Tag Archives: passwords

Parents’ Ultimate Guide to Cybersecurity

You may think that the world of cybersecurity is only populated with shadowy criminal organizations hacking elections and stealing corporate data, but cyberattacks afflict the big and small alike.

Every day millions of cyberattacks hit the U.S. alone, and they’re growing in number and intensity every year. While governments and businesses beef up cybersecurity, cybercriminals modify their malicious software to keep up with the demand. And the demand is growing.

More and more internet-connected devices pop up in family homes every year. Computers, laptops, tablets, smart TVs, watches, and refrigerators are contributing to the inevitable “internet of things” — a time when all of our daily devices, our data, our identities, and our lives are linked together and saved in the cloud.

The more we’re connected, the more fragile our infrastructure and online connections. The more links we form, the easier it will be for hackers to bring things to a stand still, to turn off our lights, to empty our bank accounts, to disrupt our monetary system, to peer into our secrets. It’s a dystopian world view but one we can avoid if we adopt the right attitudes and invest in cybersecurity.

Cybercrime is becoming a more lucrative “occupation,” drawing more and more people to it. As the supply of criminals increases, so too will the demand for victims. Governments and corporations aren’t the only ones with something to steal. Millions of individuals and families represent enormous amounts of opportunity for cyberthieves who are starting to take more notice.

Families are tantalizing targets to cybercriminals since they tend to have less cybersecurity protection installed on their devices. They also house millions of children operating those devices. But protecting yourself is possible if you get to know the cybersecurity basics, educate your kids, and learn the best ways to avoid malware.

Get to know cybersecurity basics

You often hear about cyberthreats on the news. Reporters give obscure warnings about malware attacks, worms, and phishing scams, but what does all of this mean? Getting to know the basic terms and concepts around cybersecurity will help you better understand news alerts around virus outbreaks. You’ll know what types of threats are issued and what actions to take to protect your data and devices.

Malware and viruses

Although the terms are often used interchangeably, computer viruses aren’t the same thing as malware. Malicious software or “malware” is a broad term referring to any type of software installed on a device or network that’s unwanted or destructive. Viruses are just one type of malicious software.

Cybersecurity experts classify different malware by their behavior. Viruses are unique because they can replicate (make copies) and propagate (spread). Like the common cold or flu virus, computer viruses are transmitted from one device to another through some kind of “contact,” usually in the form of email attachments or links.

Raising healthy kids means providing nutritious meals, getting them flu shots, and teaching them to wash their hands regularly. Protecting your devices from viruses and malware requires adopting good attitudes, installing antivirus software, and teaching online safety.

Viruses and worms

Worms are considered computer viruses because they can replicate. While viruses need humans to help them replicate, worms can self-replicate. Once on your computer, worms make copies of themselves and email those copies to other computers. They’re much more autonomous than your average virus, which makes them especially destructive.

Unlike viruses, worms don’t need executable programs to function. An executable program is one that executes or runs code, typically ends with the file extension .EXE, and needs your permission to operate. If you’ve ever downloaded a program from a website and installed it on your computer, you’ve opened an executable program.

Executable programs and files work differently from read-only files. For example, if you play an .mp3 music file of your favorite song, your computer is only reading the data from the file. So, you can’t get a virus from simply playing a song, but you can get one from downloading one.
Scanning executable files downloaded from the internet is a good way to catch viruses and worms before they infect your computer.

Social engineering

Social engineering is how cyber thieves manipulate people into unknowingly spreading malware, revealing their personal information, or sharing their data. Children and teenagers are especially susceptible to social engineering tricks. That’s why educating them on good online habits and identifying warning signs keeps them and your devices safe.

Consider the following scenario: You receive an email from Facebook with the subject line reading “Issues with your account: Please Respond”. You open the email, and it says the Facebook team has found “copyright issues” with your account.

The email goes on to say if you don’t resolve the issues, your account will be “permanently blocked”. Concerned, you look for a solution. The email explains you must follow the provided link, fill out a form, and provide your credentials. You click the link and visit the Facebook website where you’re prompted to sign in with your username and password. After signing in, you suddenly notice the URL in the address bar doesn’t look right.

The fact is, you’re not on Facebook’s website at all, and you’ve just handed over access to your account to hackers.

Notice how many times in the scenario you followed along with the instructions. You opened the email, clicked the link, visited the site, and entered your credentials. The hackers did little work aside from creating a convincing email forgery. You were being socially engineered.

The above example is a phishing email, a common source of identity theft and virus propagation. Phishing emails are just one way cyberthieves use our emotions and confirmation bias against us to profit. Here are some tips for avoiding phishing emails:

  • Scan the email for the correct logos, fonts, and colors.
  • Check for grammatical and spelling mistakes.
  • Hover over any links and make sure the URL is correct.
  • If you weren’t expecting an email or are confused, you should email the organization’s website or call them directly.
  • Report such scams to the Federal Trade Commission’s website.

Trojans

Unlike viruses and worms, trojans target specific devices for attack rather than propagate. They don’t exist to replicate or propagate but to destroy data, record passwords, and capture confidential information like banking account numbers.

Trojans are malware in disguise. They make their way into your computers and mobile devices by posing as legitimate files and programs. That’s why they have the name “trojans” after the wooden horse the Greeks tricked the Trojans into bringing into their city.

Banking trojans are a popular form of malware used to steal your banking and credit card numbers. They begin life disguised as apps downloaded from sites like Google Play and the Apple Store. After the trojan app is on your device, it activates and begins scanning and monitoring your information, looking for and recording credit card and banking account numbers. It then remotely relays the information back to the thief.

