Are We Being Watched? Protect Your Online Privacy

Authomate Blog

06 Authomate Blog 6 - ImageMany internet users have become increasingly concerned about protecting their privacy online,  but it isn’t just thieves and hackers we need to be concerned with – what about your government accessing everything you do online?

Security expert Bruce Schneier, who worked on the Edward Snowden stories, told British paper, The Guardian recently that, “If the NSA wants in to your computer, it’s in. Period”.

“The NSA has turned the internet into a vast surveillance platform, but they’re limited by the same economic realities as the rest of us, and our best defence is to make surveillance of us as expensive as possible.”

For practical solutions, here’s what some of the top security experts suggest to deter both state spies and ordinary fraudsters:

• Passwords: Don’t use the same one all the time. Make it complex with upper- and lower-case letters, numbers and characters such as $%&!.

• Security or password reset questions: …

View original post 187 more words

Target Security Breach: 3 Lessons Learned


1389741976-target-security-breach-stresses-need-better-cyber-securityThe recent security breach at Target has sure made us focus on the growing problem of financial data theft. For those of you who don’t already know, a staggering 40 million credit and debit card records were stolen which led to data theft of as many as 70 million customers. The huge security breach appears to have been part of a broader and highly sophisticated scam that potentially affected a large number of retailers. Target was actually just one of six hundred publicly disclosed data breaches in 2013. So what are he main lessons learned from the Target security breach and will it change non-cash payment methods in future?

1. Credit cards offer better fraud protection

It is important that consumers know how credit and debit cards differ when it comes to fraud protection. The most important difference is that credit cards provide better fraud protection than debit cards. If someone was to steal your debit card they are stealing your money and you would have to argue with the bank to get it back whereas with a credit card, they are essentially stealing the bank’s money.  The law limits responsibility for unauthorised debit card charges to $50 if you notify the bank within two days. For those of you that don’t check your bank statement regularly, if you don’t report fraud within 60 days of receiving your statement, you could lose all the money that was stolen. However, credit cards have zero liability policies so the card owner will never lose a penny to fraud. In that case, why would anyone use a debit card? Well, not everyone qualifies for a credit card and some people that do, chose not to have one to reduce the risk of debt.

2. A security freeze won’t always protect you

After the Target security breach, experts advised customers to put a security freeze on their credit report. This would be the right thing to do if social security numbers had been stolen as it presents the thief from opening new accounts in your name. However, in the case of the Target security breach, it did not make any sense. A security freeze does not prevent fraud on an existing account nor can it stop someone using a stolen card number to shop online or clone a new card to use in store.

3. Will changing your PIN number make a difference?

Target confirmed that encrypted PIN numbers were stolen during the breach but does that mean you should change your PIN if you’re a victim of credit or debit card fraud? Changing it will prevent thieves from withdrawing cash from an ATM using a stolen debit card. To be completely safe, other measures must be taken. Customers need to ask their bank to issue them with a new PIN number.

So, will Target’s massive data breach change non-cash payments for good? Some believe that using cash is the only solution. However, it’s apparent that debit cards aren’t going anywhere anytime soon. The answer is simple; more fraud protection needs to be guaranteed for debit card holders. Perhaps one thing might change, increased information sharing among payments companies may lead to better security and perhaps the breach will lead to adoption of end-to-end encryption systems but time will tell.

Buffer Hack: A Guide to Successful Crisis Management


Buffer-logoWith social media comes a whole new set of rules for your organisation’s crisis communications and crisis management. We’re often given opportunities to learn about social media crisis management through the highly visible fallout from the experiences of others. Buffer, the social sharing platform was hacked in October 2013. Although this wasn’t a positive experience for them, because of their successful crisis management strategy, things actually turned out ok in the end. So where did Buffer go right and what can we learn from them?

