaning up your personal information online makes a great deal of sense.
Let’s review some ways you can remove your personal information from data brokers and other sources on the internet.
The process starts with finding the sites that have your information. From there, you can request to have it removed. Yet as mentioned above, there are dozens and dozens of these sites. Knowing where to start is a challenge in of itself, as is manually making the requests once you have identified the sites that post and sell information about you.
Our Personal Data Cleanup can do the work for you. Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan. It also monitors those sites, so if your info gets posted again, you can request its removal again.
As of September 2022, Google accounts for just over 92% of search engine market share worldwide. Aside from being a search engine, Google offers a myriad of other services and applications, such as Gmail and Google Maps. While Google offers plenty of tools for productivity, travel, work, and play for free, they still come at a cost—the gathering and analysis of your personal information.
You can limit the data Google associates with you by removing your name from Google search results with a removal request. This will disable anyone online from getting any results if they search your name. (Note that this will not remove your information from the original sites and sources where it’s posted.) Moreover, Google collects all your browsing data continuously. You have the option to turn on “Auto Delete” in your privacy settings to ensure that the data is deleted regularly and help limit the amount of time your sensitive data stays vulnerable.
You can also occasionally delete your cookies or use your browser in incognito mode to prevent websites from being tracked back to you. Go to your Google Chrome settings to clear your browser and cookie history.
As discussed above, data brokers can collect information from public social media profiles. You can minimize your presence on social media to the bare minimum. Make a list of the ones you use or have used in the past. If there are old accounts that you no longer use or websites that have gone by the wayside like Myspace or Tumblr, you may want to deactivate them or consider deleting them entirely.
For social media platforms that you still may use regularly, like Facebook and Instagram, consider adjusting your privacy settings to ensure that your personal information on these social media platforms is the bare minimum. For example, on Facebook you can lock your profile, while on Instagram you can stay private.
If you’ve ever published articles, written blogs, or created any content online, it might be a good time to consider taking it down if it is no longer serving a purpose. Depending on what you’ve posted, you may have shared personal details about your life. Additionally, you might be mentioned by other people in various social media posts, articles, or blogs. It is worth reaching out to these people to request them to take down posts with sensitive information.
Social media and online articles that host your personal information are often used when businesses or hackers are doing “internet scrapes” to find better ways to use your targeted information. Asking your friends or third-party sites to remove that information can help protect your privacy.
Another way you can tidy up your digital footprint online involves deleting all the unnecessary phone apps that you no longer need or use. Even when apps are not open or in use, they may be able to track personal information such as your real-time location and even your payment details if you have a paid subscription to the app.
Some apps even sell this data as it can be extremely advantageous to other companies, which they use to target certain consumer segments and profiles for advertising. Try to share as little information with apps as possible if you’re looking to minimize your online footprint, and provide them access to your photos, contacts, and location only on as-needed basis and only when the app is in use. Your phone’s app and location services settings will give you the tools to do it.
In addition to the steps above, comprehensive online protection software can keep you more private and minimize your risk of cybercrime. It can include:
So while it may seem like all this rampant collecting and selling of personal information is out of your hands, there’s plenty you can do to take control. With the steps outlined above and strong online protection software at your back, you can keep your personal information more private and secure.
The post 5 Steps to Removing Your Personal Information From the Internet appeared first on McAfee Blog.
Whether using the internet for play or work, you want to spend your time online enjoying the peace of mind that comes with having a secure network.
You don’t want to contend with someone taking your personal data — whether it’s credit card information, passwords, or bank account details — via malware or a data breach on your Android, Windows, or Apple iOS device.
Fortunately, with some sensible precautions and simple steps, you can use your connected devices productively without worrying about cybercriminals and malicious software. This article explains how to stop hackers from getting access to your sensitive data.
You can take steps to protect your different computing and mobile devices and operating systems. These steps can be divided into technological solutions and the right awareness and information to provide a comforting measure of self-protection.
It’s like learning karate for self-defense, giving you confidence as you negotiate the wider world (and hoping that you never have to use it).
When it comes to identity protection software, McAfee provides a proven solution with our identity protection and privacy services. The protection includes alerts if your sensitive information is found on the dark web (up to 10 months sooner than other providers), personal data cleanup from sites gathering and selling your information, and an unlimited virtual public network (VPN) service that protects your privacy as you use public Wi-Fi networks.
You’ll also get up to $1 million in identity theft coverage and hands-on restoration support to help you reclaim your identity.
Simple, obvious passwords and passcodes (like your street address, your birthday, your kids’ or pets’ names, or “1234” or “abcd”) are easy for cybercriminals to crack, giving them unwanted access to your private data.
The stronger your password, the better your protection. Some best password practices include:
It’s important not to be a standing target. Just as you should use different passwords for everything, you should regularly change your passwords. You should do this a few times a year (although some cyber experts say this might not be necessary if you have a long and very complicated password).
If you have a number of passwords that you update often, it might be worth getting a password manager like McAfee True Key to keep track of them. Not only will you not be faced with remembering all your different passwords or writing them down (also a no-no), but it can also help you create and store unique passwords.
The software uses the strongest encryption algorithms available to protect your passwords, scrambling them so no one else can access them. It’ll also suggest new passwords and automatically log you into your online accounts with just one master password.
Another important line of defense is multi-factor authentication (sometimes known as two-factor authentication). This system uses a password and a second piece of verification — often an SMS message sent to your Android device or iPhone — to authenticate your identity.
This provides hard-to-beat protection even if a hacker has your password. Besides receiving SMS codes, there are also code-generating apps and physical security keys.
Thinking before you click on an email or text is a very important defense against phishing scams. Your bank won’t send you an email or text notifying you that there’s been suspicious activity on your account.
Does getting a large refund from your phone company sound too good to be true? It is. Similarly, the Internal Revenue Service (IRS) won’t text to tell you that you owe them money, and princes aren’t going to give you a fortune out of the blue.
Internet users beware: If you’re not absolutely certain that the text message you received is from a legitimate and trusted source, delete it. You can always contact the business or person directly to confirm that the message is legit.
Any operating system or app you use is open to malicious cyberattacks. This is why you should keep all your software up to date with the latest versions. Software developers are continually fixing holes in their products and offering cybersecurity patches to make them as safe and hacker-proof as possible.
Make sure your software, firmware, and security settings are up to date on your home’s Wi-Fi router, as well. You can often change your settings to allow for automatic updates.
Sure, who doesn’t like to go to a cafe, library, or hotel lobby to use the free Wi-Fi? But security is often weak in these public networks. If you open your online banking account or access personal information, you may unwittingly be giving a personal invitation to eavesdropping cybercriminals.
This is where the bank-grade level of protection of McAfee Secure VPN comes in, which automatically turns on when you need it and keeps you safe on public Wi-Fi networks.
Even if your device does get hacked, you can protect vital information on your Windows or macOS system with an encryption program like BitLocker or FileVault. You can protect any hard drive you use, including portable ones and USB keys.
It’s also a good idea to only shop at encrypted websites marked with the prefix “HTTPS” in their URLs.
One of the best ways to surf the web in comfort while keeping hackers at bay is with the comprehensive solutions provided by McAfee Total Protection.
Your protection includes proactive measures (meaning we’ll guide you to the best choices for prevention), early detection, and expert identity theft support.
This means you’ll get identity monitoring, up to $1 million in identity theft coverage, lost wallet protection, premium antivirus software, a secure VPN, and personal data removal. In particular, our Personal Data Cleanup service will help find and remove your personal information from data broker websites and people search sites.
With McAfee, you don’t have to be afraid of hackers. Let us deal with them.
The post How to Stay One Step Ahead of Hackers appeared first on McAfee Blog.
Private tech companies gather tremendous amounts of user data. These companies can afford to let you use social media platforms free of charge because it’s paid for by your data, attention, and time.
Big tech derives most of its profits by selling your attention to advertisers — a well-known business model. Various documentaries (like Netflix’s “The Social Dilemma”) have attempted to get to the bottom of the complex algorithms that big tech companies employ to mine and analyze user data for the benefit of third-party advertisers.
This article will help you better understand what information is being collected by tech companies, how it’s being used, and how you can protect your privacy online.
Tech companies benefit from personal information by being able to provide personalized ads. When you click “yes” at the end of a terms and conditions agreement found on some web pages, you may be allowing the companies to collect the following data:
For someone unfamiliar with privacy issues, it is important to understand the extent of big tech’s tracking and data collection. Once these companies collect data, all this information can be supplied to third-party businesses or used to improve user experience.
The problem with this is that big tech has blurred the line between collecting customer data and violating user privacy in some cases. While tracking what content you interact with can be justified under the garb of personalizing the content you see, big tech platforms have been known to go too far. Prominent social networks like Facebook and LinkedIn have faced past legal trouble for accessing personal user data like private messages and saved photos.
The information you provide helps build an accurate character profile and turns it into knowledge that gives actionable insights to businesses. Private data usage can be classified into three cases: selling it to data brokers, using it to improve marketing, or enhancing customer experience.
Along with big data, another industry has seen rapid growth: data brokers. Data brokers buy, analyze, and package your data. Companies that collect large amounts of data on their users stand to profit from this service. Selling data to brokers is an important revenue stream for big tech companies.
Advertisers and businesses benefit from increased information on their consumers, creating a high demand for your information. The problem here is that companies like Facebook and Alphabet (Google’s parent company) have been known to mine massive amounts of user data for the sake of their advertisers.
Marketing can be highly personalized thanks to the availability of large amounts of consumer data. Tracking your response to marketing campaigns can help businesses alter or improve certain aspects of their campaign to drive better results.
The problem is that most AI-based algorithms are incapable of assessing when they should stop collecting or using your information. After a point, users run the risk of being constantly subjected to intrusive ads and other unconsented marketing campaigns that pop up frequently.
Analyzing consumer behavior through reviews, feedback, and recommendations can help improve customer experience. Businesses have access to various facets of data that can be analyzed to show them how to meet consumer demands. This could help improve any part of a consumer’s interaction with the company, from designing special offers and discounts to improving customer relationships.
For most social media platforms, the goal is to curate a personalized feed that appeals to the users and allows them to spend more time on the app. When left unmonitored, the powerful algorithms behind these social media platforms can repeatedly subject you to the same kind of content from different creators.
Here are the big tech companies that collect and mine the most user data.
Users need a comprehensive data privacy solution to tackle the rampant, large-scale data mining carried out by big tech platforms. While targeted advertisements and easily found items are beneficial, many of these companies collect and mine user data through several channels simultaneously, exploiting them in many different ways.
It’s important to make sure your personal information is protected. Protection solutions like McAfee’s Personal Data Cleanup feature can help. With this feature, our teams scour the web for traces of your personal information and assist in getting it removed to enhance your online privacy.
McAfee’s Total Protection provides antivirus software for all of your digital devices and a secure VPN connection to avoid exposure to malicious third parties while browsing the internet. Our identity monitoring and personal data removal solutions further remove gaps in your devices’ security systems.
With our airtight data protection and custom guidance (complete with a protection score for each platform and tips to keep you safer), you can be sure that your internet identity is protected.
The post What Personal Data Do Companies Track? appeared first on McAfee Blog.
Our personal and professional lives are becoming increasingly intertwined with the online world. Regular internet usage has made us all prone to cyber-security risks. You leave a digital footprint every time you use the internet, which is a trace of all your online activities.
When you create new accounts or subscribe to different websites, you give them explicit (or implicit, through their family of apps or subsidiary websites) access to your personal and credit card information. In other cases, websites might track basic information without your knowledge, such as your location and search history.
There is an industry of data brokers specifically dedicated to keeping track of user data, packaging it, and supplying it to tech companies who use it to run targeted ads and enhance on-platform user experience. Given the widespread use of the internet and exponential improvements in technology, data has become a valuable commodity — creating a need for the sale and purchase of user data.
This article discusses how data brokers sell your personal information and how you can minimize risk.
Data brokers are companies that aggregate user information from various sources on the internet. They collect, collate, package, and sometimes even analyze this data to create a holistic and coherent version of you online. This data is then supplied to tech companies to fuel their third-party advertising-centered business models.
Companies interested in buying data include but are not limited to:
These companies and social media platforms use your data to better understand target demographics and the content with which they interact. While the practice isn’t unethical in and of itself (personalizing user experiences and creating more convenient UIs are usually cited as the primary reasons for it), it does make your data vulnerable to malicious attacks targeted toward big-tech servers.
Most of your online activities are related. Devices like your phone, laptop, tablets, and even fitness watches are linked to each other. Moreover, you might use one email ID for various accounts and subscriptions. This online interconnectedness makes it easier for data brokers to create a cohesive user profile.
Mobile phone apps are the most common way for data brokerage firms to collect your data. You might have countless apps for various purposes, such as financial transactions, health and fitness, or social media.
A number of these apps usually fall under the umbrella of the same or subsidiary family of apps, all of which work toward collecting and supplying data to big tech platforms. Programs like Google’s AdSense make it easier for developers to monetize their apps in exchange for the user information they collect.
Data brokers also collect data points like your home address, full name, Social Security number, phone number, and date of birth. They have automated scraping tools to quickly collect relevant information from public profiles.[Text Wrapping Break]
Lastly, data brokers can gather data from other third parties that track your cookies or even place trackers or cookies on your browsers. Cookies are small data files that track your online activities when visiting different websites. They track your IP address and browsing history, which third parties can exploit. Cookies are also the reason you see personalized ads and products.
Data brokers collate your private information into one package and sell it to “people search” websites like Spokeo or TruePeopleSearch. You or a tech business can use these websites to search for people and get extensive consumer data. People search sites also contain public records like voter registration information, marriage records, and birth certificates. This data is used for consumer research and large-scale data analysis.
Next, marketing and sales firms are some of data brokers’ biggest clients. These companies purchase massive data sets from data brokers to research your data profile. They have advanced algorithms to segregate users into various consumer groups and target you specifically. Their predictive algorithms can suggest personalized ads and products to generate higher lead generation and conversation percentages for their clients.
We tend to accept the terms and conditions that various apps ask us to accept without thinking twice or reading the fine print. You probably cannot proceed without letting the app track certain data or giving your personal information. To a certain extent, we trade some of our privacy for convenience. This becomes public information, and apps and data brokers collect, track, and use our data however they please while still complying with the law.
There is no comprehensive privacy law in the U.S. on a federal level. This allows data brokers to collect personal information and condense it into marketing insights. While not all methods of gathering private data are legal, it is difficult to track the activities of data brokers online (especially on the dark web). As technology advances, there are also easier ways to harvest and exploit data.
Vermont and California have already enacted laws to regulate the data brokerage industry. In 2018, Vermont passed the country’s first data broker legislation. This requires data brokers to register annually with the Secretary of State and provide information about their data collection activities, opt-out policies, purchaser credentialing practices, and data breaches.
California has passed similar laws to make data brokering a more transparent industry. For risk mitigation of data brokerage, the Federal Trade Commission (FTC) has published reports and provided recommendations to Congress to reduce the engagement of data broker firms. Giving individuals the right to opt-out of the sale of their personal data is a step toward a more rigorous law regarding data privacy.
Some data brokers let you remove your information from their websites. There are also extensive guides available online that list the method by which you can opt-out of some of the biggest data brokering firms. For example, a guide by Griffin Boyce, the systems administrator at Harvard University’s Berkman Klein Center for Internet and Society, provides detailed information on how to opt-out of a long list of data broker companies.
Acxiom, LLC is one of the largest data brokering firms and has collected data for approximately 68% of people who have an online presence. You can opt-out of their data collection either through their website or by calling them directly.
Epsilon Data Management is another big player in the data broker industry that operates as a marketing service and marketing analytics company. You can opt-out of their website through various methods such as by email, phone, and mail. Credit rating agencies like Experian and Equifax are also notorious for collecting your data. Similarly, you can opt-out through their websites or by calling them.
McAfee is a pioneer in providing online and offline data protection to its customers. We offer numerous cybersecurity services for keeping your information private and secure.
With regard to data brokers, we enable users to do a personal data clean-up. Cleaning up your personal data online may be a difficult task, as it requires you to reach out to multiple data brokers and opt out. Instead, sign up for McAfee’s Personal Data Cleanup feature to do a convenient and thorough personal data clean-up. We will search for traces of your personal data and assist in getting it removed.
The post How Data Brokers Sell Your Identity appeared first on McAfee Blog.
Congratulations! You reached 10,000 steps today!
It’s a great feeling when a wearable fitness device vibrates to let you know when you hit the day’s fitness goal. The digital fireworks display that lights up your watch’s screen is a signal that you should keep on moving to challenge yourself more … or spend the rest of the day on the couch guilt-free.
While fitness wearable devices, trackers, and apps are excellent motivators for you, cybercriminals love them for their vulnerabilities and privacy loopholes. This doesn’t mean you have to chuck your expensive watch in the bin or delete your fitness apps from your smartphone. Awareness and smart habits go a long way in deterring cybercriminals. Keep reading to learn more about wearable technology vulnerabilities and how you can sidestep each.
Many fitness tracker apps and wearables are equipped with GPS. At the end of a run or long walk, you can view your exact route, sometimes with detailed maps that show street and town names. This tracking feature was potentially dangerous back in 2018 when a fitness app released a heat map of all its users’ running routes for the year, which clearly outlined secret military bases.1
Even if you’re stationed in a suburb and not hostile territory, you may consider the risks of sharing your location data. A determined criminal who has time to spare can guess your address and see the times of days when you’re commonly out at the gym or on a run.
