508-909-5961 [email protected]

Millions more affected by Equifax leaks

Back in 2017, Equifax, one of the three major credit bureaus in the US, made a major security blunder that leaked millions of sensitive information, including Social Security numbers, addresses, driver’s license numbers, and credit card details. The company estimated that the data of 145.5 million people (almost half the US population) were exposed.

The post Millions more affected by Equifax leaks appeared first on Complete Technology Resources, Inc..

Millions more affected by Equifax leaks

Back in 2017, Equifax, one of the three major credit bureaus in the US, made a major security blunder that leaked millions of sensitive information, including Social Security numbers, addresses, driver’s license numbers, and credit card details. The company estimated that the data of 145.5 million people (almost half the US population) were exposed. But according to recent reports, there may be millions more affected by the leaks.

What happened?
On March 1, Equifax reported that the names and driver’s license numbers of approximately 2.4 million Americans were stolen. According to the company, sensitive information like home addresses, home states, or the license issue and expiration dates were not leaked. Equifax said these breaches were discovered only recently because their forensic investigations primarily focused on stolen Social Security numbers.

In response, the company said that anyone affected would be notified directly. They’re also now offering a security program designed to prevent identity theft and credit tampering. However, given the company’s poor track record, not many are willing to enroll.

When the company first announced the breach in September last year, the tool used to check whether an account had been hacked didn’t work and came up with false positives. Fortunately, there are other things you can do to protect yourself.

Monitor your credit
Consider looking through your credit reports for any suspicious spending. If you spot any new accounts, loans, and other payments you don’t recognize, contact your credit card company to report fraudulent transactions.

Check the dark web
Compromised data is often sold to the highest bidder on the dark web, so most Equifax data can probably be found there. To see whether your personal information has indeed been compromised, sign up for dark web monitoring services. Then consult with a security professional to discuss your options.

Place a credit freeze
One way you can prevent hackers from opening credit cards and making payments in your name is to freeze your credit. When you implement this, anyone masquerading as you will be required to provide a PIN to unfreeze your account. Contact the credit bureaus (Equifax, Experian, TransUnion) to activate this service.

Set fraud alerts
When you set a fraud alert, credit card companies and businesses must verify your identity before opening an account or making any payments. Together with a credit freeze, alerts will make it extremely difficult for hackers to steal your identity.

Learn to identify phishing scams
Because Equifax is notifying data breach victims directly through email, hackers could take this opportunity to send fake messages that direct users to dangerous websites. As such, knowing how to identify phishing scams (suspicious URL links, attachments, and spelling errors) is vital.

Dealing with data breaches is a long and frustrating process, especially for businesses that just want to focus on growing their operations. So if you have any security concerns, call us today. We have the cybersecurity expertise to protect you.

Published with permission from TechAdvisory.org. Source.

The post Millions more affected by Equifax leaks appeared first on Complete Technology Resources, Inc..

Read More

iPhone security impenetrable no more

Cellebrite claims that they have devised “undisclosed techniques” to unlock Apple devices running on any iOS operating system. The U.S. government contractor based in Israel recently notified clients of their ability to circumnavigate iOS protections that’s part of their new service for forensic specialists and law enforcement.

The post iPhone security impenetrable no more appeared first on Complete Technology Resources, Inc..

iPhone security impenetrable no more

Cellebrite claims that they have devised “undisclosed techniques” to unlock Apple devices running on any iOS operating system. The U.S. government contractor based in Israel recently notified clients of their ability to circumnavigate iOS protections that’s part of their new service for forensic specialists and law enforcement.

iPhone vulnerabilities leaked, is it true?

A couple years ago, Apple had a showdown with the FBI regarding data privacy, and this prompted them to develop exceptionally secure mobile devices. But Cellebrite has crashed the party, developing several methods to access iPhone operating systems, including the most recent version.

The engineers are now promoting their methods to private forensics and law enforcement professionals around the world who would benefit from this new service. In fact, in November 2017, the Department of Homeland Security successfully raided data from the iPhone X, most likely through the use of Cellebrite technology.

Secure your business at all costs

To protect you from this potential security issue, here are a couple suggestions from tech experts:

  1. Patching mobile devices is a crucial step for both businesses and consumers. For devices that cannot be patched, you must retire it to prevent risks.
  2. Adopting a disaster recovery plan is vital. This way, you can limit how much damage a breached gadget can cause.

Only time will tell whether Apple’s reputation and the iPhone’s security really has been weakened. Still, it doesn’t mean that you should hold off on protecting your business. Use this news to give your technology an overhaul, improve your business processes, and update your employees’ security training.

Even with all the ingenious ways to hack into systems nowadays, you felt you could count on Apple to be one step ahead of everyone -- but that might not be the case anymore. Ensure that your privacy is secure and your files are still safe by strengthening your usual security practices. But if that's too technical for you, just give us a call and we’ll take care of it!

Published with permission from TechAdvisory.org. Source.

The post iPhone security impenetrable no more appeared first on Complete Technology Resources, Inc..