Trojans are a specific danger to children who have access to mobile devices like Android phones and tablets. Cyberthieves use social engineering and legitimate-looking apps to trick kids into downloading what they think is a harmless game.

Botnets

Hackers deploy botnets to take over and control internet-connected devices. The term botnet is formed by the words “robot” and “network,” which is exactly what they are: a network of robotic devices used together. Cyberthieves build botnets made of millions of devices creating fake social network accounts, mining cryptocurrencies, defrauding advertisers, deploying denial-of-service attacks (DDoS), and propagating other malware.

Botnets are about gaining control, and many devices in the home can now be hacked. The internet of things is now a reality for many families. Along with laptops and personal computers, other common devices like coffee makers, TVs, smart watches, and refrigerators are now connected to the internet. Botnets target these devices to build a larger network of computing power.

Signs your device has a botnet include slowed performance or frequent crashes, but these are also common symptoms of other problems. The fact is, most users aren’t aware a botnet is controlling their device. The result is increased wear and tear on your devices.

Understand the real dangers of cybersecurity

Panda Security surveyed parents to identity their biggest concerns about online activities, apps, and websites. The survey results revealed a disconnect between what online threats parents fear and what is statistically more likely to happen. For example, 54 percent of parents surveyed said they worry the most about “sexual predation”, but only 13 percent of children reported experiencing such acts. On the other hand, only 12 percent of parents reported “online bullying” as their number one concern even though 34 percent of children between the ages of 12 and 17 are said to experience cyberbullying.

There were similar conflicting results for cybersecurity. Only 16 percent of parents report “computer viruses” and “malware” as “somewhat unsafe” or “very unsafe”. The fact is, viruses and other malware threats are getting more frequent every year.
To keep your children and devices safe, you must know what threats are more likely to happen and focus more attention on preparing for them. Focus the majority of your time, energy, and attention on more likely threats.

Identity fraud

A 2017 study found a huge increase in internet fraud as credit card companies have begun moving consumers to anti-counterfeit, chip-based cards. The chips make it harder to commit fraud at stores, so cyberthieves have moved to online transactions using stolen credit card numbers. The study showed a 40 percent increase from 2015 to 2016 in online credit card fraud.

The study also found that new account fraud rates had doubled over the same time period. Cyberthieves steal or buy your personal credentials and open new accounts in your name.

Newly opened, fraudulent accounts generally take longer for victims to discover since thieves have credit card and bank statements sent to them.

Of particular interest to parents is the recent rise in identity thefts targeting infants and toddlers. Cyberthieves can steal your child’s SSN and open new accounts in their name, ruining their credit scores before they even reach adulthood. Identity theft of this kind can stain your child’s financial future, making it harder for them to find funding to buy a car, get student loans, or rent an apartment. Running credit reports is one way to check for identity fraud. If you suspect someone has stolen your identity, you should freeze your credit report.

Ransomware

Ransomware is one of the fastest growing cybersecurity threats today. There has been a 50 percent increase in ransomware attacks from 2016 to 2017, according to a study by Verizon. The malicious software works just like a real-life ransom situation, only the hostage is your data.

Ransomware allows hackers to lock your computer and encrypt your data. They don’t necessarily steal your data; they just make it impossible for your computer to read it and for you to access it. Thieves ask for money to decode your data. If you don’t pay, they threaten to delete everything.

Hackers gain access to devices through common sources like spam email campaigns, security holes in software, and even botnets.

As more of our photos, videos, and documents become digitized and stored on hard drives, the prevalence of ransomware will increase. It’s a highly lucrative “business” that affects corporations and families alike. Cyberthieves know your data are valuable and that many parents are likely to pay, even though you shouldn’t.
Paying the ransom only enriches the thieves and incentivizes further theft.
Protect your data against ransomware by backing it up to another hard drive or to the cloud. The threat of deleting your data only works if you have a single copy of it.

Educate your kids about cybersecurity

Every generation of families confronts a new technology and the new threats that offset its benefits. Automobiles launched the car wreck, TV birthed concerns around “screen time,” and the personal computer helped spawn the hacker. With the internet and social media, parents are once again confronting the consequences of connectedness, social sharing, and digital identities.

Navigating the dangers of cybersecurity and the internet means being honest with your kids about what is at stake. Identities can be stolen, credit ratings can be destroyed, and bullies can do serious harm. Educating your kids about cybersecurity is one of the most effective things you can do to keep them safe while online.

Be honest

Cybersecurity is serious business. Talking to your kids about it requires honesty. Don’t avoid issues because they’re uncomfortable or complicated to explain. Tell your children some online activities are safer than others.

The online world is just like the real world. Not talking to strangers at the park is just as important as not talking to strangers in chat rooms. Leaving your toys out for thieves to steal is just like telling someone too much information online. Avoid dividing the real world from the online one. Instead, bring them together by making these types of connections. Children need consistency, and keeping the rules consistent for on and offline activities will help them understand the dangers of both.

Being honest about cybersecurity also means pointing out the good things about online activities. Keep a balanced outlook. Emphasize they need to be cautious but enjoy the internet. It contains wonderful things to help them grow, socialize, and learn. As they learn better online habits, they will feel safer, confident, and in control. Honesty is the best policy.

Use your creativity

Cybersecurity concepts like online identities and malware are abstract concepts. Use examples and analogies that children can relate to. For example, use the analogy that computer viruses work like biological viruses. Explain how one “sick” computer infects another. Personal identities are unique like our fingerprints. Stealing someone’s identity is like dressing up like that person for Halloween so you can steal all of their candy. Find creative ways to relate cybersecurity concepts to their everyday life.