When you purchase a wearable fitness device, you often have to pair it with an accompanying smartphone app to see your daily stats and tailor your fitness goals. Think about all the personally identifiable information (PII) that app now houses: your full name, password, address, height, weight, location, medical concerns, daily activity patterns, etc. In the hands of a cybercriminal, this information can bring a nefarious actor one step closer to impersonating you. Plus, if your health data makes it onto the dark web or is sold to health companies, it may result in serious privacy concerns.
Luckily, there are ways to get peace of mind about the security of your identity. Identity protection services, such as McAfee Identity Monitoring Service, provide expert identity theft support and up to $1 million in identity theft coverage.
Wearable devices complement any athleisure outfit and are a fun way to inspire athletic competition between a group of friends. Here are a few ways you can patch some of their security shortcomings:
When you first purchase any new device, fitness trackers included, your first step should always be to reset the factory password. Cybercriminals know that many people often skip this step, making it easy for them to walk right into new accounts. If you have a hard time remembering your passwords, consider entrusting them to a password manager to remember them for you. McAfee True Key makes it so that you only have to remember one master password to unlock the rest, and it’s protected by one of the strongest encryption algorithms available.
This is a tip you should consider for all your social media accounts. When you post about your life online, you actually divulge a lot of personal details that are helpful to cybercriminals. In the case of fitness trackers and apps, sharing the times of day when you go to the gym, are at the local track, or are on a bike path may give a criminal an idea of windows during the day when your home is empty. It’s unsettling to think that strangers can track your whereabouts, so it’s best to keep those details exclusive to people you personally know and trust.
In the case of fitness trackers and apps, a savvy cybercriminal may be able take an educated guess at your address, with which they can do a myriad of nefarious activities. Some running and fitness apps may be able to still create maps of your running routes but erase street names and other landmarks to make it more private. But when in doubt, turn off geolocation.
Fitness trackers are a fun way to stir up some friendly competition, keep connected with your fit friends, and motivate yourself to exercise and maintain healthy habits. While you’re shopping for a new device or when evaluating your current tracker, keep these tips in mind to enjoy this technology to its fullest.
The post Why You Should Care About Fitness Tracker Security appeared first on McAfee Blog.
As millions of people around the world practice social distancing and work their office jobs from home, video conferencing has quickly become the new norm. Whether you’re attending regular work meetings, partaking in a virtual happy hour with friends, or catching up with extended family across the globe, video conferencing is a convenient alternative to many of the activities we can no longer do in real life. But as the rapid adoption of video conferencing tools and apps occurs, is security falling by the wayside?
One security vulnerability that has recently made headlines is the ability for uninvited attendees to bombard users’ virtual meetings. How? According to Forbes, many users have posted their meeting invite links on social media sites like Twitter. An attacker can simply click on one of these links and interrupt an important conference call or meeting with inappropriate content.
Online conferencing tools allow users to hold virtual meetings and share files via chat. But according to Security Boulevard, communicating confidential business information quickly and privately can be challenging with these tools. For example, users are not always immediately available, even when working from home. In fact, many parents are simultaneously doubling as working parents and teachers with the recent closure of schools and childcare providers. If a user needs to share private information with a coworker but they are unable to connect by video or phone, they might revert to using a messaging platform that lacks end-to-end encryption, a feature that prevents third-party recipients from seeing private messages. This could lead to leaks or unintended sharing of confidential data, whether personal or corporate. What’s more, the lack of using a secure messaging platform could present a hacker with an opportunity to breach a victim’s data or device. Depending on the severity of this type of breach, a victim could be at risk of identity theft.
With the recent surge of new video conferencing users, privacy policies have been placed under a microscope. According to WIRED, some online conferencing tools have had to update their policies to reflect the collection of user information and meeting content used for advertising or other marketing efforts. Another privacy concern was brought to light by a video conferencing tool’s attention-tracking feature. This alerts the virtual meeting host when an attendee hasn’t had the meeting window in their device foreground for 30 seconds, resulting in users feeling that their privacy has been compromised.
As users become accustomed to working from home, video conferencing tools will continue to become a necessary avenue for virtual communication. But how can users do so while putting their online security first? Follow these tips to help ensure that your virtual meetings are safeguarded:
There are plenty of video conferencing tools available online. Before downloading the first one you see, do your research and check for possible security vulnerabilities around the tools. Does the video conferencing tool you’re considering use end-to-end encryption? This ensures that only meeting participants have the ability to decrypt secure meeting content. Additionally, be sure to read the privacy policies listed by the video conferencing programs to find the one that is the most secure and fits your needs.
To ensure that only invited attendees can access your meeting, make sure they are password protected. For maximum safety, activate passwords for new meetings, instant meetings, personal meetings, and people joining by phone.
To keep users (either welcome or unwelcome) from taking control of your screen while you’re video conferencing, select the option to block everyone except the host (you) from screen sharing.
By turning on automatic updates, you are guaranteed to have all the latest security patches and enhancements for your video conferencing tool as soon as they become available.
The post How Secure Is Video Conferencing? appeared first on McAfee Blog.
Let’s play a game. Go to the Photos app on your phone and look at the total number of videos and images on your device – all those precious memories of family vacations, clips from your favorite concert, and countless snapshots of your furry companion. Next, open your laptop or desktop and check to see how many documents you have saved — perhaps all the research reports you have saved to defend your graduate thesis or an important slideshow you’re presenting to your boss on Monday. If you had to guess, would you say the total number of these various pieces of data is into the thousands? Now imagine if all this data was suddenly gone. What would you do?
You might be thinking, “That will never happen to me.” However, this situation is more common than you think. More than 60 million computers will fail worldwide this year, and over 200,000 smartphones are lost or stolen every year. That’s why we’re celebrating World Backup Day by sharing how you can properly back up your files and find peace of mind knowing that your data is safe and sound.
A backup is a separate copy of your important and sentimental digital files and information. Storing all that data in one place, like a personal computer or smartphone, can prove unsafe. Creating another copy of that data through a backup will ensure that it’s stored and kept safe somewhere else should your device get wiped or stolen.
It’s important to recognize that data loss isn’t something that only happens to huge corporations or unsuspecting victims in spy movies. Everyone is susceptible to data loss or theft and backing up that data is an easy step to protect all your information and prevent cybercriminals from taking what isn’t theirs.
Data is one of the most important assets in the modern world. As we illustrated earlier, people collect countless files that contain valuable information they want to keep safe. Luckily, there are two common and inexpensive ways that a user can store their data and their ever-important backups.
Although “the cloud” became a major buzzword years ago, its definition is still cloudy for some folks. The cloud exists in remote data centers that you can access via the internet. Any data you’ve uploaded to the cloud exists on dedicated servers and storage volumes housed in distant warehouses, often situated on campuses full of such warehouses. Data centers are owned by cloud service providers, who are responsible for keeping the servers up and running.
To keep your data physically safe from theft and destruction, and to make sure it’s available whenever you want to access it, data centers run extensive cooling systems to keep the electronics from overheating and have at least one backup generator in case of power outages. But how do they make sure that this data is secure in the cybersphere? Cloud systems use authentication processes like usernames and passwords to limit access, and data encryption to protect data that is stolen or intercepted. However, it’s important to remember that passwords can be hacked. Typically, the service provider holds the encryption keys to your data, meaning that rogue employees could, theoretically, access it. Likewise, your data could also potentially be searched and seized by government entities.
This begs the question: Trust or don’t trust? Because cloud storage companies live and die by their reputation, you can rest assured knowing that they go to great lengths to use the most advanced security techniques and provide the most reliable service possible. To help ensure the security of your data should you choose to store or back it up to the cloud, keep anything truly sensitive in a private cloud behind a firewall.
With an external hard drive, you can manually back up all your data and files yourself onto a physical device that you can access anytime. These drives are a reliable way to achieve data redundancy. An external hard drive doesn’t rely on internet access like cloud-based services and is an easy fix when transferring data to a new device. However, using external hard drives requires a more hands-on approach to backing up your data. It’s your responsibility to regularly perform backups yourself and store your hard drive in a safe location. While cloud solutions offer huge amounts of storage, storage space on hard drives are limited, so you may have to purchase more than one device. Look for an external drive with at least a terabyte of space to accommodate all your data, which tends to accumulate quickly.
As you’re cleaning out your garage and tidying up your home, take the same care to do some digital spring cleaning this World Backup Day. Give your devices, apps, and online accounts a good decluttering and gain more peace of mind knowing that all your valuable data is stored in a safe, secure place … and that you have a backup in case something goes awry. Remember, proactivity goes a long way toward shoring up your cybersecurity and protecting your information.
The post It’s World Backup Day! Here’s How You Can Preserve Your Files appeared first on McAfee Blog.
We’re excited to announce the release of McAfee’s Personal Data Cleanup, a new feature that finds and removes your personal info from data brokers and people search sites. Now, you can feel more confident by removing personal info from data broker sites and keeping it from being collected, sold, and used to: advertise products to you, fill your email box with spam, and can even give criminals the info they need to steal your identity. Let’s look at why we’re offering McAfee Personal Data Cleanup, how it protects your privacy, and why it’s a great addition to the online protection we already offer.
There’s so much to enjoy when you live a connected life – free email, online stores that remember what you like, social media that connects you to friends and influencers. It’s a world of convenience, opportunity, and incredible content. It’s also a world where your data is constantly collected.
That’s right, companies are collecting your personal data. They’re called data brokers and they make money by selling information that specifically identifies you, like an email address. They sell this information to marketers looking to target you with ads. Criminals can also use it to build profiles in service of stealing your identity and accessing your accounts. This activity takes place behind the scenes and often without consumers’ knowledge. There are also data brokers known as people search sites that compile and sell info like home addresses, emails, phones, court records, employment info, and more. These websites give identity thieves, hackers, stalkers, and other malicious actors easy access to your info. Regardless of how your data is being used, it’s clear that these days a more connected life often comes at the cost of your privacy.
In a recent survey of McAfee customers, we found that 59% have become more protective of their personal data over the past six months. And it’s no wonder. Over the past two years, trends like telehealth, remote working, and increased usage of online shopping and financial services have meant that more of your time is being spent online. Unsurprisingly, more personal data is being made available in the process. This leads us to the most alarming finding of our survey – 95% of consumers whose personal information ends up on data broker sites had it collected without their consent.
We created Personal Data Cleanup to make it easy for you to take back your privacy online. McAfee’s Personal Data Cleanup regularly scans the riskiest data broker sites for info like your home address, date of birth, and names of relatives. After showing where we found your data, you can either remove it yourself or we will work on your behalf to remove it. Here’s how it works:
Ready to take back your personal info online? Personal Data Cleanup is available immediately with most of our online protection plans. If you have an eligible subscription, you can start using this new feature through McAfee Protection Center, or you can get McAfee online protection here.
The post Introducing Personal Data Cleanup appeared first on McAfee Blog.
When you logged on to your computer this morning, data privacy probably wasn’t the first thing you were thinking about. The same goes for when you opened your phone to catch up on social media and check emails, turned on your smart TV for a family movie night, or all the other ways we routinely use our connected devices in our everyday lives.
Although we live in an increasingly connected world, most of us give little thought to data privacy until after our personal information has been compromised. However, we can take proactive steps to help ourselves and our loved ones navigate this environment in a safe way. On January 28th – better known as Data Privacy Day – we have the perfect opportunity to own our privacy by taking the time to safeguard data. By making data privacy a priority, you and your family can enjoy the freedom of living your connected lives online knowing that your information is safe and sound.
Did you know that there is a difference between data security and data privacy? Although the two are intimately intertwined, there are various characteristics of each that make them different. National Today3 provides a useful analogy to define the two:
At this point, we already know not to share our passwords or PIN numbers with anyone. But what about the data that is collected by companies every time we sign up for an email newsletter or make an online account? Oftentimes, we trust these companies to guard the personal data they collect from us in exchange for the right to use their products and services. However, the personal information collected by companies today is not regarded as private by default, with a few exceptions. For this reason, it’s up to us to take our data privacy into our own hands.
Because we spend so much of our day online, plenty of our information is available on the internet. But what happens if one of your favorite online retailers experiences a data breach? This is the reality of the world we live in today, as data breaches have been on the rise and hackers are continuously finding clever, new ways to access our devices and information.
Thanks to the COVID-19 pandemic, we’ve become more reliant on technology than ever before. Whether it be for distance learning, online shopping, mobile banking, or remote work, we’ve all depended on our devices and the internet to stay connected. But with more time online comes more opportunities for cybercriminals to exploit. For example, with the massive increase in remote work since the onset of the pandemic, hackers have hijacked online meetings through a technique called ‘Zoombombing4.’ This occurred after the online conferencing company shared personal data with Facebook, Google, and LinkedIn. Additionally, the number of patient records breached in the healthcare industry jumped to 21.3 million in the second half of 2020 due to the increase in remote interactions between patients and their providers5.
When it comes to data breaches, any business is a potential target because practically every business is online in some way. When you put this in perspective, it’s important to consider what information is being held by the companies that you buy from. While a gaming service will likely have different information about you than your insurance company, you should remember that all data has value, and you should take steps to protect it like you would money.
Your browsing history and personal information are private, and we at McAfee want to keep it that way. By using McAfee Secure VPN, you can browse confidently knowing that your data is encrypted.
To further take control of your data privacy, monitor the health of your online protection with McAfee’s Protection Score. This tool provides simple steps to improve your security and allows you to know how safe you are online, which is the first step towards a safer, more confident connected life. Check your personal protection score here.
Here are a few more tips to keep you on top of your data privacy game:
1. Update your privacy and security settings. Begin with the websites and apps that you use the most. Check to see if your accounts are marked as private, or if they are open to the public. Also, look to see if your data is being leaked to third parties. You want to select the most secure settings available, while still being able to use these tools correctly.
2. Lock down your logins. Secure your logins by making sure that you are creating long and unique passphrases for all your accounts. Use multi-factor identification, when available.
3. Protect your family and friends. You can make a big difference by encouraging your loved ones to protect their online privacy. By helping others create solid safety habits as they build their digital footprints, it makes all of us more secure.
Follow the conversation this Data Privacy Day by following #PrivacyAware and #DataPrivacyDay on social media.
The post It’s Data Privacy Day: Here’s How to Stay Protected in 2022 appeared first on McAfee Blog.
It happens with more regularity than any of us like to see. There’s either a headline in your news feed or an email from a website or service you have an account with—there’s been a data breach. So what do you do when you find out that you and your information may have been caught up in a data breach? While it can feel like things are out of your hands, there are actually several things you can do to protect yourself.
Let’s start with a look at what kind of information may be at stake and why crooks value that information so much (it’s more reasons than you may think).
The fact is that plenty of our information is out there on the internet, simply because we go about so much of our day online, whether that involves shopping, banking, getting results from our doctors, or simply hopping online to play a game once in a while.
Naturally, that means the data in any given breach will vary from service to service and platform to platform involved. Certainly, a gaming service will certainly have different information about you than your insurance company. Yet broadly speaking, there’s a broad range of information about you stored in various places, which could include:
As to what gets exposed and when you might find out about it, that can vary greatly as well. One industry research report found that 60% of breaches were discovered in just days from the initial attack while others could take months or even longer to detect. Needless to say, the timeline can get rather stretched before word reaches you, which is a good reason to change your passwords regularly should any of them get swept up in a breach. (An outdated password does a hacker no good—more on that in a bit.)
The answer is plenty. In all, personal information like that listed above has a dollar value to it. In a way, your data and information are a kind of currency because they’re tied to everything from your bank accounts, investments, insurance payments—even tax returns and personal identification like driver’s licenses.
With this information in hand, a crook can commit several types of identity crime—ranging from fraud to theft. In the case of fraud, that could include running up a bill on one of your credits cards or draining one of your bank accounts. In the case of theft, that could see crooks impersonate you so they can open new accounts or services in your name. Beyond that, they may attempt to claim your tax refund or potentially get ID issued in your name as well.
Another possibility is that a hacker will simply sell that information on the dark marketplace, perhaps in large clumps or as individual pieces of information that go for a few dollars each. However it gets sold, these dark-market practices allow other fraudsters and thieves to take advantage of your identity for financial or other gains.
Most breaches are financially motivated, with some researchers saying nearly 90% of breaches are about the money. However, we’ve also seen hackers simply dump stolen information out there for practically anyone to see. The motivations behind them vary, yet could involve anything from damaging the reputation of an organization to cases of revenge.
A list of big data breaches is a blog article of its own, yet here’s a quick list of some of the largest and most impactful breaches we’ve seen in recent years:
Needless to say, it’s not just the big companies that get hit. Healthcare facilities have seen their data breached, along with the operations of popular restaurants. Small businesses find themselves in the crosshairs as well, with one report stating that 43% of data leaks target small businesses. Those may come by way of an attack on where those businesses store their records, a disgruntled employee, or by way of a compromised point-of-sale terminal in their store, office, or location.
In short, when it comes to data breaches, practically any business is a potential target because practically every business is online in some form or fashion. Even if it’s by way of a simple point-of-sale machine.
