Spotlight on DASNR IT

Preserving Your Data – National Cybersecurity Awareness Month

As illustrated here, sudden and irreversible data loss can be devastating. Whether due to theft, hardware failure, or good old-fashioned human error, the costs in time and money resulting from a catastrophic data loss can be staggering and can even have legal ramifications. The real tragedy around these losses is that they are almost always preventable with a little bit of time and research. If this student from the picture above had even the most rudimentary of backup, for example his/her data copied on an external drive, they would only have lost a laptop instead of having lost years of research and writing.

There are two types of computer users: Those who’ve lost their data, and those who will.

So what constitutes a backup? In the simplest of terms a backup is a copy of your data on a different device. Ideally you will have multiple backups in multiple locations so that a single event (fire, flood, theft) doesn’t affect all of your backup media. Internet cloud-based solutions are a great way to backup your data and frees you from having to manage a physical backup medium (hard drive, DVD, flash drive, file server).

How do you backup data? You could just copy and paste your important files manually to another medium every day. This, while better than nothing, is still a far cry from an ideal solution. Ideally you will have a solution in place that automatically saves your data on a regular basis. It should automatically save your data to an external hard drive, a second computer, or to a cloud storage service. Thankfully setting up an automatic backup has never been easier as there are more programs and cloud-based backup solutions available now than ever before. Many even have easy to follow guides on setting them up, making getting started a tad less intimidating.

No one ever wants to back up, but everyone wants to restore their data after a loss.

Nothing lasts forever, and this is especially true in the realm of data storage. Whatever medium you use to store your data will eventually fail and unless you have backups, your work documents, tax forms, family photos, and collection of cat pictures will be gone. This is why it is vitally important to take some time to setup a backup system for your data. Below are several links to excellent sources on the many backup utilities available along with reviews on their features and ease of use.

Life Hacker’s Five Best Online Services:

http://lifehacker.com/five-best-online-backup-services-1006345049

Further reading on backups:

http://lifehacker.com/theres-no-excuse-for-not-backing-up-your-computer-do-1547987206

https://www.schneier.com/blog/archives/2014/09/security_trade-_2.html

http://lifehacker.com/tag/backup-utilities

Lookout Security: Sneaky Culprit

Smartphones are a huge target for malware and theft due to the amount of personal data they store. They provide easy access to a variety of accounts including social networking, email, and bank accounts to name a few. While this makes them very convenient, it also makes them very dangerous in the wrong hands. Because of this we need to take some precautions to ensure not only our devices safety but the safety of our information and identity. One partial solution to this problem is to have a security app installed on your device.

My Story — In September of 2011, I started looking for a program that would help me protect my new, at the time, Android cell phone and my information. After doing quite a bit of research, I found a program to test called Lookout. At the time I had never heard of Lookout, however it had really good reviews and a few very nice features. I created an account and installed it on my phone. It really impressed me and I still use it to this day.

Why I chose Lookout — Lookout’s free account, for iOS or Android, automatically scans your apps and phone data for malware and will alert you and remove it if any is found. It allows you to back up your device’s contacts to your online Lookout account. If needed, you can login to your Lookout account from a computer’s browser and locate your phone using its GPS receiver. It also has an option to scream, setting a siren off on your phone, which can be useful if you cannot find your phone using the GPS coordinates. The premium account also allows you to lock your device and wipe it from a computers browser in addition to backing up your photos and call log history. The premium account gives you added security while browsing the internet and a Privacy Advisor to help keep your information secure from others. Sneaky Culprit2

Does it really work? – After I used Lookout for several months, I setup an account for my mother and one of my sisters and installed it on their phones. A couple of weeks ago, I received an email from my sister that included a Lookout alert. Someone had tried to log into her phone and failed multiple times. This alert happened to include a photo of the culprit who happened to be my sneaky niece who wanted to play on the phone at 7 in the morning. Thankfully someone had not stolen her phone; however, if they had we would have had their photo to give to the police.

Lookout will never be the only solution to save your phone and protect your identity. However it is a very useful tool that can help protect you from malware and if nothing else, might help you find your lost phone.

Protecting Your Devices- National Cyber Security Awareness Month

Since October is National Cyber Security Awareness Month, it is a perfect time to discuss password protecting your devices. As stated in last week’s article, passwords are like the keys to your home.[1] Not having a password on your computers and online accounts would be akin to leaving your house unlocked and fully open to the public. The strength of the password is also crucial to maintaining your privacy and identity online. Using words or pet and family names, while a common practice, can leave your information vulnerable to identity theft. For a list of the 500 most commonly used passwords, check out the article A List of 500 Passwords You Shouldn’t be Using by Jason O. Gilbert.[2] Some key concepts for securing your data include:

Create long passwords with a minimum of 8 characters.
Include upper and lowercase letters, numbers and symbols.
Do not use a recognizable word such as a pet or name.
Use phrases as the foundation of your password. One trick is to use the first letter of a part of a favorite song.[3] For example, use the OSU Alma Mater which might look like P@!Bsyn107 (Proud and immortal Bright shines your name, followed by a favorite number).
NEVER share your password with others.
Store passwords in a safe place to ensure you don’t forget them.
Do not use the same password for multiple accounts.[4]

If you are unsure if a password is secure enough, Microsoft’s Safety and Security Center has a nice tool for checking the strength of passwords.