Build trust

Your child may assume your concerns are more about spying on their online activities rather than looking out for them. Reassure them you won’t get upset if they accidentally click on something they shouldn’t or if their device gets a virus. Overreacting will likely cause resentment, anxiety, and rebellion. These are all counterproductive to building good habits and trust.

For teenagers, be consistent about your concerns. Make it just as much about protecting devices and information as it is about who they’re talking to online. For small children, reinforce the notion that cyberthieves are tricky, but you can beat them by following the rules.

Go online together

The best way to teach a child something is to show them firsthand. Go online and search for a term that interests them. Then explore the results looking for good and bad websites. Take a tour of the browser’s interface. Point out the address bar, bookmarks, extensions, and the search results. Show them how to close an internet pop-up ad and what to do when they can’t find a close button.

Websites come in different flavors when it comes to data safety. Some talk with your browser using encryption and some don’t. Encryption keeps your data safe. Encrypted sites begin their URLs with “https:”. Unencrypted ones have “http”. Browser extensions like HTTPS Everywhere identify unsecure websites from secure ones automatically.


Together with your child, open their favorite app and explore its social and/or messaging features. Explain what to do if they receive a message. Show them how to respond to in-app purchase and pop-up ads. If you feel your child isn’t mature enough for messaging, check to see if the app allows disabling the feature.

Identify appropriate vs inappropriate information to share

Parents know small children are open books — freely sharing information you’d rather they just keep to themselves. So use cybersecurity education as a way to establish good and bad sharing practices.

Provide your children with examples of information that are safe to share online and some that aren’t. Even if they don’t have their social security number memorized, they can still reveal their address, their birthday, or their mother’s maiden name to a cyberthief posing as an online friend. Tell them sharing online is like sharing in person. Ask them what’s safe to share with a stranger and what’s not. The same rules apply.

Even small pieces of information like the dates of an upcoming family vacation could lead to a home invasion and physical theft of your devices. Cybercriminals now use botnets to read smart electric meters and determine when the home is empty, so giving them a heads up on when you’ll be away from home only makes their jobs easier.

Reinforce the need to be skeptical of anyone your child communicates with online. Cybercriminals befriend people on social media to gain their trust and get information. With that information, they can take over the victim’s account or steal their identity. Good information sharing habits help kids avoid these threats.

When discussing shareable information, practice what you preach. Often parents can be just as open with personal information as children. It’s tempting to spread the knowledge of your newly arrived baby, but exact details like time of birth, hospital, and your child’s full names can give cyber thieves a head start on discovering their SSN. Using your maiden name as a security question answer makes a hacker’s job easier.

What you share online about yourself and your children also teaches them what’s appropriate and inappropriate, so practice what you preach when it comes to sharing online. Your children are watching.

Use online resources

Another effective way to teach children about online safety is using online resources. Internet safety websites like the Federal Trade Commission’s OnGuardOnline has security tips, games, and other online learning resources for parents and guardians. Other sites use videos, quizzes, and other activities to teach cybersecurity basics to children.

Know the cyberthreats for children and teens

Knowing cybersecurity basics gives you the foundation for building a protection plan for you and your family. Now it’s time to get familiar with online activities, apps, and websites specific to children and teens.

Anonymous sharing

Over 75 percent of surveyed parents viewed anonymous sharing as “somewhat unsafe” or “very unsafe”. It’s a legitimate fear. Although anonymous sharing can promote healthy and open expression for users, it can also make it easier to overshare information

Apps like Snapchat allow users to post images and messages that only show up temporarily and then are removed. But nothing on the internet is ever temporary. Cyberthieves and bullies can easily take screenshots and photos of information and images before they disappear.


Popular apps like Whisper keep a user’s identity unknown, while others like Anomo start you off as anonymous but let your change your settings over time. If you tween or teen wants to share anonymously, you might steer them toward apps like After School, which is developed specifically for teenagers and includes resources for counseling, scholarships, and social campaigns.

Before letting your child use anonymous sharing apps, go over what information is safe to share. They should be wary of any messages containing links or attachments, which could contain malware or lead to phishing websites.

Social networks

Social media is changing the way kids socialize and get information. Tech giants like Facebook and Google have developed apps like Messenger Kids and You Kids to give kids safe online spaces to interact socially. The apps filter age-appropriate content and provide parental controls for account creation and monitoring. But they’re not foolproof, and older kids are good at getting around parental controls when they want.

Parental Controls

Many of the same strategies that work to keep inappropriate content from children also work to keep them safe from cybersecurity threats. Keep your kids safe by executing a multi-layered approach to parental controls starting with the devices themselves.

  • Set up parental controls for your devices: Windows and/or Mac
  • Set up parental controls for web browsers. For Chrome, you can create a supervised profile to monitor and block any content they visit. Firefox has many different add-on extensions for similar purposes.
  • Set up parental controls for all of the apps your kids can access. You can set their Facebook privacy setting to “Friends Only” and block specific content for their YouTube channels.

Setting up a multi-layered approach will create redundancies of protection — if one layer of protection fails, the others will still work.

Passwords

You child’s password to their social account is like gold to a cyberthief. With their password, cybercriminals can take over the account and use it to post fake news, spam others with messages, or create fraudulent ads. Help your kids create passwords for their social accounts. Record the passwords in case you need access yourself. Here are some strategies for creating secure passwords:

  • Find a balance between complexity and memorability. Creating longer passwords makes them more secure, but make sure they’re short enough so your child can remember them.
  • Include numbers and symbols.
  • Use random number and letter substitutions rather than commonly used ones.
  • Initialize two-step verification for apps that allow it.
  • Use a password manager that will do the remembering for you.