When a business, service, or organization falls victim to a breach, it doesn’t always mean that you’re automatically a victim too. Your information may not have been caught up in it. However, it’s best to act as if it was. With that, we strongly suggest you take these immediate steps.
Given the possibility that your password may be in the hands of a hacker, change it right away. Strong, unique passwords offer one of your best defenses against hackers. Update them regularly as well. As mentioned above, this can protect you in the event a breach occurs and you don’t find out about it until well after it’s happened. You can spare yourself the upkeep that involves a password manager that can keep on top of it all for you. If your account offers two-factor authentication as part of the login process, make use of it as it adds another layer of security that makes hacking tougher.
If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed.
If you haven’t done so already, consider signing up for a service that can monitor dozens of types of personal information and then alert you if any of them are possibly being misused. Identity protection such as ours gives you the added benefit of a professional recovery specialist who can assist with restoring your affairs in the wake of fraud or theft, plus up to $1 million in insurance coverage.
Our advice is to take a deep breath and get to work. By acting quickly, you can potentially minimize and even prevent any damage that’s done. With that, we have two articles that can help guide the way if you think you’re the victim of identity theft, each featuring a series of straightforward steps you can take to set matters right:
Again, if you have any concerns. Take action. The first steps take only minutes. Even if the result is that you find out all’s well, you’ll have that assurance and you’ll have it rather quickly.
The post What to Do If You’re Caught Up in a Data Breach appeared first on McAfee Blog.
Did you just get word that your personal information may have been caught up in a data breach? If so, you can take steps to protect yourself from harm should your info get into the hands of a scammer or thief.
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.
In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about.
Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include:
What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.
In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including:
As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants.
When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, you can take several steps to protect yourself from the potential side effects.
One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals.
Our credit monitoring service can help you keep an eye on this. It monitors changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Breached and stolen information often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your information was caught up in such marketplaces, yet now an identity monitoring service can do the detective work for you.
Our service monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services. From there, you’ll get guidance that you can act on, which can help protect your info and accounts from theft.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well.
Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency.
You can centrally manage this process with our security freeze service, which stops companies from looking at your credit profile, and thus halts the application process for loans, credit cards, utilities, new bank accounts, and more. A security freeze won’t affect your credit score.
Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as the one you’ll find in comprehensive online protection software.
If the unfortunate happens to you, an identity theft coverage & restoration service can help you get back on your feet. Ours offers $1 million in coverage for lawyer fees, travel expenses, and stolen funds reimbursement. It further provides support from a licensed recovery expert who can take the needed steps to repair your identity and credit. In all, it helps you recover the costs of identity theft along with the time and money it takes to recover from it.
You can take this step any time, even if you haven’t been caught up in a data breach. The fact is that data broker companies collect and sell thousands of pieces of information on millions and millions of people worldwide, part of a global economy estimated at $200 billion U.S. dollars a year. And they’ll sell it to anyone—from advertisers for their campaigns, to scammers who will use it for spammy emails, texts, and calls, and to thieves who use that information for identity theft.
Yet you can clean it up. Our personal data cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and, with select products, even manage the removal for you.
Comprehensive online protection software will offer you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account information. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your information. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.
The post How to Protect Yourself From Identity Theft After a Data Breach appeared first on McAfee Blog.
Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could allow hackers to compromise or take control of servers that run them.
Just as reported by the developers of the popular Minecraft game, this flaw potentially affects servers that run Twitter, Apple’s iCloud, the Steam gaming platform, and a growing number of others that may be vulnerable.
One research group has dubbed the vulnerability as “Log4Shell,” and the name appears to be sticking. It involves a widely used software used to log information on servers. This software is open source, meaning it is freely available to developers. As a result, countless organizations and businesses use it on their servers.
While details are still evolving, researchers are acting with a proper degree of caution given the potential scope of the issue. Needless to say, the immediate level of concern remains high given the potential of the flaw to impact millions of servers, devices, and the people who use them.
At this early stage, a few things appear to be possible:
The developers of Minecraft have provided several steps that detail what both players and server hosts should do to protect themselves. The developers clearly recognize the potential gravity of the situation and are taking a proactive approach in saying, “This vulnerability poses a potential risk of your computer being compromised, and while this exploit has been addressed with all versions of the game client patched, you still need to take [steps] to secure your game and your servers.” We’ve provided the link to those steps here:
Recommended steps for Minecraft players and server hosts.
Right now, as this situation evolves, the best step is to keep your eyes open. If the app, service, site, or game you’re on performs strangely, consider signing out and closing it down. Then, perform a security scan on your device to check for viruses, malware, or other threats. Follow the guidance from your online protection software if any results come up.
You may also consider limiting your app and service usage to the most important activities. If it’s not an urgent or important online task or activity, see about putting it off until more is known.
Likewise, stay tuned. The details around this vulnerability continue to unfold. As they do, you’ll find further guidance that can help keep you and your family protected from this or any follow-on threats associated with this issue.
The post Concerned by the Security Risk Affecting Popular Services and Apps? Here’s What We Know. appeared first on McAfee Blog.
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.
In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about.
Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include:
What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.
In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including:
Facebook – 2019: Two sets of data exposed the records of more than 530 million users, including phone numbers, account names, and Facebook IDs.
Marriott International (Starwood) – 2018: Half a million guests had names, email and physical mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, dates of birth, and other information about their stays exposed.
Equifax – 2017: Some 147 million records that included names, addresses, dates of birth, driver’s license numbers, and Social Security Numbers were exposed, along with a relatively small subset of 200,000 victims having their credit card information exposed as well.
As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants.
When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, there are multiple steps you can take to help protect yourself from the potential side effects.
One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals.
File a police report and a Federal Trade Commission (FTC) Identity Theft Report. This will help in case someone uses your Social Security number to commit fraud, since it will provide a legal record of the theft. The FTC can also assist by guiding you through the identity theft recovery process as well. Their site offers a step-by-step recovery plan that you can follow and track your progress as you go.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well.
Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency.
Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as one you’ll find in comprehensive online protection software.
A solution such as this will help you to monitor your accounts and alert you of any suspicious activity. Specifically, our own Identity Protection Service will monitor several types of personally identifiable information, alert you of potentially stolen personal info, and offer guided help to neutralize the threat. Also, it can help you steer clear of some types of theft with preventative guidance that can help keep theft from happening in the first place. With this set up on your computers and smartphone you can stay in the know and address issues immediately.
To use your credit card safely online to make purchases, add both a VPN and password manager into your toolbox of security solutions. A VPN keeps your shopping experience private, while a password manager helps you keep track of and protect all your online accounts. Again, you’ll find a VPN as part of comprehensive online protection software.
The post Affected by a Data Breach? Here Are Security Steps You Should Take appeared first on McAfee Blogs.
You may have spotted the news last week that U.S. federal prosecutors brought charges against the former chief security officer of Uber. At issue was a breach that occurred in 2016, where prosecutors allege that he covered up a $100,000 payoff to the hackers responsible for the attack. The specific charges are obstructing justice and concealing a felony for the alleged cover-up.
While the breach itself is relatively old news and the company has since paid a $148 million settlement along with an agreement to regular audits of its privacy and security systems, this is a reminder that breaches happen. What’s more, it may be some time before you become aware of them, even in instances when companies move quickly, transparently, and in your best interest.
According to research we recently published, nearly three-quarters of all breaches have required public disclosure or have affected financial results, up five points from 2015. Additionally, industry studies show that it can take roughly nine month on average to identify and contain a breach. Yes, that’s more than nine months, and a lot can happen to your credit in that timeframe. Thus the onus is on us to be vigilant about our own credit.
Here’s a quick list of things you can do right now to keep on top of your credit—and that you can do on an ongoing basis as well, because that’s what it takes to keep tabs on your personal info today.
Closely monitor your online accounts: Whether it’s your credit card statements, banking statements, or your individual accounts for services like Uber, review them closely. If you see any suspicious activity, notify the institution or service and put a freeze on your account(s) as needed. Even a small charge can indicate a bigger problem, as that means your information is out there in the wild and could be used for bigger purchases down the pike. In the event you feel your Uber account has been compromised, you can contact them via their “I think my Uber account has been hacked” page.
Update your settings: That includes your privacy settings in addition to changing your password. As far as passwords go, strong and layered passwords are best, and never reuse your credentials across different platforms. Plus, update your passwords on a regular basis. That’ll further protect your data. Using a password manager will help you keep on top of it all, while also storing your passwords securely.
Enable two-factor authentication: While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.
Check your credit: Depending on where you live, there are different credit reporting agencies that keep a centralized report of all your credit activities. For example, the major agencies in the U.S. are primarily Equifax, Experian, and TransUnion. Likewise in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. It’s a relatively quick process, and you might be surprised what you find—anywhere to incorrect address information to bills falsely associated with your name. Get your free credit report here from the U.S. Federal Trade Commission (FTC). Other nations provide similar services, such as the free credit reports for UK customers.
Freeze your credit: Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
Consider using identity theft protection: A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity in addition to the activities I’ve listed above. Additionally, you can use a comprehensive security solution such as McAfee Total Protection to help protect your devices and data from known vulnerabilities and emerging threats.
For all the technology we have at our fingertips, our best defense is our eyes. Keeping a lookout for fishy activity and following up with family members when unfamiliar charges show up on your accounts will help you keep your good name in good standing.
The thing is, we never know when the next data breach might hit and how long it may be until that information is discovered and finally disclosed to you. Staying on top of credit has always been important, but given all our apps, accounts, and overall exposure these days, it’s a must.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Uber Data Breach and How to Protect Your Info appeared first on McAfee Blog.
The Robinhood trading platform recently disclosed a data breach that exposed the information of millions of its customers. News of the attack was released on Monday, November 8th along with word the hackers behind it had demanded an extortion payment from the company.
According to Robinhood’s disclosure, the attack occurred on November 3rd, which allowed an unauthorized party to obtain the following:
In addition, smaller groups of Robinhood customers had yet more information compromised. Around 310 people had their names, birth dates, and zip codes exposed in the breach. Another 10 customers had “more extensive account details revealed,” per Robinhood’s disclosure.
Robinhood went on to say, “We believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.”
Robinhood further stated that the company contained the intrusion and that it promptly informed law enforcement of the extortion demand. Robinhood says that it is continuing to investigate the incident with the assistance of a security firm.
The company advised its customers to visit the Robinhood help center to receive the latest messages from the company, noting that they will never include a link to access an account in a security alert.
Any data breach that you and your information may have been involved in calls for a few quick security steps:
1. Log into your account and update your password with a new one that is strong and unique. Likewise, if you use the same or similar passwords across several accounts, change those as well. (A password manager that’s included with comprehensive online protection software can do that work for you.) Set up two-factor authentication if your account allows for it, as this will provide an extra layer of protection as well.
2. Review your statements for any strange activity—even the smallest of withdrawals or transactions could be the sign of a larger issue.
3. Report any suspected fraud to the company or institution involved. They typically have set policies and procedures in place to provide support.
If you believe that you’ve become a victim of identity theft, file a report with local law enforcement and the Federal Trade Commission (FTC). Law enforcement can provide you with a case number that you may need as part of the recovery process. Likewise, the FTC’s identity theft website provides excellent resources, including a recovery plan and a step-by-step walkthrough if you create an account with them.
For even more information, visit our blog that points out the signs of identity theft and the steps you can take should you find yourself victim.
Given that the breach apparently exposed some 5 million email addresses, there’s the risk that these may end up in the hands of bad actors who may use them for follow-on attacks.
Notable among them would be phishing attacks, where hackers could target Robinhood users with phony messages in an attempt to get affected users to reveal further account information. For example, hackers could potentially create bogus emails that appear to come from Robinhood and direct users to a malicious site that requests account information. As Robinhood stated, the company will never include a link to access an account in a security alert. Users should visit the Robinhood site directly for account information.
This breach could lead to other phishing attacks as well, ones that may or may not pose as communication from Robinhood. Some of these phishing attacks can be rather easy to spot, as they may include typos, poorly rendered logos, or spoofed web addresses. However, some sophisticated hackers can roll out rather polished phishing attacks that can closely resemble legitimate communications.
In all, people can avoid falling victim to phishing attacks by keeping the following in mind:
1. Only access your accounts directly from the official website of the company or financial institution involved. If you receive an email, message, or text alerting you of an issue, do not click any links provided in the communication. Go straight to the site yourself by typing in the proper address and view your account information there. Likewise, calling the customer support line posted on their official site is an option as well.
2. Use comprehensive online protection software that includes a spam filter. This can prevent phishing emails from reaching your inbox in the first place.
3. Get to know the signs of phishing emails. A common sign of a scam is an email, ad, message, or site that simply doesn’t look or read right. (Maybe the grammar is awkward or the logo is grainy or has the colors slightly wrong.) However, some of them can look quite convincing, yet there are still ways to spot an attempted phishing attack.
4. Beware of email attachments you aren’t expecting. This is always good form because hackers love to spike attachments with malware that’s designed to steal your personal information. Whether you get an unexpected attachment from a friend or business, follow up before opening it. That’s a quick way to find out if the attachment is legitimate or not.
For more info on phishing and how to steer clear of it, check out our blog on how to spot phishing attacks.
The unfortunate fact is that data breaches can and do happen. Many of the larger data breaches make the headlines, yet many more do not—such as the ones that hit small businesses, restaurants, and medical care providers. In the hands of hackers, the information spilled by these breaches can provide them with the building blocks to commit identity theft. As a result, keeping on top of your identity and personal information is a must.
The good news is that you have solid options to prevent them from harming you or at least greatly lessen their potential impact. With identity theft protection, even in the short-term, you can monitor emails addresses and usernames that are being used to breach other accounts. You can monitor dozens of different types of personal information and receive alerts to keep an eye out for misuse. Likewise, it can monitor your email addresses and bank accounts for signs of misuse or fraud, plus provide theft protection and support from a recovery specialist if identity theft, unfortunately, happens to you.
Along those same lines, news of a data breach offers all of us a moment to pause and take stock of just how protected we are. Above and beyond the steps covered above, comprehensive online protection can protect your devices from malware, phishing attacks, malicious websites, and other threats. More importantly, it protects you—your identity and privacy, particularly in times where breaches such as the one we’re talking about here occur with seeming regularity.
The post Protecting Yourself in the Wake of the Robinhood Data Breach appeared first on McAfee Blog.
What do social media companies really know about you? It’s a fair question. And the quick answer is this: the more you use social media, the more those companies likely know.
The moment you examine the question more closely, the answer takes on greater depth. Consider how much we use social media for things other than connecting with friends. While that was the original intent behind social networks, the role of social media has since evolved into something far more expansive. We use it to get our news, stay up to date on when artists will drop a new release, and sometimes reach out for customer service on a company’s social media page. In some cases, we use our social media accounts to log into other sites and apps or we even make payments through social media.
Taken together, all of those likes, taps, clicks, links, and time spent reading or watching videos can add up and paint a detailed picture of who you are.
Why are they collecting all this information? Largely, it’s for two reasons:
1. To make improvements to their platform, by better understanding your behavior and ways you like to use their service.
2. To create an exacting user profile that advertisers can use for targeting ads that they think will interest you.
That’s the exchange in play here. You use the company’s social media service for free, and in return, they gain rights to gather specific information about you, which you consent to by agreeing to their terms of service.
Let’s get into the details of what social media companies may collect and know about you—along with ways you can limit the data and information they gather.
Different social media platforms have different user agreements that cover what types of information they collect and use. For starters, we’ll speak broadly about social media companies in general, and then we’ll weave in a few specific examples along the way. Generally, they may know:
We collect information about how you use our Products, such as the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; and the time, frequency and duration of your activities.
When you communicate with others by sending or receiving Direct Messages, we will store and process your communications and information related to them. This includes link scanning for malicious content, link shortening to http://t.co URLs, detection of spam, abuse and prohibited images, and use of reported issues. We also use information about whom you have communicated with and when (but not the content of those communications) to better understand the use of our services, to protect the safety and integrity of our platform, and to show more relevant content.
If you use our Products for purchases or other financial transactions (such as when you make a purchase in a game or make a donation), we collect information about the purchase or transaction. This includes payment information, such as your credit or debit card number and other card information; other account and authentication information; and billing, shipping and contact details.
By the way, none of this is secret. What I’ve listed here can be found by simply reading the terms of use posted by various social media companies. Note that these terms of use can and do change. Checking up on them regularly will help you understand what is being collected and how it may be used.
This nearly goes without saying, yet another layer of data and information collection comes by way of the pictures and updates you post. Per Instagram (as of October 2021):
We collect the content, communications and other information you provide when you use our Products, including when you sign up for an account, create or share content, and message or communicate with others. This can include information in or about the content you provide (like metadata), such as the location of a photo or the date a file was created.
Another consideration is how the content you interact with on other sites may be shared with social media companies in return. Some social media companies partner with other third parties to gather this data, which is used to round out your user profile in yet more detail. That information can include purchases you made, how often you visited that third party’s site, and so on.
In the case of Facebook, they refer to this as “Off-Facebook Activity.” In their words:
Off-Facebook activity includes information that businesses and organizations share with us about your interactions with them. Interactions are things like visiting their website or logging into their app with Facebook. Off-Facebook activity does not include customer lists that businesses use to show a unique group of customers relevant ads.
The good news here is that you can take control of the Off-Facebook Activity setting with a few clicks.
