Month: May 2017

Remember the hullabaloo when banks and card companies made the switch from magnetic strip credit cards to chip credit cards after a bunch of consumer data was stolen? I do. My mother was terrified for MONTHS that her identity was stolen and she would have to move to Belize. It took a long time to get her over that fear, and even longer for her to use her credit cards again. Now, if you didn’t have an overdramatic mother or need a refresher on the chip cards, check out this article from Forbes for a quick recap on the whole transition.

Basically, chip credit cards are a lot more difficult to counterfeit, which was one of the benefits proffered by supporters. By using the chip technology along with requiring a personal PIN number, many believed the new cards would be exponentially more secure. The thought that a thief could take your card but not use it without magically knowing your PIN number was a relief to a lot of people. However, not every establishment requires a PIN number to be used. You can still insert your chip card and opt for the credit option, which only requires a signature. And we all know those are never accurate or properly vetted. (I’ve signed everything from a triangle to squiggles to random words just to see if any alarms were ever triggered… the answer to that is a hard NO.)

Unfortunately, once you get past the fancy chip part, nothing new is really happening. And with every new advancement comes villainy. A new fraud scheme called ‘shimming’ is targeting our chip credit cards. Thieves who target chip credit cards insert a paper-thin device inside a chip card reader on a credit card terminal. Then, when the credit card is inserted into that slot, the device (appropriately called a “shim”) captures the card information by reading the chip and storing the data.

Although such a delicate scam is not a widespread issue yet, it is something keep in mind as a consumer and it serves as a reminder for credit card holders to monitor fraudulent purchases on their statements. Don’t be that person who blindly pays their bills without looking at the charges! Nothing is ever bulletproof, and with new technology, criminals find new holes to exploit.

To combat ‘shimming’ and boost security, MasterCard is planning to introduce a variation of credit cards that use fingerprint identification to produce secure point-of-sale transactions. In this innovative move, the card holder’s fingerprint, which will be stored on the card’s EMV chip using a fingerprint reader embedded on the card, will be needed before a transaction can go through. So unless criminals find ways to steal fingerprints AND the associated credit cards, MasterCard could be on to something extremely secure and simple. And maybe it would speed up the process so we all aren’t waiting in line at Target for hours, am I right?

So how does a biometric card work? The chip validates the user’s identity by matching the fingerprint to the stored pattern. The change process is simple for merchants, as those with a chip reader don’t need to invest in a separate fingerprint reader. Theoretically speaking, this biometric card improves security compared with chip-and-PIN, and a fingerprint card is significantly more secure than a chip card that needs only a triangle or squiggle signature.

The biometric card is currently in a trial phase but with fingerprint technology so widely accepted with the introduction of the biometric readers on smartphones, it could come around much sooner than expected.

1. Make sure everything is up-to-date and patched to the most recent version

Ransomware searches for vulnerabilities in your software and operating system to find a way in and carry out its malicious plans. The WannaCry ransomware discovered a security hole in the Windows operating system and used it to spread across networks.

Vulnerabilities can be found in anything, like your email client, internet browser, server, and nearly any other software that connects to the vast internet. Vendors issue patches for their software very regularly, which you should install as soon as possible, as inconvenient as it may seem. It’s better to be safe than sorry.

Want an example? Microsoft had issued a patch for the vulnerability a month before the WannaCry attack, but unfortunately, hundreds of the thousands of computers hadn’t installed it.

With an antivirus—which you should definitely have, by the way—make sure that it’s set to automatically install the latest updates.

If you’re using an outdated operating system that is no longer supported, seriously consider upgrading to a newer version as well.

2. Minimize your attack range

As long as you’re connected to that pesky internet, there’s no such thing as absolute security. Even networks and computers that aren’t connected to the internet (air-gapped systems) aren’t absolutely secure.

An up-to-date antivirus unfortunately can’t protect you against the thousands of unknown viruses that are created every day, and a patched system won’t stop a zero-day attack (an attack that exploits a vulnerability that isn’t publicly known).