Your child’s password is the key to their social media privacy and their account. Keep them safe from cyberthieves by creating a secure password.

Direct Messaging

The majority of social media sites have direct message features for connecting with friends, family, and strangers. Direct messages are popular places for cyberthieves who place links to phishing sites and harmful downloads for kids. Here are the warning signs and how to avoid these schemes:

  • Avoid clicking on messages with an unusual amount of typos and misspellings, wrong subject-verb agreements, or unusual punctuation marks.
  • Messages asking for personal information like passwords, SSN, credit card, or PIN numbers. No legitimate social media site will correspond with its users about these topics through direct message.
  • Be extremely skeptical of messages claiming your account will be locked or deleted unless a specific action is taken.
  • Don’t click links that are mismatched from their descriptions. Hover over a link with your cursor and check the status bar at the bottom of your browser window. Make sure the status bar address matches the intended destination. Both addresses should match for any type of link, whether in direct messages, emails, or browsers.

Practice these cybersecurity habits with your children. Visit sites like scam-detector.com and show your kids common ways cyberthieves spread viruses via direct messages on Twitter, Facebook, and other social media networks.

Email attachments and links

Social engineering is a powerful way for cyberthieves to trick children into infecting their own devices or revealing personal information. Sit down with your kids and show them how you check your emails. Even have them send you one themselves with a message and an attachment like a picture.

Explain and demonstrate how a phishing email works and their telltale signs. Send your child an email with a “bad” mismatched link you made up. Show them how to hover the cursor over a link to reveal its true destination on the web. Most importantly, explain why you never open an email attachment from an unknown source. If you can’t confirm the source, delete the attachment.

Video streaming sites

The world of television programs and cable networks, familiar to many parents, has given way to online celebrities and YouTube videos for their children. Everyday, YouTube users watch over 1 billion hours of videos. All of this traffic draws the attention of scammers and cyberthieves looking to hack the system for profit.

For video sites like YouTube, cyberthreats don’t come from streaming videos but from other parts of the platform. While your child can’t get a virus while watching a YouTube video, they can click on a link in the comments section, in an ad, or in a video description and infect your device with malware.

It works like this: Your child searches for a movie on YouTube with their tablet. One of the videos in the search results has the correct title and images for the movie they’re looking for, so they click on it. However, it’s not the movie at all but a short video telling them to click the link in the video’s description if they really want to watch the full-length movie.

They click on the link, which takes them to a website. But now there’s a problem. You need an update to Flash Player before you can watch the movie. “Would you like to download the update?” the site asks. Of course they do, so they click the download link. Now, the iPad has a virus, and your child is upset. They stomp into your bedroom holding the iPad defiantly out in front of them exclaiming, “This doesn’t work!”. They’re absolutely right
Take these preventative measures to protect your devices from infection:

  • Get them familiar with how YouTube works. Show them the problem areas: where the comments section lives, what video ads look like, where links in video descriptions are inserted.
  • Enable YouTube Restricted mode, which will filter out inappropriate content and hacking schemes like the one above.
  • Download the YouTube Kids App and control their content through it. Some features like the comments section can be turned off completely.

Videos will only get more and more popular for both children and cyberthieves. Get ahead of cyberattack trends by educating your children on current threats within video platforms.

Online Video Games

Kids love video games, especially those that let them share their experiences and creations with others. Almost every video game today has some type of social component built in, whether it’s direct messaging or chat. Minecraft and Roblox are just two examples of popular user-generated online games that let kids build worlds and share them with others.


While such games are good for building imaginations and relationships, they’re also the playground for cyberthieves and hackers. Like YouTube, cyberthreats on the websites aren’t the problem. That is, you can’t get a virus just from playing Minecraft, League of Legends, or Roblox. You get it when you leave the game’s website and land on another, and hackers use social engineering tricks like the following to lure kids away:

  • Pop-up ads or chat links offering free coins, avatars, skins, and upgrades. Once clicked the ad or link takes them to a website that requires them to download an executable file. When opened, the program infects the computer with malware designed to steal data, which can include your banking formation and account passwords.
  • Fake login schemes use pop-ups within the game to tell the player they must provide their username and password to continue. Sometimes the pop-up claims the site is “under maintenance” as a social engineering ploy to steal a player’s account and lock them out.
  • Hackers use botnets to send spam and fake ads to millions of players, asking them to visit websites for free stuff. The botnet is designed to run a fraudulent ad scheme, which relies on more views and clicks to make the hackers money.

Here are some tips to help your child avoid phishing scams on video games:

    • If the game allows, set your child’s chat options to “friends only”.
    • Teach your child the “no free lunches” lesson. Drill the point home that if it sounds too good to be true, it probably is. The old adage should be the mantra for any parent warning their child about online “free” offers.

Cyberattacks can rob you of your personal data and your child of their hard-earned accounts. Keep the fun going by teaching your child the common tricks hackers use on video game websites.

Monitor your child’s identity

Identity theft doesn’t just affect adults. Infants and children are at risk of cyberthieves stealing their SSNs and ruining their credit. The Federal Trade Commission suggest parents watch out for these warning signs that your child’s identity may have been stolen:

      • Your child is denied government benefits because they’re being paid to another account.
      • You receive a notice from the IRS saying the child didn’t pay income taxes, or that the child’s SSN was used on another tax return.
      • You get collection calls or bills for products or services you didn’t receive.
      • Your child is denied a bank account or driver’s license

Here are some preventative actions to protect your child’s identity:

      • Run a check for a credit report in your child’s name with the three major credit reporting companies: Equifax, Experian, and TransUnion.
      • If your child has an existing credit report, someone has applied for credit in their name, which may be a sign their identity has already been stolen.
        If your child’s school ever has a data breach, watch their credit scores more closely. Consider freezing their credit reports if you suspect their identity has been compromised.
      • Check your child’s credit report when they turn 16. If there has been fraud or misuse, you will have time to correct issues before they apply for a job or car loan.