Communication is key

Buffer communicated with the media, their customers and their social audience from the get go. They successfully created a social buzz which was largely positive across their channels. Customers praised the company for their transparency and timely communications and voiced their support. Buffer reps were tweeting in response to each and every mention they received at the peak of their crisis. Staff were communicating across their blog, Twitter, Facebook and through the media, to ensure customers were fully informed. They weren’t scared to get ahead of the story, making sure that their customers heard the details of the situation from them, before they heard it from any other source.

Effective Team Management

Buffer managed their team, processes and partners effectively to reduce the impact of the interruption and they even reinforced their core values to customers while doing so. Genius. Teamwork was key. As the hack occurred on a Saturday afternoon, staff were not in the office so they worked from home, connecting with Google Hangouts. They worked together to manage Twitter, emails, and blogs post comments, keeping the user front of mind giving them real time updates and answering any questions. They expressed true concern, care and sincerity – and were completely human.

Continued Post-hack Communication

Buffer continued to be informative by providing their users with step-by-step information for reactivating their accounts. Once the situation was resolved, they heightened their security measures so as to protect the situation from happening again and they restated and reassured that they had taken the situation seriously by declaring that new security measures had been put into place. Most importantly, they welcomed feedback from users, making their crisis communications a two way process, the best way to learn and adapt.

Buffer focused on communicating efficiently throughout the crisis, keeping their users updated and reassured and, as a result, their users trust and feel connected to the brand in a more positive way than they did before the hacking occurred. Every organisation can learn from Buffer and the way they chose to handle this, potentially disastrous, crisis situation. A strong brand culture, team empowerment and an open and honest, two way communication process is essential.

Keep yourself secure online: download Strong Pass now

Target Security Breach: 7 Ways to Protect Yourself


140113121845-target-shopperss-hack-620xaThe huge security breach that has affected Target recently appears to have been part of a broader and highly sophisticated scam that potentially affected a large number of retailers. It has now been confirmed that the attack that occurred last month has affected 40 million credit and debit card accounts and led to data theft including names and email addresses of as many as 70 million innocent customers. 

Is it just a matter of time before our personal information is compromised? While many shoppers have been left feeling angry and helpless, there are some steps consumers can take to protect themselves against fraud and identity theft. After all, the best solution to a problem is prevention. Before we begin it’s important to remember that retailers are not legally required to offer credit protection services to customers and we are all responsible for continued monitoring of our credit card and bank accounts. We must continue being vigilant in recognising fraudulent emails or phone calls from people claiming to represent retailers or banks.

So, how can you protect yourself in future? Use cash instead? No. Cash can be lost or stolen with little or no recourse. Credit cards offer better protection to the card holder especially when they are used without authority, a much safer option. Here are some top tips on how to protect yourself while still using plastic.

1. Be vigilant – check your credit and debit card statements regularly and report any unusual charges, even if it’s only small. Sometimes thieves place a small charge to check if the card is active.

2. If you notice an unauthorised charge, especially if it’s a debit card, ask your provider to cancel your current card immediately and issue you a new one.

3. Consider various options for monitoring your credit profile and credit card activity. Target offers a credit-monitoring service for customers, as do other retailers.

4. Be cautious of any correspondence claiming to be from your bank or the retailer you shopped at and never give any sensitive information such as PIN numbers. Double check the URL in the correspondence you have received. If you are suspicious, report it.

5. When there has been theft of personal data, thieves will often use ‘phishing’ to convince you to part with even more personal data such as passwords. This is not only done on the phone or over email, but also social media sites such as Twitter so be warned. If you use the same password for your online banking as you do for your social media accounts then change them, you can never be too careful.

6. Too many people have simple passwords for their accounts. If this includes you, make sure you change it. If you can’t think of one, use a password generator or add some capital letters to numbers to your current password to make it stronger.

7. Shred your documents – while online fraud and data theft is growing, it’s important not to forget about correctly storing and disposing your physical documents too.

Some believe that using cash is the only solution. This is not the case. Consumers need to be aware that data security is down to their own vigilance, and they should not solely rely on their bank or financial provider to protect their information. Attacks are inevitable and will continue to happen so it’s important to be prepared and protect yourself.