No doubt about it, the content you create and interact with, both on the social media sites and sometimes off of them as well, can generate information about you that’s collected by social media companies.
Short of deleting your accounts altogether, there are several things you can do to take control and limit the amount of information you share.
For example, you can visit your Facebook Settings, Instagram Settings, and Twitter Settings, which each gives you options for managing your information—or download it and even delete it from their platform outright if you wish. (Note that this will likely only delete data associated with your account. Content you posted or shared with other people on their accounts will remain.)
As noted above, this isn’t an absolute fix because social media companies can infer your location other ways. Yet taking this step gives them one less piece of exacting information about you.
Each platform will have its own settings and options, so give them a look. Here, you can determine which information advertisers are allowed to use to serve up ads to you, set rules for facial recognition, enable or disable location history, and much more. If possible, do this from your computer or laptop rather than your smartphone. Often, the account controls that you can access from a computer browser are far more comprehensive than the ones in a mobile app.
Using direct messaging on social media platforms may tell social media companies even more about you and who you interact with. When possible, think about using text messaging instead or other means of communication that aren’t tied to a social media company.
Some apps and sites will allow you to use your social media login instead of creating a new one. While convenient, this can provide the social media company with more information about you. Additionally, if your social media account is compromised, it could compromise the other accounts that are tied to it as well. Check your settings and look for “Apps and Websites” to see what’s connected to your social media account, what’s being shared, and how you can disable it.
Protection like ours will include a VPN, which anonymizes your online activity and thus may shield you from certain types of information collection, such as your location. Additionally, using online protection software is simply a good move because it can create and store strong, unique passwords for you, steer you clear of risky sites, protect your identity, and make your time online safer overall.
The very nature of social media is sharing and exchanging. That’s the draw it has—the way it keeps us connected to the people, pastimes, and things we care about. Yet that exchange runs deeper. In return for using these free services, social media companies collect information on us which they use to improve their platforms and generate revenue. It’s all there for you to see in the various terms of use associated with your social media accounts. In short, using social media means sharing information about yourself with social media companies.
Yet you can do several things to reduce the amount of information that social media companies know about you. By spending some time on the account and privacy settings for each of your social media accounts, you can determine what information you’re providing to them and get a much better sense of what social media companies know about you.
The post What Do Social Media Companies Know About You? appeared first on McAfee Blog.
T-Mobile, the popular US mobile phone service provider, recently confirmed a data breach affecting 7.8 million current customers and 40 million records from past or prospective customers. The stolen data included customer names, dates of birth, social security numbers, and driver’s license information. Fortunately, subscriber credit card information and other financial details were not affected in the breach.
Even though financial data was spared in the breach, the types of information stolen, along with the vast volume of affected subscribers mean that all T-Mobile subscribers should take immediate action to secure their identities and accounts online.
This is the immediate step all affected subscribers should take.
As part of T-Mobile’s response, they are offering an identity protection service exclusively to all affected customers, free for two years. This identity protection service gives customers the ability to monitor personal info, including your SSN, bank account numbers, debit cards, email addresses, phone numbers, and more. If info is found on the dark web, customers will receive guidance to help secure online accounts. Should identity theft occur, the identity protection service includes fraud resolution support and identity theft insurance for peace of mind. The free 24 months of identity protection will be delivered directly by T-Mobile. The company is also encouraging customers to sign up for their Account Takeover Protection service.
One lesser-known type of data stolen in the breach was International Mobile Equipment Identity (IMEI) numbers, which allow individual devices to be identified on a mobile network. Access to IMEI numbers could enable SIM-swap attacks which make account takeovers possible. With an account takeover, two-factor authentication through text message becomes vulnerable, allowing hackers potential access to bank accounts, among others. App-based multi-factor authentication, using a solution like Google’s Authenticator, allows you to authenticate your identity from other devices, instead of having authentication tied to your mobile phone number.
T-Mobile will be contacting impacted customers directly. However, cybercriminals and scammers may also take advantage of this data breach to scam people using email. They will often pose as major corporations or other trustworthy entities to trick you into willingly providing information like website login credentials or, even worse, your credit card number. We’ve provided additional information here to help you to recognize legitimate emails.
In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. This includes email accounts, cell phone numbers, bank accounts, your tax ID, and more. Read our additional tips to protect your digital identity.
For regular updates and official news from T-Mobile, visit their Newsroom blog here.
The post T-Mobile’s data breach exposes the personal data of 40 million appeared first on McAfee Blog.
As the new school year gets underway, many students will be returning to the classroom in-person, while others will opt to continue hybrid or remote learning indefinitely. Unfortunately, for families choosing the latter, remote learning could come at the expense of their online privacy.
According to the RAND Corporation’s 2020 research report, one in five U.S. school districts plan to offer online learning even after the pandemic ends. Many school districts are waiting to review the Centers for Disease Control (CDC) latest recommendations. Either way, there’s no better time for a data privacy refresh.
Protecting your child’s privacy while remote learning requires a three-part investment of parents, students, and schools. One of the first steps in that direction is to understand your district’s privacy practices. To do that, ask to take a closer look at its approach to data consent, secondary data use, as well as its data collection and retention practices.
According to The Center for Democracy and Technology, there are five areas where schools may put a child’s privacy at risk.
Using student data to assess needs and launch connectivity and device programs can pose a privacy risk.
Ask: To assess overall digital access, the school collected my child’s data. How will that data be used?
Sharing student data with third parties, such as broadband and device providers, is a common practice that can pose a privacy risk.
Ask: To connect my remote learner, the school shared my child’s data with the provider. Can the school ensure that data will be used by the third-party responsibly? May I view the data use policy?
Schools now have apps that allow teachers to monitor student progress.
Ask: With more teacher access to student devices and desktops, how can the school ensure that my child’s other data is secure?
Ongoing security and device management requirements should be established to avoid viruses and malicious activity.
Ask: What security measures are in place on school-owned devices to protect my child’s content or personal information? Will my child’s activity be tracked?
A lack of digital literacy and security knowledge on the part of students, families and even schools can put a child’s privacy at risk.
Ask: What digital literacy resources or training do you offer teachers, staff, students and families?
One sign your child’s privacy is in good hands is if your school has a solid Data Governance Policy (DGP) that staff, teachers, and students follow. A DGP establishes schools processes and structures for overseeing the school’s approach to management, usability, availability, quality and security of data and technology.
Going a step further, a privacy-aware school will engage students, families, teachers, and administrators (and even third-party providers) about the importance of data use and closing privacy gaps.
Rather than make assumptions, discuss what privacy is with your child. For example, with more time online, consider parental controls to filter risky content. Likewise, talk to your child about how to identify phishing scams and consider investing in security software that scans for malware and untrusted sites.
If your child uses video apps such as Zoom to connect remotely, be sure that personal information—such as birthdate, address, photographs, or a nickname—isn’t accidently visible in the background.
Whether your child uses Zoom, a chat app, website or another EdTech platform for learning, set privacy settings to provide maximum protection. Following the directions under “settings” of any new app are fast and easy.
Under FERPA, the Family Educational Rights and Privacy Act, schools must notify you of your right to opt out of Directory Information at the start of the school year. Don’t opt-out? Schools can share Directory Information about their child with third parties without parental or student consent.
If we could point to a positive consequence of the pandemic, it would be that with the sudden spike in connectivity during quarantine, data privacy concerns became more prevalent than ever—that shift deserves an A+. Moving forward, it’s critical for parents and schools to work together to create practices that protect online privacy for all students—on-site or remote.
The post Back-to-School: Privacy Worries in a Remote Learning World appeared first on McAfee Blog.
Over the past few years, food delivery apps have made it easy for people to get their favorite cuisines brought to their doorsteps. In 2020, consumers grew more accustomed to the convenience of ordering take-out when dining in at restaurants was no longer an option. But as we look ahead into 2022, this trend is here to stay. According to a new report by ResearchAndMarkets, the global online food delivery services market will grow from $115.07 billion in 2020 to $126.91 billion by the end of 2021.
To get the latest deals and news from their favorite restaurants, many consumers opt in to receiving marketing emails from the dining locations they frequent the most. One such restaurant is the popular fast-food chain Chipotle Mexican Grill, which has added 22.9 million consumers to its loyalty program since launching two years ago. But customers who signed up to receive emails from Chipotle may have more to consider than whether they choose queso or guacamole. According to Bleeping Computer, Chipotle’s email vendor Mailgun was recently breached, which allowed hackers to take over the company’s email marketing efforts and reach out to unsuspecting customers.
Let’s look at how this threat emerged and what consumers can do to help protect themselves from phishing and live a happy and safe digital life online.
Many restaurant chains like Chipotle utilize a third-party vendor to engage with customers who sign up to receive the latest updates. Chipotle uses Mailgun to help send, receive, and track its marketing emails. However, bad actors were able to hack into Chipotle’s Mailgun account, allowing them to send out phishing emails to recipients.
Under the guise of the Chipotle restaurant chain, cybercriminals reportedly sent out at least 120 malicious emails within a three-day period, luring Chipotle customers to malicious links. Most of the emails directed the unsuspecting users to credential-harvesting sites, impersonating services like a Microsoft 365 login page. Some messages even included malware attachments.
Although phishing is by no means a new cyberthreat, criminals have made it more difficult to spot scam messages with their increasingly sophisticated tactics. Most scammers disguise themselves as major corporations or other trustworthy entities to trick you into willingly providing information like your website login credentials or, even worse, your credit card number. But in Chipotle’s case, cybercriminals were able to hack into the company’s legitimate email marketing account, making it more difficult for consumers to spot the scam.
As a consumer, what can you do to sidestep these stealthy tactics and continue to enjoy your life online? Follow these tips to help safeguard your security:
While phishing has been around for years, cybercriminals continuously make these scams more sophisticated in the hopes of tricking even the most seasoned online experts. That’s why it’s important to stay up to date on the latest phishing techniques so you know what to look out for. Doing a quick search on recent phishing scams every once in a while will help you better spot these cyberthreats well before you find them in your inbox.
If you receive an email that appears to be from a business you subscribe to, but they are asking you for personal information, stop and think. Don’t click on anything or take any direct action from the message. Cybercriminals know that consumers tend to let their guard down when they think they are communicating with an entity that they trust, so play it safe and never assume anything. Instead, go straight to the organization’s website. This will prevent you from downloading dangerous content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
Use a security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
Now that you know how to spot phishing emails and what to do if you suspect scammers are targeting you, you’re far less likely to fall for these schemes. Remember to be careful with your personal information when you use the internet and err on the side of caution whenever anybody asks you to divulge sensitive details about your identity, finances, or login information – even if the message appears to be from a business you recognize.
The post Chipotle’s Marketing Account Hacked: Protect Yourself From Phishing Lures appeared first on McAfee Blog.
Among the many major shifts in lifestyle during the COVID-19 pandemic, the way we used healthcare was one of the most significant. Providers limited in-person visits, elective procedures were delayed, and we avoided hospitals. In response, we went online and started using telehealth and other virtual solutions in ways we never had before.
Our latest consumer mindset survey confirms this was more than a passing trend, showing an almost 50% rise since the beginning of the pandemic in the use of PCs and Mobile devices to access health information, meet virtually with health care providers, and manage prescriptions. Survey respondents also showed they adapted by increasing their usage of smart fitness devices, like Fitbits, to track their personal health.
Navigating the healthcare system and accessing more of our services through the web means more of our personal information is now online. From patient intake forms to test results, a great deal of data about our health, including confidential information like vaccination records, is potentially available. Survey respondents confirmed that they shared and accessed their personal health information across the internet, despite 1/3 or more of respondents having concerns for their privacy and security of their personal information.
This trend hasn’t gone unnoticed by cybercriminals. In fact, the US Department of Health and Human Services is currently investigating nearly 800 health-related data breaches impacting nearly 60 million individuals. All of which is to say that telehealth advances may help us avoid sitting in a doctor’s office, but we need to be more mindful about our security when using these new online services.
Despite the adoption of many telehealth and online health services, security was still a concern for many of our survey respondents. A majority said the primary reason they do not use smart devices for their personal health was because of privacy and security concerns. Fortunately, just as there is preventive medicine, there are also preventive cybersecurity measures we can take to keep our personal data safer online. Here are a few we recommend:
The shift to managing our health online comes with a few safety considerations, but by following the steps above, we can enjoy convenience and access to a healthier life online and off.
The post How to Make Telehealth Safer for a More Convenient Life Online appeared first on McAfee Blogs.
Every day you place your personal information in the hands of companies and trust that it will remain safe. However, what happens when external threats jeopardize your personal data security, especially while working remotely?
The transition to remote work environments and consumers’ online habits have made it more difficult for Canadian employees and consumers to protect their personal information. This challenge is primarily due to ransomware. To protect yourself, you need to first understand how cybercriminals take advantage of users’ online behaviors to launch strategic attacks against employees and consumers through the information they glean from stolen company data.
Ransomware has been on the rise this past year with attacks increasing 62% in 2020 according to Statista. In fact, 78% of Canadian cybersecurity professionals said that attacks increased due to employees working remotely in a recent VMware report. Cybercriminals target remote workers primarily through malicious links sent through phishing emails — in fact, over one third of Canadian respondents in a recent survey said they experienced at least one phishing attempt in the last year.
Hackers pose as legitimate organizations and prompt individuals to take action: say you decide to check your personal email on your work laptop during your lunch break. You open a message that claims to be from one of your favorite retailers claiming that you just won $500 in shopping credit – all you need to do is click on the link and fill out your banking information. This is an example of a phishing attack that could not only wreak havoc on your personal security, but your company’s as well. If the link in the message downloads a credential-stealing malware on your work laptop, there is a good chance that your organization’s private data or network could be compromised.
Knowing that many employees will be communicating virtually instead of face-to-face, hackers can take advantage of the remote work environment by posing as employees from finance departments and sending fake invoices for products or services. The goal of these fake invoices is for employees to call a support phone number to investigate, whereby hackers attain credit card numbers or other information they can leverage in spear-phishing scams. Hackers can also spoof phone calls to make it look like it is coming from a legitimate number within the organization. Revealing too much information to an unverified contact is a risk that remote workers must learn to identify and avoid.
Ransomware is always evolving, making it critical to understand the nature of these threats so you can better avoid them.
Cybercriminals are constantly finding new ways to automate their attacks and increase their profits. Here is a look at five active ransomware variants cybercriminals use today—and how they deploy them.
By the end of 2020, McAfee Labs observed a 69% increase in new ransomware, which Cryptodefense largely drove. This virus is similar to CryptoLocker, a trojan virus that spreads through email phishing to infiltrate hard drives and files. Both spread ransomware, use high levels of encryption to compromise users’ files, and claim that these files cannot be decrypted without a decryption key.
Maze ransomware has been active since November of 2019 and is operated by hackers notorious for leaking victim data upon non-payment. Maze operators first gain access to a network by using valid credentials. It will then scan the network for user devices, check these devices for additional credentials, and compromise user files.
In a Ransomware Task Force interview with an affiliate of the REvil/Sodinokibi syndicate, the interviewee revealed that companies with cyber insurance are prime targets since the chances of a payout are high. This ransomware spreads through software vulnerabilities, phishing scams, and exploit kits. Once it infiltrates a device, it spreads through escalated privilege to compromise user files and systems.
Ryuk has been around since August of 2018 and targets large companies, critical infrastructure, and hospitals. This ransomware is almost always spread through a banking trojan called Trickbot, used by hackers to steal financial and banking credentials. The operators behind this ransomware demand higher ransoms compared to other groups. They also use opensource tools and manual hacking techniques to bypass detection and infiltrate private networks.
The operators behind SamSam ransomware gain access through Windows servers using a Microsoft protocol that allows remote connections to other computers. Operators will then elevate their privilege to include admin rights once inside a network to infect servers with malware, requiring no action or authorization on the victim’s part.
Ransomware can affect anyone, regardless of whether you are an employee or a customer of a targeted company. Keep these tips in mind to reduce your risk of a ransomware attack and know what steps to take if you fall victim.
Phishing emails are one of the most common methods a hacker will use to infect devices and spread ransomware. They will send links through seemingly legitimate emails to trick users into clicking on them and downloading malicious files. Knowing how to spot one is the first step to prevent infection. If you receive an email you suspect is a phishing scam, start by analyzing its structure: common indicators of a phishing scam may include:
Once you identify a phishing email, don’t click on any links or download attachments. Simply delete it and carry on with your day.
Keep in mind that the cybercriminals behind Maze ransomware gained access to private networks through valid credentials. Hackers typically obtain these credentials through a “password spray” technique where they attempt to log in to accounts using a list of commonly used passwords. However, hackers have a higher chance of guessing valid passwords if they are too short or not complex enough. Additionally, a hacker is more likely to infiltrate multiple accounts if they share the same password.
Strong passwords help ensure that a hacker cannot access your private network, gain administrative rights to your device, or infect another device you are connected to. Create a password that is strong enough to withstand simple guess-and-check attempts by making them long, difficult, and unique. Multi-phrased passwords or passphrases also help to prevent hackers from breaking into your accounts, such as “P3anutbutter&J3lly.” Avoid reusing passwords across multiple accounts and change them periodically, especially after an account has been breached. Even if a hacker does steal your credentials, multi-factor authentication adds an extra validation layer to prohibit unauthorized sign-in attempts.