Keeping your child’s identity safe is a long-term plan. It may cost a little upfront time and money to prevent your child’s identity from being stolen, but they’ll thank you for it when they’re older … along with all of the other things you do for them.

Protect your devices

Your internet-connected devices are the touch points for your child’s online experience. Tablets, laptops, and desktops allow them to explore, create, and benefit from all the internet has to offer. They’re also the gateways into your personal data and identity, and they’re expensive to replace. Keep your devices malware and cyberattack-free with the following steps:

Avoid non-secure web pages

Non-secure websites don’t encrypt how they talk to your browser like secure ones do. It’s easy to identify websites that are non-secure. They start with HTTP in their URL address. Visit only secure sites that start with HTTPS. The ‘s’ stands for ‘secure’. If your favorite site’s address starts with HTTP, download antivirus protection, create a bookmark for navigating to it, and don’t enter your credentials.

Update your operating systems

One of the best ways to protect your devices is simply keeping your operating system (OS) up-to-date. Hackers love to exploit security holes in operating systems like Windows and Mac, so keeping your OS updated applies any patches these developers have released. You can manually update your Windows or Mac OS or set your system to auto-update for you. Remember, it’s the time between when the update is released and when you install it that your devices are at their biggest risk of infection.

Keep programs and apps to a minimum

Like operating systems, individual apps on your devices also need updating – and for the same reason. Aside from updating them, you should also decide whether you even need them at all. Take inventory of your apps and programs and decide whether you actually need them and how often you use each one. Remember, viruses need executable files to work, so the fewer apps and programs you need to download and update, the fewer your chances of infection.

A couple of programs you will want to give special attention to are Adobe Flash and Acrobat Reader. Both are popular targets for cybercriminals. If you don’t use them, uninstall them.

Get antivirus protection

Downloading and installing a comprehensive antivirus protection software will actually solve many of the problems outlined in this guide. From helping avoid malicious links to managing your passwords, antivirus software will keep your data confidential, your identity safe, your devices virus-free, and your children safe from harmful content.
Many major antivirus protection plans offer free downloads that provide some basic protections.

Cybersecurity is an investment

Like insurance, cybersecurity is something you avoid thinking about until you need it. But when disaster happens, you’re always glad it’s there. Stay ahead of the growing threat of cybercriminals and evolving malware by taking the time to invest in the things that work: educating yourself and your children, practicing good online habits, keeping your devices up-to-date, and getting a comprehensive antivirus software system.

The post Parents’ Ultimate Guide to Cybersecurity appeared first on Panda Security Mediacenter.

Read More

Alteryx: a new massive data leak

The Data of More Than 120 Million American Households Left Exposed Online

Researchers based in California reported that the information of 123 million US households had been found exposed on the internet. Every single person with an Amazon Web Services (AWS) account and the correct URL has been able to access the leak. The exposed data contained general information about almost every American household in the US.

The leak is known to have included addresses, phone numbers, family interests, household income, the number of children who live in the property, and the amount of money owed on mortgages. The data was unintentionally left up-for-grabs for anyone interested, by marketing analytics company called Alteryx. On their website, Alteryx say that the data “includes consumer demographics, life event, direct response, property, and mortgage information for more than 235 million consumers and 113 million households.” After the leak was discovered the marketing analytics company took action, and the information is no longer available for public view. The data has been collected and sold to Alteryx by Experian.

Social security numbers, full names, DOBs, and credit card details are not known to have been exposed. However, experts say that hackers would have been able to quickly cross-reference the information with previous leaks such as the massive Equifax leak earlier this year. Having access to such information could have been the missing part of the puzzle for hackers wanting to break through their victim’s security questions or build profiles about their potential victim.

While the information has already been shared with the world, it is your responsibility to make sure that no one takes advantage of it. Keep in mind that when setting up new online accounts you have to make sure that the answers that you add to the security questions parts of the accounts setup are not easily guessable. Never choose the ‘city where you were born’; ‘your favorite sports team’; or ‘your favorite color.’ With the information from leaks like this one and the vast amounts of digital prints people leave nowadays, such answers could easily be guessed by cybercriminals. Sadly, leaks are happening all the time so do not forget to install antivirus software and change your passwords at least once every three months. Having an additional security layer is crucial for your family wellbeing.

You have to remain vigilant and keep an eye on your credit report and regularly check your banking statements for suspicious activity. If you see something that doesn’t feel right, report it immediately.

Download your Antivirus

The post Alteryx: a new massive data leak appeared first on Panda Security Mediacenter.

Read More

How Secure is My Password?

Recently, researchers found an Equifax portal guarding access to 14,000 personal records being secured by the password “admin/admin”. The issue has since been fixed, but the example highlights the lack of importance given to password creation that continues to plague cyber security for businesses and individuals.

Most people still use passwords that are easy for cyber thieves to guess despite the devastating effects of identity theft. But the problem isn’t just about carelessness; it’s about human nature. Understanding the problem will help you create better passwords.

The Human Predictability Problem

The founder of our current day password strategy, Bill Burr, recently admitted he regrets his original recommendations. While working at the National Institute of Standards and Technology (NIST) in 2003, Burr authored a guide that laid out two fundamental rules for password creation:

  • It must have a combination of alphanumeric, uppercase, lowercase, and special characters.
  • It should be changed every 90 days.