Therefore, you should try to plug the holes in your network as best you can. All major operating systems usually come with easy-to-use and pretty effective firewalls. Make sure that firewall is always turned on, and only open ports that you absolutely need.

With that being said, turn off operating system features and software that you don’t need. That includes file-sharing services and browser plugins like Flash and Java, which are rife with security holes.

Another smart measure that can reduce your attack range is keeping your work on a limited account as opposed to an administrative account. By not using an administrative account, you’ll be successfully limiting the access of the malware in the unfortunate case it does strike.

3. Monitor and manage your trust

Attackers often use phishing to deliver ransomware. Phishing is a type of scam that involves targeting victims with legitimate-looking messages that contain malicious links or infected attachments. Since the targets think the email comes from a trustworthy source, they’ll download and open the attachment, which will then deliver the ransomware.

So be very careful with the emails you receive, and don’t open any attachments unless you’re absolutely certain of the source. In case there’s any doubt, use the phone or social media to verify the authenticity of the message with the sender.

You should be very wary of certain file formats, including Microsoft Office documents (.doc, .xls), executables (.exe, .bat), and compressed archives (.zip, .rar). Cybercriminals commonly use Word macros to perform ransomware attacks.

4. Have a solid and tested backup plan

You should always be prepared for the worst coming to pass. While there have been certain scenarios where ransomware encryption has been successfully reversed at no consequence, for the most part, nothing short of paying the attackers will decrypt your files. Ain’t nobody got time for that.

That is exactly why you should always keep solid backups of your files. For files that don’t need to be modified, such as pictures and videos, you can use old-school DVDs. For other types, you can use other removable media, such as thumb drives.

External drives can work well, but they’ll be useless if they’re connected to your computer when it becomes infected. Sorry.

Cloud backups are good too as long as you make sure they aren’t mapped to local drives. Ransomware can go through all your local drives and encrypt their content, whether they’re on your hard drive or in the cloud.

Lastly, be careful when storing your archives in shared folders. Certain breeds of ransomware will scan your network and find unmapped shared folders and encrypt their content too.

We use it every day to communicate, plan our days and our projects, and transfer files and information. And with the necessity of keeping a paper trail, it’s no wonder our inboxes are overloaded by the thousands. The good news is that with careful organization and consistency, it is possible to reach “inbox zero.” Follow these seven simple steps and experience the many benefits of email bliss.

Don’t be afraid to delete.

If it’s not important, delete it. The hoarding of emails is out of control, and the only way to tame it is to be honest with ourselves about which emails we need and which ones we don’t.

Use labels.

When it comes to emailing, labels (or filters) are your best friend. Create labels for the categories you deal with most—like expenses, project name, internal, billing, etc. By labeling each email, you’re storing it away and making it easy to find when the time comes to pull it out again.

Unsubscribe, unsubscribe, unsubscribe.

Marketing emails are unavoidable. Companies get our information and we magically end up on an email list—but luckily they’re easy to stop. Simply find the unsubscribe link on the bottom of the email (buried in the small print) and go through the steps. If there are marketing emails you’d prefer to continue receiving, just create a label for these emails to keep them organized in one place.

Create folders for popular actions.

Just like we create labels to store emails away, we create folders for the emails that require action. These folder names could be follow up, projects and archive. Whatever you choose, name them so you know exactly what will be needed with those particular messages—getting them out of your inbox and onto a makeshift to-do list.

Enable automations.

If your email provider is capable, create automations for certain tasks. This could include automatically sending CCed emails to a certain folder or labeling emails containing certain keywords. This function keeps you organized while doing less of the work.

Organize with an app.

Want a virtual assistant to organize your emails for you (even from multiple accounts)? There’s an app for that. Popular applications like Boxer and Organizer help you label and organize your inbox with efficiency.

Use NNTR.

Four words: No need to reply. This phrase will keep your inbox happy and uncrowded.