Your device is more susceptible to ransomware and viruses without the right security tools to help mitigate the chances of infection. Avoid the risk of a ransomware attack by employing a quality security solution like McAfee Total Protection. A holistic security solution can help you stay vigilant of cyber threats by monitoring for ransomware viruses in addition to malware and spyware. Security software can also monitor your internet connection and network traffic through regular scans to flag malicious activity and provide guidance on how to sidestep these threats. If a hacker attempts to launch an attack on your device, you can rest assured your security software will promptly alert you of the intrusion.
In addition to social engineering tactics, hackers will leverage vulnerabilities in software to create a back door through which they can infiltrate user devices. A way to keep cyber criminals out is to keep your software applications and devices up to date. This includes the apps on your mobile device as well as apps on your desktop. Regular updates ensure that the proper security patches are implemented, the right bugs are fixed and that hackers cannot exploit these vulnerabilities.
If worse comes to worst and your device is infected with ransomware, the first thing to do is isolate the device and disconnect from shared networks. Disconnecting the infected device ensures that ransomware cannot spread to other devices on that same network.
Immediately gather evidence on what type of malware you are dealing with so you can accurately report it to authorities and determine what your options are for remediation. You can then choose to remove it or wipe your system completely which is the most assured way to eliminate ransomware from your device. Afterwards you can reinstall your operating system and, provided you perform regular backups, restore your files to a previous version.
No one is truly out of the danger zone when hackers strike. Ransomware is on the rise, and online users must understand how to bypass these viruses to avoid the ramifications of a compromised device. By understanding online security best practices, users can safeguard their online presence and defend against ransomware threats.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 5 Ransomware Threats Canadians Need to Know appeared first on McAfee Blogs.
Believe it or not, the baby turns 3 today! And like with every three-year-old, there is a lot to watch out for.
Granted, when GDPR was born it was after a 2-year gestation (transition) period. What followed were many sleepless nights with the new baby when it was born on May 25, 2018; not to mention the sleepless nights in the run up to the birth. Some parents (organisations) were running around frantically trying to figure out what the heck was going on, few parents were over-prepared and some, well, some were coasting. We then hit the Terrible (Schrems) Two’s when tantrums prevailed (i.e. Privacy Shield held invalid) and we cut our first teeth (the first fines). And so, we find ourselves raising this rowdy toddler, who will no doubt create more life-altering changes when it hits teenage years! There is certainly more to follow…
All jokes aside, the privacy space has seen a lot of changes (ups and downs) in these last three years:
And it will continue to be interesting to work in this space:
And so, as this toddler finds its feet in the world, there is only one thing we can do to wish it along: sing together “Happy Birthday, GDPR!!!”
The post Happy Birthday GDPR! appeared first on McAfee Blogs.
In the wake of the Schrems II decision[1], and even more in the light of Friday’s Facebook ruling[2], the question on everyone’s mind is how to truly protect personal data from the prying eyes of national security agencies around the world. Despite detailed guidelines[3] issued in November 2020, in the absence of new definitive guidelines for transferring data across European borders[4], many are starting to wonder whether data localisation is the magic bullet to protect personal data.
The terms ‘data sovereignty’, ‘data residency’ and ‘data localization’ are a source of confusion for most people. They are effectively three degrees of a single concept: how data privacy impacts cross-border data flows. This subject has become increasingly important following the Schrems II decision and its requirement that organizations when processing personal data must ensure their privacy is not put at risk and subject to governmental surveillance when shared across borders.
Data residency refers to the country where an organisation specifies that its data is stored, usually for regulatory or policy reasons. A common data residency requirement example is for tax purposes: to prove an organisation conducts a greater portion of its business in a given country, it will put in place an infrastructure that requires a strict data management in order to protect its taxation rights.
Data sovereignty differs from data residency in that not only is the data stored in a designated location, but it is also subject to the laws of the country in which it is physically stored. This difference is crucial, as there will be different privacy and security requirements depending on where the data centres physically sit. From a legal perspective, the difference is important because a government’s data access rights vary from country to country.
Data localisation is the most stringent concept of the three, which is the reason why it is often referred to as “hard data localisation”. It requires that data created within certain borders stay within them and is almost always applied to the creation and storage of personal data, without exception. A good example is Russia’s On Personal Data Law (OPD-Law), which requires the storage, update and retrieval of data on its citizens to be limited to data center resources within the Russian Federation.
In the post-Schrems II world, some organisations have taken the view that the GDPR requires hard data localisation. The question is then whether such practices are realistic, and whether they offer similar privacy protection to that of the GDPR.
Data localisation runs counter to the principles of cloud computing (and the internet) – allowing the free flow of data for the greatest use. It is also potentially contrary to the principles of free movement of data under EU law[5]. The Internet is global and beyond the Internet, most companies operate in an integrated global environment, bearing in mind that “remote access by an entity from a third country to data located in the EEA is also considered a transfer.”[6].
The cost of operating a localised service must also be factored in, including support, engineering (e.g. development, debugging and maintenance), and backup (e.g. redundancy) costs. So, whilst the creation of local infrastructure may in the short-term imply jobs for local economies, the reality is that given there are often fully automated, the jobs and investment dividend may be short-lived.
Data localisation is also often touted as a mean to shield European citizen data from 3rd country government surveillance in particular US Government access under the CLOUD Act. While localisation does offer some protections (i.e. from transfer of data out of the territory), it does not automatically mean that data will be protected adequately in country. For example, data localisation does not mean that appropriate encryption standards are met, nor does it mean that there is no local surveillance – even in adequate countries[7].
You have probably heard of the Five EYES, Nine EYES, and Fourteen EYES Alliances. If not, these are all about intelligence sharing agreements. Initially, the Five Eyes Alliance arose out of the cold war era and was a pact between the United States and the UK aimed at decrypting Soviet Russian intelligence. By the late 1950s, Canada, Australia, and New Zealand also joined the Alliance. These five English-speaking countries are the Five Eyes Alliance. On top of this alliance, two other international intelligence-sharing agreements are publicly known: the Nine Eyes (Five Eyes + Denmark, France, Holland, Norway) and the Fourteen Eyes Alliances (Nine Eyes + Germany, Belgium, Italy, Sweden, Spain).
With this in mind, some companies argue, without evidence, that by doing business from a given jurisdiction, they are able to offer more adequate protection against surveillance. And without much surprise, not one country, even within the European Union, offers the same level of protection against surveillance, and the US’ surveillance activity isn’t much more extensive than other countries viewed as providing adequate protection.[8] Let’s take for instance the use of a VPN to protect privacy. Many providers argue that choosing a VPN outside the 5/9/14 Eyes countries may offer further protection.
The truth is once this very obvious statement is said, the question still remains wide open for many valid reasons. VPNs are international operations, meaning effectively, any organisation operating in a given country may be liable to that country’s law enforcement, whether by treaty, or by any other type of court orders. If a country does not have a general treaty and is not part of 5/9/14 eyes, there’s nothing stopping one country from putting political pressure on the other (sanctions, for example) to get what they want. Additionally, operating in a given country, for instance Panama, does not mean a country will refuse to cooperate with another country’s authorities, such as Canada.
There is little chance to find one country that is completely immune to data access laws in one way or the other, and nothing can stop one country from putting pressure on another one to obtain what it wants. That works for companies as well. For instance, Microsoft recently announced that it has “answered Europe’s call,”[9] but it cannot reject a request based on the CLOUD Act, and the compensation offered by Microsoft for a violation of the GDPR is not equivalent to the recourse to an available judicial remedy as requested under the Schrems II decision.
Now, once all of the above is said, it must be kept in mind that just because being anonymous is impossible, that you shouldn’t still try to protect your personal data as much as possible, or request companies to strictly comply with data minimization principles. All in all, governments would not have access to so much data if companies were not holding themselves so much data. Data minimization ends up being not only a good tool for increasing security, since attackers can’t steal what you don’t have, but also because it could potentially help people decrease the costs of data redundancy, storage, etc.
In 2020, the Internet Society penned a report on the implication of data localisation for cybersecurity that has much merit, and stated that “Cybersecurity may suffer as organizations are less able to store data outside borders with the aim of increasing reliability and mitigating a wide variety of risks including cyber-attacks and national disasters.”[10]
Data localization practices may harm cybersecurity services through the following facts:
This train of thought also applies to the selling of data to unsecure third parties within the same region or preventing unauthorised access to the data gained by third parties.
Some also argue that data localisation interferes with fraud prevention. For example, the inability to mirror data across several data centers can prevent the provider from seeing patterns and trends of fraud or other risks.
Data localisation may be presented by some as a magic bullet, but the complete implications are yet to be fully understood. Hence policies or commercial practices requiring forced data localisation must be thought through carefully as they can impact the free flow of data, can comprise the ability to scale platforms and services for global customers in addition to the many cybersecurity harms that may impact operational effectiveness.
Disclaimer: This blog reflects the authors’ personal opinions. Any statements, opinions, and any errors are the authors’ own and not those of McAfee. The statements in this blog do not constitute legal advice, and each company must determine for itself its obligations under all laws. Nothing herein establishes an attorney-client relationship.
[1] https://www.europarl.europa.eu/RegData/etudes/ATAG/2020/652073/EPRS_ATA(2020)652073_EN.pdf
[2] The EU-U.S. Data Transfer Problem Is Bigger Than Most People Realise (linkedin.com)
[3] Recommendations 2020/1 and 2020/2 of the EDPB – https://edpb.europa.eu/sites/default/files/consultation/edpb_recommendations_202001_supplementarymeasurestransferstools_en.pdf
[4] European Standard Contractual Clauses, available on https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
[5] The European Parliament considers “the free movement of data as the Fifth Freedom in the single market after the free movement of persons, goods, services and capital” – Morrison Foerster Client Alert “New EU Regulation to Strengthen the Free Movement of Data 06 Nov 2018” https://www.mofo.com/resources/insights/181106-eu-regulation-data-movement.html
[6] https://iapp.org/news/a/why-this-french-court-decision-has-far-reaching-consequences-for-many-businesses/
[7] For example, French surveillance laws authorises surveillance not only to combat terrorism and other criminal offences, but also to protect France’s major economic, industrial, and scientific interests.
[8] https://www.comparitech.com/blog/vpn-privacy/surveillance-states/
Canada is part of the 5 Eyes but has repeatedly demonstrated its commitment to free and unrestricted internet access and has strong protections for freedom of speech and press, and the government has expressed support for net neutrality. Iran is not part of any of the know alliances. However, VPN providers are required to request government approval before providing their services, and people accessing the international internet network using VPNs without such government approval risk up to 1 year of prison time.
[9] https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/
[10] https://www.internetsociety.org/resources/doc/2020/internet-impact-assessment-toolkit/use-case-data-localization/
The post Data Localisation – The Magic Bullet? appeared first on McAfee Blogs.
Data protection acts are regularly coming into force around the world and on July 1st 2021 it is the turn of South Africa, as the POPIA (Protection of Personal Information Act) will be enforced from that date. I caught up with David Luyt, Privacy Counsel at Michalsons in Cape Town to discuss what this means for South African consumers, businesses and IT teams.
Nigel: Must my organisation comply with POPIA?
David: Essentially, if you are domiciled in South Africa or you process personal information in South Africa, then you need to comply with POPIA. POPIA, unlike the GDPR, does not apply extraterritorially. Meaning that it only applies to organisations in South Africa.
Nigel: How can I find out more about the POPI Act?
David: Knowledge is Power. Having a high-level awareness of POPIA is crucial in helping you decide what your next steps are going to be. To learn more about the impact of POPIA on your organisation, take the Michalsons’ complimentary impact assessment for your specific organisation, read our insights on it, or watch our video.
Nigel: Who is the right person to be responsible for this?
David: Every organisation has an Information Officer by default and they are responsible for ensuring that the organisation complies with POPIA. However, the whole organisation needs to understand its responsibilities. Any employee that handles personal information, all systems that store and process that information and all 3rd party and cloud providers that are part of that data processing need to be reviewed and understand their responsibilities.
Nigel: What is the impact on my organisation?
David: You need to know the impact of POPIA on your specific organisation so that you can decide what the next best steps are.
Complying with POPIA is not a case of one size fits all. Different organisations need to take different actions to comply. For example, what a small enterprise (or SME) has to do is very different from what a medium or large-sized organisation has to do.
An organisation’s actions are also dependant on the foundations already built to protect personal information. Some organisations may have many safeguards in place while others are new to the issue.
Nigel: What are my organisation’s next steps?
David: At Michalsons we believe that data protection is like personal fitness – it takes time to get fit! To learn more, have a look at our top tips for data protection projects. And if you’re wondering ‘how much does data protection compliance cost?’ then we have the answer for that too!
Nigel: Which departments seem to need the most help understanding POPIA?
David: It would be unfair to single out a single group or department, but the adage “you cannot manage what you cannot see” is very true in this situation. Every organisation needs to know where its personal data is kept, how it is handled and make sure that all employees recognise the importance of the Act.
A lot of initial work falls to the IT department to find all the current data on employees, business partners and clients and to ensure that this data is kept secure – whether inside or outside the organisation.
As we discussed in our joint webinar, this includes reviewing all outsourcing and cloud services – when you share or pass data to other organisations you are STILL responsible for everything that happens to that data, so you need to review these providers and put in appropriate measures to make sure that the data handling policies are designed to conform to the Act.
Your document on mapping POPIA to Cloud Computing has some good ideas for IT people to review – and not just for cloud, but all data handling should be reviewed in a similar way.
Nigel: Thank you for your time.
David: My pleasure.
The post POPIA – July 1st Deadline Approaches For New South African Data Protection Act appeared first on McAfee Blogs.
Social media is a great place to connect with friends and family. Unfortunately, it is also a great place for misinformation to run rampant, and it is a virtual treasure chest for cybercriminals to steal personal information. Over 25 million Canadians own a social media account, and more than 80% of the Canadian population is expected to be on social media by 2025.
Check out this roundup of common social media scams so you can network intelligently, spot misinformation, and stop its spread.
The classic saying of “Don’t believe everything you see on TV” applies neatly to “Don’t believe everything you read on social media.” There is a resurgence of false news reports circulating on social media surrounding COVID-19 and the vaccine. For example, 5G aiding the spread of the virus and the preventive properties of garlic are just two of the rumors about COVID-19.
Misinformation leads to chaos and is a major threat to public health. Before you reshare a post or article, it is great to take a few minutes to digest the message, determine if it is true, and ask yourself if friends and family would genuinely benefit if they heard the news it carries.
There are a few tell-tale signs of fake news posts. First, they often try to inspire extreme emotions, such as rage and indignation, to prompt people to share immediately. Next, fake news reports are frequently poorly written and vague about where they received their information. Always try to find the primary source for “facts.” In the case of COVID-19 news, all health tips should be sourced from a licensed medical professional.
If you are ever in doubt about the facts, especially when they deal with public health, do not share the post. Instead, leave the reporting to trained medical professionals. Consult the World Health Organization and the Public Health Agency of Canada or direct your network to #ScienceUpFirst for the latest and most accurate reports about COVID-19 and the vaccine.
There was a recent data leak at Facebook, and the contents of about half a billion accounts were posted on a hacking website, including 3.49 million Canadian accounts. Hackers can get a lot of mileage out of just one social media profile because it contains all the greatest hits of information needed to verify an identity.
Most profiles list your real full name, birthday, your relationship status, your hometown, and contact information. Also, hackers can skim a user’s posting history to find even more personal details. Many social media users have posted at one time or another a “get to know you” post, where they list many revealing facts. These posts are a pot of gold to cybercriminals. They are basically lists of possible answers to security questions: Where did you go to primary school? What was the model of your first car? What is the name of your favorite stuffed animal?
Another recent trend that can make you vulnerable in case of a data leak is posting COVID-19 vaccine cards. Social media users are excited to share the big milestone of getting their first shot. What they might not realize is that vaccine cards contain vital personal information that could be used by malicious actors. There are alternative ways to share the happy news. Instead, post a picture of the fun bandage the nurse put on your arm or take a selfie outside of the vaccination center.
It is a shame that what you share on social media can be turned against you by cybercriminals, but that does not mean you have to stop sharing details about your life. Instead of posting personal details online that could be used maliciously in the event of a data leak, think about creating an exclusive email newsletter or secure group chat for your closest friends and family.
There is a major thrill when you think you have won something; however, if you receive a notification on social media that you have won a contest, reserve your excitement until you have confirmed its legitimacy. Be especially wary if you do not remember entering a contest.
Contest scams are a type of social engineering tactic used by cybercriminals. Social engineering relies on people’s tendency to trust others. Cybercriminals often capitalize upon extreme emotions, like fear, urgency, and in this case excitement, to trick unsuspecting people into hastily giving up sensitive information.
Phishing is also common in contest scams. Social media users may receive a message that they have won a giveaway and to click on a link to claim their prize. Luckily, easy-to-spot signs of a phishing message include poor grammar, misspellings, and a sense of urgency. Always approach these types of messages with caution. Instead of clicking on any of the links, hover your cursor over them to see where they redirect. If the redirect site URL is suspicious and contains misspellings, steer clear.
If you ever receive a notification on social media that you have won a prize, remain skeptical until you have verified the authenticity. Locate the organization’s official social media page (which you can likely find on their website), and direct message them for more details.