It is also important to secure your mobile devices such as smart phones and tablets. Both Apple and Android devices are equipped with a passcode option that can be either a 4-6 digit number or can be an actual password. For many of us, our mobile devices may contain access to our banking information and credit cards, not to mention email that may contain confidential information. Always secure your mobile device with a passcode![5]

Password protecting devices is an easy step to securing your personal data and identity. While there is no fool-proof way to prevent an online predator from hacking your accounts, following these steps and ensuring you have secure passcodes/passwords on all of your mobile devices, computers and online accounts can help prevent a thief from breaking in and stealing your private information.

[1] https://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/passwords-and-securing-your-accounts

[2] https://www.yahoo.com/tech/here-are-500-passwords-you-probably-shouldnt-be-using-96467697789.html

[3] https://www.microsoft.com/security/pc-security/password-checker.aspx

[4] https://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/passwords-and-securing-your-accounts

[5] https://www.staysafeonline.org/stay-safe-online/mobile-and-on-the-go/mobile-devices

Chipped Cards: What You Need to Know

EMV Chipped Credit Card (Source and license)

As of October 1st, retailers are supposed to be switching to card readers for EMV¹ chip secured cards, moving away from the ubiquitous card swipe stations. Banks and credit card companies have been sending the new cards, which contain a computer chip as well as the standard magnetic stripe, to their consumers for some time. Now, however, if a retailer has not upgraded their credit card systems, they will be liable for any card fraud that uses a chip-equipped Discover, Mastercard or Visa card. American Express will begin holding business owners liable on October 16th.

1) Does this mean my regular card won’t work anymore?
No. The regular magnetic-stripe cards will continue to be usable for the next few years. Expect your bank and credit card providers to supply you with the new cards as they send replacements.

2) How is buying something with the new cards different from the old?
Instead of swiping your chip-equipped card, you will actually insert it into the card reader and leave it there for the duration of the transaction. This may add a little time to each transaction; retailers hope it will be small enough to not disrupt things too much.

3) What if I have a chipped card, but the store doesn’t have one of the new readers?
The new cards are all being issued with both chips and stripes, so they can be used at the older terminals. After the transition period, the stripe will be phased out.

4) Will this actually prevent credit card fraud?
It should help a great deal. The UK experienced a 63% decrease in card fraud² – although it took three years. Until the majority of consumers are using the new cards, there are still many opportunities for criminals to continue cloning old cards. It also (currently) does not prevent online fraud. In fact, online fraud may become more common for a while. Check your credit card statements closely for the next few years³.

5) How does this work?
In a magnetic-stripe card, all of the account information needed for transactions is recorded in the strip; if someone reads that data (with a card reader, like the ones used to process payments) they can then create a copy of that card. As long as the original card remains valid, the duplicate will also be accepted. The new cards use a computer chip to generate a single-use code for each transaction. Since cloning the chip is much more difficult and would require having possession of the card for a long period of time, cloning cards becomes almost impossible. In Europe, the system also requires a PIN for purchases; while this will eventually be used here, issuers are wary of requiring too many changes at once for their users⁴.

¹ ^EMV is an acronym derived from Europay, Mastercard & Visa

² ^ ABC News, “What You Should Know About the New Credit Card Chip Rule” (http://abcnews.go.com/Business/credit-card-chip-rule/story?id=34148839), accessed 1 Oct 2015.

³ ^ NBC News, “Chips, Dips and Tips: 5 Potential Problems With New Credit Cards”, (http://www.nbcnews.com/business/consumer/chips-dips-tips-5-potential-problems-new-credit-cards-n436511), accessed 1 Oct 2015

⁴ ^ How-To Geek, “Chip Credit Cards Are Coming to the USA: Here’s What You Need to Know”, (http://www.howtogeek.com/216571/chip-credit-cards-are-coming-to-the-usa-heres-what-you-need-to-know/), accessed 1 Oct 2015.

National Cybersecurity Awareness Month: Security is more than just a program

When it comes to cybersecurity, a commonly asked question is: “What is the best program to keep my data and computer safe and free of infection?” Unfortunately a single program cannot and will not provide a complete and fail safe cybersecurity solution. To use an analogy, locking the front door to your house with multiple locks doesn’t help protect your house if the windows and other doors remain unlocked. Cyber criminals can be considered the craftiest of all thieves; however, there are some things you can do to help protect yourself. To start, you should stop thinking about only securing your computer. Many of the principles dealing with computer security are very closely related to your personal security. In the following guidelines for computer security, we will cover a few tips that can help keep you safe.

Be suspicious – If you receive a notification that your computer is infected, make sure it is coming from the protection software you installed and isn’t malware that wants to install more malware on your computer. If something or someone is asking for your credit card number or bank account information, why do they need it? If someone calls or emails you claiming to be a representative of Microsoft or another large company be on guard as these companies never contact you directly and request personal information. Always be cautious with free programs as many tack on malware that will infect your computer.

Take control – Know what programs are installed on your computer. Use an antivirus program on your computer and mobile devices. Run updates regularly on your computer from trusted sources (Microsoft, Java, Adobe, and your antivirus software.) Use passwords on your computer and other devices. Lock down the security of your social media accounts so that only your friends and family can see your posts and have access to your information.

Guard your important data – In social media and other online venues, do not share anything that could be used as a security question for online accounts such as pet names, your date of birth, mother’s maiden name, favorite sports teams, and where you grew up. Keep your banking information, passwords and account information in a secure location. Avoid posting to social media when you are leaving for vacation and how long you are going to be gone as this can give criminals an opening to break into your home.

Following these simple recommendations will help you be more secure and it minimizes the risk of identity theft. When it comes to the security of your information and your identity, nothing and no one who can protect it as well as you.

More information on National Cyber Security Awareness Month is available here https://www.fbi.gov/news/stories/2015/october/national-cyber-security-awareness-month.