Rule number 1 results in a password like “S3cur1Ty%”, which looks random, but it’s actually not that hard for cyber criminals to crack. It’s easy because humans are so predictable.

For example, most of us tend to capitalize the first letter in our passwords. We also use the same numerical substitutions for letters (ex. “3” for “E”, “1” for “i”). Those two common strategies alone make our passwords much more predictable.

The NIST has since revised Burr’s guidelines, admitting that requiring complex passwords cause users to “respond in very predictable ways to the requirements imposed by composition rules.”

Rule number two results in a similar problem. People who change their passwords regularly tend to only make minor alterations, like simply adding a “1” at the end (not exactly creating the Enigma Code there). The NIST guidelines no longer suggest changing passwords every 90 days. Instead, you should change them when it’s appropriate, like after the Equifax security breach.

How do cyber criminals steal passwords?

Hackers have many way of stealing your passwords.

Brute Force Attacks

Hackers use software that repeatedly tries many different password combinations. Since the reigning champion of worst passwords is still “123456”, brute force attacks are a reliable way to steal your information. Brute force password “cracking” software comes with names like Brutus, RainbowCrack, and Wfuzz and are free to download.

Brute force attacks are effective with shorter passwords, but struggle with longer ones. For those, hackers switch strategies.

Dictionary Attack

As the name implies, dictionary attack software searches through a prearranged list of words, trying different combinations and variations. Ironically, cyber criminals use stolen passwords to make stealing passwords easier. Cyber thieves often purchase stolen password lists on the online black market. They buy them, not for targeting individuals, but for determining the most common passwords people use. They’re searching for human predictability so they can narrow their future searches.

Even legitimate businesses buy stolen passwords in an effort to safeguard their customers’ information

Because of these password lists, the NIST recommends sites that rank a users’ password strength by comparing it “against a ‘black list’ of unacceptable passwords.” If you try and use a password on such a list, the website may reject it.

Wi-Fi Monitoring Attack

Password thieves can also steal your password when you’re connected to public Wi-Fi. Special software alerts hackers when you connect to Wi-Fi and enter your username and password. They intercept and record the transmitted data, stealing your credentials. Wi-Fi attacks and recently discovered vulnerabilities are making Wi-Fi monitoring attacks a bigger threat.

Phishing Attacks

Attackers use fake emails and websites to steal your passwords. Phishing attacks are usually emails disguised as legitimate company correspondence. The emails typically direct you to download an attachment, click a link, or sign into a website.

That email from your “bank” looks legitimate, but its real author may be a thief directing you to enter your username and password into a fake website. Although hackers are getting more sophisticated, there are still effective ways to spot phishing attacks before it’s too late.

Updated strategies for creating passwords

Creating a good password means finding a balance between memorability and randomness. Here are some new strategies based on the updated NIST guidelines.

Stop being predictable

Now that you understand how Burr’s guidelines actually resulted in more predictable passwords, you can avoid these issues by creating personalized randomness.

Personalized Substitutions

Instead of using common substitutions (ex. “4” for “A”, “$” for “S”), find your own substitutions based on individual associations. For example, if your name begins with A and you’re the third child, then substitute all your A’s with 3’s. You can also substitute all S’s with the number of S’s in the title of your favorite horror movie (ex. “Texas Chain Saw Massacre” = 4).

Capitalization

Avoid predictable patterns in letter capitalization, like upper-case letters in the first and last position. Use a personal preference or choose to capitalize a letter where it aids memorization the most.

Using personal connections makes remembering your password easier and guessing it much harder.

Length

The longer your password, the better. More characters guard against brute force attacks by increasing complexity. At minimum, you should have eight characters. The NIST recommends websites encourage users to create passwords as “lengthy as they want.” But remember: the longer the password, the harder it will be to remember.

Use Acronyms

Using acronyms built from a longer phrase is a good way to create a secure password that’s easy to remember. Here are the steps:

  1. Find a phrase you can remember easily. Example: “Don’t count your chickens before they hatch”
  2. Create an acronym by using the first letters of each word in the phrase. So, “dcycbth.”
  3. Add some numbers and special characters based on the substitution and capitalization strategies listed above. For example, dcYcb3Th% is a strong password that’s easy to remember.

The longer and more personalized your initial phrase the stronger the resulting password will be.

Note: “personalized” doesn’t mean personal. Never use personal information like your date of birth, hometown name, or other piece of data a thief could easily find. Therefore, an example of a bad phrase to use would be “My Birthday Is On June Fifteenth Nineteen Eighty.

Use a Passphrase

Passphrases are built from random words strung together. They help thwart dictionary attacks that look for common patterns and connections. If you used a random noun generator to produce the four words “hallway”, “routine”, “travel” and “tsunami” you could build a password with strong randomness and length: hallwayroutinetraveltsunami. Add some uncommon substitutions and special characters and you’ve created a strong, memorable password.

Note: some security analysts argue the strength of random words passphrases are less secure than we might think given the limited number of words the average college educated person knows (80,000 words).

Use Two-Step Verification

If you haven’t set up two-step verification (2SV) on your accounts, you should do it as soon as you can. Also known as two-factor authentication, 2SV provides an extra layer of protection by having you prove your identity. Many 2SV systems work by sending a text to your phone with an access code. After you enter the code, the website gives you access to your account.

Vulnerabilities exist in 2SV because of the possibility of Wi-Fi and phishing attacks, but the NIST still recommends the practice.