With all of these common scams floating about and waiting to strike, check out these tips to network safely.
The joy of social media is sharing your everyday life with your friends and family. It is fun to have dozens of people wish you a happy birthday on your profile, but consider removing the year of your birthday. Also, consider removing your phone number, home address, and email address from your profile. If a friend or family member wants to get in touch with you, they can personally direct message you. Cybercriminals can take your contact information and full birthday and use it to steal your identity, so it is best not to post it online.
While you may want to share the latest news with your networks, do not share information that you are not sure is true. According to Statistics Canada, only half of Canadians investigated the accuracy of COVID-19 social media posts before they reshared. Do your due diligence and be a part of the solution, not part of the problem.
Even if you are a diligent and intelligent social media user, there is a chance that you could accidentally click on a phishing link. In case this happens, you should have a backup plan to safeguard your devices and your personal information from viruses and malware. Protect your devices with a comprehensive antivirus program, such as McAfee Total Protection. You can rest assured that if you or a member of your family accidentally opens a malicious link, your devices will be safe.
The post Beware of Social Media Scams appeared first on McAfee Blogs.
Over the last 12 months, technology has featured in our lives in a way I don’t think any of us would have predicted. Whether you were in lockdown, choosing to stay home to stay well or quite simply, out of other option – technology saved the day. It helped us work and learn from home, stay connected with friends and family, entertain ourselves, shop and essentially, live our lives.
For many parents, this was a real ‘aha’ moment. A moment when technology went from being an annoying distraction to incredibly critical to the functioning of our day to day lives. Of course, many of us had always considered technology to be useful to help us order groceries and check Facebook but to experience first-hand that technology meant life could go on during a worldwide pandemic was a real game changer.
Whether it was downloading video calling apps like Zoom or Facetime, setting up a Twitter account to get updates from the Health Department, using Google Doc to work collaboratively or experiencing what online gaming really is via a few sessions on the Xbox, 2020 means many parents had to get up to date, real fast! And you know what – that’s a good thing! I’ve had so many parents remark to me that they know finally understand why their kids are so enamoured with technology. There really is nothing like walking in someone’s shoes to experience their world!
I’m a big believer in parents taking the time to truly understand the world in which their kids exist. For years, I’ve advised parents to download and use the apps and games their kids play so they can understand the attraction and complexity of their kids’ digital life. Well, it may have taken a global pandemic, but I am delighted to report that, anecdotally at this stage, more parents are now embracing their kids’ online world.
When we first become enamoured with something, we often enter the ‘honeymoon’ phase. As a married woman of 28 years, this was many years ago for me!! The honeymoon phase is when everything is wonderful and rosy, and negatives are not always considered. And our relationship with technology can be much the same. And I’ve been there – there’s nothing quite so wonderful as discovering a new app or piece of software and almost being joyous at just how transformational it could be for your life. And this often means we gloss over or even ignore the risks because we are in love!!!
So, as Cybermum, I’m here to cheer you on and pat you on the back for embracing and using new apps and software. Yes, I’m very proud! But I also want to share with you just a few steps that you need to take to ensure you are not taking on any unnecessary risks with your new favourite app. Here are my top tips:
1. Passwords
Every app, online account or piece of software needs it own individual password. Yes, I know that it is a real pain, but it is one of the most important things you will do to protect yourself online. I’m a big fan of password managers that not only generate the most incredibly complex passwords for each of your accounts but remember them for you. McAfee’s password manager, True Key, is a free option which has completely helped me manage my 80 plus collection of passwords!! Very grateful!
2. Software Updates
The main purpose of a software update is to protect the user from security threats. Yes, you may also get some new features and possibly have a glitch or 2 removed but it is all about the user’s safety. So, if you don’t update your software, it’s a little like leaving windows open when you go out. And the longer you leave between updates – the more windows you leave open!
So, automate these updates if you can or schedule them in your diary. Why not earmark the first day of the month to check and see what you need to download to protect yourself? And don’t forget about your operating system on your phone or laptop too!
3. Be Wi-Fi Wary
Dodgy wi-fi is where so many people come unstuck. Regardless of what app or software you are using, anything you share via unsecured wi-fi could be intercepted by a hacker. So, if you find yourself using wi-fi regularly, you might want to consider a Virtual Private Network or VPN. A VPN creates an encrypted tunnel so anything you share via Wi-Fi cannot be intercepted. Genius, really! Check out McAfee’s Safe Connect for peace of mind.
So, please keep going! Keep exploring new ways technology can work for you in our new COVID world. But remember to take a break too. There is no doubt that technology has saved the day and has ensure we can all still function but there must be a balance too. So, walk the dog, play a board game or having a cuppa outside. Remember you manage the technology; it doesn’t manage you!
Till next time
Stay safe online.
Alex xx
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How 2020 Helped Parents Understand Their Kids’ Digital Lives appeared first on McAfee Blogs.
Technological advancements continually emerge that make our lives easier. Right? As beneficial and convenient as emerging tech is, it can pose serious risks to our online safety and privacy—risks that you might find yourself ill-prepared to handle. In fact, according to our 2021 Consumer Security Mindset research, 45% of Canadian respondents don’t feel very confident about their ability to prevent a cyberattack and believe that they don’t have what they need to ward one off.
With many of us turning to online platforms for things we used to do in-person, activities like banking, shopping, taxes, and more, the need for broader online privacy protection has never been greater. As we continue to integrate technology into our everyday lives, we must learn to recognize the risks they pose and understand how to safeguard our online security.
Telehealth visits have opened the door for many to get the medical care they need when visiting the doctor or going to the hospital isn’t feasible. Digital health platforms have demonstrated many benefits for optimizing time and cost efficiencies for both patients and providers, but at what cost?
Despite efforts to address barriers to virtual healthcare adoption, Canada currently lacks a national framework for governing virtual care. As a result, many healthcare providers are left to act on their best judgements regarding patient data interoperability across provinces and providers. The lack of a pan-Canadian governance framework also makes it difficult for digital health platforms to operate with the assurance of certain security protocols, leaving many of us to wonder how to best protect our data in the face of an ambiguous virtual healthcare system. The risk is made all the more severe when factoring in sensitive biometric data from monitoring devices that can be used for malicious purposes when in the hands of cyber attackers. Those of us who take advantage of digital health devices must understand how to secure our data privacy and control its usage to mitigate further risks.
The first line of defense to ensure your data remains protected is to understand the security policies put in place by your healthcare provider and any third-party digital platforms that they leverage. Additionally, you’ll want to ensure that your healthcare provider uses a telehealth platform that integrates data encryption. Take matters into your own hands by enabling two-factor authentication and use strong passwords across all devices and accounts. Using a VPN and running anti-malware and anti-virus scans can also mitigate the risk of security threats during telehealth visits and while using integrated medical devices.
Student privacy is a top concern as households turn to remote learning. In a rush to optimize remote learning experiences in the face of a rapidly evolving digital landscape, many educators and remote learners may not realize the hazards that put student privacy at risk.
We’re almost a year into distance learning and schools have now adopted a range of technologies to optimize the digital classroom, including virtual learning platforms, holistic learning solutions, and even social media applications. However, many of these digital platforms are not designed for child usage, nor do they have privacy policies in place to ensure that the student data gathered is protected. Many learning platforms may even treat student data as consumer data, raising more red flags regarding student data privacy and compliance. Online learning has also garnered the attention of cybercriminals looking to exploit student data, resulting in online bullying, identity theft, and more.
For educators and parents alike, knowledge is the greatest asset to mitigating the risks of remote learning. IT teams and educators must understand the implications of the student data they collect, govern access to it, and control its usage to comply with child privacy regulations. Parents can take proper precautions by discussing the importance of privacy with their children. Keeping learning platforms up to date and monitoring their children to prevent them from downloading suspicious apps or straying to unknown websites are all ways to ensure safer remote learning environments.
Remote work has become commonplace nowadays as more companies permit their employees to work from home long-term and, for some, permanently. Given the abrupt shift to remote workplaces in the past year, companies have found themselves severely unprepared to handle the security and logistical concerns that accompany a distributed remote workforce.
In a recent Fenwick poll among HR, privacy, and security professionals across industries, approximately 90% of employees now handle intellectual property, confidential, and personal information in their homes. Endpoint security, or the protection of end-user devices such as our laptops and mobile devices, poses more of a concern as employees trade in office networks for their in-home Wi-Fi. If these devices and networks are unsecured or if the data is not encrypted, employees run the risk of exposing sensitive information to hackers. A lack of proper employee security training opens additional opportunities for online threats to take advantage of unsuspecting victims through common phishing scams.
Those of us working from home can help ensure the safety of our company’s confidential information by boosting our awareness of security threats and prevention measures via company-mandated security trainings. Additionally, we can promote a safer remote working environment by practicing basic digital hygiene like keeping all devices and software up to date, using a VPN and a strong password across devices.
With the limited availability of in-person exercise classes, many of us have turned to virtual fitness experiences to augment our personal health regimens. Some have even taken their fitness routines one step further to include and high-tech equipment like at-home spin bikes or other wearable devices to track and monitor progress.
Although these devices create a more engaging experience and connect users across the globe through online sharing, there are risks, too. Wearables and other devices embedded with sensors and software that collect and share data across an interconnected network are considered Internet of Things (IoT) technology. IoT devices don’t have the same stringent security protocols as laptops and mobile devices, making them more susceptible to cyberthreats.
To prevent cyber attackers from infiltrating IoT devices connected to your home network, start by securing your network router. Change the default name and password of your router so hackers can’t identify the make and model. Create an additional layer of security by enabling the highest level of encryption to secure your Wi-Fi network. We also suggest creating a guest network for your IoT devices so that even if someone does infiltrate your IoT device, they won’t be able to access other devices like laptops and mobile devices.
Some of the platforms I use the most allow me to keep track of and manage my finances. Whether it’s my mobile banking app or taking advantage of online tax filing, there is such a convenience in having the ability to pay bills, deposit checks, and more, all with the devices I use every day. But many of us may not realize just how much trust we put into these platforms to protect our online privacy, especially when we don’t have a clear picture of who exactly is on the other end of our online transactions.
While recognizing the signs of online banking and tax-related fraud helps ease the burdens associated with these schemes, there are multiple steps users can take to prevent becoming a victim of these scams in the first place. If you receive a call regarding your taxes, make sure the caller is a CRA employee before handing over money or personal information on the phone. You can also double-check your tax account status and make sure the CRA has your current address and email. This will also show whether you owe a balance if a hacker does try to trick you into paying up. By being mindful of how cybercriminals take advantage of the platforms we use out of convenience, we can better protect against threats to our personal privacy.
Digital devices are part of how we live our lives every day, whether we’re taking conference calls on our laptops, tracking the latest mile on our smartwatches, or banking on the go. Although our everyday digital devices make our lives that much more convenient, securing them makes our lives that much safer by minimizing online threats to ourselves and those around us. Safeguarding the digital platforms we use for work, school, fitness, you name it, is the first step to ensuring our private information remains just that—private.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Privacy in Practice: Securing Your Data in 2021 and Beyond appeared first on McAfee Blogs.
I’ve had such a busy morning! I’ve hunted down my favourite foundation, bought a puzzle mat, stocked up on special dog food for our naughty new puppy, ordered the groceries, made a few appointments and chatted with several friends. And guess what? I haven’t left my study – or changed out of my pyjamas!! Ssshhh!! Because it’s all happened online…
Of course, some of us embraced the benefits of the online world long before 2020 but the Pandemic forced almost everyone to replace our in-person activities and routines with online ones. New research from McAfee in their 2021 Consumer Security Mindset Report shows that 72% of Aussies made changes in their online activities last year out of convenience which makes complete sense!
But what’s so interesting is that now we have these super handy new online routines in place – we aren’t that keen to give them up! McAfee’s report shows that 76% of Aussies are planning on continuing with online banking, 59% of us want to keep connecting with friends and family online and 55% of us remain totally committed to online shopping! Hear, hear, I say! I am absolutely staying that course too!!
There’s no doubt that there is a lot of upside to managing our lives online but unfortunately there is also a downside – increased risk! The more time spent online, the greater the chance that we will be exposed to potential risks and threats such as phishing attacks, entering details into malicious websites or even becoming a victim of fraud.
McAfee’s research shows that we are aware of the risks of being online. In fact, 66% of us are concerned about the potential dangers of living our lives online with losing control of our financial data top of the list for the majority of us. And almost 2/3 (65%) of us are also worried about having our social media accounts hacked.
But pandemic life has meant that we are now a lot more comfortable with sharing information online. Whether it’s paperless transaction records, text and email notifications, opting to stay logged in or auto-populating forms with our credit card, this level of online sharing does make life so convenient but it can be a risky business! Why, I hear you ask? Because these conveniences usually only work when you share multiple pieces of your contact details. And the more you share, the greater your chance of being hacked or compromised. But the report was very clear – if we can make our online life more seamless then we are only too happy to share our key contact information! Oh dear!!
In addition to confessing that they don’t always take the necessary security precautions, Aussie consumers in McAfee’s report also admitted that they haven’t thought about why hackers might want their data. I don’t know how many people tell me that they don’t need to really bother with a lot of online precautions because they live a pretty boring life and don’t spend that much time online.
But this is a very dangerous way to think. Your online data is like a pot of gold to hackers. Not only can they use it to possibly steal your identity and try to empty your bank accounts but they can also on-sell it for a profit. But the majority of Aussies don’t stop to consider this with the research showing that 64% of Aussies have never considered just how valuable their online data is worth.
Hackers are ALWAYS on the lookout for new ‘up-to-date’ ways to exploit others for money. Don’t forget how quick they were to conjure up scams around COVID in early 2020 – it was just a matter of weeks before Aussies received phishing emails and malicious text messages with the aim of extracting personal information from vulnerable consumers.
But, encouragingly, 85% of Aussies said they would be far more proactive about managing their data if it could be traded as a currency.
The good news is that there are ways to secure your online life and minimise the risk of being hacked. Here are my top tips:
Yes, it might take a minute or 2 more, but using multi-factor authentication is an easy way to add an additional layer of security to protect your personal data and information. Commit to using it wherever it is offered!
If you live your life out & about like I do then you’ll be very tempted to use Wi-Fi. Using public Wi-Fi to conduct transactions, particularly financial ones is a big no-no! It takes keen hackers minimal effort to set up a fraudulent wi-fi service which could easily fool a busy person into connecting. Using a Virtual Private Network (or VPN) like McAfee® Safe Connect, is the best way of ensuring everything you share over Wi-Fi is safe and secure.
Browsing the internet with a tool like the McAfee WebAdvisor is a great way of ensuring dangerous malware is blocked if you click on a malicious link in a phishing email. You’ll have real peace of mind knowing you can manage your online life while someone looks out for you!
With 4 kids, 3 pets, 2 jobs – I know I could never get to the bottom of my ‘to-do’ lists without managing the bulk of it online. I often think I should send the internet an e-card at Christmas!! Of course, I understand why corners are cut and precautions are overlooked when we all feel so stretched for time. But just think about how much more time it would take if you were hacked and had to spend hours on the phone to your bank or if you had to reconfigure all your online accounts and social media platforms!!
So, you know what you need to do! Stay safe online everyone!
The post How 2020 Has Shaped The Way We Live Our Lives appeared first on McAfee Blogs.
Meet ShinyHunters, a hacker who recently leaked 10 new databases this past month from companies including:
• Pixlr.com
• Bonobos.com
• Wognai.com
• Tesspring.com
• Tunedglobal.com
• Buyucoin.com
• Wappalyzer.com
• Chqbook.com
• Rooter.io
• MeetMindful.com
But this isn’t the first time they’ve made headlines. It all started in May of 2020 when ShinyHunters attempted to sell several stolen databases on the Dark Web. They also leaked several other databases between April and July. In October, they proceeded to leak the database of the meal kit delivery company, HomeChef. Not one to be easily satisfied, ShinyHunters continued their antics by exposing sixteen other databases in November, where personal user records and information were publicly shared. Prominent companies who fell victim to this wave of data breaches include gaming site Animal Jam, online marketplace Minted, and coupon company ShopBack, among others.
Personal data released ranges from contact information and addresses, dates of birth, passwords, and financial information. Not including the latest data breach, a total of 129,406,564 user records were exposed. Given the alarming size of the exposure, this gives way to rising concerns for when ShinyHunters will strike again. What’s more, this group seeks notoriety from their misdeeds, hoping to claim credibility for the number of attacks they can execute—a troubling thought for everyday users like you and me.
You never know when or if a breach will occur, which is why we must take precautions to protect our data in the case of a security breach. In the past year alone, we have seen a record number of data breaches, posing unforeseen security concerns and bringing light to new priorities for data protection. That’s why we must learn from these occurrences by proactively protecting our private information in 2021 and beyond.
There’s no way of knowing whether your personal information will fall into the wrong hands or that it will be used maliciously, but ShinyHunters has indicated that they are on the lookout for opportunities to expose more databases, so we must take the necessary steps to protect our personal information before the damage is done.
Not knowing what data was stolen can make it significantly more difficult to pinpoint what threats you may become subject to. If you realize a company you buy from fell victim to a data breach, start investigating. Use this tool to see if the breach affects you.