Cyber Security For College Students

11 Authomate Blog 11 - ImageCyber security might not feel like a real and present danger when you’re up to your  eyes in study deadlines. But taking a few moments to take your online security seriously could save you a lot of time and money later on.

Here’s our tips to keep your college life secure:

  1. Lock your devices. Use the auto lock features on your phone and computer to avoid unauthorised access. Use pin codes and passwords to unlock them.
  2. Don’t over-share. Be aware that the information you share on social media could be used against you – do you really need to tell the whole internet that there’s nobody in your house?
  3. Email secure. Make sure you don’t share your email password with anyone, including close friends or relatives. You use that email account for so much that could be compromised, so don’t make it easy.
  4. Protect your passwords. Using a password management app like Strong Pass is a good extra way to keep your account passwords secure. And it’s easy too – instead of remembering a dozen complex passwords, access all your accounts with a swipe of your smartphone.
  5. Do the updates! It may seem like a hassle, but quite often software updates contain new information about how your devices can block viruses and spyware.
  6. Shared computers and open networks. Do not share any personal information on a shared computer or shared wireless network – it is likely to be at risk.
  7. Be prepared. Take steps in case the worst should happen. Backup your data regularly, enable remote wiping of your devices and GPS tracking.

Are We Being Watched? Protect Your Online Privacy

06 Authomate Blog 6 - ImageMany internet users have become increasingly concerned about protecting their privacy online,  but it isn’t just thieves and hackers we need to be concerned with – what about your government accessing everything you do online?

Security expert Bruce Schneier, who worked on the Edward Snowden stories, told British paper, The Guardian recently that, “If the NSA wants in to your computer, it’s in. Period”.

“The NSA has turned the internet into a vast surveillance platform, but they’re limited by the same economic realities as the rest of us, and our best defence is to make surveillance of us as expensive as possible.”

For practical solutions, here’s what some of the top security experts suggest to deter both state spies and ordinary fraudsters:

• Passwords: Don’t use the same one all the time. Make it complex with upper- and lower-case letters, numbers and characters such as $%&!.

• Security or password reset questions:  If you are asked to provide answers to “security questions”, consider whether the answers are really secure. If you are obliged to answer standard questions, remember the answer doesn’t have to be true, it only has to be memorable to you.

• Social media: Use security features on Facebook and Twitter such as two-factor authentication and notification of log-in attempts from unknown devices. Don’t share anything that could give clues about answers to security questions.

• Email: Free email and webmail services are vulnerable, so at the very least, install two-step verification or use a management app like Strong Pass for an extra level of security.

• Cloud services: All cloud providers based in the US and the UK (including Dropbox, iCloud and Evernote) are open to surveillance, so encrypt information you don’t want to share before uploading sensitive documents to the cloud.

• Connections: All your devices are connected all of the time, so remember that if one is breached others become unsafe. Keep track of which services you give permission to access others, and revoke this if one is compromised or you stop using it.

Use Google Chrome To Give Unrestricted Access To Your Passwords

12 Authomate Blog 12 - ImageThere have now been dozens of reports about a serious flaw in the security of Google’s Chrome browser, so we felt it was important to make you aware of this issue.  

Google Chrome allows anyone with access to a user’s computer see all their passwords stored for email, social media and other sites directly from the settings panel. And even more worrying, no password is needed to view them!

To see the passwords, all you have to do is click on the settings icon, choose ‘show advanced settings’ and then ‘manage saved passwords’ in the ‘passwords and forms’ section. A list of hidden passwords is then revealed, but clicking beside them reveals the actual text of the password free to copy or send via screenshot, compromising all of your accounts in one easy step.

Unfortunately, Google are aware of the weakness and have no plans to change this – a problem other browsers, like Firefox, once had, and fixed. So what can you do to avoid this major flaw in your internet security?

For one, maybe it’s time to change to a new browser.

Make sure you delete any saved passwords from your browser (you can access this through your browser settings in Chrome), don’t allow this saving function and regularly revisit to make sure you’re not compromised.