Google recently announced its 2SV program called Google Prompt for Android phone phones The company claims Google Prompt is an easier and more secure method of authenticating an account than traditional 2SV.

Get a Password Manager

Another problem with passwords is that around 60% of people use the same one for multiple accounts. The downsides are obvious, but with so many of our online services requiring passwords, creating unique and memorable passwords isn’t practical.

Password managers are increasing in popularity because they create secure passwords you don’t have to remember. Most work by having you create a master password. The manager will then let you create and save more passwords for each of your outside accounts. They will even randomly generate passwords for you. If you can remember your master password, you can access all of your other ones.

When creating strong passwords, it’s definitely good not to follow the crowd. Secure passwords should be as unique as you are, so follow the NIST guidelines and keep access to your accounts in your hands, not those of cyber criminals.
Download Free Antivirus

The post How Secure is My Password? appeared first on Panda Security Mediacenter.

Read More

Strong Passwords Don’t Have to be Hard to Remember

Bill Burr blew it, and he knows it. The man responsible for the global password strength guidelines, which posit that you should always use alphanumeric characters and alternate uppercase and lowercase letters, recognizes his error. According to Burr, these rules “drive people crazy,” and yet, even so, do not necessarily make for good passwords.

Fourteen years of bad passwords

In 2003, while Burr was working at the National Institute of Standards and Technology, he published the report that would become the go-to reference for creating secure passwords, NIST Special Publication 800-63. Appendix A. The guide included two fundamental tips. The first is that passwords must have a combination of alphanumeric, uppercase and lowercase characters, and special characters. The second is that it should be changed every 90 days. Since its publication, the guide stipulated by Bill Burr became the foundation on which the creation of passwords is based. Numerous companies have made it an obligation and prohibit users from using passwords that do not meet these requirements. So what has changed? Why does Burr regret his role in establishing today’s password status quo?

The short answer: people are still using insecure passwords. In cases where a password is not required to comply with the recommendations of Burr and NIST, users often use easy-to-remember (and also hack) passwords such as “123456”, “111111” or “password”. But the problem goes beyond that. Even if you apply Burr and NIST logic and convert “password” to “P @ ssw0rd!”, It is still an easily hackable password. When many users use this password, it is a pattern that cybercriminals can use to access our account.

The solution

Burr isn’t the only one to have recognized that the method he invented has become obsolete and, in some cases, even insecure. NIST itself has updated its Digital Identity Guidelines to reflect the new changes. According to this agency, the key to a secure password is the use of compound phrases with words that we can easily remember, a principle that is on display in the comic below from the popular xkcd.

image: xkcd

The upper row shows a password with alphanumeric characters, capital letters and special characters (i.e., the “perfect password” according to the old thinking), which could be guessed in three days by brute force. The bottom row shows how a phrase combining four words increases the time it would take to guess the password to 550 years. For years we have resorted to passwords that are hard to remember for us but easy to guess for machines.

Time for a change

If you have not already, it’s time to review your company’s password policy. One of the reasons why many employees jeopardize the security of the company is by choosing passwords that are easy to remember, but also easy to crack. And sometimes, it turns out that some passwords that are difficult to remember are also quite vulnerable. It is important, therefore, to emphasize that this new method combines simplicity and security.

The new NIST guidelines do not recommend changing passwords regularly, but rather when it becomes necessary (after a security incident, for example). The reason is that users turn to the easiest option and make minor changes, minimizing the benefit of changing passwords. What’s more, having to insist and even require a change of password regularly could contribute to “security fatigue” among employees, an increasingly widespread problem among all types of companies.

Bill Burr and NIST have acknowledged that their method is ineffective. Now the responsibility is on us. Implementing the new guidelines will help create safer passwords and protect our business from cybercrime.

The post Strong Passwords Don’t Have to be Hard to Remember appeared first on Panda Security Mediacenter.

Read More

Strong Passwords Don’t Have to be Hard to Remember

Bill Burr blew it, and he knows it. The man responsible for the global password strength guidelines, which posit that you should always use alphanumeric characters and alternate uppercase and lowercase letters, recognizes his error. According to Burr, these rules “drive people crazy,” and yet, even so, do not necessarily make for good passwords.

Fourteen years of bad passwords

In 2003, while Burr was working at the National Institute of Standards and Technology, he published the report that would become the go-to reference for creating secure passwords, NIST Special Publication 800-63. Appendix A. The guide included two fundamental tips. The first is that passwords must have a combination of alphanumeric, uppercase and lowercase characters, and special characters. The second is that it should be changed every 90 days. Since its publication, the guide stipulated by Bill Burr became the foundation on which the creation of passwords is based. Numerous companies have made it an obligation and prohibit users from using passwords that do not meet these requirements. So what has changed? Why does Burr regret his role in establishing today’s password status quo?

The short answer: people are still using insecure passwords. In cases where a password is not required to comply with the recommendations of Burr and NIST, users often use easy-to-remember (and also hack) passwords such as “123456”, “111111” or “password”. But the problem goes beyond that. Even if you apply Burr and NIST logic and convert “password” to “P @ ssw0rd!”, It is still an easily hackable password. When many users use this password, it is a pattern that cybercriminals can use to access our account.

The solution

Burr isn’t the only one to have recognized that the method he invented has become obsolete and, in some cases, even insecure. NIST itself has updated its Digital Identity Guidelines to reflect the new changes. According to this agency, the key to a secure password is the use of compound phrases with words that we can easily remember, a principle that is on display in the comic below from the popular xkcd.

image: xkcd

The upper row shows a password with alphanumeric characters, capital letters and special characters (i.e., the “perfect password” according to the old thinking), which could be guessed in three days by brute force. The bottom row shows how a phrase combining four words increases the time it would take to guess the password to 550 years. For years we have resorted to passwords that are hard to remember for us but easy to guess for machines.

