Category Archives: mobile

Cyber Monday top tips

Cyber Monday is upon us again.. or should I say #cybermonday. Anyway, I asked our Security Consultants to come up with some top tips to help you shop a bit more securely for your Christmas gifts and decorations. Thanks to Chris Cope and Del Brazil for this.

  • HTTPS (other online vendors are available)   Always check for the padlock or green URL to confirm the ID of the website. If your security software is highlighting a problem then don’t ignore it;
  • Use secure passwords on websites you set up accounts with;
  • Pay on credit card if possible to gain on insurance;
  • Use reputable websites, sites that look too good to be, true usually are;
  • Be wary of being transferred to another webpage –Don’t follow links emailed to you, visit the website yourself;
  • Make sure no one is looking over your shoulder capturing your card details etc;
  • If there are any issues then remember to complain promptly. Consumer rights cover the internet but don’t leave it too long to complain if goods aren’t what you expected. 

Wishing you a secure Cyber Monday experience…

Advertisements

Ebay User Data Breach

Our MD, Mike Gillespie was speaking on BBC Radio 5 Live and BBC Radio Scotland about this disastrous data breach. There will be audio files soon for those who want to hear his comment and advice. Watch this space.

Phishing

One of the facts that has emerged so far is that this hack was in fact enabled by a spear phishing attack. For those of you who don’t know what this is, you are not alone. One if four UK employees does not know what phishing is and this major breach is a good example of why we have to get on top of security awareness training.

Phishing is when an untargeted,unsolicited email, purporting to be from  a valid source, such as a bank, invites you to click on a link or open a file. This is normally accompanied by some vague ‘issue’ such as suspicious account activity or the suspension of your account. Many of us can spot them on sight now as they are usually unsophisticated and badly spelled though this is starting to change. The payload is normally malware or spyware and might do anything from stealing logins, keystrokes or financial details.

Spear phishing is targeted at specific individuals and is normally more carefully constructed usually using some knowledge of them and with a specific purpose in mind. This may be access to a particular database, as it would appear in this case. The target may have been observed on social media or in person to establish some means of dialogue or establishing trust. this will increase the likelihood of the email being opened and activated and therefore the payload being delivered.

You may also have heard of Vishing or voice phishing and is probably best exemplified by the ‘Microsoft’ support call scam. This is when you receive a random call out of the blue from someone claiming to work in tech support for someone like Microsoft who tell you they have identified malware or issues on your PC and tell you they need access to it to clear it up for you. They will get the target to open up their PC normally by frightening them with stories of awful failures on their PC and may go as far as getting them to open up the PC’s event viewer which will show a few red flags or failures (which is normal) this will then be passed off as justification for the intervention – proof  if you like, of their timely intervention. This harmless activity then is used as the means of attack on an unsuspecting victim and their system is made vulnerable as they open up their PC to get it ‘fixed’.

This last one as well as being particularly cynical is also a cause for concern for employees who work from home or are mobile. Training staff in what they should or shouldn’t do, regardless of their geography has never been more important as cyberspace has no geography.

This is an old visual we produced but it is particularly relevant given recent events, feel free to share it with your business.

phishing

Big Data …. Friend or Foe?

Delighted to have a post from Advent IM Operations Director, Julia McCarron.

Ellie has been asking me for a while now to do a blog piece on ‘big’ data, and I must confess to dragging my heels because I wasn’t really sure what it was. I guess if I had put my mind to it essentially it must have been the aggregation of information that made it ‘big’ and I’m not far off with that. But last night’s edition of Bang Goes the Theory made me think about what it means … and the fact that ‘big’ is probably too small a word to describe its reach.

 ID-100180473If we want to be specific about it, big data is defined as a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications.[1]  But it seems to me that this 2-D definition doesn’t do it justice. From what I can see, it’s about taking these large data sets and analysing them to find patterns – that’s what makes it ‘useful’. What you do with those patterns can be for good or bad and can range from diagnostic to research to marketing to preventative in nature, and affect people, places, processes, objects … you name it basically.

I know this kind of analysis goes on because I have a ‘loyalty’ card that regularly sends me money off vouchers for the things I buy on a frequent basis/ I know internet banner ads show me handbags for a reason, usually because I’ve just purchased another one online. I understand that it’s the accumulation of data about my buying habits that is profiled to appeal to me; but I hadn’t realised just how far this can go. On the programme in question a big data collection company said that as a result of the release of DfT data on bicycle accidents, someone had within days written an app for people which told them where to avoid riding their bicycle and therefore minimise the risk of having said accident. Who would have thought that was possible? Rolls Royce engines contain computers that analyse their activity, whilst in the air, and report in real time on peaks and troughs outside the ‘norm’, which enable airlines to do maintenance work before a problem occurs.