Read More

HTTPS is something to care about

For all the time we spend discussing the complexity of internet security, there are a few simple things you can do. Avoiding websites that aren’t secured with the HTTPS protocol is one of them. It’s a habit that can be developed with a better understanding of what the padlock icon in your web browser’s address bar represents.

The post HTTPS is something to care about appeared first on Complete Technology Resources, Inc..

HTTPS is something to care about

For all the time we spend discussing the complexity of internet security, there are a few simple things you can do. Avoiding websites that aren’t secured with the HTTPS protocol is one of them. It’s a habit that can be developed with a better understanding of what the padlock icon in your web browser’s address bar represents.

HTTPS Encryption

Older web protocols lack data encryption. When you visit a website that doesn’t use HTTPS, everything you type or click on that website is sent across the network in plain text. So, if your bank’s website doesn’t use the latest protocols, your login information can be intercepted by anyone with the right tools.

HTTPS Certificates

The second thing outdated web browsing lacks is publisher certificates. When you enter a web address into your browser, your computer uses an online directory to translate that text into numerical addresses (e.g., www.google.com = 8.8.8.8) then saves that information on your computer so it doesn’t need to check the online directory every time you visit a known website.

The problem is, if your computer is hacked it could be tricked into directing www.google.com to 8.8.8.255, even if that’s a malicious website. Oftentimes, this strategy is implemented to send users to sites that look exactly like what they expected, but are actually false-front sites designed to trick you into providing your credentials.

HTTPS created a new ecosystem of certificates that are issued by the online directories mentioned earlier. These certificates make it impossible for you to be redirected to a false-front website.

What this means for daily browsing

Most people hop from site to site too quickly to check each one for padlocks and certificates. Unfortunately, HTTPS is way too important to ignore. Here are a few things to consider when browsing:

  • If your browser marks a website as “unsafe” do not click “proceed anyway” unless you are absolutely certain nothing private will be transmitted.
  • There are web browser extensions that create encrypted connections to unencrypted websites (HTTPS Everywhere is great for Chrome and Firefox).
  • HTTPS certificates don’t mean anything if you don’t recognize the company’s name. For example, goog1e.com (with the 'l' replaced with a one) could have a certificate, but that doesn’t mean it’s a trustworthy site.

Avoiding sites that don’t use the HTTPS protocol is just one of many things you need to do to stay safe when browsing the internet. When you’re ready for IT support that handles the finer points of cybersecurity like safe web browsing, give our office a call.

Published with permission from TechAdvisory.org. Source.

The post HTTPS is something to care about appeared first on Complete Technology Resources, Inc..

Read More

Google suggests business-friendly phones

If you’re in the market for a new Android phone but overwhelmed with the number of options available, Google can help. They’ve recently published a set of standards of what constitutes a ‘business-friendly’ phone and has created a short list to help you decide.

The post Google suggests business-friendly phones appeared first on Complete Technology Resources, Inc..

Google suggests business-friendly phones

If you’re in the market for a new Android phone but overwhelmed with the number of options available, Google can help. They’ve recently published a set of standards of what constitutes a ‘business-friendly’ phone and has created a short list to help you decide.

Google-approved devices
Recently, Google launched Android Enterprise Recommended to make it easier for businesses to find secure, cutting-edge devices they can confidently invest in. This program establishes minimum hardware, software, security, and user experience requirements for Android devices and services.

For instance, mobile devices in the program must be able to deliver security updates within 90 days of Google releasing them, for at least three years. This is an important requirement because the Android OS tends to get a lot of unwanted attention from hackers due to its open-source nature and the thousands of unregulated apps available in its Google Play store.

Beyond security, ‘enterprise-ready’ Android phones must have:

  • The capacity to support Android 7.0 Nougat or higher (at least 2GB of RAM, 32GB of storage, and a 1.4 GHz processor)
  • Zero-touch enrollment, which allows businesses to deploy devices with company configurations and policies already in place
  • Seamless application experience across devices and accounts

Google also announced that requirements will change for each new version of Android OS, and vendors will have to submit their devices to be validated every time. Of course, if any device doesn’t meet compliance (or falls out of it), Google will remove it or even its manufacturer from the program.

What devices are recommended right now?
So far, the program has 21 enterprise-ready smartphones, including:

  • Google Pixel (Pixel XL, Pixel 2, Pixel 2 XL)
  • BlackBerry KEYone and Motion
  • Huawei (Mate 10, Mate 10 Pro, P10, P10 Plus, P10 Lite, and P smart)
  • Nokia 8
  • LG G6 and V30
  • Motorola X4 and Z2
  • Sony Xperia (XZ1, XZ1 Compact, XZ premium, XA2, and XA2 Ultra)

Although it's the leading Android smartphone vendor, Samsung was not included in the list. However, this was only the first fleet of devices that were validated, and more devices will be added to the list throughout the year, according to Google.

So if you’re planning to implement remote work and bring your own device policies in the coming months, check the Android website regularly for new Google-approved devices. And if you need more advice about mobility solutions, contact us today. We have IT experts at your beck and call!

Published with permission from TechAdvisory.org. Source.

The post Google suggests business-friendly phones appeared first on Complete Technology Resources, Inc..

Read More