Time for a change

If you have not already, it’s time to review your company’s password policy. One of the reasons why many employees jeopardize the security of the company is by choosing passwords that are easy to remember, but also easy to crack. And sometimes, it turns out that some passwords that are difficult to remember are also quite vulnerable. It is important, therefore, to emphasize that this new method combines simplicity and security.

The new NIST guidelines do not recommend changing passwords regularly, but rather when it becomes necessary (after a security incident, for example). The reason is that users turn to the easiest option and make minor changes, minimizing the benefit of changing passwords. What’s more, having to insist and even require a change of password regularly could contribute to “security fatigue” among employees, an increasingly widespread problem among all types of companies.

Bill Burr and NIST have acknowledged that their method is ineffective. Now the responsibility is on us. Implementing the new guidelines will help create safer passwords and protect our business from cybercrime.

The post Strong Passwords Don’t Have to be Hard to Remember appeared first on Panda Security Mediacenter.

Read More

Equifax leaks its business model

Three lessons from Equifax for greater online security

The hacking of Equifax and the subsequent leaking of private data on an estimated 143 million people has created a furor that reaches from top governmental levels down to the little guys worried that their data is being distributed and misused all over the internet. There are big reasons to be concerned Equifax is not […]

The post Equifax leaks its business model appeared first on Avira Blog.

Read More

Cyber Security Tips for Parents and Children

cyber security tips for children

How to protect your children from cyber threats

The summer just gracefully glanced over our lives, and now it is time for things to get back to normal – we will soon start feeling the cold breeze and the days will become shorter. Even though that the good old days of casual dress code in the office are now gone, being back to reality has some positives too. Lots of quality TV shows such as The Big Bang Theory and Gotham will be back on the small screen, and your house will become less noisy as the little, and sometimes not so little, bundles of joy will be going back to school. As parents, it is our duty to keep our children safe. One of the ways to protect them from cyber threats is to educate them about the dangers and give them some advice on how to be alert and avoid becoming a victim.

Similar to the well-known parents advise such as to never get into a stranger’s car and to always cross on green, we need to remind our children that irresponsible behavior on their PC or wireless devices, is equally as bad as crossing a street on a red light. Every kid with access to a tablet, cell phone or a computer needs to be aware of how to use them safely. Even though they may not fully understand the fact that using these devices makes them vulnerable, you need to talk to your children about some of the dangers and discuss possible ways to prevent them from happening. The time before they get back to school is perfect for such a conversation.

Here are a few tips worth mentioning;

  • Keeping passwords safe

    Tell your kids always to be cautious when they are using passwords in school/college. Make them aware that people could steal their password by shoulder peeking. Give them an example, tell them to imagine how they would feel if someone starts posting nonsense from their profile on social media only because he/she knows their password. Advise them to make sure no one is watching them when entering a password. Tell them not to share their passwords with anyone!

  • Locking and logging off

    Things can go wrong if students do not log off from a computer at school after using it. If they do not log off, the next person who will be using the same PC may end up intentionally or unintentionally tampering with their work. Tell your kids that it would be a real waste if they’ve worked so hard on a project or a painting, and suddenly everything gets messed up simply because they forgot to lock or log off from their computer.

  • Password changing

    As you know, databases are sometimes not well protected and get compromised. The best way to deal with the ongoing problem is to change passwords often. Remind your kids that changing their passwords at least once every three months is important for them. Make it like a fun game and get them to want to change their passwords even if they don’t do it because of the dangers, but because it is fun. Tell them they can use a funny password such as ‘BieberLikesBananaz12%’.

  • Report cyber bullying

    A quick reminder about the existence of cyber bullying is a must before sending the little ones back to school. Remind them how to notice it and report it. Cyber bullying could be destructive for children of all ages. Tell them not to engage with anyone who they do not know in real life and to tell you if anything abnormal happens with the ones they know. You can use various tools to exercise parental control too. And if you spot something disturbing, do not press the WW3 button but pull quietly them away from the harmful content or friendship. You want your children to trust you!

  • Be aware of belongings

    Stress on the fact that devices can be tampered with and children should not leave them around. Youngsters need always to keep their devices securely locked. Tell them that if they don’t take care of their belongings, you will not buy them new ones. Get them to imagine how long and exhausting will be the months without a phone or a tablet should they end up not taking good care of it.

When you are a parent, some of the things that you do to remain protected are as obvious and as natural as breathing. However, kids from all ages might not have experienced the bad side of technology yet, and things may not feel as natural to them. While you can proudly say kids are tech savvy, they are not necessarily experienced enough to be safe and to be left on their own.
Before you send them back to school, make sure the OS of their devices are fully up-to-date and have stable anti-virus software. It not only protects their devices but quality antivirus software comes with parental control options that give you more freedom to monitor their online behavior safely and from distance.

The post Cyber Security Tips for Parents and Children appeared first on Panda Security Mediacenter.

Read More

You shouldn’t use these 320 million passwords

Looking for a new password you probably should avoid these 306 million - password search, Passwortsuche

You’re looking for the one, the unbeatable password? Well, security expert Troy Hunt does have a few hundred million available – that you should try and stay away from. Troy Hunt is best known for the service he offers on haveibeenpwned.com: a search that allows you to see if your email address was compromised by a data […]

The post You shouldn’t use these 320 million passwords appeared first on Avira Blog.

Read More