Great passwords are usually the first line of defense against personal data exposures, so it’s important to update them as soon as they are compromised. Additionally, use different passwords or passphrases for each of your online accounts which helps protect the majority of your data if one of your accounts becomes vulnerable. One route you can take is to use a password manager that not only lets you create strong passwords but can let you manage them efficiently with added security and peace of mind.
On top of updating your credentials, you’ll want to secure your log-in process by enabling 2-Factor Authentication. So, if a hacker has access to your stolen passwords, they’ll still have to bypass an added security layer that is time sensitive. This makes it even more difficult for them to access your information.
Like regular phishing attempts, spear-phishing attempts will try to steal your information by posing as an authentic entity to target unsuspecting victims. However, spear phishing attempts can be harder to spot because the attempt is modified to target a specific individual, often in the form of a personalized email. If you receive an email, call, or text asking you to download software, app, or pay a certain amount of money, do not click or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If you find that your credit card information has been exposed, keep an eye on your bank records and validate each transaction. In the above cases for a site like MeetMindful, where Facebook authentication tokens and user IDs were stolen, it’s always best to keep an eye on other social accounts for fraudulent activity.
For maximum financial protection, freeze your credit to prevent hackers from opening new accounts in your name. Placing a freeze on your credit is free for consumers and won’t affect your credit score. Simply contact the three major credit bureaus—Equifax, Experian, and TransUnion—to set up a freeze to secure your credit file until you decide to lift it.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post ShinyHunters Exposes Over 125 Million Online Credentials appeared first on McAfee Blogs.
A couple of days ago, I have been asked whether, notably thanks to the GDPR[1] and the CCPA[2], we were seeing as professionals, a standardization in negotiations governing privacy terms.
Alas, we have possibly never been so much away of such harmonization. 128 out of 194 countries have put in place legislation to secure the protection of data and privacy. And despite the existence of initiatives to develop tools able to harmonize compliance with legal, security and regulatory requirements, privacy is still much of a grey zone.
From the EU’s standpoint, and regardless of the fact that the GDPR is seen as one of the most, if not the most sophisticated regulation in terms of protection of personal data, Mr. Schrems and the European Court of Justice (“ECJ”) are both playing a bit with the nerves of thousands of privacy professionals.
For those who do not know Mr. Schrems, Maximilian is an Austrian privacy activist. As a privacy law student in 2011 at the Santa Clara University, he met a Facebook representative who explained to the students that Europeans had many privacy rights in the EU but were however not doing much to protect them. The words didn’t fall on deaf ears and by 2015, Max had brought a case against Facebook, and achieved to get the Safe Harbor (the then used as a mechanism to transfer personal data to the United States) invalidated[3]. The Safe Harbor was replaced by the Privacy Shield, which – together with European Standard Clauses (“SCCs”) – were suspected of not being able to sufficiently protect European rights against US massive surveillance.
As you may have heard, on 16 July 2020[4], the Privacy Shield has been invalidated. The SCCs are still valid, but not sufficient per se. Following the Schrems II Decision, the European Commission issued some 22 pages of recommendations for the transfer of personal data outside the European Union[5] and the set of happy few countries considered as providing adequate protection, as well as a new draft set of SCCs[6].
So, what’s next for us? Below are a couple of answers to help you out navigating through 2021.
No grace period was provided by the ECJ: the consequences are applicable since 16 July 2020 and companies who used to rely on the Privacy Shield had to immediately stop using that mechanism and replace with the SCCs.
No, SCCs are no longer enough on their own: companies need to assess on a case by case basis whether the laws of the recipient country offer enough protection AND where they don’t, they must include supplementary measures. In addition, if supplementary measures are not possible or insufficient, the parties must suspend, or end transfer OR the transfer must be suspended or ended by the data protection authority.
No – a simple update of the SCCs will not be enough. SCCs “are not capable of binding the authorities of that third country, since they are not party to the contract.” [7]. Hence, the requirement of implementing technically-enforced supplementary measures.
It’s expensive and it could jeopardize your business since the Data Protection Authority may request to stop the transfer[8]. In terms of fines provided by the GDPR, we are talking about €20 million or 4% of their global turnover, whichever is greater[9].
Yes- lack of corporate changes may constitute “willful blindness to a course of action” or “reckless conduct by knowing of the risk but doing nothing.”[10] This opens Board members and senior executives to potential personal and criminal liability.
No – that will not be enough. Encryption only protects data in transit and in storage, and anonymization is not recognized as existing by the European Data Protection Board (“EDPB”). Technically-enforced Supplementary Measures are required[11].
Anonymisation is very difficult to very difficult to achieve without deleting important value, and the new requirements under Pseudonymisation entails that the processing of personal data must be accomplished in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, which must be kept separately; and subject to technical and organisational measures able to ensure that the personal data cannot be attributed to identifiable persons without requiring access to the separately and securely stored “additional information.”
Two types of transfers have been designated as unlawful by the EDPB:
The only option to render those as lawful is to provide for encryption.
Companies need to evaluate what combination of SCCs, Additional Safeguards, data residency and Data Protection by Design and by Default will enable the continued success of business by fostering balanced protection of privacy, as well as legal and contractual trust in the use of technology and in the responsible, protected collection and processing of people’s data.
[1] General Data Protection Regulation 2016/679
[2] California Consumer Privacy Act, AB-375
[3] “Maximillian Schrems / Data Protection Commissioner”, decision 2000/520/CE, Case C-362/14
[4] https://edpb.europa.eu/sites/edpb/files/files/file1/20200724_edpb_faqoncjeuc31118_en.pdf
[5] Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data. https://edpb.europa.eu/sites/edpb/files/consultation/edpb_recommendations_202001_supplementarymeasurestransferstools_en.pdf
[6] The draft SCCshttps://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12741-Commission-Implementing-Decision-on-standard-contractual-clauses-for-the-transfer-of-personal-data-to-third-countries
[7]http://curia.europa.eu/juris/document/document.jsf?text=&docid=228677&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=9745404 paragraph 125.
[8]http://curia.europa.eu/juris/document/document.jsf?text=&docid=228677&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=9745404 paragraph 121, 135, 146, 154 and 203(3)
[9] See GDPR Article 83(5)(c).
[10] https://normcyber.com/advisory-note/data-protection-directors-personal-liability/
[11] See EDPB Guidance at : https://edpb.europa.eu/sites/edpb/files/consultation/edpb_recommendations_202001_supplementarymeasurestransferstools_en.pdf
[12] Ibid.
The post Schrems II – A few Things to Keep in Mind! appeared first on McAfee Blogs.
One of the positive trends that we’ve seen in recent years is governments and users pressuring companies to simplify their privacy policies and security settings. This comes after a slew of concerning incidents, such as widespread data breaches and data sharing by social media companies.
The spotlight on these issues is beginning to take effect, as Facebook’s latest “Access Your Information” tool shows, and users are feeling more empowered. Furthermore, in November 2020, Californians voted in favor of the new California Privacy Rights Act to strengthen privacy protections for consumers. This is also reinforced by more and more states and countries considering or debating the introduction of comprehensive privacy legislation.
In fact, a recent study found that 71% of respondents checked their social media platform’s advanced privacy settings when they joined. This is great progress, but we can do more. We know from our research that only 39% of users make sure the site or service they’re using is legitimate, and a mere 12% use a dark web monitoring service. This year’s International Data Privacy Day, January 28th, is the perfect opportunity to make sure that your sensitive information stays as safe as possible.
The data we are looking to protect, known as Personal Data or Personally Identifiable Information (PII), can be anything that relates to your identity. And although many technology users feel that protecting this information is beyond their control, we actually have a lot of simple and effective ways to safeguard our PII. So, let’s start this new year by owning our privacy with a closer look at our social media accounts.
After all, we take pains to safeguard our finances, and the personal data we share on social channels is similar: it has value, and it’s up to us to make sure we take the right steps to keep it protected. Security tools like antivirus software and password managers help enormously in boosting our overall security, but when it comes to social media in particular it’s essential to know what kind of data we’re generating, and how it is used and shared.
First we need to recognize that where we click, “like” and login, all leave a digital footprint that can be used to reveal more about your identity and habits than you would think. For example, just using Facebook, Amazon, or Google to login to third-party sites generates an enormous amount of information about where you go and what you do. Many users choose this route because it is easier than creating and remembering passwords to each individual site.
Another way your data gets scattered around is through sharing—whether you intentionally post on social media sites, or use a website, app, or service that permits third-party access of user information. Many users unwittingly agree to this access because it’s buried somewhere in a thick privacy policy.
Now that we know a little more about how your PII gets out, let’s learn how to protect it.
Avoid oversharing—When it comes to social media accounts, set them to share with “friends only.” This should give you some control, but it’s also important to realize that your photos and data can still travel beyond your immediate network, so our best advice is not to post anything you wouldn’t want a future boss to see, for example.
For your other sensitive accounts, check to see which information is being shared, and with whom. If you’re not comfortable with the terms, you can decide to opt out, or close your account.
Check for linked logins—If you use your Facebook or Google login credentials to log in to other accounts, it’s a good idea to revise the list of sites that have access to your information and pare it down. In many cases you may have visited a site just once, and there is no reason for the third-party site to hold onto your data. Delete the linked information by visiting the website you used to login in the first place, and create unique login credentials for the sites you visit frequently.
Keep a careful eye on your apps—Mobile apps have become a key vector for hackers, so you want to make sure that you only download and install apps from reputable providers that have positive reviews.
For the apps that are already on on your phone or tablet, check the security settings to see if they are accessing more information than they need to work properly. For instance, a mapping app needs your exact physical location, but a gaming app may not. McAfee® Mobile Security can safeguard your devices from malicious files, and help prevent you from oversharing data with apps.
Lose what you don’t use—If you have accounts for apps or services that you no longer use, it’s time to get rid of them. This prevents them from potentially leaking your information in the future. Just remember that deleting an app doesn’t mean that your data is deleted. For that, you’ll need to close your account.
For the apps you want to keep, make sure they are updated, since updates often contain security fixes. You may also want to recheck the settings to ensure that your data is only being shared if you explicitly allow it.
Let tech tools help—Of course, I always recommend that you download security software, and a holistic solution like McAfee Total Protection includes dedicated privacy tools, like a virtual private network (VPN), which scrambles your data while it flows over the network, ensuring that no one else can see it. It also includes safe browsing tools to keep you safer from malicious sites and downloads, and dark web monitoring to help you keep tabs on your personal data.
McAfee also recently released a personal protection app (in beta) that monitors the dark web to see if your login credentials have been leaked. If so, it alerts you, so you can change your passwords immediately. It also includes a VPN.
Be careful where you click—Even the most savvy users can still accidentally click on a dangerous link, so consider using the free McAfee® WebAdvisor to alert you to risky links and downloads that may be hiding in your newsfeeds and timelines, before you click on them.
Stay aware of the latest scams—Part of owning your privacy includes staying informed about the latest threats. These blogs are a great resource.
This Data Privacy Day make a resolution to take back control of your personal information, and help others do the same. For more information visit the National Cyber Security Alliance.
Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.
The post This Data Privacy Day Own Your Privacy, Even On Social Sites appeared first on McAfee Blogs.
This post was also written by Darragh McMahon
At McAfee, we adhere to a set of core values and principles – We Put the Customer at The Core, We Achieve Excellence with Speed and Agility, We Play to Win or We Don’t Play, We Practice Inclusive Candor and Transparency.
And reaching the ISO 27701 enshrines all of these values.
For those who are not familiar with it, the ISO 27701 is the industry leading certification for information security & privacy management. Achieving the ISO 27701 certification demonstrates that McAfee is able to protect personal data, thanks to a multidisciplinary effort coupled with cross-functional expertise. Because yes, We Play to Win or We Don’t Play.
Over the past years, and all around the world, lawmakers and regulators have been and continue to introduce new laws governing the processing of personal data (such as those adopted in Australia, Brazil, Singapore and Canada) -the GDPR and the CCPA are only few of these. This changing legal environment raises challenges for all businesses, but especially those that must comply globally with regulations in multiple jurisdictions. Compliance to requirements and controls of ISO 27701 is relevant to support the fulfillment of obligations to articles 5 to 49 (except 43) of the GDPR. The application of the ISO 27701 standard can also be used for supporting compliance with other data privacy laws. Because yes, We Practice Inclusive Candor and Transparency.
The ISO 27701 Standard has been published in August 2019, and all companies, whether vendors or customers, should look into it. At the time of certification by McAfee’s assessment firm[1], McAfee is one of the very first companies to achieve the certification within the cyber-security industry. Because yes, not only do We Achieve Excellence with Speed and Agility, but We also Put the Customer at the Core.
Key requirements include, but are not limited to:
McAfee’s ISO 27701 certificate, along with its other certificates, is publicly available at trust.mcafee.com/privacy-compliance
[1] Schellman, December 2020
The post McAfee Welcomes its ISO 27701 Certificate! appeared first on McAfee Blogs.
I’m pleased to report that I’ve achieved a number of personal bests in 2020 but the one I’m most proud about is my achievement in the highly skilled arena of online shopping. I’ve shopped online like I’m competing in the Olympics: groceries, homewares, clothing – even car parts! And my story is not unique. Living with a pandemic has certainly meant we’ve had to adapt – but when it came to ramping up my online shopping so we could stay home and stay safe – I was super happy to adapt!
And research from McAfee shows that I am not alone. In fact, over 40% of Aussies are buying more online since the onset of COVID-19 according to the 2020 Holiday Season: State of Today’s Digital e-Shopper survey. But this where it gets really interesting as the survey also shows that nearly 1/3 of us (29%) are shopping online 3-5 days a week, and over one in ten consumers (11%) are even shopping online daily!! But with many online retailers offering such snappy delivery, it has just made perfect sense to stay safe and stay home!
With just over a month till Santa visits, it will come as no surprise that many of us are starting to prepare for the Holiday season by purchasing gifts already. Online shopping events such as Click Frenzy or the Black Friday/Cyber Monday events are often very compelling times to buy. But some Aussies have decided they want to get in early to secure gifts for their loved ones in response to warnings from some retailers warning that some items may sell out before Christmas due to COVID-19 related supply chain issues. In fact, McAfee’s research shows that 48% of Aussies will be hitting the digital links to give gifts and cheer this year, despite 49% feeling cyber scams become more prevalent during the holiday season.
McAfee’s research shows very clearly that the bulk of us Aussies are absolutely aware of the risks and scams associated with online shopping but that we still plan to do more shopping online anyway. And with many of us still concerned about our health and staying well, it makes complete sense. However, if there was ever a time to take proactive steps to ensure you are minimizing risks online – it is now!
McAfee’s specialist online threat team (the Advanced Threat Research team) recently found evidence that online cybercrime is on increase this year, with McAfee Labs observing 419 threats per minute between April to June 2020 – an increase of almost 12% over the previous quarter.
And with many consumers gearing up to spend up big online in preparation for the Holiday season, many experts are worried that consumers are NOT taking these threats as seriously as they should. McAfee’s research showed that between April to June 2020, 41% of 18-24 year olds have fallen victim to an online scam and over 50% of the same age group are aware of the risks but have made no change to their online habits.
At the risk of sounding dramatic, I want you to channel your James Bond when you shop online this holiday period. Do your homework, think with your head and NOT your heart and always have your wits about you. Here are my top tips that I urge you to follow to ensure you don’t have any unnecessary drama this Christmas:
Click on random, unsafe links is the best way of falling victim to a phishing scam. Who wants their credit card details stolen? – no one! And Christmas is THE worst time for this to happen! If something looks too good to be true – it probably is. If you aren’t sure – check directly at the source – manually enter the online store address yourself to avoid those potentially nasty links!
This is a no-brainer – where possible, turn this on as it adds another lay of protection to your personal data and accounts. Yes, it will add another 10 seconds to the log-in process but it’s absolutely worth it.
If you have a VPN (or Virtual Private Network) on your laptop, you can use Wi-Fi without any concern – perfect for online purchases on the go! A VPN creates an encrypted tunnel between your device and the router which means anything you share is protected and safe! Check out McAfee’s Safe Connect which includes bank-grade encryption and private browsing services.
Ensuring all your devices are kitted out with comprehensive security software which will protect against viruses, phishing attacks and malicious website is key. Think of it as having a guardian cyber angel on your shoulder. McAfee’s Total Protection software does all that plus it has a password manager, a shredder and encrypted storage – and the Family Pack includes the amazing Safe Family app – which is lifechanging if you have tweens and teens!
So, yes – please make your list and check it twice BUT before you dive in and start spending please take a moment to ask yourself whether you are doing all you can to minimise the risks when online shopping this year. And don’t forget to remind your kids too – they may very well have their eye on a large gift for you too!
Happy Christmas Everyone
Alex xx
The post Christmas Shopping 2020 appeared first on McAfee Blogs.
Video conferencing has really taken off this year. With more people working and learning from home than ever before, video calling has rapidly become the mainstream method for remote communication, allowing users to stay connected. But very few may realize that they might be giving away their passwords on video calls through their body language. According to Tom’s Guide, call participants can guess a user’s passwords through the arm and shoulder movements they make while they type.
Let’s unpack how this threat works so you can continue to connect via video calls worry-free.
Keyboard snooping, or a keyboard interference threat, occurs when an attacker is present on a video call and observes the target’s body and physiological features to infer what they are typing. To pull off this attack, the hacker would need to record the meeting or video stream and feed it through a computer program. This program eliminates the visual background and measures the user’s arm and shoulder movements relative to their face. From there, the program analyzes the user’s actions to guess which keys they are hitting on the keyboard – including passwords and other sensitive information.