But if you think about it big data isn’t new. Einstein’s Theory of relativity came about because he carried out hundred of experiments and analysed them painstakingly by hand. Intelligence services cracked Hitler’s codes by looking for recurring patterns, first totally reliant on the human brain before that human brain created freecrumpetsmachines to make the analysis easier and quicker. I only get 100 free ‘bonus’ points with my next purchase of Warburton’s crumpets because a computer looks at my buying habits and has identified that I buy them every week. (Other crumpets are available – actually no they aren’t). All that has changed is the scale, speed, selectiveness and sensitivity of the collection and review of that data.

The issue comes though when that big data is also personal data, and this is probably where most of us start to question whether it’s a good thing or bad thing. The BGTT Team demonstrated how easy it is to profile individuals from their online data footprints. It’s not just about what you put on various social media but it could also be an innocent publication of contact details by your local golf club. I’m a security conscious person, for obvious reasons, but I’m sure if someone really wanted to they could find out more about me than I thought was possible, just by running a few scripts and analysing trends. I’m a genealogy enthusiast and within minutes I could potentially find out when you were born within a 3 month window, the names of your siblings, your mother and father …. and those all important security questions; your mother’s maiden name and town of your birth.  So should we attempt to simply lock everything down?

 At the same time as all this personal big data is being analysed its also being put to good use.  Researchers are creating medical devices that can analyse brain activity and detect when a second brain trauma is occurring … and they’ve done this by analysing patterns and trends from hundreds of thousands of scan outputs to create a simply, non intrusive device that monitors pressures, electrical current and stimulus. If I opt out of my having my NHS patient record shared, I could make it that bit harder to find a cure … or be cured.

Ultimately, we wouldn’t be where we are today without big data but there is no doubt that in a digital age big data will just keep growing exponentially. I don’t think we can avoid big data and I don’t think we should, but from a security perspective I think we all just need to think about what we post, what we agree to make available, what we join up to and what we are prepared to say about ourselves in public forums. If a field isn’t mandatory don’t fill it in, don’t agree for your location to be published and maybe tell a little white lie about your age (girls we are good at that!). We can never be 100% secure – it’s not possible. Even our fridge can go rogue on us now and order food we’ve run out of but don’t actually want to replenish. But having a security conscious mind can protect us, whilst still providing a big data contribution. 

[1] Wikepedia

some images courtesy of freedigitalphotos.net

Appy Valentine’s Day? Or the Valentine’s Day Mobile Massacre?

ID-100103981It’s that time of year when thoughts turn to love,romance and cupid firing his arrows at unsuspecting victims. (That may have come out wrong) It is also the time of year when the volume of threats to the security of computers and mobile devices rapidly increases, as we are offered new and exciting e-methods of wooing a would-be mate.

Malware and privacy violations are rife in these Valentine or romance styled apps and though many people are familiar with the old phishing emails that purported to show you who was in love with you if you would just click the link or open the file, it still goes on and some people are still caught out.

Nowadays mobile app stores are awash with apps that will frame your photos in a suitably cupid-ey frame, or offer your lover romance-filled quotes. We need to be hyper-vigilant when downloading any apps of course, but with the misty eyed romance comes additional danger. Some apps demand access to your email, texts, location, calendar and even phone calls. So the best outcome might be unwanted advertising the worst outcome could mean it basically taking control of your device. Always check the permissions, even on paid for apps. If you think it seems reasonable for a wallpaper app to need to know your location and have access to your contacts then go ahead, if you don’t, then maybe you should reconsider if this is what you want on our phone or device. Some apps that do these things are also available from Google Play, so you really need to keep your wits about you. Of course this advice applies to any time of of year, not specifically Valentine’s Day.

According to Bitdefender researchers, Valentine related scams are growing and a 10% rise on a single day was recorded in January. Of course, singling out one day from a period can make a trend look more volatile, but even if the overall trend for the period is half this, it is still a worrying uplift. If you BYOD or the device you use to e-woo is ever connected to your employers network (with or without their permission, we know what you are like…) then this has the potential to cause a lot of trouble. 

Online scams are still alive and well as we mentioned earlier. Be wary of sites offering roses, designer jewelry and other wooing weapons at massively discounted prices. If it feels too good to be true, then it probably is. Apart from  your loved one of course…

Happy Valentines Day, Security Lovers

ID-10069384

images courtesy of freedigitalphotos.net