And protect yourself in future by using a secure password manager, like Strong Pass. If you would like to have the peace of mind that Strong Pass offers, download the app now and take your security into your own hands.

Our Predictions For Online Security in 2014

04 Authomate Blog 4 - ImageWith 2014 only around the corner and 2013 drawing to a close, we think now is the time to take your own security seriously. Here’s some of our predictions for online security in 2014:

1. Increase in two-factor authentication. More and more individuals are having their email, social media and other accounts compromised because of weak passwords and inadequate online security. In 2014, more businesses will be making two-factor authentication mandatory for your safety.

2. The move towards creating the ‘internet of things,’ requires the ‘security of everything’. Unfortunately, this means that the things in your life that have traditionally out of reach to criminals are now in reach. In 2014 you will need to be more resilient online and ask yourself: Could you tell if your information or accounts were compromised? We also need to think beyond our computing devices when asking this question and also think about our cars, gadgets, even our appliances.

3. People will be more active about protecting their private information. There have been countless privacy issues in the media in 2013 and there is a growing concern whether site provided privacy options actually provide any real security. People will look for new ways to protect themselves in 2014, sidestepping the standard provisions for something more robust.

Follow the money to eliminate cybercrime?

07 Authomate Blog 7 - ImageWhen a new attack comes out, you need to come out with a new defence. Attackers, on the other hand, can attack proactively at will. The cost of cybercrime is huge, but what does is cost the criminals, and how therefore do we come up with adequate defense against it? 

Five dollars for control over 1,000 compromised email accounts. Eight dollars for a distributed denial-of-service attack that takes down a website for an hour. And just one dollar to solve 1,000 captchas.

Those are the going rates of cybercrime, the amounts criminals pay other criminals for the technical services necessary to launch attacks. It’s the kind of IT outsourcing no legitimate company would ever conduct, but it’s a profitable business if done effectively.

Data shows that 35% of IT pros think their organisations are not investing in the right security technologies. 65% believe their networks are at risk of being breached within 3 years.

How do we solve this? If it’s impossible to keep intruders out of your network (which is appears to be), the logical approach is to build security around the assumption that they are already on the inside.

This means making it as hard as possible for them to achieve an acceptable ROI after they have breached the perimeter. When you do this, you focus on what matters – securing your data. It becomes clear that you need to move your security controls as close as possible to the data so attackers can’t use it, even if they have breached the perimeter. In effect, you need to create a “Secure Breach” environment.

Understand your adversaries, make it hard for them to profit from you and make sure your data is secure by putting an added layer of protection in your hands.

5 ways you could become a victim of identity theft

08 Authomate Blog 8 - ImageThere have been countless media stories about the horrors of identity theft. But how do people become victims?

Here are 5 ways you could become a victim – so you can avoid them.

  1. Unsafe surfing. The easiest way to become a victim is to completely let your guard down. Use firewalls, protective software, be aware of the things that might put you at risk and the information you share. Also where you share it – for example, don’t do your online banking on a public or shared computer.
  2. Inadequate antivirus and anti-spyware protection. Having nothing in place to alert you to risks puts you in danger of not knowing you’ve been hacked until it’s too late. System updates and good antivirus protection might feel time-consuming and expensive, but when you compare that with the cost of someone potentially hacking your accounts?
  3. Unknown attachments. Opening attachments from strangers may feel like a minor issue, but doing this can open a door to a Trojan horse or virus. If you’re not expecting anything and you don’t know the sender – don’t open it.
  4. You’ve got mail. Some people have become victims from documents through their mail box – bank statements, cheques, credit card statements all give thieves a window into your identity. Remember to shred unwanted personal documents and paying and banking online, with the right security, could be safer than dropping your personal information into a mailbox.
  5. Too good to be true? Surprisingly, some people fill out their bank details when asked in those emails we all get from relatives of unfortunate people stuck in war zones looking to transfer large amounts of money into the West, in return for a small percentage. Please avoid doing this. You will without a doubt become a victim of identity theft.