So, how accurate is this program, anyway? While this shows that the program was only correct 20% of the time when subjects were on their own devices in an uncontrolled environment, the program’s accuracy increased to 75% if their password was one of the one million most commonly used passwords. And suppose the program already knew their email address or name. In that case, it could decipher when the target was typing this information during the video call (and when their password would immediately follow) 90% of the time. The less complex the target makes their password, the easier it is for the program to guess what they’re typing.
Keystroke inference attacks can have potentially dangerous effects, since the text typed can often contain sensitive or private information even beyond passwords, like credit card numbers, authentication codes, and physical addresses. It’s also important to note that any video conferencing tool or videos obtained from public video sharing/streaming platforms are susceptible to this attack.
Therefore, to prevent your meeting attendees from snooping on what you’re typing, follow these tips for greater peace-of-mind:
Avoid giving keyboard snoopers the upper hand by making your password or passphrase as unique as the information it’s protecting. If a hacker does manage to guess your password for one of your online accounts, they will likely check for repeat credentials across multiple sites. By using different passwords or passphrases for your online accounts, you can remain calm and collected knowing that the majority of your data is secure if one of your accounts becomes vulnerable.
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by criminals who may have uncovered your information by keyboard snooping.
Take your security to the next level with a password manager, like the one included in McAfee Total Protection. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords, and log you on to websites automatically.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Prevent Keyboard Snooping Attacks on Video Calls appeared first on McAfee Blogs.
2020 has certainly been the year for online entertainment. With many Aussies staying home to stay well, the internet and all its offerings have provided the perfect way for us all to pass time. From free movies and TV shows to the latest celebrity news, many of us have devoured digital content to entertain ourselves. But our love affair with online entertainment certainly hasn’t gone unnoticed by cybercriminals who have ‘pivoted’ in response and cleverly adapted their scams to adjust to our insatiable desire for content.
Cybercriminals are fully aware that we love searching for online entertainment and celebrity news and so devise their plans accordingly. Many create fake websites that promise users free content from a celebrity of the moment to lure unsuspecting Aussies in. But these malicious websites are purpose-built to trick consumers into sharing their personal information in exchange for the promised free content – and this is where many come unstuck!
McAfee, the world’s leading cybersecurity company, has researched which famous names generate the riskiest search results that could potentially trigger consumers to unknowingly install malware on their devices or unwillingly share their private information with cybercriminals.
And in 2020, English singer-songwriter Adele takes out the top honours as her name generates the most harmful links online. Adele is best known for smashing the music charts since 2008 with hit songs including ‘Rolling in the Deep’ and ‘Someone Like You’. In addition to her award-winning music, Adele is also loved for her funny and relatable personality, as seen on her talk show appearances (such as her viral ‘Carpool Karaoke’ segment) and concert footage. Most recently, her weight-loss and fitness journey have received mass media attention, with many trying to get to the bottom of her ‘weight-loss’ secrets.
Trailing Adele as the second most dangerous celebrity is actress and star of the 2020 hit show Stan ‘Love Life’ Anna Kendrick, followed by rapper Drake (no. 3), model and actress Cara Delevingne (no. 4), US TikTok star Charli D’Amelio (no. 5) and singer-songwriter Alicia Keys (no. 6). Rounding out the top ten are ‘Sk8r Boi’ singer Avril Lavigne (No. 7), New Zealand rising music star, Benee (no. 8), songstress Camila Cabello (no. 9), and global superstar, singer and actress Beyonce (no. 10).
Whether it was boredom or the fact that we just love a stickybeak, our love of celebrity news reached new heights this year with our many of us ‘needing’ to stay up to date with the latest gossip from our favourite public figures. Adele’s weight-loss journey (no.1), Drake’s first photos of ‘secret son’ Adonis (no. 4), and Cara Delevingne’s breakup with US actress Ashley Benson (no. 5), all had us Aussie fans flocking to the internet to search for the latest developments on these celebrity stories.
With many of us burning through catalogues of available movies and TV shows amid advice to stay at home, new release titles have definitely been the hottest ticket in town to stay entertained.
Rising to fame following her roles in ‘Twilight’ and musical comedy ‘Pitch Perfect’, Anna Kendrick (no. 2) starred in HBO Max series ‘Love Life’ which was released during the peak of COVID-19 in Australia, as well as the 2020 children’s film ‘Trolls World Tour’. R&B and pop megastar Beyonce (no. 10) starred in the 2019 remake of Disney cult classic ‘The Lion King’ and released a visual album ‘Black Is King’ in 2020.
While live concerts and festivals came to a halt earlier this year, many of us are still seeking music – both old and new – to help us navigate these unprecedented times. In fact, musicians make up 50% of the top 10 most dangerous celebrities – hailing from all genres, backgrounds and generations.
Canadian rapper Drake (No. 2) sparked fan interest by dropping his ‘Dark Lanes Demo Tapes’ album including hit songs ‘Chicago Freestyle’ and ‘Tootsie Slide’ that went massively viral on TikTok. New Zealand singer Benee also came out of the woodwork with viral sensations Supalonely and Glitter topping charts and reaching global popularity on TikTok.
Known for her enormously successful R&B/Soul music in the early 2000s, Alicia Keys (no. 6) released a string of new singles in 2020. Camila Cabello’s ‘Senorita’ duet with Canadian singer and now boyfriend Shawn Mendes, was Spotify’s most streamed song of 2019. The couple continued to attract copious attention as fans followed stories reporting on the lovebirds self-isolating together in Miami earlier this year.
Please don’t feel that getting caught by an ill-intentioned cybercrime is inevitable. If you follow these few simple tips, you can absolutely continue your love of online entertainment and all things celebrity:
If you are looking for new release music, movies or TV shows or even an update on your favourite celebrity then ALWAYS be cautious and only click on links to reliable sources. Avoid ‘dodgy’ looking websites that promise free content – I guarantee these sites will gift you a big dose of malware. The safest thing is to wait for official releases, use only legitimate streaming sites and visit reputable news sites.
Yes, illegal downloads are free but they are usually riddled with malware or adware disguised as mp3 files. Be safe and use only legitimate music streaming platforms – even if it costs a few bucks! Imagine how devastating it would be to lose access to everything on your computer thanks to a nasty piece of malware?
One of the best ways of safeguarding yourself (and your family) from cybercriminals is by investing in an comprehensive cybersecurity solution like McAfee’s Total Protection. This Rolls Royce cybersecurity package will protect you from malware, spyware, ransomware and phishing attacks. An absolute no brainer!
Kids love celebrities too! Parental control software allows you to introduce limits to your kids’ viewing which will help minimise their exposure to potentially malicious or inappropriate websites when they are searching for the latest new on TikTok star Charlie D’Amelio or go to download the latest Benee track.
I don’t know how my family of 6 would have survived this year without online entertainment. We’ve devoured the content from three different streaming services, listened to a record number of hours on Spotify and filled our heads with news courtesy of online news sites. And while things are looking up, it will be a while before life returns to normal. So, please take a little time to educate your family on the importance of ‘thinking before you click’ and the perils of illegal downloading. Let’s not make 2020 any more complicated!!
Stay safe everyone!
Alex x
The post How Searching For Your Favourite Celebrity May Not End Well appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyber threats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information. Owing to his international popularity and fan following that well resonates in India, Cristiano Ronaldo takes the top spot on the India edition of McAfee’s 2020 Most Dangerous Celebrities list.
Ronaldo is popular not only for his football skills, but also for his lifestyle, brand endorsements, yearly earnings, and large social media following, with fans devotedly tracking his every movement. This year, Ronaldo’s transfer to Juventus from Real Madrid for a reported £105M created quite a buzz, grabbing attention from football enthusiasts worldwide. Within the Top 10 list, Ronaldo is closely followed by veteran actress Tabu (No. 2) and leading Bollywood actresses, Taapsee Pannu, (No. 3) Anushka Sharma at (No. 4) and Sonakshi Sinha (No. 5). Also making the top ten is Indian singer Armaan Malik (No. 6), and young and bubbly actor Sara Ali Khan (No. 7). Rounding out the rest of the top ten are Indian actress Kangana Ranaut (No. 8), followed by popular TV soap actress Divyanka Tripathi (No. 9) and lastly, the King of Bollywood, Shah Rukh Khan (No. 10).
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows, sports, and movies to watch. For example, Ronaldo is strongly associated with malicious search terms, as fans are constantly seeking news on his personal life, as well as searching for news on his latest deals with football clubs. In addition, users may be streaming live football matches through illegal streaming platforms to avoid subscription fees. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity related news, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
Refrain from using illegal streaming sites
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Protect your online safety with a cybersecurity solution
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Use parental control software
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
Stay Updated
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information.
Thanks to her recent starring roles, American actress Anna Kendrick has found herself at the top of McAfee’s 2020 Most Dangerous Celebrities list.
The Top Ten Most Dangerous Celebrities
You probably know Anna Kendrick from her popular roles in films like “Twilight,” Pitch Perfect,” and “A Simple Favor.” She also recently starred in the HBO Max series “Love Life,” as well as the 2020 children’s film “Trolls World Tour.” Kendrick is joined in the top ten list by fellow actresses Blake Lively (No. 3), Julia Roberts (No. 8), and Jason Derulo (No. 10). Also included in the top ten list are American singers Mariah Carey (No. 4), Justin Timberlake (No. 5), and Taylor Swift (No. 6). Rounding out the rest of the top ten are American rapper Sean (Diddy) Combs (No. 2), Kate McKinnon (No. 9), and late-night talk show host Jimmy Kimmel (No. 7).
Lights, Camera, Security
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows and movies to watch. However, people must understand that torrent or pirated downloads can lead to an abundance of cyberthreats. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity film, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 appeared first on McAfee Blogs.
2020 has propelled us into a new digital reality – one where we are reliant on technology to help us maintain our way of life. This forced all age groups, from 8-80, to learn how to conduct their day-to-day online. I personally had my mother asking a million questions about how to video conference!
But while we’re all looking to remain connected, we need to also focus on staying protected. For those of us a little more tech-savvy, that means helping our family and friends learn how this new digital reality impacts online security.
Let’s examine what that entails.
Digital healthcare’s rise was predicted back in January when Bain & Company reported that 40% of U.S. physicians expect to start using telemedicine over the next two years. Then came COVID-19, which drove healthcare providers to turn toward digital options to deliver socially distanced patient care. Many PCPs moved almost entirely to telehealth, with half of those surveyed using telemedicine in over 75% of their patient care.
While telehealth significantly increases patient care availability, there are also intrinsic privacy and security risks that go along with it. For example, telehealth requires that patients submit their health information through online platforms – some of which lack the proper data safeguards and don’t meet HIPAA requirements. Like all data transferred over the internet, private health information used for telemedicine could be intercepted by hackers if users don’t take proper security precautions. This means ensuring you and your loved one employ best practices – locking your platform account with a strong password, ensuring you only give your personal information to your doctor or verified resource, etc. These simple steps from McAfee experts are more important than ever before, as the healthcare industry is a preferred target for criminals.
School may be back in session, but it looks pretty different than previous years. For parents, this means navigating the unknown terrain that is a virtual classroom – and how the new environment affects your family’s online security.
Distance learning has led to a substantial spike in online video conferencing tools to conduct virtual lectures – which is only compounded by the fact that kids are already constantly on devices to play and socialize. However, some of the tools they use have proven to lack necessary security measures, which could jeopardize your students’ academic success and online security. Beyond video platform concerns, the combination of increased personal device usage on not-as-secure home networks poses a threat of its own.
Parents must ensure their students succeed – at both school and security. While they’re helping kids adjust to distance learning, parents can help keep them safe online by conducting router firmware updates, changing any default passwords on home networks, and leveraging a VPN. Additionally, parents must teach kids good security hygiene, such as always updating an app or device when an update is available. With parents juggling so much right now, they can also look for some extra support in the form of a comprehensive security solution that covers all their family’s devices with an extra layer of protection.
Many consumers have adopted digital financial services to make contactless payments or participate in online banking – some for convenience, others to help minimize contact in light of recent events. However, as this tech grows, so does the need for up-to-date security.
As users incorporate digital financial services into their everyday lives, they may fall victim to the risks commonly associated with making online payments. My mother, for example, is new to mobile banking and doesn’t know to look out for targeted phishing attacks from hackers who are trying to trick her out of money. Even the most tech-savvy online banking users can fall victim to more sophisticated phishing schemes out there.
To ensure cybercriminals don’t trick my mom into sharing sensitive information by impersonating her bank, we’ve discussed some ways she can identify an attack. Now, she knows to always hover over suspicious links, avoid interacting with messages from unknown senders, and to go directly to her bank’s official website.
We can use technology to adapt and grow during this time, just as long as we all employ security best practices. So, whether it be telehealth, distance learning, or digital finances, your family should always keep the aforementioned tips top of mind.
And remember – you’re not in this alone. You’ve got the support you need during this new digital reality in the form of a comprehensive security solution, McAfee® Total Protection. With this solution, consumers are safeguarded from malware with cloud-based threat protection that uses behavioral algorithms to detect new threats. It includes comprehensive internet security, multi-faceted privacy protection, and our secure VPN to ensure your family is prepared for any potential threat.
With robust, comprehensive security in place, your family’s devices will be consistently protected from the latest threats that came from our digital reality. With all these devices safe, everyone’s online life is free from worry.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Telehealth, Distance Learning, & Online Banking: Securing Digital Frontiers appeared first on McAfee Blogs.
As a leader in cybersecurity, we at McAfee understand that every aspect of your digital life has potential weak spots that could make you vulnerable to threats and attacks. By incorporating security into everything you do online, you’re better protected from potential threats. To mount your offense, we’ve enlisted a team of partners that puts your security needs first, seamlessly blending our security with their services so you can live a confident life online. We bring our McAfee security teams together with industry players like PC & smartphone manufacturers, software & operating system developers, and more to make sure we can keep scoring security wins for you.
When was the last time you worried about security while you were shopping for a new PC? You were probably checking out the specs, price, and making sure it had all the capabilities you needed for working remotely, distance learning, and maybe a little gaming. And that’s all in addition to the day-to-day productivity, banking, and browsing you do. Like a strong defensive line, HP, Dell, Lenovo, and ASUS work closely with us to make sure that your personal data and devices are secure, especially as you spend more time online than ever before. That’s why so many new PCs are preloaded with a free McAfee® LiveSafe trial to provide integrated protection from malware, viruses, and spyware from day 1 with minimal impact on performance.
McAfee protection goes beyond just antivirus. We help you keep apps and Windows up to date and patched against vulnerabilities, block intruders with our firewall, and help you clean up cookies and temporary files to minimize the digital footprint on your PC.
We build our security directly into the devices consumers rely on for everything from remote yoga to distance learning, so that they know they’ll be safer online, regardless of what their new normal looks like.
Part of a good defense is understanding how the game has changed. We recognize that our customers are using multiple devices to connect online these days. In fact, their primary device may not even be a computer. That’s why we work with mobile providers to ensure customers like you have access to our comprehensive multidevice security options. Devices like mobile phones and tablets allow users to access social media, stream content, and even bank on their terms. For that reason, our mobile protection includes features like VPN, so that you can connect any time, any place safely and use your apps securely.
Our online and brick & mortar retail partners are also irreplaceable on the field. We understand that shopping for security can be complicated – even intimidating – when faced with a wall of choices. Whether you’re in-store or browsing online, we’ll work together to address your security needs so that your devices and personal data are protected with the solution that works best for you. Many of our retailers offer additional installation and upgrade support so you can have one less thing to worry about.
Your web browser is more than a shortcut to the best chocolate chip cookie recipe; it connects you to endless content, information, and communication. Equally important is your operating system, the backbone that powers every app you install, every preference you save, and every vacation destination wallpaper that cycles through. We partner closely with web browsers, operating systems, and other software developers to ensure that our opponents can’t find holes in our defense. Everything that seamlessly works in the background stays that way, helping stop threats and intruders dead in their tracks. Whether it’s routine software updates or color-coded icons that help differentiate safe websites from phishing scams, we’re calling safety plays that keep our customers in the game.
At McAfee, we work tirelessly to do what we do best: blocking the threats you see, and even the ones you don’t. These days your “digital life” blurs the lines between security, identity, and privacy. So, we go into the dark web to hunt down leaked personal info stolen by identity thieves. We include Secure VPN in all our suites to give you privacy online. It’s these capabilities that strengthen both the offense and defense in our starting lineup of security suites like McAfee® Total Protection and McAfee® LiveSafe.
In short, your protection goes from a few reminders to scan your device to a team of experts helping you stay primed for the playoffs. It’s a roster that includes technology and humans solely devoted to staying ahead of the bad guys, from McAfee Advanced Threat Research (ATR) investigating and reporting like to artificial intelligence and machine learning that strengthens with every threat from every device. In fact, in just the first three months of this year, our labs detected over six threats per second!
Cybercriminals may be taking advantage of this current moment, but together, we can ensure our defense holds strong. After all, defense wins championships.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Together, We Block and Tackle to Give You Peace of Mind appeared first on McAfee Blogs.
FreshRSS 